diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 62a15f3ff..a866da904 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,3 +1 @@
 * @pomerium/dev-backend
-/docs/  @ghost
-/package.json @pomerium/docs @pomerium/dev
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index c04a0a909..361b2617a 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -49,9 +49,6 @@ jobs:
       - name: Lint
         if: runner.os == 'Linux'
         run: make lint
-      - name: spellcheck
-        if: runner.os == 'Linux'
-        run: make spellcheck
       - name: test
         if: runner.os != 'Linux'
         run: make test
diff --git a/Makefile b/Makefile
index 127ad9784..da88fc01e 100644
--- a/Makefile
+++ b/Makefile
@@ -35,7 +35,7 @@ GETENVOY_VERSION = v0.2.0
 GORELEASER_VERSION = v0.174.2
 
 .PHONY: all
-all: clean build-deps test lint spellcheck build ## Runs a clean, build, fmt, lint, test, and vet.
+all: clean build-deps test lint build ## Runs a clean, build, fmt, lint, test, and vet.
 
 
 .PHONY: generate-mocks
@@ -61,11 +61,6 @@ deps-release: get-envoy ## Install release dependencies
 build-deps: deps-build deps-release
 	@echo "==> $@"
 
-.PHONY: docs
-docs: ## Start the vuepress docs development server
-	@echo "==> $@"
-	@yarn && yarn docs:dev
-
 .PHONY: tag
 tag: ## Create a new git tag to prepare to build a release
 	git tag -sa $(VERSION) -m "$(VERSION)"
@@ -105,11 +100,6 @@ test: get-envoy ## Runs the go tests.
 	@echo "==> $@"
 	@$(GO) test -tags "$(BUILDTAGS)" $(shell $(GO) list ./... | grep -v vendor | grep -v github.com/pomerium/pomerium/integration)
 
-.PHONY: spellcheck
-spellcheck: # Spellcheck docs
-	@echo "==> Spell checking docs..."
-	@$(GO) run github.com/client9/misspell/cmd/misspell -error -source=text docs/
-
 .PHONY: cover
 cover: get-envoy ## Runs go test with coverage
 	@echo "==> $@"
@@ -138,13 +128,6 @@ yarn:
 	@echo "==> $@"
 	cd ui ; yarn install --network-timeout 120000
 
-.PHONY: gen-docs
-gen-docs:
-	@echo "==> $@"
-	pip3 install ruamel.yaml
-	python3 ./scripts/generate-settings-docs.py
-	node scripts/generate-console-pages.js
-
 .PHONY: help
 help:
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
diff --git a/README.md b/README.md
index 70db8592d..f3ea0c987 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-<a href="https://pomerium.io" title="Pomerium is a zero trust, context and identity aware access proxy."><img src="https://www.pomerium.com/wp-content/uploads/2021/08/Pomerium-H-white-bg.png" height="70" alt="pomerium logo"></a>
+<a href="https://pomerium.com" title="Pomerium is a zero trust, context and identity aware access proxy."><img src="https://www.pomerium.com/wp-content/uploads/2021/08/Pomerium-H-white-bg.png" height="70" alt="pomerium logo"></a>
 
 [![pomerium chat](https://img.shields.io/badge/chat-on%20slack-blue.svg?style=flat&logo=slack)](http://slack.pomerium.io)
 [![GitHub Actions](https://img.shields.io/github/workflow/status/pomerium/pomerium/Release?style=flat)](https://github.com/pomerium/pomerium/actions?query=workflow%3ARelease)
@@ -23,7 +23,7 @@ For comprehensive docs, and tutorials see our [documentation].
 [documentation]: https://pomerium.com/docs/
 [go environment]: https://golang.org/doc/install
 [godocs]: https://godoc.org/github.com/pomerium/pomerium
-[quick start guide]: https://www.pomerium.io/guide/
+[quick start guide]: https://www.pomerium.com/docs/install/quickstart
 
 ## Integration Tests
 
diff --git a/config/options.go b/config/options.go
index e930c6297..38ac7cae2 100644
--- a/config/options.go
+++ b/config/options.go
@@ -40,7 +40,7 @@ import (
 const DisableHeaderKey = "disable"
 
 const (
-	idpCustomScopesDocLink = "https://www.pomerium.io/reference/#identity-provider-scopes"
+	idpCustomScopesDocLink = "https://www.pomerium.com/docs/reference/identity-provider-scopes"
 	idpCustomScopesWarnMsg = "config: using custom scopes may result in undefined behavior, see: " + idpCustomScopesDocLink
 )
 
@@ -172,7 +172,7 @@ type Options struct {
 	CAFile                  string `mapstructure:"certificate_authority_file" yaml:"certificate_authority_file,omitempty"`
 
 	// SigningKey is the private key used to add a JWT-signature to upstream requests.
-	// https://www.pomerium.io/docs/topics/getting-users-identity.html
+	// https://www.pomerium.com/docs/topics/getting-users-identity.html
 	SigningKey string `mapstructure:"signing_key" yaml:"signing_key,omitempty"`
 
 	HeadersEnv string `yaml:",omitempty"`
diff --git a/docs/.vuepress/components/Newsletter.vue b/docs/.vuepress/components/Newsletter.vue
deleted file mode 100644
index 21124fba9..000000000
--- a/docs/.vuepress/components/Newsletter.vue
+++ /dev/null
@@ -1,61 +0,0 @@
-<template>
-  <SimpleNewsletter v-slot="{ slotProps }">
-  <div class="newsletter__wrap">
-    <div class="my-title">{{ slotProps.title }}</div>
-    <div class="my-content">{{ slotProps.content }}</div>
-    <input
-      class="my-input"
-      type="email"
-      name="email"
-      aria-label="Email"
-      placeholder="Email"
-      v-model="slotProps.mail"
-      required
-      autocapitalize="off"
-      autocorrect="off"
-      data-cy="email"
-    />
-    <button type="submit" class="my-button" data-cy="submit">
-      {{ slotProps.submitText }}
-    </button>
-  </div>
-  </SimpleNewsletter>
-</template>
-
-
-<style>
-.my-title {
-  font-size: 1.7rem;
-  display: block;
-  text-align: center;
-
-}
-.my-content {
-  margin-top: 1.5rem;
-  margin-bottom: 1.5rem;
-  line-height: 1.7rem;
-}
-.my-input {
-  font-size: inherit;
-  border: 1px solid #e8e8fb;
-  padding: 0.6rem 1.2rem;
-  box-sizing: border-box;
-  border-radius: 3px;
-  margin-bottom: 0.8rem;
-  outline: none;
-}
-
-.my-button {
-    font-size: inherit;
-    border: none;
-    cursor: pointer;
-    background: #6f43e7;
-    color: #fff;
-    padding: 0.6rem 1.8rem;
-    box-sizing: border-box;
-    border-radius: 3px;
-    outline: none;
-}
-
-
-</style>
\ No newline at end of file
diff --git a/docs/.vuepress/components/Redirect.vue b/docs/.vuepress/components/Redirect.vue
deleted file mode 100644
index a6e4ba6b5..000000000
--- a/docs/.vuepress/components/Redirect.vue
+++ /dev/null
@@ -1,17 +0,0 @@
-<template> </template>
-
-<script>
-/** Redirects to the given 'to' url, which is relative to the current location. */
-export default {
-  name: "Redirect",
-  props: {
-    to: {
-      type: String,
-      required: true,
-    },
-  },
-  beforeMount() {
-    document.location.replace(this.to);
-  },
-};
-</script>
diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js
deleted file mode 100644
index 0e37326b5..000000000
--- a/docs/.vuepress/config.js
+++ /dev/null
@@ -1,352 +0,0 @@
-// .vuepress/config.js
-module.exports = {
-  title: "Pomerium",
-  description:
-    "Pomerium is a beyond-corp inspired, zero trust, open source identity-aware access proxy.",
-  plugins: [
-    "vuepress-plugin-element-tabs",
-    "vuepress-plugin-mermaidjs",
-    ["vuepress-plugin-code-copy", true],
-    [
-      "vuepress-plugin-mailchimp",
-      {
-        endpoint: "https://pomerium.us19.list-manage.com/subscribe/post?u=76f0996a737c138396687fd6b&amp;id=2f4f70cf07",
-        title: "Pomerium Newsletter",
-        content: "Updates on Pomerium and related security news.",
-        submitText: "Subscribe"
-      }
-    ],
-    [
-      "check-md",
-      {
-        pattern: "**/*.md",
-      },
-    ],
-    [
-      "sitemap",
-      {
-        hostname: "https://www.pomerium.com",
-        outFile: "docs/sitemap.xml",
-        exclude: [
-          '/partials/generate-recovery-token.html',
-          '/partials/install-mkcert.html',
-          '/tcp/service-template.html',
-        ],
-      },
-    ],
-    [
-      "@vuepress/google-analytics",
-      {
-        ga: "UA-129872447-2",
-      },
-    ],
-    [
-      '@limdongjin/vuepress-plugin-simple-seo',
-      {
-      root_url: 'https://www.pomerium.com/',
-      default_site_name: 'Pomerium Documentation',
-      default_twitter_site: '@pomerium_io',
-      default_twitter_creator: '@pomerium_io',
-      default_image: 'img/pomerium-icon-1.png',
-      default_twitter_card: 'summary',
-      },
-    ],
-  ],
-  markdown: {
-    externalLinkSymbol: false,
-    extendMarkdown: (md) => {
-      md.use(require("markdown-it-include"), {
-        root: "./docs/partials/",
-      });
-    },
-  },
-  themeConfig: {
-    home: false,
-    activeHeaderLinks: false,
-    logo: "/img/logo_white.svg",
-    repo: "pomerium/pomerium",
-    editLinks: true,
-    docsDir: "docs",
-    editLinkText: "Edit this page on GitHub",
-    lastUpdated: "Last Updated",
-    nav: [
-      { text: "Documentation", link: "/docs/" },
-      { text: "Reference", link: "/reference/" },
-      { text: "Guides", link: "/guides/" },
-      {
-        text: "Enterprise",
-        link: "/enterprise/about/",
-      },
-      {
-        text: "v0.17.x", // current tagged version
-        ariaLabel: "Version menu",
-        items: [
-          { text: "🚧Dev", link: "https://main.docs.pomerium.io/docs" },
-          { text: "v0.17.x", link: "https://0-17-0.docs.pomerium.io/docs" },
-          { text: "v0.16.x", link: "https://0-16-0.docs.pomerium.io/docs" },
-          { text: "v0.15.x", link: "https://0-15-0.docs.pomerium.io/docs" },
-          { text: "v0.14.x", link: "https://0-14-0.docs.pomerium.io/docs" },
-          { text: "v0.13.x", link: "https://0-13-0.docs.pomerium.io/docs" },
-          { text: "v0.12.x", link: "https://0-12-0.docs.pomerium.io/docs" },
-          { text: "v0.11.x", link: "https://0-11-0.docs.pomerium.io/docs" },
-          { text: "v0.10.x", link: "https://0-10-0.docs.pomerium.io/docs" },
-          { text: "v0.9.x", link: "https://0-9-0.docs.pomerium.io/docs" },
-          { text: "v0.8.x", link: "https://0-8-0.docs.pomerium.io/docs" },
-          { text: "v0.7.x", link: "https://0-7-0.docs.pomerium.io/docs" },
-          { text: "v0.6.x", link: "https://0-6-0.docs.pomerium.io/docs" },
-          { text: "v0.5.x", link: "https://0-5-0.docs.pomerium.io/docs" },
-          { text: "v0.4.x", link: "https://0-4-0.docs.pomerium.io/docs" },
-          { text: "v0.3.x", link: "https://0-3-0.docs.pomerium.io/docs" },
-          { text: "v0.2.x", link: "https://0-2-0.docs.pomerium.io/docs" },
-          { text: "v0.1.x", link: "https://0-1-0.docs.pomerium.io/docs" },
-        ],
-      },
-    ],
-    algolia: {
-      apiKey: "1653e881f3a6c17d3ad37f4d4c428e20",
-      indexName: "pomerium",
-    },
-    sidebar: {
-      "/docs/": [
-        {
-          title: "Overview",
-          type: "group",
-          collapsable: false,
-          sidebarDepth: 0,
-          children: [
-            "",
-            "glossary",
-            "releases",
-            "architecture",
-            "background",
-            "troubleshooting",
-            "upgrading",
-            "CHANGELOG",
-          ],
-        },
-        {
-          title: "Install",
-          collapsable: false,
-          path: "/docs/install/",
-          type: "group",
-          sidebarDepth: 0,
-          children: [
-            "install/",
-            ["k8s/helm", "Kubernetes"],
-            "install/binary",
-            "install/from-source",
-          ],
-        },
-        {
-          title: "Identity Providers",
-          collapsable: true,
-          path: "/docs/identity-providers/",
-          type: "group",
-          sidebarDepth: 0,
-          initialOpenGroupIndex: 0,
-          children: [
-            "identity-providers/",
-            "identity-providers/auth0",
-            "identity-providers/azure",
-            "identity-providers/cognito",
-            "identity-providers/github",
-            "identity-providers/gitlab",
-            "identity-providers/google",
-            "identity-providers/okta",
-            "identity-providers/one-login",
-            "identity-providers/ping",
-          ],
-        },
-        {
-          title: "Production",
-          collapsable: true,
-          type: "group",
-          children: [
-            "/docs/security",
-            "/docs/production-deployment",
-          ]
-        },
-        {
-          title: "TCP Connections",
-          collapsable: false,
-          path: "/docs/tcp/",
-          type: "group",
-          sidebarDepth: 1,
-          children: [
-            "tcp/",
-            "tcp/client",
-            {
-              title: "Examples",
-              collapsable: true,
-              type: "group",
-              sidebarDepth: 0,
-              children: [
-                "tcp/git",
-                "tcp/ms-sql",
-                "tcp/mysql",
-                "tcp/rdp",
-                "tcp/redis",
-                "tcp/ssh",
-              ],
-            },
-          ],
-        },
-        {
-          title: "Kubernetes",
-          collapsable: false,
-          path: "/docs/k8s/",
-          type: "group",
-          sidebarDepth: 0,
-          children: [
-            "k8s/",
-            "k8s/helm",
-            "k8s/ingress",
-          ]
-        },
-        {
-          title: "Topics",
-          collapsable: false,
-          path: "/docs/topics/",
-          type: "group",
-          sidebarDepth: 0,
-          children: [
-            "topics/certificates",
-            "topics/data-storage",
-            "topics/device-identity",
-            "topics/getting-users-identity",
-            "topics/original-request-context",
-            "topics/mutual-auth",
-            "topics/ppl",
-            "topics/programmatic-access",
-            "topics/single-sign-out",
-            "topics/load-balancing",
-          ],
-        },
-        {
-          title: "Community",
-          collapsable: false,
-          path: "/docs/community/",
-          type: "group",
-          sidebarDepth: 0,
-          children: [
-            "community/",
-            "community/contributing",
-            "community/code-of-conduct",
-            "community/security",
-          ],
-        },
-      ],
-      "/guides/": [
-        {
-          title: "Guides",
-          type: "group",
-
-          collapsable: false,
-          sidebarDepth: 1,
-          children: [
-            "",
-            "ad-guard",
-            "argo",
-            "cloud-run",
-            "mtls",
-            "cockpit",
-            "code-server",
-            "admin-enroll-device",
-            "enroll-device",
-            "grafana",
-            "gitlab",
-            "istio",
-            "jwt-verification",
-            "kubernetes",
-            "kubernetes-dashboard",
-            "local-oidc",
-            "nginx",
-            "synology",
-            "tcp",
-            "tiddlywiki",
-            "traefik-ingress",
-            "transmission",
-            "upstream-mtls",
-          ],
-        },
-      ],
-      "/reference/": [
-        {
-          title: "",
-          type: "group",
-          collapsable: false,
-          sidebarDepth: 1,
-          children: [""],
-        },
-      ],
-      "/enterprise/": [
-        {
-          title: "Enterprise",
-          type: "group",
-          collapsable: false,
-          sidebarDepth: 2,
-          children: [
-            "about",
-            "concepts",
-            {
-              title: "Install",
-              type: "group",
-              collapsable: false,
-              path: "/enterprise/install/",
-              sidebarDepth: 2,
-              children: [
-                "/enterprise/install/quickstart",
-                "/enterprise/install/helm",
-              ],
-            },
-            "metrics",
-            {
-              title: "Reference",
-              type: "group",
-              collapsable: false,
-              path: "/enterprise/reference/configure",
-              sidebarDepth: 2,
-              children: [
-                "/enterprise/reference/config.md",
-                "/enterprise/reference/reports",
-                "/enterprise/reference/manage",
-                "/enterprise/reference/configure",
-              ],
-            },
-            "api",
-            "upgrading",
-            "changelog",
-          ],
-        },
-      ],
-    },
-  },
-  head: [
-    //Hack: Make clicking on the logo go to home url
-    [
-      "script",
-      {},
-      `
-      const logoUrlChanger = setInterval(function() {
-      //Anchor above the logo image
-      const homeEls = document.getElementsByClassName("home-link");
-      if(homeEls.length > 0) {
-        const homeEl = homeEls[0];
-        homeEl.setAttribute("href", "https://www.pomerium.com");
-        homeEl.setAttribute("onclick", "document.location='https://www.pomerium.com';return false;");
-        clearInterval(logoUrlChanger);
-      }
-
-      //Actual logo image
-      const logoEls = document.getElementsByClassName("logo")
-      if(logoEls.length > 0) {
-        const logoEl = logoEls[0]
-        logoEl.setAttribute("onclick", "document.location='https://www.pomerium.com';return false;");
-        clearInterval(logoUrlChanger);
-      }
-      }, 1000)
-
-      `,
-    ],
-  ],
-};
\ No newline at end of file
diff --git a/docs/.vuepress/enhanceApp.js b/docs/.vuepress/enhanceApp.js
deleted file mode 100644
index a29e34880..000000000
--- a/docs/.vuepress/enhanceApp.js
+++ /dev/null
@@ -1,18 +0,0 @@
-export default ({ router }) => {
-	if(typeof process === 'undefined' || process.env.VUE_ENV !== 'server') {
-		router.onReady(() => {
-			const { app } = router;
-
-			app.$once("hook:mounted", () => {
-				setTimeout(() => {
-					const { hash } = document.location;
-                    if (hash.length > 1) {
-            		const id = decodeURIComponent(hash.substring(1));
-            		const element = document.getElementById(id);
-            		if (element) element.scrollIntoView();
-          			}
-				}, 500);
-			});
-		});
-	}
-}
diff --git a/docs/.vuepress/public/_redirects b/docs/.vuepress/public/_redirects
deleted file mode 100644
index 85435f1a9..000000000
--- a/docs/.vuepress/public/_redirects
+++ /dev/null
@@ -1,74 +0,0 @@
-/docs/reference/reference			/configuration/
-/docs/reference/reference.html		/configuration/
-/docs/configuration/				/configuration/
-/docs/config-reference.html				/configuration/
-/configuration/						/reference/
-
-
-/community/							/docs/community/
-/community/index.html				/docs/community/
-/community/contributing				/docs/community/contributing.html
-/community/contributing.html		/docs/community/contributing.html
-/community/code-of-conduct			/docs/community/code-of-conduct.html
-/community/code-of-conduct.html		/docs/community/code-of-conduct.html
-/community/security					/docs/community/security.html
-/community/security.html			/docs/community/security.html
-
-/guide/					/docs/quick-start/
-/guide/kubernetes.html	/docs/quick-start/kubernetes.html
-/guide/kubernetes		/docs/quick-start/kubernetes.html
-/guide/synology			/docs/quick-start/synology.html
-/guide/synology.html	/docs/quick-start/synology.html
-/docs/examples.html		/recipes/
-/docs/examples			/recipes/
-
-/recipes/ 						/guides/
-/recipes/ad-guard.html 			/guides/ad-guard.html
-/recipes/argo.html 				/guides/argo.html
-/recipes/cloud-run.html			/guides/cloud-run.html
-/recipes/istio.html				/guides/istio.html
-/recipes/kubernetes.html		/guides/kubernetes.html
-/recipes/local-oidc.html		/guides/local-oidc.html
-/recipes/mtls.html				/guides/mtls.html
-/recipes/vs-code-server.html	/guides/code-server.html
-/guides/vs-code-server.html	/guides/code-server.html
-
-
-/docs/reference/								/docs/topics/
-/docs/reference/readme.html						/docs/topics/readme.html
-/docs/reference/certificates.html				/docs/topics/certificates.html
-/docs/reference/data-storage.html				/docs/topics/data-storage.html
-/docs/reference/getting-users-identity.html		/docs/topics/getting-users-identity.html
-/docs/reference/production-deployment.html		/docs/topics/production-deployment.html
-/docs/reference/programmatic-access.html		/docs/topics/programmatic-access.html
-
-/docs/reference/examples.html				/configuration/examples.html
-
-/posts/2020/06/01/release-0-9/				/blog/posts-2020-06-01-release-0-9/
-/posts/2020/05/11/release-0-8/				/blog/announcing-pomerium-0-8/
-/posts/2020/04/16/release-0-7/				/blog/announcing-pomerium-0-7/
-
-/jobs/										/careers/
-/jobs/Frontend-Engineer.html				/careers/frontend-engineer/
-/jobs/Backend-Engineer.html					/careers/backend-engineer/
-
-/enterprise/								/
-/enterprise/service-accounts/               /enterprise/reference/configure.html#service-accounts
-/enter[rise/service-accounts                /enterprise/reference/configure.html#service-accounts
-/enterprise/service-accounts.html           /enterprise/reference/configure.html#service-accounts
-/enterprise/prometheus.html                 /enterprise/metrics.html
-
-/docs/installation.html                     /
-/docs/installation                          /docs/install
-/docs/quick-start                           /docs/install
-/docs/quick-start/binary.html               /docs/install/binary.html
-/docs/quick-start/helm.html                 /docs/install/helm.html
-/docs/quick-start/from-source.html          /docs/install/from-source.html
-/docs/quick-start/synology.html             /docs/guides/synology.html
-
-/docs/client.html                           /docs/tcp/client.html
-/docs/topics/tcp-support.html               /docs/tcp/
-/docs/install/helm.html                     /docs/k8s/helm.html
-/docs/topics/kubernetes-integration.html    /docs/k8s/
-
-/docs/FAQ.html                              /docs/troubleshooting.html
\ No newline at end of file
diff --git a/docs/.vuepress/public/favicon.ico b/docs/.vuepress/public/favicon.ico
deleted file mode 100644
index d78ac8dee..000000000
Binary files a/docs/.vuepress/public/favicon.ico and /dev/null differ
diff --git a/docs/.vuepress/public/img/icon.svg b/docs/.vuepress/public/img/icon.svg
deleted file mode 100644
index 7ca4c67fa..000000000
--- a/docs/.vuepress/public/img/icon.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 188.48 188.48"><defs><style>.cls-1{fill:#6f43e7;}.cls-2,.cls-3{fill:#fff;fill-rule:evenodd;}.cls-2{opacity:0.4;}</style></defs><g id="Layer_2" data-name="Layer 2"><g id="Capa_1" data-name="Capa 1"><rect class="cls-1" width="188.48" height="188.48"/><path class="cls-2" d="M155.6,49.17l6.7,2.09V63.39C151.72,64.86,143.92,73,143.92,84v55.3l-6.9-.15-.14-.31-13.15-.28V81.92A16.41,16.41,0,0,0,116,67.81l-.27.19a14.57,14.57,0,0,0-5.43.6C102,71,96.88,78.09,96.88,87.07v51.22l-6.82-.15-.3-.31-11.17-.24V84.92a16,16,0,0,0-6.43-13l-.24.2-.07,0c-9-.36-15.73,7.83-15.73,17.66v47.69l-6.83-.15L49,137l-7.69-.16V62.23l22.2-2.47,91.75-10.25.07-.31Z"/><path class="cls-3" d="M26.17,63.62,63.5,59.45l92.1-10.28V61.3c-10.28,1.19-18.39,10-18.39,19.7v58.16l-13.78-.3V81.92c0-9.69-7.78-16.88-17.06-16-9,.85-16.2,9-16.2,18.22v54l-11.88-.25v-53c0-9-6.75-15.74-14.77-15h0c-7.82.74-14.09,8.33-14.09,16.91v50.42L39,137q0-12.31,0-24.65V87.53c0-8.39-5.86-14.7-12.88-14.1Z"/></g></g></svg>
\ No newline at end of file
diff --git a/docs/.vuepress/public/img/logo-long-civez.png b/docs/.vuepress/public/img/logo-long-civez.png
deleted file mode 100644
index 4d1c2a853..000000000
Binary files a/docs/.vuepress/public/img/logo-long-civez.png and /dev/null differ
diff --git a/docs/.vuepress/public/img/logo-long-white-civez.png b/docs/.vuepress/public/img/logo-long-white-civez.png
deleted file mode 100644
index 5b9c72af7..000000000
Binary files a/docs/.vuepress/public/img/logo-long-white-civez.png and /dev/null differ
diff --git a/docs/.vuepress/public/img/logo-long-white.svg b/docs/.vuepress/public/img/logo-long-white.svg
deleted file mode 100644
index 9b8efeb2e..000000000
--- a/docs/.vuepress/public/img/logo-long-white.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg viewBox="0 0 1119.78 278.43" xmlns="http://www.w3.org/2000/svg"><g fill="#fff" transform="translate(-76.61 -191.46)"><path d="m453.81 236.69a29.54 29.54 0 0 1 -2.81 12.83q-5.16 11.11-18.16 15.5a24.7 24.7 0 0 1 -7.82 1.57 36.4 36.4 0 0 1 -16.75-3.6v-1.57a30.48 30.48 0 0 0 21.13-2.5q8.61-4.38 11.74-14.41a20.53 20.53 0 0 0 .94-5.94v-3.45q-.31-11-5.79-17.45t-15.34-6.5h-18v93.45a10.05 10.05 0 0 0 3.05 7 9.49 9.49 0 0 0 7 2.89h2v1.57h-34.29v-1.57h2a9.49 9.49 0 0 0 7-2.89 10.05 10.05 0 0 0 3.05-7v-87.5a10.16 10.16 0 0 0 -3.28-6.49 9.61 9.61 0 0 0 -6.74-2.59h-1.87l-.16-1.56h40.85q15 0 23.64 8.06t8.61 22.15z"/><path d="m493.73 226.12a60 60 0 0 1 53.06 0 48.42 48.42 0 0 1 19.21 17.46 49.2 49.2 0 0 1 0 51 48.34 48.34 0 0 1 -19.17 17.46 53.62 53.62 0 0 1 -24.73 6.18 64.2 64.2 0 0 1 -22.39-3.6 51.55 51.55 0 0 1 -16.82-10 46.19 46.19 0 0 1 -11.31-15.62q-4.15-9.24-4.15-21.68a43.65 43.65 0 0 1 7.12-23.71 48.38 48.38 0 0 1 19.18-17.49zm-2.9 75q11.82 12.45 29.35 12.44a39.06 39.06 0 0 0 29.43-12.44q11.89-12.45 11.89-32t-11.89-32a39.06 39.06 0 0 0 -29.43-12.44q-17.53 0-29.35 12.44t-11.82 32q-.01 19.54 11.82 31.98z"/><path d="m713.18 314.48h2.35v1.57h-32.53v-1.41h2.35a5.71 5.71 0 0 0 4.15-1.8 4.94 4.94 0 0 0 1.48-4.3l-8.17-64.54-29.58 58.23q-4.38 9.56-5.48 16h-1.56l-37.73-72.79-7 63.09a4.92 4.92 0 0 0 1.48 4.22 5.78 5.78 0 0 0 4.31 1.88h2.19v1.41h-29v-1.57h2.35a10.42 10.42 0 0 0 8.77-4.07 9.51 9.51 0 0 0 1.87-4.85l12.21-85.62h1.57l41.32 79.52 39.92-79.52h1.41l12.68 85.93a9.58 9.58 0 0 0 3.6 6.27 11 11 0 0 0 7.04 2.35z"/><path d="m727.42 314.48a8.89 8.89 0 0 0 6.34-2.42 8.31 8.31 0 0 0 2.74-5.87v-74.35a7.45 7.45 0 0 0 -2.66-5.8 9.39 9.39 0 0 0 -6.42-2.34h-2.19v-1.57h45.71a59.57 59.57 0 0 0 11.27-.94 37 37 0 0 0 6.26-1.56v17.84l-1.72-.16v-2.31a8 8 0 0 0 -2.19-5.64 7.42 7.42 0 0 0 -5.64-2.35h-32.56v39.76h26.77a6 6 0 0 0 4.77-1.88 6.84 6.84 0 0 0 1.65-4.69v-2h1.72v21.92h-1.72v-2q0-4.38-3.29-5.95a11 11 0 0 0 -2.66-.62h-27.24v39.65h24.58a26.59 26.59 0 0 0 12.13-2.51 21 21 0 0 0 7.51-5.95 53.55 53.55 0 0 0 5.25-9.07h1.56l-8.61 22.38h-63.55v-1.57z"/><path d="m838.4 227h-8.29v79a8.37 8.37 0 0 0 4.38 7.36 9.4 9.4 0 0 0 4.54 1.09h2l.16 1.57h-32.06v-1.57h2.19a8.69 8.69 0 0 0 6.18-2.42 7.75 7.75 0 0 0 2.59-5.87v-74.32a7.52 7.52 0 0 0 -2.59-5.8 8.88 8.88 0 0 0 -6.18-2.34h-2.19v-1.57h39.29q14.72 0 23.24 6.73a21.46 21.46 0 0 1 8.54 17.69q0 10.95-6.89 18.31a27 27 0 0 1 -17.53 8.46q5 2.19 12.05 12.21-.17 0 5.4 6.88t8.92 10.73c2.24 2.55 4.1 4.51 5.56 5.86a18.76 18.76 0 0 0 13.3 5.48v1.57h-4.85q-12.36 0-19.41-4.85a45.75 45.75 0 0 1 -9.7-8.93q-.94-1.25-7.91-11t-7.43-10.41q-8.46-10.49-15.81-10.49v-1.56q18.32 0 22.07-1.88c3.44-1.78 5.79-3.65 7-5.64a25.44 25.44 0 0 0 3.91-13.77q0-9.56-5.63-14.72t-15.18-5.63c-2.78-.17-6.02-.17-9.67-.17z"/><path d="m909.47 314.48a11.42 11.42 0 0 0 7.35-2.5 7.42 7.42 0 0 0 3.13-6v-73.83a7.42 7.42 0 0 0 -3.13-6 11.65 11.65 0 0 0 -7.51-2.5h-2v-1.57h35.37v1.57h-2a11.6 11.6 0 0 0 -7.28 2.34 8.05 8.05 0 0 0 -3.37 5.8v74.35a7.72 7.72 0 0 0 3.29 5.87 11.65 11.65 0 0 0 7.36 2.42h2l.16 1.57h-35.56v-1.57z"/><path d="m1055.35 223.7h-2.35a7.22 7.22 0 0 0 -6.41 3.28 6.78 6.78 0 0 0 -1.1 3.29v52.73q0 16.29-10.41 25.75t-28.57 9.47q-18.15 0-28.64-9.39t-10.49-25.67v-52.73a6.18 6.18 0 0 0 -2.19-4.78 7.71 7.71 0 0 0 -5.32-2h-2.35v-1.57h29.74v1.57h-2.35a7.73 7.73 0 0 0 -5.32 2 6.18 6.18 0 0 0 -2.19 4.78v50.87q0 15.18 7.75 23.95t21.91 8.76q14.18 0 22.7-8.29t8.53-22.7v-52.59a6.71 6.71 0 0 0 -2.27-4.86 7.61 7.61 0 0 0 -5.24-1.87h-2.35v-1.57h26.92z"/><path d="m1194 314.48h2.35v1.57h-32.56v-1.41h2.35a5.69 5.69 0 0 0 4.14-1.8 4.92 4.92 0 0 0 1.49-4.3l-8.14-64.5-29.58 58.23q-4.38 9.56-5.48 16h-1.57l-37.72-72.79-7 63.09a4.92 4.92 0 0 0 1.48 4.22 5.78 5.78 0 0 0 4.31 1.88h2.19v1.41h-29v-1.57h2.35a10.42 10.42 0 0 0 8.77-4.07 9.51 9.51 0 0 0 1.87-4.85l12.21-85.62h1.57l41.32 79.52 39.92-79.52h1.41l12.67 85.93a9.63 9.63 0 0 0 3.61 6.27 11 11 0 0 0 7.04 2.31z"/><path d="m682.75 341.8v-.08s0 .05 0 .08z"/><path d="m682.74 367.33v.09s0-.06 0-.09z"/><path d="m682.75 393s0 0 0 0z"/><path d="m682.74 418.57v.09s0-.06 0-.09z"/><path d="m337.76 215.82a24.36 24.36 0 0 0 -24.36-24.36h-212.4a24.36 24.36 0 0 0 -24.36 24.36v100.37h16.8v-28a34.11 34.11 0 1 1 68.21 0v28h12.18v-28a34.11 34.11 0 1 1 68.21 0v28h12.18v-28a34.1 34.1 0 1 1 68.2 0v28h15.33zm-244.32 25.31a34.11 34.11 0 1 1 68.21 0zm80.39 0a34.11 34.11 0 1 1 68.21 0zm80.39 0a34.11 34.11 0 1 1 68.21 0z"/><path d="m682.74 444.19v.08s0 0 0-.08z"/><path d="m682.75 469.89v-.09s0 .06 0 .09z"/></g></svg>
\ No newline at end of file
diff --git a/docs/.vuepress/public/img/logo-long.svg b/docs/.vuepress/public/img/logo-long.svg
deleted file mode 100644
index 3a6de5697..000000000
--- a/docs/.vuepress/public/img/logo-long.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg viewBox="0 0 1119.78 126.78" xmlns="http://www.w3.org/2000/svg"><g fill="#6e43e8" transform="translate(-76.61 -191.46)"><path d="m453.81 236.69a29.54 29.54 0 0 1 -2.81 12.83q-5.16 11.11-18.16 15.5a24.7 24.7 0 0 1 -7.82 1.57 36.4 36.4 0 0 1 -16.75-3.6v-1.57a30.48 30.48 0 0 0 21.13-2.5q8.61-4.38 11.74-14.41a20.53 20.53 0 0 0 .94-5.94v-3.45q-.31-11-5.79-17.45t-15.34-6.5h-18v93.45a10.05 10.05 0 0 0 3.05 7 9.49 9.49 0 0 0 7 2.89h2v1.57h-34.29v-1.57h2a9.49 9.49 0 0 0 7-2.89 10.05 10.05 0 0 0 3.05-7v-87.5a10.16 10.16 0 0 0 -3.28-6.49 9.61 9.61 0 0 0 -6.74-2.59h-1.87l-.16-1.56h40.85q15 0 23.64 8.06t8.61 22.15z"/><path d="m493.73 226.12a60 60 0 0 1 53.06 0 48.42 48.42 0 0 1 19.21 17.46 49.2 49.2 0 0 1 0 51 48.34 48.34 0 0 1 -19.17 17.46 53.62 53.62 0 0 1 -24.73 6.18 64.2 64.2 0 0 1 -22.39-3.6 51.55 51.55 0 0 1 -16.82-10 46.19 46.19 0 0 1 -11.31-15.62q-4.15-9.24-4.15-21.68a43.65 43.65 0 0 1 7.12-23.71 48.38 48.38 0 0 1 19.18-17.49zm-2.9 75q11.82 12.45 29.35 12.44a39.06 39.06 0 0 0 29.43-12.44q11.89-12.45 11.89-32t-11.89-32a39.06 39.06 0 0 0 -29.43-12.44q-17.53 0-29.35 12.44t-11.82 32q-.01 19.54 11.82 31.98z"/><path d="m713.18 314.48h2.35v1.57h-32.53v-1.41h2.35a5.71 5.71 0 0 0 4.15-1.8 4.94 4.94 0 0 0 1.48-4.3l-8.17-64.54-29.58 58.23q-4.38 9.56-5.48 16h-1.56l-37.73-72.79-7 63.09a4.92 4.92 0 0 0 1.48 4.22 5.78 5.78 0 0 0 4.31 1.88h2.19v1.41h-29v-1.57h2.35a10.42 10.42 0 0 0 8.77-4.07 9.51 9.51 0 0 0 1.87-4.85l12.21-85.62h1.57l41.32 79.52 39.92-79.52h1.41l12.68 85.93a9.58 9.58 0 0 0 3.6 6.27 11 11 0 0 0 7.04 2.35z"/><path d="m727.42 314.48a8.89 8.89 0 0 0 6.34-2.42 8.31 8.31 0 0 0 2.74-5.87v-74.35a7.45 7.45 0 0 0 -2.66-5.8 9.39 9.39 0 0 0 -6.42-2.34h-2.19v-1.57h45.71a59.57 59.57 0 0 0 11.27-.94 37 37 0 0 0 6.26-1.56v17.84l-1.72-.16v-2.31a8 8 0 0 0 -2.19-5.64 7.42 7.42 0 0 0 -5.64-2.35h-32.56v39.76h26.77a6 6 0 0 0 4.77-1.88 6.84 6.84 0 0 0 1.65-4.69v-2h1.72v21.92h-1.72v-2q0-4.38-3.29-5.95a11 11 0 0 0 -2.66-.62h-27.24v39.65h24.58a26.59 26.59 0 0 0 12.13-2.51 21 21 0 0 0 7.51-5.95 53.55 53.55 0 0 0 5.25-9.07h1.56l-8.61 22.38h-63.55v-1.57z"/><path d="m838.4 227h-8.29v79a8.37 8.37 0 0 0 4.38 7.36 9.4 9.4 0 0 0 4.54 1.09h2l.16 1.57h-32.06v-1.57h2.19a8.69 8.69 0 0 0 6.18-2.42 7.75 7.75 0 0 0 2.59-5.87v-74.32a7.52 7.52 0 0 0 -2.59-5.8 8.88 8.88 0 0 0 -6.18-2.34h-2.19v-1.57h39.29q14.72 0 23.24 6.73a21.46 21.46 0 0 1 8.54 17.69q0 10.95-6.89 18.31a27 27 0 0 1 -17.53 8.46q5 2.19 12.05 12.21-.17 0 5.4 6.88t8.92 10.73c2.24 2.55 4.1 4.51 5.56 5.86a18.76 18.76 0 0 0 13.3 5.48v1.57h-4.85q-12.36 0-19.41-4.85a45.75 45.75 0 0 1 -9.7-8.93q-.94-1.25-7.91-11t-7.43-10.41q-8.46-10.49-15.81-10.49v-1.56q18.32 0 22.07-1.88c3.44-1.78 5.79-3.65 7-5.64a25.44 25.44 0 0 0 3.91-13.77q0-9.56-5.63-14.72t-15.18-5.63c-2.78-.17-6.02-.17-9.67-.17z"/><path d="m909.47 314.48a11.42 11.42 0 0 0 7.35-2.5 7.42 7.42 0 0 0 3.13-6v-73.83a7.42 7.42 0 0 0 -3.13-6 11.65 11.65 0 0 0 -7.51-2.5h-2v-1.57h35.37v1.57h-2a11.6 11.6 0 0 0 -7.28 2.34 8.05 8.05 0 0 0 -3.37 5.8v74.35a7.72 7.72 0 0 0 3.29 5.87 11.65 11.65 0 0 0 7.36 2.42h2l.16 1.57h-35.56v-1.57z"/><path d="m1055.35 223.7h-2.35a7.22 7.22 0 0 0 -6.41 3.28 6.78 6.78 0 0 0 -1.1 3.29v52.73q0 16.29-10.41 25.75t-28.57 9.47q-18.15 0-28.64-9.39t-10.49-25.67v-52.73a6.18 6.18 0 0 0 -2.19-4.78 7.71 7.71 0 0 0 -5.32-2h-2.35v-1.57h29.74v1.57h-2.35a7.73 7.73 0 0 0 -5.32 2 6.18 6.18 0 0 0 -2.19 4.78v50.87q0 15.18 7.75 23.95t21.91 8.76q14.18 0 22.7-8.29t8.53-22.7v-52.59a6.71 6.71 0 0 0 -2.27-4.86 7.61 7.61 0 0 0 -5.24-1.87h-2.35v-1.57h26.92z"/><path d="m1194 314.48h2.35v1.57h-32.56v-1.41h2.35a5.69 5.69 0 0 0 4.14-1.8 4.92 4.92 0 0 0 1.49-4.3l-8.14-64.5-29.58 58.23q-4.38 9.56-5.48 16h-1.57l-37.72-72.79-7 63.09a4.92 4.92 0 0 0 1.48 4.22 5.78 5.78 0 0 0 4.31 1.88h2.19v1.41h-29v-1.57h2.35a10.42 10.42 0 0 0 8.77-4.07 9.51 9.51 0 0 0 1.87-4.85l12.21-85.62h1.57l41.32 79.52 39.92-79.52h1.41l12.67 85.93a9.63 9.63 0 0 0 3.61 6.27 11 11 0 0 0 7.04 2.31z"/><path d="m337.76 215.82a24.36 24.36 0 0 0 -24.36-24.36h-212.4a24.36 24.36 0 0 0 -24.36 24.36v100.37h16.8v-28a34.11 34.11 0 1 1 68.21 0v28h12.18v-28a34.11 34.11 0 1 1 68.21 0v28h12.18v-28a34.1 34.1 0 1 1 68.2 0v28h15.33zm-244.32 25.31a34.11 34.11 0 1 1 68.21 0zm80.39 0a34.11 34.11 0 1 1 68.21 0zm80.39 0a34.11 34.11 0 1 1 68.21 0z"/></g></svg>
\ No newline at end of file
diff --git a/docs/.vuepress/public/img/logo-only.png b/docs/.vuepress/public/img/logo-only.png
deleted file mode 100644
index 17a7cdd6f..000000000
Binary files a/docs/.vuepress/public/img/logo-only.png and /dev/null differ
diff --git a/docs/.vuepress/public/img/logo-round.png b/docs/.vuepress/public/img/logo-round.png
deleted file mode 100644
index 2c8f69c73..000000000
Binary files a/docs/.vuepress/public/img/logo-round.png and /dev/null differ
diff --git a/docs/.vuepress/public/img/logo-round.svg b/docs/.vuepress/public/img/logo-round.svg
deleted file mode 100644
index 2a5221d2c..000000000
--- a/docs/.vuepress/public/img/logo-round.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="900" height="900"><circle cx="450" cy="450" r="450" fill="#63f"/><image data-name="Vector Smart Object" x="100" y="264" width="701" height="372" xlink:href="data:img/png;base64,iVBORw0KGgoAAAANSUhEUgAAAr0AAAF0CAYAAAAuK4E5AAAgAElEQVR4nO3dB7RmVX338d8vYkkwbzTGxDeJeRM1Jho11kRjYqwYSwwWMOoLCsFoBBVRo4mKCBFFmgUVBKWKgFRFpMsAIlVAKSKdoQ9DGWaGGZhhZ23mP3CBOzO3PGWX72etu664lLvP/zznOb+zzy5WJ1JKvykp/zxG0qMlPUrSb0h6RPwGAABo2T1xbPn30vhZImmR7eWtn/nmQm9K6QmSXiDp+fH7GZKeGmEXAAAAD3e9pEslnRs/50i62Pa9rdSq+tAbPbivlPQaSS+X9JwWwzwAAMCIzZd0UvwcZfuKmk9AleEwpbS2pHUlvUXSayWtXUCzAAAAWvYLSYdJOsj2RbUdZ1WhN6X0MknvkbSepMcW0CQAAIAenSVpL0nftX1HDcdffOhNKeVJZ++UtHkMXQAAAEAZFknaU9JXbV9a8jkpNvTGWN33SfqEpCcV0CQAAABMLkk6QtLWts8tsUbFhd6UUl5K7AOEXQAAgCodLOnTti8pqfFFhd6UUp6ctkMsMQYAAIA6LZP0TUlb2b61hCMoIvSmlHLI3VXSqwtoDgAAAAbjNkkfy+N+badx1nSsO5GllNZKKX1c0i8JvAAAAM15vKRvSzohpfTn4zy4sfX0ppSeImk/SS8ZVxsAAAAwMoslfcT2t8ZR8rGE3pTShpK+zlq7AAAA3fmBpI1tzx/lgY809Maau1+T9N5R/l0AAAAU5Zq8s67tc0bVqJGF3pTSH0k6VNLfjOpvAgAAoFhLJb3f9l6j+GMjmciWUnqupDMJvAAAAAh5BMCeKaVtU0pD74gd+h9IKb1W0vcl/faw/xYAAACqdICkd9u+e1iNH2roTSm9Q9Lekh45zL8DAACA6v1E0httLx7GgQxteENKaYNYkozACwAAgDV5haQfpZR+ZxiVGkpPb0pp41iIGAAAAJiOPA/slbYXDbJqAw+9KaX1JX1v3Lu9AQAAoFp5qMPrbS8Z1AEMNPSmlF4v6XCGNAAAAGCWfijpzbaXD6KQA+uNTSk9T9JBBF4AAAAMwD9L2mVQhRxI6I2NJ46UtPYg/n0AAABA3rwipfTRQRRi1sMbUkqPkfRTSc8fRIMAAACACe6V9CbbP5pNUQbR0/sNAi8AAACGJOfV/VJKT5nNv35WoTel9F5JG3GGAQAAMESPk3RISuk3Z/onZhx6U0rPlPRVzi4AAABG4LmStp/pn5nRmN6U0qMlnR5/HAAAABiVvH7vj6f7t2ba07sNgRcAAABjsFdK6fem+2en3dObUnqhpDPYcQ0AAABjsp/tDabzp6cVelNKa0k6W9Jfc4YBAAAwRv9k+5ip/vnp9tZuQeAFAABAAXadzmoOUw69KaUnSfoMZxgAAAAF+FNJH59qM6Y8vCGltKek93CGAQAAUIi7JD3d9rVras6UenpTSs+T9G7OLgAAAAqShzd8YSrNmVJPb0rpKEmv4wwDAACgMEnSs2xftLpmrbGnN6X0YgIvAAAACuXYQ2K11tjTm1I6XtKrOMsAAAAo2PNsn7eq5q22pzel9AICLwAAACrwn6tr4pqGN6z2/wwAAAAUYv2U0p+uqimrDL0ppT+T9FbOIgAAACrwCEkfWVUzV9fT+774PwMAAAA1eHdKae0ph96U0qMkbcypBQAAQEV+R9K/TtbcVfX0vkXSEznDAAAAqMz7J2vupEuWpZR+LOmfOMNduVPSTZLmSbpb0tLY2m+ZpOWSHi0pvwH4rRj2kh+Kfk/SE3ovHLAGKa6rW+InxfWWr6vFkh4THRD5ddwjY3ehfH09Kf4zgFVbGtfVDZIWSbpX0oL4Xy+K68rR+5c9XtLvx/1rLeratGfavnjiAT4s9KaU8ofhOj4Mzck317xTya8lXTbhZ27+wrC9ZCYHnFJaK27Q/1fSUyQ9TdKfx+9nxxcM0Lr8wHihpEvjJ19bV8R/n6+ve2d4feWHzD+Q9MdxTeWfp8fvZ8aDKNCye+O+tfLetfIau0bSjbbvnOmxp5SeEPevp064vvL96y8krXIFAFRjW9ufmtjYyULvZpK+xjmtWv6SOEvSmZLOlnSOpF/ZXj7qg0op5SD8gvh5kaSX0HuFyuVepJ/GtXXf9WX7ulEfUkop9wo/d8L1la+tv+LDhcpdMeH6yveu82wvGvUhpZR+d8K1lX/+IR5AUY8r8wON7bSyxZOF3jmSXsZJrc4vJZ0o6QRJJ9u+o8QDSCnlV7kvjk1PXhE36jVuhw2MUX59empcW/kaO3scD5BTkVJ6Ylxbr4zfT+GDg8LltyHHx7V1ou2rSmxuSsnxUPnKCT+/XUDTsHp/Y/uslf+LB4Xe6Oq/mRBShRRPw4dLOqTUL4o1ic/cuvGzDq9rUYj8yvQoSYfm37YX1nhiUkrPjmsrr7n+1wU0CVD05h6W712Szpjp8J9xSik9Ojpu3hLXGJP/y7SN7S1XtuyhoXdDSXv3XqHC5T2l95R0oO2bWjqwlNJjJf2LpI3iSXrSiZbAkNwj6UhJe0k6xvbSlgqdUsrjFt8R1xc9wBi1fL/aT9K+ts9vqfoppTy5+6WS3iNpPUmPLaBZWOF8289d+Q8PDb0HxQlDWW6V9F1J37F9Xg/nJrYR3DDWi/5/BTQJ7cpDg76Tb8i2b2n9PMdr2pdF+F0vVmQBhmF5PEjm6+vHtu9pvcrRebNeXF//UECTID3Z9rWaGHrji/DmWMYDZbhE0s6S9rF9V4/nJKX0G/HqaHO+QDBAKW7GO9k+qdfCxmSdvPvmppL+qIAmoQ15Tsnukr5qe26v5zSl9BxJW8QbFobujc9GtvMbvAeF3mdFjwfGL08m3D7GEibOxwoppRfGntpvZ4tszNCS6HX6iu1fU8QVYiWI9SV9LFaEAGbiakk75iF4tY6DH4aU0h/Eg2X++d32jrB4e9vOQ08eFHo3j15FjE8Ou1v13PM0FSmlvD7plnGTZtwvpiK/Vv2GpO1s30DFJhdv/PK4+s8SfjENuTd32xiCdzeFm1xK6XHx1nLzCZtlYPiusX3fMMmJofeA6EHD6OVVGD5N2J2eCL9bMQ4dq5HHFO4Ri5RfQ6GmJoYVrR/h9y9raDPG4vo8O56wOz0Twu9HmfQ2Mn+c11OfGHrzEiJ/1v5xFyW/CvqEpIMYxjBzKaW/y2PHYgFxYKWj83i6h25DiamLHRf/Q9Ln2F0RE+RhQjtJ+gLDGGYupZR3Mv1CTNrmreVwvcX2YfetxxtrpRJ4R2dx9KA8w/aBBN7ZsX1aXoA6Zss2tYwbZiSP1X2j7dcReGfH9jLbX4vtWb8ePefo28F5C+y8vSuBd3byUKsYa/q3kn5W87FUIO8Ie/8mFM/vvRojdHSE3a17XZFhGPLi5jE78+mSvtneEWIK7o6HyWfZ/hEFGxzbt9reLN6mnNPKcWFa8gZI69hez/aVlG5wYsewvM7vJrHyBQbvvjfBK0Mv+7UP33xJG0TvE2MLh8T2AtsfiHVImZ3fj9xL8rx4mGx+LdBxiU0F8jbiH5fEQ3sf8m5pX4mHyeN6L8aw5De+tr8dY+gPa/Mox+oZmhB6n9FnDUbmkOjd3a+T4x0726fEtqvbxZqsaNPSmBDy97Yv4hwPXwx52EFSXoP01NaPt3O54+Cltje3vaj3YoyC7RttvyUmaM9v/4hH5sl54xBC73DlL4lNbL/N9ryWD7REtpfY/qSkV0m6rvd6NOgCSS+0/ZUa9+6vne3LJL08hpQw1rc9udfx+bZP770Q42D74HiwPKG/ox+av1wZep/a4MGN27l5DEm8rsAY2f5J9PoewXloRl5z90W2L+i9EONke3keUiLpH2M1GtTv9rxcne1N6N0dL9t5Sbh1YpWnZT3XYkCe9huxHuOTmjiccuSJVC+2fUnvhSiF7fm283bGH+bLo2p5tvhbbW+ae/J7L0YpbP80Hix/2HstKvfzvCmJ7e/3XohSxCTtL8VEt2t7r8csPTkH3sdMGNuL2bk7hjN8gIW6y2Q7r+f7akk3916LCl2al/axfWjvhSiR7TtiN7fP9V6LSu0XY+PpsS+Q7TPzcC5JJ/dei1n4k5WhF7OXX0O8jOEM5bM9J748zu69FhXJS5D9DZPVyhYz0LeK8Htn7/WoRH7zlSeqbcAymmWzfVN02uzSey1m6A9z6H10lU0vy7kxoeaM3gtRC9tzY1mzQ3qvRQV2lvQm27f3Xoha2P6BpJdImtt7LQq3QNIb8mTQ3gtRi7wko+0PSvpALCeHqXtiDr2PomCzcmyexJF3Vqn4GLoUvRpvjy2MUZ78hf4R21uwOkN9bF8Ywff83mtRqOvj3nVs74Woke08d+jNrJc9Lb9L6J2dvWK7U17jVSpmn+fJbR/rvRaFyZPU3m77y70Xoma2r4uVHY7vvRaFycOEXmL7vN4LUbN4o/IKSbf0XospenwOvWtV0dTy5E0PNmb3pzbY3lHS/+d1URHuileuB/deiBbEBLc3sMtUMc6MDSfYGbQBMazyJaxFPyVr59DrChpamu3ypgd50kbvhWiJ7e9K2pAlzcYqjzF8he0TO65Bc2I1m7zD1P6912LMcuBdh/HxbZmwUQxLmq3eY+npnb5Pxy5faFAE37dKogd/9BbEDZkJoQ3KQ4nioZLgOx55k55XRc87GhPBN/f4Xs65XaVHsD7v9OTA+/maGozpi3FSb6PHd6Ry4H0NgbdtEXw3iPkQGJ05Mf9kITVvl+1ro8f3it5rsSqE3qnbkcDbjwi+7+m9DiNyV9yQz+ziaDsXK3FswhjfkTknr5tse3Enx9u1CL6vlcSKUpMg9E5N3nDi4zU0FIMTQx02o6RDlYeRvM32KQ0fIx4ienz/VdIJ1GaofiXpdQxp6EsMdcjB97bea/FQhN41yzPI38ektT7Z/rqkz/RehyHJ19SGto9q8uiwWjG57U2SzqJSQ3FNDBma1+CxYQ1s/zI/8Eiih38CQu/q/SyPP4teCXTK9v9Ebz8G679sH0BN+xWv3N8o6areazFgd8ayf8zm71jMkXgnS3E+gNC7aldLWtf2klIbiJH6QMx+xmB82/Z21BK2b451fBd0X4zByAFnfdsXtHAwmB3bR0hixalA6J1c/vJ9fXwZAytfxealzH5NNWbtpHiIAO5jO+8Qtr4k3qrN3odsH137QWBwbG8vaXdKSuidTB5n+I74EgbuZ/u2eBXLpJCZuzI/PMRDBHA/28dI2oKKzMpuMQ8BeKhNJZ3ce1UIvQ+3DRNrsCq2L2UpsxlbGoH31krbjyGz/VVJjPOemTwh8MM1NhzDZzuvlPN2STf1XG5C74MdK2nrkhqE8tg+XNL2nJpp29T2uZW1GaP3XkkXU/dpuTWW/ltaUZsxYrZv7H0YEaH3AXMlvYuVGjBF/x27HGFq9rLNChhYo9g1LI+fX0S1piTFveuaCtqKMbOdhzj8V6/ngdC7Qp7t+k7bt5TQGJTP9rJYCoZX9Wt2SYwnA6bE9sVsDDNlX2LiGqZpB0ldfmYIvSvkL41TS2gI6mH7eknv55St1rLohWKBdEyL7b0kHUrVVut8SZ8tuH0oUGy2tbGk+b2dH0KvlMcYbllAO1Ah29+XtC/nbpW2sn1OoW1D+f5d0g2cp0ktjQdKxvFi2mzfENdXV3oPvUviS+OeAtqCem0Wm5ngwU6T9EVqgpmyPT96pPBwn7R9IXXBTNnOb1L27KmAvYferWLsGDBjthfEjHM8IPc+bcTEUMxWjFf9DoV8kPxA+ZWC2oN6faSntyk9h95fSNqxgHagAbaPY5jDg3zeNrvXYVA+LokdMlfIbybfG+MygVmxnTdb+mAvVew19ObVGjaJGfjAoHy0x4kBk8i7GW5XXKtQrdjQhI0XVvgiO4ZikGwfIukHPRS119C7i+2zCmgHGmJ7Htuo3rdm6HvZZhiDZvuAXpdZmiC/Pfl8Ma1BS/LclDtbP6M9ht78iuwzBbQDbcpDHH7a8bnd2/ZpBbQDbfpgvN7v1YdYrQHDYDtv0LVN68XtMfR+OiYeAQMX4+w2jx7P3uQdtD7FpwrDYvuyjidwHWX7mALagXbla+vKlg+wt9CbF/JmK1QMle2zJe3TYZW/EBt2AMP0P5LmdVbhZQydwrDFsLSPtVzo3kLv5rbvLaAdaN9/S+ppF7K8TvFOBbQDjYvZ5r0NUfu67UsKaAcaF2v3zmn1KHsKvT+yfVIB7UAHosdzh47OdR42dFcB7UAf9pDUyxrrd/Qw1hJFafatQk+hl8lrGLWd44bVuhw+9ufThVGJTU+27qTgX46d6YCRsP1zSUe0WO1eQu8Rts8toB3oiO3bO9kAZWuGDWEMDpL0y8YLnx+av1xAO9CfrVqckN1D6M0n7dMFtAN92rnxDSvOi/ABjFQ8aG3ZeNW3i4dnYKRsN/nd3kPoPdj2BQW0Ax2yvbDxsb3b0MuLMToiVuVpUd6F7mt8uDBGzQ0h6iH0fqmANqBvu0pa2GAFLpV0eAHtQKdiXeztGz36b8ZDMzAWsd31kS1Vv/XQe1KsmQqMTbye/FaDZ2AnenlRgAMlXdPYiVhKLy8K0VTHYeuht6clo1C2vNPN8obOUd4cYO8C2oHO2V7W4GSvfW3fVEA70Dnbp0g6q5UqtBx6c7f8UQW0A8hfHLkn6oCGKrEL6/KiILs3tDxgosMGhWlmCFHLoffrMd4LKMUujZyJexodroFKxdjXvRo5f8ez+xoKc5ikG1o4Ka2G3rz9634FtAO4n+3TG5lpfrjtGwtoBzBRKw9iuxXQBuB+MYRo9xYq0mroPcD2ggLaATxUCzdmbsooTsw0P7XyM5MfJn9QQDuAh8pbf1c/cbnV0LtrAW0AJrNfvImo1eWSTuTMolDfrPzE7GH7ngLaATyI7bktzJNqMfSeZ7uZmYZoS7yBqHmXmz0YK4+CHSLptopP0LcLaAOwKnvUXpkWQ+/+BbQBWJ2ax5tzfaFYtpdG8K3RT21fxacLBTuq8ofK5kJvamxZKLTppEpnwp4aS68BJav1wYwHShQtht58v+az1FroPSXGnQDFsr08dpGqDTdl1GBOhQ+VeXb8wQW0A1iT79VcodZCb9UnA12p7bO6rPYnfPQhtsau7frKa/PeXEA7gDU5WdL1tVappdCbKh7Lhc7YPlPS1RUd9Um2bymgHcBU1NZrWvPkVnQkHiqrfSvRUuj9me15BbQDmKofVlQp1g5FTc6QVEvPaWLLfFTmyFpPWEuht6YAAaiyzyzXF6oRvVG1BMkzbd9UQDuAqcqTsavcAIzQC4xPnnCzsIL6X8BSSqhQLW8nuHehKrGKwzE1nrVWQu9Vti8soB3AlMWaosdWUDFuyqjRcZLurqDd1b4qRteqvC+0EnqrfOIA4sZcuhqCOfAgtvNblJ8VXpWbbJ9fQDuA6arh3vUwrYTekwpoAzATPym8ark3+vQC2gHMROnXF/cuVMn2jZIuqa3thF5gjGznL43rCj4Hp9teUkA7gJk4ofCqce9CzU6sre0thN5L4okDqFXJNz5uyqhZXg/7roLbX3pPNLA6hN4xqK7owEPMKbgg3JRRLdt5Ittphbb/+njTA9Sq5HvXpFoIvYw3RO1KvSkvl3RWAe0AZuOMQqtXaruAKYkNwS6vqVothF5uyqjdryQtLvAYLrJdYruA6Tiz0GqV2i5gOs6uqVq1h96FNc4eBCaynXtUzy2wKDxQogWl3pTPKaANwGxV9TmuPfT+PLabBGpXYq8PoRfVs51XRylxsnNVPWTAKlQ1TKf20MtNGa0o8WmZnii0orR7xeW2byugHcBs5beUqZYq1h56LyigDcAglPZZzl9ibO2NVpR2fXHvQhNs3ynp6lqOpfbQ+6sC2gAMQh6bXtJQnWuYxIaGlHavuLiANgCDUs3nufbQyxcHmhC7npX0tMy1hZaU9nmmwwYtqebzXHPovcH2HQW0AxiUiwqqJDdltKS0z3NJ1zowW/T0jgA3ZbSmpM80Pb1oRow7vLag42GpTbSEnt4RuLLitgOTKekzzfWF1lxVyPHcantBAe0ABuWKWipZc+gt6akdGISSPtNzC2gDMEilXF/XFNAGYJBujG3ri1dz6OWLA60p6TNN6EVrSrm+6LBBU2JX0etrOCZ6eoFylPKZvt32ogLaAQxSKQ9y3LvQoio6SujpBQphe56kpQW0hmsLLSrlplzNQv7ANBB6h+zmitsOrEoJn2uuLbSolM/1vALaAAxaFfeNmkMv+5ajRfMLOKZbC2gDMGil3DO4d6FFVXyuaw29C2yXtGUrMCglfHFwU0aLSnmYK+HBFhi0Kj7XtYZevjTQKkIvMBz09ALDQ0/vEPGlgVaV0BvF9YXm2L5HUgmrknB9oUWE3iG6s9J2A2tSwk2Z3aLQqhJuzNy/0KKFNRxTraGX8bxoVQlLli0poA3AMJSwa1QVO1cB03RPDQWrdiJbAW0AhuEuqgoMTRp3aW3T04sWVbGhUc1LlgEYDnZjQ6vu4MwC/ao19FbRjQ7MwOICisb1BQzH3dQVjariLeVaBbRhJp6XUtqrvmYDa/TMAkr0oZTSugW0Axi0PxlzRc29C416bA2HlS/A50g6v4C2AAAAAEPBmF4AAAA0j9ALAACA5hF6AQAA0DxCLwAAAJpH6AUAAEDzCL0AAABoHqEXAAAAzSP0AgAAoHmEXgAAADSP0AsAAIDmEXoBAADQPEIvAAAAmkfoBQAAQPMIvQAAAGgeoRcAAADNI/QCAACgeYReAAAANI/QCwAAgOYRegEAANA8Qi8AAACaR+gFAABA8wi9AAAAaB6hFwAAAM0j9AIAAKB5hF4AAAA0j9ALAACA5hF6AQAA0DxCLwAAAJpH6AUAAEDzCL0AAABoHqEXAAAAzSP0AgAAoHmEXgAAADSP0AsAAIDmEXoBAADQvLU4xXiIhZKWSboj/us7JS2X9Lj458fG5+Z3KBwwLUnSAkl3S1oc11W+vh4pae3ohPg/kh4l6TcpLTAtSyUtmXAPWxI/a8c19ui4rtYm+/SLE9+XfKO9LH4ujZ/rJc2TdKOkW2wvmUpFUkr5s/PE+HmSpD+Q9LT4eXr8ftwU/lVAK26Ka2rlNXa5pJvjv58X19e9U7y+fiuuqd+X9HuSnizpzydcY0+LcAz0ID8gXj3hvnVZ/HO+tm7Jv20vmGodUkpPeMj9608n3Lfyzx/zqWqTU0rPkXR+74VoUO5BOlvSORN+LrOdRnWoKaU/kvQCSS+c8Pv3ezoJaNY1ks6ceH3ZvnVUB5tSeoSkv3zI9fV8SY/hI4fK5YD7i4fcu35he+moDiul9NuSnjfh2so/f8EHq36E3nbcJek0SSdIOjEHXtvLSzu6lNIzJb1S0qsk/aOkxxfQLGBNboxr6yf5t+2rSqtYSikH3hdLerWkV0j6W0mPKKBpwOqkCLknxs8c23eWVrGU0hPjvvXK+HlqAc3CNBF66zZf0hGSDpd03FSHJpQipZTHML5U0rqS3hKvmIBSXCDpMEmH2j6vtrOSUsrjg18f19brYywjUIK74wHy0HwPs31TbWclpZRD75slvTUeMF1As7AGhN765HFLB0r6nqSTS+zNnamUUn49u56kDSX9YZ1Hgcr9WtJekg62fWkrJzN6gV8j6V3xkPnoApqFvuTx7MdJ2lfSkbbvaOXoU0p/GNfVeyS9qIAmYRUIvXXIr39OkvSd6HVa3PTBrhivuI6kjSW9iQk7GLL8KvUgSXva/mnrxU4p5SFF75S0UYxVBIYpTzrbU9I+tq9tvdIppb+Ka2sD5rCUh9BbtkXR6/Rl25f1WIAYR/U+SZvFbHZgUPLqCl/O15jthT1WNd6ubCFp/VjWCRiUoyXtJOn4UU6gLkVK6ZHx5vIjMSEOBSD0lik/DX9V0u62b++9GFrxBfKo6J3KN+hnF9Ak1OtkSTvGK9YpLSHWulhpZbN4wGRyKWYqzyvZR9LOtn9FFVdIKf193LvWZezveBF6yzJX0rZ5GIPtu3svxmRSSvkL418kfVbSc8trIQo2R9JWtk/iJE0ulmr6qKTN2YAG05DD7m6StrN9A4WbXKxetGW8WSH8jgGhtwx5OaTt8peG7bt6L8ZURPh9m6TPSXpG+S3GGOWe3c8SdqcupfS4CL6EX6zOPTHX5PO251KpqYnctXV04GCECL3jlZ+Ot4+n40U9F2KmYtmz90raJnbXAVbKY3Y/ZvtwKjIzMab+fyRtEtskAysdEddXl/NNBiGl9Hcxr4AVH0aEL7HxybPFn2F7SwLvzOUxmbZ3iy1ad4yeB/Qtr8bwSUl/ReCdHdvzbL8vdqeaU/OxYGDy+tWvsb0ugXd2bJ8Wa/zmpc4YFjIChN7Ry2t/vsL220vc1alWec1H2x+LSW4n916Pjn0/PwDZ3m6U25a2znbeBvblkv5VUnUbCWAgFsdKBM+zfTwlHYy8soXtvSU9PXp9mVw7RITe0Vke43afw9jC4bF9iaR8c/6P6PFDH67PM6Ntr1/j7k61sJ03xsnrkO7dey06k0Pus2zn5TOX9V6MYcjLJtrODxV5yMOF7R1hGQi9o5HHTL/I9idr2yq4RvHkvGtMcDuq93p0YA9Jz7R9RO+FGAXb823n17GvlXRN+0fctTtio4V1bF/ZezFGwfYZkp4fk7R5wBgwQu/w5dcVf2v73NYPtDS2r5P0RkmbSuJVd3tujd7d97a0pWktbB8bywZ+v/daNCqPN32u7b163FxinPKSpba3kpTX972i30oMHqF3eG6W9Lr8uoKxheMTvb7fiB1xLui1Dg36SQwVond3jGzfloeUxOoOTMhtw72xnNbLmHcyXtHrmx8s9+u5DoNE6B2OPGb32baPbvHgamT7glgWZo/ea1G5FBuTvDp68lEA29+OV7KMRaxbXjP+5bbzutbLey9GCWzfaXsDSRtKYh3/WSL0Dt5OsZzLza0dWO3yeOr8Kjy2WmVps/rkLbnfYHtrtg8uj+1fS3qxpEN6r0WlTs8PLrZP6SgGaTYAAA8oSURBVL0QJbK9b0xyu7r3WswGoXdw8hPYu2x/lNmtZbP9LUn/GL0aqMOFMRn0x5yvcuUZ6JLWk/Qpll6qyu75O5EthMtm+zxJL5B0Yu+1mClC72Dk8PT3tvdv4WB6YPtn8TqWCYbly8OEXsxC+HWIcfTbxhari3uvR+Hyg8kHbf97njzVezFqkFdPyatpSPpG77WYCULv7P1K0kts/7z2A+lN9GrkHt9jeq9FwfJY0TdGDyIqYvvIuL4Y6lWm/HbybbZ36b0QtcnjrW1vGjtPYhoIvbNzqqSXMsO1XnmSgKR/lrRn77UoUN6iexMm1NTL9tm5U0DSr3uvRWFuicmgh/VeiJrlnSfzsErmqEwdoXfmfhgT1m6t9QCwgu38hfFvsWMexi+/cs2vW7fhXNTP9hWx3uiZvdeiENdFZ81pvReiBTGs8nWs7DA1hN6ZOSxeC7G7WiNiHOInYxccjE8OvBva3p1z0A7b82IcIsF3vK6OJcnoeW+I7RMkvV7Sgt5rsSaE3unLT1XrMei/TbELzn/1XocxWRaB97tdHn3jYte8dWJYGEbv8phwzYTQBtk+Ka4vgu9qEHqnZ/+4KTPGsGG2v0jwHbl74+0JgbdhEXxfK2lO77UYscujh/faro66M7GDG8F3NQi9U/cDAm8/IvgypnR0NmJL4T7YXhzLmZ3Tey1G5LqYtEbg7UAE3zcyxndyhN6pyfv8r0/g7YvtLSWxnM/wfcj2Pq0fJB4QPb6viyUfMTx5lYZ1WGGoL7Gr3ttY1eHhCL1rlide/IvtpaU3FEPxIUn7UdqhyXv8f63RY8NqxOS217Ct6tDkV9yvt31Ro8eH1bB9VH47zc6ID0boXb38dPzPsZYrOpRXdYjlzNj2cfD2sL11aweFqYtX7q9jDOLA5aDzdttnNXZcmAbbB0j6BDV7AKF31VY+JbObUOdipY78quiS3msxQPkhYtNmjgYzZvviuL4YPjY4eWvho1s5GMyc7R0kfYsSrkDondzyWJbs4hIbh9GzfZukN0iaT/ln7ZJYqYFl/3Af28fxEDQwX7X9jUaOBYOxmaTjqSWhd1U+bPvYMpuGcbGdl/15c6wni5m5Pc8sjocI4H62d8uBjYrMyjGStqi4/RiC2HV0PUmX9l5fQu/D7Wf766U1CmWIWbH/yemYsQ1YHB+r8TFJbI87M3lC4DtZZQiTsZ07HN4qaXHPBSL0PtgFkt5fUoNQpC9LOphTM21fsH1kZW3GCE3okWIuxfTcHUPybq2p0Rgt27/sPeMQeh+QV2h4q+1FpTQIZYoVHTaWxP71U5cnrn2mlsZifGxfL+kdLLU0LR9mpQZMhe19Je3aa7EIvQ/4d9uEGExJLGO3XvSwYPXyeqzv4LUrpsp2fkhiObupOdB2tyEGM7K5pPN7LB2hd4X9Yz07YMps/0LSf1OxNfo3lv7DDHxe0ukUbrXyFsP/UXD7UKDYbOtdkrrbdIvQK81lqRzMws6xTTUm9y3bP6Q2mC7beZWUDSQx5GzV3s1KKJgJ2xdK+mRvxes99OaxmRvGrEZg2mzncYfvlnQH1XuYvErDRwtrEyoSK318hHM2qZ1tn1Bgu1CPr0jq6jPUe+jdxfZJBbQDFbM9lxvzpDayvbDAdqEitneXxLrpD3YpQ6swWxMmZXfzNqXn0Jv3fP90Ae1AG/aKFQqwwm62T6UWGJC8zNJdFPN+77e9pJC2oGK2r5H0qV7OYc+hd1PbCwpoBxoQT8zv73FiwCRu7HGsGIbH9pWSPkuJ77NnrG4BDMouks7uoZq9ht5Dbf+ggHagIbYvZZml+2zGOHkMQZ40em7nhZ0Xu9YBAxPLSW4iqfllJXsMvXkLvg8V0A60afvON6041vYhBbQDjYnVHD7Q+Xn9T3ZdwzDYPj96fJvWY+jdzvZ1BbQDDYptVLfo9Nwu7/jYMQK287q9+3da63Mk7VNAO9Cuz0lq+qGqt9A7N3rigKGx/aNOZ5vvFms/AsP0iU4ntW0eSyQCQxFrPm/ZcnV7C72fsM0MYIzCFj2Mj5rg9ta/LFEG23nlnS91djoOYjUUjMhuki5qtdg9hd6zJLHVMEYiejy/3VG1t7E9v4B2oA9filVCenBP9G4DQxdj5z/eaqV7Cr1bxrJSwKh8Pm5Yrcvh45t8qjAqtvOE5O06Kfh3bF9VQDvQCdtHSTqjxaPtJfT+zPbRBbQDHYlFv3sIg19g2BDGYNeYp9GyvAHFtny4MAZNbljRS+hlu0aMyxfjxtWquRE+gJGKHclaD4S7xcMzMFK2T5A0p7Wq9xB659g+qYB2oEO2b4iJAa3a1vbdfLYxJt9puLd3SUdDOFCmrVo7Lz2EXr40MG47NDq292ZJexXQDnQqHrh2bPTo946HZmAsosOwqbG9rYfeCyQxlhdjFUssHdjgWfhavGIGximvknJbY2cgT7reqYB2AE3tbdB66N2BFRtQiNbWFV0k6RsFtAOds72wwQmjh9vueTtzlOMwSZe1cj5aDr15q+HvFdAOIN+YfynpmIYqsaftprerRFW+JqmlseU7FNAGQLELYDNvHVoOvbsxwQaF+WpDJ+QrBbQBuI/tvFb0QY1U4+e2TyugHcBK+0i6o4VqtBp6l3e2GxbqkMeXt7D80Im2m3ndhWa0skoKG72gKLbzcLZ9WzgrrYbeI2xfX0A7gPvFa6I9GqhIy0uwoVK2T43JyzW7k2F5KNS3WjgxrYZebsooVQ69yyo+O3mZssMLaAcwmdpvzPtFrxpQlJiX8rPaz0qLoTfvUX58Ae0AHibW3Tyy4srsyVh5FGzfyndA3L2ANgCrUn1vb4uhd/94jQyUar+Kz8x3C2gDMCnbt1f8UHmR7XMLaAewKofUvq1+k6G3gDYAq5NvygsqrNAF8YoLKFmt9wAeKFE023nM+Q9qPkuthd5f2L6wgHYAq2R7qaRDK6wQN2XU4KhKHyoPKKANwJpUPdGytdBLLy9qUeNnlZsyihcPlQdXdqZOt31FAe0A1uTHkm6vtUqthd5WFidH+06UNL+iozzT9lUFtAOYigMrq1Jt7UWn4qHyiFqPvqXQm8cbXllAO4A1sp03UPlRRZWqehwXujNH0sKKDvqHBbQBmCpCbwH40kBtapplXvMya+hM9EYdW8lRX2z78gLaAUzVcZKqXLqS0AuMz9GVfHFcbfv8AtoBTEctbyd4i4Kq2M5vUX5S41lrJfTmXaLOKKAdwJTF8i9zKqgYD5SoUR4+VMOa7VxfqFGVD2uthN7j2JAClarhFewxBbQBmBbbt0gqfbOHvLTa6QW0A5iuWoYPPUgrofekAtoAzMQJhVctP0yeUkA7gJko/RXsKTGpFaiK7cskXVdbuwm9wHjlsbK3FXwOzrV9RwHtAGai9IdK7l2oWenX18O0EHrnxhMHUJ0YlnNywe0+sYA2ADN1qqSSe1KPL6ANwExVN5mthdDLTRm1K7m3h+sL1YpZ5mcX2v78hucXBbQDmKnq3lS0EHqZBIDanVZw+1kVBbUr9fo6kwnYqFns0nlTTYfQQugt9SkemKo8rndZgdW6zHbJ442BqTir0CqV2i5gOs6sqVq1h967IzAA1Yrdo0r8HPNAiRaU+jkm9KIFVX2Oaw+959u+p4B2ALNV4o2ZmzJakCc6317gcXB9oQWE3hHiSwOtKPGzzPWF6tlOBT5UXm/7hgLaAczWOTVVsPbQ+8sC2gAMQomfZa4vtOKCwo6DawtNsD1P0o21HEvtofdXBbQBGITSPss32S7xlTAwExcVVrWLC2gDMCjVfJ5rD72lfZEBM2J7QWFbOnJTRksuKexYuHehJYTeEbjN9s0Vtx94qJJ6e7kpoyUXFnYspYVwYDaqeetec+jlpozWlPSZ5qaMZtieL2l+QcfD/QstKe2hcpVqDr1XFtAGYJBK+kxfXkAbgEEq5TO90PYtBbQDGJSraqlkzaH32gLaAAxSSZ/puQW0ARikUj7TXFtoTTV5rObQe3UBbQAG6ZqCqsmNGa0p5TNd0nUOzJrtvDvuTTVUsubQy00ZrSnlZrjI9m0FtAMYJHp6geGp4mGO4Q1AOfKTcgnbanNTRovo6QWGp4r7Rs2ht5odQICpsH2vpHkFFIvtUdGiUu4ZLLWJFjG8Ych4/YoWlfC55tpCi24t5JhKaQcwSFV8rmsNvYti4DTQmhK+OLgpo0WlPMzxUIkWVfG5rjX08qWBVtHTCwwHPb3A8BB6h4gvDbSqhF2jCL1oju0lkpYUcFzcv9CiknY8XCV6eoGyLCigNYsKaAMwDCVcX7cX0AZg0O6ooaI1T2QDWpQKOKYSggEwDHdRVaBftYbeOwtoAzAMVTwtA5gxHirRoireYNQaepcX0AagVUs5s2jUwnEfVqzHDWAMag29fGmgVSUETl4Bo1XLxnxc3LvQqiqWka019PJ6CK0icALtYmgeWrW4huNiIhsAAACaR+gFAABA8wi9AAAAaB6hFwAAAM0j9AIAAKB5hF4AAAA0j9ALAACA5hF6AQAA0DxCLwAAAJpH6AUAAEDzCL0AAABoHqEXAAAAzSP0AgAAoHmEXgAAADSP0AsAAIDmEXoBAADQPEIvAAAAmkfoBQAAQPMIvQAAAGgeoRcAAADNI/QCAACgeYReAAAANI/QCwAAgOYRegEAANA8Qi8AAACaR+gFAABA8wi9AAAAaB6hFwAAAM0j9AIAAKB5hF4AAAA0j9ALAACA5hF6AQAA0DxCLwAAAJpH6AUAAEDzCL0AAABoHqEXAAAAzSP0AgAAoHmEXgAAADSP0AsAAIDmEXoBAADQPEIvAAAAmkfoBQAAQPMIvQAAAGgeoRcAAADNI/QCAACgeYReAAAANI/QCwAAgOYRegEAANA8Qi8AAACaR+gFAABA8wi9AAAAaB6hFwAAAM0j9AIAAKB5hF4AAAA0j9ALAACA5hF6AQAA0DxCLwAAAJpH6AUAAEDzCL0AAABoHqEXAAAAzSP0AgAAoHmEXgAAADSP0AsAAIDmEXoBAADQPEIvAAAAmkfoBQAAQPMIvQAAAGgeoRcAAADNI/QCAACgeYReAAAANI/QCwAAgOYRegEAANA8Qi8AAACaR+gFAABA8wi9AAAAaB6hFwAAAM0j9AIAAKB5hF4AAAA0j9ALAACA5hF6AQAA0DxCLwAAAJpH6AUAAEDzCL0AAABom6T/BbNs1+5eJxCRAAAAAElFTkSuQmCC"/></svg>
diff --git a/docs/.vuepress/public/img/logo-white.png b/docs/.vuepress/public/img/logo-white.png
deleted file mode 100644
index 42fde25dd..000000000
Binary files a/docs/.vuepress/public/img/logo-white.png and /dev/null differ
diff --git a/docs/.vuepress/public/img/logo_purple.svg b/docs/.vuepress/public/img/logo_purple.svg
deleted file mode 100644
index 927848c4a..000000000
--- a/docs/.vuepress/public/img/logo_purple.svg
+++ /dev/null
@@ -1,23 +0,0 @@
-<svg width="169" height="30" viewBox="0 0 169 30" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0)">
-<path d="M5.99392 28.579C5.39445 28.5024 4.5909 28.8341 4.23377 28.4132C3.88939 28.005 4.14448 27.227 4.13173 26.6147C4.13173 22.0485 4.13173 17.4824 4.14448 12.9034C4.14448 11.7555 3.95316 10.6586 3.26441 9.70198C2.60116 8.78364 1.70833 8.15866 0.509388 8.10764C0.0884826 8.09489 -0.0135551 7.94183 -0.000800398 7.54644C0.024709 6.84493 0.024709 6.14342 -0.000800398 5.44191C-0.0135551 5.08478 0.0757279 4.90621 0.458369 4.86795C2.48637 4.66387 4.51437 4.43429 6.52962 4.2047C9.42494 3.88583 12.3075 3.55421 15.2028 3.23534C18.0471 2.91648 20.8914 2.61036 23.7485 2.29149C26.5545 1.98538 29.3606 1.67927 32.1666 1.3604C35.266 1.01602 38.3654 0.658891 41.4648 0.314513C41.5413 0.301759 41.6178 0.352778 41.6944 0.378287C41.9495 0.607872 42.0005 0.913985 42.0132 1.24561C42.0132 1.94712 42.026 2.64863 42.0132 3.35014C41.9877 4.28123 41.8985 4.39602 41.0184 4.63836C40.2531 4.84244 39.5133 5.09753 38.8628 5.5567C37.0261 6.83217 36.044 8.57957 36.0313 10.8244C36.0058 16.5385 36.0313 22.2399 36.0185 27.954C36.0185 28.3876 36.1206 28.8596 35.7124 29.2039C34.4369 29.1912 33.1615 29.1657 31.886 29.1784C31.3631 29.1912 31.261 28.9871 31.261 28.5152C31.2738 22.6735 31.261 16.8319 31.2738 10.9902C31.2738 9.34485 30.7508 7.96734 29.5136 6.85768C29.2713 6.65361 29.0417 6.43678 28.7228 6.34749C27.7535 6.14342 26.7841 5.92659 25.7892 6.04138C23.3914 6.30923 21.3123 8.32447 21.0062 10.7096C20.9042 11.4621 20.8532 12.2274 20.8532 12.9927C20.8659 17.916 20.8659 22.8393 20.8532 27.7627C20.8532 28.1708 20.968 28.63 20.5215 28.9233C20.445 28.9233 20.3812 28.9233 20.3047 28.9233C19.4884 28.7958 18.6721 28.9616 17.8558 28.8341C16.7589 28.7958 16.7589 28.7958 16.7589 27.7116C16.7589 22.4695 16.7461 17.2273 16.7589 11.9978C16.7589 10.3397 16.2487 8.92395 14.935 7.85255C14.8202 7.76327 14.6799 7.69949 14.5523 7.63572C13.2258 7.32961 11.8866 7.06176 10.5984 7.75051C8.7872 8.69436 7.88162 10.2632 7.85611 12.2912C7.81784 17.1762 7.84335 22.0485 7.84335 26.9336C7.84335 27.2525 7.84335 27.5713 7.8306 27.8902C7.81784 28.1581 7.75407 28.3876 7.52448 28.5662C7.0143 28.681 6.50411 28.63 5.99392 28.579Z" fill="#6F43E7"/>
-<path d="M83.5434 15.2774C83.6454 17.8539 83.3903 20.4303 83.7092 23.0323C82.5868 23.0323 81.3878 23.0323 80.2017 23.0323C80.5205 20.9916 80.342 18.9253 80.342 16.859C80.342 14.7928 80.5078 12.7137 80.2017 10.5709C81.5792 10.5709 83.0587 10.5709 84.5255 10.5709C84.6276 10.5709 84.7423 10.5709 84.7423 10.724C84.7423 11.4638 85.2015 12.0377 85.4949 12.6627C86.4005 14.6014 87.3188 16.5402 88.2371 18.4661C88.3264 18.6447 88.3519 18.8743 88.607 19.0146C88.9386 18.3386 89.2575 17.6881 89.5764 17.0248C90.4565 15.1882 91.4003 13.3897 92.1656 11.502C92.2804 11.2214 92.2549 10.7368 92.4334 10.6347C92.7396 10.4817 93.1732 10.5582 93.5559 10.5582C94.6655 10.5582 95.7624 10.5582 96.8721 10.5582C96.9103 10.5582 96.9486 10.5837 97.0124 10.5965C96.7828 11.0429 96.77 11.5403 96.77 12.025C96.77 15.2392 96.77 18.4406 96.77 21.6548C96.77 22.114 96.7828 22.5859 97.0124 23.0451C95.7879 23.0451 94.6017 23.0451 93.4156 23.0451C93.6069 22.165 93.7089 16.4891 93.5431 15.2902C93.3263 15.3157 93.3263 15.5198 93.2625 15.6601C92.2294 17.6498 91.209 19.6523 90.2779 21.6931C90.2014 21.8716 90.0611 22.216 90.0611 22.216C90 23 89.4233 23.0323 88.7983 23.0833C87.8035 23.1471 87.2168 23.0451 86.7959 21.8461C85.9796 19.563 84.7806 17.4202 83.7475 15.2264C83.6709 15.2647 83.6072 15.2647 83.5434 15.2774Z" fill="#6F43E7"/>
-<path d="M160.748 19.1043C161.985 16.4768 163.375 14.0152 164.345 11.3749C164.612 10.6479 164.919 10.5586 165.544 10.5714C166.73 10.6097 167.916 10.5842 168.987 10.5842C168.911 14.7422 168.911 18.8747 169 23.0583C167.967 23.0583 166.794 23.0583 165.62 23.0583C165.926 20.4946 165.671 17.9054 165.786 15.3162C165.518 15.3162 165.518 15.482 165.467 15.584C164.485 17.561 163.503 19.5252 162.533 21.5022C162.431 21.7063 162.317 21.9231 162.253 22.1399C162.164 22.4333 162.176 22.9307 162.01 23.0073C161.666 23.1603 161.232 23.0838 160.824 23.0965C160.378 23.0965 159.88 23.2113 159.498 23.0583C159.115 22.9052 159.255 22.3313 159.077 21.9614C158.006 19.7293 156.96 17.4845 155.824 15.2651C155.799 17.8671 155.608 20.4436 155.863 23.071C154.753 23.071 153.554 23.071 152.483 23.071C152.572 18.9385 152.585 14.7932 152.47 10.5969C153.758 10.5969 155.212 10.5969 156.666 10.5969C156.845 10.5969 156.909 10.6352 156.921 10.8393C156.947 11.1326 157.036 11.426 157.164 11.6938C158.286 14.0917 159.434 16.4768 160.569 18.8747C160.595 18.9002 160.646 18.9513 160.748 19.1043Z" fill="#6F43E7"/>
-<path d="M99.9841 10.5831C101.158 10.5831 102.484 10.5831 103.823 10.5831C106.259 10.5831 108.708 10.5958 111.145 10.5703C111.642 10.5703 111.833 10.6468 111.859 11.208C111.884 11.9861 112.076 12.7514 112.203 13.5932C110.991 13.236 109.818 13.0065 108.619 12.9299C107.012 12.8279 105.392 12.8917 103.785 12.8917C103.441 12.8917 103.288 13.0575 103.288 13.4019C103.3 13.9758 103.3 14.5498 103.288 15.1237C103.275 15.5447 103.466 15.6977 103.862 15.685C105.89 15.6212 107.93 15.889 109.971 15.3406C109.856 16.1441 109.741 16.9094 109.652 17.6874C109.614 18.0573 109.346 17.9808 109.129 17.9808C107.446 17.9808 105.775 18.0063 104.091 17.968C103.428 17.9553 103.224 18.1849 103.275 18.8099C103.313 19.32 103.288 19.8302 103.288 20.3404C103.288 20.6083 103.39 20.7868 103.696 20.7868C106.132 20.7358 108.581 20.9144 111.017 20.6848C111.578 20.6338 112.063 20.3659 112.624 20.0598C112.484 21.0674 112.382 22.0113 112.229 22.9296C112.178 23.223 111.872 23.0827 111.693 23.0827C108.951 23.0954 106.208 23.0827 103.479 23.0827C102.267 23.0827 101.068 23.0827 99.9969 23.0827C100.073 18.8991 100.073 14.7539 99.9841 10.5831Z" fill="#6F43E7"/>
-<path d="M136.578 10.5957C137.789 10.5957 138.976 10.5957 140.162 10.5957C139.881 12.088 140.06 13.6058 140.021 15.1109C139.996 16.1312 140.009 17.1516 140.034 18.172C140.085 20.0087 140.889 20.8377 142.687 21.0035C143.261 21.0546 143.835 20.9908 144.396 20.8505C145.353 20.6209 145.991 19.8174 146.016 18.5929C146.067 16.1695 146.042 13.7589 146.029 11.3355C146.029 11.0931 145.927 10.8508 145.863 10.5957C147.049 10.5957 148.235 10.5957 149.473 10.5957C149.065 11.7054 149.269 12.8533 149.23 13.9757C149.179 15.6466 149.383 17.3302 149.128 19.0011C148.771 21.3224 147.368 22.6999 145.072 23.1463C143.529 23.4525 141.986 23.4269 140.468 23.0315C138.274 22.4576 136.897 20.6592 136.845 18.2995C136.807 16.2588 136.833 14.218 136.833 12.19C136.845 11.6416 136.807 11.1186 136.578 10.5957Z" fill="#6F43E7"/>
-<path d="M35.7131 29.1938C35.7131 23.0843 35.7259 16.9747 35.7259 10.8525C35.7259 7.63829 37.8432 4.99807 40.9936 4.32207C41.5038 4.20727 41.6951 4.02871 41.6823 3.49301C41.6441 2.45988 41.6951 1.41399 41.7079 0.380859C42.3073 0.444633 42.843 0.712482 43.417 0.852784C43.6976 0.916557 43.7741 1.12063 43.7614 1.37573C43.7614 2.3706 43.7486 3.37822 43.7614 4.37309C43.7741 4.85776 43.4552 4.89603 43.1109 4.97256C40.764 5.55927 39.0931 6.92403 38.2386 9.21988C37.9707 9.9469 37.8687 10.6994 37.8687 11.4647C37.8814 17.115 37.8687 22.7654 37.8687 28.4157C37.8687 29.232 37.8687 29.232 37.0396 29.1938C36.606 29.2065 36.1595 29.2065 35.7131 29.1938Z" fill="#C5B7DD"/>
-<path d="M20.5222 28.9121C20.6243 28.6188 20.5987 28.3254 20.5987 28.032C20.5987 22.6751 20.6115 17.3181 20.5987 11.9611C20.5987 9.84381 21.3385 8.10917 23.0094 6.79543C24.7058 5.46894 27.0526 5.29037 28.7363 6.33626C25.6624 6.22147 22.7415 8.65762 22.7288 12.5478C22.716 17.7262 22.7288 22.8919 22.7288 28.0703C22.7288 28.9504 22.7288 28.9504 21.8615 28.9376C21.415 28.9249 20.9686 28.9249 20.5222 28.9121Z" fill="#C5B7DD"/>
-<path d="M7.52529 28.5557C7.51254 26.1961 7.49978 23.8492 7.49978 21.4896C7.49978 18.4157 7.47428 15.329 7.51254 12.2552C7.53805 9.80625 9.18341 7.62519 11.4155 7.10225C12.5251 6.8344 13.6093 6.92368 14.5787 7.62519C11.7088 7.71448 10.038 10.0486 9.7191 12.3317C9.62982 13.0077 9.60431 13.6837 9.60431 14.3597C9.61707 18.8493 9.60431 23.3518 9.60431 27.8414C9.60431 28.6705 9.60431 28.6705 8.80077 28.645C8.37986 28.645 7.95895 28.5939 7.52529 28.5557Z" fill="#C5B7DD"/>
-<path d="M133.797 23.0707C132.534 23.0707 131.361 23.0707 130.328 23.0707C130.379 18.9127 130.379 14.7802 130.328 10.6094C131.361 10.6094 132.56 10.6094 133.81 10.6094C133.529 11.1451 133.542 11.719 133.542 12.2802C133.542 15.3414 133.542 18.4025 133.542 21.4636C133.529 21.9993 133.542 22.5223 133.797 23.0707Z" fill="#6F43E7"/>
-<path d="M17.8567 28.8361C18.673 28.7979 19.4893 28.7851 20.3056 28.9254C19.4893 28.9764 18.6602 29.0019 17.8567 28.8361Z" fill="#C5B7DD"/>
-<path d="M5.99463 28.5802C6.50482 28.5674 7.01501 28.5674 7.52519 28.5547C7.02776 28.8225 6.50482 28.6695 5.99463 28.5802Z" fill="#C5B7DD"/>
-<path d="M128.21 23.0453C126.68 21.4255 125.851 19.2061 123.67 18.1603C123.861 18.071 123.976 18.02 124.091 17.9689C125.647 17.3057 126.463 15.9537 126.323 14.2701C126.157 12.2803 125.366 11.1962 123.529 10.8263C120.596 10.2396 117.611 10.7243 114.805 10.5457C114.984 14.7548 114.933 18.8873 114.831 23.0453C115.902 23.0453 117.101 23.0453 118.3 23.0453C117.93 21.7443 118.16 20.4434 118.109 19.1551C118.096 18.7852 118.376 18.7342 118.683 18.7215C120.915 18.5812 122.496 19.576 123.504 21.7443C123.708 22.1652 123.848 22.5862 123.631 23.0453C125.187 23.0453 126.705 23.0453 128.21 23.0453ZM122.012 16.4256C120.825 16.7572 119.614 16.5787 118.402 16.5659C118.109 16.5659 118.096 16.3236 118.096 16.1068C118.096 15.2139 118.096 14.3211 118.096 13.441C118.096 13.1222 118.223 12.9691 118.542 12.9691C119.052 12.9691 119.563 12.9691 120.073 12.9691C120.073 12.9818 120.073 12.9946 120.073 12.9946C120.609 12.9946 121.132 12.9563 121.654 13.0074C122.56 13.0839 123.045 13.5941 123.147 14.4614C123.249 15.3925 122.828 16.196 122.012 16.4256Z" fill="#6F43E7"/>
-<path d="M77.4594 14.7167C76.9237 12.3698 75.4313 11.0178 73.0972 10.5842C71.4136 10.2653 69.7172 10.2653 68.0336 10.6224C65.827 11.0944 64.3602 12.4081 63.8118 14.6274C63.4547 16.0687 63.4547 17.5355 63.8118 18.9768C64.3602 21.1961 65.7122 22.6119 67.9953 23.0838C68.8754 23.2624 69.7555 23.3517 70.7249 23.3261C71.3626 23.3644 72.0514 23.2879 72.7529 23.1986C75.087 22.918 76.7834 21.5022 77.3828 19.2446C77.791 17.7523 77.8165 16.2345 77.4594 14.7167ZM74.2452 18.8875C73.9773 19.8058 73.4033 20.4563 72.485 20.7369C71.2095 21.1323 69.9341 21.1323 68.6841 20.6604C67.9061 20.367 67.3576 19.8186 67.1025 19.0278C66.6433 17.6248 66.6178 16.1963 67.0515 14.7805C67.3321 13.8366 67.9571 13.2117 68.8882 12.9183C69.9468 12.5867 71.031 12.5739 72.0896 12.8163C73.5947 13.1606 74.3344 14.1683 74.4875 15.9284C74.513 16.2218 74.4875 16.5279 74.4875 16.8212C74.5258 17.5227 74.4365 18.2115 74.2452 18.8875Z" fill="#6F43E7"/>
-<path d="M61.6052 14.0013C61.4012 12.4325 60.4446 11.2845 58.9268 10.8636C58.2508 10.6723 57.562 10.583 56.8478 10.583C54.7432 10.583 52.6387 10.583 50.5342 10.583C50.3556 10.583 50.1643 10.5193 50.0623 10.583C50.4194 12.7003 50.2153 14.7793 50.2281 16.8456C50.2281 18.9119 50.4066 20.9909 50.0878 23.0571C51.2612 23.0571 52.4474 23.0571 53.6846 23.0571C53.2764 21.9092 53.5188 20.7996 53.4422 19.7027C53.404 19.2307 53.5443 19.0904 54.029 19.0904C55.432 19.0904 56.835 19.1797 58.2253 18.9884C59.9726 18.7461 61.2609 17.5981 61.567 15.889C61.6818 15.264 61.6945 14.639 61.6052 14.0013ZM57.4217 16.5522C56.2483 16.9349 55.0366 16.8328 53.8249 16.8073C53.4933 16.7946 53.4422 16.5267 53.4422 16.2461C53.4422 15.7742 53.4422 15.315 53.4422 14.8431C53.4422 14.3712 53.4422 13.912 53.4422 13.4401C53.4422 13.185 53.506 12.9682 53.8249 12.9682C54.9856 12.9427 56.159 12.8406 57.3069 13.134C58.085 13.3381 58.4421 13.8482 58.4931 14.7283C58.5441 15.6467 58.1742 16.3099 57.4217 16.5522Z" fill="#6F43E7"/>
-</g>
-<defs>
-<clipPath id="clip0">
-<rect width="169" height="28.9149" fill="white" transform="translate(0 0.316406)"/>
-</clipPath>
-</defs>
-</svg>
diff --git a/docs/.vuepress/public/img/logo_white.svg b/docs/.vuepress/public/img/logo_white.svg
deleted file mode 100644
index b045375c1..000000000
--- a/docs/.vuepress/public/img/logo_white.svg
+++ /dev/null
@@ -1,23 +0,0 @@
-<svg width="161" height="28" viewBox="0 0 161 28" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0)">
-<path d="M5.71009 27.3796C5.13899 27.3067 4.37349 27.6226 4.03326 27.2216C3.70518 26.8328 3.9482 26.0916 3.93605 25.5083C3.93605 21.1583 3.93605 16.8083 3.9482 12.4461C3.9482 11.3525 3.76594 10.3075 3.10979 9.39618C2.47794 8.52132 1.62737 7.92592 0.485183 7.87732C0.0842016 7.86516 -0.0130059 7.71935 -0.000854965 7.34267C0.0234469 6.67437 0.0234469 6.00607 -0.000854965 5.33777C-0.0130059 4.99754 0.0720507 4.82743 0.436579 4.79098C2.36858 4.59656 4.30058 4.37784 6.22043 4.15913C8.97869 3.85535 11.7248 3.53943 14.4831 3.23566C17.1927 2.93188 19.9024 2.64026 22.6242 2.33649C25.2974 2.04486 27.9706 1.75324 30.6438 1.44947C33.5965 1.12139 36.5492 0.781165 39.5019 0.45309C39.5748 0.440939 39.6477 0.489543 39.7206 0.513845C39.9636 0.732562 40.0122 1.02418 40.0244 1.34011C40.0244 2.00841 40.0365 2.67671 40.0244 3.34501C40.0001 4.23203 39.915 4.34139 39.0766 4.57226C38.3475 4.76667 37.6428 5.00969 37.0231 5.44713C35.2733 6.66222 34.3377 8.3269 34.3256 10.4655C34.3013 15.9091 34.3256 21.3406 34.3134 26.7842C34.3134 27.1973 34.4106 27.6469 34.0218 27.975C32.8067 27.9628 31.5916 27.9385 30.3765 27.9507C29.8783 27.9628 29.7811 27.7684 29.7811 27.3188C29.7933 21.7537 29.7811 16.1886 29.7933 10.6234C29.7933 9.05596 29.2951 7.74366 28.1164 6.68652C27.8856 6.49211 27.6668 6.28554 27.3631 6.20049C26.4396 6.00607 25.5161 5.7995 24.5684 5.90886C22.284 6.16403 20.3034 8.08388 20.0117 10.3561C19.9145 11.073 19.8659 11.8021 19.8659 12.5311C19.8781 17.2214 19.8781 21.9117 19.8659 26.6019C19.8659 26.9907 19.9753 27.4282 19.55 27.7077C19.4771 27.7077 19.4164 27.7077 19.3434 27.7077C18.5658 27.5861 17.7881 27.7441 17.0105 27.6226C15.9655 27.5861 15.9655 27.5861 15.9655 26.5533C15.9655 21.5593 15.9533 16.5652 15.9655 11.5834C15.9655 10.0037 15.4794 8.65498 14.2279 7.6343C14.1185 7.54924 13.9849 7.48849 13.8634 7.42773C12.5997 7.13611 11.3238 6.88094 10.0966 7.53709C8.37115 8.43626 7.50843 9.93083 7.48413 11.8628C7.44767 16.5166 7.47198 21.1583 7.47198 25.8121C7.47198 26.1159 7.47198 26.4197 7.45983 26.7234C7.44767 26.9786 7.38692 27.1973 7.1682 27.3674C6.68216 27.4768 6.19613 27.4282 5.71009 27.3796Z" fill="white"/>
-<path d="M79.5888 14.7074C79.686 17.1619 79.443 19.6164 79.7468 22.0952C78.6775 22.0952 77.5353 22.0952 76.4053 22.0952C76.709 20.1511 76.5389 18.1826 76.5389 16.2142C76.5389 14.2457 76.6969 12.2651 76.4053 10.2237C77.7176 10.2237 79.1271 10.2237 80.5244 10.2237C80.6217 10.2237 80.731 10.2237 80.731 10.3695C80.731 11.0743 81.1684 11.6211 81.4479 12.2165C82.3106 14.0634 83.1855 15.9104 84.0604 17.7452C84.1454 17.9153 84.1697 18.134 84.4128 18.2677C84.7287 17.6237 85.0324 17.004 85.3362 16.3721C86.1746 14.6224 87.0738 12.9091 87.8029 11.1108C87.9122 10.8434 87.8879 10.3817 88.058 10.2845C88.3497 10.1387 88.7628 10.2116 89.1273 10.2116C90.1844 10.2116 91.2294 10.2116 92.2866 10.2116C92.323 10.2116 92.3595 10.2359 92.4202 10.248C92.2015 10.6733 92.1894 11.1472 92.1894 11.6089C92.1894 14.671 92.1894 17.7209 92.1894 20.7829C92.1894 21.2203 92.2015 21.6699 92.4202 22.1074C91.2537 22.1074 90.1237 22.1074 88.9937 22.1074C89.1759 21.2689 89.2731 15.8618 89.1152 14.7196C88.9086 14.7439 88.9086 14.9383 88.8478 15.072C87.8636 16.9675 86.8915 18.8752 86.0045 20.8194C85.9316 20.9895 85.798 21.1596 85.798 21.3175C85.8223 22.241 85.1904 22.0952 84.595 22.1438C83.6472 22.2046 83.0883 22.1074 82.6873 20.9652C81.9097 18.7902 80.7675 16.7488 79.7832 14.6588C79.7103 14.6953 79.6496 14.6953 79.5888 14.7074Z" fill="white"/>
-<path d="M153.138 18.3527C154.317 15.8496 155.641 13.5044 156.565 10.9892C156.82 10.2966 157.112 10.2115 157.707 10.2237C158.837 10.2601 159.967 10.2358 160.988 10.2358C160.915 14.1971 160.915 18.134 161 22.1195C160.016 22.1195 158.898 22.1195 157.78 22.1195C158.072 19.6771 157.829 17.2105 157.938 14.7438C157.683 14.7438 157.683 14.9018 157.634 14.999C156.699 16.8824 155.763 18.7537 154.84 20.6371C154.742 20.8315 154.633 21.038 154.572 21.2446C154.487 21.5241 154.499 21.998 154.341 22.0709C154.013 22.2167 153.6 22.1438 153.211 22.1559C152.786 22.1559 152.312 22.2653 151.948 22.1195C151.583 21.9737 151.717 21.4269 151.547 21.0745C150.526 18.9481 149.53 16.8095 148.448 14.6952C148.424 17.174 148.242 19.6285 148.485 22.1316C147.427 22.1316 146.285 22.1316 145.265 22.1316C145.35 18.1947 145.362 14.2457 145.252 10.248C146.48 10.248 147.865 10.248 149.25 10.248C149.42 10.248 149.481 10.2844 149.493 10.4789C149.517 10.7583 149.602 11.0378 149.724 11.293C150.793 13.5774 151.887 15.8496 152.968 18.134C152.993 18.1583 153.041 18.2069 153.138 18.3527Z" fill="white"/>
-<path d="M95.2515 10.2358C96.3694 10.2358 97.633 10.2358 98.9089 10.2358C101.23 10.2358 103.563 10.2479 105.884 10.2236C106.357 10.2236 106.54 10.2965 106.564 10.8312C106.588 11.5724 106.771 12.3014 106.892 13.1034C105.738 12.7632 104.62 12.5445 103.478 12.4716C101.947 12.3743 100.403 12.4351 98.8724 12.4351C98.5444 12.4351 98.3986 12.5931 98.3986 12.9211C98.4107 13.4679 98.4107 14.0147 98.3986 14.5615C98.3864 14.9625 98.5687 15.1083 98.9453 15.0962C100.877 15.0354 102.822 15.2906 104.766 14.7681C104.656 15.5336 104.547 16.2627 104.462 17.0039C104.425 17.3562 104.17 17.2833 103.964 17.2833C102.36 17.2833 100.768 17.3076 99.1641 17.2712C98.5322 17.259 98.3378 17.4777 98.3864 18.0731C98.4229 18.5592 98.3986 19.0452 98.3986 19.5313C98.3986 19.7864 98.4958 19.9565 98.7874 19.9565C101.108 19.9079 103.441 20.078 105.762 19.8593C106.297 19.8107 106.758 19.5556 107.293 19.2639C107.159 20.2239 107.062 21.123 106.916 21.9979C106.868 22.2774 106.576 22.1437 106.406 22.1437C103.794 22.1559 101.181 22.1437 98.5808 22.1437C97.4265 22.1437 96.2843 22.1437 95.2636 22.1437C95.3365 18.1582 95.3365 14.2091 95.2515 10.2358Z" fill="white"/>
-<path d="M130.112 10.248C131.267 10.248 132.397 10.248 133.527 10.248C133.259 11.6697 133.43 13.1157 133.393 14.5495C133.369 15.5216 133.381 16.4936 133.405 17.4657C133.454 19.2154 134.219 20.0053 135.933 20.1632C136.479 20.2118 137.026 20.1511 137.561 20.0174C138.472 19.7987 139.08 19.0332 139.104 17.8667C139.153 15.558 139.128 13.2615 139.116 10.9528C139.116 10.7219 139.019 10.4911 138.958 10.248C140.088 10.248 141.218 10.248 142.397 10.248C142.008 11.3052 142.202 12.3988 142.166 13.468C142.117 15.0598 142.312 16.6637 142.069 18.2555C141.729 20.467 140.392 21.7793 138.205 22.2046C136.735 22.4962 135.264 22.4719 133.818 22.0952C131.728 21.5484 130.416 19.8351 130.367 17.5872C130.331 15.6431 130.355 13.6989 130.355 11.7669C130.367 11.2444 130.331 10.7462 130.112 10.248Z" fill="white"/>
-<path d="M34.0225 27.9636C34.0225 22.1433 34.0346 16.323 34.0346 10.4906C34.0346 7.42853 36.0517 4.91329 39.053 4.26929C39.539 4.15993 39.7213 3.98982 39.7091 3.47948C39.6726 2.49525 39.7213 1.49887 39.7334 0.514648C40.3045 0.575403 40.8148 0.830573 41.3616 0.964233C41.629 1.02499 41.7019 1.2194 41.6897 1.46242C41.6897 2.4102 41.6776 3.37012 41.6897 4.31789C41.7019 4.77963 41.3981 4.81608 41.07 4.88899C38.8342 5.44793 37.2425 6.74808 36.4283 8.93525C36.1732 9.62786 36.076 10.3448 36.076 11.0738C36.0881 16.4567 36.076 21.8396 36.076 27.2224C36.076 28.0001 36.076 28.0001 35.2862 27.9636C34.873 27.9758 34.4477 27.9758 34.0225 27.9636Z" fill="#C5B7DD"/>
-<path d="M19.5508 27.6962C19.648 27.4167 19.6237 27.1373 19.6237 26.8578C19.6237 21.7544 19.6358 16.651 19.6237 11.5476C19.6237 9.53053 20.3284 7.878 21.9202 6.62646C23.5363 5.36276 25.7721 5.19264 27.376 6.18902C24.4476 6.07966 21.665 8.40049 21.6529 12.1065C21.6407 17.0398 21.6529 21.961 21.6529 26.8942C21.6529 27.7326 21.6529 27.7326 20.8266 27.7205C20.4013 27.7083 19.9761 27.7083 19.5508 27.6962Z" fill="#C5B7DD"/>
-<path d="M7.16896 27.3558C7.1568 25.1079 7.14465 22.8721 7.14465 20.6242C7.14465 17.6958 7.12035 14.7553 7.15681 11.8269C7.18111 9.49392 8.74858 7.41611 10.875 6.91792C11.9321 6.66275 12.965 6.74781 13.8884 7.41611C11.1545 7.50116 9.56269 9.72479 9.25892 11.8998C9.17386 12.5438 9.14956 13.1878 9.14956 13.8318C9.16171 18.1089 9.14956 22.3982 9.14956 26.6754C9.14956 27.4652 9.14956 27.4652 8.38405 27.4409C7.98307 27.4409 7.58209 27.3923 7.16896 27.3558Z" fill="#C5B7DD"/>
-<path d="M127.463 22.1312C126.26 22.1312 125.142 22.1312 124.158 22.1312C124.207 18.17 124.207 14.2331 124.158 10.2598C125.142 10.2598 126.285 10.2598 127.475 10.2598C127.208 10.7701 127.22 11.3169 127.22 11.8515C127.22 14.7678 127.22 17.684 127.22 20.6002C127.208 21.1106 127.22 21.6087 127.463 22.1312Z" fill="white"/>
-<path d="M17.0112 27.624C17.7889 27.5875 18.5665 27.5754 19.3442 27.709C18.5665 27.7576 17.7767 27.7819 17.0112 27.624Z" fill="#C5B7DD"/>
-<path d="M5.71094 27.3807C6.19697 27.3686 6.68301 27.3686 7.16905 27.3564C6.69516 27.6116 6.19697 27.4658 5.71094 27.3807Z" fill="#C5B7DD"/>
-<path d="M122.141 22.107C120.683 20.5638 119.893 18.4495 117.816 17.4531C117.998 17.3681 118.107 17.3195 118.216 17.2709C119.699 16.639 120.477 15.351 120.343 13.7471C120.185 11.8516 119.432 10.8187 117.682 10.4664C114.887 9.90741 112.044 10.3691 109.371 10.199C109.541 14.2088 109.492 18.1457 109.395 22.107C110.416 22.107 111.558 22.107 112.7 22.107C112.348 20.8676 112.566 19.6282 112.518 18.4009C112.506 18.0485 112.773 17.9999 113.064 17.9878C115.191 17.8541 116.698 18.8019 117.658 20.8676C117.852 21.2685 117.986 21.6695 117.779 22.107C119.261 22.107 120.707 22.107 122.141 22.107ZM116.236 15.8006C115.106 16.1165 113.952 15.9464 112.797 15.9343C112.518 15.9343 112.506 15.7034 112.506 15.4968C112.506 14.6463 112.506 13.7957 112.506 12.9573C112.506 12.6535 112.627 12.5077 112.931 12.5077C113.417 12.5077 113.903 12.5077 114.389 12.5077C114.389 12.5199 114.389 12.532 114.389 12.532C114.899 12.532 115.397 12.4956 115.896 12.5442C116.758 12.6171 117.22 13.1031 117.317 13.9294C117.415 14.8164 117.014 15.5819 116.236 15.8006Z" fill="white"/>
-<path d="M73.7928 14.1721C73.2825 11.9363 71.8608 10.6483 69.6372 10.2352C68.0333 9.93141 66.4172 9.93141 64.8133 10.2716C62.7112 10.7212 61.3138 11.9728 60.7913 14.087C60.4511 15.4601 60.4511 16.8574 60.7913 18.2305C61.3138 20.3448 62.6018 21.6935 64.7768 22.1431C65.6152 22.3132 66.4536 22.3983 67.3771 22.374C67.9847 22.4104 68.6408 22.3375 69.3091 22.2525C71.5327 21.9851 73.1488 20.6364 73.7199 18.4857C74.1087 17.064 74.133 15.6181 73.7928 14.1721ZM70.7308 18.1454C70.4756 19.0203 69.9288 19.64 69.0539 19.9073C67.8389 20.284 66.6238 20.284 65.433 19.8344C64.6918 19.555 64.1693 19.0325 63.9262 18.2791C63.4888 16.9425 63.4645 15.5816 63.8776 14.2328C64.145 13.3337 64.7404 12.7383 65.6274 12.4588C66.6359 12.1429 67.6687 12.1307 68.6773 12.3616C70.1111 12.6897 70.8158 13.6496 70.9616 15.3264C70.9859 15.6059 70.9616 15.8975 70.9616 16.177C70.9981 16.8453 70.913 17.5014 70.7308 18.1454Z" fill="white"/>
-<path d="M58.689 13.4924C58.4945 11.9979 57.5832 10.9043 56.1373 10.5033C55.4933 10.321 54.8371 10.236 54.1567 10.236C52.1518 10.236 50.1469 10.236 48.142 10.236C47.9719 10.236 47.7896 10.1752 47.6924 10.236C48.0326 12.253 47.8382 14.2336 47.8503 16.2021C47.8503 18.1706 48.0205 20.1512 47.7167 22.1196C48.8346 22.1196 49.9646 22.1196 51.1432 22.1196C50.7544 21.026 50.9853 19.9689 50.9124 18.9239C50.8759 18.4743 51.0096 18.3407 51.4713 18.3407C52.8079 18.3407 54.1445 18.4257 55.469 18.2435C57.1336 18.0126 58.3609 16.919 58.6525 15.2908C58.7619 14.6954 58.774 14.1 58.689 13.4924ZM54.7035 15.9226C53.5856 16.2872 52.4312 16.1899 51.2769 16.1656C50.961 16.1535 50.9124 15.8983 50.9124 15.631C50.9124 15.1814 50.9124 14.744 50.9124 14.2944C50.9124 13.8448 50.9124 13.4074 50.9124 12.9578C50.9124 12.7148 50.9731 12.5082 51.2769 12.5082C52.3826 12.4839 53.5005 12.3867 54.5941 12.6662C55.3353 12.8606 55.6755 13.3466 55.7241 14.185C55.7727 15.0599 55.4204 15.6918 54.7035 15.9226Z" fill="white"/>
-</g>
-<defs>
-<clipPath id="clip0">
-<rect width="161" height="27.5462" fill="white" transform="translate(0 0.454102)"/>
-</clipPath>
-</defs>
-</svg>
diff --git a/docs/.vuepress/public/img/pomerium-icon-1.png b/docs/.vuepress/public/img/pomerium-icon-1.png
deleted file mode 100644
index ffdea40c5..000000000
Binary files a/docs/.vuepress/public/img/pomerium-icon-1.png and /dev/null differ
diff --git a/docs/.vuepress/styles/index.styl b/docs/.vuepress/styles/index.styl
deleted file mode 100644
index 45fa22a68..000000000
--- a/docs/.vuepress/styles/index.styl
+++ /dev/null
@@ -1,3 +0,0 @@
-hr {
-  border-top: 1px solid #000000;
-}
diff --git a/docs/.vuepress/styles/palette.styl b/docs/.vuepress/styles/palette.styl
deleted file mode 100644
index f462ce066..000000000
--- a/docs/.vuepress/styles/palette.styl
+++ /dev/null
@@ -1,127 +0,0 @@
-// colors
-$mainColor= #6F43E7
-$offColor = #49AAA1
-
-$sidebarColor=#FAFAFC
-$accentColor = #6F43E7
-$textColor =rgb(51, 51, 51)
-$headerColor=rgb(17, 17, 17)
-$borderColor = #e8e8fb
-$codeBgColor = #282c34
-$arrowBgColor = #ccc
-$section-color=#f7f7f7;
-$fontSize = 16px
-
-// navbar
-// $navbarHeight = 5.2rem
-$navbar-vertical-padding = 1.4rem;
-$navbar-horizontal-padding = 1.4rem;
-$navbar-background = #6F43E7;
-$navbar-text-color = #ffffff;
-
-$sidebarWidth = 16rem
-$contentWidth = 960px
-
-// // responsive breakpoints
-$MQNarrow = 959px
-$MQMobile = 719px
-$MQMobileNarrow = 419px
-
-.icon.outbound
-  display none !important
-
-.navbar
-  background-color: $navbar-background !important
-  border-bottom 1px solid $navbar-background !important
-  .logo
-    height $navbarHeight - 3.2rem
-    min-width $navbarHeight - 3.2rem
-    margin-right 0.8rem
-    vertical-align top
-  .links
-    background-color: $navbar-background !important
-    color: $navbar-text-color !important
-    padding-left 0rem
-  .site-name
-    display: none !important
-
-.nav-links
-  a
-    &:hover, &.router-link-active
-      color lighten($textColor, 8%) !important
-
-a.entRef-anchor
-  visibility: hidden
-  display: block
-  position: relative
-  top: -4.25rem
-
-.dropdown-wrapper
-  .dropdown-title
-    color $textColor !important
-  .nav-dropdown
-    .dropdown-item
-      color $textColor !important
-
-
-.newsletter
-  background-color $section-color
-  border-top 1px solid darken($section-color, 10%)
-  border-bottom 1px solid darken($section-color, 10%)
-
-  &__wrap
-    margin 1.5rem auto
-    padding 1.8rem 2.3rem
-    border-radius 3px
-    box-sizing border-box
-    max-width $contentWidth !important
-    background #f8f8f8
-  &__title
-    font-size 1.2rem
-
-  &__content
-    margin-top 1.5rem
-    margin-bottom 1.5rem
-    line-height 1.7rem
-
-@media (min-width: $MQMobile)
-  .nav-links a
-    &:hover, &.router-link-active
-      color lighten($navbar-text-color, 8%) !important
-  .nav-item > a:not(.external)
-    &:hover, &.router-link-active
-      margin-bottom -2px
-      border-bottom 2px solid lighten($navbar-text-color, 8%) !important
-  .dropdown-wrapper
-    .dropdown-title
-      color $navbar-text-color !important
-    .nav-dropdown
-      .dropdown-item
-          color $textColor !important
-  .newsletter
-    &__input
-      width 30% !important
-    &__button
-      width 15% !important
-@media (max-width: $MQMobile)
-  .navbar
-    .site-name
-      display: none !important
-  .features
-    padding: 36pt 0
-    .feature
-      .media
-        max-width: 80%
-      .content
-        max-width: 80%
-
-  .triples
-    .feature
-      padding: 36pt 0
-  .home
-    .hero
-      padding-bottom 0pt
-      .section
-        .content
-          padding: 0 50px;
-
diff --git a/docs/.vuepress/theme/components/Home.vue b/docs/.vuepress/theme/components/Home.vue
deleted file mode 100644
index b6813326a..000000000
--- a/docs/.vuepress/theme/components/Home.vue
+++ /dev/null
@@ -1,459 +0,0 @@
-<template>
-  <main class="home" aria-labelledby="main-title">
-    <header class="hero">
-      <div class="section">
-        <div class="content">
-          <h1 v-if="data.heroText !== null" id="main-title">
-            {{ data.heroText || $title || "Hello" }}
-          </h1>
-
-          <p class="description">
-            {{
-              data.tagline || $description || "Welcome to your VuePress site"
-            }}
-          </p>
-
-          <p class="action" v-if="data.actionText && data.actionLink">
-            <NavLink class="action-button" :item="actionLink" />
-          </p>
-        </div>
-
-        <video
-          v-if="data.heroImage"
-          class="media"
-          autoplay
-          loop
-          muted
-          playsinline
-        >
-          <source
-            v-if="data.heroImage"
-            :src="$withBase(data.heroImage)"
-            :alt="data.heroAlt"
-            type="video/mp4"
-          />
-          Your browser does not support the video tag.
-        </video>
-        <form
-          v-if="data.contactForm === true"
-          method="POST"
-          name="contact"
-          data-netlify="true"
-          netlify-honeypot="bot-field"
-        >
-          <input type="hidden" name="form-name" value="contact" />
-
-          <fieldset>
-            <label>
-              <span>Name</span>
-              <input name="name" class="field" required />
-            </label>
-            <label>
-              <span>Email</span>
-              <input name="email" type="email" class="field" required />
-            </label>
-            <label>
-              <span>Company</span>
-              <input name="company" class="field" />
-            </label>
-          </fieldset>
-          <button class="nav-link action-button" type="submit">
-            Get in touch
-          </button>
-        </form>
-      </div>
-    </header>
-    <SimpleNewsletter />
-
-    <div class v-if="data.features && data.features.length">
-      <div
-        class="features section"
-        v-for="(feature, index) in data.features"
-        :key="index"
-      >
-        <div class="feature">
-          <img class="media" :src="$withBase(feature.src)" />
-          <div class="content">
-            <h2>{{ feature.title }}</h2>
-            <p>{{ feature.text }}</p>
-          </div>
-        </div>
-      </div>
-    </div>
-    <!-- triples -->
-    <div class v-if="data.triples && data.triples.length">
-      <div class="triples">
-        <div class="feature">
-          <div
-            class="content"
-            v-for="(feature, index) in data.triples"
-            :key="index"
-          >
-            <img class="media" :src="$withBase(feature.src)" />
-            <h2>{{ feature.title }}</h2>
-            <p>{{ feature.text }}</p>
-          </div>
-        </div>
-      </div>
-    </div>
-    <Content class="theme-default-content custom" />
-    <div class v-if="data.footer">
-      <div class="footer">
-        <a href="https://www.netlify.com/">
-          <img
-            src="https://api.netlify.com/api/v1/badges/1853c996-a1f7-4545-b60c-612e8fca557c/deploy-status"
-            alt="Deploy status badge"
-          />
-        </a>
-      </div>
-    </div>
-  </main>
-</template>
-
-<script>
-import NavLink from "@parent-theme/components/NavLink.vue";
-
-export default {
-  components: { NavLink },
-
-  computed: {
-    data() {
-      return this.$page.frontmatter;
-    },
-
-    actionLink() {
-      return {
-        link: this.data.actionLink,
-        text: this.data.actionText,
-      };
-    },
-  },
-};
-</script>
-
-<style lang="stylus">
-.home {
-  padding: $navbarHeight 0 0;
-
-  .hero {
-    background-color: $accentColor;
-    padding-top: 96pt - $navbarHeight;
-    padding-bottom: 96pt;
-
-    .section {
-      padding: 0pt 0;
-      margin: 0 auto;
-      max-width: $contentWidth;
-      justify-content: space-between;
-      display: flex;
-      flex-wrap: wrap;
-      align-items: center;
-      flex-direction: row;
-
-      // flex-flow: column wrap;
-      .media {
-        padding: 0 20px;
-        flex: 1;
-        max-width: 45%;
-        align-items: center;
-      }
-
-      form {
-        background-color: $accentColor;
-        padding: 0 20px;
-        flex: 1;
-        max-width: 40%;
-
-        button {
-          display: block;
-          background: $offColor
-          color: $section-color;
-          box-shadow: 0 1px 3px darken($accentColor, 5%), 0 1px 1px rgba(0, 0, 0, 0.98);
-          border-radius: 6px;
-          border: 0;
-          width: 100%;
-          height: 40px;
-          outline: none;
-          cursor: pointer;
-          transition: all 0.15s ease;
-          font-size: 1.2rem;
-          font-weight: 450;
-
-          &:hover {
-            transform: translateY(-1px);
-          }
-        }
-
-        fieldset {
-          margin-bottom: 20px;
-          background: #fff;
-          box-shadow: 0 1px 2px 0 lighten($section-color, 35%), 0 2px 2px 0 lighten($section-color, 35%);
-          border-radius: 4px;
-          border: none;
-
-          label {
-            position: relative;
-            display: flex;
-            flex-direction: row;
-            height: 42px;
-            padding: 8px 0;
-            align-items: center;
-            justify-content: center;
-
-            &:not(:last-child) {
-              border-bottom: 1px solid #f0f5fa;
-            }
-
-            span {
-              color: lighten($textColor, 25%);
-              font-weight: 450;
-              min-width: 60px;
-              padding: 0 15px;
-              text-align: right;
-              font-size: 0.9rem;
-            }
-          }
-
-          .field {
-            flex: 1;
-            padding: 0 15px;
-            background: transparent;
-            color: $textColor;
-            outline: none;
-            cursor: text;
-            font-size: 0.95rem;
-          }
-
-          input {
-            flex: 1;
-            border-style: none;
-            outline: none;
-            color: #313b3f;
-          }
-        }
-      }
-
-      .content {
-        flex: 1;
-        padding: 0 20px;
-
-        h1 {
-          text-align: left;
-          margin-left: auto;
-          margin-right: auto;
-          font-size: 3.2rem;
-          font-weight: 600;
-          border-bottom: none;
-          padding-bottom: 0;
-          color: #ffffff;
-        }
-
-        .description {
-          text-align: left;
-          margin-left: auto;
-          margin-right: auto;
-          font-weight: 300;
-          color: #ffffff;
-          font-size: 1.5rem;
-          line-height: 1.3;
-        }
-
-        .action-button {
-          display: inline-block;
-          font-size: 1.2rem;
-          color: #fff;
-          background-color: $accentColor;
-          padding: 0.8rem 1.6rem;
-          border-radius: 4px;
-          transition: background-color 0.1s ease;
-          box-sizing: border-box;
-          border-bottom: 1px solid darken($accentColor, 10%);
-
-          &:hover {
-            background-color: lighten($accentColor, 10%);
-          }
-        }
-      }
-    }
-  }
-}
-
-.triples {
-  display: flex;
-  flex-wrap: wrap;
-  margin: 0 auto;
-  padding: 32pt 0;
-  background-color: $section-color;
-
-  .feature {
-    padding: 92pt 0;
-    margin: 0 auto;
-    max-width: $contentWidth;
-    display: flex;
-    justify-content: space-between;
-
-    // flex-wrap: wrap;
-    .content {
-      display: flex;
-      flex-direction: column;
-      align-items: center;
-      max-width: 100%;
-      padding-left: 15px;
-
-      .media {
-        max-height: 150px;
-      }
-
-      h2 {
-        padding: 10pt 0;
-        display: flex;
-        font-weight: 500;
-        border-bottom: none;
-        padding-bottom: 0;
-        color: $headerColor;
-      }
-
-      p {
-        text-align: left;
-        margin-left: auto;
-        margin-right: auto;
-        font-weight: 400;
-        color: $textColor;
-      }
-    }
-  }
-}
-
-.features {
-  background-color: #ffffff;
-  padding: 72pt 0;
-  display: flex;
-  flex-wrap: wrap;
-  margin: 0 auto;
-
-  &:nth-child(even) {
-    background-color: $section-color;
-    border-top: 1px solid darken($section-color, 10%);
-    border-bottom: 1px solid darken($section-color, 10%);
-
-    .feature {
-      .media {
-        order: 1;
-      }
-
-      .content {
-        order: 2;
-      }
-    }
-  }
-
-  .feature {
-    padding: 0pt 0;
-    margin: 0 auto;
-    max-width: $contentWidth;
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    flex-direction: row;
-    flex-wrap: wrap;
-
-    .media {
-      padding: 0 20px;
-      max-height: 400px;
-      max-width: 45%;
-      flex: 1;
-      order: 2;
-    }
-
-    .content {
-      padding: 0 10px;
-      max-width: 55%;
-      order: 1;
-      flex: 1;
-
-      h2 {
-        font-size: 2.4rem;
-        font-weight: 600;
-        border-bottom: none;
-        padding-bottom: 0;
-        color: $headerColor;
-      }
-
-      p {
-        font-size: 1.2rem;
-        text-align: left;
-        margin-left: auto;
-        margin-right: auto;
-        font-weight: 400;
-        color: $textColor;
-      }
-    }
-  }
-}
-.footer {
-    padding: 0.75rem;
-    border-top: 1px solid $borderColor;
-    text-align: center;
-  }
-
-@media (max-width: $MQMobile) {
-  .home {
-    .feature {
-      flex-direction: column;
-    }
-
-    .hero {
-      padding-top: 20pt;
-
-      .section {
-        flex-direction: column;
-
-        .media {
-          max-width: 90%;
-        }
-      }
-    }
-  }
-}
-
-@media (max-width: $MQMobileNarrow) {
-  .home {
-    // padding-left: 0.5rem;
-    // padding-right: 0.5rem;
-    .hero {
-      padding-top: 20pt;
-
-      .section {
-        flex-direction: column;
-
-        .media {
-          max-width: 90%;
-        }
-      }
-
-      h1 {
-        font-size: 2rem;
-      }
-
-      h1, .description, .action {
-        margin: 1.2rem auto;
-      }
-
-      .description {
-        font-size: 1.2rem;
-      }
-
-      .action-button {
-        font-size: 1rem;
-        padding: 0.6rem 1.2rem;
-      }
-    }
-
-    .feature {
-      h2 {
-        font-size: 1.25rem;
-      }
-    }
-  }
-}
-</style>
diff --git a/docs/.vuepress/theme/components/PageEdit.vue b/docs/.vuepress/theme/components/PageEdit.vue
deleted file mode 100644
index 429f49c9c..000000000
--- a/docs/.vuepress/theme/components/PageEdit.vue
+++ /dev/null
@@ -1,166 +0,0 @@
-<template>
-  <footer class="page-edit">
-    <div
-      v-if="editLink"
-      class="edit-link"
-    >
-      <a
-        :href="editLink"
-        target="_blank"
-        rel="noopener noreferrer"
-      >{{ editLinkText }}</a>
-      <OutboundLink />
-    </div>
-
-    <div
-      v-if="lastUpdated"
-      class="last-updated"
-    >
-      <span class="prefix">{{ lastUpdatedText }}:</span>
-      <span class="time">{{ lastUpdated }}</span>
-    </div>
-    <br/>
-    <br/>
-    <hr/>
-    <div class="license">
-    Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. Pomerium is a registered trademark.
-    </div>
-  </footer>
-</template>
-
-<script>
-import isNil from 'lodash/isNil'
-import { endingSlashRE, outboundRE } from '../util'
-
-export default {
-  name: 'PageEdit',
-
-  computed: {
-    lastUpdated () {
-      return this.$page.lastUpdated
-    },
-
-    lastUpdatedText () {
-      if (typeof this.$themeLocaleConfig.lastUpdated === 'string') {
-        return this.$themeLocaleConfig.lastUpdated
-      }
-      if (typeof this.$site.themeConfig.lastUpdated === 'string') {
-        return this.$site.themeConfig.lastUpdated
-      }
-      return 'Last Updated'
-    },
-
-    editLink () {
-      const showEditLink = isNil(this.$page.frontmatter.editLink)
-        ? this.$site.themeConfig.editLinks
-        : this.$page.frontmatter.editLink
-
-      const {
-        repo,
-        docsDir = '',
-        docsBranch = 'main',
-        docsRepo = repo
-      } = this.$site.themeConfig
-
-      if (showEditLink && docsRepo && this.$page.relativePath) {
-        return this.createEditLink(
-          repo,
-          docsRepo,
-          docsDir,
-          docsBranch,
-          this.$page.relativePath
-        )
-      }
-      return null
-    },
-
-    editLinkText () {
-      return (
-        this.$themeLocaleConfig.editLinkText
-        || this.$site.themeConfig.editLinkText
-        || `Edit this page`
-      )
-    }
-  },
-
-  methods: {
-    createEditLink (repo, docsRepo, docsDir, docsBranch, path) {
-      const bitbucket = /bitbucket.org/
-      if (bitbucket.test(docsRepo)) {
-        const base = docsRepo
-        return (
-          base.replace(endingSlashRE, '')
-          + `/src`
-          + `/${docsBranch}/`
-          + (docsDir ? docsDir.replace(endingSlashRE, '') + '/' : '')
-          + path
-          + `?mode=edit&spa=0&at=${docsBranch}&fileviewer=file-view-default`
-        )
-      }
-
-      const gitlab = /gitlab.com/
-      if (gitlab.test(docsRepo)) {
-        const base = docsRepo
-        return (
-          base.replace(endingSlashRE, '')
-          + `/-/edit`
-          + `/${docsBranch}/`
-          + (docsDir ? docsDir.replace(endingSlashRE, '') + '/' : '')
-          + path
-        )
-      }
-
-      const base = outboundRE.test(docsRepo)
-        ? docsRepo
-        : `https://github.com/${docsRepo}`
-      return (
-        base.replace(endingSlashRE, '')
-        + '/edit'
-        + `/${docsBranch}/`
-        + (docsDir ? docsDir.replace(endingSlashRE, '') + '/' : '')
-        + path
-      )
-    }
-  }
-}
-</script>
-
-<style lang="stylus">
-@require '../styles/wrapper.styl'
-
-.license
-  @extend $wrapper
-  font-weight 400
-  color #767676
-
-.page-edit
-  @extend $wrapper
-  padding-top 1rem
-  padding-bottom 1rem
-  overflow auto
-
-  .edit-link
-    display inline-block
-    a
-      color lighten($textColor, 25%)
-      margin-right 0.25rem
-  .last-updated
-    float right
-    font-size 0.9em
-    .prefix
-      font-weight 500
-      color lighten($textColor, 25%)
-    .time
-      font-weight 400
-      color #767676
-
-@media (max-width: $MQMobile)
-  .page-edit
-    .edit-link
-      margin-bottom 0.5rem
-    .last-updated
-      font-size 0.8em
-      float none
-      text-align left
-
-</style>
\ No newline at end of file
diff --git a/docs/.vuepress/theme/index.js b/docs/.vuepress/theme/index.js
deleted file mode 100644
index 0fe3d63fe..000000000
--- a/docs/.vuepress/theme/index.js
+++ /dev/null
@@ -1,3 +0,0 @@
-module.exports = {
-  extend: "@vuepress/theme-default",
-};
diff --git a/docs/.vuepress/theme/layouts/Draft.vue b/docs/.vuepress/theme/layouts/Draft.vue
deleted file mode 100644
index 4a69fec24..000000000
--- a/docs/.vuepress/theme/layouts/Draft.vue
+++ /dev/null
@@ -1,14 +0,0 @@
-<template>
-  <ParentLayout />
-</template>
-
-<script>
-import ParentLayout from "@parent-theme/layouts/404.vue";
-
-export default {
-  name: "Draft",
-  components: {
-    ParentLayout,
-  },
-};
-</script>
diff --git a/docs/.vuepress/theme/layouts/IndexPost.vue b/docs/.vuepress/theme/layouts/IndexPost.vue
deleted file mode 100644
index 20d8f47b8..000000000
--- a/docs/.vuepress/theme/layouts/IndexPost.vue
+++ /dev/null
@@ -1,19 +0,0 @@
-<template>
-  <div>
-    <ul id="default-layout">
-      <li v-for="page in $pagination.pages">
-        <router-link class="page-link" :to="page.path">{{
-          page.title
-        }}</router-link>
-      </li>
-    </ul>
-    <div id="pagination">
-      <router-link v-if="$pagination.hasPrev" :to="$pagination.prevLink"
-        >Prev</router-link
-      >
-      <router-link v-if="$pagination.hasNext" :to="$pagination.nextLink"
-        >Next</router-link
-      >
-    </div>
-  </div>
-</template>
diff --git a/docs/.vuepress/theme/layouts/Layout.vue b/docs/.vuepress/theme/layouts/Layout.vue
deleted file mode 100644
index 12af2c5db..000000000
--- a/docs/.vuepress/theme/layouts/Layout.vue
+++ /dev/null
@@ -1,120 +0,0 @@
-<template>
-  <div
-    class="theme-container"
-    :class="pageClasses"
-    @touchstart="onTouchStart"
-    @touchend="onTouchEnd"
-  >
-    <Navbar v-if="shouldShowNavbar" @toggle-sidebar="toggleSidebar" />
-
-    <div class="sidebar-mask" @click="toggleSidebar(false)"></div>
-
-    <Sidebar :items="sidebarItems" @toggle-sidebar="toggleSidebar">
-      <slot name="sidebar-top" slot="top" />
-      <slot name="sidebar-bottom" slot="bottom" />
-    </Sidebar>
-
-    <Home v-if="$page.frontmatter.home" />
-    <Page v-else :sidebar-items="sidebarItems">
-      <slot name="page-top" slot="top" />
-      <slot name="page-bottom" slot="bottom" />
-    </Page>
-  </div>
-</template>
-
-<script>
-import Home from "@theme/components/Home.vue";
-import Navbar from "@parent-theme/components/Navbar.vue";
-import Page from "@parent-theme/components/Page.vue";
-import Sidebar from "@parent-theme/components/Sidebar.vue";
-import { resolveSidebarItems } from "../util";
-
-export default {
-  components: { Home, Page, Sidebar, Navbar },
-
-  data() {
-    return {
-      isSidebarOpen: false,
-    };
-  },
-
-  computed: {
-    shouldShowNavbar() {
-      const { themeConfig } = this.$site;
-      const { frontmatter } = this.$page;
-      if (frontmatter.navbar === false || themeConfig.navbar === false) {
-        return false;
-      }
-      return (
-        this.$title ||
-        themeConfig.logo ||
-        themeConfig.repo ||
-        themeConfig.nav ||
-        this.$themeLocaleConfig.nav
-      );
-    },
-
-    shouldShowSidebar() {
-      const { frontmatter } = this.$page;
-      return (
-        !frontmatter.home &&
-        frontmatter.sidebar !== false &&
-        this.sidebarItems.length
-      );
-    },
-
-    sidebarItems() {
-      return resolveSidebarItems(
-        this.$page,
-        this.$page.regularPath,
-        this.$site,
-        this.$localePath
-      );
-    },
-
-    pageClasses() {
-      const userPageClass = this.$page.frontmatter.pageClass;
-      return [
-        {
-          "no-navbar": !this.shouldShowNavbar,
-          "sidebar-open": this.isSidebarOpen,
-          "no-sidebar": !this.shouldShowSidebar,
-        },
-        userPageClass,
-      ];
-    },
-  },
-
-  mounted() {
-    this.$router.afterEach(() => {
-      this.isSidebarOpen = false;
-    });
-  },
-
-  methods: {
-    toggleSidebar(to) {
-      this.isSidebarOpen = typeof to === "boolean" ? to : !this.isSidebarOpen;
-    },
-
-    // side swipe
-    onTouchStart(e) {
-      this.touchStart = {
-        x: e.changedTouches[0].clientX,
-        y: e.changedTouches[0].clientY,
-      };
-    },
-
-    onTouchEnd(e) {
-      const dx = e.changedTouches[0].clientX - this.touchStart.x;
-      const dy = e.changedTouches[0].clientY - this.touchStart.y;
-      if (Math.abs(dx) > Math.abs(dy) && Math.abs(dx) > 40) {
-        if (dx > 0 && this.touchStart.x <= 80) {
-          this.toggleSidebar(true);
-        } else {
-          this.toggleSidebar(false);
-        }
-      }
-    },
-  },
-};
-</script>
diff --git a/docs/.vuepress/theme/styles/wrapper.styl b/docs/.vuepress/theme/styles/wrapper.styl
deleted file mode 100644
index c560eb710..000000000
--- a/docs/.vuepress/theme/styles/wrapper.styl
+++ /dev/null
@@ -1,8 +0,0 @@
-$wrapper
-  max-width $contentWidth
-  margin 0 auto
-  padding 2rem 2.5rem
-  @media (max-width: $MQNarrow)
-    padding 2rem
-  @media (max-width: $MQMobileNarrow)
-    padding 1.5rem
diff --git a/docs/.vuepress/theme/util/index.js b/docs/.vuepress/theme/util/index.js
deleted file mode 100644
index 23e78f83c..000000000
--- a/docs/.vuepress/theme/util/index.js
+++ /dev/null
@@ -1,240 +0,0 @@
-export const hashRE = /#.*$/
-export const extRE = /\.(md|html)$/
-export const endingSlashRE = /\/$/
-export const outboundRE = /^[a-z]+:/i
-
-export function normalize (path) {
-  return decodeURI(path)
-    .replace(hashRE, '')
-    .replace(extRE, '')
-}
-
-export function getHash (path) {
-  const match = path.match(hashRE)
-  if (match) {
-    return match[0]
-  }
-}
-
-export function isExternal (path) {
-  return outboundRE.test(path)
-}
-
-export function isMailto (path) {
-  return /^mailto:/.test(path)
-}
-
-export function isTel (path) {
-  return /^tel:/.test(path)
-}
-
-export function ensureExt (path) {
-  if (isExternal(path)) {
-    return path
-  }
-  const hashMatch = path.match(hashRE)
-  const hash = hashMatch ? hashMatch[0] : ''
-  const normalized = normalize(path)
-
-  if (endingSlashRE.test(normalized)) {
-    return path
-  }
-  return normalized + '.html' + hash
-}
-
-export function isActive (route, path) {
-  const routeHash = decodeURIComponent(route.hash)
-  const linkHash = getHash(path)
-  if (linkHash && routeHash !== linkHash) {
-    return false
-  }
-  const routePath = normalize(route.path)
-  const pagePath = normalize(path)
-  return routePath === pagePath
-}
-
-export function resolvePage (pages, rawPath, base) {
-  if (isExternal(rawPath)) {
-    return {
-      type: 'external',
-      path: rawPath
-    }
-  }
-  if (base) {
-    rawPath = resolvePath(rawPath, base)
-  }
-  const path = normalize(rawPath)
-  for (let i = 0; i < pages.length; i++) {
-    if (normalize(pages[i].regularPath) === path) {
-      return Object.assign({}, pages[i], {
-        type: 'page',
-        path: ensureExt(pages[i].path)
-      })
-    }
-  }
-  console.error(`[vuepress] No matching page found for sidebar item "${rawPath}"`)
-  return {}
-}
-
-function resolvePath (relative, base, append) {
-  const firstChar = relative.charAt(0)
-  if (firstChar === '/') {
-    return relative
-  }
-
-  if (firstChar === '?' || firstChar === '#') {
-    return base + relative
-  }
-
-  const stack = base.split('/')
-
-  // remove trailing segment if:
-  // - not appending
-  // - appending to trailing slash (last segment is empty)
-  if (!append || !stack[stack.length - 1]) {
-    stack.pop()
-  }
-
-  // resolve relative path
-  const segments = relative.replace(/^\//, '').split('/')
-  for (let i = 0; i < segments.length; i++) {
-    const segment = segments[i]
-    if (segment === '..') {
-      stack.pop()
-    } else if (segment !== '.') {
-      stack.push(segment)
-    }
-  }
-
-  // ensure leading slash
-  if (stack[0] !== '') {
-    stack.unshift('')
-  }
-
-  return stack.join('/')
-}
-
-/**
- * @param { Page } page
- * @param { string } regularPath
- * @param { SiteData } site
- * @param { string } localePath
- * @returns { SidebarGroup }
- */
-export function resolveSidebarItems (page, regularPath, site, localePath) {
-  const { pages, themeConfig } = site
-
-  const localeConfig = localePath && themeConfig.locales
-    ? themeConfig.locales[localePath] || themeConfig
-    : themeConfig
-
-  const pageSidebarConfig = page.frontmatter.sidebar || localeConfig.sidebar || themeConfig.sidebar
-  if (pageSidebarConfig === 'auto') {
-    return resolveHeaders(page)
-  }
-
-  const sidebarConfig = localeConfig.sidebar || themeConfig.sidebar
-  if (!sidebarConfig) {
-    return []
-  } else {
-    const { base, config } = resolveMatchingConfig(regularPath, sidebarConfig)
-    return config
-      ? config.map(item => resolveItem(item, pages, base))
-      : []
-  }
-}
-
-/**
- * @param { Page } page
- * @returns { SidebarGroup }
- */
-function resolveHeaders (page) {
-  const headers = groupHeaders(page.headers || [])
-  return [{
-    type: 'group',
-    collapsable: false,
-    title: page.title,
-    path: null,
-    children: headers.map(h => ({
-      type: 'auto',
-      title: h.title,
-      basePath: page.path,
-      path: page.path + '#' + h.slug,
-      children: h.children || []
-    }))
-  }]
-}
-
-export function groupHeaders (headers) {
-  // group h3s under h2
-  headers = headers.map(h => Object.assign({}, h))
-  let lastH2
-  headers.forEach(h => {
-    if (h.level === 2) {
-      lastH2 = h
-    } else if (lastH2) {
-      (lastH2.children || (lastH2.children = [])).push(h)
-    }
-  })
-  return headers.filter(h => h.level === 2)
-}
-
-export function resolveNavLinkItem (linkItem) {
-  return Object.assign(linkItem, {
-    type: linkItem.items && linkItem.items.length ? 'links' : 'link'
-  })
-}
-
-/**
- * @param { Route } route
- * @param { Array<string|string[]> | Array<SidebarGroup> | [link: string]: SidebarConfig } config
- * @returns { base: string, config: SidebarConfig }
- */
-export function resolveMatchingConfig (regularPath, config) {
-  if (Array.isArray(config)) {
-    return {
-      base: '/',
-      config: config
-    }
-  }
-  for (const base in config) {
-    if (ensureEndingSlash(regularPath).indexOf(encodeURI(base)) === 0) {
-      return {
-        base,
-        config: config[base]
-      }
-    }
-  }
-  return {}
-}
-
-function ensureEndingSlash (path) {
-  return /(\.html|\/)$/.test(path)
-    ? path
-    : path + '/'
-}
-
-function resolveItem (item, pages, base, groupDepth = 1) {
-  if (typeof item === 'string') {
-    return resolvePage(pages, item, base)
-  } else if (Array.isArray(item)) {
-    return Object.assign(resolvePage(pages, item[0], base), {
-      title: item[1]
-    })
-  } else {
-    const children = item.children || []
-    if (children.length === 0 && item.path) {
-      return Object.assign(resolvePage(pages, item.path, base), {
-        title: item.title
-      })
-    }
-    return {
-      type: 'group',
-      path: item.path,
-      title: item.title,
-      sidebarDepth: item.sidebarDepth,
-      children: children.map(child => resolveItem(child, pages, base, groupDepth + 1)),
-      collapsable: item.collapsable !== false
-    }
-  }
-}
diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md
deleted file mode 100644
index 221965966..000000000
--- a/docs/docs/CHANGELOG.md
+++ /dev/null
@@ -1,4105 +0,0 @@
-# Changelog
-
-## [v0.17.2](https://github.com/pomerium/pomerium/tree/v0.17.2) (2022-04-22)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.17.1...v0.17.2)
-
-## Fixed
-
-- authorize: pass idp id for webauthn url, allow unauthenticated access to static files [\#3284] (@calebdoxsey)
-- config: fix DefaultTransport so it is still a \*http.Transport [\#3260] (@calebdoxsey)
-
-## Dependency
-
-- chore\(deps\): bump actions/setup-python from 3.1.0 to 3.1.2 [\#3266]
-
-## Docs
-
-- Add UUID to docs yaml blocks \(\#3251\) [\#3259] (@alexfornuto)
-
-## [v0.17.1](https://github.com/pomerium/pomerium/tree/v0.17.1) (2022-03-30)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.17.0...v0.17.1)
-
-# Security Notice
-
-This release includes a fix to a medium severity [security issue](https://github.com/pomerium/pomerium/security/advisories/GHSA-q98f-2x4p-prjr).
-
-We recommend that all users upgrade.
-
-## Security
-
-- authenticate: fix debug and metrics endpoints [\#3215](https://github.com/pomerium/pomerium/pull/3215) (@backport-actions-token[bot])
-
-## Fixed
-
-- authenticate: fix internal url with webauthn [\#3195](https://github.com/pomerium/pomerium/pull/3195) (@backport-actions-token[bot])
-- github: fix missing groups [\#3176](https://github.com/pomerium/pomerium/pull/3176) (@backport-actions-token[bot])
-
-## [v0.17.0](https://github.com/pomerium/pomerium/tree/v0.17.0) (2022-03-04)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.16.4...v0.17.0)
-
-## New
-
-- adds pomerium version to the user info endpoint [\#3093](https://github.com/pomerium/pomerium/pull/3093) (@nhayfield)
-- grpc: remove ptypes references [\#3078](https://github.com/pomerium/pomerium/pull/3078) (@calebdoxsey)
-- userinfo: add webauthn buttons to user info page [\#3075](https://github.com/pomerium/pomerium/pull/3075) (@calebdoxsey)
-- Style update for User Info Endpoint [\#3055](https://github.com/pomerium/pomerium/pull/3055) (@nhayfield)
-- session: remove unused session state properties [\#3022](https://github.com/pomerium/pomerium/pull/3022) (@calebdoxsey)
-- frontend: react+mui [\#3004](https://github.com/pomerium/pomerium/pull/3004) (@calebdoxsey)
-- controlplane: add compression middleware [\#3000](https://github.com/pomerium/pomerium/pull/3000) (@calebdoxsey)
-- authenticate: fix expiring user info endpoint [\#2976](https://github.com/pomerium/pomerium/pull/2976) (@calebdoxsey)
-- last known metric error [\#2974](https://github.com/pomerium/pomerium/pull/2974) (@wasaga)
-- directory: save IDP errors to databroker, put event handling in dedicated package [\#2957](https://github.com/pomerium/pomerium/pull/2957) (@calebdoxsey)
-- google: support groups for users outside of the organization [\#2950](https://github.com/pomerium/pomerium/pull/2950) (@calebdoxsey)
-- return explicit error when directory sync is disabled [\#2949](https://github.com/pomerium/pomerium/pull/2949) (@wasaga)
-- authenticate: add device-enrolled page [\#2892](https://github.com/pomerium/pomerium/pull/2892) (@calebdoxsey)
-- remove deprecated ioutil usages [\#2877](https://github.com/pomerium/pomerium/pull/2877) (@cfanbo)
-
-## Fixed
-
-- databroker: use contextual logging for errors, use original record type for encryption [\#3096](https://github.com/pomerium/pomerium/pull/3096) (@calebdoxsey)
-- fix link for picture in avatar [\#3066](https://github.com/pomerium/pomerium/pull/3066) (@nhayfield)
-- userinfo: fix logout button, add sign out confirm page [\#3058](https://github.com/pomerium/pomerium/pull/3058) (@calebdoxsey)
-- config: fix httptest local certificate [\#3056](https://github.com/pomerium/pomerium/pull/3056) (@calebdoxsey)
-- proxy: fix error page [\#3020](https://github.com/pomerium/pomerium/pull/3020) (@calebdoxsey)
-- deployment: only include pomerium binary [\#3007](https://github.com/pomerium/pomerium/pull/3007) (@travisgroth)
-- auth0: support explicit domains in the service account [\#2996](https://github.com/pomerium/pomerium/pull/2996) (@backport-actions-token[bot])
-- auth0: support explicit domains in the service account [\#2980](https://github.com/pomerium/pomerium/pull/2980) (@calebdoxsey)
-- config: fix TLS config when address and grpc\_address are the same [\#2975](https://github.com/pomerium/pomerium/pull/2975) (@calebdoxsey)
-- deployment: enable goreleaser buildx [\#2968](https://github.com/pomerium/pomerium/pull/2968) (@travisgroth)
-- config: fix policy matching for regular expressions [\#2966](https://github.com/pomerium/pomerium/pull/2966) (@calebdoxsey)
-- fix: frontend html tag mismatch [\#2954](https://github.com/pomerium/pomerium/pull/2954) (@cfanbo)
-- devices: shrink credentials by removing unnecessary data [\#2951](https://github.com/pomerium/pomerium/pull/2951) (@calebdoxsey)
-- Remove spurious \</ul\> tags [\#2946](https://github.com/pomerium/pomerium/pull/2946) (@sylr)
-- authenticate: support webauthn redirects to non-pomerium domains [\#2936](https://github.com/pomerium/pomerium/pull/2936) (@calebdoxsey)
-- webauthn: use absolute URL for delete redirect [\#2935](https://github.com/pomerium/pomerium/pull/2935) (@calebdoxsey)
-- authenticate: add callback endpoint [\#2931](https://github.com/pomerium/pomerium/pull/2931) (@calebdoxsey)
-- devices: treat undefined device types as any [\#2927](https://github.com/pomerium/pomerium/pull/2927) (@calebdoxsey)
-- deployment: fix distroless base arch [\#2925](https://github.com/pomerium/pomerium/pull/2925) (@travisgroth)
-- handle device states in deny block, fix default device type [\#2919](https://github.com/pomerium/pomerium/pull/2919) (@calebdoxsey)
-- envoy: check certificates for must-staple flag and drop them if they are missing the response [\#2909](https://github.com/pomerium/pomerium/pull/2909) (@calebdoxsey)
-- integration: fix default port for verify service [\#2895](https://github.com/pomerium/pomerium/pull/2895) (@calebdoxsey)
-
-## Dependency
-
-- chore\(deps\): bump actions/setup-node from 2 to 3 [\#3089](https://github.com/pomerium/pomerium/pull/3089) (@dependabot[bot])
-- chore\(deps\): bump actions/setup-python from 2 to 3 [\#3088](https://github.com/pomerium/pomerium/pull/3088) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.20.2 to 4.21.1 [\#3087](https://github.com/pomerium/pomerium/pull/3087) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.69.0 to 0.70.0 [\#3086](https://github.com/pomerium/pomerium/pull/3086) (@dependabot[bot])
-- chore\(deps\): bump url-parse from 1.5.7 to 1.5.10 [\#3085](https://github.com/pomerium/pomerium/pull/3085) (@dependabot[bot])
-- chore\(deps\): bump prismjs from 1.26.0 to 1.27.0 [\#3084](https://github.com/pomerium/pomerium/pull/3084) (@dependabot[bot])
-- deps: bump envoy to v1.20.2 [\#3082](https://github.com/pomerium/pomerium/pull/3082) (@travisgroth)
-- chore\(deps\): bump mikefarah/yq from 4.20.1 to 4.20.2 [\#3072](https://github.com/pomerium/pomerium/pull/3072) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.68.0 to 0.69.0 [\#3071](https://github.com/pomerium/pomerium/pull/3071) (@dependabot[bot])
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.44.0 to 1.44.2 [\#3070](https://github.com/pomerium/pomerium/pull/3070) (@dependabot[bot])
-- chore\(deps\): bump url-parse from 1.5.1 to 1.5.7 [\#3068](https://github.com/pomerium/pomerium/pull/3068) (@dependabot[bot])
-- chore\(deps\): bump github.com/gorilla/websocket from 1.4.2 to 1.5.0 [\#3052](https://github.com/pomerium/pomerium/pull/3052) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.18.1 to 4.20.1 [\#3051](https://github.com/pomerium/pomerium/pull/3051) (@dependabot[bot])
-- chore\(deps\): bump follow-redirects from 1.14.7 to 1.14.8 [\#3043](https://github.com/pomerium/pomerium/pull/3043) (@dependabot[bot])
-- chore\(deps\): bump go.uber.org/zap from 1.20.0 to 1.21.0 [\#3041](https://github.com/pomerium/pomerium/pull/3041) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.37.1 to 0.37.2 [\#3040](https://github.com/pomerium/pomerium/pull/3040) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.66.0 to 0.68.0 [\#3033](https://github.com/pomerium/pomerium/pull/3033) (@dependabot[bot])
-- deps: increase yarn network timeout [\#3018](https://github.com/pomerium/pomerium/pull/3018) (@travisgroth)
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.15.2 to 0.15.3 [\#3014](https://github.com/pomerium/pomerium/pull/3014) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.1 [\#3013](https://github.com/pomerium/pomerium/pull/3013) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.1 [\#3012](https://github.com/pomerium/pomerium/pull/3012) (@dependabot[bot])
-- chore\(deps\): bump github.com/mholt/acmez from 1.0.1 to 1.0.2 [\#3011](https://github.com/pomerium/pomerium/pull/3011) (@dependabot[bot])
-- chore\(deps\): bump mermaid from 8.12.1 to 8.13.10 [\#3010](https://github.com/pomerium/pomerium/pull/3010) (@dependabot[bot])
-- chore\(deps\): bump follow-redirects from 1.14.1 to 1.14.7 [\#3009](https://github.com/pomerium/pomerium/pull/3009) (@dependabot[bot])
-- chore\(deps\): bump prismjs from 1.24.1 to 1.26.0 [\#3008](https://github.com/pomerium/pomerium/pull/3008) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.17.2 to 4.18.1 [\#2989](https://github.com/pomerium/pomerium/pull/2989) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.43.0 to 1.44.0 [\#2988](https://github.com/pomerium/pomerium/pull/2988) (@dependabot[bot])
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.43.0 to 1.44.0 [\#2987](https://github.com/pomerium/pomerium/pull/2987) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.65.0 to 0.66.0 [\#2986](https://github.com/pomerium/pomerium/pull/2986) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/client\_golang from 1.12.0 to 1.12.1 [\#2985](https://github.com/pomerium/pomerium/pull/2985) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.16.2 to 4.17.2 [\#2963](https://github.com/pomerium/pomerium/pull/2963) (@dependabot[bot])
-- chore\(deps\): bump github.com/google/go-cmp from 0.5.6 to 0.5.7 [\#2962](https://github.com/pomerium/pomerium/pull/2962) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/client\_golang from 1.11.0 to 1.12.0 [\#2961](https://github.com/pomerium/pomerium/pull/2961) (@dependabot[bot])
-- chore\(deps\): bump github.com/openzipkin/zipkin-go from 0.3.0 to 0.4.0 [\#2942](https://github.com/pomerium/pomerium/pull/2942) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.64.0 to 0.65.0 [\#2941](https://github.com/pomerium/pomerium/pull/2941) (@dependabot[bot])
-- chore\(deps\): bump github.com/envoyproxy/protoc-gen-validate from 0.6.2 to 0.6.3 [\#2940](https://github.com/pomerium/pomerium/pull/2940) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.36.0 to 0.36.1 [\#2939](https://github.com/pomerium/pomerium/pull/2939) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.63.0 to 0.64.0 [\#2913](https://github.com/pomerium/pomerium/pull/2913) (@dependabot[bot])
-- chore\(deps\): bump go.uber.org/zap from 1.19.1 to 1.20.0 [\#2912](https://github.com/pomerium/pomerium/pull/2912) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0 [\#2911](https://github.com/pomerium/pomerium/pull/2911) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-chi/chi from 1.5.4 to 4.1.2+incompatible [\#2910](https://github.com/pomerium/pomerium/pull/2910) (@dependabot[bot])
-- envoy: upgrade to 1.20.1 [\#2902](https://github.com/pomerium/pomerium/pull/2902) (@calebdoxsey)
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.11 to 3.21.12 [\#2886](https://github.com/pomerium/pomerium/pull/2886) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/cors from 1.8.0 to 1.8.2 [\#2855](https://github.com/pomerium/pomerium/pull/2855) (@dependabot[bot])
-- chore\(deps\): bump github.com/google/go-jsonnet from 0.17.0 to 0.18.0 [\#2854](https://github.com/pomerium/pomerium/pull/2854) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.16.1 to 4.16.2 [\#2853](https://github.com/pomerium/pomerium/pull/2853) (@dependabot[bot])
-
-## Deployment
-
-- deployment: remove DST cert workaround from debug image [\#2958](https://github.com/pomerium/pomerium/pull/2958) (@travisgroth)
-- deployment: multi-arch master images [\#2896](https://github.com/pomerium/pomerium/pull/2896) (@travisgroth)
-
-## Changed
-
-- config: add idp\_client\_id and idp\_client\_secret to protobuf [\#3060](https://github.com/pomerium/pomerium/pull/3060) (@calebdoxsey)
-- Extract email for active directory users that don't have access to exchange [\#3053](https://github.com/pomerium/pomerium/pull/3053) (@JBodkin-Amphora)
-- disable blank github issues [\#2898](https://github.com/pomerium/pomerium/pull/2898) (@travisgroth)
-
-## [v0.16.4](https://github.com/pomerium/pomerium/tree/v0.16.4) (2022-02-25)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.16.3...v0.16.4)
-
-## Dependency
-
-- deps: update envoy to v1.19.3 [\#3083](https://github.com/pomerium/pomerium/pull/3083) (@travisgroth)
-
-## [v0.16.3](https://github.com/pomerium/pomerium/tree/v0.16.3) (2022-02-11)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.16.2...v0.16.3)
-
-## Fixed
-
-- deployment: only include pomerium binary [\#3007](https://github.com/pomerium/pomerium/pull/3007) (@travisgroth)
-- auth0: support explicit domains in the service account [\#2996](https://github.com/pomerium/pomerium/pull/2996) (@backport-actions-token[bot])
-
-## [v0.16.2](https://github.com/pomerium/pomerium/tree/v0.16.2) (2022-01-25)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.16.1...v0.16.2)
-
-## Fixed
-
-- config: fix policy matching for regular expressions [\#2969](https://github.com/pomerium/pomerium/pull/2969) (@backport-actions-token[bot])
-
-## [v0.16.1](https://github.com/pomerium/pomerium/tree/v0.16.1) (2022-01-19)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.16.0...v0.16.1)
-
-## Fixed
-
-- webauthn: use absolute URL for delete redirect [\#2937](https://github.com/pomerium/pomerium/pull/2937) (@backport-actions-token[bot])
-- handle device states in deny block, fix default device type [\#2924](https://github.com/pomerium/pomerium/pull/2924) (@backport-actions-token[bot])
-- integration: fix default port for verify service [\#2908](https://github.com/pomerium/pomerium/pull/2908) (@backport-actions-token[bot])
-
-## [v0.16.0](https://github.com/pomerium/pomerium/tree/v0.16.0) (2021-12-22)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.8...v0.16.0)
-
-## Breaking
-
-- identity: only assign `access\_type` uri params to google. [\#2782](https://github.com/pomerium/pomerium/pull/2782) (@desimone)
-- tls: fallback to self-signed certificate [\#2760](https://github.com/pomerium/pomerium/pull/2760) (@calebdoxsey)
-- github: use GraphQL API to reduce number of API calls for directory sync [\#2715](https://github.com/pomerium/pomerium/pull/2715) (@calebdoxsey)
-
-## New
-
-- more idp metrics [\#2842](https://github.com/pomerium/pomerium/pull/2842) (@wasaga)
-- devices: add experimental icon [\#2836](https://github.com/pomerium/pomerium/pull/2836) (@calebdoxsey)
-- devices: switch "default" device type to two built-in default device types [\#2835](https://github.com/pomerium/pomerium/pull/2835) (@calebdoxsey)
-- dashboard: improve display of device credentials, allow deletion [\#2829](https://github.com/pomerium/pomerium/pull/2829) (@calebdoxsey)
-- ppl: add support for http\_path and http\_method [\#2813](https://github.com/pomerium/pomerium/pull/2813) (@calebdoxsey)
-- config: add internal service URLs [\#2801](https://github.com/pomerium/pomerium/pull/2801) (@calebdoxsey)
-- envoy: add hash policy and routing key for hash-based load balancers [\#2791](https://github.com/pomerium/pomerium/pull/2791) (@calebdoxsey)
-- authorize: support X-Pomerium-Authorization in addition to Authorization [\#2780](https://github.com/pomerium/pomerium/pull/2780) (@calebdoxsey)
-- envoy: treat configuration errors as fatal [\#2777](https://github.com/pomerium/pomerium/pull/2777) (@calebdoxsey)
-- envoy: add support for bind\_config bootstrap options [\#2772](https://github.com/pomerium/pomerium/pull/2772) (@calebdoxsey)
-- authenticate: redirect / to /.pomerium/ [\#2770](https://github.com/pomerium/pomerium/pull/2770) (@calebdoxsey)
-- device: add type id and credential id to enrollment for easier referencing [\#2749](https://github.com/pomerium/pomerium/pull/2749) (@calebdoxsey)
-- databroker: add additional log for config source [\#2718](https://github.com/pomerium/pomerium/pull/2718) (@calebdoxsey)
-- grpc: remove peer field from logs [\#2712](https://github.com/pomerium/pomerium/pull/2712) (@calebdoxsey)
-- desktop client api [\#2711](https://github.com/pomerium/pomerium/pull/2711) (@wasaga)
-- telemetry: improve zipkin error logs [\#2710](https://github.com/pomerium/pomerium/pull/2710) (@calebdoxsey)
-- authorize: add support for webauthn device policy enforcement [\#2700](https://github.com/pomerium/pomerium/pull/2700) (@calebdoxsey)
-- webauthn: update session to support device credentials per type [\#2699](https://github.com/pomerium/pomerium/pull/2699) (@calebdoxsey)
-- ppl: add support for additional data [\#2696](https://github.com/pomerium/pomerium/pull/2696) (@calebdoxsey)
-- Add additional ACME CA \(autocert\) options [\#2695](https://github.com/pomerium/pomerium/pull/2695) (@hslatman)
-- skip configuration updates to the most recent one [\#2690](https://github.com/pomerium/pomerium/pull/2690) (@wasaga)
-- authenticate: add support for webauthn [\#2688](https://github.com/pomerium/pomerium/pull/2688) (@calebdoxsey)
-- webauthnutil: add helpers for webauthn [\#2686](https://github.com/pomerium/pomerium/pull/2686) (@calebdoxsey)
-- devices: add device protobuf types [\#2682](https://github.com/pomerium/pomerium/pull/2682) (@calebdoxsey)
-- cryptutil: add SecureToken [\#2681](https://github.com/pomerium/pomerium/pull/2681) (@calebdoxsey)
-- config/envoyconfig: better duplicate message [\#2661](https://github.com/pomerium/pomerium/pull/2661) (@desimone)
-- pomerium-cli: add support for a custom browser command [\#2617](https://github.com/pomerium/pomerium/pull/2617) (@calebdoxsey)
-- ppl: pass contextual information through policy [\#2612](https://github.com/pomerium/pomerium/pull/2612) (@calebdoxsey)
-- add description to service accounts [\#2611](https://github.com/pomerium/pomerium/pull/2611) (@nhayfield)
-- DOCS: Add copy button to code snippets [\#2597](https://github.com/pomerium/pomerium/pull/2597) (@alexfornuto)
-- pomerium-cli: use cache dir instead of config dir [\#2588](https://github.com/pomerium/pomerium/pull/2588) (@calebdoxsey)
-- cli: update tcp log output format [\#2586](https://github.com/pomerium/pomerium/pull/2586) (@travisgroth)
-- directory: implement exponential backoff for refresh [\#2570](https://github.com/pomerium/pomerium/pull/2570) (@calebdoxsey)
-- google: support provider URL [\#2567](https://github.com/pomerium/pomerium/pull/2567) (@calebdoxsey)
-- config: remove signature\_key\_algorithm [\#2557](https://github.com/pomerium/pomerium/pull/2557) (@calebdoxsey)
-- allow pomerium to start without certs [\#2555](https://github.com/pomerium/pomerium/pull/2555) (@wasaga)
-- integration: kubernetes support [\#2536](https://github.com/pomerium/pomerium/pull/2536) (@calebdoxsey)
-- integration: nginx [\#2532](https://github.com/pomerium/pomerium/pull/2532) (@calebdoxsey)
-- integration: add traefik tests [\#2530](https://github.com/pomerium/pomerium/pull/2530) (@calebdoxsey)
-- envoy: remove deprecated access\_log\_path [\#2523](https://github.com/pomerium/pomerium/pull/2523) (@calebdoxsey)
-- config: remove headers [\#2522](https://github.com/pomerium/pomerium/pull/2522) (@calebdoxsey)
-- integration: add multi test [\#2519](https://github.com/pomerium/pomerium/pull/2519) (@calebdoxsey)
-- Remove api from GitLab defaultScope [\#2518](https://github.com/pomerium/pomerium/pull/2518) (@alexfornuto)
-- integration: add single-cluster integration tests [\#2516](https://github.com/pomerium/pomerium/pull/2516) (@calebdoxsey)
-- integration: remove tests [\#2514](https://github.com/pomerium/pomerium/pull/2514) (@calebdoxsey)
-- github: support provider URL [\#2490](https://github.com/pomerium/pomerium/pull/2490) (@calebdoxsey)
-- protoutil: add NewAny method for deterministic serialization [\#2462](https://github.com/pomerium/pomerium/pull/2462) (@calebdoxsey)
-- fix go get, improve redis test [\#2450](https://github.com/pomerium/pomerium/pull/2450) (@calebdoxsey)
-- all: remove unused handler code [\#2439](https://github.com/pomerium/pomerium/pull/2439) (@desimone)
-
-## Security
-
-- identity: fix user refresh [\#2724](https://github.com/pomerium/pomerium/pull/2724) (@calebdoxsey)
-- deps: update envoy to 1.19.1 [\#2526](https://github.com/pomerium/pomerium/pull/2526) (@travisgroth)
-
-## Fixed
-
-- config: allow specifying auto codec type in all-in-one mode [\#2846](https://github.com/pomerium/pomerium/pull/2846) (@calebdoxsey)
-- dashboard: add confirmation dialog, fix button in firefox [\#2841](https://github.com/pomerium/pomerium/pull/2841) (@calebdoxsey)
-- fix: Fixed return description error [\#2825](https://github.com/pomerium/pomerium/pull/2825) (@cfanbo)
-- internal/telemetry: fix grpc server metrics [\#2811](https://github.com/pomerium/pomerium/pull/2811) (@travisgroth)
-- Fix IdP client metrics [\#2810](https://github.com/pomerium/pomerium/pull/2810) (@travisgroth)
-- envoyconfig: fix tls\_downstream\_client\_ca for non-standard ports [\#2802](https://github.com/pomerium/pomerium/pull/2802) (@calebdoxsey)
-- config: detect changes to the kubernetes service account token file [\#2767](https://github.com/pomerium/pomerium/pull/2767) (@calebdoxsey)
-- deps: update goreleaser [\#2757](https://github.com/pomerium/pomerium/pull/2757) (@travisgroth)
-
-## Documentation
-
-- add docs for ingress regex path [\#2822](https://github.com/pomerium/pomerium/pull/2822) (@wasaga)
-- fix typo in docs [\#2819](https://github.com/pomerium/pomerium/pull/2819) (@wasaga)
-- DOCS: add Grafana to Guides index [\#2808](https://github.com/pomerium/pomerium/pull/2808) (@alexfornuto)
-- DOCS: Fix indentation in API doc [\#2798](https://github.com/pomerium/pomerium/pull/2798) (@alexfornuto)
-- DOCS: Create Consolidated Troubleshooting Guide and Replace FAQ [\#2797](https://github.com/pomerium/pomerium/pull/2797) (@alexfornuto)
-- docs: update pomerium-cli location [\#2790](https://github.com/pomerium/pomerium/pull/2790) (@travisgroth)
-- Document Pomerium Policy Language [\#2789](https://github.com/pomerium/pomerium/pull/2789) (@backport-actions-token[bot])
-- Copy edit to changelog entry [\#2786](https://github.com/pomerium/pomerium/pull/2786) (@alexfornuto)
-- Document Pomerium Policy Language [\#2784](https://github.com/pomerium/pomerium/pull/2784) (@alexfornuto)
-- Remove forward\_auth\_url from Enterprise [\#2779](https://github.com/pomerium/pomerium/pull/2779) (@alexfornuto)
-- Docs: Update Kubernetes Dashboard Guide [\#2759](https://github.com/pomerium/pomerium/pull/2759) (@alexfornuto)
-- Docs: Update Securing Kubernetes Guide [\#2758](https://github.com/pomerium/pomerium/pull/2758) (@alexfornuto)
-- Docs: Add spdy annotation [\#2747](https://github.com/pomerium/pomerium/pull/2747) (@alexfornuto)
-- Docs: Update JWT Verification Guide [\#2746](https://github.com/pomerium/pomerium/pull/2746) (@alexfornuto)
-- Docs: Add Grafana Integration Guide [\#2742](https://github.com/pomerium/pomerium/pull/2742) (@alexfornuto)
-- Docs: Update Traefik Example Headers [\#2732](https://github.com/pomerium/pomerium/pull/2732) (@alexfornuto)
-- Docs: Reference gRPC API Docs [\#2717](https://github.com/pomerium/pomerium/pull/2717) (@alexfornuto)
-- Minor fix in routes documentation [\#2714](https://github.com/pomerium/pomerium/pull/2714) (@Kerwood)
-- Docs: Update Community Page [\#2713](https://github.com/pomerium/pomerium/pull/2713) (@cmo-pomerium)
-- Update architecture.md [\#2701](https://github.com/pomerium/pomerium/pull/2701) (@cmo-pomerium)
-- Update create TLS command to quote strings. [\#2694](https://github.com/pomerium/pomerium/pull/2694) (@FutureMatt)
-- Docs: Correct Claim Example [\#2689](https://github.com/pomerium/pomerium/pull/2689) (@alexfornuto)
-- Fix typo in docs [\#2683](https://github.com/pomerium/pomerium/pull/2683) (@nihaals)
-- Fixed 'kubtctl' typo on releases page [\#2673](https://github.com/pomerium/pomerium/pull/2673) (@ChaosInTheCRD)
-- add service account redirects [\#2664](https://github.com/pomerium/pomerium/pull/2664) (@alexfornuto)
-- DOCS: Standardize Relative Links [\#2651](https://github.com/pomerium/pomerium/pull/2651) (@alexfornuto)
-- Docs: cross-reference links between concepts and reference [\#2648](https://github.com/pomerium/pomerium/pull/2648) (@alexfornuto)
-- adjust sidebarDepths and document Desktop Client releases [\#2645](https://github.com/pomerium/pomerium/pull/2645) (@backport-actions-token[bot])
-- typo [\#2644](https://github.com/pomerium/pomerium/pull/2644) (@alexfornuto)
-- adjust sidebarDepths and document Desktop Client releases [\#2643](https://github.com/pomerium/pomerium/pull/2643) (@alexfornuto)
-- DOCS: CORS preflight in console [\#2642](https://github.com/pomerium/pomerium/pull/2642) (@alexfornuto)
-- DOCS: Collapse IDP Header [\#2641](https://github.com/pomerium/pomerium/pull/2641) (@alexfornuto)
-- docs: remove extra word / updated docs link [\#2638](https://github.com/pomerium/pomerium/pull/2638) (@cmo-pomerium)
-- Docs: Batch Updates [\#2628](https://github.com/pomerium/pomerium/pull/2628) (@alexfornuto)
-- Refresh and Update TCP documentation [\#2627](https://github.com/pomerium/pomerium/pull/2627) (@alexfornuto)
-- DOC: Copy edits to Okta IdP doc. [\#2623](https://github.com/pomerium/pomerium/pull/2623) (@alexfornuto)
-- Docs/batch link fixes [\#2621](https://github.com/pomerium/pomerium/pull/2621) (@alexfornuto)
-- Add redirect for installation [\#2618](https://github.com/pomerium/pomerium/pull/2618) (@alexfornuto)
-- Add docs team as a code owner of packages.json [\#2605](https://github.com/pomerium/pomerium/pull/2605) (@alexfornuto)
-- Update CODEOWNERS [\#2603](https://github.com/pomerium/pomerium/pull/2603) (@alexfornuto)
-- DOCS: Update Enterprise Reference Docs [\#2599](https://github.com/pomerium/pomerium/pull/2599) (@alexfornuto)
-- Document Enterprise API [\#2595](https://github.com/pomerium/pomerium/pull/2595) (@alexfornuto)
-- docs: rename updated icon image [\#2582](https://github.com/pomerium/pomerium/pull/2582) (@travisgroth)
-- docs: add updated icon asset [\#2580](https://github.com/pomerium/pomerium/pull/2580) (@travisgroth)
-- Document recovery token generation [\#2579](https://github.com/pomerium/pomerium/pull/2579) (@alexfornuto)
-- New Topic Page: Original Request Context [\#2569](https://github.com/pomerium/pomerium/pull/2569) (@alexfornuto)
-- docs: enterprise console v0.15.2 changelog [\#2564](https://github.com/pomerium/pomerium/pull/2564) (@travisgroth)
-- TCP Client Doc [\#2561](https://github.com/pomerium/pomerium/pull/2561) (@alexfornuto)
-- Docs: Fix merged PR [\#2546](https://github.com/pomerium/pomerium/pull/2546) (@alexfornuto)
-- docs: enterprise v0.15.1 changelog [\#2542](https://github.com/pomerium/pomerium/pull/2542) (@travisgroth)
-- Update Ping Identity IdP  [\#2537](https://github.com/pomerium/pomerium/pull/2537) (@alexfornuto)
-- update OneLogin IdP doc [\#2533](https://github.com/pomerium/pomerium/pull/2533) (@alexfornuto)
-- Update GitLab IdP doc [\#2520](https://github.com/pomerium/pomerium/pull/2520) (@alexfornuto)
-- update GitHub IdP doc [\#2503](https://github.com/pomerium/pomerium/pull/2503) (@alexfornuto)
-- Update AWS cognito IdP doc [\#2498](https://github.com/pomerium/pomerium/pull/2498) (@alexfornuto)
-- Update Azure IdP Doc [\#2497](https://github.com/pomerium/pomerium/pull/2497) (@alexfornuto)
-- Auth0 Doc Refresh [\#2494](https://github.com/pomerium/pomerium/pull/2494) (@alexfornuto)
-- Update IdP Overview Page [\#2493](https://github.com/pomerium/pomerium/pull/2493) (@alexfornuto)
-- Update Okta IdP doc [\#2491](https://github.com/pomerium/pomerium/pull/2491) (@alexfornuto)
-- adjust comment blocking [\#2488](https://github.com/pomerium/pomerium/pull/2488) (@alexfornuto)
-- document binding service to 443 [\#2487](https://github.com/pomerium/pomerium/pull/2487) (@alexfornuto)
-- docs: use generic email [\#2484](https://github.com/pomerium/pomerium/pull/2484) (@alexfornuto)
-- Update Docker Quickstart [\#2482](https://github.com/pomerium/pomerium/pull/2482) (@alexfornuto)
-- Wrap mkcert command in quotes [\#2481](https://github.com/pomerium/pomerium/pull/2481) (@alexfornuto)
-- Updates to Enterprise Quickstart instructions [\#2480](https://github.com/pomerium/pomerium/pull/2480) (@alexfornuto)
-- wrap header example values as inline code. [\#2474](https://github.com/pomerium/pomerium/pull/2474) (@alexfornuto)
-- docs: clarify  custom request header limitations [\#2471](https://github.com/pomerium/pomerium/pull/2471) (@desimone)
-- Update Helm Instructions [\#2467](https://github.com/pomerium/pomerium/pull/2467) (@alexfornuto)
-- docs: update enterprise helm instructions to use main repo [\#2463](https://github.com/pomerium/pomerium/pull/2463) (@travisgroth)
-- Document tracing sample rate in console [\#2461](https://github.com/pomerium/pomerium/pull/2461) (@alexfornuto)
-- Document moving routes [\#2460](https://github.com/pomerium/pomerium/pull/2460) (@alexfornuto)
-- Enterprise Upgrade & Changelog Pages [\#2453](https://github.com/pomerium/pomerium/pull/2453) (@alexfornuto)
-- docs: update codeowners [\#2451](https://github.com/pomerium/pomerium/pull/2451) (@travisgroth)
-- Update binary install doc [\#2447](https://github.com/pomerium/pomerium/pull/2447) (@alexfornuto)
-- docs: update branding, concepts [\#2445](https://github.com/pomerium/pomerium/pull/2445) (@desimone)
-- specify expected audience in Console config [\#2442](https://github.com/pomerium/pomerium/pull/2442) (@alexfornuto)
-- docs: update default version to v0.15 [\#2437](https://github.com/pomerium/pomerium/pull/2437) (@travisgroth)
-- docs: update branding [\#2435](https://github.com/pomerium/pomerium/pull/2435) (@desimone)
-
-## Dependency
-
-- chore\(deps\): bump google.golang.org/api from 0.62.0 to 0.63.0 [\#2834](https://github.com/pomerium/pomerium/pull/2834) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.26.0 to 1.26.1 [\#2833](https://github.com/pomerium/pomerium/pull/2833) (@dependabot[bot])
-- chore\(deps\): bump github.com/spf13/viper from 1.10.0 to 1.10.1 [\#2832](https://github.com/pomerium/pomerium/pull/2832) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.42.0 to 1.43.0 [\#2831](https://github.com/pomerium/pomerium/pull/2831) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible [\#2817](https://github.com/pomerium/pomerium/pull/2817) (@dependabot[bot])
-- chore\(deps\): bump github.com/spf13/viper from 1.9.0 to 1.10.0 [\#2816](https://github.com/pomerium/pomerium/pull/2816) (@dependabot[bot])
-- dev build support for darwin-arm64 from envoy tip [\#2815](https://github.com/pomerium/pomerium/pull/2815) (@wasaga)
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 [\#2807](https://github.com/pomerium/pomerium/pull/2807) (@dependabot[bot])
-- chore\(deps\): bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 [\#2806](https://github.com/pomerium/pomerium/pull/2806) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.60.0 to 0.61.0 [\#2805](https://github.com/pomerium/pomerium/pull/2805) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.34.2 to 0.35.0 [\#2804](https://github.com/pomerium/pomerium/pull/2804) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.15.1 to 4.16.1 [\#2803](https://github.com/pomerium/pomerium/pull/2803) (@dependabot[bot])
-- chore\(deps\): bump github.com/ory/dockertest/v3 from 3.8.0 to 3.8.1 [\#2785](https://github.com/pomerium/pomerium/pull/2785) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.14.2 to 4.15.1 [\#2783](https://github.com/pomerium/pomerium/pull/2783) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.10+incompatible to 20.10.11+incompatible [\#2776](https://github.com/pomerium/pomerium/pull/2776) (@dependabot[bot])
-- chore\(deps\): bump coverallsapp/github-action from 1.1.2 to 1.1.3 [\#2775](https://github.com/pomerium/pomerium/pull/2775) (@dependabot[bot])
-- chore\(deps\): bump mikefarah/yq from 4.6.3 to 4.14.2 [\#2774](https://github.com/pomerium/pomerium/pull/2774) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.15.1 to 0.15.2 [\#2769](https://github.com/pomerium/pomerium/pull/2769) (@dependabot[bot])
-- chore\(deps\): bump github.com/cenkalti/backoff/v4 from 4.1.1 to 4.1.2 [\#2768](https://github.com/pomerium/pomerium/pull/2768) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.34.1 to 0.34.2 [\#2765](https://github.com/pomerium/pomerium/pull/2765) (@dependabot[bot])
-- chore\(deps\): bump github.com/mholt/acmez from 1.0.0 to 1.0.1 [\#2764](https://github.com/pomerium/pomerium/pull/2764) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.21.0 to 5.21.1 [\#2763](https://github.com/pomerium/pomerium/pull/2763) (@dependabot[bot])
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.42.1 to 1.43.0 [\#2756](https://github.com/pomerium/pomerium/pull/2756) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.34.0 to 0.34.1 [\#2755](https://github.com/pomerium/pomerium/pull/2755) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.41.0 to 1.42.0 [\#2754](https://github.com/pomerium/pomerium/pull/2754) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.25.0 to 1.26.0 [\#2753](https://github.com/pomerium/pomerium/pull/2753) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.20.0 to 5.21.0 [\#2752](https://github.com/pomerium/pomerium/pull/2752) (@dependabot[bot])
-- dependencies: vendor base58, remove shortuuid [\#2739](https://github.com/pomerium/pomerium/pull/2739) (@calebdoxsey)
-- chore\(deps\): bump google.golang.org/api from 0.58.0 to 0.60.0 [\#2737](https://github.com/pomerium/pomerium/pull/2737) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10 [\#2736](https://github.com/pomerium/pomerium/pull/2736) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.33.1 to 0.34.0 [\#2735](https://github.com/pomerium/pomerium/pull/2735) (@dependabot[bot])
-- chore\(deps\): bump github.com/openzipkin/zipkin-go from 0.2.5 to 0.3.0 [\#2734](https://github.com/pomerium/pomerium/pull/2734) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.31.1 to 0.32.1 [\#2706](https://github.com/pomerium/pomerium/pull/2706) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible [\#2705](https://github.com/pomerium/pomerium/pull/2705) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.19.2 to 5.20.0 [\#2704](https://github.com/pomerium/pomerium/pull/2704) (@dependabot[bot])
-- chore\(deps\): bump github.com/envoyproxy/protoc-gen-validate from 0.6.1 to 0.6.2 [\#2703](https://github.com/pomerium/pomerium/pull/2703) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.5 to 0.15.1 [\#2685](https://github.com/pomerium/pomerium/pull/2685) (@dependabot[bot])
-- chore\(deps\): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.1.2 [\#2672](https://github.com/pomerium/pomerium/pull/2672) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.8 to 3.21.9 [\#2671](https://github.com/pomerium/pomerium/pull/2671) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible [\#2670](https://github.com/pomerium/pomerium/pull/2670) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.57.0 to 0.58.0 [\#2660](https://github.com/pomerium/pomerium/pull/2660) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.3 to 8.11.4 [\#2659](https://github.com/pomerium/pomerium/pull/2659) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.32.1 to 0.33.1 [\#2658](https://github.com/pomerium/pomerium/pull/2658) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.31.0 to 0.31.1 [\#2656](https://github.com/pomerium/pomerium/pull/2656) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.32.0 to 0.32.1 [\#2633](https://github.com/pomerium/pomerium/pull/2633) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.40.0 to 1.41.0 [\#2632](https://github.com/pomerium/pomerium/pull/2632) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.30.0 to 0.31.0 [\#2631](https://github.com/pomerium/pomerium/pull/2631) (@dependabot[bot])
-- chore\(deps\): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 [\#2630](https://github.com/pomerium/pomerium/pull/2630) (@dependabot[bot])
-- chore\(deps\): bump github.com/ory/dockertest/v3 from 3.7.0 to 3.8.0 [\#2629](https://github.com/pomerium/pomerium/pull/2629) (@dependabot[bot])
-- chore\(deps\): bump github.com/spf13/viper from 1.8.1 to 1.9.0 [\#2616](https://github.com/pomerium/pomerium/pull/2616) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.56.0 to 0.57.0 [\#2615](https://github.com/pomerium/pomerium/pull/2615) (@dependabot[bot])
-- chore\(deps\): bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 [\#2614](https://github.com/pomerium/pomerium/pull/2614) (@dependabot[bot])
-- bump protoc-validate [\#2606](https://github.com/pomerium/pomerium/pull/2606) (@wasaga)
-- chore\(deps\): bump go.uber.org/zap from 1.19.0 to 1.19.1 [\#2592](https://github.com/pomerium/pomerium/pull/2592) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.24.0 to 1.25.0 [\#2591](https://github.com/pomerium/pomerium/pull/2591) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.7 to 3.21.8 [\#2577](https://github.com/pomerium/pomerium/pull/2577) (@dependabot[bot])
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 [\#2576](https://github.com/pomerium/pomerium/pull/2576) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.4 to 0.14.5 [\#2575](https://github.com/pomerium/pomerium/pull/2575) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.54.0 to 0.56.0 [\#2574](https://github.com/pomerium/pomerium/pull/2574) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0 [\#2573](https://github.com/pomerium/pomerium/pull/2573) (@dependabot[bot])
-- chore\(deps\): bump github.com/fsnotify/fsnotify from 1.5.0 to 1.5.1 [\#2554](https://github.com/pomerium/pomerium/pull/2554) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.3 to 0.14.4 [\#2553](https://github.com/pomerium/pomerium/pull/2553) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.23.0 to 1.24.0 [\#2552](https://github.com/pomerium/pomerium/pull/2552) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible [\#2551](https://github.com/pomerium/pomerium/pull/2551) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.1 to 0.14.3 [\#2550](https://github.com/pomerium/pomerium/pull/2550) (@dependabot[bot])
-- chore\(deps\): bump contrib.go.opencensus.io/exporter/prometheus from 0.3.0 to 0.4.0 [\#2549](https://github.com/pomerium/pomerium/pull/2549) (@dependabot[bot])
-- chore\(deps\): bump github.com/cespare/xxhash/v2 from 2.1.1 to 2.1.2 [\#2548](https://github.com/pomerium/pomerium/pull/2548) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.7.2 to 0.7.3 [\#2512](https://github.com/pomerium/pomerium/pull/2512) (@dependabot[bot])
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 [\#2511](https://github.com/pomerium/pomerium/pull/2511) (@dependabot[bot])
-- chore\(deps\): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.0 [\#2510](https://github.com/pomerium/pomerium/pull/2510) (@dependabot[bot])
-- ci: use go 1.17.x [\#2492](https://github.com/pomerium/pomerium/pull/2492) (@desimone)
-- chore\(deps\): bump google.golang.org/grpc from 1.39.1 to 1.40.0 [\#2478](https://github.com/pomerium/pomerium/pull/2478) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.2 to 8.11.3 [\#2477](https://github.com/pomerium/pomerium/pull/2477) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.52.0 to 0.54.0 [\#2476](https://github.com/pomerium/pomerium/pull/2476) (@dependabot[bot])
-- chore\(deps\): bump go.uber.org/zap from 1.18.1 to 1.19.0 [\#2475](https://github.com/pomerium/pomerium/pull/2475) (@dependabot[bot])
-- ci: support darwn/arm64 aka m1 for cli [\#2473](https://github.com/pomerium/pomerium/pull/2473) (@desimone)
-- chore\(deps\): bump google.golang.org/grpc from 1.39.0 to 1.39.1 [\#2457](https://github.com/pomerium/pomerium/pull/2457) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.7.1 to 0.7.2 [\#2456](https://github.com/pomerium/pomerium/pull/2456) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 [\#2455](https://github.com/pomerium/pomerium/pull/2455) (@dependabot[bot])
-- Hadolint [\#2363](https://github.com/pomerium/pomerium/pull/2363) (@stephengroat)
-
-## Deployment
-
-- deployment: migrate pomerium-cli automation to new repo [\#2771](https://github.com/pomerium/pomerium/pull/2771) (@travisgroth)
-- deployment: remove DST\_Root\_CA\_X3 from docker images [\#2677](https://github.com/pomerium/pomerium/pull/2677) (@travisgroth)
-- deployment: update goreleaser syntax [\#2524](https://github.com/pomerium/pomerium/pull/2524) (@travisgroth)
-
-## Changed
-
-- move NewGRPCClientConn to public package [\#2826](https://github.com/pomerium/pomerium/pull/2826) (@wasaga)
-- rm cli code [\#2824](https://github.com/pomerium/pomerium/pull/2824) (@wasaga)
-- ci: remove hadolint [\#2726](https://github.com/pomerium/pomerium/pull/2726) (@travisgroth)
-- ci: ignore multiple run commands [\#2566](https://github.com/pomerium/pomerium/pull/2566) (@travisgroth)
-- redirect logo to the marketing site [\#2441](https://github.com/pomerium/pomerium/pull/2441) (@alexfornuto)
-- ci: use github app for backport credentials [\#2369](https://github.com/pomerium/pomerium/pull/2369) (@travisgroth)
-
-## [v0.15.8](https://github.com/pomerium/pomerium/tree/v0.15.8) (2021-12-17)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.7...v0.15.8)
-
-## Fixed
-
-- authorize: fix nginx infinite redirect [\#2812](https://github.com/pomerium/pomerium/pull/2812) (@calebdoxsey)
-
-## Documentation
-
-- DOCS: add Grafana to Guides index [\#2809](https://github.com/pomerium/pomerium/pull/2809) (@backport-actions-token[bot])
-- DOCS: Fix indentation in API doc [\#2799](https://github.com/pomerium/pomerium/pull/2799) (@backport-actions-token[bot])
-- Docs: Update Kubernetes Dashboard Guide [\#2795](https://github.com/pomerium/pomerium/pull/2795) (@backport-actions-token[bot])
-- Docs: Update Securing Kubernetes Guide [\#2792](https://github.com/pomerium/pomerium/pull/2792) (@backport-actions-token[bot])
-- Docs: Update JWT Verification Guide [\#2787](https://github.com/pomerium/pomerium/pull/2787) (@backport-actions-token[bot])
-
-## Dependency
-
-- deps: pin release to latest go version [\#2827](https://github.com/pomerium/pomerium/pull/2827) (@travisgroth)
-
-## [v0.15.7](https://github.com/pomerium/pomerium/tree/v0.15.7) (2021-11-15)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.6...v0.15.7)
-
-## Fixed
-
-- autocert: remove log [\#2750](https://github.com/pomerium/pomerium/pull/2750) (@backport-actions-token[bot])
-
-## Security
-
-- identity: fix user refresh [\#2725](https://github.com/pomerium/pomerium/pull/2725) (@backport-actions-token[bot])
-
-## Documentation
-
-- Docs: Add Grafana Integration Guide [\#2762](https://github.com/pomerium/pomerium/pull/2762) (@backport-actions-token[bot])
-- Docs: Add spdy annotation [\#2751](https://github.com/pomerium/pomerium/pull/2751) (@backport-actions-token[bot])
-- Docs: Ingress Controller [\#2745](https://github.com/pomerium/pomerium/pull/2745) (@backport-actions-token[bot])
-- Docs: Update Traefik Example Headers [\#2741](https://github.com/pomerium/pomerium/pull/2741) (@backport-actions-token[bot])
-- Docs: Update Community Page [\#2731](https://github.com/pomerium/pomerium/pull/2731) (@backport-actions-token[bot])
-- Minor fix in routes documentation [\#2721](https://github.com/pomerium/pomerium/pull/2721) (@backport-actions-token[bot])
-- Docs: Reference gRPC API Docs [\#2720](https://github.com/pomerium/pomerium/pull/2720) (@backport-actions-token[bot])
-- Update architecture.md [\#2707](https://github.com/pomerium/pomerium/pull/2707) (@backport-actions-token[bot])
-
-## [v0.15.6](https://github.com/pomerium/pomerium/tree/v0.15.6) (2021-11-04)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.5...v0.15.6)
-
-## Breaking
-
-- github: use GraphQL API to reduce number of API calls for directory sync [\#2715](https://github.com/pomerium/pomerium/pull/2715) (@calebdoxsey)
-
-## New
-
-- databroker: add additional log for config source [\#2718](https://github.com/pomerium/pomerium/pull/2718) (@calebdoxsey)
-- grpc: remove peer field from logs [\#2712](https://github.com/pomerium/pomerium/pull/2712) (@calebdoxsey)
-- desktop client api [\#2711](https://github.com/pomerium/pomerium/pull/2711) (@wasaga)
-- telemetry: improve zipkin error logs [\#2710](https://github.com/pomerium/pomerium/pull/2710) (@calebdoxsey)
-- authorize: add support for webauthn device policy enforcement [\#2700](https://github.com/pomerium/pomerium/pull/2700) (@calebdoxsey)
-- webauthn: update session to support device credentials per type [\#2699](https://github.com/pomerium/pomerium/pull/2699) (@calebdoxsey)
-- ppl: add support for additional data [\#2696](https://github.com/pomerium/pomerium/pull/2696) (@calebdoxsey)
-- Add additional ACME CA \(autocert\) options [\#2695](https://github.com/pomerium/pomerium/pull/2695) (@hslatman)
-- skip configuration updates to the most recent one [\#2690](https://github.com/pomerium/pomerium/pull/2690) (@wasaga)
-- authenticate: add support for webauthn [\#2688](https://github.com/pomerium/pomerium/pull/2688) (@calebdoxsey)
-- webauthnutil: add helpers for webauthn [\#2686](https://github.com/pomerium/pomerium/pull/2686) (@calebdoxsey)
-- devices: add device protobuf types [\#2682](https://github.com/pomerium/pomerium/pull/2682) (@calebdoxsey)
-- cryptutil: add SecureToken [\#2681](https://github.com/pomerium/pomerium/pull/2681) (@calebdoxsey)
-- config/envoyconfig: better duplicate message [\#2661](https://github.com/pomerium/pomerium/pull/2661) (@desimone)
-- pomerium-cli: add support for a custom browser command [\#2617](https://github.com/pomerium/pomerium/pull/2617) (@calebdoxsey)
-- ppl: pass contextual information through policy [\#2612](https://github.com/pomerium/pomerium/pull/2612) (@calebdoxsey)
-- add description to service accounts [\#2611](https://github.com/pomerium/pomerium/pull/2611) (@nhayfield)
-- DOCS: Add copy button to code snippets [\#2597](https://github.com/pomerium/pomerium/pull/2597) (@alexfornuto)
-- pomerium-cli: use cache dir instead of config dir [\#2588](https://github.com/pomerium/pomerium/pull/2588) (@calebdoxsey)
-- cli: update tcp log output format [\#2586](https://github.com/pomerium/pomerium/pull/2586) (@travisgroth)
-- directory: implement exponential backoff for refresh [\#2570](https://github.com/pomerium/pomerium/pull/2570) (@calebdoxsey)
-- google: support provider URL [\#2567](https://github.com/pomerium/pomerium/pull/2567) (@calebdoxsey)
-- allow pomerium to start without certs [\#2555](https://github.com/pomerium/pomerium/pull/2555) (@wasaga)
-- integration: kubernetes support [\#2536](https://github.com/pomerium/pomerium/pull/2536) (@calebdoxsey)
-- integration: nginx [\#2532](https://github.com/pomerium/pomerium/pull/2532) (@calebdoxsey)
-- integration: add traefik tests [\#2530](https://github.com/pomerium/pomerium/pull/2530) (@calebdoxsey)
-- envoy: remove deprecated access\_log\_path [\#2523](https://github.com/pomerium/pomerium/pull/2523) (@calebdoxsey)
-- config: remove headers [\#2522](https://github.com/pomerium/pomerium/pull/2522) (@calebdoxsey)
-- integration: add multi test [\#2519](https://github.com/pomerium/pomerium/pull/2519) (@calebdoxsey)
-- Remove api from GitLab defaultScope [\#2518](https://github.com/pomerium/pomerium/pull/2518) (@alexfornuto)
-- integration: add single-cluster integration tests [\#2516](https://github.com/pomerium/pomerium/pull/2516) (@calebdoxsey)
-- integration: remove tests [\#2514](https://github.com/pomerium/pomerium/pull/2514) (@calebdoxsey)
-- github: support provider URL [\#2490](https://github.com/pomerium/pomerium/pull/2490) (@calebdoxsey)
-- protoutil: add NewAny method for deterministic serialization [\#2462](https://github.com/pomerium/pomerium/pull/2462) (@calebdoxsey)
-- fix go get, improve redis test [\#2450](https://github.com/pomerium/pomerium/pull/2450) (@calebdoxsey)
-- all: remove unused handler code [\#2439](https://github.com/pomerium/pomerium/pull/2439) (@desimone)
-
-## Fixed
-
-- deployment: relocate pomerium-cli to /usr/bin [\#2727](https://github.com/pomerium/pomerium/pull/2727) (@travisgroth)
-- authenticate: always update user record on login [\#2719](https://github.com/pomerium/pomerium/pull/2719) (@calebdoxsey)
-- authenticate: add databroker versions to session cookie [\#2709](https://github.com/pomerium/pomerium/pull/2709) (@calebdoxsey)
-- protoc: add xds repo [\#2687](https://github.com/pomerium/pomerium/pull/2687) (@calebdoxsey)
-- add host-rewrite options to config.proto [\#2668](https://github.com/pomerium/pomerium/pull/2668) (@wasaga)
-- authclient: clone TLS configuration to prevent overriding NextProtos [\#2594](https://github.com/pomerium/pomerium/pull/2594) (@calebdoxsey)
-- tcptunnel: force the use of HTTP/1.1 during ALPN [\#2593](https://github.com/pomerium/pomerium/pull/2593) (@calebdoxsey)
-- userinfo: format exp, iat and updated\_at [\#2585](https://github.com/pomerium/pomerium/pull/2585) (@calebdoxsey)
-- autocert: remove log [\#2584](https://github.com/pomerium/pomerium/pull/2584) (@calebdoxsey)
-- authorize: use session.user\_id in headers [\#2571](https://github.com/pomerium/pomerium/pull/2571) (@calebdoxsey)
-- ppl: use session.user\_id instead of user.id for user criterion [\#2562](https://github.com/pomerium/pomerium/pull/2562) (@calebdoxsey)
-- authorize: fix google cloudrun header audience [\#2558](https://github.com/pomerium/pomerium/pull/2558) (@calebdoxsey)
-- authorize: fix X-Pomerium-Claim-Groups [\#2539](https://github.com/pomerium/pomerium/pull/2539) (@calebdoxsey)
-- grpc: disable gRPC connection re-use across services [\#2515](https://github.com/pomerium/pomerium/pull/2515) (@calebdoxsey)
-- fix forward-auth, logging [\#2509](https://github.com/pomerium/pomerium/pull/2509) (@calebdoxsey)
-- grpc: send client traffic through envoy [\#2469](https://github.com/pomerium/pomerium/pull/2469) (@calebdoxsey)
-- options: remove refresh\_cooldown, add allow\_spdy to proto [\#2446](https://github.com/pomerium/pomerium/pull/2446) (@calebdoxsey)
-
-## Security
-
-- identity: fix user refresh [\#2724](https://github.com/pomerium/pomerium/pull/2724) (@calebdoxsey)
-- deps: update envoy to 1.19.1 [\#2526](https://github.com/pomerium/pomerium/pull/2526) (@travisgroth)
-
-## Documentation
-
-- Docs: Update Traefik Example Headers [\#2732](https://github.com/pomerium/pomerium/pull/2732) (@alexfornuto)
-- Docs: Reference gRPC API Docs [\#2717](https://github.com/pomerium/pomerium/pull/2717) (@alexfornuto)
-- Minor fix in routes documentation [\#2714](https://github.com/pomerium/pomerium/pull/2714) (@Kerwood)
-- Docs: Update Community Page [\#2713](https://github.com/pomerium/pomerium/pull/2713) (@cmo-pomerium)
-- Update architecture.md [\#2701](https://github.com/pomerium/pomerium/pull/2701) (@cmo-pomerium)
-- Update create TLS command to quote strings. [\#2694](https://github.com/pomerium/pomerium/pull/2694) (@FutureMatt)
-- Docs: Correct Claim Example [\#2689](https://github.com/pomerium/pomerium/pull/2689) (@alexfornuto)
-- Fix typo in docs [\#2683](https://github.com/pomerium/pomerium/pull/2683) (@nihaals)
-- Fixed 'kubtctl' typo on releases page [\#2673](https://github.com/pomerium/pomerium/pull/2673) (@ChaosInTheCRD)
-- Docs: Ingress Controller [\#2667](https://github.com/pomerium/pomerium/pull/2667) (@alexfornuto)
-- add service account redirects [\#2664](https://github.com/pomerium/pomerium/pull/2664) (@alexfornuto)
-- DOCS: Standardize Relative Links [\#2651](https://github.com/pomerium/pomerium/pull/2651) (@alexfornuto)
-- Docs: cross-reference links between concepts and reference [\#2648](https://github.com/pomerium/pomerium/pull/2648) (@alexfornuto)
-- typo [\#2644](https://github.com/pomerium/pomerium/pull/2644) (@alexfornuto)
-- adjust sidebarDepths and document Desktop Client releases [\#2643](https://github.com/pomerium/pomerium/pull/2643) (@alexfornuto)
-- DOCS: CORS preflight in console [\#2642](https://github.com/pomerium/pomerium/pull/2642) (@alexfornuto)
-- DOCS: Collapse IDP Header [\#2641](https://github.com/pomerium/pomerium/pull/2641) (@alexfornuto)
-- docs: remove extra word / updated docs link [\#2638](https://github.com/pomerium/pomerium/pull/2638) (@cmo-pomerium)
-- Docs: Batch Updates [\#2628](https://github.com/pomerium/pomerium/pull/2628) (@alexfornuto)
-- Refresh and Update TCP documentation [\#2627](https://github.com/pomerium/pomerium/pull/2627) (@alexfornuto)
-- DOC: Copy edits to Okta IdP doc. [\#2623](https://github.com/pomerium/pomerium/pull/2623) (@alexfornuto)
-- Docs/batch link fixes [\#2621](https://github.com/pomerium/pomerium/pull/2621) (@alexfornuto)
-- Add redirect for installation [\#2618](https://github.com/pomerium/pomerium/pull/2618) (@alexfornuto)
-- Add docs team as a code owner of packages.json [\#2605](https://github.com/pomerium/pomerium/pull/2605) (@alexfornuto)
-- Update CODEOWNERS [\#2603](https://github.com/pomerium/pomerium/pull/2603) (@alexfornuto)
-- DOCS: Update Enterprise Reference Docs [\#2599](https://github.com/pomerium/pomerium/pull/2599) (@alexfornuto)
-- Document Enterprise API [\#2595](https://github.com/pomerium/pomerium/pull/2595) (@alexfornuto)
-- docs: rename updated icon image [\#2582](https://github.com/pomerium/pomerium/pull/2582) (@travisgroth)
-- docs: add updated icon asset [\#2580](https://github.com/pomerium/pomerium/pull/2580) (@travisgroth)
-- Document recovery token generation [\#2579](https://github.com/pomerium/pomerium/pull/2579) (@alexfornuto)
-- New Topic Page: Original Request Context [\#2569](https://github.com/pomerium/pomerium/pull/2569) (@alexfornuto)
-- docs: enterprise console v0.15.2 changelog [\#2564](https://github.com/pomerium/pomerium/pull/2564) (@travisgroth)
-- TCP Client Doc [\#2561](https://github.com/pomerium/pomerium/pull/2561) (@alexfornuto)
-- Docs: Fix merged PR [\#2546](https://github.com/pomerium/pomerium/pull/2546) (@alexfornuto)
-- docs: enterprise v0.15.1 changelog [\#2542](https://github.com/pomerium/pomerium/pull/2542) (@travisgroth)
-- Update Ping Identity IdP  [\#2537](https://github.com/pomerium/pomerium/pull/2537) (@alexfornuto)
-- update OneLogin IdP doc [\#2533](https://github.com/pomerium/pomerium/pull/2533) (@alexfornuto)
-- Update GitLab IdP doc [\#2520](https://github.com/pomerium/pomerium/pull/2520) (@alexfornuto)
-- update GitHub IdP doc [\#2503](https://github.com/pomerium/pomerium/pull/2503) (@alexfornuto)
-- Update AWS cognito IdP doc [\#2498](https://github.com/pomerium/pomerium/pull/2498) (@alexfornuto)
-- Update Azure IdP Doc [\#2497](https://github.com/pomerium/pomerium/pull/2497) (@alexfornuto)
-- Auth0 Doc Refresh [\#2494](https://github.com/pomerium/pomerium/pull/2494) (@alexfornuto)
-- Update IdP Overview Page [\#2493](https://github.com/pomerium/pomerium/pull/2493) (@alexfornuto)
-- Update Okta IdP doc [\#2491](https://github.com/pomerium/pomerium/pull/2491) (@alexfornuto)
-- adjust comment blocking [\#2488](https://github.com/pomerium/pomerium/pull/2488) (@alexfornuto)
-- document binding service to 443 [\#2487](https://github.com/pomerium/pomerium/pull/2487) (@alexfornuto)
-- docs: use generic email [\#2484](https://github.com/pomerium/pomerium/pull/2484) (@alexfornuto)
-- Update Docker Quickstart [\#2482](https://github.com/pomerium/pomerium/pull/2482) (@alexfornuto)
-- Wrap mkcert command in quotes [\#2481](https://github.com/pomerium/pomerium/pull/2481) (@alexfornuto)
-- Updates to Enterprise Quickstart instructions [\#2480](https://github.com/pomerium/pomerium/pull/2480) (@alexfornuto)
-- wrap header example values as inline code. [\#2474](https://github.com/pomerium/pomerium/pull/2474) (@alexfornuto)
-- docs: clarify  custom request header limitations [\#2471](https://github.com/pomerium/pomerium/pull/2471) (@desimone)
-- Update Helm Instructions [\#2467](https://github.com/pomerium/pomerium/pull/2467) (@alexfornuto)
-- docs: update enterprise helm instructions to use main repo [\#2463](https://github.com/pomerium/pomerium/pull/2463) (@travisgroth)
-- Document tracing sample rate in console [\#2461](https://github.com/pomerium/pomerium/pull/2461) (@alexfornuto)
-- Document moving routes [\#2460](https://github.com/pomerium/pomerium/pull/2460) (@alexfornuto)
-- Enterprise Upgrade & Changelog Pages [\#2453](https://github.com/pomerium/pomerium/pull/2453) (@alexfornuto)
-- docs: update codeowners [\#2451](https://github.com/pomerium/pomerium/pull/2451) (@travisgroth)
-- Update binary install doc [\#2447](https://github.com/pomerium/pomerium/pull/2447) (@alexfornuto)
-- docs: update branding, concepts [\#2445](https://github.com/pomerium/pomerium/pull/2445) (@desimone)
-- specify expected audience in Console config [\#2442](https://github.com/pomerium/pomerium/pull/2442) (@alexfornuto)
-- docs: update default version to v0.15 [\#2437](https://github.com/pomerium/pomerium/pull/2437) (@travisgroth)
-- docs: update branding [\#2435](https://github.com/pomerium/pomerium/pull/2435) (@desimone)
-
-## Dependency
-
-- dependencies: vendor base58, remove shortuuid [\#2739](https://github.com/pomerium/pomerium/pull/2739) (@calebdoxsey)
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10 [\#2736](https://github.com/pomerium/pomerium/pull/2736) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.33.1 to 0.34.0 [\#2735](https://github.com/pomerium/pomerium/pull/2735) (@dependabot[bot])
-- chore\(deps\): bump github.com/openzipkin/zipkin-go from 0.2.5 to 0.3.0 [\#2734](https://github.com/pomerium/pomerium/pull/2734) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.31.1 to 0.32.1 [\#2706](https://github.com/pomerium/pomerium/pull/2706) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible [\#2705](https://github.com/pomerium/pomerium/pull/2705) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.19.2 to 5.20.0 [\#2704](https://github.com/pomerium/pomerium/pull/2704) (@dependabot[bot])
-- chore\(deps\): bump github.com/envoyproxy/protoc-gen-validate from 0.6.1 to 0.6.2 [\#2703](https://github.com/pomerium/pomerium/pull/2703) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.5 to 0.15.1 [\#2685](https://github.com/pomerium/pomerium/pull/2685) (@dependabot[bot])
-- chore\(deps\): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.1.2 [\#2672](https://github.com/pomerium/pomerium/pull/2672) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.8 to 3.21.9 [\#2671](https://github.com/pomerium/pomerium/pull/2671) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible [\#2670](https://github.com/pomerium/pomerium/pull/2670) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.57.0 to 0.58.0 [\#2660](https://github.com/pomerium/pomerium/pull/2660) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.3 to 8.11.4 [\#2659](https://github.com/pomerium/pomerium/pull/2659) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.32.1 to 0.33.1 [\#2658](https://github.com/pomerium/pomerium/pull/2658) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.31.0 to 0.31.1 [\#2656](https://github.com/pomerium/pomerium/pull/2656) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.32.0 to 0.32.1 [\#2633](https://github.com/pomerium/pomerium/pull/2633) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.40.0 to 1.41.0 [\#2632](https://github.com/pomerium/pomerium/pull/2632) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.30.0 to 0.31.0 [\#2631](https://github.com/pomerium/pomerium/pull/2631) (@dependabot[bot])
-- chore\(deps\): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 [\#2630](https://github.com/pomerium/pomerium/pull/2630) (@dependabot[bot])
-- chore\(deps\): bump github.com/ory/dockertest/v3 from 3.7.0 to 3.8.0 [\#2629](https://github.com/pomerium/pomerium/pull/2629) (@dependabot[bot])
-- chore\(deps\): bump github.com/spf13/viper from 1.8.1 to 1.9.0 [\#2616](https://github.com/pomerium/pomerium/pull/2616) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.56.0 to 0.57.0 [\#2615](https://github.com/pomerium/pomerium/pull/2615) (@dependabot[bot])
-- chore\(deps\): bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 [\#2614](https://github.com/pomerium/pomerium/pull/2614) (@dependabot[bot])
-- bump protoc-validate [\#2606](https://github.com/pomerium/pomerium/pull/2606) (@wasaga)
-- chore\(deps\): bump go.uber.org/zap from 1.19.0 to 1.19.1 [\#2592](https://github.com/pomerium/pomerium/pull/2592) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.24.0 to 1.25.0 [\#2591](https://github.com/pomerium/pomerium/pull/2591) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.7 to 3.21.8 [\#2577](https://github.com/pomerium/pomerium/pull/2577) (@dependabot[bot])
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 [\#2576](https://github.com/pomerium/pomerium/pull/2576) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.4 to 0.14.5 [\#2575](https://github.com/pomerium/pomerium/pull/2575) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.54.0 to 0.56.0 [\#2574](https://github.com/pomerium/pomerium/pull/2574) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0 [\#2573](https://github.com/pomerium/pomerium/pull/2573) (@dependabot[bot])
-- chore\(deps\): bump github.com/fsnotify/fsnotify from 1.5.0 to 1.5.1 [\#2554](https://github.com/pomerium/pomerium/pull/2554) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.3 to 0.14.4 [\#2553](https://github.com/pomerium/pomerium/pull/2553) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.23.0 to 1.24.0 [\#2552](https://github.com/pomerium/pomerium/pull/2552) (@dependabot[bot])
-- chore\(deps\): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible [\#2551](https://github.com/pomerium/pomerium/pull/2551) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.1 to 0.14.3 [\#2550](https://github.com/pomerium/pomerium/pull/2550) (@dependabot[bot])
-- chore\(deps\): bump contrib.go.opencensus.io/exporter/prometheus from 0.3.0 to 0.4.0 [\#2549](https://github.com/pomerium/pomerium/pull/2549) (@dependabot[bot])
-- chore\(deps\): bump github.com/cespare/xxhash/v2 from 2.1.1 to 2.1.2 [\#2548](https://github.com/pomerium/pomerium/pull/2548) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.7.2 to 0.7.3 [\#2512](https://github.com/pomerium/pomerium/pull/2512) (@dependabot[bot])
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 [\#2511](https://github.com/pomerium/pomerium/pull/2511) (@dependabot[bot])
-- chore\(deps\): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.0 [\#2510](https://github.com/pomerium/pomerium/pull/2510) (@dependabot[bot])
-- ci: use go 1.17.x [\#2492](https://github.com/pomerium/pomerium/pull/2492) (@desimone)
-- chore\(deps\): bump google.golang.org/grpc from 1.39.1 to 1.40.0 [\#2478](https://github.com/pomerium/pomerium/pull/2478) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.2 to 8.11.3 [\#2477](https://github.com/pomerium/pomerium/pull/2477) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.52.0 to 0.54.0 [\#2476](https://github.com/pomerium/pomerium/pull/2476) (@dependabot[bot])
-- chore\(deps\): bump go.uber.org/zap from 1.18.1 to 1.19.0 [\#2475](https://github.com/pomerium/pomerium/pull/2475) (@dependabot[bot])
-- ci: support darwn/arm64 aka m1 for cli [\#2473](https://github.com/pomerium/pomerium/pull/2473) (@desimone)
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 [\#2459](https://github.com/pomerium/pomerium/pull/2459) (@backport-actions-token[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.39.0 to 1.39.1 [\#2457](https://github.com/pomerium/pomerium/pull/2457) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.7.1 to 0.7.2 [\#2456](https://github.com/pomerium/pomerium/pull/2456) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 [\#2455](https://github.com/pomerium/pomerium/pull/2455) (@dependabot[bot])
-- Hadolint [\#2363](https://github.com/pomerium/pomerium/pull/2363) (@stephengroat)
-
-## Deployment
-
-- deployment: remove DST\_Root\_CA\_X3 from docker images [\#2677](https://github.com/pomerium/pomerium/pull/2677) (@travisgroth)
-- deployment: update goreleaser syntax [\#2524](https://github.com/pomerium/pomerium/pull/2524) (@travisgroth)
-
-## Changed
-
-- ci: remove hadolint [\#2726](https://github.com/pomerium/pomerium/pull/2726) (@travisgroth)
-- ci: ignore multiple run commands [\#2566](https://github.com/pomerium/pomerium/pull/2566) (@travisgroth)
-- redirect logo to the marketing site [\#2441](https://github.com/pomerium/pomerium/pull/2441) (@alexfornuto)
-
-## [v0.15.5](https://github.com/pomerium/pomerium/tree/v0.15.5) (2021-10-22)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.4...v0.15.5)
-
-## New
-
-- skip configuration updates to the most recent one [\#2692](https://github.com/pomerium/pomerium/pull/2692) (@backport-actions-token[bot])
-
-## Documentation
-
-- Update create TLS command to quote strings. [\#2697](https://github.com/pomerium/pomerium/pull/2697) (@backport-actions-token[bot])
-- DOCS: CORS preflight in console [\#2693](https://github.com/pomerium/pomerium/pull/2693) (@backport-actions-token[bot])
-- Docs: Correct Claim Example [\#2691](https://github.com/pomerium/pomerium/pull/2691) (@backport-actions-token[bot])
-- Fix typo in docs [\#2684](https://github.com/pomerium/pomerium/pull/2684) (@backport-actions-token[bot])
-
-## Deployment
-
-- deployment: remove DST\_Root\_CA\_X3 from docker images [\#2698](https://github.com/pomerium/pomerium/pull/2698) (@travisgroth)
-
-## [v0.15.4](https://github.com/pomerium/pomerium/tree/v0.15.4) (2021-10-14)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.3...v0.15.4)
-
-## New
-
-- protoutil: add NewAny method for deterministic serialization [\#2662](https://github.com/pomerium/pomerium/pull/2662) (@backport-actions-token[bot])
-
-## Fixed
-
-- backport: host rewrite [\#2669](https://github.com/pomerium/pomerium/pull/2669) (@wasaga)
-
-## Documentation
-
-- Fixed 'kubtctl' typo on releases page [\#2680](https://github.com/pomerium/pomerium/pull/2680) (@backport-actions-token[bot])
-- Refresh and Update TCP documentation [\#2679](https://github.com/pomerium/pomerium/pull/2679) (@backport-actions-token[bot])
-- Docs: Ingress Controller [\#2667](https://github.com/pomerium/pomerium/pull/2667) (@alexfornuto)
-- add service account redirects [\#2665](https://github.com/pomerium/pomerium/pull/2665) (@backport-actions-token[bot])
-- DOCS: Standardize Relative Links \(\#2651\) [\#2654](https://github.com/pomerium/pomerium/pull/2654) (@alexfornuto)
-- Docs: cross-reference links between concepts and reference [\#2650](https://github.com/pomerium/pomerium/pull/2650) (@backport-actions-token[bot])
-- DOCS: Collapse IDP Header [\#2649](https://github.com/pomerium/pomerium/pull/2649) (@backport-actions-token[bot])
-- typo [\#2646](https://github.com/pomerium/pomerium/pull/2646) (@backport-actions-token[bot])
-- Docs: Batch Updates [\#2640](https://github.com/pomerium/pomerium/pull/2640) (@backport-actions-token[bot])
-- docs: remove extra word / updated docs link [\#2639](https://github.com/pomerium/pomerium/pull/2639) (@backport-actions-token[bot])
-- TCP Client Doc [\#2626](https://github.com/pomerium/pomerium/pull/2626) (@backport-actions-token[bot])
-- DOC: Copy edits to Okta IdP doc. [\#2625](https://github.com/pomerium/pomerium/pull/2625) (@backport-actions-token[bot])
-- DOCS: Update Enterprise Reference Docs [\#2624](https://github.com/pomerium/pomerium/pull/2624) (@backport-actions-token[bot])
-- Docs/batch link fixes [\#2622](https://github.com/pomerium/pomerium/pull/2622) (@backport-actions-token[bot])
-- Add redirect for installation [\#2620](https://github.com/pomerium/pomerium/pull/2620) (@backport-actions-token[bot])
-- Document Enterprise API [\#2619](https://github.com/pomerium/pomerium/pull/2619) (@backport-actions-token[bot])
-
-## [v0.15.3](https://github.com/pomerium/pomerium/tree/v0.15.3) (2021-09-17)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.2...v0.15.3)
-
-## New
-
-- cli: update tcp log output format [\#2587](https://github.com/pomerium/pomerium/pull/2587) (@travisgroth)
-
-## Fixed
-
-- backport 2593 and 2594 to 0.15 [\#2598](https://github.com/pomerium/pomerium/pull/2598) (@calebdoxsey)
-
-## Documentation
-
-- Add docs team as a code owner of packages.json [\#2607](https://github.com/pomerium/pomerium/pull/2607) (@backport-actions-token[bot])
-- New Topic Page: Original Request Context [\#2602](https://github.com/pomerium/pomerium/pull/2602) (@backport-actions-token[bot])
-- Document recovery token generation [\#2601](https://github.com/pomerium/pomerium/pull/2601) (@backport-actions-token[bot])
-- DOCS: Add copy button to code snippets [\#2600](https://github.com/pomerium/pomerium/pull/2600) (@backport-actions-token[bot])
-- docs: rename updated icon image [\#2583](https://github.com/pomerium/pomerium/pull/2583) (@backport-actions-token[bot])
-- docs: add updated icon asset [\#2581](https://github.com/pomerium/pomerium/pull/2581) (@backport-actions-token[bot])
-
-## Changed
-
-- Update CODEOWNERS [\#2604](https://github.com/pomerium/pomerium/pull/2604) (@backport-actions-token[bot])
-
-## [v0.15.2](https://github.com/pomerium/pomerium/tree/v0.15.2) (2021-09-03)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.8...v0.15.2)
-
-## New
-
-- allow pomerium to start without certs [\#2556](https://github.com/pomerium/pomerium/pull/2556) (@backport-actions-token[bot])
-
-## Fixed
-
-- authorize: use session.user\_id in headers [\#2572](https://github.com/pomerium/pomerium/pull/2572) (@backport-actions-token[bot])
-- ppl: use session.user\_id instead of user.id for user criterion [\#2563](https://github.com/pomerium/pomerium/pull/2563) (@backport-actions-token[bot])
-- authorize: fix google cloudrun header audience [\#2560](https://github.com/pomerium/pomerium/pull/2560) (@backport-actions-token[bot])
-- authorize: fix X-Pomerium-Claim-Groups [\#2540](https://github.com/pomerium/pomerium/pull/2540) (@backport-actions-token[bot])
-
-## Documentation
-
-- docs: enterprise console v0.15.2 changelog [\#2565](https://github.com/pomerium/pomerium/pull/2565) (@backport-actions-token[bot])
-- Docs: Fix merged PR [\#2547](https://github.com/pomerium/pomerium/pull/2547) (@backport-actions-token[bot])
-- Update Ping Identity IdP  [\#2545](https://github.com/pomerium/pomerium/pull/2545) (@backport-actions-token[bot])
-- update OneLogin IdP doc [\#2544](https://github.com/pomerium/pomerium/pull/2544) (@backport-actions-token[bot])
-- docs: enterprise v0.15.1 changelog [\#2543](https://github.com/pomerium/pomerium/pull/2543) (@backport-actions-token[bot])
-- Updates to Enterprise Quickstart instructions [\#2531](https://github.com/pomerium/pomerium/pull/2531) (@backport-actions-token[bot])
-## [v0.15.0](https://github.com/pomerium/pomerium/tree/v0.15.0) (2021-08-05)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.7...v0.15.0)
-
-## Breaking
-
-- config: remove support for ed25519 signing keys [\#2430](https://github.com/pomerium/pomerium/pull/2430) (@calebdoxsey)
-
-## New
-
-- telemetry: add nonce and make explicit ack/nack [\#2434](https://github.com/pomerium/pomerium/pull/2434) (@wasaga)
-- authorize: log additional session details [\#2419](https://github.com/pomerium/pomerium/pull/2419) (@calebdoxsey)
-- telemetry: try guess hostname or external IP addr for metrics [\#2412](https://github.com/pomerium/pomerium/pull/2412) (@wasaga)
-- sessions: add impersonate\_session\_id, remove legacy impersonation [\#2407](https://github.com/pomerium/pomerium/pull/2407) (@calebdoxsey)
-- envoyconfig: improvements [\#2402](https://github.com/pomerium/pomerium/pull/2402) (@calebdoxsey)
-- config: add support for embedded PPL policy [\#2401](https://github.com/pomerium/pomerium/pull/2401) (@calebdoxsey)
-- ppl: remove support for aliases [\#2400](https://github.com/pomerium/pomerium/pull/2400) (@calebdoxsey)
-- directory: add logging http client to help with debugging outbound http requests [\#2385](https://github.com/pomerium/pomerium/pull/2385) (@calebdoxsey)
-- evaluator: use `cryptutil.Hash` for script spans [\#2384](https://github.com/pomerium/pomerium/pull/2384) (@desimone)
-- authorize: add additional tracing for rego evaluation [\#2381](https://github.com/pomerium/pomerium/pull/2381) (@calebdoxsey)
-- k8s: add flush-credentials command [\#2379](https://github.com/pomerium/pomerium/pull/2379) (@calebdoxsey)
-- urlutil: improve error message for urls with port in path [\#2377](https://github.com/pomerium/pomerium/pull/2377) (@calebdoxsey)
-- ci: use revive instead of golint [\#2370](https://github.com/pomerium/pomerium/pull/2370) (@calebdoxsey)
-- authorize: remove service account impersonate user id, email and groups [\#2365](https://github.com/pomerium/pomerium/pull/2365) (@calebdoxsey)
-- envoyconfig: default zipkin path to / when empty [\#2359](https://github.com/pomerium/pomerium/pull/2359) (@calebdoxsey)
-- config: add warning about http URLs [\#2358](https://github.com/pomerium/pomerium/pull/2358) (@calebdoxsey)
-- authorize: log service account and impersonation details [\#2354](https://github.com/pomerium/pomerium/pull/2354) (@calebdoxsey)
-- tools: add tools.go to pin go run apps [\#2344](https://github.com/pomerium/pomerium/pull/2344) (@calebdoxsey)
-- envoyconfig: add bootstrap layered runtime configuration [\#2343](https://github.com/pomerium/pomerium/pull/2343) (@calebdoxsey)
-- registry/redis: call publish from within lua function [\#2337](https://github.com/pomerium/pomerium/pull/2337) (@calebdoxsey)
-
-## Fixed
-
-- config: remove grpc server max connection age options [\#2427](https://github.com/pomerium/pomerium/pull/2427) (@calebdoxsey)
-- authorize: add sid to JWT claims [\#2420](https://github.com/pomerium/pomerium/pull/2420) (@calebdoxsey)
-- disable http/2 for websockets [\#2399](https://github.com/pomerium/pomerium/pull/2399) (@calebdoxsey)
-- ci: update gcloud action [\#2393](https://github.com/pomerium/pomerium/pull/2393) (@travisgroth)
-- google: remove WithHTTPClient [\#2391](https://github.com/pomerium/pomerium/pull/2391) (@calebdoxsey)
-- telemetry: support b3 headers on gRPC server calls [\#2376](https://github.com/pomerium/pomerium/pull/2376) (@calebdoxsey)
-- authorize: allow redirects on deny [\#2361](https://github.com/pomerium/pomerium/pull/2361) (@calebdoxsey)
-- authorize: decode CheckRequest path for redirect [\#2357](https://github.com/pomerium/pomerium/pull/2357) (@calebdoxsey)
-- envoyconfig: only delete cached files, ignore noisy error [\#2356](https://github.com/pomerium/pomerium/pull/2356) (@calebdoxsey)
-- envoy: only check for pid with monitor [\#2355](https://github.com/pomerium/pomerium/pull/2355) (@calebdoxsey)
-- fix: timeout in protobuf [\#2341](https://github.com/pomerium/pomerium/pull/2341) (@wasaga)
-- authorize: support boolean deny results [\#2338](https://github.com/pomerium/pomerium/pull/2338) (@calebdoxsey)
-
-## Security
-
-- envoy: only allow embedding [\#2368](https://github.com/pomerium/pomerium/pull/2368) (@calebdoxsey)
-
-## Documentation
-
-- update v0.15 changelog [\#2436](https://github.com/pomerium/pomerium/pull/2436) (@travisgroth)
-- doc updates [\#2433](https://github.com/pomerium/pomerium/pull/2433) (@calebdoxsey)
-- Update Console installs to match signing\_key [\#2432](https://github.com/pomerium/pomerium/pull/2432) (@alexfornuto)
-- docs/reference: Clarify use of idp\_service\_account [\#2431](https://github.com/pomerium/pomerium/pull/2431) (@the-maldridge)
-- docs: clarify device identity, not state via client certs [\#2428](https://github.com/pomerium/pomerium/pull/2428) (@desimone)
-- v0.15 release notes [\#2409](https://github.com/pomerium/pomerium/pull/2409) (@travisgroth)
-- docs: only secure schemes are supported [\#2408](https://github.com/pomerium/pomerium/pull/2408) (@desimone)
-- Installation Docs Restructuring [\#2406](https://github.com/pomerium/pomerium/pull/2406) (@alexfornuto)
-- symlink security policy to root of project [\#2396](https://github.com/pomerium/pomerium/pull/2396) (@desimone)
-- Enterprise Docs [\#2390](https://github.com/pomerium/pomerium/pull/2390) (@alexfornuto)
-- Docs bug fixes [\#2362](https://github.com/pomerium/pomerium/pull/2362) (@alexfornuto)
-- Docs sorting [\#2346](https://github.com/pomerium/pomerium/pull/2346) (@alexfornuto)
-- Update installation source for mkcert [\#2340](https://github.com/pomerium/pomerium/pull/2340) (@alexfornuto)
-
-## Dependency
-
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.19.1 to 5.19.2 [\#2422](https://github.com/pomerium/pomerium/pull/2422) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-jose/go-jose/v3 from 3.0.0-rc.1 to 3.0.0 [\#2421](https://github.com/pomerium/pomerium/pull/2421) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.29.0 to 0.30.0 [\#2417](https://github.com/pomerium/pomerium/pull/2417) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.30.2 to 0.31.0 [\#2416](https://github.com/pomerium/pomerium/pull/2416) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.51.0 to 0.52.0 [\#2415](https://github.com/pomerium/pomerium/pull/2415) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.6 to 3.21.7 [\#2414](https://github.com/pomerium/pomerium/pull/2414) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.0 to 8.11.1 [\#2413](https://github.com/pomerium/pomerium/pull/2413) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.7.0 to 0.7.1 [\#2395](https://github.com/pomerium/pomerium/pull/2395) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.50.0 to 0.51.0 [\#2394](https://github.com/pomerium/pomerium/pull/2394) (@dependabot[bot])
-- chore\(deps\): bump github.com/google/uuid from 1.2.0 to 1.3.0 [\#2374](https://github.com/pomerium/pomerium/pull/2374) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.30.1 to 0.30.2 [\#2373](https://github.com/pomerium/pomerium/pull/2373) (@dependabot[bot])
-- ci: convert to FOSSA scan [\#2371](https://github.com/pomerium/pomerium/pull/2371) (@travisgroth)
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 [\#2353](https://github.com/pomerium/pomerium/pull/2353) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.0 to 0.14.1 [\#2352](https://github.com/pomerium/pomerium/pull/2352) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/cors from 1.7.0 to 1.8.0 [\#2334](https://github.com/pomerium/pomerium/pull/2334) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.49.0 to 0.50.0 [\#2333](https://github.com/pomerium/pomerium/pull/2333) (@dependabot[bot])
-- chore\(deps\): upgrade kind action to v1.2.0 [\#2331](https://github.com/pomerium/pomerium/pull/2331) (@travisgroth)
-- chore\(deps\): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 [\#2330](https://github.com/pomerium/pomerium/pull/2330) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.10.0 to 8.11.0 [\#2329](https://github.com/pomerium/pomerium/pull/2329) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.6.0 to 0.7.0 [\#2328](https://github.com/pomerium/pomerium/pull/2328) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.5 to 3.21.6 [\#2326](https://github.com/pomerium/pomerium/pull/2326) (@dependabot[bot])
-- chore\(deps\): bump go.uber.org/zap from 1.17.0 to 1.18.1 [\#2325](https://github.com/pomerium/pomerium/pull/2325) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.38.0 to 1.39.0 [\#2324](https://github.com/pomerium/pomerium/pull/2324) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.29.4 to 0.30.1 [\#2323](https://github.com/pomerium/pomerium/pull/2323) (@dependabot[bot])
-
-## Changed
-
-- redis: increase timeout on test [\#2425](https://github.com/pomerium/pomerium/pull/2425) (@calebdoxsey)
-- build: add envoy files to `make clean` [\#2411](https://github.com/pomerium/pomerium/pull/2411) (@travisgroth)
-- envoy: bump to 1.19 [\#2392](https://github.com/pomerium/pomerium/pull/2392) (@travisgroth)
-- ci: use github app for backport credentials [\#2369](https://github.com/pomerium/pomerium/pull/2369) (@travisgroth)
-- databroker: tests [\#2367](https://github.com/pomerium/pomerium/pull/2367) (@calebdoxsey)
-- storage/inmemory: add tests for close behavior [\#2336](https://github.com/pomerium/pomerium/pull/2336) (@calebdoxsey)
-- redis: refactor change signal test to be more deterministic [\#2335](https://github.com/pomerium/pomerium/pull/2335) (@calebdoxsey)
-## [v0.14.8](https://github.com/pomerium/pomerium/tree/v0.14.8) (2021-08-26)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.1...v0.14.8)
-
-## Security
-
-- deps: bump envoy to v0.17.4 [\#2535](https://github.com/pomerium/pomerium/pull/2535) (@travisgroth)
-
-## Documentation
-
-- docs: only secure schemes are supported [\#2410](https://github.com/pomerium/pomerium/pull/2410) (@backport-actions-token[bot])
-- Docs bug fixes [\#2364](https://github.com/pomerium/pomerium/pull/2364) (@github-actions[bot])
-- Docs backporting [\#2351](https://github.com/pomerium/pomerium/pull/2351) (@alexfornuto)
-- docs:  google gcp / workspace instructions [\#2350](https://github.com/pomerium/pomerium/pull/2350) (@github-actions[bot])
-
-## Dependency
-
-- chore\(deps\): upgrade kind action to v1.2.0 \(\#2281\) [\#2366](https://github.com/pomerium/pomerium/pull/2366) (@travisgroth)
-
-## Changed
-
-- ci: update gcloud action [\#2538](https://github.com/pomerium/pomerium/pull/2538) (@backport-actions-token[bot])
-
-## [v0.15.1](https://github.com/pomerium/pomerium/tree/v0.15.1) (2021-08-25)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.15.0...v0.15.1)
-
-## Fixed
-
-- options: remove refresh\_cooldown, add allow\_spdy to proto [\#2448](https://github.com/pomerium/pomerium/pull/2448) (@backport-actions-token[bot])
-
-## Security
-
-- deps: update envoy to 1.19.1 [\#2527](https://github.com/pomerium/pomerium/pull/2527) (@backport-actions-token[bot])
-
-## Documentation
-
-- Update GitLab IdP doc [\#2529](https://github.com/pomerium/pomerium/pull/2529) (@backport-actions-token[bot])
-- Remove api from GitLab defaultScope [\#2528](https://github.com/pomerium/pomerium/pull/2528) (@backport-actions-token[bot])
-- update GitHub IdP doc [\#2508](https://github.com/pomerium/pomerium/pull/2508) (@backport-actions-token[bot])
-- docs: update codeowners [\#2506](https://github.com/pomerium/pomerium/pull/2506) (@backport-actions-token[bot])
-- Update Helm Instructions [\#2505](https://github.com/pomerium/pomerium/pull/2505) (@backport-actions-token[bot])
-- Update Azure IdP Doc [\#2504](https://github.com/pomerium/pomerium/pull/2504) (@backport-actions-token[bot])
-- Update IdP Overview Page [\#2502](https://github.com/pomerium/pomerium/pull/2502) (@backport-actions-token[bot])
-- Update AWS cognito IdP doc [\#2501](https://github.com/pomerium/pomerium/pull/2501) (@backport-actions-token[bot])
-- Auth0 Doc Refresh [\#2500](https://github.com/pomerium/pomerium/pull/2500) (@backport-actions-token[bot])
-- document binding service to 443 [\#2499](https://github.com/pomerium/pomerium/pull/2499) (@backport-actions-token[bot])
-- Update Okta IdP doc [\#2495](https://github.com/pomerium/pomerium/pull/2495) (@backport-actions-token[bot])
-- adjust comment blocking [\#2489](https://github.com/pomerium/pomerium/pull/2489) (@backport-actions-token[bot])
-- Update Docker Quickstart \(\#2482\) [\#2486](https://github.com/pomerium/pomerium/pull/2486) (@alexfornuto)
-- docs: use generic email [\#2485](https://github.com/pomerium/pomerium/pull/2485) (@backport-actions-token[bot])
-- wrap header example values as inline code. [\#2479](https://github.com/pomerium/pomerium/pull/2479) (@backport-actions-token[bot])
-- docs: clarify  custom request header limitations [\#2472](https://github.com/pomerium/pomerium/pull/2472) (@backport-actions-token[bot])
-- Document moving routes [\#2466](https://github.com/pomerium/pomerium/pull/2466) (@backport-actions-token[bot])
-- Document tracing sample rate in console [\#2465](https://github.com/pomerium/pomerium/pull/2465) (@backport-actions-token[bot])
-- docs: update enterprise helm instructions to use main repo [\#2464](https://github.com/pomerium/pomerium/pull/2464) (@backport-actions-token[bot])
-- Enterprise Upgrade & Changelog Pages [\#2458](https://github.com/pomerium/pomerium/pull/2458) (@backport-actions-token[bot])
-- Update binary install doc [\#2452](https://github.com/pomerium/pomerium/pull/2452) (@backport-actions-token[bot])
-- docs: update branding, concepts [\#2449](https://github.com/pomerium/pomerium/pull/2449) (@backport-actions-token[bot])
-- specify expected audience in Console config [\#2444](https://github.com/pomerium/pomerium/pull/2444) (@backport-actions-token[bot])
-- redirect logo to the marketing site [\#2443](https://github.com/pomerium/pomerium/pull/2443) (@backport-actions-token[bot])
-- docs: update branding [\#2440](https://github.com/pomerium/pomerium/pull/2440) (@backport-actions-token[bot])
-- docs: update default version to v0.15 [\#2438](https://github.com/pomerium/pomerium/pull/2438) (@backport-actions-token[bot])
-
-## Dependency
-
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 [\#2459](https://github.com/pomerium/pomerium/pull/2459) (@backport-actions-token[bot])
-
-## Deployment
-
-- deployment: update goreleaser syntax [\#2525](https://github.com/pomerium/pomerium/pull/2525) (@backport-actions-token[bot])
-- ci: support darwn/arm64 aka m1 for cli [\#2521](https://github.com/pomerium/pomerium/pull/2521) (@travisgroth)
-
-## [v0.15.0](https://github.com/pomerium/pomerium/tree/v0.15.0) (2021-08-05)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.7...v0.15.0)
-
-## Breaking
-
-- config: remove support for ed25519 signing keys [\#2430](https://github.com/pomerium/pomerium/pull/2430) (@calebdoxsey)
-
-## New
-
-- telemetry: add nonce and make explicit ack/nack [\#2434](https://github.com/pomerium/pomerium/pull/2434) (@wasaga)
-- authorize: log additional session details [\#2419](https://github.com/pomerium/pomerium/pull/2419) (@calebdoxsey)
-- telemetry: try guess hostname or external IP addr for metrics [\#2412](https://github.com/pomerium/pomerium/pull/2412) (@wasaga)
-- sessions: add impersonate\_session\_id, remove legacy impersonation [\#2407](https://github.com/pomerium/pomerium/pull/2407) (@calebdoxsey)
-- envoyconfig: improvements [\#2402](https://github.com/pomerium/pomerium/pull/2402) (@calebdoxsey)
-- config: add support for embedded PPL policy [\#2401](https://github.com/pomerium/pomerium/pull/2401) (@calebdoxsey)
-- ppl: remove support for aliases [\#2400](https://github.com/pomerium/pomerium/pull/2400) (@calebdoxsey)
-- directory: add logging http client to help with debugging outbound http requests [\#2385](https://github.com/pomerium/pomerium/pull/2385) (@calebdoxsey)
-- evaluator: use `cryptutil.Hash` for script spans [\#2384](https://github.com/pomerium/pomerium/pull/2384) (@desimone)
-- authorize: add additional tracing for rego evaluation [\#2381](https://github.com/pomerium/pomerium/pull/2381) (@calebdoxsey)
-- k8s: add flush-credentials command [\#2379](https://github.com/pomerium/pomerium/pull/2379) (@calebdoxsey)
-- urlutil: improve error message for urls with port in path [\#2377](https://github.com/pomerium/pomerium/pull/2377) (@calebdoxsey)
-- ci: use revive instead of golint [\#2370](https://github.com/pomerium/pomerium/pull/2370) (@calebdoxsey)
-- authorize: remove service account impersonate user id, email and groups [\#2365](https://github.com/pomerium/pomerium/pull/2365) (@calebdoxsey)
-- envoyconfig: default zipkin path to / when empty [\#2359](https://github.com/pomerium/pomerium/pull/2359) (@calebdoxsey)
-- config: add warning about http URLs [\#2358](https://github.com/pomerium/pomerium/pull/2358) (@calebdoxsey)
-- authorize: log service account and impersonation details [\#2354](https://github.com/pomerium/pomerium/pull/2354) (@calebdoxsey)
-- tools: add tools.go to pin go run apps [\#2344](https://github.com/pomerium/pomerium/pull/2344) (@calebdoxsey)
-- envoyconfig: add bootstrap layered runtime configuration [\#2343](https://github.com/pomerium/pomerium/pull/2343) (@calebdoxsey)
-- registry/redis: call publish from within lua function [\#2337](https://github.com/pomerium/pomerium/pull/2337) (@calebdoxsey)
-- proxy: add idle timeout [\#2319](https://github.com/pomerium/pomerium/pull/2319) (@wasaga)
-- cli: use proxy from environment [\#2316](https://github.com/pomerium/pomerium/pull/2316) (@tskinn)
-- authorize: do not send redirects to gRPC  [\#2314](https://github.com/pomerium/pomerium/pull/2314) (@wasaga)
-- certs: reject certs from databroker if they conflict with local [\#2309](https://github.com/pomerium/pomerium/pull/2309) (@wasaga)
-- config: add enable\_google\_cloud\_serverless\_authentication to config protobuf [\#2306](https://github.com/pomerium/pomerium/pull/2306) (@calebdoxsey)
-- envoy: refactor envoy embedding [\#2296](https://github.com/pomerium/pomerium/pull/2296) (@calebdoxsey)
-- envoy: add full version [\#2287](https://github.com/pomerium/pomerium/pull/2287) (@calebdoxsey)
-- authorize: handle grpc-web content types like json [\#2268](https://github.com/pomerium/pomerium/pull/2268) (@calebdoxsey)
-- xds: retry storing configuration events [\#2266](https://github.com/pomerium/pomerium/pull/2266) (@calebdoxsey)
-- envoyconfig: use zipkin tracer [\#2265](https://github.com/pomerium/pomerium/pull/2265) (@calebdoxsey)
-- authorize: preserve original context [\#2247](https://github.com/pomerium/pomerium/pull/2247) (@wasaga)
-- ppl: add data type, implement string and list matchers [\#2228](https://github.com/pomerium/pomerium/pull/2228) (@calebdoxsey)
-- ppl: refactor authorize to evaluate PPL [\#2224](https://github.com/pomerium/pomerium/pull/2224) (@calebdoxsey)
-- ppl: convert config policy to ppl [\#2218](https://github.com/pomerium/pomerium/pull/2218) (@calebdoxsey)
-- Pomerium Policy Language [\#2202](https://github.com/pomerium/pomerium/pull/2202) (@calebdoxsey)
-- telemetry: add hostname tag to metrics [\#2191](https://github.com/pomerium/pomerium/pull/2191) (@wasaga)
-- envoy: disable timeouts for kubernetes [\#2189](https://github.com/pomerium/pomerium/pull/2189) (@calebdoxsey)
-- registry: implement redis backend [\#2179](https://github.com/pomerium/pomerium/pull/2179) (@calebdoxsey)
-- report instance hostname in xds events [\#2175](https://github.com/pomerium/pomerium/pull/2175) (@wasaga)
-- databroker: implement leases [\#2172](https://github.com/pomerium/pomerium/pull/2172) (@calebdoxsey)
-
-## Fixed
-
-- config: remove grpc server max connection age options [\#2427](https://github.com/pomerium/pomerium/pull/2427) (@calebdoxsey)
-- authorize: add sid to JWT claims [\#2420](https://github.com/pomerium/pomerium/pull/2420) (@calebdoxsey)
-- disable http/2 for websockets [\#2399](https://github.com/pomerium/pomerium/pull/2399) (@calebdoxsey)
-- ci: update gcloud action [\#2393](https://github.com/pomerium/pomerium/pull/2393) (@travisgroth)
-- google: remove WithHTTPClient [\#2391](https://github.com/pomerium/pomerium/pull/2391) (@calebdoxsey)
-- telemetry: support b3 headers on gRPC server calls [\#2376](https://github.com/pomerium/pomerium/pull/2376) (@calebdoxsey)
-- authorize: allow redirects on deny [\#2361](https://github.com/pomerium/pomerium/pull/2361) (@calebdoxsey)
-- authorize: decode CheckRequest path for redirect [\#2357](https://github.com/pomerium/pomerium/pull/2357) (@calebdoxsey)
-- envoyconfig: only delete cached files, ignore noisy error [\#2356](https://github.com/pomerium/pomerium/pull/2356) (@calebdoxsey)
-- envoy: only check for pid with monitor [\#2355](https://github.com/pomerium/pomerium/pull/2355) (@calebdoxsey)
-- fix: timeout in protobuf [\#2341](https://github.com/pomerium/pomerium/pull/2341) (@wasaga)
-- authorize: support boolean deny results [\#2338](https://github.com/pomerium/pomerium/pull/2338) (@calebdoxsey)
-- ppl: fix not/nor rules [\#2313](https://github.com/pomerium/pomerium/pull/2313) (@calebdoxsey)
-- directory/azure: add paging support to user group members call [\#2311](https://github.com/pomerium/pomerium/pull/2311) (@calebdoxsey)
-- ocsp: reload on response changes [\#2286](https://github.com/pomerium/pomerium/pull/2286) (@wasaga)
-- envoy: fix usage of codec\_type with alpn [\#2277](https://github.com/pomerium/pomerium/pull/2277) (@calebdoxsey)
-- databroker: only tag contexts used for UpdateRecords [\#2269](https://github.com/pomerium/pomerium/pull/2269) (@wasaga)
-- redis: enforce capacity via ZREVRANGE to avoid race [\#2267](https://github.com/pomerium/pomerium/pull/2267) (@calebdoxsey)
-- authorize: only redirect for HTML pages [\#2264](https://github.com/pomerium/pomerium/pull/2264) (@calebdoxsey)
-- tracing: support dynamic reloading, more aggressive envoy restart [\#2262](https://github.com/pomerium/pomerium/pull/2262) (@calebdoxsey)
-- envoy: always set jwt claim headers even if no value is available [\#2261](https://github.com/pomerium/pomerium/pull/2261) (@calebdoxsey)
-- envoy: disable hot-reload for macos [\#2259](https://github.com/pomerium/pomerium/pull/2259) (@calebdoxsey)
-- authorize: round timestamp [\#2258](https://github.com/pomerium/pomerium/pull/2258) (@wasaga)
-- options: s/shared-key/shared secret [\#2257](https://github.com/pomerium/pomerium/pull/2257) (@desimone)
-- config: warn about unrecognized keys  [\#2256](https://github.com/pomerium/pomerium/pull/2256) (@wasaga)
-- darwin: use gopsutil v3 to fix arm issue [\#2245](https://github.com/pomerium/pomerium/pull/2245) (@calebdoxsey)
-- policy: fix allowed idp claims PPL generation [\#2243](https://github.com/pomerium/pomerium/pull/2243) (@calebdoxsey)
-- envoy: exit if envoy exits [\#2240](https://github.com/pomerium/pomerium/pull/2240) (@calebdoxsey)
-- envoyconfig: fallback to global custom ca when no policy ca is defined [\#2235](https://github.com/pomerium/pomerium/pull/2235) (@calebdoxsey)
-- envoy: add global response headers to local replies [\#2217](https://github.com/pomerium/pomerium/pull/2217) (@calebdoxsey)
-- forward auth: don't strip query parameters [\#2216](https://github.com/pomerium/pomerium/pull/2216) (@wasaga)
-- PPL: bubble up values, bug fixes [\#2213](https://github.com/pomerium/pomerium/pull/2213) (@calebdoxsey)
-- Revert "authenticate,proxy: add same site lax to cookies" [\#2203](https://github.com/pomerium/pomerium/pull/2203) (@desimone)
-- authorize: grpc health check [\#2200](https://github.com/pomerium/pomerium/pull/2200) (@wasaga)
-- proxy / controplane: use old upstream cipher suite [\#2196](https://github.com/pomerium/pomerium/pull/2196) (@desimone)
-- deployment: fix empty version on master builds [\#2193](https://github.com/pomerium/pomerium/pull/2193) (@travisgroth)
-
-## Security
-
-- envoy: only allow embedding [\#2368](https://github.com/pomerium/pomerium/pull/2368) (@calebdoxsey)
-- deps: bump envoy to v1.17.3 [\#2198](https://github.com/pomerium/pomerium/pull/2198) (@travisgroth)
-
-## Documentation
-
-- doc updates [\#2433](https://github.com/pomerium/pomerium/pull/2433) (@calebdoxsey)
-- Update Console installs to match signing\_key [\#2432](https://github.com/pomerium/pomerium/pull/2432) (@alexfornuto)
-- docs/reference: Clarify use of idp\_service\_account [\#2431](https://github.com/pomerium/pomerium/pull/2431) (@the-maldridge)
-- docs: clarify device identity, not state via client certs [\#2428](https://github.com/pomerium/pomerium/pull/2428) (@desimone)
-- v0.15 release notes [\#2409](https://github.com/pomerium/pomerium/pull/2409) (@travisgroth)
-- docs: only secure schemes are supported [\#2408](https://github.com/pomerium/pomerium/pull/2408) (@desimone)
-- Installation Docs Restructuring [\#2406](https://github.com/pomerium/pomerium/pull/2406) (@alexfornuto)
-- symlink security policy to root of project [\#2396](https://github.com/pomerium/pomerium/pull/2396) (@desimone)
-- Enterprise Docs [\#2390](https://github.com/pomerium/pomerium/pull/2390) (@alexfornuto)
-- Helm Quickstart Update [\#2380](https://github.com/pomerium/pomerium/pull/2380) (@alexfornuto)
-- Docs bug fixes [\#2362](https://github.com/pomerium/pomerium/pull/2362) (@alexfornuto)
-- Docs sorting [\#2346](https://github.com/pomerium/pomerium/pull/2346) (@alexfornuto)
-- Update installation source for mkcert [\#2340](https://github.com/pomerium/pomerium/pull/2340) (@alexfornuto)
-- Update kubernetes-dashboard.md [\#2285](https://github.com/pomerium/pomerium/pull/2285) (@WeeHong)
-- Transmission BitTorrent Client Guide [\#2281](https://github.com/pomerium/pomerium/pull/2281) (@alexfornuto)
-- docs:  google gcp / workspace instructions [\#2272](https://github.com/pomerium/pomerium/pull/2272) (@desimone)
-- docs: update helm values for chart v20.0.0 [\#2242](https://github.com/pomerium/pomerium/pull/2242) (@travisgroth)
-- docs: update \_redirects [\#2237](https://github.com/pomerium/pomerium/pull/2237) (@desimone)
-- add support for latest version of code-server [\#2229](https://github.com/pomerium/pomerium/pull/2229) (@bpmct)
-- fix\(docs\): use correct name for code-server [\#2223](https://github.com/pomerium/pomerium/pull/2223) (@jsjoeio)
-- docs: rm broken link [\#2215](https://github.com/pomerium/pomerium/pull/2215) (@alexfornuto)
-- docs: Match Tenses [\#2214](https://github.com/pomerium/pomerium/pull/2214) (@alexfornuto)
-- Update programmatic-access.md [\#2190](https://github.com/pomerium/pomerium/pull/2190) (@yyolk)
-- docs: add v0.14 feature highlights [\#2184](https://github.com/pomerium/pomerium/pull/2184) (@github-actions[bot])
-- docs: add v0.14 feature highlights [\#2183](https://github.com/pomerium/pomerium/pull/2183) (@travisgroth)
-- docs: update slack link to vanity url [\#2177](https://github.com/pomerium/pomerium/pull/2177) (@travisgroth)
-
-## Dependency
-
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.19.1 to 5.19.2 [\#2422](https://github.com/pomerium/pomerium/pull/2422) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-jose/go-jose/v3 from 3.0.0-rc.1 to 3.0.0 [\#2421](https://github.com/pomerium/pomerium/pull/2421) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.29.0 to 0.30.0 [\#2417](https://github.com/pomerium/pomerium/pull/2417) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.30.2 to 0.31.0 [\#2416](https://github.com/pomerium/pomerium/pull/2416) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.51.0 to 0.52.0 [\#2415](https://github.com/pomerium/pomerium/pull/2415) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.6 to 3.21.7 [\#2414](https://github.com/pomerium/pomerium/pull/2414) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.11.0 to 8.11.1 [\#2413](https://github.com/pomerium/pomerium/pull/2413) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.7.0 to 0.7.1 [\#2395](https://github.com/pomerium/pomerium/pull/2395) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.50.0 to 0.51.0 [\#2394](https://github.com/pomerium/pomerium/pull/2394) (@dependabot[bot])
-- chore\(deps\): bump github.com/google/uuid from 1.2.0 to 1.3.0 [\#2374](https://github.com/pomerium/pomerium/pull/2374) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.30.1 to 0.30.2 [\#2373](https://github.com/pomerium/pomerium/pull/2373) (@dependabot[bot])
-- ci: convert to FOSSA scan [\#2371](https://github.com/pomerium/pomerium/pull/2371) (@travisgroth)
-- chore\(deps\): bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 [\#2353](https://github.com/pomerium/pomerium/pull/2353) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.14.0 to 0.14.1 [\#2352](https://github.com/pomerium/pomerium/pull/2352) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/cors from 1.7.0 to 1.8.0 [\#2334](https://github.com/pomerium/pomerium/pull/2334) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.49.0 to 0.50.0 [\#2333](https://github.com/pomerium/pomerium/pull/2333) (@dependabot[bot])
-- chore\(deps\): upgrade kind action to v1.2.0 [\#2331](https://github.com/pomerium/pomerium/pull/2331) (@travisgroth)
-- chore\(deps\): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 [\#2330](https://github.com/pomerium/pomerium/pull/2330) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.10.0 to 8.11.0 [\#2329](https://github.com/pomerium/pomerium/pull/2329) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/procfs from 0.6.0 to 0.7.0 [\#2328](https://github.com/pomerium/pomerium/pull/2328) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.5 to 3.21.6 [\#2326](https://github.com/pomerium/pomerium/pull/2326) (@dependabot[bot])
-- chore\(deps\): bump go.uber.org/zap from 1.17.0 to 1.18.1 [\#2325](https://github.com/pomerium/pomerium/pull/2325) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.38.0 to 1.39.0 [\#2324](https://github.com/pomerium/pomerium/pull/2324) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.29.4 to 0.30.1 [\#2323](https://github.com/pomerium/pomerium/pull/2323) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/protobuf from 1.26.0 to 1.27.0 [\#2318](https://github.com/pomerium/pomerium/pull/2318) (@dependabot[bot])
-- chore\(deps\): bump github.com/spf13/viper from 1.8.0 to 1.8.1 [\#2317](https://github.com/pomerium/pomerium/pull/2317) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.48.0 to 0.49.0 [\#2315](https://github.com/pomerium/pomerium/pull/2315) (@dependabot[bot])
-- chore\(deps\): bump github.com/spf13/viper from 1.7.1 to 1.8.0 [\#2305](https://github.com/pomerium/pomerium/pull/2305) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.18.0 to 5.19.1 [\#2304](https://github.com/pomerium/pomerium/pull/2304) (@dependabot[bot])
-- chore\(deps\): bump github.com/ory/dockertest/v3 from 3.6.5 to 3.7.0 [\#2303](https://github.com/pomerium/pomerium/pull/2303) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.47.0 to 0.48.0 [\#2295](https://github.com/pomerium/pomerium/pull/2295) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/client\_golang from 1.10.0 to 1.11.0 [\#2294](https://github.com/pomerium/pomerium/pull/2294) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.22.0 to 1.23.0 [\#2293](https://github.com/pomerium/pomerium/pull/2293) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.17.0 to 5.18.0 [\#2292](https://github.com/pomerium/pomerium/pull/2292) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.13.1 to 0.14.0 [\#2291](https://github.com/pomerium/pomerium/pull/2291) (@dependabot[bot])
-- chore\(deps\): bump github.com/golang/mock from 1.5.0 to 1.6.0 [\#2290](https://github.com/pomerium/pomerium/pull/2290) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.25.0 to 0.29.0 [\#2289](https://github.com/pomerium/pomerium/pull/2289) (@dependabot[bot])
-- deps: upgrade to go-jose v3 [\#2284](https://github.com/pomerium/pomerium/pull/2284) (@calebdoxsey)
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.9.0 to 8.10.0 [\#2276](https://github.com/pomerium/pomerium/pull/2276) (@dependabot[bot])
-- chore\(deps\): bump github.com/shirou/gopsutil/v3 from 3.21.4 to 3.21.5 [\#2274](https://github.com/pomerium/pomerium/pull/2274) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 [\#2273](https://github.com/pomerium/pomerium/pull/2273) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.28.0 to 0.29.4 [\#2255](https://github.com/pomerium/pomerium/pull/2255) (@dependabot[bot])
-- chore\(deps\): bump go.uber.org/zap from 1.16.0 to 1.17.0 [\#2254](https://github.com/pomerium/pomerium/pull/2254) (@dependabot[bot])
-- chore\(deps\): bump github.com/google/go-cmp from 0.5.5 to 0.5.6 [\#2253](https://github.com/pomerium/pomerium/pull/2253) (@dependabot[bot])
-- chore\(deps\): bump github.com/cenkalti/backoff/v4 from 4.1.0 to 4.1.1 [\#2252](https://github.com/pomerium/pomerium/pull/2252) (@dependabot[bot])
-- chore\(deps\): bump github.com/mitchellh/hashstructure/v2 from 2.0.1 to 2.0.2 [\#2251](https://github.com/pomerium/pomerium/pull/2251) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.8.3 to 8.9.0 [\#2249](https://github.com/pomerium/pomerium/pull/2249) (@dependabot[bot])
-- darwin: use x86 envoy build for arm64 [\#2246](https://github.com/pomerium/pomerium/pull/2246) (@calebdoxsey)
-- chore\(deps\): bump github.com/prometheus/common from 0.24.0 to 0.25.0 [\#2234](https://github.com/pomerium/pomerium/pull/2234) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.46.0 to 0.47.0 [\#2233](https://github.com/pomerium/pomerium/pull/2233) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.8.2 to 8.8.3 [\#2232](https://github.com/pomerium/pomerium/pull/2232) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.37.1 to 1.38.0 [\#2231](https://github.com/pomerium/pomerium/pull/2231) (@dependabot[bot])
-- dependency: update /x/net [\#2227](https://github.com/pomerium/pomerium/pull/2227) (@desimone)
-- chore\(deps\): bump github.com/lithammer/shortuuid/v3 from 3.0.6 to 3.0.7 [\#2211](https://github.com/pomerium/pomerium/pull/2211) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.23.0 to 0.24.0 [\#2210](https://github.com/pomerium/pomerium/pull/2210) (@dependabot[bot])
-- chore\(deps\): bump github.com/rs/zerolog from 1.21.0 to 1.22.0 [\#2209](https://github.com/pomerium/pomerium/pull/2209) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.16.0 to 5.17.0 [\#2208](https://github.com/pomerium/pomerium/pull/2208) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.37.0 to 1.37.1 [\#2207](https://github.com/pomerium/pomerium/pull/2207) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.13.0 to 0.13.1 [\#2188](https://github.com/pomerium/pomerium/pull/2188) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.15.0 to 5.16.0 [\#2187](https://github.com/pomerium/pomerium/pull/2187) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.45.0 to 0.46.0 [\#2186](https://github.com/pomerium/pomerium/pull/2186) (@dependabot[bot])
-
-## Changed
-
-- redis: increase timeout on test [\#2425](https://github.com/pomerium/pomerium/pull/2425) (@calebdoxsey)
-- build: add envoy files to `make clean` [\#2411](https://github.com/pomerium/pomerium/pull/2411) (@travisgroth)
-- envoy: bump to 1.19 [\#2392](https://github.com/pomerium/pomerium/pull/2392) (@travisgroth)
-- ci: use github app for backport credentials [\#2369](https://github.com/pomerium/pomerium/pull/2369) (@travisgroth)
-- databroker: tests [\#2367](https://github.com/pomerium/pomerium/pull/2367) (@calebdoxsey)
-- storage/inmemory: add tests for close behavior [\#2336](https://github.com/pomerium/pomerium/pull/2336) (@calebdoxsey)
-- redis: refactor change signal test to be more deterministic [\#2335](https://github.com/pomerium/pomerium/pull/2335) (@calebdoxsey)
-- internal/envoy: add debugging information if envoy is no longer running [\#2320](https://github.com/pomerium/pomerium/pull/2320) (@travisgroth)
-- ci: add coveralls [\#2279](https://github.com/pomerium/pomerium/pull/2279) (@travisgroth)
-
-## [v0.14.7](https://github.com/pomerium/pomerium/tree/v0.14.7) (2021-06-24)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.6...v0.14.7)
-
-## Fixed
-
-- directory/azure: add paging support to user group members call [\#2312](https://github.com/pomerium/pomerium/pull/2312) (@github-actions[bot])
-
-## [v0.14.6](https://github.com/pomerium/pomerium/tree/v0.14.6) (2021-06-16)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.5...v0.14.6)
-
-## Fixed
-
-- authorize: only redirect for HTML pages \(\#2264\) [\#2298](https://github.com/pomerium/pomerium/pull/2298) (@calebdoxsey)
-
-## [v0.14.5](https://github.com/pomerium/pomerium/tree/v0.14.5) (2021-06-07)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.4...v0.14.5)
-
-## Fixed
-
-- envoy: fix usage of codec\_type with alpn [\#2278](https://github.com/pomerium/pomerium/pull/2278) (@github-actions[bot])
-- authorize: round JWT claim timestamps [\#2260](https://github.com/pomerium/pomerium/pull/2260) (@wasaga)
-
-## Documentation
-
-- docs: update helm values for chart v20.0.0 [\#2244](https://github.com/pomerium/pomerium/pull/2244) (@github-actions[bot])
-- docs: update \_redirects [\#2238](https://github.com/pomerium/pomerium/pull/2238) (@github-actions[bot])
-
-## [v0.14.4](https://github.com/pomerium/pomerium/tree/v0.14.4) (2021-05-24)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.3...v0.14.4)
-
-## Fixed
-
-- authorize: add rego functions to custom evaluator [\#2236](https://github.com/pomerium/pomerium/pull/2236) (@calebdoxsey)
-
-## [v0.14.3](https://github.com/pomerium/pomerium/tree/v0.14.3) (2021-05-21)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.2...v0.14.3)
-
-## Fixed
-
-- authorize: fix custom rego panic [\#2226](https://github.com/pomerium/pomerium/pull/2226) (@calebdoxsey)
-
-## Changed
-
-- envoy: add global response headers to local replies [\#2225](https://github.com/pomerium/pomerium/pull/2225) (@github-actions[bot])
-
-## [v0.14.2](https://github.com/pomerium/pomerium/tree/v0.14.2) (2021-05-17)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.1...v0.14.2)
-
-## Fixed
-
-- Revert "authenticate,proxy: add same site lax to cookies" [\#2204](https://github.com/pomerium/pomerium/pull/2204) (@github-actions[bot])
-
-## Documentation
-
-- Update programmatic-access.md [\#2205](https://github.com/pomerium/pomerium/pull/2205) (@github-actions[bot])
-
-## [v0.14.1](https://github.com/pomerium/pomerium/tree/v0.14.1) (2021-05-13)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.0...v0.14.1)
-
-## Fixed
-
-- proxy / controplane: use old upstream cipher suite [\#2197](https://github.com/pomerium/pomerium/pull/2197) (@github-actions[bot])
-
-## Security
-
-- deps: bump envoy to v1.17.3 [\#2199](https://github.com/pomerium/pomerium/pull/2199) (@github-actions[bot])
-
-## Documentation
-
-- docs: update slack link to vanity url [\#2178](https://github.com/pomerium/pomerium/pull/2178) (@github-actions[bot])
-
-## [v0.14.0](https://github.com/pomerium/pomerium/tree/v0.14.0) (2021-05-04)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.0-rc2...v0.14.0)
-
-## New
-
-- databroker: store issued at timestamp with session [\#2173](https://github.com/pomerium/pomerium/pull/2173) (@calebdoxsey)
-- config: add support for set\_response\_headers in a policy [\#2171](https://github.com/pomerium/pomerium/pull/2171) (@calebdoxsey)
-- authenticate,proxy: add same site lax to cookies [\#2159](https://github.com/pomerium/pomerium/pull/2159) (@calebdoxsey)
-- xds extended event [\#2158](https://github.com/pomerium/pomerium/pull/2158) (@wasaga)
-- config: add client\_crl [\#2157](https://github.com/pomerium/pomerium/pull/2157) (@calebdoxsey)
-- config: add support for codec\_type [\#2156](https://github.com/pomerium/pomerium/pull/2156) (@calebdoxsey)
-- controlplane: save configuration events to databroker [\#2153](https://github.com/pomerium/pomerium/pull/2153) (@calebdoxsey)
-- control plane: add request id to all error pages [\#2149](https://github.com/pomerium/pomerium/pull/2149) (@desimone)
-- let pass custom dial opts [\#2144](https://github.com/pomerium/pomerium/pull/2144) (@wasaga)
-- envoy: re-implement recommended defaults [\#2123](https://github.com/pomerium/pomerium/pull/2123) (@calebdoxsey)
-- Drop tun.cfg.dstHost from jwtCacheKey [\#2115](https://github.com/pomerium/pomerium/pull/2115) (@bl0m1)
-- config: remove validate side effects [\#2109](https://github.com/pomerium/pomerium/pull/2109) (@calebdoxsey)
-- log context [\#2107](https://github.com/pomerium/pomerium/pull/2107) (@wasaga)
-- databroker: add options for maximum capacity [\#2095](https://github.com/pomerium/pomerium/pull/2095) (@calebdoxsey)
-- envoyconfig: move most bootstrap config to shared package [\#2088](https://github.com/pomerium/pomerium/pull/2088) (@calebdoxsey)
-- envoy: refactor controlplane xds to new envoyconfig package [\#2086](https://github.com/pomerium/pomerium/pull/2086) (@calebdoxsey)
-- config: rename headers to set\_response\_headers [\#2081](https://github.com/pomerium/pomerium/pull/2081) (@calebdoxsey)
-- crypto: use actual bytes of shared secret, not the base64 encoded representation [\#2075](https://github.com/pomerium/pomerium/pull/2075) (@calebdoxsey)
-- cryptutil: use bytes for hmac [\#2067](https://github.com/pomerium/pomerium/pull/2067) (@calebdoxsey)
-- cryptutil: always use kek public id, add x509 support [\#2066](https://github.com/pomerium/pomerium/pull/2066) (@calebdoxsey)
-- authorize: additional tracing, add benchmark for encryptor [\#2059](https://github.com/pomerium/pomerium/pull/2059) (@calebdoxsey)
-- authorize: audit logging [\#2050](https://github.com/pomerium/pomerium/pull/2050) (@calebdoxsey)
-- support host:port in metrics\_address [\#2042](https://github.com/pomerium/pomerium/pull/2042) (@wasaga)
-- databroker: return server version in Get [\#2039](https://github.com/pomerium/pomerium/pull/2039) (@wasaga)
-- authorize: add databroker server and record version to result, force sync via polling [\#2024](https://github.com/pomerium/pomerium/pull/2024) (@calebdoxsey)
-- protoutil: add generic transformer [\#2023](https://github.com/pomerium/pomerium/pull/2023) (@calebdoxsey)
-- cryptutil: add envelope encryption w/key encryption key and data encryption key [\#2020](https://github.com/pomerium/pomerium/pull/2020) (@calebdoxsey)
-- autocert: add metrics for renewal count, total and next expiration [\#2019](https://github.com/pomerium/pomerium/pull/2019) (@calebdoxsey)
-- telemetry: add installation id [\#2017](https://github.com/pomerium/pomerium/pull/2017) (@calebdoxsey)
-- config: use getters for certificates [\#2001](https://github.com/pomerium/pomerium/pull/2001) (@calebdoxsey)
-- config: use getters for authenticate, signout and forward auth urls [\#2000](https://github.com/pomerium/pomerium/pull/2000) (@calebdoxsey)
-- xds: use ALPN Auto config for upstream protocol when possible [\#1995](https://github.com/pomerium/pomerium/pull/1995) (@calebdoxsey)
-- envoy: upgrade to v1.17.1 [\#1993](https://github.com/pomerium/pomerium/pull/1993) (@calebdoxsey)
-- redis: add redis cluster support [\#1992](https://github.com/pomerium/pomerium/pull/1992) (@calebdoxsey)
-- redis: add support for redis-sentinel [\#1991](https://github.com/pomerium/pomerium/pull/1991) (@calebdoxsey)
-- authorize: set JWT to expire after 5 minutes [\#1980](https://github.com/pomerium/pomerium/pull/1980) (@calebdoxsey)
-- identity: infer email from mail claim [\#1977](https://github.com/pomerium/pomerium/pull/1977) (@calebdoxsey)
-- ping: identity and directory providers [\#1975](https://github.com/pomerium/pomerium/pull/1975) (@calebdoxsey)
-- config: add rewrite\_response\_headers to protobuf [\#1962](https://github.com/pomerium/pomerium/pull/1962) (@calebdoxsey)
-- config: add rewrite\_response\_headers option [\#1961](https://github.com/pomerium/pomerium/pull/1961) (@calebdoxsey)
-- assets: use embed instead of statik [\#1960](https://github.com/pomerium/pomerium/pull/1960) (@calebdoxsey)
-- config: log config source changes [\#1959](https://github.com/pomerium/pomerium/pull/1959) (@calebdoxsey)
-- config: multiple endpoints for authorize and databroker [\#1957](https://github.com/pomerium/pomerium/pull/1957) (@calebdoxsey)
-- telemetry: add process collector for envoy [\#1948](https://github.com/pomerium/pomerium/pull/1948) (@calebdoxsey)
-- use build\_info as liveness gauge metric [\#1940](https://github.com/pomerium/pomerium/pull/1940) (@wasaga)
-- metrics: add TLS options [\#1939](https://github.com/pomerium/pomerium/pull/1939) (@calebdoxsey)
-- identity: record metric for last refresh [\#1936](https://github.com/pomerium/pomerium/pull/1936) (@calebdoxsey)
-- middleware: basic auth equalize lengths of input [\#1934](https://github.com/pomerium/pomerium/pull/1934) (@desimone)
-- autocert: remove non-determinism [\#1932](https://github.com/pomerium/pomerium/pull/1932) (@calebdoxsey)
-- config: add metrics\_basic\_auth option [\#1917](https://github.com/pomerium/pomerium/pull/1917) (@calebdoxsey)
-- envoy: validate binary checksum [\#1908](https://github.com/pomerium/pomerium/pull/1908) (@calebdoxsey)
-- config: support map of jwt claim headers [\#1906](https://github.com/pomerium/pomerium/pull/1906) (@calebdoxsey)
-- Remove internal/protoutil. [\#1893](https://github.com/pomerium/pomerium/pull/1893) (@yegle)
-- databroker: refactor databroker to sync all changes [\#1879](https://github.com/pomerium/pomerium/pull/1879) (@calebdoxsey)
-- config: add CertificateFiles to FileWatcherSource list [\#1878](https://github.com/pomerium/pomerium/pull/1878) (@travisgroth)
-- config: allow customization of envoy boostrap admin options [\#1872](https://github.com/pomerium/pomerium/pull/1872) (@calebdoxsey)
-- proxy: implement pass-through for authenticate backend [\#1870](https://github.com/pomerium/pomerium/pull/1870) (@calebdoxsey)
-- authorize: move headers and jwt signing to rego [\#1856](https://github.com/pomerium/pomerium/pull/1856) (@calebdoxsey)
-
-## Fixed
-
-- deployment: update alpine debug image dependencies [\#2154](https://github.com/pomerium/pomerium/pull/2154) (@travisgroth)
-- authorize: refactor store locking [\#2151](https://github.com/pomerium/pomerium/pull/2151) (@calebdoxsey)
-- databroker: store server version in backend [\#2142](https://github.com/pomerium/pomerium/pull/2142) (@calebdoxsey)
-- authorize: audit log had duplicate "message" key [\#2141](https://github.com/pomerium/pomerium/pull/2141) (@desimone)
-- httputil: fix SPDY support with reverse proxy [\#2134](https://github.com/pomerium/pomerium/pull/2134) (@calebdoxsey)
-- envoyconfig: fix metrics ingress listener name [\#2124](https://github.com/pomerium/pomerium/pull/2124) (@calebdoxsey)
-- authorize: fix empty sub policy arrays [\#2119](https://github.com/pomerium/pomerium/pull/2119) (@calebdoxsey)
-- authorize: fix unsigned URL [\#2118](https://github.com/pomerium/pomerium/pull/2118) (@calebdoxsey)
-- authorize: support arbitrary jwt claims [\#2102](https://github.com/pomerium/pomerium/pull/2102) (@calebdoxsey)
-- authorize: support arbitrary jwt claims [\#2106](https://github.com/pomerium/pomerium/pull/2106) (@github-actions[bot])
-- xdsmgr: update resource versions on NACK [\#2093](https://github.com/pomerium/pomerium/pull/2093) (@calebdoxsey)
-- config: don't change address value on databroker or authorize [\#2092](https://github.com/pomerium/pomerium/pull/2092) (@travisgroth)
-- metrics\_address should be optional parameter [\#2087](https://github.com/pomerium/pomerium/pull/2087) (@wasaga)
-- propagate changes back from encrypted backend [\#2079](https://github.com/pomerium/pomerium/pull/2079) (@wasaga)
-- config: use tls\_custom\_ca from policy when available [\#2077](https://github.com/pomerium/pomerium/pull/2077) (@calebdoxsey)
-- databroker: remove unused installation id, close streams when backend is closed [\#2062](https://github.com/pomerium/pomerium/pull/2062) (@calebdoxsey)
-- authenticate: fix default sign out url [\#2061](https://github.com/pomerium/pomerium/pull/2061) (@calebdoxsey)
-- change require\_proxy\_protocol to use\_proxy\_protocol [\#2043](https://github.com/pomerium/pomerium/pull/2043) (@contrun)
-- authorize: bypass data in rego for databroker data [\#2041](https://github.com/pomerium/pomerium/pull/2041) (@calebdoxsey)
-- proxy: add nil check for fix-misdirected [\#2040](https://github.com/pomerium/pomerium/pull/2040) (@calebdoxsey)
-- config: add headers to config proto [\#1996](https://github.com/pomerium/pomerium/pull/1996) (@calebdoxsey)
-- Fix process cpu usage metric [\#1979](https://github.com/pomerium/pomerium/pull/1979) (@wasaga)
-- cmd/pomerium: exit 0 for normal shutdown [\#1958](https://github.com/pomerium/pomerium/pull/1958) (@travisgroth)
-- proxy: redirect to dashboard for logout [\#1944](https://github.com/pomerium/pomerium/pull/1944) (@calebdoxsey)
-- config: fix redirect routes from protobuf [\#1930](https://github.com/pomerium/pomerium/pull/1930) (@travisgroth)
-- google: fix default provider URL [\#1928](https://github.com/pomerium/pomerium/pull/1928) (@calebdoxsey)
-- fix registry test [\#1911](https://github.com/pomerium/pomerium/pull/1911) (@wasaga)
-- ci: pin goreleaser version [\#1900](https://github.com/pomerium/pomerium/pull/1900) (@travisgroth)
-- onelogin: fix default scopes for v2 [\#1896](https://github.com/pomerium/pomerium/pull/1896) (@calebdoxsey)
-- xds: fix misdirected script [\#1895](https://github.com/pomerium/pomerium/pull/1895) (@calebdoxsey)
-- authenticate: validate origin of signout [\#1876](https://github.com/pomerium/pomerium/pull/1876) (@desimone)
-- redis: fix deletion versioning [\#1871](https://github.com/pomerium/pomerium/pull/1871) (@calebdoxsey)
-- options: header only applies to routes and authN [\#1862](https://github.com/pomerium/pomerium/pull/1862) (@desimone)
-- controlplane: add global headers to virtualhost [\#1861](https://github.com/pomerium/pomerium/pull/1861) (@desimone)
-- unique envoy cluster ids [\#1858](https://github.com/pomerium/pomerium/pull/1858) (@wasaga)
-
-## Security
-
-- ci: remove codecov [\#2161](https://github.com/pomerium/pomerium/pull/2161) (@travisgroth)
-- internal/envoy: always extract envoy [\#2160](https://github.com/pomerium/pomerium/pull/2160) (@travisgroth)
-- deps: bump envoy to 1.17.2 [\#2113](https://github.com/pomerium/pomerium/pull/2113) (@travisgroth)
-- deps: bump envoy to 1.17.2 [\#2114](https://github.com/pomerium/pomerium/pull/2114) (@github-actions[bot])
-- proxy: restrict programmatic URLs to localhost [\#2049](https://github.com/pomerium/pomerium/pull/2049) (@travisgroth)
-- authenticate: validate signature on /.pomerium, /.pomerium/sign\_in and /.pomerium/sign\_out [\#2048](https://github.com/pomerium/pomerium/pull/2048) (@travisgroth)
-
-## Documentation
-
-- docs: add inline instructions to generate signing-key [\#2164](https://github.com/pomerium/pomerium/pull/2164) (@desimone)
-- docs: add info note to set\_response\_headers [\#2162](https://github.com/pomerium/pomerium/pull/2162) (@calebdoxsey)
-- docs: mention alternative bearer token header format [\#2155](https://github.com/pomerium/pomerium/pull/2155) (@travisgroth)
-- docs: upgrade notes on `allowed\_users` by ID [\#2133](https://github.com/pomerium/pomerium/pull/2133) (@travisgroth)
-- docs: add threat model to security page [\#2097](https://github.com/pomerium/pomerium/pull/2097) (@desimone)
-- docs: update community slack link [\#2063](https://github.com/pomerium/pomerium/pull/2063) (@travisgroth)
-- Update local-oidc.md [\#1994](https://github.com/pomerium/pomerium/pull/1994) (@dharmendrakariya)
-- ping: add documentation [\#1976](https://github.com/pomerium/pomerium/pull/1976) (@calebdoxsey)
-- docs: add JWT Verification w/Envoy guide [\#1974](https://github.com/pomerium/pomerium/pull/1974) (@calebdoxsey)
-- Update data-storage.md [\#1941](https://github.com/pomerium/pomerium/pull/1941) (@TanguyPatte)
-- docs: fix query param name [\#1920](https://github.com/pomerium/pomerium/pull/1920) (@calebdoxsey)
-- docs: add breaking sa changes in v0.13 [\#1919](https://github.com/pomerium/pomerium/pull/1919) (@desimone)
-- docs: add v0.13 to docs site menu [\#1913](https://github.com/pomerium/pomerium/pull/1913) (@travisgroth)
-- docs: update changelog for v0.13.0 [\#1909](https://github.com/pomerium/pomerium/pull/1909) (@desimone)
-- docs: update security policy [\#1897](https://github.com/pomerium/pomerium/pull/1897) (@desimone)
-- docs: misc upgrade notes and changelog [\#1884](https://github.com/pomerium/pomerium/pull/1884) (@travisgroth)
-- docs: add load balancing weight documentation [\#1883](https://github.com/pomerium/pomerium/pull/1883) (@travisgroth)
-- docs: additional load balancing documentation [\#1875](https://github.com/pomerium/pomerium/pull/1875) (@travisgroth)
-
-## Dependency
-
-- chore\(deps\): bump github.com/ory/dockertest/v3 from 3.6.3 to 3.6.5 [\#2168](https://github.com/pomerium/pomerium/pull/2168) (@dependabot[bot])
-- chore\(deps\): bump github.com/prometheus/common from 0.21.0 to 0.23.0 [\#2167](https://github.com/pomerium/pomerium/pull/2167) (@dependabot[bot])
-- chore\(deps\): bump github.com/envoyproxy/protoc-gen-validate from 0.6.0 to 0.6.1 [\#2166](https://github.com/pomerium/pomerium/pull/2166) (@dependabot[bot])
-- chore\(deps\): bump github.com/open-policy-agent/opa from 0.27.1 to 0.28.0 [\#2165](https://github.com/pomerium/pomerium/pull/2165) (@dependabot[bot])
-- use cached envoy [\#2132](https://github.com/pomerium/pomerium/pull/2132) (@wasaga)
-- chore\(deps\): bump github.com/prometheus/common from 0.20.0 to 0.21.0 [\#2130](https://github.com/pomerium/pomerium/pull/2130) (@dependabot[bot])
-- chore\(deps\): bump github.com/envoyproxy/protoc-gen-validate from 0.5.1 to 0.6.0 [\#2129](https://github.com/pomerium/pomerium/pull/2129) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.44.0 to 0.45.0 [\#2128](https://github.com/pomerium/pomerium/pull/2128) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 [\#2074](https://github.com/pomerium/pomerium/pull/2074) (@dependabot[bot])
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.8.0 to 8.8.2 [\#2099](https://github.com/pomerium/pomerium/pull/2099) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.14.1 to 5.15.0 [\#2098](https://github.com/pomerium/pomerium/pull/2098) (@dependabot[bot])
-- do not require project be in GOPATH/src [\#2078](https://github.com/pomerium/pomerium/pull/2078) (@wasaga)
-- chore\(deps\): bump google.golang.org/api from 0.43.0 to 0.44.0 [\#2073](https://github.com/pomerium/pomerium/pull/2073) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.36.1 to 1.37.0 [\#2072](https://github.com/pomerium/pomerium/pull/2072) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.13.0 to 5.14.1 [\#2071](https://github.com/pomerium/pomerium/pull/2071) (@dependabot[bot])
-- deps: switch from renovate to dependabot [\#2069](https://github.com/pomerium/pomerium/pull/2069) (@travisgroth)
-- fix\(deps\): update module github.com/golang/protobuf to v1.5.2 [\#2057](https://github.com/pomerium/pomerium/pull/2057) (@renovate[bot])
-- fix\(deps\): update module github.com/envoyproxy/protoc-gen-validate to v0.5.1 [\#2056](https://github.com/pomerium/pomerium/pull/2056) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 6c239bb [\#2054](https://github.com/pomerium/pomerium/pull/2054) (@renovate[bot])
-- fix\(deps\): update golang.org/x/oauth2 commit hash to 2e8d934 [\#2053](https://github.com/pomerium/pomerium/pull/2053) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to 0fccb6f [\#2052](https://github.com/pomerium/pomerium/pull/2052) (@renovate[bot])
-- skip REDIS cluster test if GOOS != linux [\#2045](https://github.com/pomerium/pomerium/pull/2045) (@wasaga)
-- fix\(deps\): update module gopkg.in/auth0.v5 to v5.13.0 [\#2037](https://github.com/pomerium/pomerium/pull/2037) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/grpc to v1.36.1 [\#2036](https://github.com/pomerium/pomerium/pull/2036) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/api to v0.43.0 [\#2035](https://github.com/pomerium/pomerium/pull/2035) (@renovate[bot])
-- fix\(deps\): update module github.com/rs/zerolog to v1.21.0 [\#2034](https://github.com/pomerium/pomerium/pull/2034) (@renovate[bot])
-- fix\(deps\): update module github.com/prometheus/common to v0.20.0 [\#2033](https://github.com/pomerium/pomerium/pull/2033) (@renovate[bot])
-- fix\(deps\): update module github.com/go-redis/redis/v8 to v8.8.0 [\#2032](https://github.com/pomerium/pomerium/pull/2032) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.6.3 [\#2031](https://github.com/pomerium/pomerium/pull/2031) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 679c6ae [\#2030](https://github.com/pomerium/pomerium/pull/2030) (@renovate[bot])
-- fix\(deps\): update golang.org/x/oauth2 commit hash to 22b0ada [\#2029](https://github.com/pomerium/pomerium/pull/2029) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to 61e0566 [\#2028](https://github.com/pomerium/pomerium/pull/2028) (@renovate[bot])
-- fix\(deps\): update golang.org/x/crypto commit hash to 0c34fe9 [\#2027](https://github.com/pomerium/pomerium/pull/2027) (@renovate[bot])
-- deps: bundle all patch upgrades in a single group [\#2016](https://github.com/pomerium/pomerium/pull/2016) (@travisgroth)
-- fix\(deps\): update module google.golang.org/protobuf to v1.26.0 [\#2012](https://github.com/pomerium/pomerium/pull/2012) (@renovate[bot])
-- fix\(deps\): update module github.com/prometheus/client\_golang to v1.10.0 [\#2011](https://github.com/pomerium/pomerium/pull/2011) (@renovate[bot])
-- fix\(deps\): update module github.com/google/btree to v1.0.1 [\#2010](https://github.com/pomerium/pomerium/pull/2010) (@renovate[bot])
-- fix\(deps\): update module github.com/golang/protobuf to v1.5.1 [\#2009](https://github.com/pomerium/pomerium/pull/2009) (@renovate[bot])
-- fix\(deps\): update module github.com/envoyproxy/protoc-gen-validate to v0.5.0 [\#2008](https://github.com/pomerium/pomerium/pull/2008) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.6.2 [\#2007](https://github.com/pomerium/pomerium/pull/2007) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 5f0e893 [\#2006](https://github.com/pomerium/pomerium/pull/2006) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to d523dce [\#2005](https://github.com/pomerium/pomerium/pull/2005) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/api to v0.42.0 [\#1989](https://github.com/pomerium/pomerium/pull/1989) (@renovate[bot])
-- fix\(deps\): update module github.com/open-policy-agent/opa to v0.27.1 [\#1988](https://github.com/pomerium/pomerium/pull/1988) (@renovate[bot])
-- fix\(deps\): update module github.com/hashicorp/go-multierror to v1.1.1 [\#1987](https://github.com/pomerium/pomerium/pull/1987) (@renovate[bot])
-- fix\(deps\): update module contrib.go.opencensus.io/exporter/prometheus to v0.3.0 [\#1986](https://github.com/pomerium/pomerium/pull/1986) (@renovate[bot])
-- chore\(deps\): update codecov/codecov-action action to v1.3.1 [\#1985](https://github.com/pomerium/pomerium/pull/1985) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 8812039 [\#1984](https://github.com/pomerium/pomerium/pull/1984) (@renovate[bot])
-- fix\(deps\): update golang.org/x/oauth2 commit hash to cd4f82c [\#1983](https://github.com/pomerium/pomerium/pull/1983) (@renovate[bot])
-- fix\(deps\): update golang.org/x/crypto commit hash to 513c2a4 [\#1982](https://github.com/pomerium/pomerium/pull/1982) (@renovate[bot])
-- fix\(deps\): update module github.com/prometheus/procfs to v0.6.0 [\#1969](https://github.com/pomerium/pomerium/pull/1969) (@renovate[bot])
-- fix\(deps\): update module github.com/google/go-cmp to v0.5.5 [\#1968](https://github.com/pomerium/pomerium/pull/1968) (@renovate[bot])
-- fix\(deps\): update module github.com/go-redis/redis/v8 to v8.7.1 [\#1967](https://github.com/pomerium/pomerium/pull/1967) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 9728d6b [\#1966](https://github.com/pomerium/pomerium/pull/1966) (@renovate[bot])
-- fix\(deps\): update github.com/nsf/jsondiff commit hash to 6ea3239 [\#1965](https://github.com/pomerium/pomerium/pull/1965) (@renovate[bot])
-- fix\(deps\): update module github.com/go-chi/chi to v5 [\#1956](https://github.com/pomerium/pomerium/pull/1956) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/grpc to v1.36.0 [\#1955](https://github.com/pomerium/pomerium/pull/1955) (@renovate[bot])
-- fix\(deps\): update module go.opencensus.io to v0.23.0 [\#1954](https://github.com/pomerium/pomerium/pull/1954) (@renovate[bot])
-- fix\(deps\): update module github.com/lithammer/shortuuid/v3 to v3.0.6 [\#1953](https://github.com/pomerium/pomerium/pull/1953) (@renovate[bot])
-- chore\(deps\): update vuepress monorepo to v1.8.2 [\#1952](https://github.com/pomerium/pomerium/pull/1952) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.6.1 [\#1951](https://github.com/pomerium/pomerium/pull/1951) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to ab064af [\#1950](https://github.com/pomerium/pomerium/pull/1950) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to e18ecbb [\#1949](https://github.com/pomerium/pomerium/pull/1949) (@renovate[bot])
-- chore\(deps\): update yaml v2 to v3 [\#1927](https://github.com/pomerium/pomerium/pull/1927) (@desimone)
-- chore\(deps\): update vuepress monorepo to v1.8.1 [\#1891](https://github.com/pomerium/pomerium/pull/1891) (@renovate[bot])
-- chore\(deps\): update module spf13/cobra to v1.1.3 [\#1890](https://github.com/pomerium/pomerium/pull/1890) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/api to v0.40.0 [\#1889](https://github.com/pomerium/pomerium/pull/1889) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.5.1 [\#1888](https://github.com/pomerium/pomerium/pull/1888) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to e7f2df4 [\#1887](https://github.com/pomerium/pomerium/pull/1887) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 6667018 [\#1886](https://github.com/pomerium/pomerium/pull/1886) (@renovate[bot])
-- chore\(deps\): update module auth0 to v5 [\#1868](https://github.com/pomerium/pomerium/pull/1868) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/api to v0.39.0 [\#1867](https://github.com/pomerium/pomerium/pull/1867) (@renovate[bot])
-- chore\(deps\): update module go-redis/redis/v8 to v8.5.0 [\#1866](https://github.com/pomerium/pomerium/pull/1866) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.5.0 [\#1865](https://github.com/pomerium/pomerium/pull/1865) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to bba0dbe [\#1864](https://github.com/pomerium/pomerium/pull/1864) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 0101308 [\#1863](https://github.com/pomerium/pomerium/pull/1863) (@renovate[bot])
-
-## Deployment
-
-- deployment: update get-envoy script and release hooks [\#2111](https://github.com/pomerium/pomerium/pull/2111) (@travisgroth)
-- deployment: Publish OS packages to cloudsmith [\#2105](https://github.com/pomerium/pomerium/pull/2105) (@travisgroth)
-- deployment: update get-envoy script and release hooks [\#2112](https://github.com/pomerium/pomerium/pull/2112) (@github-actions[bot])
-- deployment: Publish OS packages to cloudsmith [\#2108](https://github.com/pomerium/pomerium/pull/2108) (@github-actions[bot])
-- ci: cache build and test binaries [\#1938](https://github.com/pomerium/pomerium/pull/1938) (@desimone)
-- ci: go 1.16.x, cached tests [\#1937](https://github.com/pomerium/pomerium/pull/1937) (@desimone)
-
-## Changed
-
-- authorize: remove log [\#2122](https://github.com/pomerium/pomerium/pull/2122) (@calebdoxsey)
-- config related metrics [\#2065](https://github.com/pomerium/pomerium/pull/2065) (@wasaga)
-- proxy: support re-proxying request through control plane for kubernetes [\#2051](https://github.com/pomerium/pomerium/pull/2051) (@calebdoxsey)
-- add default gitlab url [\#2044](https://github.com/pomerium/pomerium/pull/2044) (@contrun)
-- Updating Doc for Pomerium-Dex Exercise [\#2018](https://github.com/pomerium/pomerium/pull/2018) (@dharmendrakariya)
-- Add `xff\_num\_trusted\_hops` config option [\#2003](https://github.com/pomerium/pomerium/pull/2003) (@ntoofu)
-- envoy: restrict permissions on embedded envoy binary [\#1999](https://github.com/pomerium/pomerium/pull/1999) (@calebdoxsey)
-- ci: deploy master to integration environments [\#1973](https://github.com/pomerium/pomerium/pull/1973) (@travisgroth)
-- oidc: use groups claim from ID token if present [\#1970](https://github.com/pomerium/pomerium/pull/1970) (@bonifaido)
-- config: expose viper policy hooks [\#1947](https://github.com/pomerium/pomerium/pull/1947) (@calebdoxsey)
-- ci: deploy latest release to test environment [\#1916](https://github.com/pomerium/pomerium/pull/1916) (@travisgroth)
-- logs: strip query string [\#1894](https://github.com/pomerium/pomerium/pull/1894) (@calebdoxsey)
-- in-memory service registry [\#1892](https://github.com/pomerium/pomerium/pull/1892) (@wasaga)
-- controlplane: maybe fix flaky test [\#1873](https://github.com/pomerium/pomerium/pull/1873) (@calebdoxsey)
-- remove generated code from code coverage metrics [\#1857](https://github.com/pomerium/pomerium/pull/1857) (@travisgroth)
-
-## [v0.14.0-rc2](https://github.com/pomerium/pomerium/tree/v0.14.0-rc2) (2021-04-29)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.14.0-rc1...v0.14.0-rc2)
-
-## New
-
-- controlplane: save configuration events to databroker [\#2153](https://github.com/pomerium/pomerium/pull/2153) (@calebdoxsey)
-- control plane: add request id to all error pages [\#2149](https://github.com/pomerium/pomerium/pull/2149) (@desimone)
-- let pass custom dial opts [\#2144](https://github.com/pomerium/pomerium/pull/2144) (@wasaga)
-- envoy: re-implement recommended defaults [\#2123](https://github.com/pomerium/pomerium/pull/2123) (@calebdoxsey)
-- Drop tun.cfg.dstHost from jwtCacheKey [\#2115](https://github.com/pomerium/pomerium/pull/2115) (@bl0m1)
-- config: remove validate side effects [\#2109](https://github.com/pomerium/pomerium/pull/2109) (@calebdoxsey)
-- log context [\#2107](https://github.com/pomerium/pomerium/pull/2107) (@wasaga)
-- databroker: add options for maximum capacity [\#2095](https://github.com/pomerium/pomerium/pull/2095) (@calebdoxsey)
-
-## Fixed
-
-- deployment: update alpine debug image dependencies [\#2154](https://github.com/pomerium/pomerium/pull/2154) (@travisgroth)
-- authorize: refactor store locking [\#2151](https://github.com/pomerium/pomerium/pull/2151) (@calebdoxsey)
-- databroker: store server version in backend [\#2142](https://github.com/pomerium/pomerium/pull/2142) (@calebdoxsey)
-- authorize: audit log had duplicate "message" key [\#2141](https://github.com/pomerium/pomerium/pull/2141) (@desimone)
-- httputil: fix SPDY support with reverse proxy [\#2134](https://github.com/pomerium/pomerium/pull/2134) (@calebdoxsey)
-- envoyconfig: fix metrics ingress listener name [\#2124](https://github.com/pomerium/pomerium/pull/2124) (@calebdoxsey)
-- authorize: fix empty sub policy arrays [\#2119](https://github.com/pomerium/pomerium/pull/2119) (@calebdoxsey)
-- authorize: fix unsigned URL [\#2118](https://github.com/pomerium/pomerium/pull/2118) (@calebdoxsey)
-- authorize: support arbitrary jwt claims [\#2102](https://github.com/pomerium/pomerium/pull/2102) (@calebdoxsey)
-
-## Security
-
-- deps: bump envoy to 1.17.2 [\#2113](https://github.com/pomerium/pomerium/pull/2113) (@travisgroth)
-
-## Documentation
-
-- docs: mention alternative bearer token header format [\#2155](https://github.com/pomerium/pomerium/pull/2155) (@travisgroth)
-- docs: upgrade notes on `allowed\_users` by ID [\#2133](https://github.com/pomerium/pomerium/pull/2133) (@travisgroth)
-
-## Dependency
-
-- use cached envoy [\#2132](https://github.com/pomerium/pomerium/pull/2132) (@wasaga)
-- chore\(deps\): bump github.com/prometheus/common from 0.20.0 to 0.21.0 [\#2130](https://github.com/pomerium/pomerium/pull/2130) (@dependabot[bot])
-- chore\(deps\): bump github.com/envoyproxy/protoc-gen-validate from 0.5.1 to 0.6.0 [\#2129](https://github.com/pomerium/pomerium/pull/2129) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/api from 0.44.0 to 0.45.0 [\#2128](https://github.com/pomerium/pomerium/pull/2128) (@dependabot[bot])
-- chore\(deps\): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 [\#2074](https://github.com/pomerium/pomerium/pull/2074) (@dependabot[bot])
-
-## Deployment
-
-- deployment: update get-envoy script and release hooks [\#2111](https://github.com/pomerium/pomerium/pull/2111) (@travisgroth)
-- deployment: Publish OS packages to cloudsmith [\#2105](https://github.com/pomerium/pomerium/pull/2105) (@travisgroth)
-
-## Changed
-
-- authorize: remove log [\#2122](https://github.com/pomerium/pomerium/pull/2122) (@calebdoxsey)
-
-## [v0.14.0-rc1](https://github.com/pomerium/pomerium/tree/v0.14.0-rc1) (2021-04-22)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.13.6...v0.14.0-rc1)
-
-## Breaking
-
-- directory: remove provider from user id [\#2068](https://github.com/pomerium/pomerium/pull/2068) (@calebdoxsey)
-
-## New
-
-- envoyconfig: move most bootstrap config to shared package [\#2088](https://github.com/pomerium/pomerium/pull/2088) (@calebdoxsey)
-- envoy: refactor controlplane xds to new envoyconfig package [\#2086](https://github.com/pomerium/pomerium/pull/2086) (@calebdoxsey)
-- config: rename headers to set\_response\_headers [\#2081](https://github.com/pomerium/pomerium/pull/2081) (@calebdoxsey)
-- crypto: use actual bytes of shared secret, not the base64 encoded representation [\#2075](https://github.com/pomerium/pomerium/pull/2075) (@calebdoxsey)
-- cryptutil: use bytes for hmac [\#2067](https://github.com/pomerium/pomerium/pull/2067) (@calebdoxsey)
-- cryptutil: always use kek public id, add x509 support [\#2066](https://github.com/pomerium/pomerium/pull/2066) (@calebdoxsey)
-- authorize: additional tracing, add benchmark for encryptor [\#2059](https://github.com/pomerium/pomerium/pull/2059) (@calebdoxsey)
-- authorize: audit logging [\#2050](https://github.com/pomerium/pomerium/pull/2050) (@calebdoxsey)
-- support host:port in metrics\_address [\#2042](https://github.com/pomerium/pomerium/pull/2042) (@wasaga)
-- databroker: return server version in Get [\#2039](https://github.com/pomerium/pomerium/pull/2039) (@wasaga)
-- authorize: add databroker server and record version to result, force sync via polling [\#2024](https://github.com/pomerium/pomerium/pull/2024) (@calebdoxsey)
-- protoutil: add generic transformer [\#2023](https://github.com/pomerium/pomerium/pull/2023) (@calebdoxsey)
-- cryptutil: add envelope encryption w/key encryption key and data encryption key [\#2020](https://github.com/pomerium/pomerium/pull/2020) (@calebdoxsey)
-- autocert: add metrics for renewal count, total and next expiration [\#2019](https://github.com/pomerium/pomerium/pull/2019) (@calebdoxsey)
-- telemetry: add installation id [\#2017](https://github.com/pomerium/pomerium/pull/2017) (@calebdoxsey)
-- config: use getters for certificates [\#2001](https://github.com/pomerium/pomerium/pull/2001) (@calebdoxsey)
-- config: use getters for authenticate, signout and forward auth urls [\#2000](https://github.com/pomerium/pomerium/pull/2000) (@calebdoxsey)
-- xds: use ALPN Auto config for upstream protocol when possible [\#1995](https://github.com/pomerium/pomerium/pull/1995) (@calebdoxsey)
-- envoy: upgrade to v1.17.1 [\#1993](https://github.com/pomerium/pomerium/pull/1993) (@calebdoxsey)
-- redis: add redis cluster support [\#1992](https://github.com/pomerium/pomerium/pull/1992) (@calebdoxsey)
-- redis: add support for redis-sentinel [\#1991](https://github.com/pomerium/pomerium/pull/1991) (@calebdoxsey)
-- authorize: set JWT to expire after 5 minutes [\#1980](https://github.com/pomerium/pomerium/pull/1980) (@calebdoxsey)
-- identity: infer email from mail claim [\#1977](https://github.com/pomerium/pomerium/pull/1977) (@calebdoxsey)
-- ping: identity and directory providers [\#1975](https://github.com/pomerium/pomerium/pull/1975) (@calebdoxsey)
-- config: add rewrite\_response\_headers to protobuf [\#1962](https://github.com/pomerium/pomerium/pull/1962) (@calebdoxsey)
-- config: add rewrite\_response\_headers option [\#1961](https://github.com/pomerium/pomerium/pull/1961) (@calebdoxsey)
-- assets: use embed instead of statik [\#1960](https://github.com/pomerium/pomerium/pull/1960) (@calebdoxsey)
-- config: log config source changes [\#1959](https://github.com/pomerium/pomerium/pull/1959) (@calebdoxsey)
-- config: multiple endpoints for authorize and databroker [\#1957](https://github.com/pomerium/pomerium/pull/1957) (@calebdoxsey)
-- telemetry: add process collector for envoy [\#1948](https://github.com/pomerium/pomerium/pull/1948) (@calebdoxsey)
-- use build\_info as liveness gauge metric [\#1940](https://github.com/pomerium/pomerium/pull/1940) (@wasaga)
-- metrics: add TLS options [\#1939](https://github.com/pomerium/pomerium/pull/1939) (@calebdoxsey)
-- identity: record metric for last refresh [\#1936](https://github.com/pomerium/pomerium/pull/1936) (@calebdoxsey)
-- middleware: basic auth equalize lengths of input [\#1934](https://github.com/pomerium/pomerium/pull/1934) (@desimone)
-- autocert: remove non-determinism [\#1932](https://github.com/pomerium/pomerium/pull/1932) (@calebdoxsey)
-- config: add metrics\_basic\_auth option [\#1917](https://github.com/pomerium/pomerium/pull/1917) (@calebdoxsey)
-- envoy: validate binary checksum [\#1908](https://github.com/pomerium/pomerium/pull/1908) (@calebdoxsey)
-- config: support map of jwt claim headers [\#1906](https://github.com/pomerium/pomerium/pull/1906) (@calebdoxsey)
-- Remove internal/protoutil. [\#1893](https://github.com/pomerium/pomerium/pull/1893) (@yegle)
-- databroker: refactor databroker to sync all changes [\#1879](https://github.com/pomerium/pomerium/pull/1879) (@calebdoxsey)
-- config: add CertificateFiles to FileWatcherSource list [\#1878](https://github.com/pomerium/pomerium/pull/1878) (@travisgroth)
-- config: allow customization of envoy boostrap admin options [\#1872](https://github.com/pomerium/pomerium/pull/1872) (@calebdoxsey)
-- proxy: implement pass-through for authenticate backend [\#1870](https://github.com/pomerium/pomerium/pull/1870) (@calebdoxsey)
-- authorize: move headers and jwt signing to rego [\#1856](https://github.com/pomerium/pomerium/pull/1856) (@calebdoxsey)
-
-## Fixed
-
-- authorize: support arbitrary jwt claims [\#2106](https://github.com/pomerium/pomerium/pull/2106) (@github-actions[bot])
-- xdsmgr: update resource versions on NACK [\#2093](https://github.com/pomerium/pomerium/pull/2093) (@calebdoxsey)
-- config: don't change address value on databroker or authorize [\#2092](https://github.com/pomerium/pomerium/pull/2092) (@travisgroth)
-- metrics\_address should be optional parameter [\#2087](https://github.com/pomerium/pomerium/pull/2087) (@wasaga)
-- propagate changes back from encrypted backend [\#2079](https://github.com/pomerium/pomerium/pull/2079) (@wasaga)
-- config: use tls\_custom\_ca from policy when available [\#2077](https://github.com/pomerium/pomerium/pull/2077) (@calebdoxsey)
-- databroker: remove unused installation id, close streams when backend is closed [\#2062](https://github.com/pomerium/pomerium/pull/2062) (@calebdoxsey)
-- authenticate: fix default sign out url [\#2061](https://github.com/pomerium/pomerium/pull/2061) (@calebdoxsey)
-- change require\_proxy\_protocol to use\_proxy\_protocol [\#2043](https://github.com/pomerium/pomerium/pull/2043) (@contrun)
-- authorize: bypass data in rego for databroker data [\#2041](https://github.com/pomerium/pomerium/pull/2041) (@calebdoxsey)
-- proxy: add nil check for fix-misdirected [\#2040](https://github.com/pomerium/pomerium/pull/2040) (@calebdoxsey)
-- config: add headers to config proto [\#1996](https://github.com/pomerium/pomerium/pull/1996) (@calebdoxsey)
-- Fix process cpu usage metric [\#1979](https://github.com/pomerium/pomerium/pull/1979) (@wasaga)
-- cmd/pomerium: exit 0 for normal shutdown [\#1958](https://github.com/pomerium/pomerium/pull/1958) (@travisgroth)
-- proxy: redirect to dashboard for logout [\#1944](https://github.com/pomerium/pomerium/pull/1944) (@calebdoxsey)
-- config: fix redirect routes from protobuf [\#1930](https://github.com/pomerium/pomerium/pull/1930) (@travisgroth)
-- google: fix default provider URL [\#1928](https://github.com/pomerium/pomerium/pull/1928) (@calebdoxsey)
-- fix registry test [\#1911](https://github.com/pomerium/pomerium/pull/1911) (@wasaga)
-- ci: pin goreleaser version [\#1900](https://github.com/pomerium/pomerium/pull/1900) (@travisgroth)
-- onelogin: fix default scopes for v2 [\#1896](https://github.com/pomerium/pomerium/pull/1896) (@calebdoxsey)
-- xds: fix misdirected script [\#1895](https://github.com/pomerium/pomerium/pull/1895) (@calebdoxsey)
-- authenticate: validate origin of signout [\#1876](https://github.com/pomerium/pomerium/pull/1876) (@desimone)
-- redis: fix deletion versioning [\#1871](https://github.com/pomerium/pomerium/pull/1871) (@calebdoxsey)
-- options: header only applies to routes and authN [\#1862](https://github.com/pomerium/pomerium/pull/1862) (@desimone)
-- controlplane: add global headers to virtualhost [\#1861](https://github.com/pomerium/pomerium/pull/1861) (@desimone)
-- unique envoy cluster ids [\#1858](https://github.com/pomerium/pomerium/pull/1858) (@wasaga)
-
-## Security
-
-- deps: bump envoy to 1.17.2 [\#2114](https://github.com/pomerium/pomerium/pull/2114) (@github-actions[bot])
-- proxy: restrict programmatic URLs to localhost [\#2049](https://github.com/pomerium/pomerium/pull/2049) (@travisgroth)
-- authenticate: validate signature on /.pomerium, /.pomerium/sign\_in and /.pomerium/sign\_out [\#2048](https://github.com/pomerium/pomerium/pull/2048) (@travisgroth)
-
-## Documentation
-
-- docs: add threat model to security page [\#2097](https://github.com/pomerium/pomerium/pull/2097) (@desimone)
-- docs: update community slack link [\#2063](https://github.com/pomerium/pomerium/pull/2063) (@travisgroth)
-- Update local-oidc.md [\#1994](https://github.com/pomerium/pomerium/pull/1994) (@dharmendrakariya)
-- ping: add documentation [\#1976](https://github.com/pomerium/pomerium/pull/1976) (@calebdoxsey)
-- docs: add JWT Verification w/Envoy guide [\#1974](https://github.com/pomerium/pomerium/pull/1974) (@calebdoxsey)
-- Update data-storage.md [\#1941](https://github.com/pomerium/pomerium/pull/1941) (@TanguyPatte)
-- docs: fix query param name [\#1920](https://github.com/pomerium/pomerium/pull/1920) (@calebdoxsey)
-- docs: add breaking sa changes in v0.13 [\#1919](https://github.com/pomerium/pomerium/pull/1919) (@desimone)
-- docs: add v0.13 to docs site menu [\#1913](https://github.com/pomerium/pomerium/pull/1913) (@travisgroth)
-- docs: update changelog for v0.13.0 [\#1909](https://github.com/pomerium/pomerium/pull/1909) (@desimone)
-- docs: update security policy [\#1897](https://github.com/pomerium/pomerium/pull/1897) (@desimone)
-- docs: misc upgrade notes and changelog [\#1884](https://github.com/pomerium/pomerium/pull/1884) (@travisgroth)
-- docs: add load balancing weight documentation [\#1883](https://github.com/pomerium/pomerium/pull/1883) (@travisgroth)
-- docs: additional load balancing documentation [\#1875](https://github.com/pomerium/pomerium/pull/1875) (@travisgroth)
-
-## Dependency
-
-- chore\(deps\): bump github.com/go-redis/redis/v8 from 8.8.0 to 8.8.2 [\#2099](https://github.com/pomerium/pomerium/pull/2099) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.14.1 to 5.15.0 [\#2098](https://github.com/pomerium/pomerium/pull/2098) (@dependabot[bot])
-- do not require project be in GOPATH/src [\#2078](https://github.com/pomerium/pomerium/pull/2078) (@wasaga)
-- chore\(deps\): bump google.golang.org/api from 0.43.0 to 0.44.0 [\#2073](https://github.com/pomerium/pomerium/pull/2073) (@dependabot[bot])
-- chore\(deps\): bump google.golang.org/grpc from 1.36.1 to 1.37.0 [\#2072](https://github.com/pomerium/pomerium/pull/2072) (@dependabot[bot])
-- chore\(deps\): bump gopkg.in/auth0.v5 from 5.13.0 to 5.14.1 [\#2071](https://github.com/pomerium/pomerium/pull/2071) (@dependabot[bot])
-- deps: switch from renovate to dependabot [\#2069](https://github.com/pomerium/pomerium/pull/2069) (@travisgroth)
-- fix\(deps\): update module github.com/golang/protobuf to v1.5.2 [\#2057](https://github.com/pomerium/pomerium/pull/2057) (@renovate[bot])
-- fix\(deps\): update module github.com/envoyproxy/protoc-gen-validate to v0.5.1 [\#2056](https://github.com/pomerium/pomerium/pull/2056) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 6c239bb [\#2054](https://github.com/pomerium/pomerium/pull/2054) (@renovate[bot])
-- fix\(deps\): update golang.org/x/oauth2 commit hash to 2e8d934 [\#2053](https://github.com/pomerium/pomerium/pull/2053) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to 0fccb6f [\#2052](https://github.com/pomerium/pomerium/pull/2052) (@renovate[bot])
-- skip REDIS cluster test if GOOS != linux [\#2045](https://github.com/pomerium/pomerium/pull/2045) (@wasaga)
-- fix\(deps\): update module gopkg.in/auth0.v5 to v5.13.0 [\#2037](https://github.com/pomerium/pomerium/pull/2037) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/grpc to v1.36.1 [\#2036](https://github.com/pomerium/pomerium/pull/2036) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/api to v0.43.0 [\#2035](https://github.com/pomerium/pomerium/pull/2035) (@renovate[bot])
-- fix\(deps\): update module github.com/rs/zerolog to v1.21.0 [\#2034](https://github.com/pomerium/pomerium/pull/2034) (@renovate[bot])
-- fix\(deps\): update module github.com/prometheus/common to v0.20.0 [\#2033](https://github.com/pomerium/pomerium/pull/2033) (@renovate[bot])
-- fix\(deps\): update module github.com/go-redis/redis/v8 to v8.8.0 [\#2032](https://github.com/pomerium/pomerium/pull/2032) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.6.3 [\#2031](https://github.com/pomerium/pomerium/pull/2031) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 679c6ae [\#2030](https://github.com/pomerium/pomerium/pull/2030) (@renovate[bot])
-- fix\(deps\): update golang.org/x/oauth2 commit hash to 22b0ada [\#2029](https://github.com/pomerium/pomerium/pull/2029) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to 61e0566 [\#2028](https://github.com/pomerium/pomerium/pull/2028) (@renovate[bot])
-- fix\(deps\): update golang.org/x/crypto commit hash to 0c34fe9 [\#2027](https://github.com/pomerium/pomerium/pull/2027) (@renovate[bot])
-- deps: bundle all patch upgrades in a single group [\#2016](https://github.com/pomerium/pomerium/pull/2016) (@travisgroth)
-- fix\(deps\): update module google.golang.org/protobuf to v1.26.0 [\#2012](https://github.com/pomerium/pomerium/pull/2012) (@renovate[bot])
-- fix\(deps\): update module github.com/prometheus/client\_golang to v1.10.0 [\#2011](https://github.com/pomerium/pomerium/pull/2011) (@renovate[bot])
-- fix\(deps\): update module github.com/google/btree to v1.0.1 [\#2010](https://github.com/pomerium/pomerium/pull/2010) (@renovate[bot])
-- fix\(deps\): update module github.com/golang/protobuf to v1.5.1 [\#2009](https://github.com/pomerium/pomerium/pull/2009) (@renovate[bot])
-- fix\(deps\): update module github.com/envoyproxy/protoc-gen-validate to v0.5.0 [\#2008](https://github.com/pomerium/pomerium/pull/2008) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.6.2 [\#2007](https://github.com/pomerium/pomerium/pull/2007) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 5f0e893 [\#2006](https://github.com/pomerium/pomerium/pull/2006) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to d523dce [\#2005](https://github.com/pomerium/pomerium/pull/2005) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/api to v0.42.0 [\#1989](https://github.com/pomerium/pomerium/pull/1989) (@renovate[bot])
-- fix\(deps\): update module github.com/open-policy-agent/opa to v0.27.1 [\#1988](https://github.com/pomerium/pomerium/pull/1988) (@renovate[bot])
-- fix\(deps\): update module github.com/hashicorp/go-multierror to v1.1.1 [\#1987](https://github.com/pomerium/pomerium/pull/1987) (@renovate[bot])
-- fix\(deps\): update module contrib.go.opencensus.io/exporter/prometheus to v0.3.0 [\#1986](https://github.com/pomerium/pomerium/pull/1986) (@renovate[bot])
-- chore\(deps\): update codecov/codecov-action action to v1.3.1 [\#1985](https://github.com/pomerium/pomerium/pull/1985) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 8812039 [\#1984](https://github.com/pomerium/pomerium/pull/1984) (@renovate[bot])
-- fix\(deps\): update golang.org/x/oauth2 commit hash to cd4f82c [\#1983](https://github.com/pomerium/pomerium/pull/1983) (@renovate[bot])
-- fix\(deps\): update golang.org/x/crypto commit hash to 513c2a4 [\#1982](https://github.com/pomerium/pomerium/pull/1982) (@renovate[bot])
-- fix\(deps\): update module github.com/prometheus/procfs to v0.6.0 [\#1969](https://github.com/pomerium/pomerium/pull/1969) (@renovate[bot])
-- fix\(deps\): update module github.com/google/go-cmp to v0.5.5 [\#1968](https://github.com/pomerium/pomerium/pull/1968) (@renovate[bot])
-- fix\(deps\): update module github.com/go-redis/redis/v8 to v8.7.1 [\#1967](https://github.com/pomerium/pomerium/pull/1967) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to 9728d6b [\#1966](https://github.com/pomerium/pomerium/pull/1966) (@renovate[bot])
-- fix\(deps\): update github.com/nsf/jsondiff commit hash to 6ea3239 [\#1965](https://github.com/pomerium/pomerium/pull/1965) (@renovate[bot])
-- fix\(deps\): update module github.com/go-chi/chi to v5 [\#1956](https://github.com/pomerium/pomerium/pull/1956) (@renovate[bot])
-- fix\(deps\): update module google.golang.org/grpc to v1.36.0 [\#1955](https://github.com/pomerium/pomerium/pull/1955) (@renovate[bot])
-- fix\(deps\): update module go.opencensus.io to v0.23.0 [\#1954](https://github.com/pomerium/pomerium/pull/1954) (@renovate[bot])
-- fix\(deps\): update module github.com/lithammer/shortuuid/v3 to v3.0.6 [\#1953](https://github.com/pomerium/pomerium/pull/1953) (@renovate[bot])
-- chore\(deps\): update vuepress monorepo to v1.8.2 [\#1952](https://github.com/pomerium/pomerium/pull/1952) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.6.1 [\#1951](https://github.com/pomerium/pomerium/pull/1951) (@renovate[bot])
-- fix\(deps\): update google.golang.org/genproto commit hash to ab064af [\#1950](https://github.com/pomerium/pomerium/pull/1950) (@renovate[bot])
-- fix\(deps\): update golang.org/x/net commit hash to e18ecbb [\#1949](https://github.com/pomerium/pomerium/pull/1949) (@renovate[bot])
-- chore\(deps\): update yaml v2 to v3 [\#1927](https://github.com/pomerium/pomerium/pull/1927) (@desimone)
-- chore\(deps\): update vuepress monorepo to v1.8.1 [\#1891](https://github.com/pomerium/pomerium/pull/1891) (@renovate[bot])
-- chore\(deps\): update module spf13/cobra to v1.1.3 [\#1890](https://github.com/pomerium/pomerium/pull/1890) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/api to v0.40.0 [\#1889](https://github.com/pomerium/pomerium/pull/1889) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.5.1 [\#1888](https://github.com/pomerium/pomerium/pull/1888) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to e7f2df4 [\#1887](https://github.com/pomerium/pomerium/pull/1887) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 6667018 [\#1886](https://github.com/pomerium/pomerium/pull/1886) (@renovate[bot])
-- chore\(deps\): update module auth0 to v5 [\#1868](https://github.com/pomerium/pomerium/pull/1868) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/api to v0.39.0 [\#1867](https://github.com/pomerium/pomerium/pull/1867) (@renovate[bot])
-- chore\(deps\): update module go-redis/redis/v8 to v8.5.0 [\#1866](https://github.com/pomerium/pomerium/pull/1866) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.5.0 [\#1865](https://github.com/pomerium/pomerium/pull/1865) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to bba0dbe [\#1864](https://github.com/pomerium/pomerium/pull/1864) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 0101308 [\#1863](https://github.com/pomerium/pomerium/pull/1863) (@renovate[bot])
-
-## Deployment
-
-- deployment: update get-envoy script and release hooks [\#2112](https://github.com/pomerium/pomerium/pull/2112) (@github-actions[bot])
-- deployment: Publish OS packages to cloudsmith [\#2108](https://github.com/pomerium/pomerium/pull/2108) (@github-actions[bot])
-- ci: cache build and test binaries [\#1938](https://github.com/pomerium/pomerium/pull/1938) (@desimone)
-- ci: go 1.16.x, cached tests [\#1937](https://github.com/pomerium/pomerium/pull/1937) (@desimone)
-
-## Changed
-
-- config related metrics [\#2065](https://github.com/pomerium/pomerium/pull/2065) (@wasaga)
-- proxy: support re-proxying request through control plane for kubernetes [\#2051](https://github.com/pomerium/pomerium/pull/2051) (@calebdoxsey)
-- add default gitlab url [\#2044](https://github.com/pomerium/pomerium/pull/2044) (@contrun)
-- Updating Doc for Pomerium-Dex Exercise [\#2018](https://github.com/pomerium/pomerium/pull/2018) (@dharmendrakariya)
-- Add `xff\_num\_trusted\_hops` config option [\#2003](https://github.com/pomerium/pomerium/pull/2003) (@ntoofu)
-- envoy: restrict permissions on embedded envoy binary [\#1999](https://github.com/pomerium/pomerium/pull/1999) (@calebdoxsey)
-- ci: deploy master to integration environments [\#1973](https://github.com/pomerium/pomerium/pull/1973) (@travisgroth)
-- oidc: use groups claim from ID token if present [\#1970](https://github.com/pomerium/pomerium/pull/1970) (@bonifaido)
-- config: expose viper policy hooks [\#1947](https://github.com/pomerium/pomerium/pull/1947) (@calebdoxsey)
-- ci: deploy latest release to test environment [\#1916](https://github.com/pomerium/pomerium/pull/1916) (@travisgroth)
-- logs: strip query string [\#1894](https://github.com/pomerium/pomerium/pull/1894) (@calebdoxsey)
-- in-memory service registry [\#1892](https://github.com/pomerium/pomerium/pull/1892) (@wasaga)
-- controlplane: maybe fix flaky test [\#1873](https://github.com/pomerium/pomerium/pull/1873) (@calebdoxsey)
-- remove generated code from code coverage metrics [\#1857](https://github.com/pomerium/pomerium/pull/1857) (@travisgroth)
-
-## [v0.13.6](https://github.com/pomerium/pomerium/tree/v0.13.6) (2021-04-17)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.13.5...v0.13.6)
-
-## Security
-
-- deps: upgrade envoy to 1.16.3 [\#2096](https://github.com/pomerium/pomerium/pull/2096) (@travisgroth)
-
-## Documentation
-
-- docs: update community slack link [\#2064](https://github.com/pomerium/pomerium/pull/2064) (@github-actions[bot])
-
-## [v0.13.5](https://github.com/pomerium/pomerium/tree/v0.13.5) (2021-04-06)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.13.4...v0.13.5)
-
-## Fixed
-
-- change require\_proxy\_protocol to use\_proxy\_protocol [\#2058](https://github.com/pomerium/pomerium/pull/2058) (@github-actions[bot])
-
-## [v0.13.4](https://github.com/pomerium/pomerium/tree/v0.13.4) (2021-03-31)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.13.3...v0.13.4)
-
-## Security
-
-- proxy: restrict programmatic URLs to localhost [\#2047](https://github.com/pomerium/pomerium/pull/2047) (@travisgroth)
-- authenticate: validate signature on /.pomerium, /.pomerium/sign\_in and /.pomerium/sign\_out [\#2046](https://github.com/pomerium/pomerium/pull/2046) (@travisgroth)
-
-## [v0.13.3](https://github.com/pomerium/pomerium/tree/v0.13.3) (2021-03-12)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.13.2...v0.13.3)
-
-## New
-
-- identity: infer email from mail claim [\#1978](https://github.com/pomerium/pomerium/pull/1978) (@github-actions[bot])
-
-## [v0.13.2](https://github.com/pomerium/pomerium/tree/v0.13.2) (2021-02-25)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.13.1...v0.13.2)
-
-## Documentation
-
-- Update data-storage.md [\#1942](https://github.com/pomerium/pomerium/pull/1942) (@github-actions[bot])
-
-## Changed
-
-- proxy: redirect to dashboard for logout [\#1945](https://github.com/pomerium/pomerium/pull/1945) (@github-actions[bot])
-
-## [v0.13.1](https://github.com/pomerium/pomerium/tree/v0.13.1) (2021-02-22)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.13.0...v0.13.1)
-
-## Fixed
-
-- config: fix redirect routes from protobuf [\#1931](https://github.com/pomerium/pomerium/pull/1931) (@github-actions[bot])
-- google: fix default provider URL [\#1929](https://github.com/pomerium/pomerium/pull/1929) (@github-actions[bot])
-
-## Documentation
-
-- docs: fix query param name [\#1923](https://github.com/pomerium/pomerium/pull/1923) (@github-actions[bot])
-- docs: add breaking sa changes in v0.13 [\#1921](https://github.com/pomerium/pomerium/pull/1921) (@github-actions[bot])
-- docs: add v0.13 to docs site menu [\#1914](https://github.com/pomerium/pomerium/pull/1914) (@github-actions[bot])
-
-## Changed
-
-- ci: deploy releases to test environment \(\#1916\) [\#1918](https://github.com/pomerium/pomerium/pull/1918) (@travisgroth)
-
-
-
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
-
-
-## [v0.13.0](https://github.com/pomerium/pomerium/tree/v0.13.0) (2021-02-17)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.12.2...v0.13.0)
-
-## Breaking
-
-- authorize: remove admin [\#1833](https://github.com/pomerium/pomerium/pull/1833) (@calebdoxsey)
-- remove user impersonation and service account cli [\#1768](https://github.com/pomerium/pomerium/pull/1768) (@calebdoxsey)
-
-## New
-
-- authorize: allow access by user id [\#1850](https://github.com/pomerium/pomerium/pull/1850) (@calebdoxsey)
-- authorize: remove DataBrokerData input [\#1847](https://github.com/pomerium/pomerium/pull/1847) (@calebdoxsey)
-- opa: format rego files [\#1845](https://github.com/pomerium/pomerium/pull/1845) (@calebdoxsey)
-- policy: add new certificate-authority option for downstream mTLS client certificates [\#1835](https://github.com/pomerium/pomerium/pull/1835) (@calebdoxsey)
-- metrics: human readable cluster name [\#1834](https://github.com/pomerium/pomerium/pull/1834) (@wasaga)
-- upstream endpoints load balancer weights [\#1830](https://github.com/pomerium/pomerium/pull/1830) (@wasaga)
-- controlplane: only add listener virtual domains for addresses matching the current TLS domain [\#1823](https://github.com/pomerium/pomerium/pull/1823) (@calebdoxsey)
-- authenticate: delay evaluation of OIDC provider [\#1802](https://github.com/pomerium/pomerium/pull/1802) (@calebdoxsey)
-- config: require shared key if using redis backed databroker [\#1801](https://github.com/pomerium/pomerium/pull/1801) (@travisgroth)
-- upstream health check config [\#1796](https://github.com/pomerium/pomerium/pull/1796) (@wasaga)
-- new skip\_xff\_append option [\#1788](https://github.com/pomerium/pomerium/pull/1788) (@wasaga)
-- policy: add outlier\_detection [\#1786](https://github.com/pomerium/pomerium/pull/1786) (@calebdoxsey)
-- reduce memory usage by handling http/2 coalescing via a lua script [\#1779](https://github.com/pomerium/pomerium/pull/1779) (@calebdoxsey)
-- add support for proxy protocol on HTTP listener [\#1777](https://github.com/pomerium/pomerium/pull/1777) (@calebdoxsey)
-- config: support redirect actions [\#1776](https://github.com/pomerium/pomerium/pull/1776) (@calebdoxsey)
-- config: detect underlying file changes [\#1775](https://github.com/pomerium/pomerium/pull/1775) (@calebdoxsey)
-- authenticate: update user info screens [\#1774](https://github.com/pomerium/pomerium/pull/1774) (@desimone)
-- jws: remove issuer [\#1754](https://github.com/pomerium/pomerium/pull/1754) (@calebdoxsey)
-
-## Fixed
-
-- redis: fix deletion versioning [\#1874](https://github.com/pomerium/pomerium/pull/1874) (@github-actions[bot])
-- rego: handle null [\#1853](https://github.com/pomerium/pomerium/pull/1853) (@calebdoxsey)
-- config: fix data race [\#1851](https://github.com/pomerium/pomerium/pull/1851) (@calebdoxsey)
-- deployment: set maintainer field in packages [\#1848](https://github.com/pomerium/pomerium/pull/1848) (@travisgroth)
-- xds: fix always requiring client certificates [\#1844](https://github.com/pomerium/pomerium/pull/1844) (@calebdoxsey)
-- fix go:generate for envoy config [\#1826](https://github.com/pomerium/pomerium/pull/1826) (@calebdoxsey)
-- controlplane: only enable STATIC dns when all adresses are IP addresses [\#1822](https://github.com/pomerium/pomerium/pull/1822) (@calebdoxsey)
-- config: fix databroker policies [\#1821](https://github.com/pomerium/pomerium/pull/1821) (@calebdoxsey)
-- config: fix hot-reloading [\#1820](https://github.com/pomerium/pomerium/pull/1820) (@calebdoxsey)
-- Revert "reduce memory usage by handling http/2 coalescing via a lua script" [\#1785](https://github.com/pomerium/pomerium/pull/1785) (@calebdoxsey)
-- google: fix nil name [\#1771](https://github.com/pomerium/pomerium/pull/1771) (@calebdoxsey)
-- autocert: improve logging [\#1767](https://github.com/pomerium/pomerium/pull/1767) (@travisgroth)
-
-## Documentation
-
-- github: add tag suggestion to checklist [\#1819](https://github.com/pomerium/pomerium/pull/1819) (@desimone)
-- docs: add reference to the go-sdk [\#1800](https://github.com/pomerium/pomerium/pull/1800) (@desimone)
-- updated host rewrite docs [\#1799](https://github.com/pomerium/pomerium/pull/1799) (@vihardesu)
-- docs: update menu for v0.12 [\#1755](https://github.com/pomerium/pomerium/pull/1755) (@travisgroth)
-- Update GitLab provider docs [\#1591](https://github.com/pomerium/pomerium/pull/1591) (@bradjones1)
-- Fix command in Kubernetes Quick start docs [\#1582](https://github.com/pomerium/pomerium/pull/1582) (@wesleyw72)
-
-## Dependency
-
-- chore\(deps\): update module go.opencensus.io to v0.22.6 [\#1842](https://github.com/pomerium/pomerium/pull/1842) (@renovate[bot])
-- chore\(deps\): update module go-redis/redis/v8 to v8.4.11 [\#1841](https://github.com/pomerium/pomerium/pull/1841) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 44e461b [\#1840](https://github.com/pomerium/pomerium/pull/1840) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to f9ce19e [\#1839](https://github.com/pomerium/pomerium/pull/1839) (@renovate[bot])
-- chore\(deps\): update module stretchr/testify to v1.7.0 [\#1816](https://github.com/pomerium/pomerium/pull/1816) (@renovate[bot])
-- chore\(deps\): update module open-policy-agent/opa to v0.26.0 [\#1815](https://github.com/pomerium/pomerium/pull/1815) (@renovate[bot])
-- chore\(deps\): update module mitchellh/mapstructure to v1.4.1 [\#1814](https://github.com/pomerium/pomerium/pull/1814) (@renovate[bot])
-- chore\(deps\): update module google/uuid to v1.2.0 [\#1813](https://github.com/pomerium/pomerium/pull/1813) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/grpc to v1.35.0 [\#1812](https://github.com/pomerium/pomerium/pull/1812) (@renovate[bot])
-- chore\(deps\): update module go-redis/redis/v8 to v8.4.10 [\#1811](https://github.com/pomerium/pomerium/pull/1811) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.4.1 [\#1810](https://github.com/pomerium/pomerium/pull/1810) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 8081c04 [\#1809](https://github.com/pomerium/pomerium/pull/1809) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to d3ed898 [\#1808](https://github.com/pomerium/pomerium/pull/1808) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 5f4716e [\#1807](https://github.com/pomerium/pomerium/pull/1807) (@renovate[bot])
-- chore\(deps\): update oidc to v3 [\#1783](https://github.com/pomerium/pomerium/pull/1783) (@desimone)
-- chore\(deps\): update vuepress monorepo to v1.8.0 [\#1761](https://github.com/pomerium/pomerium/pull/1761) (@renovate[bot])
-- chore\(deps\): update module go-redis/redis/v8 to v8.4.8 [\#1760](https://github.com/pomerium/pomerium/pull/1760) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v4.3.1 [\#1759](https://github.com/pomerium/pomerium/pull/1759) (@renovate[bot])
-- chore\(deps\): update codecov/codecov-action action to v1.2.1 [\#1758](https://github.com/pomerium/pomerium/pull/1758) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to c7d5778 [\#1757](https://github.com/pomerium/pomerium/pull/1757) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/api to v0.38.0 [\#1656](https://github.com/pomerium/pomerium/pull/1656) (@renovate[bot])
-
-## Deployment
-
-- ci: fix usage of env variable in latest tag [\#1791](https://github.com/pomerium/pomerium/pull/1791) (@travisgroth)
-- databroker: rename cache service [\#1790](https://github.com/pomerium/pomerium/pull/1790) (@calebdoxsey)
-- ci: fix deprecated command in latestTag step [\#1763](https://github.com/pomerium/pomerium/pull/1763) (@travisgroth)
-
-## Changed
-
-- docs: additional load balancing documentation [\#1882](https://github.com/pomerium/pomerium/pull/1882) (@github-actions[bot])
-- authenticate: validate origin of signout [\#1881](https://github.com/pomerium/pomerium/pull/1881) (@github-actions[bot])
-- config: add CertificateFiles to FileWatcherSource list [\#1880](https://github.com/pomerium/pomerium/pull/1880) (@github-actions[bot])
-- ci: enable backporting from forks [\#1854](https://github.com/pomerium/pomerium/pull/1854) (@travisgroth)
-- ci: fix version metadata in non-releases [\#1836](https://github.com/pomerium/pomerium/pull/1836) (@travisgroth)
-- protobuf: upgrade protoc to 3.14 [\#1832](https://github.com/pomerium/pomerium/pull/1832) (@calebdoxsey)
-- Update codeowners [\#1831](https://github.com/pomerium/pomerium/pull/1831) (@travisgroth)
-- config: return errors on invalid URLs, fix linting [\#1829](https://github.com/pomerium/pomerium/pull/1829) (@calebdoxsey)
-- grpc: use custom resolver [\#1828](https://github.com/pomerium/pomerium/pull/1828) (@calebdoxsey)
-- controlplane: return errors in xds build methods [\#1827](https://github.com/pomerium/pomerium/pull/1827) (@calebdoxsey)
-- include envoy's proto specs into config.proto [\#1817](https://github.com/pomerium/pomerium/pull/1817) (@wasaga)
-- expose all envoy cluster options in policy [\#1804](https://github.com/pomerium/pomerium/pull/1804) (@wasaga)
-- autocert: store certificates separately from config certificates [\#1794](https://github.com/pomerium/pomerium/pull/1794) (@calebdoxsey)
-- move file change detection before autocert [\#1793](https://github.com/pomerium/pomerium/pull/1793) (@calebdoxsey)
-- config: support multiple destination addresses [\#1789](https://github.com/pomerium/pomerium/pull/1789) (@calebdoxsey)
-- ci: license check action [\#1773](https://github.com/pomerium/pomerium/pull/1773) (@travisgroth)
-- authorize: move impersonation into session/service account [\#1765](https://github.com/pomerium/pomerium/pull/1765) (@calebdoxsey)
-## [v0.12.2](https://github.com/pomerium/pomerium/tree/v0.12.2) (2021-02-02)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.12.1...v0.12.2)
-
-## Fixed
-
-- \[Backport 0-12-0\] deployment: set maintainer field in packages [\#1849](https://github.com/pomerium/pomerium/pull/1849) (@github-actions[bot])
-
-## Changed
-
-- \[Backport 0-12-0\] ci: fix usage of env variable in latest tag [\#1806](https://github.com/pomerium/pomerium/pull/1806) (@github-actions[bot])
-- \[Backport 0-12-0\] docs: add reference to the go-sdk [\#1803](https://github.com/pomerium/pomerium/pull/1803) (@github-actions[bot])
-## [v0.12.1](https://github.com/pomerium/pomerium/tree/v0.12.1) (2021-01-13)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.12.0...v0.12.1)
-
-## Fixed
-
-- \[Backport 0-12-0\] google: fix nil name [\#1772](https://github.com/pomerium/pomerium/pull/1772) (@github-actions[bot])
-- \[Backport 0-12-0\] autocert: improve logging [\#1769](https://github.com/pomerium/pomerium/pull/1769) (@travisgroth)
-
-## Documentation
-
-- \[Backport 0-12-0\] docs: update menu for v0.12 [\#1762](https://github.com/pomerium/pomerium/pull/1762) (@github-actions[bot])
-
-## Deployment
-
-- \[Backport 0-12-0\] ci: fix deprecated command in latestTag step [\#1764](https://github.com/pomerium/pomerium/pull/1764) (@github-actions[bot])
-
-
-
-## [v0.12.0](https://github.com/pomerium/pomerium/tree/v0.12.0) (2021-01-07)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.11.1...v0.12.0)
-
-## New
-
-- tcp: prevent idle stream timeouts for TCP and Websocket routes [\#1744](https://github.com/pomerium/pomerium/pull/1744) (@calebdoxsey)
-- telemetry: add support for datadog tracing [\#1743](https://github.com/pomerium/pomerium/pull/1743) (@calebdoxsey)
-- use incremental API for envoy xDS [\#1732](https://github.com/pomerium/pomerium/pull/1732) (@calebdoxsey)
-- cli: add version command [\#1726](https://github.com/pomerium/pomerium/pull/1726) (@desimone)
-- add TLS flags for TCP tunnel [\#1725](https://github.com/pomerium/pomerium/pull/1725) (@calebdoxsey)
-- k8s cmd: use authclient package [\#1722](https://github.com/pomerium/pomerium/pull/1722) (@calebdoxsey)
-- internal/controlplane: 0s default timeout for tcp routes [\#1716](https://github.com/pomerium/pomerium/pull/1716) (@travisgroth)
-- use impersonate groups if impersonate email is set [\#1701](https://github.com/pomerium/pomerium/pull/1701) (@calebdoxsey)
-- unimpersonate button [\#1700](https://github.com/pomerium/pomerium/pull/1700) (@calebdoxsey)
-- TCP client command [\#1696](https://github.com/pomerium/pomerium/pull/1696) (@calebdoxsey)
-- add support for TCP routes [\#1695](https://github.com/pomerium/pomerium/pull/1695) (@calebdoxsey)
-- internal/directory: use gitlab provider url option [\#1689](https://github.com/pomerium/pomerium/pull/1689) (@nghnam)
-- improve ca cert error message, use GetCertPool for databroker storage [\#1666](https://github.com/pomerium/pomerium/pull/1666) (@calebdoxsey)
-- implement new redis storage backend with go-redis package [\#1649](https://github.com/pomerium/pomerium/pull/1649) (@calebdoxsey)
-- authenticate: oidc frontchannel-logout endpoint [\#1586](https://github.com/pomerium/pomerium/pull/1586) (@pflipp)
-
-## Fixed
-
-- remove :443 or :80 from proxy URLs in authclient [\#1733](https://github.com/pomerium/pomerium/pull/1733) (@calebdoxsey)
-- tcptunnel: handle invalid http response codes [\#1727](https://github.com/pomerium/pomerium/pull/1727) (@calebdoxsey)
-- update azure docs [\#1723](https://github.com/pomerium/pomerium/pull/1723) (@calebdoxsey)
-- config: fix ignored yaml fields [\#1698](https://github.com/pomerium/pomerium/pull/1698) (@travisgroth)
-- fix concurrency race [\#1675](https://github.com/pomerium/pomerium/pull/1675) (@calebdoxsey)
-- don't create users when updating sessions [\#1671](https://github.com/pomerium/pomerium/pull/1671) (@calebdoxsey)
-
-## Documentation
-
-- update google docs [\#1738](https://github.com/pomerium/pomerium/pull/1738) (@calebdoxsey)
-- docs: add TCP guide [\#1714](https://github.com/pomerium/pomerium/pull/1714) (@travisgroth)
-- docs: tcp support [\#1712](https://github.com/pomerium/pomerium/pull/1712) (@travisgroth)
-- docs: replace httpbin with verify [\#1702](https://github.com/pomerium/pomerium/pull/1702) (@desimone)
-- docs: fix nginx config [\#1691](https://github.com/pomerium/pomerium/pull/1691) (@desimone)
-- remove "see policy" phrase in settings docs [\#1668](https://github.com/pomerium/pomerium/pull/1668) (@calebdoxsey)
-- docs: add allowed\_idp\_claims docs [\#1665](https://github.com/pomerium/pomerium/pull/1665) (@travisgroth)
-- docs: add v0.11 link to version menu [\#1663](https://github.com/pomerium/pomerium/pull/1663) (@travisgroth)
-
-## Dependency
-
-- chore\(deps\): update module google/uuid to v1.1.4 [\#1729](https://github.com/pomerium/pomerium/pull/1729) (@renovate[bot])
-- dev: update linter [\#1728](https://github.com/pomerium/pomerium/pull/1728) (@desimone)
-- chore\(deps\): update codecov/codecov-action action to v1.1.1 [\#1720](https://github.com/pomerium/pomerium/pull/1720) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 6772e93 [\#1719](https://github.com/pomerium/pomerium/pull/1719) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to eec23a3 [\#1718](https://github.com/pomerium/pomerium/pull/1718) (@renovate[bot])
-- chore\(deps\): update precommit hook pre-commit/pre-commit-hooks to v3.4.0 [\#1710](https://github.com/pomerium/pomerium/pull/1710) (@renovate[bot])
-- chore\(deps\): update module prometheus/client\_golang to v1.9.0 [\#1709](https://github.com/pomerium/pomerium/pull/1709) (@renovate[bot])
-- chore\(deps\): update module ory/dockertest/v3 to v3.6.3 [\#1708](https://github.com/pomerium/pomerium/pull/1708) (@renovate[bot])
-- chore\(deps\): update module go-redis/redis/v8 to v8.4.4 [\#1707](https://github.com/pomerium/pomerium/pull/1707) (@renovate[bot])
-- chore\(deps\): update codecov/codecov-action action to v1.1.0 [\#1706](https://github.com/pomerium/pomerium/pull/1706) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 8c77b98 [\#1705](https://github.com/pomerium/pomerium/pull/1705) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 986b41b [\#1704](https://github.com/pomerium/pomerium/pull/1704) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 9d13527 [\#1703](https://github.com/pomerium/pomerium/pull/1703) (@renovate[bot])
-- chore\(deps\): update module open-policy-agent/opa to v0.25.2 [\#1685](https://github.com/pomerium/pomerium/pull/1685) (@renovate[bot])
-- chore\(deps\): update module go-redis/redis/v8 to v8.4.2 [\#1684](https://github.com/pomerium/pomerium/pull/1684) (@renovate[bot])
-- chore\(deps\): update module envoyproxy/go-control-plane to v0.9.8 [\#1683](https://github.com/pomerium/pomerium/pull/1683) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 40ec1c2 [\#1682](https://github.com/pomerium/pomerium/pull/1682) (@renovate[bot])
-- chore\(deps\): update golang.org/x/sync commit hash to 09787c9 [\#1681](https://github.com/pomerium/pomerium/pull/1681) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 08078c5 [\#1680](https://github.com/pomerium/pomerium/pull/1680) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to ac852fb [\#1679](https://github.com/pomerium/pomerium/pull/1679) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 5f87f34 [\#1678](https://github.com/pomerium/pomerium/pull/1678) (@renovate[bot])
-
-## Deployment
-
-- ci: upgrade yq syntax for v4 [\#1745](https://github.com/pomerium/pomerium/pull/1745) (@travisgroth)
-- deployment: Fix docker and rpm workflows [\#1687](https://github.com/pomerium/pomerium/pull/1687) (@travisgroth)
-- ci: fix pomerium-cli rpm name [\#1661](https://github.com/pomerium/pomerium/pull/1661) (@travisgroth)
-
-## Changed
-
-- ci: fix typo in yq image [\#1746](https://github.com/pomerium/pomerium/pull/1746) (@travisgroth)
-- fix coverage [\#1741](https://github.com/pomerium/pomerium/pull/1741) (@calebdoxsey)
-- fix error wrapping [\#1737](https://github.com/pomerium/pomerium/pull/1737) (@calebdoxsey)
-- Revert "set recommended defaults" [\#1735](https://github.com/pomerium/pomerium/pull/1735) (@calebdoxsey)
-- set recommended defaults [\#1734](https://github.com/pomerium/pomerium/pull/1734) (@calebdoxsey)
-- internal/telemetry/metrics: update redis metrics for go-redis [\#1694](https://github.com/pomerium/pomerium/pull/1694) (@travisgroth)
-
-## [v0.11.1](https://github.com/pomerium/pomerium/tree/v0.11.1) (2020-12-11)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.11.0...v0.11.1)
-
-## Fixed
-
-- \[Backport 0-11-0\] fix concurrency race [\#1676](https://github.com/pomerium/pomerium/pull/1676) (@github-actions[bot])
-- \[Backport 0-11-0\] don't create users when updating sessions [\#1672](https://github.com/pomerium/pomerium/pull/1672) (@github-actions[bot])
-
-## Documentation
-
-- \[Backport 0-11-0\] remove "see policy" phrase in settings docs [\#1669](https://github.com/pomerium/pomerium/pull/1669) (@github-actions[bot])
-- \[Backport 0-11-0\] docs: add allowed\_idp\_claims docs [\#1667](https://github.com/pomerium/pomerium/pull/1667) (@github-actions[bot])
-- \[Backport 0-11-0\] docs: add v0.11 link to version menu [\#1664](https://github.com/pomerium/pomerium/pull/1664) (@github-actions[bot])
-
-## Deployment
-
-- \[Backport 0-11-0\] ci: fix pomerium-cli rpm name [\#1662](https://github.com/pomerium/pomerium/pull/1662) (@travisgroth)
-
-## [v0.11.0](https://github.com/pomerium/pomerium/tree/v0.11.0) (2020-12-04)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.6...v0.11.0)
-
-## Breaking
-
-- remove deprecated cache\_service\_url config option [\#1614](https://github.com/pomerium/pomerium/pull/1614) (@calebdoxsey)
-- add flag to enable user impersonation [\#1514](https://github.com/pomerium/pomerium/pull/1514) (@calebdoxsey)
-
-## New
-
-- microsoft: add support for common endpoint [\#1648](https://github.com/pomerium/pomerium/pull/1648) (@desimone)
-- use the directory email when provided for the jwt [\#1647](https://github.com/pomerium/pomerium/pull/1647) (@calebdoxsey)
-- fix profile image on dashboard [\#1637](https://github.com/pomerium/pomerium/pull/1637) (@calebdoxsey)
-- wait for initial sync to complete before starting control plane [\#1636](https://github.com/pomerium/pomerium/pull/1636) (@calebdoxsey)
-- authorize:  add signature algo support \(RSA / EdDSA\) [\#1631](https://github.com/pomerium/pomerium/pull/1631) (@desimone)
-- replace GetAllPages with InitialSync, improve merge performance [\#1624](https://github.com/pomerium/pomerium/pull/1624) (@calebdoxsey)
-- cryptutil: more explicit decryption error [\#1607](https://github.com/pomerium/pomerium/pull/1607) (@desimone)
-- add paging support to GetAll [\#1601](https://github.com/pomerium/pomerium/pull/1601) (@calebdoxsey)
-- attach version to gRPC server metadata [\#1598](https://github.com/pomerium/pomerium/pull/1598) (@calebdoxsey)
-- use custom default http transport [\#1576](https://github.com/pomerium/pomerium/pull/1576) (@calebdoxsey)
-- update user info in addition to refreshing the token [\#1572](https://github.com/pomerium/pomerium/pull/1572) (@calebdoxsey)
-- databroker: add audience to session [\#1557](https://github.com/pomerium/pomerium/pull/1557) (@calebdoxsey)
-- authorize: implement allowed\_idp\_claims [\#1542](https://github.com/pomerium/pomerium/pull/1542) (@calebdoxsey)
-- autocert: support certificate renewal [\#1516](https://github.com/pomerium/pomerium/pull/1516) (@calebdoxsey)
-- add policy to allow any authenticated user [\#1515](https://github.com/pomerium/pomerium/pull/1515) (@pflipp)
-- debug: add pprof endpoints [\#1504](https://github.com/pomerium/pomerium/pull/1504) (@calebdoxsey)
-- databroker: require JWT for access [\#1503](https://github.com/pomerium/pomerium/pull/1503) (@calebdoxsey)
-- authenticate: remove unused paths, generate cipher at startup, remove qp store [\#1495](https://github.com/pomerium/pomerium/pull/1495) (@desimone)
-- forward-auth: use envoy's ext\_authz check [\#1482](https://github.com/pomerium/pomerium/pull/1482) (@desimone)
-- auth0: implement directory provider [\#1479](https://github.com/pomerium/pomerium/pull/1479) (@grounded042)
-- azure: incremental sync [\#1471](https://github.com/pomerium/pomerium/pull/1471) (@calebdoxsey)
-- auth0: implement identity provider [\#1470](https://github.com/pomerium/pomerium/pull/1470) (@calebdoxsey)
-- dashboard: format timestamps [\#1468](https://github.com/pomerium/pomerium/pull/1468) (@calebdoxsey)
-- directory: additional user info [\#1467](https://github.com/pomerium/pomerium/pull/1467) (@calebdoxsey)
-- directory: add explicit RefreshUser endpoint for faster sync [\#1460](https://github.com/pomerium/pomerium/pull/1460) (@calebdoxsey)
-- config: add support for host header rewriting [\#1457](https://github.com/pomerium/pomerium/pull/1457) (@calebdoxsey)
-- proxy: preserve path and query string for http-\>https redirect [\#1456](https://github.com/pomerium/pomerium/pull/1456) (@calebdoxsey)
-- redis: use pubsub instead of keyspace events [\#1450](https://github.com/pomerium/pomerium/pull/1450) (@calebdoxsey)
-- proxy: add support for /.pomerium/jwt [\#1446](https://github.com/pomerium/pomerium/pull/1446) (@calebdoxsey)
-- databroker: add support for querying the databroker [\#1443](https://github.com/pomerium/pomerium/pull/1443) (@calebdoxsey)
-- config: add dns\_lookup\_family option to customize DNS IP resolution [\#1436](https://github.com/pomerium/pomerium/pull/1436) (@calebdoxsey)
-- okta: handle deleted groups [\#1418](https://github.com/pomerium/pomerium/pull/1418) (@calebdoxsey)
-- controlplane: support P-384 / P-512 EC curves [\#1409](https://github.com/pomerium/pomerium/pull/1409) (@desimone)
-- azure: add support for nested groups [\#1408](https://github.com/pomerium/pomerium/pull/1408) (@calebdoxsey)
-- authorize: add support for service accounts [\#1374](https://github.com/pomerium/pomerium/pull/1374) (@calebdoxsey)
-- Cuonglm/improve timeout error message [\#1373](https://github.com/pomerium/pomerium/pull/1373) (@cuonglm)
-- internal/directory/okta: remove rate limiter [\#1370](https://github.com/pomerium/pomerium/pull/1370) (@cuonglm)
-- {proxy/controlplane}: make health checks debug level [\#1368](https://github.com/pomerium/pomerium/pull/1368) (@desimone)
-- databroker: add tracing for rego evaluation and databroker sync, fix bug in databroker config source [\#1367](https://github.com/pomerium/pomerium/pull/1367) (@calebdoxsey)
-- authorize: use impersonate email/groups in JWT [\#1364](https://github.com/pomerium/pomerium/pull/1364) (@calebdoxsey)
-- config: support explicit prefix and regex path rewriting [\#1363](https://github.com/pomerium/pomerium/pull/1363) (@calebdoxsey)
-- proxy: support websocket timeouts [\#1362](https://github.com/pomerium/pomerium/pull/1362) (@calebdoxsey)
-- proxy: disable control-plane robots.txt for public unauthenticated routes [\#1361](https://github.com/pomerium/pomerium/pull/1361) (@calebdoxsey)
-- certmagic: improve logging [\#1358](https://github.com/pomerium/pomerium/pull/1358) (@calebdoxsey)
-- logs: add new log scrubber [\#1346](https://github.com/pomerium/pomerium/pull/1346) (@calebdoxsey)
-- Allow setting the shared secret via an environment variable. [\#1337](https://github.com/pomerium/pomerium/pull/1337) (@rspier)
-- authorize: add jti to JWT payload [\#1328](https://github.com/pomerium/pomerium/pull/1328) (@calebdoxsey)
-- all: add signout redirect url [\#1324](https://github.com/pomerium/pomerium/pull/1324) (@cuonglm)
-- proxy: remove unused handlers [\#1317](https://github.com/pomerium/pomerium/pull/1317) (@desimone)
-- azure: support deriving credentials from client id, client secret and provider url [\#1300](https://github.com/pomerium/pomerium/pull/1300) (@calebdoxsey)
-- cache: support databroker option changes [\#1294](https://github.com/pomerium/pomerium/pull/1294) (@calebdoxsey)
-- authenticate: move databroker connection to state [\#1292](https://github.com/pomerium/pomerium/pull/1292) (@calebdoxsey)
-- authorize: use atomic state for properties [\#1290](https://github.com/pomerium/pomerium/pull/1290) (@calebdoxsey)
-- proxy: move properties to atomically updated state [\#1280](https://github.com/pomerium/pomerium/pull/1280) (@calebdoxsey)
-- Improving okta API requests [\#1278](https://github.com/pomerium/pomerium/pull/1278) (@cuonglm)
-- authenticate: move properties to atomically updated state [\#1277](https://github.com/pomerium/pomerium/pull/1277) (@calebdoxsey)
-- authenticate: support reloading IDP settings [\#1273](https://github.com/pomerium/pomerium/pull/1273) (@calebdoxsey)
-- Rate limit for okta [\#1271](https://github.com/pomerium/pomerium/pull/1271) (@cuonglm)
-- config: allow dynamic configuration of cookie settings [\#1267](https://github.com/pomerium/pomerium/pull/1267) (@calebdoxsey)
-- internal/directory/okta: increase default batch size to 200 [\#1264](https://github.com/pomerium/pomerium/pull/1264) (@cuonglm)
-- envoy: add support for hot-reloading bootstrap configuration [\#1259](https://github.com/pomerium/pomerium/pull/1259) (@calebdoxsey)
-- config: allow reloading of telemetry settings [\#1255](https://github.com/pomerium/pomerium/pull/1255) (@calebdoxsey)
-- databroker: add support for config settings [\#1253](https://github.com/pomerium/pomerium/pull/1253) (@calebdoxsey)
-- config: warn if custom scopes set for builtin providers [\#1252](https://github.com/pomerium/pomerium/pull/1252) (@cuonglm)
-- authorize: add databroker url check [\#1228](https://github.com/pomerium/pomerium/pull/1228) (@desimone)
-- internal/databroker: make Sync send data in smaller batches [\#1226](https://github.com/pomerium/pomerium/pull/1226) (@cuonglm)
-
-## Fixed
-
-- fix config race [\#1660](https://github.com/pomerium/pomerium/pull/1660) (@calebdoxsey)
-- fix ordering of autocert config source [\#1640](https://github.com/pomerium/pomerium/pull/1640) (@calebdoxsey)
-- pkg/storage/redis: Prevent connection churn [\#1603](https://github.com/pomerium/pomerium/pull/1603) (@travisgroth)
--  forward-auth: fix special character support for nginx  [\#1578](https://github.com/pomerium/pomerium/pull/1578) (@desimone)
-- proxy/forward\_auth: copy response headers as request headers [\#1577](https://github.com/pomerium/pomerium/pull/1577) (@desimone)
-- fix querying claim data on the dashboard [\#1560](https://github.com/pomerium/pomerium/pull/1560) (@calebdoxsey)
-- github: fix retrieving team id with graphql API \(\#1554\) [\#1555](https://github.com/pomerium/pomerium/pull/1555) (@toshipp)
-- store raw id token so it can be passed to the logout url [\#1543](https://github.com/pomerium/pomerium/pull/1543) (@calebdoxsey)
-- fix databroker requiring signed jwt [\#1538](https://github.com/pomerium/pomerium/pull/1538) (@calebdoxsey)
-- authorize: add redirect url to debug page [\#1533](https://github.com/pomerium/pomerium/pull/1533) (@desimone)
-- internal/frontend: resolve authN helper url [\#1521](https://github.com/pomerium/pomerium/pull/1521) (@desimone)
-- fwd-auth: match nginx-ingress config [\#1505](https://github.com/pomerium/pomerium/pull/1505) (@desimone)
-- authenticate: protect /.pomerium/admin endpoint [\#1500](https://github.com/pomerium/pomerium/pull/1500) (@calebdoxsey)
-- ci: ensure systemd unit file is in packages [\#1481](https://github.com/pomerium/pomerium/pull/1481) (@travisgroth)
-- identity manager: fix directory sync timing [\#1455](https://github.com/pomerium/pomerium/pull/1455) (@calebdoxsey)
-- proxy/forward\_auth: don't reset forward auth path if X-Forwarded-Uri is not set [\#1447](https://github.com/pomerium/pomerium/pull/1447) (@whs)
-- httputil: remove retry button [\#1438](https://github.com/pomerium/pomerium/pull/1438) (@desimone)
-- proxy: always use https for application callback [\#1433](https://github.com/pomerium/pomerium/pull/1433) (@travisgroth)
-- controplane: remove p-521 EC [\#1420](https://github.com/pomerium/pomerium/pull/1420) (@desimone)
-- redirect-server: add config headers to responses [\#1416](https://github.com/pomerium/pomerium/pull/1416) (@calebdoxsey)
-- proxy: remove impersonate headers for kubernetes [\#1394](https://github.com/pomerium/pomerium/pull/1394) (@calebdoxsey)
-- Desimone/authenticate default logout [\#1390](https://github.com/pomerium/pomerium/pull/1390) (@desimone)
-- proxy: for filter matches only include bare domain name [\#1389](https://github.com/pomerium/pomerium/pull/1389) (@calebdoxsey)
-- internal/envoy: start epoch from 0 [\#1387](https://github.com/pomerium/pomerium/pull/1387) (@travisgroth)
-- internal/directory/okta: acceept non-json service account [\#1359](https://github.com/pomerium/pomerium/pull/1359) (@cuonglm)
-- internal/controlplane: add telemetry http handler [\#1353](https://github.com/pomerium/pomerium/pull/1353) (@travisgroth)
-- autocert: fix locking issue [\#1310](https://github.com/pomerium/pomerium/pull/1310) (@calebdoxsey)
-- authorize: log users and groups [\#1303](https://github.com/pomerium/pomerium/pull/1303) (@desimone)
-- proxy: fix wrong applied middleware [\#1298](https://github.com/pomerium/pomerium/pull/1298) (@cuonglm)
-- internal/directory/okta: fix wrong API query filter [\#1296](https://github.com/pomerium/pomerium/pull/1296) (@cuonglm)
-- autocert: fix  bootstrapped cache store path [\#1283](https://github.com/pomerium/pomerium/pull/1283) (@desimone)
-- config: validate databroker settings [\#1260](https://github.com/pomerium/pomerium/pull/1260) (@calebdoxsey)
-- internal/autocert: re-use cert if renewing failed but cert not expired [\#1237](https://github.com/pomerium/pomerium/pull/1237) (@cuonglm)
-
-## Security
-
-- chore\(deps\): update envoy 1.16.1 [\#1613](https://github.com/pomerium/pomerium/pull/1613) (@desimone)
-
-## Documentation
-
-- move signing key algorithm documentation into yaml file [\#1646](https://github.com/pomerium/pomerium/pull/1646) (@calebdoxsey)
-- update docs [\#1645](https://github.com/pomerium/pomerium/pull/1645) (@desimone)
-- docs: update build badge [\#1635](https://github.com/pomerium/pomerium/pull/1635) (@travisgroth)
-- docs: add cache\_service\_url upgrade notice [\#1621](https://github.com/pomerium/pomerium/pull/1621) (@travisgroth)
-- docs: use standard language for lists [\#1590](https://github.com/pomerium/pomerium/pull/1590) (@desimone)
-- Fix command in Kubernetes Quick start docs [\#1582](https://github.com/pomerium/pomerium/pull/1582) (@wesleyw72)
-- move docs to settings.yaml [\#1579](https://github.com/pomerium/pomerium/pull/1579) (@calebdoxsey)
-- docs: add round logo [\#1574](https://github.com/pomerium/pomerium/pull/1574) (@desimone)
-- add settings.yaml file [\#1540](https://github.com/pomerium/pomerium/pull/1540) (@calebdoxsey)
-- update the documentation for auth0 to include group/role information [\#1502](https://github.com/pomerium/pomerium/pull/1502) (@grounded042)
-- examples: fix nginx example [\#1478](https://github.com/pomerium/pomerium/pull/1478) (@desimone)
-- docs: add architecture diagram for cloudrun [\#1444](https://github.com/pomerium/pomerium/pull/1444) (@travisgroth)
-- fix\(examples\): Use X-Pomerium-Claim headers [\#1422](https://github.com/pomerium/pomerium/pull/1422) (@tdorsey)
-- chore\(docs\): Fix typo in example policy [\#1419](https://github.com/pomerium/pomerium/pull/1419) (@tdorsey)
-- docs: fix grammar [\#1412](https://github.com/pomerium/pomerium/pull/1412) (@shinebayar-g)
-- docs: Add Traefik + Kubernetes example [\#1411](https://github.com/pomerium/pomerium/pull/1411) (@travisgroth)
-- Remove typo on remove\_request\_headers docs [\#1388](https://github.com/pomerium/pomerium/pull/1388) (@whs)
-- docs: update azure docs [\#1377](https://github.com/pomerium/pomerium/pull/1377) (@desimone)
-- docs: add nginx example [\#1329](https://github.com/pomerium/pomerium/pull/1329) (@travisgroth)
-- docs: use .com sitemap hostname [\#1274](https://github.com/pomerium/pomerium/pull/1274) (@desimone)
-- docs: fix in-action video [\#1268](https://github.com/pomerium/pomerium/pull/1268) (@travisgroth)
-- docs: image, sitemap and redirect fixes [\#1263](https://github.com/pomerium/pomerium/pull/1263) (@travisgroth)
-- Fix broken logo link in README.md [\#1261](https://github.com/pomerium/pomerium/pull/1261) (@cuonglm)
-- docs/docs: fix wrong okta service account field [\#1251](https://github.com/pomerium/pomerium/pull/1251) (@cuonglm)
-- \[Backport latest\] Docs/enterprise button [\#1247](https://github.com/pomerium/pomerium/pull/1247) (@github-actions[bot])
-- Docs/enterprise button [\#1245](https://github.com/pomerium/pomerium/pull/1245) (@desimone)
-- remove rootDomain from examples [\#1244](https://github.com/pomerium/pomerium/pull/1244) (@karelbilek)
-- docs: add / redirect [\#1241](https://github.com/pomerium/pomerium/pull/1241) (@desimone)
-- docs: prepare for enterprise / oss split [\#1238](https://github.com/pomerium/pomerium/pull/1238) (@desimone)
-
-## Dependency
-
-- chore\(deps\): update module open-policy-agent/opa to v0.25.1 [\#1659](https://github.com/pomerium/pomerium/pull/1659) (@renovate[bot])
-- chore\(deps\): update module lithammer/shortuuid/v3 to v3.0.5 [\#1658](https://github.com/pomerium/pomerium/pull/1658) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/grpc to v1.34.0 [\#1657](https://github.com/pomerium/pomerium/pull/1657) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 9ee31aa [\#1655](https://github.com/pomerium/pomerium/pull/1655) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 9317641 [\#1654](https://github.com/pomerium/pomerium/pull/1654) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to c7110b5 [\#1653](https://github.com/pomerium/pomerium/pull/1653) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to be400ae [\#1652](https://github.com/pomerium/pomerium/pull/1652) (@renovate[bot])
-- deps: update hashstructure v2 [\#1632](https://github.com/pomerium/pomerium/pull/1632) (@desimone)
-- chore\(deps\): update precommit hook pre-commit/pre-commit-hooks to v3 [\#1630](https://github.com/pomerium/pomerium/pull/1630) (@renovate[bot])
-- chore\(deps\): update module yaml to v2.4.0 [\#1629](https://github.com/pomerium/pomerium/pull/1629) (@renovate[bot])
-- chore\(deps\): update module google/go-cmp to v0.5.4 [\#1628](https://github.com/pomerium/pomerium/pull/1628) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to c8d3bf9 [\#1627](https://github.com/pomerium/pomerium/pull/1627) (@renovate[bot])
-- chore\(deps\): update module google/go-jsonnet to v0.17.0 [\#1611](https://github.com/pomerium/pomerium/pull/1611) (@renovate[bot])
-- chore\(deps\): update codecov/codecov-action action to v1.0.15 [\#1610](https://github.com/pomerium/pomerium/pull/1610) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 9b1e624 [\#1609](https://github.com/pomerium/pomerium/pull/1609) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to c1f2f97 [\#1608](https://github.com/pomerium/pomerium/pull/1608) (@renovate[bot])
-- chore\(deps\): update module google/go-cmp to v0.5.3 [\#1597](https://github.com/pomerium/pomerium/pull/1597) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to ce600e9 [\#1596](https://github.com/pomerium/pomerium/pull/1596) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 9fd6049 [\#1595](https://github.com/pomerium/pomerium/pull/1595) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 69a7880 [\#1594](https://github.com/pomerium/pomerium/pull/1594) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 0c6587e [\#1593](https://github.com/pomerium/pomerium/pull/1593) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/grpc to v1.33.2 [\#1585](https://github.com/pomerium/pomerium/pull/1585) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to f9bfe23 [\#1583](https://github.com/pomerium/pomerium/pull/1583) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v3.4.1 [\#1567](https://github.com/pomerium/pomerium/pull/1567) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 24207fd [\#1566](https://github.com/pomerium/pomerium/pull/1566) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to ff519b6 [\#1565](https://github.com/pomerium/pomerium/pull/1565) (@renovate[bot])
-- chore\(deps\): update olegtarasov/get-tag action to v2 [\#1552](https://github.com/pomerium/pomerium/pull/1552) (@renovate[bot])
-- chore\(deps\): update goreleaser/goreleaser-action action to v2 [\#1551](https://github.com/pomerium/pomerium/pull/1551) (@renovate[bot])
-- chore\(deps\): update actions/setup-go action to v2 [\#1550](https://github.com/pomerium/pomerium/pull/1550) (@renovate[bot])
-- chore\(deps\): update toolmantim/release-drafter action to v5.12.1 [\#1549](https://github.com/pomerium/pomerium/pull/1549) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/grpc to v1.33.1 [\#1548](https://github.com/pomerium/pomerium/pull/1548) (@renovate[bot])
-- chore\(deps\): update codecov/codecov-action action to v1.0.14 [\#1547](https://github.com/pomerium/pomerium/pull/1547) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 0ff5f38 [\#1546](https://github.com/pomerium/pomerium/pull/1546) (@renovate[bot])
-- chore\(deps\): update golang.org/x/sync commit hash to 67f06af [\#1545](https://github.com/pomerium/pomerium/pull/1545) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to be3efd7 [\#1544](https://github.com/pomerium/pomerium/pull/1544) (@renovate[bot])
-- chore\(deps\): update vuepress monorepo to v1.7.1 [\#1531](https://github.com/pomerium/pomerium/pull/1531) (@renovate[bot])
-- chore\(deps\): update module spf13/cobra to v1.1.1 [\#1530](https://github.com/pomerium/pomerium/pull/1530) (@renovate[bot])
-- chore\(deps\): update module prometheus/client\_golang to v1.8.0 [\#1529](https://github.com/pomerium/pomerium/pull/1529) (@renovate[bot])
-- chore\(deps\): update module ory/dockertest/v3 to v3.6.2 [\#1528](https://github.com/pomerium/pomerium/pull/1528) (@renovate[bot])
-- chore\(deps\): update module open-policy-agent/opa to v0.24.0 [\#1527](https://github.com/pomerium/pomerium/pull/1527) (@renovate[bot])
-- chore\(deps\): update module golang/protobuf to v1.4.3 [\#1525](https://github.com/pomerium/pomerium/pull/1525) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 32ed001 [\#1524](https://github.com/pomerium/pomerium/pull/1524) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 7b1cca2 [\#1523](https://github.com/pomerium/pomerium/pull/1523) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 9e8e0b3 [\#1522](https://github.com/pomerium/pomerium/pull/1522) (@renovate[bot])
-- chore\(deps\): upgrade envoy to v0.16.0 [\#1519](https://github.com/pomerium/pomerium/pull/1519) (@desimone)
-- deployment: run go mod tidy [\#1512](https://github.com/pomerium/pomerium/pull/1512) (@desimone)
-- chore\(deps\): update module ory/dockertest/v3 to v3.6.1 [\#1511](https://github.com/pomerium/pomerium/pull/1511) (@renovate[bot])
-- chore\(deps\): update module go.opencensus.io to v0.22.5 [\#1510](https://github.com/pomerium/pomerium/pull/1510) (@renovate[bot])
-- chore\(deps\): update module cenkalti/backoff/v4 to v4.1.0 [\#1509](https://github.com/pomerium/pomerium/pull/1509) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 4d944d3 [\#1508](https://github.com/pomerium/pomerium/pull/1508) (@renovate[bot])
-- chore\(deps\): update golang.org/x/sync commit hash to b3e1573 [\#1507](https://github.com/pomerium/pomerium/pull/1507) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 4f7140c [\#1506](https://github.com/pomerium/pomerium/pull/1506) (@renovate[bot])
-- deployment: pin /x/sys to fix dockertest [\#1491](https://github.com/pomerium/pomerium/pull/1491) (@desimone)
-- chore\(deps\): update module openzipkin/zipkin-go to v0.2.5 [\#1488](https://github.com/pomerium/pomerium/pull/1488) (@renovate[bot])
-- chore\(deps\): update module envoyproxy/go-control-plane to v0.9.7 [\#1487](https://github.com/pomerium/pomerium/pull/1487) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to bcad7cf [\#1486](https://github.com/pomerium/pomerium/pull/1486) (@renovate[bot])
-- chore\(deps\): update golang.org/x/sync commit hash to 3042136 [\#1485](https://github.com/pomerium/pomerium/pull/1485) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 7f63de1 [\#1483](https://github.com/pomerium/pomerium/pull/1483) (@renovate[bot])
-- deps: update envoy arm64 to v1.15.1 [\#1475](https://github.com/pomerium/pomerium/pull/1475) (@travisgroth)
-- chore\(deps\): envoy 1.15.1 [\#1473](https://github.com/pomerium/pomerium/pull/1473) (@desimone)
-- chore\(deps\): update vuepress monorepo to v1.6.0 [\#1463](https://github.com/pomerium/pomerium/pull/1463) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to c2d885f [\#1462](https://github.com/pomerium/pomerium/pull/1462) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 5d4f700 [\#1461](https://github.com/pomerium/pomerium/pull/1461) (@renovate[bot])
-- deps: go mod tidy [\#1434](https://github.com/pomerium/pomerium/pull/1434) (@travisgroth)
-- chore\(deps\): update module rs/zerolog to v1.20.0 [\#1431](https://github.com/pomerium/pomerium/pull/1431) (@renovate[bot])
-- chore\(deps\): update module caddyserver/certmagic to v0.12.0 [\#1429](https://github.com/pomerium/pomerium/pull/1429) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to d0d6055 [\#1428](https://github.com/pomerium/pomerium/pull/1428) (@renovate[bot])
-- chore\(deps\): update module openzipkin/zipkin-go to v0.2.4 [\#1407](https://github.com/pomerium/pomerium/pull/1407) (@renovate[bot])
-- chore\(deps\): update module gorilla/handlers to v1.5.1 [\#1406](https://github.com/pomerium/pomerium/pull/1406) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/grpc to v1.32.0 [\#1405](https://github.com/pomerium/pomerium/pull/1405) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 645f7a4 [\#1404](https://github.com/pomerium/pomerium/pull/1404) (@renovate[bot])
-- Run go mod tidy [\#1384](https://github.com/pomerium/pomerium/pull/1384) (@cuonglm)
-- chore\(deps\): update module go.uber.org/zap to v1.16.0 [\#1381](https://github.com/pomerium/pomerium/pull/1381) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 0bd0a95 [\#1380](https://github.com/pomerium/pomerium/pull/1380) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 5d25da1 [\#1379](https://github.com/pomerium/pomerium/pull/1379) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 62affa3 [\#1378](https://github.com/pomerium/pomerium/pull/1378) (@renovate[bot])
-- deps: ensure renovate runs `go mod tidy` [\#1357](https://github.com/pomerium/pomerium/pull/1357) (@travisgroth)
-- deps: go mod tidy [\#1356](https://github.com/pomerium/pomerium/pull/1356) (@travisgroth)
-- Update module open-policy-agent/opa to v0.23.2 [\#1351](https://github.com/pomerium/pomerium/pull/1351) (@renovate[bot])
-- Update module google/uuid to v1.1.2 [\#1350](https://github.com/pomerium/pomerium/pull/1350) (@renovate[bot])
-- Update module google/go-cmp to v0.5.2 [\#1349](https://github.com/pomerium/pomerium/pull/1349) (@renovate[bot])
-- Update module google.golang.org/grpc to v1.31.1 [\#1348](https://github.com/pomerium/pomerium/pull/1348) (@renovate[bot])
-- Update google.golang.org/genproto commit hash to 2bf3329 [\#1347](https://github.com/pomerium/pomerium/pull/1347) (@renovate[bot])
-- chore\(deps\): update vuepress monorepo to v1.5.4 [\#1323](https://github.com/pomerium/pomerium/pull/1323) (@renovate[bot])
-- chore\(deps\): update module open-policy-agent/opa to v0.23.1 [\#1322](https://github.com/pomerium/pomerium/pull/1322) (@renovate[bot])
-- chore\(deps\): update module gorilla/mux to v1.8.0 [\#1321](https://github.com/pomerium/pomerium/pull/1321) (@renovate[bot])
-- chore\(deps\): update module gorilla/handlers to v1.5.0 [\#1320](https://github.com/pomerium/pomerium/pull/1320) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to c890458 [\#1319](https://github.com/pomerium/pomerium/pull/1319) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 5c72a88 [\#1318](https://github.com/pomerium/pomerium/pull/1318) (@renovate[bot])
-- Upgrade zipkin-go to v0.2.3 [\#1288](https://github.com/pomerium/pomerium/pull/1288) (@cuonglm)
-- chore\(deps\): update google.golang.org/genproto commit hash to f69a880 [\#1286](https://github.com/pomerium/pomerium/pull/1286) (@renovate[bot])
-- chore\(deps\): update golang.org/x/time commit hash to 3af7569 [\#1285](https://github.com/pomerium/pomerium/pull/1285) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 3edf25e [\#1284](https://github.com/pomerium/pomerium/pull/1284) (@renovate[bot])
-- .github/workflows: upgrade to go1.15 [\#1258](https://github.com/pomerium/pomerium/pull/1258) (@cuonglm)
-- Fix tests failed with go115 [\#1257](https://github.com/pomerium/pomerium/pull/1257) (@cuonglm)
-- chore\(deps\): update dependency @vuepress/plugin-google-analytics to v1.5.3 [\#1236](https://github.com/pomerium/pomerium/pull/1236) (@renovate[bot])
-- Update module google.golang.org/api to v0.30.0 [\#1235](https://github.com/pomerium/pomerium/pull/1235) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to a062522 [\#1234](https://github.com/pomerium/pomerium/pull/1234) (@renovate[bot])
-
-## Deployment
-
-- deployment: enable multi-arch release images [\#1643](https://github.com/pomerium/pomerium/pull/1643) (@travisgroth)
-- ci: add bintray publishing [\#1618](https://github.com/pomerium/pomerium/pull/1618) (@travisgroth)
-- ci: remove bad quoting in publish steps [\#1617](https://github.com/pomerium/pomerium/pull/1617) (@travisgroth)
-- ci: update tag parsing step [\#1616](https://github.com/pomerium/pomerium/pull/1616) (@travisgroth)
-- remove memberlist [\#1615](https://github.com/pomerium/pomerium/pull/1615) (@calebdoxsey)
-- ci: automatically update test environment with master [\#1562](https://github.com/pomerium/pomerium/pull/1562) (@travisgroth)
-- deployment: add debug build / container / docs [\#1513](https://github.com/pomerium/pomerium/pull/1513) (@travisgroth)
-- deployment: Generate deb and rpm packages [\#1458](https://github.com/pomerium/pomerium/pull/1458) (@travisgroth)
-- deployment: bump release go to v1.15.x [\#1439](https://github.com/pomerium/pomerium/pull/1439) (@desimone)
-- ci: publish cloudrun latest tag [\#1398](https://github.com/pomerium/pomerium/pull/1398) (@travisgroth)
-- deployment: fully split release archives and brews [\#1365](https://github.com/pomerium/pomerium/pull/1365) (@travisgroth)
-- Include pomerium-cli in the docker image by default.  Fixes \#1343. [\#1345](https://github.com/pomerium/pomerium/pull/1345) (@rspier)
-- Use apt-get instead of apt to eliminate warning. [\#1344](https://github.com/pomerium/pomerium/pull/1344) (@rspier)
-- deployment: add goimports with path awareness [\#1316](https://github.com/pomerium/pomerium/pull/1316) (@desimone)
-
-## Changed
-
-- identity/oidc/azure: goimports [\#1651](https://github.com/pomerium/pomerium/pull/1651) (@travisgroth)
-- fix panic when deleting a record twice from the inmemory data store [\#1639](https://github.com/pomerium/pomerium/pull/1639) (@calebdoxsey)
-- ci: improve release snapshot name template [\#1602](https://github.com/pomerium/pomerium/pull/1602) (@travisgroth)
-- ci: fix release workflow syntax [\#1592](https://github.com/pomerium/pomerium/pull/1592) (@travisgroth)
-- ci: update changelog generation to script [\#1589](https://github.com/pomerium/pomerium/pull/1589) (@travisgroth)
-- \[Backport 0-10-0\] docs: add round logo [\#1575](https://github.com/pomerium/pomerium/pull/1575) (@github-actions[bot])
-- tidy [\#1494](https://github.com/pomerium/pomerium/pull/1494) (@desimone)
-- dev: add remote container debug configs [\#1459](https://github.com/pomerium/pomerium/pull/1459) (@desimone)
-- ci: add stale issue automation [\#1366](https://github.com/pomerium/pomerium/pull/1366) (@travisgroth)
-- internal/urlutil: remove un-used constants [\#1326](https://github.com/pomerium/pomerium/pull/1326) (@cuonglm)
-- integration: add forward auth test [\#1312](https://github.com/pomerium/pomerium/pull/1312) (@cuonglm)
-- pkg/storage/redis: update tests to use local certs + upstream image [\#1306](https://github.com/pomerium/pomerium/pull/1306) (@travisgroth)
-- config: omit empty subpolicies in yaml/json [\#1229](https://github.com/pomerium/pomerium/pull/1229) (@travisgroth)
-- Cuonglm/increase coverrage 1 [\#1227](https://github.com/pomerium/pomerium/pull/1227) (@cuonglm)
-
-## [v0.11.0-rc2](https://github.com/pomerium/pomerium/tree/v0.11.0-rc2) (2020-11-19)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.11.0-rc1...v0.11.0-rc2)
-
-## New
-
-- add paging support to GetAll [\#1601](https://github.com/pomerium/pomerium/pull/1601) (@calebdoxsey)
-- attach version to gRPC server metadata [\#1598](https://github.com/pomerium/pomerium/pull/1598) (@calebdoxsey)
-
-## Fixed
-
-- pkg/storage/redis: Prevent connection churn [\#1603](https://github.com/pomerium/pomerium/pull/1603) (@travisgroth)
-
-## Dependency
-
-- chore\(deps\): update module google/go-cmp to v0.5.3 [\#1597](https://github.com/pomerium/pomerium/pull/1597) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to ce600e9 [\#1596](https://github.com/pomerium/pomerium/pull/1596) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 9fd6049 [\#1595](https://github.com/pomerium/pomerium/pull/1595) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 69a7880 [\#1594](https://github.com/pomerium/pomerium/pull/1594) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 0c6587e [\#1593](https://github.com/pomerium/pomerium/pull/1593) (@renovate[bot])
-
-## Changed
-
-- ci: improve release snapshot name template [\#1602](https://github.com/pomerium/pomerium/pull/1602) (@travisgroth)
-
-## [v0.11.0-rc1](https://github.com/pomerium/pomerium/tree/v0.11.0-rc1) (2020-11-13)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.6...v0.11.0-rc1)
-
-## Breaking
-
-- add flag to enable user impersonation [\#1514](https://github.com/pomerium/pomerium/pull/1514) (@calebdoxsey)
-
-## New
-
-- use custom default http transport [\#1576](https://github.com/pomerium/pomerium/pull/1576) (@calebdoxsey)
-- update user info in addition to refreshing the token [\#1572](https://github.com/pomerium/pomerium/pull/1572) (@calebdoxsey)
-- databroker: add audience to session [\#1557](https://github.com/pomerium/pomerium/pull/1557) (@calebdoxsey)
-- authorize: implement allowed\_idp\_claims [\#1542](https://github.com/pomerium/pomerium/pull/1542) (@calebdoxsey)
-- autocert: support certificate renewal [\#1516](https://github.com/pomerium/pomerium/pull/1516) (@calebdoxsey)
-- add policy to allow any authenticated user [\#1515](https://github.com/pomerium/pomerium/pull/1515) (@pflipp)
-- debug: add pprof endpoints [\#1504](https://github.com/pomerium/pomerium/pull/1504) (@calebdoxsey)
-- databroker: require JWT for access [\#1503](https://github.com/pomerium/pomerium/pull/1503) (@calebdoxsey)
-- authenticate: remove unused paths, generate cipher at startup, remove qp store [\#1495](https://github.com/pomerium/pomerium/pull/1495) (@desimone)
-- forward-auth: use envoy's ext\_authz check [\#1482](https://github.com/pomerium/pomerium/pull/1482) (@desimone)
-- auth0: implement directory provider [\#1479](https://github.com/pomerium/pomerium/pull/1479) (@grounded042)
-- azure: incremental sync [\#1471](https://github.com/pomerium/pomerium/pull/1471) (@calebdoxsey)
-- auth0: implement identity provider [\#1470](https://github.com/pomerium/pomerium/pull/1470) (@calebdoxsey)
-- dashboard: format timestamps [\#1468](https://github.com/pomerium/pomerium/pull/1468) (@calebdoxsey)
-- directory: additional user info [\#1467](https://github.com/pomerium/pomerium/pull/1467) (@calebdoxsey)
-- directory: add explicit RefreshUser endpoint for faster sync [\#1460](https://github.com/pomerium/pomerium/pull/1460) (@calebdoxsey)
-- config: add support for host header rewriting [\#1457](https://github.com/pomerium/pomerium/pull/1457) (@calebdoxsey)
-- proxy: preserve path and query string for http-\>https redirect [\#1456](https://github.com/pomerium/pomerium/pull/1456) (@calebdoxsey)
-- redis: use pubsub instead of keyspace events [\#1450](https://github.com/pomerium/pomerium/pull/1450) (@calebdoxsey)
-- proxy: add support for /.pomerium/jwt [\#1446](https://github.com/pomerium/pomerium/pull/1446) (@calebdoxsey)
-- databroker: add support for querying the databroker [\#1443](https://github.com/pomerium/pomerium/pull/1443) (@calebdoxsey)
-- config: add dns\_lookup\_family option to customize DNS IP resolution [\#1436](https://github.com/pomerium/pomerium/pull/1436) (@calebdoxsey)
-- okta: handle deleted groups [\#1418](https://github.com/pomerium/pomerium/pull/1418) (@calebdoxsey)
-- controlplane: support P-384 / P-512 EC curves [\#1409](https://github.com/pomerium/pomerium/pull/1409) (@desimone)
-- azure: add support for nested groups [\#1408](https://github.com/pomerium/pomerium/pull/1408) (@calebdoxsey)
-- authorize: add support for service accounts [\#1374](https://github.com/pomerium/pomerium/pull/1374) (@calebdoxsey)
-- Cuonglm/improve timeout error message [\#1373](https://github.com/pomerium/pomerium/pull/1373) (@cuonglm)
-- internal/directory/okta: remove rate limiter [\#1370](https://github.com/pomerium/pomerium/pull/1370) (@cuonglm)
-- {proxy/controlplane}: make health checks debug level [\#1368](https://github.com/pomerium/pomerium/pull/1368) (@desimone)
-- databroker: add tracing for rego evaluation and databroker sync, fix bug in databroker config source [\#1367](https://github.com/pomerium/pomerium/pull/1367) (@calebdoxsey)
-- authorize: use impersonate email/groups in JWT [\#1364](https://github.com/pomerium/pomerium/pull/1364) (@calebdoxsey)
-- config: support explicit prefix and regex path rewriting [\#1363](https://github.com/pomerium/pomerium/pull/1363) (@calebdoxsey)
-- proxy: support websocket timeouts [\#1362](https://github.com/pomerium/pomerium/pull/1362) (@calebdoxsey)
-- proxy: disable control-plane robots.txt for public unauthenticated routes [\#1361](https://github.com/pomerium/pomerium/pull/1361) (@calebdoxsey)
-- certmagic: improve logging [\#1358](https://github.com/pomerium/pomerium/pull/1358) (@calebdoxsey)
-- logs: add new log scrubber [\#1346](https://github.com/pomerium/pomerium/pull/1346) (@calebdoxsey)
-- Allow setting the shared secret via an environment variable. [\#1337](https://github.com/pomerium/pomerium/pull/1337) (@rspier)
-- authorize: add jti to JWT payload [\#1328](https://github.com/pomerium/pomerium/pull/1328) (@calebdoxsey)
-- all: add signout redirect url [\#1324](https://github.com/pomerium/pomerium/pull/1324) (@cuonglm)
-- proxy: remove unused handlers [\#1317](https://github.com/pomerium/pomerium/pull/1317) (@desimone)
-- azure: support deriving credentials from client id, client secret and provider url [\#1300](https://github.com/pomerium/pomerium/pull/1300) (@calebdoxsey)
-- cache: support databroker option changes [\#1294](https://github.com/pomerium/pomerium/pull/1294) (@calebdoxsey)
-- authenticate: move databroker connection to state [\#1292](https://github.com/pomerium/pomerium/pull/1292) (@calebdoxsey)
-- authorize: use atomic state for properties [\#1290](https://github.com/pomerium/pomerium/pull/1290) (@calebdoxsey)
-- proxy: move properties to atomically updated state [\#1280](https://github.com/pomerium/pomerium/pull/1280) (@calebdoxsey)
-- Improving okta API requests [\#1278](https://github.com/pomerium/pomerium/pull/1278) (@cuonglm)
-- authenticate: move properties to atomically updated state [\#1277](https://github.com/pomerium/pomerium/pull/1277) (@calebdoxsey)
-- authenticate: support reloading IDP settings [\#1273](https://github.com/pomerium/pomerium/pull/1273) (@calebdoxsey)
-- Rate limit for okta [\#1271](https://github.com/pomerium/pomerium/pull/1271) (@cuonglm)
-- config: allow dynamic configuration of cookie settings [\#1267](https://github.com/pomerium/pomerium/pull/1267) (@calebdoxsey)
-- internal/directory/okta: increase default batch size to 200 [\#1264](https://github.com/pomerium/pomerium/pull/1264) (@cuonglm)
-- envoy: add support for hot-reloading bootstrap configuration [\#1259](https://github.com/pomerium/pomerium/pull/1259) (@calebdoxsey)
-- config: allow reloading of telemetry settings [\#1255](https://github.com/pomerium/pomerium/pull/1255) (@calebdoxsey)
-- databroker: add support for config settings [\#1253](https://github.com/pomerium/pomerium/pull/1253) (@calebdoxsey)
-- config: warn if custom scopes set for builtin providers [\#1252](https://github.com/pomerium/pomerium/pull/1252) (@cuonglm)
-- authorize: add databroker url check [\#1228](https://github.com/pomerium/pomerium/pull/1228) (@desimone)
-- internal/databroker: make Sync send data in smaller batches [\#1226](https://github.com/pomerium/pomerium/pull/1226) (@cuonglm)
-
-## Fixed
-
--  forward-auth: fix special character support for nginx  [\#1578](https://github.com/pomerium/pomerium/pull/1578) (@desimone)
-- proxy/forward\_auth: copy response headers as request headers [\#1577](https://github.com/pomerium/pomerium/pull/1577) (@desimone)
-- fix querying claim data on the dashboard [\#1560](https://github.com/pomerium/pomerium/pull/1560) (@calebdoxsey)
-- github: fix retrieving team id with graphql API \(\#1554\) [\#1555](https://github.com/pomerium/pomerium/pull/1555) (@toshipp)
-- store raw id token so it can be passed to the logout url [\#1543](https://github.com/pomerium/pomerium/pull/1543) (@calebdoxsey)
-- fix databroker requiring signed jwt [\#1538](https://github.com/pomerium/pomerium/pull/1538) (@calebdoxsey)
-- authorize: add redirect url to debug page [\#1533](https://github.com/pomerium/pomerium/pull/1533) (@desimone)
-- internal/frontend: resolve authN helper url [\#1521](https://github.com/pomerium/pomerium/pull/1521) (@desimone)
-- fwd-auth: match nginx-ingress config [\#1505](https://github.com/pomerium/pomerium/pull/1505) (@desimone)
-- authenticate: protect /.pomerium/admin endpoint [\#1500](https://github.com/pomerium/pomerium/pull/1500) (@calebdoxsey)
-- ci: ensure systemd unit file is in packages [\#1481](https://github.com/pomerium/pomerium/pull/1481) (@travisgroth)
-- identity manager: fix directory sync timing [\#1455](https://github.com/pomerium/pomerium/pull/1455) (@calebdoxsey)
-- proxy/forward\_auth: don't reset forward auth path if X-Forwarded-Uri is not set [\#1447](https://github.com/pomerium/pomerium/pull/1447) (@whs)
-- httputil: remove retry button [\#1438](https://github.com/pomerium/pomerium/pull/1438) (@desimone)
-- proxy: always use https for application callback [\#1433](https://github.com/pomerium/pomerium/pull/1433) (@travisgroth)
-- controplane: remove p-521 EC [\#1420](https://github.com/pomerium/pomerium/pull/1420) (@desimone)
-- redirect-server: add config headers to responses [\#1416](https://github.com/pomerium/pomerium/pull/1416) (@calebdoxsey)
-- proxy: remove impersonate headers for kubernetes [\#1394](https://github.com/pomerium/pomerium/pull/1394) (@calebdoxsey)
-- Desimone/authenticate default logout [\#1390](https://github.com/pomerium/pomerium/pull/1390) (@desimone)
-- proxy: for filter matches only include bare domain name [\#1389](https://github.com/pomerium/pomerium/pull/1389) (@calebdoxsey)
-- internal/envoy: start epoch from 0 [\#1387](https://github.com/pomerium/pomerium/pull/1387) (@travisgroth)
-- internal/directory/okta: acceept non-json service account [\#1359](https://github.com/pomerium/pomerium/pull/1359) (@cuonglm)
-- internal/controlplane: add telemetry http handler [\#1353](https://github.com/pomerium/pomerium/pull/1353) (@travisgroth)
-- autocert: fix locking issue [\#1310](https://github.com/pomerium/pomerium/pull/1310) (@calebdoxsey)
-- authorize: log users and groups [\#1303](https://github.com/pomerium/pomerium/pull/1303) (@desimone)
-- proxy: fix wrong applied middleware [\#1298](https://github.com/pomerium/pomerium/pull/1298) (@cuonglm)
-- internal/directory/okta: fix wrong API query filter [\#1296](https://github.com/pomerium/pomerium/pull/1296) (@cuonglm)
-- autocert: fix  bootstrapped cache store path [\#1283](https://github.com/pomerium/pomerium/pull/1283) (@desimone)
-- config: validate databroker settings [\#1260](https://github.com/pomerium/pomerium/pull/1260) (@calebdoxsey)
-- internal/autocert: re-use cert if renewing failed but cert not expired [\#1237](https://github.com/pomerium/pomerium/pull/1237) (@cuonglm)
-
-## Documentation
-
-- docs: use standard language for lists [\#1590](https://github.com/pomerium/pomerium/pull/1590) (@desimone)
-- Fix command in Kubernetes Quick start docs [\#1582](https://github.com/pomerium/pomerium/pull/1582) (@wesleyw72)
-- move docs to settings.yaml [\#1579](https://github.com/pomerium/pomerium/pull/1579) (@calebdoxsey)
-- docs: add round logo [\#1574](https://github.com/pomerium/pomerium/pull/1574) (@desimone)
-- add settings.yaml file [\#1540](https://github.com/pomerium/pomerium/pull/1540) (@calebdoxsey)
-- update the documentation for auth0 to include group/role information [\#1502](https://github.com/pomerium/pomerium/pull/1502) (@grounded042)
-- examples: fix nginx example [\#1478](https://github.com/pomerium/pomerium/pull/1478) (@desimone)
-- docs: add architecture diagram for cloudrun [\#1444](https://github.com/pomerium/pomerium/pull/1444) (@travisgroth)
-- fix\(examples\): Use X-Pomerium-Claim headers [\#1422](https://github.com/pomerium/pomerium/pull/1422) (@tdorsey)
-- chore\(docs\): Fix typo in example policy [\#1419](https://github.com/pomerium/pomerium/pull/1419) (@tdorsey)
-- docs: fix grammar [\#1412](https://github.com/pomerium/pomerium/pull/1412) (@shinebayar-g)
-- docs: Add Traefik + Kubernetes example [\#1411](https://github.com/pomerium/pomerium/pull/1411) (@travisgroth)
-- Remove typo on remove\_request\_headers docs [\#1388](https://github.com/pomerium/pomerium/pull/1388) (@whs)
-- docs: update azure docs [\#1377](https://github.com/pomerium/pomerium/pull/1377) (@desimone)
-- docs: add nginx example [\#1329](https://github.com/pomerium/pomerium/pull/1329) (@travisgroth)
-- docs: use .com sitemap hostname [\#1274](https://github.com/pomerium/pomerium/pull/1274) (@desimone)
-- docs: fix in-action video [\#1268](https://github.com/pomerium/pomerium/pull/1268) (@travisgroth)
-- docs: image, sitemap and redirect fixes [\#1263](https://github.com/pomerium/pomerium/pull/1263) (@travisgroth)
-- Fix broken logo link in README.md [\#1261](https://github.com/pomerium/pomerium/pull/1261) (@cuonglm)
-- docs/docs: fix wrong okta service account field [\#1251](https://github.com/pomerium/pomerium/pull/1251) (@cuonglm)
-- \[Backport latest\] Docs/enterprise button [\#1247](https://github.com/pomerium/pomerium/pull/1247) (@github-actions[bot])
-- Docs/enterprise button [\#1245](https://github.com/pomerium/pomerium/pull/1245) (@desimone)
-- remove rootDomain from examples [\#1244](https://github.com/pomerium/pomerium/pull/1244) (@karelbilek)
-- docs: add / redirect [\#1241](https://github.com/pomerium/pomerium/pull/1241) (@desimone)
-- docs: prepare for enterprise / oss split [\#1238](https://github.com/pomerium/pomerium/pull/1238) (@desimone)
-
-## Dependency
-
-- chore\(deps\): update module google.golang.org/grpc to v1.33.2 [\#1585](https://github.com/pomerium/pomerium/pull/1585) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to f9bfe23 [\#1583](https://github.com/pomerium/pomerium/pull/1583) (@renovate[bot])
-- chore\(deps\): update mikefarah/yq action to v3.4.1 [\#1567](https://github.com/pomerium/pomerium/pull/1567) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 24207fd [\#1566](https://github.com/pomerium/pomerium/pull/1566) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to ff519b6 [\#1565](https://github.com/pomerium/pomerium/pull/1565) (@renovate[bot])
-- chore\(deps\): update olegtarasov/get-tag action to v2 [\#1552](https://github.com/pomerium/pomerium/pull/1552) (@renovate[bot])
-- chore\(deps\): update goreleaser/goreleaser-action action to v2 [\#1551](https://github.com/pomerium/pomerium/pull/1551) (@renovate[bot])
-- chore\(deps\): update actions/setup-go action to v2 [\#1550](https://github.com/pomerium/pomerium/pull/1550) (@renovate[bot])
-- chore\(deps\): update toolmantim/release-drafter action to v5.12.1 [\#1549](https://github.com/pomerium/pomerium/pull/1549) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/grpc to v1.33.1 [\#1548](https://github.com/pomerium/pomerium/pull/1548) (@renovate[bot])
-- chore\(deps\): update codecov/codecov-action action to v1.0.14 [\#1547](https://github.com/pomerium/pomerium/pull/1547) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 0ff5f38 [\#1546](https://github.com/pomerium/pomerium/pull/1546) (@renovate[bot])
-- chore\(deps\): update golang.org/x/sync commit hash to 67f06af [\#1545](https://github.com/pomerium/pomerium/pull/1545) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to be3efd7 [\#1544](https://github.com/pomerium/pomerium/pull/1544) (@renovate[bot])
-- chore\(deps\): update vuepress monorepo to v1.7.1 [\#1531](https://github.com/pomerium/pomerium/pull/1531) (@renovate[bot])
-- chore\(deps\): update module spf13/cobra to v1.1.1 [\#1530](https://github.com/pomerium/pomerium/pull/1530) (@renovate[bot])
-- chore\(deps\): update module prometheus/client\_golang to v1.8.0 [\#1529](https://github.com/pomerium/pomerium/pull/1529) (@renovate[bot])
-- chore\(deps\): update module ory/dockertest/v3 to v3.6.2 [\#1528](https://github.com/pomerium/pomerium/pull/1528) (@renovate[bot])
-- chore\(deps\): update module open-policy-agent/opa to v0.24.0 [\#1527](https://github.com/pomerium/pomerium/pull/1527) (@renovate[bot])
-- chore\(deps\): update module golang/protobuf to v1.4.3 [\#1525](https://github.com/pomerium/pomerium/pull/1525) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 32ed001 [\#1524](https://github.com/pomerium/pomerium/pull/1524) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 7b1cca2 [\#1523](https://github.com/pomerium/pomerium/pull/1523) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 9e8e0b3 [\#1522](https://github.com/pomerium/pomerium/pull/1522) (@renovate[bot])
-- chore\(deps\): upgrade envoy to v0.16.0 [\#1519](https://github.com/pomerium/pomerium/pull/1519) (@desimone)
-- deployment: run go mod tidy [\#1512](https://github.com/pomerium/pomerium/pull/1512) (@desimone)
-- chore\(deps\): update module ory/dockertest/v3 to v3.6.1 [\#1511](https://github.com/pomerium/pomerium/pull/1511) (@renovate[bot])
-- chore\(deps\): update module go.opencensus.io to v0.22.5 [\#1510](https://github.com/pomerium/pomerium/pull/1510) (@renovate[bot])
-- chore\(deps\): update module cenkalti/backoff/v4 to v4.1.0 [\#1509](https://github.com/pomerium/pomerium/pull/1509) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 4d944d3 [\#1508](https://github.com/pomerium/pomerium/pull/1508) (@renovate[bot])
-- chore\(deps\): update golang.org/x/sync commit hash to b3e1573 [\#1507](https://github.com/pomerium/pomerium/pull/1507) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 4f7140c [\#1506](https://github.com/pomerium/pomerium/pull/1506) (@renovate[bot])
-- deployment: pin /x/sys to fix dockertest [\#1491](https://github.com/pomerium/pomerium/pull/1491) (@desimone)
-- chore\(deps\): update module openzipkin/zipkin-go to v0.2.5 [\#1488](https://github.com/pomerium/pomerium/pull/1488) (@renovate[bot])
-- chore\(deps\): update module envoyproxy/go-control-plane to v0.9.7 [\#1487](https://github.com/pomerium/pomerium/pull/1487) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to bcad7cf [\#1486](https://github.com/pomerium/pomerium/pull/1486) (@renovate[bot])
-- chore\(deps\): update golang.org/x/sync commit hash to 3042136 [\#1485](https://github.com/pomerium/pomerium/pull/1485) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 7f63de1 [\#1483](https://github.com/pomerium/pomerium/pull/1483) (@renovate[bot])
-- deps: update envoy arm64 to v1.15.1 [\#1475](https://github.com/pomerium/pomerium/pull/1475) (@travisgroth)
-- chore\(deps\): envoy 1.15.1 [\#1473](https://github.com/pomerium/pomerium/pull/1473) (@desimone)
-- chore\(deps\): update vuepress monorepo to v1.6.0 [\#1463](https://github.com/pomerium/pomerium/pull/1463) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to c2d885f [\#1462](https://github.com/pomerium/pomerium/pull/1462) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 5d4f700 [\#1461](https://github.com/pomerium/pomerium/pull/1461) (@renovate[bot])
-- deps: go mod tidy [\#1434](https://github.com/pomerium/pomerium/pull/1434) (@travisgroth)
-- chore\(deps\): update module rs/zerolog to v1.20.0 [\#1431](https://github.com/pomerium/pomerium/pull/1431) (@renovate[bot])
-- chore\(deps\): update module caddyserver/certmagic to v0.12.0 [\#1429](https://github.com/pomerium/pomerium/pull/1429) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to d0d6055 [\#1428](https://github.com/pomerium/pomerium/pull/1428) (@renovate[bot])
-- chore\(deps\): update module openzipkin/zipkin-go to v0.2.4 [\#1407](https://github.com/pomerium/pomerium/pull/1407) (@renovate[bot])
-- chore\(deps\): update module gorilla/handlers to v1.5.1 [\#1406](https://github.com/pomerium/pomerium/pull/1406) (@renovate[bot])
-- chore\(deps\): update module google.golang.org/grpc to v1.32.0 [\#1405](https://github.com/pomerium/pomerium/pull/1405) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 645f7a4 [\#1404](https://github.com/pomerium/pomerium/pull/1404) (@renovate[bot])
-- Run go mod tidy [\#1384](https://github.com/pomerium/pomerium/pull/1384) (@cuonglm)
-- chore\(deps\): update module go.uber.org/zap to v1.16.0 [\#1381](https://github.com/pomerium/pomerium/pull/1381) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to 0bd0a95 [\#1380](https://github.com/pomerium/pomerium/pull/1380) (@renovate[bot])
-- chore\(deps\): update golang.org/x/oauth2 commit hash to 5d25da1 [\#1379](https://github.com/pomerium/pomerium/pull/1379) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 62affa3 [\#1378](https://github.com/pomerium/pomerium/pull/1378) (@renovate[bot])
-- deps: ensure renovate runs `go mod tidy` [\#1357](https://github.com/pomerium/pomerium/pull/1357) (@travisgroth)
-- deps: go mod tidy [\#1356](https://github.com/pomerium/pomerium/pull/1356) (@travisgroth)
-- Update module open-policy-agent/opa to v0.23.2 [\#1351](https://github.com/pomerium/pomerium/pull/1351) (@renovate[bot])
-- Update module google/uuid to v1.1.2 [\#1350](https://github.com/pomerium/pomerium/pull/1350) (@renovate[bot])
-- Update module google/go-cmp to v0.5.2 [\#1349](https://github.com/pomerium/pomerium/pull/1349) (@renovate[bot])
-- Update module google.golang.org/grpc to v1.31.1 [\#1348](https://github.com/pomerium/pomerium/pull/1348) (@renovate[bot])
-- Update google.golang.org/genproto commit hash to 2bf3329 [\#1347](https://github.com/pomerium/pomerium/pull/1347) (@renovate[bot])
-- chore\(deps\): update vuepress monorepo to v1.5.4 [\#1323](https://github.com/pomerium/pomerium/pull/1323) (@renovate[bot])
-- chore\(deps\): update module open-policy-agent/opa to v0.23.1 [\#1322](https://github.com/pomerium/pomerium/pull/1322) (@renovate[bot])
-- chore\(deps\): update module gorilla/mux to v1.8.0 [\#1321](https://github.com/pomerium/pomerium/pull/1321) (@renovate[bot])
-- chore\(deps\): update module gorilla/handlers to v1.5.0 [\#1320](https://github.com/pomerium/pomerium/pull/1320) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to c890458 [\#1319](https://github.com/pomerium/pomerium/pull/1319) (@renovate[bot])
-- chore\(deps\): update golang.org/x/crypto commit hash to 5c72a88 [\#1318](https://github.com/pomerium/pomerium/pull/1318) (@renovate[bot])
-- Upgrade zipkin-go to v0.2.3 [\#1288](https://github.com/pomerium/pomerium/pull/1288) (@cuonglm)
-- chore\(deps\): update google.golang.org/genproto commit hash to f69a880 [\#1286](https://github.com/pomerium/pomerium/pull/1286) (@renovate[bot])
-- chore\(deps\): update golang.org/x/time commit hash to 3af7569 [\#1285](https://github.com/pomerium/pomerium/pull/1285) (@renovate[bot])
-- chore\(deps\): update golang.org/x/net commit hash to 3edf25e [\#1284](https://github.com/pomerium/pomerium/pull/1284) (@renovate[bot])
-- .github/workflows: upgrade to go1.15 [\#1258](https://github.com/pomerium/pomerium/pull/1258) (@cuonglm)
-- Fix tests failed with go115 [\#1257](https://github.com/pomerium/pomerium/pull/1257) (@cuonglm)
-- chore\(deps\): update dependency @vuepress/plugin-google-analytics to v1.5.3 [\#1236](https://github.com/pomerium/pomerium/pull/1236) (@renovate[bot])
-- Update module google.golang.org/api to v0.30.0 [\#1235](https://github.com/pomerium/pomerium/pull/1235) (@renovate[bot])
-- chore\(deps\): update google.golang.org/genproto commit hash to a062522 [\#1234](https://github.com/pomerium/pomerium/pull/1234) (@renovate[bot])
-
-## Deployment
-
-- ci: automatically update test environment with master [\#1562](https://github.com/pomerium/pomerium/pull/1562) (@travisgroth)
-- deployment: add debug build / container / docs [\#1513](https://github.com/pomerium/pomerium/pull/1513) (@travisgroth)
-- deployment: Generate deb and rpm packages [\#1458](https://github.com/pomerium/pomerium/pull/1458) (@travisgroth)
-- deployment: bump release go to v1.15.x [\#1439](https://github.com/pomerium/pomerium/pull/1439) (@desimone)
-- ci: publish cloudrun latest tag [\#1398](https://github.com/pomerium/pomerium/pull/1398) (@travisgroth)
-- deployment: fully split release archives and brews [\#1365](https://github.com/pomerium/pomerium/pull/1365) (@travisgroth)
-- Include pomerium-cli in the docker image by default.  Fixes \#1343. [\#1345](https://github.com/pomerium/pomerium/pull/1345) (@rspier)
-- Use apt-get instead of apt to eliminate warning. [\#1344](https://github.com/pomerium/pomerium/pull/1344) (@rspier)
-- deployment: add goimports with path awareness [\#1316](https://github.com/pomerium/pomerium/pull/1316) (@desimone)
-
-## Changed
-
-- ci: fix release workflow syntax [\#1592](https://github.com/pomerium/pomerium/pull/1592) (@travisgroth)
-- ci: update changelog generation to script [\#1589](https://github.com/pomerium/pomerium/pull/1589) (@travisgroth)
-- \[Backport 0-10-0\] docs: add round logo [\#1575](https://github.com/pomerium/pomerium/pull/1575) (@github-actions[bot])
-- tidy [\#1494](https://github.com/pomerium/pomerium/pull/1494) (@desimone)
-- dev: add remote container debug configs [\#1459](https://github.com/pomerium/pomerium/pull/1459) (@desimone)
-- ci: add stale issue automation [\#1366](https://github.com/pomerium/pomerium/pull/1366) (@travisgroth)
-- internal/urlutil: remove un-used constants [\#1326](https://github.com/pomerium/pomerium/pull/1326) (@cuonglm)
-- integration: add forward auth test [\#1312](https://github.com/pomerium/pomerium/pull/1312) (@cuonglm)
-- pkg/storage/redis: update tests to use local certs + upstream image [\#1306](https://github.com/pomerium/pomerium/pull/1306) (@travisgroth)
-- config: omit empty subpolicies in yaml/json [\#1229](https://github.com/pomerium/pomerium/pull/1229) (@travisgroth)
-- Cuonglm/increase coverrage 1 [\#1227](https://github.com/pomerium/pomerium/pull/1227) (@cuonglm)
-
-## [v0.10.6](https://github.com/pomerium/pomerium/tree/v0.10.6) (2020-09-30)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.5...v0.10.6)
-
-## Changed
-
-- docs: Update changelog for v0.10.6 [\#1477](https://github.com/pomerium/pomerium/pull/1477) (@travisgroth)
-- \[Backport 0-10-0\] deps: update envoy arm64 to v1.15.1 [\#1476](https://github.com/pomerium/pomerium/pull/1476) (@github-actions[bot])
-- \[Backport 0-10-0\] chore\(deps\): envoy 1.15.1 [\#1474](https://github.com/pomerium/pomerium/pull/1474) (@github-actions[bot])
-
-## [v0.10.5](https://github.com/pomerium/pomerium/tree/v0.10.5) (2020-09-28)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.4...v0.10.5)
-
-## Documentation
-
-- docs: Update changelog for v0.10.5 [\#1469](https://github.com/pomerium/pomerium/pull/1469) (@travisgroth)
-
-## Changed
-
-- redis: use pubsub instead of keyspace events [\#1451](https://github.com/pomerium/pomerium/pull/1451) (@calebdoxsey)
-
-## [v0.10.4](https://github.com/pomerium/pomerium/tree/v0.10.4) (2020-09-22)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.3...v0.10.4)
-
-## Documentation
-
-- docs: update 0.10.4 changelog [\#1441](https://github.com/pomerium/pomerium/pull/1441) (@travisgroth)
-- Add v0.10.4 changelog entry [\#1437](https://github.com/pomerium/pomerium/pull/1437) (@travisgroth)
-
-## Changed
-
-- \[Backport 0-10-0\] httputil: remove retry button [\#1440](https://github.com/pomerium/pomerium/pull/1440) (@github-actions[bot])
-- \[Backport 0-10-0\] proxy: always use https for application callback [\#1435](https://github.com/pomerium/pomerium/pull/1435) (@github-actions[bot])
-- \[Backport 0-10-0\] redirect-server: add config headers to responses [\#1427](https://github.com/pomerium/pomerium/pull/1427) (@github-actions[bot])
-- \[Backport 0-10-0\] controplane: remove p-521 EC [\#1423](https://github.com/pomerium/pomerium/pull/1423) (@github-actions[bot])
-- \[Backport 0-10-0\] controlplane: support P-384 / P-512 EC curves [\#1410](https://github.com/pomerium/pomerium/pull/1410) (@github-actions[bot])
-
-## [v0.10.3](https://github.com/pomerium/pomerium/tree/v0.10.3) (2020-09-11)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.2...v0.10.3)
-
-## Changed
-
-- Update changelog for v0.10.3 [\#1401](https://github.com/pomerium/pomerium/pull/1401) (@travisgroth)
-- \[Backport 0-10-0\] ci: publish cloudrun latest tag [\#1399](https://github.com/pomerium/pomerium/pull/1399) (@github-actions[bot])
-- \[Backport 0-10-0\] proxy: remove impersonate headers for kubernetes [\#1396](https://github.com/pomerium/pomerium/pull/1396) (@travisgroth)
-- \[Backport 0-10-0\] docs: update azure docs [\#1385](https://github.com/pomerium/pomerium/pull/1385) (@github-actions[bot])
-- internal/directory/okta: remove rate limiter \(\#1370\) [\#1371](https://github.com/pomerium/pomerium/pull/1371) (@cuonglm)
-- \[Backport 0-10-0\] internal/directory/okta: acceept non-json service account [\#1360](https://github.com/pomerium/pomerium/pull/1360) (@github-actions[bot])
-- \[Backport 0-10-0\] internal/controlplane: add telemetry http handler [\#1355](https://github.com/pomerium/pomerium/pull/1355) (@github-actions[bot])
-- \[Backport 0-10-0\] docs: add nginx example [\#1339](https://github.com/pomerium/pomerium/pull/1339) (@github-actions[bot])
-
-## [v0.10.2](https://github.com/pomerium/pomerium/tree/v0.10.2) (2020-08-26)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.1...v0.10.2)
-
-## Documentation
-
-- docs: update change log for 0.10.2 [\#1330](https://github.com/pomerium/pomerium/pull/1330) (@travisgroth)
-
-## Changed
-
-- Backport go 1.15 changes for 0-10-0 [\#1334](https://github.com/pomerium/pomerium/pull/1334) (@travisgroth)
-- \[Backport 0-10-0\] internal/directory/okta: improve API requests [\#1332](https://github.com/pomerium/pomerium/pull/1332) (@travisgroth)
-- autocert: fix locking issue \(\#1310\) [\#1311](https://github.com/pomerium/pomerium/pull/1311) (@calebdoxsey)
-
-## [v0.10.1](https://github.com/pomerium/pomerium/tree/v0.10.1) (2020-08-20)
-
-[Full Changelog](https://github.com/pomerium/pomerium/compare/v0.10.0...v0.10.1)
-
-## Documentation
-
-- \[Backport 0-10-0\] Docs/enterprise button [\#1246](https://github.com/pomerium/pomerium/pull/1246) (@github-actions[bot])
-- \[Backport 0-10-0\] docs: add / redirect [\#1242](https://github.com/pomerium/pomerium/pull/1242) (@github-actions[bot])
-
-## Changed
-
-- docs: v0.10.1 changelog [\#1308](https://github.com/pomerium/pomerium/pull/1308) (@travisgroth)
-- \[Backport 0-10-0\] pkg/storage/redis: update tests to use local certs + upstream image [\#1307](https://github.com/pomerium/pomerium/pull/1307) (@github-actions[bot])
-- azure: support deriving credentials from client id, client secret and… [\#1301](https://github.com/pomerium/pomerium/pull/1301) (@calebdoxsey)
-- \[Backport 0-10-0\] autocert: fix  bootstrapped cache store path [\#1291](https://github.com/pomerium/pomerium/pull/1291) (@github-actions[bot])
-- \[Backport 0-10-0\] docs: use .com sitemap hostname [\#1275](https://github.com/pomerium/pomerium/pull/1275) (@github-actions[bot])
-- \[Backport 0-10-0\] docs: fix in-action video [\#1269](https://github.com/pomerium/pomerium/pull/1269) (@github-actions[bot])
-- \[Backport 0-10-0\] docs: image, sitemap and redirect fixes [\#1265](https://github.com/pomerium/pomerium/pull/1265) (@github-actions[bot])
-- \[Backport 0-10-0\] docs: prepare for enterprise / oss split [\#1239](https://github.com/pomerium/pomerium/pull/1239) (@github-actions[bot])
-- \[Backport 0-10-0\] authorize: add databroker url check [\#1231](https://github.com/pomerium/pomerium/pull/1231) (@github-actions[bot])
-- \[Backport 0-10-0\] config: omit empty subpolicies in yaml/json [\#1230](https://github.com/pomerium/pomerium/pull/1230) (@github-actions[bot])
-
-
-## v0.10.0
-
-### Changes
-
-- Add storage backend interface @cuonglm GH-1072
-- all: update outdated comments about OptionsUpdater interface @cuonglm GH-1207
-- Allow specify go executable in Makefile @cuonglm GH-1008
-- audit: add protobuf definitions @calebdoxsey GH-1047
-- authenticate: hide impersonation form from non-admin users @cuonglm GH-979
-- authenticate: move impersonate from proxy to authenticate @calebdoxsey GH-965
-- authenticate: remove useless/duplicated code block @cuonglm GH-962
-- authenticate: revoke current session oauth token before sign out @cuonglm GH-964
-- authorize,proxy: allow traefik forward auth without uri query @cuonglm GH-1103
-- authorize: add evaluator store @calebdoxsey GH-1105
-- authorize: add test for denied response @cuonglm GH-1197
-- authorize: avoid serializing databroker data map to improve performance @calebdoxsey GH-995
-- authorize: clear session state if session was deleted in databroker @cuonglm GH-1053
-- authorize: derive check response message from reply message @cuonglm GH-1193
-- authorize: include "kid" in JWT header @cuonglm GH-1049
-- authorize: store policy evaluator on success only @cuonglm GH-1206
-- authorize/evaluator: add more test cases @cuonglm GH-1198
-- authorize/evaluator: fix wrong custom policies decision @cuonglm GH-1199
-- authorize/evaluator/opa: use route policy object instead of array index @cuonglm GH-1001
-- cache: add client telemetry @travisgroth GH-975
-- cache: add test for runMemberList @cuonglm GH-1007
-- cache: attempt to join memberlist cluster for sanity check @travisgroth GH-1004
-- cache: fix missing parameter @travisgroth GH-1005
-- cache: only run memberlist for in-memory databroker @travisgroth GH-1224
-- ci: Add cloudrun build @travisgroth GH-1097
-- ci: support rc releases @travisgroth GH-1011
-- cmd/pomerium-cli: do not require terminal with cached creds @travisgroth GH-1196
-- config: add check to assert service account is required for policies with allowed_groups @desimone GH-997
-- config: add support for policies stored in the databroker @calebdoxsey GH-1099
-- config: additional kubernetes token source support @travisgroth GH-1200
-- config: allow setting directory sync interval and timeout @cuonglm GH-1098
-- config: default to google idp credentials for serverless @travisgroth GH-1170
-- config: fix loading storage client cert from wrong location @travisgroth GH-1212
-- config: Set loopback address by ipv4 IP @travisgroth GH-1116
-- cryptutil: move to pkg dir, add token generator @calebdoxsey GH-1029
-- deployment: fix brew creation for pomerium-cli @travisgroth GH-1192
-- directory.Group entry for groups @calebdoxsey GH-1118
-- docs/docs: update upgrading to mention redis storage backend @cuonglm GH-1172
-- envoy: disable idle timeouts to controlplane @travisgroth GH-1000
-- grpc: rename internal/grpc to pkg/grpc @calebdoxsey GH-1010
-- grpc: use relative paths in codegen @desimone GH-1106
-- grpcutil: add functions for JWTs in gRPC metadata @calebdoxsey GH-1165
-- Increasing authorize coverage @cuonglm GH-1221
-- integration: add dummy value for idp_service_account @cuonglm GH-1009
-- internal/controlplane: set envoy prefix rewrite if present @cuonglm GH-1034
-- internal/controlplane: using envoy strip host port matching @cuonglm GH-1126
-- internal/databroker: handle new db error @cuonglm GH-1129
-- internal/databroker: store server version @cuonglm GH-1121
-- internal/directory: improve google user groups list @cuonglm GH-1092
-- internal/directory: use both id and name for group @cuonglm GH-1086
-- internal/directory/google: return both group e-mail and id @travisgroth GH-1083
-- internal/frontend/assets/html: make timestamp human readable @cuonglm GH-1107
-- internal/sessions: handle claims "ver" field generally @cuonglm GH-990
-- internal/urlutil: add tests for GetDomainsForURL @cuonglm GH-1183
-- memberlist: use bufio reader instead of scanner @calebdoxsey GH-1002
-- config: options refactor @calebdoxsey GH-1088
-- pkg: add grpcutil package @calebdoxsey GH-1032
-- pkg/storage: add package docs @cuonglm GH-1078
-- pkg/storage: change backend interface to return error @cuonglm GH-1131
-- pkg/storage: introduce storage.Backend Watch method @cuonglm GH-1135
-- pkg/storage: make Watch returns receive only channel @cuonglm GH-1211
-- pkg/storage/redis: do not use timeout to signal redis conn to stop @cuonglm GH-1155
-- pkg/storage/redis: fix multiple data race @cuonglm GH-1210
-- pkg/storage/redis: metrics updates @travisgroth GH-1195
-- pkg/storage/redis: move last version to redis @cuonglm GH-1134
-- proxy: add support for spdy upgrades @travisgroth GH-1203
-- proxy: avoid second policy validation @travisgroth GH-1204
-- proxy: refactor handler setup code @travisgroth GH-1205
-- set session state expiry @calebdoxsey GH-1215
-- Sleep longer before running integration tests @cuonglm GH-968
-- telemetry: add tracing spans to cache and databroker @travisgroth GH-987
-
-### New
-
-- authenticate: allow hot reloaded admin users config @cuonglm [GH-984]
-- authenticate: support hot reloaded config @cuonglm GH-984
-- authorize: custom rego policies @calebdoxsey GH-1123
-- authorize: include "kid" in JWT headers @cuonglm [GH-1046]
-- azure: use OID for user id in session @calebdoxsey GH-985
-- config: add pass_identity_headers @cuonglm [GH-903]
-- config: add remove_request_headers @cuonglm [GH-822]
-- config: both base64 and file reference can be used for "certificates" @dmitrif [GH-1055]
-- config: change config key parsing to attempt Base64 decoding first. @dmitrif GH-1055
-- config: change default log level to INFO @cuonglm [GH-902]
-- custom rego in databroker @calebdoxsey GH-1124
-- databroker server backend config @cuonglm GH-1127
-- databroker: add encryption for records @calebdoxsey GH-1168
-- deploy: Add homebrew tap publishing @travisgroth GH-1179
-- deployment: cut separate archive for cli @desimone GH-1177
-- directory: add service account struct and parsing method @calebdoxsey GH-971
-- envoy: enable strip host port matching @cuonglm [GH-1126]
-- github: implement github directory provider @calebdoxsey GH-963
-- google: store directory information by user id @calebdoxsey GH-988
-- identity: support custom code flow request params @desimone GH-998
-- implement google cloud serverless authentication @calebdoxsey GH-1080
-- internal/directory/okta: store directory information by user id @cuonglm GH-991
-- internal/directory/onelogin: store directory information by user id @cuonglm GH-992
-- kubernetes apiserver integration @calebdoxsey GH-1063
-- pkg/storage/redis: add authentication support @cuonglm GH-1159
-- pkg/storage/redis: add redis TLS support @cuonglm GH-1163
-- pomerium-cli k8s exec-credential @calebdoxsey GH-1073
-- redis storage backend @cuonglm GH-1082
-- telmetry: add databroker storage metrics and tracing @travisgroth GH-1161
-- use custom binary for arm64 linux release @calebdoxsey GH-1065
-
-### Fixed
-
-- authenticate: fix wrong condition checking in VerifySession @cuonglm GH-1146
-- authenticate: fix wrong SignIn telemetry name @cuonglm GH-1038
-- authorize: Force redirect scheme to https @travisgroth GH-1075
-- authorize: strip port from host header if necessary @cuonglm GH-1175
-- authorize/evaluator/opa: set client tls cert usage explicitly @travisgroth GH-1026
-- authorize/evaluator/opa/policy: fix allow rules with impersonate @cuonglm GH-1094
-- cache: fix data race in NotifyJoin @cuonglm GH-1028
-- ci: fix arm docker image releases @travisgroth GH-1178
-- ci: Prevent dirty git state @travisgroth GH-1117
-- ci: release fixes @travisgroth GH-1181
-- config: fix deep copy of config @calebdoxsey GH-1089
-- controlplane: add robots route @desimone GH-966
-- deploy: ensure pomerium-cli is built correctly @travisgroth GH-1180
-- deployment: fix pomerium-cli release @desimone GH-1104
-- envoy: Set ExtAuthz Cluster name to URL Host @travisgroth GH-1132
-- fix databroker restart versioning, handle missing sessions @calebdoxsey GH-1145
-- fix lint errors @travisgroth GH-1171
-- fix redirect loop, remove user/session services, remove duplicate deleted_at fields @calebdoxsey GH-1162
-- handle example.com and example.com:443 @calebdoxsey GH-1153
-- internal/controlplane: enable envoy use remote address @cuonglm GH-1023
-- internal/databroker: fix wrong server version init @cuonglm GH-1125
-- pkg/grpc: fix wrong audit protoc gen file @cuonglm GH-1048
-- pkg/storage/redis: handling connection to redis backend failure @cuonglm GH-1174
-- pomerium-cli: fix kubernetes token caching @calebdoxsey GH-1169
-- pomerium-cli: kubernetes fixes @calebdoxsey GH-1176
-- proxy: do not set X-Pomerium-Jwt-Assertion/X-Pomerium-Claim-* headers by default @cuonglm [GH-903]
-- proxy: fix invalid session after logout in forward auth mode @cuonglm GH-1062
-- proxy: fix redirect url with traefik forward auth @cuonglm GH-1037
-- proxy: fix wrong forward auth request @cuonglm GH-1030
-
-### Documentation
-
-- docs: Update synology.md @roulesse GH-1219
-- docs: add installation section @travisgroth GH-1223
-- docs: add kubectl config commands @travisgroth GH-1152
-- docs: add kubernetes docs @calebdoxsey GH-1087
-- docs: add recipe for TiddlyWiki on Node.js @favadi GH-1143
-- docs: add required in cookie_secret @mig4ng GH-1142
-- docs: add warnings cones around requiring IdP Service Accounts @travisgroth GH-999
-- docs: cloud Run / GCP Serverless @travisgroth GH-1101
-- docs: document preserve_host_header with policy routes to static ip @cuonglm GH-1024
-- docs: fix incorrect example middleware @travisgroth GH-1128
-- docs: fix links, clarify upgrade guide for v0.10 @desimone GH-1220
-- docs: fix minor errors @travisgroth GH-1214
-- docs: Kubernetes topic @travisgroth GH-1222
-- docs: Move examples repo into main repo @travisgroth GH-1102
-- docs: Redis and stateful storage docs @travisgroth GH-1173
-- docs: refactor sections, consolidate examples @desimone GH-1164
-- docs: rename docs/reference to docs/topics @desimone GH-1182
-- docs: service account instructions for azure @calebdoxsey GH-969
-- docs: service account instructions for gitlab @calebdoxsey GH-970
-- docs: update architecture diagrams + descriptions @travisgroth GH-1218
-- docs: update GitHub documentation for service account @calebdoxsey GH-967
-- docs: Update Istio VirtualService example @jeffhubLR GH-1006
-- docs: update okta service account docs to match new format @calebdoxsey GH-972
-- Docs: Update README stating specific requirements for SIGNING_KEY @bradjones1 GH-1217
-- docs: update reference docs @desimone GH-1208
-- docs: update service account instructions for OneLogin @calebdoxsey GH-973
-- docs: update upgrading document for breaking changes @calebdoxsey GH-974
-- docs/.vuepress: fix missing local-oidc recipes section @cuonglm GH-1147
-- docs/configuration: add doc for trailing slash limitation in "To" field @cuonglm GH-1040
-- docs/docs: add changelog for #1055 @cuonglm GH-1084
-- docs/docs/identity-providers: document gitlab default scopes changed @cuonglm GH-980
-- docs/recipes: add local oidc example @cuonglm GH-1045
-
-### Dependency
-
-- chore(deps): bump envoy to 1.15.0 @desimone GH-1119
-- chore(deps): google.golang.org/genproto commit hash to da3ae01 @renovate GH-1138
-- chore(deps): module google/go-cmp to v0.5.1 @renovate GH-1139
-- chore(deps): update envoy to 1.14.4 @desimone GH-1076
-- chore(deps): update github.com/skratchdot/open-golang commit hash to eef8423 @renovate GH-1108
-- chore(deps): update golang.org/x/crypto commit hash to 123391f @renovate GH-1184
-- chore(deps): update golang.org/x/crypto commit hash to 948cd5f @renovate GH-1056
-- chore(deps): update golang.org/x/net commit hash to 4c52546 @renovate GH-1017
-- chore(deps): update golang.org/x/net commit hash to ab34263 @renovate GH-1057
-- chore(deps): update golang.org/x/sync commit hash to 6e8e738 @renovate GH-1018
-- chore(deps): update google.golang.org/genproto commit hash to 11fb19a @renovate GH-1109
-- chore(deps): update google.golang.org/genproto commit hash to 8145dea @renovate GH-1185
-- chore(deps): update google.golang.org/genproto commit hash to 8698661 @renovate GH-1058
-- chore(deps): update google.golang.org/genproto commit hash to 8e8330b @renovate GH-1039
-- chore(deps): update google.golang.org/genproto commit hash to ee7919e @renovate GH-1019
-- chore(deps): update google.golang.org/genproto commit hash to fbb79ea @renovate GH-945
-- chore(deps): update module cenkalti/backoff/v4 to v4.0.2 @renovate GH-946
-- chore(deps): update module contrib.go.opencensus.io/exporter/jaeger to v0.2.1 @renovate GH-1186
-- chore(deps): update module contrib.go.opencensus.io/exporter/zipkin to v0.1.2 @renovate GH-1187
-- chore(deps): update module envoyproxy/go-control-plane to v0.9.6 @renovate GH-1059
-- chore(deps): update module go.opencensus.io to v0.22.4 @renovate GH-948
-- chore(deps): update module golang/mock to v1.4.4 @renovate GH-1188
-- chore(deps): update module google.golang.org/api to v0.28.0 @renovate GH-949
-- chore(deps): update module google.golang.org/api to v0.29.0 @renovate GH-1060
-- chore(deps): update module google.golang.org/grpc to v1.30.0 @renovate GH-1020
-- chore(deps): update module google.golang.org/grpc to v1.31.0 @renovate GH-1189
-- chore(deps): update module google.golang.org/protobuf to v1.25.0 @renovate GH-1021
-- chore(deps): update module google/go-cmp to v0.5.0 @renovate GH-950
-- chore(deps): update module hashicorp/memberlist to v0.2.2 @renovate GH-951
-- chore(deps): update module open-policy-agent/opa to v0.21.0 @renovate GH-952
-- chore(deps): update module open-policy-agent/opa to v0.21.1 @renovate GH-1061
-- chore(deps): update module open-policy-agent/opa to v0.22.0 @renovate GH-1110
-- chore(deps): update module prometheus/client_golang to v1.7.0 @renovate GH-953
-- chore(deps): update module prometheus/client_golang to v1.7.1 @renovate GH-1022
-- chore(deps): update module spf13/cobra to v1 @renovate GH-1111
-- chore(deps): update module spf13/viper to v1.7.1 @renovate GH-1190
-- chore(deps):s bump opa v0.21.0 @desimone GH-993
-
-## v0.9.1
-
-### Security
-
-- envoy: fixes CVE-2020-11080 by rejecting HTTP/2 SETTINGS frames with too many parameters
-
-## v0.9.0
-
-### New
-
-- proxy: envoy is now used to handle proxying
-- authenticate: add jwks and .well-known endpoint @desimone [GH-745]
-- authorize: add client mTLS support @calebdoxsey [GH-751]
-
-### Fixed
-
-- cache: fix closing too early @calebdoxsey [GH-791]
-- authenticate: fix insecure gRPC connection string default port @calebdoxsey [GH-795]
-- authenticate: fix user-info call for AWS cognito @calebdoxsey [GH-792]
-- authenticate: clear session if ctx fails @desimone [GH-806]
-- telemetry: fix autocache labels @travisgroth [GH-805]
-- telemetry: fix missing/incorrect grpc labels @travisgroth [GH-804]
-- authorize: fix authorization panic caused by logging a nil reference @desimone [GH-704]
-
-### Changes
-
-- authenticate: remove authorize url validate check @calebdoxsey [GH-790]
-- authorize: reduce log noise for empty jwt @calebdoxsey [GH-793]
-- authorize: refactor and add additional unit tests @calebdoxsey [GH-757]
-- envoy: add GRPC stats handler to control plane service @travisgroth [GH-744]
-- envoy: enable zipkin tracing @travisgroth [GH-737]
-- envoy: improvements to logging @calebdoxsey [GH-742]
-- envoy: remove 'accept-encoding' header from proxied metric requests @travisgroth [GH-750]
-- envoy: support ports in hosts for routing @calebdoxsey [GH-748]
-- forward-auth: support x-forwarded-uri @calebdoxsey [GH-780]
-- proxy/forward-auth: block expired request prior to 302 @desimone [GH-773]
-- sessions/state: add nickname claim @BenoitKnecht [GH-755]
-- state: infer user (`user`) from subject (`sub`) @desimone [GH-772]
-- telemetry: refactor GRPC Server Handler @travisgroth [GH-756]
-- telemetry: service label updates @travisgroth [GH-802]
-- xds: add catch-all for pomerium routes @calebdoxsey [GH-789]
-- xds: disable cluster validation to handle out-of-order updates @calebdoxsey [GH-783]
-
-### Documentation
-
-- docs: add mTLS recipe @calebdoxsey [GH-807]
-- docs: add argo recipe @calebdoxsey [GH-803]
-- docs: update dockerfiles for v0.9.0 @calebdoxsey [GH-801]
-- docs: typo on configuration doc @kintoandar [GH-800]
-- docs: docs regarding claim headers @strideynet [GH-782]
-- docs: update traefik example and add note about forwarded headers @calebdoxsey [GH-784]
-- docs: add note about unsupported platforms @calebdoxsey [GH-799]
-- docs: expose config parameters in sidebar @travisgroth [GH-797]
-- docs: update examples @travisgroth [GH-796]
-
-## v0.8.3
-
-### Changes
-
-- state: infer user (`user`) from subject (`sub`) @desimone GH-772
-- proxy/forward-auth: block expired request prior to 302 @desimone GH-773
-
-## v0.8.2
-
-### Security
-
-This release includes a fix for a bug that, under certain circumstances, could allow a user with a valid but expired session to resend a request to an upstream application. The repeated request would not return a response, but could reach the upstream application. Thank you to @selaux for reporting this issue! [GH-762]
-
-## v0.8.1
-
-### Fixed
-
-- authorize: fix authorization panic caused by logging a nil reference @desimone [GH-704]
-
-## v0.8.0
-
-To see a complete list of changes [see the diff](https://github.com/pomerium/pomerium/compare/v0.7.0...v0.8.0).
-
-### New
-
-- cryptutil: add automatic certificate management @desimone [GH-644]
-- implement path-based route matching @calebdoxsey [GH-615]
-- internal/identity: implement github provider support @Lumexralph [GH-582]
-- proxy: add configurable JWT claim headers @travisgroth (#596)
-- proxy: remove extra session unmarshalling @desimone (#592)
-
-### Changes
-
-- ci: Switch integration tests from minikube to kind @travisgroth [GH-656]
-- integration-tests: add CORS test @calebdoxsey [GH-662]
-- integration-tests: add websocket enabled/disabled test @calebdoxsey [GH-661]
-- integration-tests: set_request_headers and preserve_host_header options @calebdoxsey [GH-668]
-- pre-commit: add pre-commit configuration @calebdoxsey [GH-666]
-- proxy: improve JWT header behavior @travisgroth [GH-642]
-
-## Fixed
-
-- authorize: fix authorization check for allowed_domains to only match current route @calebdoxsey [GH-624]
-- authorize: fix unexpected panic on reload @travisgroth [GH-652]
-- site: fix site on mobile @desimone [GH-597]
-
-### Documentation
-
-- deploy: autocert documentation and defaults @travisgroth [GH-658]
-
-## v0.7.5
-
-### Fixed
-
-- authorize: fix authorization check for allowed_domains to only match current route @calebdoxsey [GH-624]
-
-## v0.7.4
-
-### Fixed
-
-- pomerium-cli: fix service account cli @desimone [GH-613]
-
-## v0.7.3
-
-### Fixed
-
-- Upgrade gRPC to 1.27.1 @travisgroth [GH-609]
-
-## v0.7.2
-
-### Changes
-
-- proxy: remove extra session unmarshalling @desimone [GH-592]
-- proxy: add configurable JWT claim headers @travisgroth [GH-596]
-- grpcutil: remove unused pkg @desimone [GH-593]
-
-### Fixed
-
-- site: fix site on mobile @desimone [GH-597]
-
-### Documentation
-
-- site: fix site on mobile @desimone [GH-597]
-
-### Dependency
-
-- chore(deps): update vuepress monorepo to v1.4.0 @renovate [GH-559]
-
-## v0.7.1
-
-There were no changes in the v0.7.1 release, but we updated the build process slightly.
-
-## v0.7.0
-
-### New
-
-- *: remove import path comments @desimone [GH-545]
-- authenticate: make callback path configurable @desimone [GH-493]
-- authenticate: return 401 for some specific error codes @cuonglm [GH-561]
-- authorization: log audience claim failure @desimone [GH-553]
-- authorize: use jwt instead of state struct @desimone [GH-514]
-- authorize: use opa for policy engine @desimone [GH-474]
-- cmd: add cli to generate service accounts @desimone [GH-552]
-- config: Expose and set default GRPC Server Keepalive Parameters @travisgroth [GH-509]
-- config: Make IDP_PROVIDER env var mandatory @mihaitodor [GH-536]
-- config: Remove superfluous Options.Checksum type conversions @travisgroth [GH-522]
-- gitlab/identity: change group unique identifier to ID @Lumexralph [GH-571]
-- identity: support oidc UserInfo Response @desimone [GH-529]
-- internal/cryptutil: standardize leeway to 5 mins @desimone [GH-476]
-- metrics: Add storage metrics @travisgroth [GH-554]
-
-### Fixed
-
-- cache: add option validations @desimone [GH-468]
-- config: Add proper yaml tag to Options.Policies @travisgroth [GH-475]
-- ensure correct service name on GRPC related metrics @travisgroth [GH-510]
-- fix group impersonation @desimone [GH-569]
-- fix sign-out bug , fixes #530 @desimone [GH-544]
-- proxy: move set request headers before handle allow public access @ohdarling [GH-479]
-- use service port for session audiences @travisgroth [GH-562]
-
-### Documentation
-
-- fix `the` typo @ilgooz [GH-566]
-- fix kubernetes dashboard recipe docs @desimone [GH-504]
-- make from source quickstart @desimone [GH-519]
-- update background @desimone [GH-505]
-- update helm for v3 @desimone [GH-469]
-- various fixes @desimone [GH-478]
-- fix cookie_domain @nitper [GH-472]
-
-### Dependency
-
-- chore(deps): update github.com/pomerium/autocache commit hash to 6c66ed5 @renovate [GH-480]
-- chore(deps): update github.com/pomerium/autocache commit hash to 227c993 @renovate [GH-537]
-- chore(deps): update golang.org/x/crypto commit hash to 0ec3e99 @renovate [GH-574]
-- chore(deps): update golang.org/x/crypto commit hash to 1b76d66 @renovate [GH-538]
-- chore(deps): update golang.org/x/crypto commit hash to 78000ba @renovate [GH-481]
-- chore(deps): update golang.org/x/crypto commit hash to 891825f @renovate [GH-556]
-- chore(deps): update module fatih/color to v1.9.0 @renovate [GH-575]
-- chore(deps): update module fsnotify/fsnotify to v1.4.9 @renovate [GH-539]
-- chore(deps): update module go.etcd.io/bbolt to v1.3.4 @renovate [GH-557]
-- chore(deps): update module go.opencensus.io to v0.22.3 @renovate [GH-483]
-- chore(deps): update module golang/mock to v1.4.0 @renovate [GH-470]
-- chore(deps): update module golang/mock to v1.4.3 @renovate [GH-540]
-- chore(deps): update module golang/protobuf to v1.3.4 @renovate [GH-485]
-- chore(deps): update module golang/protobuf to v1.3.5 @renovate [GH-541]
-- chore(deps): update module google.golang.org/api to v0.20.0 @renovate [GH-495]
-- chore(deps): update module google.golang.org/grpc to v1.27.1 @renovate [GH-496]
-- chore(deps): update module gorilla/mux to v1.7.4 @renovate [GH-506]
-- chore(deps): update module open-policy-agent/opa to v0.17.1 @renovate [GH-497]
-- chore(deps): update module open-policy-agent/opa to v0.17.3 @renovate [GH-513]
-- chore(deps): update module open-policy-agent/opa to v0.18.0 @renovate [GH-558]
-- chore(deps): update module prometheus/client_golang to v1.4.1 @renovate [GH-498]
-- chore(deps): update module prometheus/client_golang to v1.5.0 @renovate [GH-531]
-- chore(deps): update module prometheus/client_golang to v1.5.1 @renovate [GH-543]
-- chore(deps): update module rakyll/statik to v0.1.7 @renovate [GH-517]
-- chore(deps): update module rs/zerolog to v1.18.0 @renovate [GH-507]
-- chore(deps): update module yaml to v2.2.8 @renovate [GH-471]
-- ci: Consolidate matrix build parameters @travisgroth [GH-521]
-- dependency: use go mod redis @desimone [GH-528]
-- deployment: throw away golanglint-ci defaults @desimone [GH-439]
-- deployment: throw away golanglint-ci defaults @desimone [GH-439]
-- deps: enable automerge and set labels on renovate PRs @travisgroth [GH-527]
-- Roll back grpc to v1.25.1 @travisgroth [GH-484]
-
-## v0.6.0
-
-### New
-
-- authenticate: support backend refresh @desimone [GH-438]
-- cache: add cache service @desimone [GH-457]
-
-### Changed
-
-- authorize: consolidate gRPC packages @desimone [GH-443]
-- config: added yaml tags to all options struct fields @travisgroth [GH-394],[gh-397]
-- config: improved config validation for `shared_secret` @travisgroth [GH-427]
-- config: Remove CookieRefresh [GH-428] @u5surf [GH-436]
-- config: validate that `shared_key` does not contain whitespace @travisgroth [GH-427]
-- httputil : wrap handlers for additional context @desimone [GH-413]
-- forward-auth: validate using forwarded uri header @branchmispredictor [GH-600]
-
-### Fixed
-
-- proxy: fix unauthorized redirect loop for forward auth @desimone [GH-448]
-- proxy: fixed regression preventing policy reload [GH-396](https://github.com/pomerium/pomerium/pull/396)
-
-### Documentation
-
-- add cookie settings @danderson [GH-429]
-- fix typo in forward auth nginx example @travisgroth [GH-445]
-- improved sentence flow and other stuff @Rio [GH-422]
-- rename fwdauth to be forwardauth @desimone [GH-447]
-
-### Dependency
-
-- chore(deps): update golang.org/x/crypto commit hash to 61a8779 @renovate [GH-452]
-- chore(deps): update golang.org/x/crypto commit hash to 530e935 @renovate [GH-458]
-- chore(deps): update golang.org/x/crypto commit hash to 53104e6 @renovate [GH-431]
-- chore(deps): update golang.org/x/crypto commit hash to e9b2fee @renovate [GH-414]
-- chore(deps): update golang.org/x/oauth2 commit hash to 858c2ad @renovate [GH-415]
-- chore(deps): update golang.org/x/oauth2 commit hash to bf48bf1 @renovate [GH-453]
-- chore(deps): update module google.golang.org/grpc to v1.26.0 @renovate [GH-433]
-- chore(deps): update module google/go-cmp to v0.4.0 @renovate [GH-454]
-- chore(deps): update module spf13/viper to v1.6.1 @renovate [GH-423]
-- chore(deps): update module spf13/viper to v1.6.2 @renovate [GH-459]
-- chore(deps): update module square/go-jose to v2.4.1 @renovate [GH-435]
-
-## v0.5.0
-
-### New
-
-- Session state is now route-scoped. Each managed route uses a transparent, signed JSON Web Token (JWT) to assert identity.
-- Managed routes no longer need to be under the same subdomain! Access can be delegated to any route, on any domain.
-- Programmatic access now also uses JWT tokens. Access tokens are now generated via a standard oauth2 token flow, and credentials can be refreshed for as long as is permitted by the underlying identity provider.
-- User dashboard now pulls in additional user context fields (where supported) like the profile picture, first and last name, and so on.
-
-### Security
-
-- Some identity providers (Okta, Onelogin, and Azure) previously used mutable signifiers to set and assert group membership. Group membership for all providers now use globally unique and immutable identifiers when available.
-
-### Changed
-
-- Azure AD identity provider now uses globally unique and immutable `ID` for [group membership](https://docs.microsoft.com/en-us/graph/api/group-get?view=graph-rest-1.0&tabs=http).
-- Okta no longer uses tokens to retrieve group membership. Group membership is now fetched using Okta's HTTP API. [Group membership](https://developer.okta.com/docs/reference/api/groups/) is now determined by the globally unique and immutable `ID` field.
-- Okta now requires an additional set of credentials to be used to query for group membership set as a [service account](https://www.pomerium.com/docs/reference/reference.html#identity-provider-service-account).
-- URLs are no longer validated to be on the same domain-tree as the authenticate service. Managed routes can live on any domain.
-- OneLogin no longer uses tokens to retrieve group membership. Group membership is now fetched using OneLogin's HTTP API. [Group membership](https://developers.onelogin.com/openid-connect/api/user-info/) is now determined by the globally unique and immutable `ID` field.
-
-### Removed
-
-- Force refresh has been removed from the dashboard.
-- Previous programmatic authentication endpoints (`/api/v1/token`) has been removed and is no longer supported.
-
-### Fixed
-
-- Fixed an issue where cookie sessions would not clear on error.[GH-376]
-
-## v0.4.2
-
-### Security
-
-- Fixes vulnerabilities fixed in [1.13.2](https://groups.google.com/forum/#!topic/golang-announce/lVEm7llp0w0) including CVE-2019-17596.
-
-## v0.4.1
-
-### Fixed
-
-- Fixed an issue where requests handled by forward-auth would not be redirected back to the underlying route after successful authentication and authorization. [GH-363]
-- Fixed an issue where requests handled by forward-auth would add an extraneous query-param following sign-in causing issues in some configurations. [GH-366]
-
-## v0.4.0
-
-### New
-
-- Allow setting request headers on a per route basis in policy. [GH-308]
-- Support "forward-auth" integration with third-party ingresses and proxies. [nginx](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/), [nginx-ingress](https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/), and [Traefik](https://docs.traefik.io/middlewares/forwardauth/) are currently supported. [GH-324]
-- Add insecure transport / TLS termination support. [GH-328]
-- Add setting to override a route's TLS Server Name. [GH-297]
-- Pomerium's session can now be passed as a [bearer-auth header](https://tools.ietf.org/html/rfc6750) or [query string](https://en.wikipedia.org/wiki/Query_string) in addition to as a session cookie.
-- Add host to the main request logger middleware. [GH-308]
-- Add AWS cognito identity provider settings. [GH-314]
-
-### Security
-
-- The user's original intended location before completing the authentication process is now encrypted and kept confidential from the identity provider. [GH-316]
-- Under certain circumstances, where debug logging was enabled, pomerium's shared secret could be leaked to http access logs as a query param. [GH-338]
-
-### Fixed
-
-- Fixed an issue where CSRF would fail if multiple tabs were open. [GH-306]
-- Fixed an issue where pomerium would clean double slashes from paths. [GH-262]
-- Fixed a bug where the impersonate form would persist an empty string for groups value if none set. [GH-303]
-- Fixed HTTP redirect server which was not redirecting the correct hostname.
-
-### Changed
-
-- The healthcheck endpoints (`/ping`) now returns the http status `405` StatusMethodNotAllowed for non-`GET` requests.
-- Authenticate service no longer uses gRPC.
-- The global request logger now captures the full array of proxies from `X-Forwarded-For`, in addition to just the client IP.
-- Options code refactored to eliminate global Viper state. [GH-332]
-- Pomerium will no longer default to looking for certificates in the root directory. [GH-328]
-- Pomerium will validate that either `insecure_server`, or a valid certificate bundle is set. [GH-328]
-
-### Removed
-
-- Removed `AUTHENTICATE_INTERNAL_URL`/`authenticate_internal_url` which is no longer used.
-
-## v0.3.1
-
-### Security
-
-- Fixes vulnerabilities fixed in [Go 1.13.1](https://groups.google.com/forum/m/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ) including CVE-2019-16276.
-
-## v0.3.0
-
-### New
-
-- GRPC Improvements. [GH-261] / [GH-69]
-
-  - Enable WaitForReady to allow background retries through transient failures
-  - Expose a configurable timeout for backend requests to Authorize and Authenticate
-  - Enable DNS round_robin load balancing to Authorize and Authenticate services by default
-
-- Add ability to set client certificates for downstream connections. [GH-259]
-
-### Fixed
-
-- Fixed non-`amd64` based docker images.[GH-284]
-- Fixed an issue where stripped cookie headers would result in a cookie full of semi-colons (`Cookie: ;;;`). [GH-285]
-- HTTP status codes now better adhere to [RFC7235](https://tools.ietf.org/html/rfc7235). In particular, authentication failures reply with [401 Unauthorized](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401) while authorization failures reply with [403 Forbidden](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403). [GH-272]
-
-### Changed
-
-- Pomerium will now strip `_csrf` cookies in addition to session cookies. [GH-285]
-- Disabled gRPC service config. [GH-280]
-- A policy's custom certificate authority can set as a file or a base64 encoded blob(`tls_custom_ca`/`tls_custom_ca_file`). [GH-259]
-
-- Remove references to [service named ports](https://golang.org/src/net/lookup.go) and instead use their numeric equivalent. [GH-266]
-
-## v0.2.1
-
-### Security
-
-- Fixes vulnerabilities fixed in [Go 1.12.8](https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA) including CVE-2019-9512, CVE-2019-9514 and CVE-2019-14809.
-
-## v0.2.0
-
-### New
-
-#### Telemetry [GH-35]
-
-- **Tracing** [GH-230] aka distributed tracing, provides insight into the full lifecycles, aka traces, of requests to the system, allowing you to pinpoint failures and performance issues.
-
-  - Add [Jaeger](https://opencensus.io/exporters/supported-exporters/go/jaeger/) support. [GH-230]
-
-- **Metrics** provide quantitative information about processes running inside the system, including counters, gauges, and histograms.
-
-  - Add informational metrics. [GH-227]
-  - GRPC Metrics Implementation. [GH-218]
-
-    - Additional GRPC server metrics and request sizes
-    - Improved GRPC metrics implementation internals
-    - The GRPC method label is now 'grpc_method' and GRPC status is now `grpc_client_status` and `grpc_server_status`
-
-  - HTTP Metrics Implementation. [GH-220]
-
-    - Support HTTP request sizes on client and server side of proxy
-    - Improved HTTP metrics implementation internals
-    - The HTTP method label is now `http_method`, and HTTP status label is now `http_status`
-
-### Changed
-
-- GRPC version upgraded to v1.22 [GH-219]
-- Add support for large cookie sessions by chunking. [GH-211]
-- Prefer [curve](https://wiki.mozilla.org/Security/Server_Side_TLS) X25519 to P256 for TLS connections. [GH-233]
-- Pomerium and its services will gracefully shutdown on [interrupt signal](http://man7.org/linux/man-pages/man7/signal.7.html). [GH-230]
-- [Google](https://developers.google.com/identity/protocols/OpenIDConnect) now prompts the user to select a user account (by adding `select_account` to the sign in url). This allows a user who has multiple accounts at the authorization server to select amongst the multiple accounts that they may have current sessions for.
-
-### FIXED
-
-- Fixed potential race condition when signing requests. [GH-240]
-- Fixed panic when reloading configuration in single service mode [GH-247]
-
-## v0.1.0
-
-### NEW
-
-- Add programmatic authentication support. [GH-177]
-- Add Prometheus format metrics endpoint. [GH-35]
-- Add policy setting to enable self-signed certificate support. [GH-179]
-- Add policy setting to skip tls certificate verification. [GH-179]
-
-### CHANGED
-
-- Policy `to` and `from` settings must be set to valid HTTP URLs including [schemes](https://en.wikipedia.org/wiki/Uniform_Resource_Identifier) and hostnames (e.g. `http.corp.domain.example` should now be `https://http.corp.domain.example`).
-- Proxy's sign out handler `{}/.pomerium/sign_out` now accepts an optional `redirect_uri` parameter which can be used to specify a custom redirect page, so long as it is under the same top-level domain. [GH-183]
-- Policy configuration can now be empty at startup. [GH-190]
-- Websocket support is now set per-route instead of globally. [GH-204]
-- Golint removed from amd64 container. [GH-215]
-- Pomerium will error if a session cookie is over 4096 bytes, instead of failing silently. [GH-212]
-
-### FIXED
-
-- Fixed HEADERS environment variable parsing. [GH-188]
-- Fixed Azure group lookups. [GH-190]
-- If a session is too large (over 4096 bytes) Pomerium will no longer fail silently. [GH-211]
-- Internal URLs like dashboard now start auth process to login a user if no session is found. [GH-205].
-- When set,`CookieDomain` lets a user set the scope of the user session. CSRF cookies will still always be scoped at the individual route level. [GH-181]
-
-## v0.0.5
-
-### NEW
-
-- Add ability to detect changes and reload policy configuration files. [GH-150]
-- Add user dashboard containing information about the current user's session. [GH-123]
-- Add functionality allowing users to initiate manual refresh of their session. This is helpful when a user's access control details are updated but their session hasn't updated yet. To prevent abuse, manual refresh is gated by a cooldown (`REFRESH_COOLDOWN`) which defaults to five minutes. [GH-73]
-- Add Administrator (super user) account support (`ADMINISTRATORS`). [GH-110]
-- Add feature that allows Administrators to impersonate / sign-in as another user from the user dashboard. [GH-110]
-- Add docker images and builds for ARM. [GH-95]
-- Add support for public, unauthenticated routes. [GH-129]
-
-### CHANGED
-
-- Add Request ID to error pages. [GH-144]
-- Refactor configuration handling to use spf13/viper bringing a variety of additional supported storage formats.[GH-115]
-- Changed config `AUTHENTICATE_INTERNAL_URL` to be a URL containing both a valid hostname and schema. [GH-153]
-- User state is now maintained and scoped at the domain level vs at the route level. [GH-128]
-- Error pages contain a link to sign out from the current user session. [GH-100]
-- Removed `LifetimeDeadline` from `sessions.SessionState`.
-- Removed favicon specific request handling. [GH-131]
-- Headers are now configurable via the `HEADERS` configuration variable. [GH-108]
-- Refactored proxy and authenticate services to share the same session state cookie. [GH-131]
-- Removed instances of extraneous session state saves. [GH-131]
-- Changed default behavior when no session is found. Users are now redirected to login instead of being shown an error page.[GH-131]
-- Updated routes such that all http handlers are now wrapped with a standard set of middleware. Headers, request id, loggers, and health checks middleware are now applied to all routes including 4xx and 5xx responses. [GH-116]
-- Changed docker images to be built from [distroless](https://github.com/GoogleContainerTools/distroless). This fixed an issue with `nsswitch` [GH-97], includes `ca-certificates` and limits the attack surface area of our images. [GH-101]
-- Changed HTTP to HTTPS redirect server to be user configurable via `HTTP_REDIRECT_ADDR`. [GH-103]
-- `Content-Security-Policy` hash updated to match new UI assets.
-
-### FIXED
-
-- Fixed websocket support. [GH-151]
-- Fixed an issue where policy and routes were being pre-processed incorrectly. [GH-132]
-- Fixed an issue where `golint` was not being found in our docker image. [GH-121]
-
-## v0.0.4
-
-### CHANGED
-
-- HTTP [Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) is included by default and set to one year. [GH-92]
-- HTTP now redirects to HTTPS. [GH-92]
-- Removed extraneous `AUTHORIZE_INTERNAL_URL` config option since authorization has no public http handlers, only a gRPC service endpoint. [GH-93]
-- Removed `PROXY_ROOT_DOMAIN` config option which is now inferred from `AUTHENTICATE_SERVICE_URL`. Only callback requests originating from a URL on the same sub-domain are permitted. [GH-83]
-- Removed `REDIRECT_URL` config option which is now inferred from `AUTHENTICATE_SERVICE_URL` (e.g. `https://$AUTHENTICATE_SERVICE_URL/oauth2/callback`). [GH-83]
-
-### FIXED
-
-- Fixed a bug in the Google provider implementation where the `refresh_token`. Updated the google implementation to use the new `prompt=consent` oauth2 parameters. Reported and fixed by @chemhack [GH-81]
-
-### DOCUMENTATION
-
-- Added [synology tutorial]. [GH-96]
-- Added [certificates documentation]. [GH-79]
-
-## v0.0.3
-
-### FEATURES
-
-- **Authorization** : The authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details.
-- **Group Support** : The authenticate service now retrieves a user's group membership information during authentication and refresh. This change may require additional identity provider configuration; all of which are described in the [updated docs](https://www.pomerium.com/docs/identity-providers.html). A brief summary of the requirements for each IdP are as follows:
-
-  - Google requires the [Admin SDK](https://developers.google.com/admin-sdk/directory/) to enabled, a service account with properly delegated access, and `IDP_SERVICE_ACCOUNT` to be set to the base64 encoded value of the service account's key file.
-  - Okta requires a `groups` claim to be added to both the `id_token` and `access_token`. No additional API calls are made.
-  - Microsoft Azure Active Directory requires the application be given an [additional API permission](https://docs.microsoft.com/en-us/graph/api/user-list-memberof?view=graph-rest-1.0), `Directory.Read.All`.
-  - Onelogin requires the [groups](https://developers.onelogin.com/openid-connect/scopes) was supplied during authentication and that groups parameter has been mapped. Group membership is validated on refresh with the [user-info api endpoint](https://developers.onelogin.com/openid-connect/api/user-info).
-
-- **WebSocket Support** : With [Go 1.12](https://golang.org/doc/go1.12#net/http/httputil) pomerium automatically proxies WebSocket requests.
-
-### CHANGED
-
-- Added `LOG_LEVEL` config setting that allows for setting the desired minimum log level for an event to be logged. [GH-74]
-- Changed `POMERIUM_DEBUG` config setting to just do console-pretty printing. No longer sets log level. [GH-74]
-- Updated `generate_wildcard_cert.sh` to generate a elliptic curve 256 cert by default.
-- Updated `env.example` to include a `POLICY` setting example.
-- Added `IDP_SERVICE_ACCOUNT` to `env.example` .
-- Removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files.
-- Removed `ROUTES` settings which has been replaced by `POLICY`.
-- Add refresh endpoint `${url}/.pomerium/refresh` which forces a token refresh and responds with the json result.
-- Group membership added to proxy headers (`x-pomerium-authenticated-user-groups`) and (`x-pomerium-jwt-assertion`).
-- Default Cookie lifetime (`COOKIE_EXPIRE`) changed from 7 days to 14 hours ~ roughly one business day.
-- Moved identity (`authenticate/providers`) into its own internal identity package as third party identity providers are going to authorization details (group membership, user role, etc) in addition to just authentication attributes.
-- Removed circuit breaker package. Calls that were previously wrapped with a circuit breaker fall under gRPC timeouts; which are gated by relatively short timeouts.
-- Session expiration times are truncated at the second.
-- **Removed gitlab provider**. We can't support groups until [this gitlab bug](https://gitlab.com/gitlab-org/gitlab-ce/issues/44435#note_88150387) is fixed.
-- Request context is now maintained throughout request-flow via the [context package](https://golang.org/pkg/context/) enabling timeouts, request tracing, and cancellation.
-
-### FIXED
-
-- `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one. [GH-58]
-
-[certificates documentation]: ../docs/topics/certificates.md
-[gh-1]: https://github.com/pomerium/pomerium/issues/1
-[gh-10]: https://github.com/pomerium/pomerium/issues/10
-[gh-100]: https://github.com/pomerium/pomerium/issues/100
-[gh-101]: https://github.com/pomerium/pomerium/issues/101
-[gh-102]: https://github.com/pomerium/pomerium/issues/102
-[gh-103]: https://github.com/pomerium/pomerium/issues/103
-[gh-104]: https://github.com/pomerium/pomerium/issues/104
-[gh-105]: https://github.com/pomerium/pomerium/issues/105
-[gh-106]: https://github.com/pomerium/pomerium/issues/106
-[gh-107]: https://github.com/pomerium/pomerium/issues/107
-[gh-108]: https://github.com/pomerium/pomerium/issues/108
-[gh-109]: https://github.com/pomerium/pomerium/issues/109
-[gh-11]: https://github.com/pomerium/pomerium/issues/11
-[gh-110]: https://github.com/pomerium/pomerium/issues/110
-[gh-111]: https://github.com/pomerium/pomerium/issues/111
-[gh-112]: https://github.com/pomerium/pomerium/issues/112
-[gh-113]: https://github.com/pomerium/pomerium/issues/113
-[gh-114]: https://github.com/pomerium/pomerium/issues/114
-[gh-115]: https://github.com/pomerium/pomerium/issues/115
-[gh-116]: https://github.com/pomerium/pomerium/issues/116
-[gh-117]: https://github.com/pomerium/pomerium/issues/117
-[gh-118]: https://github.com/pomerium/pomerium/issues/118
-[gh-119]: https://github.com/pomerium/pomerium/issues/119
-[gh-12]: https://github.com/pomerium/pomerium/issues/12
-[gh-120]: https://github.com/pomerium/pomerium/issues/120
-[gh-121]: https://github.com/pomerium/pomerium/issues/121
-[gh-122]: https://github.com/pomerium/pomerium/issues/122
-[gh-123]: https://github.com/pomerium/pomerium/issues/123
-[gh-124]: https://github.com/pomerium/pomerium/issues/124
-[gh-125]: https://github.com/pomerium/pomerium/issues/125
-[gh-126]: https://github.com/pomerium/pomerium/issues/126
-[gh-127]: https://github.com/pomerium/pomerium/issues/127
-[gh-128]: https://github.com/pomerium/pomerium/issues/128
-[gh-129]: https://github.com/pomerium/pomerium/issues/129
-[gh-13]: https://github.com/pomerium/pomerium/issues/13
-[gh-130]: https://github.com/pomerium/pomerium/issues/130
-[gh-131]: https://github.com/pomerium/pomerium/issues/131
-[gh-132]: https://github.com/pomerium/pomerium/issues/132
-[gh-133]: https://github.com/pomerium/pomerium/issues/133
-[gh-134]: https://github.com/pomerium/pomerium/issues/134
-[gh-135]: https://github.com/pomerium/pomerium/issues/135
-[gh-136]: https://github.com/pomerium/pomerium/issues/136
-[gh-137]: https://github.com/pomerium/pomerium/issues/137
-[gh-138]: https://github.com/pomerium/pomerium/issues/138
-[gh-139]: https://github.com/pomerium/pomerium/issues/139
-[gh-14]: https://github.com/pomerium/pomerium/issues/14
-[gh-140]: https://github.com/pomerium/pomerium/issues/140
-[gh-141]: https://github.com/pomerium/pomerium/issues/141
-[gh-142]: https://github.com/pomerium/pomerium/issues/142
-[gh-143]: https://github.com/pomerium/pomerium/issues/143
-[gh-144]: https://github.com/pomerium/pomerium/issues/144
-[gh-145]: https://github.com/pomerium/pomerium/issues/145
-[gh-146]: https://github.com/pomerium/pomerium/issues/146
-[gh-147]: https://github.com/pomerium/pomerium/issues/147
-[gh-148]: https://github.com/pomerium/pomerium/issues/148
-[gh-149]: https://github.com/pomerium/pomerium/issues/149
-[gh-15]: https://github.com/pomerium/pomerium/issues/15
-[gh-150]: https://github.com/pomerium/pomerium/issues/150
-[gh-151]: https://github.com/pomerium/pomerium/issues/151
-[gh-152]: https://github.com/pomerium/pomerium/issues/152
-[gh-153]: https://github.com/pomerium/pomerium/issues/153
-[gh-154]: https://github.com/pomerium/pomerium/issues/154
-[gh-155]: https://github.com/pomerium/pomerium/issues/155
-[gh-156]: https://github.com/pomerium/pomerium/issues/156
-[gh-157]: https://github.com/pomerium/pomerium/issues/157
-[gh-158]: https://github.com/pomerium/pomerium/issues/158
-[gh-159]: https://github.com/pomerium/pomerium/issues/159
-[gh-16]: https://github.com/pomerium/pomerium/issues/16
-[gh-160]: https://github.com/pomerium/pomerium/issues/160
-[gh-161]: https://github.com/pomerium/pomerium/issues/161
-[gh-162]: https://github.com/pomerium/pomerium/issues/162
-[gh-163]: https://github.com/pomerium/pomerium/issues/163
-[gh-164]: https://github.com/pomerium/pomerium/issues/164
-[gh-165]: https://github.com/pomerium/pomerium/issues/165
-[gh-166]: https://github.com/pomerium/pomerium/issues/166
-[gh-167]: https://github.com/pomerium/pomerium/issues/167
-[gh-168]: https://github.com/pomerium/pomerium/issues/168
-[gh-169]: https://github.com/pomerium/pomerium/issues/169
-[gh-17]: https://github.com/pomerium/pomerium/issues/17
-[gh-170]: https://github.com/pomerium/pomerium/issues/170
-[gh-171]: https://github.com/pomerium/pomerium/issues/171
-[gh-172]: https://github.com/pomerium/pomerium/issues/172
-[gh-173]: https://github.com/pomerium/pomerium/issues/173
-[gh-174]: https://github.com/pomerium/pomerium/issues/174
-[gh-175]: https://github.com/pomerium/pomerium/issues/175
-[gh-176]: https://github.com/pomerium/pomerium/issues/176
-[gh-177]: https://github.com/pomerium/pomerium/issues/177
-[gh-178]: https://github.com/pomerium/pomerium/issues/178
-[gh-179]: https://github.com/pomerium/pomerium/issues/179
-[gh-18]: https://github.com/pomerium/pomerium/issues/18
-[gh-180]: https://github.com/pomerium/pomerium/issues/180
-[gh-181]: https://github.com/pomerium/pomerium/issues/181
-[gh-182]: https://github.com/pomerium/pomerium/issues/182
-[gh-183]: https://github.com/pomerium/pomerium/issues/183
-[gh-184]: https://github.com/pomerium/pomerium/issues/184
-[gh-185]: https://github.com/pomerium/pomerium/issues/185
-[gh-186]: https://github.com/pomerium/pomerium/issues/186
-[gh-187]: https://github.com/pomerium/pomerium/issues/187
-[gh-188]: https://github.com/pomerium/pomerium/issues/188
-[gh-189]: https://github.com/pomerium/pomerium/issues/189
-[gh-19]: https://github.com/pomerium/pomerium/issues/19
-[gh-190]: https://github.com/pomerium/pomerium/issues/190
-[gh-191]: https://github.com/pomerium/pomerium/issues/191
-[gh-192]: https://github.com/pomerium/pomerium/issues/192
-[gh-193]: https://github.com/pomerium/pomerium/issues/193
-[gh-194]: https://github.com/pomerium/pomerium/issues/194
-[gh-195]: https://github.com/pomerium/pomerium/issues/195
-[gh-196]: https://github.com/pomerium/pomerium/issues/196
-[gh-197]: https://github.com/pomerium/pomerium/issues/197
-[gh-198]: https://github.com/pomerium/pomerium/issues/198
-[gh-199]: https://github.com/pomerium/pomerium/issues/199
-[gh-2]: https://github.com/pomerium/pomerium/issues/2
-[gh-20]: https://github.com/pomerium/pomerium/issues/20
-[gh-200]: https://github.com/pomerium/pomerium/issues/200
-[gh-201]: https://github.com/pomerium/pomerium/issues/201
-[gh-202]: https://github.com/pomerium/pomerium/issues/202
-[gh-203]: https://github.com/pomerium/pomerium/issues/203
-[gh-204]: https://github.com/pomerium/pomerium/issues/204
-[gh-205]: https://github.com/pomerium/pomerium/issues/205
-[gh-206]: https://github.com/pomerium/pomerium/issues/206
-[gh-207]: https://github.com/pomerium/pomerium/issues/207
-[gh-208]: https://github.com/pomerium/pomerium/issues/208
-[gh-209]: https://github.com/pomerium/pomerium/issues/209
-[gh-21]: https://github.com/pomerium/pomerium/issues/21
-[gh-210]: https://github.com/pomerium/pomerium/issues/210
-[gh-211]: https://github.com/pomerium/pomerium/issues/211
-[gh-212]: https://github.com/pomerium/pomerium/issues/212
-[gh-213]: https://github.com/pomerium/pomerium/issues/213
-[gh-214]: https://github.com/pomerium/pomerium/issues/214
-[gh-215]: https://github.com/pomerium/pomerium/issues/215
-[gh-216]: https://github.com/pomerium/pomerium/issues/216
-[gh-217]: https://github.com/pomerium/pomerium/issues/217
-[gh-218]: https://github.com/pomerium/pomerium/issues/218
-[gh-219]: https://github.com/pomerium/pomerium/issues/219
-[gh-22]: https://github.com/pomerium/pomerium/issues/22
-[gh-220]: https://github.com/pomerium/pomerium/issues/220
-[gh-221]: https://github.com/pomerium/pomerium/issues/221
-[gh-222]: https://github.com/pomerium/pomerium/issues/222
-[gh-223]: https://github.com/pomerium/pomerium/issues/223
-[gh-224]: https://github.com/pomerium/pomerium/issues/224
-[gh-225]: https://github.com/pomerium/pomerium/issues/225
-[gh-226]: https://github.com/pomerium/pomerium/issues/226
-[gh-227]: https://github.com/pomerium/pomerium/issues/227
-[gh-228]: https://github.com/pomerium/pomerium/issues/228
-[gh-229]: https://github.com/pomerium/pomerium/issues/229
-[gh-23]: https://github.com/pomerium/pomerium/issues/23
-[gh-230]: https://github.com/pomerium/pomerium/issues/230
-[gh-231]: https://github.com/pomerium/pomerium/issues/231
-[gh-232]: https://github.com/pomerium/pomerium/issues/232
-[gh-233]: https://github.com/pomerium/pomerium/issues/233
-[gh-234]: https://github.com/pomerium/pomerium/issues/234
-[gh-235]: https://github.com/pomerium/pomerium/issues/235
-[gh-236]: https://github.com/pomerium/pomerium/issues/236
-[gh-237]: https://github.com/pomerium/pomerium/issues/237
-[gh-238]: https://github.com/pomerium/pomerium/issues/238
-[gh-239]: https://github.com/pomerium/pomerium/issues/239
-[gh-24]: https://github.com/pomerium/pomerium/issues/24
-[gh-240]: https://github.com/pomerium/pomerium/issues/240
-[gh-241]: https://github.com/pomerium/pomerium/issues/241
-[gh-242]: https://github.com/pomerium/pomerium/issues/242
-[gh-243]: https://github.com/pomerium/pomerium/issues/243
-[gh-244]: https://github.com/pomerium/pomerium/issues/244
-[gh-245]: https://github.com/pomerium/pomerium/issues/245
-[gh-246]: https://github.com/pomerium/pomerium/issues/246
-[gh-247]: https://github.com/pomerium/pomerium/issues/247
-[gh-248]: https://github.com/pomerium/pomerium/issues/248
-[gh-249]: https://github.com/pomerium/pomerium/issues/249
-[gh-25]: https://github.com/pomerium/pomerium/issues/25
-[gh-250]: https://github.com/pomerium/pomerium/issues/250
-[gh-251]: https://github.com/pomerium/pomerium/issues/251
-[gh-252]: https://github.com/pomerium/pomerium/issues/252
-[gh-253]: https://github.com/pomerium/pomerium/issues/253
-[gh-254]: https://github.com/pomerium/pomerium/issues/254
-[gh-255]: https://github.com/pomerium/pomerium/issues/255
-[gh-256]: https://github.com/pomerium/pomerium/issues/256
-[gh-257]: https://github.com/pomerium/pomerium/issues/257
-[gh-258]: https://github.com/pomerium/pomerium/issues/258
-[gh-259]: https://github.com/pomerium/pomerium/issues/259
-[gh-26]: https://github.com/pomerium/pomerium/issues/26
-[gh-260]: https://github.com/pomerium/pomerium/issues/260
-[gh-261]: https://github.com/pomerium/pomerium/issues/261
-[gh-262]: https://github.com/pomerium/pomerium/issues/262
-[gh-263]: https://github.com/pomerium/pomerium/issues/263
-[gh-264]: https://github.com/pomerium/pomerium/issues/264
-[gh-265]: https://github.com/pomerium/pomerium/issues/265
-[gh-266]: https://github.com/pomerium/pomerium/issues/266
-[gh-267]: https://github.com/pomerium/pomerium/issues/267
-[gh-268]: https://github.com/pomerium/pomerium/issues/268
-[gh-269]: https://github.com/pomerium/pomerium/issues/269
-[gh-27]: https://github.com/pomerium/pomerium/issues/27
-[gh-270]: https://github.com/pomerium/pomerium/issues/270
-[gh-271]: https://github.com/pomerium/pomerium/issues/271
-[gh-272]: https://github.com/pomerium/pomerium/issues/272
-[gh-273]: https://github.com/pomerium/pomerium/issues/273
-[gh-274]: https://github.com/pomerium/pomerium/issues/274
-[gh-275]: https://github.com/pomerium/pomerium/issues/275
-[gh-276]: https://github.com/pomerium/pomerium/issues/276
-[gh-277]: https://github.com/pomerium/pomerium/issues/277
-[gh-278]: https://github.com/pomerium/pomerium/issues/278
-[gh-279]: https://github.com/pomerium/pomerium/issues/279
-[gh-28]: https://github.com/pomerium/pomerium/issues/28
-[gh-280]: https://github.com/pomerium/pomerium/issues/280
-[gh-281]: https://github.com/pomerium/pomerium/issues/281
-[gh-282]: https://github.com/pomerium/pomerium/issues/282
-[gh-283]: https://github.com/pomerium/pomerium/issues/283
-[gh-284]: https://github.com/pomerium/pomerium/issues/284
-[gh-285]: https://github.com/pomerium/pomerium/issues/285
-[gh-286]: https://github.com/pomerium/pomerium/issues/286
-[gh-287]: https://github.com/pomerium/pomerium/issues/287
-[gh-288]: https://github.com/pomerium/pomerium/issues/288
-[gh-289]: https://github.com/pomerium/pomerium/issues/289
-[gh-29]: https://github.com/pomerium/pomerium/issues/29
-[gh-290]: https://github.com/pomerium/pomerium/issues/290
-[gh-291]: https://github.com/pomerium/pomerium/issues/291
-[gh-292]: https://github.com/pomerium/pomerium/issues/292
-[gh-293]: https://github.com/pomerium/pomerium/issues/293
-[gh-294]: https://github.com/pomerium/pomerium/issues/294
-[gh-295]: https://github.com/pomerium/pomerium/issues/295
-[gh-296]: https://github.com/pomerium/pomerium/issues/296
-[gh-297]: https://github.com/pomerium/pomerium/issues/297
-[gh-298]: https://github.com/pomerium/pomerium/issues/298
-[gh-299]: https://github.com/pomerium/pomerium/issues/299
-[gh-3]: https://github.com/pomerium/pomerium/issues/3
-[gh-30]: https://github.com/pomerium/pomerium/issues/30
-[gh-300]: https://github.com/pomerium/pomerium/issues/300
-[gh-301]: https://github.com/pomerium/pomerium/issues/301
-[gh-302]: https://github.com/pomerium/pomerium/issues/302
-[gh-303]: https://github.com/pomerium/pomerium/issues/303
-[gh-304]: https://github.com/pomerium/pomerium/issues/304
-[gh-305]: https://github.com/pomerium/pomerium/issues/305
-[gh-306]: https://github.com/pomerium/pomerium/issues/306
-[gh-307]: https://github.com/pomerium/pomerium/issues/307
-[gh-308]: https://github.com/pomerium/pomerium/issues/308
-[gh-309]: https://github.com/pomerium/pomerium/issues/309
-[gh-31]: https://github.com/pomerium/pomerium/issues/31
-[gh-310]: https://github.com/pomerium/pomerium/issues/310
-[gh-311]: https://github.com/pomerium/pomerium/issues/311
-[gh-312]: https://github.com/pomerium/pomerium/issues/312
-[gh-313]: https://github.com/pomerium/pomerium/issues/313
-[gh-314]: https://github.com/pomerium/pomerium/issues/314
-[gh-315]: https://github.com/pomerium/pomerium/issues/315
-[gh-316]: https://github.com/pomerium/pomerium/issues/316
-[gh-317]: https://github.com/pomerium/pomerium/issues/317
-[gh-318]: https://github.com/pomerium/pomerium/issues/318
-[gh-319]: https://github.com/pomerium/pomerium/issues/319
-[gh-32]: https://github.com/pomerium/pomerium/issues/32
-[gh-320]: https://github.com/pomerium/pomerium/issues/320
-[gh-321]: https://github.com/pomerium/pomerium/issues/321
-[gh-322]: https://github.com/pomerium/pomerium/issues/322
-[gh-323]: https://github.com/pomerium/pomerium/issues/323
-[gh-324]: https://github.com/pomerium/pomerium/issues/324
-[gh-325]: https://github.com/pomerium/pomerium/issues/325
-[gh-326]: https://github.com/pomerium/pomerium/issues/326
-[gh-327]: https://github.com/pomerium/pomerium/issues/327
-[gh-328]: https://github.com/pomerium/pomerium/issues/328
-[gh-329]: https://github.com/pomerium/pomerium/issues/329
-[gh-33]: https://github.com/pomerium/pomerium/issues/33
-[gh-330]: https://github.com/pomerium/pomerium/issues/330
-[gh-331]: https://github.com/pomerium/pomerium/issues/331
-[gh-332]: https://github.com/pomerium/pomerium/issues/332
-[gh-333]: https://github.com/pomerium/pomerium/issues/333
-[gh-334]: https://github.com/pomerium/pomerium/issues/334
-[gh-335]: https://github.com/pomerium/pomerium/issues/335
-[gh-336]: https://github.com/pomerium/pomerium/issues/336
-[gh-337]: https://github.com/pomerium/pomerium/issues/337
-[gh-338]: https://github.com/pomerium/pomerium/issues/338
-[gh-339]: https://github.com/pomerium/pomerium/issues/339
-[gh-34]: https://github.com/pomerium/pomerium/issues/34
-[gh-340]: https://github.com/pomerium/pomerium/issues/340
-[gh-341]: https://github.com/pomerium/pomerium/issues/341
-[gh-342]: https://github.com/pomerium/pomerium/issues/342
-[gh-343]: https://github.com/pomerium/pomerium/issues/343
-[gh-344]: https://github.com/pomerium/pomerium/issues/344
-[gh-345]: https://github.com/pomerium/pomerium/issues/345
-[gh-346]: https://github.com/pomerium/pomerium/issues/346
-[gh-347]: https://github.com/pomerium/pomerium/issues/347
-[gh-348]: https://github.com/pomerium/pomerium/issues/348
-[gh-349]: https://github.com/pomerium/pomerium/issues/349
-[gh-35]: https://github.com/pomerium/pomerium/issues/35
-[gh-350]: https://github.com/pomerium/pomerium/issues/350
-[gh-351]: https://github.com/pomerium/pomerium/issues/351
-[gh-352]: https://github.com/pomerium/pomerium/issues/352
-[gh-353]: https://github.com/pomerium/pomerium/issues/353
-[gh-354]: https://github.com/pomerium/pomerium/issues/354
-[gh-355]: https://github.com/pomerium/pomerium/issues/355
-[gh-356]: https://github.com/pomerium/pomerium/issues/356
-[gh-357]: https://github.com/pomerium/pomerium/issues/357
-[gh-358]: https://github.com/pomerium/pomerium/issues/358
-[gh-359]: https://github.com/pomerium/pomerium/issues/359
-[gh-36]: https://github.com/pomerium/pomerium/issues/36
-[gh-360]: https://github.com/pomerium/pomerium/issues/360
-[gh-361]: https://github.com/pomerium/pomerium/issues/361
-[gh-362]: https://github.com/pomerium/pomerium/issues/362
-[gh-363]: https://github.com/pomerium/pomerium/issues/363
-[gh-364]: https://github.com/pomerium/pomerium/issues/364
-[gh-365]: https://github.com/pomerium/pomerium/issues/365
-[gh-366]: https://github.com/pomerium/pomerium/issues/366
-[gh-367]: https://github.com/pomerium/pomerium/issues/367
-[gh-368]: https://github.com/pomerium/pomerium/issues/368
-[gh-369]: https://github.com/pomerium/pomerium/issues/369
-[gh-37]: https://github.com/pomerium/pomerium/issues/37
-[gh-370]: https://github.com/pomerium/pomerium/issues/370
-[gh-371]: https://github.com/pomerium/pomerium/issues/371
-[gh-372]: https://github.com/pomerium/pomerium/issues/372
-[gh-373]: https://github.com/pomerium/pomerium/issues/373
-[gh-374]: https://github.com/pomerium/pomerium/issues/374
-[gh-375]: https://github.com/pomerium/pomerium/issues/375
-[gh-376]: https://github.com/pomerium/pomerium/issues/376
-[gh-377]: https://github.com/pomerium/pomerium/issues/377
-[gh-378]: https://github.com/pomerium/pomerium/issues/378
-[gh-379]: https://github.com/pomerium/pomerium/issues/379
-[gh-38]: https://github.com/pomerium/pomerium/issues/38
-[gh-380]: https://github.com/pomerium/pomerium/issues/380
-[gh-381]: https://github.com/pomerium/pomerium/issues/381
-[gh-382]: https://github.com/pomerium/pomerium/issues/382
-[gh-383]: https://github.com/pomerium/pomerium/issues/383
-[gh-384]: https://github.com/pomerium/pomerium/issues/384
-[gh-385]: https://github.com/pomerium/pomerium/issues/385
-[gh-386]: https://github.com/pomerium/pomerium/issues/386
-[gh-387]: https://github.com/pomerium/pomerium/issues/387
-[gh-388]: https://github.com/pomerium/pomerium/issues/388
-[gh-389]: https://github.com/pomerium/pomerium/issues/389
-[gh-39]: https://github.com/pomerium/pomerium/issues/39
-[gh-390]: https://github.com/pomerium/pomerium/issues/390
-[gh-391]: https://github.com/pomerium/pomerium/issues/391
-[gh-392]: https://github.com/pomerium/pomerium/issues/392
-[gh-393]: https://github.com/pomerium/pomerium/issues/393
-[gh-394]: https://github.com/pomerium/pomerium/issues/394
-[gh-395]: https://github.com/pomerium/pomerium/issues/395
-[gh-396]: https://github.com/pomerium/pomerium/issues/396
-[gh-397]: https://github.com/pomerium/pomerium/issues/397
-[gh-398]: https://github.com/pomerium/pomerium/issues/398
-[gh-399]: https://github.com/pomerium/pomerium/issues/399
-[gh-4]: https://github.com/pomerium/pomerium/issues/4
-[gh-40]: https://github.com/pomerium/pomerium/issues/40
-[gh-400]: https://github.com/pomerium/pomerium/issues/400
-[gh-401]: https://github.com/pomerium/pomerium/issues/401
-[gh-402]: https://github.com/pomerium/pomerium/issues/402
-[gh-403]: https://github.com/pomerium/pomerium/issues/403
-[gh-404]: https://github.com/pomerium/pomerium/issues/404
-[gh-405]: https://github.com/pomerium/pomerium/issues/405
-[gh-406]: https://github.com/pomerium/pomerium/issues/406
-[gh-407]: https://github.com/pomerium/pomerium/issues/407
-[gh-408]: https://github.com/pomerium/pomerium/issues/408
-[gh-409]: https://github.com/pomerium/pomerium/issues/409
-[gh-41]: https://github.com/pomerium/pomerium/issues/41
-[gh-410]: https://github.com/pomerium/pomerium/issues/410
-[gh-411]: https://github.com/pomerium/pomerium/issues/411
-[gh-412]: https://github.com/pomerium/pomerium/issues/412
-[gh-413]: https://github.com/pomerium/pomerium/issues/413
-[gh-414]: https://github.com/pomerium/pomerium/issues/414
-[gh-415]: https://github.com/pomerium/pomerium/issues/415
-[gh-416]: https://github.com/pomerium/pomerium/issues/416
-[gh-417]: https://github.com/pomerium/pomerium/issues/417
-[gh-418]: https://github.com/pomerium/pomerium/issues/418
-[gh-419]: https://github.com/pomerium/pomerium/issues/419
-[gh-42]: https://github.com/pomerium/pomerium/issues/42
-[gh-420]: https://github.com/pomerium/pomerium/issues/420
-[gh-421]: https://github.com/pomerium/pomerium/issues/421
-[gh-422]: https://github.com/pomerium/pomerium/issues/422
-[gh-423]: https://github.com/pomerium/pomerium/issues/423
-[gh-424]: https://github.com/pomerium/pomerium/issues/424
-[gh-425]: https://github.com/pomerium/pomerium/issues/425
-[gh-426]: https://github.com/pomerium/pomerium/issues/426
-[gh-427]: https://github.com/pomerium/pomerium/issues/427
-[gh-428]: https://github.com/pomerium/pomerium/issues/428
-[gh-429]: https://github.com/pomerium/pomerium/issues/429
-[gh-43]: https://github.com/pomerium/pomerium/issues/43
-[gh-430]: https://github.com/pomerium/pomerium/issues/430
-[gh-431]: https://github.com/pomerium/pomerium/issues/431
-[gh-432]: https://github.com/pomerium/pomerium/issues/432
-[gh-433]: https://github.com/pomerium/pomerium/issues/433
-[gh-434]: https://github.com/pomerium/pomerium/issues/434
-[gh-435]: https://github.com/pomerium/pomerium/issues/435
-[gh-436]: https://github.com/pomerium/pomerium/issues/436
-[gh-437]: https://github.com/pomerium/pomerium/issues/437
-[gh-438]: https://github.com/pomerium/pomerium/issues/438
-[gh-439]: https://github.com/pomerium/pomerium/issues/439
-[gh-44]: https://github.com/pomerium/pomerium/issues/44
-[gh-440]: https://github.com/pomerium/pomerium/issues/440
-[gh-441]: https://github.com/pomerium/pomerium/issues/441
-[gh-442]: https://github.com/pomerium/pomerium/issues/442
-[gh-443]: https://github.com/pomerium/pomerium/issues/443
-[gh-444]: https://github.com/pomerium/pomerium/issues/444
-[gh-445]: https://github.com/pomerium/pomerium/issues/445
-[gh-446]: https://github.com/pomerium/pomerium/issues/446
-[gh-447]: https://github.com/pomerium/pomerium/issues/447
-[gh-448]: https://github.com/pomerium/pomerium/issues/448
-[gh-449]: https://github.com/pomerium/pomerium/issues/449
-[gh-45]: https://github.com/pomerium/pomerium/issues/45
-[gh-450]: https://github.com/pomerium/pomerium/issues/450
-[gh-451]: https://github.com/pomerium/pomerium/issues/451
-[gh-452]: https://github.com/pomerium/pomerium/issues/452
-[gh-453]: https://github.com/pomerium/pomerium/issues/453
-[gh-454]: https://github.com/pomerium/pomerium/issues/454
-[gh-455]: https://github.com/pomerium/pomerium/issues/455
-[gh-456]: https://github.com/pomerium/pomerium/issues/456
-[gh-457]: https://github.com/pomerium/pomerium/issues/457
-[gh-458]: https://github.com/pomerium/pomerium/issues/458
-[gh-459]: https://github.com/pomerium/pomerium/issues/459
-[gh-46]: https://github.com/pomerium/pomerium/issues/46
-[gh-460]: https://github.com/pomerium/pomerium/issues/460
-[gh-461]: https://github.com/pomerium/pomerium/issues/461
-[gh-462]: https://github.com/pomerium/pomerium/issues/462
-[gh-463]: https://github.com/pomerium/pomerium/issues/463
-[gh-464]: https://github.com/pomerium/pomerium/issues/464
-[gh-465]: https://github.com/pomerium/pomerium/issues/465
-[gh-466]: https://github.com/pomerium/pomerium/issues/466
-[gh-467]: https://github.com/pomerium/pomerium/issues/467
-[gh-468]: https://github.com/pomerium/pomerium/issues/468
-[gh-469]: https://github.com/pomerium/pomerium/issues/469
-[gh-47]: https://github.com/pomerium/pomerium/issues/47
-[gh-470]: https://github.com/pomerium/pomerium/issues/470
-[gh-471]: https://github.com/pomerium/pomerium/issues/471
-[gh-472]: https://github.com/pomerium/pomerium/issues/472
-[gh-473]: https://github.com/pomerium/pomerium/issues/473
-[gh-474]: https://github.com/pomerium/pomerium/issues/474
-[gh-475]: https://github.com/pomerium/pomerium/issues/475
-[gh-476]: https://github.com/pomerium/pomerium/issues/476
-[gh-477]: https://github.com/pomerium/pomerium/issues/477
-[gh-478]: https://github.com/pomerium/pomerium/issues/478
-[gh-479]: https://github.com/pomerium/pomerium/issues/479
-[gh-48]: https://github.com/pomerium/pomerium/issues/48
-[gh-480]: https://github.com/pomerium/pomerium/issues/480
-[gh-481]: https://github.com/pomerium/pomerium/issues/481
-[gh-482]: https://github.com/pomerium/pomerium/issues/482
-[gh-483]: https://github.com/pomerium/pomerium/issues/483
-[gh-484]: https://github.com/pomerium/pomerium/issues/484
-[gh-485]: https://github.com/pomerium/pomerium/issues/485
-[gh-486]: https://github.com/pomerium/pomerium/issues/486
-[gh-487]: https://github.com/pomerium/pomerium/issues/487
-[gh-488]: https://github.com/pomerium/pomerium/issues/488
-[gh-489]: https://github.com/pomerium/pomerium/issues/489
-[gh-49]: https://github.com/pomerium/pomerium/issues/49
-[gh-490]: https://github.com/pomerium/pomerium/issues/490
-[gh-491]: https://github.com/pomerium/pomerium/issues/491
-[gh-492]: https://github.com/pomerium/pomerium/issues/492
-[gh-493]: https://github.com/pomerium/pomerium/issues/493
-[gh-494]: https://github.com/pomerium/pomerium/issues/494
-[gh-495]: https://github.com/pomerium/pomerium/issues/495
-[gh-496]: https://github.com/pomerium/pomerium/issues/496
-[gh-497]: https://github.com/pomerium/pomerium/issues/497
-[gh-498]: https://github.com/pomerium/pomerium/issues/498
-[gh-499]: https://github.com/pomerium/pomerium/issues/499
-[gh-5]: https://github.com/pomerium/pomerium/issues/5
-[gh-50]: https://github.com/pomerium/pomerium/issues/50
-[gh-500]: https://github.com/pomerium/pomerium/issues/500
-[gh-501]: https://github.com/pomerium/pomerium/issues/501
-[gh-502]: https://github.com/pomerium/pomerium/issues/502
-[gh-503]: https://github.com/pomerium/pomerium/issues/503
-[gh-504]: https://github.com/pomerium/pomerium/issues/504
-[gh-505]: https://github.com/pomerium/pomerium/issues/505
-[gh-506]: https://github.com/pomerium/pomerium/issues/506
-[gh-507]: https://github.com/pomerium/pomerium/issues/507
-[gh-508]: https://github.com/pomerium/pomerium/issues/508
-[gh-509]: https://github.com/pomerium/pomerium/issues/509
-[gh-51]: https://github.com/pomerium/pomerium/issues/51
-[gh-510]: https://github.com/pomerium/pomerium/issues/510
-[gh-511]: https://github.com/pomerium/pomerium/issues/511
-[gh-512]: https://github.com/pomerium/pomerium/issues/512
-[gh-513]: https://github.com/pomerium/pomerium/issues/513
-[gh-514]: https://github.com/pomerium/pomerium/issues/514
-[gh-515]: https://github.com/pomerium/pomerium/issues/515
-[gh-516]: https://github.com/pomerium/pomerium/issues/516
-[gh-517]: https://github.com/pomerium/pomerium/issues/517
-[gh-518]: https://github.com/pomerium/pomerium/issues/518
-[gh-519]: https://github.com/pomerium/pomerium/issues/519
-[gh-52]: https://github.com/pomerium/pomerium/issues/52
-[gh-520]: https://github.com/pomerium/pomerium/issues/520
-[gh-521]: https://github.com/pomerium/pomerium/issues/521
-[gh-522]: https://github.com/pomerium/pomerium/issues/522
-[gh-523]: https://github.com/pomerium/pomerium/issues/523
-[gh-524]: https://github.com/pomerium/pomerium/issues/524
-[gh-525]: https://github.com/pomerium/pomerium/issues/525
-[gh-526]: https://github.com/pomerium/pomerium/issues/526
-[gh-527]: https://github.com/pomerium/pomerium/issues/527
-[gh-528]: https://github.com/pomerium/pomerium/issues/528
-[gh-529]: https://github.com/pomerium/pomerium/issues/529
-[gh-53]: https://github.com/pomerium/pomerium/issues/53
-[gh-530]: https://github.com/pomerium/pomerium/issues/530
-[gh-531]: https://github.com/pomerium/pomerium/issues/531
-[gh-532]: https://github.com/pomerium/pomerium/issues/532
-[gh-533]: https://github.com/pomerium/pomerium/issues/533
-[gh-534]: https://github.com/pomerium/pomerium/issues/534
-[gh-535]: https://github.com/pomerium/pomerium/issues/535
-[gh-536]: https://github.com/pomerium/pomerium/issues/536
-[gh-537]: https://github.com/pomerium/pomerium/issues/537
-[gh-538]: https://github.com/pomerium/pomerium/issues/538
-[gh-539]: https://github.com/pomerium/pomerium/issues/539
-[gh-54]: https://github.com/pomerium/pomerium/issues/54
-[gh-540]: https://github.com/pomerium/pomerium/issues/540
-[gh-541]: https://github.com/pomerium/pomerium/issues/541
-[gh-542]: https://github.com/pomerium/pomerium/issues/542
-[gh-543]: https://github.com/pomerium/pomerium/issues/543
-[gh-544]: https://github.com/pomerium/pomerium/issues/544
-[gh-545]: https://github.com/pomerium/pomerium/issues/545
-[gh-546]: https://github.com/pomerium/pomerium/issues/546
-[gh-547]: https://github.com/pomerium/pomerium/issues/547
-[gh-548]: https://github.com/pomerium/pomerium/issues/548
-[gh-549]: https://github.com/pomerium/pomerium/issues/549
-[gh-55]: https://github.com/pomerium/pomerium/issues/55
-[gh-550]: https://github.com/pomerium/pomerium/issues/550
-[gh-551]: https://github.com/pomerium/pomerium/issues/551
-[gh-552]: https://github.com/pomerium/pomerium/issues/552
-[gh-553]: https://github.com/pomerium/pomerium/issues/553
-[gh-554]: https://github.com/pomerium/pomerium/issues/554
-[gh-555]: https://github.com/pomerium/pomerium/issues/555
-[gh-556]: https://github.com/pomerium/pomerium/issues/556
-[gh-557]: https://github.com/pomerium/pomerium/issues/557
-[gh-558]: https://github.com/pomerium/pomerium/issues/558
-[gh-559]: https://github.com/pomerium/pomerium/issues/559
-[gh-56]: https://github.com/pomerium/pomerium/issues/56
-[gh-560]: https://github.com/pomerium/pomerium/issues/560
-[gh-561]: https://github.com/pomerium/pomerium/issues/561
-[gh-562]: https://github.com/pomerium/pomerium/issues/562
-[gh-563]: https://github.com/pomerium/pomerium/issues/563
-[gh-564]: https://github.com/pomerium/pomerium/issues/564
-[gh-565]: https://github.com/pomerium/pomerium/issues/565
-[gh-566]: https://github.com/pomerium/pomerium/issues/566
-[gh-567]: https://github.com/pomerium/pomerium/issues/567
-[gh-568]: https://github.com/pomerium/pomerium/issues/568
-[gh-569]: https://github.com/pomerium/pomerium/issues/569
-[gh-57]: https://github.com/pomerium/pomerium/issues/57
-[gh-570]: https://github.com/pomerium/pomerium/issues/570
-[gh-571]: https://github.com/pomerium/pomerium/issues/571
-[gh-572]: https://github.com/pomerium/pomerium/issues/572
-[gh-573]: https://github.com/pomerium/pomerium/issues/573
-[gh-574]: https://github.com/pomerium/pomerium/issues/574
-[gh-575]: https://github.com/pomerium/pomerium/issues/575
-[gh-576]: https://github.com/pomerium/pomerium/issues/576
-[gh-577]: https://github.com/pomerium/pomerium/issues/577
-[gh-578]: https://github.com/pomerium/pomerium/issues/578
-[gh-579]: https://github.com/pomerium/pomerium/issues/579
-[gh-58]: https://github.com/pomerium/pomerium/issues/58
-[gh-580]: https://github.com/pomerium/pomerium/issues/580
-[gh-581]: https://github.com/pomerium/pomerium/issues/581
-[gh-582]: https://github.com/pomerium/pomerium/issues/582
-[gh-583]: https://github.com/pomerium/pomerium/issues/583
-[gh-584]: https://github.com/pomerium/pomerium/issues/584
-[gh-585]: https://github.com/pomerium/pomerium/issues/585
-[gh-586]: https://github.com/pomerium/pomerium/issues/586
-[gh-587]: https://github.com/pomerium/pomerium/issues/587
-[gh-588]: https://github.com/pomerium/pomerium/issues/588
-[gh-589]: https://github.com/pomerium/pomerium/issues/589
-[gh-59]: https://github.com/pomerium/pomerium/issues/59
-[gh-590]: https://github.com/pomerium/pomerium/issues/590
-[gh-591]: https://github.com/pomerium/pomerium/issues/591
-[gh-592]: https://github.com/pomerium/pomerium/issues/592
-[gh-593]: https://github.com/pomerium/pomerium/issues/593
-[gh-594]: https://github.com/pomerium/pomerium/issues/594
-[gh-595]: https://github.com/pomerium/pomerium/issues/595
-[gh-596]: https://github.com/pomerium/pomerium/issues/596
-[gh-597]: https://github.com/pomerium/pomerium/issues/597
-[gh-598]: https://github.com/pomerium/pomerium/issues/598
-[gh-599]: https://github.com/pomerium/pomerium/issues/599
-[gh-6]: https://github.com/pomerium/pomerium/issues/6
-[gh-60]: https://github.com/pomerium/pomerium/issues/60
-[gh-600]: https://github.com/pomerium/pomerium/issues/600
-[gh-601]: https://github.com/pomerium/pomerium/issues/601
-[gh-602]: https://github.com/pomerium/pomerium/issues/602
-[gh-603]: https://github.com/pomerium/pomerium/issues/603
-[gh-604]: https://github.com/pomerium/pomerium/issues/604
-[gh-605]: https://github.com/pomerium/pomerium/issues/605
-[gh-606]: https://github.com/pomerium/pomerium/issues/606
-[gh-607]: https://github.com/pomerium/pomerium/issues/607
-[gh-608]: https://github.com/pomerium/pomerium/issues/608
-[gh-609]: https://github.com/pomerium/pomerium/issues/609
-[gh-61]: https://github.com/pomerium/pomerium/issues/61
-[gh-610]: https://github.com/pomerium/pomerium/issues/610
-[gh-611]: https://github.com/pomerium/pomerium/issues/611
-[gh-612]: https://github.com/pomerium/pomerium/issues/612
-[gh-613]: https://github.com/pomerium/pomerium/issues/613
-[gh-614]: https://github.com/pomerium/pomerium/issues/614
-[gh-615]: https://github.com/pomerium/pomerium/issues/615
-[gh-616]: https://github.com/pomerium/pomerium/issues/616
-[gh-617]: https://github.com/pomerium/pomerium/issues/617
-[gh-618]: https://github.com/pomerium/pomerium/issues/618
-[gh-619]: https://github.com/pomerium/pomerium/issues/619
-[gh-62]: https://github.com/pomerium/pomerium/issues/62
-[gh-620]: https://github.com/pomerium/pomerium/issues/620
-[gh-621]: https://github.com/pomerium/pomerium/issues/621
-[gh-622]: https://github.com/pomerium/pomerium/issues/622
-[gh-623]: https://github.com/pomerium/pomerium/issues/623
-[gh-624]: https://github.com/pomerium/pomerium/issues/624
-[gh-625]: https://github.com/pomerium/pomerium/issues/625
-[gh-626]: https://github.com/pomerium/pomerium/issues/626
-[gh-627]: https://github.com/pomerium/pomerium/issues/627
-[gh-628]: https://github.com/pomerium/pomerium/issues/628
-[gh-629]: https://github.com/pomerium/pomerium/issues/629
-[gh-63]: https://github.com/pomerium/pomerium/issues/63
-[gh-630]: https://github.com/pomerium/pomerium/issues/630
-[gh-631]: https://github.com/pomerium/pomerium/issues/631
-[gh-632]: https://github.com/pomerium/pomerium/issues/632
-[gh-633]: https://github.com/pomerium/pomerium/issues/633
-[gh-634]: https://github.com/pomerium/pomerium/issues/634
-[gh-635]: https://github.com/pomerium/pomerium/issues/635
-[gh-636]: https://github.com/pomerium/pomerium/issues/636
-[gh-637]: https://github.com/pomerium/pomerium/issues/637
-[gh-638]: https://github.com/pomerium/pomerium/issues/638
-[gh-639]: https://github.com/pomerium/pomerium/issues/639
-[gh-64]: https://github.com/pomerium/pomerium/issues/64
-[gh-640]: https://github.com/pomerium/pomerium/issues/640
-[gh-641]: https://github.com/pomerium/pomerium/issues/641
-[gh-642]: https://github.com/pomerium/pomerium/issues/642
-[gh-643]: https://github.com/pomerium/pomerium/issues/643
-[gh-644]: https://github.com/pomerium/pomerium/issues/644
-[gh-645]: https://github.com/pomerium/pomerium/issues/645
-[gh-646]: https://github.com/pomerium/pomerium/issues/646
-[gh-647]: https://github.com/pomerium/pomerium/issues/647
-[gh-648]: https://github.com/pomerium/pomerium/issues/648
-[gh-649]: https://github.com/pomerium/pomerium/issues/649
-[gh-65]: https://github.com/pomerium/pomerium/issues/65
-[gh-650]: https://github.com/pomerium/pomerium/issues/650
-[gh-651]: https://github.com/pomerium/pomerium/issues/651
-[gh-652]: https://github.com/pomerium/pomerium/issues/652
-[gh-653]: https://github.com/pomerium/pomerium/issues/653
-[gh-654]: https://github.com/pomerium/pomerium/issues/654
-[gh-655]: https://github.com/pomerium/pomerium/issues/655
-[gh-656]: https://github.com/pomerium/pomerium/issues/656
-[gh-657]: https://github.com/pomerium/pomerium/issues/657
-[gh-658]: https://github.com/pomerium/pomerium/issues/658
-[gh-659]: https://github.com/pomerium/pomerium/issues/659
-[gh-66]: https://github.com/pomerium/pomerium/issues/66
-[gh-660]: https://github.com/pomerium/pomerium/issues/660
-[gh-661]: https://github.com/pomerium/pomerium/issues/661
-[gh-662]: https://github.com/pomerium/pomerium/issues/662
-[gh-663]: https://github.com/pomerium/pomerium/issues/663
-[gh-664]: https://github.com/pomerium/pomerium/issues/664
-[gh-665]: https://github.com/pomerium/pomerium/issues/665
-[gh-666]: https://github.com/pomerium/pomerium/issues/666
-[gh-667]: https://github.com/pomerium/pomerium/issues/667
-[gh-668]: https://github.com/pomerium/pomerium/issues/668
-[gh-669]: https://github.com/pomerium/pomerium/issues/669
-[gh-67]: https://github.com/pomerium/pomerium/issues/67
-[gh-670]: https://github.com/pomerium/pomerium/issues/670
-[gh-671]: https://github.com/pomerium/pomerium/issues/671
-[gh-672]: https://github.com/pomerium/pomerium/issues/672
-[gh-673]: https://github.com/pomerium/pomerium/issues/673
-[gh-674]: https://github.com/pomerium/pomerium/issues/674
-[gh-675]: https://github.com/pomerium/pomerium/issues/675
-[gh-676]: https://github.com/pomerium/pomerium/issues/676
-[gh-677]: https://github.com/pomerium/pomerium/issues/677
-[gh-678]: https://github.com/pomerium/pomerium/issues/678
-[gh-679]: https://github.com/pomerium/pomerium/issues/679
-[gh-68]: https://github.com/pomerium/pomerium/issues/68
-[gh-69]: https://github.com/pomerium/pomerium/issues/69
-[gh-7]: https://github.com/pomerium/pomerium/issues/7
-[gh-70]: https://github.com/pomerium/pomerium/issues/70
-[gh-71]: https://github.com/pomerium/pomerium/issues/71
-[gh-72]: https://github.com/pomerium/pomerium/issues/72
-[gh-73]: https://github.com/pomerium/pomerium/issues/73
-[gh-74]: https://github.com/pomerium/pomerium/issues/74
-[gh-75]: https://github.com/pomerium/pomerium/issues/75
-[gh-76]: https://github.com/pomerium/pomerium/issues/76
-[gh-77]: https://github.com/pomerium/pomerium/issues/77
-[gh-78]: https://github.com/pomerium/pomerium/issues/78
-[gh-79]: https://github.com/pomerium/pomerium/issues/79
-[gh-8]: https://github.com/pomerium/pomerium/issues/8
-[gh-80]: https://github.com/pomerium/pomerium/issues/80
-[gh-81]: https://github.com/pomerium/pomerium/issues/81
-[gh-82]: https://github.com/pomerium/pomerium/issues/82
-[gh-83]: https://github.com/pomerium/pomerium/issues/83
-[gh-84]: https://github.com/pomerium/pomerium/issues/84
-[gh-85]: https://github.com/pomerium/pomerium/issues/85
-[gh-86]: https://github.com/pomerium/pomerium/issues/86
-[gh-87]: https://github.com/pomerium/pomerium/issues/87
-[gh-88]: https://github.com/pomerium/pomerium/issues/88
-[gh-89]: https://github.com/pomerium/pomerium/issues/89
-[gh-9]: https://github.com/pomerium/pomerium/issues/9
-[gh-90]: https://github.com/pomerium/pomerium/issues/90
-[gh-91]: https://github.com/pomerium/pomerium/issues/91
-[gh-92]: https://github.com/pomerium/pomerium/issues/92
-[gh-93]: https://github.com/pomerium/pomerium/issues/93
-[gh-94]: https://github.com/pomerium/pomerium/issues/94
-[gh-95]: https://github.com/pomerium/pomerium/issues/95
-[gh-96]: https://github.com/pomerium/pomerium/issues/96
-[gh-97]: https://github.com/pomerium/pomerium/issues/97
-[gh-98]: https://github.com/pomerium/pomerium/issues/98
-[gh-99]: https://github.com/pomerium/pomerium/issues/99
-[synology tutorial]: ../guides/synology.md
diff --git a/docs/docs/architecture.md b/docs/docs/architecture.md
deleted file mode 100644
index 7cd421801..000000000
--- a/docs/docs/architecture.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Architecture
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: pomerium, architecture
----
-
-# Architecture
-
-## System Level
-
-Pomerium sits between end users and services requiring strong authentication. After verifying identity with your identity provider (IdP), Pomerium uses a configurable policy to decide how to route your user's request and if they are authorized to access the service.
-
-![pomerium architecture diagram](./img/pomerium-system-context.svg)
-
-## Component Level
-
-Pomerium is composed of 4 logical components:
-
-- Proxy Service
-
-  - All user traffic flows through the proxy
-  - Verifies all requests with Authentication service
-  - Directs users to Authentication service to establish session identity
-  - Processes policy to determine external/internal route mappings
-
-- Authentication Service
-
-  - Handles authentication flow to your IdP as needed
-  - Handles identity verification after initial Authentication
-  - Establishes user session cookie
-  - Stores user OIDC tokens in databroker service
-
-- Authorization Service
-
-  - Processes policy to determine permissions for each service
-  - Handles authorization check for all user sessions
-  - Directs Proxy service to initiate Authentication flow as required
-  - Provides additional security related headers for upstream services to consume
-
-- Data Broker Service
-
-  - Retrieves identity provider related data such as group membership
-  - Stores and refreshes identity provider access and refresh tokens
-  - Provides streaming authoritative session and identity data to Authorize service
-  - Stores session and identity data in persistent storage
-
-In production deployments, it is recommended that you deploy each component [separately](/reference/readme.md#service-mode). This allows you to limit external attack surface, as well as scale and manage the services independently.
-
-In test deployments, all four components may run from a [single binary and configuration](/reference/readme.md#all-in-one-vs-split-service-mode).
-
-![pomerium architecture diagram](./img/pomerium-container-context.svg)
-
-## Authentication Flow
-
-Pomerium's internal and external component interactions during full authentication from a fresh user are diagramed below.
-
-After initial authentication to provide a session token, only the authorization check interactions occur.
-
-![pomerium architecture diagram](./img/pomerium-auth-flow.svg)
diff --git a/docs/docs/background.md b/docs/docs/background.md
deleted file mode 100644
index aef306f70..000000000
--- a/docs/docs/background.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-title: Background
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, beyondcorp, zero trust, reverse proxy, ztn, zta
----
-
-# Background
-
-## History
-
-For years, security has been synonymous with the perimeter security model. This model relies on the strength of its outer defenses. That is, your corporate network is safe so long as your perimeter is impenetrable. Perimeter security typically incorporates tools like firewalls, network segmentation, and VPNs. But perimeter security’s shortcomings have become apparent as:
-
-- Software is shipped differently now. Organizations now deploy code outside their perimeter, in public and private clouds.
-- Workforce habits are changing. A majority of the global workforce now works remotely at least one day a week.
-- Remote workers want an equivalent user-experience. Traditional tools for internal access like VPNs are clunky and frustrating to use.
-- There are now many perimeters to secure and boundaries of the perimeter have become ephemeral and nebulous.
-
-> Most networks [have] big castle walls, hard crunchy outer shell, and soft gooey centers...
->
-> [Rob Joyce](https://en.wikipedia.org/wiki/Rob_Joyce) [Chief of Tailored Access Operations](https://en.wikipedia.org/wiki/Tailored_Access_Operations), [National Security Agency @ ENIGMA 2016](https://www.youtube.com/watch?v=bDJb8WOJYdA&feature=youtu.be&t=1627)
-
-Most importantly, the model is just not as secure as we thought. Recent high-profile breaches have demonstrated how difficult it is for even large companies with sophisticated security organizations to avoid a breach. To pick just two of many breaches, consider the Target and Google hacks. In Target's case, hackers circumvented both the physical and network perimeter by [hacking the HVAC system](https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/) which was connected to the internal corporate network from which hackers were then able to move laterally and exfiltrate customer credit card data. In Google's case, they experienced a devastating attack at the hands of the Chinese military known as [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora). After which, Google did a bottom up review of their security posture. The resulting actions from that review would be released as a [series of white papers](https://ai.google/research/pubs/pub43231) called "BeyondCorp" which have since become foundational documents in articulating how and why an organization could move beyond corporate perimeter (BeyondCorp...get it?) based security.
-
-> In reality, there's never one front door; there are many front doors...[and] ... we're not securing a single castle. We're starting to think about securing many different interconnected castles.
->
-> [Armon Dadgar, Cofounder of HashiCorp @ PagerDuty Nov 2018](https://www.hashicorp.com/resources/how-zero-trust-networking)
-
-The other side of the security trade-off is operational agility. Perimeter based approaches tend to focus on network segmentation which entails creating virtual or physical boundaries around services that need to communicate. Making those boundaries is increasingly difficult to manage in a world of micro-services, and cloud computing where service communication requirements are constantly in flux.
-
-In theory, an organization could "micro/nano/pico-segment" each and every layer of an application stack to ensure appropriate access controls. However, in practice, operators are usually pulled in the direction of one of two extremes. That is, either a very precise boundary that is high-touch, time-consuming to manage, and error prone. Or that of a more lax boundary that may entail more risk but is less time consuming to update, manage and less prone to break.
-
-### Gaps in the perimeter
-
-In summary, perimeter based security suffers from the following shortcomings:
-
-- Perimeter security largely ignores the insider threat.
-- The "impenetrable fortress" model fails in practice even for the most sophisticated of security organizations.
-- Network segmentation is a time-consuming, and difficult to get exactly right mechanism for ensuring secure communication.
-- Even just defining what the network perimeter is is an increasingly difficult proposition in a remote-work, BYOD, multi-cloud world. Most organizations are a heterogeneous mix of clouds, servers, devices, and organizational units.
-- VPNs are often misused and exacerbate the issue by opening yet another door into your network organization.
-
-### Zero Trust
-
-[Zero trust](https://ldapwiki.com/wiki/Zero%20Trust) instead attempts to mitigate these shortcomings by adopting the following principles:
-
-- Trust flows from identity, device-state, and context; not network location.
-- Treat both internal and external networks as untrusted.
-- Act like you are already breached, because you probably are.
-- Every device, user, and application's communication should be authenticated, authorized, and encrypted.
-- Access policy should be dynamic, and built from multiple sources.
-
-To be clear, _perimeter security is not defunct_, nor is zero trust security a panacea or a single product. Many of the ideas and principles of perimeter security are still relevant and are part of a holistic, and wide-ranging security policy. After all, we still want our castles to have high walls.
-
-## Further reading
-
-The zero trust security model was first articulated by [John Kindervag](http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf) in 2010, and by Google in 2011 as a result of the [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora) breach. What follows is a curated list of resources that covers the topic in more depth.
-
-### Government Recommendations
-
-- NIST SP 800-207 (DRAFT) [Zero Trust Architecture](https://doi.org/10.6028/NIST.SP.800-207-draft)
-- UK National Cyber Security Centre [Zero trust architecture design principles](https://github.com/ukncsc/zero-trust-architecture/)
-
-### Books
-
-- [Zero Trust Networks](http://shop.oreilly.com/product/0636920052265.do) by Gilman and Barth
-
-### Papers
-
-- Forrester [Build Security Into Your Network's DNA: The Zero Trust Network Architecture](http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf)
-- Google BeyondCorp 1 [An overview: "A New Approach to Enterprise Security"](https://research.google.com/pubs/pub43231.html)
-- Google BeyondCorp 2 [How Google did it: "Design to Deployment at Google"](https://research.google.com/pubs/pub44860.html)
-- Google BeyondCorp 3 [Google's front-end infrastructure: "The Access Proxy"](https://research.google.com/pubs/pub45728.html)
-- Google BeyondCorp 4 [Migrating to BeyondCorp: Maintaining Productivity While Improving Security](https://research.google.com/pubs/pub46134.html)
-- Google BeyondCorp 5 [The human element: "The User Experience"](https://research.google.com/pubs/pub46366.html)
-- Google BeyondCorp 6 [Secure your endpoints: "Building a Healthy Fleet"](https://ai.google/research/pubs/pub47356)
-
-### Posts
-
-- Google [How Google adopted BeyondCorp](https://security.googleblog.com/2019/06/how-google-adopted-beyondcorp.html)
-- Wall Street Journal [Google Moves Its Corporate Applications to the Internet](https://blogs.wsj.com/cio/2015/05/11/google-moves-its-corporate-applications-to-the-internet/)
-- Gitlab's [Blog series](https://about.gitlab.com/blog/tags.html#zero-trust) and their [reddit AMA](https://www.reddit.com/r/netsec/comments/d71p1d/were_a_100_remote_cloudnative_company_and_were/)
-
-### Videos
-
-- [USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers](https://youtu.be/bDJb8WOJYdA?list=PLKb9-P1fRHxhSmCy5OaYZ5spcY8v3Pbaf)
-- [What, Why, and How of Zero Trust Networking](https://youtu.be/eDVHIfVSdIo?list=PLKb9-P1fRHxhSmCy5OaYZ5spcY8v3Pbaf) by Armon Dadgar, Hashicorp
-- [O'Reilly Security 2017 NYC Beyondcorp: Beyond Fortress Security](https://youtu.be/oAvDASLehpY?list=PLKb9-P1fRHxhSmCy5OaYZ5spcY8v3Pbaf) by Neal Muller, Google
-- [Be Ready for BeyondCorp: enterprise identity, perimeters and your application](https://youtu.be/5UiWAlwok1s?list=PLKb9-P1fRHxhSmCy5OaYZ5spcY8v3Pbaf) by Jason Kent
diff --git a/docs/docs/community/code-of-conduct.md b/docs/docs/community/code-of-conduct.md
deleted file mode 100644
index 85d9b219c..000000000
--- a/docs/docs/community/code-of-conduct.md
+++ /dev/null
@@ -1,85 +0,0 @@
----
-title: Code of Conduct
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: pomerium, community, contributing, code of conduct
----
-
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-- Using welcoming and inclusive language
-- Being respectful of differing viewpoints and experiences
-- Gracefully accepting constructive criticism
-- Focusing on what is best for the community
-- Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-- The use of sexualized language or imagery and unwelcome sexual attention or
-  advances
-- Trolling, insulting/derogatory comments, and personal or political attacks
-- Public or private harassment
-- Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-- Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies within all project spaces, and it also applies when
-an individual is representing the project or its community in public spaces.
-Examples of representing a project or community include using an official
-project e-mail address, posting via an official social media account, or acting
-as an appointed representative at an online or offline event. Representation of
-a project may be further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at info@pomerium.io. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq
diff --git a/docs/docs/community/contributing.md b/docs/docs/community/contributing.md
deleted file mode 100644
index 6575b4276..000000000
--- a/docs/docs/community/contributing.md
+++ /dev/null
@@ -1,95 +0,0 @@
----
-title: Contributing
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: pomerium, community, contributing, pr, code
-description: >-
-  This document describes how you can find issues to work on, fix/add
-  documentation, and how setup Pomerium for local development.
----
-
-# Contributing
-
-First of all, thank you for considering contributing to Pomerium! You can have a direct impact on Pomerium by helping with its code or documentation. To contribute to Pomerium, open a [pull request](https://github.com/pomerium/pomerium/pulls) (PR). If you're new to our community, that's okay: **we gladly welcome pull requests from anyone, regardless of your native language or coding experience.**
-
-## General
-
-We try to hold contributions to a high standard for quality, so don't be surprised if we ask for revisions--even if it seems small or insignificant. Please don't take it personally. If your change is on the right track, we can guide you to make it mergeable.
-
-Here are some of the expectations we have of contributors:
-
-- If your change is more than just a minor alteration, **open an issue to propose your change first.** This way we can avoid confusion, coordinate what everyone is working on, and ensure that changes are in-line with the project's goals and the best interests of its users. If there's already an issue about it, comment on the existing issue to claim it.
-
-- **Keep pull requests small.** Smaller PRs are more likely to be merged because they are easier to review! We might ask you to break up large PRs into smaller ones. [An example of what we DON'T do.](https://twitter.com/iamdevloper/status/397664295875805184)
-
-- **Keep related commits together in a PR.** We do want pull requests to be small, but you should also keep multiple related commits in the same PR if they rely on each other.
-
-- **Write tests.** Tests are essential! Written properly, they ensure your change works, and that other changes in the future won't break your change. CI checks should pass.
-
-- **Benchmarks should be included for optimizations.** Optimizations sometimes make code harder to read or have changes that are less than obvious. They should be proven with benchmarks or profiling.
-
-- **[Squash](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html) insignificant commits.** Every commit should be significant. Commits which merely rewrite a comment or fix a typo can be combined into another commit that has more substance. Interactive rebase can do this, or a simpler way is `git reset --soft <diverging-commit>` then `git commit -s`.
-
-- **Own your contributions.** Pomerium is a growing project, and it's much better when individual contributors help maintain their change after it is merged.
-
-- **Use comments properly.** We expect good godoc comments for package-level functions, types, and values. Comments are also useful whenever the purpose for a line of code is not obvious.
-
-- **Recommended reading**
-
-  - [CodeReviewComments](https://github.com/golang/go/wiki/CodeReviewComments)
-  - [Linus Torvalds describes a good commit message](https://gist.github.com/matthewhudson/1475276)
-  - [Best Practices for Maintainers](https://opensource.guide/best-practices/)
-  - [Shrinking Code Review](https://alexgaynor.net/2015/dec/29/shrinking-code-review/)
-
-## Docs
-
-Pomerium's documentation is available at <https://www.pomerium.io/docs>. If you find a typo, feel a section could be better described, or have an idea for a totally new application or section, don't hesitate to make a pull request change. There are few ways you can do this.
-
-### Simple edits
-
-The easiest way to fix minor documentation issues in Pomerium is to click on "Edit this page in Github" on any page.
-
-![edit this page link](./img/contributing-edit-this-page.png)
-
-Doing so will create a [fork](https://help.github.com/en/articles/fork-a-repo) of the project, allow you to [update the page](https://guides.github.com/features/mastering-markdown/), and create a [pull request](https://help.github.com/en/articles/about-pull-requests).
-
-![edit this page link using github](./img/contributing-edit-this-page-github.png)
-
-### Bigger changes
-
-If you need to add a new page, or would like greater control over the editing process you can edit the docs similar to how you would make changes to the source code.
-
-#### Pre-reqs
-
-We use [VuePress](https://vuepress.vuejs.org) to generate our docs. Vuepress is a simple, [markdown](https://v1.vuepress.vuejs.org/config/#markdown) and [Vue.js](https://v1.vuepress.vuejs.org/config/#markdown) based static site generator. Before building the docs, you'll need to install the following pre-requisites.
-
-1. [Node.js](https://nodejs.org/en/download/).
-2. [Yarn](https://yarnpkg.com/lang/en/docs).
-
-#### Make changes
-
-Once you have Nodejs and Yarn installed, simply run `make docs` in a terminal which will install any required node packages as well as start up a development server. You should see something like the below, with a link to the local doc server.
-
-```bash
-success [19:02:54] Build f9f5f7 finished in 246 ms! ( http://localhost:8081/ )
-```
-
-Once you have the development server up and running, any changes you make will automatically be reloaded and accessible in your browser.
-
-To add a new document, simply add a new file with the `.md` markdown extension. For example, this document would be `docs/community/contributing.md`.
-
-To add a new document to the side or top-bar navigation, see `docs/.vuepress/config.js` and add that document to the desired section.
-
-### PR Previews
-
-We use [Netlify](https://www.netlify.com) to build and host our docs. One of nice features of Netlify, is that a preview of the docs are automatically created for each new pull request that is made, which lets you be sure that the version of your docs that you see locally match what will ultimately be deployed in production.
-
-[configuration variables]: ../../reference/readme.md
-[download]: https://github.com/pomerium/pomerium/releases
-[environmental configuration variables]: https://12factor.net/config
-[verify]: https://verify.pomerium.com/
-[identity provider]: ../identity-providers/readme.md
-[make]: https://en.wikipedia.org/wiki/Make_(software)
-[tls certificates]: ../topics/certificates.md
diff --git a/docs/docs/community/img/contributing-edit-this-page-github.png b/docs/docs/community/img/contributing-edit-this-page-github.png
deleted file mode 100644
index 474514620..000000000
Binary files a/docs/docs/community/img/contributing-edit-this-page-github.png and /dev/null differ
diff --git a/docs/docs/community/img/contributing-edit-this-page.png b/docs/docs/community/img/contributing-edit-this-page.png
deleted file mode 100644
index 579a0e2fa..000000000
Binary files a/docs/docs/community/img/contributing-edit-this-page.png and /dev/null differ
diff --git a/docs/docs/community/img/local-development-osx-dns.png b/docs/docs/community/img/local-development-osx-dns.png
deleted file mode 100644
index 90fb02e66..000000000
Binary files a/docs/docs/community/img/local-development-osx-dns.png and /dev/null differ
diff --git a/docs/docs/community/readme.md b/docs/docs/community/readme.md
deleted file mode 100644
index 2ecc0be59..000000000
--- a/docs/docs/community/readme.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Overview
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: pomerium, community, help, bugs, updates, features
-
-description: >-
-  This document describes how you users can stay up to date with pomerium,
-  report issues, get help, and suggest new features.
----
-
-# Community
-
-## Get updates
-
-- [Pomerium-announce](https://groups.google.com/forum/#!forum/pomerium-announce) is a low traffic mailing list for important releases and security announcements.
-
-- Follow us on Twitter [@pomerium_io](https://twitter.com/pomerium_io) or [LinkedIn](https://www.linkedin.com/company/pomerium-inc) for the latest updates and industry news.
-
-- Check out our forum, [Discuss](https://discuss.pomerium.com/), where the community explores Pomerium's uses and shares their best practices.
-
-- Want updates delivered directly to your inbox? Sign up for our newsletter here:
-
-<Newsletter />
-
-## Get help
-
-For general help and configuration questions, discussions about integrations or complex setups, or anything else related to Pomerium, head to our [Discuss](https://discuss.pomerium.com/) forum, where you can search for open threads or start a new one.
-
-We prefer to communicate in Discuss so that answers can be indexes and easy to find for others. If a specific issue requires a faster back and forth to find a resolution, we may ask to move the discussion to [our slack channel](https://slack.pomerium.io).
-
-## Report bugs
-
-Like every software, Pomerium has its flaws. If you find one, [search the issues](https://github.com/pomerium/pomerium/issues) to see if it has already been reported. If not, [open a new issue](https://github.com/pomerium/pomerium/issues/new) and describe the bug, and somebody will look into it!
-
-Please follow the issue template so we have all the needed information. We need to be able to repeat the bug using your instructions. Please simplify the issue as much as possible. The more detailed and specific you are, the faster we will be able to help you!
-
-We suggest reading [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).
-
-## Suggest features
-
-First, search to see if your feature has already been requested on [GitHub](https://github.com/pomerium/pomerium/issues) or [Discuss](https://discuss.pomerium.com/). If it has, you can add a :+1: reaction to vote for it. If your feature idea is new, open an issue to request the feature. You don't have to follow the bug template for feature requests. Please describe your idea thoroughly so that we know how to implement it! Really vague requests may not be helpful or actionable and without clarification will have to be closed.
-
-While we really do value your requests and implement many of them, not all features are a good fit for Pomerium. If a feature is not in the best interest of the Pomerium project or its users in general, we may politely decline to implement it.
diff --git a/docs/docs/community/security.md b/docs/docs/community/security.md
deleted file mode 100644
index 1828309ff..000000000
--- a/docs/docs/community/security.md
+++ /dev/null
@@ -1,193 +0,0 @@
----
-title: Security
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: pomerium, security, disclosure, vulnerabilities
----
-
-# Security Policy
-
-## Security & Threat model
-
-As a context-aware access proxy, Pomerium's security model holds data confidentiality, integrity, accountability, authentication, authorization, and availability as the highest priority concerns. This page outlines Pomerium's security goals and threat model.
-
-Pomerium's threat model includes:
-
-- **Validating authentication.** Though not itself an Identity Provider, Pomerium incorporates Single-Sign-On flow with third party providers to delegate authentication, and populate identity details for authorization decisions. Pomerium ensures that a request is backed by a valid user session from a trusted Identity Provider.
-- **Enforcing authorization.** Pomerium ensures that only authorized users can access services, or applications to which they are entitled access.
-
-  - For HTTP based services, authorization will be made on a per request basis.
-  - Otherwise, for TCP based services, authorization will be made on a per session basis.
-
-- **Protecting data in transit**. All communication is encrypted and mutually authenticated when certificates are provided. This applies to communication between:
-
-  - Pomerium and its services.
-  - Pomerium and upstream services and applications.
-  - Pomerium and downstream clients (e.g. user's browser or device).
-  - Pomerium and the databroker's storage system.
-
-- **Protecting data at rest**. Sensitive data is encrypted. This applies to all data in the databroker including:
-
-  - Session, user, and directory data; as well as any other identity or contextual data.
-  - Service secrets (TLS certificates, Identity provider credentials)
-
-- **Ensuring availability**. Pomerium aims to be fault tolerant, and horizontally scalable. Pomerium inherits [Envoy's availability threat model](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#confidentiality-integrity-and-availability).
-
-- **Providing auditability and accountability**. Pomerium provides logs with associated context for auditing purposes.
-
-Pomerium's threat model does not include:
-
-- Protecting against arbitrary control of a trusted third-party provider. For instance, if your identity provider is hacked, an attacker can impersonate a user in Pomerium.
-- Protecting against memory analysis of a running Pomerium instance. If an attacker can attach a debugger to a running instance of Pomerium, they can inspect confidential data in flight.
-- Protecting against arbitrary control of the storage backend. If an attacker controls your database, they can corrupt data.
-- Protecting an upstream application's internal access control system.
-- Protecting against physical access.
-
-### Cryptography
-
-Pomerium uses cryptography to secure data in transit, at rest, and to provide guarantees around confidentiality, authenticity, and integrity between its services and upstreams it manages access for.
-
-Encryption at rest:
-
-- Confidential data stored at rest is encrypted using the [authenticated encryption with associated data](https://en.wikipedia.org/wiki/Authenticated_encryption) construction [XChaCha20-Poly1305](https://libsodium.gitbook.io/doc/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction) with 196-bit nonces. Nonces are randomly generated for every encrypted object. When data is read, the authentication tag is checked for tampering.
-
-Encryption in transit:
-
-- Data in transit is protected by Transport Layer Security ([TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security)). See our lab's [SSL Labs report](https://www.ssllabs.com/ssltest/analyze.html?d=authenticate.demo.pomerium.com&latest) .
-
-- For downstream TLS (connections from the user's client to Pomerium)
-
-  - The minimum accepted version of TLS is 1.2.
-  - For TLS 1.2, the following cipher suites are offered, in this order:
-
-    - ECDHE-ECDSA-AES256-GCM-SHA384
-    - ECDHE-RSA-AES256-GCM-SHA384
-    - ECDHE-ECDSA-AES128-GCM-SHA256
-    - ECDHE-RSA-AES128-GCM-SHA256
-    - ECDHE-ECDSA-CHACHA20-POLY1305
-    - ECDHE-RSA-CHACHA20-POLY1305
-
-  - The following elliptic curves are offered, in this order:
-
-    - X25519
-    - secp256r1
-
-- For upstream TLS (connections from Pomerium to the application or service)
-
-  - The minimum accepted version of TLS is 1.2.
-  - For TLS 1.2, the following cipher suites are supported:
-
-    - ECDHE-ECDSA-AES256-GCM-SHA384
-    - ECDHE-RSA-AES256-GCM-SHA384
-    - ECDHE-ECDSA-AES128-GCM-SHA256
-    - ECDHE-RSA-AES128-GCM-SHA256
-    - ECDHE-ECDSA-CHACHA20-POLY1305
-    - ECDHE-RSA-CHACHA20-POLY1305
-    - ECDHE-ECDSA-AES128-SHA
-    - ECDHE-RSA-AES128-SHA
-    - AES128-GCM-SHA256
-    - AES128-SHA
-    - ECDHE-ECDSA-AES256-SHA
-    - ECDHE-RSA-AES256-SHA
-    - AES256-GCM-SHA384
-    - AES256-SHA
-
-  - The following elliptic curves are supported:
-
-    - X25519
-    - P-256
-    - P-384
-    - P-521
-
-- [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) (HSTS) with a long duration is used by default.
-
-- [Mutually authenticated](https://en.wikipedia.org/wiki/Mutual_authentication) TLS is used when client side certificates are provided.
-
-## Receiving Security Updates
-
-The best way to receive security announcements is to subscribe to the [pomerium-announce](https://groups.google.com/g/pomerium-announce) mailing list. Any messages pertaining to a security issue will be prefixed with [security].
-
-## Disclosure Process
-
-In general, Pomerium follows [Go's security policy](https://golang.org/security) and uses the following disclosure process:
-
-1. Once the security report is received it is assigned a primary handler. This person coordinates the fix and release process.
-2. The issue is confirmed and a list of affected software is determined.
-3. Code is audited to find any potential similar problems.
-4. Fixes are prepared for the most recent major releases and the head/main revision.
-5. When the fixes are applied, announcements are sent to [pomerium-announce](https://groups.google.com/g/pomerium-announce).
-
-This process can take some time. Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we follow the process described above to ensure that disclosures are handled consistently.
-
-## Reporting a Security Bug
-
-Please notify us of any potential vulnerability discovered in Pomerium. We will work with you to resolve the issue promptly. Thank you for helping to keep Pomerium and our users safe! Though at this time we do not have a paid bug bounty program, we deeply appreciate any effort to discover and disclose security vulnerabilities responsibly.
-
-All security bugs in Pomerium should be reported by email to security@pomerium.com . Your email will be acknowledged within 48 hours, and you'll receive a more detailed response to your email within 72 hours indicating the next steps in handling your report. This response policy applies only to Pomerium itself, not to our marketing or docs sites.
-
-While researching, we'd like you to refrain from:
-
-- Any form of Denial of Service (DoS)
-- Spamming
-- Social engineering or phishing of Pomerium employees or contractors
-- Any attacks against Pomerium's physical property or data centers
-
-We may revise these guidelines from time to time. The most current version of the guidelines will be available at <https://pomerium.com/docs/community/security>.
-
-Though we accept PGP-encrypted email, please only use it for critical security reports.
-
-```
------BEGIN PGP PUBLIC KEY BLOCK-----
-Comment: GPGTools - https://gpgtools.org
-xsFNBFuDBCsBEADmvRj1ooWDgyisMiyUvOIFq2l52r2gD2bo6I9RyZUFCm5CO0Ye
-rk4POVtG/NPwbvd4dSmA7ePQLWNoMx4bN42B4EUJgqh+U82NKu0qU4eVeew4x+w1
-bNmsqa0ZdoSMqONofFoD/ImepOVkZx56LPIJ7hb4/JlYnpPFlphfj06bf8JEqcGI
-WgvJcZdXhSS2RDkSfC34EXps6w9aWmgDZKWz56YRcTVPzGJuGw1mfJLL1F9NQq/g
-nzW82j+Z9bjVdeVLuEH3QBuKoviyVoIjIJvSCtb92151PMsvRTFpeTbp45Lep+xc
-RVGEKhXPW7AA9n3Q57Y0cxWKgSE0agnsjpzUOTMbwl3VyxuwWyxuP2JpGGXXiX9y
-4uE27FOb2u8N8WbTVueTKNs2QgqukKcg0XX7b2UpWX4OkhD/U5Nbh3jAvZ9COoK5
-TIb/NgJqnMo/ReKFRA8IgXIoKeGn/WJJCe6nPAo+6c+glam9xekHbdH/9PQ5eSOf
-lMfzgNXd2OOLYK98KQpRqWIdMqWlt3Ufik+cbsfCnaK9rK4ktiYZdiDHK+Lp7V71
-Ng45o/sHnnSjvYKlhBn5EcdpVXw6IKrUW9OUD7l/sga+xa0MMmUF4C2VxYJ+n6Qg
-bRZaREvKLbhsqycmq4p+oBpSjyWgP4CRPHkG03PYNFA1/cg7sFUUekmehQARAQAB
-zShCb2JieSBEZVNpbW9uZSA8Ym9iYnlkZXNpbW9uZUBnbWFpbC5jb20+wsF4BBMB
-CAAsBQJbgwQrCRCu5M8S/obQfgIbAwUJHhM4AAIZAQQLBwkDBRUICgIDBBYAAQIA
-AHd0EABezUgLsjeCLDK3JG4VkJkvDAZNKLtzEjZ2pdexWjzREgYvu42d3QNM3fKI
-kW6TTb7C08BsiijGaUqtZUCyqH/dN24jw5a4nKKbnqylDUr2XCpWwKVbsF4t+BXR
-jADJeRLP+cMbHhLb8CindOo2ZRrzMp912454sCGKw3c27P5NTKJcO9WGArQ39MEl
-C2MqIQREdBrkfQsXK7rz26SSqlyrNl7NQDmKRMZLciaibgEP4rfycqierqcDZiTP
-2xxTckB4tV3K5ki3s5NV+cYnq38efmUxygnU8wlzbcv9MukvAOLLLKEiSxBzgpZb
-ddr8QC/ljmvzGm2qKQFCjBaV4wtk1n6xZ8AjjpP8irxFQwwCxwNEIwx6vt3NQNxm
-qL8KXVn617mOc6iS9BvZVzcBzXUh8geIDt7Chqil8kUuPiCpVpY63z+phLHcAen/
-NHFJ3OE/CbUcBsw0xDfKF+NWp7hQjbk5lV1ueXV2FTJ/SISEvuJ64CELzCPzGwwE
-7Gb0zwOeIMBAJMrPEt+YByu0dxa9vjcgOLeaRzuADtRvJCl3UjoXDC8Vdii1ywBM
-wkZcvfW51MOiiKFadZsYjzgBFIJ9rybXyxx8kfzTMpcmGLa7v2zp1+ANZm4Wwb8Z
-zJgU+MLlbjJcXIqbdhjC7cgL/1YitXWw1ELDP4F8taV4aWK62M7BTQRbgwQrARAA
-pza3CTXb5GUKeBM8YB1Wv5MIauL/bfpCZo3ujhJaN87XtRBQXMfDyznCThz5vraZ
-HWpvLQcsaJoMPbC7UbUl2l9yiCCd0y4/b2czzpA1P4rTa6FrSWl4xFi+WLlPiCls
-m7xEizBU0PcqsDEGX61o+S2Iiay2jjpOGlDNs3z6gyyGNvjjRd2aRjAACGqqOH75
-J+6a4dwISUQ9zP+JkWsmgSZw10PhS4LemXUN2XyIMbJdWKbej8vPjyFXgwjKkBT5
-/RCgNGeE+hji/p22DhTIsCOMzVW6nch9B6uXMtpbqtily+hqYkhT9Ke6fInniafN
-N8DuFH7YIixbWx9+kg8kRKAknMuqWS/u2d6QZD8lI6uUDO4/EuCaek/oCmJ8aQ+x
-kQNMYRbnVlDQ+/WYepnF6nsQgsDELcAJAkNMXm0jnfcfCtZNuh79H6b1yvrPTkB0
-2uawLA0NvdVKpv9ZPZy7RLoytVspYUA+T0khcSozzBcjyE9jvd7bic+biIeXyYe2
-Zu3KevuvsiLEvifhjAg0FbML/GOYZbayxpe1IWiqzRsq/UX+2E8PJV2NuqbFOj8U
-93Jgol+Ag8JAsmnFrJCtKs5diDOS/wd+hljZyuWcWQCaahsFoKMV1ayoVbOJ1XWU
-3PAh30enHcGeIg6sV32xhYBO7mTnX51VybRRMAtd4hMAEQEAAcLBdQQYAQgAKQUC
-W4MEKwkQruTPEv6G0H4CGwwFCR4TOAAECwcJAwUVCAoCAwQWAAECAACNdxAA3s5s
-mvlKZrm5dfBqzCNDQtJtqqFkcOBCNhMKsJKn81YKsvT0yHsj6rfO5hL2uu6NKjkR
-K1Dn9IAR2wBt0pJy2bJo9HGfqAxb0JaC6Rgu/MoEYTcRbGUl3N6ywBAUFJ31Ou5F
-chzDrJJ37kLjTTHxkW8UXlVZWRs+jVwTTjWL96UXVxYdndeAAxLgceRy0h2h00xF
-PoVsjEpoek+yaHhmLWC3wSZ0jveGcB0pT9BI7D/9FZVHQ0DPzlYaXT6eZSLv+5BE
-dr+Gv4iwJ0DLF6tHl7bEm1O2iS3PyU59Fu5GOV2R6b/NRW+pYUwZhFz3zQ7GkUJE
-V+XBOMUFq5VduuzXZKSmlqr4SSx9SvcDiH7eRjNTX4Hzb+VcWKS/bvSS0efwz5AW
-Q9zObT1B/c889rPoiTIDXI4qOhzPmeva89QceRo04QXzi8fujRJoAmqdzW8uiiKO
-Edk1J5rzMkfEHMVf1l8z390qNy3VAk++mqQe8ZS2W7/ulNzNt3Gwx54rdOEe5pIl
-2QSGEwZgg6zX7C94xlqnxp84axNQghWJfBolMcp0q/yDFjbnRzd2vLUhtzEAosd4
-VDw98WyFTbRTTN8ElRptLUsa73raYpKRXN17vB517spEghyT1oyCdHYgaqvRkU7b
-ZDRB+exOyJJypi2cSaarxiI2gaMT2wp+dChnQ4k=
-=LGUI
------END PGP PUBLIC KEY BLOCK-----
-```
diff --git a/docs/docs/glossary.md b/docs/docs/glossary.md
deleted file mode 100644
index 3180a5ef9..000000000
--- a/docs/docs/glossary.md
+++ /dev/null
@@ -1,120 +0,0 @@
----
-title: Glossary
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, beyondcorp, zero-trust, reverse proxy, ztn, zta, zero trust, glossary, terms, definitions
-description: A quick reference of commonly used terms.
----
-
-# Glossary
-
-Pomerium's documentation uses a lot of terminology specific to the networking and security space. This glossary defines common terms readers may be unfamiliar with. If you come across an unfamiliar term not listed in this page, please let us know in our [Discuss support forum][support] and we'll add it.
-
-[[toc]]
-
-## General
-
-### Access Token
-This general term refers to a string that validates the holder to have a specific set of permissions, issued by an identifying service like an [identity provider]. Most of the access tokens discussed in our docs are [JSON Web Tokens (**JWTs**)][JWT] formatted following the [Oauth 2.0 RFC](https://datatracker.ietf.org/doc/html/rfc6749#section-7.1).
-
-### Context-aware Proxy
-A [proxy](https://en.wikipedia.org/wiki/Proxy_server) is an intermediate service between one or more clients or servers. Most of the proxies discussed in our docs are technically [reverse proxies](https://en.wikipedia.org/wiki/Reverse_proxy), sitting between one or more servers and all clients, providing a single point of ingress into a system.
-
-An context-aware proxy can provide contextual access to specific services based on the identity of the client and the state of the device they are using. Using Pomerium, context is provided by the client in the form of a [JWT] issued by the [identity provider], and optionally by the device using a [secure enclave].
-
-### Identity Provider
-An identity provider (**IdP**) is used to [authenticate] a user, i.e. confirm their identity. Pomerium uses external IdPs to better integrate into existing environments and to achieve strong separation of services. Pomerium provides [single sign-on] from your IdP to your entire network infrastructure from a single location.
-
-### JavaScript Object Notation
-Commonly shortened to **JSON**, [JavaScript object notation](https://en.wikipedia.org/wiki/JSON) is a common format used to represent and share structured sets of data as arrays of key-value pairs.
-
-### JSON Web Key Sets
-Usually abbreviate as **JWKS**, this is a [JSON]-formatted set of one or more keys provided by a trusted issuer and used by service to verify [JWTs] provided by a client. Formatting is defined by the [JSON Web Key RFC](https://datatracker.ietf.org/doc/html/rfc7517).
-
-### JSON Web Token
-Often referred to as **JWTs**, a JSON web token is a [JSON]-formatted string provided to a user by an [identity provider], which validates the user's identity to subsequent services (such as a [context-aware proxy]). JWTs are formatted according to the [JSON Web Token RFC](https://datatracker.ietf.org/doc/html/rfc7519)
-
-### Namespace
-"Namespaces" is an over-saturated term, having different meanings in different contexts. [Pomerium Enterprise][pom-namespace] uses Namespaces to provide separation of access and control to [routes]. Kubernetes uses their [namespaces][k8s-namespace] to isolate groups of resources within a cluster.
-
-### Perimeter
-The term "Perimeter" in the context of Pomerium and general networking usually refers to your internal network, and common tools like firewalls used to restrict access to it. [Historically](/docs/background.md#history), most security models used the perimeter as the main layer of protection to a network system. The principles of [zero trust] assume that the perimeter can be (and likely is) compromised, and require security between each connection, including those between internal services.
-
-### Policy
-Pomerium allows administrators to define authorization policies dictating what combination of users, groups, devices, etc, have access to protected services. Open-source Pomerium defines a unique policy to every [route], while Pomerium Enterprise can define reusable policies at the global and [namespace] level.
-
-### Route
-Specific to Pomerium, a route is a defined path from outside the network (via a public domain) to an internal service. Routes can be defined in the [configuration](/reference/readme.md#routes) for open-source Pomerium or the [Pomerium Enterprise Console][pom-routes].
-
-### Single Sign-On
-Single Sign-On (**SSO**) is the most frequently asked for requirement by enterprise organizations looking to adopt new SaaS applications. SSO enables authentication via an organization’s [identity provider], such as [Google Workspace](/docs/identity-providers/google.md) or [Okta](/docs/identity-providers/okta.md), as opposed to users or IT admins managing hundreds, if not thousands, of usernames and passwords.
-
-### Stateless
-Another overloaded term in the tech space, we use the term stateless when talking about Pomerium's Proxy, Authenticate, and Authorize [components](/docs/architecture.md#component-level). They are stateless because they rely on the Databroker component to provide persistent data. This means that the other services can be destroyed, recreated, and scaled horizontally without any data loss.
-
-## Networking
-
-### Custom Resource Definition
-A custom resource definition (**CRD**) defines a custom resource that extends the Kubernetes API to provide additional functionality specific to a custom software set. For example, [cert-manager](https://cert-manager.io/) defines certificate issuers [using a CRD](https://github.com/cert-manager/sample-external-issuer/blob/main/config/crd/bases/sample-issuer.example.com_issuers.yaml).
-
-### East-west Traffic
-[East-west traffic](https://en.wikipedia.org/wiki/East-west_traffic) refers to network communication between services within an internal network, Kubernetes cluster, private cloud network, etc. This term differentiates this communication from [north-south traffic].
-
-### HTTP Strict Transport Security
-Usually shortened to **HSTS**, this is a policy whereby a site secured with [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) provides a response header defining a period of time (usually set to a year or more) during which the browser should only access the server over TLS, and only when it provides the same certificate. This policy helps mitigate man-in-the-middle (**MiTM**) attacks. We suggest only defining an HSTS policy after a service has been fully configured and tested to avoid issues when switching from development to production certificates.
-
-### North-south Traffic
-[North-south traffic](https://en.wikipedia.org/wiki/North-south_traffic) refers to network communication from end users to services within an internal network, Kubernetes cluster, private cloud network, etc. This term differentiates this communication from [east-west traffic].
-
-### Upstream / Downstream
-When discussing traffic between end users and services, we use "upstream" to refer to the services and/or service mesh that Pomerium protects & secures. Inversely, "downstream" refers to traffic between Pomerium and end users, or any other party connecting from the Internet.
-
-## Security
-
-### Authentication
-Abbreviated as **AuthN**, this refers to the validation of a user's identity. It can also refer to validation of an user's [device](/docs/topics/device-identity.md). Access to a protected resource is usually granted only after a client's authentication and [authorization] are validated. This is usually done by verifying the [JWT] provided by the client.
-
-### Authorization
-Abbreviated as **AuthZ**, authorization is the process of validating a client's access to a protected resource. This is usually done after a client as been [authenticated], and is determined by comparing the contents of the clients [JWT] against the [policies] present for the [route].
-
-### Least User Privilege
-"Least user privilege" is a core concept of the [zero trust] model. It's the practice of only providing a user as much access to protected systems as is required for them to operate in their job's function. This is a risk-mitigation strategy; since compromised user credentials can only be used to access services they are granted access to, users that do not need access to highly sensitive services should not have them.
-
-### Mutual Authentication
-Mutual authentication is the security strategy of having both sides of a connection validate the identity of the other. This reduces the possibility of bad actors to impersonate valid communication endpoints. This topic is discussed in detail in [Mutual Authentication: A Component of Zero Trust](/docs/topics/mutual-auth.md).
-
-### Secure Enclave
-A Secure Enclave is a sub-component or device physically bound to a specific device that can safely store sensitive data used to validate [device identity](/docs/topics/device-identity.md).
-
-### Security Keys
-Security keys are often used to provide a physical resource to perform multi-factor authentication (**MFA**). Common examples include Yubico's Yubikey and Google's Titan Security Key.
-
-### Trusted Execution Environment
-A **TEE** is a physical method of executing cryptographic functions using data that cannot be accessed by the rest of the physical device. This is a core part of [device identity](/docs/topics/device-identity.md) validation.
-
-### Zero Trust
-Zero trust is a philosophy and/or framework for security models that includes several facets. We go into detail in our [Background](/docs/background.md#zero-trust) page, but briefly: zero-trust assumes that any one method of security is fallible, and defines a set of security principles that work in concert to provide the highest security without over-burdening administrators, end users, or network devices with extraneous overhead.
-
-[authenticate]: #authentication
-[authenticated]: #authentication
-[authorization]: #authorization
-[east-west traffic]: #east-west-traffic
-[identity provider]: #identity-provider
-[context-aware proxy]: #context-aware-proxy
-[JSON]: #javascript-object-notation
-[JWT]: #json-web-token
-[JWTs]: #json-web-token
-[k8s-namespace]: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-[namespace]: #namespace
-[north-south traffic]: #north-south-traffic
-[policies]: #policy
-[Pomerium Enterprise]: /enterprise/about.md
-[pom-namespace]: /enterprise/concepts.md#namespaces
-[pom-routes]: /enterprise/concepts.md#routes
-[route]: #route
-[routes]: #route
-[secure enclave]: #secure-enclave
-[single sign-on]: #single-sign-on
-[support]: https://discuss.pomerium.com/c/support/9
-[zero trust]: #zero-trust
\ No newline at end of file
diff --git a/docs/docs/identity-providers/auth0.md b/docs/docs/identity-providers/auth0.md
deleted file mode 100644
index e7144f3c3..000000000
--- a/docs/docs/identity-providers/auth0.md
+++ /dev/null
@@ -1,106 +0,0 @@
----
-title: Auth0
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: auth0, pomerium, identity provider, idp
----
-
-# Auth0
-
-This page documents configuring an [Auth0] Web Application and Machine to Machine Application for Pomerium to read user data. It assumes you have already [installed Pomerium](/docs/install/readme.md).
-
-::: warning
-While we do our best to keep our documentation up to date, changes to third-party systems are outside our control. Refer to [Applications in Auth0](https://auth0.com/docs/applications) from Auth0's docs as needed, or [let us know](https://github.com/pomerium/pomerium/issues/new?assignees=&labels=&template=bug_report.md) if we need to re-visit this page.
-:::
-
-[Log in to your Auth0 account](https://manage.auth0.com/) and head to your dashboard. Select **Applications → Applications** on the left menu. On the Applications page, click the **Create Application** button to create a new app.
-
-![Auth0 Applications Dashboard](./img/auth0/dashboard.png)
-
-## Create Regular Web Application
-
-1. On the **Create New Application** page, name your application and select the **Regular Web Application** for your application. This is the application that your users will login to.
-
-   ![Auth0 Create Application Select Platform](./img/auth0/create.png)
-
-1. Under the **Settings** tab, note the **Domain**, **Client ID**, and **Client Secret** values. We'll provide these to Pomerium at the end of the process.
-
-1. Provide the following information for your application settings:
-
-   | Field                        | Description                                                               |
-   | ---------------------------- | ------------------------------------------------------------------------- |
-   | Name                         | The name of your application.                                             |
-   | Application Login URI        | [Authenticate Service URL] (e.g. `https://${authenticate_service_url}`)   |
-   | Allowed Callback URLs        | Redirect URL (e.g. `https://${authenticate_service_url}/oauth2/callback`).|
-
-1. Under **Advanced Settings** → **OAuth**, confirm that **JSON Web Token (JWT) Signature Algorithm** is set to "RS256".
-
-1. Click **Save Changes** at the bottom of the page when you're done.
-
-## Service Account
-
-Next, we'll create an application to handle machine-to-machine communication from Pomerium to Auth0 in order to retrieve and establish group membership.
-
-::: tip
-
-Auth0 refers to groups as roles.
-
-:::
-
-1. Repeat the process in step 1 above to create a new application, but this time select **Machine to Machine Application**. A different application is used for grabbing roles to keep things more secure.
-
-   ![Auth Create Application Select Service Account Platform](./img/auth0/create-m2m.png)
-
-   Click **Create**.
-
-1. On the next page select **Auth0 Management API** from the dropdown. Under **Permissions** use the filter on the right to narrow things down to `role`, and choose the `read:roles` and `read:role_members` roles.
-
-   ![Auth0 Management API Scopes](./img/auth0/m2m-scopes.png)
-
-   Then click **Authorize**.
-
-1. Just like the previous step, retrieve the **Client ID** and **Client Secret** from the **Settings** tab. To build the `idp_service_account` value for Pomerium's configuration, you must base64-encode a JSON document containing the **Client ID** and **Client Secret** of the application:
-
-   ```json
-   {
-   "client_id": "...",
-   "secret": "..."
-   }
-   ```
-
-   If you save this JSON document as a temporary file, you can encode it like this:
-
-   ```bash
-   cat json.tmp | base64 -w 0
-   ```
-
-## Configure Pomerium
-
-You can now configure Pomerium with the identity provider settings retrieved in the previous steps. Your `config.yaml` keys or [environmental variables] should look something like this.
-
-:::: tabs
-::: tab config.yaml
-```yaml
-idp_provider: "auth0"
-idp_provider_url: "https://awesome-company.auth0.com"
-idp_client_id: "REPLACE_ME" # from the web application
-idp_client_secret: "REPLACE_ME" # from the web application
-idp_service_account: "REPLACE_ME" # built from the machine-to-machine application, base64-encoded
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="auth0"
-IDP_PROVIDER_URL="https://awesome-company.auth0.com"
-IDP_CLIENT_ID="REPLACE_ME" # from the web application
-IDP_CLIENT_SECRET="REPLACE_ME" # from the web application
-IDP_SERVICE_ACCOUNT="REPLACE_ME" # built from the machine-to-machine application, base64-encoded
-```
-:::
-::::
-
-[Auth0]: https://auth0.com/
-[authenticate service url]: /reference/readme.md#authenticate-service-url
-[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
diff --git a/docs/docs/identity-providers/azure.md b/docs/docs/identity-providers/azure.md
deleted file mode 100644
index 6691ecd3b..000000000
--- a/docs/docs/identity-providers/azure.md
+++ /dev/null
@@ -1,158 +0,0 @@
----
-title: Azure AD
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: azure, active directory, ad, microsoft, identity provider, idp
----
-
-# Azure Active Directory
-
-This page will help you configure Pomerium to use your Azure Active Directory as an IdP. It assumes you have already [installed Pomerium](/docs/install/readme.md)
-
-::: warning
-While we do our best to keep our documentation up to date, changes to third-party systems are outside our control. Refer to [Quickstart: Register an application with the Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) from Microsoft's documentation as needed, or [let us know](https://github.com/pomerium/pomerium/issues/new?assignees=&labels=&template=bug_report.md) if we need to re-visit this page.
-:::
-
-If you plan on allowing users to log in using a Microsoft Azure Active Directory account, either from your company or from external directories, you must register your application through the Microsoft Azure portal. If you don't have a Microsoft Azure account, you can [signup](https://azure.microsoft.com/en-us/free) for free.
-
-You can access the Azure management portal from your Microsoft service, or visit <https://portal.azure.com> and sign in to Azure using the global administrator account used to create the Office 365 organization.
-
-::: tip
-There is no way to create an application that integrates with Microsoft Azure AD without having **your own** Microsoft Azure AD instance.
-:::
-
-If you have an Office 365 account, you can use the account's Azure AD instance instead of creating a new one. To find your Office 365 account's Azure AD instance:
-
-1. [Sign in](https://portal.office.com) to Office 365.
-1. Navigate to the [Office 365 Admin Center](https://portal.office.com/adminportal/home#/homepage).
-1. Open the **Admin centers** menu drawer located in the left menu.
-1. Click on **Azure AD**.
-
-This will bring you to the admin center of the Azure AD instance backing your Office 365 account.
-
-## Create a New Application
-
-1. Login to Microsoft Azure and choose **Azure Active Directory**.
-
-   ![Select Active Directory](./img/azure/azure-dashboard.png)
-
-1. Under **Manage**, select **App registrations**.
-
-   ![Select App registrations](./img/azure/azure-app-registrations.png)
-
-   Then click on the **+ New registration** button to add a new application.
-
-1. Enter a name for the application, and set the redirect URI as `https://${authenticate_service_url}/oauth2/callback`. You can confirm your authenticate service URL from your Pomerium configuration.
-
-   ![Create application form](./img/azure/azure-create-application.png)
-
-   After you register the application, note the Application (client) ID, and Directory (tenant) ID.
-
-1. Under Client credentials, click **Add a certificate or secret**. The secret you create will be used as the **[Client Secret]** in Pomerium's configuration settings.
-
-1. Under **Client secrets** click **+ New client secret**. Enter a name for the key and choose the desired duration.
-
-   ![Creating a Key](./img/azure/azure-create-key.png)
-
-   ::: tip
-   If you choose an expiring key, make sure to record the expiration date in your calendar, as you will need to renew the key (get a new one) before that day to ensure users don't experience a service interruption.
-   :::
-
-   Click on **Add** and the key will be displayed. **Make sure to copy the value of this key before leaving this screen**, otherwise you may need to create a new key.
-
-### API Permissions
-
-In order to retrieve group information from Active Directory, we need to enable the necessary permissions for the [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/auth-v2-service#azure-ad-endpoint-considerations).
-
-Please note, [Group ID](https://docs.microsoft.com/en-us/graph/api/group-get?view=graph-rest-1.0&tabs=http) not group name will be used to affirm group membership.
-
-1. From the application page, click **API permissions**. Click the **+ Add a permission** button and select **Microsoft Graph API**. Select **Application permissions**. Use the filter to select the checkboxes for **Directory.Read.All**, **Group.Read.All** and **User.Read.All**, then click **Add permissions**.
-
-   ![Azure add group membership claims](./img/azure/azure-api-permissions.png)
-
-   You can also optionally select **Grant admin consent for Default Directory** which will suppress the permission screen on first login for users.
-
-1. The most unique step to Azure AD provider, is to take note of your specific endpoint. Navigate to **Azure Active Directory** -> **Apps registrations** and select your app.
-
-   ![Application dashboard](./img/azure/azure-application-dashboard.png)
-
-   Click on **Endpoints**
-
-   ![Endpoint details](./img/azure/azure-endpoints.png)
-
-The **OpenID Connect Metadata Document** value will form the basis for Pomerium's **Provider URL** setting.
-
-For example if the **Azure OpenID Connect** url is:
-
-```bash
-https://login.microsoftonline.com/0303f438-3c5c-4190-9854-08d3eb31bd9f/v2.0/.well-known/openid-configuration`
-```
-
-**Pomerium Identity Provider URL** would be
-
-```bash
-https://login.microsoftonline.com/0303f438-3c5c-4190-9854-08d3eb31bd9f/v2.0
-```
-
-## Service Account (Optional)
-
-::: tip
-
-By default, this information will be inferred from your provider URL, and you should not need to set this key. If you are using a different [OAuth2] credential set, you may need to set these values separately.
-:::
-
-To use `allowed_groups` in a policy an `idp_service_account` needs to be set in the Pomerium configuration. The service account for Azure AD uses the same [client ID] and client secret configured above, as well as the directory (tenant) ID:
-
-![Application dashboard](./img/azure/azure-application-dashboard.png)
-
-
-The format of the `idp_service_account` for Azure AD is a base64-encoded JSON document:
-
-```json
-{
-  "client_id": "...",
-  "client_secret": "...",
-  "directory_id": "..."
-}
-```
-
-## Pomerium Configuration
-
-Configure Pomerium with the identity provider settings retrieved in the previous steps.
-
-:::: tabs
-::: tab config.yaml
-```bash
-idp_provider: "azure"
-idp_provider_url: "https://login.microsoftonline.com/{REPLACE-ME-SEE-ABOVE}/v2.0"
-idp_client_id: "REPLACE-ME"
-idp_client_secret: "REPLACE-ME"
-# Optional, if service account credentials are different
-# or cannot be inferred from the above credential set.
-# idp_service_account: "REPLACE-ME-SEE-ABOVE"
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="azure"
-IDP_PROVIDER_URL="https://login.microsoftonline.com/{REPLACE-ME-SEE-ABOVE}/v2.0"
-IDP_CLIENT_ID="REPLACE-ME"
-IDP_CLIENT_SECRET="REPLACE-ME"
-# Optional, if service account credentials are different
-# or cannot be inferred from the above credential set.
-# IDP_SERVICE_ACCOUNT="REPLACE-ME-SEE-ABOVE"
-```
-:::
-::::
-
-## Troubleshooting
-
-- In our testing, we found that users could be created in an Active Directory without an email address as part of their user claim. Pomerium user identity depends largely on the associated email address.
-- If your default user in the Active Directory is unauthorized (403) even when specified as allowed in a policy by user, you can mitigate by creating a group membership and corresponding policy.
-
-[client id]: /reference/readme.md#identity-provider-client-id
-[client secret]: /reference/readme.md#identity-provider-client-secret
-[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
-[oauth2]: https://oauth.net/2/
diff --git a/docs/docs/identity-providers/cognito.md b/docs/docs/identity-providers/cognito.md
deleted file mode 100644
index 8e2b3b311..000000000
--- a/docs/docs/identity-providers/cognito.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: Cognito
-lang: en-US
-# sidebarDepth: 0
-meta:
-  - name: keywords
-    content: amazon, aws, cognito, openid, oidc, identity provider, idp
----
-
-# Cognito
-
-This document describes the use of AWS Cognito as an identity provider with Pomerium. It assumes you have already [installed Pomerium](/docs/install/readme.md)
-
-## Setting up AWS Cognito
-
-### Create a User Pool
-
-1. Log in to the [AWS Console](https://console.aws.amazon.com) account. Go to **Services** on the top menu, and search for **Cognito**:
-
-   ![AWS Cognito Services](./img/cognito/cognito-service.png)
-
-1. Once you have selected **Cognito**, you will be presented with the option of **Manage User Pools** or **Manage Identity Pools**. Pick **Manage User Pools**:
-
-   ![AWS Cognito User or Identity Pools](./img/cognito/cognito-pools.png)
-
-1. The next page shows any User Pools you have already created, or the option to **Create a User Pool**:
-
-   ![AWS Cognito Creating User Pool](./img/cognito/cognito-create-pool.png)
-
-1. Give the pool a name, then choose to either **Review defaults** or **Step through settings**. It is up to you whether you choose to Review the defaults (and make some customization) or set up every setting individually.
-
-   ![AWS Cognito Naming User Pool](./img/cognito/cognito-user-pool-name.png)
-
-1. Assuming you selected **Review defaults**, you will see the following:
-
-   ![AWS Cognito Pool Settings](./img/cognito/cognito-pool-settings.png)
-
-   You can enable Multi-Factor Authentication (MFA), change your Password requirements, Tag the pool, among many other settings.
-
-   ::: tip
-   If you need to make changes after creating your pool, be aware that some settings will recreate the pool rather than update the existing pool. This will also generate new **Client IDs** and **Client Secrets**. An example would be changing _How do you want your end users to sign in?_ in **Attributes** from **Username** to **Email address or phone number**.
-   :::
-
-### Create an App Client
-
-1. Once the pool is created, create an **App Client** under **General settings**. This is where you configure the Pomerium application settings. Choose **Add an App Client**:
-
-   ![AWS Cognito Create App Client](./img/cognito/cognito-app-client-create.png)
-
-1. Once the client is created, retrieve the **Client ID**, and the **Client Secret** by clicking **Show Details**.
-
-   ![AWS Cognito App Client Details](./img/cognito/cognito-app-client-details.png)
-
-1. Go to **App client settings** (in the Side menu under **App Integration**)
-
-   ![AWS Cognito Side Menu](./img/cognito/cognito-side-menu.png)
-
-   In the settings for **Pomerium** app, put in the following details
-
-   | **Field**                  | **Description**                                                                              |
-   | -------------------------- | -------------------------------------------------------------------------------------------- |
-   | Enabled Identity Providers | Choose **Cognito User Pool**, unless you have set up another **Identity Provider** (eg SAML) |
-   | Callback URL(s)            | https://${authenticate_service_url}/oauth2/callback                                          |
-   | Allowed OAuth Flows        | Authorization code grant                                                                     |
-   | Allowed OAuth Scopes       | Email, OpenID, Profile                                                                       |
-
-1. **IMPORTANT**: For OAuth2 to work correctly with AWS Cognito, you must configure a **Domain name**. This is under **App integration** in the side menu
-
-   ![AWS Cognito Domain Name](./img/cognito/cognito-domain-name.png)
-
-You can choose whether to use your own **Domain Name**, or use an AWS-provided one. The AWS-provided domain names are in the format `https://${DOMAIN-PREFIX}.auth.${AWS-REGION}.amazoncognito.com`
-
-## Pomerium Configuration
-
-Once you have configured AWS Cognito, configure Pomerium to connext to it:
-
-:::: tabs
-::: tab config.yaml
-```yaml
-idp_provider: "oidc"
-idp_provider_url: "https://cognito-idp.${AWS-REGION}.amazonaws.com/${USER-POOL-ID}"
-idp_client_id: "304a12ktcc5djt9d7enj6dsjkg"
-idp_client_secret: "1re5ukkv3dab6up5aefv7rru65lu60oblf04t6cv8u9s0itjbci7"
-idp_scopes: "openid,profile,email"
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="oidc"
-IDP_PROVIDER_URL="https://cognito-idp.${AWS-REGION}.amazonaws.com/${USER-POOL-ID}"
-IDP_CLIENT_ID="304a12ktcc5djt9d7enj6dsjkg"
-IDP_CLIENT_SECRET="1re5ukkv3dab6up5aefv7rru65lu60oblf04t6cv8u9s0itjbci7"
-IDP_SCOPES="openid,profile,email"
-```
-:::
-::: tab Kubernetes ConfigMap
-```yaml
-apiVersion: v1
-data:
-  config.yaml: |
-    # Main configuration flags : https://www.pomerium.io/reference/
-    authenticate_service_url: https://k8s-auth-prod.example.com # The URL you have set up for the Pomerium Authentication service
-    authorize_service_url: https://pomerium-authorize-service.default.svc.cluster.local
-
-    idp_provider: oidc
-    idp_provider_url: https://cognito-idp.${AWS-REGION}.amazonaws.com/${USER_POOL_ID}
-    idp_client_id: 304a12ktcc5djt9d7enj6dsjkg
-    idp_client_secret: "1re5ukkv3dab6up5aefv7rru65lu60oblf04t6cv8u9s0itjbci7"
-    idp_scopes: ["openid", "email", "profile"]
-kind: ConfigMap
-metadata:
-  name: pomerium-config
-```
-:::
-::::
-
-To retrieve the **User Pool ID**, go to **General Settings** in the Cognito Side menu within your pool. The **Pool ID** is just above the **Pool ARN**.
diff --git a/docs/docs/identity-providers/dex-freeipa.md b/docs/docs/identity-providers/dex-freeipa.md
deleted file mode 100644
index bdbedd8d1..000000000
--- a/docs/docs/identity-providers/dex-freeipa.md
+++ /dev/null
@@ -1,175 +0,0 @@
----
-title: FreeIPA with Dex
-description: >-
-  This article describes how to connect Pomerium to third-party identity
-  providers / single-sign-on services. You will need to generate keys, copy
-  these into your Pomerium settings, and enable the connection.
----
-
-
-### Pomerium-Dex-Freeipa Exercise
-
-**This exercise depicts the authentication flow for the services which don't have authentication flow**
-
-*Flow with the diagram*
-
-![alt text](https://github.com/dharmendrakariya/pomerium-dex/blob/main/image.jpg?raw=true)
-
-
-1. User makes an unauthenticated request to the service
-
-2. Pomerium proxy receives the request and recognizes it as anonymous
-
-3. It redirects the user to the auth provider for authentication
-
-4. Upon successful login, Pomerium provides an auth cookie to the user.
-
-5. Based on the cookie, Pomerium identifies the user and checks policy to determine whether to permit access. Authorization is based on identity factors like id, email,      group, role, or email domain.
-
-6. When the cookie expires, the login flow gets triggered all over again.
-
-
-*Here is our flow for accessing nextcloud service*
-
-1. User access https://hello.YOURDOMAIN.dev
-
-2. It will be redirected to the https://authenticate.YOURDOMAIN.dev (which is pomerium's authenticate service url)
-
-3. Pomerium's authenticate service will redirect this to check at oidc provider( in our case DEX).
-
-4. Dex(which is backed by FreeIpa in our case, freeipa's LDAP as backend) will check if the user is valid or not and after that flow gets redirected to pomerium back if user is valid.
-
-5. User is finally redirected to the nextcloud service if all goes well.
-
-
-Now to implement this flow we have configured static dex client ```pom``` with pomerium's authenticate service redirectURL
-
-```Note: I am using dex helm chart and in backend freeipa as a ldap server```
-
-```yaml
-connectors:
-      - config:
-          bindDN: uid=dex,cn=sysaccounts,cn=etc,dc=YOURDOMAIN,dc=dev
-          bindPW: mN****tG****
-          host: freeipa.YOURDOMAIN.dev:636
-          insecureNoSSL: false
-          insecureSkipVerify: true
-
-          # (Group Search )
-          groupSearch:
-            baseDN: cn=groups,cn=accounts,dc=YOURDOMAIN,dc=dev
-            filter: "(|(objectClass=posixGroup)(objectClass=group))"
-            userAttr: DN # Use "DN" here not "uid"
-            groupAttr: member
-            nameAttr: cn
-
-          # (User Search)
-          userSearch:
-            baseDN: cn=users,cn=accounts,dc=YOURDOMAIN,dc=dev
-            emailAttr: mail
-            filter: ""
-            idAttr: uidNumber
-            nameAttr: displayName
-            preferredUsernameAttr: uid
-            username: mail
-          usernamePrompt: Email
-        id: ldap
-        name: FreeIPA/LDAP
-        type: ldap
-      issuer: http://dex.YOURDOMAIN.dev
-      logger:
-        level: debug
-      oauth2:
-        responseTypes:
-        - code
-        skipApprovalScreen: false
-
-      staticClients:
-      # (Here I am creating static client for pomerium)
-      - id: pom
-        name: pom
-        redirectURIs:
-        # (pomerium authenticate service url)
-        - https://authenticate.YOURDOMAIN.dev/oauth2/callback
-        secret: pomerium
-
-```
-
-Below is configuration which supposed to be done in Pomerium
-
-```Note: I am using Pomerium helm chart```
-
-```yaml
-config:
-  # routes under this wildcard domain are handled by pomerium
-  rootDomain: YOURDOMAIN.dev
-
-  policy:
-      # (give any name instead of hello, this will be the proxy url to access the particular service)
-    - from: https://hello.YOURDOMAIN.dev
-      # (give fqdn of the actual service which is being authenticated, here I am giving nextcloud service endpoint, which is running in nextcloud namespace)
-      to: http://nextcloud.nextcloud.svc.cluster.local:8080
-
-      # allowed_domains:
-          #(in general give here your domain)
-      #   - YOURDOMAIN.dev
-
-      # (If you want to give access to particular group members, I have tested this by creating devops group and members in that group, in freeipa)
-      allowed_groups:
-        - devops
-
-      # (If you want to give access to particular group members, I have tested this by creating devops group and members in that group, in freeipa)
-      allowed_idp_claims:
-        groups:
-        - devops
-
-  # (I didn't specify the root level CAs so)
-  insecure: true
-
-extraEnv:
-  # (This will give you details if user is not able to authenticate, ideally this should be turned off)
-  POMERIUM_DEBUG: true
-  LOG_LEVEL: "error"
-  IDP_SCOPES: "openid,profile,email,groups,offline_access"
-
-authenticate:
-  # (This we have set in dex's static client also remember! should be same)
-  redirectUrl: "https://authenticate.YOURDOMAIN.dev/oauth2/callback"
-
-  idp:
-    provider: oidc
-    clientID: pom
-    clientSecret: pomerium
-    # (your dex url)
-    url: http://dex.YOURDOMAIN.dev
-    scopes: "openid profile email groups offline_access"
-    # (for group based access policy)
-    serviceAccount: "pomerium-authenticate"
-
-ingress:
-  enabled: true
-  authenticate:
-    name: ""
-  secretName: ""
-  secret:
-    name: ""
-    cert: ""
-    key: ""
-  tls:
-    hosts: []
-  hosts: []
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    kubernetes.io/ingress.allow-http: "true"
-
-resources:
-  limits:
-    cpu: 150m
-    memory: 100Mi
-  requests:
-    cpu: 100m
-    memory: 100Mi
-
-```
-
-
diff --git a/docs/docs/identity-providers/github.md b/docs/docs/identity-providers/github.md
deleted file mode 100644
index 461b66a9c..000000000
--- a/docs/docs/identity-providers/github.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-title: GitHub
-lang: en-US
-# sidebarDepth: 0
-meta:
-  - name: keywords
-    content: github, oauth2, provider, identity provider, idp
----
-
-# GitHub
-
-This document describes the use of GitHub as an identity provider for Pomerium. It assumes you have already [installed Pomerium](/docs/install/readme.md)
-
-::: warning
-The [GitHub API] does not support [OpenID Connect], just [OAuth 2.0].
-For this reason, it was challenging to implement revocation of a user's **Access Token** (a string representing the granted permissions) when they sign out from Pomerium's user info endpoint.
-:::
-
-In addition, the teams of the organization(s) a user belongs to, will be used as groups on Pomerium.
-
-## Create a GitHub OAuth 2.0 Application
-
-1. Log in to [Github](https://github.com/login) or create an account.
-
-1. Navigate to your profile using the avatar on the navigation bar, and select **Settings**:
-
-1. Navigate to **Developer settings ➞ OAuth Apps** and select **New OAuth App**.
-
-  ![GitHub OAuth2 Application creation](./img/github/github-oauth-creation.png)
-
-1. Create a new OAuth2 application by filling the form fields above with the following parameters:
-
-   | Field                       | Description                                                         |
-   | --------------------------- | ------------------------------------------------------------------- |
-   | Application name            | The name of your web app.                                           |
-   | Homepage URL                | The homepage URL of the application to be integrated with Pomerium. |
-   | Authorization callback URL  | `https://${authenticate_service_url}/oauth2/callback`, `authenticate_service_url` from your Pomerium configuration. |
-
-
-1. After creating the application, select **Generate a new client secret** and save **Client Secret** along with the **Client ID**.
-
-## Create a Service Account
-
-To use `allowed_groups` in a policy, an `idp_service_account` needs to be set in the Pomerium configuration. The Service Account for GitHub should be a personal access token with `read:org` permissions
-
-1. Create a new token at [github.com/settings/tokens/new](https://github.com/settings/tokens/new).
-
-   ![Personal Access Token](./img/github/github-personal-access-token.png)
-
-1. The format of the `idp_service_account` for GitHub is a base64-encoded JSON document:
-
-   ```json
-   {
-   "username": "YOUR_GITHUB_USERNAME",
-   "personal_access_token": "GENERATED_GITHUB_ACCESS_TOKEN"
-   }
-   ```
-
-   You can save the object as a temporary file to encode:
-
-   ```bash
-   cat tmp.json | base64 -w 0
-   ```
-
-## Pomerium Configuration
-
-After creating your GitHub OAuth application, update the **Pomerium** configuration:
-
-:::: tabs
-::: tab config.yaml
-```bash
-idp_provider: "github"
-idp_client_id: "REDACTED"       // github application ID
-idp_client_secret: "REDACTED"   // github application secret
-idp_service_account: "REDACTED" // github service account (personal access token)
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="github"
-IDP_CLIENT_ID="REDACTED"       // github application ID
-IDP_CLIENT_SECRET="REDACTED"   // github application secret
-IDP_SERVICE_ACCOUNT="REDACTED" // github service account (personal access token)
-```
-:::
-::::
-
-Whenever a user tries to access your application integrated with Pomerium, they will be presented with a sign-on page as below:
-
-![GitHub Sign-on Page](./img/github/github-signon-page.png)
-
-[Github API]: https://developer.github.com/v3/#oauth2-token-sent-in-a-header
-[openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect
-[OAuth 2.0]: https://auth0.com/docs/protocols/oauth2
diff --git a/docs/docs/identity-providers/gitlab.md b/docs/docs/identity-providers/gitlab.md
deleted file mode 100644
index 016748263..000000000
--- a/docs/docs/identity-providers/gitlab.md
+++ /dev/null
@@ -1,120 +0,0 @@
----
-title: GitLab
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: gitlab, oidc, openid connect, identity provider, idp
----
-
-# GitLab
-
-This document details how to use GitLab as an identity provider with Pomerium. It assumes you have already [installed Pomerium](/docs/install/readme.md)
-
-::: warning
-While we do our best to keep our documentation up to date, changes to third-party systems are outside our control. Refer to [GitLab as an OAuth 2.0 authentication service provider](https://docs.gitlab.com/ee/integration/oauth_provider.html) from GitLab's docs as needed, or [let us know](https://github.com/pomerium/pomerium/issues/new?assignees=&labels=&template=bug_report.md) if we need to re-visit this page.
-:::
-
-## Setting up GitLab OAuth2 for your Application
-
-1. Log in to your GitLab account or create one [here](https://gitlab.com/users/sign_in). If you're using a self-hosted instance, log in to your custom GitLab domain.
-
-1. From the User Settings area, select [**Applications**](https://gitlab.com/-/profile/applications). Create a new application:
-
-   ![create an application](./img/gitlab/gitlab-create-applications.png)
-
-1. Add a new application by setting the following parameters:
-
-   Field        | Description
-   ------------ | ---------------------------------------------------------------------------------
-   Name         | The name of your web app
-   Redirect URI | `https://${authenticate_service_url}/oauth2/callback`
-   Scopes       | `openid`, `profile`, `email`
-
-   Click **Save application**.
-
-1. Your **Application ID** and **Secret** will be displayed:
-
-   ![Gitlab OAuth Client ID and Secret](./img/gitlab/gitlab-credentials.png)
-
-   Note the ID and Secret to apply in Pomerium's settings.
-
-## Service Account
-
-To use `allowed_groups` in a policy, an `idp_service_account` needs to be set in the Pomerium configuration. The service account for Gitlab uses a personal access token generated at: [gitlab.com/-/profile/personal_access_tokens](https://gitlab.com/-/profile/personal_access_tokens) with `read_api` access:
-
-![Gitlab Personal Access Token](./img/gitlab/gitlab-personal-access-token.png)
-
-The format of the `idp_service_account` for Gitlab is a base64-encoded JSON document:
-
-```json
-{
-  "private_token": "..."
-}
-```
-
-If you save this JSON document as a temporary file, you can encode it like this:
-
-```bash
-cat json.tmp | base64 -w 0
-```
-
-## Pomerium Configuration
-
-Edit your Pomerium configuration to provide the Client ID, secret, service credentials, and domain (for self-hosted instances):
-
-### GitLab.com
-
-:::: tabs
-::: tab config.yaml
-```yaml
-idp_provider: "gitlab"
-idp_client_id: "REDACTED"   # gitlab application ID
-idp_client_secret: "REDACTED"   # gitlab application secret
-idp_service_account: "REDACTED"   # gitlab service account, base64-encoded json
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="gitlab"
-IDP_CLIENT_ID="REDACTED" # gitlab application ID
-IDP_CLIENT_SECRET="REDACTED" # gitlab application secret
-IDP_SERVICE_ACCOUNT="REDACTED" # gitlab service account, base64-encoded json
-```
-:::
-::::
-
-### Self-Hosted GitLab
-
-Self-hosted CE/EE instances should be configured as a generic OpenID Connect provider:
-
-:::: tabs
-::: tab config.yaml
-```yaml
-idp_provider: oidc
-idp_client_id: "REDACTED"
-idp_client_secret: "REDACTED"
-idp_scopes: openid,profile,email
-idp_provider_url: https://gitlab.example.com # Base URL of GitLab instance
-idp_service_account: "REDACTED"   # gitlab service account, base64-encoded json
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="oidc"
-IDP_CLIENT_ID="REDACTED"
-IDP_CLIENT_SECRET="REDACTED"
-IDP_SCOPES="openid,profile,email"
-IDP_PROVIDER_URL="https://gitlab.example.com" # Base URL of GitLab instance
-IDP_SERVICE_ACCOUNT="REDACTED"   # gitlab service account, base64-encoded json
-```
-:::
-::::
-
----
-
-When a user first uses Pomerium to login, they are presented with an authorization screen:
-
-![gitlab access authorization screen](./img/gitlab/gitlab-verify-access.png)
-
-Please be aware that [Group ID](https://docs.gitlab.com/ee/api/groups.html#details-of-a-group) will be used to affirm group(s) a user belongs to.
\ No newline at end of file
diff --git a/docs/docs/identity-providers/google.md b/docs/docs/identity-providers/google.md
deleted file mode 100644
index de385d064..000000000
--- a/docs/docs/identity-providers/google.md
+++ /dev/null
@@ -1,163 +0,0 @@
----
-title: Google
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: google, gsuite, gmail, oidc, openid connect, workspaces, identity provider, idp
----
-
-# Google Workspace (formerly known as G Suite)
-
-This guide covers the basics of setting up Pomerium to use GCP and Google Workspace / G Suite as your identity provider.
-
-::: warning
-
-Google changes their configuration screens frequently. Please refer to Google's documentation for authoritative instructions.
-
-- [Setting up OAuth 2.0](https://developers.google.com/identity/protocols/oauth2/openid-connect)
-- [Perform Google Workspace Domain-Wide Delegation of Authority](https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
-
-:::
-
-## Setting up OAuth 2.0
-
-You need [OAuth 2.0 credentials](https://developers.google.com/identity/protocols/oauth2/openid-connect), including a client ID and client secret, to authenticate users.
-
-### Create OAuth 2.0
-
-Log in to your Google account and go to the [APIs & services](https://console.developers.google.com/projectselector/apis/credentials).
-
-1. Navigate to **Credentials** using the left-hand menu.
-2. On the **Credentials** page, click **Create credentials** and choose **OAuth [Client ID]**.
-
-![Create New Credentials](./img/google/google-credentials.png)
-
-::: warning
-
-If you don't currently have an OAuth consent page configured, Google will not allow you to create credentials until this is completed. Please follow Google's [instructions](https://developers.google.com/identity/protocols/oauth2/openid-connect#consentpageexperience) for doing so.
-
-:::
-
-### Set a redirect URI
-
-The redirect URI that you set in the API Console tells Google where Pomerium's authentication callback URL is. On the **Create [Client ID]** page, select **Web application**.
-
-To create, view, or edit the redirect URIs for a given OAuth 2.0 credential, do the following:
-
-1. Go to the [Credentials](https://console.developers.google.com/apis/credentials) page.
-2. In the OAuth 2.0 client IDs section of the page, click a credential.
-3. View or edit the redirect URIs.
-
-If there is no OAuth 2.0 client IDs section on the Credentials page, then your project has no OAuth credentials. To create one, click Create credentials.
-
-Field        | Description
------------- | ------------------------------------------------------------------------
-Name         | The name of your web app
-Redirect URI | Redirect URL `https://${authenticate_service_url}/oauth2/callback` (e.g.`https://authenticate.localhost.pomerium.io/oauth2/callback`)
-
-![Web App Credentials Configuration](./img/google/google-create-client-id-config.png)
-
-## Setting up directory Sync
-
-### Create a service account
-
-In order to have Pomerium validate group membership, we'll also need to configure a [service account](https://console.cloud.google.com/iam-admin/serviceaccounts) with [G-suite domain-wide delegation](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) enabled.
-
-1. Open the [**Service accounts** page](https://console.developers.google.com/iam-admin/serviceaccounts). If prompted, select a project.
-2. Click add **Create Service Account**, enter a name and description for the service account. You can use the default service account ID, or choose a different, unique one. When done click **Create**.
-3. The **Service account permissions (optional)** section that follows is not required. Click **Continue**.
-4. On the **Grant users access to this service account** screen, scroll down to the **Create key** section. Click add **Create key**.
-5. In the side panel that appears, select the format for your key: **JSON**.
-6. Click **Create**. Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of this key. For information on how to store it securely, see [Managing service account keys](https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys).
-7. Click **Close** on the **Private key saved to your computer** dialog, then click **Done** to return to the table of your service accounts.
-
-Next, we need to enable enable G Suite domain-wide delegation, follow these steps:
-
-1. Locate the newly-created service account in the table. Under **Actions**, click **Edit**.
-2. In the service account details, click expand_more **Show domain-wide delegation**, then ensure the **Enable G Suite Domain-wide Delegation** checkbox is checked.
-3. If you haven't yet configured your app's OAuth consent screen, you must do so before you can enable domain-wide delegation. Follow the on-screen instructions to [configure the OAuth consent screen](https://support.google.com/cloud/answer/10311615?hl=en&ref_topic=3473162#), then repeat the above steps and re-check the checkbox.
-4. Click **Save** to update the service account, and return to the table of service accounts. A new column, **Domain-wide delegation**, can be seen. Click **View Client ID**, to obtain and make a note of the client ID.
-
-### Set the impersonating user
-
-
-Then, you'll need to manually open an editor and add an `impersonate_user` field to the downloaded public/private key file. In this case, we'd be impersonating the admin account `user@pomerium.io`.
-
-::: warning
-
-[Google requires](https://stackoverflow.com/questions/48585700/is-it-possible-to-call-apis-from-service-account-without-acting-on-behalf-of-a-u/48601364#48601364) that service accounts act on behalf of another user. You MUST add the `impersonate_user` field to your json key file.
-
-:::
-
-```git
-{
-  "type": "service_account",
-  "project_id": "pomerium-redacted",
-  "private_key_id": "e07f7c93870c7e03f883560ecd8fd0f4d27b0081",
-  "private_key": "-----BEGIN PRIVATE KEY-----\\n-----END PRIVATE KEY-----\n",
-  "client_email": "redacted@pomerium-redacted.iam.gserviceaccount.com",
-  "client_id": "101215990458000334387",
-  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-  "token_uri": "https://oauth2.googleapis.com/token",
-  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/redacted%40pomerium-redacted.iam.gserviceaccount.com",
-+  "impersonate_user": "user@pomerium.com"
-}
-```
-
-The base64 encoded contents of this public/private key pair json file will used for the value of the IdP [service account] configuration setting.
-
-### Set directory permissions for Workspaces
-
-Next, we need to give that service account permissionson the GSuite / Workspace side of the house.
-
-1. From your Google Workspace domain's [Admin console](http://admin.google.com/), go to **Main menu** > **Security** > **API controls**.
-2. In the **Domain wide delegation** pane, select **Manage Domain Wide Delegation**.
-3. Click **Add new**.
-4. In the **Client ID** field, enter the client ID obtained from the service account creation steps above.
-5. In the **OAuth Scopes** field, enter a comma-delimited list of the scopes required for your application (for a list of possible scopes, see [Authorize requests](https://developers.google.com/admin-sdk/directory/v1/guides/authorizing)).
-6. Enter the following list of scopes: `https://www.googleapis.com/auth/admin.directory.group.readonly` `https://www.googleapis.com/auth/admin.directory.user.readonly`
-7. Click the **Authorize** button.
-
-![Google create service account](./img/google/google-gsuite-add-scopes.png)
-
-
-Your `config.yaml` values or [environment variables] should look something like this:
-
-::::: tabs
-:::: tab config.yaml
-
-```yaml
-idp-provider: "google"
-idp-client-id: "yyyy.apps.googleusercontent.com"
-idp-client-secret: "xxxxxx"
-idp-service-account: "zzzz" # output of `base64 -i service-account-key.json`, with impersonate_user set.
-```
-
-::::
-:::: tab Environment Variables
-
-```bash
-IDP_PROVIDER="google"
-IDP_CLIENT_ID="yyyy.apps.googleusercontent.com"
-IDP_CLIENT_SECRET="xxxxxx"
-IDP_SERVICE_ACCOUNT="zzzz" # output of `base64 -i service-account-key.json`, with impersonate_user set.
-```
-
-::::
-:::::
-
-## Troubleshooting
-
-### `invalid service account for Google directory provider`
-
-This error message in Pomerium log output coincides with an empty **Groups** field in the `/.pomerium` endpoint. It indicates that your [service account](#create-a-service-account) is missing or incorrectly configured. Revisit the linked section above to adjust your service account settings as needed.
-
-
-[client id]: ../../reference/readme.md#identity-provider-client-id
-[client secret]: ../../reference/readme.md#identity-provider-client-secret
-[environment variables]: https://en.wikipedia.org/wiki/Environment_variable
-[oauth2]: https://oauth.net/2/
-[openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect
-[service account]: ../../reference/readme.md#identity-provider-service-account
diff --git a/docs/docs/identity-providers/img/auth0/create-m2m.png b/docs/docs/identity-providers/img/auth0/create-m2m.png
deleted file mode 100644
index ee79eded2..000000000
Binary files a/docs/docs/identity-providers/img/auth0/create-m2m.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/auth0/create.png b/docs/docs/identity-providers/img/auth0/create.png
deleted file mode 100644
index ffb83ec23..000000000
Binary files a/docs/docs/identity-providers/img/auth0/create.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/auth0/dashboard.png b/docs/docs/identity-providers/img/auth0/dashboard.png
deleted file mode 100644
index bd25da603..000000000
Binary files a/docs/docs/identity-providers/img/auth0/dashboard.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/auth0/m2m-scopes.png b/docs/docs/identity-providers/img/auth0/m2m-scopes.png
deleted file mode 100644
index 1c3cd655c..000000000
Binary files a/docs/docs/identity-providers/img/auth0/m2m-scopes.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-api-permissions.png b/docs/docs/identity-providers/img/azure/azure-api-permissions.png
deleted file mode 100644
index a70734c92..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-api-permissions.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-api-settings.png b/docs/docs/identity-providers/img/azure/azure-api-settings.png
deleted file mode 100644
index f80f3cf96..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-api-settings.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-app-registrations.png b/docs/docs/identity-providers/img/azure/azure-app-registrations.png
deleted file mode 100644
index 39ef7be8e..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-app-registrations.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-application-dashboard.png b/docs/docs/identity-providers/img/azure/azure-application-dashboard.png
deleted file mode 100644
index 3aee7221c..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-application-dashboard.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-create-application.png b/docs/docs/identity-providers/img/azure/azure-create-application.png
deleted file mode 100644
index c16633051..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-create-application.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-create-key.png b/docs/docs/identity-providers/img/azure/azure-create-key.png
deleted file mode 100644
index 12bac6910..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-create-key.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-dashboard.png b/docs/docs/identity-providers/img/azure/azure-dashboard.png
deleted file mode 100644
index 78076ea39..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-dashboard.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/azure/azure-endpoints.png b/docs/docs/identity-providers/img/azure/azure-endpoints.png
deleted file mode 100644
index b590449c5..000000000
Binary files a/docs/docs/identity-providers/img/azure/azure-endpoints.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-app-client-create.png b/docs/docs/identity-providers/img/cognito/cognito-app-client-create.png
deleted file mode 100644
index 259e60a2a..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-app-client-create.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-app-client-details.png b/docs/docs/identity-providers/img/cognito/cognito-app-client-details.png
deleted file mode 100644
index dc1f6f735..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-app-client-details.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-create-pool.png b/docs/docs/identity-providers/img/cognito/cognito-create-pool.png
deleted file mode 100644
index bc031d87c..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-create-pool.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-domain-name.png b/docs/docs/identity-providers/img/cognito/cognito-domain-name.png
deleted file mode 100644
index d0049f25d..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-domain-name.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-pool-settings.png b/docs/docs/identity-providers/img/cognito/cognito-pool-settings.png
deleted file mode 100644
index 8ae09e7e6..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-pool-settings.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-pools.png b/docs/docs/identity-providers/img/cognito/cognito-pools.png
deleted file mode 100644
index efefc5543..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-pools.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-service.png b/docs/docs/identity-providers/img/cognito/cognito-service.png
deleted file mode 100644
index 5b294adaf..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-service.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-side-menu.png b/docs/docs/identity-providers/img/cognito/cognito-side-menu.png
deleted file mode 100644
index 6b414eb74..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-side-menu.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/cognito/cognito-user-pool-name.png b/docs/docs/identity-providers/img/cognito/cognito-user-pool-name.png
deleted file mode 100644
index 0b1a8f3ea..000000000
Binary files a/docs/docs/identity-providers/img/cognito/cognito-user-pool-name.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/github/github-oauth-creation.png b/docs/docs/identity-providers/img/github/github-oauth-creation.png
deleted file mode 100644
index 1d14902ce..000000000
Binary files a/docs/docs/identity-providers/img/github/github-oauth-creation.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/github/github-personal-access-token.png b/docs/docs/identity-providers/img/github/github-personal-access-token.png
deleted file mode 100644
index 432c0f9fa..000000000
Binary files a/docs/docs/identity-providers/img/github/github-personal-access-token.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/github/github-signon-page.png b/docs/docs/identity-providers/img/github/github-signon-page.png
deleted file mode 100644
index 460132199..000000000
Binary files a/docs/docs/identity-providers/img/github/github-signon-page.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/gitlab/gitlab-create-applications.png b/docs/docs/identity-providers/img/gitlab/gitlab-create-applications.png
deleted file mode 100644
index 2c95da1f6..000000000
Binary files a/docs/docs/identity-providers/img/gitlab/gitlab-create-applications.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/gitlab/gitlab-credentials.png b/docs/docs/identity-providers/img/gitlab/gitlab-credentials.png
deleted file mode 100644
index 3b74b2e40..000000000
Binary files a/docs/docs/identity-providers/img/gitlab/gitlab-credentials.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/gitlab/gitlab-personal-access-token.png b/docs/docs/identity-providers/img/gitlab/gitlab-personal-access-token.png
deleted file mode 100644
index 3982d3957..000000000
Binary files a/docs/docs/identity-providers/img/gitlab/gitlab-personal-access-token.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/gitlab/gitlab-verify-access.png b/docs/docs/identity-providers/img/gitlab/gitlab-verify-access.png
deleted file mode 100644
index b2512bf66..000000000
Binary files a/docs/docs/identity-providers/img/gitlab/gitlab-verify-access.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/google/google-create-client-id-config.png b/docs/docs/identity-providers/img/google/google-create-client-id-config.png
deleted file mode 100644
index 626e91bfa..000000000
Binary files a/docs/docs/identity-providers/img/google/google-create-client-id-config.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/google/google-credentials.png b/docs/docs/identity-providers/img/google/google-credentials.png
deleted file mode 100644
index cba8b1def..000000000
Binary files a/docs/docs/identity-providers/img/google/google-credentials.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/google/google-gsuite-add-scopes.png b/docs/docs/identity-providers/img/google/google-gsuite-add-scopes.png
deleted file mode 100644
index 9eb0f2404..000000000
Binary files a/docs/docs/identity-providers/img/google/google-gsuite-add-scopes.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/okta/okta-api-token.png b/docs/docs/identity-providers/img/okta/okta-api-token.png
deleted file mode 100644
index 131a706e7..000000000
Binary files a/docs/docs/identity-providers/img/okta/okta-api-token.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/okta/okta-app-dashboard.png b/docs/docs/identity-providers/img/okta/okta-app-dashboard.png
deleted file mode 100644
index 896a8d44f..000000000
Binary files a/docs/docs/identity-providers/img/okta/okta-app-dashboard.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/okta/okta-app-settings.png b/docs/docs/identity-providers/img/okta/okta-app-settings.png
deleted file mode 100644
index 41d4574f7..000000000
Binary files a/docs/docs/identity-providers/img/okta/okta-app-settings.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/okta/okta-authorization-servers.png b/docs/docs/identity-providers/img/okta/okta-authorization-servers.png
deleted file mode 100644
index 080cd4d84..000000000
Binary files a/docs/docs/identity-providers/img/okta/okta-authorization-servers.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/okta/okta-client-id-and-secret.png b/docs/docs/identity-providers/img/okta/okta-client-id-and-secret.png
deleted file mode 100644
index 5a557f1f1..000000000
Binary files a/docs/docs/identity-providers/img/okta/okta-client-id-and-secret.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/okta/okta-create-app-settings.png b/docs/docs/identity-providers/img/okta/okta-create-app-settings.png
deleted file mode 100644
index 31481d8b0..000000000
Binary files a/docs/docs/identity-providers/img/okta/okta-create-app-settings.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-add-app.png b/docs/docs/identity-providers/img/onelogin/one-login-add-app.png
deleted file mode 100644
index a6aab5ae3..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-add-app.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-add-open-id.png b/docs/docs/identity-providers/img/onelogin/one-login-add-open-id.png
deleted file mode 100644
index 4a0e24a60..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-add-open-id.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-api-access.png b/docs/docs/identity-providers/img/onelogin/one-login-api-access.png
deleted file mode 100644
index 0cc81395b..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-api-access.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-app-access.png b/docs/docs/identity-providers/img/onelogin/one-login-app-access.png
deleted file mode 100644
index 1eec93e57..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-app-access.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-callback-url.png b/docs/docs/identity-providers/img/onelogin/one-login-callback-url.png
deleted file mode 100644
index 5509dd56d..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-callback-url.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-events.png b/docs/docs/identity-providers/img/onelogin/one-login-events.png
deleted file mode 100644
index c11d24795..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-events.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-select-logo.png b/docs/docs/identity-providers/img/onelogin/one-login-select-logo.png
deleted file mode 100644
index 689405d67..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-select-logo.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/onelogin/one-login-sso-settings.png b/docs/docs/identity-providers/img/onelogin/one-login-sso-settings.png
deleted file mode 100644
index 23d77e108..000000000
Binary files a/docs/docs/identity-providers/img/onelogin/one-login-sso-settings.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/ping/ping-add-application.png b/docs/docs/identity-providers/img/ping/ping-add-application.png
deleted file mode 100644
index fd8d2f7d2..000000000
Binary files a/docs/docs/identity-providers/img/ping/ping-add-application.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/ping/ping-add-worker.png b/docs/docs/identity-providers/img/ping/ping-add-worker.png
deleted file mode 100644
index dcfbd5a79..000000000
Binary files a/docs/docs/identity-providers/img/ping/ping-add-worker.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/ping/ping-app-grants.png b/docs/docs/identity-providers/img/ping/ping-app-grants.png
deleted file mode 100644
index a967868c9..000000000
Binary files a/docs/docs/identity-providers/img/ping/ping-app-grants.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/ping/ping-app-profile.png b/docs/docs/identity-providers/img/ping/ping-app-profile.png
deleted file mode 100644
index 7b74f8a32..000000000
Binary files a/docs/docs/identity-providers/img/ping/ping-app-profile.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/ping/ping-configuration.png b/docs/docs/identity-providers/img/ping/ping-configuration.png
deleted file mode 100644
index 31a8b5b54..000000000
Binary files a/docs/docs/identity-providers/img/ping/ping-configuration.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/ping/ping-new-app.png b/docs/docs/identity-providers/img/ping/ping-new-app.png
deleted file mode 100644
index 8ebaa3856..000000000
Binary files a/docs/docs/identity-providers/img/ping/ping-new-app.png and /dev/null differ
diff --git a/docs/docs/identity-providers/img/ping/ping-worker-configuration.png b/docs/docs/identity-providers/img/ping/ping-worker-configuration.png
deleted file mode 100644
index e884fe7e5..000000000
Binary files a/docs/docs/identity-providers/img/ping/ping-worker-configuration.png and /dev/null differ
diff --git a/docs/docs/identity-providers/okta.md b/docs/docs/identity-providers/okta.md
deleted file mode 100644
index 0070a56fa..000000000
--- a/docs/docs/identity-providers/okta.md
+++ /dev/null
@@ -1,103 +0,0 @@
----
-title: Okta
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: okta oidc, identity provider, idp, context, context-aware
----
-
-# Okta
-
-Okta is a popular identity provider used by businesses of all sizes. Integrating Pomerium with Okta allows you to use the identity Okta provides to apply context-driven policies from Pomerium to your infrastructure.
-
-This page covers configuring Okta to communicate with Pomerium as an [IdP](/docs/glossary.md#identity-provider). It assumes you have already [installed Pomerium][pomerium-install] before you begin.
-
-::: warning
-While we do our best to keep our documentation up to date, changes to third-party systems are outside our control. Refer to [Create an Okta app Integration](https://developer.okta.com/docs/guides/sign-into-web-app/aspnet/create-okta-application/) from Okta's developer docs as needed, or [let us know](https://github.com/pomerium/pomerium/issues/new?assignees=&labels=&template=bug_report.md) if we need to re-visit this page.
-:::
-
-## Create OpenID Connect Application
-
-1. [Log in to your Okta account](https://login.okta.com) From the left-hand menu, Select **Applications → Applications** on the top menu.
-
-   ![Okta Applications Dashboard](./img/okta/okta-app-dashboard.png)
-
-1. Click the **Create App Integration** button. Select **OIDC** as the sign-in method. and **Web Application** as the application type:
-
-   ![Okta new app integration modal](./img/okta/okta-app-settings.png)
-
-   Click **Next** to continue.
-
-1. Provide the following information for your application settings:
-
-   | Field                        | Description                                                               |
-   | ---------------------------- | ------------------------------------------------------------------------- |
-   | Name                         | The name of your application.                                             |
-   | Grant type allowed           | **You must enable Refresh Token.**                                        |
-   | Base URIs                    | **Optional**: The domain(s) of your application.                          |
-   | Sign-in redirect URIs        | Redirect URL (e.g.`https://${authenticate_service_url}/oauth2/callback`). |
-   | Controlled Access            | The user groups that can sign in to this application. See [Group ID] for more information. |
-
-   ![Okta Create Application Settings](./img/okta/okta-create-app-settings.png)
-
-   Click **Save** to proceed. You'll be taken to the **General** tab of your app.
-
-1. From the **General** tab, scroll down to the **Client Credentials** section. This section contains the **[Client ID]** and **[Client Secret]**. Temporarily save these values to apply to the Pomerium configuration.
-
-   ![Okta Client ID and Secret](./img/okta/okta-client-id-and-secret.png)
-
-## Create Service account
-
-Next, we'll create API token so that Pomerium can retrieve and establish group membership.
-
-1. From the main menu, navigate to **Security → API**. Select the **Tokens** tab, and click the **Create Token** button. Name the token, then save the value to apply to our Pomerium configuration:
-
-   ![Okta api token](./img/okta/okta-api-token.png)
-
-1. The API token will be provided as the value of the `idp_service_account` key, formatted as a base64-encoded JSON document::
-
-   ```json
-   {
-     "api_key": "XXXXXXXXXX"
-   }
-   ```
-
-   You can save the object as a temporary file to encode:
-
-   ```bash
-   cat tmp.json | base64 -w 0
-   ```
-
-## Configure Pomerium
-
-Finally, configure Pomerium with the identity provider settings retrieved in the previous steps. Your [environmental variables] should look something like this.
-
-:::: tabs
-::: tab config.yaml
-```yaml
-idp_provider: "okta"
-idp_provider_url: "https://awesomecompany.okta.com"
-idp_client_id: "REPLACE ME"
-idp_client_secret: "REPLACE ME"
-idp_service_account: "REPLACE ME" # base64 encoded JSON object
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="okta"
-IDP_PROVIDER_URL="https://dev-108295.okta.com"
-IDP_CLIENT_ID="REPLACE_ME"
-IDP_CLIENT_SECRET="REPLACE_ME"
-IDP_SERVICE_ACCOUNT="REPLACE_ME" # base64 encoded JSON object
-```
-:::
-::::
-
-[client id]: ../../reference/readme.md#identity-provider-client-id
-[client secret]: ../../reference/readme.md#identity-provider-client-secret
-[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
-[oauth2]: https://oauth.net/2/
-[openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect
-[pomerium-install]: /docs/install/readme.md
-[Group ID]: https://developer.okta.com/docs/reference/api/groups/
diff --git a/docs/docs/identity-providers/one-login.md b/docs/docs/identity-providers/one-login.md
deleted file mode 100644
index 73ccb5860..000000000
--- a/docs/docs/identity-providers/one-login.md
+++ /dev/null
@@ -1,113 +0,0 @@
-# OneLogin
-
-This doc describes how to create an OIDC app in [OneLogin] for Pomerium and connect to it. It assumes you have already [installed Pomerium].
-
-::: warning
-While we do our best to keep our documentation up to date, changes to third-party systems are outside our control. Refer to [Connect an OIDC enabled app](https://developers.onelogin.com/openid-connect/connect-to-onelogin) from OneLogin's documentation as needed, or [let us know](https://github.com/pomerium/pomerium/issues/new?assignees=&labels=&template=bug_report.md) if we need to re-visit this page.
-:::
-
-## Create OpenID Connect App
-
-1. Log in to your [OneLogin](https://www.onelogin.com/) account and click on **Administration** at the top.
-
-1. Navigate to **Applications** on the top menu. Click the **Add App** button:
-
-   ![One Login Add a New App](./img/onelogin/one-login-add-app.png)
-
-1. On the **Find Application** page, search for **openid**. Select **Openid Connect** by OneLogin, Inc.
-
-   ![One Login Add a New App](./img/onelogin/one-login-add-open-id.png)
-
-1. On the App Configuration page, name the app and select a logo:
-
-   ![One Login select logo](./img/onelogin/one-login-select-logo.png)
-
-   Select **Save**.
-
-1. From the **Configuration** tab, set set the **Redirect URI's** to Pomerium's redirect url (`https://${authenticate_service_url}/oauth2/callback`):
-
-   ![One Login set callback url](./img/onelogin/one-login-callback-url.png)
-
-   Select **Save**.
-
-1. Navigate to the **SSO** page. This section contains the **[Client ID]**, **[Client Secret]** and **[Identity Provider URL]** you'll use to configure Pomerium:
-
-   ![One Login SSO settings](./img/onelogin/one-login-sso-settings.png)
-
-1. Set the application type to **Web** and the token endpoint to be **POST**.
-
-1. Under **Token Timeout settings** set **Refresh Token** to 60 minutes (or whatever value makes sense for your organization). Note, however, if you don't enable refresh tokens the user will be prompted to authenticate whenever the access token expires which can result in a poor user experience.
-
-   Select **Save** to complete the application configuration.
-
-### Add Users
-
-OneLogin will not make your new application accessible to members of your organization automatically. You can assign access to individual users (as shown below), or define rules / policies based on group membership.
-
-![One Login Application Access](./img/onelogin/one-login-app-access.png)
-
-## Service Account
-
-To use `allowed_groups` in a policy, an `idp_service_account` needs to be set in the Pomerium configuration. The service account for OneLogin uses a *different* client ID and client secret from the one configured above.
-
-1. From the **Administration** dashboard, navigate to **Developers → API Credentials** and select **New Credential**.
-
-1. Name the new credential and rive it "Read users" access:
-
-![API Access](./img/onelogin/one-login-api-access.png)
-
-
-1. The format of the `idp_service_account` for OneLogin is a base64-encoded JSON document:
-
-   ```json
-   {
-   "client_id": "...",
-   "client_secret": "..."
-   }
-   ```
-
-   You can save the object as a temporary file to encode:
-
-   ```bash
-   cat tmp.json | base64 -w 0
-   ```
-
-A [Group's ID](https://developers.onelogin.com/openid-connect/api/user-info) will be used to affirm user group membership.
-
-## Pomerium Configuration
-
-Update your Pomerium configuration:
-
-:::: tabs
-::: tab config.yaml
-```yaml
-idp_provider: "onelogin"
-idp_provider_url: "https://awesomecompany.onelogin.com/oidc/2"
-idp_client_id: "REDACTED" # Your OneLogin application ID
-idp_client_secret: "REDACTED" # Your OneLogin application secret
-idp_service_account: "REDACTED" # API credentials, base64-encoded
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="onelogin"
-IDP_PROVIDER_URL="https://awesomecompany.onelogin.com/oidc/2"
-IDP_CLIENT_ID="REDACTED" # Your OneLogin application ID
-IDP_CLIENT_SECRET="REDACTED" # Your OneLogin application secret
-IDP_SERVICE_ACCOUNT="REDACTED" # API credentials, base64-encoded
-```
-:::
-::::
-
-After reloading Pomerium, you should be able to see any login events from your OneLogin events dashboard.
-
-![One Login Events Dashboard](./img/onelogin/one-login-events.png)
-
-[client id]: /reference/readme.md#identity-provider-client-id
-[client secret]: /reference/readme.md#identity-provider-client-secret
-[Identity Provider URL]: /reference/readme.md#identity-provider-url
-[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
-[oauth2]: https://oauth.net/2/
-[openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect
-[OneLogin]: https://www.onelogin.com/
-[installed Pomerium]: /docs/install/readme.md
\ No newline at end of file
diff --git a/docs/docs/identity-providers/ping.md b/docs/docs/identity-providers/ping.md
deleted file mode 100644
index 57dfcdac9..000000000
--- a/docs/docs/identity-providers/ping.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Ping
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: ping, oidc, identity provider, idp
----
-
-# Ping Identity
-
-This document covers configuring Ping Identity as an IdP for your Pomerium gateway. It assumes you have already [installed Pomerium](/docs/install/readme.md).
-
-::: warning
-While we do our best to keep our documentation up to date, changes to third-party systems are outside our control. Refer to [Adding an application - Web application](https://docs.pingidentity.com/bundle/p14c/page/lyd1583255784891.html) from Ping's documentation as needed, or [let us know](https://github.com/pomerium/pomerium/issues/new?assignees=&labels=&template=bug_report.md) if we need to re-visit this page.
-:::
-
-## Create OpenID Connect App
-
-1. To use the Ping Identity provider, first go to the [Ping One](https://www.pingidentity.com/en/account/sign-on.html) console and select the environment you want to create the app for.
-
-1. Click **Connections** in the side menu, select **Applications** and click **+** button to create a new application:
-
-   ![The Ping Applications Screen, highlighting the "New App" button.](./img/ping/ping-new-app.png)
-
-1. Select **WEB APP**, then **OIDC**:
-
-   ![Ping Add Application](./img/ping/ping-add-application.png)
-
-1. Name the application and optionally provide a description and icon:
-
-   ![Ping Create App Profile](./img/ping/ping-app-profile.png)
-
-1. On the **Configure** page, add the Pomerium authenticate redirect URL. For example: `https://authenticate.localhost.pomerium.io/oauth2/callback`.
-
-1. Provide the necessary scopes to your application as needed for your policies from the scopes available in the [OpenID Spec](https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims). Pomerium requires at least the `email` scope:
-
-   ![Ping App Resource Grants](./img/ping/ping-app-grants.png)
-
-1. OIDC Attributes. **Save and Close**.
-
-1. From the **Configuration** tab of your new application, note the values of the following keys to use in your Pomerium Configuration:
-
-   * **ISSUER**: used as the `idp_provider_url` (e.g. `https://auth.pingone.com/720dbe8a-83ed-48e1-9988-9928301ae668/as`)
-   * **CLIENT ID**: used as the `idp_client_id`
-   * **CLIENT SECRET**: used as the `idp_client_secret`
-
-   ![Ping Configuration](./img/ping/ping-configuration.png)
-
-1. Toggle the green slider to enable your new application.
-
-## Service Account
-
-To use `allowed_groups` in a policy, an `idp_service_account` needs to be set in the Pomerium configuration. The service account for Ping uses a *different* application, and client ID and client secret from the one configured above.
-
-1. Click **Add Application**, but this time select **Worker → Worker App**.
-
-   ![Ping Add Worker](./img/ping/ping-add-worker.png)
-
-1. Toggle the green slider to enable your new application.
-
-1. This application's **Client ID** and **Client Secret** will be used as the service account in Pomerium.
-
-   ![Ping Worker Configuration](./img/ping/ping-worker-configuration.png)
-
-   The format of the service account is a JSON encoded object with `client_id` and `client_secret` properties:
-
-   ```json
-   {
-      "client_id": "XXXXXXXXXX",
-      "client_secret": "XXXXXXXXXX"
-   }
-   ```
-
-   You can save the object as a temporary file to encode as a base64 value:
-
-   ```bash
-   cat tmp.json | base64 -w 0
-   ```
-
-## Pomerium Configuration
-
-Update your Pomerium configuration to use Ping as the IdP:
-
-:::: tabs
-::: tab config.yaml
-```yaml
-idp_provider: "ping"
-idp_provider_url: "https://auth.pingone.com/720dbe8a-83ed-48e1-9988-9928301ae668/as"
-idp_client_id: "CLIENT_ID"
-idp_client_secret: "CLIENT_SECRET"
-idp_service_account: "XXXXXXX" # Base64-encoded JSON
-```
-:::
-::: tab Environment Variables
-```bash
-IDP_PROVIDER="ping"
-IDP_PROVIDER_URL="https://auth.pingone.com/720dbe8a-83ed-48e1-9988-9928301ae668/as"
-IDP_CLIENT_ID="CLIENT_ID"
-IDP_CLIENT_SECRET="CLIENT_SECRET"
-IDP_SERVICE_ACCOUNT="XXXXXXX" # Base64-encoded JSON
-```
-:::
-::::
\ No newline at end of file
diff --git a/docs/docs/identity-providers/readme.md b/docs/docs/identity-providers/readme.md
deleted file mode 100644
index c1c02ab73..000000000
--- a/docs/docs/identity-providers/readme.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Overview
-description: >-
-  This article describes how to connect Pomerium to third-party identity
-  providers / single-sign-on services. You will need to generate keys, copy
-  these into your Pomerium settings, and enable the connection.
----
-
-# Identity Provider Configuration
-
-Pomerium provides single-sign-on authentication and user identity details by integrating with your downstream Identity Provider (**IdP**) of choice. That authentication integration is achieved using OAuth2, and [OpenID Connect][openid connect] (**OIDC**). Where available, Pomerium also supports pulling additional data (like groups) using directory synchronization. An additional API token is required for directory sync.
-
-The steps for integrating Pomerium with an IdP are specific to each provider, but they generally share the same base requirements:
-
-- A **[Redirect URL](https://www.oauth.com/oauth2-servers/redirect-uris/)** pointing back to Pomerium. For example, `https://${authenticate_service_url}/oauth2/callback`.
-  - The redirect URL will always be your [Authenticate Service URL](/reference/readme.md#authenticate-service-url), plus `/oauth2/callback`.
-- A **[Client ID]** and **[Client Secret]**.
-- An optional **[Service Account]** for additional IdP Data. This enables Pomerium administrators to write policies around groups.
-   - Depending on the IdP, a service account may have its own client id and secret, or require an API token. Pomerium handles this by accepting values for `idp_service_account` as a base64-encoded json object with the correct key/value pairs for each IdP supported.
-
-The subsequent pages in this section provide specific instructions for the IdPs Pomerium supports.
-
-[client id]: ../../reference/readme.md#identity-provider-client-id
-[client secret]: ../../reference/readme.md#identity-provider-client-secret
-[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
-[oauth2]: https://oauth.net/2/
-[openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect
-[service account]: ../../reference/readme.md#identity-provider-service-account
-
-
diff --git a/docs/docs/img/pomerium-auth-flow.svg b/docs/docs/img/pomerium-auth-flow.svg
deleted file mode 100644
index d49d5758e..000000000
--- a/docs/docs/img/pomerium-auth-flow.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1149px" height="451px" viewBox="-0.5 -0.5 1149 451"><defs/><g><rect x="55.79" y="88.33" width="23.74" height="0" fill="#ffffff" stroke="#000000" pointer-events="all"/><path d="M 67.66 88.33 L 67.66 440" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="all"/><rect x="0" y="20" width="55.79" height="56.94" fill="none" stroke="none" pointer-events="all"/><path d="M 15.95 36.38 C 15.86 32.08 17.36 27.92 20.09 24.84 C 22.83 21.76 26.57 20.02 30.49 20 C 39.23 20.09 46.35 27.38 46.67 36.56 C 47 40.78 45.68 44.96 43.02 48.12 C 40.36 51.28 36.59 53.15 32.59 53.28 C 23.75 53.47 16.37 45.98 15.95 36.38 Z M 0 76.94 C 0.35 68.94 3.42 61.48 8.47 56.38 C 12.47 52.53 18.05 52.3 22.26 55.81 C 24.66 57.53 27.29 58.92 30.08 59.93 C 32.95 61.14 36.1 60.94 38.85 59.36 C 40.35 58.65 41.69 57.63 42.76 56.38 C 43.82 55.14 45.66 54.9 47.02 55.81 C 49.43 57.37 51.58 60.13 53.27 63.83 C 54.91 68.01 55.76 72.45 55.79 76.93 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><path d="M 73.05 28.54 C 70.06 28.54 67.65 30.83 67.65 33.67 L 67.65 64.38 C 67.65 67.22 70.06 69.49 73.05 69.49 L 92 69.49 L 92 74.92 L 86.58 74.92 L 86.58 79.79 L 108.01 79.79 L 108.01 74.92 L 102.55 74.92 L 102.55 69.49 L 121.61 69.49 C 124.59 69.49 127 67.22 127 64.38 L 127 33.67 C 127 30.83 124.59 28.54 121.61 28.54 Z" fill="#757575" stroke="none" pointer-events="all"/><path d="M 72.86 33.49 L 121.64 33.49 L 121.64 64.53 L 72.86 64.53 Z" fill="#ffffff" stroke="none" pointer-events="all"/><rect x="189" y="90" width="20" height="0" fill="#ffffff" stroke="#000000" pointer-events="all"/><path d="M 199 90 L 199 430" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="all"/><rect x="194.12" y="110" width="10" height="330" fill="#7d7d7d" stroke="#000000" pointer-events="all"/><ellipse cx="199.13" cy="55" rx="34.125" ry="35" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 66px; height: 1px; padding-top: 55px; margin-left: 166px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #FFFFFF; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Proxy</div></div></div></foreignObject><text x="199" y="59" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Proxy</text></switch></g><rect x="391" y="90" width="20" height="0" fill="#ffffff" stroke="#000000" pointer-events="all"/><path d="M 401 90 L 401 430" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="all"/><rect x="396.13" y="160" width="10" height="160" fill="#7d7d7d" stroke="#000000" pointer-events="all"/><ellipse cx="401.13" cy="55" rx="34.125" ry="35" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 66px; height: 1px; padding-top: 55px; margin-left: 368px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #FFFFFF; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; "><font style="font-size: 11px">Authenticate</font></div></div></div></foreignObject><text x="401" y="59" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Authenticate</text></switch></g><rect x="794" y="85.38" width="20" height="0" fill="#ffffff" stroke="#000000" pointer-events="all"/><path d="M 804 85.38 L 804 430" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="all"/><rect x="799.13" y="109.38" width="10" height="36.04" fill="#7d7d7d" stroke="#000000" pointer-events="all"/><rect x="799" y="370" width="10" height="37.36" fill="#7d7d7d" stroke="#000000" pointer-events="all"/><ellipse cx="800.32" cy="51.09" rx="30.31605922551253" ry="31.093394077448746" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 59px; height: 1px; padding-top: 51px; margin-left: 771px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #FFFFFF; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Authorize</div></div></div></foreignObject><text x="800" y="55" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Authorize</text></switch></g><path d="M 667 82.45 L 675 76.31 L 641.93 20 L 633.4 25.02 Z M 603 82.45 L 667 82.45 L 633.4 25.02 L 603 81.88 Z" fill="#036897" stroke="#ffffff" stroke-width="2" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/><path d="M 633.93 64.61 C 636.07 64.61 638.2 62.38 638.2 59.59 C 638.2 57.36 636.07 55.12 633.93 55.12 C 631.27 55.12 629.13 57.36 629.13 59.59 C 629.13 62.38 631.27 64.61 633.93 64.61 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 633.93 46.76 C 636.07 46.76 638.2 44.54 638.2 42.31 C 638.2 39.52 636.07 37.29 633.93 37.29 C 631.27 37.29 629.13 39.52 629.13 42.31 C 629.13 44.54 631.27 46.76 633.93 46.76 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 646.2 77.43 C 648.87 77.43 651 75.76 651 72.97 C 651 70.18 648.87 67.95 646.2 67.95 C 643.53 67.95 641.4 70.18 641.4 72.97 C 641.4 75.76 643.53 77.43 646.2 77.43 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 621.13 77.43 C 623.8 77.43 625.93 75.19 625.93 72.97 C 625.93 70.18 623.8 67.95 621.13 67.95 C 619 67.95 616.87 70.18 616.87 72.97 C 616.87 75.19 619 77.43 621.13 77.43 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 633.4 42.86 L 633.4 59.59 L 621.13 72.97 M 633.4 60.14 L 645.13 72.42" fill="none" stroke="#ffffff" stroke-width="2.13" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-end; width: 1px; height: 1px; padding-top: 51px; margin-left: 601px;"><div style="box-sizing: border-box; font-size: 0; text-align: right; "><div style="display: inline-block; font-size: 9px; font-family: Lucida Console; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap; "><font style="font-size: 14px">Identity<br />Provider</font></div></div></div></foreignObject><text x="601" y="54" fill="#000000" font-family="Lucida Console" font-size="9px" text-anchor="end" font-weight="bold">Identity...</text></switch></g><rect x="629" y="82.45" width="20" height="0" fill="#ffffff" stroke="#000000" pointer-events="all"/><path d="M 639 82.45 L 639 430" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="all"/><path d="M 638.5 170 L 670 170 L 670 210 L 648.74 210" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 640.74 210 L 648.74 206 L 648.74 214 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><rect x="1050" y="20.78" width="65.22" height="64.49" fill="none" stroke="none" pointer-events="all"/><path d="M 1092.49 30.51 L 1108.3 30.51 L 1108.3 28.06 L 1092.49 28.06 Z M 1085.57 33.03 L 1085.57 23.89 C 1085.57 22.51 1087.1 20.78 1089.54 20.78 L 1111.29 20.78 C 1113.61 20.78 1115.22 22.46 1115.22 23.95 L 1115.22 70.58 L 1100.4 70.58 L 1100.4 64.05 L 1108.3 64.05 L 1108.3 61.6 L 1100.4 61.6 L 1100.4 57.52 L 1108.3 57.52 L 1108.3 55.07 L 1100.4 55.07 L 1100.4 38.71 C 1100.4 35.38 1097.04 33.03 1093.62 33.03 Z M 1056.73 30.51 L 1072.77 30.51 L 1072.65 28.06 L 1056.5 28.06 Z M 1050 70.58 L 1050 23.96 C 1050 22.26 1051.87 20.78 1053.81 20.78 L 1075.8 20.78 C 1077.69 20.78 1079.64 22.17 1079.64 23.98 L 1079.64 33.03 L 1071.65 33.03 C 1067.54 33.03 1064.82 35.9 1064.82 38.63 L 1064.82 55.07 L 1056.92 55.07 L 1056.92 57.52 L 1064.82 57.52 L 1064.82 61.6 L 1056.92 61.6 L 1056.92 64.05 L 1064.82 64.05 L 1064.82 70.59 Z M 1074.7 45.27 L 1090.51 45.27 L 1090.51 42.82 L 1074.7 42.82 Z M 1074.7 72.21 L 1090.51 72.21 L 1090.51 69.76 L 1074.7 69.76 Z M 1074.7 78.74 L 1090.51 78.74 L 1090.51 76.29 L 1074.7 76.29 Z M 1067.79 85.27 L 1067.79 38.66 C 1067.79 36.9 1069.71 35.47 1071.61 35.47 L 1093.49 35.47 C 1095.69 35.47 1097.43 37.02 1097.43 38.67 L 1097.43 85.27 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 18px; margin-left: 1083px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 15px; font-family: Lucida Console; color: #FFFFFF; line-height: 1.2; pointer-events: all; white-space: nowrap; "><b><font color="#000000">Secured Application</font></b></div></div></div></foreignObject><text x="1083" y="18" fill="#FFFFFF" font-family="Lucida Console" font-size="15px" text-anchor="middle">Secured A...</text></switch></g><rect x="1075" y="97.5" width="20" height="0" fill="#ffffff" stroke="#000000" pointer-events="all"/><path d="M 1085 97.5 L 1085 430" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="all"/><path d="M 67.16 110 L 183.88 110" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 191.88 110 L 183.88 114 L 183.88 106 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 107px; margin-left: 114px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">request</div></div></div></foreignObject><text x="114" y="107" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">request</text></switch></g><path d="M 406 170.91 L 628.26 170.91" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 636.26 170.91 L 628.26 174.91 L 628.26 166.91 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 168px; margin-left: 470px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">redirect to IdP sign-in</div></div></div></foreignObject><text x="470" y="168" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">redirect to IdP sign-in</text></switch></g><path d="M 203 114.95 L 788.89 114.95" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 796.89 114.95 L 788.89 118.95 L 788.89 110.95 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 112px; margin-left: 260px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">check authorization</div></div></div></foreignObject><text x="260" y="112" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">check authoriz...</text></switch></g><path d="M 797 137.99 L 208.47 139.03" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" stroke-dasharray="6 6" pointer-events="stroke"/><path d="M 216.23 134.02 L 206.24 139.04 L 216.24 144.02" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 135px; margin-left: 736px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">unauthorized</div></div></div></foreignObject><text x="736" y="135" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">unauthorized</text></switch></g><path d="M 204.12 170.08 L 384.76 170.08" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 392.76 170.08 L 384.76 174.08 L 384.76 166.08 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 167px; margin-left: 278px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">redirect for session cookie</div></div></div></foreignObject><text x="278" y="167" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">redirect for session cookie</text></switch></g><path d="M 638.5 210.2 L 411.47 210.2" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" stroke-dasharray="6 6" pointer-events="stroke"/><path d="M 419.24 205.2 L 409.24 210.2 L 419.24 215.2" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 207px; margin-left: 551px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">redirect with authorization code</div></div></div></foreignObject><text x="551" y="207" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">redirect with authorization code</text></switch></g><path d="M 408 240 L 628.26 240" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 636.26 240 L 628.26 244 L 628.26 236 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 237px; margin-left: 480px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">exchange code for tokens</div></div></div></foreignObject><text x="480" y="237" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">exchange code...</text></switch></g><path d="M 638.5 270 L 590 270 Q 580 270 570 270.17 L 409.47 272.88" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" stroke-dasharray="6 6" pointer-events="stroke"/><path d="M 417.15 267.75 L 407.24 272.92 L 417.32 277.75" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 267px; margin-left: 569px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">return id/access tokens</div></div></div></foreignObject><text x="569" y="267" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">return id/access tokens</text></switch></g><path d="M 405 300 L 951.26 300" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 959.26 300 L 951.26 304 L 951.26 296 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 297px; margin-left: 480px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">store session and tokens</div></div></div></foreignObject><text x="480" y="297" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">store session...</text></switch></g><path d="M 961.5 330 L 900 330 Q 890 330 880 330 L 807.97 330" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" stroke-dasharray="6 6" pointer-events="stroke"/><path d="M 815.74 325 L 805.74 330 L 815.74 335" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 327px; margin-left: 883px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">session syncronized</div></div></div></foreignObject><text x="883" y="327" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">session syncronized</text></switch></g><path d="M 392 316 L 208.59 316" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" stroke-dasharray="6 6" pointer-events="stroke"/><path d="M 216.36 311 L 206.36 316 L 216.36 321" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 313px; margin-left: 320px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">redirect with session token</div></div></div></foreignObject><text x="320" y="313" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">redirect with session token</text></switch></g><path d="M 205 316 L 230 316 L 230 350 L 215.24 350" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 207.24 350 L 215.24 346 L 215.24 354 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 1px; height: 1px; padding-top: 338px; margin-left: 234px;"><div style="box-sizing: border-box; font-size: 0; text-align: left; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">set session cookie</div></div></div></foreignObject><text x="234" y="342" fill="#000000" font-family="Helvetica" font-size="12px">set session cookie</text></switch></g><path d="M 206 370.04 L 788.76 370" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 796.76 370 L 788.76 374 L 788.76 366 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 367px; margin-left: 270px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">check authorization</div></div></div></foreignObject><text x="270" y="367" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">check authorization</text></switch></g><path d="M 795 397.35 L 208.47 399.07" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" stroke-dasharray="6 6" pointer-events="stroke"/><path d="M 216.22 394.04 L 206.24 399.07 L 216.25 404.04" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 395px; margin-left: 750px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">authorized</div></div></div></foreignObject><text x="750" y="395" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">authorized</text></switch></g><path d="M 204.12 430 L 280 430 Q 290 430 300 430 L 1074.26 430" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 1082.26 430 L 1074.26 434 L 1074.26 426 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 427px; margin-left: 256px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">proxied request</div></div></div></foreignObject><text x="256" y="427" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">proxied request</text></switch></g><rect x="952" y="80" width="20" height="0" fill="#ffffff" stroke="#000000" pointer-events="all"/><path d="M 962 80 L 962 429.22" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="all"/><ellipse cx="959.44" cy="50.2" rx="29.441574324324325" ry="30.19648648648649" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 57px; height: 1px; padding-top: 50px; margin-left: 931px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #FFFFFF; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Databroker</div></div></div></foreignObject><text x="959" y="54" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Cache</text></switch></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://desk.draw.io/support/solutions/articles/16000042487" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Viewer does not support full SVG 1.1</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/docs/img/pomerium-container-context.svg b/docs/docs/img/pomerium-container-context.svg
deleted file mode 100644
index 53c8edf34..000000000
--- a/docs/docs/img/pomerium-container-context.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="686px" height="596px" viewBox="-0.5 -0.5 686 596" style="background-color: rgb(255, 255, 255);"><defs/><g><path d="M 143 30 Q 225 30 225 148.63" fill="none" stroke="#666666" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 225 153.88 L 221.5 146.88 L 225 148.63 L 228.5 146.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 324.75 30 Q 225 30 225 148.63" fill="none" stroke="#666666" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 225 153.88 L 221.5 146.88 L 225 148.63 L 228.5 146.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 618 275 L 626 269.2 L 592.93 216 L 584.4 220.74 Z M 554 275 L 618 275 L 584.4 220.74 L 554 274.46 Z" fill="#036897" stroke="#ffffff" stroke-width="2" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/><path d="M 584.93 258.14 C 587.07 258.14 589.2 256.04 589.2 253.4 C 589.2 251.3 587.07 249.18 584.93 249.18 C 582.27 249.18 580.13 251.3 580.13 253.4 C 580.13 256.04 582.27 258.14 584.93 258.14 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 584.93 241.28 C 587.07 241.28 589.2 239.18 589.2 237.08 C 589.2 234.44 587.07 232.34 584.93 232.34 C 582.27 232.34 580.13 234.44 580.13 237.08 C 580.13 239.18 582.27 241.28 584.93 241.28 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 597.2 270.26 C 599.87 270.26 602 268.68 602 266.04 C 602 263.4 599.87 261.3 597.2 261.3 C 594.53 261.3 592.4 263.4 592.4 266.04 C 592.4 268.68 594.53 270.26 597.2 270.26 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 572.13 270.26 C 574.8 270.26 576.93 268.14 576.93 266.04 C 576.93 263.4 574.8 261.3 572.13 261.3 C 570 261.3 567.87 263.4 567.87 266.04 C 567.87 268.14 570 270.26 572.13 270.26 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 584.4 237.6 L 584.4 253.4 L 572.13 266.04 M 584.4 253.92 L 596.13 265.52" fill="none" stroke="#ffffff" stroke-width="2.1" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 1px; height: 1px; padding-top: 246px; margin-left: 628px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 9px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;"><span style="font-size: 14px">Identity<br />Provider<br /></span></div></div></div></foreignObject><text x="628" y="248" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="9px" font-weight="bold">Identity...</text></switch></g><rect x="21.62" y="10" width="47" height="50" fill="none" stroke="none" pointer-events="all"/><path d="M 35.06 24.39 C 34.98 20.61 36.24 16.96 38.55 14.25 C 40.85 11.55 44.01 10.01 47.31 10 C 54.67 10.08 60.67 16.48 60.94 24.54 C 61.22 28.24 60.11 31.91 57.86 34.69 C 55.62 37.46 52.45 39.1 49.08 39.23 C 41.63 39.39 35.41 32.81 35.06 24.39 Z M 21.62 60 C 21.92 52.97 24.5 46.42 28.76 41.94 C 32.13 38.56 36.83 38.36 40.37 41.44 C 42.39 42.95 44.61 44.17 46.97 45.06 C 49.38 46.12 52.03 45.94 54.35 44.56 C 55.62 43.94 56.74 43.04 57.65 41.94 C 58.54 40.86 60.09 40.64 61.24 41.44 C 63.26 42.81 65.08 45.24 66.5 48.48 C 67.88 52.16 68.6 56.05 68.62 59.99 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><rect x="68.62" y="0" width="65" height="60" fill="none" stroke="none" pointer-events="all"/><path d="M 80.66 12.5 C 78.15 12.5 76.12 14.51 76.12 17 L 76.12 43.97 C 76.12 46.46 78.15 48.45 80.66 48.45 L 96.63 48.45 L 96.63 53.23 L 92.06 53.23 L 92.06 57.5 L 110.12 57.5 L 110.12 53.23 L 105.52 53.23 L 105.52 48.45 L 121.58 48.45 C 124.09 48.45 126.12 46.46 126.12 43.97 L 126.12 17 C 126.12 14.51 124.09 12.5 121.58 12.5 Z" fill="#757575" stroke="none" pointer-events="all"/><path d="M 80.5 16.84 L 121.61 16.84 L 121.61 44.1 L 80.5 44.1 Z" fill="#ffffff" stroke="none" pointer-events="all"/><rect x="320.75" y="15" width="50" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 324.99 38.27 L 324.99 16.35 C 325.3 15.62 325.96 15.11 326.74 15 L 364.61 15 C 365.57 15.11 366.35 15.81 366.56 16.74 L 366.56 38.27 L 370.57 42.61 C 370.75 43.15 370.58 43.71 370.1 44.16 C 369.63 44.62 368.89 44.92 368.07 45 L 323.48 45 C 322.65 44.93 321.9 44.63 321.41 44.18 C 320.93 43.72 320.75 43.15 320.93 42.61 Z M 326.64 38.27 L 365.06 38.32 L 365.06 17.19 C 364.88 16.66 364.41 16.28 363.85 16.2 L 327.65 16.2 C 327.1 16.38 326.71 16.87 326.64 17.44 Z M 341.89 41.21 L 340.53 43.16 L 349.96 43.16 L 348.91 41.21 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><rect x="381.37" y="10" width="47" height="50" fill="none" stroke="none" transform="translate(404.87,0)scale(-1,1)translate(-404.87,0)" pointer-events="all"/><path d="M 394.81 24.39 C 394.73 20.61 395.99 16.96 398.3 14.25 C 400.6 11.55 403.76 10.01 407.06 10 C 414.42 10.08 420.42 16.48 420.69 24.54 C 420.97 28.24 419.86 31.91 417.61 34.69 C 415.37 37.46 412.2 39.1 408.83 39.23 C 401.38 39.39 395.16 32.81 394.81 24.39 Z M 381.37 60 C 381.67 52.97 384.25 46.42 388.51 41.94 C 391.88 38.56 396.58 38.36 400.12 41.44 C 402.14 42.95 404.36 44.17 406.72 45.06 C 409.13 46.12 411.78 45.94 414.1 44.56 C 415.37 43.94 416.49 43.04 417.4 41.94 C 418.29 40.86 419.84 40.64 420.99 41.44 C 423.01 42.81 424.83 45.24 426.25 48.48 C 427.63 52.16 428.35 56.05 428.37 59.99 Z" fill="#7d7d7d" stroke="none" transform="translate(404.87,0)scale(-1,1)translate(-404.87,0)" pointer-events="all"/><rect x="205" y="25" width="40" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 35px; margin-left: 206px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 25px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><font style="font-size: 10px">Request</font></div></div></div></foreignObject><text x="225" y="43" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="25px" text-anchor="middle">Req...</text></switch></g><path d="M 85.62 325 L 364.38 325" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 80.37 325 L 87.37 321.5 L 85.62 325 L 87.37 328.5 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 369.63 325 L 362.63 328.5 L 364.38 325 L 362.63 321.5 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 320px; margin-left: 149px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">Session / Identity<br />Data Sync</div></div></div></foreignObject><text x="149" y="323" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">Session / Identity...</text></switch></g><ellipse cx="45.13" cy="325" rx="34.125" ry="35" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 66px; height: 1px; padding-top: 325px; margin-left: 12px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Authorize</div></div></div></foreignObject><text x="45" y="329" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Authorize</text></switch></g><path d="M 259.13 190 L 364.38 190" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 369.63 190 L 362.63 193.5 L 364.38 190 L 362.63 186.5 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 190px; margin-left: 315px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">Identify<br />User</div></div></div></foreignObject><text x="315" y="193" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">Identify...</text></switch></g><path d="M 190.88 190 L 55.1 190 Q 45.1 190 45.1 200 L 45.12 283.63" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 45.12 288.88 L 41.62 281.88 L 45.12 283.63 L 48.62 281.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 185px; margin-left: 134px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">Check<br />Authorization</div></div></div></foreignObject><text x="134" y="188" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">Check...</text></switch></g><path d="M 225 225 L 225 415 Q 225 425 215 425 L 55 425 Q 45 425 45 435 L 45 463.63" fill="none" stroke="#666666" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 45 468.88 L 41.5 461.88 L 45 463.63 L 48.5 461.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 225 225 L 225 415 Q 225 425 235 425 L 395 425 Q 405 425 405 435 L 405 463.63" fill="none" stroke="#666666" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 405 468.88 L 401.5 461.88 L 405 463.63 L 408.5 461.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 225 225 L 225 463.63" fill="none" stroke="#666666" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 225 468.88 L 221.5 461.88 L 225 463.63 L 228.5 461.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 260px; margin-left: 239px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;"><span>Authorized<br />Request</span></div></div></div></foreignObject><text x="239" y="263" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">Authorized...</text></switch></g><ellipse cx="225" cy="190" rx="34.125" ry="35" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 66px; height: 1px; padding-top: 190px; margin-left: 192px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Proxy</div></div></div></foreignObject><text x="225" y="194" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Proxy</text></switch></g><path d="M 445.37 325 L 580 325 Q 590 325 590 315 L 590 280.78" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 440.12 325 L 447.12 321.5 L 445.37 325 L 447.12 328.5 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 590 275.53 L 593.5 282.53 L 590 280.78 L 586.5 282.53 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 325px; margin-left: 518px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">Session / Identity<br />Refresh</div></div></div></foreignObject><text x="518" y="328" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">Session / Identity...</text></switch></g><ellipse cx="404.88" cy="325" rx="34.125" ry="35" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 66px; height: 1px; padding-top: 325px; margin-left: 372px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Databroker</div></div></div></foreignObject><text x="405" y="329" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Databroker</text></switch></g><path d="M 445.37 190 L 574 190 Q 584 190 584.01 199.82 L 584.02 209.63" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 440.12 190 L 447.12 186.5 L 445.37 190 L 447.12 193.5 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 584.02 214.88 L 580.52 207.89 L 584.02 209.63 L 587.52 207.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 190px; margin-left: 525px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;"><span>Establish<br />Identity</span></div></div></div></foreignObject><text x="525" y="193" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">Establish...</text></switch></g><path d="M 404.88 225 L 404.88 283.63" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 404.88 288.88 L 401.38 281.88 L 404.88 283.63 L 408.38 281.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 258px; margin-left: 405px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;"><span>Store<br />Session</span></div></div></div></foreignObject><text x="405" y="261" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">Store...</text></switch></g><ellipse cx="404.88" cy="190" rx="34.125" ry="35" fill="#6633ff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 66px; height: 1px; padding-top: 190px; margin-left: 372px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Authenticate</div></div></div></foreignObject><text x="405" y="194" fill="#FFFFFF" font-family="Helvetica" font-size="12px" text-anchor="middle">Authenticate</text></switch></g><rect x="180" y="470" width="90" height="89" fill="none" stroke="none" pointer-events="all"/><path d="M 238.64 483.43 L 260.45 483.43 L 260.45 480.05 L 238.64 480.05 Z M 229.09 486.9 L 229.09 474.3 C 229.09 472.39 231.2 470 234.56 470 L 264.58 470 C 267.78 470 270 472.31 270 474.37 L 270 538.72 L 249.55 538.72 L 249.55 529.71 L 260.45 529.71 L 260.45 526.33 L 249.55 526.33 L 249.55 520.7 L 260.45 520.7 L 260.45 517.32 L 249.55 517.32 L 249.55 494.74 C 249.55 490.14 244.91 486.9 240.2 486.9 Z M 189.29 483.43 L 211.42 483.43 L 211.25 480.05 L 188.96 480.05 Z M 180 538.72 L 180 474.39 C 180 472.04 182.58 470 185.25 470 L 215.6 470 C 218.22 470 220.91 471.92 220.91 474.42 L 220.91 486.9 L 209.87 486.9 C 204.2 486.9 200.45 490.86 200.45 494.63 L 200.45 517.32 L 189.55 517.32 L 189.55 520.7 L 200.45 520.7 L 200.45 526.33 L 189.55 526.33 L 189.55 529.71 L 200.45 529.71 L 200.45 538.74 Z M 214.09 503.8 L 235.91 503.8 L 235.91 500.42 L 214.09 500.42 Z M 214.09 540.97 L 235.91 540.97 L 235.91 537.59 L 214.09 537.59 Z M 214.09 549.99 L 235.91 549.99 L 235.91 546.61 L 214.09 546.61 Z M 204.55 559 L 204.55 494.68 C 204.55 492.25 207.2 490.28 209.82 490.28 L 240.02 490.28 C 243.05 490.28 245.45 492.41 245.45 494.69 L 245.45 559 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 566px; margin-left: 225px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;">Secured<br />Application</div></div></div></foreignObject><text x="225" y="578" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle" font-weight="bold">Secured...</text></switch></g><rect x="0.13" y="470" width="90" height="89" fill="none" stroke="none" pointer-events="all"/><path d="M 58.77 483.43 L 80.58 483.43 L 80.58 480.05 L 58.77 480.05 Z M 49.22 486.9 L 49.22 474.3 C 49.22 472.39 51.33 470 54.69 470 L 84.71 470 C 87.91 470 90.13 472.31 90.13 474.37 L 90.13 538.72 L 69.68 538.72 L 69.68 529.71 L 80.58 529.71 L 80.58 526.33 L 69.68 526.33 L 69.68 520.7 L 80.58 520.7 L 80.58 517.32 L 69.68 517.32 L 69.68 494.74 C 69.68 490.14 65.04 486.9 60.33 486.9 Z M 9.42 483.43 L 31.55 483.43 L 31.38 480.05 L 9.09 480.05 Z M 0.13 538.72 L 0.13 474.39 C 0.13 472.04 2.71 470 5.38 470 L 35.73 470 C 38.35 470 41.04 471.92 41.04 474.42 L 41.04 486.9 L 30 486.9 C 24.33 486.9 20.58 490.86 20.58 494.63 L 20.58 517.32 L 9.68 517.32 L 9.68 520.7 L 20.58 520.7 L 20.58 526.33 L 9.68 526.33 L 9.68 529.71 L 20.58 529.71 L 20.58 538.74 Z M 34.22 503.8 L 56.04 503.8 L 56.04 500.42 L 34.22 500.42 Z M 34.22 540.97 L 56.04 540.97 L 56.04 537.59 L 34.22 537.59 Z M 34.22 549.99 L 56.04 549.99 L 56.04 546.61 L 34.22 546.61 Z M 24.68 559 L 24.68 494.68 C 24.68 492.25 27.33 490.28 29.95 490.28 L 60.15 490.28 C 63.18 490.28 65.58 492.41 65.58 494.69 L 65.58 559 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 566px; margin-left: 45px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;">Secured<br />Application</div></div></div></foreignObject><text x="45" y="578" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle" font-weight="bold">Secured...</text></switch></g><rect x="359.87" y="470" width="90" height="89" fill="none" stroke="none" pointer-events="all"/><path d="M 418.51 483.43 L 440.32 483.43 L 440.32 480.05 L 418.51 480.05 Z M 408.96 486.9 L 408.96 474.3 C 408.96 472.39 411.07 470 414.43 470 L 444.45 470 C 447.65 470 449.87 472.31 449.87 474.37 L 449.87 538.72 L 429.42 538.72 L 429.42 529.71 L 440.32 529.71 L 440.32 526.33 L 429.42 526.33 L 429.42 520.7 L 440.32 520.7 L 440.32 517.32 L 429.42 517.32 L 429.42 494.74 C 429.42 490.14 424.78 486.9 420.07 486.9 Z M 369.16 483.43 L 391.29 483.43 L 391.12 480.05 L 368.83 480.05 Z M 359.87 538.72 L 359.87 474.39 C 359.87 472.04 362.45 470 365.12 470 L 395.47 470 C 398.09 470 400.78 471.92 400.78 474.42 L 400.78 486.9 L 389.74 486.9 C 384.07 486.9 380.32 490.86 380.32 494.63 L 380.32 517.32 L 369.42 517.32 L 369.42 520.7 L 380.32 520.7 L 380.32 526.33 L 369.42 526.33 L 369.42 529.71 L 380.32 529.71 L 380.32 538.74 Z M 393.96 503.8 L 415.78 503.8 L 415.78 500.42 L 393.96 500.42 Z M 393.96 540.97 L 415.78 540.97 L 415.78 537.59 L 393.96 537.59 Z M 393.96 549.99 L 415.78 549.99 L 415.78 546.61 L 393.96 546.61 Z M 384.42 559 L 384.42 494.68 C 384.42 492.25 387.07 490.28 389.69 490.28 L 419.89 490.28 C 422.92 490.28 425.32 492.41 425.32 494.69 L 425.32 559 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 566px; margin-left: 405px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;">Secured<br />Application</div></div></div></foreignObject><text x="405" y="578" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle" font-weight="bold">Secured...</text></switch></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Viewer does not support full SVG 1.1</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/docs/img/pomerium-diagram.svg b/docs/docs/img/pomerium-diagram.svg
deleted file mode 100644
index cca32d6f9..000000000
--- a/docs/docs/img/pomerium-diagram.svg
+++ /dev/null
@@ -1,2 +0,0 @@
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="487px" height="443px" viewBox="-0.5 -0.5 487 443" content="&lt;mxfile modified=&quot;2019-07-28T19:16:50.177Z&quot; host=&quot;www.draw.io&quot; agent=&quot;Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36&quot; version=&quot;11.0.7&quot; etag=&quot;GVntE74WSPcK-ITm7eEl&quot; type=&quot;google&quot;&gt;&lt;diagram id=&quot;6u4-bbtoZdyvJxuKQWUb&quot;&gt;3LzXsuM6lib8NHXZE/QUL+mt6J14R9GLFL0Tn34A7cw651RVT1dHT8wf8e+M3CmBIAgs861vLYD5N5x/n/KcjvV9yIvubxiSn3/Dhb9h2A3HwW/Y8PlpQFGC+Wmp5ib/aUP+aPCaq/jV8Xfr1uTF8qvtp2kdhm5txr82ZkPfF9n6l7Z0nofjr93Kocv/0jCmVfFPDV6Wdv/cGjX5Wv9eBsX8cUEpmqr+9egbRv9ceKZZW83D1v963t8wvPz+/Fx+p7/H+rXQpU7z4fhTEy7+DefnYVh/Pr1PvuigbP8qNuk/ufr3ec9Fv/47N2A/N+xptxW/Z/yd1/r5LYuy6Tp+6Ib5+xWXKPjnbzi3rPPQFr+v9ENfwMbf60HAl2pO8wZM5B/6lEO//lI5SoDvaddUPfjSFeUKhxjTrOkreBX51ftPj6dR+Ae0MyL8Az7sxbw2QHXsr2HWYfxjFB9+Ef6D+P3YX8tC/uhhfJ8qELCpXt8dfC74+EsuYOzi/E9li/5dY8ATiuFdrPMHdPl1A4b8UvJvLyDJn+/HHyZF3KiftvpP1kQQv7SQ/jLj6u9j/6FK8OGXNv+1ZvF/oVmqW38JAnyu1u8yf9qef9E5NW3D757/sXxVxYIOKDWef1z8PYQN5jY32xt8T99Q9P1zGf889PyPDwNTf/5j28+kgEP/1vQfj8FJGv75c9O/MVfiX81VzYHumvXzH+kB1Ai6sVlWLAv4YM/D+fnTBP+lkP7VSv7a8R9854sERf7LptLnMnTbWrBz9tv+Yevfv2F/NcH/2sHydKm/o/92lN/DYv/sVv9HN/ntbH/xGhoO+lfnpygcl6T/3LV/NwvNDGC5GfrvpRlaOzfAsVfoCxjyf8nBfqPuLwfDGPSfHYxA/9nBMIT8nzsY8U/aLnIQRH59hYseqqFPO/GPVu4Pe4Ai+KOPMXwlDrX+Ktb180uP6bYOf7UJIJn5E8P7/xf5++vjz9eE89fgP98+v8FuTeeVhZERNGRduixN9rtZarrfw/8D2CLfn+9g+e+bf2katPy67w9lwvX/NWanc1X8kjn9b2t3Lrp0bfa/DvWvNPXrVntovtjxyypw5K9WQWL/oOxl2Oas+HXXH/oGC0w/f+o2wg7Lf+M5CP7XUPsP/Qni9n/qDz78zOAP4/u7TP4teyT/61D+/8BA/2JovzHrT1b2D9b0hyn+YVD/jH1/NsX/zET/ExP8UfZPE/X/xCr/Xfyg/osA/a9j4a/1/vdiIf6vYqEEMPpI4ZT+7aD3D+b0T0rKvz//HDZ+UeA/Ra8/dPybX6N/sb5/N1z+Oej9C+v4O0n8HQwzoOZi/qvJ5n8KVsBcvsGqHubmAmOlf0W4/1G4IjDmf5F/ZYQ0+b/+mRPi/4ISgtTjf25x9P/HFvff5Vj//zS3/wuWhP9hN78sCSeZf7IjlCD+RW6B/8/t6PZfRxog+RF+bN7fTJv7/ssu40+yDkWX/v5SNifUwd8JqpE+i84eluaXSz6HdR3e/ymD/fUEIU/XFBjfz1dMGgGpxfgm5Cz3QHS5GljwY3pBLQYV+EQ44Jcl8uwD/CuQ/n6jwYeKFTvRCV2it66cI+sALXH5FpdjHLKBm8nqpL8ePJM8Hi3WnHX9eryyM13m8i1r5mM4pAfRpt7ncz7aUhKGRtfVAdwX8gHlaNXLHZG9BXOz/4ZxdLIpPH7dL+sy8L7fQHNfFEmS4al5B9fL+yXgu53izWyiEX/wrAQWMUVY6NLLBHozpxz0pjZ7Edqu/r3zoxAVNe+BlgWiRU9+L/dwjWXQM0DXsJ1SsMSdRN7TLgtWDqyAuwJT+3iPpTPiuPPQi2TbvtwMjaRfMv55wYlm4NetBJJpp1oJhYMdWgebbWGMwP1FbuJwqhh1XemoO7UMYnq0RgCpJHp5kNPNFy387FJ/pKeMGbuYJOE1PaoWtuJZh2dFABbcU3e3O+VZbZ9eNn57TY4VZkbhdueLWn3Z9uce9LKzWbtji1iPvacNQ/qY2qmg+0TIed7hWH+uH+whRGhIehLS5XHOz4KCheqTDQYsGqLPHQeLt/toJim6C4+31EWGD4yE098tn2jvsyRMVgSSVh1W1FNTi/DOAfjERfSqhHae5PkBLWtVLFuJVgLdzcwyfCUBXcgaXLjOAhmLcz8ebMJNnMjyn4kUjWIF00kspIL3jkN662iXWKCTfejtVlDSvFaW+PRqaBW9+yGQeXgxpiOw4Gnc8eEr4FBcCv6ePN6n3tpDrdBP2Rz5FDGIsXqn3tm+yPMF/F3KLwT+9qeFZcXb6VQVW3ZdiTTkZm2cRc9ifji3Dl08827BB1xAusC2Nm3wCsYALa3g6WK/e8koVMDulKMRWY0r1oXcQ+RNb3DBNDmLLy1kLR8A5Ft/6ebsJJRL79sIri7+4bESFGTLUqvic0+ALxIODMobZ8e0zTixYzIgYdVQUqM3MerK9gikU3SQO3vvGsET2U4CI0kRwDUpPi4cy2voJJl2t9Swr83pJCNGPRiaQ5vevbM6f4cPDJRhxfVXCbpuZC/c6A9LDSh6hIKMiBmtENu8ETbrCJLjsWJlabMRQZ+UDtZuDU/BjjZwFHLhmLvbdiTOlpLpOdvgANtXKrVmTR+MzXUxD1xIIjeJ4WWUX52c33NjSoU4aJBKaJ5plbJHLaqsByPdHF4ENBOSxmzovNzqvAIlnXFhFkMGF5xN49+VyGZtVnEqT5mxR5c1vbEbVzwBQI2mqkNTpJ1jk4xnV/qd74QAz+4OAC00XzNkkr1Xz9aLjKHlEVTXkwLimeDSNmBV0mCwZiKD6bCNivB0s48cqUHjl1uaqmK1F2/t7r1GLuj2ezyoLOvyrCxfV8RaLe4F8tFlALckR2cd9XMSSLZv/Lu7UfXNkUVgIaoq+HnMCrfKXdyER6qKC7fT4D6MwiE3IeBVrhKdiksSeoX22wCKQOpW+3Q6w6EqYWS0ont6CKnLm4neWY/3oT6XpbIqH9zwqDP+pUXoXT/uA8IesbCvagGmdm8Gz9EeAE2k1nVNrUYqCh8QcZ3MjnX9JOYyqyd95L6JjsPBfgoxG6JReQUh3l+uyAp6khBGTaO5JZ3W5diH+ABTlW8TLj8OmyyRAAFUMAAenSwd5XTai36ZaVFnbMnKFRCUgSeHWnJijlU3VvddTXzb25INUVWzGLSC1E9yahIPi0IkVrBLy5UFD8n8yT9Z3XErl2Ox6epRMCkAR6WJBAGrfDCsRsHDd48gdaCr8RVwIxtxosimkVXRjqkn9NSo5OzolXpRZ43WWXqjz0G3ZBV0A+LW9Pc1mnZWHfaLffiysEB7PATkDWFiYNuWrTiJ264cGQir3252Ja8szx465pmS4IFOEY3ctN3RDxeite81cyUHTYToN2zVNLpDKwDmHmvi4zbUzx6vD1LbcnIH/sVpWZQVDt+iuSMdi+7YWonJd2CzazjbZZiDASmDoH3cKEeHc8T2SLiQ1deaPp5i12cKewNW/lTiEwZIyqM1BdVzRx209qGyrms4SK9427Cnyae9HW+BldiAzlGc6l64Em8gf+duhFQp40vwZDj/dXZeTlqoWOenNTCzJdlIKJJN6Rh1a22vT6Csh2XgJHVwnYqXsFbxSgaNqDBzuEquZiFBcRrz8bg8hc4BN1eiCu2qPWjiKpvXmATvFy4qnyutOVas73cIybl9HxkTsiyMgzfVGFvavAREF8+ez4Sr+vAy6ORzLnKs1X0ae7NWCHoTTvf7s+IHCdilIyNADqOF1K62InM6jSlEFCDkCkdjGNjh/DeKgbswXMAGPMKrD2F6wpAzss8CICqX3Lo1xd/Pg2Wp6FniMfOBvWOsz6mcqfTDAFhX6TPWlV5mnQIZim9zchH2JpEvhgS2w31aZMQftzcX8prDNtXxRvm79PLewKuzd8BW8gVD2kmygio6vFbmd5+SrNsDBFn3XbPco0JYtdaLEbskZNfdYuZbrtK5MPYhQ7IIwmMXTVBZn0eyM6cF5rKIZPPXRWC1y3q+c48nnmBR7sWKRytWnKHvW+peeBAXxp4+ke0BjHt+mIX2ziGdOWIlM0FwrjlRrTYY/BpoVkvM2Ywpsg4LwOe14cnjLnzsB1u3EiE6H40GQU9lnFwz6Um1AGmpzVFCBhrWvCVR8nhscD/cg1cTNvfzD/W6QXWf8frCACkJeBfznz3HZeaF+4HisF8MAl2wAlAOERjqc7KF2RlZnROtuRlHy87WNKslBydeAauCid4XS7zoqPckdKf8HdHAygQjwSWUpvnrqeA2axfszjZKNSL3VkjiwGU0bOUBMAMDFuJRR14c/nSMSnbUmtAyRnsiDRXF+AVsYLyLBb2OLUpVxcq+KuEAfdRie758AE4RlDEIiaxk6HMn7Ru2RuE5aJ5wA2vmNjrHtueXvjAPfUEAtR4lvJP3wsZTOqaj9lQNRK1FlsLiZ1GSKoKPOH3azwKEttJUlJ4YSBy9vC0JWF10Go7R3wB8J2Y0UkQ4BDYDyZ75wBOj/XXdrA2kFqIYPOs+jR+7PJz8hggtq8LLZO8FDNFQTsHcCyCA+0QfHHTqhuYqTRVBJ08kLi8Gba4pzd5FdgDyWNVTI5oZ0BO9GW9ToAAHU+tW/bw0BRmoYNSMqBKA+VbveZ0Jr9ZcIJn7G0zBBh4QdBRWUvw+WvlDA+o5bDwxSynxbIqyHaV1eVX5pHw0jgzAt+A1KQBn0xqv5zGMN2zpQeh/iazeMbiF+zvXXG/QQeesfMJuHx3ZExVhAhlMfuKQdVSQaV2lp29PMrCnXb6meZL3TV4mMA7gEoaEor6Hf0JGtbqKAsGqUgYSk1DfwO04YjkJBC6x2ZbK6EB2xLk5mmwrh8qMYwN/VZUm/UEMP5c6uV1Zlg/cLfy82DJb3Zy1XeBE5XTWBdVvCPry33FtAVvSwrKeZ2DVQvRIP4wjHC4/KBz25XqoV+Znd6psZRjPAxgmHc7ZqxgUvr1XnG3EHxmDrvGkAHOEjBnkHl6Slw3DXKc/oAPfsBDtwKPtawVUYbAuGZVxRwRUc8T8gh7nVaSRxmXpqhEdmUo3Ezfd9pW+/EFgeT7MezumZmit6VWwVs2q1XNeqYbYOlw6AQhUTDIREFMfan4gSsAuvBry1/imqY/Pv3uwRkJDctyPbtptuVXaADU70VnA58Aed7NU42xVtvdCV0oAJCmjZpKA9N7n2jmFAcAFWaf9Uuet27151uNi4SzAtwhpf245DmiZtOiQgrHv3HSQJtzkrcNM/uaoLlDCELW3j8cASs1pF+j0eZ45fkGOZDOOzA5AOOJztNqOcnP+blzAFnjxccFYi4JOZxlIlQwex8mf9uMyOrAOvArAQP74MLPY0vq3S0Gq+3Ih6dAoDx9VpJ9uwENYXptRziWR8nE3nel2r9WcbUw20+V3MFrmWAAJBPf4nAdIM2xvkFRPBIjjYTCDqcLnhLMgB6DASIPb5hr78ZkWAtwosgOvBoYT5WrlxSDcIoQA8CE47VmRkJHyUCOWd0L+sCBFexqbJbalZ05xVwFpKv3DYTR1Pdq8lVrRebshj3S4p4xeACKdDGYl6TyKEf5mt+06BVwLOV6UuznSc1rCWHBGFS9SMaNSrZJ294TFOFHqrm5yXKC3PgE25nAS2l7+nfEj9gIZrNqsS7NVQrtRAaqeEQeeo+UCuB5S25NQCAHE3qdWyXip0J2bikCC3V0cZxjV3Vc2yTTIrm4mfj5ntMrRwYNeFsRZzAP5cT2yiRfbSLfkUUp4440r5QBMB5Yh1qzMZBC//EzBMjPmRIOYNKs1gTz79QEkx46ZTs9v3HsDDHzCUTKyafNPvLoZwHKVDbBsyf1YfLwcvRTZV90cowYi8aRjnRCB4MzqnsOECrX5pME5iKicrEo8rKitKR+FaRE63MF824i144SWwWS8z5KCrEBRRT/NExEBdNxOvZZlgXlTINsly+HjyMBfNOmN4yZgbqeqHyKYLEyOKXv41AxHeDzwOJBNvUitaGeHMxwgVuF8lwksBMzvmzCyFCfKvR+bmtDutFS0YAyNdYUQL8m3EqOH5FVA9KahXBw0/CDn9BXQTva+1SLKlKNr3RvDaURP3Rjcveg4al2wFufx3CgbsEapMAXDq0Q4Bk8nzr17BucMerCsfEFW+aLvTWs0vOqqbY0/iil83pnm3sHqEiufO+wjtBPdiMrSNiD9Gc2Gp1bK+3p3DL2b13xA+CmXYb3n5bEjcNz2SBNN0AxExIYSgDJ70oBkcGK29oECDHb0n8yoy946+e8qAyhSldS5mC3j5XorkqJTu/6Q6wXI5cgVehnH+nKOG/ewXvIbqwVq5RrvTNs6yStWlzhg+Sv6gFTKmLeb2HEfQEFCkPqUmUa15+oAK5D4/pzonZGKiZ9CGH9GM3GR7VrTakQhbWKzd86Mn6XFC4UKAesHFMnVG6RlEgkRXgGwEs5ZjHtnFzgVtoIL58lvSCeAcUwjMOD1J1KQ+xrJIR/pLyCvx7Y06aNpldVZ4DqQ0j02Oty9JGrebCPq+oOJuVfWdAOMEsM2oZlufoSpjU74fIPNjaILPQ4bAujbiTARVGopwT0YOABvzSY+vBgB6PDA4Bq8iQotWG0gC31ImSCoXAVPhrSzvWjUfQdoTHNNEXnby3SnqWFlG3sgrhNLP2tLQK2TYU6SAP4nZQmaFmSvHQJw4WH1LNCU+Mq6RN+GEKhTdkDUaaEl0AMgVAhM7QcLzKEyPcIx1fwyT34H8esjZi/gg5DQ1xjKAdtqhbHfnmT6IAd581RH7XITtx6nhkovOIepDC8vgGnVXq+OBnhctko80lvea0ox2CPYAMPB89kJrdoAySt6j60t7jhkk2B44BBoEh6BC3GNrdKbgjBoBMkLhXHJC/LwvsOKIKtqiJX1GMlEVYmCwNRoE9L5LovMxHccKBIBIBYsfyB01M0hC0KFPCEI7emkgc1WgsNxbvetmCGTjl/9U9jAqiMzk+lqfa1MvcMeBL/PGI1PEBFniBQAh4IwpKUjwccQVnDZT3KWMYqtNkKpHlhU+GRn7kNq2Nj+XE+xMiYxm9LNRyWK2kZSLVeDRBrgYEVbF1VuBxieB3aBioCxIW86OGFMFDjMRHIvl2Wtuj0rn1sMz2N0ud8RgFKwZuwoG7m/WUN+MRl3147w8YT5ZKDv38uqsLqf6i4T4uHfEZBf4uNhsjPEIlbeqRpWUAm7UXnnw97909RKz8mlfpS+K1duVh7jota5WgRs/hG1AxVLmkskhQhL2GpFInsQyjdoVtUNBBM1fTmrKrQ9ERQtXAFfuWsS75B3oIoLVvwWieeYIMHWhPAZlTBCXJXEaGraO3dXD/jF9mhE3znYwfKXlVS3kZ4+L4R/lE+YKOZyP3TfGfAw2wlwrwjd51qLKgQ+NPD8Qo6rFt4/YCzm+ZNNLcBn3mASHj3FXAZRnx8gLV8NvLFHmR/ON1gAFnvHyJfZ3QWwAfy+DJtymcv58dFevOonCGJ79/OYeCDBitc/+xZdM7QNTeBFJ2nX2MsYI61RyoXz04UhgubFJV0xma9Frc33OaSQ2tBNBp/g8LtD3omEfbPIukkguwQof5/eWZenPL9nZZVDha7LCw+K5IIsaFBPahOI4X3W1KsVhh3dM/HXfC0Xh/48GYesKg7gZrDM1se/pCWIYChzRr1CHNkJluf90QhgfcDVobAcS6O2mRgBBa8Y7Z7z/bSP6uzox0/EmHCOCQ5qY06eQwSYZ2plXBMKlDTfepwdw5WhFqRfjeRYVQyLvOBLlwb9XIeEC5/iaTgawzpEeD8GxmkEpGZQtHikF1fBSMo1cYiVXd4tfcM6cDXSJ94fEKbCr+LY4H0rmXk/OEJxhLO4svP+deZsNObjY3RAU2NO6K2OWD9WpLx6by1i9wGiv2mt3M1evzdIfrdMWWHKHCU6Lz+9TO1CxkmMfzzgkJY11hjsTg5HD+I1lfs8ndGBWnpfeVV2Rt1N3o0rn8+N0UfeVB1+ZcV+Hmiu5YycUcG98jVopt5rIBlx+OqJHC9IPOcRBDSt3uqjoXIo569dJnmKz7eP+l0HEsTeg1TTuvuR3kf/yDPkCM/aSyzu0GprrXiMyrqny/1YHS9cZs8+dcPQfHZweM3sSdrODKxXfuEGe+QvjnmI5PNaa+5utLHnw9o5xAY4wl0+7V2QTGX7gDloVnd5kifF7A/0Ylux+OpHFI/NRdrdqd63L/EAXBjNe7ryn4QGOFHjI4HvEaSKCbYiQctlpXCh7Fn20ya4NXdHg1sv8aZACq5y0PJTENhhDb8a7mBl4FPeN1hsCgUjfuWmZGS33OKPevIReqUeXfUj53xtn9zMHX2H4hus57M87nhPGoE1OrHwxRFvfKVObz09uL8F0IyMLWW0UKF4/oxcPQHNeNl6JXIP5Z0bVhOJ0vHduQuqMsovSm08gmEjZaA9Yzipz82DF3VDf+JyVXtDzUbSgMEg3rlehl3gA/+zKhEGDo6RrUX7HBCGRjzjKeeLEFyF0RC1zGASHamibFyauePHzOn3Fa/IAzIa44GbWo7FZ+18rwHR7egSSi1YbZN+XqMY9OuyP7/arVQPyXB8cV8um4FMuYGFyLLdnxo2/OhffCcMfV+H2lIbkXvGVaJuH8DDvpFBMkQIjIOCeIIEIsPSVyB2FJ/3i/3a9mBv6wyrZD6FNxXPvpUT5+XxgSbFV9Ya56Eb3D9qb49RqLQ6Sy4rnKuvnDEX7vlwGz9oXw1LceTmhr0bX78RjuuObQZBUionRK8bWpcd56UkU/5EA75G3wSjxiuBsha3KLRFEpX2NUtBogG2O1Rzy6ond1j0cP2SY0t+UYjz8gluMfHIvTJAQDRBltc8GFuBE7tXDkXa+PBmCpnV6kdJ125VfR+qqWCWSXEEjWgl+5POse+oIkf1AN4kiloqofIhNfC9OP8gpPyDpQOSKziavFwTVgPgXmMXBK+i7L9ciXVamdougsgAH71Wcmt5/CQXOBeRr64+Z2Dq4LGOVj0xWhns9m2WSvP53noHjvIk6I2g3yBLeLxpRsUWWdG+9spVPiw4MgbqCjhArfx5xxEkHEvyqz0W7dWTY57xK+AeFpE+vx4v3NCud+wPTU7uh19wJ1g89hvBb2eWOjmYCDoca/qVKIT+KIGl3IiZzgKgH9WF6rbcc5e9wetszKT9zuDo7SlawD5QgMeIY8Ba3vdpFvukmK100l0CuPsyRxeJ0yP42i7kJFseo0woitXLWAukSs/vvjlM1DjsJsBLUhVzK4e0lBY+vlisstsy47fDKNuV3WT8PU9mItUL/+U6rl/nazXW/Sp/RKfcFs8Ld8Wrvr7fNoCeGVQiqYfPf4QUuPcn/HrCvWl4BiOJm/gSxadw9vmHbH60J2ipYTkuTxVFZjnf6YnnZbAXYu7MygoPb8WVLwfhQZy55nsrHw7c8RVLUkbSX6t12ArLk7aKeFE5JgTumHlS9J0zz7YlLiSqWNXcTX1iQfW1K14i/e7AeEkeYIlKlegfVOa6ijL5WQ0cFhMvD+4TWp3z1biKPZk8rGq9UZWjFLvn2Q5fy67lw+hO8OxuqGj+GoeuGr+jiW4yxKbKuFyqGqccDOtDh3pjOTEq5LS1hnoUeWKlHP8xfRfC3nTEj5WH6jQNt9y1VQsXSAYO5Ht11pD8WQ2dRTgeD30hQHnzZ50sdxbIQOlhmjoejCmpVyyJzv6g49sO7Ef58URHqYtUWH7sR29wwFwgwtjhdClDhWvcS/uxkYBiNU3GIvI2qwXPQ56B8snvZ6HL5zqZzxUH5EMg8tS7BupH16KwXSNYRPic9dvG3eRRe0VW9x1T42m3IZ+JBIgwJeb3WFpmzvlZ9168Zo58dUzIYpopUOwPdntBGL1ow3g07M01DW4Jf7xP187uJVpX2DMJT3gRDvOr+4+mOAgiUbhpbyMCUeJNwjrgF68989ragTaCl9nqLoslyjd6sI7aMwcW2f699lThlJD+774y9BuaMUsDgo/Pj6O6NWTwHcuxpZx86SpDqx4Pvc1dlffyJTwsD4KZFTvPT1wHwiM2Denv8+ZwQ+XR28zcFk7UDLJGm/HHJhyrxj53cR6KD48gmWj8tolAmfsNuRojvwlE+PbMP2Q9PouL1nXFrnIehmQ1+mPex3pTmhixXHj2wFvV9x+yg4ESz04J6F5qU15bTqv64R7a8wBs1EFFcx4e9/yXvfJBj0X+HceW/LwJamp9AxRrGm9nzMPd0l6q/elGEX39rIV3ehFlFD5GDCBlYj25H7F06L4sC76zq6gRwxRbv+XloUzXSTCDJCS2mmUO+Qk5ihpv1tVwyY0nnBvgZrcfg1EFBDPJTvr83PFKoh/Kxgof+jMm4Y1/+PQGqyvgZzThXheI2/jwveLdheonSjZulpxDzlJmkP3QMt5hFFSzKI9Re5B4S/SKVF9WzO7jx2vtBPRFyG+sYwWIHDwIOlTT218p99gNpmFfJsWzyK3u3qurZx9u0Yr+HvHtb/i1zHuHoZ6eAUbBntrzt4dYvL029HOUtBR4CDPj5i+JClWP2/57xj25aux2ddDw5zwUtPWtn+4tPY1CAPckgTDYn/nBB0HSYl7Xx6xilvYepfiD1iC2HLmOvcj1uiizKtmbMKnKV+biN6NhVsPrlupnx5GUfiGa/doTLSeDxlzBPZmXoX+f3w4e9NhulCu/K73uC1hqCKcffGYN46UAHh80EngWr7SvWfqZB1tZVxrm4pnGLZaym5Is7o+VfjQ6UAwr7lqeGFNf+O0NrYAo22Zj4lhEAM2iBmpB4yAvVrlmal8G+dJGXpZMzUaa31LC4kgfuUTb6QEBXO+F4I/oew+w7UhaQdeNate7w0smKvyym07sGxlb3orT0B4z7H8f61n0o4Z5pRZqCvFSKZ7T5wWRgy1fRxWhvHPdtDkuTX6c8YCcAGmY0E6fJp3N4SyvYg4RWKbdVAkZdJD9XwkyHfuwFHcvN9olFJNAVjFvb54jP5HEdOXhkumfmxMFIuWvEun5h5A8btLWfmhvfWHtHBfhPlsMqiSCXH/3gt54V3on3HnsMs/qkMxqKddqVLYNkLzwrHZMe9HrtLpVn2GRx0AlqngzZaR/0jy9ZiNAoUPxivfpQvf1Nn+OclWZkX3fvdQsgzzdHnrqdnKmbz2n6cPnE7CEZ6oQpSuXXFetAH5t+i9e71HIhZ0UItN8hNcoKwwAr7KjUmuECnQN7NZ2D8zjBzfXHujFXSpvpeugWjgSFx2tIYnvQJsxNahx8TV2QdEKDOWEsHLQeAmL81icx+JjmigH60ownCuQqck52LbTyA7pnBwhd5hDtXzypN2B2cdhYp6oIq9jHM2Rp7WGZQDipBZ9k3V5IjaWKHih2c7uSAs5a8YPJrLnc3OgUIRKODa5jKjIragWSfiLSlTK8+Z5fjgtu4luuwOxDhKam6NsbYqNdCl9KgCywL11qezegykNBEk8fKk15rbnaKITb4FCMLVzuNB8tz3cS0NkihQVuGvA3rQdTdLTfuDIk4JBj829mg6bGSQP0tM8ff08lHCBu+IQ96RbvRbMA49ucL43M9rS3P4e3EUlYWATA9feYkbtsAxRymFB+AfIIqvpbT3P+rrgjkBn56cqsw7Hml1bwlMcAwUyk3OvGEfIVt0mkLhDKJL9KL7rKn5S2eOF5xo8XcVI+Tcd59iw637uvaF7nswXgDZ5Ck3fCmEavudA6wWwG3HONgtZb0X7fGZ66UGLYdUnnMeF3spufmZtlCiXRGwWGUqWY4ME/mAafcYs4ZOab/FVf4McyL1XtqSJi3JF8PCxs4yukDphcdj3kmXPESG70Btuz4D77omVaA2kmijIa1CnT5LmHy5TGS1CfB2JnHKHc0dmiI1wWweBLjFF0KSgh7UNu9CxEfBhPLcc8ZgO8UjfQ6uQWBU7RHQsUPpiBKs4MPq2Q2gYGj/yRzLVIDyIMrkipGTtOBFbbYX/VN3QZaa9DNbqduqZqRfbdx9573jVUbx1aMNhgp5gcXfqyfmpcoeVPEpRpg9zN0u0lBT+rshGu4WhAEA0YxrNeelw7yLXXZIR3scdVganybBeQIo8zLlNL0T4kaWUVY27bOZ8DjNSJbc0aRVgBRwSwZllALK0Ip0V3nv0Pmw75Pz3XNGqUIskKo/JMBHmFXoVkSImkK5jUIuAhYxerL4aNtHoECv5WPbc49pc4Bw/WY2dJoG7ExOjDT/8xY66WYRPWkTqU3SlJXeC6mBx6T0i/s1ngFUFS7am0QL5ALW8qJBJEWfWzXxtJi0AsYsl202eHoWLAE+vGcqAsYrzbCbFlhcRVHMIz7LiQWLITm1Ys6fl5lSp5P4NQZ1qoEv62YFoQkPaQr0GjNEYh4IfphGeAJa0VzjL8WjC3lCv0rd/EiMbZ2WPjpb1ufO4TGA0JdK7j+ExL1Kn6EB8Qgzq1Bld08uuCw7JuPdM3YnBLr7UgfUClwvFIeTNLjcFfkXJwrIh20Gib1ZTMRRuoclUWKIWtA8QkUVzqJhZPoO3n96LXDXy2TlhXz18lx49Fx+RsPEkmahaB7kyDWjkEg7znZo9dIV5/beSz97nr8vTEYeYjjlGSEhLZca3vJqbEovbNwXtM0j/ApGOAPeFWyGq5jP6GTatoEaSxK4raWLvJ47I0Op5aKP6YSc9cnJWqJwxdZ4OJeKeu8reKiU1TlvMEEEuoJe+VM1W90FPCW6AnNCqVPPB+4axvvBtqeyVh+jN+XODx09Y/BtsXxIveMqH8/dFsgYLjpQ+itKr7yK51c2+ng3XqrRQRPQSai3yTp5evu8O863iAKDZmGEmEsA79w9KSkF2soXqtTWA7sTUOZsKc5gvgVgNc/WQTbftDKV7cK/FIxYC7+pWvaiJvIBzY62uLn17Hj7iw83W4nQm0Q2w0TMyYIejGTHc17rSSGK+SfpLdWuQpOCJLiXe28AM63ELqeczZjCABDfA7/th6fnS7D/BCux+jT/qGtcN0/KRAcabR+A3tO4+p6i7pqDzpzCgpwyngm1HR//x9Kx1N4RgOIt3B8BvjZre7BsajGeDv8j65lZG2o5rUVyNMSn8Qnih7mRlag03oSQN1tVqBqenHNXHlbFJwFcCS+kmKtLmayx99Cn3NW5V6SI3xSp/tFXWJfA3WZXPiBrNiOqNhuq1C+/dQhJRolcevmc/XsfqgRHqSOIoEsI87b67Ka8meRudygvYWpkpEj/4yilOjlcgtNeh2CjjfroR97RQe2RzTmQEur6s3usYs03g0eaAPHrc4N1VlJQpMPs0tS3AzjZke+ajin1PsQSOpMlHmG6QFbVewqjBLdHun8S4f3LlkXMghRCR9COtmNink2YhXlLCknzOkBHVr/UMi+rtu4QvXkvaI821gXqsNowOzM8JwfN6vBKuWZKlzSvsuG7yO05jcyUD6gm8y2f3eUC78pmnCPCVRr5ngXpyUW/ET6qra9angIvgg+HqvHqDJw7L3X+CnrUSpns3pVZ3e9y7GzyVoSL4zeJm0lN1U5cGApcTPHVX3H5Hr3OScVGcTffl/FTwEDa1wyM1UT29vx6TR2hou6HMk7xxFtxCWx5nkSpUhD9EGlII+KZAWQWQNbxuevmKm/jNIM6q8QQZ0G6CCU9lVRax8V/vfGtLEMxhMiA+AuK4h8PJAgl6MIe4b30Trxq+Tuba0lq7lL77Zgy6oly7bieDnMqryMdgoAjao5dMs1CkMlxYBGWakmVBdlvyLksFdjzCY5byGZp5AJD/OPeVLpAbIXkMjnVniw7P01Pw8qTpKxxRixtc5USDgp4lWMY0h++5+Rh3ckzX6VBSOJnisqf+dNDkNGTNMClyl5paVMuPMvYdmPuSUUxeIgSyMbh8iQSDxmOcl92LSLqVsDIRX65ejulV22qkpoE8UsNyd7w9xwiW+kY8LBoq50baEeLTTDr6ye+rvdaIg3gudDIX1mL2SsCRc6u7wUTC2wO1JrpI1BcUgfKlGoNRbtZucypVrEmoONU1JkiIo0X6Enkitbyyfsxu8VyYjz12MMX35i34PBIHJK7deKrccBAgDRciNV9yAqesV5Dc5V766PJ0PpQB4fc9ykxlHFaBOHjs4wvzcj7gzgYI8ft3L6lJDEd8oK+SEsSLnu8PyDQJarUgI+pTud8VxPXnUEwFFOmEmEo/FSoqSK+gRdGhr8zBXg8vh8xd5yMRWqUU2xRL4N677JqmYvddc1a+k7s5fnrCPCTfFxtOZFij3Xo7i0MdKdwPUh2UundD2UURcGwus2oNaWnl5m97+YpQRfE+BzCx46M+h7PtcqTCbdSh4qV3690fjBekn6VdetQrcJRj/UTULhknE/WIQKSUhw9YqI7WJt/Y5hYaZDKJyGRkCKX2Q6E2Dnb/HqWFW9qOtR/IFGLKIhH0vsdhqPdfJJByWf0ohj22cdzBUJsVt0ZDdviyRzKh9UeARhmds+Odw6XOp47JY0zlvD8mcFGQdS4h//YVWrtsv/w49DcvvwKtBHFWIB4RPIlQgyylSJZlCBHMtZCUVpLMZSNOYijVQJ6n5hlzun3SAL7/IB0xd+ediLP3Qj3wNaI/LzU+O4r213Op8dfn/qgXB+MVmNn7756vKSV2DXfEczgfwMRLWLh/zJLFfwgqHnvUvKqyUcz4XRs0BI2qZEMPFuCNztMuwMxg5XmK4MweqCnERbszICG3PvcUf7KWxRKUX/b8G9VVU0rMMN/LdG2THzQ9Ip4whkXmSDSc3e/B3TsD3Wa/XhQ0yhV5vd5yFj7OHZIzy7tRXGVIFsV9qKC+UJmr4pex7svA6HGkAVhaT5x9ZklMC6Xac/e9rWiCL9BU4H6AUvfR08HdQpLnaGlRZGRq2YObKS6GadscuhRcZY6UyqRz7zeGdH0MGfJqR5tZEpot+wY7wixNywcSpbM8u+1a/vJLOhRGjWZ6tG3quGe8YnDJUpce9PpwjebVMvmjFzminuChgEXSOsTzmDG7EeWs5YBguuVlJBZnvC+WJu1deqVpnU1XnJVCIha796QMnsO3k8i4wH5u9Y8Il1E5WIeRAxBYNof7PGhTfr0qpui51sMJwBMNlBQuvuWOjnqEfAyFLOD+ENkmjijaqsn8KpFrnW813LlSLESt988aNxFzmzkERWKvO63xUK5kHu/YXAozlhvRxoj1TZPMBqeGkfH75N2dTpltB5bMlUne3PeEKgBjwJDv2UutN3ajNNcJl09lnklrJONa/PiYNMOs8vnIJ/KevLHdo/FraEKpqpJ2pKaEj6Px5h571t2fC80aDyGGuwHvgcshWaz8cV+2ZsO9Ac5/UXv7E1PsCUtldxmzobuC668HDPT0Mg7NSmLfF96SeKzO2Bjlcm9kQl+6FNKI92nSGTwO0BI0o7jLThaTN1BxAsPmScxThWPkOJ0IxC7/GHL16QscBTgW9lzMW5MZcREU9anBk+xPI4c7G8zt0MZrhG5jFzdkOWzKpY/g5dcoRlgCnZsLBYjf4W3fHTnK6RpE2/1Uh37yRFLNUhl/FdPj48av9APfd7NIpAd4760PU9+664IUCe9Xk5qHi2P2/ujTs/dbeLw3u/lupLxIukzT6Akp2XgL5eq1JppVnsjkAua8GgXONuJlST2SK86Tpho7Ez0qbFzGUOij6EM83DoEiynb1nqiwUvnmbe3Rcq3x3nNImBYBsQ1XDKtASkm085F86CHy0kpFZHW0au2oksarDOeY39zg+h1hMOGPRpeSBwT8T1MOcunLtFw9wwpdUR6z8/b+UwWeCqY0SEBs0pvEspbYRA/zgy90J+KbEQC5e2xN9rfABtD/J6ndKTei3h+jdr7lXJNSxjygeEyodoM5ra76UUGeS92lKIgYp+DW+nT99VcLpYrS7d8VKoHFULyZB/BTQRR5MYkJ4JDatYWvskUBpgbYMM55B1dsN2eoxTNDox/ZmJ26eTArSbVRzEjWd+dZppcufdUbqhVId9I4BRmgFHkcA64d+kn8jTmi2Dkl6QoCkYQIFSKcPsvOljlZGmNa9HlwzUQnXp8e12TpNu3pzJtfihlJsxUdZ/Q8wl/5u9cd8ibSdNRVw0fE4+9irlBvTvpRyUfRGLYMBWLxoGwVyf1Encj4hhNc8Mx0fZRGq+K3tJP1CEqP7gIeoQPi43eCcMsk6KkUScjnb2BaAcYbhHZZVPQ1kKuaRF2yiWmgzbr/nPSFuT7LhuDjHh8U9XnszXLUKbIssxacUqVqHvBEqLN+USeQ3fdPgQ2ONJ9HX50G9NVtWjfjMz5cIsyGGQLX4C1hoVu3+3nQRrIdVntJzL5meg/ssB4257GT+3jas1ddnW7W5v77sGX+/Y9N5gOCSC19zjSfNv9ADKFbzDu796EphwyO3vCmAwTR2JVXd8Dp+x8Q5+BCOjSgl0G54r+usjgkSX9BYSwdxte0qFwUQ5pIYCQqUCa3NxX88hIHUu9UGK2y6V8ja460DTuylsa0hbWC2T2FoeCt9B1jTcQEfpo5+I1IiPJcZekv8fBaXofM4zwvskZRnoOJmBf67x1z7S3J7GmMI+6rRPl+ymlX4gmz5+tWbDUjecUHq6C1URJPObxOMIxJ8skG5NdNU8jGM2H7vJqmjDSI2a3Pr2C5YPDQ2TS7XIJNngTMVTBh+xCNCsxloKYe03PQKrvUkMsiXGhTyUpAvJhUp8yz31lTms5O9+03ZFXJx+vK54cNVHDNY1xwXq4XM9UKjoisVhNRhLV5TFxOxBp8UHqOgg92XGW5HYv1ZCyLjW4l3rgHrfXcO0j6zoNS6Dj+3M36sp447t8bBJatw8Go6FUwOQAStV2zCYgz1PW3drmMs8s6MDIe6rK6DJV2fb94rC6uIOn4Bb1MmlyN88b+5alkaPOoBFeM2cD1iyUT5DuQ0pFtH6hDbVqPLgXiseB82DMHrmo6HlhMY4ERiLDA1iQnnB9nyF5+1FsT7xyR3ZeMt1QNOl5pWM06GiHrzHg5SgR4P+7B6Xbyok5JkC1y8VS+u0AGG5s4/CBbw3sppJmwUdfUDxvbRFdo0/fwBjGwphqXD08OSGhJOl+q+32gWmq4V6Yh8BTJI7P7+qjYPPvCY3BpGEUnJK865oAJ1cGlS1veZkobTUVScWG/awxT40fSKLCxKZop95AiWS76+/YvNO5RAFlsZaX4aWq1fpRupJA4dyUr48EErZYa3LZ4YePh0Y0GWwbYvtabA1zUbQoSam2m07mHmS5kXcXF1rvfcHF11NRq45ja/Za2xWQc5gMPe5qPSGobPIGsxCT/AlJ2pxBFJG+J4iA4748CoXJE3fCF9c5Mx8G3owuzPEgkUgU95Z+PqT3fRW4lVOQ1A3mQ77r+FCt97uZE1PI1i2SpBfyEZgRS09AWBkkE5SGex3Dyz0eOpLKM9d2m+9QXaXBY2VcwJsvlSBv+2Mm2fqGFfT11CJkmtXZokAaxpfpd5dXkuFeyQM7V8wF5Om+Jw5/V6X907++XEBaH1j5dpBi8JeFwCJ682ljeyYWpSXcHW7uXRfl9PuBCw/8no6vWbgzGftRZu4UxQjNDurYU6v2MH8hqFO+JIWEzunS8/zYqEd9c7dGOD950aA3Hn+6OvTq8ik1idnML1rQBEFdx+NUVNbLUHw0BrT2xfPzBPlwQDyq3P5uFwJ9R+9rYB4Vbz7hmxHQaOHrLca43huDZYqPk6Qf/QMrcdYoFm8sA0h0SasmvSCct/3OmUSt7J7ImLITCSL/SC1xiAtVoesselV7OBwspujuDxOE0H45XBu0IESNOYuJknei1dhyImZntCXT/lgdrxgehb3d81tByolFqK5OfSrynEyS8PZ5mHOh5CL5ytM7Vrq++laJ7cMEU4eAVJo6xI/GxjQEx6MIGoMEub8B9bKr71Nx/bU55qR2mWaBG69XChmBFFYp8oTR3JDhKhjbXZHdt9O4a/0Rga/Rc47HC5BsiVqLlg8DVlZwOpVI2cYJ6v0ikpawbM9lyaHe7fszNzI5UsKzNeMsuIutGxvDngmtIKHCRpzOUFdYOHEcNHAvbK7efgCMiWVhleHhP5kLG6Vk+idxC1WQgIn2BsKMD1ngUGJd8LBfZ/B6aD8wYxw4rAWy70CtOHmA07X6QeD1aqrCa/Qy4e2T741attg9QB4GS7SFeE8tH1DTpzBQ8H+P4ahbbffo/sjcdwLYzjicq0rVx8z5Z0/dooIouRW1hFWifNv+vsqVo10tYyAQLwfNmvFcxjhmMtMHiWWadbzlcyXJ0rFqcnffxmqHk06ym2QtwAtYyINveoIO1e1d+k0Md7N0egmTa5+ZmajD6rq9TpS7FwJHm09lhYXXJvI01o8O6pb6rlke3u17Xu/9INnGEh7vh4mR9ei8j7b0FpuGB+JVRem3Ncf9gJP4Z3fSKt2JC0TcJ7BN8ynmb8O8PU6Bw55vEEuOylX4AhiLxSqGT2IJrKE8NTCx1HzBysyBo9UpGjYCi+79KIjUulK9NxCl1AziAwP5EKlv52MBUSp6UGwj87e1Hajsjqex3Z7T08QeShj5ehXSniwtjaRklrfGdtLPyyus/OBjpuncjSGC3bgn46VUNBi1ivycpfDPd4J936ssatq/XK+tImyiNFM6wk+S2+94uZzGVmmWcsYHZkuOii7v7H3sr5iRdkHOG/oZphvmGHX4LG8Noa2nSoUnzWjLBx6J5otcr16qN5iFHD0+qTPiedFN6f0Go0z0NKwBZqaUJQE6uWyM5VZ9bWUrEjElIr7BXIVd9Crevgcg1wQpEsg5Si08DhcHaMOYZeAS0SjRd0fjKAYLoYQH93EP+f4dWu3gMQ4MkFzBkGMBXy11nmyu3gp71FFX5pautNYEpLA78LjERjNrLGF0VuVeTozbvNk3YfHUKoF7L2jzpiyWo+Z7voOUs8EbMmD7fiBh0TQfB/8sivwFmMgd2wB5b2mpUeUC63ahgwn4Z50vRYj8DUauWUZr+dQ5WMIKNyG/Px/ycdYO9MK79y7mA2/4BIbX7FMoLULeGNkhqbuZPARKtqdmlfmtR8NhuFa2dPCqdGAJiPTRbtXerRHpXaVmsl3POe48gRs9tDIy/V45b3hblW9cvVHs978NeT9T7k7kriLfS1jJSk1AyWujwDKu3ccpYVNjd0z1E7IjmaytC1EGCVMhC86ba463Gm4167sFX1paDMyQHFEpShPS6Ck3sa6p5x1lFx+mwMp5ztFqmoP/kB3mYas1JwojHxmpuATXucKgrc/3mcOWF+bDchEyU5kBD7m8Iv71Ho+6xvTP8vnEmXLAKo8Urue0jKKSGp3DFsPLuj9AModDkm0dZnGNkljkOV1zJLM1a20eWWA8lpA9oo9vvInPIdth8jrgAe2ZetUjsRSIQcyG0D9K5JuEezX+6Q13StLjMWmFjZPP97V7L6GC/4uL4i08tWD4G6CJlMO3qluUyzS4/PN1fHzOtjb8uGjoZOXr7GKS+Ipdf+YsjhMG2qVY1r/UIYSrDN8m+el9ii2IFEA6aMEmnnDCdp5lr5JtjH3w+3A1B4yZZdkIZp8o20hjbxjnNHLmqqHZxH183ooybqwbl+F9IY9zAwJ+GlGAWyYjl57Bwr56mu4v0oHc/57Lnpi2u3En+zuhe0ujiC40U/bTdKt0EypuAmSl2408kI4JbbQH12+CdQ9m29RXdaGzG9RGu1+wUPMBYNd7NaN/9OxdlojTHch2zlKeq/qFlezMapCX3vzeqlfruB2vrhxny4NJ0pW1HL4LyLx7eL+vYeUGigtJa3Ww66Pu9mLg1WJRiGeo9Yj/pB2r+99EXde6qzizfCWCSZfknMGEO4KJJphoePojee35z8V8s5dtktRdXdVqNdb+sUop/UYzHa/rU35EqQPL4UqD3ofVc1qDQueH/ik8t1abQ8g/QTk5RCVxUW02YySHvvdjy3gKBf4n8NZIr0k9tXybscSMjdbsG8e+sIrtyjmOyoU3cNXdkr298Od1oIdSDsOMLZCxux8AnScCG+pYAzoz/NAivZJfUe39HjCId/Bl7EFX6edFau7AZ13DmKl3jEm3UpgdtkHwyC+uF4iOe9tpYVIReVONVVgN0Ixb5pWPbAf4yqbeOAD7LsGDkxjxsFbApc3h4Jr9TbW/ZEc5izKGhTj3zLYpVTpp3R7DE6aJzn2STp+ZAqdZ73pPhVeCWpHL3wMgPHaC2ojbarBdoimUkaAFZt/HXjpmbMokGUBfXBS0UpKIrmSDd7ofqLQCnkPB5XSgQDMnQMFRXjgsBD7kpKJZAl6rFRAl98Ktmr3xDZ2COTyIL4AhmX5+GP0mfIKGySoQ+XgfJh7b7yZrBNBmxK8dUueFgkaXiCHg2Ei+rZf15bC5j5tfr4yQFUc4d7qFPIUtp3xTk2q4A9w330M8jITBqysD8bSe8vBSLlu8WECOkUaPNoIqxY/7NpmAtsgb8IL7mM4nez1HEs3H+8O/HmlsfW4iZVvxqunH2c+6zDDk5+1dRL17ZrBKwE4enC+pWT5N7MtnXRUYxrqusQh+u9NWVUFQgIDPsW7XeUgz9++69b8IOCNMsdghgFUf2+SM1pSN7mDMsHpMIaS6/jV0gyhICdbA+VbYvrT75P1UfL1YjpiNYeiuT5lbHn9N7kV/veLbH/l7lv2KFY5V7fvliQTK2Hqzt+qVm3ibfSAwbS6/7msoC8vjdq93+Cfuir3h9/bpBA5gjGwUPQkR0WCu//Em0/XirWPNXj1R1bEaFpXuYLYoaiPL87L/PlxV8W3Rlz6+dT2HIDItI9XRrAlxGJrlMusLFXuyMj5PRJOnwjqkdrDDqctJs6vYzN24XqvqzP8JVe4d19XZmaI7uEaK0E1WOaMmlDxdxSshVAirGUWWlgtr6SxzAVfDxjeChZYa6ByLyR7M17x+4RfiU5FpVp/OrW1bWk3BksMnOQHPOjwACx49xP70YWa79Y6410swhw3SCloopooij5DYfvkX+RQIEOrks0cnr2pVm7bUlvR5OaW52YRJPh36X9HTYrC0vmoSCNbLLznurrbMZbfO/fLjWpPvSCv5xlLW3qbHybvHQ+DZd3/8to13NPWs/RAvNAIVBjrZgAjOJtGd1z3qxfzsSw1PRRldwsdUlW14MGUiocDnmerguYjTXKjmPekxf7TLNdgLRMgeEPXFXuHduuQc+3LvZVrlZg+hZaUXDDa8i61XIoc1rrIRdCwpCdl07sugTF6Erl6Y/4ILHHvEP7boqwJvnncmmnfEFCnqGb5FmYDcmpZi/Lp6EjxbwL0lUjMmwYG8yiMWV3tII7qfwOzr5jAKeiocto7DN/Ok+lD59J5nHB70Jc18HvCumvcdpqv9GcyJj0n2rEvxil10gim3JBtcC67hcVzMqthuiYrRc6wQIoQmXWVQtw24z5b1Pl/tYVw5urs2K0jNIvhS4O3ylpaX5/WfNe6fBmvHMnES8zq7KZS1gjH0QnIJ+Lvs3FflRIJJhkJHVkRv3PKdagR/MHhP+X4Y6r2rr+KrAdywdRgqlRIz5VUh2DxIdDk9QkOtkdEZ+lH7iZNqYhPv018PxCmM564OCFZmNOvyNSuDObCjMAwTlf0ray6yW6tTn+ubv0pq9jzg/blW44bDmv3VI/M8UnwiUUjr8t+v6s3HWICzf2fh1Nz7dwKVPWFnqd8/JVb823gB/qmKf+X4rPG8a63x0an6+8YIELgDiZnK//5eWFn5q43m2N6aExWwWez8+7vQ5gz8ze3//3cO/pb+97c03an3d6lz88Xk+qu4VcVz45O/z0U9Qeuc1TqX/vtdNOr2/75LI8C/c6T6u3FROyNKUH87WFhZ+uAqL/9VBLOnGarqf5/fzcz/PV8TiGRmsv/2CcEuZezfP+35V/3Ls6YRIa7VFt9/fz8Er73av+tx6sz+nYjnsj4QIDBIyfH2MwcpM1MqM8CTs/XNZccTtnbiJgzJ5jg85GcoFWjuJ0jmk3jmD+A/Gs1oPuWs9vsSDZiGkmjScGrGkJDiIIldCldHDmd7CPtQ+Dzfxifq708B6403LGytCLtM4VcDq+PHahA9TCc8rwucowCYn1VNloP5yazpKKkHmXtWJgA5wDYcz9+86rHf9noZCPJSEazSFQT10nnu6NE/YGBtH1Khkt9rRVEqKwRrnhDCb2jKb2asvzesL5vjK/Q6eWvTEHh9fryYMVBhJoRDGatLjLrdI8kpo8HIAkAsAric/ECwFicwitMYbv6gnYMQPddSe1VJM6MjARmlIenAwXh8NWQ/jzl53hPxSzZkn6kVDZjYaDYFffCW3UMe/hMLmeNNyGwg3Aj4FguLEtKmRMhjcKo+gH7oaxMSzQvqVVLVMag0dsj2ms70OPIjZ703jWHvO38F2/YuyU0vEc8Puwe6Vw6MXgw3wPyt2iOv3Ecyhfr+JaJM7NUZDIzsjfeOo9Dwvjve41lSlzN2Y+/u/XPXMapT+Y6+TO0hn6Ly7L+j9Zfd3kj4xfJYzj9dcpKP+1mO8OmjtJwLKvffKP5elk0sUZazeaddLAxOjvcSQ+0i7hUpicUcL5ShjQWhn9yMC/ubrO6oQZCbXD4BKqNOlr5g1w1YT4qOjs/TMNUXd8eW1YFjK8LZV4y/RsMgk3dDBUy8aTaHTBtcp+AG95DXqB0s2ZctublLXhuxqJo+P4l0eEKplNtvE0B7J2Lt/tYm7/IT32FWD5yohK3IpwdV37AOpu9duxMWfoOaR5G09wbXbWKX9OzoURXtp3Vaj1HGUzTqLmeQ7wujhmUB3lIKhIbZiPdZb+L4FZ06+TjTttSQFcqGnIxsC8+sQbzgVfYsj6vado6+fU2D4r88FqBn9V0fNth4pTzrtA7Y1OrxwF6Yw/F361W8DlGqA/4RUErrbK8kCIsFgVSybs4ckARSPfyIZrQYoZADTdfxGYNreUw3pxjsnCtlB2tPnY9oqwNXBWiHgqwCJrlCy9nkeqNi+bHB2feQQBXe7AuMzzMRz270M21pmsnjzW1hRm9+yA6gYhW913shEDDMbebBIR9xRPw3izsdPkvFq+tTPlfmQtoGBDkw5+1StP7at9XInjqp/nacTB0SL+xizSu0nLEekZ7phiBcLUBy9FqoPQ6F+4G/wJannoIpDZKRdtqXzi6B3maRGpJ7PkayQpL/gEptY/jLfd6iVBtLxRq30B7OnoytQVJLi1u5ykE1Mo9fyKt56DaQF+xvtdx90PGwWG/746sc3wqwh4WKspH0weACaQdbGVYHgb+f6IAH+aw693mTzRkIJgh5MZfE5Hg4pejpmXzBpMEXWCosNHXUHd0+8rcrRJlRPzyIo8TASx+kPTMzuFdJS0KJ28F4R0muKqeP9CVsq9uoXzYCMM0fxkqVhuJSxoOslzjzjpk07LcCfWUhr41dhq9IG+Cxa5Inycls4CIjmeduI1KGccLGmIaADIczLyXhytIqwDQYNIvPXJrBjCQJ8oFd116fU2s4u998glkY4QLS4hs9R69D788d9IC2rJJkfso5f8IMFh0q8cfMDcmjS4hk7ZibXvVc2e8nd8cqjJ6q0YHIJ1kHvNcXPs5ZefDY9smMn+Hs9ZdAOnho2H4yW4gLhM7ZVvm4PCfCHa7fSM4TpisTbc22K6izUCFWHqf+q2Ysze9hm+vGk78KAgYS9DlSmKl/fMkhh75PwhYVhoeeioa3hlaf/risr2H0NVg7ZBMrTQxV7HPblqzHfTcMr/oTIFxspmxJ/owp/PrtxSZ/+k9D7eMiRW6DnFKy88W06xTvODjiKXq8HXztwl3UNuSJkMxTn5MvjAQ/5JxyZZkQqtRrgujTvm5yfkGrtdS/BG5YlsbD/jINTa+iSvqb6GzV4+UCImRs+DU/KZ/AXEgfOM0TpZAxIdDPKkynPe9MHxPsMwUGYWT53FkoUUorRbrK8vXlzmwZ7TM5zO4xJgA73rFb55FWRzO1jncG2Gi/by+p8rj0heV77k1WW6fHS7ICorJ7tM95hFAhCa3YiVwu3zAxQVJ07Hdi/8PaA1nbNwJTIidqr4VLBnn/eg1fkjZedi6G9vgK7v2cy4j/euS0xVfCFKGFvFlfv04SgzxcomG1sN4lsOtU+IjQvM/5lVlorudpCtobX81fU/ZpGctgprpj96EZN/3SyjdVPcfzDo35IMrfCuAlmFKt93SpPgmkP4BVMm8if/ZnaaAoag7y+ZRPfR8RmTJMdrLIKGq5whMQ/ptLj2MEt1uqgYVMy249/XACgCmgjhb7YxfH7tI13msoWVJ4elEPF5f6eC5F9wktDnv1MJXEjzME9JfWY5WrAyU93RrSAW8yS4zV29hzPX4Sm/Uk2iXYpeKM9UuYX9IJQePF2wU6M6Mrkc+lukZrbFIySH2HgwUUeVcJT1TiXkX82WJOsWKlmz5DS+rifHwrY+K1gzI+sV3HM8AU6dSDUEVNmjKQEtcHRBDSIO772KfgHepC1yjmcAuatC4v6C7V9MDCUKICZ9r2TmHBrLyrm9B359qzPREumZnjfSfj3DoFSe6styVLKEe4u0Lhflzcub955ScvW7xUYAK3Wo0O178MhW/EYzyq5PFOH/0AqCQFe91mwTr3GBhVEIIG073SHrGbaRtvPfJq4dpMlldDOLS1ayQAVZz4Qpjiuyu5/pKCX+doOqi8uU2mo3rfsw0h71s0YbQ16uKhRyJW5STc8uFvkByc20zV58dh8aizgqxkjHwqC7HXymMAnF0y+eH7a2YOTz1YM9kyGwfXKMNlGSRGp4cMYIc8pkMXUTJN73BtbQwolIIusK4P1sBDis3DA/q9ImQtEuVaAleVkVzEWUW/0nWZ2H0Cxgs0U7pn3zAZgA3md3UvuU1l78dni/JjD4TM8XMbjwlhPzR2RvXwWjQGuWHpSReEmOsckM5TeEhYGMYpJoa7ZqPFPW9T4onyD6vz3lyXBeXtL4EnUOshQSvzDrvN0kEt8dcLwUj61Pgkl9LL4ErjWXzZeftsc9D1MaPX+EeJG4sd0+z8uJer3quIl9koujljxq/h10kK8PZYCptelujb+u6rVhdov6uWGwluxLVov8pUITCpDetJjurrkkLIofJi2UlwZ0AlsJI0kgskyP4M8d2T48e3N5ogZ5ogkpgIkDbBmWeUO3w8/vtMeDGO7ATP8C8eRPg4YYw0sVnnOy7bhWcww2aaFJrInU3DmPZasUwa4NyuGnfsDy0Z+ATmBwa8/zC68Hw8X/wjAlCCDtOX4iftteIeSerHVLBqm/qALpCbsLRDvQnHd0gfcUkf2wRM5ILWUuXY05uF8cbGB+ZiYq3Rxx9R10rpdjZ0fGHEZmJsMzGG42esrCaq630SZsdX/ImW/U3b9uSaSrhbTMJtAH6O+Z5OypKMOqF1Fh9o51Ngr/TvoaV3sBkrTEfKL+rcln2Hezik+ZY5HfaqFPFXFT5J5kiyqn4fR8Co5GguVFoYA6ai+RCQ41VdNF2jyNAOp1Vp3lpusMjzLcVkRbe+epQD1S85M/Ld1/2mM3uJBR+ZlRiQPwmzEmSfnRkibiRNjL9aB4hhzFgK1/L8YCG1fNweZn+yiMNT6nPeGogBcGr4aPH3vweBCcdCPftHdhqNX5MjRxHv8uEctkbP7vs9RoSU0+Kr6LxfAQrBJGag9XSiTjR/M8072+63ifuYU31eSXypt+P1AzQl5EmpYwPvyeZ1bv/t6pCR8GN9PYbTABZ8P3BlYYsMdZN9L7cEChnQIVdK68vwSbk3mEA2chcY+ncjRGFGw7L9Fm2NQkkRNkf2Tj0ZsbzhNBv2ApTUZUxY0oYl4qoZNuxkOgzch24GpE0uOX3cI08XDzZ7cd1UVvyGpea7oeqXOtSOoqOWjd2/vUrp3umT7F6Q3fApAyjSco7AwtWbLoVpRmI1wG8FG/kG9cTMPqe2HbtfDZ+UCXhawbVy/91ekNm7U5oCfKWoWY0W0nz2mSvzoqhvw55gK9ZHchZr/GtH7EweWwVTkqCqhuZX9yAqqrfOMayH2Haaq0c5obhav/dGnKxEbwyLkOAKAVyStvZVdqOweBAs9R0awAxwTdBkHxs3FgvrEZqWppgS25WTRflfWMGmwHomEHuffOJVtEuwH4sgIm/5iitS7UMfzDpgjpTpKwt4hMN6L1zLvV7oNwsvlviae1ycphgGizdupbLjLH96/RKyj55Ilda+6wfQUDCL2Xty1U4WP5zTBcsmZH+yqkCKOpZLYUq2bcZdLPfIWlIME/RIeD1RvarFShczF4V62k7M6VM78RBYCmOTRsT6Yx6ekxU3o9PXY0zn+YQA1bF8SuMuH89AiZPoEyJPjv9Auw1PpPFq9atNZsT16uBf4sOqB7m3XzODfa1tC9U5sJ4pSYXEgnrZmdT5L/PABN9fw1Ph6e9vWFsh1beIrUus97iQ5mxtsDyv8KmHsDa+qyuZuqNX7f2eviteZ3LfuK7V/iYDZ4XK1Nea0tUwe6CIwBmPix79X/nO5Qn8aiXZOYA43BvQhhrHszaLLdNk66ulCFfkMHdfk0nbdlC+vJFUU880pB+7GQmN8/olFywB/aA7fGS4L8SqHtmlTqicC5+50823z6rbrJg0XvnopyuhJiUgqYX20Vavnz6ASQ8Fj753l50vdEBHYdFzTZ67nYZzAcsjOhs5O5lcP4HWTsLD/dhjz065aYteZc35Fthz8xu992v7VbS+h4v6sYAkA6e+JwS4h4zu2FD5D73svqFgYhej90iutJO8rvaFp8tzra/pgH3k+vgNLdY584BR7MvERAHu/lmZKM1xtBO8LvycyQe+jFLiSE+K4etecJp53Ucwp2JuEyB+tQzrHegRMvKnTvmb1yRi+6yt/Sga5c5Qg99zgUQLtYoYC01M1GyH28WBh7RNV6U95SeOvx+d6n2FuriysBr5T53zQHfh63rbkByobL4HRtlKNJyB5/rUNqsnDkENHRXBdmbFrdfngWMriB70EcLNS+ejhiqHwGkpeLpCK337LGJyTMlCdbrZDYZNeDItNkSo3+rz96YVzTsPCn6HMtvWD2FXJTCJApH3NYZcDqIJyh6kFjJOlo0FtVm4re6quLVd3fAPHkS3VlcnE5l45itT7JS82fqryzybcpxvWAPHyyoverXrArOphinV9D6R3Xq9Zj2Nshl9UJu7fsqSXF6rzQB2VG1MmutVspAbRjE4/uNhDD5SOJ68UeqqyLsF3gOUhjwXl744J17TlP8WHMo4GPO49yNXiZrHo4icvwEDQ5SLy0VVkVUD4/ybnsyErSoA7aopPJ5Tdz9/YzOiA4cOLxOhpvx8RVgB+a+DU9kTS7T7vojjtDzrrZP0/pXN604sr1pjRGXZ2xgFXUQb9va3cffBrHy39uvYWUtVztPTExDozflaqg6O7nuHoolsaFXSsE4N3rKlyv7NVargCRfPP5Mr12dmB7Li9+Yigikxq1KCvCoOnyQetsPIRGDJ2Dl9B69gzHc/3TghJw8i/w7M/L0DEOjTftQXXBttJfL4pTsXrOTv5MMW54gzRIIOEWyixeFdmsGaRmkn99HUNtR/z2SIp3PDGklZ2fCNOJJLEE6XRcmT352OScvH+k0DA6M2GDRWZa9GJzy4X+sF/VU98NwnnS+aOY1LfwmV0z4tPR4ZRL0Ulk/uEADKyVWbGs+wZK7heiD36n4lC8amWFRxwB9b89xE1YygdJTxhE3lwwM5CW07BCtNk1/B4u9U9rmqDfuNsMiollEzsSnP++twyPCFx6NHriNqgKGKiJdx7fui7ft1G9y75rcvcbqs2qi30KTMibJBUISScy/B+itV62M8Xf2LyJEKUw7lCSg+SU9PJhoJZv3tZ3FJIxbwTvvMqChPQHoPanLRzI3KqXZFjI2+7yxLfEPPp62E0DXAGll8M7kNjdCGe1Vqyk2/DSmFwwvO7brVRiVmHbxvI0Kz83wjlLR4uEGk1FLuwCyd/bWbPv7ubXK/CQFR88CPbwKZ93J3nA64pWv2XfmZd5zvmlde1a9kHrfRF6gn7j/2jIZTWiJDJ/v58P1sayT6B+5Xt+JNao5sLX9qJEXp9s1QboXF+DngeOlY82Iw2x/hE1lTxN/vFQzncd3p2qbLqPd+PJQuXAV+erBgAleO6xROTDTDTcWJ581B9P3ZHHvF8YZp6KtCadQ+dn31GsvEnSj+bcJ4zMlBCx1rPIlrhiUlw9vbkoDn+qJx+RvZnl2QUYhNs+Zbwor9F/19q5eY2IwtYm4eO8WEtrf/hN9hGcYrVpWz6RODUdubI4bn81XtMXI8tWDHsDcWYq+x5XB+eTJz+bb6CZJjJi4rzxaD1vyOKAJkPk9+pw3hrDdDV4tkOqbvvH/NytMn/lo2yyvmZh7KoiHyKATnfr5K8oxZim1FBpAmkkaeIJhvmwhgReGkdQS3EGnYvmTBlCLPIQu38ipwC/kY5RtfygdgkVu+XZXnQF89LMntLNHScnRCzgxFFq5xx1v6xM4UJC+xvL7fIr8DFpWpeyA1RkbndREVcs77Qj+e1v5+WOm+Kzq1fvWcGcJKH75mzQ+f780hzXO45EHAJvOFPT83PuImuB5+53EiGvOPe+c9T66WSFkorGM9dnL47Vcco9iOdwvzV8qI07eSyZQntwJGBHP/2hZ02Z3d1Zo1yz22wfFvdOD5w7RXJnu6Stc9E2QYjPmSAH/LqMO7UZyII6/Il0WuLTMvsOy3Y1lvgDcx9BkDmY/PfiN/dF3c4rymJvqOcGZ6xO4+LPhZP7ov/xoM2x9gLaQrNONrcvfwvIP3h6SZ9bIRIOoPJ9+P8BCN0kYIPntC9QUA5trQo+cmzcuYgrTaQctC5ZXDnP3oPxw13ZjbBz6d7mQPRKeWztju7lo8t/dYwbw8eFIb1sXwWfslp+9XrbCyuy8/GfMUZ6g7fQ488mHB5Sla2Mxx6b5UYjNF2ghvU7W+L2f4LpuoKXicBbj3nFEMrTKnGqN7kwYqPYIgL/Cd6HYRf7rTtudVn7HsAbPs6fKV98Ro1FjL8RkwBiHHalLMK4bW4eq3uRXjwcq/bWguJAKDnt/EGy3KvGHtf2tIfD7LvyNnstmZSFEXf/29LoAL4mqDpVkPHlu0JaWM3dpQZ6YRCotfD9doP4irlpon+Nu25WODzn8eXwmUj728shvuRyKgvIbgxp1SI88V1iPkn9iNf8prk29BeeGlsQRvagiUrU/u2wrIiDkWMGwwIjRXLX2UjlhwisZ5DlBifiUPj28w5NhjS5CFYzwwfMmfnBiq8eZA98SdTLbe3EpLhFkST5OhRkLZ8Ibd5f28nhqpThiPi49IWqU10hNjaG/ZyRpewusybJUloAoPZtcadpC+XmZK9pB3Y5xjExCQep2AK3ncHj8JgjjzAV6ywk+ZnPizrNUHmesJFbY8vW4ir8QObrcWb2HfF05TArAA9kkFaLRd9FSKIkxovJiBJfInOOKwwBG59e6/ciMD3uJ7O7YBB3k8OfA/mDwCh0vxVCKYLN7jc5PJAB0DRnwuXiwA2CmRMqfoANGLYGadUFeUKtvvy5TOzoAOXTxlHffVZG73TN6Huz6buFTk5tLeQjViBuAJgzGW+/fkPL5k9OLdbChNhy27GsMAJruYmn3Qt+5RMh9RhccCo45e39lCuM/dKIEr5k7h1kYzJ0hEaizzepwynnNMdq8OzBlVttfYSPIujAWJ7hoPNHzD5JomU59nERdpx7xyZpN3Rvcrk8nvDU4zenO23mikznbB/tAalg3WYVPsG51vdy6RIiEaGWfwWkG+5lN5zbXBJz6uUcMbcafyESfEvmqLGOUO9UXLdQNioUQvn0avhopcV2oKRG657hBmU3bi7+c0b/O5WpGNhwjKb9c5nReCiDqxbqzg8mW6IV4craeGXJN6jeKvLevpcKbVyOF3mlAE1k38Nho7blcocVTXhl4uS/RBYOUAIjxj7Tm6foYYQhJIDRgtWBOwDzkH10YekXi2mwroCvtrw/ZxA57+rr+eyaWJ8SuztcCeUb9M8Ah2trJbPQgiyiga8DlUWxzjCizLIdgUovuFqwmswXjKHeyBV+uAEUqwROfr5vwKotzfeeO0xfuiBTFci/A9N1yeBU+7vfFgbMWVYzwgkGoJ9mXJ02JlgJ5iv0nO2zYWwrOKD7KgRMdvfw0Yk6Z//l6bdo52QMnD33NrCWNl8E2hKv8oUc0Y9v8+X8iPgrSUHrpci3ewG6MS6NNWON5/5+Of700P5XM0kkdJyDqs0jBsLKdEBYGrjCcq8g9nfT+7X1d4blgi/y7DgxjC1WrMaJTbX3d7E/u8YD79sMEod072a+3DnhmJiOeiG3fyv3NfGdlTnZyldczl/Whmy6838603YY/BpY3naPiF+x2wX0fZ5fn5jv/2i+IiNyXfHvYXwkaDLEbqLlylSftl/TuLeOdz6y5wL4d5v5tVZYjpDctqMjFO4zjAwSFnUVvNwpuwC9b0zbVdojGR/YgprLqprZH6KjB79WhdMJpTnwF6B+8jEA8tEYqNgezq5fHs6mzpBC0ykaahX8VBgo1QJWyAdTxcHfVk/jVo6hNyj3g20L/xY+H4HcWVf3Pk8RFtMv2q2q8DarfXgZWYG0a6fJKdHbzrQR20NGM0btW1+flraDtYlkyZV5HyfIkp1wrn5B52qAmM1DQbbQyDrvjNSJapoyOepCjNCqyOMQUkuJ9XIEzBewMKXv78upiu6ImgBYKbM2s1Rfj5s2Y7yl5WlnmtQBe6Ce2TJdL5gc4grklXStjp33yK29PcEqn/LU9nwKOqENLzuRR12NUwHJH+KgmNYR4IOyiFBXv2CZwX0u8EOT8ikQgk9t1/I2xYSekX5Mv7MJb+Ffah8rn2Vyllof6KJuL92v5nx+ItoobxtFinSQltzX5+xZ8hBzP3Hz0DPhhHjxw+S6RlDjqcqFSC8VGUHJYlnYZmWk/LAsHvNQ4eM8E3E6hsFz3pGy090wbXL8Wagc/Qj1effj7zECe1IRJ/5qCwPXUfPEOUmzQp5837uPWE/Wf55MYQ1Efwp8ECFhMKX/aB/nCIOBwu81C5oriUMw0z+UwBtBRXJIvv006fPk+b5vCfpdjlE7dCycQ/CJ9E/rOAczB2W/Osf924J/l09Dfz368xoTKu3Eu51XA0dEwz2OfY5tl+fu+D9DxuQXWlnfkbakVgX1ieipRpN3K8oDZmPWEplZH/tuFDdIzcihfCt53lcGS5M1tR07ydBVCzNHiIEMWQr7FBNA6EnFf98V9kgPP72q6ESJjcOSaU3c1ihQVdp4KFneFR6Bv3Af6s+C6ZP59Tju3zfc/ENumNVbztHLAR+F4ZgRoBmGFdVJVP+PuN+PmbrP1xLJRJ7rwz3arrtLlPFjhXLwtYm2htTrliMD2jRBpfYD80N/Puq32s6JCeN45OH3yHAkX0ff2f/cGaV6HW9CN7fdLtbvjBOaRbJn/4JpQYmScBW/JqIEX/0B3W+FfRNjONdBrNFY47gKGfq6EouuVtertcwT8SEhMG8Yc3V7At0jA/pRNEjvjyjwTaBs8+ynduosKyNyrQj83lfcwntI2XQD4JZ9odfd85U0OSUHzD5xSU3z4B3J1Fh1j6lkZ/z6hmXapRwX5o694AGgkGIyL/zmRbRLQi9FjyvTv3ZJn/ixLMrwnI0mJPEp1qQy6/o8VN0G9Igw72MZFfTMEnlSJrzj+UdXCsQ1GKkRCz0fegMvLffCES/X6gt7eFVfUNOUhMFOyHJhOE9RcGWAS+PdmXNMfCMMHxSOZ9p0orEM98yninGF5Pu5PgEbDL4uspWDaBu6jI5QdcfvhZl8VWMrZjZObuHK1R/XIx/33+2zKdzrNNKmxrWHg1SwoN+5BKQJXcQVSijsfvQaz5P3/XBQp/0/8+Z6Pv/Zlg5SapvRkL7nhqaP7xfGoQ53/j8dsp7lP6B265cYIG4ZJDp7xfrJUw5hI4hk+CURMG/N8dMcQVEvA1KFKHzCUrG/av9yJcz3eHX1rtb/626Od/tf2YhleEHNNXGYFFOcvf778Utgdk0TNw7mZYcPW+HVhPaikfwCM+lbuLO2HQeQbnmq8rmCc/gBaGeckmUVuqAKYZ/82SRvphRRIwQ4tXXwRE9+K9/LPy7QUwR19w/4uwyQrf6A3IM24tClYoiM1xO+B/62/sZAHrPkg6xxUp163xIJwCHX48JhlTDfDPPIYZMeJWrXuIRRW2Wn5XzBHDMzkcP2ijfMPOkC637XA89Mg5Sho/ncbaCx+OqfEaUUpmZRFWh0LpuP2wThXmPXOO9WFCdru21Yn+9/krjvwlxg/89xYHffMjiNa/aPECTE5gLMIFDM/WdGb67/OYKUxk3AQwc9KLsNf858Gcec9TT33fenU+ZtEmNHrTfhHvtH3aMMd9qoKxBwgPIqbf/kOQC31d3+mloCojwHq1vrnLHw5LEFEn7Bhk9Wq4wmg73l3+4i9nbKQ2dKGYJq1gippJQX44rMqrDWAHpIaLQ1qFsS3Wq7ATxIcLuOQ33OXNWR3423ZD0Oi8/R7EQoJQCxyD88Alu20tW9P2KkDyx/wE8Ez+PF6xxtJ6miYKaPfDQ7VuwP59Pnz/+zyJpQKgyh9y2kAHp4BHDYhZx/wCRTKIdMCr7GUe2lDM4dsUgv57Jf/sj8zUXru9jMPqtc7ZQnPefMOEkDsrpr6sppaCqHzFhGr/2b1OA7tXirUKlAGMKQ1k7s7SCXyK/oOg5uOWMdZosNY/8l88Etb7nJcv4zrJuYvfkh72XPnZd2cBiuTv5tXUwqNKegP7UwcQjrJ2aJ5ymlzcKtTvqyh+eHZyDbMOmYh470UV79IfU+Vn41wb9PX7ZVqJp+BmffCUVvzwmqsDlVywiA+/zam2mA2C//eHEd9dGIb6LUMHvAA8kd8xMKE90RjcjBMGApclcADBDL61e7h+9+aiyXWK707BZKB2hphwemwABL22xGmr6Aq9zjMD+q8adh8iDnxOwZK/fvb4ruDz80kGhDX/7NPk/TcBKRgqAlhTnUunsswCblYj4gfmHm9moQKGFN0a6GOXmH5MjTXdbEQdDOkPRK1zZf724x8mTTClE6HPT1WfrRjEBTl8oa3no4Ht240AT1sGBmEGqCdOWS7er6Rqck5VCSo78k7ocuj9dosrVVwU6abcvViPEk3Azlv+ATEV2aEdc3CdYrtNhQA6U3me5HrY/ln9uqK2nwubrfs+xXN18vHlEn6clMwAu+hyZYgtj5R5ZePYq41YYq/UiEsH5X7xDRYHZNG63TKwoLO5glQKKwVWjivcQcUk4AX1BbRIU7Yp8d7fA7iX6bAwtNyY+aMSJuC7j3UZTRhcjisB85LoAVwqXDOXvwrXWB9LT94zcpoyABVPz2P40zuu/74F4P12vLF7MBkse1dFZnvmVb6wcdByxeHYwaETh/CFfVbzHZM+y3rWQHvo9NoQFw+satPpAoZQUX9Q3IPdFf/NYcY4PAD2An67vBh0T4FwQvg6FualJ65SoivnpwK8SstHPeFJyzVqOkfuawgg02F/EV5xUO1TaJ6qvrGy6odiwMpu1GCLYAFDPh7BHkxVGylgccp3gVVA3xknaPg1Eugjl9/adF2mG6wp1RMn3fAF5D8MbYuAH0vuBUYgWKm7Z07yzf8alZbPaNmJ71BcHnzrTln2HaOuQzEFJzTreQhIjEC/Q/L3/Sb1g60wkEDqnABiDmp9zVYUqddF2IVFuSP0OwNwHnSbzV5kH6/8F1AMsoOGncgqhjYztV2we4902gvpEsZbqGRglRbPE0ySDWcf8Ho1ugi4FMwMBOzJs3IAKRa6pWYdso/YZ8x1XNQAWr+eTmWGzYOnAzD/YNoxlpq1w2Vf3uVYmdW37QlY5GGPHskVzhxp8eghGt3DyIKx22IUSAis/KbLpNced9MCTXOyfogd780G0hbog/T1JP0PXV0ptDh12JclvM2Lde+eJKBVj5ofZA7h9gJrsm2ePdAVjwTzUt17yzLNpFPkCy2Sk14iuQ1p7wHrwJy56+/IohAw2AXrHeCsl3m57rY7Tv85i8fXVIAVE4t+omZnDqKRdimhj9ryXjqRhv1wbeDjWxdXn7cFxs3ab2vtK83qb7R+QGaA+C1OM9KUI6fOrRJWBY6um/Fv30b3HJYmeFyMyEy9aOTHwLtjRyEBnKoxtRYjvAzw9BgVHhdQVct3g2+I4s3vZ84go6dvwkZ83tgan1BHDS4eSMz0u+6JblVWPvYmnxkW4xAcxJ1yoE+oSOoXtlivh8VRdQbuCSCLo8dw+R/aMiuTF7Pc4aYAdl/SDzgnJAPfLCprQCs8P7HQiCrsCTYQvv8oX3B/jMAmc54zyiO7X2fA59snIxxJo5qG8sCRiLLhwCKxD6msCtBqO0WGhAILtYqf50n+dZMYuqRILwpJ7hVQQvvOuMJjRfvdjKi9ROOsqzKMFwxZEfKzo2D2SllGAigzc7hLrRGwkzw2hwXSCC5wAAsKE5ZJGXaAnOltj1h6FQRc+z9L2DOcILF1y7Z3cCO16OTKvUy/pqLw3ND/lqVZpu+jJwSUpfkE7k4IjXiv3nIQYMLKA55l60H8EbHD8ntabRwM8OaUH6kf433a2G7t60dl1I3FRHrBtcJiRU5RrO5IppAjYc4ViFRI+e4eVf7mnpvwUsK+Nn3UuVDF89EbgA/CHEh02FE0O374914lYLdX9v4bBznfUeljIIMJ9AmMHX6lUWB+khfym59bYtysVOmdul9cwbWYNg6reQLuorUciR3b/nyODMGwNne/D62sYIL+Ad+cGcx2UsgALSKWoKPFelOww7gpiHksxdjBqo1pBdQOfz+qzsK6fDJpGPpdvONb/L4NhTomhuW3kco1xLfoPj3m08MCVogBp0Zk0T0/qokFTFUkteJ99/uZ/+7cgOWWHIh3r2TaFT7jCqt7vV+B9J+98hFlRug8+DXwlMa+KO1D5y8YKQzrs2QtrtXwlYQQji7NoRGm//kHXL34jFHPAlAW6ldFGP3XkHAYJT3caxcPSdlEOh3zwz/kYvgtKCf2qQKFPjyBbk6tNimEh3TGSjK+AO/t4LYiRgUWmznNY/GAeMgpIYHXRk1bilG/7xwZb8AtK9/048K17p3J9E5tWFuk8v4G8TiqlN8vrG8uEnlWaPsuw2QfQNYLIOuwafbLPHzAAsR8HaUpyI+wlXkwoxb43hktjT/+zsDbCDBtHnBheOvgLnAN71FCKxznA3Er6R7bIsQtbno0XqdcGxJa5cc6gYMRkI3bgKwNw68n24mKwTat74guzOnkm8t1RaK1mmvWDZScJO/HVv4QWBFY6zNdjmC3NLZQG+77iVO96983XL9lwbgrKOq7mEA+zpr7mupQwDjBTekX8e4KxJk6vsh9K1HyQWcNJxrDSsm7HnzxcacF1uKAgYbnbkmJ6b243nTSp1H8qg2+0B8g4looEGJataXr1IBYXLQBjrKW4eCDeJwF6yqvENsRPGsRhf6qapS0m+8BPJF8hnMF95VVT2zAlumlqZyoRln/8jWAGWEC2JUSRH4ImdrOpHsBX2Ke7F+dHgOIu1cX1ybQy3eXkRh2MfwZAuNvIXSnNLRhb2W4U3DljHHo4+xf56m1l+iub/f4ab5WboC8lTvHJxx6zz/mDGJ+lFBd392GhoI51ZHJKutKu98yQ1kh2yoG8yJJLLmkC9jdSpn39aLfrwwuaqSAWrpt3ryVxb6jjAEecZZuZbcV6S5DRoCnG9Iw8ifCKJa+4Fg9GwCCOP6hznFx9rzqmUj/1KqW0sp4egKfaf0JR2kqHuqpd3ltQG6mwD/1gRgAYL7S183IMy/5IdA49hLiKoq+bxuhVsCoNyz6YBu1+c9Am9nL8NagMkTt15/pBPfu4ym9ZANG9vrg+lw/rEtqm2CkOlWZAR8wxM88PskXoYx2JWcZJ2oDzEeMM9q/mYfMCm0b509YEdBs5Td3tca8dZgHeM6a9WpO4Mxknq04shxQELD95QP7XccngX+p2VsAs7asb5KRcSDDrDane2CA8mgBftle+ZtUaqG+aHKxSuO5T14q1s18foFi7Oer3h4KawCoGedwSaV6rj0eW9TuV9ga4bmzuiAmdZbMjSGc69VKZVMxeTXCsyf+a+qyID32AFRTYNu5SgkwWlIlNHZ2evy+s4IfP4grQmVAjJK63D5UBVNVNYLnnKiTj1XtBYS5Pp4IPXRd38sdy61LujrX80QK4cuN++V2PlCuwMwNRIXPLUaTZTyBlilFDAolicJ/vDbtOxTuUk1qyYA3rAxb8bpyVwderQRPGYzrazZQr64hb0a3LCWOUO7b391epgY7gASE+Ok4wI1D/d0o73SR97qvUx5SB/xiIP4RgldPwGfkIDvRu0bk7gJngA7GvzSRsYrR90EIN4HmOY/8OQCc3ZJMCAAykFNzwxAwzyTc5fEgpzNhS4sno89OfwflZtQn68NBKsbdHwGbQ4qaYxvyWq1imbkJFhmLbjdPuIbdlw2fUnU8ML7kg2M++Uuj3XhWVN0/yvZJuDnkBRVleRzLZcWvG5MHPs6+zqQksnscm4sXFKG3psaat/usng9D2BsEW3k1tE9tHYWe+NYWIMRy0H7RhlhKIWW0L3tJ0h44Aq7RhLZa5AQ0uLcuVCwrTJCx+Oyosjd1sJIX7/UHttYCy+mAWBT5157DBmjXdHrH6PhTj9YCjmcDuiCR7bm/zaZPagDBeu7B3swq5QdJlgL9ywd5FO06kTfS+8N6fLNT/W/WUkI4O8Fl13Mc0KZr0vmWeraVukKy/RiZr0DTGQ/4k61ezBblj/k5C6fOao16S1QLsKwyJk0o8hJcRViK/hVemxwnOGwDp4KntWZGA9JIuQCxbu6WQOt6keEbQTnWM1U5s1A/JX3it30yd1QdcHYPQ72lXjTillDAdm7Zu7j+tsicMOFE8K7PIs/Zyx4K/qr781mrTUIBjts8H2FqbD+mYLJcq1FVDOsuiCbjaW4CmuOs7tf3Qai0Zb4hsAME5z5oQcJcIRmDSXVWCvwuOKUMztGtZYSxIj7NmnxDkR1c5BPDYbcW/xwRVmWocAFyU6s6RbPAI7M1x2x6+sLoFa0+hdfotMvL0k5cFfEBpl26gM87QUSN018lFGQlKFY/Crf9vUMvDSUClo7NG5Gtw1EegLWWmz6/TpRpH3ebwKt6eKrFMYzz1zgbOohicX58rGofyTssbPbiRC4bFqF8eDn2iPXFYXU+MD54TL7LRD9rQ/0K/OP9TctL3VpGw0lhZUnVu4KKXF4TBFVkFtizHsRVaSmSyp8OMfaGgyggJpEflAxiDOlsqaYB8EXL8IvGxfZD5zF+iLXWf1Dm175mq1orn15vYJeNHae/vEcJ0K2/4gP2JQJePA9ldbyyCDIQEG2UrXm5sBLupAAWd1dmB7EOSH7EfhbwDNhQhRkcozMA8TawMl2DtrNjKJ7j7slqgzUe+Q8qJGKp3d7jZeUqt2Bb+vX8MW9ofAkHbyW6mHmheLYyz5cLzgbzPWPfnZ+rtH1c1ys24rz8M8aIWD2zazo5+CupTEmF8PuGsen3B+9dgxXT50K8DvC4Zj/QOVsCBmZyB64pbw38zqDrNyPU3K1vlQo3RkkXVCUfVCTqq/a4ASZNpv4gqJ6uYgdohssFCg+Vj76sJiHti7pRsiJqKvW4A80aTPYU2+evJNzoj6/YTwwpFkCiJIE7jqrn8LlWk5fHylwvfK6vwVQsTMK9T8maOlE0KKDtS1R57Fe4dGwhsEt2x4cOn1Jw1Ul0991huQoQkabgTVF4Y0caKg+O30D0QHj8Lc2TgzIofJPqdWvebgquyWxAZyLFgAMnCn2ER3g19gI7cWbhx6N0c8jHJ626cMaeGQN3SKLDkcroDUBkBRdtMRjDswoNGd+R+YmHpY1iy5QHqh1pwil+6LpwwTcsvRJwF13V+N2UXbZ8ZoTnoPsRlbngnkCbWewhgVHUgR9pxqhirOKKHgAExvKs6eIqoGonWBQE1LBx7q0zW0Xi1loWZoxwgHlLjiDhHN903ZEuMU1BznB4EcDxWTmbYsV+gVNxGrMSkjMbqgqzYhiB93Ecxv+cuyRYouNXPsQl+bBcxqRXghRcjQx4Xnz4Xf6qGKbfAevZ1X77bjnL5z0zfqIHDNlhRiO24h6Cygk8LX8teixQ2XhMV4TLssq+9w/68nGyHtvo4YUVv7KtaEp33jffGDY4M97MTOSdELI87i19U0UZ3XyZwpITlRVd2CuNy6sYG+uf/n4yWt7lA4hm3XuE2VLOFPucvGNRBhFIVJMO17wKNa3fgad+9ezvReAtbG3MbW7FWXXLmw1AqAdlMr9esGHigACp7wxXc/IHPYXxPQgP7VgsV03ERHS/wxb3x+/6ldh3gNOMW8Gfcls8YZqHuu64xsGNs+rlumwbng8PxDXjBhw+JWTTltkkmRUcdSrSYwKYRH3CKjS8FllVse9VgwPxJHhJC0ahNk22pnTq+LXon+ESqDTKaF7D7fiDuX80iMEHed7GkGQ5cdQU0AA5XoXwXoCYcWLsSbuqrXks3+BW0DcFJJeAkwvViEIQHOARAvM7gqOOD6zAbqxvHSUdGBfDDIa9xgnhKolYU5+vGqsLNA+7CLba2w1izO9UPDURqGiupUT0ima9I9+fsGTaVtG5H+HdKDp0fme2ZyZHskQUwe3zM6Cul4dA7gdMxeiZa9VOaSD2nMSPnWFy/OG/Eccwn7FTvZqyWWVt1xaAdthV2YGjZzTcadlEtdp/vHJN/ZKI0tPYOBZZh++bTyRNTyrd+41pRqiSFsOa7d5YEGOVvzhaVSEHLoMptMdNkmaGphpYTgyXrIfSHo4HjU9ZIin2ktucglyXyxQcgvGyqLWDUoUnAb1mkr8k/U0HmVVf6CcnYufz659GEbHM+sPlno0pH/hPQ/WaCbyqrauAVYr92iY7MNoYSDpExkhOq58AWyfkoZR0SnqEspucwF4ZYdM23VM9851oVcRg3xGJuY67gVFjpR8vHFr/xLI2uhQP/vgcNt9Ntyh3T7i/ovl9aelu5cP6xCO2/JTIfgsbnSLRnCAKBKOgbyERq1UDEoNT70bk4wrSB39mokO5n0CNwIsFv8YmGl9AeMxvjqVmVWUDctovuNVN2lBm40iX5Jdj7n4bUd92oOhS6Opk0MIGBtwOdyUw4S2YYITfPByXy61547lV9zmt5kMZI/j6OPXN8k6QoldOoN5kKsTRR49zMHnrrbz42Q/IkOAsrdzfj0mlgUWx09FRWgLYkl2MXRNaNd8l0Lyi1u+J/2vvypoUVZbwr+nH6aDYecRd230Zl5cb7CIIyOby608lgoI60z2jp9tzozVixkqqCqryy68yE4ruKbRSoueiAdhrxhtaS256V7Ef3+QjVK//NM0e86ZMfHj41pmOnJUxqg/LYhX7nuI66Djojdc7PVg7hxV6JYzAKMvYPxyUB/v5QFz3DzRhaT+TR7o9Y1Gfd3dvdDtyfcMKZkjrxpOeyOOY2Rg3uJXvLg7g6/08TOESCSkoDaOe1npLLHRmjggc98qRWeoM8QTD/pAt+M9NxY6TPEoSJLUPIo09Pn7KvPWR1ln6olIdWrxRaq1kYT9jbN1HbHms93u6LvqboCFSu43srtiyNtY7NVdU97OBuNwuakk8VMeRUviG4/k9HxoNNVjFrdJsQhHdvu9QitykKwy8YchE+rQeM/vKXG2gOdrEFmyz3waHcLOLRb0NIHMWthWQVXFaMUuYj+HSna6qo2WZNrHtlsct2DwVztZtQxhh21RsaXQQFsjohUSHr4zgPAAftdsdgds/91r6KG6PRzIz7fM9k5t4e2VBMT0uqGOTR02+YsGbiMBVUbqjITNcbHkddrnX+LbuqnWMhOnCsbYrtz3ts7yn1ymxZczXe4xeiMKmhjCnPYmm9G6pROslJ8mZzAVyWPfWB1LBgOC3/JsxjTeRJYqLYNBpTkRKr/aEUB8M1aE+5uOf+mpAVBQrVgW9V64bYtyNgwZRYfWh0SW2jMSOI79j7LiuTjh7ou8j2BoLf5OcIqc826zGLdmy9tIEnqjQ1am41Qf9KV79dN+GbGQQeaskBuo00OEgbIidJ01WC2H6E8FS4m/3e22GDpSyqDYhLVfFDj64bfBzO9An/A5WQO+NabTLjZ0xAeQdYmMvjuFBi9haO35EHYA0aqqAusNBmah1o/pg5saIRAPIA6+tujqiIng8eNOUKw0WlfhJHXEqL0OGVdriAJjvzmZreGLeTwKVoNanS8uO1Wl2qrCGtRWrjzZ8A9sThMZCNKx3utOVI9O6iJgSx0SbGk+tOHQQO3K9Um6IvS5SYp6VaAGeFmSJ6pLH3vhwJdsxXidAUdutGsb1aOO0xxNnmry1PO6PVvxU5RvblgJPzCrshmNDub1zdFiVgoFc5Q601W4wDezTdDAHtOKAQIuo/RbNENXy1ysuXMK+2X19ydExOgC2OlzDqnSqkwgZYoBWCM1UB/bk1uBoHOH1sW+qsLIeGDiL16H5GuS72cauvT3IzGoD81SrzJzxLGgMD3wlPjDjjYCdnkW3KQ6NacQoi+aKYa1OmXZ4noVZ1zGL6kgtzeOI0Rd7P54lG73iNTvhqRmy+nyF83RrvYPXukn6MVAThGkj7KGW4ugreS/JVrQV2IYQb+Qwsg00V83xwlkP5Yriy1JYkWfduB1z2rLk090lnbxCcE7qJbF8sJP0gygMpTc1UvuHgDy+8suuja1RhPm0/EKVtksz1EaepGgvVGXrSx6WvZB4EohY80Nt9wLv9yHRUeRJvuaEORFVfaHK611dc9da6ON4iUgbsLAlDprsj2WSp4/lramGy6OMZo+ipWYay7Aok4Jj2Tj1DNurj+cDPO/KGg6t09Mnv0nCVI9thGMX8LiudpRoqqGN0qLrh0vXcB3Jrp6lJd+NHFWDDghcOtdpuy6ekQrCwpUWhvuReYBOpCh0sWgZru30KJ4Xfz9L2yeFORRemaxY2eUPVvZpKQglPxR9391iAebTIDCVTFwz7ax73XXCsmu7fjIgikg+J1XB+AqKCtzIVzIRcZThHg0tnWbuw/qEV6KGZlzs/h7tZJcTS3aU9vpCsnaYDhIfUU7jZDeRGyajzEacE+UUnAmhgx9BoiK80hKI8nb5FqwB/4sRDv2d0FQk2NF2PDMYa3LyY5VMLPtnyQWkgtB3LS2nEjX5wEVgreXkevIBlS4lNdEySvQLzaepMaACAqEkyYFrR6Em+koKuUR6KpHpaLODxDVGhCp8oZVtGg6gC49a84uwfYCpkyyHUZ43dpq8NvbkjwddWTv1ADyhK918prmfCk9j7uRzmTv5BObu+lDp29bvtnWa/1pbp752aT+b9zx/7N+xdc1Rs8aO62hHSdruo1xAfwoXJE3xtULC/FTBc00nDHI990GQgxLNF4HEUXko/Gl98HSTKzgD6TSUj2GLfhBRFWkl8CTn78mr78MQlloU5Njr2GXxNFek9k1hv6AwiqMvKIyhiEySJzEKXZMY9QgSY54QaE2Ya0yKMAeaDCP0vG/IPcpDpugvBRz7Favm16x+D1/WbqxDXFGZxIWKjott2uqspT9dHxn+9nlurnfvt6aI4lUe3YSrq/ybhZN7Qj6bfpPYg0mMyZp8EYnxN1B2oSwDT673y6EqruNoSijJWXXiXh5HDHs1ASRNXE8AIokHzIBwNQNDbZ28lomYBJp/chF/E8n+OfoKjH5pC6zM4inIYR7wqUrB8rRw5MFL5kBqazpcIKjJVCRbTMUhLC5g+orpGBng0+I4WXh+0Ddtj1SUD8Ocv63kLFNNXIOapW7olHiATslbydDnoyBbkjW77wZmaLoFisn0176osDZVNXEjrkjpUuOyG4bu+qzldgKMyi2iSz43MHXrFkbaWynt/RLKdwElbcHzl3EE8crTLGKo9N9rdmTJV4bOfZlrWDH0a76PzNm4C2TofZAVjLbIlERx6i5AxzHwvWKH1GfDSPSgj/XOwHpZvhqKR77akne0czzZ4Z8o5Ggtv1TIrfWIucHG2XJ0pyP4gyyqH53wkPXh6nqg3eteZcr6poj/HkUg6pViC98/JAyGLHbAfQ5hUM9FGGtXNm3tf6oWm4oW/A1xkI8hDjar+GjqYF+5f4U76Cu9fXbkn+k1F/ZfhPfn3MA5wv9tZmBnhrlsPC6dkvH49zkXD4UsFf9yO1uQz5VnKvmMDEIxk00xQrGLR2UQuOJ5SE7Id/dufSpNHH00I39R/+6MPHmdKO05PzxfW5vB1wU9PClT7BMEPSqj8Sr9oNieuMyJoxQrnxQGsd8+zvP6OL+HjnDxoBchFJ2a69vDXxQF3UpT/iejIPYxzsx/Kwr6QPrvmyGekyEQ98rngphiDvUDfPFFQdB1uvVL+eL+IOj3ser/bRBEfSDH+jz3Q9+773nHk4Hshy33Ts1SQvHm4+m+yTsBzvvKhe0SLtzoO1cHC+m4qgY1/gE=&lt;/diagram&gt;&lt;/mxfile&gt;"><defs/><g><rect x="0" y="0" width="486" height="442" fill="#f6f6f6" stroke="none" pointer-events="none"/><rect x="27" y="136" width="441" height="205" rx="1" ry="1" fill-opacity="0.2" fill="#6633ff" stroke="none" pointer-events="none"/><g transform="translate(36.5,157.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="177" height="33" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font><b style="font-size: 16px">Pomerium <br /></b><font color="#575757" style="font-size: 14px">Identity-aware Access Proxy</font><br /></font></div></div></foreignObject><text x="89" y="23" fill="#000000" text-anchor="middle" font-size="12px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><path d="M 107 363.63 L 107 348 L 248 348 L 248 247" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 107 368.88 L 103.5 361.88 L 107 363.63 L 110.5 361.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 247.5 136.5 L 247.5 197.63" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 247.5 202.88 L 244 195.88 L 247.5 197.63 L 251 195.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><rect x="189.5" y="60.5" width="116" height="36" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)rotate(90,247.5,78.5)" opacity="0.25"/><rect x="189.5" y="60.5" width="116" height="36" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" transform="rotate(90,247.5,78.5)" pointer-events="none"/><g transform="translate(224.5,71.5)rotate(-90,22.5,6.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="45" height="13" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(158, 158, 158); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font color="#000000" style="font-size: 13px">Firewall</font><br /></div></div></foreignObject><text x="23" y="12" fill="#9E9E9E" text-anchor="middle" font-size="10px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><rect x="175.5" y="204" width="144" height="43" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="175.5" y="204" width="144" height="43" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><g transform="translate(230.5,218.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="33" height="13" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(158, 158, 158); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font color="#000000" style="font-size: 13px">Proxy</font><br /></div></div></foreignObject><text x="17" y="12" fill="#9E9E9E" text-anchor="middle" font-size="10px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><image x="432.5" y="128.5" width="46" height="46" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4QAAAOECAYAAAD5Tv87AAAgAElEQVR4nOzdB5hU1f3G8XfpXVAURcGIqKjYC9ZYYk2ixhhjYjcxasrfmGJNYowFY4kaSyyxYkfFDoiKKIoURcVCU6QJgjRp0vk/P+7ZuHC3zMzOzL3nnu/neeZZc3aNM+fMzD3vPa3irN1WCwCAFGgoqW2VR7sq/9xGUnNJrSW1ktTMlTWV1EJSY1fe0JWbCvfvVtXG/U1tVkqav87v50mqvGDOd3+zUNJySYslLXXlS1z5AknfuLJ57jG3yj/Pc/8fAAAkqhHVDwAokQ2rPDpW+edN3M+26zzapKQhGrowWtW6/7sY5q8TEO3xlaTp7qc9plX556/KWgsAgCAQCAEA+bKRuM6SOknazP38jqQOVcLeRlxj6tTGPTrn+PcrJM2sEhpnSJooaYqkqe7nZDdCCQBATrhYAwDW1V5SF0ldXdCrDH2VIbAUo2WoWyM30mqPnWr567lVwmFlWLTg+KmkCZJmxf4NAECwCIQAEKaNJW3lQt+W7tHVPdZddwe/tHOPHWt41vNcOLTHZ+5h/zxe0pexvwYAZBqBEACyq5ELet0ldZO0g/tpoa8l7R4sC/y7u8e6FrtgOEbSh+7nRy40roj9NQDAe+wyCgD+a+xC3naStnc/7bGNpCa0L4pgmaSxkj5xj4/dz0/dTqsAAE8xQggAfllf0i5uOuBO7rEdwQ8l1sSNMO+wzn/GguJoSe9L+kDSKEnvSZpDgwCAHwiEAJBets5vV0m7uZ+75rEjJVAOTarcmKjKNrQZ6R7vup+sTwSAFCIQAkA6tHTBby/32FPSprQNPNXZPX5U5el/IWm4pKHuYUFxEQ0MAMliDSEAlF+FW9/Xwz32dhu/cJMOIVnhNqx5W9Iw97B1inRMAKCMCIQAUHot3Kjf/u5nD87yA6o11wVDG0Ec7H4uru4PAQDFQSAEgOJrLWk/FwAPkLSH2wkUQH5sB9MRkl53AfFNSQuoQwAoHgIhANTf+lXC3/5uF9CG1CtQdCvdLqaDXUi0gDibagaAwhEIASB/rVz4+5572Pq/BtQjUHar3DrEV93DQuJCmgEAckcgBIC6NXS7fh7uAuBebAADpNIKt+7QwuFLblfTlTQVANSMQAgA1dtc0qGSjnAhsG21fwUgzb6W9Iqk/u7nRFoLANZGIASAiI0C7ivpB5J+KGk76gXInE8kvSjpBUlvMXoIAARCAGGzzWAOk3SUGwlcP/QKAQIyx40cvuCml86h8QGEiEAIIDTdXAD8gRsRZC0ggBVuxLBy9HB08DUCIBgEQgBZZ7t/7i3px5KOkbQlLQ6gDp9JelbS05KGuN1MASCTCIQAssgOgT/YhcCjJW1MKwMo0AwXDvtIek3SMioSQJYQCAFkRRNJh0g63o0EtqNlARTZXBcOn5T0MuEQQBYQCAH4rLELgSe4EMjREADKZZ4Lh71dOFxOzQPwEYEQgG8q3GYwP5f0U0ntaUEACZsl6QlJj7jNaehcAfAGgRCAL3ZwIfBEd2g8AKTRJEmPuscoWghA2hEIAaTZd6qEwO60FADPfORGDS0cTqTxAKQRgRBA2qzn1gSeKmkfN0UUAHy22h1f0UvS45K+pjUBpAWBEEAaWOg7QNKZ7qiI5rQKgIz6xh1hca87xoKOGIBEEQgBJKmzpNPcgwPjAYTGDsB/wD0m0/oAkkAgBFBuzd0o4Onu8PgGtACAwK2SNFDS/W708JvQKwRA+TSirgGUiW0K82tJJ7l1ggCASAN3puohbn3hw5Jud5vSAEBJcWceQCk1dQFwsKQPJf2GMAgAtVrPfVd+6L47T3LfpQBQEkwZBVAKth7wbElncHA8ANSbHXx/n6S7JH1KdQIoJkYIARRLQ0nHSuovaZyk8wmDAFAU7d136lj3HXus+84FgHpjDSGA+trQjQaeI2lTahMASsZu5B/uHl9IukPSnZK+osoBFIoRQgCF2kHSf91W6VcQBgGgrDZ1372T3XfxDlQ/gEIQCAHkw74zfijpZUmj3EHyzahBAEhMM/ddPMp9N/+Q/h2AfPCFASAXrST9VtIYSc+7rdEBAOlyiPuOtu/q37nvbgCoFYEQQG06S7pO0hRJt0raqpa/BQCkg31X3+K+u6933+UAUC0CIYDqbC/pAbe9+Z8lta3mbwAA6Wbf3X9y3+X2nd6d9gKwLgIhgKr2lfScOxD5VEmNqR0A8F5j950+yk0p3Y8mBVCJQAigwm1CMFjSm5KOcmUAgGzh+x5ADIEQCJfdMT6FO8YAECRmhABYg0AIhKep2zF0vKRerCkBgKBVXTP+O44SAsJDIATC0cxd7D9zO4ZuTtsDAJzObmdSC4b/RzAEwkEgBLKvuaRz3UXeLvab0uYAgBrYNeJmd/PwXHcNAZBhBEIgu+wi/nsXBP9NEAQA5KGju3ZYMDyPYAhkF4EQyJ7m7uI9QdJN7qIOAEAhNpF0o7um/EFSC2oRyBYCIZAdTdy6j8/dxXtj2hYAUCR2TbnBBcNz3TUHQAYQCAH/2ef4NElj3bqPDrQpAKBEOrippOPctachFQ34jUAI+MsOEz7WnSF1v6Tv0JYAgDLZ3F177CzbH3PAPeAvAiHgp0MkDZXUR9J2tCEAICF2DXpK0jB3bQLgGQIh4Jc9Jb0i6WX3zwAApMEe7tpk16getAjgDwIh4IeubjTQRgW/R5sBAFLKrlFvu2tWVxoJSD8CIZBu7d2ubh+79YKs0QAApF3lGveP3a7X7WkxIL0IhEA62Xbef5I03p37xPbeAADfNHHn4o531zSuZUAKEQiB9Km8q3q9pLa0DwDAc23dNY3ZLkAKEQiB9NhL0hDWXQAAMqpyPfwQd80DkAIEQiB5nSU94i6Qe9MeAICMq7wB+oi7BgJIEIEQSE4zSX+RNFrSz5lCAwAISIW79o1x18LmND6QDAIhkIyjJH0o6UpJLWgDAECgmrtr4ShJR/MmAMqPQAiUl62f6CvpOdYJAgDwP3ZNfFZSP66PQHkRCIHyaCWpp9th7UjqHACAah3hrpVXu2sngBIjEAKl93O3TvBizmACAKBOdq28yK0vZI09UGIEQqB0tpH0qttFbTPqGQCAvGzqrqGvuGsqgBIgEALF11TS3yV9IOlg6hcAgHo52F1TL3PXWABFRCAEiusgLloAABRd1ZutB1G9QPEQCIHiaC/pATdFlGktAACURuVyjAfctRdAPREIgfqxhe6nu01jTmXhOwAAJVfhrrlj3DWYay9QDwRCoHB2l/I1SfdxlxIAgLLbwF2D7VrcjeoHCkMgBPLXyG2H/b6kA6g/AAASZdfi99zxTo1oCiA/BEIgPztKGuoOzG1G3QEAkAp2Te7prtE70iRA7giEQG6auN3NRkjajToDACCVdnPX6r+7azeAOhAIgbrt6i4ul3FxAQAg9Zq4a/YIdw0HUAsCIVCzpm76yTCmnwAA4J0d3TW8J8s8gJoRCIHq7cUCdQAAvNfIXctHums7gHUQCIG1NZZ0paTBkraN/RYAAPjIrulvSrrKXesBOARC4Fvbud3J/sKoIAAAmdNQ0iVuGul2NC8QIRACUoWk8yS9y+JzAAAybxd3zT/P9QGAoBEIEbpOkl6RdCMLzgEACEYzd+1/xfUFgGARCBGykyR9KOlg3gUAAATpYNcXOJnmR6gIhAjR+pJ6S3pI0nq8AwAACJr1BR50fYMNQq8MhIdAiNAcKGmUpONpeQAAUMXxro/wPSoFISEQIhS2a+gVbq3AprQ6AACoRkdJAyT9k+MpEAoCIULQWdIgSX91W04DAADUxPrHF0p6S1LXGv4GyAwCIbLuOEkfSNqXlgYAAHnYQ9JItwkdkFkEQmRVC0l3SHpSUltaGQAAFKC124TuPkktqUBkEYEQWdRd0nBJZ9O6AACgCE6X9I6kHalMZA2BEFlzlqQRkranZQEAQBF1kzTM9TWAzCAQIitsiugDku6U1IxWBQAAJdDM9TV6ub4H4D0CIbJgG3fH7lRaEwAAlMEpru/RjcqG7wiE8N3xbr1gd1oSAACUUXcXCo+n0uEzAiF8ZYfF3iSpt6Q2tCIAAEhAG9cX+TcH2cNXBEL4qJOkNyT9ntYDAAApcK7rm3SmMeAbAiF8c5ikdyXtRcsBAIAU2csdTXEYjQKfEAjhiwpJF0vqK2lDWg0AAKSQ9VH6uT5LBQ0EHxAI4YOWkh6T1FNSQ1oMAACkWAPXZ7G+SysaCmlHIETadZE0RNJPaSkAAOAR67u85foyQGoRCJFm33NHSuxIKwEAAA/t6Poyh9B4SCsCIdLqj5JekrQBLQQAADxmfZn+rm8DpA6BEGnTXNJDkv7FekEAAJARDV3f5mHX1wFSg0CINLHzBd+UdBKtAgAAMuhE19fpROMiLQiESIu93Rz7XWkRAACQYbu6Ps/eNDLSgECINLC7ZQMlbUxrAACAAGzs+j7MikLiCIRIkh3YeqVbM9iMlgAAAAGxvs+Dkq7iEHskiUCIpNiC6t6S/sKXIAAACJT1gS6R9ASbzSApBEIkwaZJDJL0E2ofAABAx7m+EctnUHYEQpTb9pKGStqTmgcAAPgf6xsNk9SdKkE5EQhRTodKekvS5tQ6AABATGd3LMVhsd8AJUIgRLmcJulFSetR4wAAADWyvtILru8ElByBEOVgG8fcJ6kxtQ0AAFCnxq7v9FeqCqVGIEQpNZR0uztagp1EAQAAcmd9pysk3eH6VEBJEAhRKi0k9ZF0DjUMAABQsLMlPe36VkDREQhRCu0lDZR0NLULAABQb0e5vtWGVCWKjUCIYusiaYikHtQsAABA0fRwu7VvSZWimAiEKKY9XBjciloFAAAouq1cKNyDqkWxEAhRLAdLelVSB2oUAACgZDq46aOHUMUoBgIhiuEYSX0ltaY2AQAASq6VO9/5eKoa9UUgRH3ZoalPSWpKTQIAAJRNE0mPsqM76otAiPo4zx2aytk4AAAA5Vd55vNfqHsUikCIQl0u6UYOnAcAAEjclZKuoV+GQhAIkS/7orlF0t+oOQAAgNS4QNIdzNxCvgiEyEcjSQ9K+h21BgAAkDpnub5aY5oGuSIQIldN3OYxJ1FjAAAAqfVzSU+6vhtQJwIhctFC0nOSjqa2AAAAUu9o13drQVOhLgRC1MXOuXlB0uF1/B0AAADS43DXh2tFm6A2BELUZj1J/SUdVMvfAAAAIJ0Ocn259Wgf1IRAiJq0lTRA0r41/B4AAADpt6/r07WlrVAdAiGq007SK5L2rOZ3AAAA8Muerm/XjnbDugiEWNcG7gtjt9hvAAAA4Cvr273q+nrA/xAIUVV7FwZ3pVYAAAAyZxfX12tP06ISgRCVbArBy5J2pkYAAAAya2fX52P6KNYgEEJu56kBhEEAAIAg7Oz6fuw+CgIh1EZSP0m7UxUAAADB2N0dSdGGJg8bgTBsLSS9KGnv0CsCAAAgQHu5vmALGj9cBMJwVYbB/UKvCAAAgIDtRygMG4EwTM0kPS3pwNArAgAAAGv6hM+4PiICQyAMTxNJfSQdFnpFAAAA4H8OdX3EJlRJWAiEYWko6XFJR4ZeEQAAAIg50vUVG8V+g8wiEIajQtIDkn4UekUAAACgRtZXvN/1HREAAmE4bpZ0UuiVAAAAgDpZn/EWqikMBMIw/EPS70KvBAAAAOTst5Iup7qyj0CYfb+XdGnolQAAAIC8/U3SeVRbthEIs+1USTeGXgkAAAAo2A2STqP6sotAmF1HS7qXBcEAAACoB+tL3iPpGCoxmwiE2XSwpCfcMRMAAABAfVifsrfrYyJjCITZ00PSMxwqCgAAgCKyvuWzrq+JDCEQZktXSc9Lah16RQAAAKDoWrm+ZleqNjsIhNmxoaR+7icAAABQCvQ5M4ZAmA0tuFsDAACAMqmcldaCCvcfgdB/tsj3UeZzAwAAoIx6uD4omxh6jkDov1vcERMAAABAOR3t+qLwGIHQbxdJ+nXolQAAAIDE/Nr1SeEpAqG/TpLUM/RKAAAAQOJ6ur4pPEQg9JMdCnqvpIrQKwIAAACJq3B9Uw6u9xCB0D/dJfXh4HkAAACkSBPXR+1Oo/iFQOgXO+/laUnrhV4RAAAASJ31XF+VMwo9QiD0h911eYazBgEAAJBiXV2fldlsniAQ+qFyXvY+oVcEAAAAUm8f9rvwB4HQDxezcxMAAAA8cpLrwyLlCITpd4KkK0OvBAAAAHjnSteXRYoRCNOtB8PtAAAA8FTlsqceNGB6EQjTazNJz0pqEXpFAAAAwFstXJ92M5ownQiE6dTC7c7UIfSKAAAAgPc6MNCRXgTCdLpT0m6hVwIAAAAyY1dJd9Gc6UMgTJ8/Sjo59EoAAABA5pzk+rpIEQJhuhwi6drQKwEAAACZda3r8yIlCITp0UXSY5Iahl4RAAAAyKyGrs/bhSZOBwJhOtgC26clbRB6RQAAACDzNnAbKLLJTAoQCJNn57PcL2nH0CsCAAAAwdjB9YE5bzthBMLkXSTp+NArAQAAAMGxPvDFNHuyCITJOlzSFSFXAAAAAIJ2uesTIyEEwuR0kvQgm8gAAAAgYA1dn7gTb4JkEAiT0UTS45I2DPHFAwAAAFVs6PrGTaiU8iMQJuM6SXuH+MIBAACAauzt+sgoMwJh+dni2XNDe9EAAABAHc5ls8XyIxCW1zaS7gnpBQMAAAB5uNv1mVEmBMLysYM3n5LUOpQXDAAAAOSpjaQnObS+fAiE5XOHpO1DebEAAABAgbq7vjPKgEBYHmdLOiWEFwoAAAAUgfWdz6IiS49AWHo7SLox6y8SAAAAKLKb3GghSohAWFo29/lRSc2z/CIBAACAErA+9GOsJywtAmFp3cC6QQAAAKBg27s+NUqEQFg6P3FrBwEAAAAU7mzXt0YJEAhLY3NJd2XxhQEAAAAJuMv1sVFkBMLiayjpEUntsvbCAAAAgIS0c33sRjRAcREIi+8fkvbJ2osCAAAAEmZ97MtohOIiEBbXgZIuytILAgAAAFLE+toH0SDFQyAsng0kPeymjAIAAAAoPutrP+T63igCAmHx3CGpY1ZeDAAAAJBS1ue+k8YpDgJhcZzOVrgAAABA2Rzn+uCoJwJh/XWRdLPvLwIAAADwzM2uL456IBDWj81hflBSa59fBAAAAOCh1m49IXt41AOBsH7O54gJAAAAIDF7S7qQ6i8cgbBwO7ozBwEAAAAk5++SdqL+C0MgLEwTN1W0iY9PHgAAAMgQ65P3om9eGAJhYf7hRggBAAAAJI/ZewUiEOZvb7d2EAAAAEB6nO/66sgDgTA/TSXdy05GAAAAQOo0dH31ZjRN7giE+blUUjefnjAAAAAQkG6uz44cEQhzt5ukC3x5sgAAAECgznd9d+SAQJgb27HoPkmNfHiyAAAAQMAaub47u47mgECYm79I2sGHJwoAAABgTd/9L1RD3QiEdbM300Vpf5IAAAAA1nIxB9bXjUBYO4abAQAAAD81lnQPy75qRyCs3QUsSAUAAAC8xcaQdSAQ1owtawEAAAD/WZ9+W9qxegTC6lVIusMdRA8AAADAX9anv9318bEOAmH1Tpd0QLW/AQAAAOAb69ufQavFEQjjNpR0XawUAAAAgM+udX19VEEgjLte0gaxUgAAAAA+28D19VEFgXBtB0k6JVYKAAAAIAusr38wLfktAuG3mrqNZFhsCgAAAGRThdtgphntGyEQfusSSVvHSgEAAABkifX5L6ZFIwTCyDaSLoyVAgAAAMiiC92548EjEEbDxndy5iAAAAAQDJaLOQRC6eecOQgAAAAExzLAz0Nv9tADYSt3HgkAAACA8FzrMkGwQg+Ef5G0aawUAAAAQAg2dZkgWCEHwq0k/SFWCgAAACAkf3DZIEghB8Ib2UgGAAAACF5Tlw2CFGog/IF7AAAAAIBlg6NCrIUQA2EzSf+OlQIAAAAI2b9dVghKiIHwfElbxkoBAAAAhGwLlxWCElog7CzpolgpAAAAAERZoXNI9RBaILxGUotYKQAAAABEWeGakOohpEC4t6QTYqUAAAAA8K0TXHYIQiiBsMJtJVsR+w0AAAAArJ0dbgolO4QSCE+U1CNWCgAAAABxe0o6KVaaQSEEwuaSesZKAQAAAKBmPUPYfySEQHheaDsFAQAAAKi3TpL+kPVqzHog3JBjJgAAAAAU6AJJG2W58rIeCC+V1CZWCgAAAAB1syzx9yzXU5YD4daSzo6VAgAAAEDuzpK0TVbrK8uB8GpJjWOlAAAAAJC7Ri5bZFJWA6EdMXFsrBQAAAAA8vejrB5jl9VA2JND6AEAAAAUSUVWj7LLYiA8RNLBsVIAAAAAKJxljEOzVn9ZC4SW3K+MlQIAAABA/WVuJmLWAmFm5/YCAAAASNzuko7LUjNkKRA2ZHQQAAAAQIn9w2WPTMhSIDxF0naxUgAAAAAonu1c9siErATCppIui5UCAAAAQPFd5jKI97ISCM+RtHmsFAAAAACKb3OXQbyXhUDYXNLFsVIAAAAAKB3LIC18r98sBEJL5h1ipQAAAABQOh2yMEroeyC00cELYqUAAAAAUHrnu0ziLd8D4VmSNo6VAgAAAEDpbez7KKHPgdCS+IWxUgAAAAAonwt8HiX0ORD+StImsVIAAAAAKJ+N3cxFL/kaCJsxOggAAAAgJbwdJfQ1ENroYMdYKQAAAACUn2WTM32sdx8DIaODAAAAANLmQpdVvOJjIPylpE1jpQAAAACQnE19HCX0LRA24txBAAAAACl1vsss3vAtEJ4oqXOsFAAAAACS19llFm/4FAgrGB0EAAAAkHIXuOziBZ8C4Q8lbR8rBQAAAID02N5lFy/4FAjZWRQAAACADy7ypZV8CYT7ugcAAAAApN0+kvb3oZV8CYSMDgIAAADwiRcZxodA6NUcXAAAAACQ9H1JO6S9InwIhF7t0gMAAAAAvpySkPZA6N05HgAAAADg/Czt56inPRD+n28n/QMAAACA08hlmtRKcyBsJenMWCkAAAAA+ONMl21SKc2B8AxJbWOlAAAAAOCPti7bpFJaA6E9r3NjpQAAAADgn3PTmr3SGgiPktQ1VgoAAAAA/unqMk7qpDUQ/jZWAgAAAAD+Oi+NzzyNgXA7SYfESgEAAADAXwdK2j5tzz6NgfA8DqIHAAAAkEG/T9tLSlsgbC/p5FgpAAAAAPjvZJd5UiNtgfAcSc1jpQAAAADgv+Yu86RGmgKhneJ/VqwUAAAAALLjHJd9UiFNgfCHkjrFSgEAAAAgOzaVdExaXk2aAuHZsRIAAAAAyJ7UHLOXlkC4paTDYqUAAAAAkD0HuuP2EpeWQHhWig/JBwAAAIBiqkjL5jJpCGFNJP0iVgoAAAAA2XWKpBZJv7o0BMLj03YWBwAAAACUWFtJP0u6ktMQCFN1DgcAAAAAlEniG2smHQi7S9ovVgoAAAAA2benpJ2SfJVJH4jI6CBKrs0GUudtpI06SxtuJrXfNCpr3U5q0Vpq1lKqqKAdAAAIzerV0pJF0uIF0oK50vzZ0qwvoseMSdLksVEZUGI2SvibpCq54qzdVscKy8QWUE6TtF5STwDZY8Fuky7Stj2krXeVvrO91HZDGhoAABRm3lfSxI+lcSOl0cOk6ROiIAkU0deSOkpanESlJhkIbVedXrFSIE8NG0nb7C7tcpC00wHSemxRBAAASuTrWdIHr0vvvSaNfUdauYKaRlGcKunBJKoyyUA4SNIBsVIgR5ttJe19lNTjCKn1+tQaAAAorwVzpGH9pbefl6aOp/JRL28klY2SCoRdJY1zBzICOatoIO30Xel7J0ZTQgEAANJg/EjplUekD96QVq+iSZA3C2XdXEYqq6Q2lfklYRD5aNBQ2uv70vd/GW0MAwAAkCZb7Ro9vpoq9b1HGtpXWrWSJkLOLBudIenicldZEiOEDSVNkrRp7DdANXY9WPrxuQRBAADgDwuGfW6WRg6k0ZCz6ZI6SSrrrYQkAuERkvrFSoF1dNpGOuHP0la7xH4FAADghfHvSY9fL00ZS3shJ98vd1ZK4mD602IlQBVNmknH/0G65EHCIAAA8Jv1ZaxPY30b6+MAdSh7Vir3CGFbNxTKxwHVsi/N0/8hte9Y3W8BAAD8NWuadP/fo1FDoAZL3JmEc6v/dfGVe4TwBMIgqmObxhzzG+lPdxIGAQBANlkfx/o61uexvg9QDctKP40Xl065AyHTRRHTZgPpz3dJ3/9FdKwEAABAVllfx/o81vdZrz3NjGqVNTOVs/vdRdJesVIErcuO0t8ekbbcKfSaAAAAIbG+z18flrbckWZHzF4uO5VFOQPhSZw9iKr2ODyaNmEjhAAAAKGxPtAf74z6REAVlplOLleFlDsQAmsccbp05lVSo8bUBwAACJf1haxPZH0joIqyZadyBcI9JW0TK0WQfvx/0rG/o+0BAAAqWd/I+kiAs7XLUCVXrkB4YqwEwamokH52gXQ4WwsBAADEWB/J+koVLLJCpCwZqhyBsEG5t05FOv34XOkg3gkAAAA1sr7Scb+v6bcIzAnlyGvlCIQHStokVoqg/OBM6bBTaHMAAIC6HHqy9MNf1fFHCMHGLkuVVDkC4c9iJQjK/sdKR59DmwMAAOTqqLOjPhSC9/NSV0CpA6HtIXlcrBTB2LaHdOJFtDcAAEC+rA9lfSkE7ceSmpSyAkodCA+TtH6sFEHYqLN09jVSg4a0NwAAQL6sD2V9KetTIViWpQ4t5YsvdSBkdDBQTZtLv75Oat4q9JoAAAAonPWlrE9lfSsE6yelfOGlDIQ2XfSYWCmCcNLFUsctaWsAAID6sj6V9a0QrKNdtiqJUgbCA5kuGqYeR0o9vh96LQAAABSP9a2sj4UgrV/K3UZLGQhLOrSJdNqgI5vIAAAAlIL1sayvhSCVLFuVKhA2ZLpoeCoqpFP/JjVrGXpNAAAAFJ/1sayvZX0uBOcYl7GKrlSBcD9JHWKlyLS9j5K67UEbAwAAlIr1tazPheB0cBmr6M4oPeAAACAASURBVEoVCNldNDCt15eOPy/0WgAAACg963O1ZqeOEJUkY5UiENog9rGxUmTaMedILdrQxgAAAKVmfS7reyE4P3ZZq6hKEQh7SNosVorM6rS1tB+3AAAAAMrG+l7WB0NQNpW0V7FfcCkCIdNFA3P8H1ncDAAAUE7W97I+GIJT9KxVikDIWFFAtt5N2mb30GsBAACg/KwPZn0xBOVHxX6xxQ6E3SRtGStFZh37O9oWAAAgKfTFgrOly1xFU+xA+INYCTLLtj3usgPtCwAAkBTri3Xbk+oPTFEzF4EQBTvsFOoOAAAgaYefShME5uhivtxiBkI7DeW7sVJk0mZbSdvvQ9sCAAAkbbu9or4ZgrGvy15FUcxAeISkhrFSZNKBP6VdAQAA0oK+WVAauuxVFMUMhEwXDUSzltKeh4deCwAAAOlhfTProyEYRctexQqERU2pSLceR0pNW9BIAAAAaWF9M+ujIRhFm53ZKFZSmL2LOY8V6bbX92kg38z7KnosnCfNnyUtmCctXyItXhi9kCWLpNWrpOat7KRbqWlzqUlTqVU7qc36Uuv1pTYbSOtvLDUoxemlQAmtWinNni7NnyPNny0tmBt9FuwzsHRJ9N63z0CDhlGHqkLRZ6FJs+h937qd1Kpt9P5vzZUOHlq6WJrzpfT1bGnh3OgasGietGyJtGKFtGKZtHyp1Lip1KiJ1KhR9P5vuV50HWjdVmrTXtpgY24Ip5310V5/MvRaCIZdkWxHj8H1fcHFCoTHxEqQSe07Sl12pG3Tau4MaeIn0uQx0pefSzOnSl9NkZZ+U5wn3LCRtEFHqUNnaaPOUudu0ubdpI2/I1UQFJGwVauk6ROkSZ9IU8ZJMyZLMydHYdBCYTE0ayFt2EnaqJO0SZfo/d95W6nthrQ+kmfBb/JYadJo6YtPo+9/+xzYjZBisZskdg2wz8GmXaXNt5U6b0NQTAvro1lfbda00GsiGMcUIxBWnLXb6lhhAT6RtG3oLRKCI8+QfvTb0GshHVavlqaOl8YMl8a+I038OBr5SIKNKFo43GZ3aRt3PmWjxqG3EErNRjQ++0AaPVwaN1KaMjYqS4J1ku19b58BOw+sYxeaH6W3YE70/W+fgU/fj8KfjXiXm90QtJC45U7RZ2DbHtHsEiTjmdukfvdR+YEYU4wMVoxA2EnS5FgpMuniXtJ3tqNtk7JksfTRm9L7g6RPhkqL5qfzedpUo647S7scJO10gLRe+9ifAAWxUfCRA6UPXpc+GxVNdUsj6wxvt7e084FS932lxk1obxSH3fx77zVp1OBoRHx1Ue7rF5+NoO+wX3Qd2KK7VFHBG6BcbKbQ1ZxLGJLN65vFihEIfyHpnlgpMsc69df040u93GzE491XpXdflj4Zlt4OcE3sznGX7tJuh0h7HsEaLORv3kxpWD/p3Vei6dBp7QDXxNZl7bCvtPth0Q0SRs+RL+vgD30xuhloN0V8Y1Oq7eZIj+9HI+koLfuOvPBI6etZVHQgzpZ0V31eajEC4aOSfhYrRebs9yPplL/SruUyYZQ05HlpxIBow4sssDWIdsd436OjUZMGnFyKGqxYHo0CvvWcNHpotD4wC2yTDrsxYp+BTtvQ+qiZLQEY1jf6DEz7rMY/846tOd/naGnvH0RTrVEaD10lDX6ayg1EH0nH1eel1jcQ2jYSdq+KCWEB+FXP6A43SmfliigAvvJQtClGlrXbSDroZ9L+x0otWvOmQsQ6wa8/IQ16MloflWW2+cOhJ0k7H8TuvfjW1HHSyw9L7wyIboxkld0g3P1Q6XsnRhvToLjs/fPfS6jUQHwtyW6vFLx9Wn0D4a6S3o2VIpOuG8Ai8VL5ZqE0qLc06InoeIiQ2M50+/xQOvw0qV2HsF47vvXVVKn//dGIyHLPpkXXl+3ce8iJ0v4/Zq1hyD5+WxrQSxozIrxK2GpX6dCTpZ2+G/sVCmTH7JzPTfyQ7C/pzUJfb30D4YWS/hkrReZssoV02RO0a7HZcRAWBF96IL0bxJSLrauyaUTf/wXBMCQWBPveIw3tW7yjIXxl67Ttxsh3jyMYhsQ2CHv+TmnCh6HXRLRp3dG/lrbfO/YrFOCy46Xpn1NzgfiHNXmhL7W+gfAVSd+LlSJzrKN+2qW0a7HY1NDXekv97o0OyMa3bAOOA46TfnCm1KINFZNVdvfatkZ/+wWC4LosGB51VrRum/M9s+vzj6Q+t0jjmGcVYxvP/OS86BgLFO6By6Uhz1GBgXjLtvso9KXWJxA2tx3AbcZX7DfInBMvkg74Ce1aDB++KT1xQ3ReFGrWsk10p9hGS1hflR22JurVR6W+d0fHqKBmm20lnXC+tPWuNf4JPGTLAp6+Jdo517cdc8vJdjTf7VDpJ79n1kihXn9SeoR5fKFY7tYRLijk9dYnEB4hqV+sFJl0SS9pc84frJdZX0RfzLZOBLmzA75PvFjaahcqzXcfDZEevSb6LCB3ux4cBUPbuh/+spHwAQ9GU6RtuQByY7NGjjg9enBkS34mfSL15DzCkBwl6YVCXm/D3ToWPN30HJtJGCtF5thduhP+HO0IhvytXiW98rB010XSlxOpwHzZrpM2rfDr2dLWu9Eh8JFNi36op9TnZmlxQfcuw2ZrgN58Rmq1Hrsx+mrSaOm286JRQVsygNxZkLZpte+/Fr3/bYdq5MZm2vS73zoiVFggZkp6qZCXWp8RwvclMbs7ALYDXk/moBdk+gTpvsuiu3SoP+sInPyX6AxD+MG2Pn/suijYo/7spoit526/KZXpgxXLpGfviG4Ksla2/mxN7cE/k479HRsv5eqSo6XZ0/x4rqg325pqx0L+TwodIbTDB663z2bsN8icLXeUehxJu+bLdg+98wJpzpd+Pe80swP6R7wUjTh124OD7dNs6WLpwSuk5+6Qli0JvTaKZ/b0aJOI9TtEawyRXjaye/O50nsDWStYNKulzz+U3ntN6rozB9vnwnaxnTkl/c8TRWHj57faaWb5/p8VGgjtZJOfx0qRSdvtLe3AiEzOFn0dHQb76iPcES6ViR9LH7wenV3Vul02X6PPJn4i3fQbdk8sFduYxzrEMydL2+3FNOo0eqNPdENw7ozQa6I0FtpSguelZi2lLbpn8RUWjwVou2YiCDZQN0TS2HxfbKF79+0fK0Fmrb8xbZsr+9K9/OfSqDf8eL4+++JTqecp0UHmSA87TuXaX0TnC6K0hveXrjpJmjaBik4LGw23G4IP92RkvNSWL5Mev1664/xoRgKq144+XGgOKOT1FhoIC/qPwU8Ewty89Zx03a+keTN9eLbZsHypdO+lUu8bpFWrQq+NZNlaqQf+IT12LZtmlJNNBfvn6dLIgeG85rSaNU265oxo3SzKx0bLrz49GjFHHH244JQtENpR0WwAHxA7JBk1syBiW+n3ujzqFKP8bHquTVFcNJ/KT4Kdq3bdmdKQ58N77WlgoyN3XSg985/QayI5Y4ZLPU+Wpo4PtQaSZRu4XX1adLQN1kYfLjg7uayWl0ICoR01wVYOAWmZ99sqHHaWlG0lPuiJ0GsieWPfie7Os5taeVlHzEaoJrKTbqJs05J+90p3X8IIbbkNfVG65ffckEqaHWlj1+PBT4ddD+uy42oQFMto++X7ggsJhEwXDQyBsHoL5kj/Oos7kmkyY5L0zzOkyWNCr4nyGD9SuvaXbJyRJiMGRKPltiMvSq/vvdL9l0Ub/SB5NmPnoaukZ2+nMSq1aB0rQvZ9N99XWEggzPs/Ar81bUEDrss2zLBRETtsGOkyf7Z0/VnRiCFK5/1B0k2/5aD5NBrngrp9FlA6j14rPfsfjpRIo773RGuaV7O2nD5cmEoeCO1ttXusFJnWvBXtW5WFQRsZnMXUxNSyNVW3nid99FboNVEatrulbanPqEh62S68tq6TTa6Kz0JGryuis2aRXram+b6/EwrpwwVpd5fZcpZvINxLUpNYKRCIaZ9FYXAunazUsy3fb/8zR4AUm4XB+y5lV1cf2A6k/zqbUFhMFi4sZLz1bHZeU5YN6yfddTHrahGcxm7Pl5zlGwjzXqQIZIVtaX3DOYRBn9gI1p0XEgqLZWhfwqBvLBRey0hhUVSGQQsZ8MfIV6OzIUMfKURw8jozvpARQiA41pmyMLhgLm3vGwuF1hkY927oNVE/H7whPXAZYdBHtvOurfdcOC/0mqgfWzNIGPTTewOlXleGXgsIzN75vNx8AmGFpB6xUiDjrBPFyKDfbProf/4kTeJohILYBj13XUQY9Nn0z6Wbz2X30ULZGY+vP+nnc0dkyHPSEzdQGQjG7i675SSfQLi1pPVjpUCGWZD49++kGZNpZd99szA6K8w2BULupoyT/vNHacUyKs13dkPE1tWynio/Ax+LzniE/155ROp/Pw2JILRz2S0n+QTCvIYeAd/ZeoN7/sqZdlliU35t91GOSsjN17Oig56XLPbh2SIXY0ZID/ekqnL14ZuMKmXNM7dF6wqBAOSc3fIJhKwfRFD63BqdtYZs+XJidGQCoyS1W75Uuu0PTJXOoreek156IPRaqNvUcdLdlzBVOmvs3EjbHIglBAhAztktn0DI+YMIhq01GNCL9s4qGyV57NrQa6F29/5NmjS61j+Bx56+NdooCNWz2QS3/ZHR8ayy5SC3/kGa91XoNYGMK3ogtMMNd4qVAhk0Zaz0yD9p2ax7o090cDHiBjwojRwYK0aGrBkluTQ6lgJrs+UCNjI458vYr5Ah82e7zbJW0qrIrO65HlCfayC00cFGsVIgY2xt2R0XSMvZQCMIFvynjg+9FtY2fmQ0eoTss42W7uT7LubZO6JZBMi+zz6Qnvw3DY3MapjrDM9cAyHrBxEEW1cw6wvaOhS2Ts46xGzFH5k/R7rrYu6Yh8RuiDxydei18C3bRKb/fbFiZNirj7DJDDItpwxHIASc13pLo1hTExybMscU4YgdPG/TqBAWmzo9YgCNbu/9+y+LptMiLA9eyQZayKyiBkIOpEem2c6TTzFtJFjD+knvBN4hHvSE9NGQWDECYaOEoXeIH7hcWjgvVowA2HKR+//OzQBkUk4ZLpdA2EFSx1gpkBE2Pc7OG7TpgwjXw/8Md8e5GZO4IRK6yg5xqN54SvrordDfBWGzdaM2fRTImI4uy9Uql0C4a6wEyJAX7+bweUiL50u9Lg+vImxHRTtiwrZhR9isQ/za4+FVga0bf+LGWDEC9PRt0vTPaXlkTp0by+QSCDl/EJk1fYLU/37aF5GP346mj4Zk4OPSRA5ohvPMbdLcGWHVxkNXcUMEkRXLovcDkDF1Du4xQohg2VqBB6+SViznPYBvPXGDtGh+GBViHf9nb48VI2B2EPuj14Tz+of2lUYPjxUjYJ++Lw3uwzsAmUIgBGoy+OnoDCKgqgVzpScDmT5mu6suXRwrRuA+eEMaOTD7dbDo63A+68hPn1vYcRmZUu8poxtI6hwrBTxn68We4fBt1ODtF6TPP6r+d1lhG2iMGsw7ANXrfX32N9qy0XG7AQSsyzZZslAIZMRmLtPVqK5AuFOsBMiA5+8KZ1og8mfTiXv/K7sVZzvr9r4hVgz8jx1BMeDB7NbHtM+iWSJATWw68aTRNfwS8E+tmY5AiODYmYN25hpQmwkfSsP71/IHHnutd3TUBFCblx7I7lEsdkPEbowANbEdmLN8YxDB2bm2F0wgRHCevImOAHLT52Zp+bJsVZaNjL/w31gxELP0G+npDE6tt6nSo4fFioEY22Bm5KuxYsBHtWY6AiGC8tko6cM3aXPkxqbN2YHVWTKgV7SGFsiFHcOStXPZnrsjVgTUyNaarlpV028Bb9Sa6WoLhI0lbR8rBTxmZ2wB+eh7TzRSkgW2q6JNFwVyZdPmXszQiPI7A6QpY2PFQI1smcmwvjX9FvDGdi7bVau2QLhVbf8i4JtxI6Vx79JsyM/CedKgjISoNeGWYyaQp3delqaM87/WbLOoF+6OFQN1su9ORgnhOct0W9f0EmoLhDvESgCPMU0IhbLdFn0fJVwwR3o9Y9NfUR4WpF7MQJB692Vp+oRYMVCnmVOkoS9QT/Be95peAIEQQbAdI8ePpK1RGBslfOtZvytv4OPZP1cOpfP+IGnGZL8ruP8DsSIgZy/1im6OAB6rMdvVFgi3i5UAnno5w+dpoTxeedjfKUM2uvn6k7FiIGe2lvDlh/ytrzHDWTuI+rG1hGxKB8/VuDdMbYGwxhQJ+MSmerw3iCZD/cyeHk0589GQ56MNZYD6GPqitGCun1VooztAfQ3gfQS/5T1ltJmkLWKlgIcGPhrd3Qbqy0YJfWNTnHx83kgfm3I86An/GmbaBM4dRHGMf0+aNJrKhLe2cBkvpqZAaLvQNIyVAp5ZtkR6+0VaDcUx8RNp8hi/KvOTodKsL2LFQEHefNq/qdN2lihrv1AsTL+HxxrWtNNoTYGQ9YPIhBEDpCWLaEsUzxt9/KrMrB2sj2TN+0r6cLA/jWCjmpwhh2KysyyXcHwP/FVtxqspEHaLlQAeojOMYhve35/OwNezpFEedd7hB59uithNwcULYsVAwWyTLm4ywGPVZjwCITJr6jhp4se0L4rLDnYf0d+PSh3ynLRqZawYqJeP35bmzvSjDgc/HSsC6s23mSJAFdtWVxk1BcJq/xjwyTBPOu3wz7B+fjxlX54n/GKbdA334L1la2cnjIoVA/VmN5ynT6Ae4aVqB/2qC4QVkrrGSgGP2AYCvoziwD+ffiDNnZHup72mw/J5rBgoiuEvpb8efXiO8Bc3neGpri7rraW6QLiZpBaxUsAjn77nz5Qm+MdGSEakvLM5nM4KSsiHERI+AyiltF8DgBq0cFlvLdUFwq1iJYBnuDOMUrPNKtIs7c8P/kvze+yLT5nSh9KyKcmff0Qlw0uxrFddIKz2fArAJx+8TnOhtOw8wjlfprOS0/zckB3vD0rvS3nvtVgRUHRp/gwAtYhlveoCIesH4bVJn0Tb7QOlNuqNdFZxWp8XssVG4WZPS+dL8umsRPiL71p4KqcRQgIhvDbqTdoP5fFBWgMhnWGUSRo/A3Z4/qTRsWKg6KZNSO9NEaAWsaxXXSDsEisBPPIBUzhQJuNGRucSpsm8mdGUUaAc0njz4cM3o52mgXJ4nyUq8E8s6xEIkSkL50lTx9OmKI8Vy6JQmCajh9MZRvnYjs72OUiTT4byBkD5jBlOZcM7W6z7hNcNhB0ktaRd4aux79AZRnmNezddFZ6254NsW75MmvBhul7i+JTdpEG22U3BVatoZHjFst4mVZ/wuoFwS9oTPhszguZDeY1NWQCzmyJAOY1O0QiJrelaMDdWDJTMkkXRZnaAZ9YaJVw3EDJdFF5jdATlZuv1Fs9PR7V/NVWaPT1WDJRUmr53mb6HJND3gIfWynzrBsJOtCh8ZesHv5xI86G8Vq9Kz5S58e/FioCSm/ixtGJ5Our50/djRUDJ8d0LD32n6lNeNxB2pkXhK+uUAEn4/KN0VDtb7SMJFga/SMlmXmn5LCIs9D/gobUyHyOEyAw6w0hKWt57dEqQlM9T8N6zWSJzvowVAyVn61bnzqCe4ZXNqz5ZAiEyg84wkpKG996qlRy5guRMTsFNEa4BSFIabooAeSAQIpsmsssXEpKGu8NffJq+8+AQjjR0hpklgiSx0yg8U+OU0VaS2tGa8JHt8jh/Nk2H5FggC/m/j7DNmBSNUieJzwCSZEeeAB5pLmmjyqdbNRCyoQy8xRcxkvblpGSfADvsIkkrV0THniRpRsKfQYRtOv0Q+GezymdcNRBuRkPCV3QEkLSkOwPTP48VAWWV5E0JO/4l6ZsyCNvsaek5fgXIUcfKP2OEEJnACCGSlvQIHSOESFqSNyVmTWMNLZK1ahU3p+GdakcI2VAG3po5hbZDsmZOTu4/b6MjfAaQtBkJfgaS/PwBlXgfwjMEQmQLZ08hafPnJDdC8fXs5Df0AJLcaZdrANKA9yE8s2nl02UNITKBA2GRBnMSeh/y/kcaJNkZpiOONJg7k2aAV6oNhBvRhvDR8mXSoq9pOiRvXkKdAQIh0iDJUEZHHGnA+xCe6VD5dKsGwk1oRfiIO8NIi6SCGZ8BpMHypdKi+ck8ETriSIM502kGeGXjyidbGQgbSdqQNoSPFs6l2ZAOto4wCQv4DCAlkvo+nj87VgSU3cJ51Dm8YtmvsaoEQpsuWkEbwkdJ3ZEG1rU4ofdiUv9dYF1JTd9fvCBWBJQd/RF4pqJyQLAyEHakBeErOsNIi6Q6pXSGkRaJfQa4DiAFeB/CQ2syYGUg3IAWhK/YUAZpkdTdYe5KIy2SeC+uWC4tWxIrBspu9Wpu0ME77VUlEG5M+8FX3yyk6ZAOTBlF6JLoDPP+R5rQJ4Fn1uw0ygghvLc8ocPAgXUl9V7kUHqkRRLvRa4BSJMVvB/hlzUZsOqmMoCX6AwgdEyXQ1os/YamQNjs+BXAI2uNEHLkBADU05JFydTgihWxIiARqxJ4Lyb1uQOADFhrDSFTRuGtZdyRRkqsXkVLAOXG5w5pspQZG/DLmkDYyD3ldjQefPWDM6UDj6f5kLzGzZJ5Cv93k7SSUUKkQKsEehMdviP97ZFYMZCIDTtR7/BKW1UJhG1pO/iqXYfoAYRqky40PcLVuIm02da8AQCgAGsyYOWUUUYIAQAAACAcazJgZSBkhBAAAAAAwvG/QNhQUmsaHgAAAACC0cqWEDZgdBAAAAAAgtS2AesHAQAAACBIbRkhBAAAAIAwEQgBAAAAIFAEQgAAAAAIFIEQAAAAAALVzgJhS1ofAAAAAILT0gJhc9odAAAAAILTrAGH0gMAAABAkNpYIGxK2wMAAABAcJpaIGxBuwMAAABAcJpbIGxFuwMAAABAcFozZRQAAAAAwtSEYycAAAAAIEwtCYQAAAAAEKY1gbAJjQ8AAAAAwWnKOYQAAAAAEKZWFgib0fgAAAAAEJwW7DIKAAAAAGFq3ICGBwAAAIAwMUIIAAAAAGFqzhpCAAAAAAhTE6aMAgAAAECgCIQAAAAAECgOpgcAAACAMLW0QNicxgcAAACA4DRiyigAAAAABIpACAAAAACBakTDA+FYvlSaP0daMFdatkRaslBavVpa+o20apXUvGVUFc1bSY0aS63aSm3aS81a8CZBNixeEL3/F86LPg9LF0cv65uFUsPGUpOmUkUDqVlLqWkzqc0GUut2UiNW2yMDVq+K3vsL5kU/VyyLPgcrV0afhabNpYaNovd746bRNaDy0YAhBCCzCIRAxiyeL00eI02fKH01RZppj8nSvK+i4FcI6xys117acDNpo05Sh87Shp2kzt2kdhvxDkK6zJomTRkbve9nTI4+B19NjYLgiuWFPdWmLaT1O0Tv+402i3527BJ9Bpq1jP05kBi7uffFp9K0T6WZU6P3/4xJ0uwvpYVzo5uA+aqoiELh+htH14CNOkc/N+0aPRo0pL0BnxEIAY/Zhd06vmPfkT7/SJo0Wpr1RfFfj91Fnj0teowZvvbvbARl822lzbeTttld6tKd0RSUj41ufPp+9BmY+Ik0ebS0aH7x//M2ejL98+hRlXWULRxu3k3aYgdp2z2ljlvG/nWgZGzWx9gR0qcfRO//KeOiz0Ux2bXGbqjYw64zVdn3/WZdpc7bSl13lrrtEd1ABOCPirN2K+ReEUJy5zs0d5rMny198Lr08VBp3Dul6fzWh00z6rqT1G1PaZeDpA6b+1nPSC8b/XjvtagTPOHDwkf9SsWmmG6zh7T9XtJOB0ot2/BmQvGsWimNGSGNGhzdCJn2Wfoqd+PvRDdHdtgv+izYEgQk5+zdqXzUagmBEHUiECZv7gzp3VekkQOjDrCtA/HFJltEwXDXQ6ROW4fciqiPiR9HnwELgjb90xe27mrr3aSdD5J2O0Rqsz5vA+TPbnp8OFh6f1AUBG0trC9sTXr3faVdvyftuB8zSJJAIEQdvrZAaKuKmtX+dwgZgTAZNk3TOr9vPSuNecevEFgTC4T7HiPteYTUcr0a/ghwbDR86IvSW89JX070v1ZsnVX3faR9jpZ23D/avAOojS0JsPf/8P7Soq9r+UNPtGgt7XG4tO/R0TIDlAeBEHVYEwjnSaJrhhoRCMtr9nRp4GPSkOf8ugucD5s+tMvB0qEn0SlA3Pj3pFcejkZCbHpcFtm00v2PlQ78KeutsLaVK6IA+Ooj0XrArNpsK+ngn0k9jmTUsNQIhKgDgRB1IxCWx2ejok7w+69Fu8SFwjYh+N6J0bRS26ADYbL3/IiXok7wuptWZJndHNntUOmwk6XNmFIdNBsBfP1J6bXe0eh4KOzmyAE/kQ48XmrNlOqSIBCiDgRC1I1AWFq2O+jzd0ofv53lV1m3TbpIPzwz6hwTDMNhQXBYX6nvPdERKaGy9/xOB0g/PIu1tqGxjcEG9IqCYOW5mCFq0iwaMTzsFJYUFBuBEHWYbIHwS0kdav87hIxAWBo2CvLs7dLHQ7L46grXaRvp6LOlHb/r6ytArmxE8Lk7wg6C66oMhj/6bbQhE7LLwt/LD0mvPprd5QGFsDM/D/qpdMTp0YY0qD8CIeqwJhBOktS59r9DyAiExWVnRj1zqzTkhWxsFFMqdpbVT/8UHXqMbLFR8d7/inbMRfVsAxqbQnfUWVILjq3IFNvb/e3npadvC2tqaL5s+ugx50j7/UiqaODXc08bAiHqQCBE3QiExWGbY9jdYJsatyTgaUH5sC379/+xdMxvOMstC6zz+9S/pWH9ok4x6mbv+6N/LR1wHJ3iLJgwSnrsemnSJ6HXRO5s85mfXSBttYsvzzh9CISow5pAaHtYbVX73yFkBML6m/iJ1Ovy6EBt5M/ObrMOgZ3jBj/Z1vlP3sjUuEJt0V069VKpYxc/n3/obHro07dKg55kZkghbCr1fsdKx53LNNJCEAhRh88sEI6StEPtf4eQEQgLt3ypV7S52QAAIABJREFU9Mx/pIGPhrVzaKnY2qoTL5LabpjN15dFs76QHrxSGjMi9JqoP9uR9MgzpCPOiP4ZfvhoiPRwT2nOlzRYfbXdSDrxwuhagNwRCFGHDy0QviVpn9r/DiEjEBbGzo/678XSjEk+Pvv0sil0p/w1OscQ6Tbkeemx68LeObEUOneTzuwpdWCxR6otXyY9cUN0lASKyw62P+F8qWlzKjYXBELU4W1bkbCs9r8BkC87T/CfpxMGS8G2aL/jAumhntKyJdl7fVnwzULpv5dID/yDMFgKk8dIV50kvfVs9l5bVkwdL111MmGwVGwKun0G7LMAoN6WWiBcRD0CxbF4vnTzudITN0oruNVSUoP7SD1PJXSnjXXQrjhRemdA6DVRWku/kXpdEQVv+2ekx+CnpX+eJk2fQKOU0ozJ0jVnRMd2AKiXRQRCoEhsw5irTuFcwXKyDpeFwg/eCOc1p9nQF6VrfynNnhZ6TZSPBW+bjfDV1FBecXqtXBHNXHjoqmi6KEpvxfLoCJv7LqXOgXpYbIFwKTUI1M87L0d3Km0DDZTXkkXS7X+KDjhHMmzDJFsreN/fo42UUF7TPotujHAzKjlfz5KuPyuauYDyG9pXuu6XbNwDFGjNlNGF1B5QuH73SXczbStRdqbdi3dH0+fsLj3Kx973t54nvfY4lZ4km65u7fAGgaTspk2Qrj4tOmMQyZk0OhotnzKWRgDytMACIUv+gQLYWVIPXy09cxuHbKeFTZ+78TfRpiYovflzpOt/xchUWthIrR1vYEfdoDzGvStd+wtp7gwqPA3WjNTad9LbodcEkJdvmDIKFMCmxd3+Z+mNp6i9tBk/UrrmF9K8maHXRGnZmjW7G88uf+nT717p/ss4AL3U7AbUv3/HDai0WbJYuu0P0bE3AHKyZsroAuoKyJ2FQZuaxUYm6WWbzfzrbO7al4qtWbvuTDaPSbO3X5DuvJAp1KUyrJ90z1+jTU2QPva+73U5N22BHM23QMhJXkCO7Ew1C4NjRlBjaTdzSrTRD7svFpeFwRvOiaZmId3ee0268wJCYbFZyLBdLVcxAptqtpTjkX9Kg3qHXhNAnZawqQyQIzsE3danEQb9MXem9K+zCIXFUhkGF8zNxusJgc1kuINQWDQWBi1ksG7cD9ZOj14rvfxQ6DUB1GrNOYTzavsLAFFn6rY/Sp9/RGX4xkLhTb9hTWF9WagmDPpp1BvS3X9hTWF9De9PGPTVU/+W3no29FoAajSPQAjUwTpR/71YGjO89r9Des2aFm3+sJBvu4JYmCYM+m3kq9KDV4VeC4WzUL1mox7CoJes3R66KvocAIiZSyAE6tDrimgtDvxmZ4Xd8vto6i9yZ+fb2VRpDnz2n42Q2EgJ8vPp+9JdFzPt1ne25tM2Aho9LPSaAGIYIQRqY9u3s3V1dkz8OOoQMHUuN9YBtuNVvpzow7NFLgY8KA3m8Pqc2eZU//lTtLs0/Ge7wtruu9M/pzGBKgiEQE3efUV69vYafglvvT9I6nMr7ZcLm2I1bmT6nyfy88g10mimwNfJRsdtV+lFX6f8iSIvdm7krb9nCjxQxZpAyEcCWMfET6T7/s56kawa0Et685nQa6F2/e9ndDyrVq2U7rqQkd/aWB3Z7qwzJtXyR/CWrSu//U+cIwk4awLhSg6nB75ld4PvOJ8pQllnW5Fb8EecjR49+59YMTJk8YIo8Cz9hlatzlM3S2PfqeYXyIzPRkm9/0V7Inh2/OCKBu5/MG0UqNxR9BJp7gxqI+tWLItGSRbND70m1mbHdNx9CYduh2D6hGjTLKxt5EDp1Udixcig15+UhvalZRG0NRmwMhAybRSQ9MJ/2YEsJLOnu01mmBq8hm0iYyGZ4znC8c4AaeBjodfCt2ZMlh7geImgPHK1NO2z0GsBAZujKoGQyz+CZ9ODXrwn9FoIz8dDop0XIT3zH2nCh1REaOwoiinjQq+FaD3Zfy+SliyO/QoZZtOm77pIWr6MVkaQGCEEKtmuY2s2kWGaXJCeu0OaGniH2HYTffmhWDECYEHIRspXBN4htu8BgnGY7BgKzuhEoNYKhLN5FyBkD1/NusGQWUc45A7xmhsil3JDJGS2ntA2UgnV+JHMFAjdoN7Sx2+HXgsI0CxVCYRf8Q5AqN55WRrxEs0fumkTpKdvC7MSHrtOmvNlrBiBee1xaUyA5xMuXcwMEUTrRntdHu3ACwRkrUA4k5ZHiOzg4cevo+kRGfioNCmwoyg+GSoNfTFWjABZh/ihnuEduWNrZ22DKWDeV1KfgEfKEaQ18+OYMoqgPXmTNH9O6LWASnbUwoNXhnPkgnX8bbo0UOmrqdLzd4VTHXYWqU0VBCq9+Uw0hRgIxJoMWBkImSyE4NgmGkOep92xNttUIpTNVZ67U5r1RawYgbP3/9Tx2a+DVSulB6/gzE2srXKk3DZbAgLACCHCZR0AO3uIs6ZQnRfukuZlfCK9bSLyysOxYmBNUHokgJHjgY+HEXyRvy8nSi+zyRDCsNYawmk0OkLy+hPRNtNAdZYtkfrcUs0vMuSJG6OOP1Cdz0ZJIwZU84uMWDhPevG/ND1q1u9+6etZNf4ayIo1GbDqpjKMlSAItpHM83fS1qjd8P7S5x/V+ife+ugttldH3Wxzjawe1m1nDrKbJGpju88+E+jO0wjG6sqTJioD4QqOnkAobMOERfNpbtTOphP3/letf+Ilmy7d+wYaH3Wzo0iyOG1u2mfS4KdjxUDM2y9Kk0bHioGssOy3ZrVsgyoviE2XkXl2+PwbT9HOyM2ED6UPXs9WZb31jDRjUqwYqFb/B6RFX1f3G389ezvTpZEbO5vS3i9ARv1vU9GqgZCzCJF5tqsiO4chHza1LCubD61cIfW9N1YM1MimzQ3I0CihjfZk7SYPSuvjIRxDgcyaUfnCqgbCqbQ3sszO1+IAbuTLdiF89+VsVJtNk5vDIUPI02u9s3Neq432sLs08vUc+w4gm/538FTVQDiFxkaW9b2HaUIozAt3+9+JXLEs+gwA+bJRwv73+19ttkmUjfYA/9/enUBbdtV1Av6JU9Paanc7tN3OIuIEtijghC4CzowiKIoM0oC9xG7AoYlAgxKGCAZBBSLNmBCGICERgQQKMlfmoZJKkYGQgsypKZWap147tQsqdd6resO990zft9ZbKfYr6t279333/H93n733Yl17yf6zi2FgBELGpcyKrPw3g87SlDP7Lv9MvzuvbI5gC3WW6pxT9u/Q3Gcff6fhZ+l8oMYAffnu0IMD4VojzVB9+n1mB1meM07obweW2c0+P37aV2YJzzy5vwNRNlK68uxGMyzYNRfsX0IAAzLnDKE1hAzStnuSs08xtixPOai7fPVRKYTtLMpyrfjA/luP+6h8IFJ2jITlGNIGSzBfIDRDyCCVYybKp9uwXKe/p59d2NfHTbfcvS654OP9G5TNG2woxmRc9Mlkoz35GY45bxm9pxzTZpAZknKr3JnOHWRCrjwr2dCzYqAcwn395Y1mWJI+3jZa1j/u6unMJt1Slp6U3ZphALYdfOTg/Q55PjaWYVCuPj9Zd4sxZTL27t1/sHufnPUvBp/JKef43bS6Px1aPhQ8x5IBJqi8nva6/Zj+u8+doQIhg3a2YpgJO+ej/VmLtHN7cv6/NpphWfp018WaC5O7bm40w5JtvDNZZYMi+u8+OwsIhAxW2WLfrnJM2obbkyvP6Ue3XnR6sn1LoxmW5eLyuurJuuyzLBlgCtx5wQAIhIzDhZ9w1ATTcUFPzrTsy+OkX3ZsSy5b0f2HvHVzfz68oV9Wn59sXm/Q6LXD3jJqp1EGowRCmIYy89z1GZJyW9O1lzaaYSLKbotdd+mn+3tMBt1W1hBefIZBote+cPCDPzQQft7YMgTlzLW1awwl07FrR3L5Z7rdueW2PueuMS3lkO6uz5D0IbTSXz50puduPPjhC4QMkjdqpu3CjhebfgeYpntnSD7V3S4ua8g/d0mjGSbmxqtsWESv3SfzHRoIb0tiCwJ677KOz97Qf2X3wm33dPNprL9t//EAME3llsyuuvyzZsiZrnKkSXmdQQ+VRS+3HvywDw2EMUtI35VzB2++3jAyXXt2J1ef181OvuKsRhNM3PWX79+4pYv8DjALV5ypm+mlRtYTCBkchQCz0tVjTa70O8AMlF2cu/ihSNkF9XMXN5ph4u79UORu/UrvNLLeXIHwhkYL9IizB5mVVefuX0vVJTu22l2U2eniB3CrV9pdlNko7/9XdfROETiMxn10cwXC6xot0BNl98frFMPMSPlk+MZV3ertNRcphpmdch5bWUvVJVed6wXA7AiE9FAj680VCK9ttEBP3HBFsnuX0WJ2uraToZ0VmaUtdyc3N0qLdl3rd4AZutbtyfRPI+vNFQjNENJb1o0wa10rBhQnzFqXPoTYeEdyxxcbzTA1G7zm6J9G1psrEH6pbkcKvVNul4NZuuHK7sxKb9mUfKmxMgCmqxzB0hVmyGmD2oMe2Vqz3n3MFQj3zbXYELpu5/bkC6sNE7N17+vu6m50+nWXOXuN2Ss7LXZlHaG7RGiD25Tpketr1ruPuQJhsabRAh33xWv3b4MOs9aVQHjjVY0mmLpyFuEda7vRz135XWRcbrrGgNMbc2a8+QKhlza98wXFMC3pShGqKKEtXbg7o8zW39o4XQumr3wg4jxCemLOSmG+QDhneoQuUwzTlq689syO0JYuvPbuvUvELdO05CaVM/0w5yt1vkBoJRa9c6NimJaUHeba/nS4PIZt9zSaYSZu6kDV4JZp2uQuJXpiznfr+QJhOZ/Caix6oxxIf2djzySYnbZ397zZVmC0qAuvP78DtMnrjx7YO9cZhDlMINxePmxrtEJH3XaT3RVp121faPfnWztFm7ZvTTbc3u5juE3VQotubfkaAAvw+ZrxGuYLhIXJb3pDIUDb2g6Ebf98KB/MtcnvAG26/Qs+mKbz5l1cdbhAOO//CbpGIUDb2p6hu9WHIrSszd+BTXftP/4C2rJrZ7LuNt1Pp8072Xe4QLiq0QIdJRDStttbnh1p++fD7S2eRdjmz4YD1CJ03LzZ7nCBcN4UCV2z3qdytGzDHe3dLrTl7mTHtkYzzNT6W9vr7zZ/NhygFqHj5r3783CBsOxCs6vRCh20vuXNDGDvnv23rbVBEUIXtPk+3PaGNlBs8F5Md5VM97n5Ht3hAuGuwyVJ6Io2C3E4WFsFsWKYLmizGPahCF3gdUiHrT7cRN/hAmFxRaMFOmbjnXb2ohvaKgYUIXRBuXV555wbmk+f3wG6oCwdgI46bKY7UiC8stECHXP3OiNCN2xe387D8DtAV7T1Wty8odEEM+e9mA5bViC8vNECHbNlkxGhG8oMSRu2tvRz4VBtvR+7DtAFXod02GEznVtG6T1nT9EVrRXDAiEd0db78T0KcTpAPUKHHfauzyMFwjL5/cVGK3SIYpiuaGumzgwhXdHGhyJlDfn2LY1mmLnduxwBRCd9Kclht188UiAsLmm0QIcohumKtj4d9qEIXdHG78DWexpN0BqzhHTQEbPcQgLhpY0W6JA9e4wG3bB9azsPY/fORhO0YlcLr0Wzg3TJ3t2Gg86ZSCA0Q0inbfPpMCPnQxG6Ys+8p1zBOKhJ6KAjTu4JhAATsmtHOz1pzQpd0cY5hG393gH0xMVHepgLCYS3J7ml0Qod4XY5usJrEWbP7x1dstssOd1yS81yh7WQQFhc0GiBjvDpMGPXxqwMzMVsNWO3U01Ctywowy00EK5stADQCdZt0RXWswJ0yoIynEAIAAAwPBMNhGUxoo10AQAAum/PQjcHXWggLKdrrWq0AgAA0DVXJVnQSa0LDYTFhY0WAAAAumbBS/4WEwitIwQAAOi+qQTC8xstAAAAdM2Cs9tiAuG1SdY3WgEAAOiKTTW7LchiAuE+B9QDAAB02oU1uy3IYgJhcVGjBQAAgK5Y1FK/xQbCsxotAAAAdMXZi3kciw2EJW3ubLQCAADQtl3TniEsB9Rf3GgFAACgbZcs9ED6AxYbCOO2UQAAgE46c7EPSiAEAAAYhkVntaUEwnOT7Gm0AgAA0JY9NastylIC4d1JLmu0AgAA0JYr6qH0i7KUQBi3jQIAAHTKotcPRiAEAAAYhCVltKUGwnLY4d5GKwAAALO2b7EH0h+w1EC4PslVjVYAAABmrWSzdUv5mUsNhMWnGi0AAADM2qeX+vOWEwjPaLQAAAAwa60EwrKLzY5GKwAAALOya6k7jGaZgXBbknMarQAAAMzKhUk2L/VnLScQxm2jAAAArVqxnB++3EBoYxkAAID2nL6cn7zcQHhZkrsarQAAAEzbpiQrl/MzlhsI95olBAAAaEXZXXT3cn7wcgNhrCMEAABoxbJuF82EAqEZQgAAgNn7xHJ/4iQC4dokaxqtAAAATEvJYDct99+eRCAsPtZoAQAAYFomksEmFQg/2mgBAABgWk6bxL87qUB4XpL1jVYAAAAmrWSvcybxb04qEO6ZxIJGAAAAjugTNYMt26QCYawjBAAAmImJZa9JBsKJpVQAAADmNNG7MycZCCd2HysAAABzmuj+LZMMhJnUTjcAAADMaaInPEw6EFpHCAAAMD0TzVyTDoTltPwbGq0AAAAs1w01c03MpANhcUqjBQAAgOWaeNaaRiD8cKMFAACA5Zp41ppGIFyZ5OZGKwAAAEtVMtYFk+69aQTCfUn+pdEKAADAUn0kyd5J9940AmHcNgoAADBRU8lY0wqE5YD62xutAAAALNYdSc6eRq9NKxDumfSBiQAAACN1Ss1YEzetQBi3jQIAAEzE1LLVNAPhZ5JsaLQCAACwUBtqtpqKaQbCXW4bBQAAWJaP1mw1FdMMhHHbKAAAwLJMNVNNOxCenmR9oxUAAIAjWV8z1dRMOxDudEg9AADAknykZqqpmXYgLE5qtAAAAHAk7zvC95dtFoHwzCS3NVoBAACYz201S03VLAJhOUDxA41WAAAA5vPBaR1Gf7BZBMLMYqoTAABgQE6cxVOZVSC8MMm1jVYAAAAOdV3NUFM3q0CYWSVcAACAnjthVg9/loGwPKl9jVYAAAAO2DfLybRZBsLPJ1nZaAUAAOCAkplumFVvzDIQFu9utAAAAHDAe2bZE7MOhGXr1O2NVgAAALbP+si+WQfCDUlOabQCAABwas1MMzPrQJhZT4ECAAD0xLtm/TDbCISnJ7ml0QoAADBetyY5Y9bPvo1AuMcsIQAAwH2UjLR71l3SRiAs3uFMQgAAgHvtqxlp5toKhNclObvRCgAAMD7nJLm2jWfdViAs3t5oAQAAGJ//19YzbjMQfjjJpkYrAADAeNyd5ENtPds2A+HWJCc2WgEAAMbjxJqNWvFVz31oq3u7/ESSKxutAAAA4/DgJKvaeqZtzhCmPvFzG60AAADDd26bYTAdCITFWxotAAAAw/fWtp9hFwLhyUnuarQCAAAM111tbiZzQBcC4Y62DmEEAABoyTtrFmpVFwJhcXySvY1WAACA4dlbM1DruhIIb0hyRqMVAABgeD6V5PouPKuuBMJ0YUElAADADHQm+3QpEP5rki81WgEAAIajZJ7TuvJsuhQIdyd5W6MVAABgON5Ws08ndCkQpk6dbmu0AgAA9N+2ri2V61ogLGdxnNBoBQAA6L8TunYGe9cCYfHGJPsarQAAAP32j1179F0MhKuTfLbRCgAA0F8l41zRtUffxUBY/H2jBQAAoL/e2MVH3tVAeFpXDmoEAABYpuu7dNTEwboaCPcmeVOjFQAAoH/eVDNO53Q1EBbvTLKx0QoAANAfG2u26aQuB8J7kry90QoAANAfb6/ZppO6HAiLN3fpFH8AAIBF2F0zTWd1PRCuTXJSoxUAAKD73l8zTWd1PRAWxzqoHgAA6Jl9Nct0Wh8C4VVJPtZoBQAA6K5/S7Kq6+PTh0BYvK7RAgAA0F29yDB9CYTnJDm30QoAANA95yU5uw/j0pdAGLOEAABAT/Qmu/QpEP5rktWNVgAAgO4omeW0voxHnwLhPrOEAABAx72uT6ck9CkQpp5J2OlzPAAAgNHq3TnqfQuEu5L8baMVAACgfa+vmaU3+hYIi7cnuaXRCgAA0J6SUf65b/3fx0C4PclrG60AAADteV3NKr3Sx0AYs4QAAECH3NrH2cH0OBBuS3JsoxUAAGD2jq0ZpXf6GgiL45Pc1mgFAACYnZJJ3tbX/u5zINzmXEIAAKBlf9vX2cH0PBCmJnGzhAAAQBtuT/KWPvd83wPhNucSAgAALen17GAGEAhTE/ntjVYAAIDpuaPvs4MZSCAsifw1jVYAAIDpeXWSrX3v3yEEwuKtSW5qtAIAAEzeTTWD9N5QAuGOJK9otAIAAEzeX9cM0ntDCYTFe5OsbrQCAABMzpok7xlKfw4pEO5J8tJGKwAAwOS8LMnuofTnkAJhcUqSixutAAAAy1eyxoeH1I9DC4T7khzdaAUAAFi+o2vmGIyhBcLijCQrGq0AAABLt6JmjUEZYiDMEJM7AADQmsHeiTjUQHhBXU8IAACwXKfUjDE4Qw2ExUuGtPsPAADQit01WwzSkAPh55Ic32gFAABYuONrthikIQfC4pVJ7m60AgAAHNndNVMM1tAD4R1Jjm20AgAAHNmxNVMM1tADYXFcki82WgEAAOb3pZolBm0MgXCrw+oBAIBFOrpmiUEbQyAsTkxyYaMVAACg6aIkJzRaB2gsgbAcJPlCh9UDAABHMKrsMJZAWJyX5IONVgAAgK8omeHcsfTHmAJh8RdjuA8YAABYkq01M4zG2ALh2iSvbbQCAADszwprx9QPYwuExd8mubHRCgAAjNmNNSuMyhgD4fYkL2q0AgAAY/aimhVGZYyBsDglyccarQAAwBh9smaE0RlrIEzdSnZHoxUAABiTkgleMNYRH3MgvC7JcY1WAABgTI6r2WCUxhwIi2OS3NxoBQAAxuDmmglGa+yB8J6xnTMCAAB82V/UTDBaYw+ExUlJzmy0AgAAQ1YywEljH2GBMNmX5Pk2mAEAgNEotf8f1ywwagLhfmuSvK7RCgAADNGxSa4xsgLhwV6T5NpGKwAAMCSl5n+1Ed1PIPyK7aaNAQBg0Eqt/z9r7T96EQgbViQ5odEKAAAMQan1P20kv0IgbHpxknWNVgAAoM/W1VqfgwiETXc6mxAAAAbnL2utz0EEwrm909mEAAAwGGcleYfhbBII57avbjDjbEIAAOi3HfXccZtHzkEgnF85l+Sv5/0uAADQB3/tzMH5CYSHVw6svOSwfwMAAOiqy2pNzzwEwsPbneQ5SXYd9m8BAABdU2r4Z9eannkIhEd2eZLXdP1BAgAA9/GaWstzGALhwhyTZFUfHigAAHBv7X6MbjgygXBhdiZ5lulmAADovN21dt9pqI5MIFy4srnM6/vyYAEAYKT+zsaQCycQLs4rk6zp0wMGAIARKbX6/zXgCycQLs72ulPRnj49aAAAGIE9tVbfbrAXTiBcvPOTvK5vDxoAAAbu2FqrswgC4dK8sh5yCQAAtK8cL/EK47B4AuHSlB2Lnm46GgAAWre91uZ2FV0CgXDprk5ydF8fPAAADMRfJbnKYC6NQLg8b0zymT4/AQAA6LHP1JqcJRIIl2dfkmcm2djnJwEAAD20qR5Av9fgLZ1AuHxrk/xp358EAAD0TKnBbzJoyyMQTsZ7k5w8hCcCAAA98OEk7zFQyycQTs7zk9w6lCcDAAAdVWru5xmcyRAIJ2ddkj9IsmcoTwgAADpmT6251xmYyRAIJ2tFkmOH9IQAAKBDjq01NxMiEE7ey5OcN7QnBQAALTuv1tpMkEA4ebuT/L6jKAAAYGI21hp7ty6dLIFwOr6Q5LlDfGIAANCC59YamwkTCKfnQ0mOH+qTAwCAGTm+1tZMgUA4XS9MsnrITxAAAKZoda2pmRKBcLq2JvndJNuG/CQBAGAKttVaeqvOnR6BcPpWJXnR0J8kAABM2AtrLc0UCYSz8dYkJ4zhiQIAwASU2vltOnL6BMLZeV6Sq8fyZAEAYImurrUzMyAQzk659/nJSTaP5QkDAMAiba41s3WDMyIQztaaJM8Z0xMGAIBFeE6tmZkRgXD2PpjkzWN70gAAcARvrrUyMyQQtuPPkqwc4xMHAIA5rKw1MjMmELZjZ5KnJrlrjE8eAAAOcletjXfqlNkTCNuzNskfJNkz1g4AAGD0Si389Fob0wKBsF2fTPKKMXcAAACjVmrhT4y9E9okELbvmCQnj70TAAAYnZNrLUyLBML27UvyzCSrxt4RAACMxqpaA+8z5O0SCLthS5InJlk/9o4AAGDw1tfad4uhbp9A2B03JPldm8wAADBge2rNe4NB7gaBsFvOSPKXY+8EAAAG6y9rzUtHCITd84YkJ469EwAAGJz31VqXDhEIu+m5SS4deycAADAYpbb9H4azewTCbtqa5PFJ7hh7RwAA0Ht31tp2q6HsHoGwu76U5HF+cQAA6LFSyz621rZ0kEDYbRck+SPnswAA0EOlhn1OrWnpKIGw+96f5GVj7wQAAHrn5UlOMmzdJhD2w6vtPAoAQI+U2vUYA9Z9AmE/lOn2Zyc5f+wdAQBA562statlTz0gEPbHzro70/Vj7wgAADrrhrox4k5D1A8CYb+ULXuflGTT2DsCAIDOKTXqE2vNSk8IhP2zqoZCn7oAANAVO2uNusqI9ItA2E8r3JcNAEBHHNjvYoUB6R+BsL/Kzk1Hj70TAABo3dF2xO8vgbDfXpvkLWPvBAAAWvOWWpPSUwJh/70gyalj7wQAAGbu1FqL0mMCYf/tSfJ7SS4Ye0cAADAzF9QadI8u7zeBcBi2JnmsMwoBAJiB62vtuVVn959AOBzlvJdfd+4LAABTpOYcGIFwWA58WrNl7B0BAMDEbXFX2vAIhMNT7ud+nIPrAQCYoJ21xrRvxcAIhMNUDgX5mrycAAAQLElEQVR9qkW+AABMwJ5aWzp4foAEwuE6Jclzkuwbe0cAALBk+2pNeYouHCaBcNjeleTFY+8EAACW7MW1pmSgBMLhOy7Jq8beCQAALNqrai3JgAmE4/CyJP809k4AAGDB/qnWkAycQDgef5LkxLF3AgAAR3RirR0ZAYFwPMqC4Gcm+ejYOwIAgHmVWvFZNiYcD4FwXHYneUqSj4+9IwAAaPh4rRV3Nb7DYAmE41MOFX1SkjPG3hEAAHxZqQ1/u9aKjIhAOE7bkzwhyWfH3hEAANxbE5bacJuuGB+BcLy2JvmtJOeMvSMAAEbsnFoTbvUiGCeBcNy2JPnNJCvH3hEAACO0staCWwz+eAmE3J3k15JcPPqeAAAYj4trDXi3MR83gZBiU5JfSXK53gAAGLzLa+23yVAjEHLAhiSPEQoBAAbtQBjcYJiJQMgh7kry6CSXNb4DAEDfXVZrvTuNJAcIhBxqXZKjklzS+A4AAH11SQ2D64wgBxMImcuG+oZx0RzfAwCgXy6utd1648ahBELms7GuKTx3nu8DANB959UwuNFYMReBkMPZVLcj/uxh/g4AAN10ZpJftZsohyMQciT31ANLP3mEvwcAQHeU2u03ai0H8xIIWYitSR6f5FS9BQDQeafV2m2roeJIBEIWakeSJyc5UY8BAHTWSUl+u9ZucEQCIYuxK8nTk/yjXgMA6Jzja622y9CwUAIhi7UvyZ8k+Rs9BwDQGa9P8vwkewwJiyEQslQvT/KiGhABAGjPS5P8ubqMpRAIWY7jkjzLJ1EAAK0oNdgfJzlG97NUAiHL9e662YyFywAAs7Mzye8leas+ZzkEQibhlHrOzWa9CQAwdQfOif6Qrma5BEImZUWSo5LcrkcBAKam1FqPSvIpXcwkCIRM0kVJfi7JdXoVAGDiSo3187XmgokQCJm0z9c3qgv0LADAxFxQa6wbdCmTJBAyDXfWWxlO07sAAMt2Wq2t7tSVTJpAyLRsTfLEJG/TwwAAS3Z8ram26kKmQSBkmsrZOM9P8jIHpQIALEqpnV6e5HnOfGaaBEJm4VVJnp1kl94GADiiXbV2+htdxbQJhMzKu5L8VpJNehwAYF6bas30rvn+AkySQMgsnV53x7pRrwMANNxYa6XTG9+BKREImbWrkzwiybl6HgDgy86rNdLVuoRZEghpwx1Jjkpygt4HALi3JnpUrZFgpgRC2rIjyR/W3bPsQAoAjNGBnUT/sNZGMHMCIW3aV3fP+r0k24wEADAipfZ5Wq2FfDhOawRCuuADSX45yW1GAwAYgdtq7fN+g03bBEK64sIkD09yqREBAAbsslrzXGiQ6QKBkC5Zm+QXkrzPqAAAA/S+eqzEWoNLVwiEdE25n/73k/xZkj1GBwAYgFLT/HmtceybQKcIhHTVG5L8epL1RggA6LH1taZ5vUGkiwRCuuyMJD+T5EqjBAD0UKlhHlZrGugkgZCu+3y91/5DRgoA6JGTaw1zg0GjywRC+uCeJE9NcnSSvUYMAOiwvbVmeUqtYaDTBEL6ohzY+pp6D/46owYAdNC6Wqu8xmHz9IVASN+cnuSnkqw0cgBAh6ysNcrpBoU+EQjpo3J2zyOT/IPRAwA64B9qbeJ8QXpHIKSvdiV5Qb0/f7NRBABacE+tRV5QaxPoHYGQvvtQ3c75KiMJAMzQVfV4LDuh02sCIUOwJsnDk5xgNAGAGTix1h5rdDZ9JxAyFFuTPD3J85JsN6oAwBRsr7XGH9TaA3pPIGRojq+3kK42sgDABK2uNcbxOpUhEQgZolX1nv5/NroAwAT8c60tVulMhkYgZKjKbRzPTfI7STYaZQBgCTbWWuK5bhFlqARChu7kJD+Z5DwjDQAswnm1hjhZpzFkAiFjcFOSX0pyTJK9RhwAOIy9tWb4pVpDwKAJhIzF7iQvTfLoJDcbdQBgDrckeUytGXY3vw3DIxAyNp9J8hCHyAIAhzi51ggrGt+BARMIGaN1SZ6S5A+TbPIKAIBR21RrgrJ5zF1j7wzGRyBkzN6b5ME+CQSA0VpRa4H3egkwVgIhY7e2rhV4UZLtY+8MABiJ7fXa/5haC8BoCYSwfzex45I8NMll+gMABq1c63+6XvvtPs7oCYTwFauTPDzJa5Ls0S8AMCh76jX+EUmuNrSwn0AI97UrydFJfjHJNY3vAgB9tKZe28s1fqcRhK8QCGFu5yf5qSSvdQ4RAPTW7not/+/12g4cQiCE+ZUF5y+pt5asmvdvAQBdtKpew19i4ziYn0AIR3ZJXXz+ynpLKQDQXbvqNfun6zUcOAyBEBamrDd4Rb24XKrPAKCTLq3X6ldYKwgLIxDC4lxZdyIti9J36DsA6IRyTf6reo2+0pDAwgmEsHi767bVP5nkLP0HAK06q16TX20jOFg8gRCWrmxh/ctJnp1knX4EgJkq194/qtfiNboelkYghOXZl+SdSX4kyXvq/wYApmdfveaWa+87XHtheQRCmIw7kzwjyaOTXKtPAWAqrq3X2mfUay+wTAIhTNaKJA+u213b3QwAJmNnvbY+pF5rgQkRCGHydtTtrksw/Kz+BYBl+Wy9pr7CAfMweQIhTM/nkjwqydOS3KKfAWBRbqnX0EfVayowBQIhTFdZ6H5Skh9O8lq3kQLAEZVr5evqtfMkm8bAdAmEMBv3JHlJkh9L8gl9DgBzKtfIH0/yf+q1E5gygRBm6/okv57k8fXPAEByQ5In1GvkdfoDZkcghHacWhfIvzTJNmMAwEiVa+DLkvxEko96EcDsCYTQnnIRPCbJg6yRAGBkDqyxL9fAV/lwFNojEEL71tZd1H4uyUrjAcDArazXvKfVayDQIoEQuuPABfLJ1hcCMEDl2vZUH4BCtwiE0C3lFpoP191I/yzJRuMDQM9trNe0cm37oCUS0C0CIXRTOYPpDUl+KMmbnV8IQA+Va9c/1mvZG1zLoJsEQui2u5L8af1U9SPGCoCe+Ei9dv1JvZYBHSUQQj+UdRdPSvKIJCuMGQAdVa5RP1uvWdbDQw8IhNAvFyQ5KsmvJLnI2AHQERfXa9NRNoyBfhEIoZ/OSPLwuiPpNcYQgJaUa9DvJHlYvTYBPSMQQn8d2JH0wUme5SwnAGaoXHOeXa9BJ9s5FPpLIIT+253kXXUXt/+d5A5jCsCU3FGvNQ9M8s56DQJ6TCCE4Sjbef99ku9P8uIktxtbACbk9nqW4A/Ua80OHQvDIBDC8GxN8nc1GL4oyW3GGIAluq1eS36gniW4RUfCsAiEMFzbkhxXL+Ll9p5bjDUAC3RrkhfWa8hx9cNGYIAEQhi+bfX2ngck+V9JbjbmAMzjlnqt+MEkb6zXEGDABEIYj3JRf1MNhi+wKykAB/likj+tQfBNgiCMh0AI47M9yT/UYPiMJKu9BgBGq1wDnlmD4JvrNQIYEYEQxmtXkvck+fEkj09yntcCwGicV9/7yzXg3fWaAIyQQAiUw4RPTfLzSR6Z5GMOGAYYpH31Pf6R9T3/VO/3gEAIHOzsJL+V5CFJTnDgMMAg7K7v6Q+p7/FnG1bgAIEQmMuqJE+v6wzLmYab5vg7AHTb3fU9/AH1PX2V8QIOJRACh3NTkhcn+e66Dfn1h/m7AHTD9fU9+7vqe/hNxgWYj0AILMTmug35Dyd5XJIVeg2gc1bUjWJ+uL5nbzZEwJEIhMBi7E1yWpKj6lqUd9iiHKBV2+t78UPqe/Op9b0aYEEEQmCprkzyR0m+N8nLk9ysJwFm5ub63vu99b34Sl0PLMVXPfehdhsGJuJrkjw2yfOTPKa8v+hWgIkqRdsZSd5WZwLtBA0smxlCYFJKYfKRJL+a5IFJXp/kLr0LsGx31ffUB9b32H8RBoFJMUMITNPXJ/mdOmv483oaYFHOrbOBH0yyQ9cB02CGEJimHfUw5F+oGx68xZmGAIe1qb5XPqS+d75XGASmyQwhMGv3T/KkJM9M8igfTAHcuytoOTLiXfV20G26BJgVgRBo04Hd8Z6R5HuMBDAya5O8O8k7k9xo8IE2CIRAF9yvzhY+s84e3t+oAAO1rc4CvqvOCjozEGjV1+h+oANKQfSp+vXNSZ5aw+EjHF8BDED59H1lDYEfsJYa6BIzhECXfX+Sp9WvHzVSQM+sTvK+JCcl+bzBA7pIIAT6ouy49/t19tB6Q6Crvpjk/UlOTHKFUQK6TiAE+uZ+9UzDMmv4lCT/yQgCLVtfzwosM4HnWBcI9IlACPTZ1yb51RoMH5vkW4wmMCNlHeCpST6U5BNJdul4oI8EQmAovj7JY5I8OcnjhUNgCjYm+WiSk5Oc4cB4YAgEQmCIvq4eY/HEJE9I8u1GGViiO5KcUr8+nWSnjgSGRCAEhu7AmsMn1K8fMOLAEZRD4j9SQ+C51gQCQyYQAmPz40keV79+pgZGYNxK4LuorgksX1eNvUOA8RAIgTH7jroZza/VzWm+0asBRuOeJKcn+XiS05LcbuiBMRIIAfYr6w5/IclvJPnNJA/SLzA4a5L8W5KP1eMhrAcERk8gBJjb9yX5lfr16CTfPOffArqsHA3xqboj6CeTfMFoAdyXQAhwZF+T5GH1ttKjkjy8tgHdsjvJBXU30NPrn3cbI4D5CYQAi1fWGv5yDYdH1Y1qvko/wsztqxvAfLp+nZlks2EAWDiBEGD5/nNdf1hC4iOTPCTJV+tXmLg9Sa5IclaSz9Z1gOt0M8DSCYQAk/dNNSD+YpJfSvLTSb5WP8Oi7UpycZ35O7sGwLt1I8DkCIQA0/cNSR5RZw8fVv/8LfodGjYmWZnkwjoLWP68pfG3AJgYmyIATN+Wg9Y4pa43fNBB4fBnk/yY92RGpmz2cnWS8w8KgWvqukAAZsQMIUA3fEO9tfQRdRfT8vVfjQ0Dckvd9fOCGgAvNvsH0D6fRgN0w5a6TurMgx7Nf0ny0Pr1U/W/32W86IEvJbkkyaUH/fdWAwfQPWYIAfrlW+supj+Z5MH1zz9q0xpaUjZ9WV13/rwyyeX1z3cZEIB+EAgB+q+EwQfU8xB/pK5HLCHxgUm+zvgyATuTXJvkmnru3zV1/d91NRQC0FNuGQXov121QL/mkGdS3uN/qIbDH61B8UG17d8bd+awtYa8NXXm7+r63+sFP4BhMkMIME7/LckP1q8H1K8D/9uRGMNWjnb4fA15B75uqF83j71zAMbGDCHAON1cv86a49l/60Eh8XvqRjblv99b/ywwdtvGuqnLTUnW1j+vPSj8Wd8HwJcJhAAc6q76tbLxnf2+sQbE7z4kLH5Hku9M8u1Jvs01ZuLKuX13Jrmj7th5+yGh74v1z/cM7HkDMEUu1gAs1j11XdnqI/z/vu2gcPidh/z52+pM48Ff/6HxLwzb5jqbd/DXnTXsHRz8Dvz5Tq9UACZNIARgWu5cZIj56kMC4n886L/flOTf1dBYvu5fZyrvX9u/vm6U83X1kP8D7pfkmxs/af+/99WHtO1Jcnfjbyabkuw96H9vqbtulg1YdiTZnmRbDcrbatDbXNvLv7ehBr4Nh4S/PY2fBACzlOT/A9RaKdudPzs2AAAAAElFTkSuQmCC" preserveAspectRatio="none" pointer-events="none"/><path d="M 140 262.63 L 140 226 L 169.63 226" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 140 267.88 L 136.5 260.88 L 140 262.63 L 143.5 260.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 174.88 226 L 167.88 229.5 L 169.63 226 L 167.88 222.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><rect x="67.5" y="269" width="144" height="43" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="67.5" y="269" width="144" height="43" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><g transform="translate(103.5,283.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="72" height="13" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(158, 158, 158); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font color="#000000" style="font-size: 13px">Authenticate</font><br /></div></div></foreignObject><text x="36" y="12" fill="#9E9E9E" text-anchor="middle" font-size="10px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><path d="M 360 262.63 L 360 226 L 326.37 226" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 360 267.88 L 356.5 260.88 L 360 262.63 L 363.5 260.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 321.12 226 L 328.12 222.5 L 326.37 226 L 328.12 229.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><rect x="287.5" y="269" width="144" height="43" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="287.5" y="269" width="144" height="43" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><g transform="translate(331.5,283.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="55" height="13" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(158, 158, 158); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font color="#000000" style="font-size: 13px">Authorize</font><br /></div></div></foreignObject><text x="28" y="12" fill="#9E9E9E" text-anchor="middle" font-size="10px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><path d="M 248 369.13 L 248 318 L 248 247" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 248 374.38 L 244.5 367.38 L 248 369.13 L 251.5 367.38 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><rect x="174.5" y="375.5" width="131" height="33" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="174.5" y="375.5" width="131" height="33" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><g transform="translate(204.5,385.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="70" height="13" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(158, 158, 158); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font color="#000000"><span style="font-size: 13px">Prometheus</span></font></div></div></foreignObject><text x="35" y="12" fill="#9E9E9E" text-anchor="middle" font-size="10px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><rect x="34" y="375.5" width="131" height="33" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="34" y="375.5" width="131" height="33" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><g transform="translate(51.5,385.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="96" height="13" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(158, 158, 158); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font color="#000000"><span style="font-size: 13px">Internal web app</span></font></div></div></foreignObject><text x="48" y="12" fill="#9E9E9E" text-anchor="middle" font-size="10px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><path d="M 387 368.63 L 387 348 L 247 348" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 387 373.88 L 383.5 366.88 L 387 368.63 L 390.5 366.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><rect x="321" y="375.5" width="131" height="33" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="321" y="375.5" width="131" height="33" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><g transform="translate(360.5,385.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="52" height="13" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(158, 158, 158); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;"><font color="#000000"><span style="font-size: 13px">Web app</span></font></div></div></foreignObject><text x="26" y="12" fill="#9E9E9E" text-anchor="middle" font-size="10px" font-family="'Helvetica'">[Not supported by viewer]</text></switch></g><rect x="34" y="21" width="163" height="100" rx="1" ry="1" fill="#fff2cc" stroke="#d6b656" pointer-events="none"/><g transform="translate(44.5,32.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="77" height="12" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">Remote Users<br /></div></div></foreignObject><text x="39" y="12" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">Remote Users&lt;br&gt;</text></switch></g><rect x="122.5" y="51.85" width="62.55" height="54.46" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="122.5" y="51.85" width="62.55" height="54.46" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><path d="M 137.23 70.35 C 134.85 70.35 132.94 72.24 132.94 74.61 L 132.94 95.04 C 132.94 97.41 134.85 99.32 137.23 99.32 L 128.77 99.32 L 128.77 103.35 L 178.77 103.35 L 178.77 99.32 L 170.22 99.32 C 172.6 99.32 174.51 97.41 174.51 95.04 L 174.51 74.61 C 174.51 72.24 172.6 70.35 170.22 70.35 Z" fill="#757575" stroke="none" pointer-events="none"/><path d="M 136.91 74.37 L 170.53 74.37 L 170.53 95.3 L 136.91 95.3 Z" fill="#ffffff" stroke="none" pointer-events="none"/><rect x="47.36" y="51.85" width="52.36" height="54.46" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="47.36" y="51.85" width="52.36" height="54.46" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><path d="M 66.78 86.94 L 66.78 90.88 C 65.29 92.17 64.43 94.05 64.43 96.02 C 64.43 97.99 65.28 99.87 66.78 101.17 L 66.78 105.08 L 75.75 105.08 L 75.75 101.14 C 77.23 99.84 78.07 97.98 78.07 96.02 C 78.07 94.06 77.22 92.2 75.75 90.91 L 75.75 86.94 Z M 52.86 68.6 C 50.62 68.6 48.55 70.45 48.55 72.98 L 48.55 100.72 C 48.55 102.39 49.85 105.1 52.78 105.1 L 62.06 105.1 L 62.06 100.78 L 52.86 100.78 L 52.86 72.91 L 93.94 72.91 L 93.94 68.6 Z M 82.86 77.86 L 96.23 77.86 C 97.51 77.86 98.55 78.9 98.55 80.18 L 98.55 102.71 C 98.55 103.99 97.51 105.01 96.23 105.01 L 82.86 105.01 C 81.58 105.01 80.55 103.99 80.55 102.71 L 80.55 80.18 C 80.55 78.9 81.58 77.86 82.86 77.86 Z" fill="#757575" stroke="none" pointer-events="none"/><path d="M 74.8 95.96 C 74.8 97.89 73.25 99.45 71.32 99.46 C 69.39 99.46 67.83 97.89 67.83 95.96 C 67.83 95.03 68.19 94.14 68.85 93.49 C 69.51 92.83 70.4 92.46 71.32 92.46 C 73.25 92.47 74.8 94.04 74.8 95.96 Z M 84.86 82.21 L 94.24 82.21 L 94.24 100.69 L 84.86 100.69 Z" fill="#ffffff" stroke="none" pointer-events="none"/><path d="M 386 124 L 378 124 L 378 161 L 248 161 L 248 197.63" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 248 202.88 L 244.5 195.88 L 248 197.63 L 251.5 195.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><rect x="304.5" y="24" width="163" height="100" rx="1" ry="1" fill="#d5e8d4" stroke="#82b366" pointer-events="none"/><g transform="translate(315.5,35.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="97" height="12" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">On-premise Users<br /></div></div></foreignObject><text x="49" y="12" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">On-premise Users&lt;br&gt;</text></switch></g><rect x="393" y="54.85" width="62.55" height="54.46" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="393" y="54.85" width="62.55" height="54.46" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><path d="M 407.73 73.35 C 405.35 73.35 403.44 75.24 403.44 77.61 L 403.44 98.04 C 403.44 100.41 405.35 102.32 407.73 102.32 L 399.27 102.32 L 399.27 106.35 L 449.27 106.35 L 449.27 102.32 L 440.72 102.32 C 443.1 102.32 445.01 100.41 445.01 98.04 L 445.01 77.61 C 445.01 75.24 443.1 73.35 440.72 73.35 Z" fill="#757575" stroke="none" pointer-events="none"/><path d="M 407.41 77.37 L 441.03 77.37 L 441.03 98.3 L 407.41 98.3 Z" fill="#ffffff" stroke="none" pointer-events="none"/><rect x="317.86" y="54.85" width="52.36" height="54.46" rx="1" ry="1" fill="#000000" stroke="#000000" transform="translate(2,3)" opacity="0.25"/><rect x="317.86" y="54.85" width="52.36" height="54.46" rx="1" ry="1" fill="#ffffff" stroke="#dddddd" pointer-events="none"/><path d="M 337.28 89.94 L 337.28 93.88 C 335.79 95.17 334.93 97.05 334.93 99.02 C 334.93 100.99 335.78 102.87 337.28 104.17 L 337.28 108.08 L 346.25 108.08 L 346.25 104.14 C 347.73 102.84 348.57 100.98 348.57 99.02 C 348.57 97.06 347.72 95.2 346.25 93.91 L 346.25 89.94 Z M 323.36 71.6 C 321.12 71.6 319.05 73.45 319.05 75.98 L 319.05 103.72 C 319.05 105.39 320.35 108.1 323.28 108.1 L 332.56 108.1 L 332.56 103.78 L 323.36 103.78 L 323.36 75.91 L 364.44 75.91 L 364.44 71.6 Z M 353.36 80.86 L 366.73 80.86 C 368.01 80.86 369.05 81.9 369.05 83.18 L 369.05 105.71 C 369.05 106.99 368.01 108.01 366.73 108.01 L 353.36 108.01 C 352.08 108.01 351.05 106.99 351.05 105.71 L 351.05 83.18 C 351.05 81.9 352.08 80.86 353.36 80.86 Z" fill="#757575" stroke="none" pointer-events="none"/><path d="M 345.3 98.96 C 345.3 100.89 343.75 102.45 341.82 102.46 C 339.89 102.46 338.33 100.89 338.33 98.96 C 338.33 98.03 338.69 97.14 339.35 96.49 C 340.01 95.83 340.9 95.46 341.82 95.46 C 343.75 95.47 345.3 97.04 345.3 98.96 Z M 355.36 85.21 L 364.74 85.21 L 364.74 103.69 L 355.36 103.69 Z" fill="#ffffff" stroke="none" pointer-events="none"/><path d="M 223.13 79 L 210 79 L 197 79" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/><path d="M 228.38 79 L 221.38 82.5 L 223.13 79 L 221.38 75.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="none"/></g></svg>
\ No newline at end of file
diff --git a/docs/docs/img/pomerium-system-context.svg b/docs/docs/img/pomerium-system-context.svg
deleted file mode 100644
index f8e94e16d..000000000
--- a/docs/docs/img/pomerium-system-context.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="679px" height="615px" viewBox="-0.5 -0.5 679 615"><defs/><g><path d="M 200 100 Q 302.5 100 302.5 244.13" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 302.5 249.38 L 299 242.38 L 302.5 244.13 L 306 242.38 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 532.5 25 Q 327.5 25 327.5 244.13" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 327.5 249.38 L 324 242.38 L 327.5 244.13 L 331 242.38 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 532.5 145 Q 352.5 145 352.5 244.13" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 352.5 249.38 L 349 242.38 L 352.5 244.13 L 356 242.38 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 615.19 300.5 L 377.5 300.5" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 620.44 300.5 L 613.44 304 L 615.19 300.5 L 613.44 297 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 288px; margin-left: 490px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 10px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; background-color: #ffffff; white-space: nowrap; ">Identify User</div></div></div></foreignObject><text x="490" y="298" fill="#000000" font-family="Helvetica" font-size="10px" text-anchor="middle">Identify User</text></switch></g><path d="M 669 330 L 677 324.2 L 643.93 271 L 635.4 275.74 Z M 605 330 L 669 330 L 635.4 275.74 L 605 329.46 Z" fill="#036897" stroke="#ffffff" stroke-width="2" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/><path d="M 635.93 313.14 C 638.07 313.14 640.2 311.04 640.2 308.4 C 640.2 306.3 638.07 304.18 635.93 304.18 C 633.27 304.18 631.13 306.3 631.13 308.4 C 631.13 311.04 633.27 313.14 635.93 313.14 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 635.93 296.28 C 638.07 296.28 640.2 294.18 640.2 292.08 C 640.2 289.44 638.07 287.34 635.93 287.34 C 633.27 287.34 631.13 289.44 631.13 292.08 C 631.13 294.18 633.27 296.28 635.93 296.28 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 648.2 325.26 C 650.87 325.26 653 323.68 653 321.04 C 653 318.4 650.87 316.3 648.2 316.3 C 645.53 316.3 643.4 318.4 643.4 321.04 C 643.4 323.68 645.53 325.26 648.2 325.26 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 623.13 325.26 C 625.8 325.26 627.93 323.14 627.93 321.04 C 627.93 318.4 625.8 316.3 623.13 316.3 C 621 316.3 618.87 318.4 618.87 321.04 C 618.87 323.14 621 325.26 623.13 325.26 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 635.4 292.6 L 635.4 308.4 L 623.13 321.04 M 635.4 308.92 L 647.13 320.52" fill="none" stroke="#ffffff" stroke-width="2.1" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 337px; margin-left: 641px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 9px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap; "><font style="font-size: 14px">Identity<br />Provider<br /></font></div></div></div></foreignObject><text x="641" y="346" fill="#000000" font-family="Helvetica" font-size="9px" text-anchor="middle" font-weight="bold">Identity...</text></switch></g><rect x="0" y="0" width="200" height="200" rx="30" ry="30" fill="#d5e8d4" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 198px; height: 1px; padding-top: 100px; margin-left: 1px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 25px; font-family: Lucida Console; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; word-wrap: normal; "><font face="Helvetica" style="font-size: 14px">On-Prem Users</font></div></div></div></foreignObject><text x="100" y="108" fill="#000000" font-family="Lucida Console" font-size="25px" text-anchor="middle" font-weight="bold">On-Prem Users</text></switch></g><rect x="53" y="10" width="47" height="50" fill="none" stroke="none" pointer-events="all"/><path d="M 66.44 24.39 C 66.36 20.61 67.62 16.96 69.93 14.25 C 72.23 11.55 75.39 10.01 78.69 10 C 86.05 10.08 92.05 16.48 92.32 24.54 C 92.6 28.24 91.49 31.91 89.24 34.69 C 87 37.46 83.83 39.1 80.46 39.23 C 73.01 39.39 66.79 32.81 66.44 24.39 Z M 53 60 C 53.3 52.97 55.88 46.42 60.14 41.94 C 63.51 38.56 68.21 38.36 71.75 41.44 C 73.77 42.95 75.99 44.17 78.35 45.06 C 80.76 46.12 83.41 45.94 85.73 44.56 C 87 43.94 88.12 43.04 89.03 41.94 C 89.92 40.86 91.47 40.64 92.62 41.44 C 94.64 42.81 96.46 45.24 97.88 48.48 C 99.26 52.16 99.98 56.05 100 59.99 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><rect x="53" y="135" width="47" height="50" fill="none" stroke="none" pointer-events="all"/><path d="M 66.44 149.39 C 66.36 145.61 67.62 141.96 69.93 139.25 C 72.23 136.55 75.39 135.01 78.69 135 C 86.05 135.08 92.05 141.48 92.32 149.54 C 92.6 153.24 91.49 156.91 89.24 159.69 C 87 162.46 83.83 164.1 80.46 164.23 C 73.01 164.39 66.79 157.81 66.44 149.39 Z M 53 185 C 53.3 177.97 55.88 171.42 60.14 166.94 C 63.51 163.56 68.21 163.36 71.75 166.44 C 73.77 167.95 75.99 169.17 78.35 170.06 C 80.76 171.12 83.41 170.94 85.73 169.56 C 87 168.94 88.12 168.04 89.03 166.94 C 89.92 165.86 91.47 165.64 92.62 166.44 C 94.64 167.81 96.46 170.24 97.88 173.48 C 99.26 177.16 99.98 181.05 100 184.99 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><rect x="106" y="0" width="65" height="60" fill="none" stroke="none" pointer-events="all"/><path d="M 118.04 12.5 C 115.53 12.5 113.5 14.51 113.5 17 L 113.5 43.97 C 113.5 46.46 115.53 48.45 118.04 48.45 L 134.01 48.45 L 134.01 53.23 L 129.44 53.23 L 129.44 57.5 L 147.5 57.5 L 147.5 53.23 L 142.9 53.23 L 142.9 48.45 L 158.96 48.45 C 161.47 48.45 163.5 46.46 163.5 43.97 L 163.5 17 C 163.5 14.51 161.47 12.5 158.96 12.5 Z" fill="#757575" stroke="none" pointer-events="all"/><path d="M 117.88 16.84 L 158.99 16.84 L 158.99 44.1 L 117.88 44.1 Z" fill="#ffffff" stroke="none" pointer-events="all"/><rect x="106" y="130" width="65" height="60" fill="none" stroke="none" pointer-events="all"/><path d="M 118.04 142.5 C 115.53 142.5 113.5 144.51 113.5 147 L 113.5 173.97 C 113.5 176.46 115.53 178.45 118.04 178.45 L 134.01 178.45 L 134.01 183.23 L 129.44 183.23 L 129.44 187.5 L 147.5 187.5 L 147.5 183.23 L 142.9 183.23 L 142.9 178.45 L 158.96 178.45 C 161.47 178.45 163.5 176.46 163.5 173.97 L 163.5 147 C 163.5 144.51 161.47 142.5 158.96 142.5 Z" fill="#757575" stroke="none" pointer-events="all"/><path d="M 117.88 146.84 L 158.99 146.84 L 158.99 174.1 L 117.88 174.1 Z" fill="#ffffff" stroke="none" pointer-events="all"/><rect x="450.5" y="75" width="106" height="20" fill="none" stroke="none" transform="translate(2,3)" opacity="0.25"/><rect x="450.5" y="75" width="106" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 104px; height: 1px; padding-top: 85px; margin-left: 452px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 25px; font-family: Lucida Console; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; word-wrap: normal; "><font face="Helvetica" style="font-size: 14px">Remote Users</font></div></div></div></foreignObject><text x="504" y="93" fill="#000000" font-family="Lucida Console" font-size="25px" text-anchor="middle" font-weight="bold">Remote Us...</text></switch></g><rect x="586" y="10" width="50" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 590.24 33.27 L 590.24 11.35 C 590.55 10.62 591.21 10.11 591.99 10 L 629.86 10 C 630.82 10.11 631.6 10.81 631.81 11.74 L 631.81 33.27 L 635.82 37.61 C 636 38.15 635.83 38.71 635.35 39.16 C 634.88 39.62 634.14 39.92 633.32 40 L 588.73 40 C 587.9 39.93 587.15 39.63 586.66 39.18 C 586.18 38.72 586 38.15 586.18 37.61 Z M 591.89 33.27 L 630.31 33.32 L 630.31 12.19 C 630.13 11.66 629.66 11.28 629.1 11.2 L 592.9 11.2 C 592.35 11.38 591.96 11.87 591.89 12.44 Z M 607.14 36.21 L 605.78 38.16 L 615.21 38.16 L 614.16 36.21 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><rect x="591" y="130" width="50" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 595.24 153.27 L 595.24 131.35 C 595.55 130.62 596.21 130.11 596.99 130 L 634.86 130 C 635.82 130.11 636.6 130.81 636.81 131.74 L 636.81 153.27 L 640.82 157.61 C 641 158.15 640.83 158.71 640.35 159.16 C 639.88 159.62 639.14 159.92 638.32 160 L 593.73 160 C 592.9 159.93 592.15 159.63 591.66 159.18 C 591.18 158.72 591 158.15 591.18 157.61 Z M 596.89 153.27 L 635.31 153.32 L 635.31 132.19 C 635.13 131.66 634.66 131.28 634.1 131.2 L 597.9 131.2 C 597.35 131.38 596.96 131.87 596.89 132.44 Z M 612.14 156.21 L 610.78 158.16 L 620.21 158.16 L 619.16 156.21 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><rect x="532.5" y="0" width="47" height="50" fill="none" stroke="none" pointer-events="all"/><path d="M 545.94 14.39 C 545.86 10.61 547.12 6.96 549.43 4.25 C 551.73 1.55 554.89 0.01 558.19 0 C 565.55 0.08 571.55 6.48 571.82 14.54 C 572.1 18.24 570.99 21.91 568.74 24.69 C 566.5 27.46 563.33 29.1 559.96 29.23 C 552.51 29.39 546.29 22.81 545.94 14.39 Z M 532.5 50 C 532.8 42.97 535.38 36.42 539.64 31.94 C 543.01 28.56 547.71 28.36 551.25 31.44 C 553.27 32.95 555.49 34.17 557.85 35.06 C 560.26 36.12 562.91 35.94 565.23 34.56 C 566.5 33.94 567.62 33.04 568.53 31.94 C 569.42 30.86 570.97 30.64 572.12 31.44 C 574.14 32.81 575.96 35.24 577.38 38.48 C 578.76 42.16 579.48 46.05 579.5 49.99 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><rect x="532.5" y="120" width="47" height="50" fill="none" stroke="none" pointer-events="all"/><path d="M 545.94 134.39 C 545.86 130.61 547.12 126.96 549.43 124.25 C 551.73 121.55 554.89 120.01 558.19 120 C 565.55 120.08 571.55 126.48 571.82 134.54 C 572.1 138.24 570.99 141.91 568.74 144.69 C 566.5 147.46 563.33 149.1 559.96 149.23 C 552.51 149.39 546.29 142.81 545.94 134.39 Z M 532.5 170 C 532.8 162.97 535.38 156.42 539.64 151.94 C 543.01 148.56 547.71 148.36 551.25 151.44 C 553.27 152.95 555.49 154.17 557.85 155.06 C 560.26 156.12 562.91 155.94 565.23 154.56 C 566.5 153.94 567.62 153.04 568.53 151.94 C 569.42 150.86 570.97 150.64 572.12 151.44 C 574.14 152.81 575.96 155.24 577.38 158.48 C 578.76 162.16 579.48 166.05 579.5 169.99 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><path d="M 327.5 350.5 L 327.5 483.63" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 327.5 488.88 L 324 481.88 L 327.5 483.63 L 331 481.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 327.5 350.5 L 327.5 410.3 Q 327.5 420.3 317.5 420.3 L 161 420.3 Q 151 420.3 151 430.3 L 151 483.63" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 151 488.88 L 147.5 481.88 L 151 483.63 L 154.5 481.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><path d="M 327.5 350.5 L 327.5 410.3 Q 327.5 420.3 337.5 420.3 L 493.5 420.3 Q 503.5 420.3 503.5 430.3 L 503.5 483.63" fill="none" stroke="#666666" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 503.5 488.88 L 500 481.88 L 503.5 483.63 L 507 481.88 Z" fill="#666666" stroke="#666666" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 384px; margin-left: 328px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; background-color: #ffffff; white-space: nowrap; "><span>Authorized</span></div></div></div></foreignObject><text x="328" y="387" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">Authorized</text></switch></g><rect x="106" y="490" width="90" height="89" fill="none" stroke="none" pointer-events="all"/><path d="M 164.64 503.43 L 186.45 503.43 L 186.45 500.05 L 164.64 500.05 Z M 155.09 506.9 L 155.09 494.3 C 155.09 492.39 157.2 490 160.56 490 L 190.58 490 C 193.78 490 196 492.31 196 494.37 L 196 558.72 L 175.55 558.72 L 175.55 549.71 L 186.45 549.71 L 186.45 546.33 L 175.55 546.33 L 175.55 540.7 L 186.45 540.7 L 186.45 537.32 L 175.55 537.32 L 175.55 514.74 C 175.55 510.14 170.91 506.9 166.2 506.9 Z M 115.29 503.43 L 137.42 503.43 L 137.25 500.05 L 114.96 500.05 Z M 106 558.72 L 106 494.39 C 106 492.04 108.58 490 111.25 490 L 141.6 490 C 144.22 490 146.91 491.92 146.91 494.42 L 146.91 506.9 L 135.87 506.9 C 130.2 506.9 126.45 510.86 126.45 514.63 L 126.45 537.32 L 115.55 537.32 L 115.55 540.7 L 126.45 540.7 L 126.45 546.33 L 115.55 546.33 L 115.55 549.71 L 126.45 549.71 L 126.45 558.74 Z M 140.09 523.8 L 161.91 523.8 L 161.91 520.42 L 140.09 520.42 Z M 140.09 560.97 L 161.91 560.97 L 161.91 557.59 L 140.09 557.59 Z M 140.09 569.99 L 161.91 569.99 L 161.91 566.61 L 140.09 566.61 Z M 130.55 579 L 130.55 514.68 C 130.55 512.25 133.2 510.28 135.82 510.28 L 166.02 510.28 C 169.05 510.28 171.45 512.41 171.45 514.69 L 171.45 579 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 586px; margin-left: 151px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap; ">Secured<br />Application</div></div></div></foreignObject><text x="151" y="598" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle" font-weight="bold">Secured...</text></switch></g><rect x="282.5" y="490" width="90" height="89" fill="none" stroke="none" pointer-events="all"/><path d="M 341.14 503.43 L 362.95 503.43 L 362.95 500.05 L 341.14 500.05 Z M 331.59 506.9 L 331.59 494.3 C 331.59 492.39 333.7 490 337.06 490 L 367.08 490 C 370.28 490 372.5 492.31 372.5 494.37 L 372.5 558.72 L 352.05 558.72 L 352.05 549.71 L 362.95 549.71 L 362.95 546.33 L 352.05 546.33 L 352.05 540.7 L 362.95 540.7 L 362.95 537.32 L 352.05 537.32 L 352.05 514.74 C 352.05 510.14 347.41 506.9 342.7 506.9 Z M 291.79 503.43 L 313.92 503.43 L 313.75 500.05 L 291.46 500.05 Z M 282.5 558.72 L 282.5 494.39 C 282.5 492.04 285.08 490 287.75 490 L 318.1 490 C 320.72 490 323.41 491.92 323.41 494.42 L 323.41 506.9 L 312.37 506.9 C 306.7 506.9 302.95 510.86 302.95 514.63 L 302.95 537.32 L 292.05 537.32 L 292.05 540.7 L 302.95 540.7 L 302.95 546.33 L 292.05 546.33 L 292.05 549.71 L 302.95 549.71 L 302.95 558.74 Z M 316.59 523.8 L 338.41 523.8 L 338.41 520.42 L 316.59 520.42 Z M 316.59 560.97 L 338.41 560.97 L 338.41 557.59 L 316.59 557.59 Z M 316.59 569.99 L 338.41 569.99 L 338.41 566.61 L 316.59 566.61 Z M 307.05 579 L 307.05 514.68 C 307.05 512.25 309.7 510.28 312.32 510.28 L 342.52 510.28 C 345.55 510.28 347.95 512.41 347.95 514.69 L 347.95 579 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 586px; margin-left: 328px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap; ">Secured<br />Application</div></div></div></foreignObject><text x="328" y="598" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle" font-weight="bold">Secured...</text></switch></g><rect x="458.5" y="490" width="90" height="89" fill="none" stroke="none" pointer-events="all"/><path d="M 517.14 503.43 L 538.95 503.43 L 538.95 500.05 L 517.14 500.05 Z M 507.59 506.9 L 507.59 494.3 C 507.59 492.39 509.7 490 513.06 490 L 543.08 490 C 546.28 490 548.5 492.31 548.5 494.37 L 548.5 558.72 L 528.05 558.72 L 528.05 549.71 L 538.95 549.71 L 538.95 546.33 L 528.05 546.33 L 528.05 540.7 L 538.95 540.7 L 538.95 537.32 L 528.05 537.32 L 528.05 514.74 C 528.05 510.14 523.41 506.9 518.7 506.9 Z M 467.79 503.43 L 489.92 503.43 L 489.75 500.05 L 467.46 500.05 Z M 458.5 558.72 L 458.5 494.39 C 458.5 492.04 461.08 490 463.75 490 L 494.1 490 C 496.72 490 499.41 491.92 499.41 494.42 L 499.41 506.9 L 488.37 506.9 C 482.7 506.9 478.95 510.86 478.95 514.63 L 478.95 537.32 L 468.05 537.32 L 468.05 540.7 L 478.95 540.7 L 478.95 546.33 L 468.05 546.33 L 468.05 549.71 L 478.95 549.71 L 478.95 558.74 Z M 492.59 523.8 L 514.41 523.8 L 514.41 520.42 L 492.59 520.42 Z M 492.59 560.97 L 514.41 560.97 L 514.41 557.59 L 492.59 557.59 Z M 492.59 569.99 L 514.41 569.99 L 514.41 566.61 L 492.59 566.61 Z M 483.05 579 L 483.05 514.68 C 483.05 512.25 485.7 510.28 488.32 510.28 L 518.52 510.28 C 521.55 510.28 523.95 512.41 523.95 514.69 L 523.95 579 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 586px; margin-left: 504px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap; ">Secured<br />Application</div></div></div></foreignObject><text x="504" y="598" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle" font-weight="bold">Secured...</text></switch></g><image x="277" y="250" width="100" height="100" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAg4AAAH9CAYAAAByVfQTAAABhGlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AcxV9TS0tpcbCDiEOG6mRBVMRRq1CECqFWaNXB5NIvaNKSpLg4Cq4FBz8Wqw4uzro6uAqC4AeIi6uToouU+L+k0CLGg+N+vLv3uHsHCK0q08y+cUDTLSOTSoq5/KoYfEUIAUQRRlBmZn1OktLwHF/38PH1LsGzvM/9OaJqwWSATySeZXXDIt4gnt606pz3iWOsLKvE58RjBl2Q+JHristvnEsOCzwzZmQz88QxYrHUw0oPs7KhEU8Rx1VNp3wh57LKeYuzVm2wzj35CyMFfWWZ6zSHkcIiliBBhIIGKqjCQoJWnRQTGdpPeviHHL9ELoVcFTByLKAGDbLjB/+D392axckJNymSBAIvtv0xAgR3gXbTtr+Pbbt9AvifgSu966+1gJlP0ptdLX4E9G8DF9ddTdkDLneAwae6bMiO5KcpFIvA+xl9Ux4YuAXCa25vnX2cPgBZ6ip9AxwcAqMlyl73eHeot7d/z3T6+wHTLnJn3i2+UgAAAAZiS0dEAG4AQwDoA0wrgAAAAAlwSFlzAAAN1wAADdcBQiibeAAAAAd0SU1FB+MIBRY4MQVAG3wAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIEdJTVBXgQ4XAAAgAElEQVR42u3debxVZb3H8c/ZIMigOMAhTU2vQ5bTJYdySCscUJDAAayrmd2irC4qKqIpapYiJUq3sriVmTaIJV6SVIQs0yyHvE6VUzmlcM4RGQ9w4Jx9/1gPRgjn7H32Xnuv4fN+vdbrlaZ4zm896/l91/SshvFDFyAptbYBBoZtW2DrsG0FDAC2BLYIWz+gb9g2B3qHrRfQM2w9gALQEP78ItABtANrw9YGrA7bKqA1bCuAZWFbCiwBFgNvhu0NoCVsi9x1Ujr1tARSIm0J7ATsCOwAvBPYHtgubIOBxtD049QQwkSPKv+32oAmYCHwetheA/4BvAq8ArwcAogkg4Mk4F3AbsCuYdslbDuHKwhZ1isEoh26+OdagBeBv4fthbA9D7zkEJIMDlLWNAB7Ae8J257Au4E9gP6Wp0vrbsMcsJH/bznwLPAM8FfgL2F7mugWiySDg5RojcB+YdsH2DtsvSxNLPoD7wvb+tqAp8L2JPB42JosmWRwkOp5Jrx/2IaEbVfLkgi9NhEoXgAeC9ujYWuxXJLBQYrDEOD9wEHAgeFKgtJl3bMkJ633954CHgYeAv4YQoUkg4NUlh7AocAhYTuY7D+smFfrbiedEf66BXgQ+H3YHiB6FVWSwUH6F4cBhwMfDP/bBxfzaSBwfNggegDzfuB3wH3hf0sGBymH3gt8OGxHeEVBm9AfGBY2iK5I/Ba4N2x/tkQyOEjZ1Ac4Chgatr0sibphIHBi2CB69XN+2O4BVloiGRyk9NoFOAY4Omz9LImqbK+wjSdacntu2O4mWrBKMjhICbcfcBxwLNHzClKt9ANGhw2i5yLuBH5FtI6ElAkNfuRKGXAgMAIYTrSugpQ0jwJzgDuIXv+UDA5Sjb0PGBm2IZZDKfIYMDtsf7IcMjhI8dmd6DLwKKK1FaS0exC4HZgFPGc5ZHCQKrcV0RPsJxA9uyBl1a+A24BfAIsthwwOUnmGES0NfBIwwHIoR5YAPw/bXZZDBgdp03YDxoRtP8sh8TgwM2zPWw4ZHKTIKOAUYKylkDbpFuBnRM9ESHXjOg6qlx2B/wA+DuxjOaQujQ3bk8BPgB8Dr1gW1ZpXHFRrRwCnhtDQx3JI3bYyhIebib6fIdVEwRKoRk4lWob3N8CnDQ1SxfqEY+k34dg61ZLI4KC0GwScR3Rp9Sai70VIqr6jwzH2ZDjmBlkSxcVbFYrDu4EzgE8Cgy2HVHMLgR8CNwDPWA5Vk1ccVE0HAt8BngAuMDRIdTM4HINPhGPyQEsig4OS5Aiiy6QPAZ8FelkSKRF6hWPyoXCMHmFJZHBQPR1J9G75b/DBLCnpTg3H6i3h2JUMDqqZo4BbgXuIVnmUlB5jwrF7aziWJYODYvORcLYyl+gbEpLS66RwLN8Sjm3J4KCqOZTo/uh8vMIgZc2YcGzfFI51yeCgbtsP+C5wPz7DIGXdqeFY/y5+ZE4GB5XpXcBU4PfAOMsh5cq4cOxPDXOBZHDQJvUDJoWzjvOBvpZEyqW+YQ64P8wJ/SyJDA7a0BnA74CrgB0sh6QwF1wV5oYzLIcMDoJojfs7gB8AQyyHpI0YEuaIO/CbMwYHS5BbewLXE31Vb7jlkFSC4WHOuD7MITI4KAd6AROJXr/6nOWQ1A2fC3PIRFxi3uCgTBtNtGLc1cD2lkNSBbYPc8k9YW6RwUEZsicwA7gNONxySKqiw8PcMgNvXxgclAnjgbuAz1gKSTH6TJhrxlsKg4PS6QhgNjAdF3GRVBvvCnPObPyEt8FBqdEfuAyYAxxvOSTVwfFhDroszEkyOCihhhO9Z30prvQmqb76hbnoDnzl2+CgxNkWmIKXByUlz7rbplPCXCWDg+rseOB24AL3p6QE95oLwlzlLVSDg+pkS+CrwCzgMMshKQUOC3PWV8McJoODauRIovemLwJ6WA5JKdIjzF23hblMBgfFbBLwc2CopZCUYkPDXDbJUhgcFI8hwEyiT9wOsBySMmBAmNNm4td5DQ6qqjOAW4CTLYWkDDo5zHFnWAqDgyozCJgG/ADY3XJIyrDdw1w3Lcx9MjioTB8CfgycYykk5cg5Ye77kKUwOKh0ZwI3A0dZCkk5dFSYA8+0FAYHda6R6AMx3wbeaTkk5dg7w1w4PcyNMjhoA4cCN+InaSVpfePD3HiopTA46J9OB24AhlkKSXqbYWGOPN1SGBzyrifRZ2e/j29NSFJndg9z5WVh7pTBIXd2A75H9NlZl42WpK71CHPm98IcKoNDbnwYmIGX3SSpO04Pc+iHLYXBIQ9OA77rgJekik/AvhvmVBkcMusC4Dv4PIMkVcPuYU69wFIYHLJmG+A6YArQ13JIUtX0DXPrdWGulcEh9d4DfAs4y1JIUmzOCnPteyyFwSHNDgf+GzjFUkhS7E4Jc+7hlsLgkEajiZZKHWopJKlmhoa5d7SlMDikyaeI7rf9u6WQpJr79zAHf8pSGBzSYAJwLbCTpZCkutkpzMUTLIXBIcm1vBy4BtjSckhS3W0Z5uTL7XcGhyQOzq8Bky2FJCXO5DBHe1JncEiE7cKA9HKYJCXXhDBXb2cpDA71tCtwNTDOUkhS4o0Lc/aulsLgUA97AVfhOumSlCanhbl7L0thcKilIcCVwMmWQpJS5+Qwhw+xFAaHWjgI+Cow0lJIUmqNDHP5QZbC4BCnQ4ArgGMthSSl3rFhTj/EUhgc4nAY8GXgaEshSZlxdJjbD7MUpelpCUryQeBS/O6EJGXRurn9cuB3lqNzXnHo2qGGBknKRXi4NMz56oRXHDr3AeAyQ4Mk5SY8FIFLgD9YDoNDuQ4IoeFISyFJuXEk0A5cDDxiOQwOpdo3hIZjLIUk5c4xwFrgIuAJy2Fw6Mq7Q2gYbikkKbeGA23AhcAzluOffDjyX72L6OGY0ZZCknJvdOgJ77IU/+QVh38aGAbIxyyFJCn4GLAKmAi0WA6vOKyzeQgNZ1gKSdIGzgg9YnNLYXBY51Lgi5ZBkrQJXwy9wuBgCbgImGQZJEldmBR6hsEhx75ggpQkleHS0DsMDjn0cWAy0MvjQJJUol6hd3zc4JAvx4Qd3+gxIEkqU2PoIblcJDCPwWF/oktN73bsS5K66d2hl+xvcMi2HUNKPNgxL0mq0MGhp+xocMimdfelRjrWJUlVMpKcPS+Xp+BwCfBpx7gkqco+HXqMwSFDPk/0iVRJkuJwceg1BocMGJmnJChJqptLyMHt8KwHhyFhR77D8SxJitk7Qs8ZYnBIp23CDjzAsSxJqpEDQu/ZxuCQPpcQfUtdkqRaGk2Gb5FnNTj8F3C2Y1eSVCdnh15kcEiB4fgGhSSp/i4OPcngkGB7AF/Cb1BIkuqvMfSkPQwOyfUlXE5akpQcB4feZHBIoIuATzhGJUkJ84nQowwOCTI6SztFkpQ5F5GRN/2yEBz2CDukn+NSkpRQ/UKvSv3zDlkIDhfiIk+SpOQ7IPQsg0MdTQA+6ViUJKXEJ0PvMjjUwdAsJDdJUu5cGHqYwaGGtgYmAQMdf5KklBkYetjWBofamQQc6diTJKXUkaGXGRxq4GRgomNOkpRyE0NPMzjEaOe0JjRJkjZiUuhtBocY09n7HGeSpIx4Hym7ip6m4PAJ4EzHmCQpY84kRZ9MSEtw2BWfa5AkZdfE0OsMDlUs6F6OK0lSRu2VlhPkNASHU4FxjilJUsaNCz3P4FCBHYDzHEuSpJw4L/Q+g0MFBdzPcSRJyon9kn7CnOTgMBI4yzEkScqZs0IPNDiUoS9wrmNHkpRT54ZeaHAo0QTgcMeNJCmnDiehn99OYnA4kJR/q1ySpCqdRB9ocCitUFs7XiRJObd1Ek+kkxYcTgNOcaxIkgShJ55mcNh0sjrbMSJJ0r84mwRdiS8krDB++VKSpH/1viSdWBcSVBTXbJAkaePOSsrJdVKCw3hggONCkqSNGhB6pcGBaHWs0x0TkiR16nQSsKJkEoLDeMeCJEnp6Jn1Dg6fBYY6DiRJKsnQ0DtzGRy2Ar7oGJAkqSxfDD00d8HhC8De7n9Jksqyd+ihuQoOu9Tzl5YkKeW+EHppboLD54Ht3O+SJHXLdqGX5iI47FuvX1aSpAz5fOipmQ8OZwJ93d+SJFWkb+ipmQ4O7wc+576WJKkqPhd6a2aDg6FBkqQU99ZaBodDgU+6fyVJqqpPhh6bueDwWfetJEnp7rG1Cg6HAqe5XyVJisVp1OiqQ62Cw2fcp5Ikpb/X1iI4HISfzZYkKW6nh56b+uDwafelJEk1EXvPjTs47AP8p/tRkqSa+M/Qe1MbHD5Ffb/AKUlSnhRC701lcNgJOMN9KElSTZ0RenDqgsMZwAD3nyRJNTUgzhP3uIJDf1wlUpKkevlk6MWpCQ6nAzu73yRJqoudiWkphLiCwyfcZ5Ik1VUsvTiO4HACNViAQpIkdeqg0JMTHxz8JoUkSclQ9Z7cs8p/3v7AqLzvpWl3NdKjZ4PDVZISoH1tkQnDmvL6648KvfnRpAaHU/O4V6b+spHefQwKkpREPXo2MH3e4Lf+ek1bkfOOy1WQOLWawaFh/NAF1fqztgKeBQblYS98+WeDxgwYWJjpISlJ6bWkpWPM5FOasz6XNwN7AIuTFhw+D3wr64Nsyv820qefVxckKUtWrywy8fhMX4X4AvDtpAWH+4FDs1rxqbMb6d3XwCBJWda2usj5wzMZIB4ADqvGH1Sttyo+nOXQMH3eYEODJOVAr97/+jxEhhwaenXFqvVw5NgsVvm6ewbTYF6QpNyZPm8wxSKcfdTCLP1aY4F7K/1DqnHFYZssBofp8wwNkpRnDQ1k7erD2NCzK1KNKw5jiN6oyISrZg2i7xYFjxhJ0lsnkq3LOrhwdHPaf5WtQs/+TiV/SDU65MlZGRxfn9NoaJAkvU3fLQpcc2djFn6Vint2pV1yf+AjWajktXMHs1lv701Ikjau52YNXDs39bcuPhJ6d92Cw4lZGAzX3TOYghcaJEldNc1C1DNSrqLenfvgcM2djT4EKUkqWUMDTLsr1eGhbsHhOKIlLFNr6i8b6bmZqUGSVJ4ePaOFAVNqj9DDax4cRqd9x/thKklSt3tIuhcG7HYP725w2JyUfz47oyuDSZLsJaUYFXp5zYLDR4GB7mhJkuEhlT1lYOjlNQ0OqXTlbYMc5ZKkqrpqVip7S82CwwBgZFp3br8tfe9SklRdKV08cGTo6bEHh+OBfmmsUAbevZUk2WOqdi4denrswWF4Wneq6zVIkuwxlfX0coNDf2BEGivjA5GSJHvN24wIvT224HBcuf8BSZKUWP0pczGocj+rfWwaq+KzDV1buaLI6taOAy79WMsjnf1zV8wcNKNPv4ZxfhAse9a0FVm1ojjv4pObj+zsn+vdv2HO5TcPGt6nv2Mga4pFWLm8tM9HX/mLQWzer0CPntZtQ9PnDeasIxem6Uc+FphZ6j/cMH7ognL+8AXA4DTuREXiHMxTbm/EZpJ8q1uLTBzZ5PGW84Bw9lHxzQXT7mqkR898zwUpCw4LgXfEERyOBu5O2867/KcDD9hqUI9H8jp4ly3u+NvFJzX/Wz3+21fPbmTzvgaJeutoh3OOqd8kZpCwkU27a3DurkwsaekYM/mU5pkp+pGPAeZWOzhcA0zwakMKBuwbHZMmj22ekqSf6etzGvH2Ru20ry0yYVhTon6m3v0b5ky9vXG4eyffZ73X3TM4N2+4peyqwzTg3GoHhyeBvQ0OybR2TZFzj21Kxc+ap4nDiWrjps5uTPsHghKrdVlpzyg4P3s8buApYJ9qBod9gCfSuOOyPjDjvl8dp2vnDqbgQp4Vi/t+dZyumDloxpbbFMa5F3PXpHIxT6dwn+wbLhJUJTicQ3QZI1WyfGa7YkkHF53YnInf5dq7B1Po4cSfp8CwoS/fMmjSgG0LU9yr+QoMWQ8QKTxGJwDXVis43EEKV4zMYoptW13k/OFNZJEP0eWzWazPWxilW9zc3uXr084FHqtlmkMJizyWEhz6Ai1AHwefA9D9Vl9JfPDVMVBb9X5Lplay8lZWyubtlUSf226tNDgMD1ccnHxsFjVzzZ2N9NzMM8+8NQsDhCcPWRsDKdxnI8KVh00q5dG0D3m41nfQ5S00AJx7bFMuJ8lNjYE8hoa8NspNBce81uKsIxeycnnRQVA7Xfb8UoLDEWn8za/8xaBU77k1bUUnTRuHYyDUYPXK/DaOxc3tB+Q1OK4zaVR6TySuvC11vajLnt/VrYrtgX+kcWeleaUym8XbfW1OI71ytIBUXm9NdCVvty6cC9I/BlJ6LL8TeK27VxwOT+vgMjRky/nDm1jyRsekPPyuK5Z2GBo8PpwLOqlL+9r0XIFK6avmnfb+roLDYQ5TJ4qkmDy2eUrWa7R0UceMi05odmfn+DgpFp0LujJhWBOrW33uIUaHGRycDK1VSn6vS8Y0u4pijsdA+9rsLOoVt4kjm2hd1mEhEhYctgf2s35OgtbM3yepNStm6KRzzeoiE4Y5Dspx4ehmlrR0jLESVbdfyABlB4dDrJ0Nw9r5eyRZVs7OOzrgvIyuCBu3yac0z1y2uONvVqLqDulOcDjYutkwrGG8PFtyDBSLcM7RzgWVuPik5n9rW+UzD1V2cHeCwwesm5NdGixd1DEjjT/3yhVFJp/SPNM9mO/jyWcaquP8EU10tFuHKvpAucGhD/B+6+YklwaXjGkel7YnrNe0FZn0US9N5/24ci6oLl9jrqr3s4lvVG0qOBwE+KHjGPgUcDwmjkxXEz7vOENDLONgVNMcQ4MBUlXRI2SBkoPDgdas+orF6Clg5XvCcGKLz+rlxeEdKcjmnkB4jKXEgeUEhwOsV/V5L9MJI01nxGmV9AcNPYGoUYh0gahqOKCc4LC/9TIBp1Xb6mROGO1rozNi91C+jzdPIGoU0kd6O7AK9i81OLwD2M16Vc/aNSbfWjo/oe/Du7hPjc84E/hFTU8grHfK7BYyQZfBYYi1qq5zjzX55n3CcAKrwxnn8R53Atd3qNgQg0OtJy/vaddN0fnCAJmgwGZ4rI/zRxggaxEc/D5FFXlPu36Sci/ZhqGkPndjgFQJ9islOOxrnRysWbGqzk9Wr2mzYXgcJve5G6kE+3YVHLYE9rROyooL6vxktQs9JUM9b1utWOqaDQbIVNszZINNBoe9rZGDNGvW1OkycYf9IjHqedvqohNcs0Gpt3dnwWEv66Osqdfniv3iYbLU46qDixB5QpcRexkcHJy50762thO4b3QkTz2uOrgIkfIQHN5jfZRFE4bVdgJ3dUDVOqzKE7sYvaez4OCDkRXyQSjJplGPsCrFaM9NBYetgJ2sT2V8ECq5Fje31+TjbX75UEo2byWWbaeQEd4WHPawNsqySz/W8kgt/jt++VArV9iZksxbid2yx8aCw+7WpTLeO5M8TgEmfdTbFMqc3Q0OsmkYHqXc6mi3BtUIDrtaF0mqjGs3pMM5xxjyy7SrwcHJQsqtJW90TIrrz3btBuUpOOxiXZws8qB9bTx/rk9qp8fksc1TrIJUll02DA79gXdYF+XBhGHxXKL0SW0pbScRpv0yvCNkhbeCw87WRJIq42uYaTuJ8EpxmXZePzi48FNFqdUaSKlr8sur3+R9DVMZt9P6wWFH61FJavUStZQ2k0bZ5KUy7bh+cNjBeihPOlwVWpLKtYPBQbl1ztHVvUrk9ykk5S04bG89pO7z+xRSOrWt8oHWMmy/fnDYznpIUve5jkc6nT/CZ13KsJ3BQZKqZPVKk4PyExw2AwZaD0mqIDi0FsdYBWXcQGCzAtBoLSSpMpNPaZ5pFZQDjQVgkHWQlEcuOSyVbVABb1NUxAeipPTyuQSpbAMLwLbWQVIe9e5TqNqfdfVs7/qm0RUzB82wCmXZtiewjXXovoYGmD5vsIXIOceANu/b4DhIp3GWoCzbFICtrYMkSSrB1gVgK+sgSZJKsFUBGGAdJElSCQYUgC2tgyRJKsGWBWAL6yBJkkqwRQHobx0kSVIJ+heAftZBkiSVoF8B6GsdJElSCfoWgD7WQZIklaBPAehtHSRJUgl6GxwkSVJZwaGXdZAkSSXoVQA2sw6SJKkEmxWAHtZBkiSVoIfBQZIklRUcGqyDJEkqQYPBQZIklRUcitZBkiSVoNgzBAevOuTUqtYiF4xs6ta/O+2uwfToaQ3TrqMdzjlmYbf+3Sm3N9Knv9NHFixb3PG3i09q/rfu/LvX3TOYBodBboJDw/ihC9rI4CuZ0+cNdvdu4KwjF8b+37hq1iD6blGw2Am1ckWRSR9t8vjLc1DsgHOOjn8u+PqvGtmsl2miVnNvDa1pGD90wUpgc4ND9ixd1DHjkjHN4+r5M3xtTiO9ejt51O0Ibyty3nFNdf0ZLv/pwAO2GtTjEfdGvhtXnq9KZCw4rGoYP3TBUmALg4ONwonDiSpuU2c30ruvgyAvJw7Oz5kMDssaxg9d0AJsa3BwYNZK7/4Nc6be3jjcqT0/jcJjtDYqeV7FIOn8XKI3GsYPXfAPYHuDgwPS/ZROE0c1zVm9vJjaIOaVqMq1ry0yYVhTan/+rD8blbHg8FrD+KEL/gbsYnBIj2IRzj5qofsr5zI2GXHt3MEUfK62LGvXFDn32KbM/D5XzBw0Y8ttCuM8VhPt7w3jhy54GnivwcEB6FlHOtTqzQiPXeeCuoXIuwdT6OG+Sqg/9wRaPQRtFklw4ehmwEvXeW0W6/+OV/5iEP0GGCLzOgbWPadhiEyk1p7ACuvgRJEk627DOGnkdwxcdGKzY2ADWbstUeq490pk4qwoAMutQzKtWV3MXcPIc7O0Dhv/3Vcud1X8iaOa5uQtNKxz4ehm54JkWV4AllmHZE6Y5w1vsg5HLmT1ynw2jjVtRSdMYNKoptyHpzS/NVPNOhTNkEmwrAAstQ6eYSb6bOv4/DWOs45cmNiFvDwuaqOj3blgQ2cftZDWZR0Wor6WFoAl1iEZikUnChuHY8CzTljdWkzVQk615K2LultSABZbhwScXXRkb20Gm6q/X1xnnWvXZDc9tC7rYOJIrzZ5rCTW4gLwpnWor7VrijX5Wp0Thr9XVpx7bBOrW7MXHiaOapqz7rVkecwk1JsFYJF1qJ+2Vfl7xcoJwwmwKk12ZBMrVxQzNQZ8CNJjJwUWFYA3rEN9tK+F80cYGvI+YTjxdd+kjzaxpi394WHJGx2T3JseQynxRgFosQ61VyzChGEO9rxPGE54lTvvuCY6Uvyg/arWIpPHNk9xT3ospURLAfCGWh34IKQThhNd9aT1GaH2tUUu8EHIqlm6qGOGVYhdcwFw1NowrKk/r2OgxqKrjk6/1XTJmOZxbatdJSpmTQVgDd6ucHLLgLRMGO1r3VceX151jMv5rrgbpxZgzbovh7xuPeKXpSfAnTC6z2db4rViSfIfePAEwvqm1OsABocayvpnsZ0wnNCS4KITmxO9umRev73isZa94PCa9XAQW+t4LWnpGOPeqY0k3waYeLwnELXSvtaQVmWvrR8cXrUe8fFJXwFMPqV5plXId4D0BKK2fPi06l41ONTIJWOax1mFfE/QNgyt8Wl/j72MBYdXrIeDNmuSci85yx9k8vgr3Xk+7a/0e2X94PCy9ag+76/VV1LuJfstkvpKwmu6nkBY/4x4ef3g8KL1qD7vrzlh+EBk/flev4BUL0ueIC+uHxyWAwusSfV4eVrgA5FJUc/bVp7tJkNalyVPkAUhK7wVHAD+bl2qx8vTyVGvs/7WZZ7iJIWvQApI9PoeKfBWRlg/OLxgXarDS2Ke9QNcONrvxyVJPT6/7dWGZHGZ74q8YHCIkZfEkqfWyxC3rfLUJmnOO86rDlK1g8Nz1kVZddGJtT37P3+ETcqw6qXHJPIqULc9Z3BwUEoenxkKq1I9gsOz1kU2DcOjlHW+9dYtz24sOCzGhaAq4hO7UvLVYmE2w2Oy+dZb2V4OGeFtwQHgr9an+3xiNw1Nw/CYdy7MJpXtX7LBhsHhL9ZH2W4a8YY7w6OUDkn5lk1K/KWz4PC09ZGUdXFeGVrc3H6AFU4+FwUry9MGBycLKdfivDJ06cdaHrHCylNweMr6OFlk3crl8Zxu+qS2pIx6qrPgsBQfkFTGTRoVzyVKn9SWPInIoL+GbLDJ4ADwhHWSpPL5GqYnERn0tkywseDwuHUqz+pWU6uUNksXdcywClKXHi8lODxmncozcaSpVUqbS8Y0j7MKUpceMzhIwJrV1b1K5MJPkvIcHBYAz1srZdl5w6t7lciFnyRl0PMhE3QZHAAetV6SpKzz8+ed2mgW2FRwcE0CSSpDLT6eperz8+edeqSc4PCw9ZKk0q3y7Splz8PlBIeHgHZrJkklnrme4JmrMqU9ZIGSg8NK4I/WTZKkXPpjyAIlBweAP1g3SVlW7ddypQzZZAboLDg8aN261r7WGkhptaq1OM8qSOVlgM6Cw++tWwnBod0zFim9wb84ySpI5WWAzoLDa/jdCkmS8ubxkAHKDg4A91s/SZJypdPeb3CQJElVCw73WT9JknLlvkqCw2u4iqQkSXnxMJ0831BKcAD4rXWUJCkXuuz5pQSH31hHSZJyocueX0pwuJdNLDspSZIyY2Xo+RUHh1bg19ZTkqRM+3Xo+RUHB4D51lOSpEwrqdeXGhxcz12SpGwrqdeXGhyeBJ6yppIkZdJToddXLTgAzLWukiRlUsk9vpzgcLd1lSQpk0ru8eVecVhobSVJypSFxHTFAeBO6ytJUqaU1dsNDpIkGRxiCw6/ApZbY0mSMmF56O2xBYflwB3WWZKkTLij3AsChW78R+ZYZ0mSMqHsnt6d4PBLYIW1liQp1VaEnh57cFgCzLbekiSl2uzQ02MPDgD/a70lSUq1bvXySoJDizWXJCmVWmodHFYBt1t3SZJS6fbQy2sWHABmWXdJklKp2z28kuDwK+BZay9JUqo8S5mLPlUrOAD8wvpLkpQqFfVug2N/2bsAAA1ZSURBVIMkSQaHmgWHR4Ffuw8kSUqFX4feXbfgAHCr+0GSpFSouGdXIzjMBBa7LyRJSrTFoWfXPTgsAm5xf0iSlGi3hJ5d9+CAwUGSpFQEh4pVKzjcCzzgPpEkKZEeCL06McEB4CfuF0mSEqlqPbrawaHZfSNJUqI0JzU4LAZ+7P6RJClRfkwV334sVPmHu9n9I0lSolS1N1c7ODyKn9uWJCkpbqfClSLjDg4AN7mfJElKhKr35DiCw23AQ+4rSZLq6qHQkxMfHAB+5P6SJKmuYunFcQWHG4EX3WeSJNXFi6EXV13D+KEL4vqhLwUuc99JklRzlwGXx/EHF2L8oW8AlrjvJEmqqSWhB8cizuDwcpw/uCRJ2uSJ+8tpDA4APwA63IeSJNVER+i9sYk7ODwJfN/9KElSTXw/9N7UBgeA77kfJUmqidh7bi2Cw0PE9EqIJEl6y43UYAHGQo1+mf9xf0qSlP5eW6vg8AB+w0KSpLjcFHptZoIDwHfdr5IkpbvH1jI4PAD80H0rSVJV/ZAaXW2odXAA+I77V5Kk9PbWWgeHPxoeJEmqamj4Y5aDA8D1QKv7WpKkirSGnlpT9QgOTwDfdn9LklSRb4eemvngsO6Xfd19LklSt7xer5PwegWHvwPfcr9LktQt3wq9NDfBYd0v/ZT7XpKksjxVz5PvegaHxcA33f+SJJXlm6GH5i44QLTS1XzHgCRJJZlPnVdiLiSgCN9wHEiSlI6emYTgMBs/uy1JUlduDD0z98FhXYJa4piQJGmjlpCQK/RJCQ5/AqY7LiRJ2qjpoVcaHNZzXVKKIklSgvwp9MhESFJweDNJhZEkKUEn1m8aHDbuJuBnjhFJkiD0xJuS9AMVElikaUlKVpIk1cmboScmShKDw8NJLJQkSXU4kX7Y4FB6se5zzEiScuq+pJ5EJzU4tALXOG4kSTl1TeiFBocyzMa1HSRJ+TOdBKwQmcbgAPB14HHHkCQpJx4PvS+xkh4cXk16ASVJqvIJ86sGh8rcDMxwLEmSMm5G6HmJVkhJMacCTzumJEkZ9XTodYmXluDwQloKKklSN0+QXzA4VNePgOsdW5KkjLk+9LhUKKSsuFPxC5qSpOz4Eym7op624PAiMMVxJknKiCmhtxkcYnQrPu8gSUq/qaGnpUohpcWeAsxzzEmSUmoeKb2Cntbg8GYoeItjT5KUMi2hh71pcKit+cBVjj9JUspcFXpYKhVSXvxpwA8dg5KklPghCf1cdl6Cw7rk9ohjUZKUcI+QgSvlWQgOzwJXAisck5KkhFoRetWzBodkmBV2iCRJSXRl6FWpV8jYTvmRY1OSlDA/ytLJbSFjO+erwIOOUUlSQjwYelNmZC04PBt2UJNjVZJUZ02hJz2bpV+qkMEdNQf4iuNVklRnXwk9KVMKGd1Z/w1c55iVJNXJdaEXZU4hwzvtCjLyBKskKVVmhR6USVkODovCjnNxKElSrTwSes8ig0M6PRZ24ALHsiQpZgtCz3ksy79kIQc7cjYZvmQkSUqMK0LPybRCTnbmt/FNC0lSfL4Sek3mFXK0U68AvufYliRV2ffI0ZXtPAWHNuDL5OAykiSpZmaH3tJmcMimV8IOdllqSVKlHgw95ZU8/dKFHO7oR4HLgWcc85Kkbnom9JJH8/aLF3K6w+8OKdFvWkiSytUUesjdefzlCzne8T8hZ/elJEkVW/e83E/yWoBCzgfAt4guNUmSVIrLQ+/IrYJjgCuBKZZBktSFKaFn5JrB4Z8J8puWQZK0Cd/EK9QGh/WsCgPiBkshSdrADaFHrLIUBof1tYSB8VNLIUkKfhp6Q4ulMDhszEthgMyyFJKUe7NCT3jJUhgcOvMMcBkwx1JIUm7NCb3AxQINDiV5IgyYuy2FJOXO3aEHPGEpDA7leCQMnHmWQpJyY16Y+x+xFAaH7vhDGEDzLYUkZd78MOf/wVIYHCrxANHDMYYHScp2aLg8zPnqRE9LUJLfhRQKMNRySFLmQsNlwP2WomtecSjd/cBkYK6lkKTMmBvmdkODwSEWvwcuAe60FJKUeneGOf33lsLgEKeHgC8Bsy2FJKXW7DCXP2QpDA618BhwEXCrpZCk1Lk1zOGPWQqDQy09DVwI3GQpJCk1bgpz99OWwuBQDy8AFwAzLIUkJd6MMGe/YCkMDvX0OnA+MM1SSFJiTQtz9euWwuCQBEvDgPyypZCkxPlymKOXWgqDQ5J0AJcC5zo4JSkxJ3Xnhrm5w3IYHJJqGnAO8LKlkKS6eTnMxd5GNjikwg+As4H/sxSSVHP/F+bgH1gKg0OazALOwo9jSVItzQ9z7yxLYXBIo/uA/wJ+ZikkKXY/C3PufZbC4JBmfwG+AEy3FJIUm+lhrv2LpTA4ZMEiovttk4BWyyFJVdMa5tazw1wrg0OmXA18DnjOUkhSxZ4Lc+rVlsLgkGU3AZ8F7rUUktRt94a51O8FGRxyM+DHATdaCkkq241hDvUEzOCQK88DnwYuB9othyR1qT3MmZ8Oc6gMDrmzFrgM+E987kGSOvNcmCsvC3OnDA65diNwBnCXpZCkt7krzJHe3jU4aD0PAKcD37AUkvSWb4S58QFLYXDQ2zURLZX6eeAflkNSjv0jzIVnhblRBgd14nrgVOAeSyEph+4Jc+D1lsLgoNL9BvgP4FpLISlHrg1z328shcFB5WsGJgCfwrcuJGXbc2GumxDmPhkcVIEbgLHArZZCUgbdGua4GyyFwUHV8xgwBrgQWGI5JGXAkjCnjQlznAwOisEU4CRgvqWQlGLzw1w2xVIYHBS/ecAJwJW4XLWkdGkPc9cJYS6TwUE1shT4EjAauN9ySEqB+8Oc9aUwh8ngoDr4JTCK6Hv0HZZDUgJ1hDlqVJizZHBQnb0BTAJGAr+1HJIS5LdhbpoU5ioZHJQgc4ARRJ+dXWE5JNXRijAXjQhzkwwOSqjlRJ+dHY6XBCXVxy/DHHRZmJNkcFAKrLs8eBbwkuWQVAMvhTnH26YGB6XYN4BhwP9YCkkx+p8w13zDUhgclH5/BcYRvTd9n+WQVEX3hbllXJhrZHBQhswCjgIuAF6zHJIq8FqYS44Kc4sMDsqoNmAqMBT4juWQ1A3fCXPI1DCnyOCgHPgrcCZwDL4qJak0c8KccSbeljA4KLfmEr1n/Sn8Op2kjXsszBEjwpwhg4PEDcAHiT5x+6rlkBTmggvD3HCD5ZDBQRtaQfSJ28OArwGtlkTKpdYwBxwW5gRXopXBQZ16CZgIHALMsBxSrswIx/5EXDxOBgeV6XHgs+Gs42bLIWXazeFY/2w49iWDg7rtAeA0otevZloOKVNmhmP7tHCsSwYHVc2vgbHA0cDPLYeUaj8Px/LYcGxLBgfF5h7gZKIV47wCIaXLzHDsnhyOZcngoJqZF85WPoTPQEhJd3M4VseGY1cyOKhufkt0f/Qg4Lu4BK2UFG3hmDwoHKN+6loGByXKw8DngH2Bq4GFlkSqi4XhGNw3HJMPWxJVS8P4oQusguIyCDg9bHtbDil2TwE3hq3ZcigOXnFQnJqBrwP7EF0mdY17KR5zwzG2TzjmDA0yOCj1bib6qt6HgO8BKy2JVJGV4Vj6UDi2fEBZNeGtCtXLjsB/AB8PZ0mSSvMk8BPgx8ArlkMGB+XRKOAUotfEJG3cLcDPgNsthQwOUmQ3YEzY9rMcEo8TLdg0E3jecsjgIG3aMOCksA2wHMqRJUTLQf8cuMtyyOAglWcr4ETgBOA4y6EM+xVwG/ALYLHlkMFBqtzuwGiiZyIOthzKgAeJnlmYBTxnOWRwkOLzPmBk2IZYDqXIY8DssP3JcsjgINXegcAIYDiwv+VQAj0KzAHuwOWfZXCQEmU/omchjgU+aDlUR78D7iR6duFxyyGDg5R8uxCtqHd02PpZEsVoBdHSz3OBu4G/WxIZHKT06gMcBQwN216WRFXwNDA/bPfgUurKgZ6WQDmxkn8+kAbwXuDDYTsCGGiJVIIW4LfAvWH7syWRwUHKhz+H7Vvhrw8DDid6LuIwoL8lErAcuJ/oeYX7wv+WDA6SuH+9ptADOBQ4JGwH4xWJPF1ReBD4fdgeANoti2RwkDrTHs4u71vv7w0B3g8cRPT6596WKROeIno98iHgj0RrLEjqhA9HSt0zkGjNiP1DqBgC7GpZEu2FEAweI1pX4dFwhUFSGbziIHVPC9Erd3ev9/caidaR2A/Yh+iqxN5AL8tVU23hSsJTwJNEayg8DjRZGsngICVJE9Erefes9/caiF79fE/Y9gTeDeyBD2BWajnwLPAM8FfgL2F7GihaHsngIKVRcb2z3w29C9iN6BbHrkQLVu0C7IwPY67TArxItJjS34luN7wAPA+8ZHkkg4OUJy+Fbf5G/r8tgZ2AHYEdgHcC2wPbhW0w0a2RtN4GaSO6QrMQeD1srwH/AF4FXgFeBpY6TCSDg6SuLWXTVyrWtw3R1YmBwLbA1mHbChgQAsgWYesH9A3b5kDvsPUKc0FPoldRC0S3WCC6YtJB9KbJ2rC1AavDtgpoDdsKYFnYlgJLgMXAm2F7I1xBaAEWuYuldPp/Zrnp2L3+ya0AAAAASUVORK5CYII=" preserveAspectRatio="none"/></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://desk.draw.io/support/solutions/articles/16000042487" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Viewer does not support full SVG 1.1</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/docs/img/recovery-token.png b/docs/docs/img/recovery-token.png
deleted file mode 120000
index c3b226cb4..000000000
--- a/docs/docs/img/recovery-token.png
+++ /dev/null
@@ -1 +0,0 @@
-../../partials/img/recovery-token.png
\ No newline at end of file
diff --git a/docs/docs/install/binary.md b/docs/docs/install/binary.md
deleted file mode 100644
index 797af3872..000000000
--- a/docs/docs/install/binary.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: Binaries
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, reverse proxy, identity aware proxy
----
-
-# Binaries
-
-This document covers how to configure and run Pomerium using the official prebuilt binaries.
-
-## Prerequisites
-
-- A configured [identity provider]
-- [TLS certificates]
-
-## Download
-
-You can download the latest release from GitHub, or use the repositories we provide through [Cloudsmith]. In addition to the easy updates provided by the package manager, the `deb` and `rpm` packages include systemd service unit configurations.
-
-### Operating System Packages
-
-Through [Cloudsmith][cloudsmith-repo], we provide OS packages for Linux distributions using `deb` and `rpm` style package managers. Select your system's package format and architecture, then use the **Setup** tab to add the repository to your package manager.
-
-### Standalone Binary
-
-[Download] the latest release of Pomerium for your machine's operating system and architecture.
-
-## Configure
-
-Pomerium supports setting [configuration variables] using both environmental variables and using a configuration file.
-
-### Configuration file
-
-When using our OS packages, we provide a default configuration at `/etc/pomerium/config.yaml`. Otherwise, create the config file (`config.yaml`) in your preferred location.
-
-This file will be used to determine Pomerium's configuration settings, routes, and access-policies. Consider the following example:
-
-<<< @/examples/config/config.minimal.yaml
-
-You can also set some or all of your configuration keys as environment variables, in an `env` file for example. See the [Reference] page to identify the environment variable for each configuration option.
-
-## Run
-
-### OS Package
-
-1. The following command allows the Pomerium systemd service to bind to [privileged port] `443`:
-
-   ```bash
-   echo -e "[Service]\nAmbientCapabilities=CAP_NET_BIND_SERVICE" | sudo SYSTEMD_EDITOR=tee systemctl edit pomerium
-   ```
-
-1. Enable and start the service:
-
-   ```bash
-   sudo systemctl enable --now pomerium.service
-   ```
-
-### Manual Installation
-
-Source the configuration `env` file, if present, and run pomerium specifying the `config.yaml` .
-
-```bash
-./bin/pomerium -config config.yaml
-```
-
-## Navigate
-
-Browse to `external-verify.your.domain.example`. Connections between you and [verify] will now be proxied and managed by Pomerium.
-
-[configuration variables]: /reference/readme.md
-[download]: https://github.com/pomerium/pomerium/releases
-[verify]: https://verify.pomerium.com/
-[identity provider]: /docs/identity-providers/readme.md
-[tls certificates]: /docs/topics/certificates.md
-[Cloudsmith]: https://cloudsmith.io
-[cloudsmith-repo]: https://cloudsmith.io/~pomerium/repos/pomerium/groups/
-[Reference]: /reference/readme.md
-[privileged port]: https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html
\ No newline at end of file
diff --git a/docs/docs/install/from-source.md b/docs/docs/install/from-source.md
deleted file mode 100644
index 7ccf7332b..000000000
--- a/docs/docs/install/from-source.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-title: From Source
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, reverse proxy, from source, identity aware proxy
----
-
-# From Source
-
-This document covers how to retrieve and build Pomerium from its source-code as well as how to run Pomerium using a minimal but complete configuration. One of the benefits of compiling from source is that Go supports building static binaries for a [wide array of architectures and operating systems](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63).
-
-## Prerequisites
-
-- [git](https://git-scm.com/)
-- [go](https://golang.org/doc/install) programming language
-- A configured [identity provider]
-
-## Download
-
-Retrieve the latest copy of pomerium's source code by cloning the repository.
-
-```bash
-git clone https://github.com/pomerium/pomerium.git $HOME/pomerium
-```
-
-## Create local certs
-
-In production, we'd use a public certificate authority such as LetsEncrypt. For local development, we can use [mkcert](https://mkcert.dev/) to make locally trusted development certificates with any names you'd like.
-
-```bash
-# Install mkcert.
-go get -u github.com/FiloSottile/mkcert
-# Bootstrap mkcert's root certificate into your operating system's trust store.
-mkcert -install
-# Create your wildcard domain.
-# *.localhost.pomerium.io is helper domain we've hard-coded to route to localhost
-mkcert "*.localhost.pomerium.io"
-```
-
-## Build
-
-Build Pomerium from source in a single step using make.
-
-```bash
-cd $HOME/pomerium
-make
-```
-
-[Make] will run all the tests, some code linters, then build the binary. If all is good, you should now have a freshly built Pomerium binary for your architecture and operating system in the `pomerium/bin` directory.
-
-## Configure
-
-Pomerium supports setting [configuration variables] using both environmental variables and using a configuration file.
-
-## Configuration file
-
-Create a config file (`config.yaml`). This file will be use to determine Pomerium's configuration settings, routes, and access-policies. Consider the following example:
-
-<<< @/examples/config/config.minimal.yaml
-
-## Run
-
-Finally, run Pomerium specifying the configuration file `config.yaml`.
-
-```bash
-make && ./bin/pomerium -config config.yaml
-```
-
-### Navigate
-
-Browse to `verify.localhost.pomerium.io`. Connections between you and [verify] will now be proxied and managed by Pomerium.
-
-[configuration variables]: /reference/readme.md
-[verify]: https://verify.pomerium.com/
-[identity provider]: /docs/identity-providers/readme.md
-[make]: https://en.wikipedia.org/wiki/Make_(software)
-[tls certificates]: /docs/topics/certificates.md
diff --git a/docs/docs/install/img/kubernetes-gke.png b/docs/docs/install/img/kubernetes-gke.png
deleted file mode 100644
index 0860c44ca..000000000
Binary files a/docs/docs/install/img/kubernetes-gke.png and /dev/null differ
diff --git a/docs/docs/install/img/logged-in-as.png b/docs/docs/install/img/logged-in-as.png
deleted file mode 100644
index 7de800a74..000000000
Binary files a/docs/docs/install/img/logged-in-as.png and /dev/null differ
diff --git a/docs/docs/install/readme.md b/docs/docs/install/readme.md
deleted file mode 100644
index ea129ab43..000000000
--- a/docs/docs/install/readme.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-title: Quick-Start
-lang: en-US
-description: Get Pomerium up and running quickly with Docker.
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, docker, reverse proxy, containers, identity aware proxy
----
-
-# Pomerium using Docker
-
-In this quick-start document, we'll create a minimal but complete environment for running Pomerium with containers.
-
-## Prerequisites
-
-- A configured [identity provider]
-- [Docker] and [docker-compose]
-- [TLS certificates]
-  - This document assumes that your local Docker environment does not have a fully qualified domain name (**[FQDN]**) routed to it, and that you followed [Self-signed wildcard certificate] to generate a locally trusted key pair. Otherwise, adjust the configurations below to match your certificate solution.
-
-## Configure
-
-1. Create a [configuration file] (e.g `config.yaml`) for defining Pomerium's configuration settings, routes, and access policies. Consider the following example:
-
-   <<< @/examples/config/config.docker.yaml
-
-   Keep track of the path to this file, relative to the `docker-compose.yml` file created in the next step. `docker-compose.yml` will need the correct relative path to your `config.yaml`.
-
-1. Create or copy the following `docker-compose.yml` file and modify it to match your configuration, including the correct paths to your `config.yaml` and certificate files:
-
-   <<< @/examples/docker/basic.docker-compose.yml
-
-## Run
-
-Run docker compose:
-
-```bash
-docker-compose up
-```
-
-Docker will automatically download the required [container images] for Pomerium and [verify]. Then, Pomerium will run with the configuration details set in the previous steps.
-
-You should now be able access to the routes (e.g. `https://verify.localhost.pomerium.io`) as specified in your policy file.
-
-You can also navigate to the special pomerium endpoint `verify.localhost.pomerium.io/.pomerium/` to see your current user details.
-
-![currently logged in user](./img/logged-in-as.png)
-
-## Next Steps
-
-Now you can experiment with adding services to Docker and defining routes and policies for them in Pomerium. See [Guides](/guides/readme.md) for help or inspiration.
-
-::: warning This is a test environment!
-If you followed all the steps in this doc your Pomerium environment is not using trusted certificates. Remember to use a valid certificate solution before moving this configuration to a production environment. See [Certificates][tls certificates] for more information.
-:::
-
-[configuration file]: ../../reference/readme.md
-[container images]: https://hub.docker.com/r/pomerium/pomerium
-[docker]: https://docs.docker.com/install/
-[docker-compose]: https://docs.docker.com/compose/install/
-[verify]: https://verify.pomerium.com/
-[identity provider]: ../identity-providers/readme.md
-[tls certificates]: ../topics/certificates.md
-[fqdn]: https://en.wikipedia.org/wiki/Fully_qualified_domain_name
-[mkcert]: https://github.com/FiloSottile/mkcert
-[Self-signed wildcard certificate]: /docs/topics/certificates.md#self-signed-wildcard-certificate
\ No newline at end of file
diff --git a/docs/docs/k8s/helm.md b/docs/docs/k8s/helm.md
deleted file mode 100644
index df32d5628..000000000
--- a/docs/docs/k8s/helm.md
+++ /dev/null
@@ -1,246 +0,0 @@
----
-title: Helm
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, kubernetes, helm, reverse proxy, ingress controller
----
-
-# Install Pomerium using Helm
-
-This quick-start will show you how to deploy Pomerium with [Helm] on [Kubernetes].
-
-## Prerequisites
-
-- [Install kubectl].
-- [Install helm].
-- A Kubernetes provider.
-   - A cluster, with your local `kubectl` authorized to interact with it. The cluster configuration and node pool will depend on your provider and the scope of your project.
-   - Export the configuration file from your Kubernetes host and export it to your `KUBECONFIG` environment variable (usually by placing it in `~/.kube`).
-
-     See [Organizing Cluster Access Using kubeconfig Files] for more information.
-   - A namespace in the cluster for Pomerium. This document assumes the namespace `pomerium`, which you can create with `kubectl create namespace pomerium`.
-- A configured [identity provider].
-- A domain space. The steps below use `*.localhost.pomerium.io` as a placeholder value. We have set DNS records for this domain space to point to `127.0.0.1` (localhost), so you can use this domain space when testing Pomerium locally.
-- [TLS certificates]. If you don't yet have a production environment with trusted certificates, this page will cover using [mkcert] to create locally trusted certificates, and [cert-manager] to manage them in the cluster.
-
-::: tip
-This configuration installs Redis as the data broker service. While this isn't strictly required when running Pomerium by itself, it is necessary for Pomerium Enterprise, and still highly recommended if not.
-
-The configuration detailed below uses the Pomerium Ingress Controller. See our [Ingress Controller] doc for more detailed information and configuration options.
-:::
-
-## Certificates
-
-This setup uses [mkcert] to generate certificates that are trusted by your local web browser for testing, and cert-manager to manage them. If you already have a certificate solution, you can skip the steps below and move on to [the next stage](#install-pomerium).
-
-### Install mkcert
-
-!!!include(install-mkcert.md)!!!
-
-## Install and Configure cert-manager
-
-If you haven't already, install cert-manager and create a CA issuer. You can follow their docs (listed below) or use the steps provided:
-
-   - [cert-manager: Installing with Helm]
-   - [cert-manager: CA]
-
-1. Create a namespace for cert-manager:
-
-   ```bash
-   kubectl create namespace cert-manager
-   ```
-
-1. Add the jetstack.io repository and update Helm:
-
-   ```bash
-   helm repo add jetstack https://charts.jetstack.io
-   helm repo update
-   ```
-
-1. Install cert-manager to your cluster:
-
-   ```bash
-   helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace \
-   --version v1.4.0 --set installCRDs=true
-   ```
-
-1. Confirm deployment with `kubectl get pods --namespace cert-manager`:
-
-    ```bash
-    kubectl get pods --namespace cert-manager
-    NAME                                       READY   STATUS    RESTARTS   AGE
-    cert-manager-5d7f97b46d-8g942              1/1     Running   0          33s
-    cert-manager-cainjector-69d885bf55-6x5v2   1/1     Running   0          33s
-    cert-manager-webhook-8d7495f4-s5s6p        1/1     Running   0          33s
-    ```
-
-1. In your Pomerium namespace, create a Kubernetes secret for the rootCA-key file in your local CA root:
-
-   ```bash
-   kubectl create secret tls pomerium-tls-ca --namespace=pomerium \
-   --cert="$(mkcert -CAROOT)/rootCA.pem" --key="$(mkcert -CAROOT)/rootCA-key.pem"
-   ```
-
-1. Define an Issuer configuration in `issuer.yaml`:
-
-   ```yaml
-   apiVersion: cert-manager.io/v1
-   kind: Issuer
-   metadata:
-     name: pomerium-issuer
-     namespace: pomerium
-   spec:
-     ca:
-       secretName: pomerium-tls-ca
-   ```
-
-1. Apply and confirm:
-
-   ```bash
-   kubectl apply -f issuer.yaml
-   issuer.cert-manager.io/pomerium-issuer created
-
-   kubectl get issuers.cert-manager.io --namespace pomerium
-   NAME              READY   AGE
-   pomerium-issuer   True    10s
-   ```
-
-## Install Pomerium
-
-1. Set your `kubectl` context to the Pomerium namespace:
-
-   ```bash
-   kubectl config set-context --current --namespace=pomerium
-   ```
-
-1. Create certificate configurations for Pomerium. Our example is named `pomerium-certificates.yaml`, to differentiate from a configuration file for Pomerium Enterprise, if you choose to install it later:
-
-   <<< @/examples/kubernetes/pomerium-certificates.yaml
-
-   ::: tip
-   If you already have a domain space for Pomerium with a certificate solution, use it in place of `.localhost.pomerium.io`.
-   :::
-
-1. Apply the certificate configuration, and confirm:
-
-   ```bash
-   kubectl apply -f pomerium-certificates.yaml
-   ```
-
-   ```bash
-   kubectl get certificate
-   NAME                    READY   SECRET                 AGE
-   pomerium-cert           True    pomerium-tls           10s
-   pomerium-redis-cert     True    pomerium-redis-tls     10s
-   ```
-
-1. Create a values file for Helm to use when installing Pomerium. Our example is named `pomerium-values.yaml`.
-
-   <<< @/examples/kubernetes/pomerium-values.yaml
-
-   ::: tip
-   The options required in the `authenticate.idp` block will vary depending on your [identity provider].
-
-   If you changed the `*.localhost.pomerium.io` value in `pomerium-certificates.yaml` update `config.rootDomain` to match, omitting the `*`.
-   :::
-
-   ::: details Default Certificate
-   If you're using a single wildcard certificate for all routes managed by Pomerium, you can set it in an annotation for the ingress controller.
-
-   Add a block defining the default certificate to `pomerium-values.yaml`:
-
-   ```yaml
-   ingressController:
-     ingressClassResource:
-       defaultCertSecret: 'namespace/certSecretName'
-   ```
-
-   Now when defining ingresses you need not specify individual certificates, as documented in our example service below.
-
-   :::
-
-1. Add Pomerium's Helm repo:
-
-   ```bash
-   helm repo add pomerium https://helm.pomerium.io
-   ```
-
-1. Install Pomerium to the cluster:
-
-   ```bash
-   helm upgrade --install pomerium pomerium/pomerium --values ./pomerium-values.yaml
-   ```
-
-## Define a Test Service
-
-1. So that we can create a valid test route, add Bitnami's Helm repo to pull nginx from:
-
-   ```bash
-   helm repo add bitnami https://charts.bitnami.com/bitnami
-   ```
-
-1. Update Helm:
-
-   ```bash
-   helm repo update
-   ```
-
-1. Install nginx to the cluster:
-
-   ```bash
-   helm upgrade --install nginx bitnami/nginx --set service.type=ClusterIP
-   ```
-
-1. Create a new Ingress manifest (`example-ingress.yaml`) for our test service:
-
-   <<< @/examples/kubernetes/example-ingress.yaml
-
-1. Apply the nginx Ingress manifest to the cluster:
-
-   ```bash
-   kubectl apply -f example-ingress.yaml
-   ```
-
-## Navigate
-
-If you are installing Pomerium with a valid domain name and certificates, update your DNS records to point to the external IP address of the `pomerium-proxy` service:
-
-```none
-kubectl get svc pomerium-proxy
-NAME             TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                        AGE
-pomerium-proxy   LoadBalancer   10.128.117.25    192.0.2.20       443:30006/TCP,9090:30707/TCP   2m37s
-```
-
-For development and testing, you can use `kubectl` to create a local proxy:
-
-```bash
-sudo -E kubectl --namespace pomerium port-forward service/pomerium-proxy 443:443
-```
-
-Open a browser and navigate to `hello.localhost.pomerium.io`.
-
-You can also navigate to the special pomerium endpoint `hello.localhost.pomerium.io/.pomerium/` to see your current user details.
-
-![currently logged in user](./img/logged-in-as.png)
-
-## Next Steps
-
-Congratulations on installing Pomerium to your Kubernetes cluster!
-
-- See [Ingress Controller] to learn more about the Pomerium Ingress Controller.
-- If you're installing Pomerium Enterprise next, see [Install Pomerium Enterprise in Helm]. If not, check our our [guides](/guides/readme.md) to install common services behind Pomerium.
-
-[cert-manager]: https://cert-manager.io/docs/
-[cert-manager: CA]: https://cert-manager.io/docs/configuration/ca/
-[cert-manager: Installing with Helm]: https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm
-[Helm]: https://helm.sh
-[Install helm]: https://helm.sh/docs/using_helm/
-[identity provider]: ../identity-providers/readme.md
-[Ingress Controller]: /docs/k8s/ingress.md
-[Install Pomerium Enterprise in Helm]: /enterprise/install/helm.md
-[Install kubectl]: https://kubernetes.io/docs/tasks/tools/install-kubectl/
-[Kubernetes]: https://kubernetes.io
-[mkcert]: https://github.com/FiloSottile/mkcert
-[Organizing Cluster Access Using kubeconfig Files]: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/
-[tls certificates]: ../topics/certificates.md
diff --git a/docs/docs/k8s/img/kubernetes-integration.svg b/docs/docs/k8s/img/kubernetes-integration.svg
deleted file mode 100644
index d80842a95..000000000
--- a/docs/docs/k8s/img/kubernetes-integration.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="735px" height="340px" viewBox="-0.5 -0.5 735 340"><defs/><g><path d="M 70 156 L 126.63 156" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 131.88 156 L 124.88 159.5 L 126.63 156 L 124.88 152.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 46.5 131 L 46.48 56.2 Q 46.48 46.2 56.48 46.2 L 536.88 46.24" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 542.13 46.24 L 535.13 49.74 L 536.88 46.24 L 535.13 42.74 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="23" y="131" width="47" height="50" fill="none" stroke="none" pointer-events="all"/><path d="M 36.44 145.39 C 36.36 141.61 37.62 137.96 39.93 135.25 C 42.23 132.55 45.39 131.01 48.69 131 C 56.05 131.08 62.05 137.48 62.32 145.54 C 62.6 149.24 61.49 152.91 59.24 155.69 C 57 158.46 53.83 160.1 50.46 160.23 C 43.01 160.39 36.79 153.81 36.44 145.39 Z M 23 181 C 23.3 173.97 25.88 167.42 30.14 162.94 C 33.51 159.56 38.21 159.36 41.75 162.44 C 43.77 163.95 45.99 165.17 48.35 166.06 C 50.76 167.12 53.41 166.94 55.73 165.56 C 57 164.94 58.12 164.04 59.03 162.94 C 59.92 161.86 61.47 161.64 62.62 162.44 C 64.64 163.81 66.46 166.24 67.88 169.48 C 69.26 173.16 69.98 177.05 70 180.99 Z" fill="#7d7d7d" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 188px; margin-left: 47px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; "><p style="font-size: 11px"><font style="font-size: 11px">user@domain.com</font></p></div></div></div></foreignObject><text x="47" y="199" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">user@dom...</text></switch></g><path d="M 193 156.04 L 213.04 156.04 Q 223.04 156.04 223.04 166.04 L 223.04 236.04 Q 223.04 246.04 233.04 246.04 L 266.63 246.04" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 271.88 246.04 L 264.88 249.54 L 266.63 246.04 L 264.88 242.54 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 206px; margin-left: 223px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; background-color: #ffffff; white-space: nowrap; ">exec</div></div></div></foreignObject><text x="223" y="209" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">exec</text></switch></g><path d="M 199.37 156.04 L 313.04 156.04 L 431.63 156" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 194.12 156.04 L 201.12 152.54 L 199.37 156.04 L 201.12 159.54 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 436.88 156 L 429.88 159.5 L 431.63 156 L 429.88 152.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 156px; margin-left: 303px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; background-color: #ffffff; white-space: nowrap; ">request with pomerium<br style="font-size: 11px" />session token</div></div></div></foreignObject><text x="303" y="159" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">request with pomerium...</text></switch></g><path d="M 133 126 L 193 126 L 193 186 L 133 186 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 157.56 139.1 C 156.6 139.1 155.66 139.41 155.33 140.35 C 155.32 140.39 155.31 140.42 155.3 140.46 L 149.2 169.46 C 149.2 169.46 149.2 169.47 149.2 169.47 C 149.04 170.31 149.09 171.1 149.45 171.76 C 149.8 172.42 150.55 172.9 151.34 172.9 L 178.19 172.9 C 179.29 172.9 180.28 172.39 180.57 171.46 C 180.57 171.43 180.58 171.41 180.58 171.38 L 186.86 141.74 C 186.87 141.73 186.87 141.72 186.88 141.71 C 187 140.98 186.7 140.44 186.32 139.98 C 185.94 139.53 185.39 139.1 184.63 139.1 Z M 157.56 140.96 L 184.63 140.96 C 184.6 140.96 184.76 141.01 184.89 141.16 C 185.02 141.32 185.02 141.53 185.05 141.39 L 184.31 144.83 L 156.28 144.83 L 157.07 141.01 C 157.08 141.04 157.2 140.96 157.56 140.96 Z M 139 144.88 L 139 146.73 L 152.3 146.73 L 152.3 144.88 Z M 155.89 146.69 L 183.92 146.69 L 178.79 170.9 C 178.78 170.91 178.67 171.04 178.18 171.04 L 151.34 171.04 C 151.16 171.04 151.16 171.03 151.08 170.88 C 151 170.72 150.92 170.35 151.02 169.83 Z M 178.86 150.71 L 159.5 150.77 L 157.09 160.29 L 158.28 160.29 L 176.38 160.29 Z M 139.07 151.73 L 139.07 153.59 L 150.53 153.59 L 150.53 151.73 Z M 176.46 152.57 L 174.94 158.43 L 159.48 158.44 L 160.95 152.62 Z M 139.06 158.46 L 139.06 160.31 L 148.5 160.31 L 148.5 158.46 Z" fill="#232f3e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 193px; margin-left: 163px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #232F3E; line-height: 1.2; pointer-events: all; white-space: nowrap; ">kubectl</div></div></div></foreignObject><text x="163" y="204" fill="#232F3E" font-family="Helvetica" font-size="11px" text-anchor="middle">kubectl</text></switch></g><path d="M 339.37 246.04 L 375.52 246.04 Q 385.52 246.04 385.52 236.04 L 385.52 166.04 Q 385.52 156.04 395.52 156.03 L 431.63 156" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 334.12 246.04 L 341.12 242.54 L 339.37 246.04 L 341.12 249.54 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 436.88 156 L 429.88 159.51 L 431.63 156 L 429.88 152.51 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 206px; margin-left: 386px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; background-color: #ffffff; white-space: nowrap; ">retrieve user<br style="font-size: 11px" />session token</div></div></div></foreignObject><text x="386" y="209" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">retrieve user...</text></switch></g><path d="M 273 216 L 333 216 L 333 276 L 273 276 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 297.56 229.1 C 296.6 229.1 295.66 229.41 295.33 230.35 C 295.32 230.39 295.31 230.42 295.3 230.46 L 289.2 259.46 C 289.2 259.46 289.2 259.47 289.2 259.47 C 289.04 260.31 289.09 261.1 289.45 261.76 C 289.8 262.42 290.55 262.9 291.34 262.9 L 318.19 262.9 C 319.29 262.9 320.28 262.39 320.57 261.46 C 320.57 261.43 320.58 261.41 320.58 261.38 L 326.86 231.74 C 326.87 231.73 326.87 231.72 326.88 231.71 C 327 230.98 326.7 230.44 326.32 229.98 C 325.94 229.53 325.39 229.1 324.63 229.1 Z M 297.56 230.96 L 324.63 230.96 C 324.6 230.96 324.76 231.01 324.89 231.16 C 325.02 231.32 325.02 231.53 325.05 231.39 L 324.31 234.83 L 296.28 234.83 L 297.07 231.01 C 297.08 231.04 297.2 230.96 297.56 230.96 Z M 279 234.88 L 279 236.73 L 292.3 236.73 L 292.3 234.88 Z M 295.89 236.69 L 323.92 236.69 L 318.79 260.9 C 318.78 260.91 318.67 261.04 318.18 261.04 L 291.34 261.04 C 291.16 261.04 291.16 261.03 291.08 260.88 C 291 260.72 290.92 260.35 291.02 259.83 Z M 318.86 240.71 L 299.5 240.77 L 297.09 250.29 L 298.28 250.29 L 316.38 250.29 Z M 279.07 241.73 L 279.07 243.59 L 290.53 243.59 L 290.53 241.73 Z M 316.46 242.57 L 314.94 248.43 L 299.48 248.44 L 300.95 242.62 Z M 279.06 248.46 L 279.06 250.31 L 288.5 250.31 L 288.5 248.46 Z" fill="#232f3e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 283px; margin-left: 303px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #232F3E; line-height: 1.2; pointer-events: all; white-space: nowrap; ">pomerium-cli</div></div></div></foreignObject><text x="303" y="294" fill="#232F3E" font-family="Helvetica" font-size="11px" text-anchor="middle">pomerium-cli</text></switch></g><path d="M 494.37 156 L 565.52 156.04 L 565.52 156.2 L 636.88 156.24" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 489.12 156 L 496.12 152.5 L 494.37 156 L 496.12 159.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 642.13 156.24 L 635.13 159.74 L 636.88 156.24 L 635.13 152.74 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 156px; margin-left: 565px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; background-color: #ffffff; white-space: nowrap; ">impersonate<br style="font-size: 11px" />user@domain.com</div></div></div></foreignObject><text x="565" y="159" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">impersonate...</text></switch></g><image x="437.5" y="130.5" width="50" height="50" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4Xu2dB5iVxdmG7zlb6F26vQcVhQURjb1EozFGgyV2panRP7ZYUIPl14j5NXYERI3GaNBYEnuMXYKwqNi7SFdEetndc+a/nm/O0XXZcvr5zu7MdZ0Lk/3KvM/MPN8777zF4FtRITAWG/l2S8pW9aTcxCgrW0VpTWvaGUtvE6Ovhe4R6GktPY2hC9BJPwvtgTbxXzlQCkQAA8SAKFANrAPWAqswrACWEWMpsJgICy0sjsBCa5kTqWHJughV1lIdjVHdpoyqCZVGz/CtSBDQ4PsWUgTG7mVL56+gXU2MdsbQNlJCl4ilj43R0xp6GUt3InQnRjdr6GigNaDFnfiVxRe6FntJ/KdFn1j4ifG3QOInMkgQQg2Q+CXIIfHvKkOcGGCxhYXGsgjLAlPCImpYSYzVsTJWTqg0q0MKcYvvlieAEE2Bs4faNmtW09VG2IASegAbW8smGDbE0hfoBXTELfTEYm8VX9iFkqQK0E9ag7SH1Qa+BRbEYK6xzMHwpY0wD8Picvi2+xt8NxYjkvGtwAh4AijgAIyssPpC97aRYIFvHLFsGYNNjWFTLBtBoMJrgeunr3oxjZc0BxFDQArA1wa+tIbZxvK5hc9jljll1cy5/R3zXQGHoUW/upgmVJEPlDVjwcyvoAOwhTFsg2XbGGxl3FdeC75zfKGLGKSmN7cmUtAWYg2wyMBXMfjCWD4y8GG0lI8iUeb2qSTqNYT8DL0ngJzibM2wfpR1aROo7dti2AnLjli2ii/4nvGvu/bnLXEsZHjUbzkwH6cdvIvl7UiEt8xq5vXowdqxLxoRh285QKAlTrocwPjjR560l23ddhWdozVsbQ1DgIEYtgb6AN3ihjmP/fojIbuAtguLLMwRGdgIb0SiVEZqWNDzHZZ5zSC709dPwizhOWyYLen0FRtEaoL9+yBr2M3Adtrjx/fyssT7lhoCIoPFBmZbywwLr1DKe9EyFkx+zeiI0rcMEfAEkCGAp/ez7avbsWXE0j9mGWosFRg2iS967eV9yw4CK4FvsHxoDf/FMi1m+XCjN5njtYL0AfYEkBZ21gwfQo9IDTti2JUYu2HoF1/0crbxLXcIyGawCoJjxUpivGJLeKN9KR/dMNXIuOhbCgh4AkgBLDnmzF3NRiUxdrcx9sRQAWyG87Jrjlb7FNApyKU6ZvwWy3sYpsYsL7YpY0a3aaz0WkFy4+EJIAmcZNRrtYzNibAvsLeFAXGDns7mfSs8AjIeaovwKZbXbYTnaqJMXbklS6ZMMdIYfGsAAU8AjUyN4/vbdu3K2dpaDojBvgZ2ALoX2PPOT+aGEZA7szwSZwPTgCdKI/y3RzsW+KPE+kHzBFAPLjLsVbVmG2M4wBgOxAb7+65ezS8q7pEH4lwRgbE8bmJM6/UWX/mtwY/H0BNALTyk6pevoJ+B/YGDLd8vfI9TUa39H3VWdoL5Bl6LWR63Zbw+aZoRMfjWQr3P1ht4GfcWLAucdg4gwiFYdop/8f3Cbz7LREQw18ILEcM/SyO8eusbRkFLLbq16Amu2Pq5Q+hjohxg4DBs4LW3gVf1m/WakI3gcwPPGcOjq6qYfu8so2PFFtlaLAGcOcR2XFfD7hiOxrJH3KrvvfVazjJYieFDnH3gYRvhk5aYzKTFEcCZW9pW6zqxnYUjDRwMbBUPyGk5U99LmkBApwZLDMzAcH+J4dnbppuFLQmeFkUAIyusEmz8zMCRGAbH02W1pPH2staPgHwFvrLwjIG/6+SgpWQxahEEoPP8NmXsbOAYCwfF1X3vuefpoC4CciWeheHBaIx/3jmTz8BIS2i2rdkTwOid7Ka2hMNjcJSB7YG2zXY0vWDZQEAL/hsLz2O4d20VLzdnI2GzJQDl11tVxS4GTrDws3g+vWYrbzZmvn/GjxCQI9F7WB6IxJgy/i15FzY/baBZLojR/W0PW8bhFk4Cdown0PTz2yOQDgIKQX46EuGOsqXMuPlTI2JoNq1ZEYCSbJoY/azhRAy/UlZdf6bfbOZqIQVRpuPKmOHukir+NX6W+bqQncnmu5sNAZyym+1Qto59bIxRGHaLp8/OJlb+WS0bAUUcztWWwFjuueNNPmgOW4JmQQCnD7a9amIcCZyMM/R5h56WvVhzKf1SDM9guaPVMl4v9i1BUROA8vB1+TwI2BkOgcqv1Nq+eQRyjcA6DDNNjIk1rXjszqlmSa5fmKvnFy0BDOtny7u0YTcsZ6AgHoJ8+755BPKFgI4LFVNwd7SUu4s1wrAoCWBkhdVZ/sHxxb+Ld+XN15z376kHgUUYHsJyS59KPi62fANFRwCnDrVdS6o4ChiFS7vt9/t+XRYagWUYno7Azb3aM62Ysg8VFQHIl9/AqRZOgCD1dlH1v9Cz1L8/pwjIP+B1Y7ixbRnPFkuG4iJZQNaMrGAbC6cbODqely+no+kf7hFIAwHZBWYaw03lJTx68zSjkmehbqEnACXtmDeY/sZyFpbDfQRfqOeT7xyIBD6wcGusnAfCfkIQagLQMV+3L6iIxTgbwyHx/Pt+knkEwo5AcEIA3B6p5t4wew6GlgDiZ/xDDZwTD+bxUXxhn/a+f7UREAnMkcNQaQmTw5poJJQEoMXf+Ut+aiznYtkP8OW2/OIqVgTmABNrYtw5+U0zP2xChI4A4mr/7jHLeRBU4mkdNtB8fzwCKSIwD8vEGsvEsJFAqAjg+y9/jPMh+PK3ShFof7lHIKwIzLMwwcDECZVmQVg6GRoCSOz5MfweGxTm8F/+sMwS349sITDXwB3RUiZOmmYWZeuhmTwnFASgo76FgxhkLRdaONDv+TMZUn9vyBGYg+EWLJMnVJrFhe5rCAjAmhGD2dFEuQDDoT5nX6GnhH9/HhD4AvhzSRX33v6O+S4P72vwFQUngNMG2W2icAGWX/uIvkJOBf/uPCPwsTGMK1nNg7e9b1TavCCtoAQwfIjd0NTweyXu9B5+BRl//9LCIjALuKrVMh4vVGKRghHAaTvYLrFyfif//ng9vsIOhX+7R6AQCBimWsNlSzflhSlTjAqU5LUVhABUqKN1GSca+H08qi+vQvuXeQRChIAW/dMRw6XjZ/BWvvMM5p0AlMmnc2sOM4ZLgB1CNBC+Kx6BQiGw1sADRLn6jrf4NJ8kkFcCiB/37RGDy7Hs6pN5FGq++feGEIGlwHjgpnw6CuWVAEYPstvHYoyNR/Z5L78QzkLfpYIiMA8YV9Oauya/Zlbkoyd5IwCl7q6OcbFxqbvb50M4/w6PQBEi8B5wSZ8O/CsfqcXyQgAq2lG6hlMxgY9/nyIcFN9lj0C+EFAY8XPAZX0qmZ7rJKM5J4Cxe9nSBSs52FrGAjvlC0X/Ho9AESOwFss9sVKunfSGkddgzlrOCSC+7x8Xz91fkjNJ/IM9As0LgW8t/LFsDeNz6SmYUwIYPsT2jNRwMXCK3/c3r9nppckLAu9bw0XG8tSESlOdizfmjADO3NK2qurEyRYuilfpzUX//TM9As0ZARUkfcrEGHPHm8zKhX9AzghgxGC7p4lxLTDYl+huznPUy5ZjBFYZuL0qxri73jTfZPtdOSGA0TvZTWMlgdFPOfz9eX+2R80/r6UhMNsaLq1uz5S7XzRrsyl81gngpL1s6/LljMZwAdArm531z/IItFgEDM/HYlwwaaapzCYGWSeAkRV2b1kvjVP9s/78bArvn+URKCIEVqvOQHWMa7O5FcjqAlV8f0kNl1k4zqf1KqKp5btaLAh8agyXLVnNw1PeN1XZ6HTWCEBRfl3bcry1/AHYKBud88/wCHgE6iBgedyWcPHE6UYuwxm3rBHAyAo70MB1Fvb2qn/G4+If4BFoCIEVGK6tquHWu98yiiDMqGWFAOK+/pdgGA10zKhH/maPgEegKQTetRHO7jud/2QaK5AxASjGf34FB0Fw5r9dUz33f/cIeAQyRqDGwF3RUq6YNM3MzeRpGRPAyArbG8u1GI4CyjPpjL/XI+ARSBoB1Rk8/7s1PJSJQTAjAohX81F8/2Xe8Jf0wPkLPQLZQCDIJRiznD9ppvkg3QdmRACjBth+RLjWEmwBfKRfuqPg7/MIpIfAEixXYpgwodLITyDlljYBxIN9zrBwIdA95Tf7GzwCHoHMEbC8hOGcCZVmZjoPS5sAhg+0FRHDdcCePtgnHej9PR6BrCCwXMfv1a25MZ08gmkRgPL6ty3jt9bl9e+aFTH8QzwCHoF0EXjV2QKYlmrIcFoEoK+/MdxoYLd0e+zv8wh4BLKGwBoM41qVcP3N08zyVJ6aMgHEq/qcZeA8//VPBWp/rUcghwhYXrclnD9xOlNT0QJSJoBRA+yONsItwE9zKI5/tEfAI5AaAmsxXNWqhJtT0QJSIoAg1n8Fv8N9/bul1j9/tUfAI5BTBFyh0f+ZON1MT/Y9KRHAaYPsNlG4Fcs+PuAnWYj9dR6BvCGw2sClJWuYkGwm4aQJQPn9563gDEOQ5bdH3kTyL/IIeASSRcBieTkGZ02aaWYlc1PSBHDqALtJSYQ/A4f6c/9koPXXeAQKgsBSa/l9dUfuTSZ/YNIEMGqQPcFargA2KYhY/qUeAY9AMghELfzLwLkTKs1nTd2QFAGM7m97RMu42sAJQFlTDw3D301SkoWhp74PxYKAVdW+4mhfWcM5fdvzWFMFRpNaJiMG2YOMZRywfdjlj1ZDdTXoX6uyCr55BDJFwECkBErLoLQcIpFMH5jz+6sM3BMt5dJJ08yixt7WJAHI8adNOedjOQfokPOup/GCaA2sWw1i6FZtoW0HaN0OSkrTeJi/xSNQBwHNq+p1sGYlrF4BNVVQ1grKW0OINU0FB/3PhEpea8wxqEkCGDHY7mQsf8IGuf5CxX2Jha/B6LUpbLqd+3XfENq0hxIFKDcpoZ/vHoHGEZAmqUW//DuY9wl88S589SF8t8h9ZAIiCNXKCORZhmVc6VpuauxIsNHloXRf8wZxrFHGH+gdlokiRtYXX6Bv2g8q9oOfDIFufaB9J8fOvnkEso2A5p20gBVLYO4n8OZ/YNarjgjKW7ntQaia5fEonHvnTPNpQ/1qlACU7svA5RaOB1oXWjipW9GoG4SuPWGXg2HoIdBnc6f6++YRyBcCsRis/A4+eANeegg+mBbfgrbJVw+Seo9OAS7q04FHGjIGNkoAowbYoTbCbcBOSb0uhxcFi78G1qyCzbaDA06AHfeAjt4hOYeo+0c3hUAsCvM+dSTwyqOwdhW0Ds/HKIblT1UxrmkohXiDBHD2UNtmdRXDLVwahow/Ylx9+bepgMPOcCq/rLK+eQTCgMDyb+E/D8Azf4E1K0KkkRqex/L7CZW8WZ8xsEECkPpv4SYDhwEFtadr7yXrq778R50H2w0NpdElDPPQ96GACKxaDk/dBc/c44yGMg6GoC02hnN7t+f++rYBDRCANcMH8tOI4VZgh0ILoS9/l55w9Pmw84H+eK/Q4+Hf3zACS7+GKTfAa487DTUER9GKD/hzteWa+oqK1ksAqvPXpTX/g+H8Qqv/NdUQq4GDR8BBJ0O7Tn76eQTCjcBns+C+q0D/yh8lBL4CShn2u/pKi9dLACMr7AYGbrVwRKHTfa9aBtvvCseNgQ23DvfA+955BISA7FUvPAAP/dkdV5cVfiuwxBh+27s9U+puA+ohAGtGD2LXmOUmYGAhh7RqnVOjjr0IfnqYN/oVciz8u1NDQL4Bd4+Ft15ytoACuw9XY/hzdZTr6m4D1iOAwPmngjMLHfcvtWnFd9B/dzj+UnfW75tHoJgQePHv8OD/wdrVzlGogC3IExCJ8NvxM8y7tfuxHgEElX7Xcj1wYiEj/4K9fxSOPAf2OzZP3n3x04bFC2DJAkdAOtdVX9SkjWhP17ErdO0N3XpBmw6h2OM1Obeklq5aCovnw3cLYcVSWLfGBU2JbOU9Kfdp+VV06+3kaxUup5YGZZR/iI7hJJuMcNo2SjbNH3mL6gusceq8AWzQxxmU8+G1t2g2TBoDH8+EVoV3F15gLSP7zuTJ2hWF1yOA0YPsgKjleuMKfhTEk14TUoPYY2M45QrYbtcm53dGF6xeDnM+hs/ehtkfwIIvYflit3+T5yHxMFD1S1Fh8jrs1B16bwobbwtb7gR9t4J2ISuMLh/25Utg9vvOIDXnI/j6K/f/Va11e9XvZYs4i7UIrksP6LOFc7OWbIqzCJunpRb9sm/g83fcT+P3zVxYudQdwX0vm3EEJ/IWCWzQ29mSFDOy1QBHdrkiAwUQTbkenr3PYVtgv5WVGP6I5ZYJlWZZYsGst8BHDbLHWMv/AptltKoyvFkDOWBvOPZi6J2jnugdH82At16ET2a6L0jia/89QJFaX/gYxEQG+mlixbWCbn1h64Guv5pU7btkKHwWbl+yEN7/L7z9Enw+C5Z+EyczPds6mYIAlvgMEFnUjXfXV0uLf9udnWxaNCKIQjYt7K9nwzuvwTuvOnKTphYs+HgLZJNc+lknV23Z9H+LDDbcCvrtAgP2gb5bZJ8IhOmrj8LfxjlNssAxKlEsj0Yt5975ppldLwEo79/8lVyCDbL+FmyopbrpC3XgSfDL06Btlr+sWuSfVMLUJ9wkWhKPmFb0oJhaX/lkmvqpL5F+alKb5Z686y9g8/6FYXz5TMg//fXH4MPpLnBFCz1S6qIjk5LNOrJIyKd7em4CFfvCkIOc1lMI3VCyiNBe/6fTaCRrIFNctmQi8kQEGq+EbGXlsNG2MPgA52OiSNJstk/fgsmXwfzP3DagELjVkucdYMSESjOtXgI4fbDdqCbGH4EjC+n9J9VJk+7Ic2G/3yQ5aZMcNX0t/vsveHGK8+FWkwqYUehwfMGo3/rybLQN7PlrF6iUT7+FxfOcXFP/5dRhYagJntSirw8/45KqaMFINuG05Y7OJiOiy+e24Mv3QEa1yn/DssVQouQcZRnIJuUgLptOm9q0gx1+Cvsc49zNs7Ut+HY+TLoE3p8K5W0Kfhow3xguKl/Kgzd/atZpyH+0BRg9yO4Wg+uw7FIortICErMrqYfU/91+mT0j28Iv4bn73BdEBjEZhzSRstmkXUh7ad8Z9jgc9j8ONuibzTfU/yzFqD852YWo6v2BbFl04NaXU7JVr4UNNoT9joGf/go6bZB72aSl/WsifDzDbcGyfawWJPxY64hO5K1AM2kDMopm2mScvOcKmP6MM6qmTcaZdsTdv9LCraVVXHv7O+a79Qggvv9Xxd88TNn6JRIByCjXoSuccBkMOTA7VDT3Y3hsPFQ+59Q/sXGuPLQS+QqkVexyCBwyMrfHmB9Nh0duhfenOU1Ge81cyaa9tvazIuh9jnYE17VXdmZn3acIx5n/hkducQk4JFe2vsz19VgEoCM7hZr//BTY/YjMDbuyM/31anjtMTfnsknKaaL+aGmEs26bbub8iACCqj8rORfLBYVM/RWcACyHTt0cAYiJM21S9R++yU0mOWTkyzMrsLRHHQn86gxnUMt2+7jSWZo/nOG+jPmyNAdGrXK3HTjwZOjcPduSwYzn4KEbYN5nLsQ2H19PbQsUcq6j3l+MhD2HZaYJiADu/yO88ojTAApOAJbpGM5M2AG+3wKM3tH2jZZyuYHjgIK5LaxHAD/LTAPQHkyLX2p/sPjzLJlIQJNq76Pg0NPcEVu2mo6+HhgH77ySm+1MU/0UCYh0tFBEBNk01r77GjxwnTuW1clDPj3pgsw/K6BLLzjiLGfUTXfehI4A4HNrGLN0Nf+Y8r5R8lDXVPSTCNdb2KuQuf+ySQCaoP+cAM/c7azahQjPlDyJI6BfjHIqczb2lnJ4+fv18agznTEXKB2V7DX6Wh51vjN6ZkMD+eoDd3T27uuF+2qKBOSLohOPYy6A/iqFm4ZXTAgJYJmFa9dWc9O9s8yqHwhgkN3f2iD8d6ummD+Xf88WAeirq6++XDHlMFLo82vZNeQv8JsLXA7DTFRBWeQVdy5yK3jcuRbKcper4bhLYJtBmc0OndI8fKM7zUicYmT2xPTv1vZNeSgG7e9C0Xun4Y4eQgIQIJPKSrjw1jfMtwEBDBtmSzp/wYnGBkeAOdjNJT8I2SIAGY3uvcqdhedbhaxPWn1RNBl23BOOH+M87dJtUo9lWZarqY6v0vkypfvuBo1nq2DPI2DYOdA5zW2ODIyvPepU/5XLCp9aS3NRLsVqh45yfilyIEqlhZEALDwZrxz0YUAAIytsJwPnWILS31l2u0kFLme9/pERMA0bgFx4Hx/vvpJaHDJWFbpJLn25a2rcvvKA49PTSnQG/tdr4L9PhOJY6XtYtc2RK7TU5V0PTU/DkbOMIujkyBQG0pZwGjctYn39T77ceQ6m0sJIABhmKE1Yn0peCghABkBbylUWjimkATABeKYEoK/+3X+A+Z+H4wtZe8JINu0rFeMgP/tUm46TtD/WxApTsI62XFKXE+7bqZ546AjuyTvhsdvdyUm6RrdU8Uzmemkm2sLJfnP4maklog0lAcBsOQRZy0MBAYzayW4VZP817FtohTJTDUAqm/aQz93rXESzYZRKZpIke42MkVVrnIvzwcNT0wIUxXff1TD9WeeFl0/LeFPyJYydOq47+vew++GpaQHKs3/nGBfYI9ly5cfQlBz1/T3wTVnhAodOudJ5DCbbQkoAK7FcWtWR8QEBjBhsB5sYd4Yh/1+mBKAJpImkCRWkZ07Dcpvs4KZ7nb4mW+zotICNf5L8U+QGK7uGTgDy6YabbA+lBUjD2eXncMzvncdgUs26bLoP3ejCk8P09U/0P6HhHHSKI295eibTQkoAWhfXVdVwtYlX/znEWG4EcuCqkgxMP1yTEQHIujEZ/nFz3Nuv1ffRrql1IsdXy3KvwBVlON77yOSO8PQFUooppZ4OSbLJ9VBKjJ2+lCf+wW0HkmmKXNTeX4E+2tYkE9STzHOzfY2IWxGR0gI2S7JMbmgJwHJvJMZlJu4BeCKWsUCOnDqTH4pMCEB+13ddBm++4Lz9wqQi10ZAe1x5m/30l85olow/vVyZ77zU5SyQZhPWRRIEDlXBL0fDz09NboujhX/35S4JS6GPaxubqYqF0PzUmOnEIxnfixATwFORCGNMkAFoDedgghOAJBWb5Bd0qldmQgDyhZ98CSgqLowqcm0s5ECz0dZw0ljYqonMizpCVATjX//onFMK4dCU7Dhq/JRwZKe94PhLms7lINVa/gz6KftzMosq2b5k+7qAuFc6re3I86BDEnkfQkwA043lInPqUNu1pJorsJyiPAnZBi3V52VCAM//Df7+fz9Ew6X67nxdHxjMVjt1V45BMpg15ucuo+E/boGn7w5FZplGYQrGT9mcNoLhV7sKTo012TPu/V8XpBXSKrvfd19EvHYlbF0BJ18BfbdsesaElgDgc2M53wwfYntGotyI5deFTgEuONMlAPnca/H/50G3mIL4/hA32QGkLitS8NDRjX/VlQhDe+Tpz7mkEvkIiskEOskmT0elclc4d2Nej4rzV8IMhTO3VfhtCI22tbHQKZNyCypQTTaOprZiISaAJcZynhm+s90sUsMEDPtlMujZujddAlA6r3sujwfG5DDUN1tySp2Uw5IWiNxMlWOwoRYckV3iFknwlQz5IkmU0T5kBOjXWFKUWS+7cdP4hfXUpva4BMlqIi5ZjcKhm9qyhJgAqrGMMUoCEk8CunO2Jncmz0mXABJfEv2bjWCbTGRI9l5Z9vsNcT70sgc01BTtFxjJFoZ7/1+7//Lp3/0wFyTUWL6Alx92mpuwCOPxX90xkXYjY2BCc2vKGSvEBBBUDjYjK+ww4BKgf7ITN5fXpUsASoB51x/i/vFZyOSSSxlrb3U23sapkw0F0ehr+vrjLqZcBihpAHWTd+a6r+k8X9sWGQIlW0NegVpIT90J/5zoDIDZzs6UTr+bukfbNm039/0NDDvbJUZprIWcACaakYPsb7GcASjVY8FbugSgVFjaJ3+70Ln/xjN5F1yeejugrLwR516qZJs6M1eOvfqarOTP/dWF/kr9VIGJgADCug2IZxyWBrDtYGcIVPbd+priB5SrQWnapFbLVhDmcRPk2rrJgKut23EXN+0WHGYCsPCgGVFhrzRwbKHTgCcmSLoEoOCYOy+Le8kVvhZbk8QTyLnKecsNvxx2biDoSRPu8Qnw4I0QWxsPbArzKgnUG1i5HLbaCc74P+c8U1/TacFfx8G//wqliYzFYZYtniRVmtguBztPzqbyPYaYAIT0k2bkQDsew8FAso6bTU7uTC5IlwC+eMfF/weporOc6DMTeRq6V3IqG62y6Ox2qIunb0gDePtlmPkfl/u+VF/JMC+S+EnOurXQvY/LjtytT/2yyQj6xrOgnIY62ZAWEGbZNGbSyOTopKIpQ3/RtC9AqAnA8IoZVWEftK4KUM9cTPRUn5kuAWg/qSMaDVDYreQJTDTZ1Vc5LTUWtCTVX74AgeYfVtW/zkBLNh3FBkFLDR3JWhBRJNKppzpXCnW9ZNN4JeO2HHICqJQR8BmgAuhWKEBrvzddAghD330fPAJ1EQg1AcAH0gCmWlBMWqcwDJ8ngDCMgu9DthAIMQFIxC+kAcyKGwBDcXjmCSBbU88/JwwIhJwA5okAPgFkplH0fMGbJ4CCD4HvQBYRCDkBfC0CmAuowFOeM+bXj7IngCzOPv+ogiMQcgJYKgL4Jr7/D8XhmSeAgs9Z34EsIhByAlgpAlgSLwWWxVKS6SPoCSB97Pyd4UMg5ASwWgSwDFB2+VAE0IaCAKyrQhtU+l3jim8k0osnKgpHdB5fJGfytZeFzrATzizyaVcOPiJQXv5DReGmQlzDt8xcj76XbZ3zL5DfvpyLNGZyoZY/Qr5lCzkBrBUBLI8bAFs0AWghyH99wZew4AuXnkopxuSvL88vNUWryXNPpbCU967PltBrExfuGrbsw7UXqRxtln0LCz53sim7sLL2KC1ZIj+hFkn7Ts63Xe6tfbdwSaZlFIgAAB7hSURBVD0kb5jzD4igv/sa5n0CC7+Cpd/Ayu+cR2hAAHJGauOSeCqOX67Xik2QjPlIrVYMBLA0rgG0yC2AJoqqB6sYhfLtqTiFim9o0TTkliotRTkHu3SH3lu4DL/bDXXpr4KY9pA0+dqruKYiJZVLYOGXbuFLs2ko6kZfSC0YhfAq442y32w7yAUthSVcV+OiMfp8lqv8NPt9WDjbZSJSVGHgKV3bXTquqUkbUKi4Fr9qM0i2rQa4/51JqbbGhjvkBBBsAb6N2wBalBFQC1y5A1SC+r2pbnHIN1+TRAtcCyH4b/3iI6w5JfVZPvkJdVPBOlowvTaD7XeFwQe4ydVUoohccoRI7dO3YPozboEoR2JCHZa6r+2LkTqsfxOyaWugrU+0lmwxVwpLX0yF9g7Yy5FCvtXo2lgpzFjjpRTpklFff41JoN7XGjcJ9iPZao2bxk8EIa1gk34wcF/YcXfovlH2RyXkBLBKBLAQUHrDEBTQSj8lWCpD9+0CV1pLP2Xb0eLQgpXvetLqrmZXfMFo0WiboG2AFosixVQpt0sBoiskz6uPwMznYdEc10f1S0VSUsqSLNliDhvJJs1msx1gj8MdGSSbFz+VcWnsWi3yT2bCK4+Csghp4QchxGVu3FIhpQTRSTZpQ9rC/WQw7HEE/GSX7GpxISeA5SKAL+OBQKEIos2lETCYRG/Bv++Dt15yCR6lykv9yzTIRpNKdoQgwq+9+6qo/p++MEmTSgarRYv0vdddgY2PZ7i9fSCbLDsZGiuFmxaK3qF99C6HuMy4mRQ4TUVUGSvfeMrlDdCWRppYwqiXynPqu1Ykl8jPKJuHErSKCLqkWeC07jtCTgDfigA+AKT86CSg4C1XBKCvtOoFPDERPpsVLz3dKvOFXxcwEUG1LNBRt8f8xShnH8ilkVCJNaY+AU/f5eohaq9epg1dhgt/PdliLuJShCYtQPn+Nu+ffQxrv1cGPSV6ff5+WLLIWfRzgWWQo3GN284pPFtl27KxJQg5ASwUAcwElOA4xcLHueGKXBCAVL0Zz8Kjt8LcT11m3VznDJA2oMwx0gB+dYZbMLmwC0iLeelhV1hTC0Sqeq41DtlP9Nt+N/jVb11dg0w1qPpmk05hRGrPPwAiuWTCbzOalfHwZKkY2sYddkbD6cySfU/ICeArRQO+bGGHMBQFEajZJgCpeNoPq6yWrP35WCCJyZEoJKHkEb8+G/rvnt3FKU3j5X+4UujfafG3S20vnOwkrnudxkjbAR3BqVDmr38Hm2sGZVHjkEVf5d2fvde9J0i+mcXnNyZ7QoNT2i+RgLYG6baQE8Anygn4OJah8XiAdOXM2n3ZJoAPpsED17kjo6DmfB69HTRfpX2sXukKZBxzPmyRRknw+sDVVkNWfmXUXfSVy4OYiiEs0wFLkIDU5iEHORLQMWg2mvbk/74fHr/dFRvNd7kwyaZsRWr7Heu2Oo2lbW9M5hATgEwp7ygl2F/iNQF6Z2PwMn1GNglg0Wz427VOA0h48GXav1Tv/36hKJHkoU4T6J6F5GuyY9x7ZbxWYPsULfypCtHA9UFas7jH3YEnOXtHpqcDIjYd8T0wDr7+Clq3z832IhkIdJwqg+6vzoS9joxrIcncWOuaMBOAgWnSAG7AcjiwcYqy5eTybBGA9oz/mghPTXbnxLKIF6oFX5Q17gt92Omw/3GZ1S5Y9g387TqY+k+XJDTX9ozGcJOWIw1HC19lznT8mUl/5NGnUmE60ci3xlafnFrAG23j6hzKmJtqCzMBYHleWYEvMgR1AZOodJaq+Klfny0CeOsFN5G+mZvZYktdgoY+l85TrfemcNLl6U0mPVlfSJUIn3IDrFsF5QWv5uj6JJfpbXeGEy6BjZVfKo2mvf5j4x1pq4XB81B2HBUt2f1XMOwc5wKeSgszARh41IwYZE8xlnOBfqkIlqtrs0EAchP969Xw3yd/CHDJVX9Tea40EZHA3ke5PXPnNM6a53zoqgTJKaaQ6nFduQPX6Rj8IlEWPA2XaHn4qbZDYNPQ/Xky+jWq4aiQq04g2sFxF8Guh6bmNhxiApA/5L1m1CD7c2u5ChiQymTO1bXZIICpKqV9DQj8pko35UqOep+rrcAqaN/FFQOp2C+1vbuccZ6YBP+6A6La1oTCd/MHSWWw04nHiZc1XfK8Lj5aZLLXvPRQ3CszFJEpP/RSgWID9oHjx6R2NBhmArBwqxk+0PY3htsM7JbXxdCQpqyCGcuhUzdXVqqhghkN9VW+4vdc4SzkMvzl0+qfDH5Sl6UFKF/+UedBJ+ViSrLN+Rju/kP4vv7qfmAQlBYQhUNPg5+f4lKCJ9v09Z98aa0iocnemKfrJJsckGQL2PUXyTsjhZkADFxlRu9o+9pSxls4JE9YNvqaTDUA7f2lRi5dHLKvfy2p9bVTBNrJlztnmmSa9qLyiHvoBncuXkijZmP91YT/yc5w/KWwSZK2AB37PXQjPPuXH/z7k8Ek39dIC9Di/82FjRc8rd2vEBPAagwXmJMH2O5lEa4DjglDQFAmBCAVWcYxOY8oUCQXLqPZmHTyEqyuhkNHuTPmZL6Usvzf978w7WlHbGHTbBJagMhN1nvVzZMjTTK+CXM/duXPP38n/2f+qYynPDtlBDz1Sthu1+TuDDEBLADOMyftZDuXlwTVgUcBBU8NngkBKKR30hj45M2422gIjEj1TRMZy3TGvKOq516anKfZx5Vw12Uw/4uQy2ZhzQpXPffwM5sunil8VNJNNhttjUJls6kzeInISLk/H3RScsQdYgJ431ouMMf3t+3alHK61IEwVAfKhAAU2/+XK1wmn2S+qslxeG6u0pdSNfNOvBT679m4s4sm3vN/c+7M0nLCZvyrjZDGT3YYxQdoi6NYiMaaHIkevtF5/uneXCXmyMYoirh1JDjk53DcmOQiBsNKAAZeMYaLFAxUZg1HG8s1QN9sAJXJMzIhADn+PHabS2qRi8CbTOSqe68mvtT4I8+B/X7TuPOMyEKecS/8vfCOP01hIKVrzWqXNu3Uq1wQVGNNR373XA7vyvGnbeG8/pqSK/i7dQFeG20NJ1/hMkE11UJMAI8Q45JASR41wO5rI4wPgzNQugSgk4P7r3HqpBZ/SskvmhrFHPw9sANUwQEnOFVZqaoaagr00R75nVed40/oZatxJHzUubD30e40pqH28Uy3tVGgluIZwnD235TGorGSjUMRg03ZYsJKAFjuKC1hbEAAIyvsDhYmGdg5B3M9pUemSwBKdinr/4dvxDO6hHT/nwBDx4GyAyiFmKzKjdWZVyDTnZe6RaJQ5rAvEn0pRcj7H+/ChaUNNNS0bbvvqnCf2tTueyJX5BFnwc9ObNpbMaQEEMVy5Zoa/hQsk+E7280iUa7HHQUW1AUjXQJQfjh9SXRW3tjXNCU2yvHF2k9utZM7Mtts+4ZfpuCYv1zpbBuNfU1z3N2UHi87gPbKx17UMLmJBJXo4+Gb3NFm2LdtAiDIjLQOfn4yHPbbpk8tQkoAi7GMabWcewICGN3f9oiWBfuBUwtdIzBdAnj3NbhrLHwzpzgIICGn0m/L4anfLvWvLy2Slx92Ic3yIgzr+X/d3osAtv8pnDwWem9ev2yyg/xzgov7l9YQZgNgQoJE5qC9hjlHLuUTbKyFlAA+NIYLe7fnicQWoK2F0w1cHE8QmhLbZ/PidAlg5n/cVzJIjJGCB1o2+57KsySnAmgUGiwNoCFjmRKaKBfew4kTgFBUcGxaUk38rQc6Q+CGW9d/vbZAOgFQcJMWf1P76abfmvsrNB4iYu3/f3MRdO5efAQQPwE4b/wMpn+/Ux5ZYYcBf45XCs49kg28IV0CmP6s20uqAEaYz5ITYicIoEsv5wtQsW/9e3t9cZ6cDI/cEg9rLhICELltuj2MuNqlSa+v6dx/yvU/+P8XAwHoKFCnMhX7w7EXwwaqq91IC6MGYOEhA+dOqDRffU8AIwbbXU2MW4Es5axJj0PSJYA3nnaeclI9wxAi25T0AQGscGfJ8i8ftH/DBKBEpo/e5sJuwxAi25Rs+rsIQK7AI65p2Bdg1VL4+/UurVmQujyP2ZqSkaG+awICWA0D9na+AE0ldwkhAagszE3AlRMqzbLvCeC0QXabmOUaC78opCHQE8CPp500gIR/gyeAdJdt9u6rTQDHjoEeTWR3CiEBLNIJQLtWTL5hqlnzPQGcsbPtVl3DGAyjgYKlmfAE4Akge8s1+09qBgTwgTGct2QznpkyxURrnZZbM3IQZ2C5opCGQE8AngCyv2yz98SiJwDLS8Zy+h1vmveFyo/cZUYMtIcYE0QGNmC2yR6QDT3JE4AngNzPsvTfUOQEUGPgvmgpF06aZhatRwBKDlJiGGdhP6AgJhlPAJ4A0l+eub+zyAlgCYZra1px++TXzIr1CEChwa1K+F8LwwuVG8ATgCeA3C/j9N9Q5ATwBXBmn0qeGotRTsD1vcpHDrS/wwT5AbqlD1P6d3oC8ASQ/uzJ/Z3FTAAWXiPCqInTzXsJpNYLmRk10B5oDdcC/XMP5/pv8ATgCaAQ8y7ZdxYxAazDcrciAG+bbhY2SACnDrCblBhuwgSBQZFkgcnWdZ4APAFkay7l4jlFTADfYbmwqiN/uftFs7ZBAlCCEJQm3PDbQgQGeQLwBJCLhZutZxYxAXwMnDqh0rxaG4v1tgBjsZEFgzgqXiuggTiubMHptwDJuAJ7T8DczbdUn1ykBCCHn4cjES66fbr5vFEC0B9H7Gy3NjVMwLBnqgBler3XALwGkOkcyuX9RUoA64Axa6oZf+8ss6pJAji9n20fbcO1Fk7K9zbAE4AngFwu4EyfXaQE8KWxnHbHTJ4Bo7Lg37d6E2eN3cuWLljO0dYEJcM2yRS0VO73BOAJIJX5ku9ri5IALA+bGBfd8Zb5pC5eDWbOGz7Q/sQYJua7ZJgnAE8A+V7UqbyvCAlA4b+XKQR4QqVZnTQBnDrUdo1UBVlDVTpc+Vrz0jwBeALIy0RL8yVFSAAfAefW9v5rcgugC4YNsyWdv+AwY4NkoRuniVfKt3kC8ASQ8qTJ4w3FRgAW/lYS5eLxb5kv64Op0eTZIyvstlhuxrBPvpyCPAF4Asjjek75VUVGAAr4ubxdObcp+UfKBHDKbrZDyVrOVv4woGPKaKVxw3oEcGByDynKlGDLoUtPlxQ0SAlWT1MSyicmFHFKsD82XCVYOQGDlGAPF2FKsH1ccZCmUoJJRtU9fOURl6syn5mPLbwRiXF+7zd5NRH8k7QNIHHhiIH2Z8ZwI7BNcksxs6sCAlgGnbq7XHkV+zVdLkqg/vdJVxlo+ZLiSQqq4hlde8HxY2CnveuXUynBnr4bHr21CHMC9nOVdDfdDkRkP9p7Rtw4/+MmePHv8WpOBQlAT22+BoVdV8GgAxwBdO25vmyJJ6qCk0qKP3idy3uoepV5JAAhPjlSzZjxs8zXDUnZZP2ckRV247hr8FH5ChFW4QWBtf1u0EuHkE30UkDP/wzenwrr1jReZy+14c7t1SoNpnJYKjXdU1aWeuTUhPviHVAJLeUEzOMEykh4jWGnDaD/Hu5f9f1HBGBcgY2PZsBXH7qEoCL/sDfJoeIgvTeD7Ya6wiB1ZUvIIHlU++CDaTDnIzcv81jWbY41jFm6mgenvG+q0iYA3ThykB2F5XKgZz4HSEDrC9hks24CKbNsU2TR5LPyfUF8QtX9QtbuhhZ9sSz82v0OFkuVS2fe0LgUSzbgutNC46X6jg0t/uB6kZ4pzPbGwnMGzppQaT5sbEonxbmjB9kBMbgOy975Mgaq0yqLnRQBqFMlUCIVMimJ8r3KG3mfhWi0cTmLpWhGXSm1ODSGAQHU0/SF1LgVQzrw9WQTAUi2OppN3esCGVX0JL9xtUuxXFfThpsTmX8y0gDO3NK2WteJMcDvgA4hWj6+Kx4Bj8D6CLwdMZwxfoZ5rSlwkv5ejqyw+vorYWhFUw/1f/cIeAQKhsBaDOMjVVzTmPEv0bukCUBHgqVrg0xB8gwskgJVBRsE/2KPQKEQ+MoYTrtjBk/VDfypdxuWbC+DPAEDOdi6tOF5ORJMtm/+Oo+ARyBAIFYr7decZDBJWgPQw+LVg27AkLcjwWSE8Nd4BDwCAQKLrOWsvh35x9gXTU0ymKREALXiA6QFbJbMC/w1HgGPQN4QuD9WwiWT3jBK/51US4kA9MTRO9q+0VKuM3BEvhyDkpLEX+QRaNkIzDeGi5as5oHGHH/qQpQyAQRawGccYQzj8p0spGWPr5feI9AIApYHSkoYUzfnX1OYpUwAeqBSh5dGggpCw7wW0BTE/u8egZwjMNdaLl26lvtT+fqrV2kRAFgzYiDDjOGP3haQ88H1L/AINI6A4cFIDRc2FPPf2M1pEoCzBcRKuALDcV4L8DPUI1AwBGZbw4XG8vCESqP0Xym1tAlAbxlZYQ8DrilkOfGUpPUXewSaFwJa8PfHSrlk0jQzNx3RMiKAWnkDVU24TTod8Pd4BDwCaSPwibWcs3QLnpoyxSQTN7veizIiAD1txGC7p7H8CRvECGT8vLSh8Dd6BFoWAkrxdVukmnHJ+Pw3BE3GC/bsobbNyirONy5SsEvLGgMvrUegQAhYpkcinJ1MxF9OjIC1H6oaAhHDn4F9gSJI7FSgQfOv9QhkB4FlGC4vXc3E2943KzN5ZMYaQNwYqFw8vwGuyGcK8UwE9/d6BIoVAQOPWLi4qWw/yciXFQLQi04fbHvVRBmL4QRvEEwGen+NRyAtBD4xhout5bF0jv3qvjFrBJAwCBJjnIHB3iCY1uD6mzwCjSGw2sBtVTHG3fWm+SYbUGWVAGQQXFXNaCwXAd2z0UH/DI+AR8AhYOFF5fm/400zI1uYZJUA1KnTBtvNYzGusPBrnzkoW8Pkn+MR4CtjGbuuI3+7+0WzNlt4ZJ0A1LFRA+2B1nA1MCBbHfXP8Qi0YATWGbjT1HD1+LfNvGzikBMCiPsGnGHgfKBHNjvsn+URaHEIGF6OwPnjZzA9mTx/qeCTEwJQB04fbDeqiXGlCg0DbVPplL/WI+AR+B6BL63hsur2TMmm6p94es4IQCHDowexayzGOAxD/amAn9IegZQRkNX/xqoYN2TL6l+3BzkkAFBBkbUdOcaYoKyYqt/55hHwCCSHQAzDoybKpXe8ad5P7pbUr8opAag7IyvsBhbOMzAK6Jx6F/0dHoEWiUClMVzWuz3PJpvhNx2Uck4A6tSoAbafjTAW+KVPHpLOMPl7WhgC87BcU9OGvzRV2y9TXPJCALIHDB/I3hF3NDgk0077+z0CzRiBVcD40gh/um26WZhrOfNEADCsny3v2ppjVbMc2CLXgvnnewSKEAFl+HnURrh84nTzXj76nzcCkDCn7WC7RFtxOpYzgZ75ENC/wyNQJAjI6PdqLMbly7bgpXQz/KQqa14JQJ0bPsRuWFLDRZYgmWjHVDvsr/cINFMEPrCWsdUdeTwX5/0NYZZ3AghIYKD9SYlhrAUlFS1vpgPqxfIIJIvAPAtXR1tzb66NfnU7VBACCOoKDGZoJMaVFvb2TkLJzhN/XTNEYKmBm6pi3JIrZ5/GMCsQAcDYvWzpguUcZCNc5hOKNsNp7UVKBoGVGO6J1PCndIp6JPOCpq4pGAGoYyftZVuXrWSYsVwA9POaQFPD5f/ejBBYg+WhSIRx42eYdwslV0EJQEKfOcR2XFvDcQbOATb3JFCoqeDfm0cEFN77pErr9ZrBjLGYWB7f/aNXFZwA1BsVGCmt4iQLZ/mKw4WaCv69eUKgGsPzJso1vTvxei7dfJORJxQEoI6ePMB2LzOMwDAa2CiZzvtrPAJFhoAW/8vW8Melq3g51Uq+uZA1NAQg4YLMwjFGKHwA6JsLgf0zPQIFQqAGeMVarl26lhfCsPiFQ6gIQB0aWWF7YxmJYSTQp0CD5V/rEcgmAjUWXsUwbulqng/L4g8lAahTpwywfUrddkDagNcEsjkV/bPyjUC1hdcihuvKl/L8zZ+adfnuQGPvC50GkOisNAEDp1q3HdgwTKD5vngEkkSg2sArWK4rX84LYVv8odUAEuAOH2J7RqKciOU0YNMkQfeXeQTCgMA6DC9Yw/+FxeBXHyih1QBqaQLKKHSsgdOBrcMwsr4PHoEmEFDp7mdshD8vXcXUMO356/Y79ASgDgdhxOUcIb8hYIcwGi/9kvAIxBGQe++jWG7p04HKQp/zNzUqRUEAEuL0frZ9tDUH2wj/g2VnX4a8qaH1fy8AAgrsud/C+D6VvFdID79kZS8aApBAih1otZLdsZxlYV9fhTjZYfbX5QGBuQYmRyLcc/t083ke3peVVxQVAUjiYcNsSbcv6B+L8VsMh/tMw1mZB/4h6SMgP/4PgFurYzxUiJDe9LseQkeg5ISx5tSBbFFiOBU43vsKJIeavyrrCOiY778xyy3RNjyV72Qe2ZCm6DSAH4S25pQB9C41HIlhOPATIJINUPwzPAJJILDSwtORGOPXdeK1fKbxSqJvSV9SxATgZAzCiavZ10QYiWVPbxdIeuz9hekjMAfDAxH4S6/2fBh2S39jYhY9AUg4ZRdauJKBsRinYILjwg3SH1t/p0egQQS033/TwmRbysOTpplFxY5VsyCAgASwkbk7s0kkxjBsYBfQlqCk2AfI9z80CKww8O+YZXK0DS8V436/PiSbDQEkhItvCfaIbwn2AdqFZgr5jhQjAhaYjeWvxnJ/7058XMwqf90BaHYEIAFHVtgyG2E7EwtqD2hLsIn3HizGtVfwPq/BMN3GuKvG8kSxHfElg16zJAAnuDXDh9DDRDnAEAQU7eK1gWSmhL8mjsBXGP4Zi3Ffh1a8fcNUI//+ZteaMQG4sZL3YOuV9I9ajjJwKLBlsxtFL1A2EVhlYJqFv8VKeXrSNOaB0TagWbZmTwAJbWB0f7rbcvbF8hsLuwOdmuWIeqHSRUAW/s+Ax22EB9uX8m5z/erXBqiFEIAT+cwtbat1ndjawiEGjo6fFJSlO2P8fc0GgWUWnosYHoyW8MqkaXzdnL/6LZYAEoKftJPtXF7CzoHPgOVgoJc/Mmw2izkVQbSvnwVMiVmejBg+nVBpVKK7xbQWpQHUHlX5DXw9mL7Vlr1MjF9j2NU7ELWYeV8ldd/CUwYeqWnN283lXD/VEWyxBJAAStuCNR3Z3JjgtOCXwEBvH0h1GhXN9drnf4nhJRvjHyU1vDF+Ft+0FHW/vlFq8QSQAGVkhW0LbGvg5xZ+Bgzwx4ZFs7CT6egcLK/ZCI+VVPPKt1uzcMoUE03mxuZ8jSeAOqMbeBLG2N5E2d8a9jeOCEQOvhUnAvMwvGpjPF1awsuLVzE3zDn68g2xJ4B6EbdmZAUdI4btY5Z9sByIoX9cI/CY5XuWpv4+fdkXWnjZwDNRy2ttlzMnjGm5Uxctu3f4ydwontactBOdysrYysTYI7492CluI/CBRtmdi9l42lpgPpYXMTxdEqHSf/Ebh9UTQJLT7pTdbIfStWyKZSiGg+LGwh5A6yQf4S/LHQJLZdwz8FLM8EyZ4d0e7VjQnIJ2cgWdJ4AUkT17qG2zfB19S0xgG9gbGAJs7nMTpghk5pdLzZ9v4P0YvGQtr5bW8FGvWSwuhmy8mYufnSd4AkgTR0UcRqrpYkvYNhZhN6NgIxPkIFAFI+9dmCauSdz2nYVPIvC2au7FLG/E2jC3pZ7jJ4FXo5d4AsgUQaw5vR/tqtvTJ1LD9hgGxWCQcQVMtEXweQozxhgV1PwMw0xrmRGJ8Wa0nI/afMtSb9jLDFxPAJnh96O7lZrsy6W0b13KZjbGdjZCBZZB8ZiDjkCpz0uQFOBS7+WSOx/DW1imW8PbJTV8sLYzCzd9kSqv5ieFY5MXeQJoEqJ0LrBm7F6ULFxC15pSNjIRtjLyMHRksA0gMmjj4w9+hK2+8qt1fIdhVrDoLe9Syhdr1zJvi1ms8Ys+nbnoTwGyj1qKT5RmMHsZXUpL6YFli4ilfwx2NI4MusUJoX2Kjy32y/WFXwEsB+ZaeDe+r383VsK88pV8c9v7rGrJbrr5GGCvAeQD5VrvUBDS/Ao6RGN0NobeEcM2cSLY1ho2wtI1TgrNLV+BFvyS4GcVbstnRPjIxPjARPgiYljcqpRlLSEGP89TzhsBwwR43b4oGKmmDW2j5XQwMfrGStjEWDY1sLm1bEiE7tggzbk0hQ5hlqVW32oAnc0vNvCNhYUGZsfgC/1rI3xpIywuX8Gqb7ZjjffJL9yoeg2gcNjX++Zh/Wx561LKOramdXWU7kBva+iJpaex9In/b5HBBoZAW+gSJwYZGBOt7rhmMs6102HV/W/t27XQv8OymAjfEuMba5hvLAtNhEXWshBYACxrV07V3A2p8gs+PJMuk4kRHimacU/iW4aSqg6UlK+gVSRKl2gZnW2UrsalNeuECcigG5YuGDoY6GhNYGhsiw2MjfrJY7E8fhIhN2YdT+qnOaAw2cRPX2+p64qZV8KMtQZWW8tKLWIMKom13Fi+Db7wEZZYy3Ib4btIDUtLSlmyYh0rOq+mptuGRMe+SNTv48M7Qf8f4pm8v0mp1Z4AAAAASUVORK5CYII=" preserveAspectRatio="none"/><path d="M 463 246 L 463 187.37" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 463 182.12 L 466.5 189.12 L 463 187.37 L 459.5 189.12 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 487.75 276.24 L 536.88 276.24" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 542.13 276.24 L 535.13 279.74 L 536.88 276.24 L 535.13 272.74 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 462.82 246.03 C 462.38 246.05 461.94 246.16 461.56 246.36 L 444.37 254.55 C 443.47 254.99 442.81 255.81 442.59 256.77 L 438.34 275.22 C 438.15 276.07 438.31 276.98 438.78 277.72 C 438.86 277.8 438.92 277.88 438.97 277.99 L 450.87 292.77 C 451.5 293.53 452.46 294 453.45 294 L 472.53 294 C 473.51 294 474.47 293.53 475.1 292.77 L 487 277.96 C 487.6 277.2 487.85 276.18 487.63 275.22 L 483.38 256.77 C 483.16 255.81 482.5 254.99 481.6 254.55 L 464.41 246.36 C 463.92 246.11 463.37 246 462.82 246.03 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 462.83 247.47 C 462.42 247.49 462.01 247.59 461.65 247.77 L 445.49 255.48 C 444.64 255.89 444.02 256.66 443.82 257.57 L 439.82 274.91 C 439.64 275.71 439.8 276.56 440.23 277.25 C 440.31 277.33 440.36 277.41 440.41 277.51 L 451.6 291.4 C 452.19 292.12 453.09 292.56 454.02 292.56 L 471.95 292.56 C 472.88 292.56 473.78 292.12 474.38 291.4 L 485.56 277.49 C 486.13 276.76 486.36 275.81 486.15 274.91 L 482.16 257.57 C 481.95 256.66 481.33 255.89 480.48 255.48 L 464.33 247.77 C 463.86 247.54 463.35 247.44 462.83 247.47 Z" fill="#2875e2" stroke="none" pointer-events="all"/><path d="M 463 255.6 L 451.22 260.85 L 451.22 268.69 C 451.22 275.95 456.24 282.74 463 284.4 C 469.76 282.74 474.78 275.95 474.78 268.69 L 474.78 260.85 Z M 463 261.14 C 464.52 261.14 465.91 262.07 466.47 263.47 C 467.08 264.87 466.76 266.5 465.68 267.58 C 464.57 268.66 462.97 268.98 461.57 268.4 C 460.14 267.81 459.24 266.44 459.24 264.93 C 459.24 262.83 460.93 261.14 463 261.14 Z M 470.05 276.73 C 470.05 276.82 470.05 276.91 470 277 C 469.91 277.11 469.82 277.26 469.73 277.37 C 468.07 279.68 465.71 281.37 463 282.21 C 460.29 281.37 457.96 279.68 456.27 277.37 C 456.18 277.26 456.09 277.11 456 277 C 455.97 276.91 455.95 276.82 455.95 276.73 L 455.95 274.63 C 455.95 271.75 460.64 270.29 463 270.29 C 465.36 270.29 470.05 271.75 470.05 274.63 Z" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 301px; margin-left: 463px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">pomerium<br style="font-size: 11px" />service<br style="font-size: 11px" />account</div></div></div></foreignObject><text x="463" y="312" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">pomerium...</text></switch></g><path d="M 667.82 126.03 C 667.38 126.05 666.94 126.16 666.56 126.36 L 649.37 134.55 C 648.47 134.99 647.81 135.81 647.59 136.77 L 643.34 155.22 C 643.15 156.07 643.31 156.98 643.78 157.72 C 643.86 157.8 643.92 157.88 643.97 157.99 L 655.87 172.77 C 656.5 173.53 657.46 174 658.45 174 L 677.53 174 C 678.51 174 679.47 173.53 680.1 172.77 L 692 157.96 C 692.6 157.2 692.85 156.18 692.63 155.22 L 688.38 136.77 C 688.16 135.81 687.5 134.99 686.6 134.55 L 669.41 126.36 C 668.92 126.11 668.37 126 667.82 126.03 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 667.83 127.47 C 667.42 127.49 667.01 127.59 666.65 127.77 L 650.49 135.48 C 649.64 135.89 649.02 136.66 648.82 137.57 L 644.82 154.91 C 644.64 155.71 644.8 156.56 645.23 157.25 C 645.31 157.33 645.36 157.41 645.41 157.51 L 656.6 171.4 C 657.19 172.12 658.09 172.56 659.02 172.56 L 676.95 172.56 C 677.88 172.56 678.78 172.12 679.38 171.4 L 690.56 157.49 C 691.13 156.76 691.36 155.81 691.15 154.91 L 687.16 137.57 C 686.95 136.66 686.33 135.89 685.48 135.48 L 669.33 127.77 C 668.86 127.54 668.35 127.44 667.83 127.47 Z" fill="#2875e2" stroke="none" pointer-events="all"/><path d="M 668 135.6 C 667.71 135.6 659.11 139.83 659 140.03 C 658.73 140.57 656.77 149.57 656.89 149.77 C 656.95 149.88 658.36 151.66 660.03 153.73 L 663.03 157.5 L 667.98 157.5 L 672.92 157.5 L 676.06 153.57 L 679.23 149.63 L 678.11 144.8 C 677.51 142.15 676.98 139.92 676.91 139.88 C 676.75 139.72 668.18 135.62 668 135.6 Z M 668.53 140.03 C 668.96 140.05 669 140.68 669.89 140.75 C 671.05 140.83 670.92 139.74 671.81 140.5 C 672.7 141.26 671.61 141.3 671.9 142.44 C 672.17 143.57 673.15 143.13 672.72 144.2 C 672.28 145.27 671.88 144.26 670.9 144.87 C 669.89 145.49 670.63 146.29 669.47 146.2 C 668.31 146.11 669.16 145.42 668.27 144.67 C 667.38 143.93 666.84 144.87 666.57 143.73 C 666.28 142.62 667.2 143.2 667.64 142.13 C 668.09 141.03 667.02 140.83 668.02 140.21 C 668.13 140.14 668.25 140.1 668.33 140.05 C 668.4 140.03 668.47 140.03 668.53 140.03 Z M 669.69 141.3 C 669.54 141.3 669.36 141.32 669.2 141.37 C 668.31 141.64 667.8 142.57 668.07 143.46 C 668.33 144.35 669.29 144.87 670.18 144.6 C 671.07 144.33 671.56 143.4 671.3 142.5 C 671.1 141.79 670.43 141.3 669.69 141.3 Z M 663.03 144.2 C 663.12 144.2 663.23 144.22 663.37 144.26 C 664.44 144.6 663.34 145.16 664.1 145.98 C 664.86 146.78 665.51 145.73 665.75 146.83 C 666.02 147.92 664.97 147.27 664.66 148.34 C 664.32 149.41 665.55 149.43 664.73 150.19 C 663.9 150.95 663.97 149.74 662.88 149.99 C 661.79 150.23 662.36 151.3 661.3 150.99 C 660.23 150.66 661.32 150.1 660.56 149.28 C 659.8 148.45 659.16 149.5 658.91 148.41 C 658.65 147.32 659.69 147.98 660 146.92 C 660.34 145.85 659.11 145.8 659.94 145.04 C 660.76 144.29 660.69 145.51 661.79 145.27 C 662.74 145.04 662.41 144.2 663.03 144.2 Z M 670.98 145.38 C 671.07 145.38 671.21 145.4 671.36 145.45 C 672.59 145.94 670.96 146.67 671.92 147.58 C 672.88 148.5 673.55 146.85 674.08 148.05 C 674.62 149.25 672.94 148.63 672.97 149.97 C 672.99 151.28 674.64 150.59 674.17 151.82 C 673.68 153.04 672.94 151.41 672.03 152.37 C 671.12 153.33 672.77 154 671.56 154.53 C 670.36 155.07 670.98 153.4 669.65 153.42 C 668.33 153.46 669.02 155.09 667.8 154.62 C 666.57 154.13 668.2 153.4 667.24 152.48 C 666.28 151.57 665.62 153.22 665.08 152.02 C 664.55 150.81 666.22 151.44 666.2 150.12 C 666.15 148.79 664.53 149.5 664.99 148.25 C 665.48 147.03 666.22 148.65 667.13 147.69 C 668.04 146.74 666.4 146.07 667.6 145.53 C 668.8 145 668.18 146.67 669.49 146.65 C 670.65 146.63 670.27 145.36 670.98 145.38 Z M 662.34 145.94 C 661.41 145.94 660.65 146.69 660.65 147.63 C 660.65 148.56 661.41 149.3 662.34 149.3 C 663.26 149.3 664.01 148.56 664.01 147.63 C 664.01 146.69 663.26 145.94 662.34 145.94 Z M 669.58 147.56 C 668.2 147.56 667.09 148.65 667.09 150.03 C 667.09 151.41 668.2 152.53 669.58 152.53 C 670.96 152.53 672.05 151.41 672.05 150.03 C 672.05 148.65 670.94 147.56 669.58 147.56 Z M 671.36 159.28 L 671.36 158.65 L 671.92 158.65 L 671.92 159.28 Z M 671.36 163.15 L 671.36 159.9 L 671.92 159.9 L 671.92 163.15 Z M 667.87 164.4 L 667.87 159.9 L 668.38 159.9 L 668.38 160.32 Q 668.56 160.06 668.78 159.95 Q 669 159.81 669.31 159.81 Q 669.74 159.81 670.05 160.03 Q 670.36 160.26 670.54 160.64 Q 670.7 161.04 670.7 161.5 Q 670.7 161.99 670.52 162.4 Q 670.34 162.8 669.98 163.02 Q 669.65 163.22 669.27 163.22 Q 669 163.22 668.78 163.11 Q 668.56 163 668.42 162.82 L 668.42 164.4 Z M 668.36 161.55 Q 668.36 162.17 668.62 162.46 Q 668.87 162.77 669.25 162.77 Q 669.6 162.77 669.87 162.46 Q 670.14 162.15 670.14 161.5 Q 670.14 160.88 669.87 160.57 Q 669.63 160.26 669.27 160.26 Q 668.91 160.26 668.65 160.59 Q 668.36 160.9 668.36 161.55 Z M 666.49 162.75 Q 666.2 163.02 665.91 163.11 Q 665.62 163.22 665.3 163.22 Q 664.75 163.22 664.46 162.97 Q 664.17 162.71 664.17 162.28 Q 664.17 162.06 664.28 161.86 Q 664.39 161.66 664.57 161.53 Q 664.75 161.42 664.97 161.35 Q 665.13 161.3 665.46 161.28 Q 666.13 161.19 666.44 161.08 Q 666.44 160.97 666.44 160.95 Q 666.44 160.59 666.28 160.46 Q 666.08 160.28 665.66 160.28 Q 665.28 160.28 665.08 160.41 Q 664.9 160.55 664.81 160.9 L 664.28 160.81 Q 664.35 160.48 664.53 160.26 Q 664.68 160.06 665.02 159.92 Q 665.33 159.81 665.75 159.81 Q 666.17 159.81 666.42 159.92 Q 666.69 160.01 666.8 160.17 Q 666.93 160.3 666.98 160.55 Q 667 160.68 667 161.06 L 667 161.79 Q 667 162.55 667.04 162.75 Q 667.09 162.97 667.18 163.15 L 666.6 163.15 Q 666.51 162.97 666.49 162.75 Z M 666.44 161.5 Q 666.15 161.64 665.55 161.73 Q 665.22 161.77 665.06 161.84 Q 664.93 161.91 664.84 162.02 Q 664.77 162.13 664.77 162.28 Q 664.77 162.51 664.93 162.64 Q 665.1 162.8 665.42 162.8 Q 665.75 162.8 666 162.66 Q 666.24 162.51 666.35 162.26 Q 666.44 162.08 666.44 161.73 Z" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 150px; margin-left: 718px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">API<br />Server</div></div></div></foreignObject><text x="718" y="153" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">API...</text></switch></g><path d="M 599.12 276.24 L 636.88 276.24" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 593.87 276.24 L 600.87 272.74 L 599.12 276.24 L 600.87 279.74 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 642.13 276.24 L 635.13 279.74 L 636.88 276.24 L 635.13 272.74 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 567.82 246.03 C 567.38 246.05 566.94 246.16 566.56 246.36 L 549.37 254.55 C 548.47 254.99 547.81 255.81 547.59 256.77 L 543.34 275.22 C 543.15 276.07 543.31 276.98 543.78 277.72 C 543.86 277.8 543.92 277.88 543.97 277.99 L 555.87 292.77 C 556.5 293.53 557.46 294 558.45 294 L 577.53 294 C 578.51 294 579.47 293.53 580.1 292.77 L 592 277.96 C 592.6 277.2 592.85 276.18 592.63 275.22 L 588.38 256.77 C 588.16 255.81 587.5 254.99 586.6 254.55 L 569.41 246.36 C 568.92 246.11 568.37 246 567.82 246.03 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 567.83 247.47 C 567.42 247.49 567.01 247.59 566.65 247.77 L 550.49 255.48 C 549.64 255.89 549.02 256.66 548.82 257.57 L 544.82 274.91 C 544.64 275.71 544.8 276.56 545.23 277.25 C 545.31 277.33 545.36 277.41 545.41 277.51 L 556.6 291.4 C 557.19 292.12 558.09 292.56 559.02 292.56 L 576.95 292.56 C 577.88 292.56 578.78 292.12 579.38 291.4 L 590.56 277.49 C 591.13 276.76 591.36 275.81 591.15 274.91 L 587.16 257.57 C 586.95 256.66 586.33 255.89 585.48 255.48 L 569.33 247.77 C 568.86 247.54 568.35 247.44 567.83 247.47 Z" fill="#2875e2" stroke="none" pointer-events="all"/><path d="M 553.57 256.85 C 553.18 256.85 553 257.03 553 257.42 L 553 258.52 L 554.16 258.52 L 554.16 258.01 L 554.73 258.01 L 554.73 256.85 Z M 555.89 256.85 L 555.89 258.01 L 558.22 258.01 L 558.22 256.85 Z M 559.38 256.85 L 559.38 258.01 L 561.71 258.01 L 561.71 256.85 Z M 562.87 256.85 L 562.87 258.01 L 565.2 258.01 L 565.2 256.85 Z M 566.36 256.85 L 566.36 258.01 L 568.69 258.01 L 568.69 256.85 Z M 569.85 256.85 L 569.85 258.01 L 572.17 258.01 L 572.17 256.85 Z M 573.34 256.85 L 573.34 258.01 L 575.66 258.01 L 575.66 256.85 Z M 576.83 256.85 L 576.83 258.01 L 579.15 258.01 L 579.15 256.85 Z M 580.32 256.85 L 580.32 258.01 L 582.43 258.01 L 582.43 257.62 L 583 257.62 L 583 257.42 C 583 257.06 582.79 256.85 582.43 256.85 Z M 581.84 258.79 L 581.84 261.11 L 583 261.11 L 583 258.79 Z M 553 259.68 L 553 262.01 L 554.16 262.01 L 554.16 259.68 Z M 581.84 262.28 L 581.84 264.6 L 583 264.6 L 583 262.28 Z M 553 263.17 L 553 265.5 L 554.16 265.5 L 554.16 263.17 Z M 562.39 263.83 C 558.99 263.83 556.22 266.6 556.22 270 C 556.22 273.4 558.99 276.17 562.39 276.17 L 567.43 276.17 L 567.43 272.92 L 562.39 272.92 C 560.78 272.92 559.47 271.61 559.47 270 C 559.47 268.39 560.78 267.08 562.39 267.08 L 567.43 267.08 L 567.43 263.83 Z M 568.57 263.83 L 568.57 267.08 L 573.61 267.08 C 575.22 267.08 576.53 268.39 576.53 270 C 576.53 271.61 575.22 272.92 573.61 272.92 L 568.57 272.92 L 568.57 276.17 L 573.61 276.17 C 577.01 276.17 579.78 273.4 579.78 270 C 579.78 266.6 577.01 263.83 573.61 263.83 Z M 562.39 264.96 L 566.33 264.96 L 566.33 265.97 L 562.39 265.97 C 560.19 265.97 558.37 267.79 558.37 270 C 558.37 272.24 560.19 274.03 562.39 274.03 L 566.33 274.03 L 566.33 275.04 L 562.39 275.04 C 559.59 275.04 557.35 272.8 557.35 270 C 557.35 267.2 559.59 264.96 562.39 264.96 Z M 569.7 264.96 L 573.61 264.96 C 576.41 264.96 578.68 267.2 578.68 270 C 578.68 272.8 576.41 275.04 573.61 275.04 L 569.7 275.04 L 569.7 274.03 L 573.61 274.03 C 575.84 274.03 577.66 272.24 577.66 270 C 577.66 267.79 575.84 265.97 573.61 265.97 L 569.7 265.97 Z M 581.84 265.77 L 581.84 268.09 L 583 268.09 L 583 265.77 Z M 553 266.66 L 553 268.99 L 554.16 268.99 L 554.16 266.66 Z M 562.96 268.33 L 562.96 271.7 L 563.53 271.7 L 573.04 271.7 L 573.04 268.33 Z M 581.84 269.25 L 581.84 271.58 L 583 271.58 L 583 269.25 Z M 564.06 269.43 L 571.94 269.43 L 571.94 270.57 L 564.06 270.57 Z M 553 270.15 L 553 272.45 L 554.16 272.45 L 554.16 270.15 Z M 581.84 272.74 L 581.84 275.07 L 583 275.07 L 583 272.74 Z M 553 273.61 L 553 275.93 L 554.16 275.93 L 554.16 273.61 Z M 581.84 276.23 L 581.84 278.56 L 583 278.56 L 583 276.23 Z M 553 277.1 L 553 279.42 L 554.16 279.42 L 554.16 277.1 Z M 581.84 279.72 L 581.84 282.05 L 583 282.05 L 583 279.72 Z M 553 280.59 L 553 282.58 C 553 282.94 553.18 283.15 553.57 283.15 L 553.92 283.15 L 553.92 282.58 L 554.16 282.58 L 554.16 280.59 Z M 555.09 281.99 L 555.09 283.15 L 557.41 283.15 L 557.41 281.99 Z M 558.58 281.99 L 558.58 283.15 L 560.9 283.15 L 560.9 281.99 Z M 562.07 281.99 L 562.07 283.15 L 564.36 283.15 L 564.36 281.99 Z M 565.52 281.99 L 565.52 283.15 L 567.88 283.15 L 567.88 281.99 Z M 569.01 281.99 L 569.01 283.15 L 571.34 283.15 L 571.34 281.99 Z M 572.5 281.99 L 572.5 283.15 L 574.83 283.15 L 574.83 281.99 Z M 575.99 281.99 L 575.99 283.15 L 578.32 283.15 L 578.32 281.99 Z M 579.48 281.99 L 579.48 283.15 L 581.81 283.15 L 581.81 281.99 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 668 246 L 668 180.37" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 668 175.12 L 671.5 182.12 L 668 180.37 L 664.5 182.12 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 667.82 246.03 C 667.38 246.05 666.94 246.16 666.56 246.36 L 649.37 254.55 C 648.47 254.99 647.81 255.81 647.59 256.77 L 643.34 275.22 C 643.15 276.07 643.31 276.98 643.78 277.72 C 643.86 277.8 643.92 277.88 643.97 277.99 L 655.87 292.77 C 656.5 293.53 657.46 294 658.45 294 L 677.53 294 C 678.51 294 679.47 293.53 680.1 292.77 L 692 277.96 C 692.6 277.2 692.85 276.18 692.63 275.22 L 688.38 256.77 C 688.16 255.81 687.5 254.99 686.6 254.55 L 669.41 246.36 C 668.92 246.11 668.37 246 667.82 246.03 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 667.83 247.47 C 667.42 247.49 667.01 247.59 666.65 247.77 L 650.49 255.48 C 649.64 255.89 649.02 256.66 648.82 257.57 L 644.82 274.91 C 644.64 275.71 644.8 276.56 645.23 277.25 C 645.31 277.33 645.36 277.41 645.41 277.51 L 656.6 291.4 C 657.19 292.12 658.09 292.56 659.02 292.56 L 676.95 292.56 C 677.88 292.56 678.78 292.12 679.38 291.4 L 690.56 277.49 C 691.13 276.76 691.36 275.81 691.15 274.91 L 687.16 257.57 C 686.95 256.66 686.33 255.89 685.48 255.48 L 669.33 247.77 C 668.86 247.54 668.35 247.44 667.83 247.47 Z" fill="#2875e2" stroke="none" pointer-events="all"/><path d="M 653.57 256.84 C 653.14 256.84 653 256.96 653 257.41 L 653 258.52 L 654.16 258.52 L 654.16 258.01 L 654.73 258.01 L 654.73 256.84 Z M 655.89 256.84 L 655.89 258.01 L 658.22 258.01 L 658.22 256.84 Z M 659.38 256.84 L 659.38 258.01 L 661.71 258.01 L 661.71 256.84 Z M 662.87 256.84 L 662.87 258.01 L 665.19 258.01 L 665.19 256.84 Z M 666.36 256.84 L 666.36 258.01 L 668.68 258.01 L 668.68 256.84 Z M 669.84 256.84 L 669.84 258.01 L 672.17 258.01 L 672.17 256.84 Z M 673.33 256.84 L 673.33 258.01 L 675.66 258.01 L 675.66 256.84 Z M 676.82 256.84 L 676.82 258.01 L 679.14 258.01 L 679.14 256.84 Z M 680.31 256.84 L 680.31 258.01 L 682.4 258.01 L 682.4 257.64 L 683 257.64 L 683 257.41 L 682.4 256.84 Z M 668.31 258.63 L 659.29 262.63 L 659.29 268.58 C 659.29 274.11 663.12 279.27 668.31 280.52 C 673.47 279.27 677.33 274.11 677.33 268.58 L 677.33 262.63 Z M 681.84 258.8 L 681.84 261.1 L 683 261.1 L 683 258.8 Z M 653 259.68 L 653 262 L 654.16 262 L 654.16 259.68 Z M 681.84 262.26 L 681.84 264.58 L 683 264.58 L 683 262.26 Z M 668.34 262.34 C 670.27 262.34 671.8 263.88 671.8 265.78 L 671.8 266.65 L 673.08 266.65 L 673.08 274.68 L 663.52 274.68 L 663.52 266.65 L 664.91 266.65 L 664.91 265.78 C 664.91 263.88 666.44 262.34 668.34 262.34 Z M 653 263.17 L 653 265.46 L 654.16 265.46 L 654.16 263.17 Z M 668.31 263.62 C 667.15 263.62 666.24 264.53 666.24 265.66 L 666.24 266.54 L 670.38 266.54 L 670.38 265.66 C 670.35 264.53 669.45 263.62 668.31 263.62 Z M 681.84 265.75 L 681.84 268.07 L 683 268.07 L 683 265.75 Z M 653 266.63 L 653 268.95 L 654.16 268.95 L 654.16 266.63 Z M 668.14 269.01 C 667.32 269.01 666.67 269.66 666.67 270.48 C 666.67 271.28 667.32 271.93 668.14 271.93 C 668.94 271.93 669.59 271.28 669.59 270.48 C 669.59 269.66 668.94 269.01 668.14 269.01 Z M 681.84 269.23 L 681.84 271.56 L 683 271.56 L 683 269.23 Z M 653 270.11 L 653 272.44 L 654.16 272.44 L 654.16 270.11 Z M 681.84 272.72 L 681.84 275.05 L 683 275.05 L 683 272.72 Z M 653 273.6 L 653 275.93 L 654.16 275.93 L 654.16 273.6 Z M 681.84 276.21 L 681.84 278.53 L 683 278.53 L 683 276.21 Z M 653 277.09 L 653 279.41 L 654.16 279.41 L 654.16 277.09 Z M 681.84 279.7 L 681.84 282.02 L 683 282.02 L 683 279.7 Z M 653 280.58 L 653 282.56 C 653 282.93 653.17 283.16 653.57 283.16 L 653.91 283.16 L 653.91 282.56 L 654.16 282.56 L 654.16 280.58 Z M 655.07 281.99 L 655.07 283.16 L 657.4 283.16 L 657.4 281.99 Z M 658.56 281.99 L 658.56 283.16 L 660.88 283.16 L 660.88 281.99 Z M 662.05 281.99 L 662.05 283.16 L 664.37 283.16 L 664.37 281.99 Z M 665.53 281.99 L 665.53 283.16 L 667.86 283.16 L 667.86 281.99 Z M 669.02 281.99 L 669.02 283.16 L 671.35 283.16 L 671.35 281.99 Z M 672.51 281.99 L 672.51 283.16 L 674.83 283.16 L 674.83 281.99 Z M 676 281.99 L 676 283.16 L 678.32 283.16 L 678.32 281.99 Z M 679.48 281.99 L 679.48 283.16 L 681.81 283.16 L 681.81 281.99 Z" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 301px; margin-left: 668px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">user<br style="font-size: 11px" />impersonation<br style="font-size: 11px" />role</div></div></div></foreignObject><text x="668" y="312" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">user...</text></switch></g><path d="M 599.12 46.24 L 636.88 46.24" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 593.87 46.24 L 600.87 42.74 L 599.12 46.24 L 600.87 49.74 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 642.13 46.24 L 635.13 49.74 L 636.88 46.24 L 635.13 42.74 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 567.82 16.03 C 567.38 16.05 566.94 16.16 566.56 16.36 L 549.37 24.55 C 548.47 24.99 547.81 25.81 547.59 26.77 L 543.34 45.22 C 543.15 46.07 543.31 46.98 543.78 47.72 C 543.86 47.8 543.92 47.88 543.97 47.99 L 555.87 62.77 C 556.5 63.53 557.46 64 558.45 64 L 577.53 64 C 578.51 64 579.47 63.53 580.1 62.77 L 592 47.96 C 592.6 47.2 592.85 46.18 592.63 45.22 L 588.38 26.77 C 588.16 25.81 587.5 24.99 586.6 24.55 L 569.41 16.36 C 568.92 16.11 568.37 16 567.82 16.03 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 567.83 17.47 C 567.42 17.49 567.01 17.59 566.65 17.77 L 550.49 25.48 C 549.64 25.89 549.02 26.66 548.82 27.57 L 544.82 44.91 C 544.64 45.71 544.8 46.56 545.23 47.25 C 545.31 47.33 545.36 47.41 545.41 47.51 L 556.6 61.4 C 557.19 62.12 558.09 62.56 559.02 62.56 L 576.95 62.56 C 577.88 62.56 578.78 62.12 579.38 61.4 L 590.56 47.49 C 591.13 46.76 591.36 45.81 591.15 44.91 L 587.16 27.57 C 586.95 26.66 586.33 25.89 585.48 25.48 L 569.33 17.77 C 568.86 17.54 568.35 17.44 567.83 17.47 Z" fill="#2875e2" stroke="none" pointer-events="all"/><path d="M 553.57 26.85 C 553.18 26.85 553 27.03 553 27.42 L 553 28.52 L 554.16 28.52 L 554.16 28.01 L 554.73 28.01 L 554.73 26.85 Z M 555.89 26.85 L 555.89 28.01 L 558.22 28.01 L 558.22 26.85 Z M 559.38 26.85 L 559.38 28.01 L 561.71 28.01 L 561.71 26.85 Z M 562.87 26.85 L 562.87 28.01 L 565.2 28.01 L 565.2 26.85 Z M 566.36 26.85 L 566.36 28.01 L 568.69 28.01 L 568.69 26.85 Z M 569.85 26.85 L 569.85 28.01 L 572.17 28.01 L 572.17 26.85 Z M 573.34 26.85 L 573.34 28.01 L 575.66 28.01 L 575.66 26.85 Z M 576.83 26.85 L 576.83 28.01 L 579.15 28.01 L 579.15 26.85 Z M 580.32 26.85 L 580.32 28.01 L 582.43 28.01 L 582.43 27.62 L 583 27.62 L 583 27.42 C 583 27.06 582.79 26.85 582.43 26.85 Z M 581.84 28.79 L 581.84 31.11 L 583 31.11 L 583 28.79 Z M 553 29.68 L 553 32.01 L 554.16 32.01 L 554.16 29.68 Z M 581.84 32.28 L 581.84 34.6 L 583 34.6 L 583 32.28 Z M 553 33.17 L 553 35.5 L 554.16 35.5 L 554.16 33.17 Z M 562.39 33.83 C 558.99 33.83 556.22 36.6 556.22 40 C 556.22 43.4 558.99 46.17 562.39 46.17 L 567.43 46.17 L 567.43 42.92 L 562.39 42.92 C 560.78 42.92 559.47 41.61 559.47 40 C 559.47 38.39 560.78 37.08 562.39 37.08 L 567.43 37.08 L 567.43 33.83 Z M 568.57 33.83 L 568.57 37.08 L 573.61 37.08 C 575.22 37.08 576.53 38.39 576.53 40 C 576.53 41.61 575.22 42.92 573.61 42.92 L 568.57 42.92 L 568.57 46.17 L 573.61 46.17 C 577.01 46.17 579.78 43.4 579.78 40 C 579.78 36.6 577.01 33.83 573.61 33.83 Z M 562.39 34.96 L 566.33 34.96 L 566.33 35.97 L 562.39 35.97 C 560.19 35.97 558.37 37.79 558.37 40 C 558.37 42.24 560.19 44.03 562.39 44.03 L 566.33 44.03 L 566.33 45.04 L 562.39 45.04 C 559.59 45.04 557.35 42.8 557.35 40 C 557.35 37.2 559.59 34.96 562.39 34.96 Z M 569.7 34.96 L 573.61 34.96 C 576.41 34.96 578.68 37.2 578.68 40 C 578.68 42.8 576.41 45.04 573.61 45.04 L 569.7 45.04 L 569.7 44.03 L 573.61 44.03 C 575.84 44.03 577.66 42.24 577.66 40 C 577.66 37.79 575.84 35.97 573.61 35.97 L 569.7 35.97 Z M 581.84 35.77 L 581.84 38.09 L 583 38.09 L 583 35.77 Z M 553 36.66 L 553 38.99 L 554.16 38.99 L 554.16 36.66 Z M 562.96 38.33 L 562.96 41.7 L 563.53 41.7 L 573.04 41.7 L 573.04 38.33 Z M 581.84 39.25 L 581.84 41.58 L 583 41.58 L 583 39.25 Z M 564.06 39.43 L 571.94 39.43 L 571.94 40.57 L 564.06 40.57 Z M 553 40.15 L 553 42.45 L 554.16 42.45 L 554.16 40.15 Z M 581.84 42.74 L 581.84 45.07 L 583 45.07 L 583 42.74 Z M 553 43.61 L 553 45.93 L 554.16 45.93 L 554.16 43.61 Z M 581.84 46.23 L 581.84 48.56 L 583 48.56 L 583 46.23 Z M 553 47.1 L 553 49.42 L 554.16 49.42 L 554.16 47.1 Z M 581.84 49.72 L 581.84 52.05 L 583 52.05 L 583 49.72 Z M 553 50.59 L 553 52.58 C 553 52.94 553.18 53.15 553.57 53.15 L 553.92 53.15 L 553.92 52.58 L 554.16 52.58 L 554.16 50.59 Z M 555.09 51.99 L 555.09 53.15 L 557.41 53.15 L 557.41 51.99 Z M 558.58 51.99 L 558.58 53.15 L 560.9 53.15 L 560.9 51.99 Z M 562.07 51.99 L 562.07 53.15 L 564.36 53.15 L 564.36 51.99 Z M 565.52 51.99 L 565.52 53.15 L 567.88 53.15 L 567.88 51.99 Z M 569.01 51.99 L 569.01 53.15 L 571.34 53.15 L 571.34 51.99 Z M 572.5 51.99 L 572.5 53.15 L 574.83 53.15 L 574.83 51.99 Z M 575.99 51.99 L 575.99 53.15 L 578.32 53.15 L 578.32 51.99 Z M 579.48 51.99 L 579.48 53.15 L 581.81 53.15 L 581.81 51.99 Z" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 13px; margin-left: 568px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">user@domain.com</div></div></div></foreignObject><text x="568" y="13" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">user@doma...</text></switch></g><path d="M 668 64 L 668 119.63" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 668 124.88 L 664.5 117.88 L 668 119.63 L 671.5 117.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 667.82 16.03 C 667.38 16.05 666.94 16.16 666.56 16.36 L 649.37 24.55 C 648.47 24.99 647.81 25.81 647.59 26.77 L 643.34 45.22 C 643.15 46.07 643.31 46.98 643.78 47.72 C 643.86 47.8 643.92 47.88 643.97 47.99 L 655.87 62.77 C 656.5 63.53 657.46 64 658.45 64 L 677.53 64 C 678.51 64 679.47 63.53 680.1 62.77 L 692 47.96 C 692.6 47.2 692.85 46.18 692.63 45.22 L 688.38 26.77 C 688.16 25.81 687.5 24.99 686.6 24.55 L 669.41 16.36 C 668.92 16.11 668.37 16 667.82 16.03 Z" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 667.83 17.47 C 667.42 17.49 667.01 17.59 666.65 17.77 L 650.49 25.48 C 649.64 25.89 649.02 26.66 648.82 27.57 L 644.82 44.91 C 644.64 45.71 644.8 46.56 645.23 47.25 C 645.31 47.33 645.36 47.41 645.41 47.51 L 656.6 61.4 C 657.19 62.12 658.09 62.56 659.02 62.56 L 676.95 62.56 C 677.88 62.56 678.78 62.12 679.38 61.4 L 690.56 47.49 C 691.13 46.76 691.36 45.81 691.15 44.91 L 687.16 27.57 C 686.95 26.66 686.33 25.89 685.48 25.48 L 669.33 17.77 C 668.86 17.54 668.35 17.44 667.83 17.47 Z" fill="#2875e2" stroke="none" pointer-events="all"/><path d="M 653.57 26.84 C 653.14 26.84 653 26.96 653 27.41 L 653 28.52 L 654.16 28.52 L 654.16 28.01 L 654.73 28.01 L 654.73 26.84 Z M 655.89 26.84 L 655.89 28.01 L 658.22 28.01 L 658.22 26.84 Z M 659.38 26.84 L 659.38 28.01 L 661.71 28.01 L 661.71 26.84 Z M 662.87 26.84 L 662.87 28.01 L 665.19 28.01 L 665.19 26.84 Z M 666.36 26.84 L 666.36 28.01 L 668.68 28.01 L 668.68 26.84 Z M 669.84 26.84 L 669.84 28.01 L 672.17 28.01 L 672.17 26.84 Z M 673.33 26.84 L 673.33 28.01 L 675.66 28.01 L 675.66 26.84 Z M 676.82 26.84 L 676.82 28.01 L 679.14 28.01 L 679.14 26.84 Z M 680.31 26.84 L 680.31 28.01 L 682.4 28.01 L 682.4 27.64 L 683 27.64 L 683 27.41 L 682.4 26.84 Z M 668.31 28.63 L 659.29 32.63 L 659.29 38.58 C 659.29 44.11 663.12 49.27 668.31 50.52 C 673.47 49.27 677.33 44.11 677.33 38.58 L 677.33 32.63 Z M 681.84 28.8 L 681.84 31.1 L 683 31.1 L 683 28.8 Z M 653 29.68 L 653 32 L 654.16 32 L 654.16 29.68 Z M 681.84 32.26 L 681.84 34.58 L 683 34.58 L 683 32.26 Z M 668.34 32.34 C 670.27 32.34 671.8 33.88 671.8 35.78 L 671.8 36.65 L 673.08 36.65 L 673.08 44.68 L 663.52 44.68 L 663.52 36.65 L 664.91 36.65 L 664.91 35.78 C 664.91 33.88 666.44 32.34 668.34 32.34 Z M 653 33.17 L 653 35.46 L 654.16 35.46 L 654.16 33.17 Z M 668.31 33.62 C 667.15 33.62 666.24 34.53 666.24 35.66 L 666.24 36.54 L 670.38 36.54 L 670.38 35.66 C 670.35 34.53 669.45 33.62 668.31 33.62 Z M 681.84 35.75 L 681.84 38.07 L 683 38.07 L 683 35.75 Z M 653 36.63 L 653 38.95 L 654.16 38.95 L 654.16 36.63 Z M 668.14 39.01 C 667.32 39.01 666.67 39.66 666.67 40.48 C 666.67 41.28 667.32 41.93 668.14 41.93 C 668.94 41.93 669.59 41.28 669.59 40.48 C 669.59 39.66 668.94 39.01 668.14 39.01 Z M 681.84 39.23 L 681.84 41.56 L 683 41.56 L 683 39.23 Z M 653 40.11 L 653 42.44 L 654.16 42.44 L 654.16 40.11 Z M 681.84 42.72 L 681.84 45.05 L 683 45.05 L 683 42.72 Z M 653 43.6 L 653 45.93 L 654.16 45.93 L 654.16 43.6 Z M 681.84 46.21 L 681.84 48.53 L 683 48.53 L 683 46.21 Z M 653 47.09 L 653 49.41 L 654.16 49.41 L 654.16 47.09 Z M 681.84 49.7 L 681.84 52.02 L 683 52.02 L 683 49.7 Z M 653 50.58 L 653 52.56 C 653 52.93 653.17 53.16 653.57 53.16 L 653.91 53.16 L 653.91 52.56 L 654.16 52.56 L 654.16 50.58 Z M 655.07 51.99 L 655.07 53.16 L 657.4 53.16 L 657.4 51.99 Z M 658.56 51.99 L 658.56 53.16 L 660.88 53.16 L 660.88 51.99 Z M 662.05 51.99 L 662.05 53.16 L 664.37 53.16 L 664.37 51.99 Z M 665.53 51.99 L 665.53 53.16 L 667.86 53.16 L 667.86 51.99 Z M 669.02 51.99 L 669.02 53.16 L 671.35 53.16 L 671.35 51.99 Z M 672.51 51.99 L 672.51 53.16 L 674.83 53.16 L 674.83 51.99 Z M 676 51.99 L 676 53.16 L 678.32 53.16 L 678.32 51.99 Z M 679.48 51.99 L 679.48 53.16 L 681.81 53.16 L 681.81 51.99 Z" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 13px; margin-left: 668px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">user role</div></div></div></foreignObject><text x="668" y="13" fill="#000000" font-family="Helvetica" font-size="11px" text-anchor="middle">user role</text></switch></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://desk.draw.io/support/solutions/articles/16000042487" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Viewer does not support full SVG 1.1</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/docs/k8s/img/logged-in-as.png b/docs/docs/k8s/img/logged-in-as.png
deleted file mode 100644
index 7de800a74..000000000
Binary files a/docs/docs/k8s/img/logged-in-as.png and /dev/null differ
diff --git a/docs/docs/k8s/ingress.md b/docs/docs/k8s/ingress.md
deleted file mode 100644
index 15e836f1f..000000000
--- a/docs/docs/k8s/ingress.md
+++ /dev/null
@@ -1,464 +0,0 @@
----
-title: Ingress Controller
-lang: en-US
-sidebarDepth: 1
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, kubernetes, ingress, ingress controller, reverse proxy
----
-
-# Kubernetes Ingress Controller
-
-Use Pomerium as a first-class secure-by-default Ingress Controller. The Pomerium Ingress Controller enables workflows more native to Kubernetes environments, such as Git-Ops style actions based on pull requests. Dynamically provision routes from Ingress resources and set policy based on annotations. By defining routes as Ingress resources you can independently create and remove them from Pomerium's configuration.
-
-## Prerequisites
-
-- A certificate management solution. If you do not already have one in place, this article covers using [cert-manager](https://cert-manager.io/).
-- A [Redis](https://redis.io/) backend with high [persistence](https://redis.io/topics/persistence) is highly recommended.
-
-### System Requirements
-
-- Kubernetes v1.19.0+
-- Pomerium [Helm Chart](https://github.com/pomerium/pomerium-helm/tree/main/charts/pomerium) v25.0.0+
-
-### Limitations
-
-::: warning
-
-Only one Ingress Controller instance is supported per Pomerium cluster.
-
-:::
-
-## Installation
-
-### Helm
-
-Our instructions for [Installing Pomerium Using Helm](/docs/k8s/helm.md) includes the Ingress Controller as part of the documented configuration. You can confirm by looking for this line in `pomerium-values.yaml`:
-
-```yaml
-ingressController:
-  enabled: true
-```
-
-### Docker Image
-
-You may deploy the Ingress controller from your own manifests by using the `pomerium/ingress-controller` docker image.
-
-## Configuration
-
-| Flag                           | Description                                                             |
-| ------------------------------ | ----------------------------------------------------------------------- |
-| `--databroker-service-url`     | The databroker service url                                              |
-| `--databroker-tls-ca`          | `base64` encoded TLS CA                                                 |
-| `--databroker-tls-ca-file`     | TLS CA file path for the databroker connection connection               |
-| `--health-probe-bind-address`  | The address the probe endpoint binds to. (default ":8081")              |
-| `--metrics-bind-address`       | The address the metric endpoint binds to. (default ":8080")             |
-| `--name`                       | IngressClass controller name (default "pomerium.io/ingress-controller") |
-| `--namespaces`                 | Namespaces to watch, omit to watch all namespaces                       |
-| `--prefix`                     | Ingress annotation prefix (default "ingress.pomerium.io")               |
-| `--shared-secret`              | `base64` encoded shared secret for communicating with databroker        |
-| `--update-status-from-service` | Update ingress status from given service status (pomerium-proxy)        |
-
-The helm chart exposes a subset of these flags for appropriate customization.
-
-## Usage
-
-### Defining Routes
-
-If you've tested Pomerium using the [all-in-one binary](/docs/install/binary.md), you're probably familiar with configuring routes in Pomerium's [`config.yaml`](/docs/install/binary.md#configuration-file). When using the Pomerium Ingress Controller, each route is defined as an Ingress resource in the Kubernetes API.
-
-The Ingress Controller will monitor Ingress resources in the cluster, creating a Pomerium route definition for each one. Policy and other configuration options for the route are set by using annotations starting with `ingress.pomerium.io/`.
-
-Example:
-
-```yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    ingress.pomerium.io/policy: '[{"allow":{"and":[{"email":{"is":"user@yourdomain.com"}}]}}]' # This can also be a yaml block quote
-spec:
-  rules:
-  - host: hello.localhost.pomerium.io
-    http:
-      paths:
-      - backend:
-          service:
-            name: nginx-hello
-            port:
-              name: http
-        path: /
-        pathType: Prefix
-```
-
-Becomes:
-
-```yaml
-routes:
-  - from: https://hello.localhost.pomerium.io
-    to: http://nginx-hello.default.svc.cluster.local
-    policy:
-    - allow:
-        and:
-          - email:
-              is: user@yourdomain.com
-```
-
-::: details Write Policies in YAML
-
-You can also define a route's policies using YAML:
-
-```yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: name
-  annotations:
-    ingress.pomerium.io/policy: |
-      - allow:
-          or:
-            - domain:
-                is: pomerium.com
-```
-
-:::
-
-::: tip
-Routes are sorted and applied in the following order.
-
-1. Ascending by `from`.
-1. Descending by `path`.
-1. Descending by `regex`.
-1. Descending by `prefix`.
-1. Ascending by `id`.
-
-This sorting order helps ensure that more restrictive routes for specific paths and regexes are applied correctly.
-:::
-
-### Supported Annotations
-
-Most configuration keys in non-Kubernetes deployments can be specified as annotation in an Ingress Resource definition. The format is `ingress.pomerium.io/${OPTION_NAME}`. The expandable list below contains the annotations available, which behave as described in our reference documentation (with links to the appropriate reference documentation).
-
-::: details Pomerium-Standard Annotations
-
-- [`ingress.pomerium.io/allow_any_authenticated_user`]
-- [`ingress.pomerium.io/allow_public_unauthenticated_access`]
-- [`ingress.pomerium.io/allow_spdy`]
-- [`ingress.pomerium.io/allow_websockets`]
-- [`ingress.pomerium.io/allowed_domains`]
-- [`ingress.pomerium.io/allowed_groups`]
-- [`ingress.pomerium.io/allowed_idp_claims`]
-- [`ingress.pomerium.io/allowed_users`]
-- [`ingress.pomerium.io/cors_allow_preflight`]
-- [`ingress.pomerium.io/host_path_regex_rewrite_pattern`]
-- [`ingress.pomerium.io/host_path_regex_rewrite_substitution`]
-- [`ingress.pomerium.io/host_rewrite`]
-- [`ingress.pomerium.io/host_rewrite_header`]
-- [`ingress.pomerium.io/idle_timeout`]
-- [`ingress.pomerium.io/outlier_detection`]
-- [`ingress.pomerium.io/pass_identity_headers`]
-- [`ingress.pomerium.io/policy`]
-- [`ingress.pomerium.io/prefix_rewrite`]
-- [`ingress.pomerium.io/preserve_host_header`]
-- [`ingress.pomerium.io/regex_rewrite_pattern`]
-- [`ingress.pomerium.io/regex_rewrite_substitution`]
-- [`ingress.pomerium.io/remove_request_headers`]
-- [`ingress.pomerium.io/rewrite_response_headers`]
-- [`ingress.pomerium.io/set_request_headers`]
-- [`ingress.pomerium.io/set_response_headers`]
-- [`ingress.pomerium.io/timeout`]
-- [`ingress.pomerium.io/tls_server_name`]
-- [`ingress.pomerium.io/tls_skip_verify`]
-
-:::
-
-The remaining annotations are specific to or behave differently than they do when using Pomerium without the Ingress Controller:
-
-| Annotation                                             | Description                                                                                                                                                                                   |
-| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `ingress.pomerium.io/kubernetes_service_account_token` | Name of a Kubernetes `token` Secret containing a [Kubernetes Service Account Token](/reference/readme.md#kubernetes-service-account-token).                                                   |
-| `ingress.pomerium.io/path_regex`                       | When set to `"true"` enables path regex matching. See the [Regular Expressions Path Matching](#regular-expressions-path-matching) section for more information.                               |
-| `ingress.pomerium.io/secure_upstream`                  | When set to `"true"`, use `https` when connecting to the upstream endpoint.                                                                                                                   |
-| `ingress.pomerium.io/set_request_headers_secret`       | Name of Kubernetes Secret containing the contents of the request header to send upstream. When used, `ingress.pomerium.io/set_request_headers` should not contain overlapping keys.           |
-| `ingress.pomerium.io/set_response_headers_secret`      | Name of Kubernetes Secret containing the contents of the response header to send downstream. When used, `ingress.pomerium.io/set_response_headers` should not contain overlapping keys.       |
-| `ingress.pomerium.io/service_proxy_upstream`           | When set to `"true"` forces Pomerium to connect to upstreams through the k8s service proxy, and not individual endpoints. <br/> This is useful when deploying Pomerium inside a service mesh. |
-| `ingress.pomerium.io/tcp_upstream`                     | When set to `"true"`, defines the route as supporting a TCP tunnel. See the [example below](#tcp-endpoints) for more information.                                                             |
-| `ingress.pomerium.io/tls_client_secret`                | Name of Kubernetes `tls` Secret containing a [client certificate][tls_client_certificate] for connecting to the upstream.                                                                     |
-| `ingress.pomerium.io/tls_custom_ca_secret`             | Name of Kubernetes `tls` Secret containing a custom [CA certificate][`tls_custom_ca_secret`] for the upstream.                                                                                |
-| `ingress.pomerium.io/tls_downstream_client_ca_secret`  | Name of Kubernetes `tls` Secret containing a [Client CA][client-certificate-authority] for validating downstream clients.                                                                     |
-
-::: tip
-
-Every value for the annotations above must be in `string` format.
-
-:::
-
-### cert-manager Integration
-
-Pomerium Ingress Controller can use [cert-manager](https://cert-manager.io/) to automatically provision certificates. These may come from the [ingress-shim](https://cert-manager.io/docs/usage/ingress/) or explicitly configured [`Certificate` resources](https://cert-manager.io/docs/usage/certificate/).
-
-To use [HTTP01 Challenges](https://cert-manager.io/docs/configuration/acme/http01/) with your [Issuer](https://cert-manager.io/docs/concepts/issuer/), configure the solver class to match the Ingress Controller. The Ingress Controller will automatically configure policy to facilitate the HTTP01 challenge:
-
-```yaml
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: example-issuer
-spec:
-  acme:
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: example-issuer-account-key
-    solvers:
-    - http01:
-       ingress:
-         class: pomerium
-```
-
-An example of using the [ingress-shim](https://cert-manager.io/docs/usage/ingress/) with an Ingress resource managed by Pomerium:
-
-```yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/issuer: example-issuer
-    ingress.pomerium.io/policy: '[{"allow":{"and":[{"email":{"is":"user@exampledomain.com"}}]}}]'
-  name: example
-spec:
-  ingressClassName: pomerium
-  rules:
-  - host: example.localhost.pomerium.io
-    http:
-      paths:
-      - backend:
-          service:
-            name: example
-            port:
-              name: http
-        path: /
-        pathType: Prefix
-  tls:
-  - hosts:
-    - example.localhost.pomerium.io
-    secretName: example-tls
-```
-
-## HTTPS Endpoints
-
-The `Ingress` spec assumes that all communications to the upstream service is sent in plaintext. For more information, see the [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) section of the Ingress API documentation. Pomerium supports HTTPS communication with upstream endpoints, including mTLS.
-
-Annotate your `Ingress` with
-
-```yaml
-ingress.pomerium.io/secure_upstream: true
-```
-
-Additional TLS certificates may be supplied by creating a Kubernetes secret(s) in the same namespaces as the `Ingress` resource. Please note that we do not support file paths or embedded secret references.
-
-- [`ingress.pomerium.io/tls_client_secret`](https://pomerium.io/reference/readme.md#tls-client-certificate)
-- [`ingress.pomerium.io/tls_custom_ca_secret`](https://pomerium.io/reference/readme.md#tls-custom-certificate-authority)
-- [`ingress.pomerium.io/tls_downstream_client_ca_secret`](#supported-annotations)
-
-Please note that the referenced `tls_client_secret` must be a [TLS Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets). `tls_custom_ca_secret` and `tls_downstream_client_ca_secret` must contain `ca.crt` containing a .PEM encoded (base64-encoded DER format) public certificate.
-
-### External Services
-
-You may refer to external services by defining a [Service](https://kubernetes.io/docs/concepts/services-networking/service/) with `externalName`.
-
-I.e. if you have `https://my-existing-service.corp.com`:
-
-```yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: external
-spec:
-  type: ExternalName
-  externalName: "my-existing-service.corp.com"
-  ports:
-    - protocol: TCP
-      name: https
-      port: 443
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: external
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod-http
-    ingress.pomerium.io/secure_upstream: "true"
-    ingress.pomerium.io/policy: |
-      - allow:
-          and:
-            - domain:
-                is: pomerium.com
-spec:
-  ingressClassName: pomerium
-  tls:
-    - hosts:
-        - "external.localhost.pomerium.io"
-      secretName: external-localhost-pomerium.io
-  rules:
-    - host: "external.localhost.pomerium.io"
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: external
-                port:
-                  name: https
-```
-
-### Regular Expressions Path Matching
-
-You can use a [re2 regular expression] To create an Ingress that matches multiple paths.
-
-1. Set the `path_regex` annotation to `"true"`
-1. Set `pathType` to `ImplementationSpecific`
-1. Set `path` to an re2 expression matching the full path. It must include the `^/` prefix and `$` suffix. Any query strings should be removed.
-
-::: tip
-Check out [this example expression](https://regex101.com/r/IBVUKT/1/) at [regex101.com] for a more detailed explanation and example paths, both matching and not.
-:::
-
-```yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/issuer: example-issuer
-    ingress.pomerium.io/allowed_domains: '["exampledomain.com"]'
-    ingress.pomerium.io/path_regex: "true"
-  name: example
-spec:
-  ingressClassName: pomerium
-  rules:
-  - host: example.localhost.pomerium.io
-    http:
-      paths:
-      - backend:
-          service:
-            name: example
-            port:
-              name: http
-        path: ^/(admin|superuser)/.*$
-        pathType: ImplementationSpecific
-  tls:
-  - hosts:
-    - example.localhost.pomerium.io
-    secretName: example-tls
-```
-
-## TCP Endpoints
-
-The example route below defines a route providing a [tunneled TCP connection](/docs/tcp/readme.md) to an upstream service listening for non-web traffic:
-
-```yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: tcp-example
-  annotations:
-    ingress.pomerium.io/tcp_upstream: "true"
-spec:
-  ingressClassName: pomerium
-  rules:
-    - host: "tcp.localhost.pomerium.io"
-      http:
-        paths:
-          - pathType: ImplementationSpecific
-            backend:
-              service:
-                name: tcp-service
-                port:
-                  name: app
-```
-
-The important points to note in this example:
-
-- The annotation `ingress.pomerium.io/tcp_upstream:` is set to `"true"`,
-- `spec.rules.[].http.paths.[].path` is omitted,
-- `spec.rules.[].http.paths.[].pathType` is set to `ImplementationSpecific`,
-- `spec.rules.[].host` and `spec.rules.[].paths.[].backend.service.port.name/number` together define the address used when connecting to the route using the [Pomerium Desktop or CLI clients](/docs/tcp/client.md),
-- You may apply standard access control annotations to define access restrictions to your port.
-
-Unlike a standalone Pomerium configuration, you may not create multiple TCP routes using the same hostname with different ports. This limitation was made to avoid confusion, and because additional configuration parameters, such as the Ingress resource, do not allow passing port numbers in the `spec.rules.host` parameter.
-
-## Troubleshooting
-
-### View Event History
-
-Pomerium Ingress Controller will add **events** to the Ingress objects as it processes them.
-
-```
-kubectl describe ingress/my-ingress
-```
-
-```log
-Events:
-  Type    Reason   Age   From              Message
-  ----    ------   ----  ----              -------
-  Normal  Updated  18s   pomerium-ingress  updated pomerium configuration
-```
-
-If an error occurs, it may be reflected in the events:
-
-```log
-Events:
-  Type     Reason       Age                 From              Message
-  ----     ------       ----                ----              -------
-  Normal   Updated      5m53s               pomerium-ingress  updated pomerium configuration
-  Warning  UpdateError  3s                  pomerium-ingress  upsert routes: parsing ingress: annotations: applying policy annotations: parsing policy: invalid rules in policy: unsupported conditional "maybe", only and, or, not, nor and action are allowed
-```
-
-### HSTS
-
-If your domain has [HSTS] enabled and you visit an endpoint while Pomerium is using the self-signed bootstrap certificate or a LetsEncrypt staging certificate (before cert-manager has provisioned a production certificate), the untrusted certificate may be pinned in your browser and would need to be reset. See [this article](https://www.ssl2buy.com/wiki/how-to-clear-hsts-settings-on-chrome-firefox-and-ie-browsers) for more information.
-
-## More Information
-
-For more information on the Pomerium Ingress Controller or the Kubernetes concepts discussed, see:
-
-- [Ingress (Kubernetes Docs)](https://kubernetes.io/docs/concepts/services-networking/ingress/)
-- [Pomerium Helm Chart README: Pomerium Ingress Controller](https://github.com/pomerium/pomerium-helm/tree/main/charts/pomerium#pomerium-ingress-controller)
-- [Pomerium Kubernetes Ingress Controller (code repository)](https://github.com/pomerium/ingress-controller)
-
-[`ingress.pomerium.io/allow_any_authenticated_user`]: /reference/readme.md#allow-any-authenticated-user
-[`ingress.pomerium.io/allow_public_unauthenticated_access`]: /reference/readme.md#public-access
-[`ingress.pomerium.io/allow_spdy`]: /reference/readme.md#spdy
-[`ingress.pomerium.io/allow_websockets`]: /reference/readme.md#websocket-connections
-[`ingress.pomerium.io/allowed_domains`]: /reference/readme.md#allowed-domains
-[`ingress.pomerium.io/allowed_groups`]: /reference/readme.md#allowed-groups
-[`ingress.pomerium.io/allowed_idp_claims`]: /reference/readme.md#allowed-idp-claims
-[`ingress.pomerium.io/allowed_users`]: /reference/readme.md#allowed-users
-[`ingress.pomerium.io/cors_allow_preflight`]: /reference/readme.md#cors-preflight
-[`ingress.pomerium.io/health_checks`]: /reference/readme.md#health-checks
-[`ingress.pomerium.io/host_path_regex_rewrite_pattern`]: /reference/readme.md#host-rewrite
-[`ingress.pomerium.io/host_path_regex_rewrite_substitution`]: /reference/readme.md#host-rewrite
-[`ingress.pomerium.io/host_rewrite`]: /reference/readme.md#host-rewrite
-[`ingress.pomerium.io/host_rewrite_header`]: /reference/readme.md#host-rewrite
-[`ingress.pomerium.io/idle_timeout`]: /reference/readme.md#idle-timeout
-[`ingress.pomerium.io/lb_config`]: /reference/readme.md#load-balancing-policy-config
-[`ingress.pomerium.io/outlier_detection`]: /reference/readme.md#outlier-detection
-[`ingress.pomerium.io/pass_identity_headers`]: /reference/readme.md#pass-identity-headers
-[`ingress.pomerium.io/policy`]: /reference/readme.md#policy
-[`ingress.pomerium.io/prefix_rewrite`]: /reference/readme.md#prefix-rewrite
-[`ingress.pomerium.io/preserve_host_header`]: /reference/readme.md#host-rewrite
-[`ingress.pomerium.io/regex_rewrite_pattern`]: /reference/readme.md#regex-rewrite
-[`ingress.pomerium.io/regex_rewrite_substitution`]: /reference/readme.md#regex-rewrite
-[`ingress.pomerium.io/remove_request_headers`]: /reference/readme.md#remove-request-headers
-[`ingress.pomerium.io/rewrite_response_headers`]: /reference/readme.md#rewrite-response-headers
-[`ingress.pomerium.io/set_request_headers`]: /reference/readme.md#set-request-headers
-[`ingress.pomerium.io/set_response_headers`]: /reference/readme.md#set-response-headers
-[`ingress.pomerium.io/timeout`]: /reference/readme.md#route-timeout
-[tls_client_certificate]: /reference/readme.md#tls-client-certificate
-[`tls_custom_ca_secret`]: /reference/readme.md#tls-custom-certificate-authority
-[client-certificate-authority]: /reference/readme.md#client-certificate-authority
-[`ingress.pomerium.io/tls_server_name`]: /reference/readme.md#tls-server-name
-[`ingress.pomerium.io/tls_skip_verify`]: /reference/readme.md#tls-skip-verification
-[HSTS]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
-[re2 regular expression]: https://github.com/google/re2/wiki/Syntax
-[regex101.com]: https://regex101.com
\ No newline at end of file
diff --git a/docs/docs/k8s/readme.md b/docs/docs/k8s/readme.md
deleted file mode 100644
index b025332e2..000000000
--- a/docs/docs/k8s/readme.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: Kubernetes Integration
-sidebarDepth: 2
-description: >-
-  This article describes Pomerium's integration with the Kubernetes API Server
----
-
-# Kubernetes Integration
-
-## Background
-
-Kubernetes supports [a variety](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#authentication-strategies) of ways to perform authentication against the API Server.  While there is tremendous flexibility in the core product, operators can encounter various practical challenges:
-
-- Cloud providers typically support only their native IAM implementation, which may not integrate with your IdP
-- OIDC providers may not provide group claims, requiring manual mappings to RBAC roles
-- Your IdP may not be reachable by the kubernetes control plane
-- Access is managed per cluster without central control
-- Dynamic privilege escalation during incidents are slow or cumbersome RBAC changes
-- VPN based protection may not be possible or desirable
-
-Similarly, Kubernetes supports native [audit logging](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) capabilities, but can also run into practical challenges:
-
-- Cloud provider deployments may be ecosystem locked with limited tooling, if any
-- Cross-cluster and cross-service audit trails must be stitched together by the operator
-
-## Solution
-
-Pomerium can be leveraged as a proxy for user requests to the API Server.
-
-- Any supported IdP can be supported for authentication, in any environment
-- Group membership is supported consistently
-- Centralized, dynamic, course grained access policy
-- Global, cross resource access and audit trail
-- API server protection without the operational challenges of VPN
-- Can be hosted inside your kubernetes cluster!
-
-## How it works
-
-<br><br>
-<img alt="kubernetes integration" src="./img/kubernetes-integration.svg" width="85%">
-<br><br>
-
-Building on top of a standard Kubernetes and Pomerium deployment:
-
-1. Pomerium is given access to a Kubernetes service account with [impersonation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation) permissions
-2. A [policy route](/reference/readme.md#policy) is created for the API server and [configured](/reference/readme.md#kubernetes-service-account-token) to use the service account token
-3. Kubernetes RoleBindings operate against IdP Users and Group subjects
-4. Users access the protected cluster through their standard tools, using [pomerium-cli](/docs/releases.md#pomerium-cli) as an auth provider in `~/.kube/config`
-5. Pomerium authorizes requests and passes the user identity to the API server for fine grained RBAC
-
-## Kubeconfig Setup
-
-After installing the [pomerium-cli](/docs/releases.md#pomerium-cli), you must configure your `kubeconfig` for authentication.
-
-Substitute `mycluster.pomerium.io` with your own API Server's `from` in Pomerium's policy:
-
-```shell
-# Add Cluster
-kubectl config set-cluster via-pomerium --server=https://mycluster.pomerium.io
-# Add Context
-kubectl config set-context via-pomerium --user=via-pomerium --cluster=via-pomerium
-# Add credentials command
-kubectl config set-credentials via-pomerium --exec-command=pomerium-cli \
-  --exec-arg=k8s,exec-credential,https://mycluster.pomerium.io
-```
-
-## More info
-
-See the [complete walkthrough](/guides/kubernetes.md) for a working end-to-end example.
diff --git a/docs/docs/production-deployment.md b/docs/docs/production-deployment.md
deleted file mode 100644
index d010ddfc0..000000000
--- a/docs/docs/production-deployment.md
+++ /dev/null
@@ -1,161 +0,0 @@
----
-title: Production Deployment
-description: >-
- This article covers production deployment requirements and concerns
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, production, deployment, scale, scaling, horizontal,
----
-
-
-# Production Deployment
-
-This page covers the topic of running Pomerium in a production configuration.
-
-Before deploying Pomerium to Production, you should have already tested Pomerium in one or more demo environments and confirmed:
-
- - A working connection to your [IdP](/docs/glossary.md#identity-provider).
- - Working test routes to your upstream services, including [JWT verification] where applicable.
- - For Pomerium Enterprise, a working demo of the Pomerium Enterprise Console, with confirmed access for your [Admins and Managers][rbac].
-
-
-## Service Mode
-
-Pomerium is designed to be run in two modes: All-In-One or Split Service. These modes are not mutually exclusive, meaning you can run one or multiple instances of Pomerium in all-in-one mode, and spin up additional instances for specific components as needed.
-
-Each instance of Pomerium runs in all-in-one mode unless specified to run as a specific component by the `services` key. See [All-In-One vs Split Service mode](/reference/readme.md#all-in-one-vs-split-service-mode) for more details.
-
-It's important to note that any production deployment with more than one instance of Pomerium (in any combination of modes) should be configured to use Redis as the [`databroker_storage_type`](/reference/readme.md#data-broker-storage-type). See [Data Storage - Backends](/docs/topics/data-storage.md#backends) for more details.
-
-### All-in-One
-
-It may be desirable to run in "all-in-one" mode in smaller deployments or while testing. This reduces the resource footprint and simplifies DNS configuration. All URLs point at the same Pomerium service instance.
-
-### Discrete Services
-
-In larger footprints, it is recommended to run Pomerium as a collection of discrete service clusters. This limits blast radius in the event of vulnerabilities and allows for per-service [scaling](#scaling) and monitoring.
-
-Please also see [Architecture](/docs/architecture.md) for information on component interactions.
-
-## Scaling
-
-In split service mode, you have the opportunity to scale the components of Pomerium independently.
-
-All of Pomerium's components are designed to be [stateless](/docs/glossary.md#stateless), and may all be scaled horizontally or vertically. In general, horizontal scaling is recommended. Vertical scaling will lead to diminished returns after ~8 vCPUs.
-
-The Databroker service, which is responsible for session and identity related data, must be [configured for external persistence](/docs/topics/data-storage.md) to be fully stateless.
-
-Pomerium's individual components can be divided into two categories; the data plane and control plane. Regardless of which mode you run Pomerium in, we strongly recommend multiple instances of each service for fault tolerance.
-
-::: tip
-Our [Helm deployment](/docs/k8s/helm.md) supports [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/).
-:::
-
-### Data Plane
-
-#### Proxy
-
-The Proxy service, as the name implies, is responsible for proxying all user traffic, in addition to performing checks to the Authorization service. The proxy is directly in path for user traffic.
-
-Proxy will need resources scaled in conjunction with request count and may need average request size accounted for. The heavier your user traffic, the more resources the Proxy service should have provisioned.
-
-#### Authorize
-
-The Authorize service is responsible for policy checks during requests. It is in the hot path for user requests but does not directly handle user traffic.
-
-Authorize will need resources scaled in conjunction with request count. Request size and type should be of a constant complexity. In most environments, Authorize and Proxy will scale linearly with request volume (user traffic).
-
-Note that the compute cost of each request is about two times (2x) greater for the Authorize service compared to Proxy; if Proxy utilizes 5% of CPU resources, Authorize would likely use 10%.
-
-### Control Plane
-
-#### Authenticate
-
-The Authenticate service handles session cookie setup, session storage, and authentication with your Identity Provider.
-
-Authenticate requires significantly fewer resources than other components due to the only-occasional requirement to establish new sessions. This happens when users first sign in, and when their authentication expires (determined by your IdP).
-
-Add resources to the Authenticate service if you have a high session/user churn rate. The requests should be constant time and complexity, but may vary by Identity Provider implementation. Resources for the Authenticate service should scale *roughly* with your total user count.
-
-Regardless of the low resource utilization, we recommend running no less than 2 instances for resiliency and fault tolerance.
-
-### Databroker
-
-The Databroker service is responsible for background identity data retrieval and storage. It is in the hot path for user authentication. However, it does not directly handle user traffic and is not in-path for authorization decisions.
-
-The Databroker service does not require significant resources, as it provides streaming updates of state changes to the other services. There will be utilization spikes when Authorize services are restarted and perform an initial synchronization.
-
-Databroker resource requirements scale with the number of replicated services in the [data plane](#data-plane). That is to say, additional instances of the Proxy and Authorize services will increase demand on Databroker. Additionally, the size of the user directory contributes to the resource requirements for the data storage, Redis.
-
-The eBook Redis in Action has a chapter on [Scaling Redis](https://redis.com/ebook/part-3-next-steps/chapter-10-scaling-redis/). Pomerium is compatible with both Redis HA and Redis cluster scaling.
-
-In many deployments, 2 replicas of Databroker is enough to provide resilient service.
-
-::: warning
-In a production configuration, Databroker CPU/IO utilization also translates to IO load on the [underlying storage system](/docs/topics/data-storage.md). Ensure it is scaled accordingly!
-:::
-
-## Load Balancing
-
-In any production deployment, running multiple replicas of each Pomerium service is strongly recommended. Each service has slightly different concerns about utilizing the replicas for high availability and scaling, enumerated below.
-
-### Proxy
-
-You should deploy Layer 4 load balancing between end users and Pomerium Proxy services to provide high availability and horizontal scaling. Do not use L7 load balancers, since the Proxy service handles redirects, sticky sessions, etc.
-
-Note that deployments on Kubernetes can utilize The [Pomerium Ingress Controller](/docs/k8s/ingress.md) to simplify configuration.
-
-### Authenticate
-
-The suggested practice is to use the Pomerium Proxy service to load-balance Authenticate. Alternately, you could use an independent Layer 4 or Layer 7 load balancer, but this increases complexity.
-
-
-### Authorize and Databroker
-
-You do **not** need to provide a load balancer in front of Authorize and Databroker services. Both utilize GRPC and have special requirements if you should choose to use an external load balancer. GRPC can perform client based load balancing and is the best architecture for most configurations.
-
-By default, Pomerium gRPC clients will automatically connect to all IPs returned by a DNS query for the name of an upstream service. They will then regularly re-query DNS for changes to the Authorize or Databroker service cluster. Health checks and failover are automatic.
-
-You can also define multiple domain names for Databroker or Authorize services with the [`databroker_service_url`](/reference/readme.md#data-broker-service-url) and [`authorize_service_urls`](/reference/readme.md#authorize-service-url) shared config keys.
-
-## High Availability
-
-As mentioned in [scaling](#scaling), Pomerium components themselves are stateless and support horizontal scale out for both availability and performance reasons.
-
-A given service type does not require communication with its peer instances to provide high availability. E.g., a Proxy service instance does not communicate with Proxy instances.
-
-Regardless of the service mode, it is recommended you run at least 2 instances of Pomerium with as much physical and logical separation as possible. For example, in Cloud environments, you should deploy instances of each service to at least 2 different zones. On-prem environments should deploy >=2 instances to independent hardware.
-
-Ensure that you have enough spare capacity to handle the scope of your failure domains.
-
-::: warning
-Multiple replicas of Databroker or all-in-one service are only supported with [external storage](/docs/topics/data-storage.md) configured
-:::
-
-## SSL/TLS Certificates
-
-Pomerium utilizes TLS end to end, so the placement, certificate authorities and covered subjects are critical to align correctly.
-
-In a typical deployment, a minimum of two certs are required:
-
-- A wildcard certificate which covers the external `from` names, the Proxy service's external name and the Authenticate service's external name
-  - Must be trusted by user browsers or clients
-  - Must cover subject names from the user perspective
-- A certificate which covers the Authorize service's name
-  - Must be trusted by the Proxy
-  - Must cover the subject name from the Proxy's perspective
-
-If you have L7 load balancing in front of the Proxy/Authenticate:
-
-- Your wildcard certificate should live on the load balancer
-- Your Authenticate and Proxy services will need a certificate accepted by the load balancer
-- Your load balancer can be configured to verify the identity of the Authenticate and Proxy certificates
-
-If you have TLS enabled applications behind the proxy:
-
-- you may provide a client certificate for the Proxy service to connect to downstream services with and verify
-- the Proxy may be configured to verify the name and certificate authority of downstream services with either the standard Root CA bundle or a custom CA
-
-
-[JWT verification]: /docs/topics/mutual-auth.md#jwt-verification-application-based-mutual-authentication
-[rbac]: /enterprise/concepts.md#rbac-for-enterprise-console-users
diff --git a/docs/docs/readme.md b/docs/docs/readme.md
deleted file mode 100644
index c1146a364..000000000
--- a/docs/docs/readme.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-title: What is Pomerium?
-lang: en-US
-sidebarDepth: 0
-meta:
-  - name: keywords
-    content: >-
-      pomerium, overview, identity access proxy, beyondcorp, zero trust,
-      reverse proxy, ztn, zero trust networks
----
-
-# What is Pomerium
-
-## Overview?
-
-Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.
-
-<center>
-<iframe width="800" height="450" src="https://www.youtube.com/embed/WGwC9ULDnAY?rel=0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
-</center>
-
-Pomerium can be used to:
-
-- provide a **single-sign-on gateway** to internal applications.
-- enforce **dynamic access policy** based on **context**, **identity**, and **device identity**.
-- aggregate access logs and telemetry data.
-- perform delegated user authorization for service-based authorization systems:
-  - [Istio](/guides/istio.md)
-  - [Google Cloud](/guides/cloud-run.md)
-- add unified access and identity to [custom, on-prem, and hosted apps and services](https://www.pomerium.com/integrations/)
-- serve as a **VPN alternative**.
-
diff --git a/docs/docs/releases.md b/docs/docs/releases.md
deleted file mode 100644
index 542c8e268..000000000
--- a/docs/docs/releases.md
+++ /dev/null
@@ -1,225 +0,0 @@
----
-title: Download
-sidebarDepth: 1
-description: This article describes various ways to install pomerium
----
-
-# Releases
-
-Pomerium is shipped in multiple formats and architectures to suit a variety of deployment patterns. There are two binaries:
-
-- `pomerium` is the primary server component. It is a monolithic binary that can perform the function of any [services mode](/reference/readme.md#service-mode).
-- `pomerium-cli` (optional) is a command-line client for working with Pomerium. Functions include acting as an authentication helper for tools like [kubectl](/docs/k8s/readme.md).
-
-
-[[toc]]
-
-
-## pomerium
-
-- Supported Operating Systems: `linux`, `darwin`
-- Supported Architectures: `amd64`, `arm64`
-
-### Binaries
-
-Official binaries can be found on our [GitHub Releases](https://github.com/pomerium/pomerium/releases) page.
-
-```shell
-ARCH=[your arch]
-OS=[your os]
-VERSION=[desired version]
-curl -L https://github.com/pomerium/pomerium/releases/download/${VERSION}/pomerium-${OS}-${ARCH}.tar.gz \
-    | tar -z -x
-```
-
-### Packages
-
-- Supported formats: `rpm`, `deb`
-- Requires `systemd` support
-
-Official packages can be found on our [GitHub Releases](https://github.com/pomerium/pomerium/releases) page or from [Cloudsmith](https://cloudsmith.io/~pomerium/repos/pomerium/packages/).
-
-- [RPM Instructions](https://cloudsmith.io/~pomerium/repos/pomerium/setup/#formats-rpm)
-- [Deb Instructions](https://cloudsmith.io/~pomerium/repos/pomerium/setup/#formats-deb)
-
-#### Example yum repo
-
-```
-[pomerium-pomerium]
-name=pomerium-pomerium
-baseurl=https://dl.cloudsmith.io/public/pomerium/pomerium/rpm/el/$releasever/$basearch
-repo_gpgcheck=1
-enabled=1
-gpgkey=https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key
-gpgcheck=1
-sslverify=1
-pkg_gpgcheck=1
-```
-#### Example deb setup
-
-```bash
-curl -1sLf 'https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key' | apt-key add -
-echo "deb https://dl.cloudsmith.io/public/pomerium/pomerium/deb/debian buster main" > /etc/apt/sources.list.d/pomerium-pomerium.list
-```
-
-### Docker Image
-
-Pomerium utilizes a [minimal](https://github.com/GoogleContainerTools/distroless) [docker container](https://www.docker.com/resources/what-container). You can find Pomerium's images on [dockerhub](https://hub.docker.com/r/pomerium/pomerium). Pomerium can be pulled in several flavors and architectures.
-
-- `:vX.Y.Z`: which will pull the a [specific tagged release](https://github.com/pomerium/pomerium/tags).
-
-  ```bash{1}
-  docker run pomerium/pomerium:v0.1.0 --version
-  v0.1.0+53bfa4e
-  ```
-
-- `:latest`: which will pull the [most recent tagged release](https://github.com/pomerium/pomerium/releases).
-
-  ```bash{1}
-  docker pull pomerium/pomerium:latest && docker run pomerium/pomerium:latest --version
-  v0.2.0+87e214b
-  ```
-
-- `:main` : which will pull an image in sync with git's [main](https://github.com/pomerium/pomerium/tree/main) branch.
-
-  ```bash{1}
-  docker pull pomerium/pomerium:main
-  ```
-
-Rootless images for official releases are also published to provide additional security. In these images, Pomerium runs as the `nonroot` user. Depending on your deployment environment, you may need to grant the container additional [capabilities](https://linux-audit.com/linux-capabilities-hardening-linux-binaries-by-removing-setuid/) or change the listening port from `443`.
-
-- `:nonroot-vX.Y.Z`: the rootless image for a specific release.
-- `:nonroot`: rootless equivalent to the `latest` tag.
-
-Debug images are also available. These include shell environments to allow operators to perform debugging steps from inside the container. If the image you are using already has a tag, prepend `debug-` for the debug image. For example:
-
-- `:debug-vX.Y.Z`: the debug image for a specific release.
-- `:debug-nonroot`: the debug image for the latest `nonroot` image.
-- `:debug`: debug equivalent of the `latest` tag.
-
-### Helm
-
-Pomerium maintains a [helm](https://helm.sh) chart for easy Kubernetes deployment with best practices <https://helm.pomerium.io/>
-
-```bash
-helm repo add pomerium https://helm.pomerium.io
-helm install pomerium/pomerium
-```
-
-See the [README](https://github.com/pomerium/pomerium-helm/blob/main/charts/pomerium/README.md) for up to date install options.
-
-### Source
-
-::: tip
-
-Officially supported build platforms are limited by [envoy proxy](https://www.envoyproxy.io/).
-
-:::
-
-```bash
-git clone git@github.com:pomerium/pomerium.git
-cd pomerium
-make
-./bin/pomerium --version
-```
-
-## pomerium-cli
-
-- Supported Operating Systems: `linux`, `darwin`, `windows`, `freebsd`
-- Supported Architectures: `amd64`, `arm64`, `armv6`, `armv7`
-
-### Binaries
-
-Official binaries can be found on our [GitHub Releases](https://github.com/pomerium/cli/releases) page.
-
-```shell
-ARCH=[your arch]
-OS=[your os]
-VERSION=[desired version]
-curl -L https://github.com/pomerium/cli/releases/download/${VERSION}/pomerium-cli-${OS}-${ARCH}.tar.gz \
-    | tar -z -x
-```
-
-### Packages
-
-- Supported formats: `rpm`, `deb`
-
-Official packages can be found on our [GitHub Releases](https://github.com/pomerium/cli/releases) page or from [Cloudsmith](https://cloudsmith.io/~pomerium/repos/pomerium/packages/).
-
-- [RPM Instructions](https://cloudsmith.io/~pomerium/repos/pomerium/setup/#formats-rpm)
-- [Deb Instructions](https://cloudsmith.io/~pomerium/repos/pomerium/setup/#formats-deb)
-
-#### Example yum repo
-
-```
-[pomerium-pomerium]
-name=pomerium-pomerium
-baseurl=https://dl.cloudsmith.io/public/pomerium/pomerium/rpm/el/$releasever/$basearch
-repo_gpgcheck=1
-enabled=1
-gpgkey=https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key
-gpgcheck=1
-sslverify=1
-pkg_gpgcheck=1
-```
-#### Example deb setup
-
-```bash
-curl -1sLf 'https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key' | apt-key add -
-echo "deb https://dl.cloudsmith.io/public/pomerium/pomerium/deb/debian buster main" > /etc/apt/sources.list.d/pomerium-pomerium.list
-```
-### Homebrew
-
-```shell
-brew tap pomerium/tap
-brew install pomerium-cli
-```
-### Docker Image
-
-The CLI utilizes a [minimal](https://github.com/GoogleContainerTools/distroless) [docker container](https://www.docker.com/resources/what-container). You can find the Pomerium CLI image on [dockerhub](https://hub.docker.com/r/pomerium/cli). It can be pulled in several flavors and architectures.
-
-- `:vX.Y.Z`: which will pull the a [specific tagged release](https://github.com/pomerium/cli/tags).
-
-  ```bash
-  $ docker run pomerium/cli:v0.1.0 --version
-  v0.1.0+53bfa4e
-  ```
-
-- `:latest`: which will pull the [most recent tagged release](https://github.com/pomerium/cli/releases).
-
-  ```bash
-  $ docker run pomerium/cli:latest --version
-  v0.2.0+87e214b
-  ```
-
-- `:main` : which will pull an image in sync with git's [main](https://github.com/pomerium/pomerium/tree/main) branch.
-
-  ```bash
-  docker pull pomerium/cli:main
-  ```
-### Source
-
-```shell
-git clone git@github.com:pomerium/cli.git
-cd pomerium
-make build
-./bin/pomerium-cli --help
-```
-
-## Pomerium Desktop
-
-The Desktop Client is available from [GitHub](https://github.com/pomerium/desktop-client/releases) as an `exe`, `dmg`, and `AppImage`.
-
-## Release cycle
-
-The current release cycle is aligned on a monthly basis. Pre-`1.0.0` we target a `MINOR` release on or around the **first day of each month**. We try to hit the targets as closely as possible, while still delivering a quality release.
-
-Pomerium uses [Semantic Versioning](https://semver.org/). In practice this means for a given version number **vMAJOR**.**MINOR**.**PATCH** (e.g. `v0.1.0`):
-
-- **MAJOR** indicates an incompatible API change,
-- **MINOR** indicates a new functionality in a backwards-compatible manner, and
-- **PATCH** indicates a backwards-compatible bug fixe.
-
-As Pomerium is still pre-`v1.0.0`, breaking changes between releases should be expected.
-
-To see difference between releases, please refer to the changelog and upgrading documents.
diff --git a/docs/docs/security.md b/docs/docs/security.md
deleted file mode 100644
index 268ce4572..000000000
--- a/docs/docs/security.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Securing Pomerium
-description: >-
-  This page is an index for security-related pages throughout Pomerium's documentation.
----
-
-# Securing Pomerium
-
-Pomerium is a tool for securing your infrastructure while adhering to the principles of [Zero Trust](/docs/background.md#zero-trust). But that doesn't mean that your stack is "secure" right out of the box. Additionally, security is a battle of give and take; more security often comes at the cost of more complexity, both for the administrator and the end-user. What layers of security you choose to apply (and how you configure them) is highly dependent on your use case.
-
-While we can't tell you what tools and technologies are right for you, we've compiled a list of all the security-related documentation we have, organized to help you discover what path to take.
-
-## Background and Concepts
-
-If you're just getting started, we suggest reviewing the following pages:
-
-- [Background](/docs/background.md) - A quick primer on the failures of legacy models of "perimeter security" and an introduction to the concept of Zero Trust.
-- [Architecture](/docs/architecture.md) - Learn how Pomerium is broken down into component services. How you choose to deploy Pomerium will set the stage for the kind of security practices that apply to your stack.
-- [Mutual Authentication: A Component of Zero Trust](/docs/topics/mutual-auth.md) - Zero Trust's core principle could be said as "trust nothing without first (and continuously) verifying it". Mutual authentication is a big part of bringing that principle to bear. This page explains the concept and how it's achieved across several different layers of the network stack.
-- [Glossary](/docs/glossary.md) - Keep this page handy for when you run into new or unfamiliar terminology.
-
-## TLS Certificates
-
-The long-time standard for server identity verification, the use of TLS certificates has exploded ever since [Let's Encrypt](https://letsencrypt.org/) made it possible for anyone to get a trusted certificate for free.
-
-- The [Certificates](/docs/topics/certificates.md) topic page covers several basic methods for generating trusted or testing certificates.
-- Our article on [Installing Pomerium Using Helm](/docs/k8s/helm.md) touches [briefly](/docs/k8s/helm.md#install-and-configure-cert-manager) on using [cert-manager](https://cert-manager.io/docs/) to manage certificates in Kubernetes environments. We also wrote a guide for their docs site covering integration of the [Pomerium Ingress](https://cert-manager.io/docs/tutorials/acme/pomerium-ingress/) Controller with cert-manager.
-- The [Upstream mTLS With Pomerium](/guides/upstream-mtls.md) guide demonstrates mTLS between Pomerium and upstream services.
-- Depending on your environment's needs, you may choose to verify some of all of your end users with [Client-Side mTLS](/guides/mtls.md).
-
-## User Identity and Context
-
-Part of Pomerium's strength comes from the ability to pass user identity and context to your upstream service. This enables repeated verification of authorization throughout a system.
-
-- [Getting the user's identity](/docs/topics/getting-users-identity.md) details the JWT Pomerium creates to identify the user in any given request.
-- [Original User Context](/docs/topics/original-request-context.md) explains how to pass along the user context when upstream services communicate with each other to complete a request.
-- Many applications support native JWT verification. See [Enable jWT Authentication in Grafana](/guides/grafana.md#enable-jwt-authentication-in-grafana) for an example. For those that don't, you can perform [JWT Verification](/guides/jwt-verification.md) with a sidecar.
-
-
-## Device Identity
-
-Often overlooked or confused with multi-factor authentication (MFA), device identity (and posture) is one of the most important and under-utilized aspects of a strong zero trust security model.
-
-- [Device Identity](/docs/topics/device-identity.md) provides background on the concept, and points the reader on how to configure policies that use device identity, and enroll devices in both open-source and Enterprise environments.
-
-## Service Mesh
-
-If you've read through all the docs linked above, first of all *wow*. That's a lot to absorb, kudos to you. But if you got this far and you're overwhelmed thinking about how to manage mutual authentication, user context verification, etc, between all your various applications, then you're primed and ready for a **service mesh**. A service mesh is a software component that acts as an infrastructure layer to facilitate the communication (and authentication) between services.
-
-- Our [Istio](/guides/istio.md) guide covers integration between Pomerium and Istio, the most common service mesh.
\ No newline at end of file
diff --git a/docs/docs/tcp/client.md b/docs/docs/tcp/client.md
deleted file mode 100644
index 551de2cf7..000000000
--- a/docs/docs/tcp/client.md
+++ /dev/null
@@ -1,133 +0,0 @@
----
-title: Pomerium TCP Clients
-description: Learn how to create secured TCP connections to services behind Pomerium.
----
-
-# Pomerium Desktop and CLI Clients
-
-Pomerium is capable of creating secure connections to services like SSH, Redis, and more by creating a TCP tunnel to the service with a local client. This article describes configuring a route to accept TCP connections, and using either the CLI or GUI client to connect to it.
-
-## Create a TCP Route
-
-1. Specify this new Route as a TCP Route by prefixing `tcp+` in the **From** field, along with a port suffix.
-
-   The port is not used to connect to the Pomerium Proxy service from the internet; this will always be port 443 (unless otherwise defined in `config.yaml`). Rather, the port defined in **From** is part of the mapping to the individual route. In this way, you can create multiple routes that share a DNS entry, differentiated by the port to determine which route they use.
-
-   For example, suppose we have a server called `augur` running behind Pomerium that has a MySQL server and also listens for SSH connections. We can create routes for `tcp+https://augur.example.com:22` and `tcp+https://augur.example.com:3306`.
-
-1. The **To** field uses `tcp://` as a protocol, and specifies the address and port the service listens on.
-
-The example below demonstrates a route to the SSH service on the host running the Pomerium Core or Pomerium Enterprise service:
-
-::::: tabs
-:::: tab Pomerium Core
-
-```yaml
-  - from: tcp+https://ssh.localhost.pomerium.io:22
-    to: tcp://127.0.0.1:22
-    policy:
-    - allow:
-        or:
-          - email:
-              is: user@companydomain.com
-```
-::::
-:::: tab Pomerium Enterprise
-![Example TCP route for SSH](./img/tcp-ssh-route.png)
-
-::::
-:::::
-
-See the "Configure Routes" section of [TCP Support](/docs/tcp/readme.md#configure-routes) for more detailed information on TCP routes.
-
-## TCP Client Software
-
-You can connect to this route with either the Pomerium CLI or Pomerium Desktop client.
-
-::::: tabs
-
-:::: tab Pomerium Desktop
-### Install
-
-Download the latest release from [GitHub](https://github.com/pomerium/desktop-client/releases).
-
-- **Windows**: The installer `.exe` file will install and open the Desktop Client. Right click on the system tray icon to interact with it.
-- **Linux**: We provide Linux binaries as `.AppImage` files, which can be executed in place or managed with a tool like [AppImageLauncher](https://github.com/TheAssassin/AppImageLauncher). Interact with the client from the system tray icon.
-- **macOS**: Open the `dmg` and move the binary to **Applications**. Interact with the client from the system tray icon.
-
-### Add a Connection
-
-![A new connection to an SSH gateway](./img/desktop/demo-new-connection.png)
-
-**Name**: A local name for the route.
-
-**Destination**: Matches the [From](/enterprise/reference/manage.md#from) value of the route, without the protocol. Always include the port specified in the route, and do not include the `https://` protocol.
-
-**Local Address**: The local address and port number from which to access the service locally. If left blank, the client will choose a random port to listen to on the loopback address.
-
-  In most cases, you only need to specify the port (ex: `:2222`), and the client will listen on all available local addresses.
-
-**Tags**: Use tags to sort and organize your TCP routes.
-
----
-
-#### Advanced Settings
-
-**Pomerium URL**: The Pomerium Proxy service address. This is required if the **Destination URL** can't be resolved from DNS or a local `hosts` entry, or if the Proxy service uses a non-standard port.
-
-**Disable TLS Verification**: Allows untrusted certificates from the Pomerium gateway
-
-**Client Certificate & Certificate Key File or Text**: For routes that require client certificates for [mTLS](/guides/mtls.md), you can provide the certificate and key file to the Pomerium Desktop client.
-
-::::
-:::: tab Pomerium CLI
-
-### Install
-
-See [Release](/docs/releases.md#pomerium-cli) to learn how to install pomerium-cli in your environment.
-
-### Connect to a TCP Route
-
-1. Invoke `pomerium-cli` with the `tcp` option, and provide the route to your service (As defined in [`from`](/reference/readme.md#from) in your Route specification).
-
-   ```bash
-   pomerium-cli tcp ssh.localhost.pomerium.io:22
-   2:06PM INF tcptunnel: listening on 127.0.0.1:36397
-   ```
-
-
-   You can optionally supply an address and/or port to the `listen` flag:
-
-   ```bash
-   pomerium-cli tcp ssh.localhost.pomerium.io:22 --listen :2222
-   2:05PM INF tcptunnel: listening on [::]:2222
-   ```
-
-1. Connect to your service using the local address and port specified in the output of `pomerium-cli`:
-
-   ```bash
-   ssh 127.0.0.1 -p 2222
-   ```
-
-1. When the connection starts, the cli will open your browser and direct you to your Identity Provider to authenticate your session. Once authenticated the connection will continue and you can close the browser window.
-
-1. In this example, since we are using SSH we can consolidate the TCP and SSH connections into a single command:
-
-   ```bash
-   ssh -o ProxyCommand='pomerium-cli tcp --listen - %h:%p' ssh.localhost.pomerium.io
-   ```
-
-::::
-:::::
-
-For more examples and detailed usage information, see [TCP Support](/docs/tcp/readme.md)
-
-## Advanced Configuration
-
-If Pomerium is listening on a port other than `443` (set with the [`address` key](/reference/readme.md#address)), the `pomerium-url` flag (CLI) or "Pomerium URL" field (GUI) is required. This specifies the address and port for the client to communicate over, while the standard URL defines the port assignment for the specific route. For example:
-
-```bash
-pomerium-cli tcp ssh.localhost:pomerium.io:2222 \
-   --pomerium-url https://ssh.localhost.pomerium.io:8443 \
-   --listen :2222
-```
diff --git a/docs/docs/tcp/git.md b/docs/docs/tcp/git.md
deleted file mode 100644
index efeb1a767..000000000
--- a/docs/docs/tcp/git.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: Git
-description: Tunnel Git connections through Pomerium
----
-
-# Tunneled Git Connections
-
-When hosting a self-hosted Git server like [GitLab](/guides/gitlab.md) behind Pomerium, you can protect desktop client access to the source code with the same identity-aware access as the web interface using an encrypted TCP tunnel.
-
-::: tip
-This example assumes you've already [created a TCP route](/docs/tcp/readme.md#configure-routes) for this service.
-:::
-
- ## Basic Connection
-
- 1. Create a TCP tunnel, using either [`pomerium-cli`](/docs/releases.md#pomerium-cli) or the Pomerium Desktop client. These examples use Git connections over SSH:
-
-    ::::: tabs
-    :::: tab pomerium-cli
-    ```bash
-    pomerium-cli tcp git.corp.example.com:22 --listen :2202
-    ```
-
-    :::tip --listen
-    The `--listen` flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
-    :::
-
-    ::::
-    :::: tab Pomerium Desktop
-    ![An example connection to a Git service from Pomerium Desktop](./img/desktop/example-git-connection.png)
-
-    :::tip Local Address
-    The **Local Address** field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-    :::
-
-    ::::
-    :::::
-
-1. Clone the repository using the tunneled connection as a remote:
-
-    ```bash
-    git clone ssh://git@127.0.0.1:2202/username/project-name
-    ```
-
-Now when you first initiate a `pull`, `push`, or `fetch` command your web browser will open to authenticate and authorize the connection.
-
-## Always Tunnel through Pomerium
-
-Because Git uses the SSH protocol, we can define a `Host` block in our local SSH configuration file to initiate the tunneled connection whenever it's needed.
-
-1. Open your local SSH configuration file at `~/.ssh/config` and add a new Hosts `block`:
-
-    ```bash
-    Host git-tunnel
-      HostName git.corp.example.com
-      User git
-      ProxyCommand pomerium-cli tcp --listen - %h:%p
-    ```
-
-1. For each repository, clone using this host:
-
-    ```bash
-    git clone git@git-tunnel:userName/projectName
-    ```
-
-::: tip
-If you've already defined an SSH configuration for all domains managed by Pomerium as described in our [SSH Example](/docs/tcp/ssh.md#always-tunnel-through-pomerium), you can skip the first step above and define your new remote with the Git server's domain name.
-:::
-
-## More Resources
-
-- [Git Documentation](https://git-scm.com/doc)
-- [Secure GitLab with Pomerium](/guides/gitlab.md)
\ No newline at end of file
diff --git a/docs/docs/tcp/img/desktop/demo-new-connection.png b/docs/docs/tcp/img/desktop/demo-new-connection.png
deleted file mode 100644
index 5a688b1fd..000000000
Binary files a/docs/docs/tcp/img/desktop/demo-new-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/desktop/example-git-connection.png b/docs/docs/tcp/img/desktop/example-git-connection.png
deleted file mode 100644
index d1ca8fc8b..000000000
Binary files a/docs/docs/tcp/img/desktop/example-git-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/desktop/example-mssql-connection.png b/docs/docs/tcp/img/desktop/example-mssql-connection.png
deleted file mode 100644
index ada93a136..000000000
Binary files a/docs/docs/tcp/img/desktop/example-mssql-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/desktop/example-mysql-connection.png b/docs/docs/tcp/img/desktop/example-mysql-connection.png
deleted file mode 100644
index 44b37363b..000000000
Binary files a/docs/docs/tcp/img/desktop/example-mysql-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/desktop/example-rdp-connection.png b/docs/docs/tcp/img/desktop/example-rdp-connection.png
deleted file mode 100644
index b140df34e..000000000
Binary files a/docs/docs/tcp/img/desktop/example-rdp-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/desktop/example-redis-connection.png b/docs/docs/tcp/img/desktop/example-redis-connection.png
deleted file mode 100644
index 9801ba477..000000000
Binary files a/docs/docs/tcp/img/desktop/example-redis-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/desktop/example-ssh-connection.png b/docs/docs/tcp/img/desktop/example-ssh-connection.png
deleted file mode 100644
index 24a867b77..000000000
Binary files a/docs/docs/tcp/img/desktop/example-ssh-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/desktop/new-ssh-connection.png b/docs/docs/tcp/img/desktop/new-ssh-connection.png
deleted file mode 100644
index 85ec26998..000000000
Binary files a/docs/docs/tcp/img/desktop/new-ssh-connection.png and /dev/null differ
diff --git a/docs/docs/tcp/img/remmina-connection-profile.png b/docs/docs/tcp/img/remmina-connection-profile.png
deleted file mode 100644
index ef520d461..000000000
Binary files a/docs/docs/tcp/img/remmina-connection-profile.png and /dev/null differ
diff --git a/docs/docs/tcp/img/remmina-connection-scripted.png b/docs/docs/tcp/img/remmina-connection-scripted.png
deleted file mode 100644
index 53febcae3..000000000
Binary files a/docs/docs/tcp/img/remmina-connection-scripted.png and /dev/null differ
diff --git a/docs/docs/tcp/img/tcp-ssh-route.png b/docs/docs/tcp/img/tcp-ssh-route.png
deleted file mode 100644
index 88562a3a3..000000000
Binary files a/docs/docs/tcp/img/tcp-ssh-route.png and /dev/null differ
diff --git a/docs/docs/tcp/ms-sql.md b/docs/docs/tcp/ms-sql.md
deleted file mode 100644
index 23ac0051d..000000000
--- a/docs/docs/tcp/ms-sql.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Microsoft SQL
-description: Tunnel Microsoft SQL connections through Pomerium
----
-
-# Tunneled Microsoft SQL Connections
-
-This document explains how to connect to a Microsoft SQL database through an encrypted TCP tunnel. We use the `sqlcmd` command line utility, but the same tunnel can be used by GUI tools.
-
-::: tip
-This example assumes you've already [created a TCP route](/docs/tcp/readme.md#configure-routes) for this service.
-:::
-
-
- ## Basic Connection
-
- 1. Create a TCP tunnel, using either [`pomerium-cli`](/docs/releases.md#pomerium-cli) or the Pomerium Desktop client:
-
-    ::::: tabs
-    :::: tab pomerium-cli
-    ```bash
-    pomerium-cli tcp mssql.corp.example.com:1433 --listen :1433
-    ```
-
-    :::tip --listen
-    The `--listen` flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
-    :::
-
-    ::::
-    :::: tab Pomerium Desktop
-    ![An example connection to a $SERVICE service from Pomerium Desktop](./img/desktop/example-mssql-connection.png)
-
-    :::tip Local Address
-    The **Local Address** field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-    :::
-
-    ::::
-    :::::
-
-1. Initiate your $SERVICE connection, pointing to `localhost`:
-
-    ```bash
-    /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "YOURSTRONGPASSWORD"
-    ```
-
-## More Resources
-
-- [Quickstart: Run SQL Server container images with Docker](https://docs.microsoft.com/en-us/sql/linux/quickstart-install-connect-docker)
-- [Install the SQL Server command-line tools sqlcmd and bcp on Linux](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup-tools)
\ No newline at end of file
diff --git a/docs/docs/tcp/mysql.md b/docs/docs/tcp/mysql.md
deleted file mode 100644
index 99292efbf..000000000
--- a/docs/docs/tcp/mysql.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-title: MySQL & MariaDB
-description: Tunnel MySQL connections through Pomerium
----
-
-# Tunneled MySQL Connections
-
-This document explains how to connect to a MySQL or MariaDB database through an encrypted TCP tunnel. We use the `mysql` command line utility, but the same tunnel can be used by GUI tools.
-
-::: tip
-This example assumes you've already [created a TCP route](/docs/tcp/readme.md#configure-routes) for this service.
-:::
-
- ## Basic Connection
-
- 1. Create a TCP tunnel, using either [`pomerium-cli`](/docs/releases.md#pomerium-cli) or the Pomerium Desktop client:
-
-    ::::: tabs
-    :::: tab pomerium-cli
-    ```bash
-    pomerium-cli tcp aService.corp.example.com:3306 --listen :3306
-    ```
-
-    :::tip --listen
-    The `--listen` flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
-    :::
-
-    ::::
-    :::: tab Pomerium Desktop
-    ![An example connection to a MySQL service from Pomerium Desktop](./img/desktop/example-mysql-connection.png)
-
-    :::tip Local Address
-    The **Local Address** field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-    :::
-
-    ::::
-    :::::
-
-1. Initiate your MySQL connection, pointing to `localhost`:
-
-    ```bash
-    mysql -h 127.0.0.1 -u USER -p
-    ```
-
-## Allow Access from Remote Hosts:
-
-1. Your MySQL or MariaDB service may not accept connections from remote hosts. Find the `bind-address` key in the configuration files (usually located in `/etc/mysql/`) and edit it to accept remote connections. For example:
-
-    ```ini
-    # Instead of skip-networking the default is now to listen only on
-    # localhost which is more compatible and is not less secure.
-    bind-address            = 0.0.0.0
-    ```
-
-1. When connecting, you may get an error like `ERROR 1130 (HY000): Host '192.0.2.10' is not allowed to connect to this MariaDB/MySQL server`. You can create a user entry in your database for the Pomerium host:
-
-    ```sql
-    CREATE USER 'user'@'pomerium.local' IDENTIFIED BY 'some_pass';
-    GRANT ALL PRIVILEGES ON *.* TO 'user'@'pomerium.local'
-    ```
-
-    Or create a user entry with no host associated:
-
-    ```sql
-    CREATE USER 'user'@'%' IDENTIFIED BY 'some_pass';
-    GRANT ALL PRIVILEGES ON *.* TO 'user'@'%'
-    ```
-
-## More Resources
-
-- [Configuring MariaDB for Remote Client Access](https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/)
-- [How to Allow Remote Connections to MySQL Database Server](https://linuxize.com/post/mysql-remote-access/)
\ No newline at end of file
diff --git a/docs/docs/tcp/rdp.md b/docs/docs/tcp/rdp.md
deleted file mode 100644
index 794f746da..000000000
--- a/docs/docs/tcp/rdp.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-title: RDP
-description: Tunnel RDP connections through Pomerium
----
-
-# Tunneled RDP Connections
-
-Remote Desktop Protocol (**RDP**) is a standard for using a desktop computer remotely. It was released by Microsoft and is most commonly used to access Windows systems, but can be used for macOS and Linux systems as well.
-
-::: tip
-This example assumes you've already [created a TCP route](/docs/tcp/readme.md#configure-routes) for this service.
-:::
-
-## Basic Connection
-
-1. Create a TCP tunnel, using either [`pomerium-cli`](/docs/releases.md#pomerium-cli) or the Pomerium Desktop client:
-
-    ::::: tabs
-    :::: tab pomerium-cli
-    ```bash
-    pomerium-cli tcp aService.corp.example.com:3389 --listen :3389
-    ```
-
-    :::tip --listen
-    The `--listen` flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
-    :::
-
-    ::::
-    :::: tab Pomerium Desktop
-    ![An example connection to a RDP service from Pomerium Desktop](./img/desktop/example-rdp-connection.png)
-
-    :::tip Local Address
-    The **Local Address** field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-    :::
-
-    ::::
-    :::::
-
-1. Initiate your RDP connection, pointing to `localhost`. This example uses the [Remmina](https://remmina.org/) client, but the procedure should be similar for other tools:
-
-    ![A new connection profile in Remmina](./img/remmina-connection-profile.png)
-
-    ::: warning
-    The first connection attempt will initiate a redirect to authenticate you in the browser. Once you're signed in, subsequent connections will succeed. If your client isn't configured to retry the connection, you may have to reconnect manually.
-    :::
-
-
-## Always Tunnel through Pomerium
-
-Some clients, like Remmina, support running commands before and after connection. The script below (adopted from [this example](https://kgibran.wordpress.com/2019/03/13/remmina-rdp-ssh-tunnel-with-pre-and-post-scripts/) using SSH tunnels) starts and stops an instance of `pomerium-cli`:
-
-<<< @/examples/tcp/pomerium-tunnel.sh
-
-1. Save the script above to your home folder (`~/`), and make it executable:
-
-    ```bash
-    cd ~/
-    wget https://github.com/pomerium/pomerium/blob/main/examples/tcp/pomerium-tunnel.sh
-    chmod +x pomerium-tunnel.sh
-    ```
-
-1. Update your client profile to execute the script before and after the connection:
-
-    ![A connection profile in Remmina invoking a custom script](./img/remmina-connection-scripted.png)
-
-::: warning
-Flatpak versions of client software may not be able to read external scripts or programs.
-:::
-
-## More Resources
-
-- [Remote Desktop Protocol (Wikipedia)](https://en.wikipedia.org/wiki/Remote_Desktop_Protocol)
-- [Remmina (Linux)](https://remmina.org/)
-- [Microsoft Remote Desktop (macOS)](https://apps.apple.com/us/app/microsoft-remote-desktop/id1295203466?mt=12)
\ No newline at end of file
diff --git a/docs/docs/tcp/readme.md b/docs/docs/tcp/readme.md
deleted file mode 100644
index fff5d2cca..000000000
--- a/docs/docs/tcp/readme.md
+++ /dev/null
@@ -1,97 +0,0 @@
----
-title: TCP Support
-description: >-
-  This article describes how to leverage pomerium for TCP proxying
-meta:
-  - name: keywords
-    content: pomerium, pomerium-cli, proxy, identity access proxy, ssh, tcp, postgres, database, redis, mysql, application, non http, tunnel
----
-
-# TCP Support
-
-Operations and engineering teams frequently require access to lower level administrative and data protocols such as SSH, RDP, Postgres, MySQL, Redis, etc.
-
-In addition to managing HTTP based applications, Pomerium can be used to protect non-HTTP systems with the same consistent authorization policy. This is achieved by tunneling TCP over HTTP with the help of a client side command built into [`pomerium-cli`](/docs/releases.md#pomerium-cli).
-
-
-Internally, Pomerium uses the [`CONNECT` method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT) to establish the TCP tunnel.
-
-::: warning
-To minimize issues with TCP support, Pomerium should not be placed behind another HTTP proxy.  Instead, configure your load balancer in L4 or TCP mode.
-
-Otherwise, the HTTP proxy in front of Pomerium must know how to properly handle the `CONNECT` command and proxy it upstream.  This capability will be specific to each proxy implementation.
-:::
-
-## Configure Routes
-
-TCP configuration is simple. Just specify the correct scheme and ports in your route [`to`](/reference/readme.md#to) and [`from`](/reference/readme.md#from) fields.
-
-Example:
-```yaml
-routes:
-  - from: tcp+https://redis.corp.example.com:6379
-    to: tcp://redis.internal.example.com:6379
-    policy:
-    - allow:
-        or:
-          - email:
-              is: contractor@not-example.com
-          - groups:
-              has: "datascience@example.com"
-```
-
-When creating TCP routes, note the following:
-
-- When configuring a TCP route, any HTTP specific settings such as `regex_rewrite_pattern` or `set_request_headers` have no effect.
-- While data is encrypted from a user system to Pomerium's proxy, the underlying application protocol must also support encryption for data to be fully encrypted end-to-end. Otherwise, traffic from the Pomerium Proxy service to the upstream service will be unencrypted.
-- The ports in `from` and `to` are independent.  Users only need to know the `from` URL to connect.  The `to` can be changed without end user participation.
-- The port defined in `from` does not dictate what port the tunneled traffic uses. This will always be the port defined by [`address`](/reference/readme.md#address) in your Pomerium configuration (`443` by default). The port instead differentiates multiple routes to the same hostname for different services.
-
-## Connect to TCP Routes
-
-While HTTP routes can be consumed with just a normal browser, `pomerium-cli` must serve as a proxy for TCP routes.  It is [available](/docs/releases.md#pomerium-cli) for a variety of platforms in various formats.
-
-To connect, you normally need just the external hostname and port of your TCP route:
-
-```bash{1}
-pomerium-cli tcp redis.corp.example.com:6379
-5:57PM INF tcptunnel: listening on 127.0.0.1:52046
-```
-
-By default, `pomerium-cli` will start a listener on loopback on a random port.
-
-On first connection, you will be sent through a standard Pomerium HTTP authentication flow.  After completing this, your TCP connection should be established!
-
-```bash{1}
-% redis-cli -h localhost -p 52046
-localhost:52046> keys *
-(empty array)
-localhost:52046>
-```
-
-## Advanced Usage
-
-### Listen Configuration
-
-You may specify an optional address and port for the `tcp` command to listen on.
-
-`-` specifies that STDIN and STDOUT should be directly attached to the remote TCP connection.  This is useful for [SSH](/docs/tcp/ssh.md#tunnel-and-connect-simultaneously) or for sending data through a shell pipe.
-
-### Custom URL
-
-If the Pomerium proxy is not reachable through port `443` or the route is not in external DNS, you can specify a custom URL:
-
-```bash
-pomerium-cli tcp --pomerium-url https://pomerium.corp.example.com:8443 redis.corp.example.com:6379
-```
-
-The command above connects to `https://pomerium.corp.example.com:8443` and then requests the TCP route for `redis.corp.example.com:6379`.
-
-## Service-Specific Documentation
-
-We've outlined how to use a TCP tunnel through Pomerium for several popular services that use TCP connections:
-
-- [MySQL and MariaDB](./mysql.md)
-- [RDP](./rdp.md)
-- [Redis](./redis.md)
-- [SSH](./ssh.md)
diff --git a/docs/docs/tcp/redis.md b/docs/docs/tcp/redis.md
deleted file mode 100644
index 9507ee843..000000000
--- a/docs/docs/tcp/redis.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Redis
-description: Tunnel Redis connections through Pomerium
----
-
-# Tunneled Redis Connections
-
-Redis is a popular in-memory data structure store. It can be run locally or configured as a single or distributed standalone service.
-
-::: tip
-This example assumes you've already [created a TCP route](/docs/tcp/readme.md#configure-routes) for this service.
-:::
-
-## Basic Connection
-
- 1. Create a TCP tunnel, using either [`pomerium-cli`](/docs/releases.md#pomerium-cli) or the Pomerium Desktop client:
-
-    ::::: tabs
-    :::: tab pomerium-cli
-    ```bash
-    pomerium-cli tcp redis.corp.example.com:6379 --listen :6379
-    ```
-
-    :::tip --listen
-    The `--listen` flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
-    :::
-
-    ::::
-
-    :::: tab Pomerium Desktop
-    ![An example connection to a Redis service from Pomerium Desktop](./img/desktop/example-redis-connection.png)
-    :::tip Local Address
-    The **Local Address** field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-    :::
-
-    ::::
-    :::::
-
-1. Initiate your Redis connection, pointing to `localhost`:
-
-    ```bash
-    redis-cli -h localhost -p 6379
-    ```
-
-This demonstrates access to a Redis server through Pomerium from the `redis-cli` tool. Pomerium Enterprise users can utilize [Service Accounts](/enterprise/reference/configure.md#service-accounts) to enable secure machine-to-machine communication of Redis services.
-
-## More Resources
-
-- [redis-cli](https://redis.io/topics/rediscli)
-- [Redis ACL](https://redis.io/topics/acl)
\ No newline at end of file
diff --git a/docs/docs/tcp/service-template.md b/docs/docs/tcp/service-template.md
deleted file mode 100644
index c9d251cbc..000000000
--- a/docs/docs/tcp/service-template.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: $SERVICE
-description: Tunnel $SERVICE connections through Pomerium
-layout: Draft
----
-
-# Tunneled $SERVICE Connections
-
-This is a template to standardize how we document connections to popular services through a Pomerium TCP tunnel. It's not listed in the site map, so if you're not a Pomerium employee and you're reading this, you're either looking at our open-source code base, or... ¯\_(ツ)_/¯
-
-Replace the paragraph above with a brief description of the service, and/or why you would want to tunnel traffic to it.
-
-::: tip
-This example assumes you've already [created a TCP route](/docs/tcp/readme.md#configure-routes) for this service.
-:::
-
- ## Basic Connection
-
- 1. Create a TCP tunnel, using either [`pomerium-cli`](/docs/releases.md#pomerium-cli) or the Pomerium Desktop client:
-
-    ::::: tabs
-    :::: tab pomerium-cli
-    ```bash
-    pomerium-cli tcp aService.corp.example.com:$COMMON-PORT --listen :$ANOTHER-PORT
-    ```
-
-    :::tip --listen
-    The `--listen` flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
-    :::
-
-    ::::
-    :::: tab Pomerium Desktop
-    \![An example connection to a $SERVICE service from Pomerium Desktop](./img/desktop/example-$SERVICE-connection.png) <!-- Remove the escape \ -->
-
-    :::tip Local Address
-    The **Local Address** field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-    :::
-
-    ::::
-    :::::
-
-1. Initiate your $SERVICE connection, pointing to `localhost`:
-
-    ```bash
-    $COMMAND
-    ```
-    Optionally, if the service is accessed through GUI software, include a screenshot here. If both are commonly used, show both using tabs.
-
-## Tunnel and Connect Simultaneously
-
-If $COMMAND has a method of initiating the `pomerium-cli` tunnel as it attempts to connect, document it here.
-
-## Always Tunnel through Pomerium
-
-If the client software can be configured to automatically initiate a `pomerium-cli` tunnel when connecting, document that here.
-
-## More Resources
-
-Always include at least one or two links in a bulleted list that could help the reader.
\ No newline at end of file
diff --git a/docs/docs/tcp/ssh.md b/docs/docs/tcp/ssh.md
deleted file mode 100644
index 671b1498b..000000000
--- a/docs/docs/tcp/ssh.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: SSH
-description: Tunnel SSH connections through Pomerium
----
-
-# Tunneled SSH Connections
-
-Bad actors are constantly scanning the internet for exposed SSH services. Changing the default port obfuscates, but doesn't protect the service, and implementing and updating advanced SSH authentication can be cumbersome.
-
-By tunneling SSH connections through your Pomerium service:
-
- - All traffic is encrypted twice (once by the Pomerium TCP connection, once by SSH itself),
- - The SSH service can remain closed to the internet, or even restricted to only accept connections from the Pomerium Proxy service
- - Authentication and authorization is managed by Pomerium, using your IdP for identity, and can be easily managed at scale.
-
-::: tip
-This example assumes you've already [created a TCP route](/docs/tcp/readme.md#configure-routes) for this service.
-:::
-
- ## Basic Connection
-
- 1. Create a TCP tunnel, using either [`pomerium-cli`](/docs/releases.md#pomerium-cli) or the Pomerium Desktop client:
-
-    ::::: tabs
-    :::: tab pomerium-cli
-    ```bash
-    pomerium-cli tcp aService.corp.example.com:22 --listen :2202
-    ```
-
-    :::tip --listen
-    The `--listen` flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
-    :::
-
-    ::::
-    :::: tab Pomerium Desktop
-    ![An example connection to an SSH service from Pomerium Desktop](./img/desktop/example-ssh-connection.png)
-
-    :::tip Local Address
-    The **Local Address** field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-    :::
-
-    ::::
-    :::::
-
-1. Initiate your SSH connection, pointing to `localhost`:
-
-    ```bash
-    ssh user@localhost -p 2202
-    ```
-
-## Tunnel and Connect Simultaneously
-
-The process outlined above requires multiple steps and terminal environments (when using the CLI) or programs (when using the Desktop Client). By invoking `pomerium-cli` when the connection is made, you can streamline the process into a single connection:
-
-```bash
-ssh -o ProxyCommand='pomerium-cli tcp --listen - %h:%p' ssh.localhost.pomerium.io
-```
-
-## Always Tunnel through Pomerium
-
-Once your SSH service is configured and tested through Pomerium, you can edit your local SSH configuration file to always create a tunnel when connecting to that service:
-
-```bash
-Host aService.corp.example.com
-    ProxyCommand /usr/bin/pomerium-cli tcp --listen - %h:%p
-```
-
-You can even configure all SSH connections to your domain space to use the tunnel:
-
-```bash
-Host *.corp.example.com
-    ProxyCommand /usr/bin/pomerium-cli tcp --listen - %h:%p
-```
-
-## More Resources
-
-For more information on SSH ProxyCommand, see:
-
-- [ProxyCommand (SSH man page)](https://man.openbsd.org/ssh_config.5#ProxyCommand)
-- [SSH to remote hosts though a proxy or bastion with ProxyJump (RedHat blog)](https://www.redhat.com/sysadmin/ssh-proxy-bastion-proxyjump)
\ No newline at end of file
diff --git a/docs/docs/topics/certificates.md b/docs/docs/topics/certificates.md
deleted file mode 100644
index 425cd6d8c..000000000
--- a/docs/docs/topics/certificates.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-title: Certificates
-sidebarDepth: 1
-lang: en-US
-meta:
-  - name: keywords
-    content: x509, certificates, tls, mtls, letsencrypt, lets encrypt
----
-
-# Certificates
-
-[Certificates](https://en.wikipedia.org/wiki/X.509) and [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) play a vital role in [zero trust][principles] networks, and in Pomerium.
-
-This document covers a few options in how to generate and set up TLS certificates suitable for working with pomerium.
-
-This guide uses the following tools and resources:
-
-- [LetsEncrypt](https://letsencrypt.org/about/) is a _public_ certificate authority that issues free certificates trusted by the major browsers. Other [private](https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/) or [public](https://scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-on/) CAs would also be fine.
-- [Google Domains](https://domains.google.com/) registrar will be used to set up our wildcard domain and certificate validation. But any registrar would do and some providers support [automatic renewal](https://github.com/Neilpang/acme.sh/wiki/dnsapi).
-- [acme.sh](https://github.com/Neilpang/acme.sh) will be used to retrieve the wild-card domain certificate. Any [LetsEncrypt client](https://letsencrypt.org/docs/client-options/) that supports wildcard domains would work.
-
-It should be noted that there are countless ways of building and managing [public-key infrastructure](https://en.wikipedia.org/wiki/Public_key_infrastructure). And although we hope this guide serves as a helpful baseline for generating and securing pomerium with certificates, these instructions should be modified to meet your own organization's tools, needs, and constraints. In a production environment you will likely be using your corporate load balancer, or a key management system to manage your certificate authority infrastructure.
-
-## Why
-
-Since one of Pomerium's core [principles] is to treat internal and external traffic impartially, Pomerium uses [mutually authenticated TLS](https://en.wikipedia.org/wiki/Mutual_authentication) ubiquitously. For example, Pomerium uses mTLS between:
-
-- end-user and Pomerium
-- Pomerium's services **regardless** of if the network is "trusted"
-- Pomerium and the destination application
-
-## Setting up DNS
-
-First, you'll want to set a [CNAME](https://en.wikipedia.org/wiki/CNAME_record) record for wild-card domain name you will be using with Pomerium.
-
-![pomerium add a text entry to your dns records](./img/certificate-wildcard-domain.png)
-
-## Certificates
-
-### Per-route automatic certificates
-
-Pomerium itself can be used to retrieve, manage, and renew certificates certificates for free using Let's Encrypt, the only requirement is that Pomerium is able to receive public traffic on ports `80`/`443`. This is probably the easiest option.
-
-```yaml
-autocert: true
-```
-
-See the [Autocert] and [Autocert Directory] settings for more details.
-
-### Self-signed wildcard certificate
-
-In production, we'd use a public certificate authority such as LetsEncrypt. But for a local proof of concept or for development, we can use [mkcert](https://mkcert.dev/) to make locally trusted development certificates with any names you'd like. The easiest, is probably to use `*.localhost.pomerium.io` which we've already pre-configured to point back to localhost.
-
-1. Install mkcert.
-
-   :::: tabs
-   ::: tab Go
-   ```bash
-   go get -u filippo.io/mkcert
-   ```
-   :::
-   ::: tab Homebrew
-   ```bash
-   brew install mkcert
-   ```
-   ::::
-
-1. Bootstrap mkcert's root certificate into your operating system's trust store.
-
-   ```bash
-   mkcert -install
-   ```
-
-1. Create your wildcard domain. `*.localhost.pomerium.io` is helper domain we've hard-coded to route to localhost:
-
-   ```bash
-   mkcert "*.localhost.pomerium.io"
-   ```
-
-### Manual DNS Let's Encrypt wildcard certificate
-
-Once you've setup your wildcard domain, we can use acme.sh to create a certificate-signing request with LetsEncrypt.
-
-<<< @/examples/sh/generate_wildcard_cert.sh
-
-LetsEncrypt will respond with the corresponding `TXT` record needed to verify our domain.
-
-![pomerium add a text entry to your dns records](./img/certificate-domain-challenge.png)
-
-It may take a few minutes for the DNS records to propagate. Once it does, you can run the following command to complete the certificate request process.
-
-Here's how the above certificates signed by LetsEncrypt correspond to their respective Pomerium configuration settings:
-
-Pomerium Config                | Certificate file
------------------------------- | --------------------------------------------------------------
-[CERTIFICATE]                  | `$HOME/.acme.sh/*.corp.example.com_ecc/fullchain.cer`
-[CERTIFICATE_KEY][certificate] | `$HOME/.acme.sh/*.corp.example.com_ecc/*.corp.example.com.key`
-
-Your end users will see a valid certificate for all domains delegated by Pomerium.
-
-![pomerium valid certificate](./img/certificates-valid-secure-certificate.png)
-
-![pomerium certificates A+ ssl labs rating](./img/certificates-ssl-report.png)
-
-::: warning
-
-LetsEncrypt certificates must be renewed [every 90 days](https://letsencrypt.org/2015/11/09/why-90-days.html).
-
-:::
-
-## Resources
-
-Certificates, TLS, and Public Key Cryptography is a vast subject we cannot adequately cover here so if you are new to or just need a brush up, the following resources may be helpful:
-
-- [Why HTTPS for Everything?](https://https.cio.gov/everything/) The US government's CIO office has an excellent guide covering HTTPS and why future government sites will all be HTTPS.
-- [Is TLS Fast](https://istlsfastyet.com/) debunks the performance myth associated with HTTPS.
-- [Use TLS](https://smallstep.com/blog/use-tls.html) covers why TLS should be used everywhere; not just for securing typical internet traffic but for securing service communication in both "trusted" and adversarial situations.
-- [Everything you should know about certificates and PKI but are too afraid to ask](https://smallstep.com/blog/everything-pki.html)
-
-[autocert]: ../../reference/readme.md#autocert
-[autocert directory]: ../../reference/readme.md#autocert-directory
-[certificate]: ../../reference/readme.md#certificates
-[certificate_authority]: ../../reference/readme.md#certificate-authority
-[certificate_key]: ../../reference/readme.md#certificates
-[override_certificate_name]: ../../reference/readme.md#override-certificate-name
-[principles]: ../background.md#history
-[zero trust]: ../background.md#zero-trust
diff --git a/docs/docs/topics/data-storage.md b/docs/docs/topics/data-storage.md
deleted file mode 100644
index f2fcb7bb5..000000000
--- a/docs/docs/topics/data-storage.md
+++ /dev/null
@@ -1,87 +0,0 @@
----
-title: Data Storage
-sidebarDepth: 1
-description: >-
-  This article describes Pomerium's data storage requirements
-  and backends
----
-
-# Data Storage
-
-## About
-
-#### Background
-Pomerium keeps persistent state out of most components, but an identity-aware access proxy must maintain some data about every user's session.  Historically, all user/session related data was stored in cookies, but this quickly became challenging.
-
-- Cookie and header limits would impact large organizations and some IdPs
-- SPAs would break when session cookies expired
-- No central visibility or management of existing sessions
-- Group membership was fixed from session creation
-- Slow initial authentication flow to fetch user data
-
-To address these limitations, the Pomerium `databroker` service runs a number of internal services responsible for maintaining data and state.
-
-#### Design
-
-The `databroker` is responsible for providing a stateful storage layer.  Services which require high performance maintain a streaming local cache of the contents of the `databroker`, while others may call `databroker` in real time.  Only the `databroker` is expected to maintain authoritative state.
-
-
-## Persistence
-At this time, most data stored by Pomerium is externally sourced and recoverable at startup (eg, group membership).  The notable exception is user sessions.  If the data hosted by the `databroker` is lost, users will need to log in through their IdP again at next session expiration.
-
-To prevent early session loss in production deployments, persistent storage backends are available for configuration in the `databroker`.  Use of these is strongly encouraged, but smaller or non-production deployments can make use of an in-memory storage layer if external dependencies are not practical or justifiable.
-
-## Backends
-
-Configuration options for each backend are detailed in [databroker configuration reference](/reference/readme.md#data-broker-service).
-
-In all backends, Pomerium encrypts record values.  This ensures security of all records at rest, regardless of data store capabilities.  While this prevents many classes of attack vector, additional security measures should always be taken to secure data in transit and minimize access to the backends themselves.
-
-Please see Pomerium backend and upstream storage system documentation for best practices.
-
-### In-Memory
-- Data Broker Service HA: `no`
-- Data Store HA: `no`
-- Data Persistence: `no`
-
-The default storage backend for `databroker` is memory based.  This backend provides
-easy deployment semantics but is not persistent or highly available.  Running more than one `databroker` instance configured for memory backed storage is not supported and will lead to non-deterministic behavior.
-
-### Redis
-
-- Data Broker Service HA: `yes`
-- Data Store HA: `yes`
-- Data Persistence: `yes`
-
-The Redis based backend supports multiple `databroker` instances and persistence across restarts.  We recommend a dedicated redis instance for Pomerium to provide the strongest security and performance guarantees.
-
-#### High Availability
-Redis should be configured to provide high availability via [replication](https://redis.io/topics/replication) and failover.
-
-
-#### Security
-Pomerium supports and strongly encourages [ACL](https://redis.io/topics/acl) based authentication.  To set up an ACL for pomerium, use the following template:
-
-```
-ACL setuser pomerium on >[MYPASSWORD] ~* +@all -@scripting -@dangerous -@admin -@connection
-```
-
-Pomerium supports and strongly encourages [TLS](https://redis.io/topics/encryption) support in Redis version 6.  Both traditional and mutual TLS are supported.
-
-Example secure configuration:
-
-```yaml
-databroker_storage_type: redis
-databroker_storage_connection_string: rediss://pomerium:MYSECUREPASSWORD@[HOST]:6379/
-databroker_storage_cert_file: /tls/client.pem
-databroker_storage_key_file: /tls/client.key
-databroker_storage_ca_file: /tls/ca.pem
-```
-
-::: tip
-the second `s` in `rediss` is intentional and turns on TLS support
-:::
-
-## Troubleshooting
-
-Most issues with the Databroker service are caused by a [`shared_secret`](/reference/readme.md#shared-secret) mismatch between services. See [Troubleshooting - Shared Secret Mismatch](/docs/troubleshooting.md#shared-secret-mismatch) for details.
\ No newline at end of file
diff --git a/docs/docs/topics/device-identity.md b/docs/docs/topics/device-identity.md
deleted file mode 100644
index ac476e551..000000000
--- a/docs/docs/topics/device-identity.md
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: Device Identity
-description: >-
-  Learn about how WebAuthn is used to authenticate and authorize access using Device ID and state.
-sidebarDepth: 1
----
-
-# Device Identity
-
-One of the core components of the zero trust security model is **device identity**, which is the ability for a device to have a unique, unclonable identity string that can be authenticated and factored into access control decisions. This topic page covers the concept of device identity, and how it applies to the zero trust model.
-
-## Why Device Identity Is Important
-
-The history of IT security has, until recently, mostly focused on user identity verification. In this model, access to a service is granted only after verifying a user's identity and authorization to that service. This was usually sufficient in scenarios where the user's access was physically limited to trusted devices in trusted physical and network spaces; a PC sitting in an office in the company headquarters on a local network, for example.
-
-Hardware-backed device identity is becoming more widely discussed as more products begin to implement or require it across all tech industries. For example, Windows 11 generated a lot of news by [requiring TPM 2.0][win11-reqs], and Apple is taking steps to [eliminate passwords][apple-passkeys] :
-
-| ![Verge Article Header and Apple Video Page](./img/verge-apple.png) |
-|:--|
-| **Sources:**<br />- <https://www.theverge.com/2021/6/25/22550376/microsoft-windows-11-tpm-chips-requirement-security><br/>-  <https://developer.apple.com/videos/play/wwdc2021/10106/> |
-
-Device identity protects a trusted user from accessing sensitive data from a potentially unsafe device, like their personal computer or phone. Think of it as similar to multi-factor authentication (**MFA**); where MFA covers "what you know" (password) and "who you are" (biometrics, face recognition, etc), device identity asks "is this device safe?" by confirming that the device you are using to access a system is trusted.
-
-Device identity is similar but unique to MFA. Where MFA is an additional layer of protection on user identity, hardware-backed device identity can be used to enhance and augment authorization decisions beyond the initial authentication flow. Where MFA increases the trust-level of a user, device identity provides trust for the device being used. More importantly, it denies access for non-trusted, potentially insecure devices.
-
-## What Is Device Identity
-
-> When you remove "[the perimeter]" as the source of trust to your infrastructure, you must replace it with a level of trust for every person, **device**, and hop in the communication path. Where the other, more commonly implemented facets of zero trust validates the user and traffic, device identity (through WebAuthn) validates the end user's device.
-
-Device ID is a unique identifying key that can only be created by the specific combination of hardware and software present on a specific device. How this is accomplished is largely dependent on the tools available on the user hardware, which we've detailed below.
-
-### Authenticated Device Types
-
-Device identity is made possible through trusted execution environment (**TEE**) devices that provide a hardware-attested identity. The specific implementation of this general concept is different across the devices that provide device identity, but they generally fall into two categories: [secure enclaves and cross-platform security keys].
-
-#### Secure Enclaves
-
-Also called platform or internal authenticators, a secure enclave is physically bound to a specific computing device.
-
-- TPM (Trusted Platform Module): These devices are usually built into a product's mainboard, or can be installed in devices with a TPM header, as shown [here][toms-hardware-tpm]. They include a small processor to carry out cryptographic functions on the device, instead of on the system's processor where it could be interfered with. Trust is usually derived from a private key or certificate signed by a trusted manufacture's certificate authority.
-
-- Mobile devices: Most newer Apple and Android devices include a [Secure Enclave][apple-enclave] or [Hardware-backed Keystore][android-keystore]
-
-#### Hardware Security Keys
-
-Also known as cross-platform or roaming authenticators, these are authentication devices which can move with the user across different computers.
-
-- FIDO U2F: This [open standard][fido-spec] is used by many products like Yubico's [Yubikey][yubikey-products] and Google's [Titan Security Key](https://support.google.com/titansecuritykey/answer/9115487?hl=en). They usually secure a private key used to decrypt information signed by an accessible public key.
-
-::: tip Note
-The nature of cross-platform keys mean they are not associated with a single end-user device. Pomerium policies can be written to allow these keys, or specified to only accept secure enclaves.
-:::
-
-## Implement Device Identity with Pomerium
-
-Pomerium supports policies that use device identity since version [0.16.0](/docs/upgrading.md#policy-for-device-identity). We use the [Web Authentication][webauthn-api] (**WebAuthN**) API to bring authentication and authorization based on device identity into your security framework. Pomerium's device identity support enables users to register their devices, and administrators to enforce access to applications and services to a particular set of trusted devices.
-
-<iframe width="800" height="500" src="https://www.youtube.com/embed/aJzgnaXEpLo?rel=0" frameborder="0" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen />
-
-To get started, review the following pages:
-
-- [Pomerium Policy Language](/docs/topics/ppl.md) to learn how to build policies that use device ID.
-- **End Users** should review [Enroll a Device](/guides/enroll-device.md) to learn how to enroll devices on Pomerium. In Enterprise environments, self-enrollments must be approved by an admin in the Enterprise Console.
-- **Enterprise Administrators** can review the [Devices](/enterprise/reference/manage.md#devices) reference material to create pre-approved enrollment links for users.
-- [pomerium/webauthn](https://github.com/pomerium/webauthn) on GitHub, our implementation of the WebAuthn specification.
-
-## Looking Ahead: Device Posture
-
-Even if access is restricted to known devices, what happens when a user is found to have a vulnerable OS or browser version? How can an administrator ensure their network is not exposed, and that the user's system is promptly patched and remediated?  As secure enclave technologies evolve, **device posture** -- which is sometimes referred to as device state -- will play an increasingly important role in not only authorization decisions but also in helping to quickly remediate vulnerable corporate devices. Device posture is a more complex superset of device identity, with more information about the device and software being used to generate the resulting identifier.
-
-Designing your security model to use device identity also primes your infrastructure to implement advanced security rules based on device posture down the road.
-
-[android-keystore]: https://source.android.com/security/keystore
-[apple-enclave]: https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web
-[apple-passkeys]: https://developer.apple.com/documentation/authenticationservices/public-private_key_authentication/supporting_passkeys
-[fido-spec]: https://fidoalliance.org/specifications/
-[secure enclaves and cross-platform security keys]: https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/Platform_vs_Cross-Platform.html
-[the perimeter]: https://www.microsoft.com/security/blog/2019/10/23/perimeter-based-network-defense-transform-zero-trust-model/
-[toms-hardware-tpm]: https://www.tomshardware.com/reviews/tpm-trusted-platform-module-header,5766.html
-[verge-tpm]: https://www.theverge.com/2021/6/25/22550376/microsoft-windows-11-tpm-chips-requirement-security
-[webauthn-api]: https://www.w3.org/TR/webauthn-2/#registration-extension
-[win11-reqs]: https://www.microsoft.com/en-us/windows/windows-11-specifications
-[yubikey-products]: https://www.yubico.com/products/
\ No newline at end of file
diff --git a/docs/docs/topics/getting-users-identity.md b/docs/docs/topics/getting-users-identity.md
deleted file mode 100644
index 98c57be56..000000000
--- a/docs/docs/topics/getting-users-identity.md
+++ /dev/null
@@ -1,130 +0,0 @@
----
-title: Getting the user's identity
-description: This article describes how to to get a user's identity with Pomerium.
----
-
-# Getting the user's identity
-
-This article describes how to retrieve a user's identity from a pomerium managed application. Pomerium uses JSON web tokens (JWT) to attest that a given request was handled by Pomerium's authorizer service.
-
-## Prerequisites
-
-To secure your app with signed headers, you'll need the following:
-
-- An application you want users to connect to.
-- A [JWT] library. We strongly recommend using `ES256` over `RSA` based algorithms which are often much faster. When in doubt, use `ES256`
-
-## Verification
-
-If a [signing key] is set, the user's associated identity information will be included in a signed attestation JWT that will be added to each requests's upstream header `X-Pomerium-Jwt-Assertion`. You should verify that the JWT contains at least the following claims:
-
- |  [JWT]   | description                                                                               |
- | :------: | ----------------------------------------------------------------------------------------- |
- |  `exp`   | Expiration time in seconds since the UNIX epoch. Allow 1 minute for skew.                 |
- |  `iat`   | Issued-at time in seconds since the UNIX epoch. Allow 1 minute for skew.                  |
- |  `aud`   | The client's final domain e.g. `httpbin.corp.example.com`.                                |
- |  `iss`   | Issuer must be the URL of your authentication domain e.g. `authenticate.corp.example`.    |
- |  `sub`   | Subject is the user's id. Can be used instead of the `X-Pomerium-Claim-Sub` header.       |
- | `email`  | Email is the user's email. Can be used instead of the `X-Pomerium-Claim-Email` header.    |
- | `groups` | Groups is the user's groups. Can be used instead of the `X-Pomerium-Claim-Groups` header. |
-
-The attestation JWT's signature can be verified using the public key which can be retrieved at Pomerium's `/.well-known/pomerium/jwks.json` endpoint which lives on the authenticate service. A `jwks_uri` is useful when integrating with other systems like [istio](https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1/). For example:
-
-```bash
-$ curl https://authenticate.int.example.com/.well-known/pomerium/jwks.json | jq
-```
-
-```json
-{
-  "keys": [
-    {
-      "use": "sig",
-      "kty": "EC",
-      "kid": "ccc5bc9d835ff3c8f7075ed4a7510159cf440fd7bf7b517b5caeb1fa419ee6a1",
-      "crv": "P-256",
-      "alg": "ES256",
-      "x": "QCN7adG2AmIK3UdHJvVJkldsUc6XeBRz83Z4rXX8Va4",
-      "y": "PI95b-ary66nrvA55TpaiWADq8b3O1CYIbvjqIHpXCY"
-    }
-  ]
-}
-```
-
-```json
-{
-  "keys": [
-    {
-      "use": "sig",
-      "kty": "OKP",
-      "kid": "3aa847838906f3c930f55c2d5885943ac7bede8f780d388015575334f88e77ef",
-      "crv": "Ed25519",
-      "alg": "EdDSA",
-      "x": "xsg1A67wECXAmRnSib8lSsgatcNcYm7vvspQnocPQNc"
-    }
-  ]
-}
-```
-
-### Manual verification
-
-Though you will very likely be verifying signed-headers programmatically in your application's middleware, and using a third-party JWT library, if you are new to JWT it may be helpful to show what manual verification looks like.
-
-1. Provide pomerium with a base64 encoded Elliptic Curve ([NIST P-256] aka [secp256r1] aka prime256v1) Private Key. In production, you'd likely want to get these from your KMS.
-
-```bash
-openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
-openssl ec -in ec_private.pem -pubout -out ec_public.pem
-# careful! this will output your private key in terminal
-cat ec_private.pem | base64
-```
-
-Copy the base64 encoded value of your private key to `pomerium-proxy`'s environmental configuration variable `SIGNING_KEY`.
-
-```bash
-SIGNING_KEY=ZxqyyIPPX0oWrrOwsxXgl0hHnTx3mBVhQ2kvW1YB4MM=
-```
-
-1. Reload `pomerium-proxy`. Navigate to httpbin (by default, `https://httpbin.corp.${YOUR-DOMAIN}.com`), and login as usual. Click **request inspection**. Select `/headers`. Click **try it out** and then **execute**. You should see something like the following.
-
-![httpbin displaying jwt headers](./img/inspect-headers.png)
-
-1. `X-Pomerium-Jwt-Assertion` is the signature value. It's less scary than it looks and basically just a compressed, json blob as described above. Navigate to [jwt.io] which provides a helpful GUI to manually verify JWT values.
-
-1. Paste the value of `X-Pomerium-Jwt-Assertion` header token into the `Encoded` form. You should notice that the decoded values look much more familiar.
-
-![httpbin displaying decoded jwt](./img/verifying-headers-1.png)
-
-1. Finally, we want to cryptographically verify the validity of the token. To do this, we will need the signer's public key. You can simply copy and past the output of `cat ec_public.pem`.
-
-![httpbin displaying verified jwt](./img/verifying-headers-2.png)
-
-**Voila!** Hopefully walking through a manual verification has helped give you a better feel for how signed JWT tokens are used as a secondary validation mechanism in pomerium.
-
-::: warning
-
-In an actual client, you'll want to ensure that all the other claims values are valid (like expiration, issuer, audience and so on) in the context of your application. You'll also want to make sure you have a safe and reliable mechanism for distributing pomerium-proxy's public signing key to client apps (typically, a [key management service]).
-
-:::
-
-### Automatic verification
-
-We currently maintain SDKs for the following languages:
-
-- [Go](https://github.com/pomerium/sdk-go)
-
-In the future, we will add implementations for:
-
-- Nodejs
-- Python
-- Java
-- .NET
-
-[developer tools]: https://developers.google.com/web/tools/chrome-devtools/open
-[docker-compose.yml]: https://github.com/pomerium/pomerium/blob/main/docker-compose.yml
-[httpbin]: https://httpbin.org/
-[jwt]: https://jwt.io/introduction/
-[jwt.io]: https://jwt.io/
-[key management service]: https://en.wikipedia.org/wiki/Key_management
-[nist p-256]: https://csrc.nist.gov/csrc/media/events/workshop-on-elliptic-curve-cryptography-standards/documents/papers/session6-adalier-mehmet.pdf
-[secp256r1]: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
-[signing key]: ./../../reference/readme.md#signing-key
diff --git a/docs/docs/topics/img/auth-flow-diagram.svg b/docs/docs/topics/img/auth-flow-diagram.svg
deleted file mode 100644
index f361156fe..000000000
--- a/docs/docs/topics/img/auth-flow-diagram.svg
+++ /dev/null
@@ -1,399 +0,0 @@
-<svg id="mermaid-1570159603826" width="100%" xmlns="http://www.w3.org/2000/svg" height="100%" style="max-width:1450px;" viewBox="-50 -10 1450 981"><style>
-
-
-#mermaid-1570159603826 .label {
-  font-family: 'trebuchet ms', verdana, arial;
-  color: #333; }
-
-#mermaid-1570159603826 .label text {
-  fill: #333; }
-
-#mermaid-1570159603826 .node rect,
-#mermaid-1570159603826 .node circle,
-#mermaid-1570159603826 .node ellipse,
-#mermaid-1570159603826 .node polygon {
-  fill: #A176FF;
-  stroke: #999;
-  stroke-width: 1px; }
-
-#mermaid-1570159603826 .node.clickable {
-  cursor: pointer; }
-
-#mermaid-1570159603826 .arrowheadPath {
-  fill: #333333; }
-
-#mermaid-1570159603826 .edgePath .path {
-  stroke: #666;
-  stroke-width: 1.5px; }
-
-#mermaid-1570159603826 .edgeLabel {
-  background-color: white; }
-
-#mermaid-1570159603826 .cluster rect {
-  fill: #eaf2fb;
-  stroke: #26a;
-  stroke-width: 1px; }
-
-#mermaid-1570159603826 .cluster text {
-  fill: #333; }
-
-#mermaid-1570159603826 div.mermaidTooltip {
-  position: absolute;
-  text-align: center;
-  max-width: 200px;
-  padding: 2px;
-  font-family: 'trebuchet ms', verdana, arial;
-  font-size: 12px;
-  background: #eaf2fb;
-  border: 1px solid #26a;
-  border-radius: 2px;
-  pointer-events: none;
-  z-index: 100; }
-
-#mermaid-1570159603826 .actor {
-  stroke: #999;
-  fill: #A176FF; }
-
-#mermaid-1570159603826 text.actor {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .actor-line {
-  stroke: #666; }
-
-#mermaid-1570159603826 .messageLine0 {
-  stroke-width: 1.5;
-  stroke-dasharray: '2 2';
-  stroke: #333; }
-
-#mermaid-1570159603826 .messageLine1 {
-  stroke-width: 1.5;
-  stroke-dasharray: '2 2';
-  stroke: #333; }
-
-#mermaid-1570159603826 #arrowhead {
-  fill: #333; }
-
-#mermaid-1570159603826 .sequenceNumber {
-  fill: white; }
-
-#mermaid-1570159603826 #sequencenumber {
-  fill: #333; }
-
-#mermaid-1570159603826 #crosshead path {
-  fill: #333 !important;
-  stroke: #333 !important; }
-
-#mermaid-1570159603826 .messageText {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .labelBox {
-  stroke: #999;
-  fill: #A176FF; }
-
-#mermaid-1570159603826 .labelText {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .loopText {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .loopLine {
-  stroke-width: 2;
-  stroke-dasharray: '2 2';
-  stroke: #999; }
-
-#mermaid-1570159603826 .note {
-  stroke: #777700;
-  fill: #ffa; }
-
-#mermaid-1570159603826 .noteText {
-  fill: black;
-  stroke: none;
-  font-family: 'trebuchet ms', verdana, arial;
-  font-size: 14px; }
-
-#mermaid-1570159603826 .activation0 {
-  fill: #f4f4f4;
-  stroke: #666; }
-
-#mermaid-1570159603826 .activation1 {
-  fill: #f4f4f4;
-  stroke: #666; }
-
-#mermaid-1570159603826 .activation2 {
-  fill: #f4f4f4;
-  stroke: #666; }
-
-
-#mermaid-1570159603826 .section {
-  stroke: none;
-  opacity: 0.2; }
-
-#mermaid-1570159603826 .section0 {
-  fill: #80b3e6; }
-
-#mermaid-1570159603826 .section2 {
-  fill: #80b3e6; }
-
-#mermaid-1570159603826 .section1,
-#mermaid-1570159603826 .section3 {
-  fill: white;
-  opacity: 0.2; }
-
-#mermaid-1570159603826 .sectionTitle0 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle1 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle2 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle3 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle {
-  text-anchor: start;
-  font-size: 11px;
-  text-height: 14px; }
-
-
-#mermaid-1570159603826 .grid .tick {
-  stroke: #e6e6e6;
-  opacity: 0.3;
-  shape-rendering: crispEdges; }
-
-#mermaid-1570159603826 .grid path {
-  stroke-width: 0; }
-
-
-#mermaid-1570159603826 .today {
-  fill: none;
-  stroke: #d42;
-  stroke-width: 2px; }
-
-
-
-#mermaid-1570159603826 .task {
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .taskText {
-  text-anchor: middle;
-  font-size: 11px; }
-
-#mermaid-1570159603826 .taskTextOutsideRight {
-  fill: #333;
-  text-anchor: start;
-  font-size: 11px; }
-
-#mermaid-1570159603826 .taskTextOutsideLeft {
-  fill: #333;
-  text-anchor: end;
-  font-size: 11px; }
-
-
-#mermaid-1570159603826 .task.clickable {
-  cursor: pointer; }
-
-#mermaid-1570159603826 .taskText.clickable {
-  cursor: pointer;
-  fill: #003163 !important;
-  font-weight: bold; }
-
-#mermaid-1570159603826 .taskTextOutsideLeft.clickable {
-  cursor: pointer;
-  fill: #003163 !important;
-  font-weight: bold; }
-
-#mermaid-1570159603826 .taskTextOutsideRight.clickable {
-  cursor: pointer;
-  fill: #003163 !important;
-  font-weight: bold; }
-
-
-#mermaid-1570159603826 .taskText0,
-#mermaid-1570159603826 .taskText1,
-#mermaid-1570159603826 .taskText2,
-#mermaid-1570159603826 .taskText3 {
-  fill: white; }
-
-#mermaid-1570159603826 .task0,
-#mermaid-1570159603826 .task1,
-#mermaid-1570159603826 .task2,
-#mermaid-1570159603826 .task3 {
-  fill: #26a;
-  stroke: #1a4d80; }
-
-#mermaid-1570159603826 .taskTextOutside0,
-#mermaid-1570159603826 .taskTextOutside2 {
-  fill: #333; }
-
-#mermaid-1570159603826 .taskTextOutside1,
-#mermaid-1570159603826 .taskTextOutside3 {
-  fill: #333; }
-
-
-#mermaid-1570159603826 .active0,
-#mermaid-1570159603826 .active1,
-#mermaid-1570159603826 .active2,
-#mermaid-1570159603826 .active3 {
-  fill: #A176FF;
-  stroke: #1a4d80; }
-
-#mermaid-1570159603826 .activeText0,
-#mermaid-1570159603826 .activeText1,
-#mermaid-1570159603826 .activeText2,
-#mermaid-1570159603826 .activeText3 {
-  fill: #333 !important; }
-
-
-#mermaid-1570159603826 .done0,
-#mermaid-1570159603826 .done1,
-#mermaid-1570159603826 .done2,
-#mermaid-1570159603826 .done3 {
-  stroke: #666;
-  fill: #bbb;
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .doneText0,
-#mermaid-1570159603826 .doneText1,
-#mermaid-1570159603826 .doneText2,
-#mermaid-1570159603826 .doneText3 {
-  fill: #333 !important; }
-
-
-#mermaid-1570159603826 .crit0,
-#mermaid-1570159603826 .crit1,
-#mermaid-1570159603826 .crit2,
-#mermaid-1570159603826 .crit3 {
-  stroke: #b1361b;
-  fill: #d42;
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .activeCrit0,
-#mermaid-1570159603826 .activeCrit1,
-#mermaid-1570159603826 .activeCrit2,
-#mermaid-1570159603826 .activeCrit3 {
-  stroke: #b1361b;
-  fill: #A176FF;
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .doneCrit0,
-#mermaid-1570159603826 .doneCrit1,
-#mermaid-1570159603826 .doneCrit2,
-#mermaid-1570159603826 .doneCrit3 {
-  stroke: #b1361b;
-  fill: #bbb;
-  stroke-width: 2;
-  cursor: pointer;
-  shape-rendering: crispEdges; }
-
-#mermaid-1570159603826 .milestone {
-  transform: rotate(45deg) scale(0.8, 0.8); }
-
-#mermaid-1570159603826 .milestoneText {
-  font-style: italic; }
-
-#mermaid-1570159603826 .doneCritText0,
-#mermaid-1570159603826 .doneCritText1,
-#mermaid-1570159603826 .doneCritText2,
-#mermaid-1570159603826 .doneCritText3 {
-  fill: #333 !important; }
-
-#mermaid-1570159603826 .activeCritText0,
-#mermaid-1570159603826 .activeCritText1,
-#mermaid-1570159603826 .activeCritText2,
-#mermaid-1570159603826 .activeCritText3 {
-  fill: #333 !important; }
-
-#mermaid-1570159603826 .titleText {
-  text-anchor: middle;
-  font-size: 18px;
-  fill: #333; }
-
-#mermaid-1570159603826 g.classGroup text {
-  fill: #999;
-  stroke: none;
-  font-family: 'trebuchet ms', verdana, arial;
-  font-size: 10px; }
-
-#mermaid-1570159603826 g.classGroup rect {
-  fill: #A176FF;
-  stroke: #999; }
-
-#mermaid-1570159603826 g.classGroup line {
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 .classLabel .box {
-  stroke: none;
-  stroke-width: 0;
-  fill: #A176FF;
-  opacity: 0.5; }
-
-#mermaid-1570159603826 .classLabel .label {
-  fill: #999;
-  font-size: 10px; }
-
-#mermaid-1570159603826 .relation {
-  stroke: #999;
-  stroke-width: 1;
-  fill: none; }
-
-#mermaid-1570159603826 #compositionStart {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #compositionEnd {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #aggregationStart {
-  fill: #A176FF;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #aggregationEnd {
-  fill: #A176FF;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #dependencyStart {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #dependencyEnd {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #extensionStart {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #extensionEnd {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 .commit-id,
-#mermaid-1570159603826 .commit-msg,
-#mermaid-1570159603826 .branch-label {
-  fill: lightgrey;
-  color: lightgrey; }
-
-#mermaid-1570159603826 .pieTitleText {
-  text-anchor: middle;
-  font-size: 25px;
-  fill: #333; }
-</style><style>#mermaid-1570159603826 {
-    color: rgba(0, 0, 0, 0.65098);
-    font: normal normal normal normal 14px/21px "trebuchet ms", verdana, arial;
-  }</style><g></g><g><line id="actor28" x1="75" y1="5" x2="75" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="0" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="75" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="75" dy="0">Browser</tspan></text></g><g><line id="actor29" x1="275" y1="5" x2="275" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="200" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="275" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="275" dy="0">Identity Provider</tspan></text></g><g><line id="actor30" x1="475" y1="5" x2="475" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="400" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="475" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="475" dy="0">Ingress</tspan></text></g><g><line id="actor31" x1="675" y1="5" x2="675" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="600" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="675" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="675" dy="0">Pomerium</tspan></text></g><g><line id="actor32" x1="875" y1="5" x2="875" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="800" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="875" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="875" dy="0">Pomerium AuthN</tspan></text></g><g><line id="actor33" x1="1075" y1="5" x2="1075" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="1000" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1075" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1075" dy="0">Pomerium AuthZ</tspan></text></g><g><line id="actor34" x1="1275" y1="5" x2="1275" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="1200" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1275" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1275" dy="0">app</tspan></text></g><defs><marker id="arrowhead" refX="5" refY="2" markerWidth="6" markerHeight="4" orient="auto"><path d="M 0,0 V 4 L6,2 Z"></path></marker></defs><defs><marker id="crosshead" markerWidth="15" markerHeight="8" orient="auto" refX="16" refY="4"><path fill="black" stroke="#000000" style="stroke-dasharray: 0px, 0px;" stroke-width="1px" d="M 9,2 V 6 L16,4 Z"></path><path fill="none" stroke="#000000" style="stroke-dasharray: 0px, 0px;" stroke-width="1px" d="M 0,1 L 6,7 M 6,1 L 0,7"></path></marker></defs><defs><marker id="sequencenumber" refX="15" refY="15" markerWidth="60" markerHeight="40" orient="auto"><circle cx="15" cy="15" r="6"></circle></marker></defs><g><text x="275" y="93" style="text-anchor: middle;" class="messageText">GET /app</text><line x1="75" y1="100" x2="475" y2="100" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="575" y="128" style="text-anchor: middle;" class="messageText">/verify/app</text><line x1="475" y1="135" x2="675" y2="135" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="675" y="163" style="text-anchor: middle;" class="messageText">Authenticated?</text><path d="M 675,170 C 735,160 735,200 675,190" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="675" y="228" style="text-anchor: middle;" class="messageText">No!</text><path d="M 675,235 C 735,225 735,265 675,255" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="775" y="293" style="text-anchor: middle;" class="messageText"></text><line x1="675" y1="300" x2="875" y2="300" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="475" y="328" style="text-anchor: middle;" class="messageText">HTTP 301 sign in callback url</text><line x1="875" y1="335" x2="75" y2="335" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="175" y="363" style="text-anchor: middle;" class="messageText"></text><line x1="75" y1="370" x2="275" y2="370" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="175" y="398" style="text-anchor: middle;" class="messageText"></text><line x1="275" y1="405" x2="75" y2="405" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="475" y="433" style="text-anchor: middle;" class="messageText">HTTP 301: Oauth2 callback endpoint</text><line x1="75" y1="440" x2="875" y2="440" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="475" y="468" style="text-anchor: middle;" class="messageText">Save session</text><line x1="875" y1="475" x2="75" y2="475" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="275" y="503" style="text-anchor: middle;" class="messageText">HTTP 301 app</text><line x1="75" y1="510" x2="475" y2="510" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="575" y="538" style="text-anchor: middle;" class="messageText">/verify/app</text><line x1="475" y1="545" x2="675" y2="545" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="675" y="573" style="text-anchor: middle;" class="messageText">Authenticated?</text><path d="M 675,580 C 735,570 735,610 675,600" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="675" y="638" style="text-anchor: middle;" class="messageText">Yes!</text><path d="M 675,645 C 735,635 735,675 675,665" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="875" y="703" style="text-anchor: middle;" class="messageText">Authorized?</text><line x1="675" y1="710" x2="1075" y2="710" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="875" y="738" style="text-anchor: middle;" class="messageText">Yes?</text><line x1="1075" y1="745" x2="675" y2="745" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="575" y="773" style="text-anchor: middle;" class="messageText">HTTP 200</text><line x1="675" y1="780" x2="475" y2="780" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="875" y="808" style="text-anchor: middle;" class="messageText"></text><line x1="475" y1="815" x2="1275" y2="815" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="875" y="843" style="text-anchor: middle;" class="messageText"></text><line x1="1275" y1="850" x2="475" y2="850" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="275" y="878" style="text-anchor: middle;" class="messageText">OK!</text><line x1="475" y1="885" x2="75" y2="885" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><rect x="0" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="75" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="75" dy="0">Browser</tspan></text></g><g><rect x="200" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="275" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="275" dy="0">Identity Provider</tspan></text></g><g><rect x="400" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="475" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="475" dy="0">Ingress</tspan></text></g><g><rect x="600" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="675" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="675" dy="0">Pomerium</tspan></text></g><g><rect x="800" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="875" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="875" dy="0">Pomerium AuthN</tspan></text></g><g><rect x="1000" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1075" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1075" dy="0">Pomerium AuthZ</tspan></text></g><g><rect x="1200" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1275" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1275" dy="0">app</tspan></text></g></svg>
\ No newline at end of file
diff --git a/docs/docs/topics/img/certificate-domain-challenge.png b/docs/docs/topics/img/certificate-domain-challenge.png
deleted file mode 100644
index 7f0dcc71c..000000000
Binary files a/docs/docs/topics/img/certificate-domain-challenge.png and /dev/null differ
diff --git a/docs/docs/topics/img/certificate-wildcard-domain.png b/docs/docs/topics/img/certificate-wildcard-domain.png
deleted file mode 100644
index bf7b8c395..000000000
Binary files a/docs/docs/topics/img/certificate-wildcard-domain.png and /dev/null differ
diff --git a/docs/docs/topics/img/certificates-ssl-report.png b/docs/docs/topics/img/certificates-ssl-report.png
deleted file mode 100644
index a56663a8d..000000000
Binary files a/docs/docs/topics/img/certificates-ssl-report.png and /dev/null differ
diff --git a/docs/docs/topics/img/certificates-valid-secure-certificate.png b/docs/docs/topics/img/certificates-valid-secure-certificate.png
deleted file mode 100644
index 68fc6275e..000000000
Binary files a/docs/docs/topics/img/certificates-valid-secure-certificate.png and /dev/null differ
diff --git a/docs/docs/topics/img/inspect-headers.png b/docs/docs/topics/img/inspect-headers.png
deleted file mode 100644
index 09c5bbf49..000000000
Binary files a/docs/docs/topics/img/inspect-headers.png and /dev/null differ
diff --git a/docs/docs/topics/img/jaeger.png b/docs/docs/topics/img/jaeger.png
deleted file mode 100644
index ea1b1b53d..000000000
Binary files a/docs/docs/topics/img/jaeger.png and /dev/null differ
diff --git a/docs/docs/topics/img/security-headers.png b/docs/docs/topics/img/security-headers.png
deleted file mode 100644
index d8833385a..000000000
Binary files a/docs/docs/topics/img/security-headers.png and /dev/null differ
diff --git a/docs/docs/topics/img/verge-apple.png b/docs/docs/topics/img/verge-apple.png
deleted file mode 100644
index b014cf0b4..000000000
Binary files a/docs/docs/topics/img/verge-apple.png and /dev/null differ
diff --git a/docs/docs/topics/img/verifying-headers-1.png b/docs/docs/topics/img/verifying-headers-1.png
deleted file mode 100644
index 087de50cd..000000000
Binary files a/docs/docs/topics/img/verifying-headers-1.png and /dev/null differ
diff --git a/docs/docs/topics/img/verifying-headers-2.png b/docs/docs/topics/img/verifying-headers-2.png
deleted file mode 100644
index 67883ef7a..000000000
Binary files a/docs/docs/topics/img/verifying-headers-2.png and /dev/null differ
diff --git a/docs/docs/topics/load-balancing.md b/docs/docs/topics/load-balancing.md
deleted file mode 100644
index ce8c9a6a2..000000000
--- a/docs/docs/topics/load-balancing.md
+++ /dev/null
@@ -1,132 +0,0 @@
----
-title: Upstream Load Balancing
-description: >-
-  This article covers Pomerium built-in load balancing capabilities in presence of multiple upstreams.
----
-
-# Upstream Load Balancing
-
-This article covers Pomerium built-in load balancing capabilities in presence of multiple upstreams.
-
-## Multiple Upstreams
-
-You may specify multiple servers for your upstream application, and Pomerium would load balance user requests between them.
-
-```yaml
-routes:
-  - from: https://myapp.localhost.pomerium.io
-    to:
-      - http://myapp-srv-1:8080
-      - http://myapp-srv-2:8080
-```
-
-::: tip
-
-In the presence of multiple upstreams, make sure to specify either an active or passive health check, or both, to avoid requests being served to an unhealthy backend.
-
-:::
-
-## Active Health Checks
-
-Active health checks issue periodic requests to each upstream to determine its health.
-See [Health Checking](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/health_checking) for a comprehensive overview.
-
-### HTTP Example
-
-```yaml
-routes:
-  - from: https://myapp.localhost.pomerium.io
-    to:
-      - http://myapp-srv-1:8080
-      - http://myapp-srv-2:8080
-    health_checks:
-      - timeout: 10s
-        interval: 60s
-        healthy_threshold: 1
-        unhealthy_threshold: 2
-        http_health_check:
-          path: "/"
-```
-
-### TCP Example
-
-```yaml
-routes:
-  - from: tcp+https://tcp-service.localhost.pomerium.io
-    to:
-      - tcp://tcp-1.local
-      - tcp://tcp-2.local
-    health_checks:
-      - timeout: 1s
-        interval: 5s
-        unhealthy_threshold: 3
-        healthy_threshold: 1
-        tcp_health_check:
-          send:
-            text: "50494E47" #PING
-          receive:
-            text: "504F4E47" #PONG
-```
-
-## Passive Health Checks
-
-Passive health check tries to deduce upstream server health based on recent observed responses.
-See [Outlier Detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) for comprehensive overview.
-
-```yaml
-routes:
-  - from: https://myapp.localhost.pomerium.io
-    to:
-      - http://myapp-srv-1:8080
-      - http://myapp-srv-2:8080
-    outlier_detection: {}
-```
-
-## Load Balancing Method
-
-`lb_policy` should be set to [one of the values](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers):
-
-- [`ROUND_ROBIN`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-round-robin) (default)
-- [`LEAST_REQUEST`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-least-request) and may be further configured using [`least_request_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-leastrequestlbconfig)
-- [`RING_HASH`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) and may be further configured using [`ring_hash_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-ringhashlbconfig) option
-- [`RANDOM`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#random)
-- [`MAGLEV`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and may be further configured using [`maglev_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-maglevlbconfig) option
-
-### Example
-
-```yaml
-routes:
-  - from: https://myapp.localhost.pomerium.io
-    to:
-      - http://myapp-srv-1:8080
-      - http://myapp-srv-2:8080
-      - http://myapp-srv-3:8080
-      - http://myapp-srv-4:8080
-      - http://myapp-srv-5:8080
-    lb_policy: LEAST_REQUEST
-    least_request_lb_config:
-      choice_count: 2 # current envoy default
-```
-
-## Load Balancing Weight
-
-When a list of upstream URLs is specified in the `to` field, you may append an optional load balancing weight parameter. The individual [`lb_policy`](#load-balancing-method) settings will take this weighting into account when making routing decisions.
-
-### Example
-
-This configuration uses the default `round_robin` load balancer policy but specifies different frequency of selection be applied to the upstreams.
-
-```yaml
-routes:
-  - from: https://myapp.localhost.pomerium.io
-    to:
-      - http://myapp-srv-1:8080,10
-      - http://myapp-srv-2:8080,20
-      - http://myapp-srv-3:8080,30
-      - http://myapp-srv-4:8080,20
-      - http://myapp-srv-5:8080,10
-```
-
-## Further reading
-
-- [Introduction to modern network load balancing and proxying](https://blog.envoyproxy.io/introduction-to-modern-network-load-balancing-and-proxying-a57f6ff80236)
diff --git a/docs/docs/topics/mutual-auth.md b/docs/docs/topics/mutual-auth.md
deleted file mode 100644
index eb5374cb4..000000000
--- a/docs/docs/topics/mutual-auth.md
+++ /dev/null
@@ -1,394 +0,0 @@
----
-title: Mutual Authentication
-lang: en-US
-sidebarDepth: 1
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, mutual authentication, jwt, jwks, mtls
-description: >-
-  This page describes the concept of mutual authentication and why it's important.
----
-
-# Mutual Authentication: A Component of Zero Trust
-
-Pomerium provides a good layer of security out of the box, but it's not (and can't be) configured for complete [zero trust] right out of the box. This page explains several methods of achieving mutual authentication — a big part of the zero trust model — with practical examples.
-
-This is a nuanced topic that dives into several specific security practices that provide mutual authentication. You can use the table of contents below to narrow down to the specific tools you're interested in or read the entire doc for a deeper understanding of how these tools work together to support strong infrastructure security.
-
-[[toc]]
-
-## What Is Mutual Authentication?
-
-The concept of mutual authentication is deceptively simple. It means that both sides of a connection can validate the identity of the other. The application of this concept, however, can be varied and complex. Pomerium provides the features and capability to provide mutual authentication between itself and end users, as well as between itself and upstream services, but configuring those external endpoints can vary depending on each service's features.
-
-## Pomerium Defaults
-
-- **Security**: Moderate
-- **Difficulty**: Easy
-- **Encrypted**: Yes (from the end user to Pomerium. It's up to the service to provide a TLS endpoint for Pomerium to use.)
-- **Mutual Authentication**: None
-
-Let's look at a basic installation of Pomerium on a local network, with a single upstream service. This service contains sensitive data that we want to ensure is confidential and cannot be tampered with.
-
-::: tip Note
-Throughout this guide we will diagram Pomerium as a single service, as it is in all-in-one mode. This is the version provided by our [binaries] and in our Docker-based [Quick Start] page.
-:::
-
-```mermaid
-flowchart LR
-  C(End User)
-  D(Identity Provider)
-  C==o A
-  A-.-D
-  subgraph lan[Internal Network]
-    style lan stroke-dasharray: 5 5
-    A(Pomerium)
-    B(Upstream Service)
-    A --- B
-  end
-```
-
-1. When the user connects to the route `service.example.com` the traffic is received by Pomerium.
-1. Pomerium redirects the user to the identity provider (**IdP**) to sign in and validate their identity.
-1. After signing in to the IdP, Pomerium verifies that the authenticated (**AuthN**) user is authorized (**AuthZ**) to access the service, and begins communication with it.
-
-This is a good start, only the users that are supposed to have access to the service get through. But this model is dependent on the security of your network perimeter. If a bad actor gains access to your internal network, they can now communicate with the service directly:
-
-```mermaid
-flowchart LR
-  C(End User)
-  C==o A
-  subgraph lan[Internal Network]
-    style lan stroke-dasharray: 5 5
-    A(Pomerium)
-    B(Upstream Service)
-    A --- B
-  end
-  E[/Hacker/]---B
-```
-
-While your network *should* be secured to only allow traffic at specified ports and directed to specified services, this creates a single point of failure. A hacker need only bypass your firewall to get direct access to your service.
-
-## JWT Verification: Application-based Mutual Authentication
-
-- **Security**: Strong
-- **Difficulty**: Moderate
-- **Encrypted**: Yes (from the end user to Pomerium. It's up to the service to provide a TLS endpoint for Pomerium to use.)
-- **Mutual Authentication**: Application Layer
-
-Many, but not all, modern web applications support [JSON web tokens][jwt-rfc] (**JWTs**). These tokens can be provided by Pomerium (with the [`pass_identity_headers`] key) so that an upstream service can independently verify that the traffic has properly gone through Pomerium, and that the incoming user request is authorized.
-
-JWTs are verified the same way as TLS certificates, by checking that they are signed by a trusted authority. Pomerium provides that authority with a JSON web key set (**JWKS**) which signs the JWT. Upstream services that utilize JWTs can be directed to Pomerium for the JWKS.
-
-Let's look at an example:
-
-```mermaid
-flowchart LR
-  D(End User)
-  C(Identity Provider)
-  D==oA
-  subgraph lan[Internal Network]
-    direction LR
-    style lan stroke-dasharray: 5 5
-    A(Pomerium)
-    B(Upstream Service)
-    A ==o B
-  end
-  B-.JWKS Verification.-A
-  C-.-A
-```
-
-1. When the user connects to the route `service.example.com` the traffic is received Pomerium.
-1. Pomerium redirects the user to the identity provider (**IdP**) to sign in and validate their identity.
-1. After authentication succeeds, Pomerium verifies that the authenticated user is authorized to access the upstream service, and sends the connection to it, including the `X-Pomerium-JWT-Assertion` header containing the JWT signed by the key set in Pomerium.
-1. The upstream service reads the signing key from Pomerium, and uses it to validate the JWT. Finding that the JWT was signed by the trusted key, the traffic is allowed.
-
-Our hacker may be able to forge a basic JWT, but they can't sign it with the key secured in the Pomerium configuration, so the upstream service rejects their connections:
-
-```mermaid
-flowchart LR
-D(End User)
-C(Identity Provider)
-D==oA
-subgraph lan[Internal Network]
-  direction LR
-  style lan stroke-dasharray: 5 5
-  A(Pomerium)
-  B(Upstream Service)
-  A ==o B
-end
-B-.JWKS Verification.-A
-C-.-A
-E[/Hacker/] --x B
-```
-
-In this way, we've applied a zero trust security model to the application layer of our infrastructure's network model. You can see JWT verification in practice with our [Grafana] integration guide.
-
-## mTLS: Protocol-based Mutual Authentication
-
-- **Difficulty**: Hard
-- **Encrypted**: Yes
-- **Mutual Authentication**: Protocol Layer
-
-### North-south mTLS
-
-Most tech professionals are familiar with [Transport Layer Security] (**TLS**). The majority of traffic on the web today is sent using TLS. In addition to encrypting data using the server's TLS certificate, the server identity is validated by the certificate and the Certificate Authority (**CA**) that signed it.
-
-```mermaid
-flowchart RL
-  subgraph pc [PC]
-    D(Browser) -.- B(Trusted Keystore)
-  end
-  subgraph Server
-    A(Service)-.Certificate.->D
-  end
-  D==oA
-  style pc fill: white, stroke: black
-style Server fill: white, stroke: black
-```
-
-1. The browser initiates a connection to `example.com` over the `http` protocol.
-1. The server sends its public certificate to the browser.
-1. The browser reads the certificate chain to find the CA, and checks against the computer's keystore to see if the CA is one that it trusts.
-1. After confirming the CA is trusted the browser reconnects to the server, this time using the `https` protocol and encrypting the traffic using the public certificate.
-
-The process above, an example of [north-south traffic](https://en.wikipedia.org/wiki/North-south_traffic) over HTTPS, confirms the identity of the *server*, protecting the client. Mutual TLS (**mTLS**) allows the server to confirm the identity of the *client* using a client certificate.
-
-```mermaid
-flowchart RL
-  subgraph pc [PC]
-    D(Browser) -.- B(Trusted Keystore)
-  end
-  subgraph Server
-    A(Service)-.-C(Trusted Keystore)
-  end
-  D(Browser)-. Client Certificate .->A
-  A-. Server Certificate ..->D
-  D<==>A
-  style pc fill: white, stroke: black
-  style Server fill: white, stroke: black
-```
-
-1. After the server certificate is trusted and an `HTTPS` connection is established, the server requests a client certificate.
-1. The user is prompted to use one of the certificates previously imported into the browser. This certificate is sent to the server
-1. The server validates the client certificate signing authority against its trusted keystore or authorized client CA. Once authorized, the server resumes normal encrypted communication with the client.
-
-### East-west mTLS
-
-Traffic between services in an internal network is referred to as [east-west traffic](https://en.wikipedia.org/wiki/East-west_traffic). mTLS can also be configured between Pomerium and the end user, and/or with an upstream service. Configuring mTLS for many end users is cumbersome, and new technologies like [device identity verification] provide verification of the user and their hardware. But mTLS between Pomerium and an upstream service (the east-west traffic) need only be configured once per service, and minimally maintained by updating certificates.
-
-```mermaid
-flowchart LR
-  A(End User)
-  B[/Hacker/]
-  subgraph lan[Internal Network]
-    style lan stroke-dasharray: 5 5
-    C(Pomerium)
-    D(Service)
-  end
-  A<==>C
-  C<==>D
-  B---xD
-```
-
-In this way, we've applied a zero trust security model to the protocol layer of our infrastructure's network model.
-
-## Mutual Authentication With a Sidecar
-
-If your company depends on software that was not built for mutual authentication, you can still secure those services using a **Sidecar**. This is a piece of software designed to provide a new sole method of accessing a service, and provides the authentication for traffic routed to that service.
-
-We describe the technical steps to test such a configuration using Envoy and Docker containers in our [JWT Verification] guide, but let's describe it conceptually here:
-
-```mermaid
-flowchart LR
-  A(End User)
-  B(Pomerium)
-  C(Sidecar)
-  D(Service)
-  subgraph lan[Internal Network]
-    style lan stroke-dasharray: 5 5
-    subgraph spacing[ ]
-      style spacing stroke-width:0px,fill:#ffffde;
-    end
-    subgraph docker1 [Docker Network Frontend]
-      style docker1 stroke-dasharray:5 5;
-      B
-    end
-    subgraph docker2 [Docker Network Backend]
-      C
-      D
-    end
-  end
-  A==oB
-  B<==>C
-  C---D
-```
-
-In this example, the service is only network-accessible from the `backend` network. The only other container with access to that network is `sidecar`, which performs the JWT or mTLS authentication before allowing traffic to the service.
-
-Because the `backend` network is inaccessible to any traffic not coming from the sidecar, a bad actor has no way of accessing it:
-
-```mermaid
-flowchart LR
-  A(End User)
-  B(Pomerium)
-  C(Sidecar)
-  D(Service)
-  E[/Hacker/]
-  subgraph lan[Internal Network]
-    style lan stroke-dasharray: 5 5
-    subgraph spacing[ ]
-      style spacing stroke-width:0px,fill:#ffffde;
-    end
-    subgraph docker1 [Docker Network Frontend]
-      style docker1 stroke-dasharray:5 5;
-      B
-    end
-    subgraph docker2 [Docker Network Backend]
-      C
-      D
-    end
-  end
-  A==oB
-  B<==>C
-  C---D
-  E---xdocker2
-```
-
-## Putting It All Together
-
-Each of the techniques described above provides an additional form of security. Which you choose to apply to your infrastructure depends on your needs, end users, and what your services and/or infrastructure can support.
-
-Security practices can often seem like a scale with best practices at one end and ease of use at the other. Pomerium is designed to make it reasonably easy to enable the best security model that fits each service. For example, it's usually not reasonable to expect a service with many unique end users to require client certificates for downstream mTLS, but communication between Pomerium and the upstream application or service mesh can use it without any additional overhead for the client.
-
-At this point, the security model becomes difficult to accurately describe with a simple graph... but we'll try anyway.
-
-```mermaid
-flowchart LR
-  A(End User)
-  B(Pomerium)
-  C(Identity Provider)
-  D(User App)
-  E(Admin Services)
-  F(Sidecar)
-  G(Admin)
-  H(API)
-  subgraph lan[Internal Network]
-    style lan stroke-dasharray: 5 5
-    direction LR
-    B
-    D
-    E
-    F
-    subgraph Sidecar [Secure VLAN];
-      H
-      F---H
-    end
-  end
-  A ==TLS==o B
-  B<==mTLS==>D
-  B-.JWT.-D
-  B<==mTLS==>E
-  B<==mTLS===>F
-  G<==mTLS==>B
-  C-.-B
-```
-
-- In this example, End users authenticate with Pomerium to access the user app:
-  - Their connection to Pomerium is authenticated after signing in to their identity provider, and encrypted with TLS.
-  - The communication between Pomerium and the user app is mutually authenticated with mTLS, and the user's JWT is passed from Pomerium to the app to confirm the user identity to the service. The service validates the JWT against Pomerium's signing Key.
-- The admin also authenticates with Pomerium to access their services:
-  - The connection is authenticated and encrypted the same as the user's, but the route to the admin app also requires a client certificate for mutual authentication at the protocol layer.
-  - The connections from the admin to the admin services are now mutually authenticated both upstream and downstream from Pomerium.
-- The API server is required by both the user and admin apps. Rather than build authentication into the API service, it is accessible only through a sidecar. The sidecar only accepts mTLS-authenticated connections from the proxy, so both apps connect to the API through Pomerium.
-
-## Legend
-
-The expandable legend below describes how different elements are used in the graphs above.
-
-::: details Legend
-The graphs in this guide use a consistent format to indicate certain aspects of the data flow.
-
----
-
-```mermaid
-flowchart LR
-A --HTTP--- B
-```
-
-Thin lines represent un-encrypted traffic over HTTP.
-
----
-
-```mermaid
-flowchart LR
-A[Client]==tls==o B[Server]
-```
-
-Thick lines represent encrypted traffic using TLS. the circle represents which end of the connection is providing a certificate to establish trust.
-
----
-
-```mermaid
-flowchart LR
-A<==mTLS==>B
-```
-
-Thick lines with arrows on both ends represent a connection secured by mTLS, where each side provides a TLS certificate and the other can verify its identity.
-
----
-
-```mermaid
-flowchart LR
-A-.out-of-band.-B
-```
-
-Dashed lines represent out-of-band connections. These occur when, for example, various services talk to each other to validate connections made by the user.
-
----
-
-```mermaid
-flowchart LR
-A[/Hacker/]--broken--x B[Server]
-```
-
-Lines with an **X** represent a failed attempt to gain access to a system.
-
----
-
-```mermaid
-flowchart LR
-subgraph Internet
-style Internet stroke-dasharray: 5 5
-D[Client]
-end
-subgraph lan [Internal Network]
-  direction TB
-  style lan stroke-dasharray: 5 5
-  A[Pomerium]
-  D--oA
-  A<==>E
-  E[Service Mesh]
-  E<==>C
-  subgraph docker [Docker Network]
-    style docker margin-top: 10
-    direction TB
-    C[Service]
-  end
-end
-```
-
-Yellow blocks represent different networks like the internet, an internal network, or a virtual network like Docker provides. Dashed borders represent network perimeters allowing general access. Solid borders represent secured perimeters only permitting the traffic represented in the diagram.
-:::
-
-[binaries]: /docs/install/binary.md
-[device identity verification]: /docs/topics/device-identity.md
-[Grafana]: /guides/grafana.md
-[JWT Verification]: /guides/jwt-verification.md
-[jwt-rfc]: https://datatracker.ietf.org/doc/html/rfc7519
-[Kubernetes]: /docs/k8s/helm.md
-[`pass_identity_headers`]: /reference/readme.md#pass-identity-headers
-[Quick Start]: /docs/install/readme.md
-[Transport Layer Security]: https://en.wikipedia.org/wiki/Transport_Layer_Security
-[zero trust]: https://www.pomerium.com/docs/background.html
-
diff --git a/docs/docs/topics/original-request-context.md b/docs/docs/topics/original-request-context.md
deleted file mode 100644
index 14ddc318a..000000000
--- a/docs/docs/topics/original-request-context.md
+++ /dev/null
@@ -1,123 +0,0 @@
----
-title: Original User Context
-description: This article describes how the original user context is passed secondary requests.
-sidebarDepth: 0
----
-
-# Original User Context
-
-::: tip
-This article describes a use case available to [Pomerium Enterprise](/enterprise/about.md) customers.
-:::
-
-In enterprise environments where multiple services protected by Pomerium communicate with each other using a [service account](/enterprise/concepts.md#service-accounts), there are scenarios where the original user context must be preserved. This article describes how this is accomplished with the `X-Pomerium-Jwt-Assertion-For` header.
-
-## Abstract
-
-When a User communicates with a service downstream of Pomerium, the service can identify that user by the `X-Pomerium-JWT-Assertion` header, added by Pomerium, which provides as a value a JSON web token (**JWT**) identifying the user.
-
-Should that service need to communicate with another Pomerium-protected service to construct the response, that connection should be authorized through Pomerium with a [Service Account](/enterprise/concepts.md#service-accounts). Service accounts should be provided to Pomerium from the first service as a bearer token header, i.e. `Authorization: Bearer Pomerium-${service_acount_jwt}`. This header is how the secondary service authenticates the machine-to-machine interaction.
-
-Should that second service need to know the original user context to return the proper response, it would have no way of knowing, as the first service authenticated as the service account and not the original user.
-
-The solution is to have the first service forward the headers, including `X-Pomerium-JWT-Assertion`, in its request to the second service. When Pomerium receives a request that already includes this header, it passes the value to the second service in the `X-Pomerium-JWT-Assertion-For` header. This header can be read by the secondary service to identify the user context.
-
-Should the second service need to communicate with a tertiary service (or more), it can also pass along the original headers it received. When Pomerium receives a request with the `X-Pomerium-JWT-Assertion-For` header, it preserves the value as provided to all additional upstream services.
-
-## Example
-
-Let's look at two example routes, App and API:
-
-```yaml
-routes:
-  - name: App
-    from: https://app.localhost.pomerium.io
-    to: https://appserver.local
-    pass_identity_headers: true
-    policy:
-      - allow:
-          or:
-            - domain:
-                is: companydomain.com
-  - name: API
-    from: https://api.localhost.pomerium.io
-    to: https://apiserver.local
-    pass_identity_headers: true
-    policy:
-      - allow:
-          or:
-            - user:
-                is: api-access
-```
-
-- **App** is a user-facing application. Users connect to it through Pomerium.
-- **API** is also accessed through it's Pomerium Route, but is only accessible by the **App**, using a [service account](/enterprise/reference/configure.md#service-accounts) to authenticate.
-- The **API** service needs to know the user making the request to **App** in order to formulate the correct response.
-
-Both Routes include [`pass_identity_headers`](/reference/readme.md#pass-identity-headers), which provides (at minimum) the `X-Pomerium-Jwt-Assertion` header to the downstream application.
-
-When a user makes a request that requires data from the API service, the following happens:
-
-```mermaid
-sequenceDiagram
-    autonumber
-    participant Browser
-    participant Pomerium
-    participant App
-    participant API
-    participant API2
-    Browser->>Pomerium: Authenticated Request
-    rect rgba(197, 183, 221)
-        Pomerium-->>App: X-Pomerium-JWT-Assertion (User JWT)
-        %%rect rgba(0, 255, 255)
-            Note over App: "App" copies X-Pomerium-JWT-Assertion <br/>from the original request
-            App-->>Pomerium: X-Pomerium-JWT-Assertion (User JWT)<br/> Service Account Bearer Token
-            Note over Pomerium, App: "App" calls "API" through Pomerium.
-            Pomerium-->>API: X-Pomerium-JWT-Assertion (Service Account) <br/>X-Pomerium-JWT-Assertion-For (User JWT)
-            Note over Pomerium, API: Pomerium copies X-Pomerium-JWT-Assertion as X-Pomerium-JWT-Assertion-For
-       %% end
-        Note over API: The "API" service uses <br/>X-Pomerium-JWT-Assertion-For <br/>To identify context
-        API-->>Pomerium: Response
-        Pomerium-->>App: Response
-        App-->>Pomerium: Result Page
-    end
-    Pomerium->>Browser: Result Page
-```
-
-1. The user first authenticates with Pomerium.
-
-1. As the traffic is passed to **App**, Pomerium adds the `X-Pomerium-Jwt-Assertion` header with the JWT for the user as a value.
-
-1. The **App** software has been configured by the software developer to send a request to **API**, using a bearer token to authenticate as the service account, with the original `X-Pomerium-Jwt-Assertion` header forwarded as well.
-
-1. Pomerium, seeing that the incoming request already includes `X-Pomerium-JTW-Assertion` copies the value  to `X-Pomerium-Jwt-Assertion-For` and includes it in the request to **API**. `X-Pomerium-Jwt-Assertion` now contains the service account bearer token
-
-1. Now the **API** can service can read `X-Pomerium-Jwt-Assertion-For` as needed to determine the proper response to send to **App** (through Pomerium), which can then construct the results page for the user.
-
-
-### Secondary Requests
-
-Suppose the **API** service needed to connect to another machine interface (which we'll call **API2**) for additional information, and this call also needs the original user context.
-
-If **API** is configured to pass along the `X-Pomerium-JWT-Assertion-For` header, Pomerium will recognize and preserve this. All subsequent connections with this header forwarded will perpetuate the original user context.
-
-```mermaid
-sequenceDiagram
-    autonumber
-    participant Browser
-    participant Pomerium
-    participant App
-    participant API
-    participant API2
-    rect rgba(197, 183, 221)
-        opt Secondary Request
-            Note over API, Pomerium: "API" is configured to pass all headers from the original request.
-            API-->>Pomerium: X-Pomerium-JWT-Assertion (Service Account Bearer Token) <br/>X-Pomerium-JWT-Assertion-For (User JWT)
-            Note over Pomerium, API2: Pomerium preserves X-Pomerium-JWT-Assertion-For as provided by "API"
-            Pomerium-->> API2: X-Pomerium-JWT-Assertion (Service Account) <br/>X-Pomerium-JWT-Assertion-For (User JWT)
-            Note over API2: "API2" reads X-Pomerium-JWT-Assertion-For <br/>for user context
-            API2-->>Pomerium: Response
-            Pomerium-->>API: Response
-        end
-    end
-```
diff --git a/docs/docs/topics/ppl.md b/docs/docs/topics/ppl.md
deleted file mode 100644
index 632ad245a..000000000
--- a/docs/docs/topics/ppl.md
+++ /dev/null
@@ -1,215 +0,0 @@
----
-title: Pomerium Policy Language
-description: >-
-  This article covers Pomerium Policy Language, used to define secure access policies for routes.
----
-
-# Pomerium Policy Language
-
-Pomerium Policy Language (**PPL**) is a [yaml]-based notation for creating easy and flexible authorization policies. This document covers the usage of PPL and provides several example policies.
-
-## At a Glance
-
-Each PPL policy has at the top level a set of `allow` or `deny` actions, with a list of logical operators, criteria, matchers, and values underneath. For example:
-
-```yaml
-allow:
-  and:
-  - domain:
-      is: example.com
-  - groups:
-      has: admin
-deny:
-  or:
-  - user:
-      is: user1@example.com
-  - user:
-      is: user2@example.com
-```
-
-This policy will allow a user with an email address at `example.com` who **is also** a member of the `admin` group. It will deny `user1` **or** `user2`, regardless of their domain and group membership.
-
-## Rules
-
-A PPL document is either an object or an array of objects. The object represents a rule where the action is the key and the value is an object containing the logical operators.
-
-## Actions
-
-Only two actions are supported: `allow` and `deny`. `deny` takes precedence over `allow`. More precisely: a user will have access to a route if **at least one** `allow` rule matches and **no** `deny` rules match.
-
-## Logical Operators
-
-A logical operator combines multiple criteria together for the evaluation of a rule. There are 4 logical operators: `and`, `or`, `not` and `nor`.
-
-::: details More on Logical Operators
-Given the following example with `OPERATOR` replaced:
-
-```yaml
-allow:
-  OPERATOR:
-  - domain:
-      is: example.com
-  - groups:
-      has: admin
-```
-
-If `and` is used, the user will have access if their email address ends in `example.com` **and** they are a member of the admin group. **(A ∧ B)**
-
-If `or` is used, the user will have access if their email address ends in `example.com` **or** they are a member of the admin group. **(A ∨ B)**
-
-If `not` is used, the user will have access if their email address does not end in `example.com` **and** they are not a member of the `admin` group. **(¬A ∧ ¬B)**
-
-If `nor` is used, the user will have access if their email address does not end in `example.com` **or** they are not a member of the admin group. **(¬A ∨ ¬B)**
-:::
-
-## Criteria
-
-Criteria in PPL are represented as an object where the key is the name and optional sub-path of the criterion, and the value changes depending on which criterion is used. A sub-path is indicated with a `/` in the name:
-
-```yaml
-allow:
-  and:
-  - claim/family_name: Smith
-```
-
-PPL supports many different criteria:
-
-| Criterion Name               | Data Format                   | Description                                                                                                                                                                                                                  |
-| ---------------------------- | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `accept`                     | Anything. Typically `true`.   | Always returns true, thus always allowing access. Equivalent to the [`allow_public_unauthenticated_access`] option.                                                                                                          |
-| `authenticated_user`         | Anything. Typically `true`.   | Always returns true for logged-in users. Equivalent to the [`allow_any_authenticated_user`] option.                                                                                                                          |
-| `claim`                      | Anything. Typically a string. | Returns true if a token claim matches the supplied value **exactly**. The claim to check is determined via the sub-path. <br/> For example, `claim/family_name: Smith` matches if the user's `family_name` claim is `Smith`. |
-| `cors_preflight`             | Anything. Typically `true`.   | Returns true if the incoming request uses the `OPTIONS` method and has both the `Access-Control-Request-Method` and `Origin` headers. Used to allow [CORS pre-flight requests].                                              |
-| `device`                     | [Device matcher]              | Returns true if the incoming request includes a valid device ID or type.                                                                                                                                                     |
-| `domain`                     | [String Matcher]              | Returns true if the logged-in user's email address domain (the part after `@`) matches the given value.                                                                                                                      |
-| `email`                      | [String Matcher]              | Returns true if the logged-in user's email address matches the given value.                                                                                                                                                  |
-| `groups`                     | [List Matcher]                | Returns true if the logged-in user is a member of the given group.                                                                                                                                                           |
-| `http_method`                | [String Matcher]              | Returns true if the HTTP method matches the given value.                                                                                                                                                                     |
-| `http_path`                  | [String Matcher]              | Returns true if the HTTP path matches the given value.                                                                                                                                                                       |
-| `invalid_client_certificate` | Anything. Typically `true`.   | Returns true if the incoming request has an invalid client certificate. A default `deny` rule using this criterion is added to all Pomerium policies when an mTLS [client certificate authority] is set.                     |
-| `pomerium_routes`            | Anything. Typically `true`.   | Returns true if the incoming request is for the special `.pomerium` routes. A default `allow` rule using this criterion is added to all Pomerium policies.                                                                   |
-| `reject`                     | Anything. Typically `true`.   | Always returns false. The opposite of `accept`.                                                                                                                                                                              |
-| `user`                       | [String Matcher]              | Returns true if the logged-in user's id matches the given value.                                                                                                                                                             |
-
-[Pomerium Enterprise] supports all the open source criteria, but also supports these additional criteria:
-
-| Criterion Name | Data Format         | Description                                                                            |
-| -------------- | ------------------- | -------------------------------------------------------------------------------------- |
-| `date`         | [Date Matcher]        | Returns true if the time of the request matches the constraints.                       |
-| `day_of_week`  | [Day of Week Matcher] | Returns true if the day of the request matches the constraints.                        |
-| `time_of_day`  | [Time of Day Matcher] | Returns true if the time of the request (for the current day) matches the constraints. |
-
-## Matchers
-
-## Day of Week Matcher
-
-The day of week matcher is a **string**. The string can either be `*`, a comma-separated list of days, or a dash-separated list of days.
-
-  - `*` matches all days.
-  - `,` matches either day (e.g. `mon,wed,fri`).
-  - `-` matches a range of days. (e.g. `mon-fri`). Days can be specified as English full day names, or as 3 character abbreviations. For example:
-
-    ```yaml
-    allow:
-      and:
-        - day_of_week: tue-fri
-    ```
-
-## Date Matcher
-
-The date matcher is an object with operators as keys. It supports the following operators: `after` and `before`. The values are [ISO-8601](https://en.wikipedia.org/wiki/ISO_8601) date strings. `after` means that the time of the request must be after the supplied date and `before` means that the time of the request must be before the supplied date. For example:
-
-```yaml
-allow:
-  and:
-  - date:
-      after: 2020-01-02T16:20:00
-      before: 2150-01-02T16:20:00
-```
-
-## Device Matcher
-
-A device matcher is an object with operators as keys. It supports the following operators:
-
-- `is` - an exact match of the device ID.
-- `approved` - true if the device has been approved. This is an enterprise-only feature.
-- `type` - Specifies the type of device to match on. The available types are `enclave_only` and `any`.
-    - `enclave_only` will only match [platform authenticators](/docs/topics/device-identity.md#secure-enclaves). These include TPM modules and hardware-backed keystores built into mobile devices.
-    - `any` will also match [hardware security keys](/docs/topics/device-identity.md#hardware-security-keys).
-
-For example, a policy to allow any user with a registered device:
-
-```yaml
-- allow:
-    or:
-      - device:
-          type: any
-```
-
-Compare to a policy that only allows a set of specific devices:
-
-```yaml
-- allow:
-    or:
-      - device:
-          is: "5Vn3...C1RS"
-    or:
-      - device:
-          is: "GAtL...doqu"
-```
-
-::: tip
-Users can [find their device IDs](/guides/enroll-device.md#find-device-id) at the `/.pomerium` endpoint from any route.
-:::
-
-### List Matcher
-
-A list matcher is an object with operators as keys. It supports the following operators: `has`. For example:
-
-```yaml
-allow:
-  and:
-  - groups:
-      has: 'admin'
-```
-
-### String Matcher
-
-A string matcher is an object with operators as keys. It supports the following operators: `contains`, `ends_with`, `is` and `starts_with`. For example:
-
-```yaml
-allow:
-  and:
-  - email:
-      starts_with: 'admin@'
-```
-
-## Time of Day Matcher
-
-The time of day matcher is an object with operators as keys. It supports the following operators: `timezone`, `after`, and `before`.
-
-`timezone` is required and specifies the timezone to use when interpreting the supplied times. It is recommended to use city names (like `America/Phoenix`) instead of standard timezone abbreviations because standard timezones change throughout the year (i.e. EST becomes EDT and back again).
-
-`after` means the time of the request must be after the supplied time and `before` means that the time of the request must be before the supplied time. For example:
-
-```yaml
-allow:
-  and:
-    - time_of_day:
-        timezone: UTC
-        after: 2:20:00
-        before: 4:30PM
-```
-
-[`allow_public_unauthenticated_access`]: /reference/readme.md#public-access
-[`allow_any_authenticated_user`]: /reference/readme.md#allow-any-authenticated-user
-[CORS pre-flight requests]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests
-[client certificate authority]: /reference/readme.md#client-certificate-authority
-[Pomerium Enterprise]: /enterprise/about.md
-[yaml]: https://en.wikipedia.org/wiki/YAML
-[String Matcher]: #string-matcher
-[Date Matcher]: #date-matcher
-[Day of Week Matcher]: #day-of-week-matcher
-[Time of Day Matcher]: #time-of-day-matcher
-[List Matcher]: #list-matcher
-[Device matcher]: #device-matcher
\ No newline at end of file
diff --git a/docs/docs/topics/programmatic-access.md b/docs/docs/topics/programmatic-access.md
deleted file mode 100644
index ac35a94a2..000000000
--- a/docs/docs/topics/programmatic-access.md
+++ /dev/null
@@ -1,118 +0,0 @@
----
-title: Programmatic access
-description: >-
-  This article describes how to configure pomerium to be used to enable
-  machine-to-machine programmatic access.
----
-
-# Programmatic access
-
-This page describes how to obtain Pomerium access credentials programmatically via a web-based oauth2 style authorization flow. If you have ever used Google's `gcloud` commandline app, the mechanism is very similar.
-
-## Components
-
-### Login API
-
-The API returns a cryptographically signed sign-in url that can be used to complete a user-driven login process with Pomerium and your identity provider. The login API endpoint takes a `pomerium_redirect_uri` query parameter as an argument which points to the location of the callback server to be called following a successful login.
-
-Here's a full example.
-
-```bash
-# we'll call the hidden pomerium path below against a proxied-by-pomerium
-# service, like our verify app below
-ANY_POMERIUM_PROXIED_SERVICE=verify.example.com
-
-# the service we're developing locally, this needs to be localhost to work with
-# `pomerium_redirect_uri`, see **NOTE** below, to override this default
-MY_LOCAL_DEV_SERVICE=http://localhost:8000
-
-# create a request to the pomerium-proxied service
-# `/.pomerium/...` is available for any proxied service
-curl "https://$ANY_POMERIUM_PROXIED_SERVICE/.pomerium/api/v1/login?pomerium_redirect_uri=$MY_LOCAL_DEV_SERVICE"
-
-# will output a URL like:
-# https://authenticate.example.com/.pomerium/sign_in?pomerium_redirect_uri=http%3A%2F%2Flocalhost%3Fpomerium_callback_uri%3Dhttps%253A%252F%verify.example.com%252F.pomerium%252Fapi%252Fv1%252Flogin%253Fpomerium_redirect_uri%253Dhttp%253A%252F%252Flocalhost&sig=hsLuzJctmgsN4kbMeQL16fe_FahjDBEcX0_kPYfg8bs%3D&ts=1573262981
-
-# open url above in a browser and you'll get redirected in the browser to
-# > http://$MY_LOCAL_DEV_SERVICE/?pomerium_jwt=a.real.jwt or expanded as
-# http://localhost:8000/?pomerium_jwt=programmatic.pomerium.jwt
-
-# you can now use the value from `pomerium_jwt` to Authorize to our proxied endpoint (which you could use to proxy `localhost`)
-
-curl -H 'Authorization: Pomerium a.real.jwt' https://verify.example.com
-```
-
-- `service.example.com` is our endpoint fronted by pomerium-proxy
-- `localhost:8000` is our service we're developing locally, it'll need to accept the programmatic token directly as a query param `?pomerium_jwt=programmatic.pomerium.jwt` _see [callback handler](#callback-handler)_
-- `authenticate.example.com` is the pomerium-authenticate service, we'll open that in the browser to authenticate, it will be set as `iss` on the jwt
-
-**Note**: By default only `localhost` URLs are allowed as the `pomerium_redirect_uri`. This can be customized with the `programmatic_redirect_domain_whitelist` option.
-
-### Alternative to Login API for `localhost` development
-
-Alternatively you can create a new policy to route an endpoint to a [bastion host](https://en.wikipedia.org/wiki/Bastion_host). You should include a HTTP proxy on this bastion host for HTTPS traffic. Here's one way to do it with nginx: <https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html> An HTTP proxy on the bastion allows us to receive HTTPS traffic with a self signed cert through LetsEncrypt.
-
-This alternative will allow you to act as if your service is deployed and fronted by Pomerium. We will then forward the remote port from the bastion host behind the pomerium-proxy to localhost.
-
-This is useful if you're using `pass_identity_headers` in your policy.
-
-For example:
-
-```yaml
-# a policy like
-- from: https://my-dev-endpoint.example.com
-  to: https://my-bastion-host.example.com:5000
-  pass_identity_headers: true
-```
-
-Once this policy is applied and deployed, you can then forward the remote port of the HTTP proxy running on the bastion host that in this case proxies 5000 to 5001 internally.
-
-We then forward the remote port from the bastion's HTTP proxy (5001) to `localhost:8000`, with an ssh tunnel like:
-
-```sh
-ssh -N -R 5001:localhost:8000 my-user@my-bastion-host.example.com
-```
-
-You can then go to `https://my-dev-endpoint.example.com` and have the pomerium-proxy route traffic securely to the bastion host and back through the ssh-tunnel, the headers and anything pomerium-proxy is setup to do to the request will be included in the forwarded request and traffic.
-
-### Callback handler
-
-It is the script or application's responsibility to create a HTTP callback handler. Authenticated sessions are returned in the form of a [callback](https://developer.okta.com/docs/concepts/auth-overview/#what-kind-of-client-are-you-building) from pomerium to a HTTP server. This is the `pomerium_redirect_uri` value used to build login API's URL, and represents the URL of a (usually local) HTTP server responsible for receiving the resulting user session in the form of `pomerium_jwt` query parameters.
-
-See the python script below for example of how to start a callback server, and store the session payload.
-
-## Handling expiration and revocation
-
-Your script or application should anticipate the possibility that your underlying  `refresh_token` may stop working. For example, a refresh token might stop working if the underlying user changes passwords, revokes access, or if the administrator removes rotates or deletes the OAuth Client ID.
-
-## High level workflow
-
-The application interacting with Pomerium must manage the following workflow. Consider the following example where a script or program desires delegated, programmatic access to the domain `verify.corp.domain.example`:
-
-1. The script or application requests a new login url from the pomerium managed endpoint (e.g. `https://verify.corp.domain.example/.pomerium/api/v1/login`) and takes a `pomerium_redirect_uri` as an argument.
-1. The script or application opens a browser or redirects the user to the returned login page.
-1. The user completes the identity providers login flow.
-1. The identity provider makes a callback to pomerium's authenticate service (e.g. `authenticate.corp.domain.example`) .
-1. Pomerium's authenticate service creates a user session and redirect token, then redirects back to the managed endpoint (e.g. `verify.corp.domain.example`)
-1. Pomerium's Proxy service makes a callback request to the original `pomerium_redirect_uri` with the user session as an argument.
-1. The script or application is responsible for handling that http callback request, and securely handling the callback session (`pomerium_jwt`) queryparam.
-1. The script or application can now make any requests as normal to the upstream application by setting the `Authorization: Pomerium ${pomerium_jwt}` header.
-
-:::tip
-Pomerium supports `Authorization: Bearer Pomerium-${pomerium_jwt}` or `X-Pomerium-Authorization: ${pomerium_jwt}` in addition to `Authorization: Pomerium ${pomerium_jwt}` format.
-:::
-
-## Example Code
-
-Please consider see the following minimal but complete python example.
-
-```bash
-python3 scripts/programmatic_access.py \
-	--dst https://verify.example.com/headers
-```
-
-<<< @/scripts/programmatic_access.py
-
-[authorization bearer token]: https://developers.google.com/gmail/markup/actions/verifying-bearer-tokens
-[identity provider]: ../identity-providers/readme.md
-[proof key for code exchange]: https://tools.ietf.org/html/rfc7636
diff --git a/docs/docs/topics/readme.md b/docs/docs/topics/readme.md
deleted file mode 100644
index e69de29bb..000000000
diff --git a/docs/docs/topics/single-sign-out.md b/docs/docs/topics/single-sign-out.md
deleted file mode 100644
index 3576592cd..000000000
--- a/docs/docs/topics/single-sign-out.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Single Sign-out
-description: >-
-  This article describes Pomerium's support for Single Sign-out according to
-  OpenID Connect Front-Channel Logout 1.0.
----
-
-# Single Sign-out
-
-Single Sign-out enables session termination on multiple software systems via a single logout endpoint.
-
-## OIDC Front-Channel Logout
-
-Pomerium supports Front-Channel Logout as described in [OpenID Connect Front-Channel Logout 1.0 - draft 04](https://openid.net/specs/openid-connect-frontchannel-1_0.html).
-
-### Provider Support
-
-To find out if your identity provider (IdP) supports Front-Channel Logout, have a look at the at your IdP's `/.well-known/openid-configuration` endpoint. On standard compliant providers it would contain:
-
-```json
-{
-  "frontchannel_logout_session_supported": true
-}
-```
-
-### Configuration
-
-You need to register a `frontchannel_logout_uri` in your OAuth 2.0 Client settings. The url gets handled by the Authenticate Service under the path `/.pomerium/sign_out` (e.g `https://authenticate.localhost.pomerium.io/.pomerium/sign_out`).
-
-
-### The endpoint
-
-See Pomerium's `/.well-known/pomerium` endpoint for the sign-out page's uri. For example,
-
-```json
-{
-  "authentication_callback_endpoint": "https://authenticate.localhost.pomerium.io/oauth2/callback",
-  "jwks_uri": "https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json",
-  "frontchannel_logout_uri": "https://authenticate.localhost.pomerium.io/.pomerium/sign_out"
-}
-```
-
-Note, a CSRF token is required for the single sign out endpoint (despite supporting `GET` and `POST`) and can be retrieved from the
-`X-CSRF-Token` response header on the well known endpoint above or using the `_pomerium_csrf` session set.
-
diff --git a/docs/docs/troubleshooting.md b/docs/docs/troubleshooting.md
deleted file mode 100644
index 0fa9314d1..000000000
--- a/docs/docs/troubleshooting.md
+++ /dev/null
@@ -1,230 +0,0 @@
----
-title: Troubleshooting
-description: >-
-  Learn how to troubleshoot common configuration issues or work around any outstanding bugs.
-sidebarDepth: 0
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, troubleshooting, faq, frequently asked questions
----
-
-# Troubleshooting
-
-This article provides troubleshooting information for various tools and features in Pomerium.
-
-[[toc]]
-
-## Pomerium Core
-
-### HTTP Strict Transport Security (HSTS)
-
-By default, Pomerium sends the [`Strict-Transport-Security`](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) response header to the browser, which pins the certificate to our browser for one year. This is common best practice to help prevent man-in-the-middle attacks but can create issues while a new Pomerium configuration is in development.
-
-When you visit an endpoint while Pomerium is using an untrusted certificate (like the self-signed bootstrap certificate or a Let's Encrypt staging certificate), that certificate may be pinned in your browser. Once Pomerium is switched to a trusted production certificate, the untrusted cert must reset in the browser.
-
-While developing your Pomerium environment, consider adjusting the [`SET_RESPONSE_HEADERS`](/reference/readme.md#set-response-headers) key to remove `Strict-Transport-Security` or reduce the `max-age` value until your production certificates are in place.
-
-See [this article](https://www.ssl2buy.com/wiki/how-to-clear-hsts-settings-on-chrome-firefox-and-ie-browsers) for more information on clearing HSTS for specific endpoints across common browsers.
-
-### JWT Authentication
-
-When securing the Pomerium Authenticate service with a certificate signed by Let's Encrypt, your upstream applications may reject the certificate when attempting to access the JWT signing key. Here's an example log line from [Grafana](/guides/grafana.md):
-
-```log
-logger=context error=Get "https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json": x509: certificate signed by unknown authority
-```
-
-This is often due to the recent expiration of the [DST Root CA X3](https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/) certificate. Many default keystores used by docker images and less-frequently updated distributions still carry this expired certificate. Even though Let's Encrypt certs are cross-signed with the [ISRG Root X1](https://letsencrypt.org/certificates/) CA certificate, some applications will still reject them.
-
-To clarify; this does not mean that the upstream service is rejecting the JWT signing key. Rather, it doesn't trust the Let's Encrypt certificate used by the Authorize service for TLS, and so it will not read the JWKS file.
-
-For upstream applications that can use a local signing key file, you can circumvent this issue using `curl` or `wget` to download the signing key locally (relative to the upstream service). Using Grafana again as an example:
-
-1. Download the `jwks.json` file from the authenticate server:
-
-    ::::: tabs
-    :::: tab curl
-
-    ```bash
-    curl https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json > /etc/grafana/jwks.json
-    ```
-    ::::
-    :::: tab wget
-
-    ```bash
-    wget -O /etc/grafana/jwks.json https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json
-    ```
-    ::::
-    :::::
-
-1. Edit the upstream service configuration to use the local key to verify tokens:
-
-    ```ini
-    [auth.jwt]
-    enabled = true
-    header_name = X-Pomerium-Jwt-Assertion
-    email_claim = email
-    jwk_set_file = /etc/grafana/jwks.json
-    cache_ttl = 60m
-    ```
-
-### Kubernetes Ingress Controller
-
-#### View Event History
-
-Pomerium Ingress Controller will add **events** to the Ingress objects as it processes them.
-
-```
-kubectl describe ingress/my-ingress
-```
-
-```log
-Events:
-  Type    Reason   Age   From              Message
-  ----    ------   ----  ----              -------
-  Normal  Updated  18s   pomerium-ingress  updated pomerium configuration
-```
-
-If an error occurs, it may be reflected in the events:
-
-```log
-Events:
-  Type     Reason       Age                 From              Message
-  ----     ------       ----                ----              -------
-  Normal   Updated      5m53s               pomerium-ingress  updated pomerium configuration
-  Warning  UpdateError  3s                  pomerium-ingress  upsert routes: parsing ingress: annotations: applying policy annotations: parsing policy: invalid rules in policy: unsupported conditional "maybe", only and, or, not, nor and action are allowed
-```
-
-### Shared Secret Mismatch
-
-Pomerium's independent services communicate securely using a [shared secret](/reference/readme.md#shared-secret). When services or the databroker have mismatched secrets, Pomerium will fail.
-
-Pomerium Core will log a shared secret mismatch with:
-
-```json
-{
-  "level": "error",
-  "syncer_id": "authorize",
-  "syncer_type": "",
-  "error": "rpc error: code = Unauthenticated desc = invalid JWT: go-jose/go-jose: error in cryptographic primitive",
-  "time": "2022-03-22T07:26:14-04:00",
-  "message": "sync"
-}
-```
-
-And Pomerium Enterprise will log the error with:
-
-```json
-{
-  "level": "error",
-  "ts": "2022-03-22T07:21:02-04:00",
-  "caller": "dashboard/server.go:187",
-  "msg": "syncer",
-  "error": "failed to sync all devices: rpc error: code = Unauthenticated desc = invalid JWT: go-jose/go-jose: error in cryptographic primitive",
-  "stacktrace": "github.com/pomerium/pomerium-console/svc/dashboard.(*Server).Run.func2\n\t/PATH/TO/POMERIUM/CONSOLE/SERVICE/svc/dashboard/server.go:187\ngolang.org/x/sync/errgroup.(*Group).Go.func1\n\t/Users/tgroth/workspace/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57"
-}
-{
-  "level": "info",
-  "ts": "2022-03-22T07:21:02-04:00",
-  "caller": "dashboard/server.go:202",
-  "msg": "stopping dashboard servers"
-}
-```
-
-Update the [shared secret](/reference/readme.md#shared-secret) across all Pomerium services to match the one set for the Databroker.
-
-#### Redis Secret Mismatch
-
-When using Redis, the [shared secret](/reference/readme.md#shared-secret) is used to encrypt data in Redis itself. If you change the configured shared secret, data from Redis can no longer be decrypted. This results in errant behavior, including redirect loops when a user session cannot be retrieved from the databroker.
-
-```json
-{
-  "level": "error",
-  "syncer_id": "authorize",
-  "syncer_type": "",
-  "error": "rpc error: code = Unknown desc = cryptutil: decryption failed (mismatched keys?): chacha20poly1305: message authentication failed",
-  "time": "2022-03-22T07:18:12-04:00",
-  "message": "error during initial sync"
-}
-{
-  "level": "error",
-  "syncer_id": "authorize",
-  "syncer_type": "",
-  "error": "rpc error: code = Unknown desc = cryptutil: decryption failed (mismatched keys?): chacha20poly1305: message authentication failed",
-  "time": "2022-03-22T07:18:12-04:00",
-  "message": "sync"
-}
-```
-
-The resolution is to flush the Redis database with [`FLUSHDB`](https://redis.io/commands/flushdb) or [`FLUSHALL`](https://redis.io/commands/FLUSHALL).
-
-An example of how to do this on Kubernetes with TLS enabled is to use `kubectl` to execute a command on the master pod:
-
-```bash
-kubectl exec -it pomerium-redis-master-0 -- redis-cli --tls --cert /opt/bitnami/redis/certs/tls.crt --key /opt/bitnami/redis/certs/tls.key --cacert /opt/bitnami/redis/certs/ca.crt FLUSHALL ASYNC
-```
-
-Adjust `pomerium-redis-master-0` to match your pod name. If TLS is not enabled, you may omit the TLS options.
-
-### RPC Errors
-
-#### certificate signed by unknown authority
-
-When authenticating and authorizing a user for the first time, you may see the following in your Pomerium logs:
-
-```log
-ERR http-error error="401 Unauthorized: ..... rpc error: code = DeadlineExceeded desc = latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority...."
-```
-
-**Why**
-
-This error means that the proxy is rejecting the Authorize service's supplied certificate (used to establish a secure connection) because it doesn't know or trust the certificate authority that signed it.
-
-**Solution**
-
-Ensure that the Proxy service knows about and trusts the certificate authority that signed the Authorize service's certificate.
-
-- Add the certificate authority directly into Pomerium using the [certificate authority](/reference/readme.md#certificate-authority) config setting.
-- Add the certificate authority to the system's underlying trust store.
-- Replace your system / docker image certificate bundle.
-
-    For Docker:
-
-    ```docker
-    COPY --from=builder /etc/ssl/certs/your-cert-bundle.crt /etc/ssl/certs/ca-certificates.crt
-    ```
-- Finally, ensure that you aren't being man-in-the-middle'd or that some eager router isn't injecting its own certificate along the way. Use openssl to verify that your Proxy service is getting the certificate you think its getting.
-
-    ```bash
-    openssl s_client -servername pomerium.io -connect pomerium.io:443 </dev/null \
-    | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
-    ```
-
-#### rpc error: code = DeadlineExceeded
-
-When authenticating and authorizing a user for the first time, you may get the following in your Pomerium logs.
-
-```log
-{"level":"error",..."error":"rpc error: code = DeadlineExceeded desc = context deadline exceeded","http-message":"rpc error: code = DeadlineExceeded desc = context deadline exceeded","http-code":500,"message":"http-error"}
-```
-
-**Why**
-
-The Proxy service is not able to create a connection with the authorization service to validate a user.
-
-**Solution**
-
-Usually, this is the result of either a routing issue or a configuration error. Make sure that you are using the _internally_ routable URL for the Authorize service. Many cloud loud balancers _do not_ yet support gRPC transposing the ingress. So while your authenticate service url will probably look like `https://authenticate.corp.example.com`, your authorizer service url will likely be more like `https://pomerium-authorize-service.default.svc.cluster.local` or `https://localhost:5443`.
-
-## Pomerium Enterprise
-
-### Generate Recovery Token
-
-!!!include(generate-recovery-token.md)!!!
-
-## Miscellaneous
-
-### Invalid Certificates from Command Line Tools
-
-When using Let's Encrypt certificates, you must use the `fullchain.pem` file, not `cert.pem` in order to include intermediate certs. Browsers like Chrome will store intermediate certs for LE but other tools (like `curl`) don't, which is why your route might look fine in a web browser, but not when curl'd or used for TCP tunneling.
diff --git a/docs/docs/upgrading.md b/docs/docs/upgrading.md
deleted file mode 100644
index abfc99c63..000000000
--- a/docs/docs/upgrading.md
+++ /dev/null
@@ -1,565 +0,0 @@
----
-title: Upgrading
-description: >-
-  This page contains the list of deprecations and important or breaking changes
-  for Pomerium. Please read it carefully.
----
-
-# Since 0.16.0
-
-## New
-
-### Per Route OIDC Credentials
-
-This release of Pomerium adds the ability to bind a route to unique OIDC credentials.  This allows Identity Provider administrators to view Pomerium protected applications individually rather than as a single shared application.
-
-See [idp_client_id](/reference/readme.md#identity-provider-client-id-per-route) and [idp_client_secret](/reference/readme.md#identity-provider-client-secret-per-route) for configuration details.
-
-### Updated User Info Page
-
-The `.pomerium` user info page has been redesigned to better structure data around user identity, group, and device information.
-
-### External Google Groups
-
-Pomerium policy now supports group members from outside of your organization.
-
-# Since 0.15.0
-
-## New
-
-### Policy for Device Identity
-
-This release of Pomerium adds the ability to set policy based on system registration via [WebAuthN](https://en.wikipedia.org/wiki/WebAuthn).
-
-See [Device Identity](/docs/topics/device-identity.md) for more details.
-
-### HTTP PPL Criteria
-
-`http_path` and `http_method` are now supported for matching HTTP requests in policies. See [Pomerium Policy Language](/docs/topics/ppl.md#criteria) for more details.
-
-## Breaking
-
-### Self-signed fallback certificates
-
-When selecting a TLS certificate for a listener, Pomerium attempts to locate one by iterating through the provided certs and searching for a SAN match. This applies to all listeners, including internal service URLs like `databroker_service_url` and public endpoints like `authenticate.example.com`.
-
-Previously, when no match was found, Pomerium would select the "first" certificate in the list. However, the definition of "first" might change based on runtime configuration, so the certificate selection was non-deterministic.
-
-Starting in v0.16, Pomerium will instead generate a self-signed certificate if it cannot locate an appropriate certificate from the provided configuration or system key/trust store. If you discover that you are receiving a self-signed certificate rather than a certificate from [`certificate`/`certificates`/`certificate_file`](/reference/readme.md#certificates) or the trust store, you have a mismatch between your service URL and the names covered in your certificates.
-
-### OIDC flow no longer sets default uri params
-
-Previously, Pomerium would default to setting the uri param `access_type` to `offline` for all OpenID Connect based identity providers. However, using uri params to ensure offline access (e.g. `refresh_tokens` used to keep user's sessions alive) [is unique to Google](https://developers.google.com/identity/protocols/oauth2/web-server#offline). Those query params will now only be set for Google. Other OIDC based IdP's should continue to work using [OIDC's](https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess) `offline_access` scope.
-
-### Removed options
-The deprecated `headers` option has been removed. Use [`set_response_headers`](/reference/readme.md#set-response-headers) instead.
-
-The `signing_key_algorithm` option has been removed and will now be inferred from `signing_key`.
-
-### Changed GitHub Team IDs
-To improve performance, IdP directory synchronization for GitHub now uses the GraphQL API. This API returns the same information as the REST API, except that the GraphQL node IDs are different. Where we previously used the team integer ID from the REST API, we now use the team slug instead. Most policies should already use the team slug for group based rules, which should continue to work. However, if the integer ID is used it will no longer work. Update those policies to use the team slug instead.
-
-### CLI Source and Packaging Update
-`pomerium-cli` has been factored out of the core repository and now resides at <https://github.com/pomerium/cli>. If you currently install the CLI tool from [Packages](/docs/releases.md#packages-2) or [Homebrew](/docs/releases.md#homebrew), no changes should be required to your process. However, users of docker images or direct github release downloads will need to update their references.
-
-Please see the [updated install instructions](/docs/releases.md#pomerium-cli) for additional details.
-
-# Since 0.14.0
-
-## Breaking
-
-### Removed options
-
-The unused `grpc_server_max_connection_age`, `grpc_server_max_connection_age_grace` and `refresh_cooldown` options were removed.
-
-### Removed support for Ed25519 Signing Keys
-
-Ed25519 is no longer supported for `signing_key` since OPA Rego only supports ECDSA and RSA.
-
-## New
-
-### Updated and expanded policy syntax
-
-Routes and policies may now be configured under a new top level key - `routes`
-
-- This more closely aligns to how policies and routes are conceptually related
-- The `routes` block supports a more powerful syntax for defining policies with conditionals and various criteria
-
-### Support environmental proxy settings
-
-`pomerium-cli` now respects proxy related environmental variables.
-
-# Since 0.13.0
-
-## New
-
-### Ping Identity
-
-[Ping Identity](https://www.pingidentity.com/) is supported as a directory provider.  See [the documentation](https://www.pomerium.com/docs/identity-providers/ping.html) for details.
-
-### Customized Identity Headers
-
-With the v0.14 release, the names of `X-Pomerium-Claim-{Name}` headers can now be [customized](https://www.pomerium.com/reference/#jwt-claim-headers).  This enables broader 3rd party application support for Pomerium's identity headers.
-
-### Redis High Availability
-
-Databroker now supports redis [sentinel](https://redis.io/topics/sentinel) and [cluster](https://redis.io/topics/cluster-spec) for increased availability.  See the databroker [documentation](https://www.pomerium.com/reference/#data-broker-storage-connection-string) for details.
-
-### Rewrite Response Headers
-
-Policies may now [rewrite response headers](https://www.pomerium.com/reference/#rewrite-response-headers) from upstream services.  This can be especially useful when upstreams attempt to redirect users to unreachable internal hostnames.
-
-## Breaking
-
-### Programmatic login domain whitelist
-
-Programmatic login now restricts the allowed redirect URL domains. By default this is set to `localhost`, but can be changed via the `programmatic_redirect_domain_whitelist` option.
-
-### `allowed_users` ID format
-
-When specifying `allowed_users` by ID, the identity provider is no longer part of the ID format.  This does not impact users specified by e-mail.
-
-To update your policies for v0.14, please remove any identity provider prefix.  Example: `okta/00usi7mc8XC8SwFxT4x6` becomes `00usi7mc8XC8SwFxT4x6`.
-
-# Since 0.12.0
-
-## New
-
-### Upstream load balancing
-
-With the v0.13 release, routes may contain [multiple `to` URLs](/reference/readme.md#to), and Pomerium will load balance between the endpoints. This allows Pomerium to fill the role of an edge proxy without the need for additional HTTP load balancers.
-
-- Active [health checks](/reference/readme.md#health-checks) and passive [outlier detection](/reference/readme.md#outlier-detection)
-- Configurable [load balancing policies](/reference/readme.md#load-balancing-policy)
-- Configurable [load balancing weight](/reference/readme.md#to)
-
-See [Load Balancing](/docs/topics/load-balancing) for more information on using this feature set.
-
-### Dynamic certificate updates
-
-With the v0.13 release, all TLS files referenced from Pomerium's configuration are reloaded automatically when updating. This improves availability in environments which automate short lived TLS certificate rotation via [certbot](https://certbot.eff.org/) or similar tools.
-
-### Proxy Protocol support
-
-The Pomerium HTTP listener now [supports](/reference/readme.md#use-proxy-protocol) HAPROXY's [proxy protocol](https://www.haproxy.org/download/1.9/doc/proxy-protocol.txt) to update `X-Forwarded-For` accurately when behind another proxy service.
-
-## Breaking
-
-### Sign-out endpoint requires CSRF Token
-
-The frontchannel-logout endpoint will now require a CSRF token for both `GET` and `POST` requests.
-
-### User impersonation removed
-
-Prior to the v0.13 release, it was possible for an administrative user to temporarily impersonate another user. This was done by adding an additional set of claims to that user's session token. Having additional identity state stored client-side significantly expands the attack surface of Pomerium and complicates policy enforcement by having multiple sources of truth for identity. User impersonation was removed to shrink that attack surface and simplify policy enforcement. Pomerium now stores all identity state server-side and encrypted in the databroker.
-
-### Client-side service accounts removed
-
-Prior to the v0.13 release, it was possible to create service accounts via Pomerium's CLI tool. These service accounts were signed with Pomerium's shared secret key. As with user impersonation, having session state stored client-side significantly expands the attack surface of Pomerium and complicates policy enforcement. Client side service accounts were removed to shrink that attack surface area, and to simplify policy enforcement.
-
-
-### Administrators option removed
-
-The `administrators` configuration option has been removed.
-
-# Since 0.11.0
-
-## New
-
-### TCP Proxying
-
-Pomerium can now be used for non-HTTP services.  See [documentation](/docs/tcp/readme.md) for more details.
-
-### Datadog Tracing
-
-Datadog has been added as a natively supported [tracing backend](/reference/readme.md#datadog)
-
-# Since 0.10.0
-
-## Breaking
-
-### User impersonation disabled by default
-
-With the v0.11.0 release, the ability to do user user impersonation is **disabled by default**. To enable user impersonation, set `enable_user_impersonation` to true in the configuration options.
-
-### `cache_service_url` has been renamed to `databroker_service_url`
-
-The `cache_service_url` parameter has been deprecated since v0.10.0 and is now removed. Please replace it with `databroker_service_url` in your yaml configuration, or `DATABROKER_SERVICE_URL` as an environment variable.
-
-## New
-
-### Docker Multi-Arch Images
-
-With the v0.11.0 release, Pomerium docker images are multi-arch for `arm64` and `amd64`.  Individual images for each architecture will continue to be published.
-
-# Since 0.9.0
-
-## Breaking
-
-### Service accounts required for groups and directory data
-
-With the v0.10.0 release, Pomerium now queries group information asynchronously using a service account. While a service account was already required for a few identity providers like Google's GSuite, an [Identity Provider Service Account] is now required for all other providers as well. The format of this field varies and is specified in each identity provider's documentation.
-
-:::warning
-
-If no [Identity Provider Service Account] is supplied, policies using groups (e.g. `allowed_groups` will not work).
-
-:::
-
-### Cache service builds stateful context
-
-With the v0.10 release, Pomerium now asynchronously fetches associated authorization context (e.g. identity provider directory context, groups, user-data, session data, etc) in the `cache` service. In previous versions, Pomerium used session cookies to associated identity state which authorization policy was evaluated against. While using session tokens had the advantage of making Pomerium a relatively stateless application, that approach has many shortcomings which is more extensively covered in the [data storage docs](./topics/data-storage.md).
-
-There are two [storage backend types] available: `memory` or `redis`. You can see the existing [storage backend configuration settings in the docs][cache service docs].
-
-#### Memory Storage Backend
-
-For `memory` storage, restarting the cache service will result in all users having to re-login. Code for the in-memory database used by the cache service can be found here: [internal/databroker/memory](https://github.com/pomerium/pomerium/tree/main/internal/databroker/memory).
-
-:::warning
-
-Running more than one instance of the `memory` type cache service is not supported.
-
-:::
-
-#### Redis Storage Backend
-
-In production deployments, we recommend using the `redis` storage backend. Unlike the `memory` backend, `redis` can be used for persistent data.
-
-#### Implementing your own storage backend
-
-Please see the following interfaces for reference to implement your storage backend interface.
-
-- [databroker gRPC interface](https://github.com/pomerium/pomerium/blob/main/pkg/grpc/databroker/databroker.proto)
-- [storage backend interface](https://github.com/pomerium/pomerium/blob/main/pkg/storage/storage.go)
-
-### Identity headers
-
-With this release, pomerium will not insert identity headers (X-Pomerium-Jwt-Assertion/X-Pomerium-Claim-*) by default. To get pre 0.9.0 behavior, you can set `pass_identity_headers` to true on a per-policy basis.
-
-# Since 0.8.0
-
-## Breaking
-
-### Default log level
-
-With this release, default log level has been changed to INFO.
-
-### HTTP 1.0
-
-HTTP 1.0 (not to be confused with HTTP 1.1) is not supported anymore. If you relied on it make sure to upgrade to HTTP 1.1 or higher.
-
-Example for HAProxy health check, in pre `0.9.0`:
-
-```sh
-shell script option httpchk GET /ping
-```
-
-In `0.9.0`:
-
-```sh
-option httpchk GET /ping HTTP/1.1\r\nHost:pomerium
-```
-
-### preserve_host_header option
-
-With this release, Pomerium uses an embedded envoy proxy instead hand-written one. Thus, we defer the preserve host header functionality to [envoys auto_host_rewrite](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-auto-host-rewrite), which does not affect if the policy routes to a static IP.
-
-To preserve 0.8.x behavior, you can use the `set_request_headers` option to explicitly set the Host header.
-
-### Unsupported platforms
-
-- With this release we now use an embedded [envoy](https://www.envoyproxy.io/) binary as our proxy server. Due to this change we now only build and support Linux and MacOS binaries with the AMD64 architecture. We plan on supporting more platforms and architectures in future releases.
-
-### Observability
-
-- The `service` label on metrics and tracing no longer reflects the `Services` configuration option directly. `pomerium` will be used for all-in-one mode, and `pomerium-[service]` will be used for distributed services
-
-#### Tracing
-
-- Jaeger tracing support is no longer end-to-end in the Proxy service. We recommend updating to the Zipkin provider for proper tracing support. Jaeger will continue to work but will not have coverage in the data plane.
-- Option `tracing_debug` is no longer supported. Use `tracing_sampling_rate` instead. [Details](https://www.pomerium.io/configuration/#shared-tracing-settings).
-
-#### Metrics
-
-With this release we now use an embedded [envoy](https://www.envoyproxy.io/) binary as our proxy server.
-
-- Due to this change, data plane metric names and labels have changed to adopt envoy's internal data model. [Details](https://www.pomerium.io/configuration/#envoy-proxy-metrics)
-
-# Since 0.7.0
-
-## Breaking
-
-### Using paths in from URLs
-
-Although it's unlikely anyone ever used it, prior to 0.8.0 the policy configuration allowed you to specify a `from` field with a path component:
-
-```yaml
-policy:
-  - from: "https://example.com/some/path"
-```
-
-The proxy and authorization server would simply ignore the path and route/authorize based on the host name.
-
-With the introduction of `prefix`, `path` and `regex` fields to the policy route configuration, we decided not to support using a path in the `from` url, since the behavior was somewhat ambiguous and better handled by the explicit fields.
-
-To avoid future confusion, the application will now declare any configuration which contains a `from` field with a path as invalid, with this error message:
-
-```
-config: policy source url (%s) contains a path, but it should be set using the path field instead
-```
-
-If you see this error you can fix it by simply removing the path from the `from` field and moving it to a `prefix` field.
-
-In other words, this configuration:
-
-```yaml
-policy:
-  - from: "http://example.com/some/path"
-```
-
-Should be written like this:
-
-```yaml
-policy:
-  - from: "http://example.com"
-    prefix: "/some/path"
-```
-
-# Since 0.6.0
-
-## Breaking
-
-### Getting user's identity
-
-:::warning
-
-This changed was partially reverted in v0.7.2\. Session details like `user`, `email`, and `groups` can still be explicitly extracted by setting the [jwt_claims_header](../reference/readme.md#jwt-claim-headers) configuration option.
-
-:::
-
-User detail headers ( `x-pomerium-authenticated-user-id` / `x-pomerium-authenticated-user-email` / `x-pomerium-authenticated-user-groups`) have been removed in favor of using the more secure, more data rich attestation jwt header (`x-pomerium-jwt-assertion`).
-
-If you still rely on individual claim headers, please see the `jwt_claims_headers` option [here](https://www.pomerium.io/configuration/#jwt-claim-headers).
-
-### Non-standard port users
-
-Non-standard port users (e.g. those not using `443`/`80` where the port _would_ be part of the client's request) will have to clear their user's session before upgrading. Starting with version v0.7.0, audience (`aud`) and issuer (`iss`) claims will be port specific.
-
-# Since 0.5.0
-
-## Breaking
-
-### New cache service
-
-A back-end cache service was added to support session refreshing from [single-page-apps](https://en.wikipedia.org/wiki/Single-page_application).
-
-- For all-in-one deployments, _no changes are required_. The cache will be embedded in the binary. By default, autocache an in-memory LRU cache will be used to temporarily store user session data. If you wish to persist session data, it's also possible to use bolt or redis.
-- For split-service deployments, you will need to deploy an additional service called cache. By default, pomerium will use autocache as a distributed, automatically managed cache. It is also possible to use redis as backend in this mode.
-
-For a concrete example of the required changes, consider the following changes for those running split service mode,:
-
-```diff
-...
-  pomerium-authenticate:
-    environment:
-      - SERVICES=authenticate
-+      - CACHE_SERVICE_URL=http://pomerium-cache:443
-...
-+  pomerium-cache:
-+    image: pomerium/pomerium
-+    environment:
-+      - SERVICES=cache
-+    volumes:
-+      - ../config/config.example.yaml:/pomerium/config.yaml:ro
-+    expose:
-+      - 443
-```
-
-Please see the updated examples, and [cache service docs] as a reference and for the available cache stores. For more details as to why this was necessary, please see [PR438](https://github.com/pomerium/pomerium/pull/438) and [PR457](https://github.com/pomerium/pomerium/pull/457).
-
-# Since 0.4.0
-
-## Breaking
-
-### Subdomain requirement dropped
-
-- Pomerium services and managed routes are no longer required to be on the same domain-tree root. Access can be delegated to any route, on any domain (that you have access to, of course).
-
-### Azure AD
-
-- Azure Active Directory now uses the globally unique and immutable`ID` instead of `group name` to attest a user's [group membership](https://docs.microsoft.com/en-us/graph/api/group-get?view=graph-rest-1.0&tabs=http). Please update your policies to use group `ID` instead of group name.
-
-### Okta
-
-- Okta no longer uses tokens to retrieve group membership. [Group membership](https://developer.okta.com/docs/reference/api/groups/) is now fetched using Okta's API.
-- Okta's group membership is now determined by the globally unique and immutable ID field. Please update your policies to use group `ID` instead of group name.
-- Okta now requires an additional set of credentials to be used to query for group membership set as a [service account](/reference/readme.md#identity-provider-service-account).
-
-### OneLogin
-
-- OneLogin [group membership](https://developers.onelogin.com/openid-connect/api/user-info) is now determined by the globally unique and immutable ID field. Please update your policies to use group `ID` instead of group name.
-
-### Force Refresh Removed
-
-Force refresh has been removed from the dashboard. Logging out and back in again should have the equivalent desired effect.
-
-### Programmatic Access API changed
-
-Previous programmatic authentication endpoints (`/api/v1/token`) has been removed and has been replaced by a per-route, oauth2 based auth flow. Please see updated [programmatic documentation](/docs/topics/programmatic-access.md) how to use the new programmatic access api.
-
-### Forward-auth route change
-
-Previously, routes were verified by taking the downstream applications hostname in the form of a path `(e.g. ${forwardauth}/.pomerium/verify/verify.some.example`) variable. The new method for verifying a route using forward authentication is to pass the entire requested url in the form of a query string `(e.g. ${forwardauth}/.pomerium/verify?url=https://verify.some.example)` where the routed domain is the value of the `uri` key.
-
-Note that the verification URL is no longer nested under the `.pomerium` endpoint.
-
-For example, in nginx this would look like:
-
-```diff
--    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/.pomerium/verify/verify.corp.example.com?no_redirect=true
--    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com/.pomerium/verify/verify.corp.example.com
-+    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/verify?uri=$scheme://$host$request_uri
-+    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com?uri=$scheme://$host$request_uri
-```
-
-# Since 0.3.0
-
-## Breaking
-
-### Authorize Service URL no longer used in all-in-one mode
-
-Pomerium no longer handles both gRPC and HTTPS traffic from the same network listener (port). As a result, all-in-one mode configurations will default to serving gRPC traffic over loopback on port `5443` and will serve HTTPS traffic as before on port `443`. In previous versions, it was recommended to configure authorize in this mode which will now break. The error will typically look something like:
-
-```
-rpc error: code = DeadlineExceeded desc = latest connection error: connection closed
-```
-
-To upgrade, simply remove the `AUTHORIZE_SERVICE_URL` setting.
-
-### Removed Authenticate Internal URL
-
-The authenticate service no longer uses gRPC to do back channel communication. As a result, `AUTHENTICATE_INTERNAL_URL`/`authenticate_internal_url` is no longer required.
-
-### No default certificate location
-
-In previous versions, if no explicit certificate pair (in base64 or file form) was set, Pomerium would make a last ditch effort to check for certificate files (`cert.key`/`privkey.pem`) in the root directory. With the introduction of insecure server configuration, we've removed that functionality. If there settings for certificates and insecure server mode are unset, pomerium will give a appropriate error instead of a failed to find/open certificate error.
-
-### Authorize service health-check is non-http
-
-The Authorize service will no longer respond to `HTTP`-based healthcheck queries when run as a distinct service (vs all-in-one). As an alternative, you can used on TCP based checks. For example, if using [Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-tcp-liveness-probe):
-
-```yaml
----
-readinessProbe:
-  tcpSocket:
-    port: 443
-  initialDelaySeconds: 5
-  periodSeconds: 10
-livenessProbe:
-  tcpSocket:
-    port: 443
-  initialDelaySeconds: 15
-  periodSeconds: 20
-```
-
-## Non-breaking changes
-
-### All-in-one
-
-If service mode (`SERVICES`/`services`) is set to `all`, gRPC communication with the Authorize service will by default occur over localhost, on port `:5443`.
-
-# Since 0.2.0
-
-Pomerium `v0.3.0` has no known breaking changes compared to `v0.2.0`.
-
-# Since 0.1.0
-
-Pomerium `v0.2.0` has no known breaking changes compared to `v0.1.0`.
-
-# Since 0.0.5
-
-This page contains the list of deprecations and important or breaking changes for pomerium `v0.1.0` compared to `v0.0.5`. Please read it carefully.
-
-## Semantic versioning changes
-
-Starting with `v0.1.0` we've changed our [releases](https://semver.org/) are versioned (`MAJOR.MINOR.PATCH+GITHASH`). Planned, monthly releases will now bump `MINOR` and any security or stability releases required prior will bump `PATCH`.
-
-Please note however that we are still pre `1.0.0` so breaking changes can and will happen at any release though we will do our best to document them.
-
-## Breaking: Policy must be valid URLs
-
-Previously, it was allowable to define a policy without a schema (e.g. `http`/`https`). Starting with version `v0.1.0` all `to` and `from` [policy] URLS must contain valid schema and host-names. For example:
-
-```yaml
-policy:
-  - from: verify.corp.domain.example
-    to: http://verify
-    allowed_domains:
-      - pomerium.io
-  - from: external-verify.corp.domain.example
-    to: https://verify.pomerium.com
-    allow_public_unauthenticated_access: true
-```
-
-Should now be:
-
-```yaml
-policy:
-  - from: https://verify.corp.domain.example
-    to: http://verify
-    allowed_domains:
-      - pomerium.io
-  - from: https://external-verify.corp.domain.example
-    to: https://verify.pomerium.com
-    allow_public_unauthenticated_access: true
-```
-
-# Since 0.0.4
-
-This page contains the list of deprecations and important or breaking changes for pomerium `v0.0.5` compared to `v0.0.4`. Please read it carefully.
-
-## Breaking: POLICY_FILE removed
-
-Usage of the POLICY_FILE envvar is no longer supported. Support for file based policy configuration has been shifted into the new unified config file.
-
-## Important: Configuration file support added
-
-- Pomerium now supports an optional -config flag. This flag specifies a file from which to read all configuration options. It supports yaml, json, toml and properties formats.
-- All options which can be specified via MY_SETTING style envvars can now be specified within your configuration file as key/value. The key is generally the same as the envvar name, but lower cased. See Reference Documentation for exact names.
-- Options precedence is `environmental variables` > `configuration file` > `defaults`
-- The options file supports a policy key, which contains policy in the same format as `POLICY_FILE`. To convert an existing policy.yaml into a config.yaml, just move your policy under a policy key.
-
-  Old:
-
-  ```yaml
-  - from: verify.localhost.pomerium.io
-    to: http://verify
-    allowed_domains:
-      - pomerium.io
-    cors_allow_preflight: true
-    timeout: 30s
-  ```
-
-  New:
-
-  ```yaml
-  policy:
-    - from: verify.localhost.pomerium.io
-      to: http://verify
-      allowed_domains:
-        - pomerium.io
-      cors_allow_preflight: true
-      timeout: 30s
-  ```
-
-## Authenticate Internal Service Address
-
-The configuration variable [Authenticate Internal Service URL] must now be a valid [URL](https://golang.org/pkg/net/url/#URL) type and contain both a hostname and valid `https` schema.
-
-[authenticate internal service url]: /reference/readme.md#authenticate-service-url
-[cache service docs]: /reference/readme.md#data-broker-service
-[identity provider service account]: /reference/readme.md#identity-provider-service-account
-[policy]: /reference/readme.md#policy
-[storage backend configuration here]: /reference/readme.md#data-broker-service
-[storage backend types]: /reference/readme.md#data-broker-storage-type
diff --git a/docs/enterprise/about.md b/docs/enterprise/about.md
deleted file mode 100644
index 2b138a200..000000000
--- a/docs/enterprise/about.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: About
-sidebarDepth: 1
-description: What does the Pomerium Enterpise Console offer?
----
-
-# Pomerium Enterprise
-
-Pomerium Enterprise is built on Pomerium Open Source. Pomerium Enterprise makes Pomerium easier to manage at scale, and adds additional functionality aimed at organizations with auditing, compliance, governance, and risk management needs.
-
-## Features
-
-In addition to the capabilities provided by open-source Pomerium, Pomerium Enterprise provides:
-
-### Management GUI
-
-Pomerium Enterprise lets you view traffic and logs, define routes and policies, and organize your service access from an intuitive web interface.
-
-![Overview animation of Pomerium Enterprise](./img/console-overview.gif)
-
-### Programmatic API
-
-Integrate Pomerium into your workflows by managing configuration from the programming language or infrastructure management tool of your choice. Everything that is manageable in the Management GUI can also be driven programmatically through the API.
-
-### Session management
-
-Quickly view who is logged in your infrastructure, with easy access to revoke sessions.
-
-![Pomerium Enterprise Session List](./img/console-session-list.png)
-
-### Self-Service & Governance
-
-Easily define who can control access to what areas of your infrastructure. Our [Namespaces](/enterprise/concepts.md#namespaces) make it easy to allow teams to self-manage access to the infrastructure they build from or depend on.
-
-[User roles](/enterprise/concepts.md#rbac-for-enterprise-console-users) are granted along Namespace hierarchy, with inheritance from parents.
-
-Pomerium Enterprise uses teams and groups defined by your identity provider (**IdP**), so you can build stable policies that don't need to be adjusted as your company changes.
-
-See [Concepts: Self-Service Capabilities](./concepts.md#self-service-capabilities) for more information.
-
-### Deployment History & Audit Logs
-
-View and export change and access logs from the web UI. Pomerium Enterprise gives you a complete view of who's using it and how access is adjusted.
-
-## Learn more
-
-For a full breakdown of the difference in the enterprise and open source versions of Pomerium, please see our [Pricing](https://www.pomerium.com/pricing/) page.
diff --git a/docs/enterprise/api.md b/docs/enterprise/api.md
deleted file mode 100644
index 84ba01afc..000000000
--- a/docs/enterprise/api.md
+++ /dev/null
@@ -1,207 +0,0 @@
----
-title: API
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, reverse proxy, enterprise, console, api, python, go
----
-
-# Enterprise Console API
-
-The Pomerium Enterprise Console supports programmatic interaction through an API. This page covers enabling and authenticating to the API.
-
-## Before You Begin
-
-This doc assumes:
- - You already have installed Pomerium and Pomerium Enterprise,
- - The enterprise console service is encrypted. Review the [tls-*] keys for more information.
-
-## Configure a New Route
-
-1. We suggest configuring the route for API access in the open-source Pomerium. That way changes made through the API that might break access to the console GUI will not break access to the API route.
-
-    ```yaml
-    - from: https://console-api.pomerium.localhost.io
-      to: https://pomerium-console-domain-name:8702
-      pass_identity_headers: true
-      allow_any_authenticated_user: true
-      tls_custom_ca_file: /path/to/rootCA.pem # See https://www.pomerium.com/reference/#tls-custom-certificate-authority
-    ```
-
-1. You must also update the `audience` key to include the new route's `from` value:
-
-	```yaml
-	audience: "console.pomerium.localhost.io,console-api.pomerium.localhost.io"
-	```
-
-	If you're running Pomerium Enterprise as a system service, restart the daemon.
-
-
-## Create a Service Account
-
-1. In the enterprise Console under **Configure -> Service Accounts**, Click **+ Add Service Account**. You can choose an existing user for the service account to impersonate, or create a new user. Note that a new user will not be synced to your IdP.
-
-1. The Enterprise Console will display the service account token. Be sure to store it securely now, as you cannot view it again after this point.
-
-1. Grant the service account the appropriate [role](/enterprise/concepts.md#rbac-for-enterprise-console-users) on the Namespace(s) it will operate against.
-
-::: tip
-Service accounts created in any Namespace other than **Global** will include a reference to that Namespace ID. You must specify the entire user ID (i.e. `design-api@bff1bea6-a3d6-232d-812c-b4fd8e26d72e.pomerium`) when using the service account.
-:::
-
-## Install The Library
-
-:::: tabs
-::: tab Python
-```bash
-pip3 install git+https://git@github.com/pomerium/enterprise-client-python
-```
-:::
-::: tab Go
-```bash
-go get github.com/pomerium/enterprise-client-go
-```
-:::
-::::
-
-## Test the API Connection
-
-The repositories for our [Python][client-py] and [Go][client-go] implementations include example scripts:
-
-:::: tabs
-::: tab Python
-```python
-#!/usr/bin/env python
-
-import os
-from pomerium.client import Client
-from pomerium.pb.policy_pb2 import ListPoliciesRequest
-from pomerium.pb.namespaces_pb2 import ListNamespacesRequest
-from pomerium.pb.routes_pb2 import SetRouteRequest, Route
-
-# get custom CA and service account credentials from environment
-ca_cert = os.getenv('CA_CERT', '').encode('utf-8')
-sa = os.getenv('SERVICE_ACCOUNT', '')
-console_api = 'console-api.localhost.pomerium.io'
-
-client = Client(console_api, sa, root_certificates=ca_cert)
-
-# get id for namespace 'Production'
-resp = client.NamespaceService.ListNamespaces(ListNamespacesRequest())
-ns = [n for n in resp.namespaces if n.name == 'Production'][0]
-
-# find policy named 'my policy' in namespace 'Production'
-resp = client.PolicyService.ListPolicies(
-    ListPoliciesRequest(query='my policy', namespace=ns.id)
-)
-policy = resp.policies[0]
-
-# set route in namespace 'Production', associated to 'my policy'
-route = Route(**{
-    'namespace_id': ns.id,
-    'name': 'my route',
-    'from': 'https://test.localhost.pomerium.io',
-    'to': ['https://verify.pomerium.com'],
-    'policy_ids': [policy.id],
-    'pass_identity_headers': True,
-})
-
-resp = client.RouteService.SetRoute(SetRouteRequest(route=route))
-print(resp)
-```
-:::
-::: tab Go
-```go
-package main
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"os"
-
-	pb "github.com/pomerium/enterprise-client-go/pb"
-
-	client "github.com/pomerium/enterprise-client-go"
-)
-
-var serviceAccountToken = os.Getenv("SERVICE_ACCOUNT")
-var target = "console-api.localhost.pomerium.io:443"
-
-func main() {
-	err := run()
-	if err != nil {
-		fmt.Printf("%s\n", err)
-	}
-}
-
-func run() error {
-
-	ctx := context.Background()
-
-	tlsConfig := &tls.Config{InsecureSkipVerify: true}
-
-	p, err := client.NewClient(ctx, target, serviceAccountToken, client.WithTlsConfig(tlsConfig))
-	if err != nil {
-		return fmt.Errorf("failed to connect: %w", err)
-	}
-
-	nsResp, err := p.NamespaceService.ListNamespaces(ctx, &pb.ListNamespacesRequest{})
-	if err != nil {
-		return fmt.Errorf("could not list namespaces: %w", err)
-	}
-
-	var productionNamespaceId string
-	for _, n := range nsResp.GetNamespaces() {
-		if n.GetName() == "Production" {
-			productionNamespaceId = n.GetId()
-		}
-	}
-
-	if productionNamespaceId == "" {
-		return fmt.Errorf("could not find production namespace")
-	}
-
-	policyName := "my policy"
-	var policyId string
-	polResp, err := p.PolicyService.ListPolicies(ctx, &pb.ListPoliciesRequest{Namespace: productionNamespaceId, Query: &policyName})
-	if err != nil {
-		return fmt.Errorf("failed to find policy: %w", err)
-	}
-	if len(polResp.GetPolicies()) == 0 {
-		return fmt.Errorf("no policy named '%s' found", policyName)
-	}
-
-	policyId = polResp.GetPolicies()[0].GetId()
-
-	passIdHeaders := true
-	newRoute := &pb.Route{
-		NamespaceId:         productionNamespaceId,
-		Name:                "my route",
-		From:                "https://test.localhost.pomerium.io",
-		To:                  []string{"https://verify.pomerium.com"},
-		PolicyIds:           []string{policyId},
-		PassIdentityHeaders: &passIdHeaders,
-	}
-
-	routeResp, err := p.RouteService.SetRoute(ctx, &pb.SetRouteRequest{Route: newRoute})
-	if err != nil {
-		return fmt.Errorf("could not create route: %w", err)
-	}
-
-	fmt.Printf("created route id: %s\n", routeResp.Route.GetId())
-	return nil
-}
-```
-:::
-::::
-
-Modify the example script to match your console API path, Namespace(s) and Policy names.
-
-[tls-*]: /enterprise/reference/config.md#tls-ca
-[client-py]: https://github.com/pomerium/enterprise-client-python
-[client-go]: https://github.com/pomerium/enterprise-client-go
-
-## More Information
-
-To see all endpoints available for both the Python and Go libraries, see the [gRPC API Reference](https://github.com/pomerium/enterprise-client/blob/update_docs_template/API.md).
\ No newline at end of file
diff --git a/docs/enterprise/changelog.md b/docs/enterprise/changelog.md
deleted file mode 100644
index d9448a1f3..000000000
--- a/docs/enterprise/changelog.md
+++ /dev/null
@@ -1,91 +0,0 @@
----
-title: Changelog
-sidebarDepth: 0
----
-
-# Changelog
-
-## 0.17.0
-
-### New
-- Pomerium Enterprise now requires a valid license to start.
-
-### Updated
-
-- Route and Policy screens have been redesigned for better UX.
-
-## 0.16.0
-
-### New
-
-- Devices: It is now possible to manage, enroll, approve, and write authorization policy for device identity.
-- Signing keys can now be dynamically pulled from the Authenticate service's JWKS endpoint.
-- Added the ability to write PPL policy for HTTP method and path contexts.
-
-### Updated
-
-- Policies can now incorporate device identity and approval status.
-- Routes certificate UI now shows the matching TLS certificate used.
-- Routes now has Kubernetes service account token field
-- Metric addresses are now shown in the runtime info dashboard.
-- Envoy was upgraded to 1.20.1.
-- The code editor now supports dark mode.
-- Various UI style improvements and fixes.
-
-### Fixed
-
-- `--tls-insecure-skip-verify` was not applied to databroker connections.
-- Fixed a bug in the host rewrite code (thank you @rankinc for reporting).
-- Fixed a bug in the way timeout fields were being displayed.
-- Fixed a bug in the way route header fields were being ordered.
-
-### Fixed
-
-## 0.15.2
-
-### Fixed
-
-- A regression in the `Deployments` page loading has been corrected.
-
-## 0.15.1
-
-### Fixed
-
-- Tracing settings now persist correctly.
-
-### Updated
-
-- Support configuring multiple audiences for the console.
-- Improved configuration validation.
-- Various UI style improvements.
-
-## 0.15.0
-
-### New
-
-- [Telemetry] - View real time metrics and status from Pomerium components inside the Enterprise Console.
-- More expressive policy syntax: Pomerium's new extended [policy language] allows more complex policies to be configured, along with non-identity based conditions for access.
-- Support for [Google Cloud Serverless] configuration on routes.
-- Support for [SPDY] configuration on routes.
-- More consistent filtering and sorting across [resource listing pages][runtime].
-
-### Updated
-
-- Certificate Management - Certificates with overlapping SAN names are no longer permitted.
-- [Policies] - New editing screen supports Wizard based, Text based or Rego based policy.
-- Policies - Only global administrators may manage Rego based policies.
-- Policies - Support time based criteria.
-- [Service Accounts] - Simplified UI.
-- Service Accounts - Support token expiration time.
-- Service Accounts - Namespace support.
-- Impersonation - Impersonation is now done on an individual session basis.
-- Various other bug fixes and improvements.
-
-[`signing key`]: /reference/readme.md#signing-key
-[google cloud serverless]: /reference/readme.md#enable-google-cloud-serverless-authentication
-[policies]: /enterprise/reference/manage.md#policies-2
-[policy language]: /enterprise/reference/manage.md#pomerium-policy-language
-[runtime]: /enterprise/reference/reports.md#runtime
-[service accounts]: /enterprise/concepts.md#service-accounts
-[spdy]: /reference/readme.md#spdy
-[telemetry]: /enterprise/reference/reports.md#traffic
diff --git a/docs/enterprise/concepts.md b/docs/enterprise/concepts.md
deleted file mode 100644
index bfefcd109..000000000
--- a/docs/enterprise/concepts.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-title: Concepts
-sidebarDepth: 1
-description: Learn how Pomerium Enterprise works.
----
-
-# Concepts
-
-## Namespaces
-
-In Pomerium Enterprise, a **Namespace** is a cornerstone organization unit. They are container objects that behave similar to a unix directory structure.
-
-In each Namespace, administrators can create organizational units where users and groups can be added. Namespaces enable fine-grained role based access control and management (**RBAC**) to managing Pomerium. The structure and hierarchy of namespaces empower teams to self-service the routes and policies pertinent to them. Namespaces can can also be used to optionally or mandatorily inherit from their parent permission or policies.
-
-Namespaces enable:
-
-- Self-Service.
-- Hierarchical policy enforcement (both enforced, and optional),
-- Policy organization.
-- [RBAC](https://en.wikipedia.org/wiki/Role-based_access_control) for the Enterprise Console itself.
-
-Each of these sub-concepts are related and build on each other to form a unified security model.
-
-See [Reference: Namespace] for more information.
-
-### Self-Service Capabilities
-
-One of the benefits of an identity-aware access proxy is that, once in place, developers and owners of enterprise applications have an incentive to configure their services to be accessible via the proxy.
-
-Self-service has [several benefits](https://www.usenix.org/system/files/login/articles/login_winter16_05_cittadini.pdf):
-
-- Frees global administrators from continuously modifying the configuration per user requests
-- Encourages service owners to own their own route configuration and policy
-- Ensures a reasonable compromise between development velocity and security controls
-
-Unlike with a VPN, or network driven access control mechanisms, application owners (with limited access permissions managed through namespaces) can maintain route and policy configuration for their own services, while higher level operations, security, and identity teams are able to enforce higher level authorization and access policies.
-
-### Hierarchical Policy Enforcement
-
-Hierarchical policy lets administrators enforce inheritable authorization policy. Policies can be optional (self-select), or mandatory.
-
-Identities and their group memberships are defined by your Identity Provider (**IdP**). Pomerium looks to your IdP for identity information, so policies defined using groups are always up-to-date with the access management defined upstream.
-
-Consider this scenario: you want to enable your security team to manage high level corporate policy while enabling application owners to set finer grained user access to their specific applications. Pomerium can help you do that!
-
-Your security team can enact top level security policies to ensure, everyone:
-
-   - has a `yourcompany.com` email account,
-   - isn't coming from a known bad actor IP address,
-
-From there, the security team delegates management of child [Namespaces](#namespaces) to application teams, providing flexibility to self-manage their own application [Routes](#routes) and [Policies](#policies).
-
-For example, a developer group can be given control to determine who has access to their Namespace, and create or edit Routes within it. They can provide authentication and authorization to their WiP app without writing new authorization code.
-
-Meanwhile, the CFO is given [manager](#manager) permissions over the "Accounting" Namespace, and can set enforced or optional policies for the services within.
-
-### RBAC for Enterprise Console Users
-
-- Namespaces are also used to achieve Role Based Access Control (**RBAC**) in the console itself.
-- There are three different roles:
-
-#### Guest (no role)
-
-Users who are authenticated by your IdP but do not have a role assigned in Pomerium Enterprise can still view the list of Namespaces, but nothing else.
-
-#### Viewer
-
-A user with the Viewer role can:
-
-- view all resources in a Namespace (Routes, Policies, Certificates), including child Namespaces
-- view traffic dashboard for routes in the Namespace, including child Namespaces
-- view the activity log for a namespace.
-
-#### Manager
-
-In addition to the access provided by the Viewer role, a Manager can create, read, update, and delete routes, policies, and certificates in a Namespace (as well as its children). A Manager may also reference policies and certificates in the parent Namespace.
-
-::: warning
-Managers in any Namespace should note: while creating a route for an [upstream](/docs/glossary.md#upstream-downstream) path prevents additional routes to that path *in the same namespace*, Managers in other namespaces can create alternate routes to the same path.
-
-If you need to ensure that access to a service is only accessible from a single route, consider implementing [Mutual Authentication](/docs/topics/mutual-auth.md) between Pomerium and the upstream service. This can be achieved using one of several methods, including [mTLS](/guides/upstream-mtls.md) and [JWT verification](/guides/jwt-verification.md). You can also utilize a service mesh like [Istio](/guides/istio.html)
-:::
-
-#### Admin
-
-An Admin user has permissions across all Namespaces. They can manage global settings, sessions, and service accounts, as well as view events and runtime data.
-
-## Users and Groups
-
-Pomerium populates users and groups from your IdP. This data is cached to prevent hitting API rate-limits, ensure policy enforcement performance, and provides look-ahead support when adding users or groups to [Namespaces](#namespaces) and [Policies](#policies).
-
-### Non-Domain Users
-
-You may encounter a situation where you may want to add users that are not directly associated with your corporate identity provider service. For example, if you have a corporate GSuite account and want to add a contractor with a gmail account. In this case, there are two workarounds:
-
-- Create a group within your identity provider directly with the non-domain users in it. This group can be found and added to Namespaces and Policies.
-- Manually add the user's unique ID. Identify the ID from a user's Session Details page, or the [Sessions](/enterprise/reference/reports.md#sessions) page in Pomerium Enterprise.
-
-   A user can see their session ID by navigating to the special `/.pomerium` URL endpoint from any Pomerium managed route. The unique ID is listed as "Sub" under User Details:
-
-   ![The User Details page, showing the "sub" data](./img/session-details.png)
-
-## Service Accounts
-
-Service accounts provides bearer token based authentication for machine-to-machine communication through Pomerium to your protected endpoints. They can provide auth for monitoring services, create API integrations, and other non-human driven scripts or services.
-
-A service account identity can either be based on a user entry in your IdP Directory, or exist as a custom identity managed in a Pomerium Console [Namespace](#namespaces).
-
-## Routes
-
-Routes define the connection pathway and configuration from the internet to your internal service. As a very basic level, a route sends traffic from `external-address.company.com` to `internalService-address.localdomain`, restricted by the policies associated with it, and encrypted by your TLS certificates. But more advanced configurations allow identity header pass-through, path and prefix rewrites, request and response header modification, load balancer services, and other full featured ingress capabilities.
-
-For more information, see [Reference: Routes]
-
-### Protected Endpoints
-
-This term refers to the system or service the route provides or restricts access to.
-
-### Moving Routes
-
-When moving a Route from one [Namespace](#namespaces) to another, enforced policies will automatically be removed or applied. Optional policies available in the source Namespace but not the target will prevent the move. This is intentional to prevent unassociated policies.
-
-## Policies
-
-A Policy defines who has access to what based on the identity of the user, their device, and the associated request context.
-
-Policies can be applied to [Routes](#routes) directly, or enforced within a [Namespace](#namespaces). Policies allow operators to add authorization and access control to a single, or collection of routes.
-
-To learn more about how to create Policies in Pomerium Enterprise, see [Reference: Policies].
-
-## Access control
-
-Authentication and authorization are similar concepts that are often used interchangeably.
-
-**Authentication** is the process of determining if you are who you say you are.
-
-**Authorization** is the process of determining if you are allowed to do the thing you are trying to do.
-
-Pomerium provides a standardized interface to add access control, regardless if an application itself has authorization or authentication baked in, so developers can focus on their app's functionality, not reinventing access control.
-
-### Authentication
-
-Pomerium provides authentication via your existing identity provider (Pomerium supports all major [single sign-on](/docs/identity-providers/readme.md) providers (Okta, G Suite, Azure, AD, Ping, Github and so on).
-
-### Authorization
-
-Authorization policy can be expressed in a high-level, [declarative language](/enterprise/reference/manage.md#pomerium-policy-language) or [as code](/enterprise/reference/manage.md#rego) that can be used to enforce ABAC, RBAC, or any other governance policy controls. Pomerium can make holistic policy and authorization decisions using external data and request context factors such as user groups, roles, time, day, location and vulnerability status.
-
-Pomerium enables zero trust based access in which trust flows from identity, device-state, and context, not network location. Every device, user, and application's communication should be authenticated, authorized, and encrypted.
-
-With Pomerium:
-
-- requests are continuously re-evaluated on a per-request basis.
-- authorization is identity and context aware; pomerium can be used to integrate data from any source into authorization policy decisions.
-- trust flows from user and device identity, not network location. Every device, user, and application's communication should be authenticated, authorized, and encrypted.
-- Pomerium provides detailed audit logs for all activity in your environment. Quickly detect anomalies to mitigate bad actors and revoke access with a click of a button. Simplify life-cycle management and access reviews.
-
-[Reference: Policies]: /enterprise/reference/manage.md#policies-2
-[Reference: Namespace]: /enterprise/reference/configure.md#namespaces
-[Reference: Routes]: /enterprise/reference/manage.md#routes
\ No newline at end of file
diff --git a/docs/enterprise/console-settings.yaml b/docs/enterprise/console-settings.yaml
deleted file mode 100644
index 012061772..000000000
--- a/docs/enterprise/console-settings.yaml
+++ /dev/null
@@ -1,469 +0,0 @@
-settings:
-- name: Reports
-  settings:
-  - name: Traffic
-    doc: |
-      View the traffic running through Pomerium. Filter by [Route][route-concept] name, or date range.
-
-      ![The Traffic page in Pomerium Enterprise](./img/traffic-fullpage.png)
-    uuid: fbf40372-9895-4ca7-95d3-5e18f8f56413
-  - name: Runtime
-    doc: |
-      Monitor how many system resources Pomerium is consuming. Filter by date range, service, and instance.
-
-      ![The Runtime Info page in Pomerium Enterprise](./img/runtime-fullpage.png)
-    uuid: 2edcf120-b62c-464b-a3a7-e5b14e3e6400
-  - name: Sessions
-    doc: |
-      View active Sessions. From here you can revoke sessions, filter by session or user information, or revoke one or multiple sessions. You can also export the data.
-
-      ![The Sessions page in Pomerium Enterprise](./img/sessions-fullpage.png)
-    uuid: d11acb05-65cc-4c65-9f92-4b1f08b622ef
-  - name: Events
-    doc: |
-      The events page displays the log output of Envoy as it process changes from Pomerium and applies updates to the underlying services.
-
-      ![The Events page in Pomerium Enterprise](./img/events-fullpage.png)
-
-      The most common updates are to Pomerium Proxy services, which are updated every time a Route or Policy is created or updated.
-
-      The value under **Resource ID** will usually match the resource ID of a [Policy][policy-reference], visible in the Policy under **Change History** or in the URL. A value of "Pomerium Restarted" refers to when services are reloaded, usually due to a system update.
-    uuid: 219f8dd6-38d4-4dc3-98a6-98cca314c49e
-  - name: Deployments
-    doc: |
-      From the **Deployment History** page administrators can review changes made to their Pomerium configuration.
-
-      The default view shows all changes made through Pomerium Enterprise. Use the **COMPARE** button next to an entry to filter to only changes that affected that resource. Select two versions of that resource, then **DIFF** to see what changed:
-
-      ![A screenshot showing the diff of a change to a route, adding a policy](./img/deployment-diff.png)
-    uuid: c812c87e-ec06-4091-b1fe-e206e43103d5
-  uuid: e15ae275-fa57-40d3-b2f7-ce24799ccf79
-- name: Manage
-  settings:
-  - name: Routes
-    doc: |
-      A [Route](/enterprise/concepts.md#routes) defines how to access a service running behind Pomerium. This includes authentication (both for Pomerium and passed through to the service), rewrites, header management, load balancing, etc.
-
-      When first installing Pomerium Enterprise, users may want to import existing routes from the open-source Pomerium core. The **Import Routes** button accepts the open-source `config.yaml` file and imports routes from it to Pomerium Enterprise.
-
-      From the main Routes page you can view and manage existing routes. From the table of routes you can:
-        - filter visible routes,
-        - delete one or more routes,
-        - move routes between Namespaces,
-        - export one or more route definitions to a CSV file,
-        - create a JSON-formatted policy report on one or more selected routes.
-
-      The sections below cover the options available when creating or editing a route.
-    settings:
-    - name: General
-      doc: |
-        The **General** tab defines the route path, both from the internet and to the internal service, and the policies attached. Note that policies enforced on a [Namespace][namespace-reference] the route resides in will also be applied.
-      settings:
-      - name: Name
-        doc: This value is only visible in the Console UI.
-        more: /enterprise/reference/manage.html#name
-        uuid: 3f59881a-24b4-41a0-b92f-1d36a69b76e8
-      - name: From
-        uuid: b9c54c4e-28ad-4a8b-aa65-3aa7f8b1f032
-      - name: Metrics Name
-        doc: |
-          Once a Route is created, the Metric Name field will populate. You can use this name to scrape the Prometheus service for metrics on this Route when making custom dashboards.
-        uuid: 7df15eef-3070-4353-822d-c2745386e0db
-      - name: To
-        uuid: 9c0201e0-b5fa-4027-a1e7-f115a3f70969
-      - name: Redirect
-        uuid: 72d885ce-8cd3-41a7-b7d0-0953ce49f8de
-      - name: Pass Identity Headers
-        uuid: 12e599f2-8bcc-4061-ba88-998c2671109c
-      - name: Policies
-        doc: Add or remove Policies to be applied to the Route. Note that Policies
-          enforced in the Route's Namespace will be applied automatically.
-        more: /enterprise/reference/manage.html#policies-2
-        uuid: c7340a01-2942-4ffe-bbf6-f97f0fec1e75
-      - name: Enable Google Cloud Serverless Authentication
-        uuid: 416405ec-74c3-47cb-899e-34bebaff26bf
-      uuid: fd86b6ea-fe73-4222-a675-5493c7dbd105
-    - name: Matchers
-      settings:
-      - name: Path
-        uuid: e5c805e5-4f7f-4fce-ba33-d3f1f47f5d35
-      - name: Prefix
-        uuid: 3a2bc400-d1bc-4249-a813-9777cfca7779
-      - name: Regex
-        uuid: 13dbfeb0-a8a0-4c97-9bb9-52aa3f22c7cc
-      uuid: 0bbff866-b7b9-4fdf-b8e5-b6d4f2475855
-    - name: Rewrite
-      settings:
-      - name: Prefix Rewrite
-        uuid: 3fb98409-89ae-47ae-b9ff-44f07f833492
-      - name: Regex Rewrite Pattern
-        keys: [regex_rewrite_pattern]
-        doc: |
-          The pattern to match before rewriting, ex: `^/service/([^/]+)(/.*)$`.
-        uuid: 5cd03f7c-b474-45fd-aef0-c1ee15f2eaf2
-      - name: Regex Rewrite Substitution
-        keys: [regex_rewrite_substitution]
-        doc: |
-          The substitution for your regex pattern, ex: `\\2/instance/\\1`.
-        uuid: 71cdc7a9-d72e-407c-99f0-36e3a5ef1f41
-      uuid: b9ee5ae3-e90d-40f1-8df3-91d26ebe85cd
-    - name: Timeouts
-      settings:
-      - name: Allow Websockets
-        keys: [allow_websockets]
-        uuid: f42c273d-7c3d-471c-a28e-75b8c9e771f3
-      - name: Allow SPDY
-        keys: [allow_spdy]
-        uuid: ca7bf8ec-e123-4171-b22b-00c24a6a0d96
-      - name: Timeout
-        keys: [timeout]
-        uuid: 2b38fd23-24b0-4830-b924-0de802402191
-      - name: Idle Timeout
-        keys: [idle_timeout]
-        uuid: 25d0d973-9add-4efb-abaa-d526a41b3c4e
-      uuid: d93421db-ae13-4978-8d22-91561cc9eb61
-    - name: Headers
-      settings:
-      - name: Host Headers
-        keys: [host_rewrite]
-        uuid: 399e48ea-e6f3-4ab9-b007-714ed7428168
-      - name: Set Request Headers
-        uuid: 6acc6aa7-6cde-4849-b960-63103e3f00ee
-      - name: Remove Request Headers
-        uuid: c593bd77-b333-40c7-95bb-0ba41bf270e3
-      - name: Rewrite Response Headers
-        uuid: 1a9d6b6e-8d79-4ece-92c3-1d36d9c58af6
-      uuid: e8022486-c36d-4fad-970f-6412b7b156a2
-    - name: Load Balancer
-      settings:
-      - name: Load Balancing Policy
-        uuid: b4563876-813c-4eab-85e1-7c74efeb4412
-      uuid: ef865e68-a544-4482-b331-6acf5e723d3a
-    uuid: 99cab2ec-f8e6-4bcb-aa1d-2eba94948f49
-  - name: Policies
-    keys: [Policy]
-    doc: |
-      A [Policy](/enterprise/concepts.md#policies) defines what permissions a set of users or groups has. Policies are applied to Namespaces or Routes to associate the set of permissions with a service or set of service, completing the authentication model.
-
-      Policies can be constructed three ways:
-
-      ### Web UI
-
-      From the **BUILDER** tab, users can add allow or deny blocks to a policy, containing and/or/not/nor logic to allow or deny sets of users and groups.
-
-      ![A policy being constructed in Pomerium Enterprise allowing a single user access](./img/example-policy-single-user.png)
-
-      ### Pomerium Policy Language
-
-      From the **EDITOR** tab users can write policies in Pomerium Policy Language (**PPL**), a YAML-based notation.
-
-      ![A policy as viewed from the editor tab](./img/example-policy-editor.png)
-
-      PPL documents contain one or more rules. Each rule has a corresponding action and one or more logical operators.
-      Each logical operator contains criteria and each criterion has a name and corresponding data.
-
-      PPL documents are defined via YAML:
-
-      ```yaml
-      - allow:
-          or:
-            - email:
-                is: x@example.com
-            - email:
-                is: y@example.com
-      ```
-
-      The available rule actions are:
-
-      - `allow`
-      - `deny`
-
-      The available logical operators are:
-
-      - `and`
-      - `or`
-      - `not`
-      - `nor`
-
-      The available criteria types are:
-
-      - `accept`
-      - `authenticated_user`
-      - `claim`
-      - `date`
-      - `day_of_week`
-      - `domain`
-      - `email`
-      - `groups`
-      - `http_method`
-      - `http_path`
-      - `reject`
-      - `time_of_day`
-      - `user`
-
-      Some criteria also support a sub-path as part of the criterion name:
-
-      ```yaml
-      - allow:
-          or:
-            - claim/family_name: Smith
-      ```
-
-      ### Rego
-
-      For those using [OPA](https://www.openpolicyagent.org/), the **REGO** tab will accept policies written in Rego.
-
-      ::: tip
-      A policy can only support PPL or Rego. Once one is set, the other tab is disabled.
-      :::
-
-      ::: details Example Rego Policy
-
-      This example policy compares the `given_name` claim from a user's session against a list of popular first names, and only allows the 100 most popular first names.
-
-      ```rego
-      package pomerium.policy
-
-      session = s {
-        s = gset_databroker_record("type.googleapis.com/user.ServiceAccount", input.session.id)
-        s != null
-      } else = s {
-        s = get_databroker_record("type.googleapis.com/session.Session", input.session.id)
-        s != null
-      } else = {} {
-        true
-      }
-
-      user = u {
-        u = get_databroker_record("type.googleapis.com/user.User", session.user_id)
-      } else = {} {
-        true
-      }
-
-      allow = [true, {"custom-rego-authorized"}] {
-        # grab all the claims from the user and session objects
-        session_claims := object.get(session, "claims", {})
-        user_claims := object.get(user, "claims", {})
-        all_claims := object.union(session_claims, user_claims)
-
-        # get the given_name claim. claim values are always an array of strings
-        given_names := object.get(all_claims, "given_name", [])
-
-        # query a JSON dump of the most popular baby names from 2020
-        response := http.send({
-          "method": "GET",
-          "url": "https://raw.githubusercontent.com/aruljohn/popular-baby-names/master/2020/boy_names_2020.json",
-          "force_json_decode": true,
-        })
-
-        # only include the top 100 names
-        all_names := response.body.names
-        popular_names := array.slice(all_names, 0, 99)
-
-        # check that there's a given name in the popular names
-        some i
-        some j
-        popular_names[i] == given_names[j]
-      } else = [false, {"custom-rego-unauthorized"}] {
-        session.id != ""
-      } else = [false, {"user-unauthenticated"}] {
-        true
-      }
-
-      ```
-
-      This example pulls session data from the Databroker service using `type.googleapis.com/session.Session` for users and `type.googleapis.com/user.ServiceAccount` for service accounts.
-
-      :::
-
-      ### Overrides
-
-      - **Any Authenticated User**: This setting will allow access to a route with this policy attached to any user who can authenticate to your Identity Provider (**IdP**).
-      - **CORS Preflight**: Allow unauthenticated HTTP OPTIONS requests as per the CORS spec.
-      - **Public Access**: This setting allows complete, unrestricted access to an associated route. Use this setting with caution.
-    uuid: 1710a312-0562-4a18-b5a6-bedfc54873f6
-  - name: Certificates
-    uuid: bff9a877-7c35-4b9d-80d8-ca3b2d16a2fc
-  - name: Devices
-    doc: |
-      Introduced in v0.16.0, the **Manage Devices** page lets administrators manage user devices for policy-based authorization.
-    settings:
-    - name: Manage Devices
-      doc: |
-        From this page, administrators can manage new and existing device enrollments.
-        Device enrollment let's you create [policies](/docs/topics/ppl.md#device-matcher) that use [device identity](/docs/topics/device-identity.md).
-        - Users can [self-enroll](/guides/enroll-device.md) devices, which must then be approved in the **Devices List** for policies requiring approved devices.
-        - Administrators can use the **New Enrollment** button to create a link for the user to enroll a device as pre-approved. See our [Pre-Approved Device Enrollment](/guides/admin-enroll-device.md) guide for more information.
-      more: /enterprise/reference/manage.html#manage-devices
-      uuid: 742c64e4-9441-41b0-ac6e-677b6bfe6cbb
-    - name: Devices List
-      doc: |
-        Displays the currently enrolled devices for each user, along with their current approval status.
-        Administrators can inspect, approve, or delete registered devices from this table.
-
-        ![List of user devices](./img/console-devices.png)
-      uuid: dd10552e-c7f8-4cca-8c31-3ed01f31b478
-    - name: New Enrollment
-      doc: |
-        The **New Enrollment** button allows administrators to create a custom link for a specific user to use to register a new device, which will automatically be approved.
-        This scheme is known as [Trust on First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use).
-
-        ![Example device enrollment](./img/new-enrollment.png)
-      more: /guides/admin-enroll-device.html
-      settings:
-      - name: Search Users
-        doc: New Enrollment URLs are only valid for the specified user.
-        more: /guides/admin-enroll-device.html
-        uuid: 4d636f56-21e2-4c72-9a65-0fc9ff76823e
-      - name: Redirect URL
-        doc: '**Optional**: The URL the user will be taken to after device enrollment
-          is successful.'
-        more: /guides/admin-enroll-device.html
-        uuid: 79e3b000-79cd-4522-9336-cefb28906930
-      - name: Enrollment Type
-        doc: Specify if the user can enroll any device identity, or restrict it to
-          a [secure enclave](/docs/topics/device-identity.md#secure-enclaves).
-        more: /guides/admin-enroll-device.html
-        uuid: 69b7c84d-84aa-4a38-b830-55dfed8ad2a1
-      uuid: 4bdd0102-a593-420b-8999-51a461657dc4
-    uuid: d1eb6b9e-ab93-4beb-ab91-d1de6aa76498
-  uuid: e0dbd749-1a83-4d28-8fb9-e067f2d6daa4
-- name: Configure
-  doc: |
-    The **Configure** section of the Pomerium Enterprise Console houses settings that affect the entirety of the Console environment, i.e. across all Namespaces. Adjust these settings with care.
-  settings:
-  - name: Settings
-    doc: |
-      The **Settings** section holds global settings that affect how the Pomerium Enterprise Console runs, logs, and communicates. Values set here are applied globally, except for settings documented to override global options.
-    settings:
-    - name: Global
-      settings:
-      - name: Debug
-        uuid: 6c058151-b21b-4b65-9abc-6ab884f946c0
-      - name: HTTP Redirect Address
-        uuid: 42459dde-ebb7-4e31-9cd1-1dbf01d7a440
-      - name: DNS Lookup Family
-        uuid: 206d37b5-9a6b-4043-8dae-68ca89640e2d
-      - name: Log Level
-        uuid: 1c13dfc6-6718-412a-8091-904f703c3014
-      - name: Proxy Log Level
-        uuid: c1f29676-7bf9-4feb-bb3b-246debd9c64b
-      uuid: 77e4a8cb-447e-4f79-b6b9-e752dcc53249
-    - name: Cookies
-      settings:
-      - name: HTTPS Only
-        keys: [cookie_secure]
-        uuid: 43d28fb7-69c3-4923-b095-b0f97ec88ed4
-      - name: Javascript Security
-        uuid: 9597b118-6fa1-4dd2-bf07-68b9f582f519
-      - name: Expires
-        keys: [cookie_expire]
-        uuid: e28156d0-5175-4cdc-8a39-dcb3735d1438
-      uuid: 378293b9-6068-4a97-9fa5-75a0fa155538
-    - name: Timeouts
-      doc: Timeouts set the global server timeouts. Timeouts can also be set for individual
-        routes.
-      uuid: 58a18216-744f-4ffc-aab5-aeabd74851f1
-    - name: GRPC
-      settings:
-      - name: GRPC Server Max Connection Age
-        doc: |
-          Set max connection age for GRPC servers. After this interval, servers ask clients to reconnect and perform any rediscovery for new/updated endpoints from DNS.
-
-          See <https://godoc.org/google.golang.org/grpc/keepalive#ServerParameters> (opens new window) for details
-        uuid: 02d307d3-415f-4c0c-8d64-5f2fb96198cc
-      - name: GRPC Server Max Connection Age Grace
-        doc: |
-          Additive period with grpc_server_max_connection_age, after which servers will force connections to close.
-
-          See <https://godoc.org/google.golang.org/grpc/keepalive#ServerParameters> (opens new window) for details
-        uuid: b49ffe89-5006-4f8e-841a-d6a12d00dbb3
-      uuid: f744ee07-7d41-4016-8621-3ead4e330a95
-    - name: Tracing
-      doc: |
-        Tracing tracks the progression of a single user request as it is handled by Pomerium.
-
-        Each unit of work is called a Span in a trace. Spans include metadata about the work, including the time spent in the step (latency), status, time events, attributes, links. You can use tracing to debug errors and latency issues in your applications, including in downstream connections.
-      settings:
-      - name: Tracing Sample Rate
-        doc: |
-          Percentage of requests to sample. Default is .01%.
-
-          Unlike the decimal value notion used for the `tracing_sample_rate` [key](/reference/readme.md#shared-tracing-settings) in open-source Pomerium, this value is a percentage, e.g. a value of `1` equates to 1%
-        uuid: a214565d-9b77-4994-9c07-531bd9610dd0
-      uuid: bd62365e-1e08-4c45-9b3f-0eccbb0f8d80
-    - name: Authenticate
-      uuid: 5ce0bdf1-c73b-4994-988c-74a3c1743514
-    - name: Proxy
-      settings:
-      - name: Certificate Authority
-        keys: [certificate_authority]
-        uuid: 8b2127cd-b876-4296-b724-80101825be10
-      - name: Default Upstream Timeout
-        uuid: 11689429-03f1-4a75-9432-8c070c468ad7
-      - name: JWT Claim Headers
-        uuid: 01b24ad4-96dc-4885-b837-96ec1a5e826e
-      - name: X-Forward-For HTTP Header
-        keys: [skip_xff_append]
-        uuid: b1427fa5-4ddb-468b-a6c6-527634b374f6
-      - name: Response Headers
-        keys: [set_response_headers]
-        uuid: fe27b075-e5f0-40fe-8561-748b7ff9dae3
-      uuid: 9334d44c-919c-45af-8405-6acf19be1085
-    uuid: b0e3a449-e743-4cc2-a820-d5d470b752ab
-  - name: Service Accounts
-    doc: |
-      [Service accounts](/enterprise/concepts.md#service-accounts) offer a protected and standardized method of authenticating machine-to-machine communication between services protected by Pomerium.
-
-      ::: tip
-      Before you begin, confirm you are in the correct Namespace. A service account can only be used in the Namespace it was created in, including its children Namespaces.
-      :::
-
-      1. From the main menu, select **Service Accounts** under **CONFIGURE**. Click the **+ ADD SERVICE ACCOUNT** button:
-
-         ![The Service Accounts page](./img/console-service-account.png)
-
-      1. Service accounts can be unique and exist only for Pomerium, or impersonate directory users from your IdP.
-
-         Give the user a unique ID, or select an existing user to impersonate. Consider referencing the Namespace you're creating it under, for easier reference later. Optionally set an expiration date:
-
-         ![Adding a unique service account](./img/create-service-account.png)
-
-         The user ID set here corresponds to the `User` criteria when editing a policy.
-
-      1. After you click **Submit**, the modal presents the JSON web token (**JWT**) for the service account. Temporarily save it somewhere secure, as you will not be able to view it again:
-
-         ![Service Account Added](./img/service-account-jwt.png)
-
-         This JWT must be added to your application configuration to enable direct communication.
-
-      1. Edit or create policies to give the service account access to the internal service:
-
-        ![An example policy for a service account](./img/create-policy-1.png)
-
-        ---
-
-        ![An example policy for a service account](./img/create-policy-2.png)
-    uuid: f2a12f52-ea7a-4b44-8308-3500d653c122
-  - name: Namespaces
-    keys: [namespace]
-    doc: |
-      A [Namespace][namespace-concept] is a collection of users, groups, routes, and policies that allows system administrators to organize, manage, and delegate permissions across their infrastructure.
-
-      - Policies can be optional or enforced on a Namespace.
-         - Enforced policies are also enforced on child Namespaces, and optional policies are available to them as well.
-      - Users or groups can be granted permission to edit access to routes within a Namespace, allowing them self-serve access to the routes critical to their work.
-
-      ::: tip
-      When using an IdP without directory sync or when working with non-domain users, they will not show up in the look-ahead search. See [Non-Domain Users](/enterprise/concepts.md#non-domain-users) for more information.
-      :::
-
-    uuid: 3ffcbb2a-4c02-4c3f-b11e-0eef5c30f1bd
-  uuid: b1688ca0-aea8-4296-bc67-8c397ef969a6
-postamble: |
-  [route-concept]: /enterprise/concepts.md#routes
-  [route-reference]: /enterprise/reference/manage.md#routes
-  [namespace-concept]: /enterprise/concepts.md#namespaces
-  [namespace-reference]: /enterprise/reference/configure.md#namespaces
-  [service-accounts-concept]: /enterprise/concepts.md#service-accounts
-  [policy-reference]: /enterprise/reference/manage.md#policies-2
diff --git a/docs/enterprise/img/console-overview.gif b/docs/enterprise/img/console-overview.gif
deleted file mode 100644
index 7d1a5ff69..000000000
Binary files a/docs/enterprise/img/console-overview.gif and /dev/null differ
diff --git a/docs/enterprise/img/console-route-traffic.png b/docs/enterprise/img/console-route-traffic.png
deleted file mode 100644
index 259c48ed0..000000000
Binary files a/docs/enterprise/img/console-route-traffic.png and /dev/null differ
diff --git a/docs/enterprise/img/console-service-account.png b/docs/enterprise/img/console-service-account.png
deleted file mode 100644
index b78fb4656..000000000
Binary files a/docs/enterprise/img/console-service-account.png and /dev/null differ
diff --git a/docs/enterprise/img/console-session-list.png b/docs/enterprise/img/console-session-list.png
deleted file mode 100644
index c45617bb5..000000000
Binary files a/docs/enterprise/img/console-session-list.png and /dev/null differ
diff --git a/docs/enterprise/img/new-enrollment.png b/docs/enterprise/img/new-enrollment.png
deleted file mode 100644
index 99de9ce65..000000000
Binary files a/docs/enterprise/img/new-enrollment.png and /dev/null differ
diff --git a/docs/enterprise/img/session-details.png b/docs/enterprise/img/session-details.png
deleted file mode 100644
index 47648f81a..000000000
Binary files a/docs/enterprise/img/session-details.png and /dev/null differ
diff --git a/docs/enterprise/install/helm.md b/docs/enterprise/install/helm.md
deleted file mode 100644
index b31ad5536..000000000
--- a/docs/enterprise/install/helm.md
+++ /dev/null
@@ -1,169 +0,0 @@
----
-title: Helm
-sidebarDepth: 1
-description: Install Pomerium Enterprise in Kubernetes with Helm
----
-
-# Install Pomerium Enterprise in Helm
-
-This document covers installing Pomerium Enterprise into your existing helm-managed Kubernetes cluster. It's designed to work with an existing cluster running Pomerium, as described im [Pomerium using Helm]. Follow that document before continuing here.
-
-## Before You Begin
-
-Pomerium Enterprise requires:
-
-- An accessible RDBMS. We support PostgreSQL 9+.
-   - A database and user with full permissions for it.
-- A certificate management solution. This page will assume a store of certificates using [cert-manager] as the solution. If you use another certificate solution, adjust the steps accordingly.
-- An existing Pomerium installation. If you don't already have open-source Pomerium installed in your cluster, see [Pomerium using Helm] before you continue.
-
-
-## System Requirements
-
-One of the advantages of a Kubernetes deployment is automatic scaling, but if your database or redis solution is outside of your k8s configuration, refer to the requirements below:
-
-- Each Postgres instance should have at least:
-    - 4 vCPUs
-    - 8G RAM
-    - 20G for data files
-- Each Redis instance should have at least:
-    - 2 vCPUs
-    - 4G RAM
-    - 20G for data files
-
-## Issue a Certificate
-
-This setup assumes an existing certificate solution using cert-manager, as described in [Pomerium using Helm]. If you already have a different certificate solution, create and implement a certificate for `pomerium-console.pomerium.svc.cluster.local`. Then you can move on to [the next stage](#update-pomerium).
-
-
-1. Create a certificate configuration file for Pomerium Enterprise Our example is named `pomerium-console-certificate.yaml`:
-
-   <<< @/examples/kubernetes/pomerium-console-certificate.yaml
-
-1. Apply the required certificate configurations, and confirm:
-
-   ```bash
-   kubectl apply -f pomerium-console-certificate.yaml
-   ```
-
-   ```bash
-   kubectl get certificate
-   NAME                    READY   SECRET                 AGE
-   pomerium-cert           True    pomerium-tls           92m
-   pomerium-console-cert   True    pomerium-console-tls   6s
-   pomerium-redis-cert     True    pomerium-redis-tls     92m
-   ```
-
-## Update Pomerium
-
-1. Set your local context to your Pomerium namespace:
-
-   ```bash
-   kubectl config set-context --current --namespace=pomerium
-   ```
-
-1. Open your pomerium values file. If you followed [Pomerium Using Helm], the file is named `pomerium-values.yaml`. In the `config` section, set a list item in the `routes` block for the Enterprise Console:
-
-   ```yaml
-     routes:
-       - from: https://console.localhost.pomerium.com
-         to: https://pomerium-console.pomerium.svc.cluster.local
-         policy:
-           - allow:
-               or:
-                 - domain:
-                     is: companydomain.com
-         pass_identity_headers: true
-   ```
-
-1. If you haven't already, set `generateSigningKey` as false, and set a static `signingKey` value to be shared with the Enterprise Console. See [Reference: Signing Key](/reference/readme.md#signing-key) for information on generating a key:
-
-   ```yaml
-   config:
-    ...
-    generateSigningKey: false
-    signingKey: "LR0tMS1BRUdHTiBFQ...."
-    ...
-   ```
-
-   If `signingKey` wasn't already set, delete the generated `pomerium-signing-key` secret and restart the `pomerium-authorize` deployment:
-
-   ```bash
-   kubectl delete secret pomerium-signing-key
-   kubectl rollout restart deployment pomerium-authorize
-   ```
-
-1. Use Helm to update your Pomerium installation:
-
-   ```bash
-   helm upgrade --install pomerium pomerium/pomerium --values=./pomerium-values.yaml
-   ```
-
-## Install Pomerium Enterprise
-
-1. Create `pomerium-console-values.yaml` as shown below, replacing placeholder values:
-
-   ```yaml
-   database:
-     type: pg
-     username: pomeriumDbUser
-     password: IAMASTRONGPASSWORDLOOKATME
-     host: 198.51.100.53
-     name: pomeriumDbName
-     sslmode: require
-   config:
-     sharedSecret: #Shared with Pomerium
-     databaseEncryptionKey:  #Generate from "head -c32 /dev/urandom | base64"
-     administrators: "youruser@yourcompany.com" #This is a hard-coded access, remove once setup is complete
-     signingKey: "ZZZZZZZ" #This base64-encoded key is shared with open-source Pomerium
-     audience: console.localhost.pomerium.com # This should match the "from" value in your Pomerium route, excluding protocol.
-     licenseKey: "XXXYYYYZZZZ" # This should be provided by your account team.
-   tls:
-     existingCASecret: pomerium-tls
-     caSecretKey: ca.crt
-     existingSecret: pomerium-console-tls
-     generate: false
-   image:
-     pullUsername: pomerium/enterprise
-     pullPassword: your-access-key
-   ```
-
-1. The Pomerium repository should already be in your Helm configuration per [Pomerium using Helm]. If not, add it now:
-
-   ```bash
-   helm repo add pomerium https://helm.pomerium.io
-   helm repo update
-   ```
-
-1. Install Pomerium Enterprise:
-
-   ```bash
-   helm install pomerium-console pomerium/pomerium-console --values=pomerium-console-values.yaml
-   ```
-
-1. If you haven't configured a public DNS record for your Pomerium domain space, you can use `kubectl` to generate a local proxy:
-
-   ```bash
-   sudo -E kubectl --namespace pomerium port-forward service/pomerium-proxy 443:443
-   ```
-
-1. When visiting `https://console.localhost.pomerium.io`, you should see the Traffic:
-
-   ![The Traffic List page after installing Pomerium Enterprise](../img/console-route-traffic.png)
-
-## Troubleshooting
-
-### Updating Service Types:
-
-If, while updating the open-source Pomerium values, you change any block's `service.type` you may need to manually delete corresponding service before applying the new configuration. For example:
-
-```bash
-kubectl delete svc pomerium-proxy
-```
-
-[Pomerium using Helm]: /docs/k8s/helm.md
-[cert-manager]: https://cert-manager.io/docs/
-
-### Generate Recovery Token
-
-!!!include(generate-recovery-token.md)!!!
diff --git a/docs/enterprise/install/img/recovery-token.png b/docs/enterprise/install/img/recovery-token.png
deleted file mode 120000
index b89316549..000000000
--- a/docs/enterprise/install/img/recovery-token.png
+++ /dev/null
@@ -1 +0,0 @@
-../../../partials/img/recovery-token.png
\ No newline at end of file
diff --git a/docs/enterprise/install/quickstart.md b/docs/enterprise/install/quickstart.md
deleted file mode 100644
index fba86ae84..000000000
--- a/docs/enterprise/install/quickstart.md
+++ /dev/null
@@ -1,220 +0,0 @@
----
-title: Quickstart
-sidebarDepth: 1
-description: Demo Pomerium Enterprise
----
-
-# Pomerium Enterprise Quickstart
-
-## Before You Begin
-
-This document assumes:
-
-- A non-containerized environment, either your local computer or a virtual machine (**vm**). While Pomerium is designed to scale with your production environment, we'll leave containerization and infrastructure as code (**IaC**) out for now, to focus on learning how Pomerium Enterprise works.
-   - `root` or `sudo` privileges on the host.
-- You already have the open-source Pomerium base installed. If not, follow [this doc](/docs/install/binary.md) before you continue.
-   - While an existing route is not required, we suggest implementing one test route to validate your identity provider (**IdP**) configuration.
-- Pomerium Enterprise requires a relational database. PostgreSQL 9+ is supported.
-   - Securing the database connection with TLS may not be required, especially for a local installation, but is strongly recommended for production deployments. Therefor, this guide will assume a TLS-secured database connection.
-- A supported data broker backend. Currently we support Redis.
-   - As with the database, TLS encryption is strongly recommended for production deployments.
-
-## Requirements
-
-- Pomerium Enterprise requires Linux amd64/x86_64. It can manage Pomerium instances on other platforms, however.
-- Each Console instance should have at least:
-    - 4 vCPUs
-    - 8G RAM
-    - 100G of disk wherever logs are stored
-- Each Postgres instance should have at least:
-    - 4 vCPUs
-    - 8G RAM
-    - 20G for data files
-- Each Redis instance should have at least:
-    - 2 vCPUs
-    - 4G RAM
-    - 20G for data files
-
-## Install Pomerium Enterprise
-
-Pomerium publishes standard OS packages for RPM and DEB based systems. The repositories require authentication via username and access key. These credentials will be issued to you during the onboarding process.
-
-:::: tabs
-
-::: tab deb
-
-1. To automatically configure the repository for Debian and Ubuntu distributions, run the following command replacing `[access-key]`:
-
-   ```bash
-   curl -1sLf \
-   'https://dl.cloudsmith.io/[access-key]/pomerium/enterprise/setup.deb.sh' \
-   | sudo -E bash
-   ```
-
-   Or to manually configure, you can manually import the apt key, then create a new `.list` file in `/etc/apt/source.list.d`. Make sure to replace the distro and version:
-
-   ```bash
-   curl -1sLf 'https://dl.cloudsmith.io/[access-key]/pomerium/enterprise/gpg.B1D0324399CB9BC3.key' | apt-key add -
-
-   echo "deb https://dl.cloudsmith.io/[access-key]/pomerium/enterprise/deb/debian buster main" | sudo tee /apt/sources.list.d/pomerium-console.list
-   ```
-
-1. Update `apt` and install Pomerium Enterprise:
-
-   ```bash
-   sudo apt update; sudo apt install pomerium-console
-   ```
-
-:::
-
-
-::: tab yum
-
-1. To automatically configure the repository for RHEL based distributions, run the following command replacing `[access-key]`:
-
-   ```bash
-   curl -1sLf \
-   'https://dl.cloudsmith.io/[access-key]/pomerium/enterprise/setup.rpm.sh' \
-   | sudo -E bash
-   ```
-
-   Or to manually configure:
-
-   ```bash
-   yum install yum-utils pygpgme
-   rpm --import 'https://dl.cloudsmith.io/[access-key]/pomerium/enterprise/gpg.B1D0324399CB9BC3.key'
-   curl -1sLf 'https://dl.cloudsmith.io/[access-key]/pomerium/enterprise/config.rpm.txt?distro=el&codename=8' > /tmp/pomerium-enterprise.repo
-   yum-config-manager --add-repo '/tmp/pomerium-enterprise.repo'
-   yum -q makecache -y --disablerepo='*' --enablerepo='pomerium-enterprise'
-   ```
-
-1. Update refresh and install:
-
-   ```bash
-yum -y install pomerium-console
-   ```
-
-:::
-
-::::
-
-### System Service
-
-Once the package is installed, enable and start the system service:
-
-```bash
-sudo systemctl enable --now pomerium-console
-```
-
-## Initial Configuration
-
-Like the open-source Pomerium base, Pomerium Enterprise is configured through a single config file, located at `/etc/pomerium-console/config.yaml`.
-
-
-### Update Pomerium
-
-Open your Pomerium config file, `/etc/pomerium/config.yaml`.
-
-1. Add a list item in the `routes` block for the Enterprise Console:
-
-   ```yaml
-     routes:
-       - from: https://console.localhost.pomerium.com
-         to: https://localhost:8701
-         policy:
-           - allow:
-               or:
-                 - domain:
-                     is: companydomain.com
-         pass_identity_headers: true
-   ```
-
-   The example value for `to:` assumes Pomerium and Pomerium Enterprise are running on the same test environment.
-
-1. If you haven't already, set `signing_key`. See the [reference page](/reference/readme.md#signing-key) for more information. The same signing key must be used in both Pomerium Core and Enterprise.
-
-   ```yaml
-   signing_key: "ZZZZZZZZZZZZZZ"
-   ```
-
-1. Define the [databroker](/reference/readme.md#data-broker-service) storage type and connection string. The example below assumes a local Redis server:
-
-   ```yaml
-   databroker_storage_type: redis
-   databroker_storage_connection_string: redis://127.0.0.1:6379/0
-   ```
-
-### External Services
-
-First configure the Console to communicate with the database and databroker service:
-
-```yaml
-database_url: pg://user:pass@dbhost.internal.mydomain.com/pomerium?sslmode=require
-databroker_service_url: https://pomerium-cache.internal.mydomain.com
-shared_secret: XXXXXXXXXXXXXXXXXXX
-database_encryption_key: YYYYYYYYYYYYYYYYYYYYYY
-```
-
-For database uri options (especially TLS settings) see the [PostgreSQL SSL Support](https://www.postgresql.org/docs/9.1/libpq-ssl.html) documentation.
-
-### Administrators
-
-As a first-time setup step, you must also configure at least one administrator for console access. This user (or users) can then configure additional administrators in the console UI.
-
-```yaml
-administrators: you@mydomain.com
-```
-
-Once you have set permissions in the console UI, you should remove this configuration.
-
-### TLS, Signing Key and Audience
-
-1. If your open-source Pomerium installation is already configured to use TLS to secure back-end communication, you can do the same for Pomerium Enterprise by providing it a certificate, key, and optional custom CA file to validate the `databroker_service_url` connection:
-
-   ```yaml
-   tls_ca_file: /etc/pomerium-console/ca.pem
-   tls_cert_file: /etc/pomerium-console/cert.pem
-   tls_key_file: /etc/pomerium-console/key.pem
-   ```
-
-   For proof-of-concept installations in the same local system, this is not required.
-
-1. Set the [`signing_key`](/enterprise/reference/config.md#signing-key) to match Pomerium's.
-
-1. Set the `audience` key to match the `from` domain value from your [Pomerium configuration](#update-pomerium), excluding protocol:
-
-   ```yaml
-   audience: console.localhost.pomerium.com
-   ```
-
-   This sets the expected "audience" key in the [JWT header](/reference/readme.md#jwt-claim-headers) to match what's provided by open-source Pomerium as it proxies traffic to the Enterprise Console UI.
-
-Once complete, your `/etc/pomerium-console/config.yaml` file should look something like this:
-
-```yaml
-database_url: pg://user:pass@dbhost.internal.mydomain.com/pomerium?sslmode=require
-databroker_service_url: https://pomerium-cache.internal.mydomain.com
-shared_secret: "XXXXXXXXXXXXXXXXXXX"
-database_encryption_key: "YYYYYYYYYYYYYYYYYYYYYY"
-
-# change / remove this after initial setup
-administrators: you@mydomain.com
-
-tls_ca_file: /etc/pomerium-console/ca.pem
-tls_cert_file: /etc/pomerium-console/cert.pem
-tls_key_file: /etc/pomerium-console/key.pem
-
-signing_key: "ZZZZZZZZZZZZZZ"
-
-audience: console.localhost.pomerium.com
-```
-
-## Next Steps
-
-Pomerium Enterprise assumes access to a [Prometheus](https://prometheus.io/) data store for metrics. See [Configure Metrics](/enterprise/metrics.md) to learn how to configure access.
-
-## Troubleshooting
-
-### Generate Recovery Token
-
-!!!include(generate-recovery-token.md)!!!
\ No newline at end of file
diff --git a/docs/enterprise/install/readme.md b/docs/enterprise/install/readme.md
deleted file mode 100644
index 4f1bf645f..000000000
--- a/docs/enterprise/install/readme.md
+++ /dev/null
@@ -1,18 +0,0 @@
----
-title: Install
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, docker, reverse proxy, containers, install, enterprise, console
----
-
-There are several ways to install Pomerium Enterprise, to suite your organization's needs. We provide open-source Pomerium and Pomerium Enterprise as deb and rpm packages from an upstream repository, and as Docker images, and Helm charts. You can also build Pomerium from source.
-
-<center>
-<iframe width="800" height="450" src="https://www.youtube.com/embed/NrRwisO9sDg?rel=0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
-</center>
-
-Our docs are updated frequently, so check back if you don't see your preferred installation method here.
-
-- [Quickstart](/enterprise/install/quickstart.md) (using deb or rpm packages)
-- [Kubernetes with Helm](/enterprise/install/helm.md)
\ No newline at end of file
diff --git a/docs/enterprise/metrics.md b/docs/enterprise/metrics.md
deleted file mode 100644
index c263b38b2..000000000
--- a/docs/enterprise/metrics.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Metrics
-sidebarDepth: 1
-description: Use Prometheus as a metrics data store.
----
-
-# Configure Metrics
-
-Pomerium Enterprise uses Prometheus as a metrics collection back-end. You can configure Pomerium and the Console to talk to an existing Prometheus server, or configure the embedded Prometheus backend.
-
-::: tip
-For production deployments, we suggest using a dedicated Prometheus instance.
-:::
-
-## Prepare Pomerium
-
-1. In the Pomerium `config.yaml`, define the [`metrics_address`](/reference/readme.md#metrics-address) key to a network interface and/or port. For example:
-
-   ```yaml
-   metrics_address: 192.0.2.31:9999
-   ```
-
-   The example above has Pomerium providing metrics at port `9999` on an IP address reachable by the Pomerium Console service.
-
-   If you're running Pomerium Enterprise in a distributed environment where the IP address is not known at the time of deployment, you can use the resolvable FQDN of the Pomerium host (`pomerium0.internal.mycompany.com`, for example), or override this key with the environment variable `METRICS_ADDRESS`. We do not recommend exposing this endpoint to public traffic as it can contain potentially sensitive information.
-
-## External Prometheus
-
-1. Add the listener to your Prometheus configuration, usually via `prometheus.yml`:
-
-   ```yaml
-   - job_name: 'Pomerium'
-      scrape_interval: 30s
-      scrape_timeout: 5s
-      static_configs:
-         - targets: ['192.0.2.10:9999']
-
-   ```
-
-1. [Reload](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#configuration) the Prometheus configuration:
-
-   ```bash
-   curl -i -XPOST path.to.prometheus:port/-/reload
-   ```
-
-1. In the Pomerium Enterprise `config.yaml` file, define the `prometheus_url` key to point to your Prometheus instance(s):
-
-   ```yaml
-   prometheus_url: http://192.168.122.50:9090
-   ```
-
-1. Restart the Pomerium and Pomerium Enterprise services. You should now see route traffic data in the Enterprise Console:
-
-   ![Traffic Data in Pomerium Enterprise](./img/console-route-traffic.png)
-
-## Embedded Prometheus
-
-To take advantage of Prometheus embedded in Pomerium Enterprise, edit `/etc/pomerium-console/config.yaml`:
-
-```yaml
-prometheus_data_dir: /var/lib/pomerium-console/tsdb
-```
-
-The directory path can be any location that the `pomerium` system user can write to. The example above uses the default location created by the [OS packages](/enterprise/install/quickstart).
diff --git a/docs/enterprise/pomerium-console_serve.yaml b/docs/enterprise/pomerium-console_serve.yaml
deleted file mode 100644
index 6b4aef275..000000000
--- a/docs/enterprise/pomerium-console_serve.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
-name: pomerium-console serve
-usage: pomerium-console serve [flags]
-options:
-- name: administrators
-  usage: |
-    A list of user ids, names or emails to make administrators. Useful for bootstrapping.
-- name: audience
-  default_value: '[]'
-  usage: A list of audiences for verifying the signing key.
-- name: authenticate-service-url
-  usage: |
-    URL for the Authenticate Service. Required for Device Registration.
-- name: bind-addr
-  default_value: :8701
-  usage: The address the Pomerium Console will listen on.
-- name: customer-id
-  usage: The customer ID
-- name: database-encryption-key
-  usage: |
-    The base64-encoded encryption key for encrypting sensitive data in the database.
-- name: database-url
-  default_value: |
-    postgresql://pomerium:pomerium@localhost:5432/dashboard?sslmode=disable
-  usage: The database Pomerium Enterprise Console will use.
-- name: databroker-service-url
-  default_value: http://localhost:5443
-  usage: The databroker service URL.
-- name: debug-config-dump
-  default_value: "false"
-  usage: |
-    Dumps the Databroker configuration. This is a debug option to be used only when specified by Pomerium Support.
-- name: disable-remote-diagnostics
-  default_value: "true"
-  usage: Disable remote diagnostics.
-- name: disable-validation
-  default_value: "false"
-  usage: Disable config validation.
-- name: grpc-addr
-  default_value: :8702
-  usage: The address to listen for gRPC on.
-- name: help
-  shorthand: h
-  default_value: "false"
-  usage: help for serve
-- name: license-key
-  usage: 'Required: Provide the license key issued by your account team.'
-- name: override-certificate-name
-  usage: |
-    Overrides the certificate name used for the databroker connection.
-- name: prometheus-data-dir
-  usage: The path to Prometheus data
-- name: prometheus-listen-addr
-  default_value: 127.0.0.1:9090
-  usage: |
-    When set, embedded Prometheus listens at this address. Set as `host:port`
-- name: prometheus-scrape-interval
-  default_value: 10s
-  usage: The Prometheus scrape frequency
-- name: prometheus-url
-  usage: The URL to access the Prometheus metrics server.
-- name: shared-secret
-  usage: |
-    The base64-encoded secret for signing JWTs, shared with OSS Pomerium.
-- name: signing-key
-  usage: |
-    base64-encoded signing key (public or private) for verifying JWTs. This option is deprecated in favor of `authenticate-service-url`.
-- name: tls-ca
-  usage: base64-encoded string of tls-ca
-- name: tls-ca-file
-  usage: file storing tls-ca
-- name: tls-cert
-  usage: base64-encoded string of tls-cert
-- name: tls-cert-file
-  usage: file storing tls-cert
-- name: tls-insecure-skip-verify
-  default_value: "false"
-  usage: |
-    Disable remote hosts TLS certificate chain and hostname checks.
-- name: tls-key
-  usage: base64-encoded string of tls-key
-- name: tls-key-file
-  usage: file storing tls-key
-- name: use-static-assets
-  default_value: "true"
-  usage: When false, forward static requests to `localhost:3000`.
-inherited_options:
-- name: config
-  usage: Set configuration file path
-- name: version
-  default_value: "false"
-  usage: view the version information
-see_also:
-- 'pomerium-console - '
-- migrate - migrate the dashboard database up or down
diff --git a/docs/enterprise/readme.md b/docs/enterprise/readme.md
deleted file mode 100644
index 50a169c3a..000000000
--- a/docs/enterprise/readme.md
+++ /dev/null
@@ -1 +0,0 @@
-<Redirect to="/enterprise/about/" />
\ No newline at end of file
diff --git a/docs/enterprise/reference/config.md b/docs/enterprise/reference/config.md
deleted file mode 100644
index 34fbf40db..000000000
--- a/docs/enterprise/reference/config.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Environment Variables
-lang: en-US
-meta:
-    - name: keywords
-      content: configuration, options, settings, pomerium, enterprise, reference
----
-
-# Pomerium Console Environment Variables
-
-The keys listed below can be applied in Pomerium Console's `config.yaml` file, or applied as environment variables (in uppercase, replacing `-` with `_`).
-
-| Name    | Description | Default Value |
-|:--------|:-------------|---------------|
-| <a class="entRef-anchor" id="administrators">#</a><a href=#administrators>administrators</a> | A list of user ids, names or emails to make administrators. Useful for bootstrapping. | none |
-| <a class="entRef-anchor" id="audience">#</a><a href=#audience>audience</a> | A list of audiences for verifying the signing key. | `[]` |
-| <a class="entRef-anchor" id="authenticate-service-url">#</a><a href=#authenticate-service-url>authenticate-service-url</a> | URL for the Authenticate Service. Required for Device Registration. | none |
-| <a class="entRef-anchor" id="bind-addr">#</a><a href=#bind-addr>bind-addr</a> | The address the Pomerium Console will listen on. | `:8701` |
-| <a class="entRef-anchor" id="customer-id">#</a><a href=#customer-id>customer-id</a> | The customer ID | none |
-| <a class="entRef-anchor" id="database-encryption-key">#</a><a href=#database-encryption-key>database-encryption-key</a> | The base64-encoded encryption key for encrypting sensitive data in the database. | none |
-| <a class="entRef-anchor" id="database-url">#</a><a href=#database-url>database-url</a> | The database Pomerium Enterprise Console will use. | `postgresql://pomerium:pomerium@localhost:5432/dashboard?sslmode=disable` |
-| <a class="entRef-anchor" id="databroker-service-url">#</a><a href=#databroker-service-url>databroker-service-url</a> | The databroker service URL. | `http://localhost:5443` |
-| <a class="entRef-anchor" id="debug-config-dump">#</a><a href=#debug-config-dump>debug-config-dump</a> | Dumps the Databroker configuration. This is a debug option to be used only when specified by Pomerium Support. | `false` |
-| <a class="entRef-anchor" id="disable-remote-diagnostics">#</a><a href=#disable-remote-diagnostics>disable-remote-diagnostics</a> | Disable remote diagnostics. | `true` |
-| <a class="entRef-anchor" id="disable-validation">#</a><a href=#disable-validation>disable-validation</a> | Disable config validation. | `false` |
-| <a class="entRef-anchor" id="grpc-addr">#</a><a href=#grpc-addr>grpc-addr</a> | The address to listen for gRPC on. | `:8702` |
-| <a class="entRef-anchor" id="help">#</a><a href=#help>help</a> | help for serve | `false` |
-| <a class="entRef-anchor" id="license-key">#</a><a href=#license-key>license-key</a> | Required: Provide the license key issued by your account team. | none |
-| <a class="entRef-anchor" id="override-certificate-name">#</a><a href=#override-certificate-name>override-certificate-name</a> | Overrides the certificate name used for the databroker connection. | none |
-| <a class="entRef-anchor" id="prometheus-data-dir">#</a><a href=#prometheus-data-dir>prometheus-data-dir</a> | The path to Prometheus data | none |
-| <a class="entRef-anchor" id="prometheus-listen-addr">#</a><a href=#prometheus-listen-addr>prometheus-listen-addr</a> | When set, embedded Prometheus listens at this address. Set as `host:port` | `127.0.0.1:9090` |
-| <a class="entRef-anchor" id="prometheus-scrape-interval">#</a><a href=#prometheus-scrape-interval>prometheus-scrape-interval</a> | The Prometheus scrape frequency | `10s` |
-| <a class="entRef-anchor" id="prometheus-url">#</a><a href=#prometheus-url>prometheus-url</a> | The URL to access the Prometheus metrics server. | none |
-| <a class="entRef-anchor" id="shared-secret">#</a><a href=#shared-secret>shared-secret</a> | The base64-encoded secret for signing JWTs, shared with OSS Pomerium. | none |
-| <a class="entRef-anchor" id="signing-key">#</a><a href=#signing-key>signing-key</a> | base64-encoded signing key (public or private) for verifying JWTs. This option is deprecated in favor of `authenticate-service-url`. | none |
-| <a class="entRef-anchor" id="tls-ca">#</a><a href=#tls-ca>tls-ca</a> | base64-encoded string of tls-ca | none |
-| <a class="entRef-anchor" id="tls-ca-file">#</a><a href=#tls-ca-file>tls-ca-file</a> | file storing tls-ca | none |
-| <a class="entRef-anchor" id="tls-cert">#</a><a href=#tls-cert>tls-cert</a> | base64-encoded string of tls-cert | none |
-| <a class="entRef-anchor" id="tls-cert-file">#</a><a href=#tls-cert-file>tls-cert-file</a> | file storing tls-cert | none |
-| <a class="entRef-anchor" id="tls-insecure-skip-verify">#</a><a href=#tls-insecure-skip-verify>tls-insecure-skip-verify</a> | Disable remote hosts TLS certificate chain and hostname checks. | `false` |
-| <a class="entRef-anchor" id="tls-key">#</a><a href=#tls-key>tls-key</a> | base64-encoded string of tls-key | none |
-| <a class="entRef-anchor" id="tls-key-file">#</a><a href=#tls-key-file>tls-key-file</a> | file storing tls-key | none |
-| <a class="entRef-anchor" id="use-static-assets">#</a><a href=#use-static-assets>use-static-assets</a> | When false, forward static requests to `localhost:3000`. | `true` |
\ No newline at end of file
diff --git a/docs/enterprise/reference/configure.md b/docs/enterprise/reference/configure.md
deleted file mode 100644
index 2aa9df695..000000000
--- a/docs/enterprise/reference/configure.md
+++ /dev/null
@@ -1,232 +0,0 @@
----
-title: Configure
-lang: en-US
-sidebarDepth: 2
-meta:
-    - name: keywords
-      content: configuration, options, settings, pomerium, enterprise, reference
----
-
-# Configure
-
-The **Configure** section of the Pomerium Enterprise Console houses settings that affect the entirety of the Console environment, i.e. across all Namespaces. Adjust these settings with care.
-
-## Settings
-
-The **Settings** section holds global settings that affect how the Pomerium Enterprise Console runs, logs, and communicates. Values set here are applied globally, except for settings documented to override global options.
-
-
-### Global
-
-
-#### Debug
-
-::: danger
-
-Enabling the debug flag could result in sensitive information being logged!!!
-
-:::
-
-By default, JSON encoded logs are produced. Debug enables colored, human-readable logs to be streamed to [standard out](https://en.wikipedia.org/wiki/Standard_streams#Standard_output_(stdout)>>>). In production, it is recommended to be set to `false`.
-
-For example, if `true`
-
-```
-10:37AM INF cmd/pomerium version=v0.0.1-dirty+ede4124
-10:37AM INF proxy: new route from=verify.localhost.pomerium.io to=https://verify.pomerium.com
-10:37AM INF proxy: new route from=ssl.localhost.pomerium.io to=http://neverssl.com
-10:37AM INF proxy/authenticator: grpc connection OverrideCertificateName= addr=auth.localhost.pomerium.io:443
-```
-
-If `false`
-
-```
-{"level":"info","version":"v0.0.1-dirty+ede4124","time":"2019-02-18T10:41:03-08:00","message":"cmd/pomerium"}
-{"level":"info","from":"verify.localhost.pomerium.io","to":"https://verify.pomerium.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
-{"level":"info","from":"ssl.localhost.pomerium.io","to":"http://neverssl.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
-{"level":"info","OverrideCertificateName":"","addr":"auth.localhost.pomerium.io:443","time":"2019-02-18T10:41:03-08:00","message":"proxy/authenticator: grpc connection"}
-```
-
-#### HTTP Redirect Address
-
-If set, the HTTP Redirect Address specifies the host and port to redirect http to https traffic on. If unset, no redirect server is started.
-
-#### DNS Lookup Family
-
-The DNS IP address resolution policy. If not specified, the value defaults to `AUTO`.
-
-#### Log Level
-
-Log level sets the global logging level for pomerium. Only logs of the desired level and above will be logged.
-
-#### Proxy Log Level
-
-Proxy log level sets the logging level for the Pomerium Proxy service access logs. Only logs of the desired level and above will be logged.
-
-### Cookies
-
-
-#### HTTPS Only
-
-If true, instructs browsers to only send user session cookies over HTTPS.
-
-:::warning
-
-Setting this to false may result in session cookies being sent in cleartext.
-
-:::
-
-#### Javascript Security
-
-If true, prevents javascript in browsers from reading user session cookies.
-
-:::warning
-
-Setting this to false enables hostile javascript to steal session cookies and impersonate users.
-
-:::
-
-#### Expires
-
-Sets the lifetime of session cookies. After this interval, users must reauthenticate.
-
-### Timeouts
-
-Timeouts set the global server timeouts. Timeouts can also be set for individual routes.
-
-### GRPC
-
-
-#### GRPC Server Max Connection Age
-
-Set max connection age for GRPC servers. After this interval, servers ask clients to reconnect and perform any rediscovery for new/updated endpoints from DNS.
-
-See <https://godoc.org/google.golang.org/grpc/keepalive#ServerParameters> (opens new window) for details
-
-
-#### GRPC Server Max Connection Age Grace
-
-Additive period with grpc_server_max_connection_age, after which servers will force connections to close.
-
-See <https://godoc.org/google.golang.org/grpc/keepalive#ServerParameters> (opens new window) for details
-
-
-### Tracing
-
-Tracing tracks the progression of a single user request as it is handled by Pomerium.
-
-Each unit of work is called a Span in a trace. Spans include metadata about the work, including the time spent in the step (latency), status, time events, attributes, links. You can use tracing to debug errors and latency issues in your applications, including in downstream connections.
-
-
-#### Tracing Sample Rate
-
-Percentage of requests to sample. Default is .01%.
-
-Unlike the decimal value notion used for the `tracing_sample_rate` [key](/reference/readme.md#shared-tracing-settings) in open-source Pomerium, this value is a percentage, e.g. a value of `1` equates to 1%
-
-
-### Authenticate
-
-
-### Proxy
-
-
-#### Certificate Authority
-
-This defines a set of root certificate authorities that Pomerium uses when communicating with other TLS-protected services.
-
-**Note**: Unlike route-specific certificate authority settings, this setting augments (rather than replaces) the system's trust store. But routes that specify a CA will ignore those provided here.
-
-:::warning
-
-Be sure to include the intermediary certificate.
-
-:::
-
-#### Default Upstream Timeout
-
-Default Upstream Timeout is the default timeout applied to a proxied route when no `timeout` key is specified by the policy.
-
-#### JWT Claim Headers
-
-The JWT Claim Headers setting allows you to pass specific user session data to upstream applications as HTTP request headers. Note, unlike the header `x-pomerium-jwt-assertion` these values are not signed by the authorization service.
-
-Additionally, this will add the claim to the `X-Pomerium-Jwt-Assertion` header provided by [`pass_identity_headers`](/reference/readme.md#pass-identity-headers), if not already present.
-
-Any claim in the pomerium session JWT can be placed into a corresponding header and the JWT payload for upstream consumption. This claim information is sourced from your Identity Provider (IdP) and Pomerium's own session metadata. The header will have the following format:
-
-`X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested. Underscores will be replaced with dashes; e.g. `X-Pomerium-Claim-Given-Name`.
-
-This option also supports a nested object to customize the header name. For example:
-
-```yaml
-jwt_claims_headers:
-  X-Email: email
-```
-
-Will add an `X-Email` header with a value of the `email` claim.
-
-Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}`.
-
-#### X-Forward-For HTTP Header
-
-Do not append proxy IP address to `x-forwarded-for` HTTP header. See [Envoy](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers.html?highlight=skip_xff_append#x-forwarded-for) docs for more detail.
-
-#### Response Headers
-
-Set Response Headers allows you to set static values for the given response headers. These headers will take precedence over the global `set_response_headers`.
-
-## Service Accounts
-
-[Service accounts](/enterprise/concepts.md#service-accounts) offer a protected and standardized method of authenticating machine-to-machine communication between services protected by Pomerium.
-
-::: tip
-Before you begin, confirm you are in the correct Namespace. A service account can only be used in the Namespace it was created in, including its children Namespaces.
-:::
-
-1. From the main menu, select **Service Accounts** under **CONFIGURE**. Click the **+ ADD SERVICE ACCOUNT** button:
-
-   ![The Service Accounts page](./img/console-service-account.png)
-
-1. Service accounts can be unique and exist only for Pomerium, or impersonate directory users from your IdP.
-
-   Give the user a unique ID, or select an existing user to impersonate. Consider referencing the Namespace you're creating it under, for easier reference later. Optionally set an expiration date:
-
-   ![Adding a unique service account](./img/create-service-account.png)
-
-   The user ID set here corresponds to the `User` criteria when editing a policy.
-
-1. After you click **Submit**, the modal presents the JSON web token (**JWT**) for the service account. Temporarily save it somewhere secure, as you will not be able to view it again:
-
-   ![Service Account Added](./img/service-account-jwt.png)
-
-   This JWT must be added to your application configuration to enable direct communication.
-
-1. Edit or create policies to give the service account access to the internal service:
-
-  ![An example policy for a service account](./img/create-policy-1.png)
-
-  ---
-
-  ![An example policy for a service account](./img/create-policy-2.png)
-
-
-## Namespaces
-
-A [Namespace][namespace-concept] is a collection of users, groups, routes, and policies that allows system administrators to organize, manage, and delegate permissions across their infrastructure.
-
-- Policies can be optional or enforced on a Namespace.
-   - Enforced policies are also enforced on child Namespaces, and optional policies are available to them as well.
-- Users or groups can be granted permission to edit access to routes within a Namespace, allowing them self-serve access to the routes critical to their work.
-
-::: tip
-When using an IdP without directory sync or when working with non-domain users, they will not show up in the look-ahead search. See [Non-Domain Users](/enterprise/concepts.md#non-domain-users) for more information.
-:::
-
-
-[route-concept]: /enterprise/concepts.md#routes
-[route-reference]: /enterprise/reference/manage.md#routes
-[namespace-concept]: /enterprise/concepts.md#namespaces
-[namespace-reference]: /enterprise/reference/configure.md#namespaces
-[service-accounts-concept]: /enterprise/concepts.md#service-accounts
-[policy-reference]: /enterprise/reference/manage.md#policies-2
diff --git a/docs/enterprise/reference/img b/docs/enterprise/reference/img
deleted file mode 120000
index 5ff50db27..000000000
--- a/docs/enterprise/reference/img
+++ /dev/null
@@ -1 +0,0 @@
-../../reference/img
\ No newline at end of file
diff --git a/docs/enterprise/reference/manage.md b/docs/enterprise/reference/manage.md
deleted file mode 100644
index f147077c2..000000000
--- a/docs/enterprise/reference/manage.md
+++ /dev/null
@@ -1,514 +0,0 @@
----
-title: Manage
-lang: en-US
-sidebarDepth: 2
-meta:
-    - name: keywords
-      content: configuration, options, settings, pomerium, enterprise, reference
----
-
-# Manage
-
-## Routes
-
-A [Route](/enterprise/concepts.md#routes) defines how to access a service running behind Pomerium. This includes authentication (both for Pomerium and passed through to the service), rewrites, header management, load balancing, etc.
-
-When first installing Pomerium Enterprise, users may want to import existing routes from the open-source Pomerium core. The **Import Routes** button accepts the open-source `config.yaml` file and imports routes from it to Pomerium Enterprise.
-
-From the main Routes page you can view and manage existing routes. From the table of routes you can:
-  - filter visible routes,
-  - delete one or more routes,
-  - move routes between Namespaces,
-  - export one or more route definitions to a CSV file,
-  - create a JSON-formatted policy report on one or more selected routes.
-
-The sections below cover the options available when creating or editing a route.
-
-
-### General
-
-The **General** tab defines the route path, both from the internet and to the internal service, and the policies attached. Note that policies enforced on a [Namespace][namespace-reference] the route resides in will also be applied.
-
-
-#### Name
-
-This value is only visible in the Console UI.
-
-#### From
-
-`From` is the externally accessible URL for the proxied request.
-
-Specifying `tcp+https` for the scheme enables [TCP proxying](/docs/tcp/readme.md) support for the route. You may map more than one port through the same hostname by specifying a different `:port` in the URL.
-
-:::warning
-
-Only secure schemes (`https` and `tcp+https`) are supported.
-
-:::
-
-#### Metrics Name
-
-Once a Route is created, the Metric Name field will populate. You can use this name to scrape the Prometheus service for metrics on this Route when making custom dashboards.
-
-
-#### To
-
-`To` is the destination(s) of a proxied request. It can be an internal resource, or an external resource. Multiple upstream resources can be targeted by using a list instead of a single URL:
-
-```yaml
-- from: https://example.com
-  to:
-  - https://a.example.com
-  - https://b.example.com
-```
-
-A load balancing weight may be associated with a particular upstream by appending `,[weight]` to the URL.  The exact behavior depends on your [`lb_policy`](/reference/readme.md#load-balancing-policy) setting.  See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.md#load-balancing-weight).
-
-Must be `tcp` if `from` is `tcp+https`.
-
-:::warning
-
-Be careful with trailing slash.
-
-With rule:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com/anything
-```
-
-Requests to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything`, while requests to `https://verify.corp.example.com/foo` will be forwarded to `https://verify.pomerium.com/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
-
-While the rule:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com/anything/
-```
-
-All requests to `https://verify.corp.example.com/*` will be forwarded to `https://verify.pomerium.com/anything/*`. That means accessing to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
-
-Either `redirect` or `to` must be set.
-
-:::
-
-#### Redirect
-
-`Redirect` is used to redirect incoming requests to a new URL. The `redirect` field is an object with several possible
-options:
-
-- `https_redirect` (boolean): the incoming scheme will be swapped with "https".
-- `scheme_redirect` (string): the incoming scheme will be swapped with the given value.
-- `host_redirect` (string): the incoming host will be swapped with the given value.
-- `port_redirect` (integer): the incoming port will be swapped with the given value.
-- `path_redirect` (string): the incoming path portion of the URL will be swapped with the given value.
-- `prefix_rewrite` (string): the incoming matched prefix will be swapped with the given value.
-- `response_code` (integer): the response code to use for the redirect. Defaults to 301.
-- `strip_query` (boolean): indicates that during redirection, the query portion of the URL will be removed. Defaults to false.
-
-Either `redirect` or `to` must be set.
-
-#### Pass Identity Headers
-
-When enabled, this option will pass identity headers to upstream applications. These headers include:
-
-- X-Pomerium-Jwt-Assertion
-- X-Pomerium-Claim-*
-
-#### Policies
-
-Add or remove Policies to be applied to the Route. Note that Policies enforced in the Route's Namespace will be applied automatically.
-
-#### Enable Google Cloud Serverless Authentication
-
-Enable sending a signed [Authorization Header](https://cloud.google.com/run/docs/authenticating/service-to-service) to upstream GCP services.
-
-Requires setting [Google Cloud Serverless Authentication Service Account](/reference/readme.md#google-cloud-serverless-authentication-service-account) or running Pomerium in an environment with a GCP service account present in default locations.
-
-### Matchers
-
-
-#### Path
-
-If set, the route will only match incoming requests with a path that is an exact match for the specified path.
-
-#### Prefix
-
-If set, the route will only match incoming requests with a path that begins with the specified prefix.
-
-#### Regex
-
-If set, the route will only match incoming requests with a path that matches the specified regular expression. The supported syntax is the same as the Go [regexp package](https://golang.org/pkg/regexp/) which is based on [re2](https://github.com/google/re2/wiki/Syntax).
-
-### Rewrite
-
-
-#### Prefix Rewrite
-
-If set, indicates that during forwarding, the matched prefix (or path) should be swapped with this value.
-For example, given this policy:
-
-```yaml
-from: https://from.example.com
-to: https://to.example.com
-prefix: /admin
-prefix_rewrite: /
-```
-
-A request to `https://from.example.com/admin` would be forwarded to `https://to.example.com/`.
-
-#### Regex Rewrite Pattern
-
-The pattern to match before rewriting, ex: `^/service/([^/]+)(/.*)$`.
-
-
-#### Regex Rewrite Substitution
-
-The substitution for your regex pattern, ex: `\\2/instance/\\1`.
-
-
-### Timeouts
-
-
-#### Allow Websockets
-
-If set, enables proxying of websocket connections.
-
-:::warning
-
-**Use with caution:** websockets are long-lived connections, so [global timeouts](/reference/readme.md#global-timeouts) are not enforced (though the policy-specific `timeout` is enforced). Allowing websocket connections to the proxy could result in abuse via [DOS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/).
-
-:::
-
-#### Allow SPDY
-
-If set, enables proxying of SPDY protocol upgrades.
-
-#### Timeout
-
-Policy timeout establishes the per-route timeout value. Cannot exceed global timeout values.
-
-#### Idle Timeout
-
-If you are proxying long-lived requests that employ streaming calls such as websockets or gRPC,
-set this to either a maximum value there may be no data exchange over a connection (recommended),
-or set it to unlimited (`0s`). If `idle_timeout` is specified, and `timeout` is not
-explicitly set, then `timeout` would be unlimited (`0s`). You still may specify maximum lifetime
-of the connection using `timeout` value (i.e. to 1 day).
-
-### Headers
-
-
-#### Host Headers
-
-The `host` header can be preserved via the `preserve_host_header` setting or customized via three mutually exclusive options:
-
-1. `preserve_host_header` will, when enabled, this option will pass the host header from the incoming request to the proxied host, instead of the destination hostname. It's an optional parameter of type `bool` that defaults to `false`.
-
-    See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypreservehost).
-2. `host_rewrite`, which will rewrite the host to a new literal value.
-3. `host_rewrite_header`, which will rewrite the host to match an incoming header value.
-4. `host_path_regex_rewrite_pattern` & `host_path_regex_rewrite_substitution`, which will rewrite the host according to a regex matching the path. For example with the following config:
-
-    ```yaml
-    host_path_regex_rewrite_pattern: "^/(.+)/.+$"
-    host_path_regex_rewrite_substitution: \1
-    ```
-
-    Would rewrite the host header to `example.com` given the path `/example.com/some/path`.
-
-The 2nd, 3rd and 4th options correspond to the Envoy route action host related options, which can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html#config-route-v3-routeaction).
-
-#### Set Request Headers
-
-Set Request Headers allows you to set static values for given request headers. This can be useful if you want to pass along additional information to downstream applications as headers, or set authentication header to the request. For example:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com
-  policy:
-    - allow:
-        or:
-          - email:
-              is: user@example.com
-  set_request_headers:
-    # works auto-magically!
-    # https://verify.corp.example.com/basic-auth/root/hunter42
-    Authorization: Basic cm9vdDpodW50ZXI0Mg==
-    X-Your-favorite-authenticating-Proxy: "Pomerium"
-```
-:::warning
-
-Neither `:-prefixed` pseudo-headers nor the `Host:` header may be modified via this mechanism. Those headers may instead be modified via mechanisms such as `prefix_rewrite`, `regex_rewrite`, and `host_rewrite`.
-
-:::
-
-#### Remove Request Headers
-
-Remove Request Headers allows you to remove given request headers. This can be useful if you want to prevent privacy information from being passed to downstream applications. For example:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com
-  policy:
-    - allow:
-        or:
-          - email:
-              is: user@example.com
-  remove_request_headers:
-    - X-Email
-    - X-Username
-```
-
-#### Rewrite Response Headers
-
-Rewrite Response Headers allows you to modify response headers before they are returned to the client. The `header` field will match the HTTP header name, and `prefix` will be replaced with `value`. For example, if the downstream server returns a header:
-
-```text
-Location: http://localhost:8000/two/some/path/
-```
-
-And the policy has this config:
-
-```yaml
-rewrite_response_headers:
-  - header: Location
-    prefix: http://localhost:8000/two/
-    value: http://frontend/one/
-```
-
-The browser would be redirected to: `http://frontend/one/some/path/`. This is similar to nginx's [`proxy_redirect` option](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect), but can be used for any header.
-
-### Load Balancer
-
-
-#### Load Balancing Policy
-
-In presence of multiple upstreams, defines load balancing strategy between them.
-
-See [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-enum-config-cluster-v3-cluster-lbpolicy) for more details.
-
-- [`ROUND_ROBIN`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-round-robin) (default)
-- [`LEAST_REQUEST`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-least-request) and may be further configured using [`least_request_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-leastrequestlbconfig)
-- [`RING_HASH`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) and may be further configured using [`ring_hash_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-ringhashlbconfig) option
-- [`RANDOM`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#random)
-- [`MAGLEV`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and may be further configured using [`maglev_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-maglevlbconfig) option
-
-Some policy types support additional [configuration](/reference/readme.md#load-balancing-policy-config).
-
-## Policies
-
-A [Policy](/enterprise/concepts.md#policies) defines what permissions a set of users or groups has. Policies are applied to Namespaces or Routes to associate the set of permissions with a service or set of service, completing the authentication model.
-
-Policies can be constructed three ways:
-
-### Web UI
-
-From the **BUILDER** tab, users can add allow or deny blocks to a policy, containing and/or/not/nor logic to allow or deny sets of users and groups.
-
-![A policy being constructed in Pomerium Enterprise allowing a single user access](./img/example-policy-single-user.png)
-
-### Pomerium Policy Language
-
-From the **EDITOR** tab users can write policies in Pomerium Policy Language (**PPL**), a YAML-based notation.
-
-![A policy as viewed from the editor tab](./img/example-policy-editor.png)
-
-PPL documents contain one or more rules. Each rule has a corresponding action and one or more logical operators.
-Each logical operator contains criteria and each criterion has a name and corresponding data.
-
-PPL documents are defined via YAML:
-
-```yaml
-- allow:
-    or:
-      - email:
-          is: x@example.com
-      - email:
-          is: y@example.com
-```
-
-The available rule actions are:
-
-- `allow`
-- `deny`
-
-The available logical operators are:
-
-- `and`
-- `or`
-- `not`
-- `nor`
-
-The available criteria types are:
-
-- `accept`
-- `authenticated_user`
-- `claim`
-- `date`
-- `day_of_week`
-- `domain`
-- `email`
-- `groups`
-- `http_method`
-- `http_path`
-- `reject`
-- `time_of_day`
-- `user`
-
-Some criteria also support a sub-path as part of the criterion name:
-
-```yaml
-- allow:
-    or:
-      - claim/family_name: Smith
-```
-
-### Rego
-
-For those using [OPA](https://www.openpolicyagent.org/), the **REGO** tab will accept policies written in Rego.
-
-::: tip
-A policy can only support PPL or Rego. Once one is set, the other tab is disabled.
-:::
-
-::: details Example Rego Policy
-
-This example policy compares the `given_name` claim from a user's session against a list of popular first names, and only allows the 100 most popular first names.
-
-```rego
-package pomerium.policy
-
-session = s {
-  s = gset_databroker_record("type.googleapis.com/user.ServiceAccount", input.session.id)
-  s != null
-} else = s {
-  s = get_databroker_record("type.googleapis.com/session.Session", input.session.id)
-  s != null
-} else = {} {
-  true
-}
-
-user = u {
-  u = get_databroker_record("type.googleapis.com/user.User", session.user_id)
-} else = {} {
-  true
-}
-
-allow = [true, {"custom-rego-authorized"}] {
-  # grab all the claims from the user and session objects
-  session_claims := object.get(session, "claims", {})
-  user_claims := object.get(user, "claims", {})
-  all_claims := object.union(session_claims, user_claims)
-
-  # get the given_name claim. claim values are always an array of strings
-  given_names := object.get(all_claims, "given_name", [])
-
-  # query a JSON dump of the most popular baby names from 2020
-  response := http.send({
-    "method": "GET",
-    "url": "https://raw.githubusercontent.com/aruljohn/popular-baby-names/master/2020/boy_names_2020.json",
-    "force_json_decode": true,
-  })
-
-  # only include the top 100 names
-  all_names := response.body.names
-  popular_names := array.slice(all_names, 0, 99)
-
-  # check that there's a given name in the popular names
-  some i
-  some j
-  popular_names[i] == given_names[j]
-} else = [false, {"custom-rego-unauthorized"}] {
-  session.id != ""
-} else = [false, {"user-unauthenticated"}] {
-  true
-}
-
-```
-
-This example pulls session data from the Databroker service using `type.googleapis.com/session.Session` for users and `type.googleapis.com/user.ServiceAccount` for service accounts.
-
-:::
-
-### Overrides
-
-- **Any Authenticated User**: This setting will allow access to a route with this policy attached to any user who can authenticate to your Identity Provider (**IdP**).
-- **CORS Preflight**: Allow unauthenticated HTTP OPTIONS requests as per the CORS spec.
-- **Public Access**: This setting allows complete, unrestricted access to an associated route. Use this setting with caution.
-
-
-## Certificates
-
-Certificates are the x509 _public-key_ and _private-key_ used to establish secure HTTP and gRPC connections. Any combination of the above can be used together, and are additive. You can also use any of these settings in conjunction with `Autocert` to get OCSP stapling.
-
-Certificates loaded into Pomerium from these config values are used to attempt secure connections between end users and services, between Pomerium services, and to upstream endpoints.
-
-For example, if specifying multiple certificates at once:
-
-```yaml
-certificates:
-  - cert: "$HOME/.acme.sh/authenticate.example.com_ecc/fullchain.cer"
-    key: "$HOME/.acme.sh/authenticate.example.com_ecc/authenticate.example.com.key"
-  - cert: "$HOME/.acme.sh/verify.example.com_ecc/fullchain.cer"
-    key: "$HOME/.acme.sh/verify.example.com_ecc/verify.example.com.key"
-  - cert: "$HOME/.acme.sh/prometheus.example.com_ecc/fullchain.cer"
-    key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key"
-```
-
-Or to set a single certificate and key covering multiple domains and/or a wildcard subdomain:
-
-```yaml
-certificate_file: "$HOME/.acme.sh/*.example.com/fullchain.crt"
-certificate_key:  "$HOME/.acme.sh/*.example.com/*.example.com.key"
-```
-
-**Note:** Pomerium will check your system's trust/key store for valid certificates first. If your certificate solution imports into the system store, you don't need to also specify them with these configuration keys.
-
-## Devices
-
-Introduced in v0.16.0, the **Manage Devices** page lets administrators manage user devices for policy-based authorization.
-
-
-### Manage Devices
-
-From this page, administrators can manage new and existing device enrollments.
-Device enrollment let's you create [policies](/docs/topics/ppl.md#device-matcher) that use [device identity](/docs/topics/device-identity.md).
-- Users can [self-enroll](/guides/enroll-device.md) devices, which must then be approved in the **Devices List** for policies requiring approved devices.
-- Administrators can use the **New Enrollment** button to create a link for the user to enroll a device as pre-approved. See our [Pre-Approved Device Enrollment](/guides/admin-enroll-device.md) guide for more information.
-
-
-### Devices List
-
-Displays the currently enrolled devices for each user, along with their current approval status.
-Administrators can inspect, approve, or delete registered devices from this table.
-
-![List of user devices](./img/console-devices.png)
-
-
-### New Enrollment
-
-The **New Enrollment** button allows administrators to create a custom link for a specific user to use to register a new device, which will automatically be approved.
-This scheme is known as [Trust on First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use).
-
-![Example device enrollment](./img/new-enrollment.png)
-
-
-#### Search Users
-
-New Enrollment URLs are only valid for the specified user.
-
-#### Redirect URL
-
-**Optional**: The URL the user will be taken to after device enrollment is successful.
-
-#### Enrollment Type
-
-Specify if the user can enroll any device identity, or restrict it to a [secure enclave](/docs/topics/device-identity.md#secure-enclaves).
-
-[route-concept]: /enterprise/concepts.md#routes
-[route-reference]: /enterprise/reference/manage.md#routes
-[namespace-concept]: /enterprise/concepts.md#namespaces
-[namespace-reference]: /enterprise/reference/configure.md#namespaces
-[service-accounts-concept]: /enterprise/concepts.md#service-accounts
-[policy-reference]: /enterprise/reference/manage.md#policies-2
diff --git a/docs/enterprise/reference/reports.md b/docs/enterprise/reference/reports.md
deleted file mode 100644
index 27a4e5c8e..000000000
--- a/docs/enterprise/reference/reports.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: Reports
-lang: en-US
-sidebarDepth: 2
-meta:
-    - name: keywords
-      content: configuration, options, settings, pomerium, enterprise, reference
----
-
-# Reports
-
-## Traffic
-
-View the traffic running through Pomerium. Filter by [Route][route-concept] name, or date range.
-
-![The Traffic page in Pomerium Enterprise](./img/traffic-fullpage.png)
-
-
-## Runtime
-
-Monitor how many system resources Pomerium is consuming. Filter by date range, service, and instance.
-
-![The Runtime Info page in Pomerium Enterprise](./img/runtime-fullpage.png)
-
-
-## Sessions
-
-View active Sessions. From here you can revoke sessions, filter by session or user information, or revoke one or multiple sessions. You can also export the data.
-
-![The Sessions page in Pomerium Enterprise](./img/sessions-fullpage.png)
-
-
-## Events
-
-The events page displays the log output of Envoy as it process changes from Pomerium and applies updates to the underlying services.
-
-![The Events page in Pomerium Enterprise](./img/events-fullpage.png)
-
-The most common updates are to Pomerium Proxy services, which are updated every time a Route or Policy is created or updated.
-
-The value under **Resource ID** will usually match the resource ID of a [Policy][policy-reference], visible in the Policy under **Change History** or in the URL. A value of "Pomerium Restarted" refers to when services are reloaded, usually due to a system update.
-
-
-## Deployments
-
-From the **Deployment History** page administrators can review changes made to their Pomerium configuration.
-
-The default view shows all changes made through Pomerium Enterprise. Use the **COMPARE** button next to an entry to filter to only changes that affected that resource. Select two versions of that resource, then **DIFF** to see what changed:
-
-![A screenshot showing the diff of a change to a route, adding a policy](./img/deployment-diff.png)
-
-
-[route-concept]: /enterprise/concepts.md#routes
-[route-reference]: /enterprise/reference/manage.md#routes
-[namespace-concept]: /enterprise/concepts.md#namespaces
-[namespace-reference]: /enterprise/reference/configure.md#namespaces
-[service-accounts-concept]: /enterprise/concepts.md#service-accounts
-[policy-reference]: /enterprise/reference/manage.md#policies-2
diff --git a/docs/enterprise/upgrading.md b/docs/enterprise/upgrading.md
deleted file mode 100644
index c2fc8a453..000000000
--- a/docs/enterprise/upgrading.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Upgrading
-sidebarDepth: 0
-description: >-
-  This page contains the list of deprecations and important or breaking changes
-  for Pomerium Enterprise. Please read it carefully.
----
-
-#  Upgrading Pomerium Enterprise
-
-When new version of Pomerium Enterprise are released, check back to this page before you upgrade.
-
-## 0.17.0
-
-## Before You Upgrade
-
-- The new `license-key`  option is required for starting Pomerium Enterprise. Please contact your account team if you have not been issued one yet.
-
-## 0.16.0
-
-## Before You Upgrade
-
-- The [`signing-key`](/enterprise/reference/config.md#signing-key) has been replaced with [`authenticate-service-url`](/enterprise/reference/config.md#authenticate-service-url). Instead of manually setting the signing key in the Enterprise Console to match the Authenticate Service, we specify the trusted URL of the Authenticate Service to pull the signing key from.
-
-  The `signing-key` key will continue to work for existing configurations, but [device enrollment](/enterprise/reference/manage.md#new-enrollment) will not work until it is replaced by `authenticate-service-url`.
-
-## 0.15.0
-
-### Before You Upgrade
-
-- `signing-key` is now a required option to improve request security from Pomerium Core. The value should match the one set in Pomerium Core. See the [signing key] reference page for more information on generating a key.
-- `audience` is now a required option to improve request security from Pomerium Core. The value should match the Enterprise Console's external URL hostname, as defined in the [`from`](/reference/readme.md#routes) field in the Routes entry (not including the protocol).
-
-[signing key]: /reference/readme.md#signing-key
-
-### Helm Installations
-
-- As of v0.15.0, All Helm charts have been consolidated to a single repository. Remove the `pomerium-enterprise` repo and upgrade from `pomerium`:
-
-   ```bash
-   helm repo remove pomerium-enterprise
-   helm upgrade --install pomerium-console pomerium/pomerium-console --values=./pomerium-console-values.yaml
-   ```
-
-- As noted above, `signing-key` must be shared between Pomerium and Enterprise. See the [Update Pomerium](/enterprise/install/helm.md#update-pomerium) section of [Install Pomerium Enterprise in Helm](/enterprise/install/helm.md) for more information.
diff --git a/docs/guides/ad-guard.md b/docs/guides/ad-guard.md
deleted file mode 100644
index cc28c5e4b..000000000
--- a/docs/guides/ad-guard.md
+++ /dev/null
@@ -1,82 +0,0 @@
----
-title: AdGuard
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, adguard, ad guard, pi hole, piehole
-description: >-
-  This guide covers how to add authentication and authorization to a hosted,
-  fully, online instance of Adguard.
----
-
-# Securing AdGuard Home
-
-This guide covers how to add authentication and authorization to an instance of AdGuard while giving us a great excuse to demonstrate how to use Pomerium's [add headers](../reference/readme.md) functionality to **transparently pass along basic authentication credentials to a downstream app**.
-
-## What is AdGuard?
-
-[AdGuard](https://adguard.com/en/adguard-home/overview.html) Home operates as a DNS server that re-routes tracking domains to a "black hole", thus preventing your devices from connecting to those servers. Instead of browser plugins or other software on each computer, you can install AdGuard in one place and your entire network is protected. AdGuard is very similar to [Pi-hole](https://pi-hole.net) but has some [marked advantages](https://github.com/AdguardTeam/AdGuardHome#comparison).
-
-## Where Pomerium fits
-
-AdGuard is a great candidate for protecting with pomerium as it it does not currently support any authentication or authorization capabilities beyond a single set of [HTTP Basic Access Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) credentials.
-
-## Pre-requisites
-
-This guide assumes you have already completed one of the [quick start] guides, and have a working instance of Pomerium up and running. For purpose of this guide, I'm going to use docker-compose, though any other deployment method would work equally well.
-
-## Configure
-
-### Pomerium Config
-
-```yaml
-# config.yaml
-- from: https://adguard.domain.example
-  to: http://adguard
-  policy:
-    - allow:
-        or:
-          - email:
-              is: user@example.com
-  set_request_headers:
-    # https://www.blitter.se/utils/basic-authentication-header-generator/
-    Authorization: Basic dXNlcjpwYXNzd29yZA===
-  allow_websockets: true
-```
-
-Here's the important bit. If you don't add the `set_request_headers` line above, you will be prompted for a basic login on each visit.
-
-### Docker-compose
-
-```yaml
-# docker-compose.yaml
-adguard:
-  image: adguard/adguardhome:latest
-  volumes:
-    - ./adguard/workdir:/opt/adguardhome/work:rw
-    - ./adguard/confdir:/opt/adguardhome/conf:rw
-  ports:
-    - 53:53/udp
-  expose:
-    - 67
-    - 68
-    - 80
-    - 443
-    - 853
-    - 3000
-  restart: always
-```
-
-### Router
-
-![adguard router setup](./img/adguard-router-setup.png)
-
-Set your router to use your new host as the primary DNS server.
-
-### That's it!
-
-Simply navigate to your new adguard instance (e.g. `https://adguard.domain.example`) and behold all of the malware you and your family are no longer subjected to.
-
-![adguard dashboard](./img/adguard-dashboard.png)
-
-[quick start]: ../docs/install/readme.md
diff --git a/docs/guides/admin-enroll-device.md b/docs/guides/admin-enroll-device.md
deleted file mode 100644
index b61640bd0..000000000
--- a/docs/guides/admin-enroll-device.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title:  Admin Device Enrollment
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, identity access proxy, webauthn, device id, enroll, enrollment,
-      authentication, authorization, enterprise
-description: >-
-  This guide covers how Pomerium Enterprise admins can create pre-approved device registration links.
----
-
-# Pre-Approved Device Enrollment
-
-If a Pomerium route is configured to [require device authentication](/docs/topics/ppl.md#device-matcher), then the user must register a [trusted execution environment](/docs/topics/device-identity.md#authenticated-device-types) (**TEE**) device before accessing the route. In Enterprise environments, policies can require that devices be approved in the Pomerium Enterprise Console.
-
-
-<iframe width="800" height="500" src="https://www.youtube.com/embed/aJzgnaXEpLo?rel=0" frameborder="0" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen />
-
-To make the management of approved devices easier, the Enterprise Console lets administrators create registration links that will allow users to register devices as pre-approved, following the [**TOFU**](https://en.wikipedia.org/wiki/Trust_on_first_use) authentication scheme.
-
-This guide instructs Pomerium Enterprise admins on how to create user-specific enrollment links.
-
-## Before You Begin
-
-- This guide is written for [Pomerium Enterprise](/enterprise/about.md) environments,
-- You must have the [Admin](/enterprise/concepts.md#admin) role in the Enterprise Console to perform these steps.
-
-## Create an Enrollment Link
-
-1. From the Pomerium Enterprise Console, select **Devices** from the left-hand menu.
-
-1. Click the **+ NEW ENROLLMENT** button at the top:
-
-   ![Visualization of the fist two steps in creating a device enrollment link](./img/admin-enroll-1.png)
-
-1. From the **New Enrollment** modal:
-
-    - search for and select the user this URL will be valid for,
-    - optionally provide a URL for the user to be redirected to after a successful enrollment,
-    - define if the user can enroll any [trusted execution environment](/docs/glossary.md#trusted-execution-environment), or restrict the user to [secure envlaves](/docs/glossary.md#secure-enclave):
-    ![Screenshot of the New Enrollment Modal](./img/new-enrollment.png)
-
-1. Click **Submit** to get the URL:
-
-    ![Screenshot of a new enrollment link](./img/enrollment-created.png)
-
-    Provide the URL to the user.
\ No newline at end of file
diff --git a/docs/guides/argo.md b/docs/guides/argo.md
deleted file mode 100644
index 775de10ae..000000000
--- a/docs/guides/argo.md
+++ /dev/null
@@ -1,109 +0,0 @@
----
-title: Argo
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, argo, cd, continuous deployment
-description: >-
-  This guide covers how to add authentication and authorization to an instance
-  of argo.
----
-
-# Securing Argo
-
-[Argo](https://argoproj.github.io/workflows) is an open-source container-native workflow engine for orchestrating parallel jobs on Kubernetes. This guide covers how to add authentication and authorization to Argo using Pomerium.
-
-## Install Argo
-
-To install Argo in Kubernetes you can either follow the instructions [here](https://github.com/argoproj/argo/blob/master/docs/getting-started.md), or use [Helm](https://github.com/argoproj/argo-helm/tree/master/charts/argo). This guide will use the Helm chart.
-
-Run the following commands:
-
-```bash
-helm repo add argo https://argoproj.github.io/argo-helm
-helm repo update
-helm install \
-    --namespace kube-system \
-    --set minio.install=true \
-    --set installCRD=false \
-    argo argo/argo
-kubectly apply \
-    --namespace kube-system \
-    --file https://raw.githubusercontent.com/argoproj/argo/master/manifests/base/crds/workflow-crd.yaml
-```
-
-You should now have a working Argo installation using [Minio](https://min.io/) to store artifacts. Both Argo and Minio provide web-based GUIs. Confirm that Minio is working by running:
-
-```bash
-kubectl --namespace kube-system port-forward svc/argo-minio 9000:9000
-```
-
-You should now be able to reach the Minio UI by accessing <http://localhost:9000/minio>. If you're curious the Access Key and Secret Key are generated by the Helm chart and stored in a Kubernetes secret:
-
-```bash
-kubectl --namespace=kube-system get secret argo-minio -o yaml
-```
-
-For now though, let's terminate the Minio `kubectl port-forward` and create one for the Argo UI:
-
-```bash
-kubectl --namespace kube-system port-forward svc/argo-server 2746:2746
-```
-
-Visiting <http://localhost:2746> should take you to the Argo Workflows dashboard.
-
-## Install NGINX Ingress Controller
-
-We will use [NGINX](https://kubernetes.github.io/ingress-nginx/deploy/#using-helm) as our ingress controller. To install it with Helm run the following commands:
-
-```bash
-helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
-helm repo update
-helm install --namespace kube-system ingress-nginx ingress-nginx/ingress-nginx
-```
-
-## Install Pomerium
-
-Like with Argo we will install Pomerium using the [Helm chart](https://github.com/pomerium/pomerium-helm). First create a `values.yaml` file (replacing the `email.is` and IDP `provider`/`clientID`/`clientSecret` with your own):
-
-```yaml
-config:
-  routes:
-    - from: https://argo.localhost.pomerium.io
-      to: http://argo-server.kube-system.svc.cluster.local:2746
-      policy:
-        - allow:
-            or:
-              - email:
-                  is: user@example.com
-
-authenticate:
-  idp:
-    provider: google
-    clientID: REPLACE_ME
-    clientSecret: REPLACE_ME
-
-ingress:
-  annotations:
-    nginx.ingress.kubernetes.io/backend-protocol: https
-```
-
-Run the following commands (replacing the IDP `provider`/`clientID`/`clientSecret` with your own):
-
-```bash
-helm repo add pomerium https://helm.pomerium.io
-helm repo update
-helm install \
-    --set config.sharedSecret="$(head -c32 /dev/urandom | base64)" \
-    --set config.cookieSecret="$(head -c32 /dev/urandom | base64)" \
-    --values values.yaml \
-    pomerium pomerium/pomerium
-```
-
-You should now be able to reach argo by using `kubectl port-forward` with the NGINX ingress controller (binding :443 may require using sudo with kubectl):
-
-```bash
-kubectl --namespace kube-system port-forward svc/ingress-nginx-controller 443:443
-```
-
-And visit: <https://argo.localhost.pomerium.io/>.
diff --git a/docs/guides/cloud-run.md b/docs/guides/cloud-run.md
deleted file mode 100644
index 9dae07abe..000000000
--- a/docs/guides/cloud-run.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: Cloud Run
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, gcp, google, iap, serverless, cloudrun
-description: >-
-  This guide covers how to deploy Pomerium to Cloud Run and use it to protect
-  other endpoints via Authorization Headers.
----
-
-# Securing Cloud Run endpoints
-
-This recipe's sources can be found [on github](https://github.com/pomerium/pomerium/tree/main/examples/cloudrun)
-
-## Background
-
-Services on [Cloud Run](https://cloud.google.com/run) and other Google Cloud serverless products can be restricted to only permit access with a properly signed [bearer token](https://cloud.google.com/run/docs/authenticating/service-to-service). This allows requests from other services running in GCP or elsewhere to be securely authorized despite the endpoints being public.
-
-These bearer tokens are not easily set in a browser session and must be refreshed on a regular basis, preventing them from being useful for end user authorization. Pomerium, however, can generate compatible tokens on behalf of end users and proxy the request to these services.
-
-## How it works
-
-![cloudrun architecture](./img/cloud-run/architecture.svg)
-
-- Add an IAM policy delegating `roles/run.invoker` permissions to a service account
-- Run Pomerium with access to a key for the corresponding service account
-- Publish DNS records for each protected application pointing to Pomerium
-- Configure Pomerium with appropriate policy and `enable_google_cloud_serverless_authentication`
-
-The protected application delegates trust to a GCP service account which Pomerium runs as, and Pomerium performs user based authorization on a per route basis. This turns Pomerium into a bridge between a user-centric and service-centric authorization models.
-
-## Pre-requisites
-
-This guide assumes you have Editor access to a Google Cloud project which can be used for isolated testing, and a DNS zone which you are also able to control. DNS does not need to be inside Google Cloud for the example to work.
-
-## Set Up
-
-To deploy Pomerium to Cloud Run securely and easily, a special [image](https://console.cloud.google.com/gcr/images/pomerium-io/GLOBAL/pomerium) is available at `gcr.io/pomerium-io/pomerium:[version]-cloudrun`. It allows sourcing configuration from GCP Secrets Manager, and sets some defaults for Cloud Run to keep configuration minimal. We will be leveraging it in this example to store IdP credentials. Our policy contains no secrets so we can place it directly in an ENV var.
-
-[Dockerfile](https://github.com/pomerium/pomerium/blob/main/.github/Dockerfile-cloudrun) Based on [vals-entrypoint](https://github.com/pomerium/vals-entrypoint)
-
-The image expects a config file at `/pomerium/config.yaml`. Set `VALS_FILES=[secretref]:/pomerium/config.yaml` and set any other Pomerium Environment Variables directly or with secret refs such as `ref+gcpsecrets://PROJECT/SECRET(#/key])`.
-
-### Config
-
-Set up a config.yaml to contain your IdP credentials and secrets (config.yaml):
-
-<<< @/examples/cloudrun/config.yaml
-
-Substitute `cloudrun.pomerium.io` for your own subdomain and your e-mail domain if appropriate (policy.template.yaml):
-
-<<< @/examples/cloudrun/policy.template.yaml
-
-### DNS
-
-Substitute `cloudrun.pomerium.io` for your own subdomain (zonefile.txt):
-
-<<< @/examples/cloudrun/zonefile.txt
-
-Or set an equivalent CNAME in your DNS provider.
-
-## Deploy
-
-Ensure you have set a default project:
-
-```shell
-glcoud config set default-project MYTESTPROJECT
-```
-
-<<< @/examples/cloudrun/deploy.sh
-
-## Results
-
-### Overview
-
-We should see two applications deployed. The `hello` app is our protected app, and pomerium is...Pomerium!
-
-![Cloud Run Overview](./img/cloud-run/cloudrun-overview.png)
-
-Notice that Pomerium allows unauthenticated access, but `hello` does not.
-
-Here are the domain mappings set up:
-
-![Cloud Run Domains](./img/cloud-run/cloudrun-domains.png)
-
-### Direct Access
-
-Let's verify we cannot access the main application directly by visiting <https://hello-direct.cloudrun.pomerium.io>
-
-![Hello Direct Access](./img/cloud-run/hello-direct.png)
-
-You should see a 403 error because you do not have the proper credentials.
-
-### Authenticated Access
-
-Now let's access via <https://hello.cloudrun.pomerium.io>
-
-We should get an auth flow through your IdP:
-
-![Hello Sign In](./img/cloud-run/hello-signin.png)
-
-And a hello page:
-
-![Hello](./img/cloud-run/hello-success.png)
-
-### Non-GCP Applications
-
-If your target application is not running on GCP, you can also perform your own header validation.
-
-Browse to [https://verify.cloudrun.pomerium.io](https://verify.cloudrun.pomerium.io/headers)
-
-You should see your identity header set:
-
-![Hello](./img/cloud-run/headers.png)
-
-See [getting user's identity](../docs/topics/getting-users-identity.md) for more details on using this header.
diff --git a/docs/guides/cockpit.md b/docs/guides/cockpit.md
deleted file mode 100644
index e08be56d4..000000000
--- a/docs/guides/cockpit.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: Cockpit
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, identity access proxy, cockpit,
-      authentication, remote, management, gui, linux
-description: >-
-  Learn how to secure Cockpit, a web GUI for Linux servers, behind Pomerium
----
-
-# Secure Cockpit
-
-[Cockpit](https://cockpit-project.org/) is "a web-based graphical interface for servers, intended for everyone". It provides a method of managing many administrative server tasks that would normally require command line access.
-
-## Before You Begin
-
-This guide assumes you already have Pomerium installed and connected to your [IdP](/docs/glossary.md#identity-provider). If not, follow the instructions in the following articles before continuing:
-
-- Install Pomerium
-   - [Binaries](/docs/install/binary.md) if installing Pomerium as a system-level service.
-   - [Pomerium using Docker](/docs/install/readme.md) if installing Pomerium as a Docker container
-   - [Install Pomerium using Helm](/docs/k8s/helm.md) for Kubernetes environments.
-- Connect to an IdP - See [Identity Provider Configuration](/docs/identity-providers/readme.md) and find the article for your identity provider.
-
-
-## Install & Configure Cockpit
-
-1. Cockpit provides detailed instructions on installation for many popular Linux distributions. See [Running Cockpit](https://cockpit-project.org/running.html) to find the steps to match your server.
-
-1. Once installed, create or edit `/etc/cockpit/cockpit.conf` to prepare it to accept proxied connections:
-
-    ```ini
-    [WebService]
-    Origins = https://cockpit.localhost.pomerium.io wss://cockpit.localhost.pomerium.io
-    ProtocolHeader = X-Forwarded-Proto
-    ```
-
-    - Adjust `cockpit.localhost.pomerium.io` to match the URL Cockpit will be accessible from.
-
-1. Restart the Cockpit service to apply the changes:
-
-    ```bash
-    sudo systemctl restart cockpit.service
-    ```
-
-## Pomerium Route
-
-1. A Pomerium route for Cockpit can follow the basic [route examples](/reference/readme.md#routes), but requires websockets to load the dashboard after initial login:
-
-    ```yaml
-      - from: https://cockpit.localhost.pomerium.io
-        to: http://localhost:9090
-        allow_websockets: true
-        policy:
-          - allow:
-              or:
-                - email:
-                    is: alice@example.com
-                - email:
-                    is: bob@example.com
-    ```
-
-    - This example assumes that Pomerium is running as a system service on the same server as Cockpit. Adust the `to` value to match the path to the Cockpit service if running on another server.
-    - Adjust `cockpit.localhost.pomerium.io` to match the URL Cockpit will be accessible from.
-
-1. If Pomerium is running as a system service the route will be updated automatically. Docker may not notify Pomerium of file changes, so the Pomerium container may need to be restarted.
-
-1. Navigate to the new route to confirm access:
-
-    ![The Cockpit Login Screen](./img/cockpit-login-screen.png)
-
-## Authentication
-
-Cockpit uses PAM authentication by default. The project documentation includes a [Single Sign On](https://cockpit-project.org/guide/latest/sso.html) page that covers authentication to the software using Kerberos. As of this page's last update, there's no known way to provide user authentication from Pomerium using JWT or HTTP Headers.
-
-::: tip Prove Us Wrong!
-Have you configured Cockpit to accept authentication from Pomerium? Let us know on [GitHub](https://github.com/pomerium/pomerium), or post in the [Community Showcase](https://discuss.pomerium.com/c/community-showcase/14) on our forums.
-:::
\ No newline at end of file
diff --git a/docs/guides/code-server.md b/docs/guides/code-server.md
deleted file mode 100644
index 056a12df7..000000000
--- a/docs/guides/code-server.md
+++ /dev/null
@@ -1,141 +0,0 @@
----
-title: code-server
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, identity access proxy, visual studio code,
-      authentication, authorization, code server, vscode, coder, codercom
-description: >-
-  This guide covers how to add authentication and authorization to a hosted,
-  fully, online instance of visual studio code.
----
-
-# Securing Visual Studio Code Server
-
-## Background
-
-This guide covers using Pomerium to secure an instance of [code-server]. Pomerium is an identity-aware access proxy that can add single-sign-on / access control to any service, including Visual Studio Code.
-
-### Visual Studio Code
-
-[Visual Studio Code] is an open source code editor by Microsoft that has become [incredibly popular](https://insights.stackoverflow.com/survey/2019#technology-_-most-popular-development-environments) in the last few years. For many developers, [Visual Studio Code] hits the sweet spot between no frills editors like vim/emacs and full feature IDE's like Eclipse and IntelliJ. VS Code offers some of the creature comforts like intellisense, git integration, and plugins, while staying relatively lightweight.
-
-One of the interesting attributes of [Visual Studio Code] is that it is built on the [Electron](https://en.wikipedia.org/wiki/Electron_(software_framework)) framework which uses a headless instance of Chrome rendered as a desktop application. It didn't take long for folks to realize that if we already had this great IDE written in Javascript, it may be possible to make [Visual Studio Code] run remotely.
-
-> "Any application that can be written in JavaScript, will eventually be written in JavaScript." -- [Jeff Atwood](https://blog.codinghorror.com/the-principle-of-least-power/)
-
-### code-server
-
-[code-server] is an open-source project that allows you to run [Visual Studio Code] on a **remote** server, through the browser. For example, this is a screenshot taken at the end of this tutorial.
-
-![visual studio code with pomerium](./img/vscode-pomerium.png)
-
-## Pre-requisites
-
-This guide assumes you have already completed one of the [install] guides, and have a working instance of Pomerium up and running. For purpose of this guide, we'll use [Docker Compose](https://docs.docker.com/compose/), though any other deployment method would work equally well.
-
-## Configure
-
-### Add A Route
-
-Define a route in your Pomerium configuration file:
-
-```yaml
-
-routes:
-  - from: https://code.corp.example.com
-    to: http://codeserver:8080
-    policy:
-      - allow:
-          or:
-            - email:
-                is: user@example.com
-    allow_websockets: true
-```
-
-In this example route, `code.corp.example.com` is the publicly accessible route for the route, and `codeserver` is the local hostname for the server or container running code-server.
-
-### Docker Compose
-
-In the `services` section of your `docker-compose.yaml` file, add a block for code-server:
-
-```yaml
-services:
-  codeserver:
-    image: codercom/code-server:latest
-    restart: always
-    ports:
-      - 8080:8080
-    volumes:
-      - ./code-server:/home/coder/project
-    command: --auth none --disable-telemetry /home/coder/project
-```
-
-### Apply and Test
-
-1. Bring up your new code-server container. If you're already running your containers with Docker Compose in detached mode, you can apply changes with `docker-compose up -d`.
-
-1. After saving your Pomerium configuration file, you may need to restart the docker Pomerium docker container. This is caused by issues with Docker recognizing timestamp updates for files in volume mounts.
-
-1. Navigate to your domain (e.g. `https://code.corp.domain.example`).
-
-    ![visual studio code pomerium hello world](./img/vscode-helloworld.png)
-
-## Develop Pomerium in Pomerium (Example)
-
-As a final touch, now that we've done all this work we might as well use our new development environment to write some real, actual code. And what better project is there than Pomerium? 😉
-
-1. To build Pomerium, we must [install go](https://golang.org/doc/install) which is as simple as running the following commands in the [integrated terminal] :
-
-    ```bash
-    # install dependencies with apt
-    sudo apt-get update && sudo apt-get install -y wget make zip
-
-    # download go
-    wget https://golang.org/dl/go1.16.4.linux-amd64.tar.gz
-    sudo tar -C /usr/local -xzf go1.16.4.linux-amd64.tar.gz
-    ```
-
-1. Add Go to our [PATH] :
-
-    ```bash
-    # add the following to $HOME/.bashrc
-    export PATH=$PATH:/usr/local/go/bin
-    export PATH=$PATH:$(go env GOPATH)/bin
-    ```
-
-1. Reload [PATH] by opening the [integrated terminal] and sourcing the updated `.bashrc` file:
-
-    ```bash
-    source $HOME/.bashrc
-    ```
-
-1. Now that we've got Go all we need to go is grab the latest source and build:
-
-    ```bash
-    # get the latest source
-    git clone https://github.com/pomerium/pomerium.git
-
-    # build pomerium
-    cd pomerium
-    make build
-    # run pomerium!
-    ./bin/pomerium --version
-    # v0.14.0-28-g38a75913+38a75913
-    ```
-
-Happy remote hacking!!!😁
-
-:::tip
-
-When the code-server container is rebuilt, any files outside of `/home/coder/project` are reset, removing any dependencies (such as go and make). In a real remote development workflow, you could mount additional volumes, or [use a custom code-server container](https://github.com/cdr/deploy-code-server/tree/main/deploy-container) with these dependencies installed.
-
-:::
-
-[integrated terminal]: https://code.visualstudio.com/docs/editor/integrated-terminal
-[path]: https://en.wikipedia.org/wiki/PATH_(variable)
-[install]: /docs/install/readme.md
-[synology nas]: /guides/synology.md
-[visual studio code]: https://code.visualstudio.com/
-[code-server]: https://github.com/cdr/code-server
diff --git a/docs/guides/enroll-device.md b/docs/guides/enroll-device.md
deleted file mode 100644
index 866b82d77..000000000
--- a/docs/guides/enroll-device.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-title: User Device Enrollment
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, identity access proxy, webauthn, device id, enroll, enrollment,
-      authentication, authorization
-description: >-
-  This guide covers how to enroll a trusted execution environment device as a Pomerium end-user.
----
-
-# Enroll a Device as a User
-
-If a Pomerium route is configured to [require device authentication](/docs/topics/ppl.md#device-matcher), then the user must register a [trusted execution environment](/docs/topics/device-identity.md#authenticated-device-types) (**TEE**) device before accessing the route. Registration is easy, but different depending on the device being used to provide ID.
-
-
-<iframe width="800" height="500" src="https://www.youtube.com/embed/aJzgnaXEpLo?rel=0" frameborder="0" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen />
-
-This guide covers enrollment of a device by a user. This is available for both open-source Pomerium and [Pomerium Enterprise](/enterprise/readme.md) installations. However, Enterprise users may also receive registration links [generated by their administrators](/guides/admin-enroll-device.md), which will mark the newly enrolled device as approved in the Pomerium Enterprise Console.
-
-1. Users are prompted to register a new device when accessing a route that requires device authentication:
-
-    ![The WebAuthn Registration page with no devices registered](./img/webauthn/no-device.png)
-
-    Users can also get to the registration page from the special `.pomerium` endpoint available on any route, at the bottom of the page:
-
-    ![The Device Credentials section of the .pomerium endpoint with the WebAuthn link highlighted](./img/webauthn/device-credentials-empty-highlight.png)
-
-1. Click on **Register New Device**. Your browser will prompt you to provide access to a device. This will look different depending on the browser, operating system, and device type:
-
-    ::::: tabs
-    :::: tab Windows
-    ![The device authentication prompt on Windows](./img/webauthn/security-key-windows.png)
-    ::::
-    :::: tab Chrome
-    ![The device authentication prompt in Google Chrome](./img/webauthn/security-key-google.png)
-    ::::
-    :::: tab Firefox
-    ![The device authentication prompt in Firefox](./img/webauthn/security-key-firefox.png)
-    ::::
-    :::: tab ChromeOS
-    ![The device authentication prompt on ChromeOS](./img/webauthn/security-key-chromebook.png)
-    ::::
-
-## Find Device ID
-
-If a route's policy is configured to only allow specific device IDs you will see a 450 error even after registering:
-
-![450 device not authorized error screen](./img/webauthn/450-error.png)
-
-
-From the `.pomerium` endpoint you can copy your device ID to provide to your Pomerium administrator.
-
-![Device ID list at /.pomerium](./img/webauthn/device-id-list.png)
-
-From here you can also delete the ID for devices that should no longer be associated with your account.
\ No newline at end of file
diff --git a/docs/guides/gitlab.md b/docs/guides/gitlab.md
deleted file mode 100644
index 6a752f1c9..000000000
--- a/docs/guides/gitlab.md
+++ /dev/null
@@ -1,268 +0,0 @@
----
-title: GitLab
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, identity access proxy, gitlab, gitlab-ee, docker,
-      authentication, authorization, self-hosted
-description: >-
-  This guide covers how to secure self-hosted GitLab behind Pomerium, providing authentication and authorization through your IdP.
----
-
-# GitLab
-
-[GitLab] is a highly customizable, highly configurable tool to manage source code, project management, and many other aspects of project development. In addition to the SaaS product, its self-hosted solution and easy free-to-enterprise upgrade path make it a popular choice for those managing sensitive code bases.
-
-This guide demonstrates how to configure a self-hosted GitLab server (a.k.a. gitlab-ee) behind Pomerium for identity-aware access.
-
-## Before You Begin
-
-- This guide is written for an environment using [Docker Compose].
-
-- This guide assumes a running instance of Pomerium, already configured with an identity Provider (**IdP**) and running as a docker container on the same host/swarm. See our [Quick-Start] page for more information on installing Pomerium with Docker Compose.
-
-  ::: warning
-  While Pomerium can be configured to use self-hosted GitLab [as an IdP][gitlab-idp], we do not recommend doing so while also running it behind Pomerium. In addition to the potential to lock out access to the IdP (breaking access to all routes), we consider it best practice to separate your identity provider and protected services, especially those housing sensitive data like source code.
-  :::
-
-- The initial setup documented here uses un-encrypted HTTP traffic between Pomerium and GitLab. The last section covers upgrading the GitLab configuration with a TLS certificate.
-
-## Install GitLab
-
-::: tip
-While we do our best to keep our documentation up to date, changes to third-party systems are outside our control. Refer to [GitLab Docker Images] from GitLab's docs as needed, or [let us know](https://github.com/pomerium/pomerium/issues/new?assignees=&labels=&template=bug_report.md) if we need to re-visit this section.
-:::
-
-### Prepare The Environment
-
-1.  Create volumes for persistent data. This guide uses the base directory `/srv/gitlab`; adjust this path for your local environment:
-
-    ```bash
-    mkdir -p /srv/gitlab #Adjust the path based on your common Docker volume location.
-    ```
-
-1.  Create three sub-directories: `config`, `data`, and `logs`:
-
-    ```bash
-    mkdir -p /srv/gitlab/{config,data,logs}
-    ```
-
-### Install and Configure GitLab
-
-1.  Edit your `docker-compose.yml` file to define a new service for GitLab:
-
-    ```yaml
-    services:
-
-    ...
-
-    gitlab:
-      container_name: gitlab
-      image: gitlab/gitlab-ee:latest
-      environment:
-        GITLAB_OMNIBUS_CONFIG: |
-          external_url 'https://gitlab.pomerium.localhost.io'
-          letsencrypt['enable'] = false
-          nginx['listen_port'] = 80
-          nginx['listen_https'] = false
-      volumes:
-        - '/srv/gitlab/config:/etc/gitlab'
-        - '/srv/gitlab/logs:/var/log/gitlab'
-        - '/srv/gitlab/data:/var/opt/gitlab'
-      expose:
-        - 80
-        - 443
-        - 22
-      restart: always
-      shm_size: '256m'
-    ```
-
-    - Adjust `external_url` and `registry_external_url` to match the external path, which we will define in Pomerium later in the process.
-    - Adjust the paths under `volumes` to match the directories created in [the previous section](#prepare-the-environment).
-
-    ::: tip
-    Additional integrations like [Mattermost](https://docs.gitlab.com/ee/integration/mattermost/) and [Pages](https://docs.gitlab.com/ee/user/project/pages/) will require additional configuration (i.e. `mattermost_nginx[*]`).
-    :::
-
-1.  Bring up the new Docker Compose configuration:
-
-    ```bash
-    docker-compose up -d
-    ```
-
-    The container may take several minutes to initialize. Once complete, the status provided to `docker ps` will change from `health:starting` to `healthy`.
-
-    You can also monitor the progress with `docker logs -f gitlab`. Note that even after the process is complete, the log file will continue to output log messages.
-
-## Configure a Pomerium Route
-
-Edit `config.yaml` and add a route for GitLab:
-
-```yaml
-  - from: https://gitlab.localhost.pomerium.io
-    to: http://gitlab
-    preserve_host_header: true
-    policy:
-      - allow:
-          or:
-            - domain:
-                is: example.com
-```
-
-Once the route is applied, you should be able to access GitLab from `https://gitlab.localhost.pomerium.io`. Note that when using Docker, you may need to restart the Pomerium container to apply the changes as file change detection can be finicky on mounted docker volumes.
-
-Use `grep` within the container to find the default root password:
-
-```bash
-sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
-```
-
-### Configure TCP Connections
-
-1.  An additional route will provide an encrypted TCP tunnel through which users can securely access code using Git:
-
-    ```yaml
-      - from: tcp+https://gitlab.localhost.pomerium.io
-        to: tcp://gitlab:22
-        policy:
-          - allow:
-              or:
-                - groups:
-                    has: devs@example.com
-    ```
-
-1.  Once this route is applied, users can create an encrypted connection using [pomerium-cli] or the [Pomerium Desktop] app:
-
-    ::::: tabs
-    :::: tab Pomerium-CLI
-    ```bash
-    pomerium-cli tcp gitlab.pomerium.localhost.io:22 --listen :2202
-    ```
-
-    The `--listen` key defines what port the tunnel listens at locally.
-    ::::
-    :::: tab Pomerium Desktop
-    ![An encrypted tunnel for git connections using Pomerium Desktop](./img/gitlab/gitlab-desktop-connection.png)
-    ::::
-    :::::
-
-1.  Add the tunneled connection as a remote:
-
-    ```bash
-    git remote add gitlab-tunneled ssh://git@127.0.0.1:2202/username/project-name
-    ```
-
-Now when you first initiate a `pull`, `push`, or `fetch` command your web browser will open to authenticate and authorize the connection.
-
-## Identity Management
-
-While GitLab has a [JWT OmniAuth provider], it only accepts a JSON web token (**JWT**) as a callback url parameter and not as an HTTP header [provided by Pomerium](/reference/readme.md#pass-identity-headers). If your IdP is a [supported OmniAuth provider](https://docs.gitlab.com/ee/integration/omniauth.html#supported-providers), you can integrate it directly to GitLab to re-use your current session, but it will require signing in twice; once with Pomerium and again with GitLab:
-
-<video controls  muted="true" playsinline="" width="100%" control=""><source src="./img/gitlab/gitlab-login.webm" type="video/webm">
-Your browser does not support the video tag.
-</video>
-
-## Upstream TLS
-
-As part of a complete [zero trust][Background] security model, all connections should be encrypted and [mutually authenticated][mTLS]. An important step in this process is configuring GitLab to serve content to Pomerium using HTTPS.
-
-Because GitLab's internal Nginx server is configured to use the [FQDN] even when behind a proxy service, GitLab itself must use a separate, internal certificate for `gitlab.pomerium.localhost.io`. This is unique from the certificate Pomerium uses to serve the route to end users.
-
-Create this certificate using your infrastructure's preferred internal certificate solution. If you don't have a solution in place, you can use [mkcert] to generate testing certificates:
-
-:::: details mkcert
-!!!include(install-mkcert.md)!!!
-
-1.  Create a certificate for the domain that will be used for the GitLab route. For example:
-
-    ```bash
-    mkcert "gitlab.pomerium.localhost.io"
-    ```
-
-1.  Note the location of the mkcert root certificate files with `mkcert -CAROOT`. You will need to provide this path to your Pomerium configuration to validate the certificate provided by GitLab.
-::::
-
-If you have an internal certificate solution, generate a certificate for `gitlab.pomerium.localhost.io` and note the path to the certificate authority (**CA**) root before proceeding.
-
-::: tip
-Integrations that use unique subdomains will require their own certificates and Pomerium routes.
-:::
-
-1.  Create the directory `/srv/gitlab/config/ssl/` (adjusted for your local Docker volume path), and move the certificate and key files there:
-
-    ```bash
-    mkdir /srv/gitlab/config/ssl
-    mv gitlab.pomerium.localhost.io.pem gitlab.pomerium.localhost.io-key.pem /srv/gitlab/config/ssl
-    ```
-
-    **Note:** You will need elevated permissions (sudo or root access) regardless of the directory location, as GitLab restricts permissions from within the Docker container on the volume mount.
-
-1.  Adjust the `docker-compose.yml` entry for Pomerium to mount the internal certificate authority, and the entry for GitLab to specify the certificate and key files:
-
-    ```yaml
-    services:
-
-    ...
-
-      pomerium:
-        image: pomerium/pomerium:latest
-        container_name: pomerium
-        volumes:
-          - ./srv/pomerium/config.yaml:/pomerium/config.yaml:ro
-          - ~/.local/share/mkcert:/pomerium/ssl:ro # Adjust to the location of your internal certificate authority.
-        ports:
-          - 443:443
-          - 80:80
-    ...
-
-    gitlab:
-      container_name: gitlab
-      image: gitlab/gitlab-ee:latest
-      environment:
-        GITLAB_OMNIBUS_CONFIG: |
-        external_url 'https://gitlab.pomerium.localhost.io'
-        letsencrypt['enable'] = false
-        nginx['listen_port'] = 443
-        nginx['listen_https'] = true
-        nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.localhost.pomerium.io.pem"
-        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.localhost.pomerium.io-key.pem"
-      volumes:
-        - '/srv/gitlab/config:/etc/gitlab'
-        - '/srv/gitlab/logs:/var/log/gitlab'
-        - '/srv/gitlab/data:/var/opt/gitlab'
-      expose:
-        - 80
-        - 443
-        - 22
-      restart: always
-      shm_size: '256m'
-      ```
-
-1.  Adjust the route in Pomerium's `config.yaml` to connect to GitLab using HTTPS:
-
-    ```yaml
-      - from: https://gitlab.localhost.pomerium.io
-        to: https://gitlab-ee
-        preserve_host_header: true
-        policy:
-          - allow:
-              or:
-                - domain:
-                    is: example.com
-    ```
-
-1.  Run `docker-compose up -d` to recreate the containers with the adjusted settings.
-
-[Background]: /docs/background.md
-[Docker Compose]: https://docs.docker.com/compose/
-[FQDN]: https://en.wikipedia.org/wiki/Fully_qualified_domain_name
-[GitLab]: https://gitlab.com/
-[gitlab-idp]: /docs/identity-providers/gitlab
-[GitLab Docker Images]: https://docs.gitlab.com/ee/install/docker.html
-[JWT OmniAuth provider]: https://docs.gitlab.com/ee/administration/auth/jwt.html
-[mkcert]: https://github.com/FiloSottile/mkcert
-[mTLS]: /docs/topics/mutual-auth.md#mtls-protocol-based-mutual-authentication
-[pomerium-cli]: /docs/releases.md#pomerium-cli
-[Pomerium Desktop]: https://github.com/pomerium/desktop-client/releases
-[Quick-Start]: /docs/install/readme.md
diff --git a/docs/guides/grafana.md b/docs/guides/grafana.md
deleted file mode 100644
index 4af680607..000000000
--- a/docs/guides/grafana.md
+++ /dev/null
@@ -1,249 +0,0 @@
----
-title: Grafana
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, identity access proxy, data, logging, graphing, grafana,
-      authentication, authorization
-description: >-
-  This guide covers how to use Pomerium to authenticate and authorize users of Grafana.
----
-
-# Securing Grafana with Pomerium
-
-[Grafana](https://grafana.com/) is an open-source analytics visualization and monitoring tool. It provides many user-contributed [Dashboards](https://grafana.com/grafana/dashboards/) that make it popular for enthusiasts as well as professionals.
-
-This guide will demonstrate how to secure an instance of Grafana behind Pomerium, and provide users with a seamless login to Grafana using your Identity Provider (**IdP**).
-
-## Before You Begin
-
-This guide begins with the following steps assumed complete:
-
-- A running instance of Pomerium. If you haven't already installed Pomerium, see our articles for installation on [Docker](/docs/install/readme.md), [Kubernetes](/docs/k8s/helm.md), or as an all-in-one [binary](/docs/install/binary.md).
-- Administrator access to a working Grafana instance, including write access to the config file `grafana.ini`, usually found in `/etc/grafana`.
-
-This guide uses the following temporary values in commands and configuration examples, which will need to be adjusted for your setup:
-
-- `http://grafana:3000` - The path Pomerium will use to access Grafana. This example emulates a common Docker-based setup.
-- `http://grafana.local:3000` - The path to access the Grafana interface from your local computer. Depending on your desired configuration, you may need direct access to add at least one user before Pomerium is configured.
-- `https://grafana.localhost.pomerium.io` - The path to access Grafana through Pomerium. Change this to match the domain space Pomerium is configured in.
-
-## Enable JWT Authentication in Grafana
-
-Edit `grafana.ini` to configure [JWT authentication]. Replace `auth.localhost.pomerium.io` with the value of [`authenticate_service_url`] in your Pomerium configuration:
-
-```abnf
-[auth]
-signout_redirect_url = https://grafana.localhost.pomerium.io/.pomerium/sign_out ; signs users out of Pomerium when they sign out from Grafana
-[auth.jwt]
-enabled = true ;enables authentication by JWT
-header_name = X-Pomerium-Jwt-Assertion ;defines the header to look at to provide the JWT
-email_claim = email ;associates the email_claim in the JWT with the email of the Grafana user
-jwk_set_url = https://auth.localhost.pomerium.io/.well-known/pomerium/jwks.json ;URL to the signing key to validate the JWT
-cache_ttl = 60m ;sets a 60 minute cache time for the token
-```
-
-Once you've saved and exited the file, restart Grafana.
-
-## Add Users to Grafana
-
-At this stage Grafana is configured to use the `email` claim in the JWT to associate an incoming connection with a user. Pomerium will be configured to include identity information via the JWT in the next section. But the user must still exist in Grafana to be associated. Otherwise, you will see this error in the browser after authenticating:
-
-```json
-{"message":"User not found"}
-```
-
-Further down in this guide we'll go over Grafana's `auto_sign_up` option to create users as needed. But first we should create at least one user with administrator privileges. If you plan on administering Grafana through a direct connection to the service, you can skip this section.
-
-1. To add users without requiring them to accept an invitation, log in to Grafana directly as an admin user at `http://grafana.local:3000`.
-
-1. Under the shield icon in the main menu (**Server Admin**), select **Users**.
-
-    ![The users option under the server admin menu](./img/grafana-server-admin-users.png)
-
-    ::: warning
-    This is distinct from the **Users** option under the cog wheel (**Configuration**), which will only finalize a new user when they accept an invite via email or link.
-    :::
-
-1. Click the **New user** button to create a new user. Make sure that the email address matches the one provided by Pomerium via your IdP.
-
-    ::: tip
-    You can access the special endpoint `/.pomerium` from any Pomerium route to view the data provided by Pomerium in the JWT.
-    :::
-
-After creating a new user in Grafana, that user should be logged in automatically when they access Grafana from the Pomerium route (after first authenticating with your IdP, of course).
-
-## Configure the Pomerium Route
-
-Add a route for Grafana to your Pomerium config. Change the following variables in the example below to match your setup:
-
-| Variable | Description |
-|:----- | ---- |
-| `localhost.pomerium.io` | The domain space where Pomerium is configured to set up routes. You can also change `grafana` to a custom subdomain. |
-| `http://grafana:3000` | The hostname or IP address and port from which Grafana is accessible within your local network or container environment. |
-| `example.com` | Your company domain. The example policy allows access to Grafana for anyone with an email address from your company domain. Adjust the policy to match your organization's needs. |
-
-::::: tabs
-:::: tab config.yaml
-For all-in-one or split service configurations using `config.yaml`, add the route to your `config.yaml` file:
-```yaml
-routes:
-  - from: https://grafana.localhost.pomerium.io
-    to: http://grafana:3000
-    pass_identity_headers: true
-    policy:
-      - allow:
-          or:
-            - domain:
-                is: example.com
-
-```
-
-::: tip Note
-Docker-based installations may need to be restarted to pick up the new route.
-:::
-
-::::
-:::: tab Ingress
-If you're using the Pomerium Ingress Controller in Kubernetes, add an Ingress for the new route. Adjust the following example to match your configuration. Note that this example assumes a [cert-manager][ingress-cert-manager] solution for route certificates:
-
-```yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: grafana
-  annotations:
-    cert-manager.io/issuer: pomerium-issuer
-    ingress.pomerium.io/policy: '[{"allow":{"and":[{"domain":{"is":"example.com"}}]}}]'
-    #ingress.pomerium.io/secure_upstream: true # Uncomment if Grafana is serving content over HTTPS
-    ingress.pomerium.io/pass_identity_headers: "true"
-spec:
-  ingressClassName: pomerium
-  rules:
-  - host: grafana.localhost.pomerium.io
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: grafana
-            port:
-              number: 3000
-  tls:
-  - hosts:
-    - grafana.localhost.pomerium.io
-    secretName: grafana.localhost.pomerium.io-tls
-```
-::::
-:::::
-
-Once the new route is applied, users can access Grafana from `https://grafana.localhost.pomerium.io`
-
-### Manage Access at Scale
-
-::: tip Note
-Ensure that Grafana is up to date to take advantage of `auto_sign_up`, as it is only available for JWT as of version 8.4.0.
-:::
-
-The steps outlined above work to confirm the configuration for small teams, but adding users individually and manually does not scale for larger organizations. To add users to Grafana at scale, you can use the Grafana's `auto_sign_up`configuration to auto-signup users as they log in:
-
-```abnf
-[auth]
-signout_redirect_url = https://grafana.localhost.pomerium.io/.pomerium/sign_out
-[auth.jwt]
-enabled = true
-header_name = X-Pomerium-Jwt-Assertion
-email_claim = email
-jwk_set_url = https://auth.localhost.pomerium.io/.well-known/pomerium/jwks.json
-cache_ttl = 60m
-username_claim = sub ;sets the username to the value of the "sub" claim
-auto_sign_up = true ;sets the login to automatically create a new user if one doesn't exist
-[users]
-auto_assign_org = true ;auto assigns the user to the existing default organization
-auto_assign_org_role = Editor ;auto assigns the user the "Editor" role
-```
-Note that the value of `auto_assign_org_role` could also be "Admin" or "Viewer".
-
-This will automatically create a user with their email and username populated.  To have the "Name" field populated for users, you can set the `jwt_claims_headers` option in Pomerium to include `name` in the JWT payload:
-
-::::: tabs
-:::: tab config.yaml
-
-```yaml
-jwt_claims_headers: name
-```
-::::
-:::: tab Environment Variable
-```bash
-JWT_CLAIMS_HEADERS=name
-```
-::::
-:::: tab Pomerium Ingress Controller
-```yaml
-extraEnv:
-  JWT_CLAIMS_HEADERS: name
-```
-::::
-:::::
-
-This configuration will allow seamless authentication and authorization without any additional toil for your team.
-
-::: tip Tip for Google Users
-When using Google as an IdP, the user field is populated by a numeric value that you can not configure. Note that Grafana can accept the `name` field as a username, including spaces:
-
-```abnf
-username_claim = name
-```
-:::
-
-## Troubleshooting
-
-### Local Signing Key
-
-In instances where Grafana cannot get the signing key for the JWTs from the Pomerium authenticate service, you can place a copy of the key locally.
-
-For example, wildcard certificates signed by LetsEncrypt may still be cross-signed by the [expired DST R3 root]. While many browsers still trust these certificates (as long as they are also signed by a valid root), some applications reject them, including Grafana:
-
-```log
-logger=context error=Get "https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json": x509: certificate signed by unknown authority
-```
-
-To circumvent this issue, you can use `curl` or `wget` to download the signing key locally:
-
-::::: tabs
-:::: tab curl
-
-From the Grafana host:
-
-```bash
-curl https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json > /etc/grafana/jwks.json
-```
-::::
-:::: tab wget
-From the Grafana host:
-```bash
-wget -O /etc/grafana/jwks.json https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json
-```
-::::
-:::::
-
-Edit `grafana.ini` and add the `jwk_set_file` key to provide it to Grafana:
-
-```ini
-[auth.jwt]
-enabled = true
-header_name = X-Pomerium-Jwt-Assertion
-email_claim = email
-jwk_set_file = /etc/grafana/jwks.json
-cache_ttl = 60m
-```
-
-
-
-[`authenticate_service_url`]: /reference/readme.md#authenticate-service-url
-[expired DST R3 root]: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
-[Global Users]: https://grafana.com/docs/grafana/latest/http_api/admin/#global-users
-[ingress-cert-manager]: /docs/k8s/ingress.md#cert-manager-integration
-[JWT authentication]: https://grafana.com/docs/grafana/latest/auth/jwt/
diff --git a/docs/guides/img/adguard-dashboard.png b/docs/guides/img/adguard-dashboard.png
deleted file mode 100644
index e9fedab0b..000000000
Binary files a/docs/guides/img/adguard-dashboard.png and /dev/null differ
diff --git a/docs/guides/img/adguard-router-setup.png b/docs/guides/img/adguard-router-setup.png
deleted file mode 100644
index ca120ba95..000000000
Binary files a/docs/guides/img/adguard-router-setup.png and /dev/null differ
diff --git a/docs/guides/img/admin-enroll-1.png b/docs/guides/img/admin-enroll-1.png
deleted file mode 100644
index 7cdc2e80b..000000000
Binary files a/docs/guides/img/admin-enroll-1.png and /dev/null differ
diff --git a/docs/guides/img/client-cert-required.png b/docs/guides/img/client-cert-required.png
deleted file mode 120000
index 6403d7cf3..000000000
--- a/docs/guides/img/client-cert-required.png
+++ /dev/null
@@ -1 +0,0 @@
-../../partials/img/client-cert-required.png
\ No newline at end of file
diff --git a/docs/guides/img/cloud-run/architecture.svg b/docs/guides/img/cloud-run/architecture.svg
deleted file mode 100644
index 93023fb0c..000000000
--- a/docs/guides/img/cloud-run/architecture.svg
+++ /dev/null
@@ -1,500 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   xmlns:osb="http://www.openswatchbook.org/uri/2009/osb"
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:xlink="http://www.w3.org/1999/xlink"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   version="1.1"
-   viewBox="0 0 2000.0009 884.92798"
-   fill="none"
-   stroke="none"
-   stroke-linecap="square"
-   stroke-miterlimit="10"
-   id="svg326"
-   sodipodi:docname="architecture.svg"
-   inkscape:export-filename="/Users/tgroth/Downloads/[gcpdraw] 2020-09-09T17_07_11Z.png"
-   inkscape:export-xdpi="96"
-   inkscape:export-ydpi="96"
-   inkscape:version="1.0.1 (c497b03c, 2020-09-10)"
-   width="2000.0009"
-   height="884.92798">
-  <metadata
-     id="metadata332">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <defs
-     id="defs330">
-    <linearGradient
-       id="linearGradient3377"
-       osb:paint="solid">
-      <stop
-         style="stop-color:#000000;stop-opacity:1;"
-         offset="0"
-         id="stop3375" />
-    </linearGradient>
-  </defs>
-  <sodipodi:namedview
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1"
-     objecttolerance="10"
-     gridtolerance="10"
-     guidetolerance="10"
-     inkscape:pageopacity="0"
-     inkscape:pageshadow="2"
-     inkscape:window-width="1920"
-     inkscape:window-height="981"
-     id="namedview328"
-     showgrid="false"
-     inkscape:zoom="1.5092593"
-     inkscape:cx="407.71941"
-     inkscape:cy="214.06603"
-     inkscape:window-x="0"
-     inkscape:window-y="23"
-     inkscape:window-maximized="0"
-     inkscape:current-layer="svg326"
-     inkscape:document-rotation="0"
-     showguides="true"
-     fit-margin-top="0"
-     fit-margin-left="0"
-     fit-margin-right="0"
-     fit-margin-bottom="0"
-     inkscape:pagecheckerboard="false" />
-  <clipPath
-     id="slide_1599671233389.0">
-    <path
-       d="M 0,0 H 960 V 540 H 0 Z"
-       clip-rule="nonzero"
-       id="path190" />
-  </clipPath>
-  <g
-     clip-path="url(#slide_1599671233389.0)"
-     id="g324"
-     transform="matrix(3.3258179,0,0,3.3258179,-183.77618,-243.32002)">
-    <path
-       fill="#ffffff"
-       d="m 60,170 h 100 v 40 H 60 Z"
-       fill-rule="evenodd"
-       id="path195" />
-    <path
-       stroke="#000000"
-       stroke-width="0.133858"
-       stroke-linejoin="round"
-       stroke-linecap="butt"
-       d="m 60,170 h 100 v 40 H 60 Z"
-       fill-rule="evenodd"
-       id="path197" />
-    <g
-       id="g3522">
-      <path
-         fill="#212121"
-         d="m 107.17708,190.31876 h -3.07812 v 2.51562 h 3.57812 v 0.76563 h -4.51562 v -7.10938 h 4.46875 v 0.76563 h -3.53125 v 2.29687 h 3.07812 z m 2.37109,-2 0.0312,0.65625 q 0.60938,-0.75 1.59375,-0.75 1.67188,0 1.6875,1.89062 v 3.48438 h -0.90625 v -3.5 q 0,-0.5625 -0.26562,-0.82813 -0.25,-0.28125 -0.79688,-0.28125 -0.4375,0 -0.78125,0.23438 -0.32812,0.23437 -0.5,0.60937 v 3.76563 h -0.90625 v -5.28125 z m 4.45508,2.59375 q 0,-1.21875 0.5625,-1.95313 0.57813,-0.73437 1.51563,-0.73437 0.9375,0 1.46875,0.625 v -2.75 h 0.90625 v 7.5 h -0.82813 l -0.0469,-0.5625 q -0.54688,0.65625 -1.5,0.65625 -0.92188,0 -1.5,-0.75 -0.57813,-0.75 -0.57813,-1.96875 z m 0.90625,0.10937 q 0,0.89063 0.35938,1.40625 0.375,0.5 1.03125,0.5 0.85937,0 1.25,-0.76562 v -2.4375 q -0.40625,-0.73438 -1.23438,-0.73438 -0.67187,0 -1.04687,0.51563 -0.35938,0.5 -0.35938,1.51562 z m 6.82715,-0.0781 h -2.375 v -0.73438 h 2.375 z m 4.14941,2.14062 q -0.53125,0.60938 -1.5625,0.60938 -0.84375,0 -1.28125,-0.48438 -0.4375,-0.5 -0.4375,-1.45312 v -3.4375 h 0.89063 v 3.40625 q 0,1.20312 0.98437,1.20312 1.03125,0 1.375,-0.76562 v -3.84375 h 0.90625 v 5.28125 h -0.85937 z m 5.3252,-0.89062 q 0,-0.35938 -0.28125,-0.5625 -0.28125,-0.20313 -0.96875,-0.34375 -0.67188,-0.15625 -1.07813,-0.35938 -0.40625,-0.20312 -0.60937,-0.48437 -0.1875,-0.28125 -0.1875,-0.67188 0,-0.65625 0.54687,-1.09375 0.5625,-0.45312 1.40625,-0.45312 0.90625,0 1.45313,0.46875 0.5625,0.45312 0.5625,1.17187 h -0.90625 q 0,-0.375 -0.3125,-0.64062 -0.3125,-0.26563 -0.79688,-0.26563 -0.48437,0 -0.76562,0.21875 -0.28125,0.21875 -0.28125,0.5625 0,0.32813 0.25,0.5 0.26562,0.15625 0.9375,0.3125 0.6875,0.14063 1.10937,0.35938 0.42188,0.20312 0.60938,0.5 0.20312,0.29687 0.20312,0.71875 0,0.71875 -0.5625,1.14062 -0.5625,0.42188 -1.46875,0.42188 -0.625,0 -1.125,-0.21875 -0.48437,-0.23438 -0.76562,-0.625 -0.26563,-0.40625 -0.26563,-0.875 h 0.90625 q 0.0156,0.45312 0.35938,0.71875 0.34375,0.26562 0.89062,0.26562 0.51563,0 0.82813,-0.20312 0.3125,-0.21875 0.3125,-0.5625 z m 4.26562,1.5 q -1.07812,0 -1.75,-0.70313 -0.67187,-0.70312 -0.67187,-1.89062 v -0.15625 q 0,-0.79688 0.29687,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54688,-0.34375 1.17188,-0.34375 1.03125,0 1.59375,0.67187 0.57812,0.67188 0.57812,1.9375 v 0.375 h -3.57812 q 0.0156,0.78125 0.45312,1.26563 0.4375,0.48437 1.10938,0.48437 0.48437,0 0.8125,-0.1875 0.32812,-0.20312 0.57812,-0.53125 l 0.5625,0.4375 q -0.67187,1.01563 -2,1.01563 z m -0.10937,-4.73438 q -0.54688,0 -0.92188,0.40625 -0.375,0.39063 -0.45312,1.10938 h 2.64062 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32812,-0.39063 -0.89062,-0.39063 z m 5.7666,0.17188 q -0.20312,-0.0312 -0.4375,-0.0312 -0.89062,0 -1.20312,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26563,-0.70312 0.25,0 0.39062,0.0625 z m 3.91504,3.0625 q 0,-0.35938 -0.28125,-0.5625 -0.28125,-0.20313 -0.96875,-0.34375 -0.67187,-0.15625 -1.07812,-0.35938 -0.40625,-0.20312 -0.60938,-0.48437 -0.1875,-0.28125 -0.1875,-0.67188 0,-0.65625 0.54688,-1.09375 0.5625,-0.45312 1.40625,-0.45312 0.90625,0 1.45312,0.46875 0.5625,0.45312 0.5625,1.17187 h -0.90625 q 0,-0.375 -0.3125,-0.64062 -0.3125,-0.26563 -0.79687,-0.26563 -0.48438,0 -0.76563,0.21875 -0.28125,0.21875 -0.28125,0.5625 0,0.32813 0.25,0.5 0.26563,0.15625 0.9375,0.3125 0.6875,0.14063 1.10938,0.35938 0.42187,0.20312 0.60937,0.5 0.20313,0.29687 0.20313,0.71875 0,0.71875 -0.5625,1.14062 -0.5625,0.42188 -1.46875,0.42188 -0.625,0 -1.125,-0.21875 -0.48438,-0.23438 -0.76563,-0.625 -0.26562,-0.40625 -0.26562,-0.875 h 0.90625 q 0.0156,0.45312 0.35937,0.71875 0.34375,0.26562 0.89063,0.26562 0.51562,0 0.82812,-0.20312 0.3125,-0.21875 0.3125,-0.5625 z"
-         fill-rule="nonzero"
-         id="path199" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 66.666664,176.66667 h 26.666687 v 26.66667 H 66.666664 Z"
-         fill-rule="evenodd"
-         id="path201" />
-      <g
-         transform="matrix(0.1851853,0,0,0.1851853,66.666667,176.66667)"
-         id="g208">
-        <clipPath
-           id="slide_1599671233389.1">
-          <path
-             d="M 0,0 H 144 V 144 H 0 Z"
-             clip-rule="evenodd"
-             id="path203" />
-        </clipPath>
-        <image
-           clip-path="url(#slide_1599671233389.1)"
-           fill="#000000"
-           width="144"
-           height="144"
-           x="0"
-           y="0"
-           preserveAspectRatio="none"
-           xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJAAAACQCAYAAADnRuK4AAADWklEQVR42u3dIZPqMBSGYSwSi0XWYldisUjs2kpsJX+aW2Yyd5i5LHtpS5uTPMy8blm+Jm9K2iaH1e12WwFD0QggEAgEAoFAAIFAIBAIBAIIBAKBQCAQQCAQCAQCgQACgUAgEAgEAgEEAoFAIBAIIBAIBAKBQFkEXa2anmNP23P9gTb9TSM/ge6NvkkN2r1o9J/o0ns38lcoUP86DGz4Zx1xkL8SgfrX9pfT/FDaOUZz9PyhBUqN332g8R9H81b+AgWaofE/2gnR84cWaMbGf+yEjfzlCNTO2Ph/5xTyFyBQulq5LsSh9vyhBUr3SboFO+D+2eta85cg0HHBxh89iqPnL0GgLoMOuNSaP7RA6dnQNRN2teUvQaBjRh1wqC1/CQK1GXXAd235SxDomhFdbfkJNDG15Q8tULp/ErYDoucvQaB1cIHWBPIV5iuMQCbRNU+iXca7jC/mRuKxtvweZXiUUfejDA9TPUy1nMNyDgvKLCizpNWSVovqLaq3qN62Htt6bCy0sdDWZlubFVdQXEFxBeVdlHdRYEqBKSXu5CcQCAQCAQQCgUAgEAggEAgEAoFAIBBQjkBpTU2TlkSc7lt331xj06b3nNL/aJZeiPXmFqDs8ue8K+Muy1dqrDkWp7fps77m7pSJ9pEtlj8LgR6EOWeys7NLWWbpkP61j5x/EYHSKfg+ai651dV5tlU4ZW0+PIi6qPlnESg10imTs8yY0X0MvIvjY/k/IlAq/bbPrHbOlHOn/ZRbiWeu8DF5/skESuIcgp9t3lrkPlVHpLlL3PzEWb4j0iQ4ZP6xp99LheI8m7Q2EwzES8T8Qw/2TJx/OI8sFdNEzJ97EYGIX2vbERJ9R8u/5A2wktkPFGgXLT958pOojZQ/0qiIyC7AZf2o/P8zYTbnmbGGYWY/5PJr/t8O5kSC0ZyCV8E/DRIox580CsxmgWUfs+SPdBCROQaeB73M/+og3GVeqJp8hhculyEC6fjlftBuFyU/gQhEoAIFWhMIVfykJoEIRCACEYhABAKBCEQgAhGIQAQiEAik4wlEIAIRiEAEAoFAIEU2oUorCAQCAQQCgUAgEAgEAggEAoFAIBBAIBAIBAKBAAKBQCAQCAQQCAQCgUAgEAggEAgEAoFAwBv8AT2S8uMTXsxzAAAAAElFTkSuQmCC"
-           id="image206" />
-      </g>
-      <path
-         fill="#f6f6f6"
-         d="M 200,80 H 650.39368 V 333.32285 H 200 Z"
-         fill-rule="evenodd"
-         id="path210" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 213.33333,101.43531 h 106.66655 v 17.12936 H 213.33333 Z"
-         fill-rule="evenodd"
-         id="path212" />
-      <g
-         transform="matrix(0.05806562,0,0,0.05806562,213.33333,101.43531)"
-         id="g219">
-        <clipPath
-           id="slide_1599671233389.2">
-          <path
-             d="M 0,0 H 1837 V 295 H 0 Z"
-             clip-rule="evenodd"
-             id="path214" />
-        </clipPath>
-        <image
-           clip-path="url(#slide_1599671233389.2)"
-           fill="#000000"
-           width="1837"
-           height="295"
-           x="0"
-           y="0"
-           preserveAspectRatio="none"
-           xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABy0AAAEnCAYAAAAUzd/LAABc20lEQVR42u3dz2tl2aIf9h60Kk1MQpk8MIQYRAIGQ4iFX1VxBw45LdXFAZMgbl9PMuh3XqnbHHUmyiSQmaBL3UPLoxdPjCCQvs+JsSYvCbdV6fMnKBgyjEUml662XceW+pVf1Q2Vs845qlJVSarzY+/1Y6/PBxb3Yd/bXXX22muvtb7rx0cfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1ObpL+9v/PTwXu+y/Lj1YPvHhw/25yrj/+7V/234Z/lFAQAAAAAAgNdeB5GzkPHp5v3hpGzdH43Lq5bL6PLf927I6ckAAAAAAABAx4Qdjk837/cvg8mfth6cRQglmwk1t+4fhj+7MBMAAAAAAAAK8bveL9ZDyDcL+4YFhJOLltNxOZr8HR03CwAAAAAAAOlN7pzcvLf349aD40jHuma3IzP83cNvIMQEAAAAAACACJ71Nu6Gux/DbsNCjnmNf6zsbCdm+K3UGAAAAAAAAGhAOPL1ym5KweQiJdzhOf7twm+oJgEAAAAAAMACLoPK2R2OwseG7sMUYAIAAAAAAMAtwnGm4VhTOyrj7MB0hCwAAAAAAADMPP3l/Y3JPYzT+xgFivHL0U8P7/XURAAAAAAAAKpyuavS8a/5lJ+2HpyF42PtvgQAAAAAAKDTwn2KT7fuH9pVmXUJz+bI3ZcAAAAAAAB0yiysPBIIllXC/aKOjgUAAAAAAKBoIfB6unl/KAAsvIyfofASAAAAAACAoggrhZcAAAAAAACQxNNf3t8QVgovAQAAAAAAIDp3VtZ752V49t4AAAAAAAAAknnW27j748MH+wK86sthqAveCAAAAAAAAKJ6unm//3Tr/khgp8zK6KfNe3veDAAAAAAAAFrn3krlA+XUfZcAAAAAAAC0Ihz/GY4BFcopjowFAAAAAAAgurBz7qetB2eCOGXRI2N/3Hqw7Q0CAAAAAABgaXZXKk2UH7ceHNt1CQAAAAAAwMLsrlTsugQAAAAAACAJuyuVlsuRXZcAAAAAAADc6Okv72883bp/KlhT2iyTHbzjuuaNAwAAAAAA4C1PN+/3wxGeQjUlWni5eW/PmwcAAAAAAMDlcbBHQjQlRflx68Gx42IBAAAAAAAq5jhYxXGxAAAAAAAAJPPj1oNtx8EqGZVROKLYmwkAAAAAAFCJcJegkEzJtBx6QwEAAAAAADrO/ZWKey4BAAAAAABIIoRA7q9UCiqngksAAAAAAIAO+V3vF+sCS6W08v/8l5/+v//g7/3Dv+UNBgAAAAAAKNzTX97feLp1fyQEU0oq//xvf/rqj/+H/+vVLx//64vewcWGNxkAAAAAAKBQAkul5MBy8+Disoy2vvl52xsNAAAAAABQmJ8e3usJLJUOBJZXS9+bDQAAAAAAUIinm/f7AjClY4Gl4BIAAAAAAKAUAkulw4Gl4BIAAAAAACB3AkulgsBScAkAAAAAAJArgaVSUWApuAQAAAAAAMjN01/e3xCAKZUFloJLAAAAAACAXMwCy5EQTKkwsJyUrW9+3tYSAAAAAAAAJCKwVGoPLGdl1Du42NAiAAAAAAAARPast3FXYKkILAWXwHL6X3610f9i0Os/GvTH/7k/KTuD4/F/Dq+WP9oZjMbl1ZUyeve/Myv7V0pvUvp7d/3SAAAAAEBnzQLLUyGYIrB8q5z19p8JCIC3TMLJN8Hk8POdwdk7IWTrZRJq7gyOXgea/cG6JwMAAAAAFO/p5v2hEEwRWF5THl+cCi6hXmFnY39nd7u/Mzic7ZJ8lWsJ4elkZ+ej3b0QrHp6AAAAAEBRnm7dPxKCKQLLm8unjy+OtBRQj8uQ8vOdwWnOIeUcZfQ6xLQTEwAAAADI2dPN+30hmCKwnKec72sxoJsmuynDca87g+PCQ8oP7cQ8newYtQsTAAAAAMjJTw/v9YRgisByodLXckB31BBU3nqUrB2YAAAAAEBqv+v9Yv3p1v2RIEwRWC5URr2DCzuUoGBhl2F/Z3AUjk6tMay8rkyOkN3Z3VY7AOCdfsMXg/1IpefXBgAAqvV06/6pIEwRWC5RHl+c9vaf3dWKQFnCrsoO3FHZ/u7LMHHa39PGAcBYtAVE4++vXxsAAKjS0637h4IwRWC5fNk6OD/WkkD+JndVfjHYt6ty4TKa3H3p6FgAKie0BAAAaNGPWw+2BWGKwLKRHZd7WhTIUwjbHAHb2NGxR8JLAGoltAQAAGiJeywVgWWzxf2WkJcrYaXAsemdl46NBaBCQksAAICWuMdSEVg2Xs7cbwnpOQY2Ynj5aNcucwCqIbQEAABowY8PH+wLwxSBZSvlUAsD6YQQTVgZt3y+MzjrfzHoqX0AdJ3QEgAAoGFPf3l/QximCCzbK1vf/LytpYG4Qmj2+c7gVIiY+r5LR8YC0F1CSwAAgAY9623c/WnrwZlATBFYtlpGjomFOCZHwbq3Mq8jY3d2LdwAoJOElkDSsc8Xg96kPBr0J3fMX5adweH4P4e3lul/58r/Znd78s/68qsNvywAkMzTrfuHArE8yiQ83rw/HP/fR+G43lB+enivd7WEXbGXz+53vV+sv/v//9Pmvb3ZUb9H4Z/VlUC68MByutvy4PxYiwMtD9rHA21HwWa76/LYrksAukZoCbQ+xvnyq40roeQkcIy2+HAabh7N/t29fn+w7okAAK2ZhGDCwlTldBIYb97vh+cQ5VmP/12zf+dQYOmYWOjUQH66u/JYOFjArkt3XQLQIUJLoNlxzWB9ElDOdkrme5LK4PgyyPTUAIDGzIIzAWLEkDJGQDmv8GeZ7co8FVhGK2eOiYWGB/Z2V5a46/JQzQWgC4SWwEpjmcniy93tsJvx853BWdGnqjza3bMTEwBY2iysEia2WH7cenAcdjeGY1xzrw/hbtPwZ538mQWWbReT9dDYAH9wKAQss3y+Mzh1XCwApRNaAkuNY6a7KY8728/vcIAZ2uMW2vihNwMg23a/11L/vufXvSKEaELFFndUbt7vhxCw1PpxGWCmPEa2w4HlpPQOLlxsD6t0GL78aiMMhoV/josFgJSElsBc45eOB5W3B5jjv3eHFisKLQEq+4YLLeMo7U7DAsooHP1awo7KRc0C7sPZ31Fg2VR5fHGqJYIlOwuOg+3ecbGPBn01G4ASCS2BW8cuX361EY5+NX6Z3IN51IXdl0JLgMq+5ULL9v249WBbyNhM+WnrwVnpuyoXEf6uk7+zwLKp0tciQfoBopLNPThHajgApRFaAteOW8I9lV8Mhvr51wd0JU/UCi0BKvumCy3b13boVFNYWWsdauvo2MoCy1BGvf1n7nODeToI0/srjwzyOx9cHrvnEoCSCC2Bt8Ytjwb9z3cGZ/r23Q0vhZYAlX3bhZbt+vHhg32ho7CyKU3uvKwwsJyVc5MP8KHOQX/vrvsrK7v3RnAJQCGElsBkzCKsrCa8FFoCVPaNF1q2JxxhGvNewq7dWRkCX6/o9SY7L1eoW/UGltPS+/b5uloEN3QMvvxqw+C/1uByoG0EIHtCSzCRabzS3HURJYwBhJYA9X3rhZYtebp1/1D4uFQ5quXOylXMQvFDgeXi5dPHF0dqEFzTKfjyq43xR3xU6Urja0tlv8VIcAlA7oSWUOlYZdxPdWdlS2OAzNs7oSVAZd98oWU7ftf7xbrwcfGjYH96eK/ntVzM01/e3xj/fqcCywV3Wx5cbKg9cKVD0NHAMqzCntzbOB7ohiOkQgcl/F1XmCjp9Xd2tyf/vPE/t0vH6DomFoASCC2hsnHKuH/aRmilXDMWWHKc1HodEFoC1PXtF1q2I+wWFETOXxwFu7oP3Z8qsHyv6KDCZWegO4Hl6HVAGbkjEn7D/qPdvXDEUonHVQksASiF0BLqmrR0FGz0U2j2M6wHQkuAyr7/QsuG2WVpd2UqN+26FFheXx5+fa7uoSNQeGA5Cdt2Boe5rQqe7MqchpjHAksAaI7QEioYo4TdleM+vhDRffeT+iC0BKirHyC0bJ5dlnPurtx6cOzuyubN7ro8EljabQkf7AQUGlhOjnwNgWAh9y9OJl2mR9MOBZYAsBqhJXR/jNKlKxjKPsVmdzuLOiG0BKirLyC0bJZdlnPusNy8t+f1a9fTzfv9f/63N/+1wNJuS7hpMqCwwDIc/XqU6z0rc//u03sx93P47QWWAJRIaAkdHqM82t0TFmZ2XOzO4DB5vRBaAtTVHxBaNssuyw+WkeNg4/kHf+8f/q1fPv7XF8JJuy3hrY9/QYHlm12V3QvXwu7LVHf0CCwBKJXQEjo4PpkeB3skJMz2nsthyrGD0BKgsn6B0LI5dll+sJyG38hrF1dv/9ndzccXp8LJm0vv2+fqJVVNCJRw3NI0rBz0q3gm0/DyVGAJAB8mtISujU8G646DLeSey0Sn3ggtASrrGwgtm/Pjwwf7gsmbA0v3V6YTgsutg/NjAeX15dPHF0dqCbXIfUKgprDyvU5ZhJ2XAksASie0hA71f8u7ssI9lwmCS6ElQGX9A6FlM0IgF44+FU5eW468ankI4ZyQ0m5LKv7o533k0igMRgVqrwflI4ElALxPaAkd6fM+GvQ7uBvxbHKU6jUl1bUQLY3begnGR0JLgFr6CELLZvy0eW9POCmwLIHg8qZyblKCjk8K7O5le0fKzuA4HAvlKV15XtN7fY4FlgDwNqEldGFsUl5geSWQ3A9jqzDxuezk56SvH/73O7vbk3/ezuAo/LOLuucy4uk4QkuAyvoJQstm/LT14KyEEPGnv/M3X/2rP/7rc5V/8au/IbDsKMHltWWkZuBjn2CV7nig7gnd8uzGv8+quy4FlgB0idASSu/fZn36y5VxyuB4EijG3lX45Vcbk1B0uoBxJLgUWgJU11cQWq7ux60H2zkEkv/yv/lPJ2Hj+f5fnZTn/+gvT8qLP/vk1cuTtZXL5T/v4tv/cPLPf7b71yb/PoFlmQSX15a+mkHnPvT9wXqOg93p7kpB2nzPcPldlwJLALpGaAkF92szDiwn/eYQUia4s/HW32yyI3NwmOvxsjGCS6ElQGX9BaHl6n7cenAcO6C8DCd//vt/5dW//Z///UZCyVXKX/yTv/Tqz//kDyZ/pn/z3//H/+erHz4yQVoAweU75fHFqVpB14TBd3arliMeJdSpTtv0iN+RwBKAmgktodC+bIaB5eTI17CrsZCrKia7MKe/Y1aLUtueBBZaAlTWZxBaruZ3vV+sxzjSNexqDDsccwgo5y0vTtbOxuXoxZO1/vMfPln3uuVp6+D8WGD5pvQOLjbUCjr0kd/PbvVyZiuXi3um499vnlXWAksAukpoCQX2YTMLLCd3SBY8LpmcxPJo0M9o9+Wozd9TaAlQWb9BaLmaHx8+2G/rqNewa7GkkHKeEHP8n4e/P7nj/rKM9Paf3Q07DAWW0xJ2n6oV+MA7Djb7SYrxIFtgCUCNhJZQWN81n8ByNDn+tWP95IzCy9aCS6ElQGV9B6Hlan7aenDWZFAZdlOGo1a7ElTeUkZhF6YAMw+T4PLgYiS0nJSRGkHxH/fxQDynO0/CHSyeSpwJIIElAF0ntISC+qt5nPzSybDyvd86g/CyrXZTaAlQXf9BaLmsnx7e660aVP6LX/2NmoLKWwPMl99/3PNKphOORRVYvi59NYKiP+47g8NsAkv3V7Y+OSGwBKAmQksor58qrIz4u08DvlGKI3db/jsJLQHq+ZYJLZf1dOv+0bJh5ei/+09ePf9Hf7nmoPLmezCfrO29+uEjk64JhLBOYHnxKtzzqTbgwy6wLGlCSGAJQC2EllBG/zT91RSD9Wp///Hf/bbrJEoKLGdjXKElQE3fMaHl8p5u3R8tuqsy3FP54s8+EVDOF2Aevfjt2obXNK5wp6Pg8uJVODJXbaC8wWk2x8KOqjknHgCISmgJmY9JvvxqI8VOv9nJI2fGIVeexaPdvbafRduB5eTvIbQEqOv7JbRczo9bD7YXCSt//vt/RRC5bHmyNnR0bDyT+y0fX5wKLh0RS5Ef9TzujPnyKwtOAIBWCC0h4/FIf+9uqsAyXJHh5JHrnslgPZzKUmpg2dY4V2gJkPG3S2i5nHmOhv1Xf/zXX/35n/yB0LG5cvriyVrfa9s+91s6IpYyB6OOhAUAuk5oCflqKxz74KLJnd1tv/4Hxos7g6NSx31CS4DKvllCy+XcdjSsnZV2XnbB5sH5viNiHRFLUR/0ocASAOg6oSVkOh5pOBSb8zjY05rvrlz4GTV012jscZ/QEqCy75XQcnE3HQ0rrBRedo1jYh0RSykTBLvb6QPL3T1PAgBom9ASMhyPNBSG5Xg0aeee1XQieFTSQlWhJUCV3yqh5SKuOxr2fP+vvnrxZ58IEhOUFydrR69++MiOuBY8/Pq854hYyN/nO4OzpIGlCQMAIBKhJeRldk3FyAkvBT2zL7/aWOaZpfrdhZYAlX2nhJaL+2nrwdnVeyv/4p/8JeFh+jJ68WTNLp8WbB5cHNYcXKoBZP8hT7Cq+d0jmTwFACAWoSXkJfI9liOBZUPjyC+/2ljk2aX83YWWAJV9o4SWi3n6y/sbIaz86e/8zVd//id/ICzMr5y++O3ahle7OeFex82Di1G1uy2/+XlbLSDzSYKUuyxH/f6ene4AQDRCS8hHG2HSrWOPL78y39Pk8xuP5eYJLlMHxUJLgOr6F0LLRfz48MH+s92/9urF//bv/H8CwozL93cMMBu0+fhir+LdlodqANl+xBPvsuz0sQoAQJaElpDJWGR6xKjAsvTn+IHjfXPY2Sq0BKjs2yS0nF+4N/Hf/ubf+2dCQbsua7R5cHFWaWh5FnabqgHkKOUuSxN5AEAK+jqQzVjkVGDZDTfdcZnLUbxCS4DKvktCy/m8/P7jXrg3URBYXnHXZTM2Dy76Fe+2HDkmluw+4Al3WbrHEgBIRWgJOYxFdvcElh17pm8Hl1n97kJLgMq+SULLD3t5snYo/Cu8PFkbhp2yXvnVVLzb0lGxZCfpLksTBwBAIkJLSCvcg3jbcaLGHQU/2+nC2OyCYqElQGXfI6HlzULIFY4YFfp1powcF7uayndbTsvji9Pet8/X1QaSfrx3drcdCwsA1EifB1KPRQZHUd7BTI4mre759veyW/AvtASo7FsktLxeCLccB9vZ42J1fFdgt+X0uNiHX5/31AYSfryHiY6FPfPrAwApCS0h4ThkeoSo94/Y41+hJUBd7b7Q8l0h1BLudTy4PFk78vovx27Lt3Zdui+V+B/u/mA94S7LnicAAKQktISkk4itL57s7wyO/dK8U++ElgB1tftCy6vcX+meS27X2392N+w0FFpOy6ePL47UCqJ+uCMdx2TyAADIkdASujWB+O7JLjkeT0ryuie0BNDnqC+0DOFV2H0nzKuunAouF7d5cHEosHyrDEOYq2YQaaJulCS07A/W/foAQAZ9IaElpJlAbH+X5ZdfbfiluabuCS0B6mr3hZYhtArhlQCv2jIKd5hqDubX+/b5uqDyvaNiTwWXtP7RfjToJ9pleeTXBwByILSE7kwevvXOPdp1/Qo31T+hJYB+Rz2hpcBSEVwuJ4R0wkrBJZE/2juDY7ssAYCaCS0hyeThsOX3behX5pb6J7QEqKvdrze0FFgqgsvlbR5c9AWV15az3sGFekTzH+z+3l27LAGA2gktIfI45MuvNiySJGkdFFoC1Nbu1xlaCiwVweVqwo5CAeWNZSS4pPEPdqqjYU0gAAAZEVpC5HHIzuDIu0bSOii0BKit3a8vtBRYKoLLZmwdnB8LKAWXRJssOLbLEgCondASIo5BWj7t5fOdwVn4d/ilubUeCi0Bamv36wotBZaK4LI5joh1xyXdmCwo/oJqyPbdHayH92hW9ucqj3b3Xv9vTOJ1py58+dXG5Jnu7G7PXxcG/cu64Bcs/zu+UFtw+eyddnAtoWWkb9ci7dX0v6vOdrE+jPslrb5n4/bOr8wH66HQMk4/5f12f3hj2Rkcv/PfNX6BnPt103mGD7/b785LjMexidr9ekJLgaUiuGxW79vn68JJwSUxJgviHw0bVj375WGBgf7lIH88gB+/P6dNT6pcmRgwGZBzXQjhZAicdgaH4bmFtrTBujCa1YXDySAy0QCSOSYGrtSBhr7Jp+H0g8k/VygktGx4QqiNb9ebOqutKl3D3zGhEcu2VULLRvuq47Y5tNEN9VNu77Pqu0DJ45BU45GqQsuXT9aGgjhlkfLiZO0shN2avZuFUE44Kbik5Y91y/fIXL/qeXfPLw83DQb27s4GA0dtTubNMWg4DGGpJ5J6YDiZ+AlHeI8S7YqfrogVDKRrD8KihYjtweQ4xYrff6HlipPVsxX2kduq0WTxzWSiy8KbYupLSxOGTnVhibootCy4r3rlO3DkOwAt9O3G44KmF07POR45ams8Uk1o+eJk7UgIpyxZTgWXN9s8uDgUTH64fPr44khtYYXJueiDCwMJuGHAH3+id947aE0Gxx8YnmVYF0ZtDh65Ug+mCxeOUz/z1wFmRbsYhJblt1m+WYXUnRYXTtplyYKT10LLJcYtsUMM3wGI+I6P28WM+najyXikwUW0VYSWL56s7QnelNXKx8eaxOttffPztlBy7nKoxrDMRFOKAYRfHmbvYCbBxILv8JHdC00PDMPu2snkz1kp9aDGMCvKBMH4N028U+H2CcAl3v0YizGabJOElvO2WYN+zhPWb01yaaey1GZb5y5LFvxOCS3n+Z2mJz8UNW7p6tjF7vR83vVQujQ/mOIktsWvtll9AW3nQ8vfn9zZFrgpDRWB0zXCsafCyIWKwRkLBia7e/GPhjWJgGBiNmAalTbofy+0soK58wPDmIPHiidLeyVNAs6ODO4t8PcTWnYktMw9WP/gpLXwMqvwo83+iV+Y1EFGV0LLEhfW3Xr9RUfmIoSW+bzrXQgtZ3eQD4ubi1hh/Nnp0PLFb9c2Xp6sjYRtSmN3XD5ZM5F/DfdaLlZ6BxfunGKBCYP4k6QCDqp936aTvcUHVNfuZAl3mHm3Oz0wXCTI9oTrqAfTEOjD773QsvzQskvfL+FlNmOQ9o6GfbS75xcmdZDRhdCyC4ssu9pfFVrm866XHFp2oX+36GLKzr9H4Q7CcBehoE1puIxCGK7L+LZwX6MwcqEyCjtU1Rzm/EiPYnco/OpUNxHS3bBSeFlZSCW8bLRNOO7Me/+BZy20LDe0nOyw6eak9agrd4qWqs1dW/oh5BBklDzunR3/fdb1/uoqYUcG8zhCy0ze9VJDy67176bXASz2/e/kexTuIBSwKa3stjxZO9JlfNvm44s9QeTCRTDEXJOm8Y+GtfKZmt6xzk72CqyWC6mOaqoHpU8GtdwmdO9Zh/sub5goEFqWGVqGI7e6Pmk9+V5po+LXrS+/2mhzJ61fmByCjBJDy8m1BRUsrlv25IicCC3zeddLCy3De17AneQr3GU+/5GxnXuPXjxZ2xOuKS2V07CLV5fxbQ+/Pu8JIZcp5/tqDx+ajIo+IBh3kPzyVDL50athhfIHAyvv/Ec1BtdNrHzVJhQaAF3zzgstywotZ/cuD2tro/RcItaxR7t77T1L9yuTR5BRWmjZ1UVVbYUdqQkt86rnvr9l9us69R65x1IRWMYXjjoVQC5XQuCrBpHRwGTkV6fz71XYSdWdYx+ru7et0brQ7VWsnZ8MarhNOKz5OQsty2kbZwvaqlxkEdprd11GG4MMjTUQWubSTxms66+Wt+tSaCm0NEcxT7/u9ne5jbYv2XvkHktFYJlGuKdRCLlUOXO/JQkmDG48Os6vTsffqV7tO+puHTRUtOvSavVuHcG1dD2oOLi+ekS00DL/0HI2mXWkjZrcddnToylvst3RsAgtl/h7j7/Vxi5ljluElkLLBccjZ9X26255l9sYoyR5j15+f2dfuKYILJOFlkMB5NLFcUdcK3bHxX2WGACZDO76XZezOwuHnvVyx4h2qi6YCHwdXAot8w4t7bK5PXSn8f5Sz9GwCC0z+DvXdQpE504IEVoKLRf45o6qf5dvGHd2IrScHQsrYFMElolsHZwfCx8dE0v+Hd3aO8FUOMkhpLIT4rIujAdDBoVCbBOB74cIMQIxoaV2y7eqkPaxxfu0/LoILY1dall4bb5GaPnh7+1kAaX3+JbgshOhpWNhFYFlWpsH5/vCR8fE0mhnrRe7o+BXp4shVcVHraw8kdOlI0LtqlspGOjMiRDutE3apggttVuCyxLayZbayFLuD0RombqfYmd9N74FQkuhpcBy9eCyjasRor5HjoVVBJZCS8fEIrRc/ShAvzpdCyxN9jZwX0x/sF5+YNnerhGTQWUFliYChZalhJYmswSXqbS12CunO2IRZOQYWlps2a1vgdBSaKmPt2RweWXhdEttf5z36PkPn6y/PFkbCdkUgWXq0PKiL3RcvfQOLjbUJtrsrFn9TBXvj4FAlDsmiqgLLazOrDvELnP3rcBSaFlSyOIbJrjs2kS7aygQWn44sLTYslvfAu2o0FIfb/UxZ9Gh5csna0MhmyKwTC/cySh0bKQIjkgVWu771RFYKl0KLgWWgkuBpdCytL6Rb5jgMvH4o7WTXvy6CC0FljV9C4SWQkt9vNWvJyk2tHz5/cc9IZsisBRadrD01Shi37mV6wX2sSe2QwdGab4YCAguBZaCS4Gl0FJo6RumP5t5m9nScepOdEFoqZ9SW3AptBRavvP36nk3F32Pd7fb6JdEeY9enKydCdoUgaXQsoPlrLf/TH00MBuWOplY8G+uI1lw/fL8BJcCy7jBpcBSEVo2WF/ttGkwuBz0jSTymiy2CxahZdn9lHDXZvi9Qinl3s3UJ0mZsxFaltbHy/A9H7Uxrm/9PXrxZK0vaFMElkLL7pbzfbVKaCm0FFra+WCy1y67BeuCnUqOYkz0HVWElstPXA/WfcMcad7ldtMOWISW1/ydIp+sNFcff2dwGN7XyWk5c/T3w/dr8t8N/5txvzC3EDblIhZzNkLLHBcnTILJ8bv65j0frC/xnp8Zk9wgBEx2WSoCS6Flx8vIbsu6xZ68Ku2OMqFlmXcStDUQMNlrl9108md32/Ppzru94kSg3bZCyyJCSzuCW5yU07fNJ7S0OBKhZZRgZol+3HEI9ppsLycBR/hnZhLKplrEoi0VWuYyJpnsnpy85x8OKBd7z3f3SuzDtvoevfz+zr6wTRFYCi3ttqTjoWXUD7dfXGjZdkfZZK9ddq2+v3bbOorxsi7YbSu0LCm0FLC3Ohmvd5vHuyVARmh5td1Pu8husqij4aDy1mBj/OxS7sxKtYhFaCm0bOue6AWOVj1sMqi89T0f/7tKGYu39h6FkOnlydpI4KYILIWWdlti0kBoKbSse2eeyV5hlfDaUYzXhNeeidCyiNCyxN3h79x3dJr/d8qxpDm8W35ZhJZv+qypJvYvw8pkz3D8704VXqZ41kLLukPLhAtqR+E3TBHUh3/n7PmNqgwtXzxZ2xO4KQJLoaXdlpg0MJkgtCyrtDHwLeoeyHD8UhhAXN4f8X7Zn5Txf6+keyJyCKtyuxPog8fzhFWvk7ow6L9XD3Z2t2f14HB2TN+omDqeeCfNLLw+K6geHN1YD6b/b1frgdCyY6FlAUebj6bHBs53t1n4Fkzar3GdzSzMHMXYZdCJfnBLiz5yPVIeQUaS0DLNN32U06kYqUKN2ItYhJZ1h5Yp+kKTsUUGJxtMwsuMF5e3F1q6y1IRWAot7bZEaNn4qku/uNCypNAyTEDmPNk7CykPV+kQTzv7ryeAz4RVZYbXryf9Vwh337kbaJTx3zXp/ZY5h9eT92S6MGH5NiGEQtMj1k6Flh0ILfOsr6PJhNf429PEd3q2q+Y0h0UCernp+sF+f4SWl33W+EdFTvqhGR7PPDs2NnqAG3OxpdCy3tAy9p21s1Mwehk+y16OY9dWfqsXT9b6QjdFYCm0tNsSoaXJBKFlgRPWDQ4SM9151Oq9EdNdeHmuWEwVVuUaXk+P39rda2uSaLYLb1jVytUPBkBZHrM5O56p+TahtLtjhJZ519e27zebfb+ShrSOiU0YWmZ2BzaCjBRj4AR91lETC1C6FuTGfOZCyzpDy9jveq4LE978HpMjY4fdDy3tslQElkLLOsuZGia0FFoKLR0NmGZwm9v9MLneFZFiEJ3hAGgY83eYBVdH2b0PkQfOuR2zGbNNKOXuGKHl288sl93z0b9f4zqQcOelY2IT9a/avhsWoWURoWXEhRvTU1DKae9i3/0XaxGL0LLS0DLiu17S9zWnMWvj79HL7z/uCd4UgaXQsuLSV8uElkJLoWXtoWVmO+tGKXduzO6KOMzp+Mu4A598diqlPpIn1RFbuey8zWgQPEo1eZBbeyC0jD8Zt8zfLdXK/FS/gR1/aZ6L0JLaQ8uYY8zJArqMd13d1o+JuKhlFOM3ElrWF1pGfdczuqd27t8nk2tdmg8tTz4+Fr6tXEYvn6wNX5ysHb38/s5+KL8/ubM9CYRfl+n/+/i/ezj7754JLJlHuHcxBJfT8PJ8P5RPH18cbR5cDMO9jELHlYtQSWhZzH2DQkultdAyk3Aip2NYZvfcZRFYxQpxM9qpNMppMnYW5GYR6se6MyiXdjuXNmG2k+1MaJln2DJbeJP+ftWId3rd9u1K0V7VMOErtET9zCu0jBXGlb4wI2ZwGWOBnW9YfaFltPpbYGCZU3DZ6Hv0/IdP1gWOy4WUIaAMd4GG33DZ3z+EfpNw82TtsLAQU2CZU6j57fP1sFtwFmSeCSEXL+E3VJOElkJLoWWxoeWKgVYmzyfb+2Ey2b0TZeVyDn/XXCb+r5vwSX13XBcnAm/fcZ3XxEEudUBoec2zSbzwJvz7c9qBkyK4dLpIktCy59el1tAy1gR9V3aSRw0uWz5CV3taV2gZ7V0vOLDMJbhs9D168WRtTwC5WFAZQsa2KteL365tFBBgCixzDzEPLjZmAaZdmPOXQzVHaCm0FFoWvNNyf8XnM0weUmV+P8ysDo9Kfs7zTGYk/ztmNvF//WAw/d2vbU+spB7wTo4FzjC4bnvSR2i5bNuVdpdlrpNciYJLIZrQEvUzSmgZ4/SDrh19HSu4bPt3057WFVpGedc7EFi+fs4Jr7VoNrQs/4jS1kv4jUK4GzuoC7s4wzGyAktWEXZg2n05VxmpLfUQWiYLfASMGU7+pn42OR0HO8/EeOrdZ22Gu8l3KiW8x3Tx3yrtcbFtTwamPAZ1uogh/zYhl7tjhJZJ265R7pNcsb/xse9grn2iWGhJrvWz7X5KjG9wV9uzaMFli2MW7Wle36LS3/UYRxrHH6um6Rs39h7NdvUJJm8PK5MPQib3YeYRXgosCya8/HDZ+ubnbTWlDrEnY3PfQdbFSTOh5ULPZpgwsDwy0M/jN5vtsrRTaZHfLNG9cW1PrqQM40oJLHP4rYSWyduuUc67gWNMUgrS0j8DvzW51s8Ii6tOW+6PnJXUH8mxD9vmOE97mte3qOR3vatH26eas2jsPQrHkAonbyjf39nPLaCb7Lw8WRsJLFnF5sH5vmNjry/hSF01pJqB2dDkTfTfXGiZ4eRvyudS8nFLiYPLVu62THncZcnH8aQMLtsaZKfaZVlaYPm6DmQQXFYdWiZqu0pqt2bfrLPS2yYTxcYYlFM/22wHYoxfSlmUstLvOD01pLgxS1t9FaFlfqFlhHd9ZHFCrjstHQ17bTgXdqDmWuFCcPjy5ONjgSWr6H37fH3z4GIoqHy/9Pafqet1DMzihpbjAYHfXGiZZWi5Mzju4tGWXZwEbvNuy5R3WZZ0JGyO7VvTEyypArhSA8srbemR0DJNO5aiHS5yZ3jkd1uYFmei2O9MrvWz1dCy5W9uF/qmC/yWhyX+ltrTvL5Fxb7rNTzz8TtYXP/P0bDXlmLOMI6461Jg2WGbjy/2BJWOiK1yYBZ5crHpgMGkvtJEHQvHFgsnVqzXiXbZhUn6LgRVJe+27epvmGgH8agLOxqSHhtdaWgZYZdIZ441j35EbIfa95wnioWW5Fo/2wot2z4SvLad4m0vwmx6zNJmX0VomVdo2fq73sF7LG957sOixiSOhn2rjH5/cqe4oCIEzy3vlhVYVuDh1+c9x8U6ItbAzMXeEX5zoWVuoWXLK2u7HE7kEVY1t4M7RdjSpfD6yjuVZLddU7/jLIQvui6nnfibLAQZCS1jhpZxTwso7s7Vcb1IuQu4y0eu5TL2EFqSa/1sLbRseddQ+JYbp+d/1K72NK9vUYFj7FFNfZSYi9Wb2WnpaNjXgWXOx8F+yPS42LVTgSWr6B1cbGw+vjgVWk7KSI2o4KMd/4iEYfW/udAyu8nfFJPrXT1uKcWkcJisLzioGnXxrqBURwY39V4lqseH3WoL4u/8qzW0bHsFfql3nE12VT4a9FPu/K3xiMVUE8VCS3Ktny3eu32a82KaguvAsKS+nvY0r29Rce96hf2TWBs3Vn6Pnv/wybqwMv/7K+fVQnApsKxQuMtRcDktYfepGtH5D3bsAG3kNxda5rRTKcmReh0O75OFVQ2sEE2x47bLA8UUbV0Y1Dc0ATSK/Oc+6+Iq59j3ZlcbWsa+ozHzgD2sop8tPBjl0jdp61hAk4VCFvKvn230+1veLTSqeXd4m79tG98CoWVe36La62Mp8xUx+ogrv0cvnqztCSzXRl0K5hoMLgWWFRNcvi6HaoNOuaNmyp/Ir2yn5UKdwyQ7qjr+DiQJgh8N+qv+uWOHrU0FbHnXhQRB8IrvV4pjjrs6OZSkj1FjaBn3aNhsJ7PDu5siKDcJnMdEsdCSXOtnK6Fli6cleZfaHR82fVKB71Ve36I2+jY5j589/xbfo5cnHx87Enatc0dSNRBcCiyZBpcHF2dVh5aPL07VhO5zZ1f0DpLQMqPOYeydGLVMBMSeOF71iNgUR8NWMSEQaSVrk7tXY98N2PVj02MvDKkxtKz5GzbZVTn+M6XY4b/Ed+rIqKO9sEXQQq4T2a2Elu31VUbu4G130VXTpxUYo+QVWpXyrtd+AkSMqxUaCC3XRjWHll0MLC/NgsuRwJJVTO64PLgY1RxchvBWTei22Hf91D6pILTMp3OY4njkWiYCUtTzVX7b2DsCa7rfN9a9IU3tYHU3YDkTf0LL6G1tNt+w8PdOcVJCDkeZ6x+0e7811dfPIkJLiyui1IVhjv3UGHVBaJlPaGlOrsU60HI/cqX3KAR2VQeWT9Y6f9nqEs9YYMl7tr75ebvm0DL8/dUCH2uT9flP1iiLHw2ZIKjar6yuR95tufwu7gSLN3rV1IMUuy2XDAZiH21cy+RgzH5GdaFlxO9Y6m9YeK/DUWYl7Kqs8R7j1P3g2scX5BtkNF032xxLdn0h1UK/c5vHcja4gMU4JZ93venQstV3vfIrmya/b8snLa0WWlZ9n+XH1axCW+A5Cyy5Ubjbsd7g8nxfDdBhy30FWlkT+NOjzGorOdatyEFVdcctxQ7olw2AYhwPU/vEauzvzLIBdoKFDL0qnn/E45cr3Gk5zHFRUOP9pmnwPSp9YVXtx7G12R7UcE80ZfZXWggt971DcbT13Wnyuhz907zeoxL+jE4meGs+6CzLMUnF91mOagvnXj5ZGwosWVW437HS4HLo6QsWdIQpZfJ3/knQyEFVpcctxQyGl50Mjr+7rr57faMfEbrkfUExd3DVNjkYqy2oLbQs5d7gpdqNR4N+7B37Mb5Tdje0V2/1tskxJGg8tGzpjjs7wa/9rY9y++7HaE+FlpmElq2964O+t/v1b3yY507Lk7WzGkPL35/cqW6i5PkPn6zfcr+lwJK5PPz6vFfrbktPv+uTyXHDmzYuoCf7QUEvtx1s0YOqSo9bChMguR8LGnl33ajiQeFxzoFg9IUMlU0YxGoLagotYy46i1VfL0+j6MKuynf7JzUuWIn9bgmEyTHIaDq0bGuBlaNh440Xm6wTQst83vWmQ8vWdvq6X/tNPWjxNJil36MQUlW5y/LJ2rDWivjy+zv7AktW9enji6MaQ8vewYUObMfFvs/N8ViVdQZbvBNk6dAy4nGVNdf3BEevLjw4iHq8YsULNmK1A8tOGkRfyFDbcdGR2oKqQsuIi0LaDoPCc4u5sCHasfDjNl+QFu+76yQXcgwymgyo2vqWGptH77s0tohRW5rPu95kaNniu+4Y6PffoVFW79HL7z/u1Rhahh2HtVbCEE6+s7tWYMnCet8+X988uBjVFlpuffOzlcFd77S1dPSJ1dC0OShYJRASVJU/OdnU5L+jsYuf+Gnkt465kKHWu2RiLJCqKrSMtEu8rQmu0CaE4DXmscyxfi9Hr6XpFzR55CLGLFmGli3tsK/1Gouk7VVDi9eMV/KanyjgXXfi2fv96eOs3qMXT9b2agssX5ysVf8RGj/3vsCSVW0enO/Xt9vy3ACw6x/qyDtg3JthsJd6sirmJGntK/+j7gZaMAxq80gYR8PGGxQ2cZxl1HC90kAjRjBc2fGwwxIX3oR2d7ZYrltHwI7/To5XTNsWCF7IsW42Glq21Ke20CJBe9VQf8XYNa/nmv930lH10drVpXdanqwd2mVZpxDeCixZRW//2d0Kj4gdevId/1D3B+sJVqKf+eXrEGticpGOYc7HVHaufYkYDC66IyjmkaC17q6LMShsIgiKupCh0pMGYtzBWFNoGe3b2tBkdvjnxFwcEKsvG9o190MtXhcce0em36ncd1q2E2RYcBF9rNDUt1Vomde71Fy9a+c0DaedxRufLB9aPlkb1hVafnysGkJzqrvb8vGFAWAFYt9raYBUSScwYiA+byc8xsR5GxMVJYu5oyaHAavd5eW9exbsRGsLhJbNhZbZnxYQvsuzdrZruyqP3Z+Y57fAr8uKdTPv0LKlEys8+fhj2aaOsxZa5vOuN7zTso1FXiNvdAHv0cuTtVFNoeXvT+7Y/gsN6h1cbNS229JTr6BDHuluJMc4VVavIh49nMNkmfuVog68Vr4jJma7Z4K7vUHhqpOEUduEynfctr1AqpbQMuYO9uX6lLvbMY+DjnXEd3hWdink/X751rJifzX3nZZDO5S70V41NQ+iHc3nXc89tLSY+tb3aJRTaFnT0bCSdGhB2H1YU2jZ+/a5AXr3O269JBNAjtTqdr2a3luVW0ARb3edeyPi/+YLDBByDVO7LOau/hy/f7UvZGj7m1BNaBmxzs79Zxq3cWFHecyjlmP1L9z3Vs63wGIxcuuvNhkUtNG+CjLStFdN/e5Cy7zGpjn3QW0YiDsnsNR79OK3axs1hZbhDkfVD5q3+fhir6bQ8uHX5z1PvftSHN9lIqjzg7yz3Hbt5hqgdXogEPcuw94CdSFWaGkR4eVvHnH3VZZtQuULGdr+rasJLSPdxzvPDpyw6zPWAqWoi+rGfye7Klv9FhylXsQGMb5RTdZJQX+yejEUWnrXiw8tvetR+yRLvUcvv/+452hYYFW1HRG79c3P2hIfa/d7sVh9inmf5QL3BcY8ElQteD0w7OVYF2It1DCJ2v4kwYr33FrIEK2f0W7YVtFOy/3UbVdYdJbiPvS2+6Th72VnfIS2oMXFTJ4fOfVRhJbmSNo8lldfNa/xSNbv+gJjZG1/ovcohHg1hZaqHrRn8+DirJ7g8lxn1mSiSVyymZB6rw59+dXGAp3SodAycl2IeP/aIpMvOd6vaFAY/9sS88/k+be7gEFo2W7bFRYCzBb+jLoUVk52VeqLdqZf4BQXMpu4bqwPKMjoVt812zohtEz6TNta+K2fE73tX/z3fvn9nf1qQssnayZIoEWfPr44ElrSNUmOiDWh383OX4bHQM46pcNIOzZO1YJ2B9UFhZa+oa/bhXiLY+YOLTNtqzo6KSC0LDC0DO9tzPck2q7K8e9oV173xhzu7SKziethg++MIKMj9UJo6ZnG7it712/5zVtYbC+0/FAZ/11VPWhPTfdahoDWE69lQjnNvUQ6UR2rR/29u7mG3rFCS2F8+4NqoWWRkwS9DHda2n3dkW+D0LL5YC/W3dQx+wy13y2b0ZijrSDcPdIs20fJNrQUZHSrXggtPVPverfHp0JL91lCUg+/Pu9VdK+lyfdaPtgRj3EU8HS4Hj0a9HOd8BVapiG0pM2BeAmhpTuc23/vhJbKTSFWONZ23ntuidVXbPFeS0fEslwfRWhJtG9urn0VoaXQ0vg0VWj5ZG1Yz07Lj1VIaFFv/9ldoSVdlGpVvZXvnapDp7nu0hVapiG0pM2BeAmhpTah/fdOaKm8e0y78Crj70Gb91ruDI79wuTQtgot1QuhpWfqXa9vfCq0/EBR7aB9Qks6+dFuceWzXSgmoVIfASagSENoSZsDcaGltkBoqVy90zD0Rbxt+WtzoaSdteTQtgot1QuhpWfqXa9vfCq0FFpCcpuPL06FlnTuoz29c2qU6JhYk/ul15+I96Ius5JeQJGG0JI2B+LutNQWCC2r31V5FhbdhT6st6yoPuOhby8Z9VGElkT75ubaVxFaCi2NT4WWrZYXJ2tnqh20L4R5Qks6OolwlGjiaWRldMH1JnLgvcyxbxHvrztVI9odVAstS/y27G4LLSt+/i3vxBdaVrmr8thEnG+CE1xoaOJ6P+dFjIKM7tQLoaVnesufTWjZjbZ/8d+7mp2W47+nagftqyi0NOir7cPdH6wnm4CyQ02Hr8WjvwQUSepFr/LQUpuWoI2YO7RscaePNiFuWyC0rKaMwm9gkVs3tLnYzZ2mZDBxPWzwXWnhHdnd8+TTfHOzrRNCy7ShZUvzcELL6G3/4r+30BJoUkWhpcn3Oj/ew2TBpQFUefUl8i7LZXcyCiiStCW9HNuONu/SElrGnSS4flHDfMdERv0zVX7PntCyodAy0d3jyXdVjttSIVQH24UW+2V2W5LBxHVjfUCngSRro45yGcdGqhM973rasb93vRNt/+LvkdASaJLQEpOLjoml3c5/08F2jju9Ol83Ik6wL/KbR1yYMVILov/mr7QJ9X0nKtpp2atqV+XO4EifsMPtQtvHRgu6STtx3djcrCCjO33XpuqFvmpe/VHveqH1oYWFCUJLoSUk505LdNLtTuL1MSajqPVjyQnMqAGFibLLgcBh5aHl3Lv+ui6sLM8utIx5z2blpwi03RYILbtTwg658A3VdlbzbTiz25IMxr1Zh5Zt9KGMt8v+3YWW+bzrDYeWjc+rhGDO2xxvTkBo+YGi2kH7hJZU8AFPOjFmRVgxE9HHUevF+N9XQp1Wf9sbCDQRDuYapnZZjoteorYJlU8YtN0WVBNaTo9j7+YRsGFXpfayvrah5RMZXDvBnN+orEPLNr6hTR1Tqu+68LfuMNs/m9AyeWiZ8+7eLmpj4ZTQUmgJydVyNKzQsvoB3DBxcGnyKuf6EXGXUhM7GNs+hszgIM6AuonBYuRjQfd9S6IuGJj73YsZANU+Odj2jvxaQsvY7WqUXZXj38Guyoq/D+23wyP1ixT9wkZDy5YWiXry8ceNTY0LzL3k867nHlq6rqSA96im0PL5D5+sq3rQLqElJpoj3Wc0HjB4EtlOMo1i14dSJqNNBOQbVOX+ZzNBEHcyKO7R1nVOnMdYMFJTaBnzqOU228Ww8Elvikkb0cKdUm3sbEI/JeFOy1b6UcbZt7VL7SzObeoKEaFlXt+b7N9194NHmw9Y6j16cbJ2VEto+fL7j3uqH7Tn4dfnPaElJhLi7U6xQjrLenEcfZKzgUmnNu9Oev/PW/eEbNSgasFjg2d3sQqwI4kZsiw6GRT1CONK24S2j3+sLbRM8f1tbCHa+Dtu4owU32SntxC7z9poaDnu2+QcoKkT8dsi7eTSz3WYdWjZUp/ZQrGIv/VSOy2/v7NfT2h5Z1/1g/ZsHlz0awkttw7Ojz1xEwkZHB/mzo3KJqDbWiEYc7K39pX9UYOqJSb/4wbu9Q4UY9/Bt+iugaj3m1Z6r2WMdreq0DLigpDGFp+ZGCfRRLKxBKna1YZ3Wvb0S7rRJjW1GFtoufT49CzznZY98xJlj0+Elh8sHwsZoEWbBxeH9ey0PN/3xMlhgsygKpO6EPFeyFV20uVQl8OgqNp6EnmxwzKDg7g77Optv9raHdDUpEHkP1+Vd8qUdgd2AaFlr4SwMrR7jh4kp3pt0paY44OmrwcwVok5jmltwd0o5/pQQ2iZ+6k6bdU9C3fe11aAvdzxsE/W9uoJLddcsgot2nx8cSq0pLaOe8xjNU38Z1oPpoHlKMmzb2gQFXuyt9rjICMvdFhm1XLMHXaTYxFrvc8wZji8xARh7IUYtbUJsULhqkLLyLuXF50AD6cxONafXL8XjoklVr+16dCytQl2i0uuGSO0dJ9lg3VC+5jXPEAR77rj+aOM/5bcaflxr6LQ8tWL36758EALevvP7lZ0n2UofU+dNjvvgstCnv90kjRVYNnooF99bV/MRQ7LrhyN3abVeDxi9B23S+6iidm2NbVrvJy+Q5wjuWsKLWdt7GlmuyqPhUHkPKFsEREfqHvZh5atHWX4aHdPDXjvtz7K7bsfo6/S5J8vy+fa4hU3ZbzrjuqPUReElvOElk/WfHigBTXdZxnKw6/PTUAQffJREJTZc5/utE02Qdr0RGjsv0ttqxqjh4FLBlWxdyvVeARXW5M+Te9ijP1tq6VNiBla1xZaxn63bgx/xn8HK/dptN2IsNvSMXn59RVSj+2KCC1bmmT3PlzbDxjV2FfpfGjZYn+/hHe96TapZG3OBy39ntcUWo6LDw+0YOvg/Lim0LJ3cGHXNu9OQI4ElxU98y+/2kgcWDbeuY5+dGlldyjFPA501eM2owfYFe1ESnGE5fKTA3Hv3azl+xWzra0vtEx3+kVo463Wp81+p3a4oud9ZQFGymdSRGjZ5nGGjoiN8n1tcpe30HKp32xURGjZ5rtuoVnr/QyhpSNiIYnet8/XKzsa9pWnzvuTu+0dpbDUxJkjntru0I0SP+NeS3+vuLtRatlZFfnO0FUHidED7IpWuEa+M3SlY1dTBKxdbxNiHyleXWiZos6GI2BNdhHn+xFlJ7FjMVOPKd9fMDRtZ+KP7UoILWffp5EQv/W6MCxhR6txSl7j/2Le9Y4H0zmMUZcPLZ+sDasKLU/WfHigQZsH5/uVhZZnnjo3fOiPcwkuwwDAJFprHftR4t20rd39FvPOxZomA6LvXFyxjiQIsKu4TyT2XZZNTD4nqLudbhMSLAjoNfVnLyG0TNEXM6lNvG9IvEUPdg0nesa3nHAwHdvFDS5LCS1bbPfd9dpy/7XpsMhRwQu/O4clhZZtvuv6F+32L1bYafnxcWW7LUevfvjIDhRoSAjxKgsth546qScTFrhXqefJtD+R0JWdSLF3gdVw9FKKXdhNTDbGDrDDv6/rE0MpFras2l4kqb8d/W6l6CNUGVqmqLMV7BCeBCYrHDtOeX0KwWV+44zYwWUxoWWLYzQ7sNrd5d30OLCU8C0XbY/3inrXK/7mxehbLB9afn9nv7YjYsPfWbcIVrd5cNGv7WjYcTn05LllcNfLKLQ02GpusHZYw7NMscOu06tXE91328SEVpIAu8P3nKa4a6+JXdkpjtvsapsQ62jH6kPLFEfEdvyI63fu1zu28yj5JPNptMWP7vSLNGE8/0R8zOCymNCy3Xa/6t2Wbe6yDIFZC3V2aJFtPmOTkt71NupjGe/4ZGHaWbZjkt+f3NmuLrS02xIaUeEuy1ebjy/c80H0AZ57LtN14toa/OS6Ey32DrsuB+sp6k5TRxWmOMq0q7vsUu3Cb2rFcJIdoh1rE1ItaKoxtExWZzu6Qv+GMGVk12XCZxJ3gdnIjsv8xo2xgstSQsu22/2aFwC3+ru2sFixtdCyg3f9xhinetfNXa48Jnn+wyfrFYaWodgtBSuo8C7LSXn49XnP0yfHsGKuiQeTTAt0iCerD0cZBc+9SHV3X1jVxERv/CMKm/4dE7VjnVvRXvrvmGKXaJfahFgrmIWWV9vfJMe5j7p2TOyH7vG267L7k4yOzWt7rLH8DvwYwWVRoWW77f6o68eA3/D8W11w1cbuxbYCrSZOL6np2bYaWrb+rtfTr4l6V/YqY5Kw87DG4PLFb9ccdwFL6O0/u7t5cDGqMbT09MmtA7BMp9sk0+3PLpfjYFMcm5niaL2uTQik2lXV9LE2qe5x7dJRi6nakqZ23F5KFLp1YuIgxa6/2kPL2Z93pO2K0o+1IC6RiMfECi7bGWscN9DvazW4LCq0bHns3fVjwGP3/do6irPFBR2jTrVBkRZUFvmudyygzmWMslpo+WRtWOVuy/HfW5cJFrd1cH5cY2C5+fji1NNn7k7AB1aoJ9912cFjTlbvuO1up9oRk/pY2Hc6sEeJ/q6npYcUKd/7NiYUk+0Qazh0S1IXEoW+03tNm10AkGrncOltQurj4msOLZOdGtCBu3lnu4NPLYjT3+jitzn9+zVYbzJwbvM7WVJoGWP8UtPYue1Fd239lm32vbuyQCfm4tpi3/UKFmPFPklntdDy+zv7lR4R+yr83XWdYH5b3/y8XWVgOS6fPr4wUKOYSeu5A7EO3iG3zARCpkf6tnJ0zpwTYa+EFPlPILa9Ky1l6FLy5GjSwLKFFcIpTw8IbYI6ILRcss6+6soCknj9ocUDS7su62pnQn9ZQL1SWDBqp+/c/GklxYWW7Y9fRinGZYnqaZEnabT5Z+/KDryYC1LbnLtxAlRZ47oVQ8uPe9WGlo6Jhbn1vn2+XuuxsLPSVwsoadJ/oQmICsPLSViZaFdh7pfBpwxxSwwuU++sbquupD7qusTgMnVY1VZbnjjALmoXVy4LlmoOLSfPIeH3vcTgcsXA0q7LVM8tQT2fLHqsILwp7BvaeKBWWmgZY/zShVNh5giDRiX37Us6yaTr81Klv+sd/h4NixqTvPrho7s1h5bhTs/wG+hKwc0m91g+vjitOLB8FUJbNYHSJs6El9cPyHJ/JqlXc6a6l7HESYEMjoIelXanUVeDywwCy2F77WbaALuUNiGnExaqDy3bX4nfmeCy6SMr7bqM+eyaCZsdl9nimCPeBHGjwWWhoWWv62O00tuStoO/NncSFn0KTIKTlDrwrh917j1PNAe28pjk5cnaaeXB5angEm5W7T2Wb8qZWkCJHYSlJ4cLPt7sts56Cc8hl8n5mJezl3oM0yygGCUOJvZb/TsmDqtKOY4uh7al7fcldYA9aRszbhNS3f0ptMz3vSyhL9Xmwhu7LuMFY8nu0558n7t7jN5q7c/kzrBRqX3nEkPL2Z97KMxYXJTAMsLv1vp9hwW2d7NA+qxLoWXEd/2wM9+klNeXrBxa1nyv5WV5sjb8CHhPuMux8sDSfZY01Vk8LSW4fLNSfnBY8hFQ4XcPHbSCfvtsgrrUu1RyXsk/qVcZhFSTI9oiTAhnsntslONO8BZ2KOU7EZRo0uO9epBZEJRLeyC0vP7ZJF90kfGEV6Sg3a7LGM8y4X3k03bZrsur/YKU1yw0NZYoOLTsdaXfFa3ORurDxAj82v6uxajDJYZ7iULLngVoZYzlGwgt677X8vX9lidrggm4QmA5LVvf/GywTVMTvqUFl2/CkUICzMugMoOdgsXvLAzPPJujizNZ2Ro63RkEN7MJk3gTwbm0XZN2KJOdO7OJkVEWbUek92O2cySLI7Sz2JGeUXsgtIw38V76LuEUoYpdl1VMSlZxzcQc7U3yfkHNoWXMkKb04DLmoqtYC3hiLOAoaZFGykV1nXrXCw4uc1h83EjfINztKLh0VCwILK+5z3L/mTaB6oPL9wLMnd3tbMKDcUcoDK4Tr2zuXGc4h10q705op6pzs7tQjzP6LYax37GsAv6E78ssqDrN6b2I/PcfZlMPIv/dU0z0CS1Xl81Ck4TfsNf1Nm2Ia9dlnNAs+c7/2o6MnZ3qctal8UTRoWXEncelBpeR5yRGMb99Ed7FURELuRNfW9C5dz3RmKP0wLKxMUnYZSiwfBNcPv/hk6o6WnApBHSbBxdDYeXrMlQrEFx+YAdBmKAYd4xjrLCeBJTTnZSHJYeUpazey2Vn1btBRazB7yysPMruN0gwIZjLztu3FlBEfHdmiyOGubW/8b9h6e5PS10ProQ+o+y/K0LLt97d3BZdxJzAza3ehgVARgOtfquPMnnOnQ8vc+sXNLkDrOTQMnafdTIWLmgneQh6Yobssce5kdrAkXvW04eWsb950+9aGe96DouYmg0tn6z1hZVvlVE4Nle3l6oCy4OLjc2DizNB5ZXy+MIdHQgul5lEDsdEhY7ddAfk/mxgP18JE3qX/7twpNh0QmDUxd+qhONGcj1qd1a/eu38nXe3s/17JzqWKJM7DW9qb/bbmBydHje9u5ftEaCJJkxymAyJeQ9z+GfOJkWK+Q4JLbP/jrV+b/ikP5VhvRVa1hNcdjW8nO2sPM2tT5z7hHfU0DL+aTGjEo5Hnu28GkX8rg/jt3/RFtxmGVzm0v539V2fLlLI95s2Ow3muHNjknAkqqDy2nLouFhqEMI5IeU1R8N++3xd7aDFDsVRV4NLpTv3I+R2TOwNRxYfrXJk8WRH5Zu7UEcZBxHDpHUhrx1LN+38PlxlcDQJqKY7x4eZh1L7ievCsNP1YBr4HOYaWAstu7Hooslj96cnA0wW3BxlXG9H7rasL7h8fedlyfeCzXYs5/hutXFEaemhZeTwKsu719//PkQPMkapwp2IY7lswurcwqoEYXzkUzPyu9t0doXJWWfHJC9PPj4WUr5fXpysndl1SVfNdlc6Dvb6XZanagi1TSooAssSw6prd/pe7tadHV18pVzu4j0sbBfvKIeVnbkdEztHeHX8pi5MdnFP60GY3H9TF45KOm46dXh9OQFWyruzQD047sopCELLcr9jV06rOHxTNyf19Lo6W9R3rISdSMYYUXYZH5Vyv2nOJ2+0eadiF0LLhO/AKKdxXqrjwVOGOrHHKhksJMwurErwGwyTLMbJYLdt7pshGuv7/f7kzraQ8rby8bG7LulMWLn/7O6njy+OhJOOhiWDwUSeR+0pAsvWJzCURSam8png6/Lx1mWE13ms4s/wzltFaOk7lm3fZ9e4SnB5Y4CZzXdtcix8/idvtBlYdiq0TLjLPvbd6+/PL0yOMT5LVDeP077Hk4V1CU5NiDtWm+2gzbKNT/Gup2qzUx2Dntud5VEWrE3uchRQ3lr+5ff/7v+6+7/8F/+5LjBFhpXfPl/fPLg4HJeRYPIDR8PuP3N8EVEHFl29t1EpP7C8Mvl17DnWdxRoTgPD6utCZvfnCIGElqW1cyXtqu7Oopv2whWKDy7fP9o7hIaRvnVXjlU+LGlBVtvvVFdCy8nfZVyXku+eD6e+RAg1ZiHWYco++vTOv/SLEFJ96yd//5bH+5PnnHlYleZbl3Yx5eRUlwjB9eQqkwzvLI8SWr44WTsSTN5e/u//4z941fvT//rVve9+Nbz/3a/6G/90W7BB9ra++Xnbzsr5y9bB+bFaQ4pBVan3ZylzrCbPLGxYNqyyy85k75VJIMGlRQ+OORdalhVa+o5VOYFd/Rij0AUmbx3vffW4/wUCoMkE79Wjld8cCT/SF+h+aDn5+8S/8+6Wu13H9bjBMeHlXeyZfNeyGe9mcCR8ozvJp0eA5n1cderQcjYmOczgu3U2O76/1+h7Pr1X+bTmMclHL367tiGYnCOw/M1nV8toXI5DgPmL77bXP4IMhF2CV4JKuyoXDS3Hv51aRKpQyC6Azk3YnXUhsHxTR8u5y85kbx2TQJWE14cWMyhCS4sufMPwza54AWSkxUtdCy0zXWA1moSYV+/avmW8+Dp8n/5393MM3nO7qzanOZXZAoyj2bO7dfHFbD7o3WddVHvlub+zWGFyisBs4c3i77kxyVUvT9ZOBZRzB5bXlbMQYt777tf7f/inn22P/7MnzKTNcPLh1+e9UDYPzvcnIeXji1PB40rlTM0ig062I/dM2OVbP034qjsmQR2tKLgUWhZ8DLbvmBMmKh1f9NR771ONoeUsuHTNRUWngWSw27KEMcZxG4F+BmMSp5ctdbTx7l72oeWLJ2t9IeXSgaXSQBGaKWnL+b4hLbl0tHW4BA2CS4Gl4FI7UkQ9sAtbaFnY3b2p7z8SsJCqrbbIRJ+wytDSAquqri+YBdWuMLjtW/3mfszOhJbmKZZ8j2e7PLMPLYOXJ2sjYaXAUmip1FjC7lXDWfKZWAj3F1gV6vgmwaXJKcGlwFKboAgttV0CSxobX5jMdzR8VaGl4LK+vmp43vqlt4fNXQwtr4xJPOsF+uDlhJbf39kXWAoshZZKbSUcr2sYS56rBCe7AXS4SwicKpusE1IILE3+CyzfbROcEiC0LCW0vNJ2+Y4JLOsbX6j7+b5LCe8H7HJoKbisr6/qVIXbn11XQ0tj0/mPCL5SF8oILV/98NFdgaXAUmipVLfL8tvn64avZL4q2q7LjFdDd/H+SiGFwNLgsI6dFSYEhZa1hpYW4PiGVT2+mPbhtNf5tN/D1O9S10NL/ZT6+qp2lt/8ve5yaGlsunBdKCO0DF6crB0JLAWIQkvFLkvIrNPtrsvcOntnrXXGhBRWKhc6AWryv3v3Ai210OaLwdBzFVqWEFpagFN2yEKeQZWy6PUSu3tdrQu5hZb6KXX1VY1Tr95j+fb3uuuh5ZXg0tj0w3WhnNDy+Q+frAssFaGlUkt5+PV5z3CVAicXdL7srrSSteiBfx4TVM1PDgzWTQ4sOHDs6OIHbcLbkwMxJkiFliY27bZhheBe/U9wPF/oN3U5wM4xtNRPWSZYL3dxXXjHKp87ufYI9xpCy8vvm7mzD9aFckLLoLbdlgJLoaVSbRkaplJq59tAK9GuAvc2Wc0opPrg5L/2yS6lK22CyYHphIDQMuPQ8sok9qH2qbuT18wVWunHxTitJeHdlUJL/ZTa7iyuOLi68fnVElpeWZhzVv135+a6UFZoWdNuS4Gl0FKp+C7LgwvhA+WHl463idPJM0m3yKDAav0bV9TXs0M3TMiZ/CwjqDFR0P5EkdCynHdB23XLHUgWbtUxtrDwqM2Fa9l+/2sMLQUa9Syuqy24nN5bePNO7ppCy+m3rd4TNT50/3hxoWXw8vs7+wJLRWipuMsSCuiEjzsFwsv2JhccBZvHxIedKSVOfk52XR6rA3VP+s/qwWFVC13eec5Cy7ICfG1XvQstMLao9WqJWkNLbX49bX4tweU8gXNtoeXrv3dlJ2qERUhz1IXyQstXP3x09+XJ2khgqQgtlU7usvz2+brhKJ2cYDDgElZmNDCsfcKrtt2VNw8Qq9+5NDLpP/1GdX03w00TRULLMidGa2+77K5EeNnEhHE+91YKLbX5tbf5XT8VaN5+Va2hZU3vef/R7t683/niQsvgxZO1PYGlIrRUulfOq584pOMTDG+OdnK82aK7Y4SVzdfHCu+6nAz6O3535eLt0t7dGnfgToPrMiYs1YP2JoqEluXu5qhtp/CbEwLmm+xCeKnctPixrG+/0PKtNv/I4rqO90U7ttB7No/RS/m+qwNlLj4oNrScBJcna2cCS0VoqXSojHr7zwQS1NMhf7S7556OOXbGuLMyVlAx6nzwrS7Nu6ii++2K4PpD9eC4lokioWX5R9BV1HZZvMXt4aU7L2/pA+7ulfr+CC3rDOpL2g3c+DMev69dGJsuc/x07aHl699hZ3e7Q3NlSy0+KDq0fPn9xz2BpSK0VDpUTCZT+ySD3ZeXnbrQwXfsmfBSWCkAEFaaFGw54BFaduferM62XRVPXLPkezB+fy2MnL07O7vbHfgeCy27H2q83V81Dr5sy4a1PUOhZbfmJ1bpwxUdWk6Cy5OPjwWWitBS6UAZfgRMjuus9O7LUVcmFjoRXo7rYemTAHbpNhYAHJYeZE/aFpM/q4WXBQVBi04OCC27E1peE16OSl+Vb2clDbXf1SyMnBy/V/CuSqHlkvW8Azsv9Vdvfr6ljEsni2VXnM8QWt4wP1HYorQmFpwVH1q++uGjuy9P1kYCS0VoqZRcegcXOmfwXsdsd7vLEw3TTr2g0mRXC7t07Uhpvi6EBRUFTQh1cdIykyAo2xB72cmBGBNhQsuEfanpIpxTC26ovg3v8Lhi+t6Eb343+39Cyzl/py+/2iitjs+Osd83dil7LDIddzTz7RZafqBfl/fOy1GTp2MUH1oGL56s7QksFaGlUm4539cFgzkGYWEwXvYq0tCJO578PawiLXLid7YLeJTl4ED4HS+4mt7He5rlhIGjpaua/G7inrJIE+o9tUbb9eFFFiatiTiuCEFJoeOKqwsfLU4i536KsUtL7Vcmz3byHPXx0tSDjE4os1j2A14+WRsKLBWhpVJceXxxqgWHJTvroWM07ijnuoNgsuo5BAihQylE6Fb9m+7APExV92Z3E+6rV6lDgNdh9lGiY5tmCyHGfwaT/aknBg9j1YGmw+kobZa2KrO2KwSY6dqu14HLpO0ywUUm/brQrxp/U3M8hvGtMYXvPcv3U06T1mFjl+L7oLOg8tj3O8vxaNTF1V3f4d+o5z98sl7KMbECS6GlojgWFlqacJgemzKZdJitnh5FGIANZ6u19yd/Bh23SuveNERveNX+SPhd2KDx7YnP04aPz5q2NZOdFdqZbOtAeD6zHTwNTCK9aQNa2lETY2JDzci93oajj9+qt6eNhuzaLkr9nk9Pedm/7O9HuMd1OBvDTN8X/T7a7asetVGvZ/X4aPb+9Pzqab7lDc2DjK7MdXiWJdSDN4v7GxuLzhabHasHK/j9yZ1tgaUitFQK2mW5p+WGiJ346QCtd6UzP1+ZDbheFxNuzFvvFq9z0/++SaquThC9WVgxb5ujvenOBMI8z/+tZx9nBbvQkrn6Tm/CG20X3o3LNn3ed+O9d2XyLfCukGlfdYE6faUu+xUL74Nelum4tWcnZcV14PK9NifRrBcna0cCS0VoqRRQhlpsAACSTWJ8MejFOMbYLw0AAFTr1Q8f3X15snYqsFSElkrGZdTbf2bVEgAAycQILcOxYn5pAACgai9+u7aR0/2WAkuhpaJcLQ+/Pu9pqQEASCkcASW0BAAAiODFk7W+wFIRWirusQQAgPf1dwZHEULLfb80AADA2MuTtUOBpSK0VHIpnz6+ONIyAwCQg7ALUmgJAAAQ0cuTj48FlorQUslgh+WpeywBAMhF24HlLLTs+aUBAABmXv3w0d2XJ2unAktFaKkkLGcCSwAAchHCxCihZX+w7tcGAAC4YhZcjgSWitBSSVBGvYOLDS0xAAC5CMe2xggt/dIAAADXePHbtY22g0uBpdBSUQSWAADlCDsO+zuDo/7O7nZNf+/PdwanEY6GHaphAAAAN2gzuBRYCi0V5ZrS1/ICAOSl39+723806H++Mzi7DNjC/13P33+wHuVo2J3BodoGAABwizaCS4Gl0FJRBJYAAHkLYV3YVflHO4PRDTsDe1X8Do9296KElo8G+sMAAAAf0mRwKbAUWiqKwBIAIF8hPAtHlX4oZKtlt+XVHaathpb9wbraBwAAMIcmgkuBpdBSUQSWAAD5meyq/GKwv2hA1/XdgWE3aYzAsqbjdgEAABqxSnApsBRaKorAEgAgLyGUmx0Bu2zgNgp3Xnb49xlGus/ySG0EAABY0DLBpcBSaKko75TR1jc/b2tRAQDiCyFj2CHZ1LGn/Z3BcSd/p0i7LN1nCQAAsIIQXL44WTsTWCpCS2WZwLJ3cLGhJQUAiGtyBOx0V+Wo+Z2Cu51bkBZrl+X0Psvu7lYFAABo3asfPrr78mTtVGCpCC2Vucvji1OBJQBAXGEXX4QAbhRC0S79ZrECy893BqdqKQAAwIpCcPniZO1IYKkILZU5yrC3/8wKcgCASPpfDPabOgJ23vCtCzsGQ/jaxm7Um4+G3d1TWwEAABry8vs7+wJLRWip3FQ+fXxxpKUEAIgr3DUZK3i7cr9l8f2+mMfCTo+G7c4OVQAAgCz8/uTO9l+c3Pk3AktFaKlcvb9yXPpaSACA+PpfDHqxQ8vSg8vZnZ8xf6tjNRUAAKAFJ//7f/Sfbf7pf/XPhHaKsE4ZlzP3VwIApBWObBVczifmPZZvjoYd9NVSAACAFv3hbz47FNwJLZW6j4N1fyUAQHopgrgSg8tEv9NIDQUAAIjg3ne/7t37zWdnAjyhpVLXcbBb3/y8rQUEAMhH7Dsa3woux//ufn8v68Vs/Z3BYaLfZl/tBAAAiGTjn27fvfebz46FeEJLpYoy7H37fF3LBwCQl1R3W16Wz3cGZ/0vv8ru2oAQpiYNdPsDfWcAAIDY/vBPP9u261JoqXR3d+W49LV0AAD56u8MjlMGl7ntLOzv7G6H41kdnQsAAFChsOvSXZdCS8XdlQAAxBd29aUM6d7adbmzu53yd0i5u9IuSwAAgIzc/8d/d+Ped78aCvaElkrB5fHF6cOvz3taNACAcoSdjqnDurfuuvxiEK0/GY6nDbsbs/i722UJAACQF0fGCi0VR8ECABDX5zuD01yCy9c7Lx/t7rWx83Cyq3L8z87s7zwKd2mqiQAAABm695tf7d37zWcjQZ/QUsk9rDzfdxQsAEDZwo7DnELLdwLM07AbdNkdmJOQcmd3u78zOMwtnM3xXk8AAACuEe67vPfdr/eFl0JLRVgJAEC7wu7DXIPL93ZhhmNkdwbHszDz7bIzOAr//7kGlNeFsmofAABAIa6El46NFVoqwkoAAFoSgsASgr4ulZh3eAIAANCg+9/9qv+Hv/nsVAAotFSilrPNxxd7wkoAgG4L9yqGnYzCxEiB5c7gUK0DAAAo3L3vft27/91nR4JAoaXSXtk6OD/e+ubnbS0OAEA9ZvdbjoSKjoUFAABgAZOjY3/zqz27L4WWSoO7KsMRsN8+X9fCAADUqb+zuy1YbLWMQjispgEAAHTU/X/8dzf+8DefHbr7UmipLBNUXhz2Di5MnAAAMNF/NOgLF9s6FnbXaSYAAAC1CAGmHZhCS+WW8vjiVFAJAMBtwp2LQsaGA8tHu3tqFgAAQKXCEbL3v/tVf3YHpl2YQstqd1N++vjiaPyffUe/AgAwr/7O4EjY2NQOy8GRGgUAAMBrv/hue/0P//Sz7Xvf/Xr/3ne/Gt77zWcjgaLQsoNlGHZSCikBAFiV4FJgCQAAQCQhyLz33a97Icic3Is5DTPtyhRalnAX5XC6g/J8/+HX5z0BJQAAbQjHmgofBZYAAAAkFI6XnQWal2VfWbw8+J/+2/8xBGvKciUEkpelt//srjcTAIDY+o8GfSGkwBIAAAAAAACS6n8x6P3RzmAkkJwrsDxUYwAAAAAAAKAF/f5g/fOdwalg8sYyCrtS1RQAAAAAAABoUb+/dzccfSqgfLt8vjM463/51YYaAgAAAAAAAJH0d3a3HRf75v7KEOaqFQAAAAAAABDZbNflcdW7K3d2t9UEAAAAAAAASKz/xaAXArzKdlce2l0JAAAAAAAAmek/2t3r+pGxYWdpvz9Y97QBAAAAAAAgU5MjY78Y7HctvJzcW/nFoOcJAwAAAAAAQCEm4eWj3b3Cj40dTcJKOysBAAAAAACgbP2d3e1wrGoxuyq/GAz7jwZ9d1YCAAAAAABAx0x3Xw76OQaYk7sqH+3u2VUJAAAAAAAAlZgEmNMdmIef7wxOk+ym/GKwH/4MngYAAAAAAAAw0f9i0JvsdtwZHIZQsYH7MEeTcDLsogwBZdjl+eVXG35pAAAAAAAAYCGTXZkh0Jy3uIsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC66f8HKcJiK40HtHQAAAAASUVORK5CYII="
-           id="image217" />
-      </g>
-      <path
-         fill="#e3f2fd"
-         d="M 220,133.33333 H 444.53543 V 320.0105 H 220 Z"
-         fill-rule="evenodd"
-         id="path221" />
-      <path
-         fill="#9e9e9e"
-         d="m 230.76562,149.15208 v 2.78125 h -0.9375 v -7.10938 h 2.625 q 1.15625,0 1.8125,0.59375 0.67188,0.59375 0.67188,1.57813 0,1.03125 -0.65625,1.59375 -0.64063,0.5625 -1.84375,0.5625 z m 0,-0.76563 h 1.6875 q 0.75,0 1.14063,-0.35937 Q 234,147.6677 234,147.01145 q 0,-0.64062 -0.40625,-1.01562 -0.39063,-0.39063 -1.09375,-0.40625 h -1.73438 z m 4.91699,0.85938 q 0,-0.78125 0.3125,-1.39063 0.3125,-0.625 0.84375,-0.95312 0.54688,-0.34375 1.25,-0.34375 1.07813,0 1.73438,0.75 0.67187,0.73437 0.67187,1.98437 v 0.0625 q 0,0.76563 -0.29687,1.375 -0.29688,0.60938 -0.84375,0.95313 -0.54688,0.34375 -1.25,0.34375 -1.07813,0 -1.75,-0.73438 -0.67188,-0.75 -0.67188,-1.98437 z m 0.92188,0.10937 q 0,0.875 0.40625,1.40625 0.40625,0.53125 1.09375,0.53125 0.6875,0 1.07812,-0.53125 0.40625,-0.54687 0.40625,-1.51562 0,-0.875 -0.40625,-1.40625 -0.40625,-0.54688 -1.09375,-0.54688 -0.67187,0 -1.07812,0.53125 -0.40625,0.53125 -0.40625,1.53125 z m 5.875,-2.70312 0.0312,0.57812 q 0.57812,-0.67187 1.5625,-0.67187 1.10937,0 1.51562,0.84375 0.25,-0.375 0.67188,-0.60938 0.4375,-0.23437 1,-0.23437 1.75,0 1.78125,1.82812 v 3.54688 h -0.90625 v -3.48438 q 0,-0.5625 -0.26563,-0.84375 -0.25,-0.28125 -0.85937,-0.28125 -0.51563,0 -0.84375,0.29688 -0.32813,0.29687 -0.39063,0.8125 v 3.5 h -0.90625 v -3.46875 q 0,-1.14063 -1.125,-1.14063 -0.89062,0 -1.21875,0.75 v 3.85938 h -0.90625 v -5.28125 z m 10.10839,5.375 q -1.07812,0 -1.75,-0.70313 -0.67187,-0.70312 -0.67187,-1.89062 v -0.15625 q 0,-0.79688 0.29687,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54688,-0.34375 1.17188,-0.34375 1.03125,0 1.59375,0.67187 0.57812,0.67188 0.57812,1.9375 v 0.375 h -3.57812 q 0.0156,0.78125 0.45312,1.26563 0.4375,0.48437 1.10938,0.48437 0.48437,0 0.8125,-0.1875 0.32812,-0.20312 0.57812,-0.53125 l 0.5625,0.4375 q -0.67187,1.01563 -2,1.01563 z m -0.10937,-4.73438 q -0.54688,0 -0.92188,0.40625 -0.375,0.39063 -0.45312,1.10938 h 2.64062 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32812,-0.39063 -0.89062,-0.39063 z m 5.7666,0.17188 q -0.20312,-0.0312 -0.4375,-0.0312 -0.89062,0 -1.20312,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26563,-0.70312 0.25,0 0.39062,0.0625 z m 1.82129,4.46875 h -0.90625 v -5.28125 h 0.90625 z m -0.98437,-6.6875 q 0,-0.21875 0.125,-0.35938 0.14062,-0.15625 0.40625,-0.15625 0.26562,0 0.40625,0.15625 0.14062,0.14063 0.14062,0.35938 0,0.21875 -0.14062,0.375 -0.14063,0.14062 -0.40625,0.14062 -0.26563,0 -0.40625,-0.14062 -0.125,-0.15625 -0.125,-0.375 z m 5.69238,6.17187 q -0.53125,0.60938 -1.5625,0.60938 -0.84375,0 -1.28125,-0.48438 -0.4375,-0.5 -0.4375,-1.45312 v -3.4375 h 0.89062 v 3.40625 q 0,1.20312 0.98438,1.20312 1.03125,0 1.375,-0.76562 v -3.84375 h 0.90625 v 5.28125 h -0.85938 z m 3.09082,-4.76562 0.0312,0.57812 q 0.57812,-0.67187 1.5625,-0.67187 1.10937,0 1.51562,0.84375 0.25,-0.375 0.67188,-0.60938 0.4375,-0.23437 1,-0.23437 1.75,0 1.78125,1.82812 v 3.54688 h -0.90625 v -3.48438 q 0,-0.5625 -0.26563,-0.84375 -0.25,-0.28125 -0.85937,-0.28125 -0.51563,0 -0.84375,0.29688 -0.32813,0.29687 -0.39063,0.8125 v 3.5 h -0.90625 v -3.46875 q 0,-1.14063 -1.125,-1.14063 -0.89062,0 -1.21875,0.75 v 3.85938 h -0.90625 v -5.28125 z m 11.38086,5.28125 h -0.90625 v -5.28125 h 0.90625 z m -0.98438,-6.6875 q 0,-0.21875 0.125,-0.35938 0.14063,-0.15625 0.40625,-0.15625 0.26563,0 0.40625,0.15625 0.14063,0.14063 0.14063,0.35938 0,0.21875 -0.14063,0.375 -0.14062,0.14062 -0.40625,0.14062 -0.26562,0 -0.40625,-0.14062 -0.125,-0.15625 -0.125,-0.375 z m 2.20801,4 q 0,-1.21875 0.5625,-1.95313 0.57813,-0.73437 1.51563,-0.73437 0.9375,0 1.46875,0.625 v -2.75 h 0.90625 v 7.5 h -0.82813 l -0.0469,-0.5625 q -0.54688,0.65625 -1.5,0.65625 -0.92188,0 -1.5,-0.75 -0.57813,-0.75 -0.57813,-1.96875 z m 0.90625,0.10937 q 0,0.89063 0.35938,1.40625 0.375,0.5 1.03125,0.5 0.85937,0 1.25,-0.76562 v -2.4375 q -0.40625,-0.73438 -1.23438,-0.73438 -0.67187,0 -1.04687,0.51563 -0.35938,0.5 -0.35938,1.51562 z m 7.13965,2.67188 q -1.07813,0 -1.75,-0.70313 -0.67188,-0.70312 -0.67188,-1.89062 v -0.15625 q 0,-0.79688 0.29688,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54687,-0.34375 1.17187,-0.34375 1.03125,0 1.59375,0.67187 0.57813,0.67188 0.57813,1.9375 v 0.375 h -3.57813 q 0.0156,0.78125 0.45313,1.26563 0.4375,0.48437 1.10937,0.48437 0.48438,0 0.8125,-0.1875 0.32813,-0.20312 0.57813,-0.53125 l 0.5625,0.4375 q -0.67188,1.01563 -2,1.01563 z m -0.10938,-4.73438 q -0.54687,0 -0.92187,0.40625 -0.375,0.39063 -0.45313,1.10938 h 2.64063 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32813,-0.39063 -0.89063,-0.39063 z m 4.06348,-0.64062 0.0312,0.65625 q 0.60938,-0.75 1.59375,-0.75 1.67188,0 1.6875,1.89062 v 3.48438 h -0.90625 v -3.5 q 0,-0.5625 -0.26562,-0.82813 -0.25,-0.28125 -0.79688,-0.28125 -0.4375,0 -0.78125,0.23438 -0.32812,0.23437 -0.5,0.60937 v 3.76563 h -0.90625 v -5.28125 z m 5.89258,-1.28125 v 1.28125 h 0.98437 v 0.70312 h -0.98437 v 3.26563 q 0,0.32812 0.125,0.48437 0.14062,0.15625 0.45312,0.15625 0.15625,0 0.4375,-0.0625 v 0.73438 q -0.35937,0.0937 -0.6875,0.0937 -0.60937,0 -0.92187,-0.35938 -0.3125,-0.375 -0.3125,-1.04687 v -3.26563 h -0.95313 v -0.70312 h 0.95313 v -1.28125 z m 3.03223,6.5625 h -0.90625 v -5.28125 h 0.90625 z m -0.98438,-6.6875 q 0,-0.21875 0.125,-0.35938 0.14063,-0.15625 0.40625,-0.15625 0.26563,0 0.40625,0.15625 0.14063,0.14063 0.14063,0.35938 0,0.21875 -0.14063,0.375 -0.14062,0.14062 -0.40625,0.14062 -0.26562,0 -0.40625,-0.14062 -0.125,-0.15625 -0.125,-0.375 z m 3.64551,0.125 v 1.28125 h 0.98437 v 0.70312 h -0.98437 v 3.26563 q 0,0.32812 0.125,0.48437 0.14062,0.15625 0.45312,0.15625 0.15625,0 0.4375,-0.0625 v 0.73438 q -0.35937,0.0937 -0.6875,0.0937 -0.60937,0 -0.92187,-0.35938 -0.3125,-0.375 -0.3125,-1.04687 v -3.26563 h -0.95313 v -0.70312 h 0.95313 v -1.28125 z m 3.7666,5.23437 1.23437,-3.95312 h 0.96875 l -2.125,6.09375 q -0.48437,1.32812 -1.5625,1.32812 l -0.17187,-0.0156 -0.34375,-0.0625 v -0.73438 l 0.25,0.0156 q 0.45312,0 0.70312,-0.1875 0.26563,-0.1875 0.4375,-0.67188 l 0.20313,-0.54687 -1.89063,-5.21875 h 0.98438 z m 4.8877,-1.32812 h -2.375 v -0.73438 h 2.375 z m 4.14941,2.65625 q -0.0781,-0.15625 -0.14063,-0.5625 -0.625,0.65625 -1.5,0.65625 -0.78125,0 -1.28125,-0.4375 -0.5,-0.4375 -0.5,-1.125 0,-0.82813 0.625,-1.28125 0.625,-0.45313 1.76563,-0.45313 h 0.875 v -0.42187 q 0,-0.46875 -0.28125,-0.75 -0.28125,-0.28125 -0.82813,-0.28125 -0.48437,0 -0.8125,0.25 -0.32812,0.23437 -0.32812,0.59375 h -0.90625 q 0,-0.40625 0.28125,-0.76563 0.28125,-0.375 0.75,-0.57812 0.48437,-0.21875 1.0625,-0.21875 0.92187,0 1.4375,0.45312 0.51562,0.45313 0.53125,1.25 v 2.4375 q 0,0.71875 0.1875,1.15625 v 0.0781 z m -1.5,-0.6875 q 0.42187,0 0.79687,-0.21875 0.39063,-0.21875 0.54688,-0.57813 v -1.07812 h -0.70313 q -1.65625,0 -1.65625,0.96875 0,0.42187 0.28125,0.67187 0.28125,0.23438 0.73438,0.23438 z m 8.3457,-0.5625 1.01563,-4.03125 h 0.90625 l -1.53125,5.28125 h -0.73438 l -1.29687,-4 -1.25,4 h -0.71875 l -1.54688,-5.28125 h 0.90625 l 1.04688,3.95312 1.21875,-3.95312 h 0.73437 z m 6.1084,1.25 q -0.0781,-0.15625 -0.14062,-0.5625 -0.625,0.65625 -1.5,0.65625 -0.78125,0 -1.28125,-0.4375 -0.5,-0.4375 -0.5,-1.125 0,-0.82813 0.625,-1.28125 0.625,-0.45313 1.76562,-0.45313 h 0.875 v -0.42187 q 0,-0.46875 -0.28125,-0.75 -0.28125,-0.28125 -0.82812,-0.28125 -0.48438,0 -0.8125,0.25 -0.32813,0.23437 -0.32813,0.59375 h -0.90625 q 0,-0.40625 0.28125,-0.76563 0.28125,-0.375 0.75,-0.57812 0.48438,-0.21875 1.0625,-0.21875 0.92188,0 1.4375,0.45312 0.51563,0.45313 0.53125,1.25 v 2.4375 q 0,0.71875 0.1875,1.15625 v 0.0781 z m -1.5,-0.6875 q 0.42188,0 0.79688,-0.21875 0.39062,-0.21875 0.54687,-0.57813 v -1.07812 h -0.70312 q -1.65625,0 -1.65625,0.96875 0,0.42187 0.28125,0.67187 0.28125,0.23438 0.73437,0.23438 z m 6.2207,-3.78125 q -0.20312,-0.0312 -0.4375,-0.0312 -0.89062,0 -1.20312,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26563,-0.70312 0.25,0 0.39062,0.0625 z m 2.93164,4.5625 q -1.07812,0 -1.75,-0.70313 -0.67187,-0.70312 -0.67187,-1.89062 v -0.15625 q 0,-0.79688 0.29687,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54688,-0.34375 1.17188,-0.34375 1.03125,0 1.59375,0.67187 0.57812,0.67188 0.57812,1.9375 v 0.375 h -3.57812 q 0.0156,0.78125 0.45312,1.26563 0.4375,0.48437 1.10938,0.48437 0.48437,0 0.8125,-0.1875 0.32812,-0.20312 0.57812,-0.53125 l 0.5625,0.4375 q -0.67187,1.01563 -2,1.01563 z m -0.10937,-4.73438 q -0.54688,0 -0.92188,0.40625 -0.375,0.39063 -0.45312,1.10938 h 2.64062 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32812,-0.39063 -0.89062,-0.39063 z m 10.14844,2.0625 q 0,1.20313 -0.54688,1.9375 -0.54687,0.73438 -1.5,0.73438 -0.95312,0 -1.5,-0.60938 v 2.54688 h -0.90625 v -7.3125 h 0.82813 l 0.0312,0.57812 q 0.5625,-0.67187 1.54687,-0.67187 0.9375,0 1.48438,0.71875 0.5625,0.70312 0.5625,1.98437 z m -0.89063,-0.10937 q 0,-0.89063 -0.39062,-1.40625 -0.375,-0.51563 -1.04688,-0.51563 -0.8125,0 -1.21875,0.71875 v 2.53125 q 0.40625,0.71875 1.23438,0.71875 0.65625,0 1.03125,-0.51562 0.39062,-0.51563 0.39062,-1.53125 z m 4.59473,-1.78125 q -0.20313,-0.0312 -0.4375,-0.0312 -0.89063,0 -1.20313,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26562,-0.70312 0.25,0 0.39063,0.0625 z m 0.48926,1.78125 q 0,-0.78125 0.3125,-1.39063 0.3125,-0.625 0.84375,-0.95312 0.54687,-0.34375 1.25,-0.34375 1.07812,0 1.73437,0.75 0.67188,0.73437 0.67188,1.98437 v 0.0625 q 0,0.76563 -0.29688,1.375 -0.29687,0.60938 -0.84375,0.95313 -0.54687,0.34375 -1.25,0.34375 -1.07812,0 -1.75,-0.73438 -0.67187,-0.75 -0.67187,-1.98437 z m 0.92187,0.10937 q 0,0.875 0.40625,1.40625 0.40625,0.53125 1.09375,0.53125 0.6875,0 1.07813,-0.53125 0.40625,-0.54687 0.40625,-1.51562 0,-0.875 -0.40625,-1.40625 -0.40625,-0.54688 -1.09375,-0.54688 -0.67188,0 -1.07813,0.53125 -0.40625,0.53125 -0.40625,1.53125 z m 6.69434,-0.78125 1.17187,-1.92187 h 1.0625 l -1.73437,2.60937 1.78125,2.67188 h -1.04688 l -1.21875,-1.98438 -1.21875,1.98438 h -1.04687 l 1.78125,-2.67188 -1.73438,-2.60937 h 1.04688 z m 4.90918,2.03125 1.23437,-3.95312 h 0.96875 l -2.125,6.09375 q -0.48437,1.32812 -1.5625,1.32812 l -0.17187,-0.0156 -0.34375,-0.0625 v -0.73438 l 0.25,0.0156 q 0.45312,0 0.70312,-0.1875 0.26563,-0.1875 0.4375,-0.67188 l 0.20313,-0.54687 -1.89063,-5.21875 h 0.98438 z"
-         fill-rule="nonzero"
-         id="path223" />
-      <path
-         fill="#ffffff"
-         d="m 266.18896,254.67717 h 131.9685 v 52.94066 h -131.9685 z"
-         fill-rule="evenodd"
-         id="path225" />
-      <path
-         stroke="#000000"
-         stroke-width="0.133858"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 266.18896,254.67717 h 131.9685 v 52.94066 h -131.9685 z"
-         fill-rule="evenodd"
-         id="path227" />
-      <path
-         fill="#212121"
-         d="m 310.35043,273.27716 h -0.9375 v -7.10938 h 0.9375 z m 1.36035,-2.6875 q 0,-1.21875 0.5625,-1.95313 0.57813,-0.73437 1.51563,-0.73437 0.9375,0 1.46875,0.625 v -2.75 h 0.90625 v 7.5 h -0.82813 l -0.0469,-0.5625 q -0.54688,0.65625 -1.5,0.65625 -0.92188,0 -1.5,-0.75 -0.57813,-0.75 -0.57813,-1.96875 z m 0.90625,0.10937 q 0,0.89063 0.35938,1.40625 0.375,0.5 1.03125,0.5 0.85937,0 1.25,-0.76562 v -2.4375 q -0.40625,-0.73438 -1.23438,-0.73438 -0.67187,0 -1.04687,0.51563 -0.35938,0.5 -0.35938,1.51562 z m 7.13965,2.67188 q -1.07812,0 -1.75,-0.70313 -0.67187,-0.70312 -0.67187,-1.89062 v -0.15625 q 0,-0.79688 0.29687,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54688,-0.34375 1.17188,-0.34375 1.03125,0 1.59375,0.67187 0.57812,0.67188 0.57812,1.9375 v 0.375 h -3.57812 q 0.0156,0.78125 0.45312,1.26563 0.4375,0.48437 1.10938,0.48437 0.48437,0 0.8125,-0.1875 0.32812,-0.20312 0.57812,-0.53125 l 0.5625,0.4375 q -0.67187,1.01563 -2,1.01563 z m -0.10937,-4.73438 q -0.54688,0 -0.92188,0.40625 -0.375,0.39063 -0.45312,1.10938 h 2.64062 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32812,-0.39063 -0.89062,-0.39063 z m 4.06347,-0.64062 0.0312,0.65625 q 0.60938,-0.75 1.59375,-0.75 1.67188,0 1.6875,1.89062 v 3.48438 h -0.90625 v -3.5 q 0,-0.5625 -0.26562,-0.82813 -0.25,-0.28125 -0.79688,-0.28125 -0.4375,0 -0.78125,0.23438 -0.32812,0.23437 -0.5,0.60937 v 3.76563 h -0.90625 v -5.28125 z m 5.89258,-1.28125 v 1.28125 h 0.98437 v 0.70312 h -0.98437 v 3.26563 q 0,0.32812 0.125,0.48437 0.14062,0.15625 0.45312,0.15625 0.15625,0 0.4375,-0.0625 v 0.73438 q -0.35937,0.0937 -0.6875,0.0937 -0.60937,0 -0.92187,-0.35938 -0.3125,-0.375 -0.3125,-1.04687 v -3.26563 h -0.95313 v -0.70312 h 0.95313 v -1.28125 z m 3.03223,6.5625 h -0.90625 v -5.28125 h 0.90625 z m -0.98438,-6.6875 q 0,-0.21875 0.125,-0.35938 0.14063,-0.15625 0.40625,-0.15625 0.26563,0 0.40625,0.15625 0.14063,0.14063 0.14063,0.35938 0,0.21875 -0.14063,0.375 -0.14062,0.14062 -0.40625,0.14062 -0.26562,0 -0.40625,-0.14062 -0.125,-0.15625 -0.125,-0.375 z m 3.64551,0.125 v 1.28125 h 0.98437 v 0.70312 h -0.98437 v 3.26563 q 0,0.32812 0.125,0.48437 0.14062,0.15625 0.45312,0.15625 0.15625,0 0.4375,-0.0625 v 0.73438 q -0.35937,0.0937 -0.6875,0.0937 -0.60937,0 -0.92187,-0.35938 -0.3125,-0.375 -0.3125,-1.04687 v -3.26563 h -0.95313 v -0.70312 h 0.95313 v -1.28125 z m 3.7666,5.23437 1.23438,-3.95312 h 0.96875 l -2.125,6.09375 q -0.48438,1.32812 -1.5625,1.32812 l -0.17188,-0.0156 -0.34375,-0.0625 v -0.73438 l 0.25,0.0156 q 0.45313,0 0.70313,-0.1875 0.26562,-0.1875 0.4375,-0.67188 l 0.20312,-0.54687 -1.89062,-5.21875 h 0.98437 z m 6.56641,-1.45312 v 2.78125 h -0.9375 v -7.10938 h 2.625 q 1.15625,0 1.8125,0.59375 0.67187,0.59375 0.67187,1.57813 0,1.03125 -0.65625,1.59375 -0.64062,0.5625 -1.84375,0.5625 z m 0,-0.76563 h 1.6875 q 0.75,0 1.14062,-0.35937 0.40625,-0.35938 0.40625,-1.01563 0,-0.64062 -0.40625,-1.01562 -0.39062,-0.39063 -1.09375,-0.40625 h -1.73437 z m 7.77734,-0.92187 q -0.20312,-0.0312 -0.4375,-0.0312 -0.89062,0 -1.20312,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26563,-0.70312 0.25,0 0.39062,0.0625 z m 0.48926,1.78125 q 0,-0.78125 0.3125,-1.39063 0.3125,-0.625 0.84375,-0.95312 0.54687,-0.34375 1.25,-0.34375 1.07812,0 1.73437,0.75 0.67188,0.73437 0.67188,1.98437 v 0.0625 q 0,0.76563 -0.29688,1.375 -0.29687,0.60938 -0.84375,0.95313 -0.54687,0.34375 -1.25,0.34375 -1.07812,0 -1.75,-0.73438 -0.67187,-0.75 -0.67187,-1.98437 z m 0.92187,0.10937 q 0,0.875 0.40625,1.40625 0.40625,0.53125 1.09375,0.53125 0.6875,0 1.07813,-0.53125 0.40625,-0.54687 0.40625,-1.51562 0,-0.875 -0.40625,-1.40625 -0.40625,-0.54688 -1.09375,-0.54688 -0.67188,0 -1.07813,0.53125 -0.40625,0.53125 -0.40625,1.53125 z m 6.69239,1.35938 1.3125,-4.0625 h 0.92187 l -1.89062,5.28125 h -0.6875 l -1.92188,-5.28125 h 0.92188 z m 4.09375,1.21875 h -0.90625 v -5.28125 h 0.90625 z m -0.98438,-6.6875 q 0,-0.21875 0.125,-0.35938 0.14063,-0.15625 0.40625,-0.15625 0.26563,0 0.40625,0.15625 0.14063,0.14063 0.14063,0.35938 0,0.21875 -0.14063,0.375 -0.14062,0.14062 -0.40625,0.14062 -0.26562,0 -0.40625,-0.14062 -0.125,-0.15625 -0.125,-0.375 z m 2.20801,4 q 0,-1.21875 0.5625,-1.95313 0.57812,-0.73437 1.51562,-0.73437 0.9375,0 1.46875,0.625 v -2.75 h 0.90625 v 7.5 h -0.82812 l -0.0469,-0.5625 q -0.54687,0.65625 -1.5,0.65625 -0.92187,0 -1.5,-0.75 -0.57812,-0.75 -0.57812,-1.96875 z m 0.90625,0.10937 q 0,0.89063 0.35937,1.40625 0.375,0.5 1.03125,0.5 0.85938,0 1.25,-0.76562 v -2.4375 q -0.40625,-0.73438 -1.23437,-0.73438 -0.67188,0 -1.04688,0.51563 -0.35937,0.5 -0.35937,1.51562 z m 7.13965,2.67188 q -1.07813,0 -1.75,-0.70313 -0.67188,-0.70312 -0.67188,-1.89062 v -0.15625 q 0,-0.79688 0.29688,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54687,-0.34375 1.17187,-0.34375 1.03125,0 1.59375,0.67187 0.57813,0.67188 0.57813,1.9375 v 0.375 h -3.57813 q 0.0156,0.78125 0.45313,1.26563 0.4375,0.48437 1.10937,0.48437 0.48438,0 0.8125,-0.1875 0.32813,-0.20312 0.57813,-0.53125 l 0.5625,0.4375 q -0.67188,1.01563 -2,1.01563 z m -0.10938,-4.73438 q -0.54687,0 -0.92187,0.40625 -0.375,0.39063 -0.45313,1.10938 h 2.64063 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32813,-0.39063 -0.89063,-0.39063 z m 5.7666,0.17188 q -0.20312,-0.0312 -0.4375,-0.0312 -0.89062,0 -1.20312,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26563,-0.70312 0.25,0 0.39062,0.0625 z"
-         fill-rule="nonzero"
-         id="path229" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 272.85565,260.2208 h 26.66672 v 26.66672 h -26.66672 z"
-         fill-rule="evenodd"
-         id="path231" />
-      <g
-         transform="matrix(0.05208346,0,0,0.05208341,272.85564,260.22081)"
-         id="g238">
-        <clipPath
-           id="slide_1599671233389.3">
-          <path
-             d="M 0,0 H 512 V 512 H 0 Z"
-             clip-rule="evenodd"
-             id="path233" />
-        </clipPath>
-        <image
-           clip-path="url(#slide_1599671233389.3)"
-           fill="#000000"
-           width="512"
-           height="512"
-           x="0"
-           y="0"
-           preserveAspectRatio="none"
-           xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAZYElEQVR42u3dvZHjzLWAYYXAEBgCQ2DdCBgCLNkMAY58JqAqRKBiCPSvgxAQAoxbMuTMJWsx+mZnZ2f5AzT6dD/GY33S7tYQg/Oi0QD/9vb29jcAoC5+CAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAAIAABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAAIAABAAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAAAsAPAQAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAD8EABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAAIAABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAAIAABAAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAAAgAAEAAAgAAAAAQAACAAAAABAEA8f//nv3dX+8xsfTYCAIDlhn9z9Zah1ucjAACoa/gLAAEAQIXDXwAIAAAqHP4CQAAAf/I///i//QftF7qryyenL/53xw9/zs7P1vAXAAIAWHfAbz8M99M0wPurt0Teo+FjJGx8Noa/ABAAwHzDfnfVfBj0bxkbPoTBQRQY/gJAAACPDfzbAD1fjZkP/HujoJsixnPchr8AEADAh+X8pqCBf08Q3FYzDj5/w18ACACocegfE9+3z9V5CiC3Cwx/ASAAwNAXA44Zw18ACACIPfibAJv3cjNO+wb2jiHDXwAIAIh2tX+q5J5+ij0DR6sC1Q9/ASAAIPsX8LjaX3ZVwJMEdQ5/ASAAINtl/sGQTrpXwO2Buoa/ABAAYPDz0xsJhcDXw397dVnIIAAEABj8CIG6wmJ3NQoAAQC1Df6DwZ/9rQF7BMoc/gJAAIDNffzRyVMDxQ1/ASAAIOng30w7zw3VmE8NHB3HxQx/ASAAINnwP3qOvwi3Ny/uHNPhh78AEACw+ODfWe53W4Dshr8AEACw6PBvDcri3yroaYGYw18ACABY7Krfl/RYDSDf4S8ABAC414+9ARUOfwEgAGDWHf5ng7B6nhSIMfwFgACA2Zb8vdCHjy8Q2hj+WQ9/ASAAYJbX+Bp6fLVBcGf4CwABAGUO/66SQXaZrmrbSTO9zfARxw///0slj0be9oI0hr8AEABQ1v3+vsBhdZkG9CHV1ev0s3wPhFOhYdAa/osYBYAAAPf7n7uy76ar+W2mP+fjtPJQwlMVXcn7AlYY/t1tgAsAAQAph9IYfHNalgP/zp99G3zlpS8xAtYY/tPfKwAEANjs982y/u3K81DYZ7GdVgf6oBGwNfxfG/4CQACA4f+1y/Rv3lTw2WynlYEhWJjtDP/nh78AEABg+P88VE4lXV0+8VntAz2ZEToC1h7+AkAAgOH/48q38Xl9uSowioAyh78AEACw5BA5BljmP/is/viIYe4hEC4CroPzvPbwFwACAGq88u99BW1xIRAqAq6Dc3PVrzn8ZwiA27/fNzgKAAgx/C31lx0CIuCB4f9iABj+AgBCDP+xljfJJd4j0ImAbCOgu/Pvbw1/AQBzDIVDpi/u2fp8Fn1qoPeyoKwioHvg724NfwEApb3hb3CfP+nn34qALCKge/DvbQ1/AQCvLgfnNPxPtX+X/IoRmNNqQBfp5zdDBHRP/J2t4S8A4JVNYX1G939d9VsN+CkGK4mA7sm/rzX8BQA8e7I/Z3Sv30kqr9WAXF4t3BQeAd0Lf1dr+AsAiHyld/R5ZLs6dPZkwKIR0L3497SGvwCAiDv+LfkLxUc2hW4Ki4Buhr+jNfwFAETb9Ndb8g8XjGsfM+doP7dvIqCb6c9vDX8BAI+czNfe9NcZ/vYFPKktIAK6Gf/s1vAXABBlObfzOXhq5EW7wBHQzfzntoa/AIB73/pmNzdzRMDFfoAswqI1/AUA3HPSHgz/2U/A+6tmOhF/1kz/fVPoMdV5P0AWAWD4CwDI9mTdFHTC3V2dnnjZy3Bb/r06OK5mcxAA5QamAID4S/9NASfZ2/3b4zTE5/iyl3G6ctuKALcCEABQ4tJ/CcP/OA3spb7zvS3hCm7FCHArAAEAvzkxnwz/p5f6+wUH/+cVgUMBx9paTwd4mRQCAL54btujfvO8XCWFLvJqwIqPCA5+3xEA8PMJ+WL4Pzz8u5WGfxHPcq94y6n1O48AgB8n4maN1/sG3+jXrzz8S4mA3QqvDR5tCEQAYPj/uAob7ch+KAAumQz/UiLgYPUJAeCHQPqTb+v1rKGW/X8bAY7Deo5DBAC8etJd45v+msDDv8l0+L87BT8ez4mPxYvzAAKAWgOgs+x69/DfLvyM/1z2gY/HNTYFeiwQAUCVV//u+8e97//da4Qj7wfYWwVAAEBZV/+R7/vvgwz//74x0H4AqwAIAMjh6j/0QAp09f/xbYGb4MdobxUAAQCxr/774MM/2tX/u2PwY3RnFQABALGv/nfBA6ALGgCDR1StAiAAYK2TavhvXwuy8/93dgUcr4NYRQBArLf+hX/d6u1b9wIP//CbAVd4KsDbAREAFBsAjRf+PBQAp+ABcCnkuE35gqCtcwUCgBIDYHA/tejd/7+wb8U3BSIAMPz3dlQ/HABvBdgWcvym2rsyOF8gAPDoX+W7qQsJgH0hx2/K/SsH5wwEACVt/nMPtY7n/4sMgMSrAGfnDQQANv9Vuou6oABoCwvZVKsAG+cOBAAlnDgvnqMWAFYBHnJ07kAAYAd1hW9SKygAmsKO51SrAL3zBwKA6CfMo53/TwXA1h6A6je0eicAAoDQJ8ve1ZKnAKxquQ2AAMDyv7f+3R8AgxcBVf12QLcBEADY/V/yO/+/CYBz8AAYCj62D54GQACUdcLd3b7HfPoK1ss3V2DD9N+76X/vW7zWu0rqCj4ej8EDoCv8+B6sbiEAYp9kD9Mgf/VrV8fpz/EWr79OkB79ez1IPQGQ7/F98lKgZf3rf/+zX4iLtloD4Hpi2tyeT17wHusw/fmbiof/wXvTq98HsCn8GE+xx2WsPACaq7eFWF2pLQCmwTwmOgGOtYZAoqujtoLj9Wj5v/qnXHYiQAQIgNdfrLLW1dRQ262BRCfGbSWrVaPH/6p+z0X1jwOKAAHwykn0lMlJ8VTDakCiL/+p5hGpaW9JpOF/qSh0t/YBiAABkO/VU5/ZybEv5TvSvzkp7hOcFE+V7VkZXf1Xu9o1CgARIAAe30Gd6waqseRHBxN9YUpV90UD7QXoajtxJtrvYte6CBAADwz/3K+Yio2ABN/+V+UV0fTuidyP6Ro3vO69D0AECIA8TpLbQMulRUZAgm9LO1caALkf2/taB5JbXiJAALjn/+wTApuCToRbu6KrfDlQ1VeoCVa9Loa+CBAA358co747/VLQifDgfujix3mT2fHb1j6IUux7MfBFgAAo74UpRZ1EE5wI7Yj+KwJyuB3gK2vT7QOwEVAECIAE90b76Zn9/edH9qa/az+94W/u2w3bAk6EZ0uhVWx2HWtf9l9hH4DvGREBAmDBF6V0j27Km4Kgcysg2b3Q1snul30vlxXeZeFqNP37ABz7IkAAfPGK3zlOaPsZrsb62ndSuwoq+pbA6H7/t8d+56uvRYAAiLXxr5v533OqdRUg0SuAt05y364GLPVlV13pb7AMsP/F7S8RIAA+Lb+/9G7+THdp74OeAPd2QmcTAs0McdxPm2s3fq5ZHP82wIoAATDT1Xa38L/tWNvrVBM8Atg7sT0VA4fpd+Xyzeuxx+m/n6Z4cLWf4TswVhqklwUHaWSNAFj35DbkvMz+whXYaAnUEij2wORwC0wA1BEBtbwRbUx1dfPit7gdBIBd0HgS4JO9ABABAuDHZqfsX7jzwn6ALuDJzyOA1B4AFwEgAgTA8oP1EuXbyp68VdE7+a1/8oPMHgVsBYAIEACBrqqf3awoAAQAboMJABEgAOZ5/O+w0r93V8PjgAm+Btjb5xAAAkAEVB4A+2hX1E9uBjwEO/l5BwC1B0AjAIgYAdFeexrqnvqTexZaASAA8DKgNR+FFQB1REDpTwBcVv43dwJAACAABEBVDgJAADz7bxYAAgABIABi6q82AkAACAABkNOrgfff8N5/ASAAKhv+AsAtAAFQxoDfTe/+b6dj7vLCK7P76f/fTX/e3ncECADKG/7RAuBgE2B1ATAYMF9ezb8P+8sCXwH89ocvDmqjfnOlABAAhn9ljwGuubxZw/cBWAFIdoV/TDzw71phm/5dWwEgAAx/AeBFQPW9CEgALHf8nF5Yyk+trzUGBIDhLwC8CrjWVwELgHkjN9LQ/51zxG+2FAACoKbhHzEAnl0C3Sb+dz77lcC9AKgvAKZ7+pfgQ/8rw7RnYCMABIDhLwDWeBIg+SrAC//OkwCoJwCmt1sOBQ7+rzYQFhsC1+P0sPDvwVkAGP4C4Pn76je7hMu4Yw0bAFMEwNXW4BcCmf8OlPhlQM1VG9DJ8C80AKaT5yvPN28yvk0xBj359b4O+KEnWfoKB/9XIdAIgHwDIKLbcJ6GtOFfcACcXtmclOGLf1bdrDjDye8iAO7aE3I2+L98jHBXQACcBIDhLwDyfhxw0UH74vB/i3oiTBAAxwI2+I2GfTkvv1rhd6Ax5A1/ATDfsO3nejJgpqu7S+CTX+fqx1X/TO8R2Ab9HXAbzPAXAIFWAWa5Dznd051jM9c+cAC0pe2Anmmz6mCoP/U7uQ/4O/AmAAx/ARBrFeDjs8rNIxsEZ35u+xx8+bMt7RnoGXb4W/J/TRPo+N94FNbwFwDrLLGOC7zBrP3wNam7yX56zWk38985Rn91aoKXoLxVGKUEiQDHv+EvANbdYBX5JHeMfgClOAFGeBeA4V9nBNw2qS587PeGvuEvAMo78Z5LOYhqvwf64qOpBH45VoJHAC8Gv+EvAL6/FdAH3PG8KSgAxlqfBChgFSrCxsBtxsf+xVMwhr8AEAGPnNB2JR1ECU6C54yPOxv+ErwwqOLVr6Phb/gLgPsevRoN/yKXQQe3n9wKqHT/y97wN/wFQPyVgKHE4Z9oI1R2GwFnehcFD/z+VHrcbwx/w18APBYBF/f8i7sSalz9WwXI7Lg/17jyZfgLgAgh0GZy0jrVcCAlCIAus+PLvf/Kn5xJsPn1Yvgb/gLgtX0B/YpL/tXcv0vwPvQho+PKzv/1bDI53ncJoretNAAMfwEw++tZh4Qb/arbuZvgS4FudpkcT577r/w2QIJXYPsOAARAoBB4+DsFbASM+UhUhntMfHVweSteVW8ARAAsfWvgNEMMDNOfs6v9QEq0JNpncvy4/1/xOwFSfAGQVwAjANI9ztVMmwYvk/GLZf33/9ZO//utAyj5pqgsHgc0hKsPgKa2Ta8IAFj7sagsbgMYwnW/DyDRcd44pyAAsA8gs6VRQ3hdKx/j2wTHuPv/CADCBUCqk+NWAFgBELkgAMgrAobSn482hOvdA5Do+D45lyAAiBgApwQnyEEACIBCn3Tx/D8CgLABcEh0kjwIAAFQ4MuuRucRBAAeB8z0PemGcH0BkOjZf4//IQDwWuCcNwMawlUGQFv6yhYCACLdBugEgAAoaFXL8j8CALcBcl4FMITrCoBEb/6z/I8AwG2A3E+ahnB1ATDY/Y8AgPwemUq+CmAI1xMACa/+B+cNBABeCpT5KoAhXFUApDqGW+cMBAAlBcCxxFUAQ7iOAEi48z+Lb7lEAEDEZ6dvzgJAAMx87I6lHbsgAChxM2CyTVSGcBUBcEp43Hr2HwGAzYARvkXNEC47ABIfszb/IQAoOgIuCU+oRwEgAByvIADIIwCahCfUcekNVYZwuQGwwrG6cY5AAOCRwCBfFGQIlxkAiTf+efQPAYBVgGhLq4ZwsQFwdvWPAID4qwCL3Qq4DqE9q9kVEqidcwICAKsAQW8FUMxxuU289D968Q8CAKsA7rOy/jHZOyYRAFDeKoBvWSOXF/64948AwBWXky6VxqirfwQAVZ949yuceHsRwKe3/Y2Jj8HBMYgAwAk47dvW7Lzm8/P+wwrHX+PnjwDASfjHzus3S7CsMPz7FY47T6QgAODDybhdKQJcidV7zHUrHXO7Gn/ef//nvw9XbnsIAMhmKdZXsBr+KZ1q/Zlfh3971YsAAQC5bAh8fzJg5zMw/G38+++w3iwUAG8iQADA707OZxFAYY/7hVppug3naUh3CwWACBAA8NtbAaMIoLDhfw42/N8HdbdQAIgAAQBfnqgPK56oRUCZx9Rp5WNqE3D4zxoBXwSACBAAkNV92vcTto2BjqVqlv6/Gf6zRcBvAkAECADI6qkAjwga/tXs+r9j+M8SAd8EgAgQAPDLyXu38snby4K85KfoV04/MPxfjoA/BIAIEADwy4n8mEEEdN7bHi4c1x7+2e8leWL4vxQBdwSACBAAkM2jgZ+v5rY+jxAbSMcMjpem0OH/dATcGQAiQABAdvsB3q/q9j6TbI+TNoNjJPsvmpph+D8VAQ8EgAgQAPDLsu6YyQnevoD8AvGSybHRVzL8H46ABwNABAgAyOZFLm4JWPIP/bz/AsP/oQh4IgBEgACALJd530/4R5/Lalf9p8yOhV2Fw//uCHgyAESAAICsnu3+5fvdrQYkv+ofMjsGmoqH/10R8EIAiAABAD8NgT6zATDaG7D4Z77N5ImQaDv+zwmG/x8j4MUAuPH7JQAgmxe9/O4rXz0psMytnzHDzzvCm/52V+PaESAABADUEAFuC8y78XPI9DPuovwcc4gAASAAYIll4THTAfH+FkEh8Pjnus/o0b7Qwz+XCBAAAgBKf0eAECh78Icc/jlEgAAQAFBzBLyHgD0CXy/19xE+v+g/67UiQAAIABABf+0RaCr/vLbT5r4hyGfWlfKzXyMCBIAAgBRDpQ8yUN4fHzzl/s1xCzzHfw70GRU1/FeMgFEACACo+emAP71e+FjiXoFpdeYUaIWm6OG/YgQIAAEAIuCOGGijrgxMP//DtOdhDPw5FP+q50ARIAAEADw0iLrAw+fjbYLztDqwy/hnvZ+i5VLAz/ytpj0aQSJAAAgAeOotcm8FGach205X2buVhv1xWtbvC/z5VvekRoAIEAACAJ5+zGwsbFB9ddvgPQze42A/2Tzws9p++P8105/VTX/2UMHPcFfr70nmESAABAC8tBGt9AHG886PhJIIEAACAOJtTrsYdnxiuOQfAT4jAQD2BeB+f4URIAAEAMy6kW00BKt1seQfKgIEgACA2W8JnA3D6q76j47/cBEgAAQALPZ6WqsB5at6l3/wCBAAAgCsBmCjX4UR4PMTAGA1gIfv9W8d2+EjQAAIAEi2GnAyPMPf628qHdTbq8tCBgEgAKCWlwd5b0A8p9p3+F8HZhPkW/4EgACA7G8LeIug5X4RIAAEAFQaAo39AdkOfi/0KTsCBIAAgCz2B7RCwOAXAQJAAEDdIeDWgMEvAgSAAICKbw0IgTTf2Gfw1xkBAkAAQNYhsPcyoUUe5+ts7qs+AgSAAIAQIbCdHkWzT+C11/Y2vrBHBAgAAQCRHyG0KnCfYQon7+sXAQJAAEBRmwYbMfDbJf6D40QECAABADXFwFjxlb4NfSJAAAgAqH7zYFvwa4fHKXaONvOJAAEgAID7gmAMeoX/PvDdzxcBAkAAAC88VXD4EAVDZi/l6aZ/296ufREgAAQAsHwY7Kahe5wG8HkayHOtHAwf/rzT9Hc0Br0IEAACAIi1irD/A0OdWwTsrvaZsXdEAAAAAgAAEAAAgAAAAAQAACAAAAABAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAIAABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAAIAABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAAIAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAAAgAPwQAEAAAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAIAAAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAAEAAAgAAAAAQAACAAAQAAAAAIAABAAAIAAAAABAAAIAABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAAIAABAAAAAAgAAEAAAgAAAAAQAACAAAAABAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAAAQAACAAAAABAAAIAAAAAEAAAgAAEAAAAACAACq9v/XbUszO93swgAAAABJRU5ErkJggg=="
-           id="image236" />
-      </g>
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 308.85565,279.07266 88.81888,-1.30975"
-         fill-rule="evenodd"
-         id="path240" />
-      <path
-         stroke="#e0e0e0"
-         stroke-width="1"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 308.85565,279.07266 88.81888,-1.30975"
-         fill-rule="evenodd"
-         id="path242" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 309.5223,281.29135 h 88.81891 v 17.13168 H 309.5223 Z"
-         fill-rule="evenodd"
-         id="path244" />
-      <path
-         fill="#666666"
-         d="m 314.18793,287.3647 q -0.32813,0.45313 -0.89063,0.67188 -0.54687,0.21875 -1.29687,0.21875 -0.75,0 -1.34375,-0.34375 -0.57813,-0.35938 -0.89063,-1 -0.3125,-0.65625 -0.32812,-1.51563 v -0.53125 q 0,-1.39062 0.64062,-2.15625 0.65625,-0.76562 1.82813,-0.76562 0.96875,0 1.54687,0.5 0.59375,0.48437 0.73438,1.39062 h -0.8125 q -0.23438,-1.23437 -1.45313,-1.23437 -0.82812,0 -1.25,0.57812 -0.42187,0.57813 -0.42187,1.65625 v 0.5 q 0,1.04688 0.46875,1.65625 0.48437,0.60938 1.28125,0.60938 0.46875,0 0.8125,-0.0937 0.34375,-0.10938 0.5625,-0.34375 V 285.771 h -1.42188 v -0.65625 h 2.23438 z m 3.16187,-1.9375 q -1.04688,-0.29687 -1.53125,-0.73437 -0.46875,-0.4375 -0.46875,-1.07813 0,-0.71875 0.57812,-1.1875 0.57813,-0.48437 1.51563,-0.48437 0.64062,0 1.125,0.25 0.5,0.23437 0.76562,0.67187 0.28125,0.42188 0.28125,0.9375 h -0.8125 q 0,-0.5625 -0.35937,-0.875 -0.35938,-0.32812 -1,-0.32812 -0.59375,0 -0.9375,0.26562 -0.32813,0.26563 -0.32813,0.73438 0,0.375 0.3125,0.64062 0.3125,0.26563 1.07813,0.48438 0.78125,0.20312 1.20312,0.46875 0.4375,0.26562 0.64063,0.60937 0.21875,0.34375 0.21875,0.8125 0,0.75 -0.59375,1.20313 -0.57813,0.4375 -1.54688,0.4375 -0.64062,0 -1.1875,-0.23438 -0.54687,-0.25 -0.84375,-0.67187 -0.29687,-0.42188 -0.29687,-0.95313 h 0.8125 q 0,0.5625 0.40625,0.89063 0.42187,0.3125 1.10937,0.3125 0.64063,0 0.98438,-0.26563 0.34375,-0.26562 0.34375,-0.70312 0,-0.45313 -0.32813,-0.70313 -0.3125,-0.25 -1.14062,-0.5 z m 6.02603,2.29688 q -0.46875,0.53125 -1.34375,0.53125 -0.73438,0 -1.125,-0.42188 -0.375,-0.42187 -0.375,-1.25 v -2.98437 h 0.78125 v 2.95312 q 0,1.04688 0.84375,1.04688 0.89062,0 1.1875,-0.67188 v -3.32812 h 0.78125 v 4.57812 h -0.73438 z m 2.78756,0.45312 h -0.78125 v -4.57812 h 0.78125 z m -0.84375,-5.78125 q 0,-0.1875 0.10938,-0.3125 0.125,-0.14062 0.34375,-0.14062 0.23437,0 0.34375,0.14062 0.125,0.125 0.125,0.3125 0,0.1875 -0.125,0.3125 -0.10938,0.125 -0.34375,0.125 -0.21875,0 -0.34375,-0.125 -0.10938,-0.125 -0.10938,-0.3125 z m 3.16315,0.0937 v 1.10938 h 0.84375 v 0.60937 h -0.84375 v 2.84375 q 0,0.26563 0.10938,0.40625 0.10937,0.14063 0.39062,0.14063 0.14063,0 0.375,-0.0625 v 0.64062 q -0.3125,0.0781 -0.60937,0.0781 -0.51563,0 -0.78125,-0.3125 -0.26563,-0.3125 -0.26563,-0.89063 v -2.84375 h -0.84375 V 283.599 h 0.84375 v -1.10938 z m 3.65579,5.76563 q -0.92187,0 -1.51562,-0.60938 -0.57813,-0.60937 -0.57813,-1.625 v -0.14062 q 0,-0.6875 0.25,-1.21875 0.26563,-0.53125 0.73438,-0.82813 0.46875,-0.3125 1.01562,-0.3125 0.89063,0 1.375,0.59375 0.5,0.57813 0.5,1.67188 v 0.32812 h -3.09375 q 0.0156,0.67188 0.39063,1.09375 0.39062,0.42188 0.96875,0.42188 0.42187,0 0.70312,-0.17188 0.28125,-0.17187 0.5,-0.45312 l 0.48438,0.375 q -0.57813,0.875 -1.73438,0.875 z m -0.0937,-4.09375 q -0.46875,0 -0.79687,0.34375 -0.3125,0.34375 -0.39063,0.96875 h 2.28125 v -0.0625 q -0.0312,-0.59375 -0.32812,-0.92188 -0.28125,-0.32812 -0.76563,-0.32812 z m 2.75782,5.23437 -0.4375,-0.29687 q 0.39062,-0.54688 0.40625,-1.14063 v -0.70312 h 0.76562 v 0.60937 q 0,0.42188 -0.20312,0.84375 -0.20313,0.4375 -0.53125,0.6875 z m 7.38894,-2.82812 h -2.57812 l -0.57813,1.60937 h -0.82812 l 2.34375,-6.15625 h 0.70312 l 2.35938,6.15625 h -0.82813 z m -2.32812,-0.67188 h 2.09375 l -1.04688,-2.875 z m 7.97497,0.67188 h -2.57812 l -0.57813,1.60937 h -0.82812 l 2.34375,-6.15625 h 0.70312 l 2.35938,6.15625 h -0.82813 z m -2.32812,-0.67188 h 2.09375 l -1.04688,-2.875 z m 4.58435,2.28125 v -6.15625 h 1.73437 q 0.79688,0 1.40625,0.35938 0.625,0.35937 0.95313,1.01562 0.34375,0.64063 0.35937,1.5 v 0.39063 q 0,0.875 -0.34375,1.53125 -0.32812,0.65625 -0.95312,1 -0.625,0.34375 -1.45313,0.35937 z m 0.8125,-5.48437 v 4.82812 h 0.84375 q 0.9375,0 1.45312,-0.57812 0.53125,-0.59375 0.53125,-1.67188 v -0.35937 q 0,-1.04688 -0.5,-1.625 -0.48437,-0.59375 -1.39062,-0.59375 z m 4.27603,6.70312 -0.4375,-0.29687 q 0.39062,-0.54688 0.40625,-1.14063 v -0.70312 h 0.76562 v 0.60937 q 0,0.42188 -0.20312,0.84375 -0.20313,0.4375 -0.53125,0.6875 z"
-         fill-rule="nonzero"
-         id="path246" />
-      <path
-         fill="#666666"
-         d="m 314.18793,297.3647 q -0.32813,0.45313 -0.89063,0.67188 -0.54687,0.21875 -1.29687,0.21875 -0.75,0 -1.34375,-0.34375 -0.57813,-0.35938 -0.89063,-1 -0.3125,-0.65625 -0.32812,-1.51563 v -0.53125 q 0,-1.39062 0.64062,-2.15625 0.65625,-0.76562 1.82813,-0.76562 0.96875,0 1.54687,0.5 0.59375,0.48437 0.73438,1.39062 h -0.8125 q -0.23438,-1.23437 -1.45313,-1.23437 -0.82812,0 -1.25,0.57812 -0.42187,0.57813 -0.42187,1.65625 v 0.5 q 0,1.04688 0.46875,1.65625 0.48437,0.60938 1.28125,0.60938 0.46875,0 0.8125,-0.0937 0.34375,-0.10938 0.5625,-0.34375 V 295.771 h -1.42188 v -0.65625 h 2.23438 z m 2.06812,0.8125 h -0.78125 v -4.57812 h 0.78125 z m -0.84375,-5.78125 q 0,-0.1875 0.10937,-0.3125 0.125,-0.14062 0.34375,-0.14062 0.23438,0 0.34375,0.14062 0.125,0.125 0.125,0.3125 0,0.1875 -0.125,0.3125 -0.10937,0.125 -0.34375,0.125 -0.21875,0 -0.34375,-0.125 -0.10937,-0.125 -0.10937,-0.3125 z m 3.16314,0.0937 v 1.10938 h 0.84375 v 0.60937 h -0.84375 v 2.84375 q 0,0.26563 0.10938,0.40625 0.10937,0.14063 0.39062,0.14063 0.14063,0 0.375,-0.0625 v 0.64062 q -0.3125,0.0781 -0.60937,0.0781 -0.51563,0 -0.78125,-0.3125 -0.26563,-0.3125 -0.26563,-0.89063 v -2.84375 h -0.84375 V 293.599 h 0.84375 v -1.10938 z m 6.60892,5.6875 h -0.8125 v -2.84375 h -3.09375 v 2.84375 h -0.8125 v -6.15625 h 0.8125 v 2.64063 h 3.09375 v -2.64063 h 0.8125 z m 4.15533,-0.45312 q -0.46875,0.53125 -1.34375,0.53125 -0.73437,0 -1.125,-0.42188 -0.375,-0.42187 -0.375,-1.25 v -2.98437 h 0.78125 v 2.95312 q 0,1.04688 0.84375,1.04688 0.89063,0 1.1875,-0.67188 v -3.32812 h 0.78125 v 4.57812 h -0.73437 z m 5.81879,-1.78125 q 0,1.04687 -0.48437,1.6875 -0.48438,0.625 -1.29688,0.625 -0.85937,0 -1.34375,-0.60938 l -0.0312,0.53125 h -0.71875 v -6.5 h 0.78125 v 2.4375 q 0.46875,-0.59375 1.29688,-0.59375 0.84375,0 1.3125,0.64063 0.48437,0.625 0.48437,1.71875 z m -0.78125,-0.0937 q 0,-0.79688 -0.3125,-1.23438 -0.3125,-0.4375 -0.89062,-0.4375 -0.76563,0 -1.10938,0.71875 v 1.98438 q 0.35938,0.71875 1.125,0.71875 0.5625,0 0.875,-0.4375 0.3125,-0.4375 0.3125,-1.3125 z m 1.73148,3.54687 -0.4375,-0.29687 q 0.39062,-0.54688 0.40625,-1.14063 v -0.70312 h 0.76562 v 0.60937 q 0,0.42188 -0.20312,0.84375 -0.20313,0.4375 -0.53125,0.6875 z m 8.73266,-4.09375 q 0,0.90625 -0.3125,1.57813 -0.29687,0.67187 -0.85937,1.03125 -0.5625,0.34375 -1.29688,0.34375 -0.73437,0 -1.29687,-0.34375 -0.5625,-0.35938 -0.875,-1.01563 -0.3125,-0.67187 -0.3125,-1.54687 v -0.4375 q 0,-0.89063 0.29687,-1.5625 0.3125,-0.6875 0.875,-1.04688 0.57813,-0.35937 1.29688,-0.35937 0.75,0 1.3125,0.35937 0.5625,0.34375 0.85937,1.03125 0.3125,0.67188 0.3125,1.57813 z m -0.8125,-0.40625 q 0,-1.09375 -0.4375,-1.67187 -0.4375,-0.59375 -1.23437,-0.59375 -0.76563,0 -1.21875,0.59375 -0.4375,0.57812 -0.4375,1.625 v 0.45312 q 0,1.0625 0.4375,1.67188 0.45312,0.59375 1.23437,0.59375 0.78125,0 1.20313,-0.5625 0.4375,-0.57813 0.45312,-1.64063 z m 3.18555,1.15625 -0.5,0.51563 v 1.60937 h -0.78125 v -6.5 h 0.78125 v 3.9375 l 0.42187,-0.5 1.42188,-1.51562 h 0.95312 l -1.78125,1.92187 1.98438,2.65625 h -0.90625 z m 4.16855,-3.5625 v 1.10938 h 0.84375 v 0.60937 h -0.84375 v 2.84375 q 0,0.26563 0.10937,0.40625 0.10938,0.14063 0.39063,0.14063 0.14062,0 0.375,-0.0625 v 0.64062 q -0.3125,0.0781 -0.60938,0.0781 -0.51562,0 -0.78125,-0.3125 -0.26562,-0.3125 -0.26562,-0.89063 v -2.84375 h -0.84375 v -0.60937 h 0.84375 v -1.10938 z m 4.59329,5.6875 q -0.0781,-0.14062 -0.10938,-0.48437 -0.54687,0.5625 -1.3125,0.5625 -0.67187,0 -1.10937,-0.375 -0.4375,-0.39063 -0.4375,-0.96875 0,-0.71875 0.54687,-1.10938 0.54688,-0.39062 1.53125,-0.39062 h 0.76563 v -0.35938 q 0,-0.42187 -0.25,-0.65625 -0.25,-0.25 -0.71875,-0.25 -0.42188,0 -0.70313,0.21875 -0.28125,0.20313 -0.28125,0.5 h -0.79687 q 0,-0.32812 0.25,-0.64062 0.25,-0.32813 0.65625,-0.51563 0.42187,-0.1875 0.92187,-0.1875 0.78125,0 1.23438,0.39063 0.45312,0.39062 0.46875,1.09375 v 2.10937 q 0,0.625 0.15625,1 v 0.0625 z m -1.29688,-0.59375 q 0.35938,0 0.6875,-0.1875 0.32813,-0.1875 0.48438,-0.5 v -0.9375 h -0.60938 q -1.4375,0 -1.4375,0.84375 0,0.35938 0.23438,0.57813 0.25,0.20312 0.64062,0.20312 z m 3.19291,0.1875 q 0,-0.20312 0.10937,-0.34375 0.125,-0.14062 0.35938,-0.14062 0.25,0 0.375,0.14062 0.125,0.14063 0.125,0.34375 0,0.1875 -0.125,0.32813 -0.125,0.125 -0.375,0.125 -0.23438,0 -0.35938,-0.125 -0.10937,-0.14063 -0.10937,-0.32813 z m 2.27816,0 q 0,-0.20312 0.10938,-0.34375 0.125,-0.14062 0.35937,-0.14062 0.25,0 0.375,0.14062 0.125,0.14063 0.125,0.34375 0,0.1875 -0.125,0.32813 -0.125,0.125 -0.375,0.125 -0.23437,0 -0.35937,-0.125 -0.10938,-0.14063 -0.10938,-0.32813 z m 2.2782,0 q 0,-0.20312 0.10938,-0.34375 0.125,-0.14062 0.35937,-0.14062 0.25,0 0.375,0.14062 0.125,0.14063 0.125,0.34375 0,0.1875 -0.125,0.32813 -0.125,0.125 -0.375,0.125 -0.23437,0 -0.35937,-0.125 -0.10938,-0.14063 -0.10938,-0.32813 z"
-         fill-rule="nonzero"
-         id="path248" />
-      <path
-         fill="#ffffff"
-         d="m 489.86667,175.33333 h 145.85825 v 40 H 489.86667 Z"
-         fill-rule="evenodd"
-         id="path250" />
-      <path
-         stroke="#000000"
-         stroke-width="0.133858"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 489.86667,175.33333 h 145.85825 v 40 H 489.86667 Z"
-         fill-rule="evenodd"
-         id="path252" />
-      <path
-         fill="#ffffff"
-         d="m 484.53333,170 h 145.85828 v 40 H 484.53333 Z"
-         fill-rule="evenodd"
-         id="path254" />
-      <path
-         stroke="#000000"
-         stroke-width="0.133858"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 484.53333,170 h 145.85828 v 40 H 484.53333 Z"
-         fill-rule="evenodd"
-         id="path256" />
-      <path
-         fill="#212121"
-         d="m 532.92914,191.35 q -0.14063,1.125 -0.84375,1.73437 -0.70313,0.60938 -1.85938,0.60938 -1.26562,0 -2.03125,-0.89063 -0.75,-0.90625 -0.75,-2.42187 v -0.6875 q 0,-0.98438 0.35938,-1.73438 0.35937,-0.76562 1,-1.15625 0.65625,-0.40625 1.5,-0.40625 1.14062,0 1.8125,0.64063 0.6875,0.625 0.8125,1.73437 h -0.95313 q -0.125,-0.84375 -0.53125,-1.21875 -0.40625,-0.39062 -1.14062,-0.39062 -0.89063,0 -1.40625,0.67187 -0.5,0.65625 -0.5,1.89063 v 0.6875 q 0,1.15625 0.46875,1.84375 0.48437,0.67187 1.35937,0.67187 0.78125,0 1.1875,-0.34375 0.42188,-0.35937 0.5625,-1.23437 z m 2.11816,2.25 h -0.90625 v -7.5 h 0.90625 z m 1.19239,-2.6875 q 0,-0.78125 0.3125,-1.39063 0.3125,-0.625 0.84375,-0.95312 0.54687,-0.34375 1.25,-0.34375 1.07812,0 1.73437,0.75 0.67188,0.73437 0.67188,1.98437 v 0.0625 q 0,0.76563 -0.29688,1.375 -0.29687,0.60938 -0.84375,0.95313 -0.54687,0.34375 -1.25,0.34375 -1.07812,0 -1.75,-0.73438 -0.67187,-0.75 -0.67187,-1.98437 z m 0.92187,0.10937 q 0,0.875 0.40625,1.40625 0.40625,0.53125 1.09375,0.53125 0.6875,0 1.07813,-0.53125 0.40625,-0.54687 0.40625,-1.51562 0,-0.875 -0.40625,-1.40625 -0.40625,-0.54688 -1.09375,-0.54688 -0.67188,0 -1.07813,0.53125 -0.40625,0.53125 -0.40625,1.53125 z m 8.29688,2.0625 q -0.53125,0.60938 -1.5625,0.60938 -0.84375,0 -1.28125,-0.48438 -0.4375,-0.5 -0.4375,-1.45312 v -3.4375 h 0.89062 v 3.40625 q 0,1.20312 0.98438,1.20312 1.03125,0 1.375,-0.76562 v -3.84375 h 0.90625 V 193.6 h -0.85938 z m 2.02832,-2.17187 q 0,-1.21875 0.5625,-1.95313 0.57812,-0.73437 1.51562,-0.73437 0.9375,0 1.46875,0.625 v -2.75 h 0.90625 v 7.5 h -0.82812 l -0.0469,-0.5625 q -0.54687,0.65625 -1.5,0.65625 -0.92187,0 -1.5,-0.75 -0.57812,-0.75 -0.57812,-1.96875 z m 0.90625,0.10937 q 0,0.89063 0.35937,1.40625 0.375,0.5 1.03125,0.5 0.85938,0 1.25,-0.76562 v -2.4375 q -0.40625,-0.73438 -1.23437,-0.73438 -0.67188,0 -1.04688,0.51563 -0.35937,0.5 -0.35937,1.51562 z m 10.17773,-0.29687 h -1.67187 v 2.875 h -0.9375 v -7.10938 h 2.34375 q 1.20312,0 1.84375,0.54688 0.65625,0.54687 0.65625,1.59375 0,0.65625 -0.35938,1.15625 -0.35937,0.48437 -1,0.73437 l 1.67188,3.01563 V 193.6 h -1.01563 z m -1.67187,-0.76563 h 1.4375 q 0.70312,0 1.10937,-0.35937 0.42188,-0.35938 0.42188,-0.96875 0,-0.65625 -0.40625,-1 -0.39063,-0.35938 -1.125,-0.375 h -1.4375 z m 8.34472,3.125 q -0.53125,0.60938 -1.5625,0.60938 -0.84375,0 -1.28125,-0.48438 -0.4375,-0.5 -0.4375,-1.45312 v -3.4375 h 0.89063 v 3.40625 q 0,1.20312 0.98437,1.20312 1.03125,0 1.375,-0.76562 v -3.84375 h 0.90625 V 193.6 h -0.85937 z m 3.09082,-4.76562 0.0312,0.65625 q 0.60938,-0.75 1.59375,-0.75 1.67188,0 1.6875,1.89062 V 193.6 h -0.90625 v -3.5 q 0,-0.5625 -0.26562,-0.82813 -0.25,-0.28125 -0.79688,-0.28125 -0.4375,0 -0.78125,0.23438 -0.32812,0.23437 -0.5,0.60937 V 193.6 h -0.90625 v -5.28125 z m 10.22754,3.875 q 0,-0.35938 -0.28125,-0.5625 -0.28125,-0.20313 -0.96875,-0.34375 -0.67187,-0.15625 -1.07812,-0.35938 -0.40625,-0.20312 -0.60938,-0.48437 -0.1875,-0.28125 -0.1875,-0.67188 0,-0.65625 0.54688,-1.09375 0.5625,-0.45312 1.40625,-0.45312 0.90625,0 1.45312,0.46875 0.5625,0.45312 0.5625,1.17187 h -0.90625 q 0,-0.375 -0.3125,-0.64062 -0.3125,-0.26563 -0.79687,-0.26563 -0.48438,0 -0.76563,0.21875 -0.28125,0.21875 -0.28125,0.5625 0,0.32813 0.25,0.5 0.26563,0.15625 0.9375,0.3125 0.6875,0.14063 1.10938,0.35938 0.42187,0.20312 0.60937,0.5 0.20313,0.29687 0.20313,0.71875 0,0.71875 -0.5625,1.14062 -0.5625,0.42188 -1.46875,0.42188 -0.625,0 -1.125,-0.21875 -0.48438,-0.23438 -0.76563,-0.625 -0.26562,-0.40625 -0.26562,-0.875 h 0.90625 q 0.0156,0.45312 0.35937,0.71875 0.34375,0.26562 0.89063,0.26562 0.51562,0 0.82812,-0.20312 0.3125,-0.21875 0.3125,-0.5625 z m 4.26563,1.5 q -1.07813,0 -1.75,-0.70313 Q 580.4057,192.2875 580.4057,191.1 v -0.15625 q 0,-0.79688 0.29688,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54687,-0.34375 1.17187,-0.34375 1.03125,0 1.59375,0.67187 0.57813,0.67188 0.57813,1.9375 v 0.375 h -3.57813 q 0.0156,0.78125 0.45313,1.26563 0.4375,0.48437 1.10937,0.48437 0.48438,0 0.8125,-0.1875 0.32813,-0.20312 0.57813,-0.53125 l 0.5625,0.4375 q -0.67188,1.01563 -2,1.01563 z m -0.10938,-4.73438 q -0.54687,0 -0.92187,0.40625 -0.375,0.39063 -0.45313,1.10938 h 2.64063 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32813,-0.39063 -0.89063,-0.39063 z m 5.7666,0.17188 q -0.20312,-0.0312 -0.4375,-0.0312 -0.89062,0 -1.20312,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26563,-0.70312 0.25,0 0.39062,0.0625 z m 2.65918,3.25 1.3125,-4.0625 h 0.92188 L 591.48773,193.6 h -0.6875 l -1.92187,-5.28125 h 0.92187 z m 4.09375,1.21875 h -0.90625 v -5.28125 h 0.90625 z m -0.98437,-6.6875 q 0,-0.21875 0.125,-0.35938 0.14062,-0.15625 0.40625,-0.15625 0.26562,0 0.40625,0.15625 0.14062,0.14063 0.14062,0.35938 0,0.21875 -0.14062,0.375 -0.14063,0.14062 -0.40625,0.14062 -0.26563,0 -0.40625,-0.14062 -0.125,-0.15625 -0.125,-0.375 z m 4.53613,6.04687 q 0.48438,0 0.84375,-0.28125 0.375,-0.29687 0.40625,-0.75 h 0.85938 q -0.0312,0.45313 -0.32813,0.875 -0.28125,0.40625 -0.76562,0.65625 -0.46875,0.23438 -1.01563,0.23438 -1.07812,0 -1.71875,-0.71875 -0.625,-0.71875 -0.625,-1.96875 V 190.85 q 0,-0.76563 0.28125,-1.35938 0.28125,-0.60937 0.8125,-0.9375 0.53125,-0.32812 1.25,-0.32812 0.89063,0 1.46875,0.53125 0.59375,0.53125 0.64063,1.375 h -0.85938 q -0.0312,-0.51563 -0.39062,-0.84375 -0.34375,-0.32813 -0.85938,-0.32813 -0.6875,0 -1.0625,0.5 -0.375,0.5 -0.375,1.4375 v 0.15625 q 0,0.92188 0.375,1.42188 0.375,0.48437 1.0625,0.48437 z m 5.3125,0.73438 q -1.07812,0 -1.75,-0.70313 -0.67187,-0.70312 -0.67187,-1.89062 v -0.15625 q 0,-0.79688 0.29687,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54688,-0.34375 1.17188,-0.34375 1.03125,0 1.59375,0.67187 0.57812,0.67188 0.57812,1.9375 v 0.375 h -3.57812 q 0.0156,0.78125 0.45312,1.26563 0.4375,0.48437 1.10938,0.48437 0.48437,0 0.8125,-0.1875 0.32812,-0.20312 0.57812,-0.53125 l 0.5625,0.4375 q -0.67187,1.01563 -2,1.01563 z m -0.10937,-4.73438 q -0.54688,0 -0.92188,0.40625 -0.375,0.39063 -0.45312,1.10938 h 2.64062 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32812,-0.39063 -0.89062,-0.39063 z m 6.29785,3.23438 q 0,-0.35938 -0.28125,-0.5625 -0.28125,-0.20313 -0.96875,-0.34375 -0.67188,-0.15625 -1.07813,-0.35938 -0.40625,-0.20312 -0.60937,-0.48437 -0.1875,-0.28125 -0.1875,-0.67188 0,-0.65625 0.54687,-1.09375 0.5625,-0.45312 1.40625,-0.45312 0.90625,0 1.45313,0.46875 0.5625,0.45312 0.5625,1.17187 h -0.90625 q 0,-0.375 -0.3125,-0.64062 -0.3125,-0.26563 -0.79688,-0.26563 -0.48437,0 -0.76562,0.21875 -0.28125,0.21875 -0.28125,0.5625 0,0.32813 0.25,0.5 0.26562,0.15625 0.9375,0.3125 0.6875,0.14063 1.10937,0.35938 0.42188,0.20312 0.60938,0.5 0.20312,0.29687 0.20312,0.71875 0,0.71875 -0.5625,1.14062 -0.5625,0.42188 -1.46875,0.42188 -0.625,0 -1.125,-0.21875 -0.48437,-0.23438 -0.76562,-0.625 -0.26563,-0.40625 -0.26563,-0.875 h 0.90625 q 0.0156,0.45312 0.35938,0.71875 0.34375,0.26562 0.89062,0.26562 0.51563,0 0.82813,-0.20312 0.3125,-0.21875 0.3125,-0.5625 z"
-         fill-rule="nonzero"
-         id="path258" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 491.2,176.66667 h 26.66675 V 203.3334 H 491.2 Z"
-         fill-rule="evenodd"
-         id="path260" />
-      <g
-         transform="matrix(0.05208346,0,0,0.05208346,491.2,176.66667)"
-         id="g267">
-        <clipPath
-           id="slide_1599671233389.4">
-          <path
-             d="M 0,0 H 512 V 512 H 0 Z"
-             clip-rule="evenodd"
-             id="path262" />
-        </clipPath>
-        <image
-           clip-path="url(#slide_1599671233389.4)"
-           fill="#000000"
-           width="512"
-           height="512"
-           x="0"
-           y="0"
-           preserveAspectRatio="none"
-           xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAUN0lEQVR42u3dsXEbVxSFYZWAElACSuC4ApSAErYEJs5RAivwoATkTrYEloBAkROYHHkomRZEUqJk7Pu/4EsVcEG8s/c8Xn04n88fAIAWPwQAEAAAAAEAABAAAAABAAAQAAAAAQAAEAAAAAEAABAAAAABAAAQAAAAAQAAEAAAAAEAABAAAAABAAAQAABAAAAABAAAQAAAAAQAAEAAAAAEAABAAAAABAAAQAAAAAQAAEAAAAAEAABAAAAABAAAQAAAAAQAAEAAAAABAAAQAAAAAQAAEAAAAAEAABAAAAABAAAQAAAAAQAAEAAAAAEAABAAAAABAAAQAAAAAQAAEAAAAAEAAAQAAEAAAAAEAABAAOj548+/9g/uHqz9PIZ4nqsHs+cJCAC8dGBsH5z/IQiM8UwPD06Pz9bPAxAA+NYb4/kZQWDZz3T3xbPc+5kAAgCXDoz5KyFAEBgn1KkEAAGAi/cAzt8gCCyzBvjyGaoEAAGAb94DEATGqwHOKgFAAOC19wAEgXGfqUoAEAB48R6AIDBODaASAAQA3nwPQBAYpwZQCQACAG++ByAIjFftqAQAAcBh8S4EgWXUACoBQADgu+8BCALLrwFUAoAA4B7AuwYAQWCZkx2VACAAuAcgCIRqgOeVwI2fHyAAeFsUBDo1wJdu/QwBAcA9AEGgGeyOj/+GnyUgALgHIAg0agCVACAAuAcgCIRrAJUAIAAYFwsCnqtKABAA3AMQBEo1gEoAEADcAxAEwjWASgAQANwDEATUOyoBQABwUAgCpRpAJQAIAO4BCALhGkAlAAgA7gEIAqY7KgFAAHAPQBAo1QAqAUAA8KYoCIRrAJUAIAC4ByAICHcqAUAAcA9AECjVACoBQABwD0AQCNcAKgFAADAqFgQ8W5UAIAC4ByAIlGoAlQAgALgHIAiEawCVACAAuAdwVTZqAJUAIADw6ZBYhwLAXg2gEgAEAD4fEveRAHCvBlAJAAIAnw+Ju9AUYB17ttf4lx4qAUAA8Jb4y01qAJUAIADQuwdwFPBUAoAAQO8ewLk2fl7AwieVACAAuAfwS+zUANd3QbP2Z5qAAGBM/D8sBvJ83dEABAB69wBOwee7pP/34aASAAQA9wB+lpvg8z0saWeDSgAQANwDsBWwW/OoBAABwAFhK2C05lEJAAKAA8JWwB98xkv9759VAoAA4B6A8fIPPN/JMwMEAOr3AI6mPCoBQACgdw/gXDxIFlwDqAQAAcAboq2A4RpAJQACgB+CewC2Agp5KgEQAHAPwFbAUg2gEgABAPcAbAUM1wAqARAAMCK2FdAzVgmAAIB7ALYClmoAlQAIALgHYCtguAZQCYAAgHsADgpVj0oABAAcDrYClmoAlQAIALgHYCtguAZQCYAAgHsAtgLGJz0qARAAcA/AVsBYDaASAAEAb4e2AoZrAJUACAC4B2ArYLQGUAmAAIB7AO2tgOEaQCUAAgDuAeS3Ak7xAKASAAEA4+HkVsC1w18lAAIA9XsAU/Q5zw7/J7NKAAQAAaB3D6C6FVAN8OyvQoq7IUAAoHwPoLoVUA1wYT+ESgAEAPcAbAVUA6gEAAHAPQBbAdUAKgFAAHAPwFZA0x6VACAAuAdgK6AaQCUACADeDG0FVAOoBAABwD0AWwGFPZUAIAC4B2AroBpAJQAIAO4B2AqoBlAJAAKA0bCtgJ61SgAQANwDsBVQDaASAAEA9wB+tq0aAJUACADuAQRHumoAVAIgALgHEHyTCz9vNYBKAAQA0vcANtFnrQZQCYAAQPoewN7EB5UACADuAQRHuGoAVAIgALgH0PzSrm4FVAOoBEAAIH0PYBL4UAmAAOAeQO+L+qAGQCUAAoB7AM0v6upWQDWASgAEANJj4a3njUoABAD3AGwFVAOgEgABwD0AWwHVAKgEQABwD8BWQDUApk4gADgQbAVUA/ADlcDa9w4IAO4B2AqoBmhWAlvfOyAAuAdgK6CpjwkUCAC4B2AroBpAJQACAN4IbQVUA6gEQADAPQBbAYU+lQAIALgHYCugGkAlAAIA7gH4+2w1gEoABACMhG0F9MxVAiAA4B6ArYBqAJUACAC4B+BtSw2gEgABgPw9gPJWQDWAkAoCgACQPgzW4eeuBlAJgAAgBGTvAZS3AqoBVAIgAAgA2XsAB5MfVAIgALgHYCugGgCVAAgA3gZtBVQDoBIAAcA9AFsBBT9UAiAAuAdgK6AaAJUACADuAdgKqAZAJQACgHGwUarnjs8xCADuAdgKqAZAJQACgHsAtgKqAVAJIADgHoCtgGoAVAIIADgIbAVUA6ASQADAPQBbAdUAqAQQAHAPwFZA0x++063vOAQA3AOwFVAN0HQsT7oQAPAmaCugGqBeCdz4vkMAwD0AWwGFP5UACADk7wHcqgEcjioBEADcA7AVUA2ASgAEAKNgWwE9e0y/QABwD2BUOzWAA1ElAAKAewC2AqoBUAmAAOAeQIEKyEGISgABwCFgK6AaAJUACADuAdgKqAZAJQACgHsAo7o3AXL4oRJAAPAWaCugGgBUAggAmQNg440n/fz3DjxUAggA3UPgZCugAAgCMgJA7xA42AroIiioBBAA3AOwFVANACoBBABjYFsBPX9QCSAAuAdgK6AaAJWA700EAPcAbAVUA6ASAAHAPQBbAdUAqAQQAHAA2AqoBkAlgACAewC2AqoBUAkgAOAegHGmKRB+hxAAcA/AVkA1ACoBBAC8AdoKqAZgwZXAxveqAIB7ALYCCoE0Tb5XBQDcA7AVUA1A9HdKJSAA4B6ArYBqAKJ/ZqsSEAAwArYV0GcAlQACAO4B2AqoBkAlgACAewC2AqoBUAkgAOAegK2AagBUAggA+PK30UwNgEoAAQD3AGwFVAOgEkAAwD0AWwFNglAJIADgHoCtgGoAVAIIAHj7sxVQDYBKAAEA9wBsBRQEUQkgAOAegK2AagBUAggAuAdgK6AaAJUAAoDxr62APgc+B6gEEADcA7AVUA0AKgEEAPcAbAVUA4BKAAHAPQBbAdUAoBIQAPDFbyugGgBUAgIA7gHYCqgGAJWAAIB7ALYCmgaBSkAAwD0AWwHVAKASEADw5mcroBoAVAICAO4BXIG9z4EwiEoAAcA9AFsB1QCgEkAAcA/AVkA1AKgE8EMw+jVS9FmAa3Ly57wCAO4B2AqoBiD8P3yqBAQA3AP4XiufBTUAyw7yKgEBAPcAbAVUA6ASQADAl76tgGoAVAIIALgHcOHNwWdBDYBKAAHAPQBbAU2EQCWAAOAegK2AagBQCQgAeOuzFVANACoBAQD3AGwFFAhBJSAA4B6ArYBqAFAJCAC4B2AroBoAVAICAMa+tgL6PIBKQADAPQBbAdUAoBIQAHAPwFZANQCoBAQA3AOwFVANACoBAQBf+LYCqgFAJSAA4B6ArYBqAFAJCAC4B2AroKkQqAQEANwDsBVQDQAqAQEAb3y2AqoBQCUgAOAegK2AQiGoBAQA3AOwFVANACoBAcCXvXsAtgKqAUAlIAAY+doK6DPhMwHpSsDh6B6ArYBqAJ8JCFYCvgRDfvv94+nBmY8CwOfPxL3PA3zVnQkAo3zRb/xCP1EB+EzAxReEByoAhvqyn/xiP3EJ8NNnYu+zAP8yPwZjlwAZ7cv+4Jf7iT8DNP6H/4z8a98NDkf9fy7h+zwY/0Nx5C8A+LKvswrY+B+SI38BQP9f5z8DMv6H5MhfAND/l/nvgE2EIDvyFwD0/2V7nwfjf4z8fQ8IAN72erY+E8b/GPkjAOj/bf8TCMHIXwBA/2/7n/E/GPkLAOj/bf8z/gcjfwEA417b/3wewMhfAED/b/uf8T8Y+QsA6P9t/zP+ByN/AQD9v+1/xv9g5C8A4Avf9j/jfzDyFwDQ/9v+Z/wPRv4CAPp/2/9Mg8DIXwBA/2/7n/E/GPkLAHjjs/3P+B+M/AUA9P+2/wmDGPkjAKD/t/3P+B8jfwQA9P+2/xn/Y+SPAGDka/ufz4LPAUb+CAD6f9v/jP/ByB8BQP9v+5/xP1zXX+0Y+QsA6P9t/zP+R2WHAIAvfdv/jP8ZdVpn5C8AoP9/Nz4Lxv8Y+SMA6P9t/zMJAiN/BAD9v+1/xv9g5I8A4K1vRGufBeN/jPwRAPT/tv8JgmDkjwCg/x/crc+B8T9G/ggA+n/b/4z/wcgfAcDY1/Y/nwMw8kcA0P8P9z+H+RwY/2PkjwCg/7f9z/gfjPwRAPT/tv8Z/4ORPwKAL37b/4z/wchfAPBD0P/b/mf8D0b+AgD6f9v/TIHAyF8AQP9v+5/xPxj5CwB487P9z/gfI38EAPT/tv8JgRj5IwCg/7f9z/gfI38EAPT/tv8Z/2PkjwCA0a/tfz4DGPkjAKD/t/3P+B8jfwQA9P+2/xn/Y+SPAID+3/Y/43+M/BEA8OVv+5/xP+/vZOQvAKD/t/3P+J+Wo5G/AID+3/Y/EyD8DiEAoP+3/c/4n4FH/je+RxEAvP3Z/mf8j5E/AgD6f9v/BECM/BEA0P/b/mf8j5E/AgD6f9v/jP8x8kcAwPjX9j/PHyN/BAD0/7b/Gf9j5I8AgP7f9j/jf4z8EQDQ/9v+Z/yPkT8CAA4AX3DG/xj5IwCg/7f9z/gfI38EAC4dAHe2/2Wf/dphh4kYAoA3QNv/TH8w8ve9iADgDdD2v8Dznx18GPkjADQPgJ3tf8IfRv4gAOj/bf8z/sfIHwQA/b/tf8b/GPmDAGAEbPufZ4+RPwgA+n/b/4z/MfIHAUD/7y3I+B8jfxAA9P+2/xn/I+wiAOAQuKJRqPG/g9HIHwQA/b/tf8b/GPmDAKD/t/3P5AcjfxAA9P8jWhn/M+jIf+v7DQEAb4G2/xn/h/6stbzXAgEA/f9rTIIfg9n7XkMAQP9v+5/xv5E/CADo/23/M/438gcBAGPgveeOzzEIAPp/2/+M/zHyBwFA/2/7n/E/Rv4gAOj/bf8z/sfIHwQAB4Htf8b/GPmDAKD/t/3P+B8jfxAA9P+2/5n6YOQPAoD+3/Y/43+M/BEA8CZo+5/xP0b+CADo/23/E/ow8kcAQP/vy9X438gfBAD0/7b/Gf8b+YMAgFGw7X+euakUCADo/23/M/438gcBAP2/7X/G/0b+IACg/7f9z/jfyB8EAOKHQXn7n/G/kT8IAAJAtv8vb/8z/jfyBwFAAMj2/2sTH4z8QQDQ/9v+Z/yPkT8IAN4GvYEZ/2PkDwKA/t/2P4EPgRMEAP2/7X/G/7xy5L/zXQMCgP7f9j/j/9bIf+N7BgQA42Db/zzvUMisLpkCAUD/b/uf8b+RPyAA6P9t/zP+N/IHBAD9v+1/xv9G/iAA4ECw/c/438gfBAD0/7b/Gf8b+YMAgP7fMhbTHiN/EADQ/9v+Z/xv5A8CAN4Ibf8z/jfyBwEA/b/tf8KekT8IAOj/89v/jP+N/EEAIN3/V7f/Gf8b+YMAQHYkfPCsMfIHAUD/b/uf8T9G/iAA6P9t/zP+x8gfBAD9/2jujf8x8gcBQP9v+5/xP0b+IADo/wNujP8x8gcBQP9v+59JD0b+IADo/23/M/438gcEAG+Fo9lFn7Xxv5E/CACk+/+VoIeRPwgA+v/WF/7R+B8jfxAABIBe/1/d/mf8b+QPAgDpsfDaczby9/sPAoD+3/Y/43/TH0AA0P/b/mf8P2LwM/IHAYB2/38TfMb18f/ByB8EANoHQ3X732TkDwgAlPv/6va/2cgfEAAo9/87Ux4jf0AAEAB6/X9x+99k5A8IAJTfDKvb/2Yjf0AAoNz/T0KekT8gAAgAvf6/uP1vEuwAAYBy/1/d/jcb+QMCAOX+f+8ZG/kDAoAA0Ov/i9v/JiN/QACg3P9Xt//NRv6AAEC5/78LPt+1kT8gAFDv/4vb/yYjf0AAoN7/F7f/zUb+gABAuf8/mvAY+QMCAL3+v7j9b/LMAAGAev9f3P43G/kDAgDl/v9ewDPyBwQAev1/cfvfZOQPCADU+//i9r+DkT8gAFDu/0/B57sy8gcEAOr9/53na+QPCAD0+v/i9r+DkT8gAFDv/1exZ3vt4/+jkT8gAOj/bf9rjf9v/Q4CAoADQsfcGf+fin+JAQgA+n/b/8rjfyN/QADQ/9v+F5vuGPkDAoD+3/a/0PjfyB8QAK7sgNiGAsAm9mxXRv6AAMClQ2JfWPwT/Z//dkb+gADApUNidvAb/xv5AwKAEbGD37M18gcEAP2/g9/438gfEAD0/w5+438jf0AA0P87+I3/jfwBAcAh4eDvjf+N/AEBQP/v4A+N/438AQFA/+/gj012jPwBAUD/7+CPjf+N/AEBwFuigz80/jfyBwQA/b+DPxbsjPwBAUD/7+CPjf+N/AEBQP/v4A+N/438AQHAmNjBH3uuRv6AAKD/d/DHxv9G/oAAoP938IfG/0b+gACg/3fwx8b/Rv6AAOCgcPDHxv9G/oAAoP938IfG/0b+gACg/3fwx6Y6s5E/IADo/x38rfH/3s8NEAC8KTr4O+P/x5H/1s8MEAD0/w7+TqibPTdAAND/O/hb438jf0AA0P87+EPjfyN/QABwULy5/3fwL/uZGvkDAgBv6v8d/Msf/xv5AwIAr+7/HfzLH/8b+QMCAK/u/x38Y4z/jfwBAYBXdcUO/nHG/0b+gADAi/2/g3+c8b+RPyAA8GL/7+Afa6Jj5A8IAACAAAAACAAAgAAAAAgAAIAAAAAIAACAAAAACAAAgAAAAAgAAIAAAAAIAACAAAAACAAAgAAAAAgAACAA+CEAgAAAAAgAAIAAAAAIAACAAAAACAAAgAAAAAgAAIAAAAAIAACAAAAACAAAgAAAAAgAAIAAAAAIAACAAAAAAgAAIAAAAAIAACAAAAACAAAgAAAAAgAAIAAAAAIAACAAAAACAAAgAAAAAgAAIAAAAAIAACAAAAACAAAIAACAAAAACAAAgAAAACzY33q1N4J2oiGSAAAAAElFTkSuQmCC"
-           id="image265" />
-      </g>
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 160,190 h 51.39952 v 0.063 h 51.40364"
-         fill-rule="evenodd"
-         id="path269" />
-      <path
-         stroke="#3a7df0"
-         stroke-width="1"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 160,190 h 51.39952 v 0.063 h 45.40364"
-         fill-rule="evenodd"
-         id="path271" />
-      <path
-         fill="#3a7df0"
-         stroke="#3a7df0"
-         stroke-width="1"
-         stroke-linecap="butt"
-         d="m 256.80316,191.71472 4.53809,-1.65173 -4.53809,-1.65174 z"
-         fill-rule="evenodd"
-         id="path273" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 332.26456,220 v 17.33858 h -0.0945 v 17.33859"
-         fill-rule="evenodd"
-         id="path275" />
-      <path
-         stroke="#3a7df0"
-         stroke-width="1"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 332.26456,220 v 17.33858 h -0.0945 v 11.33859"
-         fill-rule="evenodd"
-         id="path277" />
-      <path
-         fill="#3a7df0"
-         stroke="#3a7df0"
-         stroke-width="1"
-         stroke-linecap="butt"
-         d="m 330.51834,248.67717 1.65173,4.53809 1.65174,-4.53809 z"
-         fill-rule="evenodd"
-         id="path279" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 401.72913,190 h 41.4024 v 0.063 h 41.40076"
-         fill-rule="evenodd"
-         id="path281" />
-      <path
-         stroke="#3a7df0"
-         stroke-width="1"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 401.72913,190 h 41.4024 v 0.063 h 35.40076"
-         fill-rule="evenodd"
-         id="path283" />
-      <path
-         fill="#3a7df0"
-         stroke="#3a7df0"
-         stroke-width="1"
-         stroke-linecap="butt"
-         d="m 478.5323,191.71472 4.53809,-1.65173 -4.53809,-1.65174 z"
-         fill-rule="evenodd"
-         id="path285" />
-      <path
-         fill="#ffffff"
-         d="m 262.8,160 h 138.92914 v 60 H 262.8 Z"
-         fill-rule="evenodd"
-         id="path287" />
-      <path
-         stroke="#000000"
-         stroke-width="0.133858"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 262.8,160 h 138.92914 v 60 H 262.8 Z"
-         fill-rule="evenodd"
-         id="path289" />
-      <path
-         fill="#212121"
-         d="m 306.89896,175.81876 v 2.78125 h -0.9375 v -7.10938 h 2.625 q 1.15625,0 1.8125,0.59375 0.67187,0.59375 0.67187,1.57813 0,1.03125 -0.65625,1.59375 -0.64062,0.5625 -1.84375,0.5625 z m 0,-0.76563 h 1.6875 q 0.75,0 1.14062,-0.35937 0.40625,-0.35938 0.40625,-1.01563 0,-0.64062 -0.40625,-1.01562 -0.39062,-0.39063 -1.09375,-0.40625 h -1.73437 z m 4.91699,0.85938 q 0,-0.78125 0.3125,-1.39063 0.3125,-0.625 0.84375,-0.95312 0.54688,-0.34375 1.25,-0.34375 1.07813,0 1.73438,0.75 0.67187,0.73437 0.67187,1.98437 v 0.0625 q 0,0.76563 -0.29687,1.375 -0.29688,0.60938 -0.84375,0.95313 -0.54688,0.34375 -1.25,0.34375 -1.07813,0 -1.75,-0.73438 -0.67188,-0.75 -0.67188,-1.98437 z m 0.92188,0.10937 q 0,0.875 0.40625,1.40625 0.40625,0.53125 1.09375,0.53125 0.6875,0 1.07812,-0.53125 0.40625,-0.54687 0.40625,-1.51562 0,-0.875 -0.40625,-1.40625 -0.40625,-0.54688 -1.09375,-0.54688 -0.67187,0 -1.07812,0.53125 -0.40625,0.53125 -0.40625,1.53125 z m 5.875,-2.70312 0.0312,0.57812 q 0.57812,-0.67187 1.5625,-0.67187 1.10937,0 1.51562,0.84375 0.25,-0.375 0.67188,-0.60938 0.4375,-0.23437 1,-0.23437 1.75,0 1.78125,1.82812 v 3.54688 h -0.90625 v -3.48438 q 0,-0.5625 -0.26563,-0.84375 -0.25,-0.28125 -0.85937,-0.28125 -0.51563,0 -0.84375,0.29688 -0.32813,0.29687 -0.39063,0.8125 v 3.5 h -0.90625 v -3.46875 q 0,-1.14063 -1.125,-1.14063 -0.89062,0 -1.21875,0.75 v 3.85938 h -0.90625 v -5.28125 z m 10.10839,5.375 q -1.07812,0 -1.75,-0.70313 -0.67187,-0.70312 -0.67187,-1.89062 v -0.15625 q 0,-0.79688 0.29687,-1.40625 0.3125,-0.625 0.84375,-0.96875 0.54688,-0.34375 1.17188,-0.34375 1.03125,0 1.59375,0.67187 0.57812,0.67188 0.57812,1.9375 v 0.375 h -3.57812 q 0.0156,0.78125 0.45312,1.26563 0.4375,0.48437 1.10938,0.48437 0.48437,0 0.8125,-0.1875 0.32812,-0.20312 0.57812,-0.53125 l 0.5625,0.4375 q -0.67187,1.01563 -2,1.01563 z m -0.10937,-4.73438 q -0.54688,0 -0.92188,0.40625 -0.375,0.39063 -0.45312,1.10938 h 2.64062 v -0.0625 q -0.0312,-0.6875 -0.375,-1.0625 -0.32812,-0.39063 -0.89062,-0.39063 z m 5.7666,0.17188 q -0.20312,-0.0312 -0.4375,-0.0312 -0.89062,0 -1.20312,0.75 v 3.75 h -0.90625 v -5.28125 h 0.875 l 0.0156,0.60937 q 0.4375,-0.70312 1.26563,-0.70312 0.25,0 0.39062,0.0625 z m 1.82129,4.46875 h -0.90625 v -5.28125 h 0.90625 z m -0.98437,-6.6875 q 0,-0.21875 0.125,-0.35938 0.14062,-0.15625 0.40625,-0.15625 0.26562,0 0.40625,0.15625 0.14062,0.14063 0.14062,0.35938 0,0.21875 -0.14062,0.375 -0.14063,0.14062 -0.40625,0.14062 -0.26563,0 -0.40625,-0.14062 -0.125,-0.15625 -0.125,-0.375 z m 5.69238,6.17187 q -0.53125,0.60938 -1.5625,0.60938 -0.84375,0 -1.28125,-0.48438 -0.4375,-0.5 -0.4375,-1.45312 v -3.4375 h 0.89062 v 3.40625 q 0,1.20312 0.98438,1.20312 1.03125,0 1.375,-0.76562 v -3.84375 h 0.90625 v 5.28125 h -0.85938 z m 3.09082,-4.76562 0.0312,0.57812 q 0.57812,-0.67187 1.5625,-0.67187 1.10937,0 1.51562,0.84375 0.25,-0.375 0.67188,-0.60938 0.4375,-0.23437 1,-0.23437 1.75,0 1.78125,1.82812 v 3.54688 h -0.90625 v -3.48438 q 0,-0.5625 -0.26563,-0.84375 -0.25,-0.28125 -0.85937,-0.28125 -0.51563,0 -0.84375,0.29688 -0.32813,0.29687 -0.39063,0.8125 v 3.5 h -0.90625 v -3.46875 q 0,-1.14063 -1.125,-1.14063 -0.89062,0 -1.21875,0.75 v 3.85938 h -0.90625 v -5.28125 z"
-         fill-rule="nonzero"
-         id="path291" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 304.46667,184.7979 h 92.25195"
-         fill-rule="evenodd"
-         id="path293" />
-      <path
-         stroke="#e0e0e0"
-         stroke-width="1"
-         stroke-linejoin="round"
-         stroke-linecap="butt"
-         d="m 304.46667,184.7979 h 92.25195"
-         fill-rule="evenodd"
-         id="path295" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 306.13385,191.50131 h 92.25198 v 21.79527 h -92.25198 z"
-         fill-rule="evenodd"
-         id="path297" />
-      <path
-         fill="#666666"
-         d="m 308.33072,196.84395 q -0.17188,-0.0312 -0.375,-0.0312 -0.78125,0 -1.04688,0.65625 v 3.25 h -0.78125 v -4.57813 h 0.76563 v 0.53125 q 0.39062,-0.60937 1.09375,-0.60937 0.23437,0 0.34375,0.0625 z m 3.55411,3.42187 q -0.46875,0.53125 -1.34375,0.53125 -0.73438,0 -1.125,-0.42187 -0.375,-0.42188 -0.375,-1.25 v -2.98438 h 0.78125 v 2.95313 q 0,1.04687 0.84375,1.04687 0.89062,0 1.1875,-0.67187 v -3.32813 h 0.78125 v 4.57813 h -0.73438 z m 2.67816,-4.125 0.0312,0.57813 q 0.51562,-0.65625 1.35937,-0.65625 1.45313,0 1.46875,1.64062 v 3.01563 h -0.78125 v -3.03125 q 0,-0.48438 -0.23437,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67188,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -4.57813 z m 4.77615,0 0.0312,0.57813 q 0.51563,-0.65625 1.35938,-0.65625 1.45315,0 1.46878,1.64062 v 3.01563 h -0.78128 v -3.03125 q 0,-0.48438 -0.23438,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67187,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -4.57813 z m 4.88556,4.57813 h -0.78125 v -4.57813 h 0.78125 z m -0.84375,-5.78125 q 0,-0.1875 0.10938,-0.3125 0.125,-0.14063 0.34375,-0.14063 0.23437,0 0.34375,0.14063 0.125,0.125 0.125,0.3125 0,0.1875 -0.125,0.3125 -0.10938,0.125 -0.34375,0.125 -0.21875,0 -0.34375,-0.125 -0.10938,-0.125 -0.10938,-0.3125 z m 2.83502,1.20312 0.0312,0.57813 q 0.51563,-0.65625 1.35938,-0.65625 1.45312,0 1.46875,1.64062 v 3.01563 h -0.78125 v -3.03125 q 0,-0.48438 -0.23438,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67187,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -4.57813 z m 3.85428,2.25 q 0,-1.0625 0.48438,-1.6875 0.5,-0.64062 1.3125,-0.64062 0.84375,0 1.3125,0.59375 l 0.0312,-0.51563 h 0.71875 v 4.46875 q 0,0.89063 -0.53125,1.39063 -0.51563,0.51562 -1.40625,0.51562 -0.5,0 -0.96875,-0.21875 -0.46875,-0.20312 -0.71875,-0.5625 l 0.40625,-0.46875 q 0.5,0.60938 1.23437,0.60938 0.5625,0 0.875,-0.32813 0.32813,-0.3125 0.32813,-0.89062 v -0.39063 q -0.46875,0.53125 -1.28125,0.53125 -0.79688,0 -1.29688,-0.64062 -0.5,-0.64063 -0.5,-1.76563 z m 0.78125,0.0937 q 0,0.76563 0.3125,1.21875 0.32813,0.4375 0.89063,0.4375 0.75,0 1.09375,-0.67187 v -2.09375 q -0.35938,-0.65625 -1.07813,-0.65625 -0.57812,0 -0.90625,0.45312 -0.3125,0.4375 -0.3125,1.3125 z m 6.20252,-0.0937 q 0,-0.67187 0.25,-1.20312 0.26562,-0.54688 0.73437,-0.82813 0.48438,-0.29687 1.07813,-0.29687 0.9375,0 1.51562,0.65625 0.57813,0.64062 0.57813,1.70312 v 0.0625 q 0,0.67188 -0.26563,1.20313 -0.25,0.53125 -0.73437,0.82812 -0.46875,0.28125 -1.07813,0.28125 -0.9375,0 -1.51562,-0.64062 -0.5625,-0.64063 -0.5625,-1.71875 z m 0.78125,0.0937 q 0,0.76563 0.34375,1.23438 0.35937,0.45312 0.95312,0.45312 0.59375,0 0.9375,-0.46875 0.35938,-0.46875 0.35938,-1.3125 0,-0.75 -0.35938,-1.21875 -0.35937,-0.46875 -0.95312,-0.46875 -0.57813,0 -0.9375,0.46875 -0.34375,0.45313 -0.34375,1.3125 z m 5.09301,-2.34375 0.0312,0.57813 q 0.51563,-0.65625 1.35938,-0.65625 1.45312,0 1.46875,1.64062 v 3.01563 h -0.78125 v -3.03125 q 0,-0.48438 -0.23438,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67187,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -4.57813 z m 10.8566,3.76563 q -0.32812,0.45312 -0.89062,0.67187 -0.54688,0.21875 -1.29688,0.21875 -0.75,0 -1.34375,-0.34375 -0.57812,-0.35937 -0.89062,-1 -0.3125,-0.65625 -0.32813,-1.51562 v -0.53125 q 0,-1.39063 0.64063,-2.15625 0.65625,-0.76563 1.82812,-0.76563 0.96875,0 1.54688,0.5 0.59375,0.48438 0.73437,1.39063 h -0.8125 q -0.23437,-1.23438 -1.45312,-1.23438 -0.82813,0 -1.25,0.57813 -0.42188,0.57812 -0.42188,1.65625 v 0.5 q 0,1.04687 0.46875,1.65625 0.48438,0.60937 1.28125,0.60937 0.46875,0 0.8125,-0.0937 0.34375,-0.10937 0.5625,-0.34375 v -1.39062 h -1.42187 v -0.65625 h 2.23437 z m 5.86496,-1.14063 q -0.10937,0.98438 -0.71875,1.51563 -0.60937,0.51562 -1.60937,0.51562 -1.09375,0 -1.75,-0.78125 -0.65625,-0.78125 -0.65625,-2.09375 v -0.57812 q 0,-0.85938 0.29687,-1.51563 0.3125,-0.65625 0.875,-1 0.5625,-0.34375 1.3125,-0.34375 0.96875,0 1.5625,0.54688 0.59375,0.54687 0.6875,1.51562 h -0.8125 q -0.10937,-0.73437 -0.46875,-1.0625 -0.34375,-0.34375 -0.96875,-0.34375 -0.78125,0 -1.23437,0.57813 -0.4375,0.57812 -0.4375,1.64062 v 0.59375 q 0,1 0.42187,1.59375 0.42188,0.59375 1.17188,0.59375 0.67187,0 1.03125,-0.29687 0.375,-0.3125 0.48437,-1.07813 z m 1.93106,-0.45312 v 2.40625 h -0.8125 v -6.15625 h 2.26563 q 1.01562,0 1.57812,0.51562 0.57813,0.51563 0.57813,1.375 0,0.89063 -0.5625,1.375 -0.5625,0.48438 -1.60938,0.48438 z m 0,-0.67188 h 1.45313 q 0.65625,0 1,-0.29687 0.34375,-0.3125 0.34375,-0.89063 0,-0.54687 -0.34375,-0.875 -0.34375,-0.32812 -0.95313,-0.34375 h -1.5 z m 6.46317,0.75 q 0,-0.67187 0.25,-1.20312 0.26562,-0.54688 0.73437,-0.82813 0.48438,-0.29687 1.07813,-0.29687 0.9375,0 1.51562,0.65625 0.57813,0.64062 0.57813,1.70312 v 0.0625 q 0,0.67188 -0.26563,1.20313 -0.25,0.53125 -0.73437,0.82812 -0.46875,0.28125 -1.07813,0.28125 -0.9375,0 -1.51562,-0.64062 -0.5625,-0.64063 -0.5625,-1.71875 z m 0.78125,0.0937 q 0,0.76563 0.34375,1.23438 0.35937,0.45312 0.95312,0.45312 0.59375,0 0.9375,-0.46875 0.35938,-0.46875 0.35938,-1.3125 0,-0.75 -0.35938,-1.21875 -0.35937,-0.46875 -0.95312,-0.46875 -0.57813,0 -0.9375,0.46875 -0.34375,0.45313 -0.34375,1.3125 z m 6.56177,-1.64062 q -0.17188,-0.0312 -0.375,-0.0312 -0.78125,0 -1.04688,0.65625 v 3.25 h -0.78125 v -4.57813 h 0.76563 v 0.53125 q 0.39062,-0.60937 1.09375,-0.60937 0.23437,0 0.34375,0.0625 z"
-         fill-rule="nonzero"
-         id="path299" />
-      <path
-         fill="#666666"
-         d="m 308.95572,210.71895 q -0.0781,-0.14063 -0.10938,-0.48438 -0.54687,0.5625 -1.3125,0.5625 -0.67187,0 -1.10937,-0.375 -0.4375,-0.39062 -0.4375,-0.96875 0,-0.71875 0.54687,-1.10937 0.54688,-0.39063 1.53125,-0.39063 h 0.76563 v -0.35937 q 0,-0.42188 -0.25,-0.65625 -0.25,-0.25 -0.71875,-0.25 -0.42188,0 -0.70313,0.21875 -0.28125,0.20312 -0.28125,0.5 h -0.79687 q 0,-0.32813 0.25,-0.64063 0.25,-0.32812 0.65625,-0.51562 0.42187,-0.1875 0.92187,-0.1875 0.78125,0 1.23438,0.39062 0.45312,0.39063 0.46875,1.09375 v 2.10938 q 0,0.625 0.15625,1 v 0.0625 z m -1.29688,-0.59375 q 0.35938,0 0.6875,-0.1875 0.32813,-0.1875 0.48438,-0.5 v -0.9375 h -0.60938 q -1.4375,0 -1.4375,0.84375 0,0.35937 0.23438,0.57812 0.25,0.20313 0.64062,0.20313 z m 3.91166,-3.98438 0.0312,0.57813 q 0.51562,-0.65625 1.35937,-0.65625 1.45313,0 1.46875,1.64062 v 3.01563 h -0.78125 v -3.03125 q 0,-0.48438 -0.23437,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67188,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -4.57813 z m 5.54178,3.4375 1.0625,-3.4375 h 0.82812 l -1.82812,5.28125 q -0.4375,1.14063 -1.35938,1.14063 l -0.15625,-0.0156 -0.28125,-0.0469 v -0.64063 l 0.20313,0.0156 q 0.40625,0 0.625,-0.15625 0.21875,-0.15625 0.35937,-0.57813 l 0.17188,-0.46875 -1.625,-4.53125 h 0.85937 z m 6.64254,0.0625 0.875,-3.5 h 0.78125 l -1.32812,4.57813 h -0.625 l -1.125,-3.46875 -1.07813,3.46875 h -0.625 l -1.32812,-4.57813 h 0.76562 l 0.90625,3.42188 1.0625,-3.42188 h 0.625 z m 3.23926,-2.9375 q 0.51563,-0.64062 1.34375,-0.64062 1.45313,0 1.46875,1.64062 v 3.01563 h -0.78125 v -3.03125 q 0,-0.48438 -0.23437,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67188,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -6.5 h 0.78125 z m 5.87708,4.09375 q -0.92188,0 -1.51563,-0.60937 -0.57812,-0.60938 -0.57812,-1.625 v -0.14063 q 0,-0.6875 0.25,-1.21875 0.26562,-0.53125 0.73437,-0.82812 0.46875,-0.3125 1.01563,-0.3125 0.89062,0 1.375,0.59375 0.5,0.57812 0.5,1.67187 v 0.32813 h -3.09375 q 0.0156,0.67187 0.39062,1.09375 0.39063,0.42187 0.96875,0.42187 0.42188,0 0.70313,-0.17187 0.28125,-0.17188 0.5,-0.45313 l 0.48437,0.375 q -0.57812,0.875 -1.73437,0.875 z m -0.0937,-4.09375 q -0.46875,0 -0.79688,0.34375 -0.3125,0.34375 -0.39062,0.96875 h 2.28125 v -0.0625 q -0.0312,-0.59375 -0.32813,-0.92187 -0.28125,-0.32813 -0.76562,-0.32813 z m 4.99218,0.14063 q -0.17187,-0.0312 -0.375,-0.0312 -0.78125,0 -1.04687,0.65625 v 3.25 h -0.78125 v -4.57813 h 0.76562 v 0.53125 q 0.39063,-0.60937 1.09375,-0.60937 0.23438,0 0.34375,0.0625 z m 2.5362,3.95312 q -0.92188,0 -1.51563,-0.60937 -0.57812,-0.60938 -0.57812,-1.625 v -0.14063 q 0,-0.6875 0.25,-1.21875 0.26562,-0.53125 0.73437,-0.82812 0.46875,-0.3125 1.01563,-0.3125 0.89062,0 1.375,0.59375 0.5,0.57812 0.5,1.67187 v 0.32813 h -3.09375 q 0.0156,0.67187 0.39062,1.09375 0.39063,0.42187 0.96875,0.42187 0.42188,0 0.70313,-0.17187 0.28125,-0.17188 0.5,-0.45313 l 0.48437,0.375 q -0.57812,0.875 -1.73437,0.875 z m -0.0937,-4.09375 q -0.46875,0 -0.79688,0.34375 -0.3125,0.34375 -0.39062,0.96875 h 2.28125 v -0.0625 q -0.0312,-0.59375 -0.32813,-0.92187 -0.28125,-0.32813 -0.76562,-0.32813 z m 6.432,2.875 1.0625,-3.4375 h 0.82813 l -1.82813,5.28125 q -0.4375,1.14063 -1.35937,1.14063 l -0.15625,-0.0156 -0.28125,-0.0469 v -0.64063 l 0.20312,0.0156 q 0.40625,0 0.625,-0.15625 0.21875,-0.15625 0.35938,-0.57813 l 0.17187,-0.46875 -1.625,-4.53125 h 0.85938 z m 2.32907,-1.1875 q 0,-0.67187 0.25,-1.20312 0.26563,-0.54688 0.73438,-0.82813 0.48437,-0.29687 1.07812,-0.29687 0.9375,0 1.51563,0.65625 0.57812,0.64062 0.57812,1.70312 v 0.0625 q 0,0.67188 -0.26562,1.20313 -0.25,0.53125 -0.73438,0.82812 -0.46875,0.28125 -1.07812,0.28125 -0.9375,0 -1.51563,-0.64062 -0.5625,-0.64063 -0.5625,-1.71875 z m 0.78125,0.0937 q 0,0.76563 0.34375,1.23438 0.35938,0.45312 0.95313,0.45312 0.59375,0 0.9375,-0.46875 0.35937,-0.46875 0.35937,-1.3125 0,-0.75 -0.35937,-1.21875 -0.35938,-0.46875 -0.95313,-0.46875 -0.57812,0 -0.9375,0.46875 -0.34375,0.45313 -0.34375,1.3125 z m 7.18677,1.78125 q -0.46875,0.53125 -1.34375,0.53125 -0.73437,0 -1.125,-0.42187 -0.375,-0.42188 -0.375,-1.25 v -2.98438 h 0.78125 v 2.95313 q 0,1.04687 0.84375,1.04687 0.89063,0 1.1875,-0.67187 v -3.32813 h 0.78125 v 4.57813 h -0.73437 z m 8.13361,-0.625 0.875,-3.5 h 0.78125 l -1.32813,4.57813 h -0.625 l -1.125,-3.46875 -1.07812,3.46875 h -0.625 l -1.32813,-4.57813 h 0.76563 l 0.90625,3.42188 1.0625,-3.42188 h 0.625 z m 5.2861,1.07813 q -0.0781,-0.14063 -0.10937,-0.48438 -0.54688,0.5625 -1.3125,0.5625 -0.67188,0 -1.10938,-0.375 -0.4375,-0.39062 -0.4375,-0.96875 0,-0.71875 0.54688,-1.10937 0.54687,-0.39063 1.53125,-0.39063 h 0.76562 v -0.35937 q 0,-0.42188 -0.25,-0.65625 -0.25,-0.25 -0.71875,-0.25 -0.42187,0 -0.70312,0.21875 -0.28125,0.20312 -0.28125,0.5 h -0.79688 q 0,-0.32813 0.25,-0.64063 0.25,-0.32812 0.65625,-0.51562 0.42188,-0.1875 0.92188,-0.1875 0.78125,0 1.23437,0.39062 0.45313,0.39063 0.46875,1.09375 v 2.10938 q 0,0.625 0.15625,1 v 0.0625 z m -1.29687,-0.59375 q 0.35937,0 0.6875,-0.1875 0.32812,-0.1875 0.48437,-0.5 v -0.9375 h -0.60937 q -1.4375,0 -1.4375,0.84375 0,0.35937 0.23437,0.57812 0.25,0.20313 0.64063,0.20313 z m 3.91165,-3.98438 0.0312,0.57813 q 0.51562,-0.65625 1.35937,-0.65625 1.45313,0 1.46875,1.64062 v 3.01563 h -0.78125 v -3.03125 q 0,-0.48438 -0.23437,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67188,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -4.57813 z M 378.08,205.0314 v 1.10937 h 0.84375 v 0.60938 H 378.08 v 2.84375 q 0,0.26562 0.10937,0.40625 0.10938,0.14062 0.39063,0.14062 0.14062,0 0.375,-0.0625 v 0.64063 q -0.3125,0.0781 -0.60938,0.0781 -0.51562,0 -0.78125,-0.3125 -0.26562,-0.3125 -0.26562,-0.89062 v -2.84375 H 376.455 v -0.60938 h 0.84375 v -1.10937 z"
-         fill-rule="nonzero"
-         id="path301" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 277.14435,167.63518 h 17.1286 v 17.12859 h -17.1286 z"
-         fill-rule="evenodd"
-         id="path303" />
-      <g
-         transform="matrix(0.10075643,0,0,0.10075643,277.14436,167.63517)"
-         id="g310">
-        <clipPath
-           id="slide_1599671233389.5">
-          <path
-             d="M 0,0 H 170 V 170 H 0 Z"
-             clip-rule="evenodd"
-             id="path305" />
-        </clipPath>
-        <image
-           clip-path="url(#slide_1599671233389.5)"
-           fill="#000000"
-           width="170"
-           height="170"
-           x="0"
-           y="0"
-           preserveAspectRatio="none"
-           xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKoAAACqCAYAAAA9dtSCAAAJxklEQVR42u2dPbIlNQxGtSc2wALeJkiISV8+CVsgIGELFFsgZgHERJNTJE19vPLQc6t/7LYt2d3HVSpqhjv3druPZUmW1LYwdsc/fy/L57+W5c8/luX3X5flt5+X5ZdPy/LT+7L8+N2HvL8tyw/ffsj333wt6e/1mfR5/Vt9h75L36nv1m/otxj7w5iC/6FMQAokQbUFXy9JMOu3E8DAC6hfwJRm84YyV3RNujZd49PBfRSo2mKlrbT9jghmDri6dt2D7gVQbwZn0pqzgXkmSds+AdpbgqotUlrnjnAeQat7vqt5YHfTnnJGZtzWW5oHmoO7adlbgCpHQ7bbU+HcE82J5gZQg8fTtvdaswBQAzQogF4DdlYNawAKsIDa2EkCsrYyk9M1PKiKEz7Zi/eIEmiOAZVtHnPgjqAqYK0VDjxx2nXEQ4OhQJW9hBYdQ7uOZrsOA6rifNiiY2nXkWKvNsJWj0c/dmRgBFPA2OqRGUyBMFDlYbLVz2UKREYFLMoe5eHPKVF2qzuohJ7ml4gDAldQcZru5WTdDlR5jeSL3jPf1SsiYECKzACrASkyA6xdQQXSZ8E6Jag4TjhYw4NKCIrQ1fCgEsxHehwKNAVVR2w8KETS+ri1GahKWuDsHlnnBrRMZGkCqkITZEEhW1lXrcJWhoePzBAJMJwnZAbnyrBLkRnsVcMuRWawVy+DSlAf8TwMMOKlyAzx1UugsuUjNSaAC6hs+UiECWB4+cgMUQAjsI/McBBgOFDIDI6V4UAhMzhWlhPYR5si0VrV0KbIDFr1FFSSTpARklYMbYrMoFUNTx+ZwVY16vKRGfoC2NEpFBOIeMrRaZVxCoXMcFple7FT7zN9/Z6Mam0BSLzoWUQwsJdcbdEhqTu9qvuOw/sV83uhKosKSb2/AehswOqZRYWqLMKJalnvzfAbXnVyW06VeSdGA+ncoHrAupVYbZ7bfus2L4yY0TuBfmv7N89tf4bXbTPyNGvvnfdVoZmXt38UemDMCWtPrfrq/ZvXkWmrHkQpP1YrOsX7UuxPf6f/57kg9Fta/fpt3eP6mvRnTbi3uaPf0+9uXU+aoxaj56HQ65GqRa2QK5Ovicm5Rn1Gn+0JSNr+ckM2gqV3OK4k5qnr1vXXLGrPHdjWNxl1jnsGxNWVq5utfRh7D+hqTLHHC3D1fVd3w5rXnff2adYL2zzCUlftU01EiyBzKzhavbK9Bo4tLdpiJ7z6Cp6eu/Da+TaPsJRgi3oA62uogbXHO7NqoyCtt94rMe6ep1XrMJV52KeloPaK09XA2svRvKpZe9mHpbD2BHW9E5uHfVoCqi7Ma5Xmjt5mUamT1TvgXhKh6X3+n+bGentvpaB65MGWbLke5TianxIt5nHenrt4eoOadhzzgCMXVK8arZKjXK/ixtzF45WCmbt4eoOatLt5PIxcUD3zHnO2N8/ixpzISG+z6Ir93Pt6kqlmHtn8OaB612jlgOFdKn4GhnePhRx7vjeo6TmZByA5oEb0XT0CI6K48QyMiKrgM1vVQ8PrWZiXszCKLZhbohvVIWbPdo6oY8uxnT1AFaPm8UDOQNVDiGooO5L2OtLyUc1AzrS8B6iaE/PYcs9AjezIsqfBPJ2WHA0W1ZL+aDF7zZPu3TzilmegRjZi27LBorbZI3Mkss/CUSjPA1Tdu3lscWegRr7AYmurjewSs7fVRrZXigZV925epdFnGlWrJkL2NGrU9ext/ZFzFA2qGB0CVMa8ww1Ujx8CVECt5cc8nAZABdTayAOgMuYA1SsThwGoNTI9qKnNzCgjXc+I1wSoTqBqslOYZmuC5B2mkJMXKKnHwFY/UV1j6jfgVdufavr1u69zlHrQ7oXlAPWtHlA97BJ7Wr+pB9YLWD3oktBe714DJX0P1gu7thrWDdTRnanavpytGz/UVqOmXgMth2CreY66n6sLCK+/4dFqqzr6Vn0Gaurot07QIhsru4E6asC/x/l/Dayt+wzU9ort0WfgSkWsW8B/xCPUntlUV7RGS01a+n6lvdErm6q0h+1jz/p7aK7aZsIRHZajFnKppncDdYQ0P08oSrWYR65syeLp3XyidPG4pfmNkDjtCUWJCeCZQJ27eLwSqHMXj1vi9AilKN4xudxSYO+E7jMwvLRpiVZ1K0UZobgv2aYjZa57L5ycphjeCyen94Fbcd8o5dIRNUFHGiNi4ZzNU0RJ+Qh1/f+VS4/SgCKi6vNo+4+q49oDI6qO60zLuzWgGKGlT9RDONraIrTX0aFEVKVudF3/l5Y+Hg/lCNT0lpORyqWjNPyRBous6z+yU92apHnYh9T1U9ffpO1kdCNf6vqp689q5BvdGh1Qxwb1yPN3bY0e/bIJQAXUrJdN9HaoABVQa+fC5YVogAqotQcyLq+YBFScqdoF4vLSXkBFo9bGb11egw6ogFobTzaPwDugAmrtczGPBwSo2Ki1v2keyRiAikatnQPzgAZQAbU2T9g8HhKgAmqtqWEeuZiACqi1928eaXeACqi1iePmUSas79JE70lUNn0CY+uaoq5nb66iErlTTHNPWnOyl6RtIxXbIc+Wo/osG62OCXmuHMVr7ch2jNwCkWfJWacYG60pBPJMOesfYCM0LUOeLTntlU5BjawQRZ4hOQ2WbckYaFUkUptmg4qtikTZpkWgolWRSG1aBCpaFYnSpkWgclqFeJ1CVYPq3fEYuadceeGHLYUjMtMJuYdceXOhLRcGjhXi4UBVg4pjhVzd8q++l9aWiwMTAPHY8qtBVYIrJgBSsuXXvKTYlopBFADp5eU3BZWkFaRV0kl3UDkIQFoG9ruCir2K9LBLm4OKvYr0sEu7gEp8FbmacOIOKs4V0sp56g4qhwEE9XsMWzoNIgF4+FOASl8A6vKnAVWhCWB9BqStwlAhoAIrkE4DKrAC6TSg4mDhOE0FKqErQlDTgMqhAMH8aUBNx63kBjyjjGRqUFMiC1lXc2RBtUwwmQ7UFBHAyRrbafLy7IcGdW23YgqMtdVH2aNDg4opwFY/DajJFCCEFRt6GmGrHx7UdVQA7eqrRSO9+mlBXR8QYLv2tUUjAvi3AzXZrkQG+nj0o9miU4OKOfCsbX56UAH2eYBODeo69gqweYCOFBN9HKhrDUu+63a+6Kwa9JagvjpdT44S6N5ncpIeCer60OBpZkHa3kcM1gNqppZVnPCO0OqedG93056PBPUVWmkd2W4zmge6Zl277uEJcD4W1GQWpP/K0UjadkRwdU1Ja+pa77qtA2ohwIJB2krOiDe8CUr9tq7h6WAC6gVzIQEszSaQtP0KKsn72wdkW1Cnv9dn0uf1b/Ud+q4EpH4DKI/Hv9G9cmTaa6WlAAAAAElFTkSuQmCC"
-           id="image308" />
-      </g>
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 422.63254,177.2441 h 37.85828 v 12.81889 h -37.85828 z"
-         fill-rule="evenodd"
-         id="path312" />
-      <path
-         fill="#666666"
-         d="m 435.54752,184.73917 q 0,1.04687 -0.48437,1.6875 -0.46875,0.625 -1.28125,0.625 -0.84375,0 -1.3125,-0.51563 v 2.20313 h -0.78125 v -6.34375 h 0.71875 l 0.0312,0.51562 q 0.48437,-0.59375 1.32812,-0.59375 0.82813,0 1.29688,0.625 0.48437,0.60938 0.48437,1.71875 z m -0.78125,-0.0937 q 0,-0.76563 -0.32812,-1.21875 -0.32813,-0.45313 -0.90625,-0.45313 -0.70313,0 -1.0625,0.64063 v 2.1875 q 0.34375,0.625 1.07812,0.625 0.5625,0 0.89063,-0.45313 0.32812,-0.45312 0.32812,-1.32812 z m 3.98148,-1.54688 q -0.17188,-0.0312 -0.375,-0.0312 -0.78125,0 -1.04688,0.65625 v 3.25 h -0.78125 v -4.57812 h 0.76563 v 0.53125 q 0.39062,-0.60938 1.09375,-0.60938 0.23437,0 0.34375,0.0625 z m 0.4382,1.54688 q 0,-0.67188 0.25,-1.20313 0.26562,-0.54687 0.73437,-0.82812 0.48438,-0.29688 1.07813,-0.29688 0.9375,0 1.51562,0.65625 0.57813,0.64063 0.57813,1.70313 v 0.0625 q 0,0.67187 -0.26563,1.20312 -0.25,0.53125 -0.73437,0.82813 -0.46875,0.28125 -1.07813,0.28125 -0.9375,0 -1.51562,-0.64063 -0.5625,-0.64062 -0.5625,-1.71875 z m 0.78125,0.0937 q 0,0.76562 0.34375,1.23437 0.35937,0.45313 0.95312,0.45313 0.59375,0 0.9375,-0.46875 0.35938,-0.46875 0.35938,-1.3125 0,-0.75 -0.35938,-1.21875 -0.35937,-0.46875 -0.95312,-0.46875 -0.57813,0 -0.9375,0.46875 -0.34375,0.45312 -0.34375,1.3125 z m 5.80102,-0.67188 1.01563,-1.67187 h 0.90625 l -1.48438,2.26562 1.53125,2.3125 h -0.89062 l -1.0625,-1.71875 -1.0625,1.71875 h -0.90625 l 1.54687,-2.3125 -1.5,-2.26562 h 0.90625 z m 4.25882,1.76563 1.0625,-3.4375 h 0.82813 l -1.82813,5.28125 q -0.4375,1.14062 -1.35937,1.14062 l -0.15625,-0.0156 -0.28125,-0.0469 v -0.64062 l 0.20312,0.0156 q 0.40625,0 0.625,-0.15625 0.21875,-0.15625 0.35938,-0.57812 l 0.17187,-0.46875 -1.625,-4.53125 h 0.85938 z"
-         fill-rule="nonzero"
-         id="path314" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 181.8819,177.2441 h 52.56692 v 12.81889 H 181.8819 Z"
-         fill-rule="evenodd"
-         id="path316" />
-      <path
-         fill="#666666"
-         d="m 187.57755,186.97354 q -0.0781,-0.14062 -0.10938,-0.48437 -0.54687,0.5625 -1.3125,0.5625 -0.67187,0 -1.10937,-0.375 -0.4375,-0.39063 -0.4375,-0.96875 0,-0.71875 0.54687,-1.10938 0.54688,-0.39062 1.53125,-0.39062 h 0.76563 v -0.35938 q 0,-0.42187 -0.25,-0.65625 -0.25,-0.25 -0.71875,-0.25 -0.42188,0 -0.70313,0.21875 -0.28125,0.20313 -0.28125,0.5 h -0.79687 q 0,-0.32812 0.25,-0.64062 0.25,-0.32813 0.65625,-0.51563 0.42187,-0.1875 0.92187,-0.1875 0.78125,0 1.23438,0.39063 0.45312,0.39062 0.46875,1.09375 v 2.10937 q 0,0.625 0.15625,1 v 0.0625 z m -1.29688,-0.59375 q 0.35938,0 0.6875,-0.1875 0.32813,-0.1875 0.48438,-0.5 v -0.9375 h -0.60938 q -1.4375,0 -1.4375,0.84375 0,0.35938 0.23438,0.57813 0.25,0.20312 0.64062,0.20312 z m 6.00541,0.14063 q -0.46875,0.53125 -1.34375,0.53125 -0.73438,0 -1.125,-0.42188 -0.375,-0.42187 -0.375,-1.25 v -2.98437 h 0.78125 v 2.95312 q 0,1.04688 0.84375,1.04688 0.89062,0 1.1875,-0.67188 v -3.32812 h 0.78125 v 4.57812 h -0.73438 z m 3.0063,-5.23438 v 1.10938 h 0.84375 v 0.60937 h -0.84375 v 2.84375 q 0,0.26563 0.10937,0.40625 0.10938,0.14063 0.39063,0.14063 0.14062,0 0.375,-0.0625 v 0.64062 q -0.3125,0.0781 -0.60938,0.0781 -0.51562,0 -0.78125,-0.3125 -0.26562,-0.3125 -0.26562,-0.89063 v -2.84375 h -0.84375 v -0.60937 h 0.84375 v -1.10938 z m 2.5464,1.67188 q 0.51563,-0.64063 1.34375,-0.64063 1.45313,0 1.46875,1.64063 v 3.01562 h -0.78125 v -3.03125 q 0,-0.48437 -0.23437,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67188,0.20313 -0.28125,0.20312 -0.4375,0.53125 v 3.26562 h -0.78125 v -6.5 h 0.78125 z m 5.87708,4.09375 q -0.92188,0 -1.51563,-0.60938 -0.57812,-0.60937 -0.57812,-1.625 v -0.14062 q 0,-0.6875 0.25,-1.21875 0.26562,-0.53125 0.73437,-0.82813 0.46875,-0.3125 1.01563,-0.3125 0.89062,0 1.375,0.59375 0.5,0.57813 0.5,1.67188 v 0.32812 h -3.09375 q 0.0156,0.67188 0.39062,1.09375 0.39063,0.42188 0.96875,0.42188 0.42188,0 0.70313,-0.17188 0.28125,-0.17187 0.5,-0.45312 l 0.48437,0.375 q -0.57812,0.875 -1.73437,0.875 z m -0.0937,-4.09375 q -0.46875,0 -0.79688,0.34375 -0.3125,0.34375 -0.39062,0.96875 h 2.28125 v -0.0625 q -0.0312,-0.59375 -0.32813,-0.92188 -0.28125,-0.32812 -0.76562,-0.32812 z m 3.52345,-0.5625 0.0312,0.57812 q 0.51562,-0.65625 1.35937,-0.65625 1.45313,0 1.46875,1.64063 v 3.01562 h -0.78125 v -3.03125 q 0,-0.48437 -0.23437,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67188,0.20313 -0.28125,0.20312 -0.4375,0.53125 v 3.26562 h -0.78125 v -4.57812 z m 5.10428,-1.10938 v 1.10938 h 0.84375 v 0.60937 h -0.84375 v 2.84375 q 0,0.26563 0.10937,0.40625 0.10938,0.14063 0.39063,0.14063 0.14062,0 0.375,-0.0625 v 0.64062 q -0.3125,0.0781 -0.60938,0.0781 -0.51562,0 -0.78125,-0.3125 -0.26562,-0.3125 -0.26562,-0.89063 v -2.84375 h -0.84375 v -0.60937 h 0.84375 v -1.10938 z m 2.6089,5.6875 h -0.78125 v -4.57812 h 0.78125 z m -0.84375,-5.78125 q 0,-0.1875 0.10937,-0.3125 0.125,-0.14062 0.34375,-0.14062 0.23438,0 0.34375,0.14062 0.125,0.125 0.125,0.3125 0,0.1875 -0.125,0.3125 -0.10937,0.125 -0.34375,0.125 -0.21875,0 -0.34375,-0.125 -0.10937,-0.125 -0.10937,-0.3125 z m 3.92879,5.23438 q 0.42187,0 0.73437,-0.25 0.3125,-0.26563 0.34375,-0.64063 h 0.75 q -0.0312,0.39063 -0.28125,0.75 -0.25,0.34375 -0.67187,0.5625 -0.40625,0.20313 -0.875,0.20313 -0.9375,0 -1.48438,-0.60938 -0.54687,-0.625 -0.54687,-1.71875 v -0.125 q 0,-0.67187 0.23437,-1.1875 0.25,-0.51562 0.70313,-0.79687 0.46875,-0.29688 1.09375,-0.29688 0.76562,0 1.26562,0.46875 0.51563,0.45313 0.5625,1.1875 h -0.75 q -0.0312,-0.4375 -0.34375,-0.71875 -0.29687,-0.29687 -0.73437,-0.29687 -0.59375,0 -0.92188,0.4375 -0.32812,0.42187 -0.32812,1.23437 v 0.14063 q 0,0.79687 0.32812,1.23437 0.32813,0.42188 0.92188,0.42188 z m 5.531,0.54687 q -0.0781,-0.14062 -0.10937,-0.48437 -0.54688,0.5625 -1.3125,0.5625 -0.67188,0 -1.10938,-0.375 -0.4375,-0.39063 -0.4375,-0.96875 0,-0.71875 0.54688,-1.10938 0.54687,-0.39062 1.53125,-0.39062 h 0.76562 v -0.35938 q 0,-0.42187 -0.25,-0.65625 -0.25,-0.25 -0.71875,-0.25 -0.42187,0 -0.70312,0.21875 -0.28125,0.20313 -0.28125,0.5 h -0.79688 q 0,-0.32812 0.25,-0.64062 0.25,-0.32813 0.65625,-0.51563 0.42188,-0.1875 0.92188,-0.1875 0.78125,0 1.23437,0.39063 0.45313,0.39062 0.46875,1.09375 v 2.10937 q 0,0.625 0.15625,1 v 0.0625 z m -1.29687,-0.59375 q 0.35937,0 0.6875,-0.1875 0.32812,-0.1875 0.48437,-0.5 v -0.9375 h -0.60937 q -1.4375,0 -1.4375,0.84375 0,0.35938 0.23437,0.57813 0.25,0.20312 0.64063,0.20312 z m 4.23977,-5.09375 v 1.10938 h 0.84375 v 0.60937 h -0.84375 v 2.84375 q 0,0.26563 0.10938,0.40625 0.10937,0.14063 0.39062,0.14063 0.14063,0 0.375,-0.0625 v 0.64062 q -0.3125,0.0781 -0.60937,0.0781 -0.51563,0 -0.78125,-0.3125 -0.26563,-0.3125 -0.26563,-0.89063 v -2.84375 h -0.84375 v -0.60937 h 0.84375 v -1.10938 z m 3.65578,5.76563 q -0.92187,0 -1.51562,-0.60938 -0.57813,-0.60937 -0.57813,-1.625 v -0.14062 q 0,-0.6875 0.25,-1.21875 0.26563,-0.53125 0.73438,-0.82813 0.46875,-0.3125 1.01562,-0.3125 0.89063,0 1.375,0.59375 0.5,0.57813 0.5,1.67188 v 0.32812 h -3.09375 q 0.0156,0.67188 0.39063,1.09375 0.39062,0.42188 0.96875,0.42188 0.42187,0 0.70312,-0.17188 0.28125,-0.17187 0.5,-0.45312 l 0.48438,0.375 q -0.57813,0.875 -1.73438,0.875 z m -0.0937,-4.09375 q -0.46875,0 -0.79687,0.34375 -0.3125,0.34375 -0.39063,0.96875 h 2.28125 v -0.0625 q -0.0312,-0.59375 -0.32812,-0.92188 -0.28125,-0.32812 -0.76563,-0.32812 z"
-         fill-rule="nonzero"
-         id="path318" />
-      <path
-         fill="#000000"
-         fill-opacity="0"
-         d="m 181.8819,191.74278 h 52.56692 v 12.81889 H 181.8819 Z"
-         fill-rule="evenodd"
-         id="path320" />
-      <path
-         fill="#666666"
-         d="m 193.6619,201.47223 q -0.0781,-0.14063 -0.10938,-0.48438 -0.54687,0.5625 -1.3125,0.5625 -0.67187,0 -1.10937,-0.375 -0.4375,-0.39062 -0.4375,-0.96875 0,-0.71875 0.54687,-1.10937 0.54688,-0.39063 1.53125,-0.39063 h 0.76563 v -0.35937 q 0,-0.42188 -0.25,-0.65625 -0.25,-0.25 -0.71875,-0.25 -0.42188,0 -0.70313,0.21875 -0.28125,0.20312 -0.28125,0.5 h -0.79687 q 0,-0.32813 0.25,-0.64063 0.25,-0.32812 0.65625,-0.51562 0.42187,-0.1875 0.92187,-0.1875 0.78125,0 1.23438,0.39062 0.45312,0.39063 0.46875,1.09375 v 2.10938 q 0,0.625 0.15625,1 v 0.0625 z m -1.29688,-0.59375 q 0.35938,0 0.6875,-0.1875 0.32813,-0.1875 0.48438,-0.5 v -0.9375 h -0.60938 q -1.4375,0 -1.4375,0.84375 0,0.35937 0.23438,0.57812 0.25,0.20313 0.64062,0.20313 z m 6.00541,0.14062 q -0.46875,0.53125 -1.34375,0.53125 -0.73438,0 -1.125,-0.42187 -0.375,-0.42188 -0.375,-1.25 v -2.98438 h 0.78125 v 2.95313 q 0,1.04687 0.84375,1.04687 0.89062,0 1.1875,-0.67187 v -3.32813 h 0.78125 v 4.57813 h -0.73438 z m 3.0063,-5.23437 v 1.10937 h 0.84375 v 0.60938 h -0.84375 v 2.84375 q 0,0.26562 0.10937,0.40625 0.10938,0.14062 0.39063,0.14062 0.14062,0 0.375,-0.0625 v 0.64063 q -0.3125,0.0781 -0.60938,0.0781 -0.51562,0 -0.78125,-0.3125 -0.26562,-0.3125 -0.26562,-0.89062 v -2.84375 h -0.84375 v -0.60938 h 0.84375 v -1.10937 z m 2.5464,1.67187 q 0.51563,-0.64062 1.34375,-0.64062 1.45313,0 1.46875,1.64062 v 3.01563 h -0.78125 v -3.03125 q 0,-0.48438 -0.23437,-0.71875 -0.21875,-0.25 -0.6875,-0.25 -0.375,0 -0.67188,0.20312 -0.28125,0.20313 -0.4375,0.53125 v 3.26563 h -0.78125 v -6.5 h 0.78125 z m 3.78333,1.6875 q 0,-0.67187 0.25,-1.20312 0.26562,-0.54688 0.73437,-0.82813 0.48438,-0.29687 1.07813,-0.29687 0.9375,0 1.51562,0.65625 0.57813,0.64062 0.57813,1.70312 v 0.0625 q 0,0.67188 -0.26563,1.20313 -0.25,0.53125 -0.73437,0.82812 -0.46875,0.28125 -1.07813,0.28125 -0.9375,0 -1.51562,-0.64062 -0.5625,-0.64063 -0.5625,-1.71875 z m 0.78125,0.0937 q 0,0.76563 0.34375,1.23438 0.35937,0.45312 0.95312,0.45312 0.59375,0 0.9375,-0.46875 0.35938,-0.46875 0.35938,-1.3125 0,-0.75 -0.35938,-1.21875 -0.35937,-0.46875 -0.95312,-0.46875 -0.57813,0 -0.9375,0.46875 -0.34375,0.45313 -0.34375,1.3125 z m 6.56176,-1.64062 q -0.17187,-0.0312 -0.375,-0.0312 -0.78125,0 -1.04687,0.65625 v 3.25 h -0.78125 v -4.57813 h 0.76562 v 0.53125 q 0.39063,-0.60937 1.09375,-0.60937 0.23438,0 0.34375,0.0625 z m 1.56972,3.875 h -0.78125 v -4.57813 h 0.78125 z m -0.84375,-5.78125 q 0,-0.1875 0.10938,-0.3125 0.125,-0.14063 0.34375,-0.14063 0.23437,0 0.34375,0.14063 0.125,0.125 0.125,0.3125 0,0.1875 -0.125,0.3125 -0.10938,0.125 -0.34375,0.125 -0.21875,0 -0.34375,-0.125 -0.10938,-0.125 -0.10938,-0.3125 z m 2.83504,5.14062 h 2.67187 v 0.64063 h -3.625 v -0.57813 l 2.51563,-3.34375 h -2.48438 v -0.65625 h 3.46875 v 0.5625 z m 5.37863,0.71875 q -0.92188,0 -1.51563,-0.60937 -0.57812,-0.60938 -0.57812,-1.625 v -0.14063 q 0,-0.6875 0.25,-1.21875 0.26562,-0.53125 0.73437,-0.82812 0.46875,-0.3125 1.01563,-0.3125 0.89062,0 1.375,0.59375 0.5,0.57812 0.5,1.67187 v 0.32813 h -3.09375 q 0.0156,0.67187 0.39062,1.09375 0.39063,0.42187 0.96875,0.42187 0.42188,0 0.70313,-0.17187 0.28125,-0.17188 0.5,-0.45313 l 0.48437,0.375 q -0.57812,0.875 -1.73437,0.875 z m -0.0937,-4.09375 q -0.46875,0 -0.79688,0.34375 -0.3125,0.34375 -0.39062,0.96875 h 2.28125 v -0.0625 q -0.0312,-0.59375 -0.32813,-0.92187 -0.28125,-0.32813 -0.76562,-0.32813 z"
-         fill-rule="nonzero"
-         id="path322" />
-    </g>
-    <rect
-       style="opacity:0;fill-opacity:1;fill-rule:evenodd;stroke-width:0.82782"
-       id="rect631"
-       width="601.35608"
-       height="266.07831"
-       x="55.257439"
-       y="73.160957" />
-    <rect
-       style="opacity:0"
-       id="rect3524"
-       width="601.35608"
-       height="266.07831"
-       x="55.257439"
-       y="73.160957"
-       ry="0" />
-  </g>
-</svg>
diff --git a/docs/guides/img/cloud-run/cloudrun-domains.png b/docs/guides/img/cloud-run/cloudrun-domains.png
deleted file mode 100644
index d5011e373..000000000
Binary files a/docs/guides/img/cloud-run/cloudrun-domains.png and /dev/null differ
diff --git a/docs/guides/img/cloud-run/cloudrun-overview.png b/docs/guides/img/cloud-run/cloudrun-overview.png
deleted file mode 100644
index 2b809521b..000000000
Binary files a/docs/guides/img/cloud-run/cloudrun-overview.png and /dev/null differ
diff --git a/docs/guides/img/cloud-run/headers.png b/docs/guides/img/cloud-run/headers.png
deleted file mode 100644
index 0e62d13ab..000000000
Binary files a/docs/guides/img/cloud-run/headers.png and /dev/null differ
diff --git a/docs/guides/img/cloud-run/hello-direct.png b/docs/guides/img/cloud-run/hello-direct.png
deleted file mode 100644
index 463ceb9d6..000000000
Binary files a/docs/guides/img/cloud-run/hello-direct.png and /dev/null differ
diff --git a/docs/guides/img/cloud-run/hello-signin.png b/docs/guides/img/cloud-run/hello-signin.png
deleted file mode 100644
index 626199627..000000000
Binary files a/docs/guides/img/cloud-run/hello-signin.png and /dev/null differ
diff --git a/docs/guides/img/cloud-run/hello-success.png b/docs/guides/img/cloud-run/hello-success.png
deleted file mode 100644
index c7e8858fa..000000000
Binary files a/docs/guides/img/cloud-run/hello-success.png and /dev/null differ
diff --git a/docs/guides/img/cockpit-login-screen.png b/docs/guides/img/cockpit-login-screen.png
deleted file mode 100644
index 5aedb9018..000000000
Binary files a/docs/guides/img/cockpit-login-screen.png and /dev/null differ
diff --git a/docs/guides/img/enrollment-created.png b/docs/guides/img/enrollment-created.png
deleted file mode 100644
index 1c48bd11a..000000000
Binary files a/docs/guides/img/enrollment-created.png and /dev/null differ
diff --git a/docs/guides/img/gitlab/gitlab-desktop-connection.png b/docs/guides/img/gitlab/gitlab-desktop-connection.png
deleted file mode 100644
index fd0739fbc..000000000
Binary files a/docs/guides/img/gitlab/gitlab-desktop-connection.png and /dev/null differ
diff --git a/docs/guides/img/gitlab/gitlab-login.webm b/docs/guides/img/gitlab/gitlab-login.webm
deleted file mode 100644
index cd4828406..000000000
Binary files a/docs/guides/img/gitlab/gitlab-login.webm and /dev/null differ
diff --git a/docs/guides/img/grafana-server-admin-users.png b/docs/guides/img/grafana-server-admin-users.png
deleted file mode 100644
index f41622652..000000000
Binary files a/docs/guides/img/grafana-server-admin-users.png and /dev/null differ
diff --git a/docs/guides/img/k8s-dashboard-login.png b/docs/guides/img/k8s-dashboard-login.png
deleted file mode 100644
index c79f851e8..000000000
Binary files a/docs/guides/img/k8s-dashboard-login.png and /dev/null differ
diff --git a/docs/guides/img/k8s-dashboard-user.mp4 b/docs/guides/img/k8s-dashboard-user.mp4
deleted file mode 100644
index 91a53616c..000000000
Binary files a/docs/guides/img/k8s-dashboard-user.mp4 and /dev/null differ
diff --git a/docs/guides/img/k8s-fresh-dashboard.png b/docs/guides/img/k8s-fresh-dashboard.png
deleted file mode 100644
index 6aabfc4a3..000000000
Binary files a/docs/guides/img/k8s-fresh-dashboard.png and /dev/null differ
diff --git a/docs/guides/img/k8s-tesla-hacked.png b/docs/guides/img/k8s-tesla-hacked.png
deleted file mode 100644
index ec90acf89..000000000
Binary files a/docs/guides/img/k8s-tesla-hacked.png and /dev/null differ
diff --git a/docs/guides/img/mtls/01-chrome-settings-certificates.png b/docs/guides/img/mtls/01-chrome-settings-certificates.png
deleted file mode 100644
index a5a38359d..000000000
Binary files a/docs/guides/img/mtls/01-chrome-settings-certificates.png and /dev/null differ
diff --git a/docs/guides/img/mtls/02-import-client-certificate.png b/docs/guides/img/mtls/02-import-client-certificate.png
deleted file mode 100644
index 1f96e3426..000000000
Binary files a/docs/guides/img/mtls/02-import-client-certificate.png and /dev/null differ
diff --git a/docs/guides/img/mtls/03-enter-certificate-password.png b/docs/guides/img/mtls/03-enter-certificate-password.png
deleted file mode 100644
index 9b1fa24ae..000000000
Binary files a/docs/guides/img/mtls/03-enter-certificate-password.png and /dev/null differ
diff --git a/docs/guides/img/mtls/04-certificate-list.png b/docs/guides/img/mtls/04-certificate-list.png
deleted file mode 100644
index 6f04e3be8..000000000
Binary files a/docs/guides/img/mtls/04-certificate-list.png and /dev/null differ
diff --git a/docs/guides/img/mtls/05-select-client-certificate.png b/docs/guides/img/mtls/05-select-client-certificate.png
deleted file mode 100644
index d71b628c7..000000000
Binary files a/docs/guides/img/mtls/05-select-client-certificate.png and /dev/null differ
diff --git a/docs/guides/img/mtls/openssl-test1.png b/docs/guides/img/mtls/openssl-test1.png
deleted file mode 100644
index 76ad069fd..000000000
Binary files a/docs/guides/img/mtls/openssl-test1.png and /dev/null differ
diff --git a/docs/guides/img/new-enrollment.png b/docs/guides/img/new-enrollment.png
deleted file mode 120000
index c879e1d8f..000000000
--- a/docs/guides/img/new-enrollment.png
+++ /dev/null
@@ -1 +0,0 @@
-../../enterprise/img/new-enrollment.png
\ No newline at end of file
diff --git a/docs/guides/img/synology-certifciate-assignment.png b/docs/guides/img/synology-certifciate-assignment.png
deleted file mode 100644
index 89e9dbb25..000000000
Binary files a/docs/guides/img/synology-certifciate-assignment.png and /dev/null differ
diff --git a/docs/guides/img/synology-docker-httpbin.png b/docs/guides/img/synology-docker-httpbin.png
deleted file mode 100644
index 1ce83d317..000000000
Binary files a/docs/guides/img/synology-docker-httpbin.png and /dev/null differ
diff --git a/docs/guides/img/synology-docker-package-center.png b/docs/guides/img/synology-docker-package-center.png
deleted file mode 100644
index 2f53ab206..000000000
Binary files a/docs/guides/img/synology-docker-package-center.png and /dev/null differ
diff --git a/docs/guides/img/synology-docker-pomerium-alias.png b/docs/guides/img/synology-docker-pomerium-alias.png
deleted file mode 100644
index 278ae1d69..000000000
Binary files a/docs/guides/img/synology-docker-pomerium-alias.png and /dev/null differ
diff --git a/docs/guides/img/synology-docker-pomerium-create-container.png b/docs/guides/img/synology-docker-pomerium-create-container.png
deleted file mode 100644
index a896d08d0..000000000
Binary files a/docs/guides/img/synology-docker-pomerium-create-container.png and /dev/null differ
diff --git a/docs/guides/img/synology-docker-pomerium-done.png b/docs/guides/img/synology-docker-pomerium-done.png
deleted file mode 100644
index 52a254ac0..000000000
Binary files a/docs/guides/img/synology-docker-pomerium-done.png and /dev/null differ
diff --git a/docs/guides/img/synology-docker-pomerium-package.png b/docs/guides/img/synology-docker-pomerium-package.png
deleted file mode 100644
index 9cf1546c6..000000000
Binary files a/docs/guides/img/synology-docker-pomerium-package.png and /dev/null differ
diff --git a/docs/guides/img/synology-docker-port-settings.png b/docs/guides/img/synology-docker-port-settings.png
deleted file mode 100644
index 9215be2de..000000000
Binary files a/docs/guides/img/synology-docker-port-settings.png and /dev/null differ
diff --git a/docs/guides/img/synology-firewall-rules.png b/docs/guides/img/synology-firewall-rules.png
deleted file mode 100644
index a66e7b23e..000000000
Binary files a/docs/guides/img/synology-firewall-rules.png and /dev/null differ
diff --git a/docs/guides/img/synology-httpbin.png b/docs/guides/img/synology-httpbin.png
deleted file mode 100644
index 63443f52b..000000000
Binary files a/docs/guides/img/synology-httpbin.png and /dev/null differ
diff --git a/docs/guides/img/synology-reverse-proxy-rules.png b/docs/guides/img/synology-reverse-proxy-rules.png
deleted file mode 100644
index 1a6410e64..000000000
Binary files a/docs/guides/img/synology-reverse-proxy-rules.png and /dev/null differ
diff --git a/docs/guides/img/synology-reverse-proxy.png b/docs/guides/img/synology-reverse-proxy.png
deleted file mode 100644
index 083c00be0..000000000
Binary files a/docs/guides/img/synology-reverse-proxy.png and /dev/null differ
diff --git a/docs/guides/img/synology-step-1-redirect.png b/docs/guides/img/synology-step-1-redirect.png
deleted file mode 100644
index 83a0ef0ca..000000000
Binary files a/docs/guides/img/synology-step-1-redirect.png and /dev/null differ
diff --git a/docs/guides/img/synology-step-2-mfa.png b/docs/guides/img/synology-step-2-mfa.png
deleted file mode 100644
index 7014a6b96..000000000
Binary files a/docs/guides/img/synology-step-2-mfa.png and /dev/null differ
diff --git a/docs/guides/img/synology-step-3-validate-header.png b/docs/guides/img/synology-step-3-validate-header.png
deleted file mode 100644
index f888f0ae7..000000000
Binary files a/docs/guides/img/synology-step-3-validate-header.png and /dev/null differ
diff --git a/docs/guides/img/synology-step-4-unauthorized.png b/docs/guides/img/synology-step-4-unauthorized.png
deleted file mode 100644
index 2ff3b8df8..000000000
Binary files a/docs/guides/img/synology-step-4-unauthorized.png and /dev/null differ
diff --git a/docs/guides/img/synology-step-4-unauthorized.png2 b/docs/guides/img/synology-step-4-unauthorized.png2
deleted file mode 100644
index b701a72c5..000000000
Binary files a/docs/guides/img/synology-step-4-unauthorized.png2 and /dev/null differ
diff --git a/docs/guides/img/transmission-demo.png b/docs/guides/img/transmission-demo.png
deleted file mode 100644
index 1f45b2733..000000000
Binary files a/docs/guides/img/transmission-demo.png and /dev/null differ
diff --git a/docs/guides/img/vscode-helloworld.png b/docs/guides/img/vscode-helloworld.png
deleted file mode 100644
index cc8a2ce5d..000000000
Binary files a/docs/guides/img/vscode-helloworld.png and /dev/null differ
diff --git a/docs/guides/img/vscode-pomerium.png b/docs/guides/img/vscode-pomerium.png
deleted file mode 100644
index 11d44718d..000000000
Binary files a/docs/guides/img/vscode-pomerium.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/450-error.png b/docs/guides/img/webauthn/450-error.png
deleted file mode 100644
index be361bafd..000000000
Binary files a/docs/guides/img/webauthn/450-error.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/device-credentials-empty-highlight.png b/docs/guides/img/webauthn/device-credentials-empty-highlight.png
deleted file mode 100644
index e2e09d548..000000000
Binary files a/docs/guides/img/webauthn/device-credentials-empty-highlight.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/device-id-list.png b/docs/guides/img/webauthn/device-id-list.png
deleted file mode 100644
index 3bc3597c3..000000000
Binary files a/docs/guides/img/webauthn/device-id-list.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/no-device.png b/docs/guides/img/webauthn/no-device.png
deleted file mode 100644
index b2cd41967..000000000
Binary files a/docs/guides/img/webauthn/no-device.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/security-key-chromebook.png b/docs/guides/img/webauthn/security-key-chromebook.png
deleted file mode 100644
index 47565fd78..000000000
Binary files a/docs/guides/img/webauthn/security-key-chromebook.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/security-key-firefox.png b/docs/guides/img/webauthn/security-key-firefox.png
deleted file mode 100644
index 488b0f580..000000000
Binary files a/docs/guides/img/webauthn/security-key-firefox.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/security-key-google.png b/docs/guides/img/webauthn/security-key-google.png
deleted file mode 100644
index 9176f024b..000000000
Binary files a/docs/guides/img/webauthn/security-key-google.png and /dev/null differ
diff --git a/docs/guides/img/webauthn/security-key-windows.png b/docs/guides/img/webauthn/security-key-windows.png
deleted file mode 100644
index 3b54dadcf..000000000
Binary files a/docs/guides/img/webauthn/security-key-windows.png and /dev/null differ
diff --git a/docs/guides/istio.md b/docs/guides/istio.md
deleted file mode 100644
index b825da264..000000000
--- a/docs/guides/istio.md
+++ /dev/null
@@ -1,327 +0,0 @@
----
-title: Istio
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, identity access proxy, istio, traffic management, policy,
-      mutual authentication, authorization, kubernetes
-description: >-
-  Integrate the Pomerium Ingress controller with an Istio service mesh for full mutual authentication in your cluster.
----
-
-# Istio with Pomerium
-
-Istio provides application-aware networking via a service mesh and control plane. When configured with the [Pomerium Ingress Controller] for kubernetes, this enables authorization (**[authZ]**) and authentication (**[authN]**) of [east-west traffic] in your internal network bringing you closer to complete [zero trust].
-
-In this guide, we'll demonstrate how to configure Pomerium and Istio in a Kubernetes environment to provide mutual authentication at both the transport and application layer. We'll demonstrate first with a simple test service (Nginx), and then use [Grafana][grafana-guide] to illustrate how the final service can use the same authentication data for user association.
-
-## Before You Begin
-
-- You will need a Kubernetes environment with Istio installed. Refer to their [Getting Started](https://istio.io/latest/docs/setup/getting-started/) guide for more information.
-- This configuration uses the Pomerium Ingress Controller for [north-south traffic]. This guide uses our [Helm chart](https://github.com/pomerium/pomerium-helm/tree/main/charts/pomerium) as detailed in [Install Pomerium using Helm]. We'll cover the values needed to configure the controller with an Istio service mesh, but you can refer to the [documentation][Pomerium Ingress Controller] for a complete overview of the controller spec.
-
-## How it Works
-
-In our [Mutual Authentication section on Sidecars](/docs/topics/mutual-auth.md#mutual-authentication-with-a-sidecar), we detail how a single service can offload authN and authz to a sidecar service. In a service mesh, each service in an internal network is deployed with a sidecar, and the controller configures them to provide mutual authentication with each other:
-
-```mermaid
-flowchart LR
-subgraph pc[Client PC]
-  style pc stroke-dasharray: 5 5
-  E[Browser]
-end
-subgraph cluster[Kubernetes Cluster]
-  style cluster stroke-dasharray: 5 5
-  subgraph spacing[ ]
-    style spacing stroke-width:0px,fill:#ffffde;
-  end
-  subgraph proxy pod
-    A[Pomerium Proxy]
-    B[Sidecar]
-    E--oA
-    A-.-B
-  end
-  subgraph grafana pod
-    C[Sidecar]
-    D[Grafana]
-    C-.-D
-    B<==>C
-  end
-  F[Istio Controller]
-  F-.-B
-  F-.-C
-end
-```
-
-::: tip
-This is a simplified model that doesn't describe the additional traffic for authorization and authentication.
-
-See the [Legend](/docs/topics/mutual-auth.md#legend) on our Mutual Authentication page for details on our graphing style.
-:::
-
-## Configure Pomerium for Istio
-
-Follow [Install Pomerium using Helm] to set up the Pomerium Ingress Controller and Services, with the following adjustments.
-
-1. Apply the appropriate label for Istio injection into your Pomerium namespace:
-
-    ```bash
-    kubectl label namespace pomerium istio-injection=enabled
-    ```
-
-1. Update your `pomerium-values.yaml` file, making note of the changes for integration with Istio:
-
-    ```yaml
-    authenticate:
-      idp:
-        provider: "google"
-        clientID: YOUR_CLIENT_ID
-        clientSecret: YOUR_SECRET
-        serviceAccount: YOUR_SERVICE_ACCOUNT
-
-    proxy:
-      deployment:
-        podAnnotations:
-          traffic.sidecar.istio.io/excludeInboundPorts: "80,443" # allow external connections to terminate directly on the Pomerium proxy rather than the sidecar
-
-    config:
-      rootDomain: localhost.pomerium.io
-      generateTLS: false # disable certificate generation since we offload TLS to the mesh
-      insecure: true # disable TLS on internal Pomerium services
-
-    ingress:
-      enabled: false # disable the default ingress resource since we are using our ingress controller
-
-    ingressController:
-      enabled: true # enable the Pomerium Ingress Controller
-
-    redis:
-      tls:
-        enabled: false # TLS is handled by istio
-      enabled: true
-
-    service:
-      authorize:
-        headless: false # send traffic to the Pomerium Authorize through the Istio service rather than to individual pods
-      databroker:
-        headless: false # send traffic to the Pomerium Databroker through the Istio service rather than to individual pods
-    ```
-
-1. When [defining a test service](/docs/k8s/helm.md#define-a-test-service), you should now see two containers for the service pod:
-
-    ```bash
-    kubectl get pods
-    NAME                                           READY   STATUS    RESTARTS   AGE
-    ...
-    nginx-6955473668-cxprp                         2/2     Running   0          19s
-    ```
-
-    This indicates that Istio has configured a sidecar container to handle traffic to and from the service.
-
-## Istio CRDs
-
-Now that Pomerium is installed in the cluster, we can define authentication and authorization rules for Istio, which will validate traffic to our example service as coming from the Pomerium Proxy service, through an authorized route, and with an authenticated user token.
-
-1. Adjust the following example `nginx-istio-policy.yaml` file to match your Kubernetes environment and domain names:
-
-    ```yaml
-    apiVersion: security.istio.io/v1beta1
-    kind: RequestAuthentication
-    metadata:
-      name: nginx-require-pomerium-jwt
-    spec:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: nginx # This matches the label applied to our test service
-      jwtRules:
-      - issuer: "authenticate.localhost.pomerium.io" # Adjust to match your Authenticate service URL
-        audiences:
-          - hello.localhost.pomerium.io # This should match the value of spec.host in the services Ingress
-        fromHeaders:
-          - name: "X-Pomerium-Jwt-Assertion"
-        jwksUri: https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json # Adjust to match your Authenticate service URL.
-        # The jwksUri key above is the preferred method of retrieving the signing key, and should be used in production. See
-        # See https://istio.io/latest/docs/reference/config/security/jwt/#JWTRule
-        #
-        #If the Authenticate service is using a localhost or other domain that's not a FQDN. You can instead provide the content from that path using the jwks key:
-        #jwks: |
-        #  {"keys":[{"use":"sig","kty":"EC","kid":"e1c5d20b9cf771de0bd6038ee5b5fe831f771d3715b72c2db921611ffca7242f","crv":"P-256","alg":"ES256","x":"j8I1I7eb0Imr2pvxRk13cK9ZjAA3VPrdUIHkAslX2e0","y":"jfWNKJkq3b5hrTz2JsrXCcvgJCPP7QSFgX1ZT9wapIQ"}]}
-    ---
-    apiVersion: security.istio.io/v1beta1
-    kind: AuthorizationPolicy
-    metadata:
-      name: nginx-require-pomerium-jwt
-    spec:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: nginx # This matches the label applied to our test service
-      action: ALLOW
-      rules:
-      - when:
-        - key: request.auth.claims[aud]
-          values: ["hello.localhost.pomerium.io"] # This should match the value of spec.host in the service's Ingress
-    ```
-
-    This file defines two Custom Resources. The first is a `RequestAuthentication`, and it specifies:
-    - For objects with the `app.kubernetes.io/name` label matching `nginx`, Istio will check that:
-      - the request includes the header `X-Pomerium-Jwt-Assertion`, which provides a JWT,
-      - **and** that JWT is issued by the Pomerium Authenticate service,
-      - **and** the JWT is signed by the signing key provided by the Authenticate service.
-
-    If the JWT is found and validated, then the content within can be checked against the `AuthorizationPolicy` below. If the JWT is provided but not validated, it will not pass `RequestAuthentication`. If the JWT is not provided, the request will automatically fail any `AuthorizationPolicy`.
-
-
-    The second resource is an `AuthorizationPolicy`, and it species:
-    - For objects with the `app.kubernetes.io/name` label matching `nginx`, only allow requests:
-      - **if** the request includes a JWT (already validated by `RequestAuthentication`) with the audience key `aud`,
-      - **and** the value of the `aud` key matches our known route, `hello.localhost.pomerium.io`.
-
-    In other words, `RequestAuthentication` confirms that the incoming traffic to the sidecar has a signed and valid JWT, which confirms that the user has been authenticated and is authorized to access this service. The `AuthorizationPolicy` confirms that the traffic originated from a valid Pomerium route. The latter is especially important in Pomerium Enterprise, where a manager of a separate [Namespace](/enterprise/concepts.md#namespaces) could create a second route to a service normally routed and managed in your namespace.
-
-1. Apply the new resources with `kubectl`:
-
-    ```bash
-    kubectl apply -f authorization-policy.yaml
-    ```
-
-1. Now when you go to `hello.localhost.pomerium.io` in the browser, you should see `RBAC: access denied`. This confirms that the policy is in place and denying our request. To allow the traffic, add the `pass_identity_headers` annotation to `example-ingress.yaml`:
-
-    ```yaml{7}
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-      name: hello
-      annotations:
-        kubernetes.io/ingress.class: pomerium
-        cert-manager.io/issuer: pomerium-issuer
-        ingress.pomerium.io/pass_identity_headers: "true"
-        ingress.pomerium.io/policy: '[{"allow":{"and":[{"domain":{"is":"example.com"}}]}}]'
-    ...
-    ```
-
-1. After applying the update with `kubectl apply -f example-ingress.yaml`, you should now be able to access the test service in the browser.
-
-## Grafana
-
-To demonstrate complete authorization validation through to the upstream service we'll use Grafana, as it's easy to configure to accept user authN from JWTs.
-
-1. Add the Grafana repository to Helm:
-
-    ```bash
-    helm repo add grafana https://grafana.github.io/helm-charts
-    ```
-
-1. Create a `grafana-values.yaml` file and add the annotations for the Pomerium Ingress Controller:
-
-    ```yaml
-    ingress:
-      enabled: true
-      annotations:
-        # Specify the certificate issuer for your namespace or cluster. For example:
-        # cert-manager.io/issuer: pomerium-issuer
-        kubernetes.io/ingress.class: pomerium
-        ingress.pomerium.io/pass_identity_headers: "true"
-        ingress.pomerium.io/policy: |
-          - allow:
-              or:
-                - domain:
-                    is: example.com
-      hosts:
-        - "grafana.localhost.pomerium.io"
-      tls:
-      - hosts:
-        - grafana.localhost.pomerium.io
-        secretName: grafana.localhost.pomerium.io-tls
-    persistence:
-      type: pvc
-      enabled: false
-      # storageClassName: default
-      accessModes:
-        - ReadWriteOnce
-      size: 10Gi
-      # annotations: {}
-      finalizers:
-        - kubernetes.io/pvc-protection
-    ```
-
-    ::: tip
-    Persistence is required to retain user data. Review the [Grafana Helm chart configuration](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) options to set the values for your environment.
-    :::
-
-1. Install Grafana to the cluster:
-
-    ```bash
-    helm upgrade --install grafana grafana/grafana --values grafana-values.yaml
-    ```
-
-1. Follow the instructions in the terminal output to log in as the admin user. Follow the [Add Users to Grafana](/guides/grafana.md#add-users-to-grafana) section of our Grafana guide to add a user that can be identified by the Pomerium JWT.
-
-
-1. To the same file, add the following values to the `grafana.ini` section.
-
-    <<< @/examples/kubernetes/istio/grafana.ini.yml
-
-    This tells Grafana to use the email address provided in the `X-Pomerium-Jwt-Assertion` JWT and associate it with the matching Grafana user. It also disabled Grafana's login form. See Grafana's [JWT authentication](https://grafana.com/docs/grafana/latest/auth/jwt/) documentation for more configuration options.
-
-1. Upgrade Grafana with the new configuration options:
-
-    ```bash
-    helm upgrade --install grafana grafana/grafana --values grafana-values.yaml
-    ```
-
-1. Now when you visit the Grafana route, you should be signed in as the user matching your Pomerium claim. To finalize the installation, create a new `grafana-istio-policy.yaml` file. Adjust the matchers and host values for Grafana, and enable `forwardOriginalToken`:
-
-    ```yaml{15}
-    apiVersion: security.istio.io/v1beta1
-    kind: RequestAuthentication
-    metadata:
-      name: grafana-require-pomerium-jwt
-    spec:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: grafana # This matches the label applied to our test service
-      jwtRules:
-      - issuer: "authenticate.localhost.pomerium.io" # Adjust to match your Authenticate service URL
-        audiences:
-          - grafana.localhost.pomerium.io # This should match the value of spec.host in the services Ingress
-        fromHeaders:
-          - name: "X-Pomerium-Jwt-Assertion"
-        forwardOriginalToken: true
-        jwksUri: https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json # Adjust to match your Authenticate service URL.
-        # The jwksUri key above is the preferred method of retrieving the signing key, and should be used in production.
-        # See https://istio.io/latest/docs/reference/config/security/jwt/#JWTRule
-        #
-        #If the Authenticate service is using a localhost or other domain that's not a FQDN. You can instead provide the content from that path using the jwks key:
-        #jwks: |
-        #  {"keys":[{"use":"sig","kty":"EC","kid":"e1c5d20b9cf771de0bd6038ee5b5fe831f771d3715b72c2db921611ffca7242f","crv":"P-256","alg":"ES256","x":"j8I1I7eb0Imr2pvxRk13cK9ZjAA3VPrdUIHkAslX2e0","y":"jfWNKJkq3b5hrTz2JsrXCcvgJCPP7QSFgX1ZT9wapIQ"}]}
-    ---
-    apiVersion: security.istio.io/v1beta1
-    kind: AuthorizationPolicy
-    metadata:
-      name: grafana-require-pomerium-jwt
-    spec:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: grafana # This matches the label applied to our test service
-      action: ALLOW
-      rules:
-      - when:
-        - key: request.auth.claims[aud]
-          values: ["grafana.localhost.pomerium.io"] # This should match the value of spec.host in the service's Ingress
-    ```
-
-    Apply the policies with `kubectl apply -f` to complete the configuration.
-
-[authN]: /docs/glossary.md#authentication
-[authZ]:/docs/glossary.md#authorization
-[Istio]: https://istio.io/latest/
-[istio]: https://github.com/istio/istio
-[certmanager]: https://github.com/jetstack/cert-manager
-[grafana]: https://github.com/grafana/grafana
-[grafana-guide]: /guides/grafana.md
-[east-west traffic]: /docs/glossary.md#east-west-traffic
-[north-south traffic]: /docs/glossary.md#north-south-traffic
-[Pomerium Ingress Controller]: /docs/k8s/ingress.md
-[zero trust]: /docs/background.md#zero-trust
-[Install Pomerium using Helm]: /docs/k8s/helm.md
diff --git a/docs/guides/jwt-verification.md b/docs/guides/jwt-verification.md
deleted file mode 100644
index 355a6a9f7..000000000
--- a/docs/guides/jwt-verification.md
+++ /dev/null
@@ -1,244 +0,0 @@
----
-title: JWT Verification
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, envoy, jwt,
-description: >-
-  This example demonstrates how to verify the Pomerium JWT assertion header using Envoy.
----
-
-# JWT Verification
-This example demonstrates how to verify the [Pomerium JWT assertion header](https://www.pomerium.io/reference/#pass-identity-headers) using [Envoy](https://www.envoyproxy.io/). This is useful for legacy or 3rd party applications which can't be modified to perform verification themselves.
-
-This guide is a practical demonstration of some of the topics discussed in [Mutual Authentication: A Component of Zero Trust].
-
-## Requirements
-- [Docker](https://www.docker.com/)
-- [Docker Compose](https://docs.docker.com/compose/)
-- [mkcert](https://github.com/FiloSottile/mkcert)
-
-This guide assumes you already have a working IdP connection to provide user data. See our [Identity Provider](/docs/identity-providers/readme.md) docs for more information.
-
-## Overview
-Three services are configured in a `docker-compose.yaml` file:
-
-- `pomerium` running an all-in-one deployment of Pomerium on `*.localhost.pomerium.io`
-- `envoy-jwt-checker` running envoy with a JWT Authn filter
-- `httpbin` as our example legacy application without JWT verifivation.
-
-In our Docker Compose configuration we'll define two networks. `pomerium` and `envoy-jwt-checker` will be on the `frontend` network, simulating your local area network (**LAN**). `envoy-jwt-checker` will also be on the `backend` network, along with `httpbin`. This means that `envoy-jwt-checker` is the only other service that can communicate with `httpbin`.
-
-For a detailed explanation of this security model, see [Mutual Authentication With a Sidecar]
-
-Once running, the user visits [verify.localhost.pomerium.io], is authenticated through [authenticate.localhost.pomerium.io], and then the HTTP request is sent to envoy which proxies it to the httpbin app.
-
-Before allowing the request Envoy will verify the signed JWT assertion header using the public key defined by `authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json`.
-
-## Setup
-
-The configuration presented here assumes a working route to the domain space `*.localhost.pomerium.io`. You can make entries in your `hosts` file for the domains used, or change this value to match your local environment.
-
-::: tip
-Mac and Linux users can use DNSMasq to map the `*.localhost.pomerium.io` domain (including all subdomains) to a specified test address:
-
-- [Local Development with Wildcard DNS] (macOS)
-- [Local Development with Wildcard DNS on Linux]
-:::
-
-1. Create a `docker-compose.yaml` file containing:
-
-    ```yaml
-    version: "3.9"
-    networks:
-      frontend:
-        driver: "bridge"
-      backend:
-        driver: "bridge"
-    services:
-      pomerium:
-        image: pomerium/pomerium:latest
-        ports:
-          - "443:443"
-        volumes:
-          - type: bind
-            source: ./cfg/pomerium.yaml
-            target: /pomerium/config.yaml
-          - type: bind
-            source: ./certs/_wildcard.localhost.pomerium.io.pem
-            target: /pomerium/_wildcard.localhost.pomerium.io.pem
-          - type: bind
-            source: ./certs/_wildcard.localhost.pomerium.io-key.pem
-            target: /pomerium/_wildcard.localhost.pomerium.io-key.pem
-        networks:
-          - frontend
-
-      envoy-jwt-checker:
-        image: envoyproxy/envoy:v1.17.1
-        ports:
-          - "10000:10000"
-        volumes:
-          - type: bind
-            source: ./cfg/envoy.yaml
-            target: /etc/envoy/envoy.yaml
-        networks:
-          frontend:
-            aliases:
-              - "httpbin-sidecar"
-          backend:
-
-      httpbin:
-        image: kennethreitz/httpbin
-        ports:
-          - "80:80"
-        networks:
-          - backend
-    ```
-
-1. Using [`mkcert`](https://github.com/FiloSottile/mkcert), generate a certificate for `*.localhost.pomerium.io` in a `certs` directory:
-
-    ```bash
-    mkdir certs
-    cd certs
-    mkcert '*.localhost.pomerium.io'
-    ```
-
-1. Create a `cfg` directory containing the following `envoy.yaml` file. Envoy configuration can be quite verbose, but the crucial bit is the HTTP filter (highlighted below):
-
-    ```yaml{30-49}
-    admin:
-      access_log_path: /dev/null
-      address:
-        socket_address: { address: 127.0.0.1, port_value: 9901 }
-
-    static_resources:
-      listeners:
-        - name: ingress-http
-          address:
-            socket_address: { address: 0.0.0.0, port_value: 10000 }
-          filter_chains:
-            - filters:
-                - name: envoy.filters.network.http_connection_manager
-                  typed_config:
-                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: ingress_http
-                    codec_type: AUTO
-                    route_config:
-                      name: verify
-                      virtual_hosts:
-                        - name: httpbin
-                          domains: ["httpbin-sidecar"]
-                          routes:
-                            - match:
-                                prefix: "/"
-                              route:
-                                cluster: egress-httpbin
-                                auto_host_rewrite: true
-                    http_filters:
-                      - name: envoy.filters.http.jwt_authn
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
-                          providers:
-                            pomerium:
-                              issuer: authenticate.localhost.pomerium.io
-                              audiences:
-                                - httpbin.localhost.pomerium.io
-                              from_headers:
-                                - name: X-Pomerium-Jwt-Assertion
-                              remote_jwks:
-                                http_uri:
-                                  uri: https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json
-                                  cluster: egress-authenticate
-                                  timeout: 1s
-                          rules:
-                            - match:
-                                prefix: /
-                              requires:
-                                provider_name: pomerium
-                      - name: envoy.filters.http.router
-      clusters:
-        - name: egress-httpbin
-          connect_timeout: 0.25s
-          type: STRICT_DNS
-          lb_policy: ROUND_ROBIN
-          load_assignment:
-            cluster_name: httpbin
-            endpoints:
-              - lb_endpoints:
-                  - endpoint:
-                      address:
-                        socket_address:
-                          address: httpbin
-                          port_value: 80
-        - name: egress-authenticate
-          connect_timeout: '0.25s'
-          type: STRICT_DNS
-          lb_policy: ROUND_ROBIN
-          load_assignment:
-            cluster_name: authenticate
-            endpoints:
-              - lb_endpoints:
-                  - endpoint:
-                      address:
-                        socket_address:
-                          address: pomerium
-                          port_value: 443
-          transport_socket:
-            name: tls
-            typed_config:
-              "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
-              sni: authenticate.localhost.pomerium.io
-    ```
-
-    This configuration pulls the JWT out of the `X-Pomerium-Jwt-Assertion` header, verifies the `iss` and `aud` claims and checks the signature via the public key defined at the `jwks.json` endpoint. Documentation for additional configuration options is available here: [Envoy JWT Authentication](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter#config-http-filters-jwt-authn).
-
-1. Create a `pomerium.yaml` file in the `cfg` directory containing:
-
-    ```yaml
-    authenticate_service_url: https://authenticate.localhost.pomerium.io
-
-    certificate_file: "/pomerium/_wildcard.localhost.pomerium.io.pem"
-    certificate_key_file: "/pomerium/_wildcard.localhost.pomerium.io-key.pem"
-
-    idp_provider: google
-    idp_client_id: REPLACE_ME
-    idp_client_secret: REPLACE_ME
-
-    cookie_secret: REPLACE_ME
-    shared_secret: REPLACE_ME
-    signing_key: REPLACE_ME
-
-    routes:
-      - from: https://httpbin.localhost.pomerium.io
-        to: http://httpbin-sidecar:10000
-        pass_identity_headers: true
-        policy:
-          - allow:
-              or:
-                - domain:
-                    is: example.com
-    ```
-
-Replace the identity provider credentials, secrets, and signing key. Adjust the policy to match your configuration.
-
-## Run
-
-You should now be able to run the example with:
-
-1. Turn on the example configuration in Docker:
-
-    ```bash
-    docker-compose up
-    ```
-
-1. Visit [httpbin.localhost.pomerium.io](https://httpbin.localhost.pomerium.io). Login and you will be redirected to the httpbin page.
-
-1. In this network configuration you cannot access `httpbin` directly. However, visiting Envoy directly via [localhost.pomerium.io:10000/](http://localhost.pomerium.io:10000/) will return a `Jwt is missing` error, confirming that you must authenticate with Pomerium to access Envoy, and any services accessible through it.
-
-[authenticate.localhost.pomerium.io]: https://authenticate.localhost.pomerium.io
-[httpbin.localhost.pomerium.io]: https://verify.localhost.pomerium.io
-[Local Development with Wildcard DNS on Linux]: https://sixfeetup.com/blog/local-development-with-wildcard-dns-on-linux
-[Local Development with Wildcard DNS]: https://blog.thesparktree.com/local-development-with-wildcard-dns
-[Mutual Authentication: A Component of Zero Trust]: /docs/topics/mutual-auth.md
-[Mutual Authentication With a Sidecar]: /docs/topics/mutual-auth.md#mutual-authentication-with-a-sidecar
-[verify.localhost.pomerium.io]: https://verify.localhost.pomerium.io
\ No newline at end of file
diff --git a/docs/guides/kubernetes-dashboard.md b/docs/guides/kubernetes-dashboard.md
deleted file mode 100644
index 4c8929139..000000000
--- a/docs/guides/kubernetes-dashboard.md
+++ /dev/null
@@ -1,112 +0,0 @@
----
-title: Kubernetes Dashboard
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, kubernetes, helm, k8s, oauth, dashboard,
-description: >-
-  This guide covers how to add authentication and authorization to kubernetes dashboard using single-sing-on, pomerium, helm, and letsencrypt certificates.
----
-
-# Securing Kubernetes Dashboard
-
-The following guide covers how to secure [Kubernetes Dashboard] using Pomerium. Kubernetes Dashboard is a powerful, web-based UI for managing Kubernetes clusters. Pomerium can act as an independent **identity-aware access proxy** improving and adding single-sign-on to Kubernetes Dashboard's default access control. This is in contrast to most deployments, which use static tokens for access.
-
-![fresh kubernetes dashboard install](./img/k8s-fresh-dashboard.png)
-
-
-This tutorial covers:
-
-- Deploying [Kubernetes Dashboard] using [Helm]
-- Establishing secure Kubernetes Dashboard access through Pomerium
-
-## Before You Begin
-
-This guide builds off of existing articles and guides. It assumes you have deployed Pomerium to your cluster using our Helm charts, configured a certificate solution like [cert-manager], and set up secure access to the Kubernetes API. Follow the instructions in these pages before you continue:
-
-- [Install Pomerium using Helm]
-- [Securing Kubernetes]
-
-## Background
-
-Though securing [Kubernetes Dashboard] as an example may seem contrived, the damages caused by an unsecured dashboard is a real threat vector. In late 2018, Tesla [determined](https://redlock.io/blog/cryptojacking-tesla) that the hackers who were running [crypto-mining malware](https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/) on their cloud accounts came in through an unsecured [Kubernetes Dashboard] instance.
-
-![tesla hacked from kubernetes dashboard](./img/k8s-tesla-hacked.png)
-
-## Install Kubernetes Dashboard
-
-[Kubernetes Dashboard] is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
-
-Use [Helm] to install a new instance of [Kubernetes Dashboard] :
-
-```bash
-helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
-helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard\
-  --set ingress.enabled="false"
-```
-
-That's it. We've now configured the Kubernetes Dashboard in our cluster. We've also explicitly told Helm that we are going to deploy our own custom access to the service through Pomerium instead of a standard ingress.
-
-## Add a Route
-
-Following the configuration defined in [Install Pomerium using Helm], add a route for the Kubernetes Dashboard.
-
-1. Modify `pomerium-values.yaml` with the following route:
-
-    ```yaml
-        - from: https://dashboard.localhost.pomerium.io
-          to: https://kubernetes-dashboard.default.svc.cluster.local
-          allow_spdy: true
-          tls_skip_verify: true
-          kubernetes_service_account_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-          policy:
-            - allow:
-                or:
-                  - domain:
-                      is: pomerium.com
-    ```
-
-    The service account token used for `kubernetes_service_account_token_file` is defined by our [helm chart]. Modify the policy to match your configuration.
-
-1. Access to the dashboard for a user is authorized by the cluster role binding defined in role-based access control (**RBAC**) permissions. Following the [User Permissions] section of [Securing Kubernetes], you should already have permissions for your user, or you can create a new RBAC definition following this example (`rbac-someuser.yaml`):
-
-    ```yaml
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-      name: cluster-admin-crb
-    roleRef:
-      apiGroup: rbac.authorization.k8s.io
-      kind: ClusterRole
-      name: cluster-admin
-    subjects:
-      - apiGroup: rbac.authorization.k8s.io
-        kind: User
-        name: someuser@example.com
-    ```
-
-    Apply the permissions with `kubectl apply -f rbac-someuser.yaml`.
-
-1. Apply the new route to Pomerium with Helm:
-
-    ```bash
-    helm upgrade --install pomerium pomerium/pomerium --values pomerium-values.yaml
-    ```
-
-## Conclusion
-
-Because we've defined RBAC for our users, they can authenticate with Pomerium and Kubernetes will recognize that user in the Dashboard:
-
-<video controls  muted="" playsinline="" width="100%" height="600" control=""><source src="./img/k8s-dashboard-user.mp4" type="video/mp4">
-Your browser does not support the video tag.
-</video>
-
-🎉🍾🎊 **Congratulations!** 🎉🍾🎊 You now have a single-sign-on enabled [Kubernetes Dashboard] protected by Pomerium.
-
-[cert-manager]: https://cert-manager.io/docs/
-[helm chart]: https://github.com/pomerium/pomerium-helm
-[Helm]: https://helm.sh
-[Install Pomerium using Helm]: /docs/k8s/helm.md
-[Kubernetes Dashboard]: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
-[Securing Kubernetes]: /guides/kubernetes.md
-[User Permissions]: /guides/kubernetes.md#user-permissions
diff --git a/docs/guides/kubernetes.md b/docs/guides/kubernetes.md
deleted file mode 100644
index cb0fb59e2..000000000
--- a/docs/guides/kubernetes.md
+++ /dev/null
@@ -1,216 +0,0 @@
----
-title: Kubernetes API / Kubectl
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, kubernetes, helm, k8s, oauth
-description: >-
-  This guide covers how to add authentication and authorization to kubernetes api server using single-sign-on and Pomerium.
----
-
-# Securing Kubernetes
-
-The following guide covers how to secure [Kubernetes] using Pomerium. This is achieved by:
-
-- creating a ClusterRoleBinding for a user,
-- setting a route through Pomerium to the Kubernetes API server,
-- configuring a kubectl context to connect and authorize to the API server through Pomerium.
-
-## Before You Begin
-
-- This guide assumes you've already installed Pomerium in a Kubernetes cluster using our Helm charts. Follow [Pomerium using Helm] before proceeding.
-- This guide assumes you have a certificate solution in place, such as Cert-Manager.
-
-### Pomerium Service Account
-
-Pomerium uses a single service account and user impersonation headers to authenticate and authorize users in Kubernetes. This service account is automatically created by our Helm chart. If you've installed Pomerium without our charts, expand below to manually create the service account.
-
-::: details Manually create service account
-
-To create the Pomerium service account use the following configuration file: (`pomerium-k8s.yaml`)
-
-```yaml
-# pomerium-k8s.yaml
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: default
-  name: pomerium
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: pomerium-impersonation
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - users
-      - groups
-      - serviceaccounts
-    verbs:
-      - impersonate
-  - apiGroups:
-      - "authorization.k8s.io"
-    resources:
-      - selfsubjectaccessreviews
-    verbs:
-      - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: pomerium
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: pomerium-impersonation
-subjects:
-  - kind: ServiceAccount
-    name: pomerium
-    namespace: default
-```
-
-Apply the configuration with:
-
-```bash
-kubectl apply -f ./pomerium-k8s.yaml
-```
-
-:::
-
-### User Permissions
-
-1. To grant access to users within Kubernetes, you will need to configure role-based access control (**RBAC**) permissions. For example, consider the example below, `rbac-someuser.yaml`:
-
-    ```yaml
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-      name: cluster-admin-crb
-    roleRef:
-      apiGroup: rbac.authorization.k8s.io
-      kind: ClusterRole
-      name: cluster-admin
-    subjects:
-      - apiGroup: rbac.authorization.k8s.io
-        kind: User
-        name: someuser@example.com
-    ```
-
-1. Apply the RBAC ClusterRoleBinding:
-
-    ```bash
-    kubectl apply -f rbac-someuser.yaml
-    ```
-
-Permissions can also be granted to groups the Pomerium user is a member of. This allows you to set a single ClusterRoleBinding in Kubernetes and modify access from your IdP.
-
-## Create a Route for the API server
-
-This new route requires a kubernetes service account token. Our Helm chart creates one and makes it available at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
-
-1. Update your `pomerium-values.yaml` file with the following route:
-
-    ```yaml
-      routes:
-        - from: https://k8s.localhost.pomerium.io
-          to: https://kubernetes.default.svc.cluster.local
-          allow_spdy: true
-          tls_skip_verify: true
-          kubernetes_service_account_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-          policy:
-            - allow:
-                or:
-                  - domain:
-                      is: pomerium.com
-    ```
-
-    Change the policy to match your configuration.
-
-1. Apply the updated values with Helm:
-
-    ```bash
-    helm upgrade --install pomerium pomerium/pomerium --values pomerium-values.yaml
-    ```
-
-    This will create a Pomerium route within kubernetes that is accessible from `*.localhost.pomerium.io`.
-
-## Configure Kubectl
-
-The [pomerium-cli] tool can be used by kubectl as a credential plugin. Once configured, connections to the cluster will open a browser window to the Pomerium authenticate service and generate an authentication token that will be used for Kubernetes API calls.
-
-
-To use `pomerium-cli` as an exec-credential provider, update your kubectl config:
-
-```shell
-# Add Cluster
-kubectl config set-cluster via-pomerium --server=https://k8s.localhost.pomerium.io
-# Add Context
-kubectl config set-context via-pomerium --user=via-pomerium --cluster=via-pomerium
-# Add credentials command
-kubectl config set-credentials via-pomerium --exec-command=pomerium-cli \
-  --exec-arg=k8s,exec-credential,https://k8s.localhost.pomerium.io \
-  --exec-api-version=client.authentication.k8s.io/v1beta1
-```
-
-::: details Skip TLS Verification
-If you're using untrusted certificates or need to debug a certificate issue, configure the credential provider without TLS verification:
-
-```shell
-kubectl config set-cluster via-pomerium --server=https://k8s.localhost.pomerium.io \
-  --insecure-skip-tls-verify=true
-kubectl config set-credentials via-pomerium --exec-command=pomerium-cli \
-  --exec-arg=k8s,exec-credential,https://k8s.localhost.pomerium.io,--disable-tls-verification \
-  --exec-api-version=client.authentication.k8s.io/v1beta1
-```
-:::
-
-Here's the resulting configuration:
-
-1. Cluster:
-    ```yaml
-    clusters:
-    - cluster:
-        server: https://k8s.localhost.pomerium.io
-      name: via-pomerium
-    ```
-
-2. Context:
-
-   ```yaml
-   contexts:
-   - context:
-       cluster: via-pomerium
-       user: via-pomerium
-     name: via-pomerium
-   ```
-
-3. User:
-
-   ```yaml
-   - name: via-pomerium
-     user:
-       exec:
-         apiVersion: client.authentication.k8s.io/v1beta1
-         args:
-           - k8s
-           - exec-credential
-           - https://k8s.localhost.pomerium.io
-         command: pomerium-cli
-         env: null
-   ```
-
-With `kubectl` configured you can now query the Kubernetes API via pomerium:
-
-```
-kubectl --context=via-pomerium cluster-info
-```
-
-You should be prompted to login and see the resulting cluster info.
-
-
-[kubernetes]: https://kubernetes.io
-[pomerium-cli]: /docs/releases.md#pomerium-cli
-[Pomerium using Helm]: /docs/k8s/helm.md
diff --git a/docs/guides/local-oidc.md b/docs/guides/local-oidc.md
deleted file mode 100644
index dadcaf8f1..000000000
--- a/docs/guides/local-oidc.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-title: Local OIDC Provider
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, oidc, identity provider, idp
-description: >-
-  This guide covers how to use Pomerium with a local OIDC provider using [qlik/simple-oidc-provider].
----
-
-# Local OIDC Provider
-
-You can use the same below configs for other supported [identity providers](/docs/identity-providers/readme.md).
-
-## Configure
-### Docker-compose
-
-```yaml
-version: "3"
-services:
-  pomerium:
-    image: pomerium/pomerium:latest
-    environment:
-      # Generate new secret keys. e.g. `head -c32 /dev/urandom | base64`
-      - COOKIE_SECRET=<redacted>
-    volumes:
-      # Mount your domain's certificates : https://www.pomerium.com/docs/reference/certificates
-      - ./_wildcard.localhost.pomerium.io-key.pem:/pomerium/privkey.pem:ro
-      - ./_wildcard.localhost.pomerium.io.pem:/pomerium/cert.pem:ro
-      # Mount your config file : https://www.pomerium.com/docs/reference/
-
-      - ./config.yaml:/pomerium/config.yaml
-    ports:
-      - 443:443
-      - 5443:5443
-      - 17946:7946
-    depends_on:
-      - identityprovider
-
-  verify:
-    image: pomerium/verify
-    expose:
-      - 8000
-
-  identityprovider:
-    image: qlik/simple-oidc-provider
-    environment:
-      - CONFIG_FILE=/etc/identityprovider.json
-      - USERS_FILE=/etc/identityprovider-users.json
-    volumes:
-      - ./identityprovider.json:/etc/identityprovider.json:ro
-      - ./identityprovider-users.json:/etc/identityprovider-users.json:ro
-    ports:
-      - 9000:9000
-```
-
-You can generate certificates for `*.localhost.pomerium.io` using [this instruction](/docs/topics/certificates.md#certificates-2)
-
-### Pomerium config
-
-```yaml
-# config.yaml
-# See detailed configuration settings : https://www.pomerium.com/docs/reference/
-
-authenticate_service_url: https://authenticate.localhost.pomerium.io
-
-autocert: false
-
-certificate_file: /pomerium/cert.pem
-certificate_key_file: /pomerium/privkey.pem
-
-idp_provider_url: http://identityprovider:9000
-idp_provider: oidc
-idp_client_id: foo
-idp_client_secret: bar
-
-# Generate 256 bit random keys  e.g. `head -c32 /dev/urandom | base64`
-cookie_secret: <redacted>
-
-# https://pomerium.io/reference/#routes
-routes:
-  - from: https://verify.localhost.pomerium.io
-    to: http://verify:8000
-    policy:
-      - allow:
-          or:
-            - domain:
-                is: example.org
-```
-
-### identityprovider.json
-
-```json
-{
-  "idp_name": "http://identityprovider:9000",
-  "port": 9000,
-  "client_config": [
-    {
-      "client_id": "foo",
-      "client_secret": "bar",
-      "redirect_uris": [
-        "https://authenticate.localhost.pomerium.io/oauth2/callback"
-      ]
-    }
-  ],
-  "claim_mapping": {
-    "openid": [ "sub" ],
-    "email": [ "email", "email_verified" ],
-    "profile": [ "name", "nickname" ]
-  }
-}
-```
-
-### identityprovider-users.json
-
-```json
-[
-  {
-    "id": "SIMPLE_OIDC_USER_ALICE",
-    "email": "alice@example.org",
-    "email_verified": true,
-    "name": "Alice Smith",
-    "nickname": "al",
-    "password": "abc",
-    "groups": ["Everyone", "Engineering"]
-  },
-  {
-    "id": "SIMPLE_OIDC_USER_BOB",
-    "email": "bob@example.org",
-    "email_verified": true,
-    "name": "Bob Smith",
-    "nickname": "bobby",
-    "password": "abc",
-    "groups": ["Everyone", "Sales"]
-  }
-]
-```
-
-## Run
-
-### Edit hosts file
-
-Add following entry to `/etc/hosts`:
-
-```
-127.0.0.1 identityprovider
-```
-
-### Start services
-
-```shell script
-$ docker-compose up -d identityprovider
-$ : wait identityprovider up
-$ docker-compose up -d
-```
-
-Now upon accessing `https://verify.localhost.pomerium.io` you will be redirected to OIDC server for authentication.
-
-[identity provider]: ../docs/identity-providers/readme.md
-[qlik/simple-oidc-provider]: https://hub.docker.com/r/qlik/simple-oidc-provider/
diff --git a/docs/guides/mtls.md b/docs/guides/mtls.md
deleted file mode 100644
index 4f3bff274..000000000
--- a/docs/guides/mtls.md
+++ /dev/null
@@ -1,157 +0,0 @@
----
-title: Client-Side mTLS
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, mtls, client certificate, mutual authentication
-description: >-
-  This guide covers how to use Pomerium to implement mutual authentication
-  (mTLS) for end-users, using client certificates with a custom certificate authority.
----
-
-# Client-Side mTLS With Pomerium
-
-Secure communication on the web typically refers to using signed server certificates with the TLS protocol. TLS connections are both private and authenticated, preventing eavesdropping and impersonation of the server.
-
-To authenticate clients (users), we typically use an identity provider (IDP). Clients must login before they can access a protected endpoint. However the TLS protocol also supports mutual authenticate (mTLS) via signed client certificates.
-
-Pomerium supports requiring signed client certificates with the `client_ca`/`client_ca_file` configuration options. This guide covers how to configure Pomerium to implement mutual authentication using client certificates with a custom certificate authority.
-
-## Before You Begin
-
-- This guide assumes you already have a working Pomerium instance. See our [Quick-Start] doc for installation through Docker, and one of the [Identity Provider] docs to connect it to your IdP. You should also have a working route to test against.
-
-- We will use the `mkcert` application to create the certificates. To install `mkcert` follow the instructions on [Github](https://github.com/FiloSottile/mkcert#installation).
-
-    ::: warning
-    The `mkcert` tool is designed for testing. It creates a locally-trusted root certificate for development purposes. We're using mkcert for this proof-of-concept example, but consider using a different certificate solution for production environments.
-    :::
-
-- For this guide the `localhost.pomerium.io` domain will be our root domain (all subdomains on `localhost.pomerium.io` point to `localhost`).
-
-## Create Certificates
-
-1. Create a trusted root certificate authority (**CA**):
-
-    ```bash
-    mkcert -install
-    ```
-
-1. Create a wildcard certificate for `*.localhost.pomerium.io`:
-
-    ```bash
-    mkcert '*.localhost.pomerium.io'
-    ```
-
-    ::: tip Note
-    If you already have a certificate solution for route ingress, you can skip this step. Client certificates can be validated from a certificate authority independent of the route CA.
-    :::
-
-    This creates two files in the current working directory:
-
-    - `_wildcard.localhost.pomerium.io.pem`
-    - `_wildcard.localhost.pomerium.io-key.pem`
-
-    We will use these files for the server TLS certificate.
-
-1. Create a client TLS certificate:
-
-    ```bash
-    mkcert -client -pkcs12 'yourUsername@localhost.pomerium.io'
-    ```
-
-    This creates a new file in the current working directory:
-
-    - `yourUsername@localhost.pomerium.io-client.p12`
-
-## Configure Pomerium
-
-Pomerium can be configured to require a client certificate for all routes signed by a single CA, or on a per-route basis with the CA set individually.
-
-### Require mTLS for All Routes
-
-Update the `config.yaml` file or environment variables with the following aditions. Replace `/YOUR/MKCERT/CAROOT` in this example with the value of `mkcert -CAROOT`:
-
-::: tip
-This configuration will require client certificates for _all_ routes. See [rquire mTLS per Route](#require-mtls-per-route) to enable mTLS on for specific routes.
-:::
-
-::::: tabs
-:::: tab config.yaml
-
-```yaml
-# If you're using a separate certificate for server-side TLS, leave these keys unchanged.
-certificate_file: "_wildcard.localhost.pomerium.io.pem"
-certificate_key_file: "_wildcard.localhost.pomerium.io-key.pem"
-
-# "$(mkcert -CAROOT)/rootCA.pem"
-client_ca_file: "/YOUR/MKCERT/CAROOT/rootCA.pem"
-```
-
-Alternately, you can encode the client certificate authority as a base64-encoded string (`cat $(mkcert -CAROOT)/rootCA.pem | base64 -w 0`) and provide the value to `client_ca`.
-
-::::
-:::: tab Environment Variables
-```bash
-# If you're using a separate certificate for server-side TLS, leave these variables unchanged.
-CERTIFICATE_FILE="_wildcard.localhost.pomerium.io.pem"
-CERTIFICATE_KEY_FILE="_wildcard.localhost.pomerium.io-key.pem"
-
-# "$(mkcert -CAROOT)/rootCA.pem"
-CLIENT_CA_FILE="/YOUR/MKCERT/CAROOT/rootCA.pem"
-```
-
-Alternately, you can encode the client certificate authority as a base64-encoded string (`cat $(mkcert -CAROOT)/rootCA.pem | base64 -w 0`) and provide the value as `CLIENT_CA`.
-
-::::
-:::::
-
-Start Pomerium.
-
-### Require mTLS per Route
-
-You can define a client certificate authority for an individual route. Use this option to only require mTLS for specific routes, or to require certificates singed by a different CA than the one required by default with `client_ca` or `client_ca_file`:
-
-```yaml{3-4}
-  - from: https://verify.localhost.pomerium.io
-    to: https://verify.pomerium.com
-    # "$(mkcert -CAROOT)/rootCA.pem"
-    tls_downstream_client_ca_file: "/YOUR/MKCERT/CAROOT/rootCA.pem"
-    pass_identity_headers: true
-    policy:
-      - allow:
-          or:
-            - domain:
-                is: example.com
-```
-
-Alternately, you can encode the client certificate authority as a base64-encoded string (`cat $(mkcert -CAROOT)/rootCA.pem | base64 -w 0`) and provide the value to `tls_downstream_client_ca`.
-
-## Install Client Certificate
-
-Because your routes now require a client certificate to be accessed, we must install that client certificate in the browser. The following instructions are for Chrome, but client certificates are supported in all major browsers.
-
-1. Go to `chrome://settings/certificates`:
-
-    ![chrome settings](./img/mtls/01-chrome-settings-certificates.png)
-
-1. Click on **Import** and browse to the directory where you created the certificates above. Choose `_wildcard.localhost.pomerium.io-client.p12`:
-
-    ![import client certificate](./img/mtls/02-import-client-certificate.png)
-
-1. You will be prompted for the certificate password. The default password is **`changeit`**:
-
-    ![enter certificate password](./img/mtls/03-enter-certificate-password.png)
-
-1. The **org-mkcert development certificate** should now be in your list of certificates:
-
-    ![certificate list](./img/mtls/04-certificate-list.png)
-
-## Using the Client Certificate
-
-You can now visit **<https://verify.localhost.pomerium.io>** (or another route you've defined) and you should be prompted to choose a client certificate:
-
-![choose client certificate](./img/mtls/05-select-client-certificate.png)
-
-[Quick-Start]: /docs/install/readme.md
-[Identity Provider]: /docs/identity-providers/readme.md
diff --git a/docs/guides/nginx.md b/docs/guides/nginx.md
deleted file mode 100644
index fe2178fc3..000000000
--- a/docs/guides/nginx.md
+++ /dev/null
@@ -1,99 +0,0 @@
----
-title: Nginx
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, nginx
-description: >-
-  This guide covers how to use Pomerium to protect services behind an nginx
-  proxy.
----
-
-# Securing Nginx
-
-This recipe's sources can be found [on github](https://github.com/pomerium/pomerium/tree/main/examples/nginx)
-
-At the end, you will have a locally running install of [verify](https://verify.pomerium.com/) behind nginx with policy enforced by Pomerium.
-
-## Background
-
-Nginx can be [configured](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) to authorize requests by calling an external authorization service. Pomerium is compatible with this external authentication protocol and can thus be used to protect services behind nginx. In this configuration, Pomerium does not proxy traffic, but authorizes it on behalf of nginx. This is useful for integrating into existing load balancer infrastructure.
-
-For more information on using Pomerium as an external authorization endpoint, see [forward auth](https://www.pomerium.com/reference/#forward-auth) in the Pomerium docs.
-
-## How It Works
-
-- Create a standard pomerium configuration to authenticate against your identity provider (IdP)
-- Configure nginx to authorize incoming requests via pomerium
-- Pomerium authenticates users via IdP
-- Nginx queries Pomerium on each request to verify the traffic is authorized
-- Pomerium verifies the traffic against policy, responding to nginx
-- Nginx proxies the traffic or responds with an error
-
-## Pre-requisites
-
-This recipe is designed to run on a local docker-compose instance. The included configuration can be adopted for any nginx deployment.
-
-- docker
-- docker-compose
-- A copy of the [example repo](https://github.com/pomerium/pomerium/tree/main/examples/nginx) checked out
-- Valid credentials for your OIDC provider
-- (Optional) `mkcert` to generate locally trusted certificates
-
-## Certificates (optional)
-
-This demo comes with its own certificates, but they will generate warnings in your browser. You may instead provide your own or use [mkcert](https://github.com/FiloSottile/mkcert) to generate locally trusted certificates.
-
-After installing `mkcert`, run the following inside the example repo:
-
-```bash
-mkcert -install
-   mkcert '*.localhost.pomerium.io'
-```
-
-This will install a trusted CA and generate a new wildcard certificate:
-
-- `_wildcard.localhost.pomerium.io.pem`
-- `_wildcard.localhost.pomerium.io-key.pem`
-
-To provide your own certificates through another mechanism, please overwrite these files or update `docker-compose.yaml` accordingly.
-
-## Configure
-
-### Pomerium
-
-Update `config.yaml` with your IdP settings and desired policy
-
-<<< @/examples/nginx/config.yaml
-
-### Nginx - pomerium
-
-Nginx configuration for Pomerium endpoints
-
-<<< @/examples/nginx/pomerium.conf
-
-### Nginx - verify
-
-Nginx configuration for the protected endpoint
-
-<<< @/examples/nginx/verify.conf
-
-### Docker Compose
-
-<<< @/examples/nginx/docker-compose.yaml
-
-Run `docker-compose up`. After a few seconds, browse to [verify.localhost.pomerium.io](https://verify.localhost.pomerium.io).
-
-You should be prompted to log in through your IdP and then granted access to the deployed `verify` instance.
-
-## That's it!
-
-Your `verify` install is protected by Pomerium.
-
-## Adapting
-
-To re-use the configuration in this demo in other contexts:
-
-- Update `verify.conf` to reflect the correct forward auth URL in `location @error401`
-- Update `pomerium.conf` to reflect the pomerium hostname(s) or IP(s) in `upstream pomerium`
-- Update `pomerium.conf` to reflect your pomerium authenticate and forward auth hostnames in `server_name`
diff --git a/docs/guides/readme.md b/docs/guides/readme.md
deleted file mode 100644
index 582c66098..000000000
--- a/docs/guides/readme.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# Overview
-
-This section contains applications, and scenario specific guides for Pomerium.
-
-- The [ad-guard](./ad-guard.md) recipe demonstrates how Pomerium can be used to augment web applications that only support simplistic authorization mechanisms like basic-auth with single-sign-on driven access policy.
-- The [argo](./argo.md) guide demonstrates how Pomerium can be used to add access control to [Argo](https://argoproj.github.io/projects/argo).
-- The [Client-Side mTLS](./mtls.md) guide demonstrates how Pomerium can be used to add mutual authentication to end-user connections using client certificates and a custom certificate authority.
-- The [Cloud Run](./cloud-run.md) recipe demonstrates deploying Pomerium to Google Cloud Run as well as using it to Authorize users to protected Cloud Run endpoints.
-- Secure [Cockpit](./cockpit.md), a web GUI for Linux server administration, behind a Pomerium route.
-- The [code-server](./code-server.md) guide demonstrates how Pomerium can be used to add access control to third-party applications that don't ship with [fine-grained access control](https://github.com/cdr/code-server/issues/905). code-server is a tool to run Visual Studio code as a web application.
-- See [Device Admin-Enrollment](./admin-enroll-device.md) to create pre-approved device enrollment links in the Pomerium Enterprise Console.
-- See [Device User-Enrollment](./enroll-device.md) to learn how to register a security device (TPM, Yubikey, etc) to access routes requiring a device ID.
-- The [GitLab](./gitlab.md) guide covers securing a self-hosted instance of GitLab using Pomerium.
-- Our [Grafana](./grafana.md) guide explains how to secure Grafana with Pomerium and integrate user sign-in using our JWT.
-- The [JWT Verification](./jwt-verification.md) guide demonstrates how to verify the Pomerium JWT assertion header using Envoy.
-- The [Kubernetes Dashboard](./kubernetes-dashboard.md) guide covers how to secure Kubernetes dashboard using Pomerium.
-- The [kubernetes](./kubernetes.md) guide covers how to add authentication and authorization to kubernetes dashboard using helm, and letsencrypt certificates. This guide also shows how third party reverse-proxies like nginx/traefik can be used in conjunction with Pomerium using forward-auth.
-- The [local OIDC](./local-oidc.md) guide demonstrates how Pomerium can be used with local OIDC server for dev/testing.
-- Our [Synology](./synology.md) guide demonstrates how lightweight Pomerium is by installing it on a Synology NAS or similar low-resource product.
-- The [TiddlyWiki](./tiddlywiki.md) guide demonstrates how Pomerium can be used to add authentication and authorization to web application using authenticated header.
-- The [Transmission](./transmission.md) guide demonstrates how Pomerium can act as an authentication and authorization proxy for your Transmission daemon's RPC interface, which only provides unencrypted HTTP auth out of the box.
-- [Upstream mTLS With Pomerium](./upstream-mtls.md) explains how to provide a client certificate (mTLS) from Pomerium to an upstream service.
\ No newline at end of file
diff --git a/docs/guides/synology.md b/docs/guides/synology.md
deleted file mode 100644
index 77ce04e5e..000000000
--- a/docs/guides/synology.md
+++ /dev/null
@@ -1,229 +0,0 @@
----
-title: Synology
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, synology, docker, dsm, nas
----
-
-# Synology
-
-Pomerium can be used to enable secure access to services on your Synology home server or network attached storage (NAS) device. Pomerium acting as an identity aware access proxy is particularly useful as many [self-hosted apps] lack or have insufficient built-in authentication mechanisms.
-
-Using Pomerium on your Synology DSM device enables:
-
-- Secure remote access to docker and synology web-applications without a VPN.
-- Unified, multi-factor authentication with your identity provider of choice.
-- Access to services by sub-domain (e.g. `plex.int.nas.example` or `wiki.int.nas.example`)
-- TLS everywhere.
-
-Pomerium is lightweight, can easily handle hundreds of concurrent requests, and a single instance typically uses <20MB of memory and very little CPU.
-
-## Prerequisites
-
-- A [docker-capable] synology product
-- A [Google Cloud Account](https://console.cloud.google.com/)
-- A configured [identity provider]
-- [TLS certificates][certificate documentation]
-
-Though any supported [identity provider] would work, this guide uses google.
-
-## Port forwarding
-
-This will vary depending on what type of router you have but the gist is you want to be forwarding all HTTPS/TLS traffic from port `443` to your NAS on some high port (in this case`8443`).
-
-![Synology configure firewall rules](./img/synology-firewall-rules.png)
-
-## DSM
-
-[Diskstation manager] uses [nginx] under-the-hood to proxy incoming requests. In the following steps, we'll configure DSM to handle incoming requests and certificates.
-
-### Configure DSM's Reverse Proxy
-
-Go to **Control Panel** > **Application Portal** > **Reverse Proxy**.
-
-Click **Create**.
-
-Set the following **Reverse Proxy Rules**.
-
-Field                | Description
--------------------- | -----------
-Description          | pomerium
-Source Protocol      | HTTPS
-Source Hostname      | *
-Destination Port     | 8443
-HTTP/2               | Enabled
-HSTS                 | Enabled
-Destination Protocol | HTTP
-Destination Hostname | localhost
-Destination Port     | 32443
-
-![Synology setup nginx reverse proxy](./img/synology-reverse-proxy.png)
-
-This will forward any incoming HTTPS traffic to the Pomerium service that is (not yet) running on port **32443**.
-
-### Certificates
-
-Though DSM does support getting [LetsEncrypt] certificates, they do not support wild-card subdomain certificates which require DNS validation. If you do not already have a wildcard certificate the [certificate documentation] or included [script] can help you generate one.
-
-Go to **Control Panel** > **Security** > **Certificate**
-
-Click **add a new certificate** > **Import certificate**.
-
-Add the certificate chain for your wild-card subdomain certificates.
-
-Once the certificate is showing on the list of certificates screen we need to tell DSM to use that certificate for all incoming traffic on port **8443**.
-
-**Click configure**
-
-Services | Certificate
--------- | -------------------
-*:8443   | `*.int.nas.example`
-
-![Synology assign wildcard certificate](./img/synology-certifciate-assignment.png)
-
-## Docker
-
-### Download
-
-Download and install docker from the package manager.
-
-**Package manager** > **search** > **docker**
-
-![Synology download pomerium docker image](./img/synology-docker-package-center.png)
-
-Once installed open the docker app.
-
-**Docker** > **Registry** > **search** > **pomerium**
-
-**Download** the official Pomerium docker image.
-
-![Synology download pomerium docker image](./img/synology-docker-pomerium-package.png)
-
-We'll also need a test application to manage access to. For this guide we'll use the canonical test app [httpbin] but the this could be any [self-hosted apps], wiki, download tool, etc.
-
-![Synology download httpbin docker image](./img/synology-httpbin.png)
-
-### Route
-
-We will create an extremely basic route where `httpbin.int.nas.example` is replaced with the subdomain you want to use for the httpbin service, and `your.email.address@gmail.com` is replaced with your email address. All other users will be denied, and all other routes will be `404`.
-
-```yaml
-# route.yaml
-- from: https://httpbin.int.nas.example
-  to: http://httpbin
-  policy:
-    - allow:
-        or:
-          - email:
-              is: your.email.address@gmail.com
-```
-
-### Configure
-
-#### Httpbin
-
-First, we'll setup our test app [httpbin].
-
-Go to **Docker** > **Image**
-
-Click **httpbin**
-
-Set the **Container Name** to `httpbin`. Keep the rest of the settings the default.
-
-Click **apply**
-
-![Synology launch httpbin](./img/synology-docker-httpbin.png)
-
-This will create a small python webserver on port 80\. The container name we just used will be used as an alias to route requests as defined in our policy.
-
-#### Pomerium
-
-Go to **Docker** > **Image**
-
-Click **Pomerium**
-
-Click **Launch**
-
-Set the **Container Name** to `Pomerium`.
-
-![Synology pomerium create container](./img/synology-docker-pomerium-create-container.png)
-
-Click **Advanced Settings**
-
-Go to **Port Settings** tab.
-
-Add an entry where the **Local Port** is **32443** and the container port is **443** and the type is **TCP**.
-
-![Synology pomerium port settings docker](./img/synology-docker-port-settings.png)
-
-Go to **Links** tab.
-
-Add an entry where the **Container Name** is `httpbin` and the **alias** is `httpbin`.
-
-::: warning
-
-The alias value must match the `to` DNS name from your policy.yaml configuration.
-
-:::
-
-![Synology pomerium set alias to app](./img/synology-docker-pomerium-alias.png)
-
-These are the minimum set of configuration settings to get Pomerium running in this deployment environment.
-
-Go to **Environment** tab.
-
-Field                    | Value
------------------------- | ---------------------------------------------------------------
-POLICY                   | output of `base64 -i policy.yaml`
-INSECURE_SERVER          | `TRUE`, internal routing within docker will not be encrypted.
-IDP_CLIENT_SECRET        | Values from setting up your [identity provider]
-IDP_CLIENT_ID            | Values from setting up your [identity provider]
-IDP_PROVIDER             | Values from setting up your [identity provider] (e.g. `google`)
-COOKIE_SECRET            | output of `head -c32 /dev/urandom                               | base64`
-AUTHENTICATE_SERVICE_URL | `https://authenticate.int.nas.example`
-SHARED_SECRET            | output of `head -c32 /dev/urandom                               | base64`
-
-For a detailed explanation, and additional options, please refer to the [configuration variable docs]. Also note, though not covered in this guide, settings can be made via a mounted configuration file.
-
-Click **Launch**.
-
-If properly configured you should see something like the following when you see the container's details.
-
-![Synology pomerium all setup](./img/synology-docker-pomerium-done.png)
-
-If something goes wrong, click the **Logs** tab.
-
-## Try it out
-
-Navigate to your new service. `https://httpbin.int.nas.example`
-
-You should be redirected to your identity provider.
-
-![Synology redirected login](./img/synology-step-1-redirect.png)
-
-If you've enabled multi-factor authentication you should see that too.
-
-![Synology multi-factor authentication](./img/synology-step-2-mfa.png)
-
-If that user is authorized to see the httpbin service, you should be redirected back to httpbin!
-
-![Synology done](./img/synology-step-3-validate-header.png)
-
-You can also navigate to the special pomerium endpoint `httpbin.your.domain.example/.pomerium/` to see your current user details.
-
-![currently logged in user](../docs/install/img/logged-in-as.png)
-
-And just to be safe, try logging in from another google account to see what happens. You should be greeted with a `403` unauthorized access page.
-
-![Synology done](./img/synology-step-4-unauthorized.png)
-
-[certificate documentation]: /docs/topics/certificates.md
-[configuration variable docs]: /reference/readme.md
-[diskstation manager]: https://www.synology.com/en-us/dsm
-[docker-capable]: https://www.synology.com/en-us/dsm/packages/Docker
-[httpbin]: https://httpbin.org
-[identity provider]: /docs/identity-providers/readme.md
-[letsencrypt]: https://letsencrypt.org/
-[nginx]: https://www.nginx.com
-[self-hosted apps]: https://github.com/Kickball/awesome-selfhosted
diff --git a/docs/guides/tcp.md b/docs/guides/tcp.md
deleted file mode 100644
index b8765d313..000000000
--- a/docs/guides/tcp.md
+++ /dev/null
@@ -1,174 +0,0 @@
----
-title: TCP Services
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, ssh, tcp, postgres, database, redis, mysql
-description: >-
-  This guide covers how to use Pomerium to protect TCP services such as SSH, Postgres and Redis.
----
-
-# Securing TCP based services
-
-The following guide demonstrates how to use Pomerium's [TCP Proxying](/docs/tcp/readme.md) support with various TCP services such as databases and other non-HTTP protocols.  It also covers integration points with them when possible.
-
-The source files from this guide can be found on [GitHub](https://github.com/pomerium/pomerium/tree/main/examples/tcp/).
-
-## Background
-
-When replacing a traditional VPN, there are often non-HTTP based applications which must still be reachable.  Pomerium is able to provide the same type of protection to these services by using a client side application to proxy TCP connections.  Authentication and authorization configuration is shared with standard HTTP routes, and the underlying transport is still encrypted between the end-user and Pomerium.
-
-Important notes:
-
-- Pomerium authorizes HTTP on a request-by-request basis, but TCP is authorized on a per-connection basis.
-- Pomerium is only authorizing the TCP *connection*. It does not interact with application level authorization systems at this time.
-
-## How it works
-
-* Create a standard Pomerium configuration for your [identity provider (IdP)](/docs/identity-providers/readme.md)
-* `pomerium-cli` runs on your workstation, listening on loopback for TCP connections
-* When an inbound connection is made, `pomerium-cli` proxies the connection through `pomerium`, authenticating the user if needed
-* Pomerium authorizes the connection and forwards it to the upstream service
-* The connecting application functions as normal
-
-## Pre-requisites
-
-This recipe is designed to run on a local docker-compose instance. The included configuration can be adopted for any TCP service, however.
-
-* docker
-* docker-compose
-* A copy of the [example repo](https://github.com/pomerium/pomerium/tree/main/examples/tcp/) checked out
-* Valid credentials for your OIDC provider
-* The [Pomerium Client](/docs/releases.md#pomerium-cli) installed
-* (Optional) `mkcert` to generate locally trusted certificates
-
-## Certificates (optional)
-
-This demo comes with its own certificates, but `pomerium-cli` and your browser will not trust them by default. You may instead provide your own or use [mkcert](https://github.com/FiloSottile/mkcert) to generate locally trusted certificates.
-
-After installing `mkcert`, run the following inside the example repo:
-
-```bash
-mkcert -install
-   mkcert '*.localhost.pomerium.io'
-```
-
-This will install a trusted CA and generate a new wildcard certificate:
-
-- `_wildcard.localhost.pomerium.io.pem`
-- `_wildcard.localhost.pomerium.io-key.pem`
-
-To provide your own certificates through another mechanism, please overwrite these files or update `docker-compose.yaml` accordingly.
-
-## Configure
-
-### Pomerium
-
-Update `config.yaml` with your IdP settings and desired policy if adopting for your environment
-
-<<< @/examples/tcp/config.yaml
-
-### Docker Compose
-
-Create a `docker-compose.yaml` file to run Pomerium and, optionally, the services being demonstrated.
-
-Included in our compose file:
-
-- SSH
-- Postgres
-- Redis
-
-<<< @/examples/tcp/docker-compose.yaml
-
-## Connect
-
-To connect to your service, ensure [`pomerium-cli`](/docs/releases.md#pomerium-cli) is in your `$PATH` and run the `tcp` command, specifying the service you wish to reach.
-
-```bash
-pomerium-cli tcp [hostname]:[port]
-```
-
-`pomerium-cli` will select a random port on `localhost` by default, but you can specify a port manually if desired.  Keep reading for some specific application examples using the sample `docker-compose.yaml`.
-
-## Redis
-
-```bash
-# Start a proxy to redis in the background
-% pomerium-cli tcp redis.localhost.pomerium.io:6379 --listen localhost:6379 &
-3:01PM INF tcptunnel: listening on 127.0.0.1:6379
-
-# Start the redis client
-% redis-cli
-3:01PM INF tcptunnel: opening connection dst=redis.localhost.pomerium.io:6379 proxy=redis.localhost.pomerium.io:443 secure=true
-3:01PM INF tcptunnel: opening connection dst=redis.localhost.pomerium.io:6379 proxy=redis.localhost.pomerium.io:443 secure=true
-3:01PM INF tcptunnel: connection established
-127.0.0.1:6379> keys *
- 1) "type.googleapis.com/session.Session_last_version"
- 2) "type.googleapis.com/user.User"
- 3) "type.googleapis.com/session.Session"
- 4) "type.googleapis.com/user.User_version_set"
- 5) "type.googleapis.com/user.User_last_version"
- 6) "server_version_last_version"
- 7) "type.googleapis.com/session.Session_version_set"
- 8) "server_version_version_set"
- 9) "server_version"
-10) "type.googleapis.com/directory.User_last_version"```
-```
-
-## Postgres
-
-In our example docker-compose, we have configured `supersecret` as the password for the `postgres` user.
-
-```bash
-# Start a proxy to postgres in the background
-% pomerium-cli tcp pgsql.localhost.pomerium.io:5432 --listen localhost:5432 &
-3:07PM INF tcptunnel: listening on 127.0.0.1:5432
-
-# Connect and list the schemas after password authentication
-% psql -h localhost -W -U postgres -c '\dn'
-Password:
-3:06PM INF tcptunnel: opening connection dst=pgsql.localhost.pomerium.io:5432 proxy=pgsql.localhost.pomerium.io:443 secure=true
-3:06PM INF tcptunnel: connection established
-  List of schemas
-  Name  |  Owner
---------+----------
- public | postgres
-(1 row)
-```
-
-## SSH
-
-SSH clients can make use of external programs to establish a connection to a host.  Most frequently, this is for using an SSH jump host to reach a target system.  However, any transport application can be used.  `pomerium-cli`'s `tcp` command can be used in conjunction with this configuration.  Read on to see how.
-
-More Info:
-
-- [https://man.openbsd.org/ssh_config.5#ProxyCommand](https://man.openbsd.org/ssh_config.5#ProxyCommand)
-- [https://www.redhat.com/sysadmin/ssh-proxy-bastion-proxyjump](https://www.redhat.com/sysadmin/ssh-proxy-bastion-proxyjump)
-
-### Setup
-
-To configure your SSH client to use Pomerium's TCP support for SSH routes, create an entry as follows in your `ssh_config` or `~/.ssh/config`:
-
-```
-Host *.localhost.pomerium.io
-    ProxyCommand pomerium-cli tcp --listen - %h:%p
-```
-
-* Be sure to substitute your domain for `localhost.pomerium.io`
-* Be sure `pomerium-cli` is in your `$PATH`
-
-### Connecting
-
-That's it!  A Pomerium proxy will be started *automatically* whenever you ssh to a host under `localhost.pomerium.io`.
-
-In our example docker-compose, we have an SSH server configured with `supersecret` as the password for `myuser`.
-
-```bash
-% ssh myuser@ssh.localhost.pomerium.io
-3:19PM INF tcptunnel: opening connection dst=ssh.localhost.pomerium.io:22 proxy=ssh.localhost.pomerium.io:443 secure=true
-3:19PM INF tcptunnel: connection established
-myuser@ssh.localhost.pomerium.io's password:
-Welcome to OpenSSH Server
-
-5c9f4fa5f5f7:~$
-```
diff --git a/docs/guides/tiddlywiki.md b/docs/guides/tiddlywiki.md
deleted file mode 100644
index e1e441388..000000000
--- a/docs/guides/tiddlywiki.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: TiddlyWiki
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, wiki, tiddlywiki
-description: >-
-  This guide covers how to add authentication and authorization to a hosted, fully, online instance of TiddlyWiki.
----
-
-# Securing TiddlyWiki on Node.js
-
-This guide covers using Pomerium to add authentication and authorization to an instance of [TiddlyWiki on NodeJS](https://tiddlywiki.com/static/TiddlyWiki%2520on%2520Node.js.html).
-
-## What is TiddlyWiki on Node.js
-
-TiddlyWiki is a personal wiki and a non-linear notebook for organizing and sharing complex information. It is available in two forms:
-
-- a single HTML page
-- [a Node.js application](https://www.npmjs.com/package/tiddlywiki)
-
-We are using the Node.js application in this guide.
-
-## Where Pomerium fits
-
-TiddlyWiki allows a simple form of authentication by using authenticated-user-header parameter of [listen command](https://tiddlywiki.com/static/ListenCommand.html). Pomerium provides the ability to login with well-known [identity providers](../docs/identity-providers/readme.md#identity-provider-configuration).
-
-## Pre-requisites
-
-This guide assumes you have already completed one of the [quick start] guides, and have a working instance of Pomerium up and running. For purpose of this guide, We will use docker-compose, though any other deployment method would work equally well.
-
-## Configure
-
-### Pomerium Config
-
-```yaml
-jwt_claims_headers: email
-policy:
-- from: https://wiki.example.local
-  to: http://tiddlywiki:8080
-  policy:
-    - allow:
-        or:
-          - email:
-              is: reader1@example.com
-          - email:
-              is: writer1@example.com
-```
-### Docker-compose
-
-<<< @/examples/tiddlywiki/docker-compose.yaml
-
-### That's it
-
-Navigate to your TiddlyWiki instance (e.g. `https://wiki.example.local`) and log in:
-
-* as reader1@example.com: user can read the wiki, but there is no create new tiddler button is show up.
-
-* as writer1@example.com: user can read the wiki and create new tiddlers.
-
-* as another email: pomerium displays a permission denied error.
-
-[quick start]: /docs/install/readme.md
diff --git a/docs/guides/traefik-ingress.md b/docs/guides/traefik-ingress.md
deleted file mode 100644
index ce2ab8596..000000000
--- a/docs/guides/traefik-ingress.md
+++ /dev/null
@@ -1,120 +0,0 @@
----
-title: Traefik Ingress
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, traefik, kubernetes, forwardauth, forward auth, external, helm, k8s, ingress
-description: >-
-  This guide covers how to use Pomerium to secure Traefik when used as a Kubernetes Ingress Controller
----
-
-# Securing Traefik Ingress
-
-This guide's sources can be found [on github](https://github.com/pomerium/pomerium/tree/main/examples/traefik-ingress).
-
-At the end, you will have an install of a hello-world app proxied by [Traefik](https://containo.us/traefik/) with authorization policy enforced by Pomerium.
-
-This guide specifically demonstrates using Traefik and Pomerium in the context of a [Kubernetes Ingress](https://docs.traefik.io/providers/kubernetes-ingress/) controller, but the patterns can be utilized anywhere [Traefik is deployed](https://docs.traefik.io/providers/overview/).
-
-## Background
-
-Traefik can be [configured](https://docs.traefik.io/middlewares/forwardauth/) to authorize requests by calling a remote authorization service.  Pomerium is compatible with this protocol and can thus be used to protect services behind Traefik.  In this configuration, Pomerium does not directly proxy traffic, but only performs authorization decisions on behalf of Traefik.  This is useful for integrating into existing load balancer infrastructure.
-
-For more information on using Pomerium as an external authorization endpoint, see [forward auth](https://www.pomerium.com/reference/#forward-auth) in the Pomerium docs.
-
-## How It Works
-
-- Install Traefik as an [Ingress Controller](https://kubernetes.io/docs/concepts/services-networking/ingress/) on your Kubernetes cluster
-- Install a standard Pomerium configuration with `forwardauth` enabled
-- Create [middleware](https://docs.traefik.io/middlewares/forwardauth/#configuration-examples) to use Pomerium for authorization
-- Install an application with an `Ingress` resource configured to use the Pomerium authorization `middleware`
-- Pomerium authenticates users via [Identity Provider](https://www.pomerium.com/docs/identity-providers/)
-- Traefik queries Pomerium on each request to verify the traffic is authorized
-- Pomerium verifies the traffic against policy, responding to Traefik
-- Traefik proxies the traffic or responds with an error
-
-## Pre-requisites
-
-- Access to a Kubernetes cluster
-- [Helm](https://helm.sh/) (already initialized if using helm v2)
-- A copy of the [example repo](https://github.com/pomerium/pomerium/tree/main/examples/traefik-ingress) checked out
-- Valid credentials for your OIDC provider
-- (Optional) `mkcert` to generate locally trusted certificates
-
-This guide is optimized to run on a local kubernetes install in [Docker Desktop](https://www.docker.com/products/docker-desktop), however the configuration should be easily portable to [minikube](https://kubernetes.io/docs/tutorials/hello-minikube/) or traditional clusters.
-
-If running in minikube or other non-local clusters, you will need to use `kubectl port-forward` to forward traffic from `127.0.0.1:[80,443]` to the Traefik service in Kubernetes, or replace `*.localhost.pomerium.io` references with your own domain.
-
-For the purposes of the guide, all resources are installed inside the namespace `pomerium`.
-
-## Certificates (optional)
-
-This demo comes with its own certificates, but they will generate warnings in your browser. You may instead provide your own or use [mkcert](https://github.com/FiloSottile/mkcert) to generate locally trusted certificates.
-
-After installing `mkcert`, run the following inside the example repo:
-
-```bash
-mkcert -install
-   mkcert '*.localhost.pomerium.io'
-```
-
-This will install a trusted CA and generate a new wildcard certificate:
-
-- `_wildcard.localhost.pomerium.io.pem`
-- `_wildcard.localhost.pomerium.io-key.pem`
-
-To provide your own [certificates](https://www.pomerium.com/reference/#certificates) through another mechanism, please overwrite these files or update the `Ingress` configurations accordingly.
-
-## Configure
-
-### Pomerium
-
-Update `values/pomerium.yaml` with your Identity Provider settings, domain names and policy
-
-<<< @/examples/traefik-ingress/values/pomerium.yaml
-
-### Traefik
-
-Helm chart values:
-
-<<< @/examples/traefik-ingress/values/traefik.yaml
-
-:::tip
-Please note `forwardedHeaders.insecure` must be set on the entrypoint in front of Pomerium proxy if you are routing forward auth requests through Traefik.  See [docs](https://docs.traefik.io/routing/entrypoints/#forwarded-headers) for more information.
-:::
-
-Middleware:
-
-<<< @/examples/traefik-ingress/crds/middleware.yaml
-
-::: warning
-Please note `trustForwardHeader: true` must be set for the middleware to work correctly.  See [docs](https://docs.traefik.io/middlewares/forwardauth/#trustforwardheader) for more information.
-:::
-
-### Hello
-
-Helm chart values:
-
-<<< @/examples/traefik-ingress/values/hello.yaml
-
-## Install
-
-### Add helm repos
-
-<<< @/examples/traefik-ingress/add_repos.sh
-
-### Install charts and CRDs
-
-<<< @/examples/traefik-ingress/install.sh
-
-After 1-2 minutes, browse to [hello.localhost.pomerium.io](https://hello.localhost.pomerium.io).
-
-You should be prompted to log in through your IdP and then granted access to the deployed `hello` instance.
-
-## That's it!
-
-Your `hello` application is protected by Pomerium.
-
-Here's a run through of the steps in this demo:
-
-<iframe width="800" height="500" src="https://www.youtube.com/embed/wrvNV9fP5hw?rel=0" frameborder="0" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
diff --git a/docs/guides/transmission.md b/docs/guides/transmission.md
deleted file mode 100644
index 140aea281..000000000
--- a/docs/guides/transmission.md
+++ /dev/null
@@ -1,115 +0,0 @@
----
-title: Transmission
-lang: en-US
-meta:
-  - name: keywords
-    content: >-
-      pomerium, bittorrent, torrent, identity access proxy, transmission-daemon, transmission, authentication, authorization
-description: >-
-  Learn how to use Pomerium as an authentication and authorization proxy for a Transmission torrent daemon.
----
-
-# Securing Transmission's RPC interface.
-
-This guide demonstrates how Pomerium can secure a [Transmission] daemon. Pomerium is an identity-aware access proxy that can add single-sign-on / access control to any service.
-
-## Transmission
-
-[Transmission] is a powerful BitTorrent client that's highly customizable. It's often run remotely as a system daemon, and interacted with through a remote client using a [Remote Procedure Call](https://en.wikipedia.org/wiki/Remote_procedure_call) (**RPC**) interface.
-
-The BitTorrent protocol is widely used in the distribution of large open-source softwares, like Linux distribution images and source code. Using Transmission as a system daemon, you can monitor and automatically download the latest versions to a local distribution server.
-
-While there are software clients available to interact with the daemon over RPC, the easiest option is often to use the web interface built into the Transmission daemon package. Unfortunately, the service is only built to communicate over unencrypted HTTP, using basic [HTTP authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication). Using Pomerium, we can encrypt traffic from anywhere in the world to the local network hosting the Transmission service, and restrict access to authenticated users.
-
-::: warning
-Because RPC traffic to and from a Transmission daemon is unencrypted, we strongly suggest you only communicate from Pomerium to Transmission on a trusted private network. Note that some cloud hosting providers differentiate "private networking" (which is visible to all hosts in a data center) from "VLANS" which are only visible to your hosts. While you can configure a local proxy on your Transmission host to provide TLS encryption, that configuration is outside of the scope of this guide.
-
-Running Pomerium and Transmission on the same host, using [docker](/docs/install/readme.md) for example,  negates this concern.
-:::
-
-## Before You Begin
-
-This guide assumes you've completed one of the [quick start] guides, and have a running instance of Pomerium configured. This guide also assumes that Pomerium and Transmission will both run on separate hosts (physical or virtual machines) on the same private network (LAN or VLAN), but the configuration could be easily adjusted to fit your setup.
-
-In addition to a working instance of Pomerium, have ready the [private IP addresses](https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses) for the Pomerium and Transmission hosts. If you're running both on the same host, you can substitute `localhost` for both.
-
-## Configuration
-
-### Pomerium Config
-
-Edit your `config.yaml` file to add the following policy. Note that `<>` denotes placeholder values that must be replaced if copying this config directly:
-
-```yml
-routes:
-  - from: https://<transmission.mydomain.com> # Replace with the domain you want to use to access Transmission
-    to: http://<private.ip.address>:9091 # Replace with the private network address of the Transmission host, or `localhost` if running on the same host.
-    policy:
-      - allow:
-          or:
-            - email:
-                is: myUser@mydomain.com # Replace with authorized user(s), or remove if using group permissions only.
-            - groups:
-                has: "<transmission-users>" # Replace with authorized user group(s), or remove if using user permissions only.
-```
-Remember to restart the Pomerium instance after saving your changes.
-
-### Transmission Config
-
-:::tip
-Don't forget to switch your terminal prompt to the Transmission host before continuing.
-:::
-
-1. If you don't already have the Transmission daemon installed, install it through your distro's package manager. The commands to install and configure Transmission below assume a Debian-based Linux distribution, but can be adapted for any Linux distro:
-
-    ```bash
-    sudo apt update && sudo apt install transmission-daemon
-    ```
-
-1. Because Transmission writes over its configuration file when running, stop the service before continuing:
-
-    ```bash
-    sudo systemctl stop transmission-daemon.service
-    ```
-
-1. In your preferred text editor, open `/etc/transmission-daemon/settings.json` with `sudo` or as the root user. Look for the following key/value pairs, and edit appropriately.
-
-    - Because we are using Pomerium to authenticate, disable HTTP auth:
-
-      ```json
-      "rpc-authentication-required": false,
-      ```
-
-    - Confirm that RPC is enabled:
-
-      ```json
-      "rpc-enabled": true,
-      ```
-
-    - Enable and configure the RPC Host whitelist. This ensures that the service will only work when accessed from the domain defined in Pomerium's `config.yaml` file (the `policy.from` key). This helps to mitigate DNS hijacking attack vectors:
-
-      ```json
-      "rpc-host-whitelist": "<transmission.mydomain.com>",
-      "rpc-host-whitelist-enabled": true,
-      ```
-
-    - Enable and configure the RPC whitelist to only allow access from the Pomerium gateway. The value should be the private IP address of the Pomerium host, or `localhost` if running on the same host:
-
-      ```json
-      "rpc-whitelist": "<pomerium.host.address>",
-      "rpc-whitelist-enabled": true,
-      ```
-
-1. After saving and closing `settings.json`, restart the service:
-
-    ```bash
-    sudo systemctl start transmission-daemon.service
-    ```
-
-You should now be able to authenticate and access your Transmission daemon remotely in the web browser, with TLS encryption!
-
-![The Transmission web interface, secured with Pomerium](./img/transmission-demo.png)
-
-In addition to the lock symbol in your browser's address bar, you can go to `<transmission.mydomain.com>/.pomerium` to view and confirm your session details.
-
-[Transmission]: https://transmissionbt.com/
-[quick start]: /docs/install/readme.md
diff --git a/docs/guides/upstream-mtls.md b/docs/guides/upstream-mtls.md
deleted file mode 100644
index b8939a8b8..000000000
--- a/docs/guides/upstream-mtls.md
+++ /dev/null
@@ -1,165 +0,0 @@
----
-title: Upstream mTLS
-lang: en-US
-meta:
-  - name: keywords
-    content: pomerium, identity access proxy, mtls, client certificate, mutual authentication
-description: >-
-  This guide covers how to configure Pomerium to provide mutual authentication
-  (mTLS) to an upstream service, using client certificates with a custom certificate authority.
----
-
-# Upstream mTLS With Pomerium
-
-Part of a complete zero trust security model is secure communication between your identity-aware access proxy (Pomerium) and the upstream service it provides access to. This means both Pomerium *and* the upstream service will authenticate each other.
-
-Pomerium confirms the identity of an upstream service by the TLS certificate it serves. See [`tls_custom_ca_file`] and [`tls_server_name`] for more information on configuring Pomerium to accept an upstream's TLS certificate.
-
-Generally, every organization has a preferred method of managing internal certificates. How an upstream service is configured to validate and accept client certificates is entirely up to that specific service and how it's configured. To provide a general explanation, in this guide we will use [mkcert] to provide the client certificate to Pomerium, and [OpenSSL] as the upstream service.
-
-## Before You Begin
-
-- To simplify this proof-of-concept, we assume that Pomerium is running in [all-in-one mode](#before-you-begin) as a system service with the configuration file in the [standard location](/docs/install/binary.md#configuration-file), configured to communicate with an identity provider (**IdP**), and all command are run on the same host. You may have to move files and/or adjust paths and commands to match a different configuration.
-
-    See [Install - Binaries](/docs/install/binary.md) for more information on initial setup.
-
-- This guide uses [mkcert] to provide certificates. mkcert is a development tool, and not designed for production environments. In this guide, mkcert takes the place of your trusted certificate tooling solution.
-
-- We use `*.pomerium.localhost.io` as the placeholder for the Pomerium domain space. We have set DNS records for this domain space to point to `127.0.0.1` (localhost), so you can use this domain space when testing Pomerium locally.
-  If you're testing on your local computer with another domain space, you can edit `/etc/hosts` or use dnsmasq on [macOS](https://blog.thesparktree.com/local-development-with-wildcard-dns) or [Linux](https://sixfeetup.com/blog/local-development-with-wildcard-dns-on-linux) systems to route your domain space to your local computer.
-
-## Create Certificates
-
-!!!include(install-mkcert.md)!!!
-
-1. Create a certificate and key for our example upstream service, OpenSSL:
-
-    ```bash{1}
-    mkcert openssl.localhost
-
-    Created a new certificate valid for the following names 📜
-    - "openssl.localhost"
-
-    The certificate is at "./openssl.localhost.pem" and the key at "./openssl.localhost-key.pem" ✅
-
-    It will expire on 10 March 2024 🗓
-    ```
-
-1. Create a client certificate and key for Pomerium to use:
-
-    ```bash{1}
-    mkcert -client 'pomerium@localhost'
-
-    Created a new certificate valid for the following names 📜
-    - "pomerium@localhost"
-
-    The certificate is at "./pomerium@localhost-client.pem" and the key at "./pomerium@localhost-client-key.pem" ✅
-
-    It will expire on 10 March 2024 🗓
-    ```
-
-1. Change ownership of the client certificate files and move them to Pomerium's configuration directory:
-
-    ```bash
-    sudo chown pomerium:pomerium pomerium@localhost-client*pem /etc/pomerium
-    sudo mv pomerium@localhost-client*pem /etc/pomerium/
-    ```
-
-## Configure OpenSSL Server
-
-OpenSSL is installed or easily available for most 'nix-based operating systems like macOS and Linux. In this demo it will take the place of an upstream service with mTLS support.
-
-1. In a terminal environment and the same directory where you created the certificate files, start an OpenSSL server process. Note that it will run in the foreground until stopped, so you will need another terminal environment to run additional commands:
-
-    ```bash
-    openssl s_server -key ./openssl.localhost-key.pem -cert ./openssl.localhost.pem -accept 44330 -www
-    ```
-
-    You can confirm that the server is responding using `curl`:
-
-    ```
-    curl -k https://localhost:44330
-    <HTML><BODY BGCOLOR="#ffffff">
-    <pre>
-
-    s_server -key ./openssl.localhost-key.pem -cert ./openssl.localhost.pem -accept 44330 -www
-    Secure Renegotiation IS supported
-    Ciphers supported in s_server binary
-    ...
-    ```
-
-    ::: tip
-    Even though OpenSSL is providing a certificate signed by a CA in our trust store, we need the `-k` flag because the domain name `localhost` doesn't match `openssl.localhost` defined in our certificate.
-    :::
-
-## Configure Pomerium
-
-1. Update the `config.yaml` file in `/etc/pomerium` with a new route for this upstream service:
-
-    ```yaml
-    - from: https://openssl.localhost.pomerium.io
-      to: https://localhost:44330
-      tls_server_name: openssl.localhost
-      policy:
-        - allow:
-            or:
-              - email:
-                  is: user@example.com
-    ```
-
-    Pomerium should automatically process changes when the configuration file is updated.
-
-1. Visit <https://openssl.localhost.pomerium.io> in your browser to confirm the route:
-
-    ![OpenSSL Upstream without client certificate verification](./img/mtls/openssl-test1.png)
-
-    Note the last line:
-
-    > no client certificate available
-
-    In the next section, we'll adjust the OpenSSL server to require a client certificate and edit our Pomerium configuration to provide one.
-
-## Install Pomerium Client Certificate
-
-1. Stop the OpenSSL server process (**Ctrl+C**) and start a new one with the additional flag `-Verify 1`:
-
-    ```bash
-    openssl s_server -Verify 1 -key ./openssl.localhost-key.pem -cert ./openssl.localhost.pem -accept 44330 -www
-    ```
-
-1. When you refresh <https://openssl.localhost.pomium.io> in your browser, the connection will fail. Back in the terminal, the OpenSSL server should output errors containing:
-
-    ```log
-    SSL routines:tls_process_client_certificate:peer did not return a certificate
-    ```
-
-    This confirms that the upstream service is now requiring a trusted client certificate to allow connections.
-
-1. Update the Pomerium route block to provide the client certificate:
-
-    ```yaml
-    - from: https://openssl.pomerium.localhost.io
-      to: https://localhost:44330
-      tls_server_name: openssl.localhost
-      tls_client_cert_file: /etc/pomerium/pomerium@localhost-client.pem
-      tls_client_key_file: /etc/pomerium/pomerium@localhost-client-key.pem
-      policy:
-        - allow:
-            or:
-              - email:
-                  is: user@example.com
-
-1. Now when you visit <https://openssl.localhost.pomium.io> you should see additional output under "Client certificate", confirming that the upstream service has read and validated Pomerium's client certificate. Your upstream service is now using mTLS for mutual authentication!
-
-Obviously, the OpenSSL server is a trivial upstream service, and is purpose-built to work with encryption and not do much else. Practical mutual authenticate can be a much more complex setup depending on the service, and may require a sidecar or service mesh. This exercise merely serves to demonstrate how easy it is to configure Pomerium to provide client certificates to the upstream service.
-
-## More Resources
-
- - [Mutual Authentication: A Component of Zero Trust](/docs/topics/mutual-auth.md)
- - [Client-Side mTLS With Pomerium](/guides/mtls.md)
- - [JWT Verification](/guides/jwt-verification.md)
-
-[mkcert]: https://github.com/FiloSottile/mkcert
-[OpenSSL]: https://www.openssl.org/
-[`tls_custom_ca_file`]: /reference/readme.md#tls-custom-certificate-authority
-[`tls_server_name`]: /reference/readme.md#tls-server-name
\ No newline at end of file
diff --git a/docs/partials/generate-recovery-token.md b/docs/partials/generate-recovery-token.md
deleted file mode 100644
index f1d665775..000000000
--- a/docs/partials/generate-recovery-token.md
+++ /dev/null
@@ -1,17 +0,0 @@
-In the event that you lose access to the console via delegated access (the policy defined in Pomerium), there exists a fallback procedure to regain access to the console via a generated recovery token.
-
-![Pomerium Enterprise Recovery Sign In](./img/recovery-token.png)
-
-To generate a token, run the `pomerium-console generate-recovery token` command with the following flags:
-
-| Flag                        | Description |
-| --------------------------- | ----------- |
-| `--database-encryption-key` | base64-encoded encryption key for encrypting sensitive data in the database. |
-| `--database-url`            | The database to connect to (default "`postgresql://pomerium:pomerium@localhost:5432/dashboard?sslmode=disable`"). |
-| `--namespace`               | The namespace to use (default "`9d8dbd2c-8cce-4e66-9c1f-c490b4a07243`" for Global). |
-| `--out`                     | Where to save the JWT. If not specified, it will be printed to stdout. |
-| `--ttl`                     | The amount of time before the recovery token expires. Requires a unit (example: `30s`, `5m`).|
-
-::: tip
-You can run the `pomerium-console` binary from any device with access to the database.
-:::
diff --git a/docs/partials/img/client-cert-required.png b/docs/partials/img/client-cert-required.png
deleted file mode 100644
index 2496dc71b..000000000
Binary files a/docs/partials/img/client-cert-required.png and /dev/null differ
diff --git a/docs/partials/img/recovery-token.png b/docs/partials/img/recovery-token.png
deleted file mode 100644
index 17c97ad51..000000000
Binary files a/docs/partials/img/recovery-token.png and /dev/null differ
diff --git a/docs/partials/install-mkcert.md b/docs/partials/install-mkcert.md
deleted file mode 100644
index f81011d69..000000000
--- a/docs/partials/install-mkcert.md
+++ /dev/null
@@ -1,14 +0,0 @@
-After [installing mkcert], confirm the presence and names of your local CA files:
-
-```bash
-mkcert -install
-The local CA is already installed in the system trust store! 👍
-The local CA is already installed in the Firefox and/or Chrome/Chromium trust store! 👍
-
-ls "$(mkcert -CAROOT)"
-rootCA-key.pem  rootCA.pem
-```
-
-The output of `mkcert -install` may vary depending on your operating system.
-
-[installing mkcert]: https://github.com/FiloSottile/mkcert#installation
\ No newline at end of file
diff --git a/docs/readme.md b/docs/readme.md
deleted file mode 100644
index f24978818..000000000
--- a/docs/readme.md
+++ /dev/null
@@ -1,7 +0,0 @@
-<!-- Simply redirect back to docs! -->
-<Redirect to="/docs/" />
-
-
-<!--
-The docs project is currently only confirmed to work with Node version 14.17.3 (LTS).
- -->
\ No newline at end of file
diff --git a/docs/reference/img/auth-flow-diagram.svg b/docs/reference/img/auth-flow-diagram.svg
deleted file mode 100644
index f361156fe..000000000
--- a/docs/reference/img/auth-flow-diagram.svg
+++ /dev/null
@@ -1,399 +0,0 @@
-<svg id="mermaid-1570159603826" width="100%" xmlns="http://www.w3.org/2000/svg" height="100%" style="max-width:1450px;" viewBox="-50 -10 1450 981"><style>
-
-
-#mermaid-1570159603826 .label {
-  font-family: 'trebuchet ms', verdana, arial;
-  color: #333; }
-
-#mermaid-1570159603826 .label text {
-  fill: #333; }
-
-#mermaid-1570159603826 .node rect,
-#mermaid-1570159603826 .node circle,
-#mermaid-1570159603826 .node ellipse,
-#mermaid-1570159603826 .node polygon {
-  fill: #A176FF;
-  stroke: #999;
-  stroke-width: 1px; }
-
-#mermaid-1570159603826 .node.clickable {
-  cursor: pointer; }
-
-#mermaid-1570159603826 .arrowheadPath {
-  fill: #333333; }
-
-#mermaid-1570159603826 .edgePath .path {
-  stroke: #666;
-  stroke-width: 1.5px; }
-
-#mermaid-1570159603826 .edgeLabel {
-  background-color: white; }
-
-#mermaid-1570159603826 .cluster rect {
-  fill: #eaf2fb;
-  stroke: #26a;
-  stroke-width: 1px; }
-
-#mermaid-1570159603826 .cluster text {
-  fill: #333; }
-
-#mermaid-1570159603826 div.mermaidTooltip {
-  position: absolute;
-  text-align: center;
-  max-width: 200px;
-  padding: 2px;
-  font-family: 'trebuchet ms', verdana, arial;
-  font-size: 12px;
-  background: #eaf2fb;
-  border: 1px solid #26a;
-  border-radius: 2px;
-  pointer-events: none;
-  z-index: 100; }
-
-#mermaid-1570159603826 .actor {
-  stroke: #999;
-  fill: #A176FF; }
-
-#mermaid-1570159603826 text.actor {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .actor-line {
-  stroke: #666; }
-
-#mermaid-1570159603826 .messageLine0 {
-  stroke-width: 1.5;
-  stroke-dasharray: '2 2';
-  stroke: #333; }
-
-#mermaid-1570159603826 .messageLine1 {
-  stroke-width: 1.5;
-  stroke-dasharray: '2 2';
-  stroke: #333; }
-
-#mermaid-1570159603826 #arrowhead {
-  fill: #333; }
-
-#mermaid-1570159603826 .sequenceNumber {
-  fill: white; }
-
-#mermaid-1570159603826 #sequencenumber {
-  fill: #333; }
-
-#mermaid-1570159603826 #crosshead path {
-  fill: #333 !important;
-  stroke: #333 !important; }
-
-#mermaid-1570159603826 .messageText {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .labelBox {
-  stroke: #999;
-  fill: #A176FF; }
-
-#mermaid-1570159603826 .labelText {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .loopText {
-  fill: #333;
-  stroke: none; }
-
-#mermaid-1570159603826 .loopLine {
-  stroke-width: 2;
-  stroke-dasharray: '2 2';
-  stroke: #999; }
-
-#mermaid-1570159603826 .note {
-  stroke: #777700;
-  fill: #ffa; }
-
-#mermaid-1570159603826 .noteText {
-  fill: black;
-  stroke: none;
-  font-family: 'trebuchet ms', verdana, arial;
-  font-size: 14px; }
-
-#mermaid-1570159603826 .activation0 {
-  fill: #f4f4f4;
-  stroke: #666; }
-
-#mermaid-1570159603826 .activation1 {
-  fill: #f4f4f4;
-  stroke: #666; }
-
-#mermaid-1570159603826 .activation2 {
-  fill: #f4f4f4;
-  stroke: #666; }
-
-
-#mermaid-1570159603826 .section {
-  stroke: none;
-  opacity: 0.2; }
-
-#mermaid-1570159603826 .section0 {
-  fill: #80b3e6; }
-
-#mermaid-1570159603826 .section2 {
-  fill: #80b3e6; }
-
-#mermaid-1570159603826 .section1,
-#mermaid-1570159603826 .section3 {
-  fill: white;
-  opacity: 0.2; }
-
-#mermaid-1570159603826 .sectionTitle0 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle1 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle2 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle3 {
-  fill: #333; }
-
-#mermaid-1570159603826 .sectionTitle {
-  text-anchor: start;
-  font-size: 11px;
-  text-height: 14px; }
-
-
-#mermaid-1570159603826 .grid .tick {
-  stroke: #e6e6e6;
-  opacity: 0.3;
-  shape-rendering: crispEdges; }
-
-#mermaid-1570159603826 .grid path {
-  stroke-width: 0; }
-
-
-#mermaid-1570159603826 .today {
-  fill: none;
-  stroke: #d42;
-  stroke-width: 2px; }
-
-
-
-#mermaid-1570159603826 .task {
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .taskText {
-  text-anchor: middle;
-  font-size: 11px; }
-
-#mermaid-1570159603826 .taskTextOutsideRight {
-  fill: #333;
-  text-anchor: start;
-  font-size: 11px; }
-
-#mermaid-1570159603826 .taskTextOutsideLeft {
-  fill: #333;
-  text-anchor: end;
-  font-size: 11px; }
-
-
-#mermaid-1570159603826 .task.clickable {
-  cursor: pointer; }
-
-#mermaid-1570159603826 .taskText.clickable {
-  cursor: pointer;
-  fill: #003163 !important;
-  font-weight: bold; }
-
-#mermaid-1570159603826 .taskTextOutsideLeft.clickable {
-  cursor: pointer;
-  fill: #003163 !important;
-  font-weight: bold; }
-
-#mermaid-1570159603826 .taskTextOutsideRight.clickable {
-  cursor: pointer;
-  fill: #003163 !important;
-  font-weight: bold; }
-
-
-#mermaid-1570159603826 .taskText0,
-#mermaid-1570159603826 .taskText1,
-#mermaid-1570159603826 .taskText2,
-#mermaid-1570159603826 .taskText3 {
-  fill: white; }
-
-#mermaid-1570159603826 .task0,
-#mermaid-1570159603826 .task1,
-#mermaid-1570159603826 .task2,
-#mermaid-1570159603826 .task3 {
-  fill: #26a;
-  stroke: #1a4d80; }
-
-#mermaid-1570159603826 .taskTextOutside0,
-#mermaid-1570159603826 .taskTextOutside2 {
-  fill: #333; }
-
-#mermaid-1570159603826 .taskTextOutside1,
-#mermaid-1570159603826 .taskTextOutside3 {
-  fill: #333; }
-
-
-#mermaid-1570159603826 .active0,
-#mermaid-1570159603826 .active1,
-#mermaid-1570159603826 .active2,
-#mermaid-1570159603826 .active3 {
-  fill: #A176FF;
-  stroke: #1a4d80; }
-
-#mermaid-1570159603826 .activeText0,
-#mermaid-1570159603826 .activeText1,
-#mermaid-1570159603826 .activeText2,
-#mermaid-1570159603826 .activeText3 {
-  fill: #333 !important; }
-
-
-#mermaid-1570159603826 .done0,
-#mermaid-1570159603826 .done1,
-#mermaid-1570159603826 .done2,
-#mermaid-1570159603826 .done3 {
-  stroke: #666;
-  fill: #bbb;
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .doneText0,
-#mermaid-1570159603826 .doneText1,
-#mermaid-1570159603826 .doneText2,
-#mermaid-1570159603826 .doneText3 {
-  fill: #333 !important; }
-
-
-#mermaid-1570159603826 .crit0,
-#mermaid-1570159603826 .crit1,
-#mermaid-1570159603826 .crit2,
-#mermaid-1570159603826 .crit3 {
-  stroke: #b1361b;
-  fill: #d42;
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .activeCrit0,
-#mermaid-1570159603826 .activeCrit1,
-#mermaid-1570159603826 .activeCrit2,
-#mermaid-1570159603826 .activeCrit3 {
-  stroke: #b1361b;
-  fill: #A176FF;
-  stroke-width: 2; }
-
-#mermaid-1570159603826 .doneCrit0,
-#mermaid-1570159603826 .doneCrit1,
-#mermaid-1570159603826 .doneCrit2,
-#mermaid-1570159603826 .doneCrit3 {
-  stroke: #b1361b;
-  fill: #bbb;
-  stroke-width: 2;
-  cursor: pointer;
-  shape-rendering: crispEdges; }
-
-#mermaid-1570159603826 .milestone {
-  transform: rotate(45deg) scale(0.8, 0.8); }
-
-#mermaid-1570159603826 .milestoneText {
-  font-style: italic; }
-
-#mermaid-1570159603826 .doneCritText0,
-#mermaid-1570159603826 .doneCritText1,
-#mermaid-1570159603826 .doneCritText2,
-#mermaid-1570159603826 .doneCritText3 {
-  fill: #333 !important; }
-
-#mermaid-1570159603826 .activeCritText0,
-#mermaid-1570159603826 .activeCritText1,
-#mermaid-1570159603826 .activeCritText2,
-#mermaid-1570159603826 .activeCritText3 {
-  fill: #333 !important; }
-
-#mermaid-1570159603826 .titleText {
-  text-anchor: middle;
-  font-size: 18px;
-  fill: #333; }
-
-#mermaid-1570159603826 g.classGroup text {
-  fill: #999;
-  stroke: none;
-  font-family: 'trebuchet ms', verdana, arial;
-  font-size: 10px; }
-
-#mermaid-1570159603826 g.classGroup rect {
-  fill: #A176FF;
-  stroke: #999; }
-
-#mermaid-1570159603826 g.classGroup line {
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 .classLabel .box {
-  stroke: none;
-  stroke-width: 0;
-  fill: #A176FF;
-  opacity: 0.5; }
-
-#mermaid-1570159603826 .classLabel .label {
-  fill: #999;
-  font-size: 10px; }
-
-#mermaid-1570159603826 .relation {
-  stroke: #999;
-  stroke-width: 1;
-  fill: none; }
-
-#mermaid-1570159603826 #compositionStart {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #compositionEnd {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #aggregationStart {
-  fill: #A176FF;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #aggregationEnd {
-  fill: #A176FF;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #dependencyStart {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #dependencyEnd {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #extensionStart {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 #extensionEnd {
-  fill: #999;
-  stroke: #999;
-  stroke-width: 1; }
-
-#mermaid-1570159603826 .commit-id,
-#mermaid-1570159603826 .commit-msg,
-#mermaid-1570159603826 .branch-label {
-  fill: lightgrey;
-  color: lightgrey; }
-
-#mermaid-1570159603826 .pieTitleText {
-  text-anchor: middle;
-  font-size: 25px;
-  fill: #333; }
-</style><style>#mermaid-1570159603826 {
-    color: rgba(0, 0, 0, 0.65098);
-    font: normal normal normal normal 14px/21px "trebuchet ms", verdana, arial;
-  }</style><g></g><g><line id="actor28" x1="75" y1="5" x2="75" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="0" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="75" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="75" dy="0">Browser</tspan></text></g><g><line id="actor29" x1="275" y1="5" x2="275" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="200" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="275" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="275" dy="0">Identity Provider</tspan></text></g><g><line id="actor30" x1="475" y1="5" x2="475" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="400" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="475" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="475" dy="0">Ingress</tspan></text></g><g><line id="actor31" x1="675" y1="5" x2="675" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="600" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="675" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="675" dy="0">Pomerium</tspan></text></g><g><line id="actor32" x1="875" y1="5" x2="875" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="800" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="875" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="875" dy="0">Pomerium AuthN</tspan></text></g><g><line id="actor33" x1="1075" y1="5" x2="1075" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="1000" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1075" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1075" dy="0">Pomerium AuthZ</tspan></text></g><g><line id="actor34" x1="1275" y1="5" x2="1275" y2="970" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="1200" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1275" y="32.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1275" dy="0">app</tspan></text></g><defs><marker id="arrowhead" refX="5" refY="2" markerWidth="6" markerHeight="4" orient="auto"><path d="M 0,0 V 4 L6,2 Z"></path></marker></defs><defs><marker id="crosshead" markerWidth="15" markerHeight="8" orient="auto" refX="16" refY="4"><path fill="black" stroke="#000000" style="stroke-dasharray: 0px, 0px;" stroke-width="1px" d="M 9,2 V 6 L16,4 Z"></path><path fill="none" stroke="#000000" style="stroke-dasharray: 0px, 0px;" stroke-width="1px" d="M 0,1 L 6,7 M 6,1 L 0,7"></path></marker></defs><defs><marker id="sequencenumber" refX="15" refY="15" markerWidth="60" markerHeight="40" orient="auto"><circle cx="15" cy="15" r="6"></circle></marker></defs><g><text x="275" y="93" style="text-anchor: middle;" class="messageText">GET /app</text><line x1="75" y1="100" x2="475" y2="100" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="575" y="128" style="text-anchor: middle;" class="messageText">/verify/app</text><line x1="475" y1="135" x2="675" y2="135" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="675" y="163" style="text-anchor: middle;" class="messageText">Authenticated?</text><path d="M 675,170 C 735,160 735,200 675,190" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="675" y="228" style="text-anchor: middle;" class="messageText">No!</text><path d="M 675,235 C 735,225 735,265 675,255" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="775" y="293" style="text-anchor: middle;" class="messageText"></text><line x1="675" y1="300" x2="875" y2="300" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="475" y="328" style="text-anchor: middle;" class="messageText">HTTP 301 sign in callback url</text><line x1="875" y1="335" x2="75" y2="335" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="175" y="363" style="text-anchor: middle;" class="messageText"></text><line x1="75" y1="370" x2="275" y2="370" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="175" y="398" style="text-anchor: middle;" class="messageText"></text><line x1="275" y1="405" x2="75" y2="405" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="475" y="433" style="text-anchor: middle;" class="messageText">HTTP 301: Oauth2 callback endpoint</text><line x1="75" y1="440" x2="875" y2="440" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="475" y="468" style="text-anchor: middle;" class="messageText">Save session</text><line x1="875" y1="475" x2="75" y2="475" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="275" y="503" style="text-anchor: middle;" class="messageText">HTTP 301 app</text><line x1="75" y1="510" x2="475" y2="510" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="575" y="538" style="text-anchor: middle;" class="messageText">/verify/app</text><line x1="475" y1="545" x2="675" y2="545" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="675" y="573" style="text-anchor: middle;" class="messageText">Authenticated?</text><path d="M 675,580 C 735,570 735,610 675,600" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="675" y="638" style="text-anchor: middle;" class="messageText">Yes!</text><path d="M 675,645 C 735,635 735,675 675,665" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></path></g><g><text x="875" y="703" style="text-anchor: middle;" class="messageText">Authorized?</text><line x1="675" y1="710" x2="1075" y2="710" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="875" y="738" style="text-anchor: middle;" class="messageText">Yes?</text><line x1="1075" y1="745" x2="675" y2="745" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="575" y="773" style="text-anchor: middle;" class="messageText">HTTP 200</text><line x1="675" y1="780" x2="475" y2="780" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="875" y="808" style="text-anchor: middle;" class="messageText"></text><line x1="475" y1="815" x2="1275" y2="815" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="875" y="843" style="text-anchor: middle;" class="messageText"></text><line x1="1275" y1="850" x2="475" y2="850" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><text x="275" y="878" style="text-anchor: middle;" class="messageText">OK!</text><line x1="475" y1="885" x2="75" y2="885" class="messageLine0" stroke-width="2" stroke="black" style="fill: none;" marker-end="url(#arrowhead)"></line></g><g><rect x="0" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="75" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="75" dy="0">Browser</tspan></text></g><g><rect x="200" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="275" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="275" dy="0">Identity Provider</tspan></text></g><g><rect x="400" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="475" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="475" dy="0">Ingress</tspan></text></g><g><rect x="600" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="675" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="675" dy="0">Pomerium</tspan></text></g><g><rect x="800" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="875" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="875" dy="0">Pomerium AuthN</tspan></text></g><g><rect x="1000" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1075" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1075" dy="0">Pomerium AuthZ</tspan></text></g><g><rect x="1200" y="905" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="1275" y="937.5" style="text-anchor: middle; font-size: 14px; font-family: Open-Sans, sans-serif;" dominant-baseline="central" alignment-baseline="central" class="actor"><tspan x="1275" dy="0">app</tspan></text></g></svg>
\ No newline at end of file
diff --git a/docs/reference/img/certificates-ssl-report.png b/docs/reference/img/certificates-ssl-report.png
deleted file mode 100644
index a56663a8d..000000000
Binary files a/docs/reference/img/certificates-ssl-report.png and /dev/null differ
diff --git a/docs/reference/img/certificates-valid-secure-certificate.png b/docs/reference/img/certificates-valid-secure-certificate.png
deleted file mode 100644
index 68fc6275e..000000000
Binary files a/docs/reference/img/certificates-valid-secure-certificate.png and /dev/null differ
diff --git a/docs/reference/img/console-devices.png b/docs/reference/img/console-devices.png
deleted file mode 100644
index 3e9de4bae..000000000
Binary files a/docs/reference/img/console-devices.png and /dev/null differ
diff --git a/docs/reference/img/console-service-account.png b/docs/reference/img/console-service-account.png
deleted file mode 100644
index b78fb4656..000000000
Binary files a/docs/reference/img/console-service-account.png and /dev/null differ
diff --git a/docs/reference/img/create-policy-1.png b/docs/reference/img/create-policy-1.png
deleted file mode 100644
index 62138b390..000000000
Binary files a/docs/reference/img/create-policy-1.png and /dev/null differ
diff --git a/docs/reference/img/create-policy-2.png b/docs/reference/img/create-policy-2.png
deleted file mode 100644
index 32f9c221f..000000000
Binary files a/docs/reference/img/create-policy-2.png and /dev/null differ
diff --git a/docs/reference/img/create-service-account.png b/docs/reference/img/create-service-account.png
deleted file mode 100644
index 2d5505b7e..000000000
Binary files a/docs/reference/img/create-service-account.png and /dev/null differ
diff --git a/docs/reference/img/deployment-diff.png b/docs/reference/img/deployment-diff.png
deleted file mode 100644
index d52992a94..000000000
Binary files a/docs/reference/img/deployment-diff.png and /dev/null differ
diff --git a/docs/reference/img/events-fullpage.png b/docs/reference/img/events-fullpage.png
deleted file mode 100644
index cb9f3a545..000000000
Binary files a/docs/reference/img/events-fullpage.png and /dev/null differ
diff --git a/docs/reference/img/example-policy-editor.png b/docs/reference/img/example-policy-editor.png
deleted file mode 100644
index 97a3a5247..000000000
Binary files a/docs/reference/img/example-policy-editor.png and /dev/null differ
diff --git a/docs/reference/img/example-policy-single-user.png b/docs/reference/img/example-policy-single-user.png
deleted file mode 100644
index fb6cc27a7..000000000
Binary files a/docs/reference/img/example-policy-single-user.png and /dev/null differ
diff --git a/docs/reference/img/jaeger.png b/docs/reference/img/jaeger.png
deleted file mode 100644
index ea1b1b53d..000000000
Binary files a/docs/reference/img/jaeger.png and /dev/null differ
diff --git a/docs/reference/img/new-enrollment.png b/docs/reference/img/new-enrollment.png
deleted file mode 100644
index 99de9ce65..000000000
Binary files a/docs/reference/img/new-enrollment.png and /dev/null differ
diff --git a/docs/reference/img/runtime-fullpage.png b/docs/reference/img/runtime-fullpage.png
deleted file mode 100644
index 3875bc264..000000000
Binary files a/docs/reference/img/runtime-fullpage.png and /dev/null differ
diff --git a/docs/reference/img/security-headers.png b/docs/reference/img/security-headers.png
deleted file mode 100644
index d8833385a..000000000
Binary files a/docs/reference/img/security-headers.png and /dev/null differ
diff --git a/docs/reference/img/service-account-jwt.png b/docs/reference/img/service-account-jwt.png
deleted file mode 100644
index 7aa664734..000000000
Binary files a/docs/reference/img/service-account-jwt.png and /dev/null differ
diff --git a/docs/reference/img/sessions-fullpage.png b/docs/reference/img/sessions-fullpage.png
deleted file mode 100644
index efd1288f4..000000000
Binary files a/docs/reference/img/sessions-fullpage.png and /dev/null differ
diff --git a/docs/reference/img/traffic-fullpage.png b/docs/reference/img/traffic-fullpage.png
deleted file mode 100644
index da26dcbd7..000000000
Binary files a/docs/reference/img/traffic-fullpage.png and /dev/null differ
diff --git a/docs/reference/img/user-id.png b/docs/reference/img/user-id.png
deleted file mode 100644
index 4da86334f..000000000
Binary files a/docs/reference/img/user-id.png and /dev/null differ
diff --git a/docs/reference/readme.md b/docs/reference/readme.md
deleted file mode 100644
index 72b910084..000000000
--- a/docs/reference/readme.md
+++ /dev/null
@@ -1,1887 +0,0 @@
----
-title: Settings
-lang: en-US
-sidebarDepth: 2
-meta:
-  - name: keywords
-    content: configuration, options, settings, pomerium, reference
----
-
-# Configuration Settings
-
-Pomerium can be configured using a configuration file ([YAML]/[JSON]/[TOML]) or [environmental variables]. In general, environmental variable keys are identical to config file keys but are uppercase. If you are coming from a kubernetes or docker background this should feel familiar. If not, check out the following primers.
-
-- [Store config in the environment](https://12factor.net/config)
-- [Kubernetes: Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
-- [Kubernetes: Config Maps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/)
-- [Docker: Environment variables](https://docs.docker.com/compose/environment-variables/)
-
-Using both [environmental variables] and config file keys is allowed and encouraged (for instance, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence.
-
-:::tip
-
-Pomerium can hot-reload route configuration details, authorization policy, certificates, and other proxy settings.
-
-:::
-
-## All-In-One vs Split Service mode
-
-When running Pomerium as a single system service or container, all the options on this page can be set in a single `config.yaml` file, or passed to the single instance as environment variables.
-
-When running Pomerium in a distributed environment where there are multiple processes, each handling separate [components](/docs/architecture.md#component-level), all services can still share a single config file or set of environment variables.
-
-Alternately, you can create individual config files or sets of environment variables for each service. When doing so, each file or set must have matching [shared settings](#shared-settings), as well as settings relevant to that [service mode](#service-mode). The list below is sorted to better differentiate which config options correlate to which service mode.
-
-
-## Shared Settings
-These configuration variables are shared by all services, in all service modes.
-
-
-### Address
-- Environmental Variable: `ADDRESS`
-- Config File Key: `address`
-- Type: `string`
-- Example: `:443`, `:8443`
-- Default: `:443`
-- Required
-
-Address specifies the host and port to serve HTTP requests from. If empty, `:443` is used. Note, in all-in-one deployments, gRPC traffic will be served on loopback on port `:5443`.
-
-
-### Authenticate Service URL
-- Environmental Variable: `AUTHENTICATE_SERVICE_URL`
-- Config File Key: `authenticate_service_url`
-- Type: `URL`
-- Required
-- Example: `https://authenticate.corp.example.com`
-
-Authenticate Service URL is the externally accessible URL for the authenticate service. In split service mode, this key is required by all services other than Databroker.
-
-
-### Autocert
-- Environmental Variable: `AUTOCERT`
-- Config File Key: `autocert`
-- Type: `bool`
-- Optional
-
-Turning on autocert allows Pomerium to automatically retrieve, manage, and renew public facing TLS certificates from [Let's Encrypt][letsencrypt] which includes managed routes and the authenticate service.  [Autocert Directory](#autocert-directory) must be used with Autocert must have a place to persist, and share certificate data between services. Note that autocert also provides [OCSP stapling](https://en.wikipedia.org/wiki/OCSP_stapling).
-
-This setting can be useful in situations where you may not have Pomerium behind a TLS terminating ingress or proxy that is already handling your public certificates on your behalf.
-
-:::warning
-
-By using autocert, you agree to the [Let's Encrypt Subscriber Agreement](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf). There are [_strict_ usage limits](https://letsencrypt.org/docs/rate-limits/) per domain you should be aware of. Consider testing with `autocert_use_staging` first.
-
-:::
-
-:::warning
-
-Autocert requires that ports `80`/`443` be accessible from the internet in order to complete a [TLS-ALPN-01 challenge](https://letsencrypt.org/docs/challenge-types/#tls-alpn-01).
-
-:::
-
-
-### Autocert CA
-- Environmental Variable: `AUTOCERT_CA`
-- Config File Key: `autocert_ca`
-- Type: `string` containing the directory URL of an ACME CA (e.g. `https://acme.zerossl.com/v2/DV90` for ZeroSSL)
-- Optional
-
-Autocert CA is the directory URL of the ACME CA to use when requesting certificates.
-
-:::tip
-
-This will overrule the "Autocert Use Staging" setting if set.
-
-:::
-
-
-### Autocert Email
-- Environmental Variable: `AUTOCERT_EMAIL`
-- Config File Key: `autocert_email`
-- Type: `string` containing the email address to use when registering an account
-- Optional
-
-Autocert Email is the email address to use when requesting certificates from an ACME CA.
-
-:::tip
-
-The CA may contact you at this address, for example when a certificate expires.
-
-:::
-
-
-### Autocert Must-Staple
-- Environmental Variable: `AUTOCERT_MUST_STAPLE`
-- Config File Key: `autocert_must_staple`
-- Type: `bool`
-- Optional
-
-If true, force autocert to request a certificate with the `status_request` extension (commonly called `Must-Staple`). This allows the TLS client (_id est_ the browser) to fail immediately if the TLS handshake doesn't include OCSP stapling information. This setting is only used when [Autocert](#autocert) is true.
-
-:::tip
-
-This setting will only take effect when you request or renew your certificates.
-
-:::
-
-For more details, please see [RFC7633](https://tools.ietf.org/html/rfc7633) .
-
-
-### Autocert Directory
-- Environmental Variable: either `AUTOCERT_DIR`
-- Config File Key: `autocert_dir`
-- Type: `string` pointing to the path of the directory
-- Required if using [Autocert](#autocert) setting
-- Default:
-
-  - `/data/autocert` in published Pomerium docker images
-  - [$XDG_DATA_HOME](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html)
-  - `$HOME/.local/share/pomerium`
-
-Autocert directory is the path which autocert will store x509 certificate data.
-
-
-### Autocert Use Staging
-- Environmental Variable: `AUTOCERT_USE_STAGING`
-- Config File Key: `autocert_use_staging`
-- Type: `bool`
-- Optional
-
-Let's Encrypt has strict [usage limits](https://letsencrypt.org/docs/rate-limits/). Enabling this setting allows you to use Let's Encrypt's [staging environment](https://letsencrypt.org/docs/staging-environment/) which has much more lax usage limits.
-
-
-### Autocert EAB Key ID
-- Environmental Variable: `AUTOCERT_EAB_KEY_ID`
-- Config File Key: `autocert_eab_key_id`
-- Type: `string` containing the identifier for an ACME EAB key to use
-- Optional
-
-Autocert EAB Key ID is the key identifier when requesting a certificate from a CA with External Account Binding enabled.
-
-For more information, please see [RFC8555-#7.3.4](https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.4).
-
-
-### Autocert EAB MAC Key
-- Environmental Variable: `AUTOCERT_EAB_MAC_KEY`
-- Config File Key: `autocert_eab_mac_key`
-- Type: `string` containing a base64url-encoded secret key
-- Optional
-
-Autocert EAB MAC Key is the base64url-encoded secret key corresponding to the Autocert EAB Key ID.
-
-This setting is required when Autocert EAB Key ID is set.
-
-
-### Autocert Trusted Certificate Authority
-- Environment Variable: `AUTOCERT_TRUSTED_CA` / `AUTOCERT_TRUSTED_CA_FILE`
-- Config File Key: `autocert_trusted_ca` / `autocert_trusted_ca_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-The Autocert Trusted Certificate Authority is the x509 CA (bundle) used when communicating with a CA supporting the ACME protocol. If not set, the system trusted roots will be used to verify TLS connections to the ACME CA.
-
-
-### Certificates
-- Config File Key: `certificates` (not yet settable using environmental variables)
-- Config File Key: `certificate` / `certificate_key`
-- Config File Key: `certificate_file` / `certificate_key_file`
-- Environmental Variable: `CERTIFICATE` / `CERTIFICATE_KEY`
-- Environmental Variable: `CERTIFICATE_FILE` / `CERTIFICATE_KEY_FILE`
-- Type: array of relative file locations `string`
-- Type: [base64 encoded] `string`
-- Type: certificate relative file location `string`
-- Required (if insecure not set)
-
-Certificates are the x509 _public-key_ and _private-key_ used to establish secure HTTP and gRPC connections. Any combination of the above can be used together, and are additive. You can also use any of these settings in conjunction with `Autocert` to get OCSP stapling.
-
-Certificates loaded into Pomerium from these config values are used to attempt secure connections between end users and services, between Pomerium services, and to upstream endpoints.
-
-For example, if specifying multiple certificates at once:
-
-```yaml
-certificates:
-  - cert: "$HOME/.acme.sh/authenticate.example.com_ecc/fullchain.cer"
-    key: "$HOME/.acme.sh/authenticate.example.com_ecc/authenticate.example.com.key"
-  - cert: "$HOME/.acme.sh/verify.example.com_ecc/fullchain.cer"
-    key: "$HOME/.acme.sh/verify.example.com_ecc/verify.example.com.key"
-  - cert: "$HOME/.acme.sh/prometheus.example.com_ecc/fullchain.cer"
-    key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key"
-```
-
-Or to set a single certificate and key covering multiple domains and/or a wildcard subdomain:
-
-```yaml
-certificate_file: "$HOME/.acme.sh/*.example.com/fullchain.crt"
-certificate_key:  "$HOME/.acme.sh/*.example.com/*.example.com.key"
-```
-
-**Note:** Pomerium will check your system's trust/key store for valid certificates first. If your certificate solution imports into the system store, you don't need to also specify them with these configuration keys.
-
-
-### Client Certificate Authority
-- Environment Variable: `CLIENT_CA` / `CLIENT_CA_FILE`
-- Config File Key: `client_ca` / `client_ca_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-The Client Certificate Authority is the x509 _public-key_ used to validate [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) client certificates. If not set, no client certificate will be required.
-
-
-### Client CRL
-- Environment Variable: `CLIENT_CRL` / `CLIENT_CRL_FILE`
-- Config File Key: `client_crl` / `client_crl_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-The Client CRL is the [certificate revocation list](https://en.wikipedia.org/wiki/Certificate_revocation_list)
-(in PEM format) for client certificates. If not set, no CRL will be used.
-
-
-### Cookie Options
-
-#### Cookie Name
-- Environmental Variable: `COOKIE_NAME`
-- Config File Key: `cookie_name`
-- Type: `string`
-- Default: `_pomerium`
-
-The name of the session cookie sent to clients.
-
-
-#### Cookie Secret
-- Environmental Variable: `COOKIE_SECRET`
-- Config File Key: `cookie_secret`
-- Type: [base64 encoded] `string`
-- Required for Proxy service
-
-Secret used to encrypt and sign session cookies. You can generate a random key with `head -c32 /dev/urandom | base64`.
-
-
-#### Cookie Domain
-- Environmental Variable: `COOKIE_DOMAIN`
-- Config File Key: `cookie_domain`
-- Type: `string`
-- Example: `localhost.pomerium.io`
-- Optional
-
-The scope of session cookies issued by Pomerium.
-
-
-#### HTTPS only
-- Environmental Variable: `COOKIE_SECURE`
-- Config File Key: `cookie_secure`
-- Type: `bool`
-- Default: `true`
-
-If true, instructs browsers to only send user session cookies over HTTPS.
-
-:::warning
-
-Setting this to false may result in session cookies being sent in cleartext.
-
-:::
-
-
-#### Javascript Security
-- Environmental Variable: `COOKIE_HTTP_ONLY`
-- Config File Key: `cookie_http_only`
-- Type: `bool`
-- Default: `true`
-
-If true, prevents javascript in browsers from reading user session cookies.
-
-:::warning
-
-Setting this to false enables hostile javascript to steal session cookies and impersonate users.
-
-:::
-
-
-#### Expiration
-- Environmental Variable: `COOKIE_EXPIRE`
-- Config File Key: `cookie_expire`
-- Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-- Default: `14h`
-
-Sets the lifetime of session cookies. After this interval, users must reauthenticate.
-
-
-### Data Broker Service URL
-- Environmental Variable: `DATABROKER_SERVICE_URL` or `DATABROKER_SERVICE_URLS`
-- Config File Key: `databroker_service_url` or `databroker_service_urls`
-- Type: `URL`
-- Example: `https://databroker.corp.example.com`
-- Default: in all-in-one mode, `http://localhost:5443`
-
-The data broker service URL points to a data broker which is responsible for storing associated authorization context (e.g. sessions, users and user groups). Multiple URLs can be specified with `databroker_service_urls`.
-
-
-### Debug
-- Environmental Variable: `POMERIUM_DEBUG`
-- Config File Key: `pomerium_debug`
-- Type: `bool`
-- Default: `false`
-
-::: danger
-
-Enabling the debug flag could result in sensitive information being logged!!!
-
-:::
-
-By default, JSON encoded logs are produced. Debug enables colored, human-readable logs to be streamed to [standard out](https://en.wikipedia.org/wiki/Standard_streams#Standard_output_(stdout)>>>). In production, it is recommended to be set to `false`.
-
-For example, if `true`
-
-```
-10:37AM INF cmd/pomerium version=v0.0.1-dirty+ede4124
-10:37AM INF proxy: new route from=verify.localhost.pomerium.io to=https://verify.pomerium.com
-10:37AM INF proxy: new route from=ssl.localhost.pomerium.io to=http://neverssl.com
-10:37AM INF proxy/authenticator: grpc connection OverrideCertificateName= addr=auth.localhost.pomerium.io:443
-```
-
-If `false`
-
-```
-{"level":"info","version":"v0.0.1-dirty+ede4124","time":"2019-02-18T10:41:03-08:00","message":"cmd/pomerium"}
-{"level":"info","from":"verify.localhost.pomerium.io","to":"https://verify.pomerium.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
-{"level":"info","from":"ssl.localhost.pomerium.io","to":"http://neverssl.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
-{"level":"info","OverrideCertificateName":"","addr":"auth.localhost.pomerium.io:443","time":"2019-02-18T10:41:03-08:00","message":"proxy/authenticator: grpc connection"}
-```
-
-
-### Forward Auth
-- Environmental Variable: `FORWARD_AUTH_URL`
-- Config File Key: `forward_auth_url`
-- Type: `URL` (must contain a scheme and hostname)
-- Example: `https://forwardauth.corp.example.com`
-- Resulting Verification URL: `https://forwardauth.corp.example.com/?uri={URL-TO-VERIFY}`
-- Optional
-
-Forward authentication creates an endpoint that can be used with third-party proxies that do not have rich access control capabilities ([nginx](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html), [nginx-ingress](https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/), [ambassador](https://www.getambassador.io/reference/services/auth-service/), [traefik](https://docs.traefik.io/middlewares/forwardauth/)). Forward authentication allows you to delegate authentication and authorization for each request to Pomerium.
-
-#### Request flow
-
-![pomerium forward auth request flow](./img/auth-flow-diagram.svg)
-
-#### Examples
-
-##### NGINX Ingress
-
-Some reverse-proxies, such as nginx split access control flow into two parts: verification and sign-in redirection. Notice the additional path `/verify` used for `auth-url` indicating to Pomerium that it should return a `401` instead of redirecting and starting the sign-in process.
-
-```yaml
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: verify
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    certmanager.k8s.io/issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/verify?uri=$scheme://$host$request_uri
-    nginx.ingress.kubernetes.io/auth-signin: "https://forwardauth.corp.example.com/?uri=$scheme://$host$request_uri"
-spec:
-  tls:
-    - hosts:
-        - verify.corp.example.com
-      secretName: quickstart-example-tls
-  rules:
-    - host: verify.corp.example.com
-      http:
-        paths:
-          - path: /
-            backend:
-              serviceName: verify
-              servicePort: 80
-```
-
-#### Traefik docker-compose
-
-If the `forward_auth_url` is also handled by Traefik, you will need to configure Traefik to trust the `X-Forwarded-*` headers as described in [the documentation](https://docs.traefik.io/v2.2/routing/entrypoints/#forwarded-headers).
-
-```yml
-version: "3"
-
-services:
-  traefik:
-    # The official v2.2 Traefik docker image
-    image: traefik:v2.2
-    # Enables the web UI and tells Traefik to listen to docker
-    command:
-      - "--api.insecure=true"
-      - "--providers.docker=true"
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.web.forwardedheaders.insecure=true"
-    ports:
-      # The HTTP port
-      - "80:80"
-      # The Web UI (enabled by --api.insecure=true)
-      - "8080:8080"
-    volumes:
-      # So that Traefik can listen to the Docker events
-      - /var/run/docker.sock:/var/run/docker.sock
-  verify:
-    # A container that exposes an API to show its IP address
-    image: pomerium/verify:latest
-    labels:
-      - "traefik.http.routers.verify.rule=Host(`verify.corp.example.com`)"
-      # Create a middleware named `foo-add-prefix`
-      - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=x-pomerium-claim-email,x-pomerium-claim-id,x-pomerium-claim-groups,x-pomerium-jwt-assertion"
-      - "traefik.http.middlewares.test-auth.forwardauth.address=http://forwardauth.corp.example.com/?uri=https://verify.corp.example.com"
-      - "traefik.http.routers.verify.middlewares=test-auth@docker"
-```
-
-
-### Global Timeouts
-- Environmental Variables: `TIMEOUT_READ` `TIMEOUT_WRITE` `TIMEOUT_IDLE`
-- Config File Key: `timeout_read` `timeout_write` `timeout_idle`
-- Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-- Example: `TIMEOUT_READ=30s`
-- Defaults: `TIMEOUT_READ=30s` `TIMEOUT_WRITE=0` `TIMEOUT_IDLE=5m`
-
-Timeouts set the global server timeouts. Timeouts can also be set for individual [routes](#routes).
-
-- `idle_timeout`: The idle timeout is the time at which a downstream or upstream connection will be terminated if there are no active streams.
-- `write_timeout`: The max stream duration is the maximum time that a stream’s lifetime will span. An HTTP request/response exchange fully consumes a single stream.
-  Therefore, this value must be greater than read_timeout as it covers both request and response time.
-- `read_timeout`: The amount of time for the entire request stream to be received from the client.
-
-
-### GRPC Options
-
-#### GRPC Address
-- Environmental Variable: `GRPC_ADDRESS`
-- Config File Key: `grpc_address`
-- Type: `string`
-- Example: `:443`, `:8443`
-- Default: `:443` or `:5443` if in all-in-one mode
-
-gRPC Address specifies the host and port to serve gRPC requests from.
-
-
-#### GRPC Insecure
-- Environmental Variable: `GRPC_INSECURE`
-- Config File Key: `grpc_insecure`
-- Type: `bool`
-
-This setting disables transport security for gRPC communication. If running in all-in-one mode, defaults to true as communication will run over localhost's own socket.
-
-
-#### GRPC Client Timeout
-- Environmental Variable: `GRPC_CLIENT_TIMEOUT`
-- Config File Key: `grpc_client_timeout`
-- Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-- Default: `10s`
-
-Maximum time before canceling an upstream gRPC request. During transient failures, the proxy will retry upstreams for this duration. You should leave this high enough to handle backend service restart and rediscovery so that client requests do not fail.
-
-
-#### GRPC Client DNS RoundRobin
-- Environmental Variable: `GRPC_CLIENT_DNS_ROUNDROBIN`
-- Config File Key: `grpc_client_dns_roundrobin`
-- Type: `bool`
-- Default: `true`
-
-Enable gRPC DNS based round robin load balancing. This method uses DNS to resolve endpoints and does client side load balancing of _all_ addresses returned by the DNS record. Do not disable unless you have a specific use case.
-
-
-### HTTP Redirect Address
-- Environmental Variable: `HTTP_REDIRECT_ADDR`
-- Config File Key: `http_redirect_addr`
-- Type: `string`
-- Example: `:80`, `:8080`
-- Optional
-
-If set, the HTTP Redirect Address specifies the host and port to redirect http to https traffic on. If unset, no redirect server is started.
-
-
-### Insecure Server
-- Environmental Variable: `INSECURE_SERVER`
-- Config File Key: `insecure_server`
-- Type: `bool`
-- Required if certificates unset
-
-Turning on insecure server mode will result in pomerium starting, and operating without any protocol encryption in transit.
-
-This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA. Please see our helm-chart for an example of just that.
-
-:::warning
-
-Pomerium should _never_ be exposed to the internet without TLS encryption.
-
-:::
-
-
-### DNS Lookup Family
-- Environmental Variable: `DNS_LOOKUP_FAMILY`
-- Config File Key: `dns_lookup_family`
-- Type: `string`
-- Options: `V4_ONLY` `V6_ONLY` `AUTO`
-- Optional
-
-The DNS IP address resolution policy. If not specified, the value defaults to `AUTO`.
-
-
-### Log Level
-- Environmental Variable: `LOG_LEVEL`
-- Config File Key: `log_level`
-- Type: `string`
-- Options: `debug` `info` `warn` `error`
-- Default: `debug`
-
-Log level sets the global logging level for pomerium. Only logs of the desired level and above will be logged.
-
-
-### Metrics Address
-- Environmental Variable: `METRICS_ADDRESS`
-- Config File Key: `metrics_address`
-- Type: `string`
-- Example: `:9090`, `127.0.0.1:9090`
-- Default: `disabled`
-- Optional
-
-Expose a prometheus endpoint on the specified port.
-
-:::warning
-
-**Use with caution:** the endpoint can expose frontend and backend server names or addresses. Do not externally expose the metrics if this is sensitive information.
-
-:::
-
-#### Pomerium Metrics Tracked
-
-Each metric exposed by Pomerium has a `pomerium` prefix, which is omitted in the table below for brevity.
-
-Name                                          | Type      | Description
---------------------------------------------- | --------- | -----------------------------------------------------------------------
-build_info                                    | Gauge     | Pomerium build metadata by git revision, service, version and goversion
-config_checksum_int64                         | Gauge     | Currently loaded configuration checksum by service
-config_last_reload_success                    | Gauge     | Whether the last configuration reload succeeded by service
-config_last_reload_success_timestamp          | Gauge     | The timestamp of the last successful configuration reload by service
-grpc_client_request_duration_ms               | Histogram | GRPC client request duration by service
-grpc_client_request_size_bytes                | Histogram | GRPC client request size by service
-grpc_client_requests_total                    | Counter   | Total GRPC client requests made by service
-grpc_client_response_size_bytes               | Histogram | GRPC client response size by service
-grpc_server_request_duration_ms               | Histogram | GRPC server request duration by service
-grpc_server_request_size_bytes                | Histogram | GRPC server request size by service
-grpc_server_requests_total                    | Counter   | Total GRPC server requests made by service
-grpc_server_response_size_bytes               | Histogram | GRPC server response size by service
-http_client_request_duration_ms               | Histogram | HTTP client request duration by service
-http_client_request_size_bytes                | Histogram | HTTP client request size by service
-http_client_requests_total                    | Counter   | Total HTTP client requests made by service
-http_client_response_size_bytes               | Histogram | HTTP client response size by service
-http_server_request_duration_ms               | Histogram | HTTP server request duration by service
-http_server_request_size_bytes                | Histogram | HTTP server request size by service
-http_server_requests_total                    | Counter   | Total HTTP server requests handled by service
-http_server_response_size_bytes               | Histogram | HTTP server response size by service
-redis_conns                                   | Gauge     | Number of total connections in the pool
-redis_idle_conns                              | Gauge     | Total number of times free connection was found in the pool
-redis_wait_count_total                        | Counter   | Total number of connections waited for
-redis_wait_duration_ms_total                  | Counter   | Total time spent waiting for connections
-storage_operation_duration_ms                 | Histogram | Storage operation duration by operation, result, backend and service
-
-#### Identity Manager
-
-Identity manager metrics have `pomerium_identity_manager` prefix.
-
-Name                                          | Type      | Description
---------------------------------------------- | --------- | -----------------------------------------------------------------------
-last_refresh_timestamp                        | Gauge     | Timestamp of last directory refresh operation.
-session_refresh_error_timestamp               | Gauge     | Timestamp of last session refresh ended in an error.
-session_refresh_errors                        | Counter   | Session refresh error counter.
-session_refresh_success                       | Counter   | Session refresh success counter.
-session_refresh_success_timestamp             | Gauge     | Timestamp of last successful session refresh.
-user_group_refresh_error_timestamp            | Gauge     | Timestamp of last user group refresh ended in an error.
-user_group_refresh_errors                     | Counter   | User group refresh error counter.
-user_group_refresh_success                    | Counter   | User group refresh success counter.
-user_group_refresh_success_timestamp          | Gauge     | Timestamp of last group successful user refresh.
-user_refresh_error_timestamp                  | Gauge     | Timestamp of last user refresh ended in an error.
-user_refresh_errors                           | Counter   | User refresh error counter.
-user_refresh_success                          | Counter   | User refresh success counter.
-user_refresh_success_timestamp                | Gauge     | Timestamp of last successful user refresh.
-
-#### Envoy Proxy Metrics
-
-As of `v0.9`, Pomerium uses [envoy](https://www.envoyproxy.io/) for the data plane. As such, proxy related metrics are sourced from envoy, and use envoy's internal [stats data model](https://www.envoyproxy.io/docs/envoy/latest/operations/stats_overview). Please see Envoy's documentation for information about specific metrics.
-
-All metrics coming from envoy will be labeled with `service="pomerium"` or `service="pomerium-proxy"`, depending if you're running all-in-one or distributed service mode and have `pomerium` prefix added to the standard envoy metric name.
-
-
-### Metrics Basic Authentication
-- Environmental Variable: `METRICS_BASIC_AUTH`
-- Config File Key: `metrics_basic_auth`
-- Type: base64 encoded `string` of `username:password`
-- Example: `eDp5` (for username: x, and password: y)
-- Default: ``
-- Optional
-
-Require [Basic HTTP Authentication](https://tools.ietf.org/html/rfc7617) to access the metrics endpoint.
-
-To support this in Prometheus, consult the `basic_auth` option in the [`scrape_config`](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config)
-documentation.
-
-
-### Metrics Certificate
-- Config File Key: `metrics_certificate` / `metrics_certificate_key`
-- Config File Key: `metrics_certificate_file` / `metrics_certificate_key_file`
-- Environmental Variable: `METRICS_CERTIFICATE` / `METRICS_CERTIFICATE_KEY`
-- Environmental Variable: `METRICS_CERTIFICATE_FILE` / `METRICS_CERTIFICATE_KEY_FILE`
-- Type: [base64 encoded] `string`
-- Type: certificate relative file location `string`
-- Optional
-
-Certificates are the x509 _public-key_ and _private-key_ used to secure the metrics endpoint.
-
-
-### Metrics Client Certificate Authority
-- Environment Variable: `METRICS_CLIENT_CA` / `METRICS_CLIENT_CA_FILE`
-- Config File Key: `metrics_client_ca` / `metrics_client_ca_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-The Client Certificate Authority is the x509 _public-key_ used to validate [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) client certificates for the metrics endpoint. If not set, no client certificate will be required.
-
-
-### Proxy Log Level
-- Environmental Variable: `PROXY_LOG_LEVEL`
-- Config File Key: `proxy_log_level`
-- Type: `string`
-- Options: `debug` `info` `warn` `error`
-- Default: value of `log_level` or `debug` if both are unset
-
-Proxy log level sets the logging level for the Pomerium Proxy service access logs. Only logs of the desired level and above will be logged.
-
-
-### Service Mode
-- Environmental Variable: `SERVICES`
-- Config File Key: `services`
-- Type: `string`
-- Default: `all`
-- Options: `all` `authenticate` `authorize` `databroker` or `proxy`
-
-Service mode sets which service(s) to run. If testing, you may want to set to `all` and run pomerium in "all-in-one mode." In production, you'll likely want to spin up several instances of each service mode for high availability.
-
-
-### Shared Secret
-- Environmental Variable: `SHARED_SECRET`
-- Config File Key: `shared_secret`
-- Type: [base64 encoded] `string`
-- Required
-
-Shared Secret is the base64 encoded 256-bit key used to mutually authenticate requests between services. It's critical that secret keys are random, and stored safely. Use a key management system or `/dev/urandom` to generate a key. For example:
-
-```
-head -c32 /dev/urandom | base64
-```
-
-
-### Tracing
-Tracing tracks the progression of a single user request as it is handled by Pomerium.
-
-Each unit of work is called a Span in a trace. Spans include metadata about the work, including the time spent in the step (latency), status, time events, attributes, links. You can use tracing to debug errors and latency issues in your applications, including in downstream connections.
-
-#### Shared Tracing Settings
-
-Config Key          | Description                                                                          | Required
-:------------------ | :----------------------------------------------------------------------------------- | --------
-tracing_provider    | The name of the tracing provider. (e.g. jaeger, zipkin)                              | ✅
-tracing_sample_rate | Percentage of requests to sample in decimal notation. Default is `0.0001`, or .01%   | ❌
-
-#### Datadog
-
-Datadog is a real-time monitoring system that supports distributed tracing and monitoring.
-
-Config Key              | Description                                                                  | Required
-:---------------------- | :--------------------------------------------------------------------------- | --------
-tracing_datadog_address | `host:port` address of the Datadog Trace Agent. Defaults to `localhost:8126` | ❌
-
-#### Jaeger (partial)
-
-**Warning** At this time, Jaeger protocol does not capture spans inside the Proxy service. Please use Zipkin protocol with Jaeger for full support.
-
-[Jaeger](https://www.jaegertracing.io/) is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems, including:
-
-- Distributed context propagation
-- Distributed transaction monitoring
-- Root cause analysis
-- Service dependency analysis
-- Performance / latency optimization
-
-Config Key                        | Description                                 | Required
-:-------------------------------- | :------------------------------------------ | --------
-tracing_jaeger_collector_endpoint | Url to the Jaeger HTTP Thrift collector.    | ✅
-tracing_jaeger_agent_endpoint     | Send spans to jaeger-agent at this address. | ✅
-
-#### Zipkin
-
-Zipkin is an open source distributed tracing system and protocol.
-
-Many tracing backends support zipkin either directly or through intermediary agents, including Jaeger. For full tracing support, we recommend using the Zipkin tracing protocol.
-
-Config Key              | Description                      | Required
-:---------------------- | :------------------------------- | --------
-tracing_zipkin_endpoint | Url to the Zipkin HTTP endpoint. | ✅
-
-#### Example
-
-![jaeger example trace](./img/jaeger.png)
-
-
-### Use Proxy Protocol
-- Environment Variable: `USE_PROXY_PROTOCOL`
-- Config File Key: `use_proxy_protocol`
-- Type: `bool`
-- Optional
-
-Setting `use_proxy_protocol` will configure Pomerium to require the [HAProxy proxy protocol](https://www.haproxy.org/download/1.9/doc/proxy-protocol.txt) on incoming connections. Versions 1 and 2 of the protocol are supported.
-
-
-### Envoy Bootstrap Options
-- Environment Variable: `ENVOY_ADMIN_ADDRESS`, `ENVOY_ADMIN_ACCESS_LOG_PATH`, `ENVOY_ADMIN_PROFILE_PATH`, `ENVOY_BIND_CONFIG_FREEBIND`, `ENVOY_BIND_CONFIG_SOURCE_ADDRESS`
-- Config File Keys: `envoy_admin_address`, `envoy_admin_access_log_path`, `envoy_admin_profile_path`, `envoy_bind_config_freebind`, `envoy_bind_config_source_address`
-- Type: `string`
-- Optional
-
-The `envoy_admin` keys customize Envoy's [bootstrap configuration](https://www.envoyproxy.io/docs/envoy/latest/operations/admin#operations-admin-interface). The `envoy_bind_config` keys modify the [ClusterManager](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto.html#config-bootstrap-v3-clustermanager) configuration. These options cannot be modified at runtime.
-
-
-## Authenticate Service
-
-### Authenticate Callback Path
-- Environmental Variable: `AUTHENTICATE_CALLBACK_PATH`
-- Config File Key: `authenticate_callback_path`
-- Type: `string`
-- Default: `/oauth2/callback`
-- Optional
-
-Authenticate callback path sets the path at which the authenticate service receives callback responses from your identity provider. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client.
-
-This value is referred to as the `redirect_url` in the [OpenIDConnect][oidc rfc] and OAuth2 specs.
-
-See also:
-
-- [OAuth2 RFC 6749](https://tools.ietf.org/html/rfc6749#section-3.1.2)
-- [OIDC Spec][oidc rfc]
-- [Google - Setting Redirect URI](https://developers.google.com/identity/protocols/OpenIDConnect#setredirecturi)
-
-
-### Authenticate Internal Service URL
-- Environmental Variable: `AUTHENTICATE_INTERNAL_SERVICE_URL`
-- Config File Key: `authenticate_internal_service_url`
-- Type: `URL`
-- Required
-- Example: `https://authenticate.internal`
-
-Authenticate Internal Service URL overrides `authenticate_service_url` when determining the TLS certificate and hostname for the authenticate service to listen with.
-
-
-### Identity Provider Client ID
-- Environmental Variable: `IDP_CLIENT_ID`
-- Config File Key: `idp_client_id`
-- Type: `string`
-- Required
-
-Client ID is the OAuth 2.0 Client Identifier retrieved from your identity provider. See your identity provider's documentation, and our [identity provider] docs for details.
-
-
-### Identity Provider Client Secret
-- Environmental Variable: `IDP_CLIENT_SECRET`
-- Config File Key: `idp_client_secret`
-- Type: `string`
-- Required
-
-Client Secret is the OAuth 2.0 Secret Identifier retrieved from your identity provider. See your identity provider's documentation, and our [identity provider] docs for details.
-
-
-### Identity Provider Name
-- Environmental Variable: `IDP_PROVIDER`
-- Config File Key: `idp_provider`
-- Type: `string`
-- Required
-- Options: `auth0` `azure` `google` `okta` `onelogin` or `oidc`
-
-Provider is the short-hand name of a built-in OpenID Connect (oidc) identity provider to be used for authentication. To use a generic provider,set to `oidc`.
-
-See [identity provider] for details.
-
-
-### Identity Provider Scopes
-- Environmental Variable: `IDP_SCOPES`
-- Config File Key: `idp_scopes`
-- Type: list of `string`
-- Default: `oidc`,`profile`, `email`, `offline_access` (typically)
-- Optional for built-in identity providers.
-
-Identity provider scopes correspond to access privilege scopes as defined in Section 3.3 of OAuth 2.0 RFC6749\. The scopes associated with Access Tokens determine what resources will be available when they are used to access OAuth 2.0 protected endpoints.
-
-:::warning
-
-If you are using a built-in provider, you probably don't want to set customized scopes.
-
-:::
-
-:::warning
-
-Some providers, like Amazon Cognito, _do not_ support the `offline_access` scope.
-
-:::
-
-
-### Identity Provider Service Account
-- Environmental Variable: `IDP_SERVICE_ACCOUNT`
-- Config File Key: `idp_service_account`
-- Type: `string`
-- **Required** for group based policies (most configurations)
-
-The identity provider service account setting is used to query associated identity information from your identity provider.  This is a provider specific value and is not required for all providers.  For example, when using Okta this value will be an Okta API key, and for an OIDC provider that provides groups as a claim, this value will be empty.
-
-:::warning
-
-If you plan to write authorization policies using groups, or any other data that exists in your identity provider's directory service, this setting is **mandatory**.
-
-:::
-
-
-### Identity Provider URL
-- Environmental Variable: `IDP_PROVIDER_URL`
-- Config File Key: `idp_provider_url`
-- Type: `string`
-- Required, depending on provider (Do not use with Google).
-
-Provider URL is the base path to an identity provider's [OpenID connect discovery document](https://openid.net/specs/openid-connect-discovery-1_0.html). An example Azure URL would be `https://login.microsoftonline.com/common/v2.0` for [their discover document](https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration).
-
-"Base path" is defined as the section of the URL to the discovery document up to (but not including) `/.well-known/openid-configuration`.
-
-
-### Identity Provider Request Params
-- Environmental Variable: `IDP_REQUEST_PARAMS`
-- Config File Key: `idp_request_params`
-- Type: map of `strings` key value pairs
-- Optional
-
-Request parameters to be added as part of a signin request using OAuth2 code flow.
-
-For more information see:
-
-- [OIDC Request Parameters](https://openid.net/specs/openid-connect-basic-1_0.html#RequestParameters)
-- [IANA OAuth Parameters](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml)
-- [Microsoft Azure Request params](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code)
-- [Google Authentication URI parameters](https://developers.google.com/identity/protocols/oauth2/openid-connect)
-
-
-### Identity Provider Refresh Directory Settings
-- Environmental Variables: `IDP_REFRESH_DIRECTORY_INTERVAL` `IDP_REFRESH_DIRECTORY_TIMEOUT`
-- Config File Key: `idp_refresh_directory_interval` `idp_refresh_directory_timeout`
-- Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-- Example: `IDP_REFRESH_DIRECTORY_INTERVAL=30m`
-- Defaults: `IDP_REFRESH_DIRECTORY_INTERVAL=10m` `IDP_REFRESH_DIRECTORY_TIMEOUT=1m`
-
-Refresh directory interval is the time that pomerium will sync your IDP diretory, while refresh directory timeout is the maximum time allowed each run.
-
-:::warning
-
-Use it at your own risk, if you set a too low value, you may reach IDP API rate limit.
-
-:::
-
-
-## Proxy Service
-
-### Authorize Service URL
-- Environmental Variable: `AUTHORIZE_SERVICE_URL or `AUTHORIZE_SERVICE_URLS`
-- Config File Key: `authorize_service_url` or `authorize_service_urls`
-- Type: `URL`
-- Required; inferred in all-in-one mode to be localhost.
-- Example: `https://pomerium-authorize-service.default.svc.cluster.local`, `https://localhost:5443`, `https://authorize.corp.example.com`
-
-Authorize Service URL is the location of the internally accessible Authorize service. NOTE: Unlike authenticate, authorize has no publicly accessible http handlers so this setting is purely for gRPC communication.
-
-Multiple URLs can be specified with `authorize_service_urls`.
-
-If your load balancer does not support gRPC pass-through you'll need to set this value to an internally routable location (`https://pomerium-authorize-service.default.svc.cluster.local`) instead of an externally routable one (`https://authorize.corp.example.com`).
-
-
-### Authorize Internal Service URL
-- Environmental Variable: `AUTHORIZE_INTERNAL_SERVICE_URL`
-- Config File Key: `authorize_internal_service_url`
-- Type: `URL`
-- Required; inferred in all-in-one mode to be localhost.
-- Example: `https://pomerium-authorize-service.default.svc.cluster.local` or `https://localhost:5443`
-
-Authorize Internal Service URL overrides `authorize_service_url` when determining the TLS certificate for the authorize service to listen with.
-
-
-### Certificate Authority
-- Environmental Variable: `CERTIFICATE_AUTHORITY` or `CERTIFICATE_AUTHORITY_FILE`
-- Config File Key: `certificate_authority` or `certificate_authority_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-This defines a set of root certificate authorities that Pomerium uses when communicating with other TLS-protected services.
-
-**Note**: Unlike route-specific certificate authority settings, this setting augments (rather than replaces) the system's trust store. But routes that specify a CA will ignore those provided here.
-
-:::warning
-
-Be sure to include the intermediary certificate.
-
-:::
-
-
-### Default Upstream Timeout
-- Environmental Variable: `DEFAULT_UPSTREAM_TIMEOUT`
-- Config File Key: `default_upstream_timeout`
-- Type: [Duration](https://golang.org/pkg/time/#Duration) `string`
-- Example: `10m`, `1h45m`
-- Default: `30s`
-
-Default Upstream Timeout is the default timeout applied to a proxied route when no `timeout` key is specified by the policy.
-
-
-### Set Response Headers
-- Environmental Variable: `SET_RESPONSE_HEADERS`
-- Config File Key: `set_response_headers`
-- Type: map of `strings` key value pairs
-- Examples:
-
-  - Comma Separated: `X-Content-Type-Options:nosniff,X-Frame-Options:SAMEORIGIN`
-  - JSON: `'{"X-Test": "X-Value"}'`
-  - YAML:
-
-    ```yaml
-    set_response_headers:
-      X-Test: X-Value
-    ```
-
-- To disable: `disable:true`
-
-- Default :
-
-  ```javascript
-  X-Content-Type-Options : nosniff,
-  X-Frame-Options:SAMEORIGIN,
-  X-XSS-Protection:1; mode=block,
-  Strict-Transport-Security:max-age=31536000; includeSubDomains; preload,
-  ```
-
-Set Response Headers specifies a mapping of [HTTP Header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers) to be added globally to all managed routes and pomerium's authenticate service.
-
-By default, conservative [secure HTTP headers](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) are set:
-
-  - `max-age=31536000` instructs the browser to pin the certificate for a domain for a year. This helps prevent man-in-the-middle attacks, but can create issues when developing new environments with temporary certificates. See [Troubleshooting - HSTS](/docs/troubleshooting.md#http-strict-transport-security-hsts) for more information.
-  - `includeSubDomains` applies these rules to subdomains, which is how individual routes are defined.
-  - `preload` instructs the browser to preload the certificate from an HSTS preload service if available. This means that the certificate can be loaded from an already-trusted secure connection, and the user never needs to connect to your domain without TLS.
-
-![pomerium security headers](./img/security-headers.png)
-
-See [MDN Web Docs - Strict-Transport-Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) for more information.
-
-:::tip
-
-Several security-related headers are not set by default since doing so might break legacy sites. These include:
-`Cross-Origin Resource Policy`, `Cross-Origin Opener Policy` and `Cross-Origin Embedder Policy`. If possible
-users are encouraged to add these to `set_response_headers` or their downstream applications.
-
-:::
-
-
-### JWT Claim Headers
-- Environmental Variable: `JWT_CLAIMS_HEADERS`
-- Config File Key: `jwt_claims_headers`
-- Type: slice of `string`
-- Example: `email`, `groups`, `user`, `given_name`
-- Optional
-
-The JWT Claim Headers setting allows you to pass specific user session data to upstream applications as HTTP request headers. Note, unlike the header `x-pomerium-jwt-assertion` these values are not signed by the authorization service.
-
-Additionally, this will add the claim to the `X-Pomerium-Jwt-Assertion` header provided by [`pass_identity_headers`](#pass-identity-headers), if not already present.
-
-Any claim in the pomerium session JWT can be placed into a corresponding header and the JWT payload for upstream consumption. This claim information is sourced from your Identity Provider (IdP) and Pomerium's own session metadata. The header will have the following format:
-
-`X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested. Underscores will be replaced with dashes; e.g. `X-Pomerium-Claim-Given-Name`.
-
-This option also supports a nested object to customize the header name. For example:
-
-```yaml
-jwt_claims_headers:
-  X-Email: email
-```
-
-Will add an `X-Email` header with a value of the `email` claim.
-
-Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}`.
-
-
-### Override Certificate Name
-- Environmental Variable: `OVERRIDE_CERTIFICATE_NAME`
-- Config File Key: `override_certificate_name`
-- Type: `string`
-- Optional
-- Example: `*.corp.example.com` if wild card or `authenticate.corp.example.com`/`authorize.corp.example.com`
-
-Secure service communication can fail if the external certificate does not match the internally routed service hostname/[SNI](https://en.wikipedia.org/wiki/Server_Name_Indication). This setting allows you to override that value.
-
-
-### Programmatic Redirect Domain Whitelist
-- Config File Key: `programmatic_redirect_domain_whitelist`
-- Type: array of `string`
-- Optional
-- Default: `localhost`
-
-The programmatic redirect domain whitelist is used to restrict the allowed redirect URLs when using programmatic login. By default only `localhost` URLs are allowed.
-
-
-### X-Forwarded-For HTTP Header
-- Environmental Variable: `SKIP_XFF_APPEND`
-- Config File Key: `skip_xff_append`
-- Type: `bool`
-- Default: `false`
-
-Do not append proxy IP address to `x-forwarded-for` HTTP header. See [Envoy](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers.html?highlight=skip_xff_append#x-forwarded-for) docs for more detail.
-
-
-### The number of trusted hops
-- Environmental Variable: `XFF_NUM_TRUSTED_HOPS`
-- Config File Key: `xff_num_trusted_hops`
-- Type: `uint32`
-- Default: `0`
-
-The number of trusted reverse proxies in front of pomerium. This affects `x-forwarded-proto` header and [`x-envoy-external-address` header](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-envoy-external-address), which reports tursted client address. [Envoy](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers.html?highlight=xff_num_trusted_hops#x-forwarded-for) docs for more detail.
-
-
-### Codec Type
-- Environment Variable: `CODEC_TYPE`
-- Config File Key: `codec_type`
-- Type: `string`
-- Default: `auto` (`http1` in all-in-one mode)
-
-Specifies the codec to use for downstream connections. Either `auto`, `http1` or `http2`.
-
-When `auto` is specified the codec will be determined via TLS ALPN or protocol inference.
-
-:::warning
-
-With HTTP/2, browsers typically coalesce connections for the same IP address that use the same
-TLS certificate. For example, you may have `authenticate.localhost.pomerium.io` and
-`example.localhost.pomerium.io` using the same wildcard certificate (`*.localhost.pomerium.io`)
-and both pointing to `127.0.0.1`. Your browser sees this and re-uses the initial connection
-it makes to `example` for `authenticate`. But unfortunately the routes necessary to handle
-`authenticate` don't exist on `example` so the proxy cannot handle the request.
-
-If this happens Pomerium will respond with a `421 Misdirected Request` status. Most browsers will attempt to
-make the request on a new HTTP/2 connection. However not all browsers implement this behavior
-(notably Safari), and users may end up seeing a blank page instead.
-
-If you see this happen, there are several ways to mitigate the problem:
-
-1. Don't re-use TLS certificates for shared IP domains.
-2. Don't re-use IP addresses for shared TLS certificates.
-3. Don't use HTTP/2.
-
-More details on this problem are available in [Github Issue #2150](https://github.com/pomerium/pomerium/issues/2150).
-
-:::
-
-
-## Data Broker Service
-The databroker service is used for storing user session data.
-
-By default, the `databroker` service uses an in-memory databroker.
-
-To create your own data broker, implement the following gRPC interface:
-
-- [pkg/grpc/databroker/databroker.proto](https://github.com/pomerium/pomerium/blob/main/pkg/grpc/databroker/databroker.proto)
-
-For an example implementation, the in-memory database used by the databroker service can be found here:
-
-- [pkg/databroker/memory](https://github.com/pomerium/pomerium/tree/main/pkg/databroker/memory)
-
-
-### Data Broker Internal Service URL
-- Environmental Variable: `DATABROKER_INTERNAL_SERVICE_URL` or `DATABROKER_INTERNAL_SERVICE_URLS`
-- Config File Key: `databroker_internal_service_url` or `databroker_internal_service_urls`
-- Type: `URL`
-- Example: `https://databroker.corp.example.com`
-- Default: in all-in-one mode, `http://localhost:5443`
-
-Data Broker Internal URL overrides `databroker_service_url` when determining the TLS certificate for the databroker service to listen with.
-
-
-### Data Broker Storage Type
-- Environmental Variable: `DATABROKER_STORAGE_TYPE`
-- Config File Key: `databroker_storage_type`
-- Type: `string`
-- Optional
-- Example: `redis`,`memory`
-- Default: `memory`
-
-The backend storage that databroker server will use.
-
-
-### Data Broker Storage Connection String
-- Environmental Variable: `DATABROKER_STORAGE_CONNECTION_STRING`
-- Config File Key: `databroker_storage_connection_string`
-- Type: `string`
-- **Required** when storage type is `redis`
-- Example: `"redis://localhost:6379/0"`, `"rediss://localhost:6379/0"`
-
-The connection string that the databroker service will use to connect to storage backend.
-
-For `redis`, the following URL types are supported:
-
-- simple: `redis://[username:password@]host:port/[db]`
-- sentinel: `redis+sentinel://[:password@]host:port[,host2:port2,...]/[master_name[/db]][?param1=value1[&param2=value2&...]]`
-- cluster: `redis+cluster://[username:password@]host:port[,host2:port2,...]/[?param1=value1[&param2=value=2&...]]`
-
-You can also enable TLS with `rediss://`, `rediss+sentinel://` and `rediss+cluster://`.
-
-
-### Data Broker Storage Certificate File
-- Environment Variable: `DATABROKER_STORAGE_CERT_FILE`
-- Config File Key: `databroker_storage_cert_file`
-- Type: relative file location
-- Optional
-
-The certificate used to connect to a storage backend.
-
-
-### Data Broker Storage Certificate Key File
-- Environment Variable: `DATABROKER_STORAGE_KEY_FILE`
-- Config File Key: `databroker_storage_key_file`
-- Type: relative file location
-- Optional
-
-The certificate key used to connect to a storage backend.
-
-
-### Data Broker Storage Certificate Authority
-- Environment Variable: `DATABROKER_STORAGE_CA_FILE`
-- Config File Key: `databroker_storage_ca_file`
-- Type: relative file location
-- Optional
-
-This setting defines the set of root certificates used when verifying storage server connections.
-
-
-### Data Broker Storage TLS Skip Verify
-- Environment Variable: `DATABROKER_STORAGE_TLS_SKIP_VERIFY`
-- Config File Key: `databroker_storage_tls_skip_verify`
-- Type: relative file location
-- Optional
-
-If set, the TLS connection to the storage backend will not be verified.
-
-
-## Policy
-- Environmental Variable: `POLICY`
-- Config File Key: `policy`
-- Type: [base64 encoded] `string` or inline policy structure in config file
-- **Deprecated**: This key has been replaced with `route`.
-
-
-::: warning
-The `policy` field as a top-level configuration key has been replaced with [`routes`](/reference/readme.md#routes). Moving forward, define policies within each defined route.
-
-Existing policy definitions will currently behave as expected, but are deprecated and will be removed in a future version of Pomerium.
-:::
-
-Policy contains route specific settings, and access control details. If you are configuring via POLICY environment variable, just the contents of the policy needs to be passed. If you are configuring via file, the policy should be present under the policy key. For example,
-
-<<< @/examples/config/policy.example.yaml
-
-Policy routes are checked in the order they appear in the policy, so more specific routes should appear before less specific routes. For example:
-
-```yaml
-policy:
-  - from: http://from.example.com
-    to: http://to.example.com
-    prefix: /admin
-    allowed_groups: ["superuser"]
-  - from: http://from.example.com
-    to: http://to.example.com
-    allow_public_unauthenticated_access: true
-```
-
-In this example, an incoming request with a path prefix of `/admin` would be handled by the first route (which is restricted to superusers). All other requests for `from.example.com` would be handled by the second route (which is open to the public).
-
-A list of configuration variables specific to `policy` follows Note that this also shares all configuration variables listed under [routes](/reference/readme.md#routes), excluding `policy` and its child variables.
-
-
-### Allowed Domains
-- `yaml`/`json` setting: `allowed_domains`
-- Type: list of `string`
-- Required
-- Example: `pomerium.io` , `gmail.com`
-
-Allowed domains is a collection of whitelisted domains to authorize for a given route.
-
-
-### Allowed Groups
-- `yaml`/`json` setting: `allowed_groups`
-- Type: list of `string`
-- Required
-- Example: `admins` , `support@company.com`
-
-Allowed groups is a collection of whitelisted groups to authorize for a given route.
-
-
-### Allowed IdP Claims
-- `yaml`/`json` setting: `allowed_idp_claims`
-- Type: map of `strings` lists
-- Required
-
-Allowed IdP Claims is a collection of whitelisted claim key-value pairs to authorize for a given route.
-
-This is useful if your identity provider has extra information about a user that is not in the directory.  It can also be useful if you wish to use groups with the generic OIDC provider.
-
-Example:
-
-```yaml
-  - from: http://from.example.com
-    to: http://to.example.com
-    allowed_idp_claims:
-      family_name:
-        - Doe
-        - Smith
-```
-
-This policy would match users with the `family_name` claim containing `Smith` or `Doe`.
-
-Claims are represented as a map of strings to a list of values:
-
-```json
-{
-  "family_name": ["Doe"],
-  "given_name": ["John"]
-}
-```
-
-- Nested maps are flattened: `{ "a": { "b": ["c"] } }` becomes `{ "a.b": ["c"] }`
-- Values are always a list: `{ "a": "b" }` becomes `{ "a": ["b"] }`
-
-
-### Allowed Users
-- `yaml`/`json` setting: `allowed_users`
-- Type: list of `string`
-- Required
-- Example: `alice@pomerium.io` , `bob@contractor.co`
-
-Allowed users is a collection of whitelisted users to authorize for a given route.
-
-
-## Routes
-- Environment Variable: `ROUTES`
-- Config File Key: `routes`
-- Type: [base64 encoded] `string` or inline policy structure in config file
-- **Required** - While Pomerium will start without a route configured, it will not authorize or proxy any traffic until a route is defined. If configuring Pomerium for the Enterprise Console, define a route for the Console itself in Pomerium.
-
-A route contains specific access and control definitions for a back-end service. Each route is a list item under the `routes` key.
-
-Each route defines at minimum a `from` and `to` field, and a `policy` key defining authorization logic. Policies are defined using [Pomerium Policy Language](/enterprise/reference/manage.md#pomerium-policy-language) (**PPL**). Additional options are listed below.
-
-<<< @/examples/config/route.example.yaml
-
-
-### Allow Any Authenticated User
-- `yaml`/`json` setting: `allow_any_authenticated_user`
-- Type: `bool`
-- Optional
-- Default: `false`
-
-**Use with caution:** This setting will allow all requests for any user which is able to authenticate with our given identity provider. For instance, if you are using a corporate GSuite account, an unrelated gmail user will be able to access the underlying upstream.
-
-Use of this setting means Pomerium **will not enforce centralized authorization policy** for this route. The upstream is responsible for handling any authorization.
-
-
-### Cluster Name
-- Config File Key: `name`
-- Type: `string`
-- Optional
-
-Runtime metrics for this policy would be available under `envoy_cluster_`*`name`* prefix.
-
-
-### CORS Preflight
-- `yaml`/`json` setting: `cors_allow_preflight`
-- Type: `bool`
-- Optional
-- Default: `false`
-
-Allow unauthenticated HTTP OPTIONS requests as [per the CORS spec](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests).
-
-
-### Enable Google Cloud Serverless Authentication
-- Environmental Variable: `ENABLE_GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION`
-- Config File Key: `enable_google_cloud_serverless_authentication`
-- Type: `bool`
-- Default: `false`
-
-Enable sending a signed [Authorization Header](https://cloud.google.com/run/docs/authenticating/service-to-service) to upstream GCP services.
-
-Requires setting [Google Cloud Serverless Authentication Service Account](#google-cloud-serverless-authentication-service-account) or running Pomerium in an environment with a GCP service account present in default locations.
-
-
-### From
-- `yaml`/`json` setting: `from`
-- Type: `URL` (must contain a scheme and hostname, must not contain a path)
-- Schemes: `https`, `tcp+https`
-- Required
-- Example: `https://verify.corp.example.com`, `tcp+https://ssh.corp.example.com:22`
-
-`From` is the externally accessible URL for the proxied request.
-
-Specifying `tcp+https` for the scheme enables [TCP proxying](/docs/tcp/readme.md) support for the route. You may map more than one port through the same hostname by specifying a different `:port` in the URL.
-
-:::warning
-
-Only secure schemes (`https` and `tcp+https`) are supported.
-
-:::
-
-
-### Health Checks
-- Config File Key: `health_checks`
-- Type: `array of objects`
-- Optional
-
-When defined, will issue periodic health check requests to upstream servers. When health checks are defined, unhealthy upstream servers would not serve traffic.
-See also `outlier_detection` for automatic upstream server health detection.
-In presence of multiple upstream servers, it is recommended to set up either `health_checks` or `outlier_detection` or both.
-
-See [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/health_checking) for a list of [supported parameters](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck).
-
-Only one of `http_health_check`, `tcp_health_check`, or `grpc_health_check` may be configured per health_check object definition.
-
-- [TCP](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck-tcphealthcheck)
-- [HTTP](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck-httphealthcheck)
-- [GRPC](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck-grpchealthcheck)
-
-See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.md#active-health-checks).
-
-
-### Host Rewrite
-- `yaml`/`json` settings: `host_rewrite`, `host_rewrite_header`, `host_path_regex_rewrite_pattern`, `host_path_regex_rewrite_substitution`
-- Type: `string`
-- Optional
-- Example: `host_rewrite: "example.com"`
-
-The `host` header can be preserved via the `preserve_host_header` setting or customized via three mutually exclusive options:
-
-1. `preserve_host_header` will, when enabled, this option will pass the host header from the incoming request to the proxied host, instead of the destination hostname. It's an optional parameter of type `bool` that defaults to `false`.
-
-    See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypreservehost).
-2. `host_rewrite`, which will rewrite the host to a new literal value.
-3. `host_rewrite_header`, which will rewrite the host to match an incoming header value.
-4. `host_path_regex_rewrite_pattern` & `host_path_regex_rewrite_substitution`, which will rewrite the host according to a regex matching the path. For example with the following config:
-
-    ```yaml
-    host_path_regex_rewrite_pattern: "^/(.+)/.+$"
-    host_path_regex_rewrite_substitution: \1
-    ```
-
-    Would rewrite the host header to `example.com` given the path `/example.com/some/path`.
-
-The 2nd, 3rd and 4th options correspond to the Envoy route action host related options, which can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html#config-route-v3-routeaction).
-
-
-### Idle Timeout
-- `yaml`/`json` setting: `idle_timeout`
-- Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-- Optional
-- Default: `5m`
-
-If you are proxying long-lived requests that employ streaming calls such as websockets or gRPC,
-set this to either a maximum value there may be no data exchange over a connection (recommended),
-or set it to unlimited (`0s`). If `idle_timeout` is specified, and `timeout` is not
-explicitly set, then `timeout` would be unlimited (`0s`). You still may specify maximum lifetime
-of the connection using `timeout` value (i.e. to 1 day).
-
-
-### Identity Provider Client ID (per route)
-- `yaml`/`json` setting: `idp_client_id`
-- Type: `string`
-- Optional
-
-When set, this overrides the value of [idp_client_id](#identity-provider-client-id) set globally for this route.
-
-
-### Identity Provider Client Secret (per route)
-- `yaml`/`json` setting: `idp_client_secret`
-- Type: `string`
-- Optional
-
-When set, this overrides the value of [idp_client_secret](#identity-provider-client-secret) set globally for this route.
-
-
-### Kubernetes Service Account Token
-- `yaml`/`json` setting: `kubernetes_service_account_token` / `kubernetes_service_account_token_file`
-- Type: `string` or relative file location containing a Kubernetes bearer token
-- Optional
-- Example: `eyJ0eXAiOiJKV1QiLCJhbGciOiJ...` or `/var/run/secrets/kubernetes.io/serviceaccount/token`
-
-Use this token to authenticate requests to a Kubernetes API server.
-
-Pomerium will [impersonate](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation) the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups.
-
-
-### Load Balancing Policy
-- Config File Key: `lb_policy`
-- Type: `enum`
-- Optional
-
-In presence of multiple upstreams, defines load balancing strategy between them.
-
-See [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-enum-config-cluster-v3-cluster-lbpolicy) for more details.
-
-- [`ROUND_ROBIN`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-round-robin) (default)
-- [`LEAST_REQUEST`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-least-request) and may be further configured using [`least_request_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-leastrequestlbconfig)
-- [`RING_HASH`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) and may be further configured using [`ring_hash_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-ringhashlbconfig) option
-- [`RANDOM`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#random)
-- [`MAGLEV`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and may be further configured using [`maglev_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-maglevlbconfig) option
-
-Some policy types support additional [configuration](#load-balancing-policy-config).
-
-
-### Load Balancing Policy Config
-- Config File Key: `least_request_lb_config`, `ring_hash_lb_config`, `maglev_lb_config`
-- Type: `object`
-- Optional
-
-When [`lb_policy`](#load-balancing-policy) is configured, you may further customize policy settings for `LEAST_REQUEST`, `RING_HASH`, AND `MAGLEV` using one of the following options.
-
-- [`least_request_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-leastrequestlbconfig)
-- [`ring_hash_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-ringhashlbconfig)
-- [`maglev_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-maglevlbconfig)
-
-See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.md#load-balancing-method)
-
-
-### Outlier Detection
-- `yaml`/`json` setting: `outlier_detection`
-- Type: `object`
-- Optional
-- Example: `{ "consecutive_5xx": 12 }`
-
-Outlier detection and ejection is the process of dynamically determining whether some number of hosts in an upstream cluster are performing unlike the others and removing them from the healthy load balancing set.
-
-See Envoy [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier#arch-overview-outlier-detection) and [API](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/outlier_detection.proto#envoy-v3-api-msg-config-cluster-v3-outlierdetection) for more details.
-
-
-### Pass Identity Headers
-- `yaml`/`json` setting: `pass_identity_headers`
-- Type: `bool`
-- Optional
-- Default: `false`
-
-When enabled, this option will pass identity headers to upstream applications. These headers include:
-
-- X-Pomerium-Jwt-Assertion
-- X-Pomerium-Claim-*
-
-
-### Path
-- `yaml`/`json` setting: `path`
-- Type: `string`
-- Optional
-- Example: `/admin/some/exact/path`
-
-If set, the route will only match incoming requests with a path that is an exact match for the specified path.
-
-
-### Prefix
-- `yaml`/`json` setting: `prefix`
-- Type: `string`
-- Optional
-- Example: `/admin`
-
-If set, the route will only match incoming requests with a path that begins with the specified prefix.
-
-
-### Prefix Rewrite
-- `yaml`/`json` setting: `prefix_rewrite`
-- Type: `string`
-- Optional
-- Example: `/subpath`
-
-If set, indicates that during forwarding, the matched prefix (or path) should be swapped with this value.
-For example, given this policy:
-
-```yaml
-from: https://from.example.com
-to: https://to.example.com
-prefix: /admin
-prefix_rewrite: /
-```
-
-A request to `https://from.example.com/admin` would be forwarded to `https://to.example.com/`.
-
-
-### Public Access
-- `yaml`/`json` setting: `allow_public_unauthenticated_access`
-- Type: `bool`
-- Optional
-- Default: `false`
-
-**Use with caution:** Allow all requests for a given route, bypassing authentication and authorization. Suitable for publicly exposed web services.
-
-If this setting is enabled, no whitelists (e.g. Allowed Users) should be provided in this route.
-
-
-### Redirect
-- `yaml`/`json` setting: 'redirect'
-- Type: object
-- Optional
-- Example: `{ "host_redirect": "example.com" }`
-
-`Redirect` is used to redirect incoming requests to a new URL. The `redirect` field is an object with several possible
-options:
-
-- `https_redirect` (boolean): the incoming scheme will be swapped with "https".
-- `scheme_redirect` (string): the incoming scheme will be swapped with the given value.
-- `host_redirect` (string): the incoming host will be swapped with the given value.
-- `port_redirect` (integer): the incoming port will be swapped with the given value.
-- `path_redirect` (string): the incoming path portion of the URL will be swapped with the given value.
-- `prefix_rewrite` (string): the incoming matched prefix will be swapped with the given value.
-- `response_code` (integer): the response code to use for the redirect. Defaults to 301.
-- `strip_query` (boolean): indicates that during redirection, the query portion of the URL will be removed. Defaults to false.
-
-Either `redirect` or `to` must be set.
-
-
-### Regex
-- `yaml`/`json` setting: `regex`
-- Type: `string` (containing a regular expression)
-- Optional
-- Example: `^/(admin|superuser)/.*$`
-
-If set, the route will only match incoming requests with a path that matches the specified regular expression. The supported syntax is the same as the Go [regexp package](https://golang.org/pkg/regexp/) which is based on [re2](https://github.com/google/re2/wiki/Syntax).
-
-
-### Regex Rewrite
-- `yaml`/`json` setting: `regex_rewrite_pattern`, `regex_rewrite_substitution`
-- Type: `string`
-- Optional
-- Example: `{ "regex_rewrite_pattern":"^/service/([^/]+)(/.*)$", "regex_rewrite_substitution": "\\2/instance/\\1" }`
-
-If set, the URL path will be rewritten according to the pattern and substitution, similar to `prefix_rewrite`.
-
-
-### Remove Request Headers
-- Config File Key: `remove_request_headers`
-- Type: array of `strings`
-- Optional
-
-Remove Request Headers allows you to remove given request headers. This can be useful if you want to prevent privacy information from being passed to downstream applications. For example:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com
-  policy:
-    - allow:
-        or:
-          - email:
-              is: user@example.com
-  remove_request_headers:
-    - X-Email
-    - X-Username
-```
-
-
-### Rewrite Response Headers
-- Config File Key: `rewrite_response_headers`
-- Type: `object`
-- Optional
-- Example: `[{ "header": "Location", "prefix": "http://localhost:8000/two/", "value": "http://frontend/one/" }]`
-
-Rewrite Response Headers allows you to modify response headers before they are returned to the client. The `header` field will match the HTTP header name, and `prefix` will be replaced with `value`. For example, if the downstream server returns a header:
-
-```text
-Location: http://localhost:8000/two/some/path/
-```
-
-And the policy has this config:
-
-```yaml
-rewrite_response_headers:
-  - header: Location
-    prefix: http://localhost:8000/two/
-    value: http://frontend/one/
-```
-
-The browser would be redirected to: `http://frontend/one/some/path/`. This is similar to nginx's [`proxy_redirect` option](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect), but can be used for any header.
-
-
-### Route Timeout
-- `yaml`/`json` setting: `timeout`
-- Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-- Optional
-- Default: `30s`
-
-Policy timeout establishes the per-route timeout value. Cannot exceed global timeout values.
-
-
-### Set Authorization Header
-- `yaml`/`json` setting: `set_authorization_header`
-- Type: `string` (`pass_through`, `access_token` or `id_token`)
-- Optional
-- Default: `pass_through`
-
-`set_authorization_header` allows you to send a user's identity token through as a bearer token in the Authorization header.
-
-Use `access_token` to send the OAuth access token, `id_token` to send the OIDC ID token, or `pass_through` (the default) to leave the Authorization header unchanged
-from the client when it's not used for Pomerium authentication.
-
-
-### Set Response Headers
-- Config File Key: `set_response_headers`
-- Type: map of `strings` key value pairs
-- Optional
-
-Set Response Headers allows you to set static values for the given response headers. These headers will take precedence over the global `set_response_headers`.
-
-
-### Set Request Headers
-- Config File Key: `set_request_headers`
-- Type: map of `strings` key value pairs
-- Optional
-
-Set Request Headers allows you to set static values for given request headers. This can be useful if you want to pass along additional information to downstream applications as headers, or set authentication header to the request. For example:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com
-  policy:
-    - allow:
-        or:
-          - email:
-              is: user@example.com
-  set_request_headers:
-    # works auto-magically!
-    # https://verify.corp.example.com/basic-auth/root/hunter42
-    Authorization: Basic cm9vdDpodW50ZXI0Mg==
-    X-Your-favorite-authenticating-Proxy: "Pomerium"
-```
-:::warning
-
-Neither `:-prefixed` pseudo-headers nor the `Host:` header may be modified via this mechanism. Those headers may instead be modified via mechanisms such as `prefix_rewrite`, `regex_rewrite`, and `host_rewrite`.
-
-:::
-
-
-### Signout Redirect URL
-- Environmental Variable: `SIGNOUT_REDIRECT_URL`
-- Config File Key: `signout_redirect_url`
-- Type: `URL`
-- Required
-- Example: `https://signout-redirect-url.corp.example.com`
-
-Signout redirect url is the url user will be redirected to after signing out.
-
-You can overwrite this behavior by passing the query param `pomerium_redirect_uri` or post value `pomerium_redirect_uri`
-to the `/.pomerium/signout/` endpoint.
-
-
-### TLS Client Certificate
-- Config File Key: `tls_client_cert` and `tls_client_key` or `tls_client_cert_file` and `tls_client_key_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-If specified, Pomerium will present this client certificate to upstream services when requested to enforce [mutual authentication](https://en.wikipedia.org/wiki/Mutual_authentication) (mTLS).
-
-For more details, see our [mTLS example repository](https://github.com/pomerium/pomerium/tree/main/examples/mutual-tls) and the [Upstream mTLS With Pomerium](/guides/upstream-mtls.md) guide.
-
-
-### TLS Custom Certificate Authority
-- Config File Key: `tls_custom_ca` or `tls_custom_ca_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-TLS Custom Certificate Authority defines a set of root certificate authorities that the Pomerium Proxy Service uses when verifying upstream server certificates.
-
-**Note**: This setting will replace (not append) the system's trust store for a given route.
-
-
-### TLS Downstream Client Certificate Authority
-- Config File Key: `tls_downstream_client_ca` or `tls_downstream_client_ca_file`
-- Type: [base64 encoded] `string` or relative file location
-- Optional
-
-If specified, downstream clients (eg a user's browser) will be required to provide a valid client TLS
-certificate. This overrides the global `client_ca` option for this route.
-
-See [Client-Side mTLS With Pomerium](/guides/mtls.md) for more information.
-
-
-### TLS Skip Verification
-- Config File Key: `tls_skip_verify`
-- Type: `bool`
-- Default: `false`
-
-TLS Skip Verification controls whether the Pomerium Proxy Service verifies the upstream server's certificate chain and host name. If enabled, Pomerium accepts any certificate presented by the upstream server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.
-
-
-### TLS Server Name
-- Config File Key: `tls_server_name`
-- Type: `string`
-- Optional
-
-**Deprecated**: this key has been replaced with `tls_upstream_server_name`.
-
-
-### TLS Upstream Server Name
-- Config File Key: `tls_upstream_server_name`
-- Type: `string`
-- Optional
-
-TLS Upstream Server Name overrides the hostname specified in the `to` field. If set, this server name will be used to verify the certificate name. This is useful when the backend of your service is a TLS server with a valid certificate, but mismatched name.
-
-
-### TLS Downstream Server Name
-- Config File Key: `tls_downstream_server_name`
-- Type: `string`
-- Optional
-
-TLS Downstream Server Name overrides the hostname specified in the `from` field. When a connection to Pomerium is made via TLS the `tls_downstream_server_name` will be used as the expected Server Name Indication, whereas the host part of the `from` field, will be expected to match the `Host` or `:authority` headers of the HTTP request.
-
-
-### To
-- `yaml`/`json` setting: `to`
-- Type: `URL` or list of `URL`s (must contain a scheme and hostname) with an optional weight
-- Schemes: `http`, `https`, `tcp`
-- Optional
-- Example: `http://verify` , `https://192.1.20.12:8080`, `http://neverssl.com`, `https://verify.pomerium.com/anything/`, `["http://a", "http://b"]`, `["http://a,10", "http://b,20"]`
-
-`To` is the destination(s) of a proxied request. It can be an internal resource, or an external resource. Multiple upstream resources can be targeted by using a list instead of a single URL:
-
-```yaml
-- from: https://example.com
-  to:
-  - https://a.example.com
-  - https://b.example.com
-```
-
-A load balancing weight may be associated with a particular upstream by appending `,[weight]` to the URL.  The exact behavior depends on your [`lb_policy`](#load-balancing-policy) setting.  See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.md#load-balancing-weight).
-
-Must be `tcp` if `from` is `tcp+https`.
-
-:::warning
-
-Be careful with trailing slash.
-
-With rule:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com/anything
-```
-
-Requests to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything`, while requests to `https://verify.corp.example.com/foo` will be forwarded to `https://verify.pomerium.com/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
-
-While the rule:
-
-```yaml
-- from: https://verify.corp.example.com
-  to: https://verify.pomerium.com/anything/
-```
-
-All requests to `https://verify.corp.example.com/*` will be forwarded to `https://verify.pomerium.com/anything/*`. That means accessing to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
-
-Either `redirect` or `to` must be set.
-
-:::
-
-
-### SPDY
-- Config File Key: `allow_spdy`
-- Type: `bool`
-- Default: `false`
-
-If set, enables proxying of SPDY protocol upgrades.
-
-
-### Websocket Connections
-- Config File Key: `allow_websockets`
-- Type: `bool`
-- Default: `false`
-
-If set, enables proxying of websocket connections.
-
-:::warning
-
-**Use with caution:** websockets are long-lived connections, so [global timeouts](#global-timeouts) are not enforced (though the policy-specific `timeout` is enforced). Allowing websocket connections to the proxy could result in abuse via [DOS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/).
-
-:::
-
-
-## Authorize Service
-
-### Google Cloud Serverless Authentication Service Account
-- Environmental Variable: `GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT`
-- Config File Key: `google_cloud_serverless_authentication_service_account`
-- Type: [base64 encoded] `string`
-- Optional
-
-Manually specify the service account credentials to support GCP's [Authorization Header](https://cloud.google.com/run/docs/authenticating/service-to-service) format.
-
-If unspecified:
-
-- If [Identity Provider Name](#identity-provider-name) is set to `google`, will default to [Identity Provider Service Account](#identity-provider-service-account)
-- Otherwise, will default to ambient credentials in the default locations searched by the Google SDK. This includes GCE metadata server tokens.
-
-
-### Signing Key
-- Environmental Variable: `SIGNING_KEY`
-- Config File Key: `signing_key`
-- Type: [base64 encoded] `string`
-- Optional
-
-Signing Key is the private key used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.
-
-If set, the signing key's public key will can retrieved by hitting Pomerium's `/.well-known/pomerium/jwks.json` endpoint which lives on the authenticate service. Otherwise, the endpoint will return an empty keyset.
-
-For example, assuming you have [generated an ES256 key](https://github.com/pomerium/pomerium/blob/main/scripts/generate_self_signed_signing_key.sh) as follows.
-
-```bash
-# Generates an P-256 (ES256) signing key
-openssl ecparam  -genkey  -name prime256v1  -noout  -out ec_private.pem
-# careful! this will output your private key in terminal
-cat ec_private.pem | base64
-```
-
-That signing key can be accessed via the well-known jwks endpoint.
-
-```bash
-$ curl https://authenticate.int.example.com/.well-known/pomerium/jwks.json | jq
-```
-
-```json
-{
-  "keys": [
-    {
-      "use": "sig",
-      "kty": "EC",
-      "kid": "ccc5bc9d835ff3c8f7075ed4a7510159cf440fd7bf7b517b5caeb1fa419ee6a1",
-      "crv": "P-256",
-      "alg": "ES256",
-      "x": "QCN7adG2AmIK3UdHJvVJkldsUc6XeBRz83Z4rXX8Va4",
-      "y": "PI95b-ary66nrvA55TpaiWADq8b3O1CYIbvjqIHpXCY"
-    }
-  ]
-}
-```
-
-If no certificate is specified, one will be generated and the base64'd public key will be added to the logs. Note, however, that this key be unique to each service, ephemeral, and will not be accessible via the authenticate service's `jwks_uri` endpoint.
-
-
-[base64 encoded]: https://en.wikipedia.org/wiki/Base64
-[elliptic curve]: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations#Generating_EC_Keys_and_Parameters
-[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
-[identity provider]: /docs/identity-providers/readme.md
-[json]: https://en.wikipedia.org/wiki/JSON
-[letsencrypt]: https://letsencrypt.org/
-[oidc rfc]: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-[okta]: /docs/identity-providers/okta.md
-[script]: https://github.com/pomerium/pomerium/blob/main/scripts/generate_wildcard_cert.sh
-[signed headers]: /docs/topics/getting-users-identity.md
-[toml]: https://en.wikipedia.org/wiki/TOML
-[yaml]: https://en.wikipedia.org/wiki/YAML
diff --git a/docs/reference/settings.yaml b/docs/reference/settings.yaml
deleted file mode 100644
index c524582c1..000000000
--- a/docs/reference/settings.yaml
+++ /dev/null
@@ -1,2113 +0,0 @@
-preamble: |
-  ---
-  title: Settings
-  lang: en-US
-  sidebarDepth: 2
-  meta:
-    - name: keywords
-      content: configuration, options, settings, pomerium, reference
-  ---
-
-  # Configuration Settings
-
-  Pomerium can be configured using a configuration file ([YAML]/[JSON]/[TOML]) or [environmental variables]. In general, environmental variable keys are identical to config file keys but are uppercase. If you are coming from a kubernetes or docker background this should feel familiar. If not, check out the following primers.
-
-  - [Store config in the environment](https://12factor.net/config)
-  - [Kubernetes: Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
-  - [Kubernetes: Config Maps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/)
-  - [Docker: Environment variables](https://docs.docker.com/compose/environment-variables/)
-
-  Using both [environmental variables] and config file keys is allowed and encouraged (for instance, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence.
-
-  :::tip
-
-  Pomerium can hot-reload route configuration details, authorization policy, certificates, and other proxy settings.
-
-  :::
-
-  ## All-In-One vs Split Service mode
-
-  When running Pomerium as a single system service or container, all the options on this page can be set in a single `config.yaml` file, or passed to the single instance as environment variables.
-
-  When running Pomerium in a distributed environment where there are multiple processes, each handling separate [components](/docs/architecture.md#component-level), all services can still share a single config file or set of environment variables.
-
-  Alternately, you can create individual config files or sets of environment variables for each service. When doing so, each file or set must have matching [shared settings](#shared-settings), as well as settings relevant to that [service mode](#service-mode). The list below is sorted to better differentiate which config options correlate to which service mode.
-
-postamble: |
-  [base64 encoded]: https://en.wikipedia.org/wiki/Base64
-  [elliptic curve]: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations#Generating_EC_Keys_and_Parameters
-  [environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
-  [identity provider]: /docs/identity-providers/readme.md
-  [json]: https://en.wikipedia.org/wiki/JSON
-  [letsencrypt]: https://letsencrypt.org/
-  [oidc rfc]: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-  [okta]: /docs/identity-providers/okta.md
-  [script]: https://github.com/pomerium/pomerium/blob/main/scripts/generate_wildcard_cert.sh
-  [signed headers]: /docs/topics/getting-users-identity.md
-  [toml]: https://en.wikipedia.org/wiki/TOML
-  [yaml]: https://en.wikipedia.org/wiki/YAML
-
-settings:
-- name: Shared Settings
-  doc: |
-    These configuration variables are shared by all services, in all service modes.
-  settings:
-  - name: Address
-    keys: [address]
-    attributes: |
-      - Environmental Variable: `ADDRESS`
-      - Config File Key: `address`
-      - Type: `string`
-      - Example: `:443`, `:8443`
-      - Default: `:443`
-      - Required
-    doc: |
-      Address specifies the host and port to serve HTTP requests from. If empty, `:443` is used. Note, in all-in-one deployments, gRPC traffic will be served on loopback on port `:5443`.
-    shortdoc: |
-      Address specifies the host and port to serve HTTP requests from.
-    uuid: 0ed5bb0a-74e3-4db5-85c9-45129aeccee3
-  - name: Authenticate Service URL
-    keys: [authenticate_service_url]
-    attributes: |
-      - Environmental Variable: `AUTHENTICATE_SERVICE_URL`
-      - Config File Key: `authenticate_service_url`
-      - Type: `URL`
-      - Required
-      - Example: `https://authenticate.corp.example.com`
-    doc: |
-      Authenticate Service URL is the externally accessible URL for the authenticate service. In split service mode, this key is required by all services other than Databroker.
-    shortdoc: |
-      Authenticate Service URL is the externally accessible URL for the authenticate service.
-    uuid: 5e698d84-bc2b-4851-81b0-237651f9ed74
-  - name: Autocert
-    keys: [autocert]
-    attributes: |
-      - Environmental Variable: `AUTOCERT`
-      - Config File Key: `autocert`
-      - Type: `bool`
-      - Optional
-    doc: |
-      Turning on autocert allows Pomerium to automatically retrieve, manage, and renew public facing TLS certificates from [Let's Encrypt][letsencrypt] which includes managed routes and the authenticate service.  [Autocert Directory](#autocert-directory) must be used with Autocert must have a place to persist, and share certificate data between services. Note that autocert also provides [OCSP stapling](https://en.wikipedia.org/wiki/OCSP_stapling).
-
-      This setting can be useful in situations where you may not have Pomerium behind a TLS terminating ingress or proxy that is already handling your public certificates on your behalf.
-
-      :::warning
-
-      By using autocert, you agree to the [Let's Encrypt Subscriber Agreement](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf). There are [_strict_ usage limits](https://letsencrypt.org/docs/rate-limits/) per domain you should be aware of. Consider testing with `autocert_use_staging` first.
-
-      :::
-
-      :::warning
-
-      Autocert requires that ports `80`/`443` be accessible from the internet in order to complete a [TLS-ALPN-01 challenge](https://letsencrypt.org/docs/challenge-types/#tls-alpn-01).
-
-      :::
-    shortdoc: |
-      Turning on autocert allows Pomerium to automatically retrieve, manage, and renew public facing TLS certificates from Lets Encrypt.
-    uuid: d6743ca2-4feb-497f-b901-b154a8c248e0
-  - name: Autocert CA
-    keys: [autocert_ca]
-    attributes: |
-      - Environmental Variable: `AUTOCERT_CA`
-      - Config File Key: `autocert_ca`
-      - Type: `string` containing the directory URL of an ACME CA (e.g. `https://acme.zerossl.com/v2/DV90` for ZeroSSL)
-      - Optional
-    doc: |
-      Autocert CA is the directory URL of the ACME CA to use when requesting certificates.
-
-      :::tip
-
-      This will overrule the "Autocert Use Staging" setting if set.
-
-      :::
-    shortdoc: |
-      Autocert CA is the directory URL of the ACME CA to use when requesting certificates.
-    uuid: 9a92d22d-de09-4707-bf02-f6867e312977
-  - name: Autocert Email
-    keys: [autocert_email]
-    attributes: |
-      - Environmental Variable: `AUTOCERT_EMAIL`
-      - Config File Key: `autocert_email`
-      - Type: `string` containing the email address to use when registering an account
-      - Optional
-    doc: |
-      Autocert Email is the email address to use when requesting certificates from an ACME CA.
-
-      :::tip
-
-      The CA may contact you at this address, for example when a certificate expires.
-
-      :::
-    shortdoc: |
-      Autocert Email is the email address to use when requesting certificates from an ACME CA.
-    uuid: ecc8774e-2b7e-4e9a-b87d-185f63b76102
-  - name: Autocert Must-Staple
-    keys: [autocert_must_staple]
-    attributes: |
-      - Environmental Variable: `AUTOCERT_MUST_STAPLE`
-      - Config File Key: `autocert_must_staple`
-      - Type: `bool`
-      - Optional
-    doc: |
-      If true, force autocert to request a certificate with the `status_request` extension (commonly called `Must-Staple`). This allows the TLS client (_id est_ the browser) to fail immediately if the TLS handshake doesn't include OCSP stapling information. This setting is only used when [Autocert](#autocert) is true.
-
-      :::tip
-
-      This setting will only take effect when you request or renew your certificates.
-
-      :::
-
-      For more details, please see [RFC7633](https://tools.ietf.org/html/rfc7633) .
-    uuid: 93f84bc9-c13c-4c89-a501-2f6bd87c6ef6
-  - name: Autocert Directory
-    keys: [autocert_dir]
-    attributes: |
-      - Environmental Variable: either `AUTOCERT_DIR`
-      - Config File Key: `autocert_dir`
-      - Type: `string` pointing to the path of the directory
-      - Required if using [Autocert](#autocert) setting
-      - Default:
-
-        - `/data/autocert` in published Pomerium docker images
-        - [$XDG_DATA_HOME](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html)
-        - `$HOME/.local/share/pomerium`
-    doc: |
-      Autocert directory is the path which autocert will store x509 certificate data.
-    shortdoc: |
-      Autocert directory is the path which autocert will store x509 certificate data.
-    uuid: b33862da-0d87-4ca3-a515-b34e2c4f1789
-  - name: Autocert Use Staging
-    keys: [autocert_use_staging]
-    attributes: |
-      - Environmental Variable: `AUTOCERT_USE_STAGING`
-      - Config File Key: `autocert_use_staging`
-      - Type: `bool`
-      - Optional
-    doc: |
-      Let's Encrypt has strict [usage limits](https://letsencrypt.org/docs/rate-limits/). Enabling this setting allows you to use Let's Encrypt's [staging environment](https://letsencrypt.org/docs/staging-environment/) which has much more lax usage limits.
-    shortdoc: |
-      Let's Encrypt has strict usage limits. Enabling this setting allows you to use Let's Encrypt's staging environment which has much more lax usage limits.
-    uuid: d280b0e3-631f-4376-9abe-3813ed7f8f7a
-  - name: Autocert EAB Key ID
-    keys: [autocert_eab_key_id]
-    attributes: |
-      - Environmental Variable: `AUTOCERT_EAB_KEY_ID`
-      - Config File Key: `autocert_eab_key_id`
-      - Type: `string` containing the identifier for an ACME EAB key to use
-      - Optional
-    doc: |
-      Autocert EAB Key ID is the key identifier when requesting a certificate from a CA with External Account Binding enabled.
-
-      For more information, please see [RFC8555-#7.3.4](https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.4).
-    shortdoc: |
-      Autocert EAB Key ID is the key identifier when requesting a certificate from a CA with External Account Binding enabled.
-    uuid: 9a42babb-4225-457e-8f01-1b4a729582b8
-  - name: Autocert EAB MAC Key
-    keys: [autocert_eab_mac_key]
-    attributes: |
-      - Environmental Variable: `AUTOCERT_EAB_MAC_KEY`
-      - Config File Key: `autocert_eab_mac_key`
-      - Type: `string` containing a base64url-encoded secret key
-      - Optional
-    doc: |
-      Autocert EAB MAC Key is the base64url-encoded secret key corresponding to the Autocert EAB Key ID.
-
-      This setting is required when Autocert EAB Key ID is set.
-    shortdoc: |
-      Autocert EAB MAC Key is the base64url-encoded secret key corresponding to the Autocert EAB Key ID.
-    uuid: edba2860-8db6-457f-8b8a-ce3fc9681534
-  - name: Autocert Trusted Certificate Authority
-    keys: [autocert_trusted_ca, autocert_trusted_ca_file]
-    attributes: |
-      - Environment Variable: `AUTOCERT_TRUSTED_CA` / `AUTOCERT_TRUSTED_CA_FILE`
-      - Config File Key: `autocert_trusted_ca` / `autocert_trusted_ca_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      The Autocert Trusted Certificate Authority is the x509 CA (bundle) used when communicating with a CA supporting the ACME protocol. If not set, the system trusted roots will be used to verify TLS connections to the ACME CA.
-    uuid: ba1fa5e2-e8a2-400f-aa42-aecf9acc4a1b
-  - name: Certificates
-    keys: [certificates, certificate, certificate_key, certificate_file, certificate_key_file]
-    attributes: |
-      - Config File Key: `certificates` (not yet settable using environmental variables)
-      - Config File Key: `certificate` / `certificate_key`
-      - Config File Key: `certificate_file` / `certificate_key_file`
-      - Environmental Variable: `CERTIFICATE` / `CERTIFICATE_KEY`
-      - Environmental Variable: `CERTIFICATE_FILE` / `CERTIFICATE_KEY_FILE`
-      - Type: array of relative file locations `string`
-      - Type: [base64 encoded] `string`
-      - Type: certificate relative file location `string`
-      - Required (if insecure not set)
-    doc: |
-      Certificates are the x509 _public-key_ and _private-key_ used to establish secure HTTP and gRPC connections. Any combination of the above can be used together, and are additive. You can also use any of these settings in conjunction with `Autocert` to get OCSP stapling.
-
-      Certificates loaded into Pomerium from these config values are used to attempt secure connections between end users and services, between Pomerium services, and to upstream endpoints.
-
-      For example, if specifying multiple certificates at once:
-
-      ```yaml
-      certificates:
-        - cert: "$HOME/.acme.sh/authenticate.example.com_ecc/fullchain.cer"
-          key: "$HOME/.acme.sh/authenticate.example.com_ecc/authenticate.example.com.key"
-        - cert: "$HOME/.acme.sh/verify.example.com_ecc/fullchain.cer"
-          key: "$HOME/.acme.sh/verify.example.com_ecc/verify.example.com.key"
-        - cert: "$HOME/.acme.sh/prometheus.example.com_ecc/fullchain.cer"
-          key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key"
-      ```
-
-      Or to set a single certificate and key covering multiple domains and/or a wildcard subdomain:
-
-      ```yaml
-      certificate_file: "$HOME/.acme.sh/*.example.com/fullchain.crt"
-      certificate_key:  "$HOME/.acme.sh/*.example.com/*.example.com.key"
-      ```
-
-      **Note:** Pomerium will check your system's trust/key store for valid certificates first. If your certificate solution imports into the system store, you don't need to also specify them with these configuration keys.
-    uuid: 97d1aeeb-72f5-4b78-998c-9408b97f5f54
-  - name: Client Certificate Authority
-    keys: [client_ca, client_ca_file]
-    attributes: |
-      - Environment Variable: `CLIENT_CA` / `CLIENT_CA_FILE`
-      - Config File Key: `client_ca` / `client_ca_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      The Client Certificate Authority is the x509 _public-key_ used to validate [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) client certificates. If not set, no client certificate will be required.
-    uuid: eda58b12-b5f6-4937-a0d5-9c059937d471
-  - name: Client CRL
-    keys: [client_crl, client_crl_file]
-    attributes: |
-      - Environment Variable: `CLIENT_CRL` / `CLIENT_CRL_FILE`
-      - Config File Key: `client_crl` / `client_crl_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      The Client CRL is the [certificate revocation list](https://en.wikipedia.org/wiki/Certificate_revocation_list)
-      (in PEM format) for client certificates. If not set, no CRL will be used.
-    uuid: 5839be2a-919b-4be6-bc4d-c95d60002606
-  - name: Cookie Options
-    settings:
-    - name: Cookie Name
-      keys: [cookie_name]
-      attributes: |
-        - Environmental Variable: `COOKIE_NAME`
-        - Config File Key: `cookie_name`
-        - Type: `string`
-        - Default: `_pomerium`
-      doc: |
-        The name of the session cookie sent to clients.
-      shortdoc: |
-        The name of the session cookie sent to clients.
-      uuid: 5d1b9f7d-0378-4969-b95a-c80ffce641f4
-    - name: Cookie Secret
-      keys: [cookie_secret]
-      attributes: |
-        - Environmental Variable: `COOKIE_SECRET`
-        - Config File Key: `cookie_secret`
-        - Type: [base64 encoded] `string`
-        - Required for Proxy service
-      doc: |
-        Secret used to encrypt and sign session cookies. You can generate a random key with `head -c32 /dev/urandom | base64`.
-      shortdoc: |
-        Secret used to encrypt and sign session cookies.
-      uuid: 1f96ae07-2d02-4010-9c5b-dc3b641e1b97
-    - name: Cookie Domain
-      keys: [cookie_domain]
-      attributes: |
-        - Environmental Variable: `COOKIE_DOMAIN`
-        - Config File Key: `cookie_domain`
-        - Type: `string`
-        - Example: `localhost.pomerium.io`
-        - Optional
-      doc: |
-        The scope of session cookies issued by Pomerium.
-      shortdoc: |
-        The scope of session cookies issued by Pomerium.
-      uuid: 090e1333-e489-4bf5-b652-721e7682c5ab
-    - name: HTTPS only
-      keys: [cookie_secure]
-      attributes: |
-        - Environmental Variable: `COOKIE_SECURE`
-        - Config File Key: `cookie_secure`
-        - Type: `bool`
-        - Default: `true`
-      doc: |
-        If true, instructs browsers to only send user session cookies over HTTPS.
-
-        :::warning
-
-        Setting this to false may result in session cookies being sent in cleartext.
-
-        :::
-      shortdoc: |
-        If true, instructs browsers to only send user session cookies over HTTPS.
-      uuid: 8d90e462-1853-48bc-a7bf-3a45509bfef7
-    - name: Javascript Security
-      keys: [cookie_http_only]
-      attributes: |
-        - Environmental Variable: `COOKIE_HTTP_ONLY`
-        - Config File Key: `cookie_http_only`
-        - Type: `bool`
-        - Default: `true`
-      doc: |
-        If true, prevents javascript in browsers from reading user session cookies.
-
-        :::warning
-
-        Setting this to false enables hostile javascript to steal session cookies and impersonate users.
-
-        :::
-      shortdoc: |
-        If true, prevents javascript in browsers from reading user session cookies.
-      uuid: 1ab6ff2e-e162-47f4-adeb-6d3b289f2966
-    - name: Expiration
-      keys: [cookie_expire]
-      attributes: |
-        - Environmental Variable: `COOKIE_EXPIRE`
-        - Config File Key: `cookie_expire`
-        - Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-        - Default: `14h`
-      doc: |
-        Sets the lifetime of session cookies. After this interval, users must reauthenticate.
-      shortdoc: |
-        Sets the lifetime of session cookies. After this interval, users must reauthenticate.
-      uuid: 4e69fd9b-fc3d-401d-8aae-b467192bec9d
-    uuid: 589c264c-670a-4f69-9ad1-e580fc476999
-  - name: Data Broker Service URL
-    keys: [databroker_service_url]
-    attributes: |
-      - Environmental Variable: `DATABROKER_SERVICE_URL` or `DATABROKER_SERVICE_URLS`
-      - Config File Key: `databroker_service_url` or `databroker_service_urls`
-      - Type: `URL`
-      - Example: `https://databroker.corp.example.com`
-      - Default: in all-in-one mode, `http://localhost:5443`
-    doc: |
-      The data broker service URL points to a data broker which is responsible for storing associated authorization context (e.g. sessions, users and user groups). Multiple URLs can be specified with `databroker_service_urls`.
-    uuid: 7cb15ca2-503e-4510-8c1d-9ed47b8e547e
-  - name: Debug
-    keys: [pomerium_debug]
-    attributes: |
-      - Environmental Variable: `POMERIUM_DEBUG`
-      - Config File Key: `pomerium_debug`
-      - Type: `bool`
-      - Default: `false`
-    doc: |
-      ::: danger
-
-      Enabling the debug flag could result in sensitive information being logged!!!
-
-      :::
-
-      By default, JSON encoded logs are produced. Debug enables colored, human-readable logs to be streamed to [standard out](https://en.wikipedia.org/wiki/Standard_streams#Standard_output_(stdout)>>>). In production, it is recommended to be set to `false`.
-
-      For example, if `true`
-
-      ```
-      10:37AM INF cmd/pomerium version=v0.0.1-dirty+ede4124
-      10:37AM INF proxy: new route from=verify.localhost.pomerium.io to=https://verify.pomerium.com
-      10:37AM INF proxy: new route from=ssl.localhost.pomerium.io to=http://neverssl.com
-      10:37AM INF proxy/authenticator: grpc connection OverrideCertificateName= addr=auth.localhost.pomerium.io:443
-      ```
-
-      If `false`
-
-      ```
-      {"level":"info","version":"v0.0.1-dirty+ede4124","time":"2019-02-18T10:41:03-08:00","message":"cmd/pomerium"}
-      {"level":"info","from":"verify.localhost.pomerium.io","to":"https://verify.pomerium.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
-      {"level":"info","from":"ssl.localhost.pomerium.io","to":"http://neverssl.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
-      {"level":"info","OverrideCertificateName":"","addr":"auth.localhost.pomerium.io:443","time":"2019-02-18T10:41:03-08:00","message":"proxy/authenticator: grpc connection"}
-      ```
-    shortdoc: |
-      Debug enables colored, human-readable logs to be streamed to standard out.
-    uuid: 1b7bd6a8-b204-4e5d-a6c3-a6287e080330
-  - name: Forward Auth
-    keys: [forward_auth_url]
-    attributes: |
-      - Environmental Variable: `FORWARD_AUTH_URL`
-      - Config File Key: `forward_auth_url`
-      - Type: `URL` (must contain a scheme and hostname)
-      - Example: `https://forwardauth.corp.example.com`
-      - Resulting Verification URL: `https://forwardauth.corp.example.com/?uri={URL-TO-VERIFY}`
-      - Optional
-    doc: |
-      Forward authentication creates an endpoint that can be used with third-party proxies that do not have rich access control capabilities ([nginx](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html), [nginx-ingress](https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/), [ambassador](https://www.getambassador.io/reference/services/auth-service/), [traefik](https://docs.traefik.io/middlewares/forwardauth/)). Forward authentication allows you to delegate authentication and authorization for each request to Pomerium.
-
-      #### Request flow
-
-      ![pomerium forward auth request flow](./img/auth-flow-diagram.svg)
-
-      #### Examples
-
-      ##### NGINX Ingress
-
-      Some reverse-proxies, such as nginx split access control flow into two parts: verification and sign-in redirection. Notice the additional path `/verify` used for `auth-url` indicating to Pomerium that it should return a `401` instead of redirecting and starting the sign-in process.
-
-      ```yaml
-      apiVersion: extensions/v1beta1
-      kind: Ingress
-      metadata:
-        name: verify
-        annotations:
-          kubernetes.io/ingress.class: "nginx"
-          certmanager.k8s.io/issuer: "letsencrypt-prod"
-          nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/verify?uri=$scheme://$host$request_uri
-          nginx.ingress.kubernetes.io/auth-signin: "https://forwardauth.corp.example.com/?uri=$scheme://$host$request_uri"
-      spec:
-        tls:
-          - hosts:
-              - verify.corp.example.com
-            secretName: quickstart-example-tls
-        rules:
-          - host: verify.corp.example.com
-            http:
-              paths:
-                - path: /
-                  backend:
-                    serviceName: verify
-                    servicePort: 80
-      ```
-
-      #### Traefik docker-compose
-
-      If the `forward_auth_url` is also handled by Traefik, you will need to configure Traefik to trust the `X-Forwarded-*` headers as described in [the documentation](https://docs.traefik.io/v2.2/routing/entrypoints/#forwarded-headers).
-
-      ```yml
-      version: "3"
-
-      services:
-        traefik:
-          # The official v2.2 Traefik docker image
-          image: traefik:v2.2
-          # Enables the web UI and tells Traefik to listen to docker
-          command:
-            - "--api.insecure=true"
-            - "--providers.docker=true"
-            - "--entrypoints.web.address=:80"
-            - "--entrypoints.web.forwardedheaders.insecure=true"
-          ports:
-            # The HTTP port
-            - "80:80"
-            # The Web UI (enabled by --api.insecure=true)
-            - "8080:8080"
-          volumes:
-            # So that Traefik can listen to the Docker events
-            - /var/run/docker.sock:/var/run/docker.sock
-        verify:
-          # A container that exposes an API to show its IP address
-          image: pomerium/verify:latest
-          labels:
-            - "traefik.http.routers.verify.rule=Host(`verify.corp.example.com`)"
-            # Create a middleware named `foo-add-prefix`
-            - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=x-pomerium-claim-email,x-pomerium-claim-id,x-pomerium-claim-groups,x-pomerium-jwt-assertion"
-            - "traefik.http.middlewares.test-auth.forwardauth.address=http://forwardauth.corp.example.com/?uri=https://verify.corp.example.com"
-            - "traefik.http.routers.verify.middlewares=test-auth@docker"
-      ```
-    shortdoc: |
-      Forward authentication creates an endpoint that can be used with third-party proxies.
-    uuid: 8ace2fb5-c457-4ca6-bfb2-e59cd8b03f89
-  - name: Global Timeouts
-    keys: [timeout_read, timeout_write, timeout_idle]
-    attributes: |
-      - Environmental Variables: `TIMEOUT_READ` `TIMEOUT_WRITE` `TIMEOUT_IDLE`
-      - Config File Key: `timeout_read` `timeout_write` `timeout_idle`
-      - Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-      - Example: `TIMEOUT_READ=30s`
-      - Defaults: `TIMEOUT_READ=30s` `TIMEOUT_WRITE=0` `TIMEOUT_IDLE=5m`
-    doc: |
-      Timeouts set the global server timeouts. Timeouts can also be set for individual [routes](#routes).
-
-      - `idle_timeout`: The idle timeout is the time at which a downstream or upstream connection will be terminated if there are no active streams.
-      - `write_timeout`: The max stream duration is the maximum time that a stream’s lifetime will span. An HTTP request/response exchange fully consumes a single stream.
-        Therefore, this value must be greater than read_timeout as it covers both request and response time.
-      - `read_timeout`: The amount of time for the entire request stream to be received from the client.
-    shortdoc: |
-      Timeouts set the global server timeouts. Timeouts can also be set for individual routes.
-    uuid: 580fc2c4-3c1c-4def-b0b2-ef8387bc2362
-  - name: GRPC Options
-    settings:
-    - name: GRPC Address
-      keys: [grpc_address]
-      attributes: |
-        - Environmental Variable: `GRPC_ADDRESS`
-        - Config File Key: `grpc_address`
-        - Type: `string`
-        - Example: `:443`, `:8443`
-        - Default: `:443` or `:5443` if in all-in-one mode
-      doc: |
-        gRPC Address specifies the host and port to serve gRPC requests from.
-      shortdoc: |
-        Address specifies the host and port to serve GRPC requests from.
-      uuid: b37f3393-bc18-4f91-bf19-94d00dcfd1dc
-    - name: GRPC Insecure
-      keys: [grpc_insecure]
-      attributes: |
-        - Environmental Variable: `GRPC_INSECURE`
-        - Config File Key: `grpc_insecure`
-        - Type: `bool`
-      doc: |
-        This setting disables transport security for gRPC communication. If running in all-in-one mode, defaults to true as communication will run over localhost's own socket.
-      shortdoc: |
-        If set, GRPC Insecure disables transport security for communication between the proxy and authorize components.
-      uuid: c3cf821f-f2d6-4f8a-b7d5-242ab2bd3e64
-    - name: GRPC Client Timeout
-      keys: [grpc_client_timeout]
-      attributes: |
-        - Environmental Variable: `GRPC_CLIENT_TIMEOUT`
-        - Config File Key: `grpc_client_timeout`
-        - Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-        - Default: `10s`
-      doc: |
-        Maximum time before canceling an upstream gRPC request. During transient failures, the proxy will retry upstreams for this duration. You should leave this high enough to handle backend service restart and rediscovery so that client requests do not fail.
-      uuid: 1525571a-ea43-4b96-9c77-f73d9c8858f6
-    - name: GRPC Client DNS RoundRobin
-      keys: [grpc_client_dns_roundrobin]
-      attributes: |
-        - Environmental Variable: `GRPC_CLIENT_DNS_ROUNDROBIN`
-        - Config File Key: `grpc_client_dns_roundrobin`
-        - Type: `bool`
-        - Default: `true`
-      doc: |
-        Enable gRPC DNS based round robin load balancing. This method uses DNS to resolve endpoints and does client side load balancing of _all_ addresses returned by the DNS record. Do not disable unless you have a specific use case.
-      uuid: 9d0fa560-39c6-4bff-a3ae-68236dcf36e0
-    uuid: 0c83057d-9925-4686-9f6b-73a082eb8ea3
-  - name: HTTP Redirect Address
-    keys: [http_redirect_addr]
-    attributes: |
-      - Environmental Variable: `HTTP_REDIRECT_ADDR`
-      - Config File Key: `http_redirect_addr`
-      - Type: `string`
-      - Example: `:80`, `:8080`
-      - Optional
-    doc: |
-      If set, the HTTP Redirect Address specifies the host and port to redirect http to https traffic on. If unset, no redirect server is started.
-    shortdoc: |
-      If set, the HTTP Redirect Address specifies the host and port to redirect http to https traffic on.
-    uuid: d5739f39-cce4-4df9-9354-c000d0105f5f
-  - name: Insecure Server
-    keys: [insecure_server]
-    attributes: |
-      - Environmental Variable: `INSECURE_SERVER`
-      - Config File Key: `insecure_server`
-      - Type: `bool`
-      - Required if certificates unset
-    doc: |
-      Turning on insecure server mode will result in pomerium starting, and operating without any protocol encryption in transit.
-
-      This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA. Please see our helm-chart for an example of just that.
-
-      :::warning
-
-      Pomerium should _never_ be exposed to the internet without TLS encryption.
-
-      :::
-    shortdoc: |
-      Turning on insecure server mode will result in pomerium starting, and operating without any protocol encryption in transit.
-    uuid: c8bc545c-49a1-4a62-a13b-d4fdadf0f136
-  - name: DNS Lookup Family
-    keys: [dns_lookup_family]
-    attributes: |
-      - Environmental Variable: `DNS_LOOKUP_FAMILY`
-      - Config File Key: `dns_lookup_family`
-      - Type: `string`
-      - Options: `V4_ONLY` `V6_ONLY` `AUTO`
-      - Optional
-    doc: |
-      The DNS IP address resolution policy. If not specified, the value defaults to `AUTO`.
-    shortdoc: |
-      The DNS IP address resolution policy.
-    uuid: c1ac06cd-da27-4920-b482-3de69b1736a2
-  - name: Log Level
-    keys: [log_level]
-    attributes: |
-      - Environmental Variable: `LOG_LEVEL`
-      - Config File Key: `log_level`
-      - Type: `string`
-      - Options: `debug` `info` `warn` `error`
-      - Default: `debug`
-    doc: |
-      Log level sets the global logging level for pomerium. Only logs of the desired level and above will be logged.
-    shortdoc: |
-      Log level sets the global logging level for pomerium.
-    uuid: 5a13be8f-5526-4bac-88b3-d018925e2569
-  - name: Metrics Address
-    keys: [metrics_address]
-    attributes: |
-      - Environmental Variable: `METRICS_ADDRESS`
-      - Config File Key: `metrics_address`
-      - Type: `string`
-      - Example: `:9090`, `127.0.0.1:9090`
-      - Default: `disabled`
-      - Optional
-    doc: |
-      Expose a prometheus endpoint on the specified port.
-
-      :::warning
-
-      **Use with caution:** the endpoint can expose frontend and backend server names or addresses. Do not externally expose the metrics if this is sensitive information.
-
-      :::
-
-      #### Pomerium Metrics Tracked
-
-      Each metric exposed by Pomerium has a `pomerium` prefix, which is omitted in the table below for brevity.
-
-      Name                                          | Type      | Description
-      --------------------------------------------- | --------- | -----------------------------------------------------------------------
-      build_info                                    | Gauge     | Pomerium build metadata by git revision, service, version and goversion
-      config_checksum_int64                         | Gauge     | Currently loaded configuration checksum by service
-      config_last_reload_success                    | Gauge     | Whether the last configuration reload succeeded by service
-      config_last_reload_success_timestamp          | Gauge     | The timestamp of the last successful configuration reload by service
-      grpc_client_request_duration_ms               | Histogram | GRPC client request duration by service
-      grpc_client_request_size_bytes                | Histogram | GRPC client request size by service
-      grpc_client_requests_total                    | Counter   | Total GRPC client requests made by service
-      grpc_client_response_size_bytes               | Histogram | GRPC client response size by service
-      grpc_server_request_duration_ms               | Histogram | GRPC server request duration by service
-      grpc_server_request_size_bytes                | Histogram | GRPC server request size by service
-      grpc_server_requests_total                    | Counter   | Total GRPC server requests made by service
-      grpc_server_response_size_bytes               | Histogram | GRPC server response size by service
-      http_client_request_duration_ms               | Histogram | HTTP client request duration by service
-      http_client_request_size_bytes                | Histogram | HTTP client request size by service
-      http_client_requests_total                    | Counter   | Total HTTP client requests made by service
-      http_client_response_size_bytes               | Histogram | HTTP client response size by service
-      http_server_request_duration_ms               | Histogram | HTTP server request duration by service
-      http_server_request_size_bytes                | Histogram | HTTP server request size by service
-      http_server_requests_total                    | Counter   | Total HTTP server requests handled by service
-      http_server_response_size_bytes               | Histogram | HTTP server response size by service
-      redis_conns                                   | Gauge     | Number of total connections in the pool
-      redis_idle_conns                              | Gauge     | Total number of times free connection was found in the pool
-      redis_wait_count_total                        | Counter   | Total number of connections waited for
-      redis_wait_duration_ms_total                  | Counter   | Total time spent waiting for connections
-      storage_operation_duration_ms                 | Histogram | Storage operation duration by operation, result, backend and service
-
-      #### Identity Manager
-
-      Identity manager metrics have `pomerium_identity_manager` prefix.
-
-      Name                                          | Type      | Description
-      --------------------------------------------- | --------- | -----------------------------------------------------------------------
-      last_refresh_timestamp                        | Gauge     | Timestamp of last directory refresh operation.
-      session_refresh_error_timestamp               | Gauge     | Timestamp of last session refresh ended in an error.
-      session_refresh_errors                        | Counter   | Session refresh error counter.
-      session_refresh_success                       | Counter   | Session refresh success counter.
-      session_refresh_success_timestamp             | Gauge     | Timestamp of last successful session refresh.
-      user_group_refresh_error_timestamp            | Gauge     | Timestamp of last user group refresh ended in an error.
-      user_group_refresh_errors                     | Counter   | User group refresh error counter.
-      user_group_refresh_success                    | Counter   | User group refresh success counter.
-      user_group_refresh_success_timestamp          | Gauge     | Timestamp of last group successful user refresh.
-      user_refresh_error_timestamp                  | Gauge     | Timestamp of last user refresh ended in an error.
-      user_refresh_errors                           | Counter   | User refresh error counter.
-      user_refresh_success                          | Counter   | User refresh success counter.
-      user_refresh_success_timestamp                | Gauge     | Timestamp of last successful user refresh.
-
-      #### Envoy Proxy Metrics
-
-      As of `v0.9`, Pomerium uses [envoy](https://www.envoyproxy.io/) for the data plane. As such, proxy related metrics are sourced from envoy, and use envoy's internal [stats data model](https://www.envoyproxy.io/docs/envoy/latest/operations/stats_overview). Please see Envoy's documentation for information about specific metrics.
-
-      All metrics coming from envoy will be labeled with `service="pomerium"` or `service="pomerium-proxy"`, depending if you're running all-in-one or distributed service mode and have `pomerium` prefix added to the standard envoy metric name.
-    shortdoc: |
-      Expose a prometheus format HTTP endpoint on the specified port.
-    uuid: c3d87004-af01-4667-9aaa-b5e0d4ae08ac
-  - name: Metrics Basic Authentication
-    keys: [metrics_basic_auth]
-    attributes: |
-      - Environmental Variable: `METRICS_BASIC_AUTH`
-      - Config File Key: `metrics_basic_auth`
-      - Type: base64 encoded `string` of `username:password`
-      - Example: `eDp5` (for username: x, and password: y)
-      - Default: ``
-      - Optional
-    doc: |
-      Require [Basic HTTP Authentication](https://tools.ietf.org/html/rfc7617) to access the metrics endpoint.
-
-      To support this in Prometheus, consult the `basic_auth` option in the [`scrape_config`](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config)
-      documentation.
-    uuid: 5f33f57f-74ae-4374-95e3-aff0200438d3
-  - name: Metrics Certificate
-    keys: [metrics_certificate, metrics_certificate_key, metrics_certificate_file,
-      metrics_certificate_key_file]
-    attributes: |
-      - Config File Key: `metrics_certificate` / `metrics_certificate_key`
-      - Config File Key: `metrics_certificate_file` / `metrics_certificate_key_file`
-      - Environmental Variable: `METRICS_CERTIFICATE` / `METRICS_CERTIFICATE_KEY`
-      - Environmental Variable: `METRICS_CERTIFICATE_FILE` / `METRICS_CERTIFICATE_KEY_FILE`
-      - Type: [base64 encoded] `string`
-      - Type: certificate relative file location `string`
-      - Optional
-    doc: |
-      Certificates are the x509 _public-key_ and _private-key_ used to secure the metrics endpoint.
-    uuid: 207cdd33-372a-434c-896f-1bb54bebfffc
-  - name: Metrics Client Certificate Authority
-    keys: [metrics_client_ca, metrics_client_ca_file]
-    attributes: |
-      - Environment Variable: `METRICS_CLIENT_CA` / `METRICS_CLIENT_CA_FILE`
-      - Config File Key: `metrics_client_ca` / `metrics_client_ca_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      The Client Certificate Authority is the x509 _public-key_ used to validate [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) client certificates for the metrics endpoint. If not set, no client certificate will be required.
-    uuid: 3088ec5a-87d7-4d03-8a16-d53989ec8e92
-  - name: Proxy Log Level
-    keys: [proxy_log_level]
-    attributes: |
-      - Environmental Variable: `PROXY_LOG_LEVEL`
-      - Config File Key: `proxy_log_level`
-      - Type: `string`
-      - Options: `debug` `info` `warn` `error`
-      - Default: value of `log_level` or `debug` if both are unset
-    doc: |
-      Proxy log level sets the logging level for the Pomerium Proxy service access logs. Only logs of the desired level and above will be logged.
-    shortdoc: |
-      Log level sets the logging level for the Pomerium Proxy service.
-    uuid: 04682198-1236-46eb-bd0e-762e26ff5714
-  - name: Service Mode
-    keys: [services]
-    attributes: |
-      - Environmental Variable: `SERVICES`
-      - Config File Key: `services`
-      - Type: `string`
-      - Default: `all`
-      - Options: `all` `authenticate` `authorize` `databroker` or `proxy`
-    doc: |
-      Service mode sets which service(s) to run. If testing, you may want to set to `all` and run pomerium in "all-in-one mode." In production, you'll likely want to spin up several instances of each service mode for high availability.
-    shortdoc: |
-      Service mode sets the pomerium service(s) to run.
-    uuid: 7b82ddb0-5076-4c6d-9150-fb727551b43c
-  - name: Shared Secret
-    keys: [shared_secret]
-    attributes: |
-      - Environmental Variable: `SHARED_SECRET`
-      - Config File Key: `shared_secret`
-      - Type: [base64 encoded] `string`
-      - Required
-    doc: |
-      Shared Secret is the base64 encoded 256-bit key used to mutually authenticate requests between services. It's critical that secret keys are random, and stored safely. Use a key management system or `/dev/urandom` to generate a key. For example:
-
-      ```
-      head -c32 /dev/urandom | base64
-      ```
-    shortdoc: |
-      Shared Secret is the base64 encoded 256-bit key used to mutually authenticate requests between services.
-    uuid: fb7b8426-ad1d-4ee7-b0fe-b00652764f2e
-  - name: Tracing
-    keys: [tracing_provider, tracing_sample_rate, tracing_datadog_address, tracing_jaeger_collector_endpoint,
-      tracing_jaeger_agent_endpoint, tracing_zipkin_endpoint]
-    doc: |
-      Tracing tracks the progression of a single user request as it is handled by Pomerium.
-
-      Each unit of work is called a Span in a trace. Spans include metadata about the work, including the time spent in the step (latency), status, time events, attributes, links. You can use tracing to debug errors and latency issues in your applications, including in downstream connections.
-
-      #### Shared Tracing Settings
-
-      Config Key          | Description                                                                          | Required
-      :------------------ | :----------------------------------------------------------------------------------- | --------
-      tracing_provider    | The name of the tracing provider. (e.g. jaeger, zipkin)                              | ✅
-      tracing_sample_rate | Percentage of requests to sample in decimal notation. Default is `0.0001`, or .01%   | ❌
-
-      #### Datadog
-
-      Datadog is a real-time monitoring system that supports distributed tracing and monitoring.
-
-      Config Key              | Description                                                                  | Required
-      :---------------------- | :--------------------------------------------------------------------------- | --------
-      tracing_datadog_address | `host:port` address of the Datadog Trace Agent. Defaults to `localhost:8126` | ❌
-
-      #### Jaeger (partial)
-
-      **Warning** At this time, Jaeger protocol does not capture spans inside the Proxy service. Please use Zipkin protocol with Jaeger for full support.
-
-      [Jaeger](https://www.jaegertracing.io/) is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems, including:
-
-      - Distributed context propagation
-      - Distributed transaction monitoring
-      - Root cause analysis
-      - Service dependency analysis
-      - Performance / latency optimization
-
-      Config Key                        | Description                                 | Required
-      :-------------------------------- | :------------------------------------------ | --------
-      tracing_jaeger_collector_endpoint | Url to the Jaeger HTTP Thrift collector.    | ✅
-      tracing_jaeger_agent_endpoint     | Send spans to jaeger-agent at this address. | ✅
-
-      #### Zipkin
-
-      Zipkin is an open source distributed tracing system and protocol.
-
-      Many tracing backends support zipkin either directly or through intermediary agents, including Jaeger. For full tracing support, we recommend using the Zipkin tracing protocol.
-
-      Config Key              | Description                      | Required
-      :---------------------- | :------------------------------- | --------
-      tracing_zipkin_endpoint | Url to the Zipkin HTTP endpoint. | ✅
-
-      #### Example
-
-      ![jaeger example trace](./img/jaeger.png)
-    uuid: 04f2244d-8b30-497c-a380-93a60cefded5
-  - name: Use Proxy Protocol
-    keys: [use_proxy_protocol]
-    attributes: |
-      - Environment Variable: `USE_PROXY_PROTOCOL`
-      - Config File Key: `use_proxy_protocol`
-      - Type: `bool`
-      - Optional
-    doc: |
-      Setting `use_proxy_protocol` will configure Pomerium to require the [HAProxy proxy protocol](https://www.haproxy.org/download/1.9/doc/proxy-protocol.txt) on incoming connections. Versions 1 and 2 of the protocol are supported.
-    uuid: 02e05cf0-ee81-4710-9266-1db26bf1a04d
-  - name: Envoy Bootstrap Options
-    keys: [envoy_admin_address, envoy_admin_access_log_path, envoy_admin_profile_path,
-      envoy_bind_config_freebind, envoy_bind_config_source_address]
-    attributes: |
-      - Environment Variable: `ENVOY_ADMIN_ADDRESS`, `ENVOY_ADMIN_ACCESS_LOG_PATH`, `ENVOY_ADMIN_PROFILE_PATH`, `ENVOY_BIND_CONFIG_FREEBIND`, `ENVOY_BIND_CONFIG_SOURCE_ADDRESS`
-      - Config File Keys: `envoy_admin_address`, `envoy_admin_access_log_path`, `envoy_admin_profile_path`, `envoy_bind_config_freebind`, `envoy_bind_config_source_address`
-      - Type: `string`
-      - Optional
-    doc: |
-      The `envoy_admin` keys customize Envoy's [bootstrap configuration](https://www.envoyproxy.io/docs/envoy/latest/operations/admin#operations-admin-interface). The `envoy_bind_config` keys modify the [ClusterManager](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto.html#config-bootstrap-v3-clustermanager) configuration. These options cannot be modified at runtime.
-    uuid: 0894dd9b-1e9b-4f0e-9a39-ae0971cd621e
-  uuid: f7807d34-b268-4c7c-8a7f-f579993385ec
-- name: Authenticate Service
-  settings:
-  - name: Authenticate Callback Path
-    keys: [authenticate_callback_path]
-    attributes: |
-      - Environmental Variable: `AUTHENTICATE_CALLBACK_PATH`
-      - Config File Key: `authenticate_callback_path`
-      - Type: `string`
-      - Default: `/oauth2/callback`
-      - Optional
-    doc: |
-      Authenticate callback path sets the path at which the authenticate service receives callback responses from your identity provider. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client.
-
-      This value is referred to as the `redirect_url` in the [OpenIDConnect][oidc rfc] and OAuth2 specs.
-
-      See also:
-
-      - [OAuth2 RFC 6749](https://tools.ietf.org/html/rfc6749#section-3.1.2)
-      - [OIDC Spec][oidc rfc]
-      - [Google - Setting Redirect URI](https://developers.google.com/identity/protocols/OpenIDConnect#setredirecturi)
-    shortdoc: |
-      The authenticate callback path is the path/url from the authenticate service that will receive the response from your identity provider.
-    uuid: 5043c2c6-6241-4557-8474-3547448f3e07
-  - name: Authenticate Internal Service URL
-    keys: [authenticate_internal_service_url]
-    attributes: |
-      - Environmental Variable: `AUTHENTICATE_INTERNAL_SERVICE_URL`
-      - Config File Key: `authenticate_internal_service_url`
-      - Type: `URL`
-      - Required
-      - Example: `https://authenticate.internal`
-    short: |
-      Authenticate Service URL is the internally accessible URL for the authenticate service.
-    doc: |
-      Authenticate Internal Service URL overrides `authenticate_service_url` when determining the TLS certificate and hostname for the authenticate service to listen with.
-    uuid: 5cd8376e-20f3-42b0-a7ab-e9bd28d6d766
-  - name: Identity Provider Client ID
-    keys: [idp_client_id]
-    attributes: |
-      - Environmental Variable: `IDP_CLIENT_ID`
-      - Config File Key: `idp_client_id`
-      - Type: `string`
-      - Required
-    doc: |
-      Client ID is the OAuth 2.0 Client Identifier retrieved from your identity provider. See your identity provider's documentation, and our [identity provider] docs for details.
-    shortdoc: |
-      Client ID is the OAuth 2.0 Client Identifier retrieved from your identity provider.
-    uuid: 35410d07-be0e-482e-a131-22ec7908a41b
-  - name: Identity Provider Client Secret
-    keys: [idp_client_secret]
-    attributes: |
-      - Environmental Variable: `IDP_CLIENT_SECRET`
-      - Config File Key: `idp_client_secret`
-      - Type: `string`
-      - Required
-    doc: |
-      Client Secret is the OAuth 2.0 Secret Identifier retrieved from your identity provider. See your identity provider's documentation, and our [identity provider] docs for details.
-    shortdoc: |
-      Client Secret is the OAuth 2.0 Secret Identifier retrieved from your identity provider.
-    uuid: e3c0b866-e26e-4b93-b1ed-a6d99217f06c
-  - name: Identity Provider Name
-    keys: [idp_provider]
-    attributes: |
-      - Environmental Variable: `IDP_PROVIDER`
-      - Config File Key: `idp_provider`
-      - Type: `string`
-      - Required
-      - Options: `auth0` `azure` `google` `okta` `onelogin` or `oidc`
-    doc: |
-      Provider is the short-hand name of a built-in OpenID Connect (oidc) identity provider to be used for authentication. To use a generic provider,set to `oidc`.
-
-      See [identity provider] for details.
-    shortdoc: |
-      Provider is the short-hand name of a built-in OpenID Connect (oidc) identity provider to be used for authentication.
-    uuid: dc2e3398-6073-406e-a631-25f5a9ce2540
-  - name: Identity Provider Scopes
-    keys: [idp_scopes]
-    attributes: |
-      - Environmental Variable: `IDP_SCOPES`
-      - Config File Key: `idp_scopes`
-      - Type: list of `string`
-      - Default: `oidc`,`profile`, `email`, `offline_access` (typically)
-      - Optional for built-in identity providers.
-    doc: |
-      Identity provider scopes correspond to access privilege scopes as defined in Section 3.3 of OAuth 2.0 RFC6749\. The scopes associated with Access Tokens determine what resources will be available when they are used to access OAuth 2.0 protected endpoints.
-
-      :::warning
-
-      If you are using a built-in provider, you probably don't want to set customized scopes.
-
-      :::
-
-      :::warning
-
-      Some providers, like Amazon Cognito, _do not_ support the `offline_access` scope.
-
-      :::
-
-    shortdoc: |
-      Identity provider scopes correspond to access privilege scopes as defined in Section 33 of OAuth 20 RFC6749.
-    uuid: 376226b7-439c-47e7-84a2-4ec0ccf39300
-  - name: Identity Provider Service Account
-    keys: [idp_service_account]
-    attributes: |
-      - Environmental Variable: `IDP_SERVICE_ACCOUNT`
-      - Config File Key: `idp_service_account`
-      - Type: `string`
-      - **Required** for group based policies (most configurations)
-    doc: |
-      The identity provider service account setting is used to query associated identity information from your identity provider.  This is a provider specific value and is not required for all providers.  For example, when using Okta this value will be an Okta API key, and for an OIDC provider that provides groups as a claim, this value will be empty.
-
-      :::warning
-
-      If you plan to write authorization policies using groups, or any other data that exists in your identity provider's directory service, this setting is **mandatory**.
-
-      :::
-    shortdoc: |
-      Identity Provider Service Account is field used to configure any additional user account or access-token that may be required for querying additional user information during authentication.
-    uuid: 3e6abe90-87e1-4da7-8d73-5c6d4b6d62e2
-  - name: Identity Provider URL
-    keys: [idp_provider_url]
-    attributes: |
-      - Environmental Variable: `IDP_PROVIDER_URL`
-      - Config File Key: `idp_provider_url`
-      - Type: `string`
-      - Required, depending on provider (Do not use with Google).
-    doc: |
-      Provider URL is the base path to an identity provider's [OpenID connect discovery document](https://openid.net/specs/openid-connect-discovery-1_0.html). An example Azure URL would be `https://login.microsoftonline.com/common/v2.0` for [their discover document](https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration).
-
-      "Base path" is defined as the section of the URL to the discovery document up to (but not including) `/.well-known/openid-configuration`.
-    shortdoc: |
-      Provider URL is the base path to an identity provider's OpenID connect discovery document.
-    uuid: c0323ebb-b70c-481d-aba4-b6790fd0ef02
-  - name: Identity Provider Request Params
-    keys: [idp_request_params]
-    attributes: |
-      - Environmental Variable: `IDP_REQUEST_PARAMS`
-      - Config File Key: `idp_request_params`
-      - Type: map of `strings` key value pairs
-      - Optional
-    doc: |
-      Request parameters to be added as part of a signin request using OAuth2 code flow.
-
-      For more information see:
-
-      - [OIDC Request Parameters](https://openid.net/specs/openid-connect-basic-1_0.html#RequestParameters)
-      - [IANA OAuth Parameters](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml)
-      - [Microsoft Azure Request params](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code)
-      - [Google Authentication URI parameters](https://developers.google.com/identity/protocols/oauth2/openid-connect)
-    shortdoc: |
-      Headers specifies a mapping of HTTP Header to be added to proxied  requests. Nota bene Downstream application headers will be overwritten by Pomerium's headers on conflict.
-    uuid: 7644a1bc-7d83-43e6-a13c-e89c21f24937
-  - name: Identity Provider Refresh Directory Settings
-    keys: [idp_refresh_directory_interval, idp_refresh_directory_timeout]
-    attributes: |
-      - Environmental Variables: `IDP_REFRESH_DIRECTORY_INTERVAL` `IDP_REFRESH_DIRECTORY_TIMEOUT`
-      - Config File Key: `idp_refresh_directory_interval` `idp_refresh_directory_timeout`
-      - Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-      - Example: `IDP_REFRESH_DIRECTORY_INTERVAL=30m`
-      - Defaults: `IDP_REFRESH_DIRECTORY_INTERVAL=10m` `IDP_REFRESH_DIRECTORY_TIMEOUT=1m`
-    doc: |
-      Refresh directory interval is the time that pomerium will sync your IDP diretory, while refresh directory timeout is the maximum time allowed each run.
-
-      :::warning
-
-      Use it at your own risk, if you set a too low value, you may reach IDP API rate limit.
-
-      :::
-    uuid: 5894092d-b5de-4f42-83c1-961c6592b39f
-  uuid: dac3da93-b5f2-4bd7-9bfd-9985818005d5
-- name: Proxy Service
-  settings:
-  - name: Authorize Service URL
-    keys: [authorize_service_url]
-    attributes: |
-      - Environmental Variable: `AUTHORIZE_SERVICE_URL or `AUTHORIZE_SERVICE_URLS`
-      - Config File Key: `authorize_service_url` or `authorize_service_urls`
-      - Type: `URL`
-      - Required; inferred in all-in-one mode to be localhost.
-      - Example: `https://pomerium-authorize-service.default.svc.cluster.local`, `https://localhost:5443`, `https://authorize.corp.example.com`
-    doc: |
-      Authorize Service URL is the location of the internally accessible Authorize service. NOTE: Unlike authenticate, authorize has no publicly accessible http handlers so this setting is purely for gRPC communication.
-
-      Multiple URLs can be specified with `authorize_service_urls`.
-
-      If your load balancer does not support gRPC pass-through you'll need to set this value to an internally routable location (`https://pomerium-authorize-service.default.svc.cluster.local`) instead of an externally routable one (`https://authorize.corp.example.com`).
-    shortdoc: |
-      Authorize Service URL is the location of the internally accessible Authorize service.
-    uuid: 18f38ae1-9684-4841-8f80-5fef188fc347
-  - name: Authorize Internal Service URL
-    keys: [authorize_internal_service_url]
-    attributes: |
-      - Environmental Variable: `AUTHORIZE_INTERNAL_SERVICE_URL`
-      - Config File Key: `authorize_internal_service_url`
-      - Type: `URL`
-      - Required; inferred in all-in-one mode to be localhost.
-      - Example: `https://pomerium-authorize-service.default.svc.cluster.local` or `https://localhost:5443`
-    doc: |
-      Authorize Internal Service URL overrides `authorize_service_url` when determining the TLS certificate for the authorize service to listen with.
-    uuid: 5a59ac40-928c-4aee-b50b-f5d476f1fae8
-  - name: Certificate Authority
-    keys: [certificate_authority, certificate_authority_file]
-    attributes: |
-      - Environmental Variable: `CERTIFICATE_AUTHORITY` or `CERTIFICATE_AUTHORITY_FILE`
-      - Config File Key: `certificate_authority` or `certificate_authority_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      This defines a set of root certificate authorities that Pomerium uses when communicating with other TLS-protected services.
-
-      **Note**: Unlike route-specific certificate authority settings, this setting augments (rather than replaces) the system's trust store. But routes that specify a CA will ignore those provided here.
-
-      :::warning
-
-      Be sure to include the intermediary certificate.
-
-      :::
-    shortdoc: |
-      Certificate Authority is set when behind-the-ingress service communication uses self-signed certificates.
-    uuid: 07590e71-5ece-4977-834c-e0cdfa884e71
-  - name: Default Upstream Timeout
-    keys: [default_upstream_timeout]
-    attributes: |
-      - Environmental Variable: `DEFAULT_UPSTREAM_TIMEOUT`
-      - Config File Key: `default_upstream_timeout`
-      - Type: [Duration](https://golang.org/pkg/time/#Duration) `string`
-      - Example: `10m`, `1h45m`
-      - Default: `30s`
-    doc: |
-      Default Upstream Timeout is the default timeout applied to a proxied route when no `timeout` key is specified by the policy.
-    shortdoc: |
-      Default Upstream Timeout is the default timeout applied to a proxied route when no timeout key is specified by the policy.
-    uuid: 252505b1-ab9e-44f0-aecb-589c07ebc36b
-  - name: Set Response Headers
-    keys: [set_response_headers]
-    attributes: |
-      - Environmental Variable: `SET_RESPONSE_HEADERS`
-      - Config File Key: `set_response_headers`
-      - Type: map of `strings` key value pairs
-      - Examples:
-
-        - Comma Separated: `X-Content-Type-Options:nosniff,X-Frame-Options:SAMEORIGIN`
-        - JSON: `'{"X-Test": "X-Value"}'`
-        - YAML:
-
-          ```yaml
-          set_response_headers:
-            X-Test: X-Value
-          ```
-
-      - To disable: `disable:true`
-
-      - Default :
-
-        ```javascript
-        X-Content-Type-Options : nosniff,
-        X-Frame-Options:SAMEORIGIN,
-        X-XSS-Protection:1; mode=block,
-        Strict-Transport-Security:max-age=31536000; includeSubDomains; preload,
-        ```
-    doc: |
-      Set Response Headers specifies a mapping of [HTTP Header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers) to be added globally to all managed routes and pomerium's authenticate service.
-
-      By default, conservative [secure HTTP headers](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) are set:
-
-        - `max-age=31536000` instructs the browser to pin the certificate for a domain for a year. This helps prevent man-in-the-middle attacks, but can create issues when developing new environments with temporary certificates. See [Troubleshooting - HSTS](/docs/troubleshooting.md#http-strict-transport-security-hsts) for more information.
-        - `includeSubDomains` applies these rules to subdomains, which is how individual routes are defined.
-        - `preload` instructs the browser to preload the certificate from an HSTS preload service if available. This means that the certificate can be loaded from an already-trusted secure connection, and the user never needs to connect to your domain without TLS.
-
-      ![pomerium security headers](./img/security-headers.png)
-
-      See [MDN Web Docs - Strict-Transport-Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) for more information.
-
-      :::tip
-
-      Several security-related headers are not set by default since doing so might break legacy sites. These include:
-      `Cross-Origin Resource Policy`, `Cross-Origin Opener Policy` and `Cross-Origin Embedder Policy`. If possible
-      users are encouraged to add these to `set_response_headers` or their downstream applications.
-
-      :::
-    uuid: e98deb26-5ec0-4cda-8ec9-664c43cc446c
-  - name: JWT Claim Headers
-    keys: [jwt_claims_headers]
-    attributes: |
-      - Environmental Variable: `JWT_CLAIMS_HEADERS`
-      - Config File Key: `jwt_claims_headers`
-      - Type: slice of `string`
-      - Example: `email`, `groups`, `user`, `given_name`
-      - Optional
-    doc: |
-      The JWT Claim Headers setting allows you to pass specific user session data to upstream applications as HTTP request headers. Note, unlike the header `x-pomerium-jwt-assertion` these values are not signed by the authorization service.
-
-      Additionally, this will add the claim to the `X-Pomerium-Jwt-Assertion` header provided by [`pass_identity_headers`](#pass-identity-headers), if not already present.
-
-      Any claim in the pomerium session JWT can be placed into a corresponding header and the JWT payload for upstream consumption. This claim information is sourced from your Identity Provider (IdP) and Pomerium's own session metadata. The header will have the following format:
-
-      `X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested. Underscores will be replaced with dashes; e.g. `X-Pomerium-Claim-Given-Name`.
-
-      This option also supports a nested object to customize the header name. For example:
-
-      ```yaml
-      jwt_claims_headers:
-        X-Email: email
-      ```
-
-      Will add an `X-Email` header with a value of the `email` claim.
-
-      Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}`.
-    shortdoc: |
-      The JWT Claim Headers setting allows you to pass specific user session data to upstream applications as HTTP request headers and additional JWT claims.
-    uuid: 94ab5d2d-039f-44cc-87c5-716541d54d33
-  - name: Override Certificate Name
-    keys: [override_certificate_name]
-    attributes: |
-      - Environmental Variable: `OVERRIDE_CERTIFICATE_NAME`
-      - Config File Key: `override_certificate_name`
-      - Type: `string`
-      - Optional
-      - Example: `*.corp.example.com` if wild card or `authenticate.corp.example.com`/`authorize.corp.example.com`
-    doc: |
-      Secure service communication can fail if the external certificate does not match the internally routed service hostname/[SNI](https://en.wikipedia.org/wiki/Server_Name_Indication). This setting allows you to override that value.
-    shortdoc: |
-      Secure service communication can fail if the external certificate does not match the internally routed service hostname/SNI.
-    uuid: e2dd1961-9fce-4634-ad59-d15b5fa62a54
-  - name: Programmatic Redirect Domain Whitelist
-    keys: [programmatic_redirect_domain_whitelist]
-    attributes: |
-      - Config File Key: `programmatic_redirect_domain_whitelist`
-      - Type: array of `string`
-      - Optional
-      - Default: `localhost`
-    doc: |
-      The programmatic redirect domain whitelist is used to restrict the allowed redirect URLs when using programmatic login. By default only `localhost` URLs are allowed.
-    uuid: cd309c37-3f93-4099-91f2-724e6a2778cc
-  - name: X-Forwarded-For HTTP Header
-    keys: [skip_xff_append]
-    attributes: |
-      - Environmental Variable: `SKIP_XFF_APPEND`
-      - Config File Key: `skip_xff_append`
-      - Type: `bool`
-      - Default: `false`
-    doc: |
-      Do not append proxy IP address to `x-forwarded-for` HTTP header. See [Envoy](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers.html?highlight=skip_xff_append#x-forwarded-for) docs for more detail.
-    shortdoc: |
-      Do not append proxy IP address to [x-forwarded-for](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers.html?highlight=skip_xff_append#x-forwarded-for).
-    uuid: 25234763-f88d-446b-ba78-03d33a9c6535
-  - name: The number of trusted hops
-    keys: [xff_num_trusted_hops]
-    attributes: |
-      - Environmental Variable: `XFF_NUM_TRUSTED_HOPS`
-      - Config File Key: `xff_num_trusted_hops`
-      - Type: `uint32`
-      - Default: `0`
-    doc: |
-      The number of trusted reverse proxies in front of pomerium. This affects `x-forwarded-proto` header and [`x-envoy-external-address` header](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-envoy-external-address), which reports tursted client address. [Envoy](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers.html?highlight=xff_num_trusted_hops#x-forwarded-for) docs for more detail.
-    shortdoc: |
-      The number of trusted reverse proxies in front of pomerium.
-    uuid: 69545469-88dc-4f3e-a8f7-829958b41bf4
-  - name: Codec Type
-    keys: [codec_type]
-    attributes: |
-      - Environment Variable: `CODEC_TYPE`
-      - Config File Key: `codec_type`
-      - Type: `string`
-      - Default: `auto` (`http1` in all-in-one mode)
-    doc: |
-      Specifies the codec to use for downstream connections. Either `auto`, `http1` or `http2`.
-
-      When `auto` is specified the codec will be determined via TLS ALPN or protocol inference.
-
-      :::warning
-
-      With HTTP/2, browsers typically coalesce connections for the same IP address that use the same
-      TLS certificate. For example, you may have `authenticate.localhost.pomerium.io` and
-      `example.localhost.pomerium.io` using the same wildcard certificate (`*.localhost.pomerium.io`)
-      and both pointing to `127.0.0.1`. Your browser sees this and re-uses the initial connection
-      it makes to `example` for `authenticate`. But unfortunately the routes necessary to handle
-      `authenticate` don't exist on `example` so the proxy cannot handle the request.
-
-      If this happens Pomerium will respond with a `421 Misdirected Request` status. Most browsers will attempt to
-      make the request on a new HTTP/2 connection. However not all browsers implement this behavior
-      (notably Safari), and users may end up seeing a blank page instead.
-
-      If you see this happen, there are several ways to mitigate the problem:
-
-      1. Don't re-use TLS certificates for shared IP domains.
-      2. Don't re-use IP addresses for shared TLS certificates.
-      3. Don't use HTTP/2.
-
-      More details on this problem are available in [Github Issue #2150](https://github.com/pomerium/pomerium/issues/2150).
-
-      :::
-    uuid: c4f89bdc-85a3-47df-b8c6-a31d5855206e
-  uuid: fc61dc8d-dad9-4920-a446-d8cd4a7d6e3a
-- name: Data Broker Service
-  doc: |
-    The databroker service is used for storing user session data.
-
-    By default, the `databroker` service uses an in-memory databroker.
-
-    To create your own data broker, implement the following gRPC interface:
-
-    - [pkg/grpc/databroker/databroker.proto](https://github.com/pomerium/pomerium/blob/main/pkg/grpc/databroker/databroker.proto)
-
-    For an example implementation, the in-memory database used by the databroker service can be found here:
-
-    - [pkg/databroker/memory](https://github.com/pomerium/pomerium/tree/main/pkg/databroker/memory)
-  settings:
-  - name: Data Broker Internal Service URL
-    keys: [databroker_internal_service_url]
-    attributes: |
-      - Environmental Variable: `DATABROKER_INTERNAL_SERVICE_URL` or `DATABROKER_INTERNAL_SERVICE_URLS`
-      - Config File Key: `databroker_internal_service_url` or `databroker_internal_service_urls`
-      - Type: `URL`
-      - Example: `https://databroker.corp.example.com`
-      - Default: in all-in-one mode, `http://localhost:5443`
-    doc: |
-      Data Broker Internal URL overrides `databroker_service_url` when determining the TLS certificate for the databroker service to listen with.
-    uuid: a4b69326-2c69-4a24-bf54-da6b3da55ee0
-  - name: Data Broker Storage Type
-    keys: [databroker_storage_type]
-    attributes: |
-      - Environmental Variable: `DATABROKER_STORAGE_TYPE`
-      - Config File Key: `databroker_storage_type`
-      - Type: `string`
-      - Optional
-      - Example: `redis`,`memory`
-      - Default: `memory`
-    doc: |
-      The backend storage that databroker server will use.
-    uuid: e6ba2ee8-4292-41a0-858a-99ccaf76dfcb
-  - name: Data Broker Storage Connection String
-    keys: [databroker_storage_connection_string]
-    attributes: |
-      - Environmental Variable: `DATABROKER_STORAGE_CONNECTION_STRING`
-      - Config File Key: `databroker_storage_connection_string`
-      - Type: `string`
-      - **Required** when storage type is `redis`
-      - Example: `"redis://localhost:6379/0"`, `"rediss://localhost:6379/0"`
-    doc: |
-      The connection string that the databroker service will use to connect to storage backend.
-
-      For `redis`, the following URL types are supported:
-
-      - simple: `redis://[username:password@]host:port/[db]`
-      - sentinel: `redis+sentinel://[:password@]host:port[,host2:port2,...]/[master_name[/db]][?param1=value1[&param2=value2&...]]`
-      - cluster: `redis+cluster://[username:password@]host:port[,host2:port2,...]/[?param1=value1[&param2=value=2&...]]`
-
-      You can also enable TLS with `rediss://`, `rediss+sentinel://` and `rediss+cluster://`.
-    uuid: 09fb5787-a8bb-4b81-a1ba-b9da70a66fcf
-  - name: Data Broker Storage Certificate File
-    keys: [databroker_storage_cert_file]
-    attributes: |
-      - Environment Variable: `DATABROKER_STORAGE_CERT_FILE`
-      - Config File Key: `databroker_storage_cert_file`
-      - Type: relative file location
-      - Optional
-    doc: |
-      The certificate used to connect to a storage backend.
-    uuid: b2cafddd-148d-4529-a4e0-175e00e387a5
-  - name: Data Broker Storage Certificate Key File
-    keys: [databroker_storage_key_file]
-    attributes: |
-      - Environment Variable: `DATABROKER_STORAGE_KEY_FILE`
-      - Config File Key: `databroker_storage_key_file`
-      - Type: relative file location
-      - Optional
-    doc: |
-      The certificate key used to connect to a storage backend.
-    uuid: fe8b7782-1d4f-4a91-a124-c4c8a26627c1
-  - name: Data Broker Storage Certificate Authority
-    keys: [databroker_storage_ca_file]
-    attributes: |
-      - Environment Variable: `DATABROKER_STORAGE_CA_FILE`
-      - Config File Key: `databroker_storage_ca_file`
-      - Type: relative file location
-      - Optional
-    doc: |
-      This setting defines the set of root certificates used when verifying storage server connections.
-    uuid: 85674afe-20ba-4c0f-9b19-c5f652dfd537
-  - name: Data Broker Storage TLS Skip Verify
-    keys: [databroker_storage_tls_skip_verify]
-    attributes: |
-      - Environment Variable: `DATABROKER_STORAGE_TLS_SKIP_VERIFY`
-      - Config File Key: `databroker_storage_tls_skip_verify`
-      - Type: relative file location
-      - Optional
-    doc: |
-      If set, the TLS connection to the storage backend will not be verified.
-    uuid: e55c6398-10c5-42f7-aa81-a87943472ece
-  uuid: 455d56c7-8979-4e02-9a56-e4b37448d523
-- name: Policy
-  keys: [policy]
-  attributes: |
-    - Environmental Variable: `POLICY`
-    - Config File Key: `policy`
-    - Type: [base64 encoded] `string` or inline policy structure in config file
-    - **Deprecated**: This key has been replaced with `route`.
-  doc: |2
-
-    ::: warning
-    The `policy` field as a top-level configuration key has been replaced with [`routes`](/reference/readme.md#routes). Moving forward, define policies within each defined route.
-
-    Existing policy definitions will currently behave as expected, but are deprecated and will be removed in a future version of Pomerium.
-    :::
-
-    Policy contains route specific settings, and access control details. If you are configuring via POLICY environment variable, just the contents of the policy needs to be passed. If you are configuring via file, the policy should be present under the policy key. For example,
-
-    <<< @/examples/config/policy.example.yaml
-
-    Policy routes are checked in the order they appear in the policy, so more specific routes should appear before less specific routes. For example:
-
-    ```yaml
-    policy:
-      - from: http://from.example.com
-        to: http://to.example.com
-        prefix: /admin
-        allowed_groups: ["superuser"]
-      - from: http://from.example.com
-        to: http://to.example.com
-        allow_public_unauthenticated_access: true
-    ```
-
-    In this example, an incoming request with a path prefix of `/admin` would be handled by the first route (which is restricted to superusers). All other requests for `from.example.com` would be handled by the second route (which is open to the public).
-
-    A list of configuration variables specific to `policy` follows Note that this also shares all configuration variables listed under [routes](/reference/readme.md#routes), excluding `policy` and its child variables.
-  settings:
-  - name: Allowed Domains
-    keys: [allowed_domains]
-    attributes: |
-      - `yaml`/`json` setting: `allowed_domains`
-      - Type: list of `string`
-      - Required
-      - Example: `pomerium.io` , `gmail.com`
-    doc: |
-      Allowed domains is a collection of whitelisted domains to authorize for a given route.
-    uuid: 60b8a658-ca87-4139-b1b1-f7c12d593353
-  - name: Allowed Groups
-    keys: [allowed_groups]
-    attributes: |
-      - `yaml`/`json` setting: `allowed_groups`
-      - Type: list of `string`
-      - Required
-      - Example: `admins` , `support@company.com`
-    doc: |
-      Allowed groups is a collection of whitelisted groups to authorize for a given route.
-    uuid: 49a0ff2b-f1ed-47a2-a350-88c95cd6d988
-  - name: Allowed IdP Claims
-    keys: [allowed_idp_claims]
-    attributes: |
-      - `yaml`/`json` setting: `allowed_idp_claims`
-      - Type: map of `strings` lists
-      - Required
-    shortdoc: |
-      Authorize users by matching claims attached to a user's identity token by their identity provider
-    doc: |
-      Allowed IdP Claims is a collection of whitelisted claim key-value pairs to authorize for a given route.
-
-      This is useful if your identity provider has extra information about a user that is not in the directory.  It can also be useful if you wish to use groups with the generic OIDC provider.
-
-      Example:
-
-      ```yaml
-        - from: http://from.example.com
-          to: http://to.example.com
-          allowed_idp_claims:
-            family_name:
-              - Doe
-              - Smith
-      ```
-
-      This policy would match users with the `family_name` claim containing `Smith` or `Doe`.
-
-      Claims are represented as a map of strings to a list of values:
-
-      ```json
-      {
-        "family_name": ["Doe"],
-        "given_name": ["John"]
-      }
-      ```
-
-      - Nested maps are flattened: `{ "a": { "b": ["c"] } }` becomes `{ "a.b": ["c"] }`
-      - Values are always a list: `{ "a": "b" }` becomes `{ "a": ["b"] }`
-    uuid: ae182cee-e95d-4efe-b3aa-d560bcc1dfc2
-  - name: Allowed Users
-    keys: [allowed_users]
-    attributes: |
-      - `yaml`/`json` setting: `allowed_users`
-      - Type: list of `string`
-      - Required
-      - Example: `alice@pomerium.io` , `bob@contractor.co`
-    doc: |
-      Allowed users is a collection of whitelisted users to authorize for a given route.
-    uuid: 138fe1c0-9e30-4fd8-82c4-779626268ba2
-  uuid: b22aa4e3-5508-4154-afdf-2e459c58b70d
-- name: Routes
-  keys: [routes]
-  attributes: |
-    - Environment Variable: `ROUTES`
-    - Config File Key: `routes`
-    - Type: [base64 encoded] `string` or inline policy structure in config file
-    - **Required** - While Pomerium will start without a route configured, it will not authorize or proxy any traffic until a route is defined. If configuring Pomerium for the Enterprise Console, define a route for the Console itself in Pomerium.
-  doc: |
-    A route contains specific access and control definitions for a back-end service. Each route is a list item under the `routes` key.
-
-    Each route defines at minimum a `from` and `to` field, and a `policy` key defining authorization logic. Policies are defined using [Pomerium Policy Language](/enterprise/reference/manage.md#pomerium-policy-language) (**PPL**). Additional options are listed below.
-
-    <<< @/examples/config/route.example.yaml
-  settings:
-  - name: Allow Any Authenticated User
-    keys: [allow_any_authenticated_user]
-    attributes: |
-      - `yaml`/`json` setting: `allow_any_authenticated_user`
-      - Type: `bool`
-      - Optional
-      - Default: `false`
-    doc: |
-      **Use with caution:** This setting will allow all requests for any user which is able to authenticate with our given identity provider. For instance, if you are using a corporate GSuite account, an unrelated gmail user will be able to access the underlying upstream.
-
-      Use of this setting means Pomerium **will not enforce centralized authorization policy** for this route. The upstream is responsible for handling any authorization.
-    uuid: 9ff77257-3d17-476e-95f8-76edc6e9284b
-  - name: Cluster Name
-    keys: [name]
-    attributes: |
-      - Config File Key: `name`
-      - Type: `string`
-      - Optional
-    doc: |
-      Runtime metrics for this policy would be available under `envoy_cluster_`*`name`* prefix.
-    uuid: f78ea784-1b96-4091-b937-e2778bce9b26
-  - name: CORS Preflight
-    keys: [cors_allow_preflight]
-    attributes: |
-      - `yaml`/`json` setting: `cors_allow_preflight`
-      - Type: `bool`
-      - Optional
-      - Default: `false`
-    doc: |
-      Allow unauthenticated HTTP OPTIONS requests as [per the CORS spec](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests).
-    uuid: d507b005-cf08-4844-8d0f-969992b7e7ad
-  - name: Enable Google Cloud Serverless Authentication
-    keys: [enable_google_cloud_serverless_authentication]
-    attributes: |
-      - Environmental Variable: `ENABLE_GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION`
-      - Config File Key: `enable_google_cloud_serverless_authentication`
-      - Type: `bool`
-      - Default: `false`
-    doc: |
-      Enable sending a signed [Authorization Header](https://cloud.google.com/run/docs/authenticating/service-to-service) to upstream GCP services.
-
-      Requires setting [Google Cloud Serverless Authentication Service Account](#google-cloud-serverless-authentication-service-account) or running Pomerium in an environment with a GCP service account present in default locations.
-    uuid: 7ac61aea-fdf3-4060-b0fb-f9024a330af4
-  - name: From
-    keys: [from]
-    attributes: |
-      - `yaml`/`json` setting: `from`
-      - Type: `URL` (must contain a scheme and hostname, must not contain a path)
-      - Schemes: `https`, `tcp+https`
-      - Required
-      - Example: `https://verify.corp.example.com`, `tcp+https://ssh.corp.example.com:22`
-    doc: |
-      `From` is the externally accessible URL for the proxied request.
-
-      Specifying `tcp+https` for the scheme enables [TCP proxying](/docs/tcp/readme.md) support for the route. You may map more than one port through the same hostname by specifying a different `:port` in the URL.
-
-      :::warning
-
-      Only secure schemes (`https` and `tcp+https`) are supported.
-
-      :::
-    uuid: ad15b3c4-deda-47c3-bf72-9f59c6ca6de6
-  - name: Health Checks
-    keys: [health_checks]
-    attributes: |
-      - Config File Key: `health_checks`
-      - Type: `array of objects`
-      - Optional
-    doc: |
-      When defined, will issue periodic health check requests to upstream servers. When health checks are defined, unhealthy upstream servers would not serve traffic.
-      See also `outlier_detection` for automatic upstream server health detection.
-      In presence of multiple upstream servers, it is recommended to set up either `health_checks` or `outlier_detection` or both.
-
-      See [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/health_checking) for a list of [supported parameters](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck).
-
-      Only one of `http_health_check`, `tcp_health_check`, or `grpc_health_check` may be configured per health_check object definition.
-
-      - [TCP](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck-tcphealthcheck)
-      - [HTTP](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck-httphealthcheck)
-      - [GRPC](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto#envoy-v3-api-msg-config-core-v3-healthcheck-grpchealthcheck)
-
-      See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.md#active-health-checks).
-    uuid: 95326984-7e5f-49fb-bce7-fcc246ce8fb3
-  - name: Host Rewrite
-    keys: [host_rewrite, host_rewrite_header, host_path_regex_rewrite_pattern, host_path_regex_rewrite_substitution,
-      preserve_host_header]
-    attributes: |
-      - `yaml`/`json` settings: `host_rewrite`, `host_rewrite_header`, `host_path_regex_rewrite_pattern`, `host_path_regex_rewrite_substitution`
-      - Type: `string`
-      - Optional
-      - Example: `host_rewrite: "example.com"`
-    doc: |
-      The `host` header can be preserved via the `preserve_host_header` setting or customized via three mutually exclusive options:
-
-      1. `preserve_host_header` will, when enabled, this option will pass the host header from the incoming request to the proxied host, instead of the destination hostname. It's an optional parameter of type `bool` that defaults to `false`.
-
-          See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypreservehost).
-      2. `host_rewrite`, which will rewrite the host to a new literal value.
-      3. `host_rewrite_header`, which will rewrite the host to match an incoming header value.
-      4. `host_path_regex_rewrite_pattern` & `host_path_regex_rewrite_substitution`, which will rewrite the host according to a regex matching the path. For example with the following config:
-
-          ```yaml
-          host_path_regex_rewrite_pattern: "^/(.+)/.+$"
-          host_path_regex_rewrite_substitution: \1
-          ```
-
-          Would rewrite the host header to `example.com` given the path `/example.com/some/path`.
-
-      The 2nd, 3rd and 4th options correspond to the Envoy route action host related options, which can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html#config-route-v3-routeaction).
-    uuid: e32a53ce-eaad-4a5e-9666-25667df606c1
-  - name: Idle Timeout
-    keys: [idle_timeout]
-    attributes: |
-      - `yaml`/`json` setting: `idle_timeout`
-      - Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-      - Optional
-      - Default: `5m`
-    doc: |
-      If you are proxying long-lived requests that employ streaming calls such as websockets or gRPC,
-      set this to either a maximum value there may be no data exchange over a connection (recommended),
-      or set it to unlimited (`0s`). If `idle_timeout` is specified, and `timeout` is not
-      explicitly set, then `timeout` would be unlimited (`0s`). You still may specify maximum lifetime
-      of the connection using `timeout` value (i.e. to 1 day).
-    uuid: 47c9ab2a-a9b1-48c2-ba92-101ecc65211e
-  - name: Identity Provider Client ID (per route)
-    keys: [routes.idp_client_id]
-    attributes: |
-      - `yaml`/`json` setting: `idp_client_id`
-      - Type: `string`
-      - Optional
-    doc: |
-      When set, this overrides the value of [idp_client_id](#identity-provider-client-id) set globally for this route.
-    uuid: d4b13155-bacc-4a62-ab1b-0305da89dc5d
-  - name: Identity Provider Client Secret (per route)
-    keys: [routes.idp_client_id]
-    attributes: |
-      - `yaml`/`json` setting: `idp_client_secret`
-      - Type: `string`
-      - Optional
-    doc: |
-      When set, this overrides the value of [idp_client_secret](#identity-provider-client-secret) set globally for this route.
-    uuid: 1b906278-45b6-4ec4-a45a-39404f835a0b
-  - name: Kubernetes Service Account Token
-    keys: [kubernetes_service_account_token, kubernetes_service_account_token_file]
-    attributes: |
-      - `yaml`/`json` setting: `kubernetes_service_account_token` / `kubernetes_service_account_token_file`
-      - Type: `string` or relative file location containing a Kubernetes bearer token
-      - Optional
-      - Example: `eyJ0eXAiOiJKV1QiLCJhbGciOiJ...` or `/var/run/secrets/kubernetes.io/serviceaccount/token`
-    doc: |
-      Use this token to authenticate requests to a Kubernetes API server.
-
-      Pomerium will [impersonate](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation) the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups.
-    uuid: 479adae8-e0e9-4754-8fb6-a01a2132cbb8
-  - name: Load Balancing Policy
-    keys: [lb_policy]
-    attributes: |
-      - Config File Key: `lb_policy`
-      - Type: `enum`
-      - Optional
-    doc: |
-      In presence of multiple upstreams, defines load balancing strategy between them.
-
-      See [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-enum-config-cluster-v3-cluster-lbpolicy) for more details.
-
-      - [`ROUND_ROBIN`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-round-robin) (default)
-      - [`LEAST_REQUEST`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#weighted-least-request) and may be further configured using [`least_request_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-leastrequestlbconfig)
-      - [`RING_HASH`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) and may be further configured using [`ring_hash_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-ringhashlbconfig) option
-      - [`RANDOM`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#random)
-      - [`MAGLEV`](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and may be further configured using [`maglev_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-maglevlbconfig) option
-
-      Some policy types support additional [configuration](#load-balancing-policy-config).
-    uuid: e5593396-f01f-4ad5-8fe7-0052dab1e7a2
-  - name: Load Balancing Policy Config
-    keys: [least_request_lb_config, ring_hash_lb_config, maglev_lb_config]
-    attributes: |
-      - Config File Key: `least_request_lb_config`, `ring_hash_lb_config`, `maglev_lb_config`
-      - Type: `object`
-      - Optional
-    doc: |
-      When [`lb_policy`](#load-balancing-policy) is configured, you may further customize policy settings for `LEAST_REQUEST`, `RING_HASH`, AND `MAGLEV` using one of the following options.
-
-      - [`least_request_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-leastrequestlbconfig)
-      - [`ring_hash_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-ringhashlbconfig)
-      - [`maglev_lb_config`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-msg-config-cluster-v3-cluster-maglevlbconfig)
-
-      See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.md#load-balancing-method)
-    uuid: f81e94b5-868a-4d4f-8fe1-d0636c7c181b
-  - name: Outlier Detection
-    keys: [outlier_detection]
-    attributes: |
-      - `yaml`/`json` setting: `outlier_detection`
-      - Type: `object`
-      - Optional
-      - Example: `{ "consecutive_5xx": 12 }`
-    doc: |
-      Outlier detection and ejection is the process of dynamically determining whether some number of hosts in an upstream cluster are performing unlike the others and removing them from the healthy load balancing set.
-
-      See Envoy [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier#arch-overview-outlier-detection) and [API](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/outlier_detection.proto#envoy-v3-api-msg-config-cluster-v3-outlierdetection) for more details.
-    uuid: c5175518-b323-4eb9-a2dc-829d55f06402
-  - name: Pass Identity Headers
-    keys: [pass_identity_headers]
-    attributes: |
-      - `yaml`/`json` setting: `pass_identity_headers`
-      - Type: `bool`
-      - Optional
-      - Default: `false`
-    doc: |
-      When enabled, this option will pass identity headers to upstream applications. These headers include:
-
-      - X-Pomerium-Jwt-Assertion
-      - X-Pomerium-Claim-*
-    uuid: 4ec87c58-0228-44f8-b3ec-0a1fa8c352db
-  - name: Path
-    keys: [path]
-    attributes: |
-      - `yaml`/`json` setting: `path`
-      - Type: `string`
-      - Optional
-      - Example: `/admin/some/exact/path`
-    doc: |
-      If set, the route will only match incoming requests with a path that is an exact match for the specified path.
-    uuid: d8141411-ac7f-4e75-9280-b11035bbbdb2
-  - name: Prefix
-    keys: [prefix]
-    attributes: |
-      - `yaml`/`json` setting: `prefix`
-      - Type: `string`
-      - Optional
-      - Example: `/admin`
-    doc: |
-      If set, the route will only match incoming requests with a path that begins with the specified prefix.
-    uuid: 2c73dffb-cad7-4475-8103-72be21378e47
-  - name: Prefix Rewrite
-    keys: [prefix_rewrite]
-    attributes: |
-      - `yaml`/`json` setting: `prefix_rewrite`
-      - Type: `string`
-      - Optional
-      - Example: `/subpath`
-    doc: |
-      If set, indicates that during forwarding, the matched prefix (or path) should be swapped with this value.
-      For example, given this policy:
-
-      ```yaml
-      from: https://from.example.com
-      to: https://to.example.com
-      prefix: /admin
-      prefix_rewrite: /
-      ```
-
-      A request to `https://from.example.com/admin` would be forwarded to `https://to.example.com/`.
-    uuid: da7605f9-a0dd-4e03-a03d-4832c62fe88f
-  - name: Public Access
-    keys: [allow_public_unauthenticated_access]
-    attributes: |
-      - `yaml`/`json` setting: `allow_public_unauthenticated_access`
-      - Type: `bool`
-      - Optional
-      - Default: `false`
-    doc: |
-      **Use with caution:** Allow all requests for a given route, bypassing authentication and authorization. Suitable for publicly exposed web services.
-
-      If this setting is enabled, no whitelists (e.g. Allowed Users) should be provided in this route.
-    uuid: 3b36d80d-5806-4529-9027-0fdbaab790fe
-  - name: Redirect
-    keys: [redirect]
-    attributes: |
-      - `yaml`/`json` setting: 'redirect'
-      - Type: object
-      - Optional
-      - Example: `{ "host_redirect": "example.com" }`
-    doc: |
-      `Redirect` is used to redirect incoming requests to a new URL. The `redirect` field is an object with several possible
-      options:
-
-      - `https_redirect` (boolean): the incoming scheme will be swapped with "https".
-      - `scheme_redirect` (string): the incoming scheme will be swapped with the given value.
-      - `host_redirect` (string): the incoming host will be swapped with the given value.
-      - `port_redirect` (integer): the incoming port will be swapped with the given value.
-      - `path_redirect` (string): the incoming path portion of the URL will be swapped with the given value.
-      - `prefix_rewrite` (string): the incoming matched prefix will be swapped with the given value.
-      - `response_code` (integer): the response code to use for the redirect. Defaults to 301.
-      - `strip_query` (boolean): indicates that during redirection, the query portion of the URL will be removed. Defaults to false.
-
-      Either `redirect` or `to` must be set.
-    uuid: 0fa1872b-3757-4fcc-b645-900c768107dd
-  - name: Regex
-    keys: [regex]
-    attributes: |
-      - `yaml`/`json` setting: `regex`
-      - Type: `string` (containing a regular expression)
-      - Optional
-      - Example: `^/(admin|superuser)/.*$`
-    doc: |
-      If set, the route will only match incoming requests with a path that matches the specified regular expression. The supported syntax is the same as the Go [regexp package](https://golang.org/pkg/regexp/) which is based on [re2](https://github.com/google/re2/wiki/Syntax).
-    uuid: 61210771-a4f8-4ddc-ba7f-61739d85bd23
-  - name: Regex Rewrite
-    keys: [regex_rewrite_pattern, regex_rewrite_substitution]
-    attributes: |
-      - `yaml`/`json` setting: `regex_rewrite_pattern`, `regex_rewrite_substitution`
-      - Type: `string`
-      - Optional
-      - Example: `{ "regex_rewrite_pattern":"^/service/([^/]+)(/.*)$", "regex_rewrite_substitution": "\\2/instance/\\1" }`
-    doc: |
-      If set, the URL path will be rewritten according to the pattern and substitution, similar to `prefix_rewrite`.
-    uuid: 530d5de2-743e-4600-80fb-c5357bac1951
-  - name: Remove Request Headers
-    keys: [remove_request_headers]
-    attributes: |
-      - Config File Key: `remove_request_headers`
-      - Type: array of `strings`
-      - Optional
-    doc: |
-      Remove Request Headers allows you to remove given request headers. This can be useful if you want to prevent privacy information from being passed to downstream applications. For example:
-
-      ```yaml
-      - from: https://verify.corp.example.com
-        to: https://verify.pomerium.com
-        policy:
-          - allow:
-              or:
-                - email:
-                    is: user@example.com
-        remove_request_headers:
-          - X-Email
-          - X-Username
-      ```
-    uuid: 5cc4dd96-f9a9-4089-b1bb-6e15f3595ae7
-  - name: Rewrite Response Headers
-    keys: [rewrite_response_headers]
-    attributes: |
-      - Config File Key: `rewrite_response_headers`
-      - Type: `object`
-      - Optional
-      - Example: `[{ "header": "Location", "prefix": "http://localhost:8000/two/", "value": "http://frontend/one/" }]`
-    doc: |
-      Rewrite Response Headers allows you to modify response headers before they are returned to the client. The `header` field will match the HTTP header name, and `prefix` will be replaced with `value`. For example, if the downstream server returns a header:
-
-      ```text
-      Location: http://localhost:8000/two/some/path/
-      ```
-
-      And the policy has this config:
-
-      ```yaml
-      rewrite_response_headers:
-        - header: Location
-          prefix: http://localhost:8000/two/
-          value: http://frontend/one/
-      ```
-
-      The browser would be redirected to: `http://frontend/one/some/path/`. This is similar to nginx's [`proxy_redirect` option](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect), but can be used for any header.
-    uuid: 66845eb7-10a6-4620-9a9e-eea5b78fae87
-  - name: Route Timeout
-    keys: [timeout]
-    attributes: |
-      - `yaml`/`json` setting: `timeout`
-      - Type: [Go Duration](https://golang.org/pkg/time/#Duration.String) `string`
-      - Optional
-      - Default: `30s`
-    doc: |
-      Policy timeout establishes the per-route timeout value. Cannot exceed global timeout values.
-    uuid: 7ec1eebb-f3a9-4415-b0bf-6ab8f02a8be2
-  - name: Set Authorization Header
-    keys: [set_authorization_header]
-    attributes: |
-      - `yaml`/`json` setting: `set_authorization_header`
-      - Type: `string` (`pass_through`, `access_token` or `id_token`)
-      - Optional
-      - Default: `pass_through`
-    doc: |
-      `set_authorization_header` allows you to send a user's identity token through as a bearer token in the Authorization header.
-
-      Use `access_token` to send the OAuth access token, `id_token` to send the OIDC ID token, or `pass_through` (the default) to leave the Authorization header unchanged
-      from the client when it's not used for Pomerium authentication.
-    uuid: 73c39eef-724a-48bb-920b-337805ceef8b
-  - name: Set Response Headers
-    keys: [set_response_headers]
-    attributes: |
-      - Config File Key: `set_response_headers`
-      - Type: map of `strings` key value pairs
-      - Optional
-    doc: |
-      Set Response Headers allows you to set static values for the given response headers. These headers will take precedence over the global `set_response_headers`.
-    uuid: 4df6b96b-f02b-4918-8214-259648f55f85
-  - name: Set Request Headers
-    keys: [set_request_headers]
-    attributes: |
-      - Config File Key: `set_request_headers`
-      - Type: map of `strings` key value pairs
-      - Optional
-    doc: |
-      Set Request Headers allows you to set static values for given request headers. This can be useful if you want to pass along additional information to downstream applications as headers, or set authentication header to the request. For example:
-
-      ```yaml
-      - from: https://verify.corp.example.com
-        to: https://verify.pomerium.com
-        policy:
-          - allow:
-              or:
-                - email:
-                    is: user@example.com
-        set_request_headers:
-          # works auto-magically!
-          # https://verify.corp.example.com/basic-auth/root/hunter42
-          Authorization: Basic cm9vdDpodW50ZXI0Mg==
-          X-Your-favorite-authenticating-Proxy: "Pomerium"
-      ```
-      :::warning
-
-      Neither `:-prefixed` pseudo-headers nor the `Host:` header may be modified via this mechanism. Those headers may instead be modified via mechanisms such as `prefix_rewrite`, `regex_rewrite`, and `host_rewrite`.
-
-      :::
-    uuid: 6731c491-3dc5-4cc0-a882-eee2c5f90905
-  - name: Signout Redirect URL
-    keys: [signout_redirect_url]
-    attributes: |
-      - Environmental Variable: `SIGNOUT_REDIRECT_URL`
-      - Config File Key: `signout_redirect_url`
-      - Type: `URL`
-      - Required
-      - Example: `https://signout-redirect-url.corp.example.com`
-    doc: |
-      Signout redirect url is the url user will be redirected to after signing out.
-
-      You can overwrite this behavior by passing the query param `pomerium_redirect_uri` or post value `pomerium_redirect_uri`
-      to the `/.pomerium/signout/` endpoint.
-    uuid: f37009dc-b027-47be-b8e5-7a0bc9640edf
-  - name: TLS Client Certificate
-    keys: [tls_client_cert, tls_client_key, tls_client_cert_file, tls_client_key_file]
-    attributes: |
-      - Config File Key: `tls_client_cert` and `tls_client_key` or `tls_client_cert_file` and `tls_client_key_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      If specified, Pomerium will present this client certificate to upstream services when requested to enforce [mutual authentication](https://en.wikipedia.org/wiki/Mutual_authentication) (mTLS).
-
-      For more details, see our [mTLS example repository](https://github.com/pomerium/pomerium/tree/main/examples/mutual-tls) and the [Upstream mTLS With Pomerium](/guides/upstream-mtls.md) guide.
-    uuid: fdf0036b-068a-46ca-b429-e8ca29d056e8
-  - name: TLS Custom Certificate Authority
-    keys: [tls_custom_ca, tls_custom_ca_file]
-    attributes: |
-      - Config File Key: `tls_custom_ca` or `tls_custom_ca_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      TLS Custom Certificate Authority defines a set of root certificate authorities that the Pomerium Proxy Service uses when verifying upstream server certificates.
-
-      **Note**: This setting will replace (not append) the system's trust store for a given route.
-    uuid: 186e167c-80cb-4af5-a1a8-ca8b8ef00c26
-  - name: TLS Downstream Client Certificate Authority
-    keys: [tls_downstream_client_ca, tls_downstream_client_ca_file]
-    attributes: |
-      - Config File Key: `tls_downstream_client_ca` or `tls_downstream_client_ca_file`
-      - Type: [base64 encoded] `string` or relative file location
-      - Optional
-    doc: |
-      If specified, downstream clients (eg a user's browser) will be required to provide a valid client TLS
-      certificate. This overrides the global `client_ca` option for this route.
-
-      See [Client-Side mTLS With Pomerium](/guides/mtls.md) for more information.
-    uuid: b5c8abb8-cf51-49a7-870f-d0203383735a
-  - name: TLS Skip Verification
-    keys: [tls_skip_verify]
-    attributes: |
-      - Config File Key: `tls_skip_verify`
-      - Type: `bool`
-      - Default: `false`
-    doc: |
-      TLS Skip Verification controls whether the Pomerium Proxy Service verifies the upstream server's certificate chain and host name. If enabled, Pomerium accepts any certificate presented by the upstream server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.
-    uuid: 66ac5047-2db6-40c8-82c5-4cc3e100e819
-  - name: TLS Server Name
-    keys: [tls_server_name]
-    attributes: |
-      - Config File Key: `tls_server_name`
-      - Type: `string`
-      - Optional
-    doc: |
-      **Deprecated**: this key has been replaced with `tls_upstream_server_name`.
-    uuid: a7e6b27f-c62c-4e93-94f1-6410422214a1
-  - name: TLS Upstream Server Name
-    keys: [tls_upstream_server_name]
-    attributes: |
-      - Config File Key: `tls_upstream_server_name`
-      - Type: `string`
-      - Optional
-    doc: |
-      TLS Upstream Server Name overrides the hostname specified in the `to` field. If set, this server name will be used to verify the certificate name. This is useful when the backend of your service is a TLS server with a valid certificate, but mismatched name.
-    uuid: fba5f2ca-eafe-4495-bcdb-510858149c2d
-  - name: TLS Downstream Server Name
-    keys: [tls_downstream_server_name]
-    attributes: |
-      - Config File Key: `tls_downstream_server_name`
-      - Type: `string`
-      - Optional
-    doc: |
-      TLS Downstream Server Name overrides the hostname specified in the `from` field. When a connection to Pomerium is made via TLS the `tls_downstream_server_name` will be used as the expected Server Name Indication, whereas the host part of the `from` field, will be expected to match the `Host` or `:authority` headers of the HTTP request.
-    uuid: ae84a7ff-24c0-4cbc-aef9-4222ab6f70b4
-  - name: To
-    keys: [to]
-    attributes: |
-      - `yaml`/`json` setting: `to`
-      - Type: `URL` or list of `URL`s (must contain a scheme and hostname) with an optional weight
-      - Schemes: `http`, `https`, `tcp`
-      - Optional
-      - Example: `http://verify` , `https://192.1.20.12:8080`, `http://neverssl.com`, `https://verify.pomerium.com/anything/`, `["http://a", "http://b"]`, `["http://a,10", "http://b,20"]`
-    doc: |
-      `To` is the destination(s) of a proxied request. It can be an internal resource, or an external resource. Multiple upstream resources can be targeted by using a list instead of a single URL:
-
-      ```yaml
-      - from: https://example.com
-        to:
-        - https://a.example.com
-        - https://b.example.com
-      ```
-
-      A load balancing weight may be associated with a particular upstream by appending `,[weight]` to the URL.  The exact behavior depends on your [`lb_policy`](#load-balancing-policy) setting.  See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.md#load-balancing-weight).
-
-      Must be `tcp` if `from` is `tcp+https`.
-
-      :::warning
-
-      Be careful with trailing slash.
-
-      With rule:
-
-      ```yaml
-      - from: https://verify.corp.example.com
-        to: https://verify.pomerium.com/anything
-      ```
-
-      Requests to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything`, while requests to `https://verify.corp.example.com/foo` will be forwarded to `https://verify.pomerium.com/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
-
-      While the rule:
-
-      ```yaml
-      - from: https://verify.corp.example.com
-        to: https://verify.pomerium.com/anything/
-      ```
-
-      All requests to `https://verify.corp.example.com/*` will be forwarded to `https://verify.pomerium.com/anything/*`. That means accessing to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
-
-      Either `redirect` or `to` must be set.
-
-      :::
-    uuid: a3cb9ed1-8a92-4516-b328-e70751efe84f
-  - name: SPDY
-    keys: [allow_spdy]
-    attributes: |
-      - Config File Key: `allow_spdy`
-      - Type: `bool`
-      - Default: `false`
-    doc: |
-      If set, enables proxying of SPDY protocol upgrades.
-    uuid: 0daccff6-ce6d-4b0d-8946-2ad00e83c791
-  - name: Websocket Connections
-    keys: [allow_websockets]
-    attributes: |
-      - Config File Key: `allow_websockets`
-      - Type: `bool`
-      - Default: `false`
-    doc: |
-      If set, enables proxying of websocket connections.
-
-      :::warning
-
-      **Use with caution:** websockets are long-lived connections, so [global timeouts](#global-timeouts) are not enforced (though the policy-specific `timeout` is enforced). Allowing websocket connections to the proxy could result in abuse via [DOS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/).
-
-      :::
-    uuid: 6506106b-4b3d-4946-b4d8-efe7e2e1b708
-  uuid: c7057578-26f3-49f7-a19b-ebddb1d14af6
-- name: Authorize Service
-  settings:
-  - name: Google Cloud Serverless Authentication Service Account
-    keys: [google_cloud_serverless_authentication_service_account]
-    attributes: |
-      - Environmental Variable: `GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT`
-      - Config File Key: `google_cloud_serverless_authentication_service_account`
-      - Type: [base64 encoded] `string`
-      - Optional
-    doc: |
-      Manually specify the service account credentials to support GCP's [Authorization Header](https://cloud.google.com/run/docs/authenticating/service-to-service) format.
-
-      If unspecified:
-
-      - If [Identity Provider Name](#identity-provider-name) is set to `google`, will default to [Identity Provider Service Account](#identity-provider-service-account)
-      - Otherwise, will default to ambient credentials in the default locations searched by the Google SDK. This includes GCE metadata server tokens.
-    uuid: bd94a8ee-2351-4edd-b10a-88107ab8ea0d
-  - name: Signing Key
-    keys: [signing_key]
-    attributes: |
-      - Environmental Variable: `SIGNING_KEY`
-      - Config File Key: `signing_key`
-      - Type: [base64 encoded] `string`
-      - Optional
-    doc: |
-      Signing Key is the private key used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.
-
-      If set, the signing key's public key will can retrieved by hitting Pomerium's `/.well-known/pomerium/jwks.json` endpoint which lives on the authenticate service. Otherwise, the endpoint will return an empty keyset.
-
-      For example, assuming you have [generated an ES256 key](https://github.com/pomerium/pomerium/blob/main/scripts/generate_self_signed_signing_key.sh) as follows.
-
-      ```bash
-      # Generates an P-256 (ES256) signing key
-      openssl ecparam  -genkey  -name prime256v1  -noout  -out ec_private.pem
-      # careful! this will output your private key in terminal
-      cat ec_private.pem | base64
-      ```
-
-      That signing key can be accessed via the well-known jwks endpoint.
-
-      ```bash
-      $ curl https://authenticate.int.example.com/.well-known/pomerium/jwks.json | jq
-      ```
-
-      ```json
-      {
-        "keys": [
-          {
-            "use": "sig",
-            "kty": "EC",
-            "kid": "ccc5bc9d835ff3c8f7075ed4a7510159cf440fd7bf7b517b5caeb1fa419ee6a1",
-            "crv": "P-256",
-            "alg": "ES256",
-            "x": "QCN7adG2AmIK3UdHJvVJkldsUc6XeBRz83Z4rXX8Va4",
-            "y": "PI95b-ary66nrvA55TpaiWADq8b3O1CYIbvjqIHpXCY"
-          }
-        ]
-      }
-      ```
-
-      If no certificate is specified, one will be generated and the base64'd public key will be added to the logs. Note, however, that this key be unique to each service, ephemeral, and will not be accessible via the authenticate service's `jwks_uri` endpoint.
-    shortdoc: |
-      Signing Key is the key used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.
-    uuid: 69774434-2a43-4896-a574-0fbd38aaa4d4
-  uuid: aa44f409-3de6-42bc-80ce-e0a67f7693e5
diff --git a/examples/config/route.example.yaml b/examples/config/route.example.yaml
index 39e4c5b8f..568755d07 100644
--- a/examples/config/route.example.yaml
+++ b/examples/config/route.example.yaml
@@ -1,6 +1,6 @@
 # This file contains only route and policy configuration details. Other
 # configuration settings required by pomerium are excluded for clarity.
-# See: https://www.pomerium.io/docs/reference/
+# See: https://www.pomerium.com/docs/reference/
 
 #
 # For a complete self contained configuration see : config.example.yaml.
diff --git a/examples/mutual-tls/README.md b/examples/mutual-tls/README.md
index 8d6c7bac8..8866b0e0e 100644
--- a/examples/mutual-tls/README.md
+++ b/examples/mutual-tls/README.md
@@ -7,7 +7,7 @@ A tiny go http server that enforces client certificates and can be used to test
 ### Pomerium config
 
 ```yaml
-# See detailed configuration settings : https://www.pomerium.io/reference/
+# See detailed configuration settings : https://www.pomerium.com/docs/reference
 authenticate_service_url: https://authenticate.corp.domain.example
 authorize_service_url: https://authorize.corp.domain.example
 
@@ -45,7 +45,7 @@ services:
       - CERTIFICATE_KEY
       - COOKIE_SECRET
     volumes:
-      # Mount your config file : https://www.pomerium.io/reference/
+      # Mount your config file : https://www.pomerium.com/docs/reference
       # be sure to change the default values :)
       - ./example.config.yaml:/pomerium/config.yaml:ro
     ports:
diff --git a/examples/mutual-tls/docker-compose.yaml b/examples/mutual-tls/docker-compose.yaml
index 7a39837b7..1681c8155 100644
--- a/examples/mutual-tls/docker-compose.yaml
+++ b/examples/mutual-tls/docker-compose.yaml
@@ -7,7 +7,7 @@ services:
       - CERTIFICATE_KEY
       - COOKIE_SECRET
     volumes:
-      # Mount your config file : https://www.pomerium.io/reference/
+      # Mount your config file : https://www.pomerium.com/docs/reference
       # be sure to change the default values :)
       - ./example.config.yaml:/pomerium/config.yaml:ro
     ports:
diff --git a/examples/mutual-tls/example.config.yaml b/examples/mutual-tls/example.config.yaml
index e9138eaf4..9356da693 100644
--- a/examples/mutual-tls/example.config.yaml
+++ b/examples/mutual-tls/example.config.yaml
@@ -1,4 +1,4 @@
-# See detailed configuration settings : https://www.pomerium.io/reference/
+# See detailed configuration settings : https://www.pomerium.com/docs/reference
 authenticate_service_url: https://authenticate.corp.domain.example
 authorize_service_url: https://authorize.corp.domain.example
 
diff --git a/internal/identity/manager/manager.go b/internal/identity/manager/manager.go
index f2f814361..63cdbb4cd 100644
--- a/internal/identity/manager/manager.go
+++ b/internal/identity/manager/manager.go
@@ -212,7 +212,7 @@ func (mgr *Manager) refreshDirectoryUserGroups(ctx context.Context) (nextRefresh
 		msg := "failed to refresh directory users and groups"
 		if ctx.Err() != nil {
 			msg += ". You may need to increase the identity provider directory timeout setting"
-			msg += "(https://www.pomerium.io/reference/#identity-provider-refresh-directory-settings)"
+			msg += "(https://www.pomerium.com/docs/reference/identity-provider-refresh-directory-settings)"
 		}
 		log.Warn(ctx).Err(err).Msg(msg)
 
diff --git a/internal/identity/oauth/github/github.go b/internal/identity/oauth/github/github.go
index 8e3715282..5443c959d 100644
--- a/internal/identity/oauth/github/github.go
+++ b/internal/identity/oauth/github/github.go
@@ -1,6 +1,6 @@
 // Package github implements OAuth2 based authentication for github
 //
-// https://www.pomerium.io/docs/identity-providers/github.html
+// https://www.pomerium.com/docs/identity-providers/github
 package github
 
 import (
diff --git a/internal/identity/oidc/auth0/auth0.go b/internal/identity/oidc/auth0/auth0.go
index acbf71a7e..abb12ece6 100644
--- a/internal/identity/oidc/auth0/auth0.go
+++ b/internal/identity/oidc/auth0/auth0.go
@@ -1,6 +1,6 @@
 // Package auth0 implements OpenID Connect for auth0
 //
-// https://www.pomerium.io/docs/identity-providers/auth0.html
+// https://www.pomerium.com/docs/identity-providers/auth0
 package auth0
 
 import (
diff --git a/internal/identity/oidc/azure/microsoft.go b/internal/identity/oidc/azure/microsoft.go
index 8734ebca1..ba01165ae 100644
--- a/internal/identity/oidc/azure/microsoft.go
+++ b/internal/identity/oidc/azure/microsoft.go
@@ -1,6 +1,6 @@
 // Package azure implements OpenID Connect for Microsoft Azure
 //
-// https://www.pomerium.io/docs/identity-providers/azure.html
+// https://www.pomerium.com/docs/identity-providers/azure
 package azure
 
 import (
diff --git a/internal/identity/oidc/gitlab/gitlab.go b/internal/identity/oidc/gitlab/gitlab.go
index 455569012..5a7bb40c2 100644
--- a/internal/identity/oidc/gitlab/gitlab.go
+++ b/internal/identity/oidc/gitlab/gitlab.go
@@ -1,6 +1,6 @@
 // Package gitlab implements OpenID Connect for Gitlab
 //
-// https://www.pomerium.io/docs/identity-providers/gitlab.html
+// https://www.pomerium.com/docs/identity-providers/gitlab
 package gitlab
 
 import (
diff --git a/internal/identity/oidc/google/google.go b/internal/identity/oidc/google/google.go
index b688f5816..1b68a41dd 100644
--- a/internal/identity/oidc/google/google.go
+++ b/internal/identity/oidc/google/google.go
@@ -1,6 +1,6 @@
 // Package google implements OpenID Connect for Google and GSuite.
 //
-// https://www.pomerium.io/docs/identity-providers/google.html
+// https://www.pomerium.com/docs/identity-providers/google
 // https://developers.google.com/identity/protocols/oauth2/openid-connect
 package google
 
diff --git a/internal/identity/oidc/okta/okta.go b/internal/identity/oidc/okta/okta.go
index d31f25a8c..59386eccf 100644
--- a/internal/identity/oidc/okta/okta.go
+++ b/internal/identity/oidc/okta/okta.go
@@ -1,6 +1,6 @@
 // Package okta implements OpenID Connect for okta
 //
-// https://www.pomerium.io/docs/identity-providers/okta.html
+// https://www.pomerium.com/docs/identity-providers/okta
 package okta
 
 import (
diff --git a/internal/identity/oidc/onelogin/onelogin.go b/internal/identity/oidc/onelogin/onelogin.go
index 3b79c12e6..1428e953a 100644
--- a/internal/identity/oidc/onelogin/onelogin.go
+++ b/internal/identity/oidc/onelogin/onelogin.go
@@ -1,6 +1,6 @@
 // Package onelogin implements OpenID Connect for OneLogin
 //
-// https://www.pomerium.io/docs/identity-providers/one-login.html
+// https://www.pomerium.com/docs/identity-providers/one-login
 package onelogin
 
 import (
diff --git a/internal/identity/oidc/ping/ping.go b/internal/identity/oidc/ping/ping.go
index 79d1273bf..1bfbc33c3 100644
--- a/internal/identity/oidc/ping/ping.go
+++ b/internal/identity/oidc/ping/ping.go
@@ -1,6 +1,6 @@
 // Package ping implements OpenID Connect for Ping
 //
-// https://www.pomerium.io/docs/identity-providers/ping.html
+// https://www.pomerium.com/docs/identity-providers/ping
 package ping
 
 import (
diff --git a/package.json b/package.json
deleted file mode 100644
index 9cf61a689..000000000
--- a/package.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "devDependencies": {
-    "@limdongjin/vuepress-plugin-simple-seo": "https://github.com/pomerium/vuepress-plugin-simple-seo",
-    "@vuepress/plugin-google-analytics": "1.8.2",
-    "js-yaml": "^4.1.0",
-    "vuepress": "1.8.2",
-    "vuepress-plugin-check-md": "0.0.2",
-    "vuepress-plugin-element-tabs": "^0.2.8",
-    "vuepress-plugin-mailchimp": "^1.4.2",
-    "vuepress-plugin-mermaidjs": "^1.8.1",
-    "vuepress-plugin-sitemap": "2.3.1"
-  },
-  "scripts": {
-    "docs:dev": "vuepress dev docs",
-    "docs:build": "vuepress build docs",
-    "docs:check-md": "vuepress check-md",
-    "console:buildref": "node scripts/generate-console-pages.js"
-  },
-  "dependencies": {
-    "esm": "3.2.25",
-    "markdown-it-include": "^2.0.0",
-    "vuepress-plugin-code-copy": "^1.0.6"
-  }
-}
diff --git a/proxy/forward_auth.go b/proxy/forward_auth.go
index 6ebd3c269..9047b5989 100644
--- a/proxy/forward_auth.go
+++ b/proxy/forward_auth.go
@@ -13,7 +13,7 @@ import (
 // registerFwdAuthHandlers returns a set of handlers that support using pomerium
 // as a "forward-auth" provider with other reverse proxies like nginx, traefik.
 //
-// see : https://www.pomerium.io/configuration/#forward-auth
+// see : https://www.pomerium.com/docs/reference/forward-auth
 func (p *Proxy) registerFwdAuthHandlers() http.Handler {
 	r := httputil.NewRouter()
 	// NGNIX's forward-auth capabilities are split across two settings:
diff --git a/scripts/generate-console-pages.js b/scripts/generate-console-pages.js
deleted file mode 100755
index 13cc112bc..000000000
--- a/scripts/generate-console-pages.js
+++ /dev/null
@@ -1,171 +0,0 @@
-// generate-console-pages.js
-
-const fs = require("fs");
-const yaml = require("js-yaml");
-
-/**
- * This helper script, run by the technical writers, (re)generates markdown
- * documents for the Enterprise reference section. It assumes the existence
- * of `console-settings.yaml`, to be sourced as a build artifact from
- * pomerium/pomerium-console, and `pomerium-console_serve.yaml`, sourced from
- * running `pomerium-console gendocs.
- */
-
-// Functions
-
-/**
- *
- * Import content from /docs/reference/settings.yaml when needed.
- */
-const fromOSSettings = (name, keys) => {
-  //console.log(keys)
-  const asMap = Object.values(OSSettings.settings).map((section) => {
-    const subSections = Object.values(section.settings)
-    return subSections
-  } )
-  let result = ''
-  for (let i = 0; i < asMap.length; i++ ) {
-    for (j = 0; j < asMap[i].length; j++){
-      const fixAnchorLinksRegex = /\(\#/g
-      const fixHTMLLinksRegex = /\(\/(.+?).html/g
-      if (asMap[i][j].name === name) {
-        result = asMap[i][j].doc.replace(fixAnchorLinksRegex, "(/reference/readme.md#").replace(fixHTMLLinksRegex, "(/$1.md")
-      }
-      else if (keys !== null && asMap[i][j].keys && keys.some( key => asMap[i][j].keys.indexOf(key) >= 0)) {
-        result = asMap[i][j].doc.replace(fixAnchorLinksRegex, "(/reference/readme.md#").replace(fixHTMLLinksRegex, "(/$1.md")
-      } else {
-        if (asMap[i][j].settings) {
-          for (k = 0; k < asMap[i][j].settings.length; k++) {
-            if (asMap[i][j].settings[k].name === name && asMap[i][j].settings[k].doc) {
-              result = asMap[i][j].settings[k].doc.replace(fixAnchorLinksRegex, "(/reference/readme.md#").replace(fixHTMLLinksRegex, "(/$1.md")
-            }
-            else if (keys !== null && asMap[i][j].settings[k].keys && keys.some( key => asMap[i][j].settings[k].keys.indexOf(key) >= 0) && asMap[i][j].settings[k].doc) {
-              result = asMap[i][j].settings[k].doc.replace(fixAnchorLinksRegex, "(/reference/readme.md#").replace(fixHTMLLinksRegex, "(/$1.md")
-            }
-          }
-        }
-      }
-    }
-  }
-  return result;
-}
-
-/**
- *  Import console environment/config options from `pomerium-console_serve.yaml`
- */
-const writeConfigPage = (src) => {
-  //console.log(`keys from src file: ` + JSON.stringify(src)) // For Debugging
-  let path = "./docs/enterprise/reference/config.md";
-  console.log(`Generating environment variable docs...\n`);
-  let frontmatter = `---
-title: Environment Variables
-lang: en-US
-meta:
-    - name: keywords
-      content: configuration, options, settings, pomerium, enterprise, reference
----
-
-# Pomerium Console Environment Variables
-
-The keys listed below can be applied in Pomerium Console's \`config.yaml\` file, or applied as environment variables (in uppercase, replacing \`-\` with \`_\`).
-
-| Name    | Description | Default Value |
-|:--------|:-------------|---------------|
-`;
-  const keySection = (obj) => {
-    //console.log(JSON.stringify(obj.name)) // For Debugging
-    let name = `| <a class="entRef-anchor" id="${obj.name}">#</a><a href=#${obj.name}>` + obj.name + `</a> |`;
-    let body = ` ${(obj.usage).replace(/\n/g, '')} | ${obj.default_value ? `\`${obj.default_value.replace(/\n/g, '')}\`` : `none`} |`;
-    return name + body;
-  };
-
-  let content =
-    frontmatter + src.options.map((section) => keySection(section)).join("\n");
-  fs.writeFileSync(path, content);
-};
-
-/**
- * Read `console-settings.yaml` and write
- * markdown pages under `docs/enterprise/reference`.
- */
-const writePage = (setting) => {
-  let path =
-    "./docs/enterprise/reference/" +
-    setting.name.replace(/\s/g, "-").toLowerCase() +
-    ".md";
-  console.log("Generating", path, "page");
-
-  let frontmatter = `---
-title: ${setting.name}
-lang: en-US
-sidebarDepth: 2
-meta:
-    - name: keywords
-      content: configuration, options, settings, pomerium, enterprise, reference
----
-
-`;
-
-  let header = "# " + setting.name + "\n" + "\n";
-  let body = setting.doc ? setting.doc.toString() + "\n" : "";
-  let moreBody = setting.settings
-    ? setting.settings
-        .map((subsection) => writeSubsection(subsection, 2))
-        .join("")
-    : "";
-  let content = frontmatter + header + body + moreBody + postamble;
-
-  fs.writeFileSync(path, content);
-};
-
-/**
- * Called by writePage, this function
- * handles nested settings objects.
- */
-const writeSubsection = (subsection, depth) => {
-  let subContent = "";
-  if (!subsection.name) {
-    return;
-  }
-  if (!subsection.doc) {
-    //console.log(subsection)
-    //console.log(subsection.keys || "no key")
-    subContent =
-      fromOSSettings(subsection.name, subsection.keys || null) + "\n";
-  }
-  let header = "#".repeat(depth) + " " + subsection.name + "\n" + "\n";
-  subContent =
-    subContent + (subsection.doc ? subsection.doc.toString() + "\n\n" : "");
-  subsection.attributes
-    ? (subContent = subContent + subsection.attributes.toString())
-    : null;
-  subsection.settings
-    ? (subContent =
-        subContent +
-        subsection.settings
-          .map((turtles) => writeSubsection(turtles, depth + 1))
-          .join(""))
-    : "";
-  return header + subContent;
-};
-
-// Main
-
-console.log("Reading console-settings.yaml");
-
-let docs = yaml.load(
-  fs.readFileSync("./docs/enterprise/console-settings.yaml", "utf8")
-);
-let keysFile = yaml.load(
-  fs.readFileSync("./docs/enterprise/pomerium-console_serve.yaml", "utf8")
-);
-let OSSettings = yaml.load(
-  fs.readFileSync("./docs/reference/settings.yaml", "utf8")
-);
-let postamble = docs.postamble
-
-writeConfigPage(keysFile);
-
-docs.settings.map((setting) => {
-  writePage(setting);
-});
diff --git a/scripts/generate-settings-docs.py b/scripts/generate-settings-docs.py
deleted file mode 100755
index 5a11aeed6..000000000
--- a/scripts/generate-settings-docs.py
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/bin/env python3
-import os.path
-import uuid
-from typing import Any, IO
-from ruamel.yaml import YAML
-
-yaml = YAML()
-
-
-def main():
-    d = os.path.join(os.path.dirname(__file__),
-                     "..", "docs", "reference")
-    d = os.path.normpath(d)
-    print(f"generating {d}/readme.md")
-
-    settings_path = f"{d}/settings.yaml"
-
-    enterprise_settings_path = os.path.normpath(os.path.join(os.path.dirname(__file__), '..',
-                                                             'docs', 'enterprise', 'console-settings.yaml'))
-
-    rewrite_settings_yaml(settings_path)
-    rewrite_settings_yaml(enterprise_settings_path)
-
-    with open(settings_path) as f:
-        doc = yaml.load(f)
-
-    f = open(os.path.join(os.path.dirname(__file__),
-                          "..", "docs", "reference", "readme.md"), "w")
-    f.write(f"{doc['preamble']}\n")
-    write_setting(f, 1, doc)
-    f.write(f"{doc['postamble']}")
-    f.close()
-
-
-def rewrite_settings_yaml(path):
-    with open(path) as f:
-        doc = yaml.load(f)
-
-    add_uuid(doc['settings'])
-
-    with open(path, 'w') as f:
-        yaml.dump(doc, f)
-
-
-def add_uuid(settings):
-    for setting in settings:
-        if not 'uuid' in setting:
-            setting['uuid'] = str(uuid.uuid4())
-
-        if 'settings' in setting:
-            add_uuid(setting['settings'])
-
-
-def write_setting(w, depth, setting):
-    if 'name' in setting:
-        w.write(f"{'#' * depth} {setting.get('name', '')}\n")
-
-    if 'attributes' in setting:
-        w.write(f"{setting.get('attributes','')}\n")
-
-    if 'doc' in setting:
-        w.write(f"{setting.get('doc', '')}\n")
-
-    w.write("\n")
-
-    for subsetting in setting.get('settings', []):
-        write_setting(w, depth+1, subsetting)
-
-
-if __name__ == "__main__":
-    main()
diff --git a/scripts/vegeta_benchmark.sh b/scripts/vegeta_benchmark.sh
deleted file mode 100755
index 0485d0e44..000000000
--- a/scripts/vegeta_benchmark.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# see: https://github.com/tsenart/vegeta
-
-cookie='cookie: _pomerium_proxy=REPLACE_ME'
-url='GET https://hi.corp.beyondperimeter.com/'
-rate=100
-until [ $rate -gt 10001 ]; do
-	echo "${url}" | vegeta attack -header "${cookie}" -name=$rate -rate=$rate -duration=5s >results.$rate.bin
-	let rate+=100
-	sleep 10
-done
-
-for filename in results.*; do
-	cat "$filename" | vegeta report
-	cat "$filename" | vegeta report -type="hist[0,50ms,100ms,200ms,300ms,500ms,1000ms]"
-done
diff --git a/yarn.lock b/yarn.lock
deleted file mode 100644
index 636937faf..000000000
--- a/yarn.lock
+++ /dev/null
@@ -1,9287 +0,0 @@
-# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
-# yarn lockfile v1
-
-
-"@babel/code-frame@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.14.5.tgz#23b08d740e83f49c5e59945fbf1b43e80bbf4edb"
-  integrity sha512-9pzDqyc6OLDaqe+zbACgFkb6fKMNG6CObKpnYXChRsvYGyEdc7CA2BaqeOM+vOtCS5ndmJicPJhKAwYRI6UfFw==
-  dependencies:
-    "@babel/highlight" "^7.14.5"
-
-"@babel/compat-data@^7.13.11", "@babel/compat-data@^7.14.5", "@babel/compat-data@^7.14.7":
-  version "7.14.7"
-  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.14.7.tgz#7b047d7a3a89a67d2258dc61f604f098f1bc7e08"
-  integrity sha512-nS6dZaISCXJ3+518CWiBfEr//gHyMO02uDxBkXTKZDN5POruCnOZ1N4YBRZDCabwF8nZMWBpRxIicmXtBs+fvw==
-
-"@babel/core@^7.11.0", "@babel/core@^7.8.4":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.14.8.tgz#20cdf7c84b5d86d83fac8710a8bc605a7ba3f010"
-  integrity sha512-/AtaeEhT6ErpDhInbXmjHcUQXH0L0TEgscfcxk1qbOvLuKCa5aZT0SOOtDKFY96/CLROwbLSKyFor6idgNaU4Q==
-  dependencies:
-    "@babel/code-frame" "^7.14.5"
-    "@babel/generator" "^7.14.8"
-    "@babel/helper-compilation-targets" "^7.14.5"
-    "@babel/helper-module-transforms" "^7.14.8"
-    "@babel/helpers" "^7.14.8"
-    "@babel/parser" "^7.14.8"
-    "@babel/template" "^7.14.5"
-    "@babel/traverse" "^7.14.8"
-    "@babel/types" "^7.14.8"
-    convert-source-map "^1.7.0"
-    debug "^4.1.0"
-    gensync "^1.0.0-beta.2"
-    json5 "^2.1.2"
-    semver "^6.3.0"
-    source-map "^0.5.0"
-
-"@babel/generator@^7.14.8":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.14.8.tgz#bf86fd6af96cf3b74395a8ca409515f89423e070"
-  integrity sha512-cYDUpvIzhBVnMzRoY1fkSEhK/HmwEVwlyULYgn/tMQYd6Obag3ylCjONle3gdErfXBW61SVTlR9QR7uWlgeIkg==
-  dependencies:
-    "@babel/types" "^7.14.8"
-    jsesc "^2.5.1"
-    source-map "^0.5.0"
-
-"@babel/helper-annotate-as-pure@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.14.5.tgz#7bf478ec3b71726d56a8ca5775b046fc29879e61"
-  integrity sha512-EivH9EgBIb+G8ij1B2jAwSH36WnGvkQSEC6CkX/6v6ZFlw5fVOHvsgGF4uiEHO2GzMvunZb6tDLQEQSdrdocrA==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-builder-binary-assignment-operator-visitor@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.14.5.tgz#b939b43f8c37765443a19ae74ad8b15978e0a191"
-  integrity sha512-YTA/Twn0vBXDVGJuAX6PwW7x5zQei1luDDo2Pl6q1qZ7hVNl0RZrhHCQG/ArGpR29Vl7ETiB8eJyrvpuRp300w==
-  dependencies:
-    "@babel/helper-explode-assignable-expression" "^7.14.5"
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-compilation-targets@^7.13.0", "@babel/helper-compilation-targets@^7.14.5", "@babel/helper-compilation-targets@^7.9.6":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.14.5.tgz#7a99c5d0967911e972fe2c3411f7d5b498498ecf"
-  integrity sha512-v+QtZqXEiOnpO6EYvlImB6zCD2Lel06RzOPzmkz/D/XgQiUu3C/Jb1LOqSt/AIA34TYi/Q+KlT8vTQrgdxkbLw==
-  dependencies:
-    "@babel/compat-data" "^7.14.5"
-    "@babel/helper-validator-option" "^7.14.5"
-    browserslist "^4.16.6"
-    semver "^6.3.0"
-
-"@babel/helper-create-class-features-plugin@^7.14.5":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.14.8.tgz#a6f8c3de208b1e5629424a9a63567f56501955fc"
-  integrity sha512-bpYvH8zJBWzeqi1o+co8qOrw+EXzQ/0c74gVmY205AWXy9nifHrOg77y+1zwxX5lXE7Icq4sPlSQ4O2kWBrteQ==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.14.5"
-    "@babel/helper-function-name" "^7.14.5"
-    "@babel/helper-member-expression-to-functions" "^7.14.7"
-    "@babel/helper-optimise-call-expression" "^7.14.5"
-    "@babel/helper-replace-supers" "^7.14.5"
-    "@babel/helper-split-export-declaration" "^7.14.5"
-
-"@babel/helper-create-regexp-features-plugin@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.14.5.tgz#c7d5ac5e9cf621c26057722fb7a8a4c5889358c4"
-  integrity sha512-TLawwqpOErY2HhWbGJ2nZT5wSkR192QpN+nBg1THfBfftrlvOh+WbhrxXCH4q4xJ9Gl16BGPR/48JA+Ryiho/A==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.14.5"
-    regexpu-core "^4.7.1"
-
-"@babel/helper-define-polyfill-provider@^0.2.2":
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.2.3.tgz#0525edec5094653a282688d34d846e4c75e9c0b6"
-  integrity sha512-RH3QDAfRMzj7+0Nqu5oqgO5q9mFtQEVvCRsi8qCEfzLR9p2BHfn5FzhSB2oj1fF7I2+DcTORkYaQ6aTR9Cofew==
-  dependencies:
-    "@babel/helper-compilation-targets" "^7.13.0"
-    "@babel/helper-module-imports" "^7.12.13"
-    "@babel/helper-plugin-utils" "^7.13.0"
-    "@babel/traverse" "^7.13.0"
-    debug "^4.1.1"
-    lodash.debounce "^4.0.8"
-    resolve "^1.14.2"
-    semver "^6.1.2"
-
-"@babel/helper-explode-assignable-expression@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.14.5.tgz#8aa72e708205c7bb643e45c73b4386cdf2a1f645"
-  integrity sha512-Htb24gnGJdIGT4vnRKMdoXiOIlqOLmdiUYpAQ0mYfgVT/GDm8GOYhgi4GL+hMKrkiPRohO4ts34ELFsGAPQLDQ==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-function-name@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.14.5.tgz#89e2c474972f15d8e233b52ee8c480e2cfcd50c4"
-  integrity sha512-Gjna0AsXWfFvrAuX+VKcN/aNNWonizBj39yGwUzVDVTlMYJMK2Wp6xdpy72mfArFq5uK+NOuexfzZlzI1z9+AQ==
-  dependencies:
-    "@babel/helper-get-function-arity" "^7.14.5"
-    "@babel/template" "^7.14.5"
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-get-function-arity@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-get-function-arity/-/helper-get-function-arity-7.14.5.tgz#25fbfa579b0937eee1f3b805ece4ce398c431815"
-  integrity sha512-I1Db4Shst5lewOM4V+ZKJzQ0JGGaZ6VY1jYvMghRjqs6DWgxLCIyFt30GlnKkfUeFLpJt2vzbMVEXVSXlIFYUg==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-hoist-variables@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.14.5.tgz#e0dd27c33a78e577d7c8884916a3e7ef1f7c7f8d"
-  integrity sha512-R1PXiz31Uc0Vxy4OEOm07x0oSjKAdPPCh3tPivn/Eo8cvz6gveAeuyUUPB21Hoiif0uoPQSSdhIPS3352nvdyQ==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-member-expression-to-functions@^7.14.5", "@babel/helper-member-expression-to-functions@^7.14.7":
-  version "7.14.7"
-  resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.14.7.tgz#97e56244beb94211fe277bd818e3a329c66f7970"
-  integrity sha512-TMUt4xKxJn6ccjcOW7c4hlwyJArizskAhoSTOCkA0uZ+KghIaci0Qg9R043kUMWI9mtQfgny+NQ5QATnZ+paaA==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-module-imports@^7.0.0", "@babel/helper-module-imports@^7.12.13", "@babel/helper-module-imports@^7.14.5", "@babel/helper-module-imports@^7.8.3":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.14.5.tgz#6d1a44df6a38c957aa7c312da076429f11b422f3"
-  integrity sha512-SwrNHu5QWS84XlHwGYPDtCxcA0hrSlL2yhWYLgeOc0w7ccOl2qv4s/nARI0aYZW+bSwAL5CukeXA47B/1NKcnQ==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-module-transforms@^7.14.5", "@babel/helper-module-transforms@^7.14.8":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.14.8.tgz#d4279f7e3fd5f4d5d342d833af36d4dd87d7dc49"
-  integrity sha512-RyE+NFOjXn5A9YU1dkpeBaduagTlZ0+fccnIcAGbv1KGUlReBj7utF7oEth8IdIBQPcux0DDgW5MFBH2xu9KcA==
-  dependencies:
-    "@babel/helper-module-imports" "^7.14.5"
-    "@babel/helper-replace-supers" "^7.14.5"
-    "@babel/helper-simple-access" "^7.14.8"
-    "@babel/helper-split-export-declaration" "^7.14.5"
-    "@babel/helper-validator-identifier" "^7.14.8"
-    "@babel/template" "^7.14.5"
-    "@babel/traverse" "^7.14.8"
-    "@babel/types" "^7.14.8"
-
-"@babel/helper-optimise-call-expression@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.14.5.tgz#f27395a8619e0665b3f0364cddb41c25d71b499c"
-  integrity sha512-IqiLIrODUOdnPU9/F8ib1Fx2ohlgDhxnIDU7OEVi+kAbEZcyiF7BLU8W6PfvPi9LzztjS7kcbzbmL7oG8kD6VA==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.13.0", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.14.5.tgz#5ac822ce97eec46741ab70a517971e443a70c5a9"
-  integrity sha512-/37qQCE3K0vvZKwoK4XU/irIJQdIfCJuhU5eKnNxpFDsOkgFaUAwbv+RYw6eYgsC0E4hS7r5KqGULUogqui0fQ==
-
-"@babel/helper-remap-async-to-generator@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.14.5.tgz#51439c913612958f54a987a4ffc9ee587a2045d6"
-  integrity sha512-rLQKdQU+HYlxBwQIj8dk4/0ENOUEhA/Z0l4hN8BexpvmSMN9oA9EagjnhnDpNsRdWCfjwa4mn/HyBXO9yhQP6A==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.14.5"
-    "@babel/helper-wrap-function" "^7.14.5"
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-replace-supers@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.14.5.tgz#0ecc0b03c41cd567b4024ea016134c28414abb94"
-  integrity sha512-3i1Qe9/8x/hCHINujn+iuHy+mMRLoc77b2nI9TB0zjH1hvn9qGlXjWlggdwUcju36PkPCy/lpM7LLUdcTyH4Ow==
-  dependencies:
-    "@babel/helper-member-expression-to-functions" "^7.14.5"
-    "@babel/helper-optimise-call-expression" "^7.14.5"
-    "@babel/traverse" "^7.14.5"
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-simple-access@^7.14.5", "@babel/helper-simple-access@^7.14.8":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.14.8.tgz#82e1fec0644a7e775c74d305f212c39f8fe73924"
-  integrity sha512-TrFN4RHh9gnWEU+s7JloIho2T76GPwRHhdzOWLqTrMnlas8T9O7ec+oEDNsRXndOmru9ymH9DFrEOxpzPoSbdg==
-  dependencies:
-    "@babel/types" "^7.14.8"
-
-"@babel/helper-skip-transparent-expression-wrappers@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.14.5.tgz#96f486ac050ca9f44b009fbe5b7d394cab3a0ee4"
-  integrity sha512-dmqZB7mrb94PZSAOYtr+ZN5qt5owZIAgqtoTuqiFbHFtxgEcmQlRJVI+bO++fciBunXtB6MK7HrzrfcAzIz2NQ==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-split-export-declaration@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.14.5.tgz#22b23a54ef51c2b7605d851930c1976dd0bc693a"
-  integrity sha512-hprxVPu6e5Kdp2puZUmvOGjaLv9TCe58E/Fl6hRq4YiVQxIcNvuq6uTM2r1mT/oPskuS9CgR+I94sqAYv0NGKA==
-  dependencies:
-    "@babel/types" "^7.14.5"
-
-"@babel/helper-validator-identifier@^7.14.5", "@babel/helper-validator-identifier@^7.14.8":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.14.8.tgz#32be33a756f29e278a0d644fa08a2c9e0f88a34c"
-  integrity sha512-ZGy6/XQjllhYQrNw/3zfWRwZCTVSiBLZ9DHVZxn9n2gip/7ab8mv2TWlKPIBk26RwedCBoWdjLmn+t9na2Gcow==
-
-"@babel/helper-validator-option@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.14.5.tgz#6e72a1fff18d5dfcb878e1e62f1a021c4b72d5a3"
-  integrity sha512-OX8D5eeX4XwcroVW45NMvoYaIuFI+GQpA2a8Gi+X/U/cDUIRsV37qQfF905F0htTRCREQIB4KqPeaveRJUl3Ow==
-
-"@babel/helper-wrap-function@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.14.5.tgz#5919d115bf0fe328b8a5d63bcb610f51601f2bff"
-  integrity sha512-YEdjTCq+LNuNS1WfxsDCNpgXkJaIyqco6DAelTUjT4f2KIWC1nBcaCaSdHTBqQVLnTBexBcVcFhLSU1KnYuePQ==
-  dependencies:
-    "@babel/helper-function-name" "^7.14.5"
-    "@babel/template" "^7.14.5"
-    "@babel/traverse" "^7.14.5"
-    "@babel/types" "^7.14.5"
-
-"@babel/helpers@^7.14.8":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.14.8.tgz#839f88f463025886cff7f85a35297007e2da1b77"
-  integrity sha512-ZRDmI56pnV+p1dH6d+UN6GINGz7Krps3+270qqI9UJ4wxYThfAIcI5i7j5vXC4FJ3Wap+S9qcebxeYiqn87DZw==
-  dependencies:
-    "@babel/template" "^7.14.5"
-    "@babel/traverse" "^7.14.8"
-    "@babel/types" "^7.14.8"
-
-"@babel/highlight@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.14.5.tgz#6861a52f03966405001f6aa534a01a24d99e8cd9"
-  integrity sha512-qf9u2WFWVV0MppaL877j2dBtQIDgmidgjGk5VIMw3OadXvYaXn66U1BFlH2t4+t3i+8PhedppRv+i40ABzd+gg==
-  dependencies:
-    "@babel/helper-validator-identifier" "^7.14.5"
-    chalk "^2.0.0"
-    js-tokens "^4.0.0"
-
-"@babel/parser@^7.14.5", "@babel/parser@^7.14.8":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.14.8.tgz#66fd41666b2d7b840bd5ace7f7416d5ac60208d4"
-  integrity sha512-syoCQFOoo/fzkWDeM0dLEZi5xqurb5vuyzwIMNZRNun+N/9A4cUZeQaE7dTrB8jGaKuJRBtEOajtnmw0I5hvvA==
-
-"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.14.5.tgz#4b467302e1548ed3b1be43beae2cc9cf45e0bb7e"
-  integrity sha512-ZoJS2XCKPBfTmL122iP6NM9dOg+d4lc9fFk3zxc8iDjvt8Pk4+TlsHSKhIPf6X+L5ORCdBzqMZDjL/WHj7WknQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.14.5"
-    "@babel/plugin-proposal-optional-chaining" "^7.14.5"
-
-"@babel/plugin-proposal-async-generator-functions@^7.14.7":
-  version "7.14.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-async-generator-functions/-/plugin-proposal-async-generator-functions-7.14.7.tgz#784a48c3d8ed073f65adcf30b57bcbf6c8119ace"
-  integrity sha512-RK8Wj7lXLY3bqei69/cc25gwS5puEc3dknoFPFbqfy3XxYQBQFvu4ioWpafMBAB+L9NyptQK4nMOa5Xz16og8Q==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-remap-async-to-generator" "^7.14.5"
-    "@babel/plugin-syntax-async-generators" "^7.8.4"
-
-"@babel/plugin-proposal-class-properties@^7.14.5", "@babel/plugin-proposal-class-properties@^7.8.3":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.14.5.tgz#40d1ee140c5b1e31a350f4f5eed945096559b42e"
-  integrity sha512-q/PLpv5Ko4dVc1LYMpCY7RVAAO4uk55qPwrIuJ5QJ8c6cVuAmhu7I/49JOppXL6gXf7ZHzpRVEUZdYoPLM04Gg==
-  dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-proposal-class-static-block@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-class-static-block/-/plugin-proposal-class-static-block-7.14.5.tgz#158e9e10d449c3849ef3ecde94a03d9f1841b681"
-  integrity sha512-KBAH5ksEnYHCegqseI5N9skTdxgJdmDoAOc0uXa+4QMYKeZD0w5IARh4FMlTNtaHhbB8v+KzMdTgxMMzsIy6Yg==
-  dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-class-static-block" "^7.14.5"
-
-"@babel/plugin-proposal-decorators@^7.8.3":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.14.5.tgz#59bc4dfc1d665b5a6749cf798ff42297ed1b2c1d"
-  integrity sha512-LYz5nvQcvYeRVjui1Ykn28i+3aUiXwQ/3MGoEy0InTaz1pJo/lAzmIDXX+BQny/oufgHzJ6vnEEiXQ8KZjEVFg==
-  dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-decorators" "^7.14.5"
-
-"@babel/plugin-proposal-dynamic-import@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-dynamic-import/-/plugin-proposal-dynamic-import-7.14.5.tgz#0c6617df461c0c1f8fff3b47cd59772360101d2c"
-  integrity sha512-ExjiNYc3HDN5PXJx+bwC50GIx/KKanX2HiggnIUAYedbARdImiCU4RhhHfdf0Kd7JNXGpsBBBCOm+bBVy3Gb0g==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-dynamic-import" "^7.8.3"
-
-"@babel/plugin-proposal-export-namespace-from@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-export-namespace-from/-/plugin-proposal-export-namespace-from-7.14.5.tgz#dbad244310ce6ccd083072167d8cea83a52faf76"
-  integrity sha512-g5POA32bXPMmSBu5Dx/iZGLGnKmKPc5AiY7qfZgurzrCYgIztDlHFbznSNCoQuv57YQLnQfaDi7dxCtLDIdXdA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-export-namespace-from" "^7.8.3"
-
-"@babel/plugin-proposal-json-strings@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-json-strings/-/plugin-proposal-json-strings-7.14.5.tgz#38de60db362e83a3d8c944ac858ddf9f0c2239eb"
-  integrity sha512-NSq2fczJYKVRIsUJyNxrVUMhB27zb7N7pOFGQOhBKJrChbGcgEAqyZrmZswkPk18VMurEeJAaICbfm57vUeTbQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-json-strings" "^7.8.3"
-
-"@babel/plugin-proposal-logical-assignment-operators@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-logical-assignment-operators/-/plugin-proposal-logical-assignment-operators-7.14.5.tgz#6e6229c2a99b02ab2915f82571e0cc646a40c738"
-  integrity sha512-YGn2AvZAo9TwyhlLvCCWxD90Xq8xJ4aSgaX3G5D/8DW94L8aaT+dS5cSP+Z06+rCJERGSr9GxMBZ601xoc2taw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4"
-
-"@babel/plugin-proposal-nullish-coalescing-operator@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-nullish-coalescing-operator/-/plugin-proposal-nullish-coalescing-operator-7.14.5.tgz#ee38589ce00e2cc59b299ec3ea406fcd3a0fdaf6"
-  integrity sha512-gun/SOnMqjSb98Nkaq2rTKMwervfdAoz6NphdY0vTfuzMfryj+tDGb2n6UkDKwez+Y8PZDhE3D143v6Gepp4Hg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3"
-
-"@babel/plugin-proposal-numeric-separator@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-numeric-separator/-/plugin-proposal-numeric-separator-7.14.5.tgz#83631bf33d9a51df184c2102a069ac0c58c05f18"
-  integrity sha512-yiclALKe0vyZRZE0pS6RXgjUOt87GWv6FYa5zqj15PvhOGFO69R5DusPlgK/1K5dVnCtegTiWu9UaBSrLLJJBg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-numeric-separator" "^7.10.4"
-
-"@babel/plugin-proposal-object-rest-spread@^7.14.7":
-  version "7.14.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.14.7.tgz#5920a2b3df7f7901df0205974c0641b13fd9d363"
-  integrity sha512-082hsZz+sVabfmDWo1Oct1u1AgbKbUAyVgmX4otIc7bdsRgHBXwTwb3DpDmD4Eyyx6DNiuz5UAATT655k+kL5g==
-  dependencies:
-    "@babel/compat-data" "^7.14.7"
-    "@babel/helper-compilation-targets" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-object-rest-spread" "^7.8.3"
-    "@babel/plugin-transform-parameters" "^7.14.5"
-
-"@babel/plugin-proposal-optional-catch-binding@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-optional-catch-binding/-/plugin-proposal-optional-catch-binding-7.14.5.tgz#939dd6eddeff3a67fdf7b3f044b5347262598c3c"
-  integrity sha512-3Oyiixm0ur7bzO5ybNcZFlmVsygSIQgdOa7cTfOYCMY+wEPAYhZAJxi3mixKFCTCKUhQXuCTtQ1MzrpL3WT8ZQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-optional-catch-binding" "^7.8.3"
-
-"@babel/plugin-proposal-optional-chaining@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.14.5.tgz#fa83651e60a360e3f13797eef00b8d519695b603"
-  integrity sha512-ycz+VOzo2UbWNI1rQXxIuMOzrDdHGrI23fRiz/Si2R4kv2XZQ1BK8ccdHwehMKBlcH/joGW/tzrUmo67gbJHlQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.14.5"
-    "@babel/plugin-syntax-optional-chaining" "^7.8.3"
-
-"@babel/plugin-proposal-private-methods@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-methods/-/plugin-proposal-private-methods-7.14.5.tgz#37446495996b2945f30f5be5b60d5e2aa4f5792d"
-  integrity sha512-838DkdUA1u+QTCplatfq4B7+1lnDa/+QMI89x5WZHBcnNv+47N8QEj2k9I2MUU9xIv8XJ4XvPCviM/Dj7Uwt9g==
-  dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-proposal-private-property-in-object@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.14.5.tgz#9f65a4d0493a940b4c01f8aa9d3f1894a587f636"
-  integrity sha512-62EyfyA3WA0mZiF2e2IV9mc9Ghwxcg8YTu8BS4Wss4Y3PY725OmS9M0qLORbJwLqFtGh+jiE4wAmocK2CTUK2Q==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.14.5"
-    "@babel/helper-create-class-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/plugin-syntax-private-property-in-object" "^7.14.5"
-
-"@babel/plugin-proposal-unicode-property-regex@^7.14.5", "@babel/plugin-proposal-unicode-property-regex@^7.4.4":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-unicode-property-regex/-/plugin-proposal-unicode-property-regex-7.14.5.tgz#0f95ee0e757a5d647f378daa0eca7e93faa8bbe8"
-  integrity sha512-6axIeOU5LnY471KenAB9vI8I5j7NQ2d652hIYwVyRfgaZT5UpiqFKCuVXCDMSrU+3VFafnu2c5m3lrWIlr6A5Q==
-  dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-syntax-async-generators@^7.8.4":
-  version "7.8.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz#a983fb1aeb2ec3f6ed042a210f640e90e786fe0d"
-  integrity sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.0"
-
-"@babel/plugin-syntax-class-properties@^7.12.13":
-  version "7.12.13"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz#b5c987274c4a3a82b89714796931a6b53544ae10"
-  integrity sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.12.13"
-
-"@babel/plugin-syntax-class-static-block@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-class-static-block/-/plugin-syntax-class-static-block-7.14.5.tgz#195df89b146b4b78b3bf897fd7a257c84659d406"
-  integrity sha512-b+YyPmr6ldyNnM6sqYeMWE+bgJcJpO6yS4QD7ymxgH34GBPNDM/THBh8iunyvKIZztiwLH4CJZ0RxTk9emgpjw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-syntax-decorators@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.14.5.tgz#eafb9c0cbe09c8afeb964ba3a7bbd63945a72f20"
-  integrity sha512-c4sZMRWL4GSvP1EXy0woIP7m4jkVcEuG8R1TOZxPBPtp4FSM/kiPZub9UIs/Jrb5ZAOzvTUSGYrWsrSu1JvoPw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-syntax-dynamic-import@^7.8.3":
-  version "7.8.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz#62bf98b2da3cd21d626154fc96ee5b3cb68eacb3"
-  integrity sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.0"
-
-"@babel/plugin-syntax-export-namespace-from@^7.8.3":
-  version "7.8.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-export-namespace-from/-/plugin-syntax-export-namespace-from-7.8.3.tgz#028964a9ba80dbc094c915c487ad7c4e7a66465a"
-  integrity sha512-MXf5laXo6c1IbEbegDmzGPwGNTsHZmEy6QGznu5Sh2UCWvueywb2ee+CCE4zQiZstxU9BMoQO9i6zUFSY0Kj0Q==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.3"
-
-"@babel/plugin-syntax-json-strings@^7.8.3":
-  version "7.8.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz#01ca21b668cd8218c9e640cb6dd88c5412b2c96a"
-  integrity sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.0"
-
-"@babel/plugin-syntax-jsx@^7.0.0", "@babel/plugin-syntax-jsx@^7.2.0", "@babel/plugin-syntax-jsx@^7.8.3":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.14.5.tgz#000e2e25d8673cce49300517a3eda44c263e4201"
-  integrity sha512-ohuFIsOMXJnbOMRfX7/w7LocdR6R7whhuRD4ax8IipLcLPlZGJKkBxgHp++U4N/vKyU16/YDQr2f5seajD3jIw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-syntax-logical-assignment-operators@^7.10.4":
-  version "7.10.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz#ca91ef46303530448b906652bac2e9fe9941f699"
-  integrity sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.10.4"
-
-"@babel/plugin-syntax-nullish-coalescing-operator@^7.8.3":
-  version "7.8.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz#167ed70368886081f74b5c36c65a88c03b66d1a9"
-  integrity sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.0"
-
-"@babel/plugin-syntax-numeric-separator@^7.10.4":
-  version "7.10.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz#b9b070b3e33570cd9fd07ba7fa91c0dd37b9af97"
-  integrity sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.10.4"
-
-"@babel/plugin-syntax-object-rest-spread@^7.8.3":
-  version "7.8.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz#60e225edcbd98a640332a2e72dd3e66f1af55871"
-  integrity sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.0"
-
-"@babel/plugin-syntax-optional-catch-binding@^7.8.3":
-  version "7.8.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz#6111a265bcfb020eb9efd0fdfd7d26402b9ed6c1"
-  integrity sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.0"
-
-"@babel/plugin-syntax-optional-chaining@^7.8.3":
-  version "7.8.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz#4f69c2ab95167e0180cd5336613f8c5788f7d48a"
-  integrity sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.8.0"
-
-"@babel/plugin-syntax-private-property-in-object@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-private-property-in-object/-/plugin-syntax-private-property-in-object-7.14.5.tgz#0dc6671ec0ea22b6e94a1114f857970cd39de1ad"
-  integrity sha512-0wVnp9dxJ72ZUJDV27ZfbSj6iHLoytYZmh3rFcxNnvsJF3ktkzLDZPy/mA17HGsaQT3/DQsWYX1f1QGWkCoVUg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-syntax-top-level-await@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz#c1cfdadc35a646240001f06138247b741c34d94c"
-  integrity sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-arrow-functions@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.14.5.tgz#f7187d9588a768dd080bf4c9ffe117ea62f7862a"
-  integrity sha512-KOnO0l4+tD5IfOdi4x8C1XmEIRWUjNRV8wc6K2vz/3e8yAOoZZvsRXRRIF/yo/MAOFb4QjtAw9xSxMXbSMRy8A==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-async-to-generator@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.14.5.tgz#72c789084d8f2094acb945633943ef8443d39e67"
-  integrity sha512-szkbzQ0mNk0rpu76fzDdqSyPu0MuvpXgC+6rz5rpMb5OIRxdmHfQxrktL8CYolL2d8luMCZTR0DpIMIdL27IjA==
-  dependencies:
-    "@babel/helper-module-imports" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-remap-async-to-generator" "^7.14.5"
-
-"@babel/plugin-transform-block-scoped-functions@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.14.5.tgz#e48641d999d4bc157a67ef336aeb54bc44fd3ad4"
-  integrity sha512-dtqWqdWZ5NqBX3KzsVCWfQI3A53Ft5pWFCT2eCVUftWZgjc5DpDponbIF1+c+7cSGk2wN0YK7HGL/ezfRbpKBQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-block-scoping@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.14.5.tgz#8cc63e61e50f42e078e6f09be775a75f23ef9939"
-  integrity sha512-LBYm4ZocNgoCqyxMLoOnwpsmQ18HWTQvql64t3GvMUzLQrNoV1BDG0lNftC8QKYERkZgCCT/7J5xWGObGAyHDw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-classes@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.14.5.tgz#0e98e82097b38550b03b483f9b51a78de0acb2cf"
-  integrity sha512-J4VxKAMykM06K/64z9rwiL6xnBHgB1+FVspqvlgCdwD1KUbQNfszeKVVOMh59w3sztHYIZDgnhOC4WbdEfHFDA==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.14.5"
-    "@babel/helper-function-name" "^7.14.5"
-    "@babel/helper-optimise-call-expression" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-replace-supers" "^7.14.5"
-    "@babel/helper-split-export-declaration" "^7.14.5"
-    globals "^11.1.0"
-
-"@babel/plugin-transform-computed-properties@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.14.5.tgz#1b9d78987420d11223d41195461cc43b974b204f"
-  integrity sha512-pWM+E4283UxaVzLb8UBXv4EIxMovU4zxT1OPnpHJcmnvyY9QbPPTKZfEj31EUvG3/EQRbYAGaYEUZ4yWOBC2xg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-destructuring@^7.14.7":
-  version "7.14.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.14.7.tgz#0ad58ed37e23e22084d109f185260835e5557576"
-  integrity sha512-0mDE99nK+kVh3xlc5vKwB6wnP9ecuSj+zQCa/n0voENtP/zymdT4HH6QEb65wjjcbqr1Jb/7z9Qp7TF5FtwYGw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-dotall-regex@^7.14.5", "@babel/plugin-transform-dotall-regex@^7.4.4":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.14.5.tgz#2f6bf76e46bdf8043b4e7e16cf24532629ba0c7a"
-  integrity sha512-loGlnBdj02MDsFaHhAIJzh7euK89lBrGIdM9EAtHFo6xKygCUGuuWe07o1oZVk287amtW1n0808sQM99aZt3gw==
-  dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-duplicate-keys@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.14.5.tgz#365a4844881bdf1501e3a9f0270e7f0f91177954"
-  integrity sha512-iJjbI53huKbPDAsJ8EmVmvCKeeq21bAze4fu9GBQtSLqfvzj2oRuHVx4ZkDwEhg1htQ+5OBZh/Ab0XDf5iBZ7A==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-exponentiation-operator@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.14.5.tgz#5154b8dd6a3dfe6d90923d61724bd3deeb90b493"
-  integrity sha512-jFazJhMBc9D27o9jDnIE5ZErI0R0m7PbKXVq77FFvqFbzvTMuv8jaAwLZ5PviOLSFttqKIW0/wxNSDbjLk0tYA==
-  dependencies:
-    "@babel/helper-builder-binary-assignment-operator-visitor" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-for-of@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.14.5.tgz#dae384613de8f77c196a8869cbf602a44f7fc0eb"
-  integrity sha512-CfmqxSUZzBl0rSjpoQSFoR9UEj3HzbGuGNL21/iFTmjb5gFggJp3ph0xR1YBhexmLoKRHzgxuFvty2xdSt6gTA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-function-name@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.14.5.tgz#e81c65ecb900746d7f31802f6bed1f52d915d6f2"
-  integrity sha512-vbO6kv0fIzZ1GpmGQuvbwwm+O4Cbm2NrPzwlup9+/3fdkuzo1YqOZcXw26+YUJB84Ja7j9yURWposEHLYwxUfQ==
-  dependencies:
-    "@babel/helper-function-name" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-literals@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.14.5.tgz#41d06c7ff5d4d09e3cf4587bd3ecf3930c730f78"
-  integrity sha512-ql33+epql2F49bi8aHXxvLURHkxJbSmMKl9J5yHqg4PLtdE6Uc48CH1GS6TQvZ86eoB/ApZXwm7jlA+B3kra7A==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-member-expression-literals@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.14.5.tgz#b39cd5212a2bf235a617d320ec2b48bcc091b8a7"
-  integrity sha512-WkNXxH1VXVTKarWFqmso83xl+2V3Eo28YY5utIkbsmXoItO8Q3aZxN4BTS2k0hz9dGUloHK26mJMyQEYfkn/+Q==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-modules-amd@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.14.5.tgz#4fd9ce7e3411cb8b83848480b7041d83004858f7"
-  integrity sha512-3lpOU8Vxmp3roC4vzFpSdEpGUWSMsHFreTWOMMLzel2gNGfHE5UWIh/LN6ghHs2xurUp4jRFYMUIZhuFbody1g==
-  dependencies:
-    "@babel/helper-module-transforms" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    babel-plugin-dynamic-import-node "^2.3.3"
-
-"@babel/plugin-transform-modules-commonjs@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.14.5.tgz#7aaee0ea98283de94da98b28f8c35701429dad97"
-  integrity sha512-en8GfBtgnydoao2PS+87mKyw62k02k7kJ9ltbKe0fXTHrQmG6QZZflYuGI1VVG7sVpx4E1n7KBpNlPb8m78J+A==
-  dependencies:
-    "@babel/helper-module-transforms" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-simple-access" "^7.14.5"
-    babel-plugin-dynamic-import-node "^2.3.3"
-
-"@babel/plugin-transform-modules-systemjs@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.14.5.tgz#c75342ef8b30dcde4295d3401aae24e65638ed29"
-  integrity sha512-mNMQdvBEE5DcMQaL5LbzXFMANrQjd2W7FPzg34Y4yEz7dBgdaC+9B84dSO+/1Wba98zoDbInctCDo4JGxz1VYA==
-  dependencies:
-    "@babel/helper-hoist-variables" "^7.14.5"
-    "@babel/helper-module-transforms" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-validator-identifier" "^7.14.5"
-    babel-plugin-dynamic-import-node "^2.3.3"
-
-"@babel/plugin-transform-modules-umd@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.14.5.tgz#fb662dfee697cce274a7cda525190a79096aa6e0"
-  integrity sha512-RfPGoagSngC06LsGUYyM9QWSXZ8MysEjDJTAea1lqRjNECE3y0qIJF/qbvJxc4oA4s99HumIMdXOrd+TdKaAAA==
-  dependencies:
-    "@babel/helper-module-transforms" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-named-capturing-groups-regex@^7.14.7":
-  version "7.14.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.14.7.tgz#60c06892acf9df231e256c24464bfecb0908fd4e"
-  integrity sha512-DTNOTaS7TkW97xsDMrp7nycUVh6sn/eq22VaxWfEdzuEbRsiaOU0pqU7DlyUGHVsbQbSghvjKRpEl+nUCKGQSg==
-  dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.14.5"
-
-"@babel/plugin-transform-new-target@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.14.5.tgz#31bdae8b925dc84076ebfcd2a9940143aed7dbf8"
-  integrity sha512-Nx054zovz6IIRWEB49RDRuXGI4Gy0GMgqG0cII9L3MxqgXz/+rgII+RU58qpo4g7tNEx1jG7rRVH4ihZoP4esQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-object-super@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.14.5.tgz#d0b5faeac9e98597a161a9cf78c527ed934cdc45"
-  integrity sha512-MKfOBWzK0pZIrav9z/hkRqIk/2bTv9qvxHzPQc12RcVkMOzpIKnFCNYJip00ssKWYkd8Sf5g0Wr7pqJ+cmtuFg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-replace-supers" "^7.14.5"
-
-"@babel/plugin-transform-parameters@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.14.5.tgz#49662e86a1f3ddccac6363a7dfb1ff0a158afeb3"
-  integrity sha512-Tl7LWdr6HUxTmzQtzuU14SqbgrSKmaR77M0OKyq4njZLQTPfOvzblNKyNkGwOfEFCEx7KeYHQHDI0P3F02IVkA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-property-literals@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.14.5.tgz#0ddbaa1f83db3606f1cdf4846fa1dfb473458b34"
-  integrity sha512-r1uilDthkgXW8Z1vJz2dKYLV1tuw2xsbrp3MrZmD99Wh9vsfKoob+JTgri5VUb/JqyKRXotlOtwgu4stIYCmnw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-regenerator@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.14.5.tgz#9676fd5707ed28f522727c5b3c0aa8544440b04f"
-  integrity sha512-NVIY1W3ITDP5xQl50NgTKlZ0GrotKtLna08/uGY6ErQt6VEQZXla86x/CTddm5gZdcr+5GSsvMeTmWA5Ii6pkg==
-  dependencies:
-    regenerator-transform "^0.14.2"
-
-"@babel/plugin-transform-reserved-words@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.14.5.tgz#c44589b661cfdbef8d4300dcc7469dffa92f8304"
-  integrity sha512-cv4F2rv1nD4qdexOGsRQXJrOcyb5CrgjUH9PKrrtyhSDBNWGxd0UIitjyJiWagS+EbUGjG++22mGH1Pub8D6Vg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-runtime@^7.11.0":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.14.5.tgz#30491dad49c6059f8f8fa5ee8896a0089e987523"
-  integrity sha512-fPMBhh1AV8ZyneiCIA+wYYUH1arzlXR1UMcApjvchDhfKxhy2r2lReJv8uHEyihi4IFIGlr1Pdx7S5fkESDQsg==
-  dependencies:
-    "@babel/helper-module-imports" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    babel-plugin-polyfill-corejs2 "^0.2.2"
-    babel-plugin-polyfill-corejs3 "^0.2.2"
-    babel-plugin-polyfill-regenerator "^0.2.2"
-    semver "^6.3.0"
-
-"@babel/plugin-transform-shorthand-properties@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.14.5.tgz#97f13855f1409338d8cadcbaca670ad79e091a58"
-  integrity sha512-xLucks6T1VmGsTB+GWK5Pl9Jl5+nRXD1uoFdA5TSO6xtiNjtXTjKkmPdFXVLGlK5A2/or/wQMKfmQ2Y0XJfn5g==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-spread@^7.14.6":
-  version "7.14.6"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.14.6.tgz#6bd40e57fe7de94aa904851963b5616652f73144"
-  integrity sha512-Zr0x0YroFJku7n7+/HH3A2eIrGMjbmAIbJSVv0IZ+t3U2WUQUA64S/oeied2e+MaGSjmt4alzBCsK9E8gh+fag==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.14.5"
-
-"@babel/plugin-transform-sticky-regex@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.14.5.tgz#5b617542675e8b7761294381f3c28c633f40aeb9"
-  integrity sha512-Z7F7GyvEMzIIbwnziAZmnSNpdijdr4dWt+FJNBnBLz5mwDFkqIXU9wmBcWWad3QeJF5hMTkRe4dAq2sUZiG+8A==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-template-literals@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.14.5.tgz#a5f2bc233937d8453885dc736bdd8d9ffabf3d93"
-  integrity sha512-22btZeURqiepOfuy/VkFr+zStqlujWaarpMErvay7goJS6BWwdd6BY9zQyDLDa4x2S3VugxFb162IZ4m/S/+Gg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-typeof-symbol@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.14.5.tgz#39af2739e989a2bd291bf6b53f16981423d457d4"
-  integrity sha512-lXzLD30ffCWseTbMQzrvDWqljvZlHkXU+CnseMhkMNqU1sASnCsz3tSzAaH3vCUXb9PHeUb90ZT1BdFTm1xxJw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-unicode-escapes@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.14.5.tgz#9d4bd2a681e3c5d7acf4f57fa9e51175d91d0c6b"
-  integrity sha512-crTo4jATEOjxj7bt9lbYXcBAM3LZaUrbP2uUdxb6WIorLmjNKSpHfIybgY4B8SRpbf8tEVIWH3Vtm7ayCrKocA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/plugin-transform-unicode-regex@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.14.5.tgz#4cd09b6c8425dd81255c7ceb3fb1836e7414382e"
-  integrity sha512-UygduJpC5kHeCiRw/xDVzC+wj8VaYSoKl5JNVmbP7MadpNinAm3SvZCxZ42H37KZBKztz46YC73i9yV34d0Tzw==
-  dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-
-"@babel/preset-env@^7.11.0":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.14.8.tgz#254942f5ca80ccabcfbb2a9f524c74bca574005b"
-  integrity sha512-a9aOppDU93oArQ51H+B8M1vH+tayZbuBqzjOhntGetZVa+4tTu5jp+XTwqHGG2lxslqomPYVSjIxQkFwXzgnxg==
-  dependencies:
-    "@babel/compat-data" "^7.14.7"
-    "@babel/helper-compilation-targets" "^7.14.5"
-    "@babel/helper-plugin-utils" "^7.14.5"
-    "@babel/helper-validator-option" "^7.14.5"
-    "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.14.5"
-    "@babel/plugin-proposal-async-generator-functions" "^7.14.7"
-    "@babel/plugin-proposal-class-properties" "^7.14.5"
-    "@babel/plugin-proposal-class-static-block" "^7.14.5"
-    "@babel/plugin-proposal-dynamic-import" "^7.14.5"
-    "@babel/plugin-proposal-export-namespace-from" "^7.14.5"
-    "@babel/plugin-proposal-json-strings" "^7.14.5"
-    "@babel/plugin-proposal-logical-assignment-operators" "^7.14.5"
-    "@babel/plugin-proposal-nullish-coalescing-operator" "^7.14.5"
-    "@babel/plugin-proposal-numeric-separator" "^7.14.5"
-    "@babel/plugin-proposal-object-rest-spread" "^7.14.7"
-    "@babel/plugin-proposal-optional-catch-binding" "^7.14.5"
-    "@babel/plugin-proposal-optional-chaining" "^7.14.5"
-    "@babel/plugin-proposal-private-methods" "^7.14.5"
-    "@babel/plugin-proposal-private-property-in-object" "^7.14.5"
-    "@babel/plugin-proposal-unicode-property-regex" "^7.14.5"
-    "@babel/plugin-syntax-async-generators" "^7.8.4"
-    "@babel/plugin-syntax-class-properties" "^7.12.13"
-    "@babel/plugin-syntax-class-static-block" "^7.14.5"
-    "@babel/plugin-syntax-dynamic-import" "^7.8.3"
-    "@babel/plugin-syntax-export-namespace-from" "^7.8.3"
-    "@babel/plugin-syntax-json-strings" "^7.8.3"
-    "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4"
-    "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3"
-    "@babel/plugin-syntax-numeric-separator" "^7.10.4"
-    "@babel/plugin-syntax-object-rest-spread" "^7.8.3"
-    "@babel/plugin-syntax-optional-catch-binding" "^7.8.3"
-    "@babel/plugin-syntax-optional-chaining" "^7.8.3"
-    "@babel/plugin-syntax-private-property-in-object" "^7.14.5"
-    "@babel/plugin-syntax-top-level-await" "^7.14.5"
-    "@babel/plugin-transform-arrow-functions" "^7.14.5"
-    "@babel/plugin-transform-async-to-generator" "^7.14.5"
-    "@babel/plugin-transform-block-scoped-functions" "^7.14.5"
-    "@babel/plugin-transform-block-scoping" "^7.14.5"
-    "@babel/plugin-transform-classes" "^7.14.5"
-    "@babel/plugin-transform-computed-properties" "^7.14.5"
-    "@babel/plugin-transform-destructuring" "^7.14.7"
-    "@babel/plugin-transform-dotall-regex" "^7.14.5"
-    "@babel/plugin-transform-duplicate-keys" "^7.14.5"
-    "@babel/plugin-transform-exponentiation-operator" "^7.14.5"
-    "@babel/plugin-transform-for-of" "^7.14.5"
-    "@babel/plugin-transform-function-name" "^7.14.5"
-    "@babel/plugin-transform-literals" "^7.14.5"
-    "@babel/plugin-transform-member-expression-literals" "^7.14.5"
-    "@babel/plugin-transform-modules-amd" "^7.14.5"
-    "@babel/plugin-transform-modules-commonjs" "^7.14.5"
-    "@babel/plugin-transform-modules-systemjs" "^7.14.5"
-    "@babel/plugin-transform-modules-umd" "^7.14.5"
-    "@babel/plugin-transform-named-capturing-groups-regex" "^7.14.7"
-    "@babel/plugin-transform-new-target" "^7.14.5"
-    "@babel/plugin-transform-object-super" "^7.14.5"
-    "@babel/plugin-transform-parameters" "^7.14.5"
-    "@babel/plugin-transform-property-literals" "^7.14.5"
-    "@babel/plugin-transform-regenerator" "^7.14.5"
-    "@babel/plugin-transform-reserved-words" "^7.14.5"
-    "@babel/plugin-transform-shorthand-properties" "^7.14.5"
-    "@babel/plugin-transform-spread" "^7.14.6"
-    "@babel/plugin-transform-sticky-regex" "^7.14.5"
-    "@babel/plugin-transform-template-literals" "^7.14.5"
-    "@babel/plugin-transform-typeof-symbol" "^7.14.5"
-    "@babel/plugin-transform-unicode-escapes" "^7.14.5"
-    "@babel/plugin-transform-unicode-regex" "^7.14.5"
-    "@babel/preset-modules" "^0.1.4"
-    "@babel/types" "^7.14.8"
-    babel-plugin-polyfill-corejs2 "^0.2.2"
-    babel-plugin-polyfill-corejs3 "^0.2.2"
-    babel-plugin-polyfill-regenerator "^0.2.2"
-    core-js-compat "^3.15.0"
-    semver "^6.3.0"
-
-"@babel/preset-modules@^0.1.4":
-  version "0.1.4"
-  resolved "https://registry.yarnpkg.com/@babel/preset-modules/-/preset-modules-0.1.4.tgz#362f2b68c662842970fdb5e254ffc8fc1c2e415e"
-  integrity sha512-J36NhwnfdzpmH41M1DrnkkgAqhZaqr/NBdPfQ677mLzlaXo+oDiv1deyCDtgAhz8p328otdob0Du7+xgHGZbKg==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.0.0"
-    "@babel/plugin-proposal-unicode-property-regex" "^7.4.4"
-    "@babel/plugin-transform-dotall-regex" "^7.4.4"
-    "@babel/types" "^7.4.4"
-    esutils "^2.0.2"
-
-"@babel/runtime@^7.11.0", "@babel/runtime@^7.8.4":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.14.8.tgz#7119a56f421018852694290b9f9148097391b446"
-  integrity sha512-twj3L8Og5SaCRCErB4x4ajbvBIVV77CGeFglHpeg5WC5FF8TZzBWXtTJ4MqaD9QszLYTtr+IsaAL2rEUevb+eg==
-  dependencies:
-    regenerator-runtime "^0.13.4"
-
-"@babel/template@^7.0.0", "@babel/template@^7.14.5":
-  version "7.14.5"
-  resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.14.5.tgz#a9bc9d8b33354ff6e55a9c60d1109200a68974f4"
-  integrity sha512-6Z3Po85sfxRGachLULUhOmvAaOo7xCvqGQtxINai2mEGPFm6pQ4z5QInFnUrRpfoSV60BnjyF5F3c+15fxFV1g==
-  dependencies:
-    "@babel/code-frame" "^7.14.5"
-    "@babel/parser" "^7.14.5"
-    "@babel/types" "^7.14.5"
-
-"@babel/traverse@^7.0.0", "@babel/traverse@^7.13.0", "@babel/traverse@^7.14.5", "@babel/traverse@^7.14.8":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.14.8.tgz#c0253f02677c5de1a8ff9df6b0aacbec7da1a8ce"
-  integrity sha512-kexHhzCljJcFNn1KYAQ6A5wxMRzq9ebYpEDV4+WdNyr3i7O44tanbDOR/xjiG2F3sllan+LgwK+7OMk0EmydHg==
-  dependencies:
-    "@babel/code-frame" "^7.14.5"
-    "@babel/generator" "^7.14.8"
-    "@babel/helper-function-name" "^7.14.5"
-    "@babel/helper-hoist-variables" "^7.14.5"
-    "@babel/helper-split-export-declaration" "^7.14.5"
-    "@babel/parser" "^7.14.8"
-    "@babel/types" "^7.14.8"
-    debug "^4.1.0"
-    globals "^11.1.0"
-
-"@babel/types@^7.0.0", "@babel/types@^7.14.5", "@babel/types@^7.14.8", "@babel/types@^7.4.4":
-  version "7.14.8"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.14.8.tgz#38109de8fcadc06415fbd9b74df0065d4d41c728"
-  integrity sha512-iob4soQa7dZw8nodR/KlOQkPh9S4I8RwCxwRIFuiMRYjOzH/KJzdUfDgz6cGi5dDaclXF4P2PAhCdrBJNIg68Q==
-  dependencies:
-    "@babel/helper-validator-identifier" "^7.14.8"
-    to-fast-properties "^2.0.0"
-
-"@braintree/sanitize-url@^3.1.0":
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-3.1.0.tgz#8ff71d51053cd5ee4981e5a501d80a536244f7fd"
-  integrity sha512-GcIY79elgB+azP74j8vqkiXz8xLFfIzbQJdlwOPisgbKT00tviJQuEghOXSMVxJ00HoYJbGswr4kcllUc4xCcg==
-
-"@limdongjin/vuepress-plugin-simple-seo@https://github.com/pomerium/vuepress-plugin-simple-seo":
-  version "1.0.4-alpha.5"
-  resolved "https://github.com/pomerium/vuepress-plugin-simple-seo#b8898006d4a6f446dd378e0967e8bb60ee827d44"
-
-"@mrmlnc/readdir-enhanced@^2.2.1":
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz#524af240d1a360527b730475ecfa1344aa540dde"
-  integrity sha512-bPHp6Ji8b41szTOcaP63VlnbbO5Ny6dwAATtY6JTjh5N2OLrb5Qk/Th5cRkRQhkWCt+EJsYrNB0MiL+Gpn6e3g==
-  dependencies:
-    call-me-maybe "^1.0.1"
-    glob-to-regexp "^0.3.0"
-
-"@nodelib/fs.stat@^1.1.2":
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz#2b5a3ab3f918cca48a8c754c08168e3f03eba61b"
-  integrity sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw==
-
-"@sindresorhus/is@^0.14.0":
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.14.0.tgz#9fb3a3cf3132328151f353de4632e01e52102bea"
-  integrity sha512-9NET910DNaIPngYnLLPeg+Ogzqsi9uM4mSboU5y6p8S5DzMTVEsJZrawi+BoDNUVBa2DhJqQYUFvMDfgU062LQ==
-
-"@sindresorhus/slugify@^0.8.0":
-  version "0.8.0"
-  resolved "https://registry.yarnpkg.com/@sindresorhus/slugify/-/slugify-0.8.0.tgz#5550b7fa064f3a8a82651463ad635378054c72d0"
-  integrity sha512-Y+C3aG0JHmi4nCfixHgq0iAtqWCjMCliWghf6fXbemRKSGzpcrHdYxGZGDt8MeFg+gH7ounfMbz6WogqKCWvDg==
-  dependencies:
-    escape-string-regexp "^1.0.5"
-    lodash.deburr "^4.1.0"
-
-"@szmarczak/http-timer@^1.1.2":
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/@szmarczak/http-timer/-/http-timer-1.1.2.tgz#b1665e2c461a2cd92f4c1bbf50d5454de0d4b421"
-  integrity sha512-XIB2XbzHTN6ieIjfIMV9hlVcfPU26s2vafYWQcZHWXHOxiaRZYEDKEwdl129Zyg50+foYV2jCgtrqSA6qNuNSA==
-  dependencies:
-    defer-to-connect "^1.0.1"
-
-"@types/glob@^7.1.1":
-  version "7.1.4"
-  resolved "https://registry.yarnpkg.com/@types/glob/-/glob-7.1.4.tgz#ea59e21d2ee5c517914cb4bc8e4153b99e566672"
-  integrity sha512-w+LsMxKyYQm347Otw+IfBXOv9UWVjpHpCDdbBMt8Kz/xbvCYNjP+0qPh91Km3iKfSRLBB0P7fAMf0KHrPu+MyA==
-  dependencies:
-    "@types/minimatch" "*"
-    "@types/node" "*"
-
-"@types/json-schema@^7.0.5":
-  version "7.0.8"
-  resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.8.tgz#edf1bf1dbf4e04413ca8e5b17b3b7d7d54b59818"
-  integrity sha512-YSBPTLTVm2e2OoQIDYx8HaeWJ5tTToLH67kXR7zYNGupXMEHa2++G8k+DczX2cFVgalypqtyZIcU19AFcmOpmg==
-
-"@types/minimatch@*":
-  version "3.0.5"
-  resolved "https://registry.yarnpkg.com/@types/minimatch/-/minimatch-3.0.5.tgz#1001cc5e6a3704b83c236027e77f2f58ea010f40"
-  integrity sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==
-
-"@types/node@*":
-  version "16.4.1"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-16.4.1.tgz#9fad171a5b701613ee8a6f4ece3c88b1034b1b03"
-  integrity sha512-UW7cbLqf/Wu5XH2RKKY1cHwUNLicIDRLMraYKz+HHAerJ0ZffUEk+fMnd8qU2JaS6cAy0r8tsaf7yqHASf/Y0Q==
-
-"@types/q@^1.5.1":
-  version "1.5.5"
-  resolved "https://registry.yarnpkg.com/@types/q/-/q-1.5.5.tgz#75a2a8e7d8ab4b230414505d92335d1dcb53a6df"
-  integrity sha512-L28j2FcJfSZOnL1WBjDYp2vUHCeIFlyYI/53EwD/rKUBQ7MtUUfbQWiyKJGpcnv4/WgrhWsFKrcPstcAt/J0tQ==
-
-"@vue/babel-helper-vue-jsx-merge-props@^1.2.1":
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/@vue/babel-helper-vue-jsx-merge-props/-/babel-helper-vue-jsx-merge-props-1.2.1.tgz#31624a7a505fb14da1d58023725a4c5f270e6a81"
-  integrity sha512-QOi5OW45e2R20VygMSNhyQHvpdUwQZqGPc748JLGCYEy+yp8fNFNdbNIGAgZmi9e+2JHPd6i6idRuqivyicIkA==
-
-"@vue/babel-helper-vue-transform-on@^1.0.2":
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/@vue/babel-helper-vue-transform-on/-/babel-helper-vue-transform-on-1.0.2.tgz#9b9c691cd06fc855221a2475c3cc831d774bc7dc"
-  integrity sha512-hz4R8tS5jMn8lDq6iD+yWL6XNB699pGIVLk7WSJnn1dbpjaazsjZQkieJoRX6gW5zpYSCFqQ7jUquPNY65tQYA==
-
-"@vue/babel-plugin-jsx@^1.0.3":
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/@vue/babel-plugin-jsx/-/babel-plugin-jsx-1.0.6.tgz#184bf3541ab6efdbe5079ab8b20c19e2af100bfb"
-  integrity sha512-RzYsvBhzKUmY2YG6LoV+W5PnlnkInq0thh1AzCmewwctAgGN6e9UFon6ZrQQV1CO5G5PeME7MqpB+/vvGg0h4g==
-  dependencies:
-    "@babel/helper-module-imports" "^7.0.0"
-    "@babel/plugin-syntax-jsx" "^7.0.0"
-    "@babel/template" "^7.0.0"
-    "@babel/traverse" "^7.0.0"
-    "@babel/types" "^7.0.0"
-    "@vue/babel-helper-vue-transform-on" "^1.0.2"
-    camelcase "^6.0.0"
-    html-tags "^3.1.0"
-    svg-tags "^1.0.0"
-
-"@vue/babel-plugin-transform-vue-jsx@^1.2.1":
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/@vue/babel-plugin-transform-vue-jsx/-/babel-plugin-transform-vue-jsx-1.2.1.tgz#646046c652c2f0242727f34519d917b064041ed7"
-  integrity sha512-HJuqwACYehQwh1fNT8f4kyzqlNMpBuUK4rSiSES5D4QsYncv5fxFsLyrxFPG2ksO7t5WP+Vgix6tt6yKClwPzA==
-  dependencies:
-    "@babel/helper-module-imports" "^7.0.0"
-    "@babel/plugin-syntax-jsx" "^7.2.0"
-    "@vue/babel-helper-vue-jsx-merge-props" "^1.2.1"
-    html-tags "^2.0.0"
-    lodash.kebabcase "^4.1.1"
-    svg-tags "^1.0.0"
-
-"@vue/babel-preset-app@^4.1.2":
-  version "4.5.13"
-  resolved "https://registry.yarnpkg.com/@vue/babel-preset-app/-/babel-preset-app-4.5.13.tgz#cb475321e4c73f7f110dac29a48c2a9cb80afeb6"
-  integrity sha512-pM7CR3yXB6L8Gfn6EmX7FLNE3+V/15I3o33GkSNsWvgsMp6HVGXKkXgojrcfUUauyL1LZOdvTmu4enU2RePGHw==
-  dependencies:
-    "@babel/core" "^7.11.0"
-    "@babel/helper-compilation-targets" "^7.9.6"
-    "@babel/helper-module-imports" "^7.8.3"
-    "@babel/plugin-proposal-class-properties" "^7.8.3"
-    "@babel/plugin-proposal-decorators" "^7.8.3"
-    "@babel/plugin-syntax-dynamic-import" "^7.8.3"
-    "@babel/plugin-syntax-jsx" "^7.8.3"
-    "@babel/plugin-transform-runtime" "^7.11.0"
-    "@babel/preset-env" "^7.11.0"
-    "@babel/runtime" "^7.11.0"
-    "@vue/babel-plugin-jsx" "^1.0.3"
-    "@vue/babel-preset-jsx" "^1.2.4"
-    babel-plugin-dynamic-import-node "^2.3.3"
-    core-js "^3.6.5"
-    core-js-compat "^3.6.5"
-    semver "^6.1.0"
-
-"@vue/babel-preset-jsx@^1.2.4":
-  version "1.2.4"
-  resolved "https://registry.yarnpkg.com/@vue/babel-preset-jsx/-/babel-preset-jsx-1.2.4.tgz#92fea79db6f13b01e80d3a0099e2924bdcbe4e87"
-  integrity sha512-oRVnmN2a77bYDJzeGSt92AuHXbkIxbf/XXSE3klINnh9AXBmVS1DGa1f0d+dDYpLfsAKElMnqKTQfKn7obcL4w==
-  dependencies:
-    "@vue/babel-helper-vue-jsx-merge-props" "^1.2.1"
-    "@vue/babel-plugin-transform-vue-jsx" "^1.2.1"
-    "@vue/babel-sugar-composition-api-inject-h" "^1.2.1"
-    "@vue/babel-sugar-composition-api-render-instance" "^1.2.4"
-    "@vue/babel-sugar-functional-vue" "^1.2.2"
-    "@vue/babel-sugar-inject-h" "^1.2.2"
-    "@vue/babel-sugar-v-model" "^1.2.3"
-    "@vue/babel-sugar-v-on" "^1.2.3"
-
-"@vue/babel-sugar-composition-api-inject-h@^1.2.1":
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/@vue/babel-sugar-composition-api-inject-h/-/babel-sugar-composition-api-inject-h-1.2.1.tgz#05d6e0c432710e37582b2be9a6049b689b6f03eb"
-  integrity sha512-4B3L5Z2G+7s+9Bwbf+zPIifkFNcKth7fQwekVbnOA3cr3Pq71q71goWr97sk4/yyzH8phfe5ODVzEjX7HU7ItQ==
-  dependencies:
-    "@babel/plugin-syntax-jsx" "^7.2.0"
-
-"@vue/babel-sugar-composition-api-render-instance@^1.2.4":
-  version "1.2.4"
-  resolved "https://registry.yarnpkg.com/@vue/babel-sugar-composition-api-render-instance/-/babel-sugar-composition-api-render-instance-1.2.4.tgz#e4cbc6997c344fac271785ad7a29325c51d68d19"
-  integrity sha512-joha4PZznQMsxQYXtR3MnTgCASC9u3zt9KfBxIeuI5g2gscpTsSKRDzWQt4aqNIpx6cv8On7/m6zmmovlNsG7Q==
-  dependencies:
-    "@babel/plugin-syntax-jsx" "^7.2.0"
-
-"@vue/babel-sugar-functional-vue@^1.2.2":
-  version "1.2.2"
-  resolved "https://registry.yarnpkg.com/@vue/babel-sugar-functional-vue/-/babel-sugar-functional-vue-1.2.2.tgz#267a9ac8d787c96edbf03ce3f392c49da9bd2658"
-  integrity sha512-JvbgGn1bjCLByIAU1VOoepHQ1vFsroSA/QkzdiSs657V79q6OwEWLCQtQnEXD/rLTA8rRit4rMOhFpbjRFm82w==
-  dependencies:
-    "@babel/plugin-syntax-jsx" "^7.2.0"
-
-"@vue/babel-sugar-inject-h@^1.2.2":
-  version "1.2.2"
-  resolved "https://registry.yarnpkg.com/@vue/babel-sugar-inject-h/-/babel-sugar-inject-h-1.2.2.tgz#d738d3c893367ec8491dcbb669b000919293e3aa"
-  integrity sha512-y8vTo00oRkzQTgufeotjCLPAvlhnpSkcHFEp60+LJUwygGcd5Chrpn5480AQp/thrxVm8m2ifAk0LyFel9oCnw==
-  dependencies:
-    "@babel/plugin-syntax-jsx" "^7.2.0"
-
-"@vue/babel-sugar-v-model@^1.2.3":
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/@vue/babel-sugar-v-model/-/babel-sugar-v-model-1.2.3.tgz#fa1f29ba51ebf0aa1a6c35fa66d539bc459a18f2"
-  integrity sha512-A2jxx87mySr/ulAsSSyYE8un6SIH0NWHiLaCWpodPCVOlQVODCaSpiR4+IMsmBr73haG+oeCuSvMOM+ttWUqRQ==
-  dependencies:
-    "@babel/plugin-syntax-jsx" "^7.2.0"
-    "@vue/babel-helper-vue-jsx-merge-props" "^1.2.1"
-    "@vue/babel-plugin-transform-vue-jsx" "^1.2.1"
-    camelcase "^5.0.0"
-    html-tags "^2.0.0"
-    svg-tags "^1.0.0"
-
-"@vue/babel-sugar-v-on@^1.2.3":
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/@vue/babel-sugar-v-on/-/babel-sugar-v-on-1.2.3.tgz#342367178586a69f392f04bfba32021d02913ada"
-  integrity sha512-kt12VJdz/37D3N3eglBywV8GStKNUhNrsxChXIV+o0MwVXORYuhDTHJRKPgLJRb/EY3vM2aRFQdxJBp9CLikjw==
-  dependencies:
-    "@babel/plugin-syntax-jsx" "^7.2.0"
-    "@vue/babel-plugin-transform-vue-jsx" "^1.2.1"
-    camelcase "^5.0.0"
-
-"@vue/component-compiler-utils@^3.1.0":
-  version "3.2.2"
-  resolved "https://registry.yarnpkg.com/@vue/component-compiler-utils/-/component-compiler-utils-3.2.2.tgz#2f7ed5feed82ff7f0284acc11d525ee7eff22460"
-  integrity sha512-rAYMLmgMuqJFWAOb3Awjqqv5X3Q3hVr4jH/kgrFJpiU0j3a90tnNBplqbj+snzrgZhC9W128z+dtgMifOiMfJg==
-  dependencies:
-    consolidate "^0.15.1"
-    hash-sum "^1.0.2"
-    lru-cache "^4.1.2"
-    merge-source-map "^1.1.0"
-    postcss "^7.0.36"
-    postcss-selector-parser "^6.0.2"
-    source-map "~0.6.1"
-    vue-template-es2015-compiler "^1.9.0"
-  optionalDependencies:
-    prettier "^1.18.2"
-
-"@vuepress/core@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/core/-/core-1.8.2.tgz#4f5bafc894691bfea4146294a582a129483daf2a"
-  integrity sha512-lh9BLC06k9s0wxTuWtCkiNj49fkbW87enp0XSrFZHEoyDGSGndQjZmMMErcHc5Hx7nrW1nzc33sPH1NNtJl0hw==
-  dependencies:
-    "@babel/core" "^7.8.4"
-    "@vue/babel-preset-app" "^4.1.2"
-    "@vuepress/markdown" "1.8.2"
-    "@vuepress/markdown-loader" "1.8.2"
-    "@vuepress/plugin-last-updated" "1.8.2"
-    "@vuepress/plugin-register-components" "1.8.2"
-    "@vuepress/shared-utils" "1.8.2"
-    autoprefixer "^9.5.1"
-    babel-loader "^8.0.4"
-    cache-loader "^3.0.0"
-    chokidar "^2.0.3"
-    connect-history-api-fallback "^1.5.0"
-    copy-webpack-plugin "^5.0.2"
-    core-js "^3.6.4"
-    cross-spawn "^6.0.5"
-    css-loader "^2.1.1"
-    file-loader "^3.0.1"
-    js-yaml "^3.13.1"
-    lru-cache "^5.1.1"
-    mini-css-extract-plugin "0.6.0"
-    optimize-css-assets-webpack-plugin "^5.0.1"
-    portfinder "^1.0.13"
-    postcss-loader "^3.0.0"
-    postcss-safe-parser "^4.0.1"
-    toml "^3.0.0"
-    url-loader "^1.0.1"
-    vue "^2.6.10"
-    vue-loader "^15.7.1"
-    vue-router "^3.4.5"
-    vue-server-renderer "^2.6.10"
-    vue-template-compiler "^2.6.10"
-    vuepress-html-webpack-plugin "^3.2.0"
-    vuepress-plugin-container "^2.0.2"
-    webpack "^4.8.1"
-    webpack-chain "^6.0.0"
-    webpack-dev-server "^3.5.1"
-    webpack-merge "^4.1.2"
-    webpackbar "3.2.0"
-
-"@vuepress/markdown-loader@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/markdown-loader/-/markdown-loader-1.8.2.tgz#b2a58291a967f2bbe0af6e58f9542f5911879233"
-  integrity sha512-mWzFXikCUcAN/chpKkqZpRYKdo0312hMv8cBea2hvrJYV6y4ODB066XKvXN8JwOcxuCjxWYJkhWGr+pXq1oTtw==
-  dependencies:
-    "@vuepress/markdown" "1.8.2"
-    loader-utils "^1.1.0"
-    lru-cache "^5.1.1"
-
-"@vuepress/markdown@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/markdown/-/markdown-1.8.2.tgz#50ea5a1962591a436b26d1aa2b111df37eb9ea8a"
-  integrity sha512-zznBHVqW+iBkznF/BO/GY9RFu53khyl0Ey0PnGqvwCJpRLNan6y5EXgYumtjw2GSYn5nDTTALYxtyNBdz64PKg==
-  dependencies:
-    "@vuepress/shared-utils" "1.8.2"
-    markdown-it "^8.4.1"
-    markdown-it-anchor "^5.0.2"
-    markdown-it-chain "^1.3.0"
-    markdown-it-emoji "^1.4.0"
-    markdown-it-table-of-contents "^0.4.0"
-    prismjs "^1.13.0"
-
-"@vuepress/plugin-active-header-links@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/plugin-active-header-links/-/plugin-active-header-links-1.8.2.tgz#0cb9b29c826dd97d35357a9b09c962ef782cb793"
-  integrity sha512-JmXAQg8D7J8mcKe2Ue3BZ9dOCzJMJXP4Cnkkc/IrqfDg0ET0l96gYWZohCqlvRIWt4f0VPiFAO4FLYrW+hko+g==
-  dependencies:
-    lodash.debounce "^4.0.8"
-
-"@vuepress/plugin-google-analytics@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/plugin-google-analytics/-/plugin-google-analytics-1.8.2.tgz#96cf65f1f0ecbb3bcf6b0d10089dafe2aea875bc"
-  integrity sha512-BMFayLzT2BvXmnhM9mDHw0UPU7J0pH1X9gQA4HmZxOf7f3+atK5eJGsc1Ia/+1FTG2ESvhFLUU/CC3h5arjEJw==
-
-"@vuepress/plugin-last-updated@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/plugin-last-updated/-/plugin-last-updated-1.8.2.tgz#7ce689f8d5050cf0213949bc2e5aa879c09ff4b1"
-  integrity sha512-pYIRZi52huO9b6HY3JQNPKNERCLzMHejjBRt9ekdnJ1xhLs4MmRvt37BoXjI/qzvXkYtr7nmGgnKThNBVRTZuA==
-  dependencies:
-    cross-spawn "^6.0.5"
-
-"@vuepress/plugin-nprogress@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/plugin-nprogress/-/plugin-nprogress-1.8.2.tgz#dc6c082925420c8c59ecb7fc2d4a9401f6d4664a"
-  integrity sha512-3TOBee2NM3WLr1tdjDTGfrAMggjN+OlEPyKyv8FqThsVkDYhw48O3HwqlThp9KX7UbL3ExxIFBwWRFLC+kYrdw==
-  dependencies:
-    nprogress "^0.2.0"
-
-"@vuepress/plugin-register-components@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/plugin-register-components/-/plugin-register-components-1.8.2.tgz#2fb45a68b0a1efb8822670d95c3b231a2d0eb74d"
-  integrity sha512-6SUq3nHFMEh9qKFnjA8QnrNxj0kLs7+Gspq1OBU8vtu0NQmSvLFZVaMV7pzT/9zN2nO5Pld5qhsUJv1g71MrEA==
-  dependencies:
-    "@vuepress/shared-utils" "1.8.2"
-
-"@vuepress/plugin-search@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/plugin-search/-/plugin-search-1.8.2.tgz#74b92f663acf6b4560e15dc0442a84c4e874e206"
-  integrity sha512-JrSJr9o0Kar14lVtZ4wfw39pplxvvMh8vDBD9oW09a+6Zi/4bySPGdcdaqdqGW+OHSiZNvG+6uyfKSBBBqF6PA==
-
-"@vuepress/shared-utils@1.8.2", "@vuepress/shared-utils@^1.2.0":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/shared-utils/-/shared-utils-1.8.2.tgz#5ec1601f2196aca34ad82eed7c9be2d7948f705b"
-  integrity sha512-6kGubc7iBDWruEBUU7yR+sQ++SOhMuvKWvWeTZJKRZedthycdzYz7QVpua0FaZSAJm5/dIt8ymU4WQvxTtZgTQ==
-  dependencies:
-    chalk "^2.3.2"
-    escape-html "^1.0.3"
-    fs-extra "^7.0.1"
-    globby "^9.2.0"
-    gray-matter "^4.0.1"
-    hash-sum "^1.0.2"
-    semver "^6.0.0"
-    toml "^3.0.0"
-    upath "^1.1.0"
-
-"@vuepress/theme-default@1.8.2":
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/@vuepress/theme-default/-/theme-default-1.8.2.tgz#7f474036c752c1f9801b83f68f5c70c092b182b4"
-  integrity sha512-rE7M1rs3n2xp4a/GrweO8EGwqFn3EA5gnFWdVmVIHyr7C1nix+EqjpPQF1SVWNnIrDdQuCw38PqS+oND1K2vYw==
-  dependencies:
-    "@vuepress/plugin-active-header-links" "1.8.2"
-    "@vuepress/plugin-nprogress" "1.8.2"
-    "@vuepress/plugin-search" "1.8.2"
-    docsearch.js "^2.5.2"
-    lodash "^4.17.15"
-    stylus "^0.54.8"
-    stylus-loader "^3.0.2"
-    vuepress-plugin-container "^2.0.2"
-    vuepress-plugin-smooth-scroll "^0.0.3"
-
-"@webassemblyjs/ast@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.9.0.tgz#bd850604b4042459a5a41cd7d338cbed695ed964"
-  integrity sha512-C6wW5L+b7ogSDVqymbkkvuW9kruN//YisMED04xzeBBqjHa2FYnmvOlS6Xj68xWQRgWvI9cIglsjFowH/RJyEA==
-  dependencies:
-    "@webassemblyjs/helper-module-context" "1.9.0"
-    "@webassemblyjs/helper-wasm-bytecode" "1.9.0"
-    "@webassemblyjs/wast-parser" "1.9.0"
-
-"@webassemblyjs/floating-point-hex-parser@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.9.0.tgz#3c3d3b271bddfc84deb00f71344438311d52ffb4"
-  integrity sha512-TG5qcFsS8QB4g4MhrxK5TqfdNe7Ey/7YL/xN+36rRjl/BlGE/NcBvJcqsRgCP6Z92mRE+7N50pRIi8SmKUbcQA==
-
-"@webassemblyjs/helper-api-error@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.9.0.tgz#203f676e333b96c9da2eeab3ccef33c45928b6a2"
-  integrity sha512-NcMLjoFMXpsASZFxJ5h2HZRcEhDkvnNFOAKneP5RbKRzaWJN36NC4jqQHKwStIhGXu5mUWlUUk7ygdtrO8lbmw==
-
-"@webassemblyjs/helper-buffer@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.9.0.tgz#a1442d269c5feb23fcbc9ef759dac3547f29de00"
-  integrity sha512-qZol43oqhq6yBPx7YM3m9Bv7WMV9Eevj6kMi6InKOuZxhw+q9hOkvq5e/PpKSiLfyetpaBnogSbNCfBwyB00CA==
-
-"@webassemblyjs/helper-code-frame@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-code-frame/-/helper-code-frame-1.9.0.tgz#647f8892cd2043a82ac0c8c5e75c36f1d9159f27"
-  integrity sha512-ERCYdJBkD9Vu4vtjUYe8LZruWuNIToYq/ME22igL+2vj2dQ2OOujIZr3MEFvfEaqKoVqpsFKAGsRdBSBjrIvZA==
-  dependencies:
-    "@webassemblyjs/wast-printer" "1.9.0"
-
-"@webassemblyjs/helper-fsm@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-fsm/-/helper-fsm-1.9.0.tgz#c05256b71244214671f4b08ec108ad63b70eddb8"
-  integrity sha512-OPRowhGbshCb5PxJ8LocpdX9Kl0uB4XsAjl6jH/dWKlk/mzsANvhwbiULsaiqT5GZGT9qinTICdj6PLuM5gslw==
-
-"@webassemblyjs/helper-module-context@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-module-context/-/helper-module-context-1.9.0.tgz#25d8884b76839871a08a6c6f806c3979ef712f07"
-  integrity sha512-MJCW8iGC08tMk2enck1aPW+BE5Cw8/7ph/VGZxwyvGbJwjktKkDK7vy7gAmMDx88D7mhDTCNKAW5tED+gZ0W8g==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-
-"@webassemblyjs/helper-wasm-bytecode@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.9.0.tgz#4fed8beac9b8c14f8c58b70d124d549dd1fe5790"
-  integrity sha512-R7FStIzyNcd7xKxCZH5lE0Bqy+hGTwS3LJjuv1ZVxd9O7eHCedSdrId/hMOd20I+v8wDXEn+bjfKDLzTepoaUw==
-
-"@webassemblyjs/helper-wasm-section@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.9.0.tgz#5a4138d5a6292ba18b04c5ae49717e4167965346"
-  integrity sha512-XnMB8l3ek4tvrKUUku+IVaXNHz2YsJyOOmz+MMkZvh8h1uSJpSen6vYnw3IoQ7WwEuAhL8Efjms1ZWjqh2agvw==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/helper-buffer" "1.9.0"
-    "@webassemblyjs/helper-wasm-bytecode" "1.9.0"
-    "@webassemblyjs/wasm-gen" "1.9.0"
-
-"@webassemblyjs/ieee754@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.9.0.tgz#15c7a0fbaae83fb26143bbacf6d6df1702ad39e4"
-  integrity sha512-dcX8JuYU/gvymzIHc9DgxTzUUTLexWwt8uCTWP3otys596io0L5aW02Gb1RjYpx2+0Jus1h4ZFqjla7umFniTg==
-  dependencies:
-    "@xtuc/ieee754" "^1.2.0"
-
-"@webassemblyjs/leb128@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.9.0.tgz#f19ca0b76a6dc55623a09cffa769e838fa1e1c95"
-  integrity sha512-ENVzM5VwV1ojs9jam6vPys97B/S65YQtv/aanqnU7D8aSoHFX8GyhGg0CMfyKNIHBuAVjy3tlzd5QMMINa7wpw==
-  dependencies:
-    "@xtuc/long" "4.2.2"
-
-"@webassemblyjs/utf8@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.9.0.tgz#04d33b636f78e6a6813227e82402f7637b6229ab"
-  integrity sha512-GZbQlWtopBTP0u7cHrEx+73yZKrQoBMpwkGEIqlacljhXCkVM1kMQge/Mf+csMJAjEdSwhOyLAS0AoR3AG5P8w==
-
-"@webassemblyjs/wasm-edit@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.9.0.tgz#3fe6d79d3f0f922183aa86002c42dd256cfee9cf"
-  integrity sha512-FgHzBm80uwz5M8WKnMTn6j/sVbqilPdQXTWraSjBwFXSYGirpkSWE2R9Qvz9tNiTKQvoKILpCuTjBKzOIm0nxw==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/helper-buffer" "1.9.0"
-    "@webassemblyjs/helper-wasm-bytecode" "1.9.0"
-    "@webassemblyjs/helper-wasm-section" "1.9.0"
-    "@webassemblyjs/wasm-gen" "1.9.0"
-    "@webassemblyjs/wasm-opt" "1.9.0"
-    "@webassemblyjs/wasm-parser" "1.9.0"
-    "@webassemblyjs/wast-printer" "1.9.0"
-
-"@webassemblyjs/wasm-gen@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.9.0.tgz#50bc70ec68ded8e2763b01a1418bf43491a7a49c"
-  integrity sha512-cPE3o44YzOOHvlsb4+E9qSqjc9Qf9Na1OO/BHFy4OI91XDE14MjFN4lTMezzaIWdPqHnsTodGGNP+iRSYfGkjA==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/helper-wasm-bytecode" "1.9.0"
-    "@webassemblyjs/ieee754" "1.9.0"
-    "@webassemblyjs/leb128" "1.9.0"
-    "@webassemblyjs/utf8" "1.9.0"
-
-"@webassemblyjs/wasm-opt@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.9.0.tgz#2211181e5b31326443cc8112eb9f0b9028721a61"
-  integrity sha512-Qkjgm6Anhm+OMbIL0iokO7meajkzQD71ioelnfPEj6r4eOFuqm4YC3VBPqXjFyyNwowzbMD+hizmprP/Fwkl2A==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/helper-buffer" "1.9.0"
-    "@webassemblyjs/wasm-gen" "1.9.0"
-    "@webassemblyjs/wasm-parser" "1.9.0"
-
-"@webassemblyjs/wasm-parser@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.9.0.tgz#9d48e44826df4a6598294aa6c87469d642fff65e"
-  integrity sha512-9+wkMowR2AmdSWQzsPEjFU7njh8HTO5MqO8vjwEHuM+AMHioNqSBONRdr0NQQ3dVQrzp0s8lTcYqzUdb7YgELA==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/helper-api-error" "1.9.0"
-    "@webassemblyjs/helper-wasm-bytecode" "1.9.0"
-    "@webassemblyjs/ieee754" "1.9.0"
-    "@webassemblyjs/leb128" "1.9.0"
-    "@webassemblyjs/utf8" "1.9.0"
-
-"@webassemblyjs/wast-parser@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-parser/-/wast-parser-1.9.0.tgz#3031115d79ac5bd261556cecc3fa90a3ef451914"
-  integrity sha512-qsqSAP3QQ3LyZjNC/0jBJ/ToSxfYJ8kYyuiGvtn/8MK89VrNEfwj7BPQzJVHi0jGTRK2dGdJ5PRqhtjzoww+bw==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/floating-point-hex-parser" "1.9.0"
-    "@webassemblyjs/helper-api-error" "1.9.0"
-    "@webassemblyjs/helper-code-frame" "1.9.0"
-    "@webassemblyjs/helper-fsm" "1.9.0"
-    "@xtuc/long" "4.2.2"
-
-"@webassemblyjs/wast-printer@1.9.0":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.9.0.tgz#4935d54c85fef637b00ce9f52377451d00d47899"
-  integrity sha512-2J0nE95rHXHyQ24cWjMKJ1tqB/ds8z/cyeOZxJhcb+rW+SQASVjuznUSmdz5GpVJTzU8JkhYut0D3siFDD6wsA==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/wast-parser" "1.9.0"
-    "@xtuc/long" "4.2.2"
-
-"@xtuc/ieee754@^1.2.0":
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/@xtuc/ieee754/-/ieee754-1.2.0.tgz#eef014a3145ae477a1cbc00cd1e552336dceb790"
-  integrity sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA==
-
-"@xtuc/long@4.2.2":
-  version "4.2.2"
-  resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d"
-  integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==
-
-abbrev@1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
-  integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==
-
-accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7:
-  version "1.3.7"
-  resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd"
-  integrity sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==
-  dependencies:
-    mime-types "~2.1.24"
-    negotiator "0.6.2"
-
-acorn@^6.4.1:
-  version "6.4.2"
-  resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.4.2.tgz#35866fd710528e92de10cf06016498e47e39e1e6"
-  integrity sha512-XtGIhXwF8YM8bJhGxG5kXgjkEuNGLTkoYqVE+KMR+aspr4KGYmKYg7yUe3KghyQ9yheNwLnjmzh/7+gfDBmHCQ==
-
-agentkeepalive@^2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-2.2.0.tgz#c5d1bd4b129008f1163f236f86e5faea2026e2ef"
-  integrity sha1-xdG9SxKQCPEWPyNvhuX66iAm4u8=
-
-ajv-errors@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/ajv-errors/-/ajv-errors-1.0.1.tgz#f35986aceb91afadec4102fbd85014950cefa64d"
-  integrity sha512-DCRfO/4nQ+89p/RK43i8Ezd41EqdGIU4ld7nGF8OQ14oc/we5rEntLCUa7+jrn3nn83BosfwZA0wb4pon2o8iQ==
-
-ajv-keywords@^3.1.0, ajv-keywords@^3.4.1, ajv-keywords@^3.5.2:
-  version "3.5.2"
-  resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-3.5.2.tgz#31f29da5ab6e00d1c2d329acf7b5929614d5014d"
-  integrity sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==
-
-ajv@^6.1.0, ajv@^6.10.2, ajv@^6.12.3, ajv@^6.12.4:
-  version "6.12.6"
-  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4"
-  integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==
-  dependencies:
-    fast-deep-equal "^3.1.1"
-    fast-json-stable-stringify "^2.0.0"
-    json-schema-traverse "^0.4.1"
-    uri-js "^4.2.2"
-
-algoliasearch@^3.24.5:
-  version "3.35.1"
-  resolved "https://registry.yarnpkg.com/algoliasearch/-/algoliasearch-3.35.1.tgz#297d15f534a3507cab2f5dfb996019cac7568f0c"
-  integrity sha512-K4yKVhaHkXfJ/xcUnil04xiSrB8B8yHZoFEhWNpXg23eiCnqvTZw1tn/SqvdsANlYHLJlKl0qi3I/Q2Sqo7LwQ==
-  dependencies:
-    agentkeepalive "^2.2.0"
-    debug "^2.6.9"
-    envify "^4.0.0"
-    es6-promise "^4.1.0"
-    events "^1.1.0"
-    foreach "^2.0.5"
-    global "^4.3.2"
-    inherits "^2.0.1"
-    isarray "^2.0.1"
-    load-script "^1.0.0"
-    object-keys "^1.0.11"
-    querystring-es3 "^0.2.1"
-    reduce "^1.0.1"
-    semver "^5.1.0"
-    tunnel-agent "^0.6.0"
-
-alphanum-sort@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/alphanum-sort/-/alphanum-sort-1.0.2.tgz#97a1119649b211ad33691d9f9f486a8ec9fbe0a3"
-  integrity sha1-l6ERlkmyEa0zaR2fn0hqjsn74KM=
-
-amdefine@>=0.0.4:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/amdefine/-/amdefine-1.0.1.tgz#4a5282ac164729e93619bcfd3ad151f817ce91f5"
-  integrity sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU=
-
-ansi-align@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/ansi-align/-/ansi-align-3.0.0.tgz#b536b371cf687caaef236c18d3e21fe3797467cb"
-  integrity sha512-ZpClVKqXN3RGBmKibdfWzqCY4lnjEuoNzU5T0oEFpfd/z5qJHVarukridD4juLO2FXMiwUQxr9WqQtaYa8XRYw==
-  dependencies:
-    string-width "^3.0.0"
-
-ansi-colors@^3.0.0:
-  version "3.2.4"
-  resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-3.2.4.tgz#e3a3da4bfbae6c86a9c285625de124a234026fbf"
-  integrity sha512-hHUXGagefjN2iRrID63xckIvotOXOojhQKWIPUZ4mNUZ9nLZW+7FMNoE1lOkEhNWYsx/7ysGIuJYCiMAA9FnrA==
-
-ansi-escapes@^4.1.0:
-  version "4.3.2"
-  resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-4.3.2.tgz#6b2291d1db7d98b6521d5f1efa42d0f3a9feb65e"
-  integrity sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==
-  dependencies:
-    type-fest "^0.21.3"
-
-ansi-html@0.0.7:
-  version "0.0.7"
-  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.7.tgz#813584021962a9e9e6fd039f940d12f56ca7859e"
-  integrity sha1-gTWEAhliqenm/QOflA0S9WynhZ4=
-
-ansi-regex@^2.0.0:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
-  integrity sha1-w7M6te42DYbg5ijwRorn7yfWVN8=
-
-ansi-regex@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.0.tgz#ed0317c322064f79466c02966bddb605ab37d998"
-  integrity sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=
-
-ansi-regex@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-4.1.0.tgz#8b9f8f08cf1acb843756a839ca8c7e3168c51997"
-  integrity sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==
-
-ansi-regex@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.0.tgz#388539f55179bf39339c81af30a654d69f87cb75"
-  integrity sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==
-
-ansi-styles@^2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-2.2.1.tgz#b432dd3358b634cf75e1e4664368240533c1ddbe"
-  integrity sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=
-
-ansi-styles@^3.2.0, ansi-styles@^3.2.1:
-  version "3.2.1"
-  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d"
-  integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==
-  dependencies:
-    color-convert "^1.9.0"
-
-ansi-styles@^4.1.0:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937"
-  integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==
-  dependencies:
-    color-convert "^2.0.1"
-
-anymatch@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-2.0.0.tgz#bcb24b4f37934d9aa7ac17b4adaf89e7c76ef2eb"
-  integrity sha512-5teOsQWABXHHBFP9y3skS5P3d/WfWXpv3FUpy+LorMrNYaT9pI4oLMQX7jzQ2KklNpGpWHzdCXTDT2Y3XGlZBw==
-  dependencies:
-    micromatch "^3.1.4"
-    normalize-path "^2.1.1"
-
-anymatch@~3.1.2:
-  version "3.1.2"
-  resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.2.tgz#c0557c096af32f106198f4f4e2a383537e378716"
-  integrity sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==
-  dependencies:
-    normalize-path "^3.0.0"
-    picomatch "^2.0.4"
-
-aproba@^1.0.3, aproba@^1.1.1:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/aproba/-/aproba-1.2.0.tgz#6802e6264efd18c790a1b0d517f0f2627bf2c94a"
-  integrity sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw==
-
-are-we-there-yet@~1.1.2:
-  version "1.1.7"
-  resolved "https://registry.yarnpkg.com/are-we-there-yet/-/are-we-there-yet-1.1.7.tgz#b15474a932adab4ff8a50d9adfa7e4e926f21146"
-  integrity sha512-nxwy40TuMiUGqMyRHgCSWZ9FM4VAoRP4xUYSTv5ImRog+h9yISPbVH7H8fASCIzYn9wlEv4zvFL7uKDMCFQm3g==
-  dependencies:
-    delegates "^1.0.0"
-    readable-stream "^2.0.6"
-
-argparse@^1.0.7:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
-  integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==
-  dependencies:
-    sprintf-js "~1.0.2"
-
-argparse@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
-  integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
-
-arr-diff@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
-  integrity sha1-1kYQdP6/7HHn4VI1dhoyml3HxSA=
-
-arr-flatten@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/arr-flatten/-/arr-flatten-1.1.0.tgz#36048bbff4e7b47e136644316c99669ea5ae91f1"
-  integrity sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==
-
-arr-union@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4"
-  integrity sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=
-
-array-find-index@^1.0.1:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/array-find-index/-/array-find-index-1.0.2.tgz#df010aa1287e164bbda6f9723b0a96a1ec4187a1"
-  integrity sha1-3wEKoSh+Fku9pvlyOwqWoexBh6E=
-
-array-flatten@1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2"
-  integrity sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=
-
-array-flatten@^2.1.0:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-2.1.2.tgz#24ef80a28c1a893617e2149b0c6d0d788293b099"
-  integrity sha512-hNfzcOV8W4NdualtqBFPyVO+54DSJuZGY9qT4pRroB6S9e3iiido2ISIC5h9R2sPJ8H3FHCIiEnsv1lPXO3KtQ==
-
-array-union@^1.0.1, array-union@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/array-union/-/array-union-1.0.2.tgz#9a34410e4f4e3da23dea375be5be70f24778ec39"
-  integrity sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=
-  dependencies:
-    array-uniq "^1.0.1"
-
-array-uniq@^1.0.1:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6"
-  integrity sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=
-
-array-unique@^0.3.2:
-  version "0.3.2"
-  resolved "https://registry.yarnpkg.com/array-unique/-/array-unique-0.3.2.tgz#a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428"
-  integrity sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=
-
-asn1.js@^5.2.0:
-  version "5.4.1"
-  resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-5.4.1.tgz#11a980b84ebb91781ce35b0fdc2ee294e3783f07"
-  integrity sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==
-  dependencies:
-    bn.js "^4.0.0"
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-    safer-buffer "^2.1.0"
-
-asn1@~0.2.3:
-  version "0.2.4"
-  resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
-  integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==
-  dependencies:
-    safer-buffer "~2.1.0"
-
-assert-plus@1.0.0, assert-plus@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
-  integrity sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=
-
-assert@^1.1.1:
-  version "1.5.0"
-  resolved "https://registry.yarnpkg.com/assert/-/assert-1.5.0.tgz#55c109aaf6e0aefdb3dc4b71240c70bf574b18eb"
-  integrity sha512-EDsgawzwoun2CZkCgtxJbv392v4nbk9XDD06zI+kQYoBM/3RBWLlEyJARDOmhAAosBjWACEkKL6S+lIZtcAubA==
-  dependencies:
-    object-assign "^4.1.1"
-    util "0.10.3"
-
-assign-symbols@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"
-  integrity sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=
-
-async-each@^1.0.1:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/async-each/-/async-each-1.0.3.tgz#b727dbf87d7651602f06f4d4ac387f47d91b0cbf"
-  integrity sha512-z/WhQ5FPySLdvREByI2vZiTWwCnF0moMJ1hK9YQwDTHKh6I7/uSckMetoRGb5UBZPC1z0jlw+n/XCgjeH7y1AQ==
-
-async-foreach@^0.1.3:
-  version "0.1.3"
-  resolved "https://registry.yarnpkg.com/async-foreach/-/async-foreach-0.1.3.tgz#36121f845c0578172de419a97dbeb1d16ec34542"
-  integrity sha1-NhIfhFwFeBct5Bmpfb6x0W7DRUI=
-
-async-limiter@~1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.1.tgz#dd379e94f0db8310b08291f9d64c3209766617fd"
-  integrity sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==
-
-async@^2.6.2:
-  version "2.6.4"
-  resolved "https://registry.yarnpkg.com/async/-/async-2.6.4.tgz#706b7ff6084664cd7eae713f6f965433b5504221"
-  integrity sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==
-  dependencies:
-    lodash "^4.17.14"
-
-asynckit@^0.4.0:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
-  integrity sha1-x57Zf380y48robyXkLzDZkdLS3k=
-
-atob@^2.1.2:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
-  integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==
-
-autocomplete.js@0.36.0:
-  version "0.36.0"
-  resolved "https://registry.yarnpkg.com/autocomplete.js/-/autocomplete.js-0.36.0.tgz#94fe775fe64b6cd42e622d076dc7fd26bedd837b"
-  integrity sha512-jEwUXnVMeCHHutUt10i/8ZiRaCb0Wo+ZyKxeGsYwBDtw6EJHqEeDrq4UwZRD8YBSvp3g6klP678il2eeiVXN2Q==
-  dependencies:
-    immediate "^3.2.3"
-
-autoprefixer@^9.5.1:
-  version "9.8.6"
-  resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-9.8.6.tgz#3b73594ca1bf9266320c5acf1588d74dea74210f"
-  integrity sha512-XrvP4VVHdRBCdX1S3WXVD8+RyG9qeb1D5Sn1DeLiG2xfSpzellk5k54xbUERJ3M5DggQxes39UGOTP8CFrEGbg==
-  dependencies:
-    browserslist "^4.12.0"
-    caniuse-lite "^1.0.30001109"
-    colorette "^1.2.1"
-    normalize-range "^0.1.2"
-    num2fraction "^1.2.2"
-    postcss "^7.0.32"
-    postcss-value-parser "^4.1.0"
-
-aws-sign2@~0.7.0:
-  version "0.7.0"
-  resolved "https://registry.yarnpkg.com/aws-sign2/-/aws-sign2-0.7.0.tgz#b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"
-  integrity sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=
-
-aws4@^1.8.0:
-  version "1.11.0"
-  resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.11.0.tgz#d61f46d83b2519250e2784daf5b09479a8b41c59"
-  integrity sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==
-
-babel-loader@^8.0.4:
-  version "8.2.2"
-  resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-8.2.2.tgz#9363ce84c10c9a40e6c753748e1441b60c8a0b81"
-  integrity sha512-JvTd0/D889PQBtUXJ2PXaKU/pjZDMtHA9V2ecm+eNRmmBCMR09a+fmpGTNwnJtFmFl5Ei7Vy47LjBb+L0wQ99g==
-  dependencies:
-    find-cache-dir "^3.3.1"
-    loader-utils "^1.4.0"
-    make-dir "^3.1.0"
-    schema-utils "^2.6.5"
-
-babel-plugin-dynamic-import-node@^2.3.3:
-  version "2.3.3"
-  resolved "https://registry.yarnpkg.com/babel-plugin-dynamic-import-node/-/babel-plugin-dynamic-import-node-2.3.3.tgz#84fda19c976ec5c6defef57f9427b3def66e17a3"
-  integrity sha512-jZVI+s9Zg3IqA/kdi0i6UDCybUI3aSBLnglhYbSSjKlV7yF1F/5LWv8MakQmvYpnbJDS6fcBL2KzHSxNCMtWSQ==
-  dependencies:
-    object.assign "^4.1.0"
-
-babel-plugin-polyfill-corejs2@^0.2.2:
-  version "0.2.2"
-  resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.2.2.tgz#e9124785e6fd94f94b618a7954e5693053bf5327"
-  integrity sha512-kISrENsJ0z5dNPq5eRvcctITNHYXWOA4DUZRFYCz3jYCcvTb/A546LIddmoGNMVYg2U38OyFeNosQwI9ENTqIQ==
-  dependencies:
-    "@babel/compat-data" "^7.13.11"
-    "@babel/helper-define-polyfill-provider" "^0.2.2"
-    semver "^6.1.1"
-
-babel-plugin-polyfill-corejs3@^0.2.2:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.2.3.tgz#72add68cf08a8bf139ba6e6dfc0b1d504098e57b"
-  integrity sha512-rCOFzEIJpJEAU14XCcV/erIf/wZQMmMT5l5vXOpL5uoznyOGfDIjPj6FVytMvtzaKSTSVKouOCTPJ5OMUZH30g==
-  dependencies:
-    "@babel/helper-define-polyfill-provider" "^0.2.2"
-    core-js-compat "^3.14.0"
-
-babel-plugin-polyfill-regenerator@^0.2.2:
-  version "0.2.2"
-  resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.2.2.tgz#b310c8d642acada348c1fa3b3e6ce0e851bee077"
-  integrity sha512-Goy5ghsc21HgPDFtzRkSirpZVW35meGoTmTOb2bxqdl60ghub4xOidgNTHaZfQ2FaxQsKmwvXtOAkcIS4SMBWg==
-  dependencies:
-    "@babel/helper-define-polyfill-provider" "^0.2.2"
-
-balanced-match@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee"
-  integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
-
-base64-js@^1.0.2:
-  version "1.5.1"
-  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a"
-  integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
-
-base@^0.11.1:
-  version "0.11.2"
-  resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
-  integrity sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg==
-  dependencies:
-    cache-base "^1.0.1"
-    class-utils "^0.3.5"
-    component-emitter "^1.2.1"
-    define-property "^1.0.0"
-    isobject "^3.0.1"
-    mixin-deep "^1.2.0"
-    pascalcase "^0.1.1"
-
-batch@0.6.1:
-  version "0.6.1"
-  resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16"
-  integrity sha1-3DQxT05nkxgJP8dgJyUl+UvyXBY=
-
-bcrypt-pbkdf@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
-  integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=
-  dependencies:
-    tweetnacl "^0.14.3"
-
-big.js@^3.1.3:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/big.js/-/big.js-3.2.0.tgz#a5fc298b81b9e0dca2e458824784b65c52ba588e"
-  integrity sha512-+hN/Zh2D08Mx65pZ/4g5bsmNiZUuChDiQfTUQ7qJr4/kuopCr88xZsAXv6mBoZEsUI4OuGHlX59qE94K2mMW8Q==
-
-big.js@^5.2.2:
-  version "5.2.2"
-  resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328"
-  integrity sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==
-
-binary-extensions@^1.0.0:
-  version "1.13.1"
-  resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.13.1.tgz#598afe54755b2868a5330d2aff9d4ebb53209b65"
-  integrity sha512-Un7MIEDdUC5gNpcGDV97op1Ywk748MpHcFTHoYs6qnj1Z3j7I53VG3nwZhKzoBZmbdRNnb6WRdFlwl7tSDuZGw==
-
-binary-extensions@^2.0.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.2.0.tgz#75f502eeaf9ffde42fc98829645be4ea76bd9e2d"
-  integrity sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==
-
-bindings@^1.5.0:
-  version "1.5.0"
-  resolved "https://registry.yarnpkg.com/bindings/-/bindings-1.5.0.tgz#10353c9e945334bc0511a6d90b38fbc7c9c504df"
-  integrity sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==
-  dependencies:
-    file-uri-to-path "1.0.0"
-
-block-stream@*:
-  version "0.0.9"
-  resolved "https://registry.yarnpkg.com/block-stream/-/block-stream-0.0.9.tgz#13ebfe778a03205cfe03751481ebb4b3300c126a"
-  integrity sha1-E+v+d4oDIFz+A3UUgeu0szAMEmo=
-  dependencies:
-    inherits "~2.0.0"
-
-bluebird@^3.1.1, bluebird@^3.5.5:
-  version "3.7.2"
-  resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
-  integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
-
-bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9:
-  version "4.12.0"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88"
-  integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==
-
-bn.js@^5.0.0, bn.js@^5.1.1:
-  version "5.2.0"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-5.2.0.tgz#358860674396c6997771a9d051fcc1b57d4ae002"
-  integrity sha512-D7iWRBvnZE8ecXiLj/9wbxH7Tk79fAh8IHaTNq1RWRixsS02W+5qS+iE9yq6RYl0asXx5tw0bLhmT5pIfbSquw==
-
-body-parser@1.19.0:
-  version "1.19.0"
-  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
-  integrity sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==
-  dependencies:
-    bytes "3.1.0"
-    content-type "~1.0.4"
-    debug "2.6.9"
-    depd "~1.1.2"
-    http-errors "1.7.2"
-    iconv-lite "0.4.24"
-    on-finished "~2.3.0"
-    qs "6.7.0"
-    raw-body "2.4.0"
-    type-is "~1.6.17"
-
-bonjour@^3.5.0:
-  version "3.5.0"
-  resolved "https://registry.yarnpkg.com/bonjour/-/bonjour-3.5.0.tgz#8e890a183d8ee9a2393b3844c691a42bcf7bc9f5"
-  integrity sha1-jokKGD2O6aI5OzhExpGkK897yfU=
-  dependencies:
-    array-flatten "^2.1.0"
-    deep-equal "^1.0.1"
-    dns-equal "^1.0.0"
-    dns-txt "^2.0.2"
-    multicast-dns "^6.0.1"
-    multicast-dns-service-types "^1.1.0"
-
-boolbase@^1.0.0, boolbase@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e"
-  integrity sha1-aN/1++YMUes3cl6p4+0xDcwed24=
-
-boxen@^4.2.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/boxen/-/boxen-4.2.0.tgz#e411b62357d6d6d36587c8ac3d5d974daa070e64"
-  integrity sha512-eB4uT9RGzg2odpER62bBwSLvUeGC+WbRjjyyFhGsKnc8wp/m0+hQsMUvUe3H2V0D5vw0nBdO1hCJoZo5mKeuIQ==
-  dependencies:
-    ansi-align "^3.0.0"
-    camelcase "^5.3.1"
-    chalk "^3.0.0"
-    cli-boxes "^2.2.0"
-    string-width "^4.1.0"
-    term-size "^2.1.0"
-    type-fest "^0.8.1"
-    widest-line "^3.1.0"
-
-brace-expansion@^1.1.7:
-  version "1.1.11"
-  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
-  integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==
-  dependencies:
-    balanced-match "^1.0.0"
-    concat-map "0.0.1"
-
-braces@^2.3.1, braces@^2.3.2:
-  version "2.3.2"
-  resolved "https://registry.yarnpkg.com/braces/-/braces-2.3.2.tgz#5979fd3f14cd531565e5fa2df1abfff1dfaee729"
-  integrity sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==
-  dependencies:
-    arr-flatten "^1.1.0"
-    array-unique "^0.3.2"
-    extend-shallow "^2.0.1"
-    fill-range "^4.0.0"
-    isobject "^3.0.1"
-    repeat-element "^1.1.2"
-    snapdragon "^0.8.1"
-    snapdragon-node "^2.0.1"
-    split-string "^3.0.2"
-    to-regex "^3.0.1"
-
-braces@~3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
-  integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==
-  dependencies:
-    fill-range "^7.0.1"
-
-brorand@^1.0.1, brorand@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f"
-  integrity sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=
-
-browserify-aes@^1.0.0, browserify-aes@^1.0.4:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/browserify-aes/-/browserify-aes-1.2.0.tgz#326734642f403dabc3003209853bb70ad428ef48"
-  integrity sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==
-  dependencies:
-    buffer-xor "^1.0.3"
-    cipher-base "^1.0.0"
-    create-hash "^1.1.0"
-    evp_bytestokey "^1.0.3"
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
-browserify-cipher@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/browserify-cipher/-/browserify-cipher-1.0.1.tgz#8d6474c1b870bfdabcd3bcfcc1934a10e94f15f0"
-  integrity sha512-sPhkz0ARKbf4rRQt2hTpAHqn47X3llLkUGn+xEJzLjwY8LRs2p0v7ljvI5EyoRO/mexrNunNECisZs+gw2zz1w==
-  dependencies:
-    browserify-aes "^1.0.4"
-    browserify-des "^1.0.0"
-    evp_bytestokey "^1.0.0"
-
-browserify-des@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/browserify-des/-/browserify-des-1.0.2.tgz#3af4f1f59839403572f1c66204375f7a7f703e9c"
-  integrity sha512-BioO1xf3hFwz4kc6iBhI3ieDFompMhrMlnDFC4/0/vd5MokpuAc3R+LYbwTA9A5Yc9pq9UYPqffKpW2ObuwX5A==
-  dependencies:
-    cipher-base "^1.0.1"
-    des.js "^1.0.0"
-    inherits "^2.0.1"
-    safe-buffer "^5.1.2"
-
-browserify-rsa@^4.0.0, browserify-rsa@^4.0.1:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/browserify-rsa/-/browserify-rsa-4.1.0.tgz#b2fd06b5b75ae297f7ce2dc651f918f5be158c8d"
-  integrity sha512-AdEER0Hkspgno2aR97SAf6vi0y0k8NuOpGnVH3O99rcA5Q6sh8QxcngtHuJ6uXwnfAXNM4Gn1Gb7/MV1+Ymbog==
-  dependencies:
-    bn.js "^5.0.0"
-    randombytes "^2.0.1"
-
-browserify-sign@^4.0.0:
-  version "4.2.1"
-  resolved "https://registry.yarnpkg.com/browserify-sign/-/browserify-sign-4.2.1.tgz#eaf4add46dd54be3bb3b36c0cf15abbeba7956c3"
-  integrity sha512-/vrA5fguVAKKAVTNJjgSm1tRQDHUU6DbwO9IROu/0WAzC8PKhucDSh18J0RMvVeHAn5puMd+QHC2erPRNf8lmg==
-  dependencies:
-    bn.js "^5.1.1"
-    browserify-rsa "^4.0.1"
-    create-hash "^1.2.0"
-    create-hmac "^1.1.7"
-    elliptic "^6.5.3"
-    inherits "^2.0.4"
-    parse-asn1 "^5.1.5"
-    readable-stream "^3.6.0"
-    safe-buffer "^5.2.0"
-
-browserify-zlib@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/browserify-zlib/-/browserify-zlib-0.2.0.tgz#2869459d9aa3be245fe8fe2ca1f46e2e7f54d73f"
-  integrity sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==
-  dependencies:
-    pako "~1.0.5"
-
-browserslist@^4.0.0, browserslist@^4.12.0, browserslist@^4.16.6:
-  version "4.16.6"
-  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.6.tgz#d7901277a5a88e554ed305b183ec9b0c08f66fa2"
-  integrity sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ==
-  dependencies:
-    caniuse-lite "^1.0.30001219"
-    colorette "^1.2.2"
-    electron-to-chromium "^1.3.723"
-    escalade "^3.1.1"
-    node-releases "^1.1.71"
-
-buffer-from@^1.0.0:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.1.tgz#32713bc028f75c02fdb710d7c7bcec1f2c6070ef"
-  integrity sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==
-
-buffer-indexof@^1.0.0:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/buffer-indexof/-/buffer-indexof-1.1.1.tgz#52fabcc6a606d1a00302802648ef68f639da268c"
-  integrity sha512-4/rOEg86jivtPTeOUUT61jJO1Ya1TrR/OkqCSZDyq84WJh3LuuiphBYJN+fm5xufIk4XAFcEwte/8WzC8If/1g==
-
-buffer-json@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/buffer-json/-/buffer-json-2.0.0.tgz#f73e13b1e42f196fe2fd67d001c7d7107edd7c23"
-  integrity sha512-+jjPFVqyfF1esi9fvfUs3NqM0pH1ziZ36VP4hmA/y/Ssfo/5w5xHKfTw9BwQjoJ1w/oVtpLomqwUHKdefGyuHw==
-
-buffer-xor@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/buffer-xor/-/buffer-xor-1.0.3.tgz#26e61ed1422fb70dd42e6e36729ed51d855fe8d9"
-  integrity sha1-JuYe0UIvtw3ULm42cp7VHYVf6Nk=
-
-buffer@^4.3.0:
-  version "4.9.2"
-  resolved "https://registry.yarnpkg.com/buffer/-/buffer-4.9.2.tgz#230ead344002988644841ab0244af8c44bbe3ef8"
-  integrity sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==
-  dependencies:
-    base64-js "^1.0.2"
-    ieee754 "^1.1.4"
-    isarray "^1.0.0"
-
-builtin-status-codes@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz#85982878e21b98e1c66425e03d0174788f569ee8"
-  integrity sha1-hZgoeOIbmOHGZCXgPQF0eI9Wnug=
-
-bytes@3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048"
-  integrity sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg=
-
-bytes@3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6"
-  integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==
-
-cac@^6.5.6:
-  version "6.7.3"
-  resolved "https://registry.yarnpkg.com/cac/-/cac-6.7.3.tgz#10410b8611677990cc2e3c8b576d471c1d71b768"
-  integrity sha512-ECVqVZh74qgSuZG9YOt2OJPI3wGcf+EwwuF/XIOYqZBD0KZYLtgPWqFPxmDPQ6joxI1nOlvVgRV6VT53Ooyocg==
-
-cacache@^12.0.2, cacache@^12.0.3:
-  version "12.0.4"
-  resolved "https://registry.yarnpkg.com/cacache/-/cacache-12.0.4.tgz#668bcbd105aeb5f1d92fe25570ec9525c8faa40c"
-  integrity sha512-a0tMB40oefvuInr4Cwb3GerbL9xTj1D5yg0T5xrjGCGyfvbxseIXX7BAO/u/hIXdafzOI5JC3wDwHyf24buOAQ==
-  dependencies:
-    bluebird "^3.5.5"
-    chownr "^1.1.1"
-    figgy-pudding "^3.5.1"
-    glob "^7.1.4"
-    graceful-fs "^4.1.15"
-    infer-owner "^1.0.3"
-    lru-cache "^5.1.1"
-    mississippi "^3.0.0"
-    mkdirp "^0.5.1"
-    move-concurrently "^1.0.1"
-    promise-inflight "^1.0.1"
-    rimraf "^2.6.3"
-    ssri "^6.0.1"
-    unique-filename "^1.1.1"
-    y18n "^4.0.0"
-
-cache-base@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/cache-base/-/cache-base-1.0.1.tgz#0a7f46416831c8b662ee36fe4e7c59d76f666ab2"
-  integrity sha512-AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ==
-  dependencies:
-    collection-visit "^1.0.0"
-    component-emitter "^1.2.1"
-    get-value "^2.0.6"
-    has-value "^1.0.0"
-    isobject "^3.0.1"
-    set-value "^2.0.0"
-    to-object-path "^0.3.0"
-    union-value "^1.0.0"
-    unset-value "^1.0.0"
-
-cache-loader@^3.0.0:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/cache-loader/-/cache-loader-3.0.1.tgz#cee6cf4b3cdc7c610905b26bad6c2fc439c821af"
-  integrity sha512-HzJIvGiGqYsFUrMjAJNDbVZoG7qQA+vy9AIoKs7s9DscNfki0I589mf2w6/tW+kkFH3zyiknoWV5Jdynu6b/zw==
-  dependencies:
-    buffer-json "^2.0.0"
-    find-cache-dir "^2.1.0"
-    loader-utils "^1.2.3"
-    mkdirp "^0.5.1"
-    neo-async "^2.6.1"
-    schema-utils "^1.0.0"
-
-cacheable-request@^6.0.0:
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/cacheable-request/-/cacheable-request-6.1.0.tgz#20ffb8bd162ba4be11e9567d823db651052ca912"
-  integrity sha512-Oj3cAGPCqOZX7Rz64Uny2GYAZNliQSqfbePrgAQ1wKAihYmCUnraBtJtKcGR4xz7wF+LoJC+ssFZvv5BgF9Igg==
-  dependencies:
-    clone-response "^1.0.2"
-    get-stream "^5.1.0"
-    http-cache-semantics "^4.0.0"
-    keyv "^3.0.0"
-    lowercase-keys "^2.0.0"
-    normalize-url "^4.1.0"
-    responselike "^1.0.2"
-
-call-bind@^1.0.0, call-bind@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.2.tgz#b1d4e89e688119c3c9a903ad30abb2f6a919be3c"
-  integrity sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==
-  dependencies:
-    function-bind "^1.1.1"
-    get-intrinsic "^1.0.2"
-
-call-me-maybe@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/call-me-maybe/-/call-me-maybe-1.0.1.tgz#26d208ea89e37b5cbde60250a15f031c16a4d66b"
-  integrity sha1-JtII6onje1y95gJQoV8DHBak1ms=
-
-caller-callsite@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/caller-callsite/-/caller-callsite-2.0.0.tgz#847e0fce0a223750a9a027c54b33731ad3154134"
-  integrity sha1-hH4PzgoiN1CpoCfFSzNzGtMVQTQ=
-  dependencies:
-    callsites "^2.0.0"
-
-caller-path@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/caller-path/-/caller-path-2.0.0.tgz#468f83044e369ab2010fac5f06ceee15bb2cb1f4"
-  integrity sha1-Ro+DBE42mrIBD6xfBs7uFbsssfQ=
-  dependencies:
-    caller-callsite "^2.0.0"
-
-callsites@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/callsites/-/callsites-2.0.0.tgz#06eb84f00eea413da86affefacbffb36093b3c50"
-  integrity sha1-BuuE8A7qQT2oav/vrL/7Ngk7PFA=
-
-camel-case@3.0.x:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/camel-case/-/camel-case-3.0.0.tgz#ca3c3688a4e9cf3a4cda777dc4dcbc713249cf73"
-  integrity sha1-yjw2iKTpzzpM2nd9xNy8cTJJz3M=
-  dependencies:
-    no-case "^2.2.0"
-    upper-case "^1.1.1"
-
-camelcase-keys@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/camelcase-keys/-/camelcase-keys-2.1.0.tgz#308beeaffdf28119051efa1d932213c91b8f92e7"
-  integrity sha1-MIvur/3ygRkFHvodkyITyRuPkuc=
-  dependencies:
-    camelcase "^2.0.0"
-    map-obj "^1.0.0"
-
-camelcase@^2.0.0:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-2.1.1.tgz#7c1d16d679a1bbe59ca02cacecfb011e201f5a1f"
-  integrity sha1-fB0W1nmhu+WcoCys7PsBHiAfWh8=
-
-camelcase@^5.0.0, camelcase@^5.2.0, camelcase@^5.3.1:
-  version "5.3.1"
-  resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.3.1.tgz#e3c9b31569e106811df242f715725a1f4c494320"
-  integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
-
-camelcase@^6.0.0:
-  version "6.2.0"
-  resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.2.0.tgz#924af881c9d525ac9d87f40d964e5cea982a1809"
-  integrity sha512-c7wVvbw3f37nuobQNtgsgG9POC9qMbNuMQmTCqZv23b6MIz0fcYpBiOlv9gEN/hdLdnZTDQhg6e9Dq5M1vKvfg==
-
-caniuse-api@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/caniuse-api/-/caniuse-api-3.0.0.tgz#5e4d90e2274961d46291997df599e3ed008ee4c0"
-  integrity sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw==
-  dependencies:
-    browserslist "^4.0.0"
-    caniuse-lite "^1.0.0"
-    lodash.memoize "^4.1.2"
-    lodash.uniq "^4.5.0"
-
-caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001219:
-  version "1.0.30001246"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001246.tgz#fe17d9919f87124d6bb416ef7b325356d69dc76c"
-  integrity sha512-Tc+ff0Co/nFNbLOrziBXmMVtpt9S2c2Y+Z9Nk9Khj09J+0zR9ejvIW5qkZAErCbOrVODCx/MN+GpB5FNBs5GFA==
-
-caseless@~0.12.0:
-  version "0.12.0"
-  resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc"
-  integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=
-
-chalk@^1.1.1, chalk@^1.1.3:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/chalk/-/chalk-1.1.3.tgz#a8115c55e4a702fe4d150abd3872822a7e09fc98"
-  integrity sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=
-  dependencies:
-    ansi-styles "^2.2.1"
-    escape-string-regexp "^1.0.2"
-    has-ansi "^2.0.0"
-    strip-ansi "^3.0.0"
-    supports-color "^2.0.0"
-
-chalk@^2.0.0, chalk@^2.3.2, chalk@^2.4.1, chalk@^2.4.2:
-  version "2.4.2"
-  resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424"
-  integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==
-  dependencies:
-    ansi-styles "^3.2.1"
-    escape-string-regexp "^1.0.5"
-    supports-color "^5.3.0"
-
-chalk@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/chalk/-/chalk-3.0.0.tgz#3f73c2bf526591f574cc492c51e2456349f844e4"
-  integrity sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==
-  dependencies:
-    ansi-styles "^4.1.0"
-    supports-color "^7.1.0"
-
-check-md@1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/check-md/-/check-md-1.0.0.tgz#6ba97cf4e061b23691b4132591afb168d4cd5910"
-  integrity sha512-H9LS+TDB6ix4QZQFiTp2TVIL+24zKutOKDqxIxAxnvkx3phpzrwPINaykD8RSeynxIVp3s0PecR2GEA3KLbziQ==
-  dependencies:
-    "@sindresorhus/slugify" "^0.8.0"
-    chalk "^2.4.2"
-    commander "^2.19.0"
-    diacritics "^1.3.0"
-    globby "^9.1.0"
-
-chokidar@^2.0.3, chokidar@^2.1.8:
-  version "2.1.8"
-  resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-2.1.8.tgz#804b3a7b6a99358c3c5c61e71d8728f041cff917"
-  integrity sha512-ZmZUazfOzf0Nve7duiCKD23PFSCs4JPoYyccjUFF3aQkQadqBhfzhjkwBH2mNOG9cTBwhamM37EIsIkZw3nRgg==
-  dependencies:
-    anymatch "^2.0.0"
-    async-each "^1.0.1"
-    braces "^2.3.2"
-    glob-parent "^3.1.0"
-    inherits "^2.0.3"
-    is-binary-path "^1.0.0"
-    is-glob "^4.0.0"
-    normalize-path "^3.0.0"
-    path-is-absolute "^1.0.0"
-    readdirp "^2.2.1"
-    upath "^1.1.1"
-  optionalDependencies:
-    fsevents "^1.2.7"
-
-chokidar@^3.4.1:
-  version "3.5.2"
-  resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.2.tgz#dba3976fcadb016f66fd365021d91600d01c1e75"
-  integrity sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==
-  dependencies:
-    anymatch "~3.1.2"
-    braces "~3.0.2"
-    glob-parent "~5.1.2"
-    is-binary-path "~2.1.0"
-    is-glob "~4.0.1"
-    normalize-path "~3.0.0"
-    readdirp "~3.6.0"
-  optionalDependencies:
-    fsevents "~2.3.2"
-
-chownr@^1.1.1:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.1.4.tgz#6fc9d7b42d32a583596337666e7d08084da2cc6b"
-  integrity sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==
-
-chrome-trace-event@^1.0.2:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz#1015eced4741e15d06664a957dbbf50d041e26ac"
-  integrity sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==
-
-ci-info@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-2.0.0.tgz#67a9e964be31a51e15e5010d58e6f12834002f46"
-  integrity sha512-5tK7EtrZ0N+OLFMthtqOj4fI2Jeb88C4CAZPu25LDVUgXJ0A3Js4PMGqrn0JU1W0Mh1/Z8wZzYPxqUrXeBboCQ==
-
-ci-info@^3.0.0:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.2.0.tgz#2876cb948a498797b5236f0095bc057d0dca38b6"
-  integrity sha512-dVqRX7fLUm8J6FgHJ418XuIgDLZDkYcDFTeL6TA2gt5WlIZUQrrH6EZrNClwT/H0FateUsZkGIOPRrLbP+PR9A==
-
-cipher-base@^1.0.0, cipher-base@^1.0.1, cipher-base@^1.0.3:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/cipher-base/-/cipher-base-1.0.4.tgz#8760e4ecc272f4c363532f926d874aae2c1397de"
-  integrity sha512-Kkht5ye6ZGmwv40uUDZztayT2ThLQGfnj/T71N/XzeZeo3nf8foyW7zGTsPYkEya3m5f3cAypH+qe7YOrM1U2Q==
-  dependencies:
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
-class-utils@^0.3.5:
-  version "0.3.6"
-  resolved "https://registry.yarnpkg.com/class-utils/-/class-utils-0.3.6.tgz#f93369ae8b9a7ce02fd41faad0ca83033190c463"
-  integrity sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg==
-  dependencies:
-    arr-union "^3.1.0"
-    define-property "^0.2.5"
-    isobject "^3.0.0"
-    static-extend "^0.1.1"
-
-clean-css@4.2.x:
-  version "4.2.3"
-  resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-4.2.3.tgz#507b5de7d97b48ee53d84adb0160ff6216380f78"
-  integrity sha512-VcMWDN54ZN/DS+g58HYL5/n4Zrqe8vHJpGA8KdgUXFU4fuP/aHNw8eld9SyEIyabIMJX/0RaY/fplOo5hYLSFA==
-  dependencies:
-    source-map "~0.6.0"
-
-cli-boxes@^2.2.0:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-2.2.1.tgz#ddd5035d25094fce220e9cab40a45840a440318f"
-  integrity sha512-y4coMcylgSCdVinjiDBuR8PCC2bLjyGTwEmPb9NHR/QaNU6EUOXcTY/s6VjGMD6ENSEaeQYHCY0GNGS5jfMwPw==
-
-cliui@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/cliui/-/cliui-5.0.0.tgz#deefcfdb2e800784aa34f46fa08e06851c7bbbc5"
-  integrity sha512-PYeGSEmmHM6zvoef2w8TPzlrnNpXIjTipYK780YswmIP9vjxmd6Y2a3CB2Ks6/AU8NHjZugXvo8w3oWM2qnwXA==
-  dependencies:
-    string-width "^3.1.0"
-    strip-ansi "^5.2.0"
-    wrap-ansi "^5.1.0"
-
-clone-deep@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/clone-deep/-/clone-deep-4.0.1.tgz#c19fd9bdbbf85942b4fd979c84dcf7d5f07c2387"
-  integrity sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==
-  dependencies:
-    is-plain-object "^2.0.4"
-    kind-of "^6.0.2"
-    shallow-clone "^3.0.0"
-
-clone-response@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/clone-response/-/clone-response-1.0.2.tgz#d1dc973920314df67fbeb94223b4ee350239e96b"
-  integrity sha1-0dyXOSAxTfZ/vrlCI7TuNQI56Ws=
-  dependencies:
-    mimic-response "^1.0.0"
-
-coa@^2.0.2:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/coa/-/coa-2.0.2.tgz#43f6c21151b4ef2bf57187db0d73de229e3e7ec3"
-  integrity sha512-q5/jG+YQnSy4nRTV4F7lPepBJZ8qBNJJDBuJdoejDyLXgmL7IEo+Le2JDZudFTFt7mrCqIRaSjws4ygRCTCAXA==
-  dependencies:
-    "@types/q" "^1.5.1"
-    chalk "^2.4.1"
-    q "^1.1.2"
-
-code-point-at@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/code-point-at/-/code-point-at-1.1.0.tgz#0d070b4d043a5bea33a2f1a40e2edb3d9a4ccf77"
-  integrity sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c=
-
-collection-visit@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/collection-visit/-/collection-visit-1.0.0.tgz#4bc0373c164bc3291b4d368c829cf1a80a59dca0"
-  integrity sha1-S8A3PBZLwykbTTaMgpzxqApZ3KA=
-  dependencies:
-    map-visit "^1.0.0"
-    object-visit "^1.0.0"
-
-color-convert@^1.9.0, color-convert@^1.9.3:
-  version "1.9.3"
-  resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.3.tgz#bb71850690e1f136567de629d2d5471deda4c1e8"
-  integrity sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==
-  dependencies:
-    color-name "1.1.3"
-
-color-convert@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3"
-  integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
-  dependencies:
-    color-name "~1.1.4"
-
-color-name@1.1.3:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25"
-  integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=
-
-color-name@^1.0.0, color-name@~1.1.4:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
-  integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
-
-color-string@^1.6.0:
-  version "1.6.0"
-  resolved "https://registry.yarnpkg.com/color-string/-/color-string-1.6.0.tgz#c3915f61fe267672cb7e1e064c9d692219f6c312"
-  integrity sha512-c/hGS+kRWJutUBEngKKmk4iH3sD59MBkoxVapS/0wgpCz2u7XsNloxknyvBhzwEs1IbV36D9PwqLPJ2DTu3vMA==
-  dependencies:
-    color-name "^1.0.0"
-    simple-swizzle "^0.2.2"
-
-color@^3.0.0:
-  version "3.2.1"
-  resolved "https://registry.yarnpkg.com/color/-/color-3.2.1.tgz#3544dc198caf4490c3ecc9a790b54fe9ff45e164"
-  integrity sha512-aBl7dZI9ENN6fUGC7mWpMTPNHmWUSNan9tuWN6ahh5ZLNk9baLJOnSMlrQkHcrfFgz2/RigjUVAjdx36VcemKA==
-  dependencies:
-    color-convert "^1.9.3"
-    color-string "^1.6.0"
-
-colorette@^1.2.1, colorette@^1.2.2:
-  version "1.2.2"
-  resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.2.2.tgz#cbcc79d5e99caea2dbf10eb3a26fd8b3e6acfa94"
-  integrity sha512-MKGMzyfeuutC/ZJ1cba9NqcNpfeqMUcYmyF1ZFY6/Cn7CNSAKx6a+s48sqLqyAiZuaP2TcqMhoo+dlwFnVxT9w==
-
-combined-stream@^1.0.6, combined-stream@~1.0.6:
-  version "1.0.8"
-  resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
-  integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
-  dependencies:
-    delayed-stream "~1.0.0"
-
-commander@2, commander@^2.19.0, commander@^2.20.0:
-  version "2.20.3"
-  resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.3.tgz#fd485e84c03eb4881c20722ba48035e8531aeb33"
-  integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==
-
-commander@2.17.x:
-  version "2.17.1"
-  resolved "https://registry.yarnpkg.com/commander/-/commander-2.17.1.tgz#bd77ab7de6de94205ceacc72f1716d29f20a77bf"
-  integrity sha512-wPMUt6FnH2yzG95SA6mzjQOEKUU3aLaDEmzs1ti+1E9h+CsrZghRlqEM/EJ4KscsQVG8uNN4uVreUeT8+drlgg==
-
-commander@7:
-  version "7.2.0"
-  resolved "https://registry.yarnpkg.com/commander/-/commander-7.2.0.tgz#a36cb57d0b501ce108e4d20559a150a391d97ab7"
-  integrity sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==
-
-commander@~2.19.0:
-  version "2.19.0"
-  resolved "https://registry.yarnpkg.com/commander/-/commander-2.19.0.tgz#f6198aa84e5b83c46054b94ddedbfed5ee9ff12a"
-  integrity sha512-6tvAOO+D6OENvRAh524Dh9jcfKTYDQAqvqezbCW82xj5X0pSrcpxtvRKHLG0yBY6SD7PSDrJaj+0AiOcKVd1Xg==
-
-commondir@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/commondir/-/commondir-1.0.1.tgz#ddd800da0c66127393cca5950ea968a3aaf1253b"
-  integrity sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=
-
-component-emitter@^1.2.1:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0"
-  integrity sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==
-
-compressible@~2.0.16:
-  version "2.0.18"
-  resolved "https://registry.yarnpkg.com/compressible/-/compressible-2.0.18.tgz#af53cca6b070d4c3c0750fbd77286a6d7cc46fba"
-  integrity sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==
-  dependencies:
-    mime-db ">= 1.43.0 < 2"
-
-compression@^1.7.4:
-  version "1.7.4"
-  resolved "https://registry.yarnpkg.com/compression/-/compression-1.7.4.tgz#95523eff170ca57c29a0ca41e6fe131f41e5bb8f"
-  integrity sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==
-  dependencies:
-    accepts "~1.3.5"
-    bytes "3.0.0"
-    compressible "~2.0.16"
-    debug "2.6.9"
-    on-headers "~1.0.2"
-    safe-buffer "5.1.2"
-    vary "~1.1.2"
-
-concat-map@0.0.1:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
-  integrity sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=
-
-concat-stream@^1.5.0:
-  version "1.6.2"
-  resolved "https://registry.yarnpkg.com/concat-stream/-/concat-stream-1.6.2.tgz#904bdf194cd3122fc675c77fc4ac3d4ff0fd1a34"
-  integrity sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==
-  dependencies:
-    buffer-from "^1.0.0"
-    inherits "^2.0.3"
-    readable-stream "^2.2.2"
-    typedarray "^0.0.6"
-
-configstore@^5.0.1:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/configstore/-/configstore-5.0.1.tgz#d365021b5df4b98cdd187d6a3b0e3f6a7cc5ed96"
-  integrity sha512-aMKprgk5YhBNyH25hj8wGt2+D52Sw1DRRIzqBwLp2Ya9mFmY8KPvvtvmna8SxVR9JMZ4kzMD68N22vlaRpkeFA==
-  dependencies:
-    dot-prop "^5.2.0"
-    graceful-fs "^4.1.2"
-    make-dir "^3.0.0"
-    unique-string "^2.0.0"
-    write-file-atomic "^3.0.0"
-    xdg-basedir "^4.0.0"
-
-connect-history-api-fallback@^1.5.0, connect-history-api-fallback@^1.6.0:
-  version "1.6.0"
-  resolved "https://registry.yarnpkg.com/connect-history-api-fallback/-/connect-history-api-fallback-1.6.0.tgz#8b32089359308d111115d81cad3fceab888f97bc"
-  integrity sha512-e54B99q/OUoH64zYYRf3HBP5z24G38h5D3qXu23JGRoigpX5Ss4r9ZnDk3g0Z8uQC2x2lPaJ+UlWBc1ZWBWdLg==
-
-consola@^2.6.0:
-  version "2.15.3"
-  resolved "https://registry.yarnpkg.com/consola/-/consola-2.15.3.tgz#2e11f98d6a4be71ff72e0bdf07bd23e12cb61550"
-  integrity sha512-9vAdYbHj6x2fLKC4+oPH0kFzY/orMZyG2Aj+kNylHxKGJ/Ed4dpNyAQYwJOdqO4zdM7XpVHmyejQDcQHrnuXbw==
-
-console-browserify@^1.1.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/console-browserify/-/console-browserify-1.2.0.tgz#67063cef57ceb6cf4993a2ab3a55840ae8c49336"
-  integrity sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA==
-
-console-control-strings@^1.0.0, console-control-strings@~1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/console-control-strings/-/console-control-strings-1.1.0.tgz#3d7cf4464db6446ea644bf4b39507f9851008e8e"
-  integrity sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=
-
-consolidate@^0.15.1:
-  version "0.15.1"
-  resolved "https://registry.yarnpkg.com/consolidate/-/consolidate-0.15.1.tgz#21ab043235c71a07d45d9aad98593b0dba56bab7"
-  integrity sha512-DW46nrsMJgy9kqAbPt5rKaCr7uFtpo4mSUvLHIUbJEjm0vo+aY5QLwBUq3FK4tRnJr/X0Psc0C4jf/h+HtXSMw==
-  dependencies:
-    bluebird "^3.1.1"
-
-constants-browserify@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/constants-browserify/-/constants-browserify-1.0.0.tgz#c20b96d8c617748aaf1c16021760cd27fcb8cb75"
-  integrity sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U=
-
-content-disposition@0.5.3:
-  version "0.5.3"
-  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.3.tgz#e130caf7e7279087c5616c2007d0485698984fbd"
-  integrity sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==
-  dependencies:
-    safe-buffer "5.1.2"
-
-content-type@~1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.4.tgz#e138cc75e040c727b1966fe5e5f8c9aee256fe3b"
-  integrity sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==
-
-convert-source-map@^1.7.0:
-  version "1.8.0"
-  resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.8.0.tgz#f3373c32d21b4d780dd8004514684fb791ca4369"
-  integrity sha512-+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA==
-  dependencies:
-    safe-buffer "~5.1.1"
-
-cookie-signature@1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
-  integrity sha1-4wOogrNCzD7oylE6eZmXNNqzriw=
-
-cookie@0.4.0:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
-  integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
-
-copy-concurrently@^1.0.0:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/copy-concurrently/-/copy-concurrently-1.0.5.tgz#92297398cae34937fcafd6ec8139c18051f0b5e0"
-  integrity sha512-f2domd9fsVDFtaFcbaRZuYXwtdmnzqbADSwhSWYxYB/Q8zsdUUFMXVRwXGDMWmbEzAn1kdRrtI1T/KTFOL4X2A==
-  dependencies:
-    aproba "^1.1.1"
-    fs-write-stream-atomic "^1.0.8"
-    iferr "^0.1.5"
-    mkdirp "^0.5.1"
-    rimraf "^2.5.4"
-    run-queue "^1.0.0"
-
-copy-descriptor@^0.1.0:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d"
-  integrity sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=
-
-copy-webpack-plugin@^5.0.2:
-  version "5.1.2"
-  resolved "https://registry.yarnpkg.com/copy-webpack-plugin/-/copy-webpack-plugin-5.1.2.tgz#8a889e1dcafa6c91c6cd4be1ad158f1d3823bae2"
-  integrity sha512-Uh7crJAco3AjBvgAy9Z75CjK8IG+gxaErro71THQ+vv/bl4HaQcpkexAY8KVW/T6D2W2IRr+couF/knIRkZMIQ==
-  dependencies:
-    cacache "^12.0.3"
-    find-cache-dir "^2.1.0"
-    glob-parent "^3.1.0"
-    globby "^7.1.1"
-    is-glob "^4.0.1"
-    loader-utils "^1.2.3"
-    minimatch "^3.0.4"
-    normalize-path "^3.0.0"
-    p-limit "^2.2.1"
-    schema-utils "^1.0.0"
-    serialize-javascript "^4.0.0"
-    webpack-log "^2.0.0"
-
-core-js-compat@^3.14.0, core-js-compat@^3.15.0, core-js-compat@^3.6.5:
-  version "3.15.2"
-  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.15.2.tgz#47272fbb479880de14b4e6081f71f3492f5bd3cb"
-  integrity sha512-Wp+BJVvwopjI+A1EFqm2dwUmWYXrvucmtIB2LgXn/Rb+gWPKYxtmb4GKHGKG/KGF1eK9jfjzT38DITbTOCX/SQ==
-  dependencies:
-    browserslist "^4.16.6"
-    semver "7.0.0"
-
-core-js@^3.6.4, core-js@^3.6.5:
-  version "3.15.2"
-  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.15.2.tgz#740660d2ff55ef34ce664d7e2455119c5bdd3d61"
-  integrity sha512-tKs41J7NJVuaya8DxIOCnl8QuPHx5/ZVbFo1oKgVl1qHFBBrDctzQGtuLjPpRdNTWmKPH6oEvgN/MUID+l485Q==
-
-core-util-is@1.0.2, core-util-is@~1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
-  integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
-
-cosmiconfig@^5.0.0:
-  version "5.2.1"
-  resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-5.2.1.tgz#040f726809c591e77a17c0a3626ca45b4f168b1a"
-  integrity sha512-H65gsXo1SKjf8zmrJ67eJk8aIRKV5ff2D4uKZIBZShbhGSpEmsQOPW/SKMKYhSTrqR7ufy6RP69rPogdaPh/kA==
-  dependencies:
-    import-fresh "^2.0.0"
-    is-directory "^0.3.1"
-    js-yaml "^3.13.1"
-    parse-json "^4.0.0"
-
-create-ecdh@^4.0.0:
-  version "4.0.4"
-  resolved "https://registry.yarnpkg.com/create-ecdh/-/create-ecdh-4.0.4.tgz#d6e7f4bffa66736085a0762fd3a632684dabcc4e"
-  integrity sha512-mf+TCx8wWc9VpuxfP2ht0iSISLZnt0JgWlrOKZiNqyUZWnjIaCIVNQArMHnCZKfEYRg6IM7A+NeJoN8gf/Ws0A==
-  dependencies:
-    bn.js "^4.1.0"
-    elliptic "^6.5.3"
-
-create-hash@^1.1.0, create-hash@^1.1.2, create-hash@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/create-hash/-/create-hash-1.2.0.tgz#889078af11a63756bcfb59bd221996be3a9ef196"
-  integrity sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==
-  dependencies:
-    cipher-base "^1.0.1"
-    inherits "^2.0.1"
-    md5.js "^1.3.4"
-    ripemd160 "^2.0.1"
-    sha.js "^2.4.0"
-
-create-hmac@^1.1.0, create-hmac@^1.1.4, create-hmac@^1.1.7:
-  version "1.1.7"
-  resolved "https://registry.yarnpkg.com/create-hmac/-/create-hmac-1.1.7.tgz#69170c78b3ab957147b2b8b04572e47ead2243ff"
-  integrity sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==
-  dependencies:
-    cipher-base "^1.0.3"
-    create-hash "^1.1.0"
-    inherits "^2.0.1"
-    ripemd160 "^2.0.0"
-    safe-buffer "^5.0.1"
-    sha.js "^2.4.8"
-
-cross-spawn@^3.0.0:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-3.0.1.tgz#1256037ecb9f0c5f79e3d6ef135e30770184b982"
-  integrity sha1-ElYDfsufDF9549bvE14wdwGEuYI=
-  dependencies:
-    lru-cache "^4.0.1"
-    which "^1.2.9"
-
-cross-spawn@^6.0.0, cross-spawn@^6.0.5:
-  version "6.0.5"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-6.0.5.tgz#4a5ec7c64dfae22c3a14124dbacdee846d80cbc4"
-  integrity sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==
-  dependencies:
-    nice-try "^1.0.4"
-    path-key "^2.0.1"
-    semver "^5.5.0"
-    shebang-command "^1.2.0"
-    which "^1.2.9"
-
-crypto-browserify@^3.11.0:
-  version "3.12.0"
-  resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec"
-  integrity sha512-fz4spIh+znjO2VjL+IdhEpRJ3YN6sMzITSBijk6FK2UvTqruSQW+/cCZTSNsMiZNvUeq0CqurF+dAbyiGOY6Wg==
-  dependencies:
-    browserify-cipher "^1.0.0"
-    browserify-sign "^4.0.0"
-    create-ecdh "^4.0.0"
-    create-hash "^1.1.0"
-    create-hmac "^1.1.0"
-    diffie-hellman "^5.0.0"
-    inherits "^2.0.1"
-    pbkdf2 "^3.0.3"
-    public-encrypt "^4.0.0"
-    randombytes "^2.0.0"
-    randomfill "^1.0.3"
-
-crypto-random-string@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-2.0.0.tgz#ef2a7a966ec11083388369baa02ebead229b30d5"
-  integrity sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==
-
-css-color-names@0.0.4, css-color-names@^0.0.4:
-  version "0.0.4"
-  resolved "https://registry.yarnpkg.com/css-color-names/-/css-color-names-0.0.4.tgz#808adc2e79cf84738069b646cb20ec27beb629e0"
-  integrity sha1-gIrcLnnPhHOAabZGyyDsJ762KeA=
-
-css-declaration-sorter@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/css-declaration-sorter/-/css-declaration-sorter-4.0.1.tgz#c198940f63a76d7e36c1e71018b001721054cb22"
-  integrity sha512-BcxQSKTSEEQUftYpBVnsH4SF05NTuBokb19/sBt6asXGKZ/6VP7PLG1CBCkFDYOnhXhPh0jMhO6xZ71oYHXHBA==
-  dependencies:
-    postcss "^7.0.1"
-    timsort "^0.3.0"
-
-css-loader@^2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-2.1.1.tgz#d8254f72e412bb2238bb44dd674ffbef497333ea"
-  integrity sha512-OcKJU/lt232vl1P9EEDamhoO9iKY3tIjY5GU+XDLblAykTdgs6Ux9P1hTHve8nFKy5KPpOXOsVI/hIwi3841+w==
-  dependencies:
-    camelcase "^5.2.0"
-    icss-utils "^4.1.0"
-    loader-utils "^1.2.3"
-    normalize-path "^3.0.0"
-    postcss "^7.0.14"
-    postcss-modules-extract-imports "^2.0.0"
-    postcss-modules-local-by-default "^2.0.6"
-    postcss-modules-scope "^2.1.0"
-    postcss-modules-values "^2.0.0"
-    postcss-value-parser "^3.3.0"
-    schema-utils "^1.0.0"
-
-css-parse@~2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/css-parse/-/css-parse-2.0.0.tgz#a468ee667c16d81ccf05c58c38d2a97c780dbfd4"
-  integrity sha1-pGjuZnwW2BzPBcWMONKpfHgNv9Q=
-  dependencies:
-    css "^2.0.0"
-
-css-select-base-adapter@^0.1.1:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/css-select-base-adapter/-/css-select-base-adapter-0.1.1.tgz#3b2ff4972cc362ab88561507a95408a1432135d7"
-  integrity sha512-jQVeeRG70QI08vSTwf1jHxp74JoZsr2XSgETae8/xC8ovSnL2WF87GTLO86Sbwdt2lK4Umg4HnnwMO4YF3Ce7w==
-
-css-select@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/css-select/-/css-select-2.1.0.tgz#6a34653356635934a81baca68d0255432105dbef"
-  integrity sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==
-  dependencies:
-    boolbase "^1.0.0"
-    css-what "^3.2.1"
-    domutils "^1.7.0"
-    nth-check "^1.0.2"
-
-css-select@^4.1.3:
-  version "4.1.3"
-  resolved "https://registry.yarnpkg.com/css-select/-/css-select-4.1.3.tgz#a70440f70317f2669118ad74ff105e65849c7067"
-  integrity sha512-gT3wBNd9Nj49rAbmtFHj1cljIAOLYSX1nZ8CB7TBO3INYckygm5B7LISU/szY//YmdiSLbJvDLOx9VnMVpMBxA==
-  dependencies:
-    boolbase "^1.0.0"
-    css-what "^5.0.0"
-    domhandler "^4.2.0"
-    domutils "^2.6.0"
-    nth-check "^2.0.0"
-
-css-tree@1.0.0-alpha.37:
-  version "1.0.0-alpha.37"
-  resolved "https://registry.yarnpkg.com/css-tree/-/css-tree-1.0.0-alpha.37.tgz#98bebd62c4c1d9f960ec340cf9f7522e30709a22"
-  integrity sha512-DMxWJg0rnz7UgxKT0Q1HU/L9BeJI0M6ksor0OgqOnF+aRCDWg/N2641HmVyU9KVIu0OVVWOb2IpC9A+BJRnejg==
-  dependencies:
-    mdn-data "2.0.4"
-    source-map "^0.6.1"
-
-css-tree@^1.1.2:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/css-tree/-/css-tree-1.1.3.tgz#eb4870fb6fd7707327ec95c2ff2ab09b5e8db91d"
-  integrity sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==
-  dependencies:
-    mdn-data "2.0.14"
-    source-map "^0.6.1"
-
-css-what@^3.2.1:
-  version "3.4.2"
-  resolved "https://registry.yarnpkg.com/css-what/-/css-what-3.4.2.tgz#ea7026fcb01777edbde52124e21f327e7ae950e4"
-  integrity sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==
-
-css-what@^5.0.0:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/css-what/-/css-what-5.0.1.tgz#3efa820131f4669a8ac2408f9c32e7c7de9f4cad"
-  integrity sha512-FYDTSHb/7KXsWICVsxdmiExPjCfRC4qRFBdVwv7Ax9hMnvMmEjP9RfxTEZ3qPZGmADDn2vAKSo9UcN1jKVYscg==
-
-css@^2.0.0:
-  version "2.2.4"
-  resolved "https://registry.yarnpkg.com/css/-/css-2.2.4.tgz#c646755c73971f2bba6a601e2cf2fd71b1298929"
-  integrity sha512-oUnjmWpy0niI3x/mPL8dVEI1l7MnG3+HHyRPHf+YFSbK+svOhXpmSOcDURUh2aOCgl2grzrOPt1nHLuCVFULLw==
-  dependencies:
-    inherits "^2.0.3"
-    source-map "^0.6.1"
-    source-map-resolve "^0.5.2"
-    urix "^0.1.0"
-
-cssesc@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/cssesc/-/cssesc-3.0.0.tgz#37741919903b868565e1c09ea747445cd18983ee"
-  integrity sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==
-
-cssnano-preset-default@^4.0.8:
-  version "4.0.8"
-  resolved "https://registry.yarnpkg.com/cssnano-preset-default/-/cssnano-preset-default-4.0.8.tgz#920622b1fc1e95a34e8838203f1397a504f2d3ff"
-  integrity sha512-LdAyHuq+VRyeVREFmuxUZR1TXjQm8QQU/ktoo/x7bz+SdOge1YKc5eMN6pRW7YWBmyq59CqYba1dJ5cUukEjLQ==
-  dependencies:
-    css-declaration-sorter "^4.0.1"
-    cssnano-util-raw-cache "^4.0.1"
-    postcss "^7.0.0"
-    postcss-calc "^7.0.1"
-    postcss-colormin "^4.0.3"
-    postcss-convert-values "^4.0.1"
-    postcss-discard-comments "^4.0.2"
-    postcss-discard-duplicates "^4.0.2"
-    postcss-discard-empty "^4.0.1"
-    postcss-discard-overridden "^4.0.1"
-    postcss-merge-longhand "^4.0.11"
-    postcss-merge-rules "^4.0.3"
-    postcss-minify-font-values "^4.0.2"
-    postcss-minify-gradients "^4.0.2"
-    postcss-minify-params "^4.0.2"
-    postcss-minify-selectors "^4.0.2"
-    postcss-normalize-charset "^4.0.1"
-    postcss-normalize-display-values "^4.0.2"
-    postcss-normalize-positions "^4.0.2"
-    postcss-normalize-repeat-style "^4.0.2"
-    postcss-normalize-string "^4.0.2"
-    postcss-normalize-timing-functions "^4.0.2"
-    postcss-normalize-unicode "^4.0.1"
-    postcss-normalize-url "^4.0.1"
-    postcss-normalize-whitespace "^4.0.2"
-    postcss-ordered-values "^4.1.2"
-    postcss-reduce-initial "^4.0.3"
-    postcss-reduce-transforms "^4.0.2"
-    postcss-svgo "^4.0.3"
-    postcss-unique-selectors "^4.0.1"
-
-cssnano-util-get-arguments@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/cssnano-util-get-arguments/-/cssnano-util-get-arguments-4.0.0.tgz#ed3a08299f21d75741b20f3b81f194ed49cc150f"
-  integrity sha1-7ToIKZ8h11dBsg87gfGU7UnMFQ8=
-
-cssnano-util-get-match@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/cssnano-util-get-match/-/cssnano-util-get-match-4.0.0.tgz#c0e4ca07f5386bb17ec5e52250b4f5961365156d"
-  integrity sha1-wOTKB/U4a7F+xeUiULT1lhNlFW0=
-
-cssnano-util-raw-cache@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/cssnano-util-raw-cache/-/cssnano-util-raw-cache-4.0.1.tgz#b26d5fd5f72a11dfe7a7846fb4c67260f96bf282"
-  integrity sha512-qLuYtWK2b2Dy55I8ZX3ky1Z16WYsx544Q0UWViebptpwn/xDBmog2TLg4f+DBMg1rJ6JDWtn96WHbOKDWt1WQA==
-  dependencies:
-    postcss "^7.0.0"
-
-cssnano-util-same-parent@^4.0.0:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/cssnano-util-same-parent/-/cssnano-util-same-parent-4.0.1.tgz#574082fb2859d2db433855835d9a8456ea18bbf3"
-  integrity sha512-WcKx5OY+KoSIAxBW6UBBRay1U6vkYheCdjyVNDm85zt5K9mHoGOfsOsqIszfAqrQQFIIKgjh2+FDgIj/zsl21Q==
-
-cssnano@^4.1.10:
-  version "4.1.11"
-  resolved "https://registry.yarnpkg.com/cssnano/-/cssnano-4.1.11.tgz#c7b5f5b81da269cb1fd982cb960c1200910c9a99"
-  integrity sha512-6gZm2htn7xIPJOHY824ERgj8cNPgPxyCSnkXc4v7YvNW+TdVfzgngHcEhy/8D11kUWRUMbke+tC+AUcUsnMz2g==
-  dependencies:
-    cosmiconfig "^5.0.0"
-    cssnano-preset-default "^4.0.8"
-    is-resolvable "^1.0.0"
-    postcss "^7.0.0"
-
-csso@^4.0.2:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/csso/-/csso-4.2.0.tgz#ea3a561346e8dc9f546d6febedd50187cf389529"
-  integrity sha512-wvlcdIbf6pwKEk7vHj8/Bkc0B4ylXZruLvOgs9doS5eOsOpuodOV2zJChSpkp+pRpYQLQMeF04nr3Z68Sta9jA==
-  dependencies:
-    css-tree "^1.1.2"
-
-currently-unhandled@^0.4.1:
-  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"
-  integrity sha1-mI3zP+qxke95mmE2nddsF635V+o=
-  dependencies:
-    array-find-index "^1.0.1"
-
-cyclist@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/cyclist/-/cyclist-1.0.1.tgz#596e9698fd0c80e12038c2b82d6eb1b35b6224d9"
-  integrity sha1-WW6WmP0MgOEgOMK4LW6xs1tiJNk=
-
-d3-array@1, d3-array@^1.1.1, d3-array@^1.2.0:
-  version "1.2.4"
-  resolved "https://registry.yarnpkg.com/d3-array/-/d3-array-1.2.4.tgz#635ce4d5eea759f6f605863dbcfc30edc737f71f"
-  integrity sha512-KHW6M86R+FUPYGb3R5XiYjXPq7VzwxZ22buHhAEVG5ztoEcZZMLov530mmccaqA1GghZArjQV46fuc8kUqhhHw==
-
-"d3-array@2 - 3", "d3-array@2.10.0 - 3", "d3-array@2.5.0 - 3", d3-array@3:
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/d3-array/-/d3-array-3.1.1.tgz#7797eb53ead6b9083c75a45a681e93fc41bc468c"
-  integrity sha512-33qQ+ZoZlli19IFiQx4QEpf2CBEayMRzhlisJHSCsSUbDXv6ZishqS1x7uFVClKG4Wr7rZVHvaAttoLow6GqdQ==
-  dependencies:
-    internmap "1 - 2"
-
-d3-axis@1:
-  version "1.0.12"
-  resolved "https://registry.yarnpkg.com/d3-axis/-/d3-axis-1.0.12.tgz#cdf20ba210cfbb43795af33756886fb3638daac9"
-  integrity sha512-ejINPfPSNdGFKEOAtnBtdkpr24c4d4jsei6Lg98mxf424ivoDP2956/5HDpIAtmHo85lqT4pruy+zEgvRUBqaQ==
-
-d3-axis@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-axis/-/d3-axis-3.0.0.tgz#c42a4a13e8131d637b745fc2973824cfeaf93322"
-  integrity sha512-IH5tgjV4jE/GhHkRV0HiVYPDtvfjHQlQfJHs0usq7M30XcSBvOotpmH1IgkcXsO/5gEQZD43B//fc7SRT5S+xw==
-
-d3-brush@1:
-  version "1.1.6"
-  resolved "https://registry.yarnpkg.com/d3-brush/-/d3-brush-1.1.6.tgz#b0a22c7372cabec128bdddf9bddc058592f89e9b"
-  integrity sha512-7RW+w7HfMCPyZLifTz/UnJmI5kdkXtpCbombUSs8xniAyo0vIbrDzDwUJB6eJOgl9u5DQOt2TQlYumxzD1SvYA==
-  dependencies:
-    d3-dispatch "1"
-    d3-drag "1"
-    d3-interpolate "1"
-    d3-selection "1"
-    d3-transition "1"
-
-d3-brush@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-brush/-/d3-brush-3.0.0.tgz#6f767c4ed8dcb79de7ede3e1c0f89e63ef64d31c"
-  integrity sha512-ALnjWlVYkXsVIGlOsuWH1+3udkYFI48Ljihfnh8FZPF2QS9o+PzGLBslO0PjzVoHLZ2KCVgAM8NVkXPJB2aNnQ==
-  dependencies:
-    d3-dispatch "1 - 3"
-    d3-drag "2 - 3"
-    d3-interpolate "1 - 3"
-    d3-selection "3"
-    d3-transition "3"
-
-d3-chord@1:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/d3-chord/-/d3-chord-1.0.6.tgz#309157e3f2db2c752f0280fedd35f2067ccbb15f"
-  integrity sha512-JXA2Dro1Fxw9rJe33Uv+Ckr5IrAa74TlfDEhE/jfLOaXegMQFQTAgAw9WnZL8+HxVBRXaRGCkrNU7pJeylRIuA==
-  dependencies:
-    d3-array "1"
-    d3-path "1"
-
-d3-chord@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-chord/-/d3-chord-3.0.1.tgz#d156d61f485fce8327e6abf339cb41d8cbba6966"
-  integrity sha512-VE5S6TNa+j8msksl7HwjxMHDM2yNK3XCkusIlpX5kwauBfXuyLAtNg9jCp/iHH61tgI4sb6R/EIMWCqEIdjT/g==
-  dependencies:
-    d3-path "1 - 3"
-
-d3-collection@1:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/d3-collection/-/d3-collection-1.0.7.tgz#349bd2aa9977db071091c13144d5e4f16b5b310e"
-  integrity sha512-ii0/r5f4sjKNTfh84Di+DpztYwqKhEyUlKoPrzUFfeSkWxjW49xU2QzO9qrPrNkpdI0XJkfzvmTu8V2Zylln6A==
-
-d3-color@1:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/d3-color/-/d3-color-1.4.1.tgz#c52002bf8846ada4424d55d97982fef26eb3bc8a"
-  integrity sha512-p2sTHSLCJI2QKunbGb7ocOh7DgTAn8IrLx21QRc/BSnodXM4sv6aLQlnfpvehFMLZEfBc6g9pH9SWQccFYfJ9Q==
-
-"d3-color@1 - 3", d3-color@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-color/-/d3-color-3.0.1.tgz#03316e595955d1fcd39d9f3610ad41bb90194d0a"
-  integrity sha512-6/SlHkDOBLyQSJ1j1Ghs82OIUXpKWlR0hCsw0XrLSQhuUPuCSmLQ1QPH98vpnQxMUQM2/gfAkUEWsupVpd9JGw==
-
-d3-contour@1:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/d3-contour/-/d3-contour-1.3.2.tgz#652aacd500d2264cb3423cee10db69f6f59bead3"
-  integrity sha512-hoPp4K/rJCu0ladiH6zmJUEz6+u3lgR+GSm/QdM2BBvDraU39Vr7YdDCicJcxP1z8i9B/2dJLgDC1NcvlF8WCg==
-  dependencies:
-    d3-array "^1.1.1"
-
-d3-contour@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-contour/-/d3-contour-3.0.1.tgz#2c64255d43059599cd0dba8fe4cc3d51ccdd9bbd"
-  integrity sha512-0Oc4D0KyhwhM7ZL0RMnfGycLN7hxHB8CMmwZ3+H26PWAG0ozNuYG5hXSDNgmP1SgJkQMrlG6cP20HoaSbvcJTQ==
-  dependencies:
-    d3-array "2 - 3"
-
-d3-delaunay@6:
-  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/d3-delaunay/-/d3-delaunay-6.0.2.tgz#7fd3717ad0eade2fc9939f4260acfb503f984e92"
-  integrity sha512-IMLNldruDQScrcfT+MWnazhHbDJhcRJyOEBAJfwQnHle1RPh6WDuLvxNArUju2VSMSUuKlY5BGHRJ2cYyoFLQQ==
-  dependencies:
-    delaunator "5"
-
-d3-dispatch@1:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/d3-dispatch/-/d3-dispatch-1.0.6.tgz#00d37bcee4dd8cd97729dd893a0ac29caaba5d58"
-  integrity sha512-fVjoElzjhCEy+Hbn8KygnmMS7Or0a9sI2UzGwoB7cCtvI1XpVN9GpoYlnb3xt2YV66oXYb1fLJ8GMvP4hdU1RA==
-
-"d3-dispatch@1 - 3", d3-dispatch@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-dispatch/-/d3-dispatch-3.0.1.tgz#5fc75284e9c2375c36c839411a0cf550cbfc4d5e"
-  integrity sha512-rzUyPU/S7rwUflMyLc1ETDeBj0NRuHKKAcvukozwhshr6g6c5d8zh4c2gQjY2bZ0dXeGLWc1PF174P2tVvKhfg==
-
-d3-drag@1:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/d3-drag/-/d3-drag-1.2.5.tgz#2537f451acd39d31406677b7dc77c82f7d988f70"
-  integrity sha512-rD1ohlkKQwMZYkQlYVCrSFxsWPzI97+W+PaEIBNTMxRuxz9RF0Hi5nJWHGVJ3Om9d2fRTe1yOBINJyy/ahV95w==
-  dependencies:
-    d3-dispatch "1"
-    d3-selection "1"
-
-"d3-drag@2 - 3", d3-drag@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-drag/-/d3-drag-3.0.0.tgz#994aae9cd23c719f53b5e10e3a0a6108c69607ba"
-  integrity sha512-pWbUJLdETVA8lQNJecMxoXfH6x+mO2UQo8rSmZ+QqxcbyA3hfeprFgIT//HW2nlHChWeIIMwS2Fq+gEARkhTkg==
-  dependencies:
-    d3-dispatch "1 - 3"
-    d3-selection "3"
-
-d3-dsv@1:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/d3-dsv/-/d3-dsv-1.2.0.tgz#9d5f75c3a5f8abd611f74d3f5847b0d4338b885c"
-  integrity sha512-9yVlqvZcSOMhCYzniHE7EVUws7Fa1zgw+/EAV2BxJoG3ME19V6BQFBwI855XQDsxyOuG7NibqRMTtiF/Qup46g==
-  dependencies:
-    commander "2"
-    iconv-lite "0.4"
-    rw "1"
-
-"d3-dsv@1 - 3", d3-dsv@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-dsv/-/d3-dsv-3.0.1.tgz#c63af978f4d6a0d084a52a673922be2160789b73"
-  integrity sha512-UG6OvdI5afDIFP9w4G0mNq50dSOsXHJaRE8arAS5o9ApWnIElp8GZw1Dun8vP8OyHOZ/QJUKUJwxiiCCnUwm+Q==
-  dependencies:
-    commander "7"
-    iconv-lite "0.6"
-    rw "1"
-
-d3-ease@1:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/d3-ease/-/d3-ease-1.0.7.tgz#9a834890ef8b8ae8c558b2fe55bd57f5993b85e2"
-  integrity sha512-lx14ZPYkhNx0s/2HX5sLFUI3mbasHjSSpwO/KaaNACweVwxUruKyWVcb293wMv1RqTPZyZ8kSZ2NogUZNcLOFQ==
-
-"d3-ease@1 - 3", d3-ease@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-ease/-/d3-ease-3.0.1.tgz#9658ac38a2140d59d346160f1f6c30fda0bd12f4"
-  integrity sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==
-
-d3-fetch@1:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/d3-fetch/-/d3-fetch-1.2.0.tgz#15ce2ecfc41b092b1db50abd2c552c2316cf7fc7"
-  integrity sha512-yC78NBVcd2zFAyR/HnUiBS7Lf6inSCoWcSxFfw8FYL7ydiqe80SazNwoffcqOfs95XaLo7yebsmQqDKSsXUtvA==
-  dependencies:
-    d3-dsv "1"
-
-d3-fetch@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-fetch/-/d3-fetch-3.0.1.tgz#83141bff9856a0edb5e38de89cdcfe63d0a60a22"
-  integrity sha512-kpkQIM20n3oLVBKGg6oHrUchHM3xODkTzjMoj7aWQFq5QEM+R6E4WkzT5+tojDY7yjez8KgCBRoj4aEr99Fdqw==
-  dependencies:
-    d3-dsv "1 - 3"
-
-d3-force@1:
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/d3-force/-/d3-force-1.2.1.tgz#fd29a5d1ff181c9e7f0669e4bd72bdb0e914ec0b"
-  integrity sha512-HHvehyaiUlVo5CxBJ0yF/xny4xoaxFxDnBXNvNcfW9adORGZfyNF1dj6DGLKyk4Yh3brP/1h3rnDzdIAwL08zg==
-  dependencies:
-    d3-collection "1"
-    d3-dispatch "1"
-    d3-quadtree "1"
-    d3-timer "1"
-
-d3-force@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-force/-/d3-force-3.0.0.tgz#3e2ba1a61e70888fe3d9194e30d6d14eece155c4"
-  integrity sha512-zxV/SsA+U4yte8051P4ECydjD/S+qeYtnaIyAs9tgHCqfguma/aAQDjo85A9Z6EKhBirHRJHXIgJUlffT4wdLg==
-  dependencies:
-    d3-dispatch "1 - 3"
-    d3-quadtree "1 - 3"
-    d3-timer "1 - 3"
-
-d3-format@1:
-  version "1.4.5"
-  resolved "https://registry.yarnpkg.com/d3-format/-/d3-format-1.4.5.tgz#374f2ba1320e3717eb74a9356c67daee17a7edb4"
-  integrity sha512-J0piedu6Z8iB6TbIGfZgDzfXxUFN3qQRMofy2oPdXzQibYGqPB/9iMcxr/TGalU+2RsyDO+U4f33id8tbnSRMQ==
-
-"d3-format@1 - 3", d3-format@3:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/d3-format/-/d3-format-3.1.0.tgz#9260e23a28ea5cb109e93b21a06e24e2ebd55641"
-  integrity sha512-YyUI6AEuY/Wpt8KWLgZHsIU86atmikuoOmCfommt0LYHiQSPjvX2AcFc38PX0CBpr2RCyZhjex+NS/LPOv6YqA==
-
-d3-geo@1:
-  version "1.12.1"
-  resolved "https://registry.yarnpkg.com/d3-geo/-/d3-geo-1.12.1.tgz#7fc2ab7414b72e59fbcbd603e80d9adc029b035f"
-  integrity sha512-XG4d1c/UJSEX9NfU02KwBL6BYPj8YKHxgBEw5om2ZnTRSbIcego6dhHwcxuSR3clxh0EpE38os1DVPOmnYtTPg==
-  dependencies:
-    d3-array "1"
-
-d3-geo@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-geo/-/d3-geo-3.0.1.tgz#4f92362fd8685d93e3b1fae0fd97dc8980b1ed7e"
-  integrity sha512-Wt23xBych5tSy9IYAM1FR2rWIBFWa52B/oF/GYe5zbdHrg08FU8+BuI6X4PvTwPDdqdAdq04fuWJpELtsaEjeA==
-  dependencies:
-    d3-array "2.5.0 - 3"
-
-d3-hierarchy@1:
-  version "1.1.9"
-  resolved "https://registry.yarnpkg.com/d3-hierarchy/-/d3-hierarchy-1.1.9.tgz#2f6bee24caaea43f8dc37545fa01628559647a83"
-  integrity sha512-j8tPxlqh1srJHAtxfvOUwKNYJkQuBFdM1+JAUfq6xqH5eAqf93L7oG1NVqDa4CpFZNvnNKtCYEUC8KY9yEn9lQ==
-
-d3-hierarchy@3:
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/d3-hierarchy/-/d3-hierarchy-3.1.1.tgz#9cbb0ffd2375137a351e6cfeed344a06d4ff4597"
-  integrity sha512-LtAIu54UctRmhGKllleflmHalttH3zkfSi4NlKrTAoFKjC+AFBJohsCAdgCBYQwH0F8hIOGY89X1pPqAchlMkA==
-
-d3-interpolate@1:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/d3-interpolate/-/d3-interpolate-1.4.0.tgz#526e79e2d80daa383f9e0c1c1c7dcc0f0583e987"
-  integrity sha512-V9znK0zc3jOPV4VD2zZn0sDhZU3WAE2bmlxdIwwQPPzPjvyLkd8B3JUVdS1IDUFDkWZ72c9qnv1GK2ZagTZ8EA==
-  dependencies:
-    d3-color "1"
-
-"d3-interpolate@1 - 3", "d3-interpolate@1.2.0 - 3", d3-interpolate@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-interpolate/-/d3-interpolate-3.0.1.tgz#3c47aa5b32c5b3dfb56ef3fd4342078a632b400d"
-  integrity sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==
-  dependencies:
-    d3-color "1 - 3"
-
-d3-path@1:
-  version "1.0.9"
-  resolved "https://registry.yarnpkg.com/d3-path/-/d3-path-1.0.9.tgz#48c050bb1fe8c262493a8caf5524e3e9591701cf"
-  integrity sha512-VLaYcn81dtHVTjEHd8B+pbe9yHWpXKZUC87PzoFmsFrJqgFwDe/qxfp5MlfsfM1V5E/iVt0MmEbWQ7FVIXh/bg==
-
-"d3-path@1 - 3", d3-path@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-path/-/d3-path-3.0.1.tgz#f09dec0aaffd770b7995f1a399152bf93052321e"
-  integrity sha512-gq6gZom9AFZby0YLduxT1qmrp4xpBA1YZr19OI717WIdKE2OM5ETq5qrHLb301IgxhLwcuxvGZVLeeWc/k1I6w==
-
-d3-polygon@1:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/d3-polygon/-/d3-polygon-1.0.6.tgz#0bf8cb8180a6dc107f518ddf7975e12abbfbd38e"
-  integrity sha512-k+RF7WvI08PC8reEoXa/w2nSg5AUMTi+peBD9cmFc+0ixHfbs4QmxxkarVal1IkVkgxVuk9JSHhJURHiyHKAuQ==
-
-d3-polygon@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-polygon/-/d3-polygon-3.0.1.tgz#0b45d3dd1c48a29c8e057e6135693ec80bf16398"
-  integrity sha512-3vbA7vXYwfe1SYhED++fPUQlWSYTTGmFmQiany/gdbiWgU/iEyQzyymwL9SkJjFFuCS4902BSzewVGsHHmHtXg==
-
-d3-quadtree@1:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/d3-quadtree/-/d3-quadtree-1.0.7.tgz#ca8b84df7bb53763fe3c2f24bd435137f4e53135"
-  integrity sha512-RKPAeXnkC59IDGD0Wu5mANy0Q2V28L+fNe65pOCXVdVuTJS3WPKaJlFHer32Rbh9gIo9qMuJXio8ra4+YmIymA==
-
-"d3-quadtree@1 - 3", d3-quadtree@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-quadtree/-/d3-quadtree-3.0.1.tgz#6dca3e8be2b393c9a9d514dabbd80a92deef1a4f"
-  integrity sha512-04xDrxQTDTCFwP5H6hRhsRcb9xxv2RzkcsygFzmkSIOJy3PeRJP7sNk3VRIbKXcog561P9oU0/rVH6vDROAgUw==
-
-d3-random@1:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/d3-random/-/d3-random-1.1.2.tgz#2833be7c124360bf9e2d3fd4f33847cfe6cab291"
-  integrity sha512-6AK5BNpIFqP+cx/sreKzNjWbwZQCSUatxq+pPRmFIQaWuoD+NrbVWw7YWpHiXpCQ/NanKdtGDuB+VQcZDaEmYQ==
-
-d3-random@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-random/-/d3-random-3.0.1.tgz#d4926378d333d9c0bfd1e6fa0194d30aebaa20f4"
-  integrity sha512-FXMe9GfxTxqd5D6jFsQ+DJ8BJS4E/fT5mqqdjovykEB2oFbTMDVdg1MGFxfQW+FBOGoB++k8swBrgwSHT1cUXQ==
-
-d3-scale-chromatic@1:
-  version "1.5.0"
-  resolved "https://registry.yarnpkg.com/d3-scale-chromatic/-/d3-scale-chromatic-1.5.0.tgz#54e333fc78212f439b14641fb55801dd81135a98"
-  integrity sha512-ACcL46DYImpRFMBcpk9HhtIyC7bTBR4fNOPxwVSl0LfulDAwyiHyPOTqcDG1+t5d4P9W7t/2NAuWu59aKko/cg==
-  dependencies:
-    d3-color "1"
-    d3-interpolate "1"
-
-d3-scale-chromatic@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-scale-chromatic/-/d3-scale-chromatic-3.0.0.tgz#15b4ceb8ca2bb0dcb6d1a641ee03d59c3b62376a"
-  integrity sha512-Lx9thtxAKrO2Pq6OO2Ua474opeziKr279P/TKZsMAhYyNDD3EnCffdbgeSYN5O7m2ByQsxtuP2CSDczNUIZ22g==
-  dependencies:
-    d3-color "1 - 3"
-    d3-interpolate "1 - 3"
-
-d3-scale@2:
-  version "2.2.2"
-  resolved "https://registry.yarnpkg.com/d3-scale/-/d3-scale-2.2.2.tgz#4e880e0b2745acaaddd3ede26a9e908a9e17b81f"
-  integrity sha512-LbeEvGgIb8UMcAa0EATLNX0lelKWGYDQiPdHj+gLblGVhGLyNbaCn3EvrJf0A3Y/uOOU5aD6MTh5ZFCdEwGiCw==
-  dependencies:
-    d3-array "^1.2.0"
-    d3-collection "1"
-    d3-format "1"
-    d3-interpolate "1"
-    d3-time "1"
-    d3-time-format "2"
-
-d3-scale@4:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/d3-scale/-/d3-scale-4.0.2.tgz#82b38e8e8ff7080764f8dcec77bd4be393689396"
-  integrity sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==
-  dependencies:
-    d3-array "2.10.0 - 3"
-    d3-format "1 - 3"
-    d3-interpolate "1.2.0 - 3"
-    d3-time "2.1.1 - 3"
-    d3-time-format "2 - 4"
-
-d3-selection@1, d3-selection@^1.1.0:
-  version "1.4.2"
-  resolved "https://registry.yarnpkg.com/d3-selection/-/d3-selection-1.4.2.tgz#dcaa49522c0dbf32d6c1858afc26b6094555bc5c"
-  integrity sha512-SJ0BqYihzOjDnnlfyeHT0e30k0K1+5sR3d5fNueCNeuhZTnGw4M4o8mqJchSwgKMXCNFo+e2VTChiSJ0vYtXkg==
-
-"d3-selection@2 - 3", d3-selection@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-selection/-/d3-selection-3.0.0.tgz#c25338207efa72cc5b9bd1458a1a41901f1e1b31"
-  integrity sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==
-
-d3-shape@1:
-  version "1.3.7"
-  resolved "https://registry.yarnpkg.com/d3-shape/-/d3-shape-1.3.7.tgz#df63801be07bc986bc54f63789b4fe502992b5d7"
-  integrity sha512-EUkvKjqPFUAZyOlhY5gzCxCeI0Aep04LwIRpsZ/mLFelJiUfnK56jo5JMDSE7yyP2kLSb6LtF+S5chMk7uqPqw==
-  dependencies:
-    d3-path "1"
-
-d3-shape@3:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/d3-shape/-/d3-shape-3.1.0.tgz#c8a495652d83ea6f524e482fca57aa3f8bc32556"
-  integrity sha512-tGDh1Muf8kWjEDT/LswZJ8WF85yDZLvVJpYU9Nq+8+yW1Z5enxrmXOhTArlkaElU+CTn0OTVNli+/i+HP45QEQ==
-  dependencies:
-    d3-path "1 - 3"
-
-d3-time-format@2:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/d3-time-format/-/d3-time-format-2.3.0.tgz#107bdc028667788a8924ba040faf1fbccd5a7850"
-  integrity sha512-guv6b2H37s2Uq/GefleCDtbe0XZAuy7Wa49VGkPVPMfLL9qObgBST3lEHJBMUp8S7NdLQAGIvr2KXk8Hc98iKQ==
-  dependencies:
-    d3-time "1"
-
-"d3-time-format@2 - 4", d3-time-format@4:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/d3-time-format/-/d3-time-format-4.1.0.tgz#7ab5257a5041d11ecb4fe70a5c7d16a195bb408a"
-  integrity sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==
-  dependencies:
-    d3-time "1 - 3"
-
-d3-time@1:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/d3-time/-/d3-time-1.1.0.tgz#b1e19d307dae9c900b7e5b25ffc5dcc249a8a0f1"
-  integrity sha512-Xh0isrZ5rPYYdqhAVk8VLnMEidhz5aP7htAADH6MfzgmmicPkTo8LhkLxci61/lCB7n7UmE3bN0leRt+qvkLxA==
-
-"d3-time@1 - 3", "d3-time@2.1.1 - 3", d3-time@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-time/-/d3-time-3.0.0.tgz#65972cb98ae2d4954ef5c932e8704061335d4975"
-  integrity sha512-zmV3lRnlaLI08y9IMRXSDshQb5Nj77smnfpnd2LrBa/2K281Jijactokeak14QacHs/kKq0AQ121nidNYlarbQ==
-  dependencies:
-    d3-array "2 - 3"
-
-d3-timer@1:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/d3-timer/-/d3-timer-1.0.10.tgz#dfe76b8a91748831b13b6d9c793ffbd508dd9de5"
-  integrity sha512-B1JDm0XDaQC+uvo4DT79H0XmBskgS3l6Ve+1SBCfxgmtIb1AVrPIoqd+nPSv+loMX8szQ0sVUhGngL7D5QPiXw==
-
-"d3-timer@1 - 3", d3-timer@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-timer/-/d3-timer-3.0.1.tgz#6284d2a2708285b1abb7e201eda4380af35e63b0"
-  integrity sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==
-
-d3-transition@1:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/d3-transition/-/d3-transition-1.3.2.tgz#a98ef2151be8d8600543434c1ca80140ae23b398"
-  integrity sha512-sc0gRU4PFqZ47lPVHloMn9tlPcv8jxgOQg+0zjhfZXMQuvppjG6YuwdMBE0TuqCZjeJkLecku/l9R0JPcRhaDA==
-  dependencies:
-    d3-color "1"
-    d3-dispatch "1"
-    d3-ease "1"
-    d3-interpolate "1"
-    d3-selection "^1.1.0"
-    d3-timer "1"
-
-"d3-transition@2 - 3", d3-transition@3:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/d3-transition/-/d3-transition-3.0.1.tgz#6869fdde1448868077fdd5989200cb61b2a1645f"
-  integrity sha512-ApKvfjsSR6tg06xrL434C0WydLr7JewBB3V+/39RMHsaXTOG0zmt/OAXeng5M5LBm0ojmxJrpomQVZ1aPvBL4w==
-  dependencies:
-    d3-color "1 - 3"
-    d3-dispatch "1 - 3"
-    d3-ease "1 - 3"
-    d3-interpolate "1 - 3"
-    d3-timer "1 - 3"
-
-d3-voronoi@1:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/d3-voronoi/-/d3-voronoi-1.1.4.tgz#dd3c78d7653d2bb359284ae478645d95944c8297"
-  integrity sha512-dArJ32hchFsrQ8uMiTBLq256MpnZjeuBtdHpaDlYuQyjU0CVzCJl/BVW+SkszaAeH95D/8gxqAhgx0ouAWAfRg==
-
-d3-zoom@1:
-  version "1.8.3"
-  resolved "https://registry.yarnpkg.com/d3-zoom/-/d3-zoom-1.8.3.tgz#b6a3dbe738c7763121cd05b8a7795ffe17f4fc0a"
-  integrity sha512-VoLXTK4wvy1a0JpH2Il+F2CiOhVu7VRXWF5M/LroMIh3/zBAC3WAt7QoIvPibOavVo20hN6/37vwAsdBejLyKQ==
-  dependencies:
-    d3-dispatch "1"
-    d3-drag "1"
-    d3-interpolate "1"
-    d3-selection "1"
-    d3-transition "1"
-
-d3-zoom@3:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/d3-zoom/-/d3-zoom-3.0.0.tgz#d13f4165c73217ffeaa54295cd6969b3e7aee8f3"
-  integrity sha512-b8AmV3kfQaqWAuacbPuNbL6vahnOJflOhexLzMMNLga62+/nh0JzvJ0aO/5a5MVgUFGS7Hu1P9P03o3fJkDCyw==
-  dependencies:
-    d3-dispatch "1 - 3"
-    d3-drag "2 - 3"
-    d3-interpolate "1 - 3"
-    d3-selection "2 - 3"
-    d3-transition "2 - 3"
-
-d3@^5.14:
-  version "5.16.0"
-  resolved "https://registry.yarnpkg.com/d3/-/d3-5.16.0.tgz#9c5e8d3b56403c79d4ed42fbd62f6113f199c877"
-  integrity sha512-4PL5hHaHwX4m7Zr1UapXW23apo6pexCgdetdJ5kTmADpG/7T9Gkxw0M0tf/pjoB63ezCCm0u5UaFYy2aMt0Mcw==
-  dependencies:
-    d3-array "1"
-    d3-axis "1"
-    d3-brush "1"
-    d3-chord "1"
-    d3-collection "1"
-    d3-color "1"
-    d3-contour "1"
-    d3-dispatch "1"
-    d3-drag "1"
-    d3-dsv "1"
-    d3-ease "1"
-    d3-fetch "1"
-    d3-force "1"
-    d3-format "1"
-    d3-geo "1"
-    d3-hierarchy "1"
-    d3-interpolate "1"
-    d3-path "1"
-    d3-polygon "1"
-    d3-quadtree "1"
-    d3-random "1"
-    d3-scale "2"
-    d3-scale-chromatic "1"
-    d3-selection "1"
-    d3-shape "1"
-    d3-time "1"
-    d3-time-format "2"
-    d3-timer "1"
-    d3-transition "1"
-    d3-voronoi "1"
-    d3-zoom "1"
-
-d3@^7.0.0:
-  version "7.3.0"
-  resolved "https://registry.yarnpkg.com/d3/-/d3-7.3.0.tgz#f3d5a22c1f658952a6491cf50132f5267ed7a40a"
-  integrity sha512-MDRLJCMK232OJQRqGljQ/gCxtB8k3/sLKFjftMjzPB3nKVUODpdW9Rb3vcq7U8Ka5YKoZkAmp++Ur6I+6iNWIw==
-  dependencies:
-    d3-array "3"
-    d3-axis "3"
-    d3-brush "3"
-    d3-chord "3"
-    d3-color "3"
-    d3-contour "3"
-    d3-delaunay "6"
-    d3-dispatch "3"
-    d3-drag "3"
-    d3-dsv "3"
-    d3-ease "3"
-    d3-fetch "3"
-    d3-force "3"
-    d3-format "3"
-    d3-geo "3"
-    d3-hierarchy "3"
-    d3-interpolate "3"
-    d3-path "3"
-    d3-polygon "3"
-    d3-quadtree "3"
-    d3-random "3"
-    d3-scale "4"
-    d3-scale-chromatic "3"
-    d3-selection "3"
-    d3-shape "3"
-    d3-time "3"
-    d3-time-format "4"
-    d3-timer "3"
-    d3-transition "3"
-    d3-zoom "3"
-
-dagre-d3@^0.6.4:
-  version "0.6.4"
-  resolved "https://registry.yarnpkg.com/dagre-d3/-/dagre-d3-0.6.4.tgz#0728d5ce7f177ca2337df141ceb60fbe6eeb7b29"
-  integrity sha512-e/6jXeCP7/ptlAM48clmX4xTZc5Ek6T6kagS7Oz2HrYSdqcLZFLqpAfh7ldbZRFfxCZVyh61NEPR08UQRVxJzQ==
-  dependencies:
-    d3 "^5.14"
-    dagre "^0.8.5"
-    graphlib "^2.1.8"
-    lodash "^4.17.15"
-
-dagre@^0.8.5:
-  version "0.8.5"
-  resolved "https://registry.yarnpkg.com/dagre/-/dagre-0.8.5.tgz#ba30b0055dac12b6c1fcc247817442777d06afee"
-  integrity sha512-/aTqmnRta7x7MCCpExk7HQL2O4owCT2h8NT//9I1OQ9vt29Pa0BzSAkR5lwFUcQ7491yVi/3CXU9jQ5o0Mn2Sw==
-  dependencies:
-    graphlib "^2.1.8"
-    lodash "^4.17.15"
-
-dashdash@^1.12.0:
-  version "1.14.1"
-  resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"
-  integrity sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=
-  dependencies:
-    assert-plus "^1.0.0"
-
-de-indent@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/de-indent/-/de-indent-1.0.2.tgz#b2038e846dc33baa5796128d0804b455b8c1e21d"
-  integrity sha1-sgOOhG3DO6pXlhKNCAS0VbjB4h0=
-
-debug@2.6.9, debug@^2.1.3, debug@^2.2.0, debug@^2.3.3, debug@^2.6.9:
-  version "2.6.9"
-  resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
-  integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==
-  dependencies:
-    ms "2.0.0"
-
-debug@^3.1.1, debug@^3.2.6:
-  version "3.2.7"
-  resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.7.tgz#72580b7e9145fb39b6676f9c5e5fb100b934179a"
-  integrity sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==
-  dependencies:
-    ms "^2.1.1"
-
-debug@^4.1.0, debug@^4.1.1:
-  version "4.3.2"
-  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.2.tgz#f0a49c18ac8779e31d4a0c6029dfb76873c7428b"
-  integrity sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==
-  dependencies:
-    ms "2.1.2"
-
-debug@~3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261"
-  integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==
-  dependencies:
-    ms "2.0.0"
-
-decamelize@^1.1.2, decamelize@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290"
-  integrity sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=
-
-decode-uri-component@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545"
-  integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=
-
-decompress-response@^3.3.0:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-3.3.0.tgz#80a4dd323748384bfa248083622aedec982adff3"
-  integrity sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=
-  dependencies:
-    mimic-response "^1.0.0"
-
-deep-equal@^1.0.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/deep-equal/-/deep-equal-1.1.1.tgz#b5c98c942ceffaf7cb051e24e1434a25a2e6076a"
-  integrity sha512-yd9c5AdiqVcR+JjcwUQb9DkhJc8ngNr0MahEBGvDiJw8puWab2yZlh+nkasOnZP+EGTAP6rRp2JzJhJZzvNF8g==
-  dependencies:
-    is-arguments "^1.0.4"
-    is-date-object "^1.0.1"
-    is-regex "^1.0.4"
-    object-is "^1.0.1"
-    object-keys "^1.1.1"
-    regexp.prototype.flags "^1.2.0"
-
-deep-extend@^0.6.0:
-  version "0.6.0"
-  resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac"
-  integrity sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==
-
-deepmerge@^1.5.2:
-  version "1.5.2"
-  resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-1.5.2.tgz#10499d868844cdad4fee0842df8c7f6f0c95a753"
-  integrity sha512-95k0GDqvBjZavkuvzx/YqVLv/6YYa17fz6ILMSf7neqQITCPbnfEnQvEgMPNjH4kgobe7+WIL0yJEHku+H3qtQ==
-
-default-gateway@^4.2.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/default-gateway/-/default-gateway-4.2.0.tgz#167104c7500c2115f6dd69b0a536bb8ed720552b"
-  integrity sha512-h6sMrVB1VMWVrW13mSc6ia/DwYYw5MN6+exNu1OaJeFac5aSAvwM7lZ0NVfTABuSkQelr4h5oebg3KB1XPdjgA==
-  dependencies:
-    execa "^1.0.0"
-    ip-regex "^2.1.0"
-
-defer-to-connect@^1.0.1:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/defer-to-connect/-/defer-to-connect-1.1.3.tgz#331ae050c08dcf789f8c83a7b81f0ed94f4ac591"
-  integrity sha512-0ISdNousHvZT2EiFlZeZAHBUvSxmKswVCEf8hW7KWgG4a8MVEu/3Vb6uWYozkjylyCxe0JBIiRB1jV45S70WVQ==
-
-define-properties@^1.1.2, define-properties@^1.1.3:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.3.tgz#cf88da6cbee26fe6db7094f61d870cbd84cee9f1"
-  integrity sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==
-  dependencies:
-    object-keys "^1.0.12"
-
-define-property@^0.2.5:
-  version "0.2.5"
-  resolved "https://registry.yarnpkg.com/define-property/-/define-property-0.2.5.tgz#c35b1ef918ec3c990f9a5bc57be04aacec5c8116"
-  integrity sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=
-  dependencies:
-    is-descriptor "^0.1.0"
-
-define-property@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/define-property/-/define-property-1.0.0.tgz#769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6"
-  integrity sha1-dp66rz9KY6rTr56NMEybvnm/sOY=
-  dependencies:
-    is-descriptor "^1.0.0"
-
-define-property@^2.0.2:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/define-property/-/define-property-2.0.2.tgz#d459689e8d654ba77e02a817f8710d702cb16e9d"
-  integrity sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==
-  dependencies:
-    is-descriptor "^1.0.2"
-    isobject "^3.0.1"
-
-del@^4.1.1:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/del/-/del-4.1.1.tgz#9e8f117222ea44a31ff3a156c049b99052a9f0b4"
-  integrity sha512-QwGuEUouP2kVwQenAsOof5Fv8K9t3D8Ca8NxcXKrIpEHjTXK5J2nXLdP+ALI1cgv8wj7KuwBhTwBkOZSJKM5XQ==
-  dependencies:
-    "@types/glob" "^7.1.1"
-    globby "^6.1.0"
-    is-path-cwd "^2.0.0"
-    is-path-in-cwd "^2.0.0"
-    p-map "^2.0.0"
-    pify "^4.0.1"
-    rimraf "^2.6.3"
-
-delaunator@5:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/delaunator/-/delaunator-5.0.0.tgz#60f052b28bd91c9b4566850ebf7756efe821d81b"
-  integrity sha512-AyLvtyJdbv/U1GkiS6gUUzclRoAY4Gs75qkMygJJhU75LW4DNuSF2RMzpxs9jw9Oz1BobHjTdkG3zdP55VxAqw==
-  dependencies:
-    robust-predicates "^3.0.0"
-
-delayed-stream@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
-  integrity sha1-3zrhmayt+31ECqrgsp4icrJOxhk=
-
-delegates@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a"
-  integrity sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o=
-
-depd@~1.1.2:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9"
-  integrity sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=
-
-des.js@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/des.js/-/des.js-1.0.1.tgz#5382142e1bdc53f85d86d53e5f4aa7deb91e0843"
-  integrity sha512-Q0I4pfFrv2VPd34/vfLrFOoRmlYj3OV50i7fskps1jZWK1kApMWWT9G6RRUeYedLcBDIhnSDaUvJMb3AhUlaEA==
-  dependencies:
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-
-destroy@~1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80"
-  integrity sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=
-
-detect-node@^2.0.4:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/detect-node/-/detect-node-2.1.0.tgz#c9c70775a49c3d03bc2c06d9a73be550f978f8b1"
-  integrity sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g==
-
-diacritics@^1.3.0:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/diacritics/-/diacritics-1.3.0.tgz#3efa87323ebb863e6696cebb0082d48ff3d6f7a1"
-  integrity sha1-PvqHMj67hj5mls67AILUj/PW96E=
-
-diffie-hellman@^5.0.0:
-  version "5.0.3"
-  resolved "https://registry.yarnpkg.com/diffie-hellman/-/diffie-hellman-5.0.3.tgz#40e8ee98f55a2149607146921c63e1ae5f3d2875"
-  integrity sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==
-  dependencies:
-    bn.js "^4.1.0"
-    miller-rabin "^4.0.0"
-    randombytes "^2.0.0"
-
-dir-glob@^2.0.0, dir-glob@^2.2.2:
-  version "2.2.2"
-  resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-2.2.2.tgz#fa09f0694153c8918b18ba0deafae94769fc50c4"
-  integrity sha512-f9LBi5QWzIW3I6e//uxZoLBlUt9kcp66qo0sSCxL6YZKc75R1c4MFCoe/LaZiBGmgujvQdxc5Bn3QhfyvK5Hsw==
-  dependencies:
-    path-type "^3.0.0"
-
-dns-equal@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/dns-equal/-/dns-equal-1.0.0.tgz#b39e7f1da6eb0a75ba9c17324b34753c47e0654d"
-  integrity sha1-s55/HabrCnW6nBcySzR1PEfgZU0=
-
-dns-packet@^1.3.1:
-  version "1.3.4"
-  resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-1.3.4.tgz#e3455065824a2507ba886c55a89963bb107dec6f"
-  integrity sha512-BQ6F4vycLXBvdrJZ6S3gZewt6rcrks9KBgM9vrhW+knGRqc8uEdT7fuCwloc7nny5xNoMJ17HGH0R/6fpo8ECA==
-  dependencies:
-    ip "^1.1.0"
-    safe-buffer "^5.0.1"
-
-dns-txt@^2.0.2:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/dns-txt/-/dns-txt-2.0.2.tgz#b91d806f5d27188e4ab3e7d107d881a1cc4642b6"
-  integrity sha1-uR2Ab10nGI5Ks+fRB9iBocxGQrY=
-  dependencies:
-    buffer-indexof "^1.0.0"
-
-docsearch.js@^2.5.2:
-  version "2.6.3"
-  resolved "https://registry.yarnpkg.com/docsearch.js/-/docsearch.js-2.6.3.tgz#57cb4600d3b6553c677e7cbbe6a734593e38625d"
-  integrity sha512-GN+MBozuyz664ycpZY0ecdQE0ND/LSgJKhTLA0/v3arIS3S1Rpf2OJz6A35ReMsm91V5apcmzr5/kM84cvUg+A==
-  dependencies:
-    algoliasearch "^3.24.5"
-    autocomplete.js "0.36.0"
-    hogan.js "^3.0.2"
-    request "^2.87.0"
-    stack-utils "^1.0.1"
-    to-factory "^1.0.0"
-    zepto "^1.2.0"
-
-dom-converter@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/dom-converter/-/dom-converter-0.2.0.tgz#6721a9daee2e293682955b6afe416771627bb768"
-  integrity sha512-gd3ypIPfOMr9h5jIKq8E3sHOTCjeirnl0WK5ZdS1AW0Odt0b1PaWaHdJ4Qk4klv+YB9aJBS7mESXjFoDQPu6DA==
-  dependencies:
-    utila "~0.4"
-
-dom-serializer@0:
-  version "0.2.2"
-  resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.2.2.tgz#1afb81f533717175d478655debc5e332d9f9bb51"
-  integrity sha512-2/xPb3ORsQ42nHYiSunXkDjPLBaEj/xTwUO4B7XCZQTRk7EBtTOPaygh10YAAh2OI1Qrp6NWfpAhzswj0ydt9g==
-  dependencies:
-    domelementtype "^2.0.1"
-    entities "^2.0.0"
-
-dom-serializer@^1.0.1:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-1.3.2.tgz#6206437d32ceefaec7161803230c7a20bc1b4d91"
-  integrity sha512-5c54Bk5Dw4qAxNOI1pFEizPSjVsx5+bpJKmL2kPn8JhBUq2q09tTCa3mjijun2NfK78NMouDYNMBkOrPZiS+ig==
-  dependencies:
-    domelementtype "^2.0.1"
-    domhandler "^4.2.0"
-    entities "^2.0.0"
-
-dom-walk@^0.1.0:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/dom-walk/-/dom-walk-0.1.2.tgz#0c548bef048f4d1f2a97249002236060daa3fd84"
-  integrity sha512-6QvTW9mrGeIegrFXdtQi9pk7O/nSK6lSdXW2eqUspN5LWD7UTji2Fqw5V2YLjBpHEoU9Xl/eUWNpDeZvoyOv2w==
-
-domain-browser@^1.1.1:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.2.0.tgz#3d31f50191a6749dd1375a7f522e823d42e54eda"
-  integrity sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==
-
-domelementtype@1:
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.1.tgz#d048c44b37b0d10a7f2a3d5fee3f4333d790481f"
-  integrity sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==
-
-domelementtype@^2.0.1, domelementtype@^2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-2.2.0.tgz#9a0b6c2782ed6a1c7323d42267183df9bd8b1d57"
-  integrity sha512-DtBMo82pv1dFtUmHyr48beiuq792Sxohr+8Hm9zoxklYPfa6n0Z3Byjj2IV7bmr2IyqClnqEQhfgHJJ5QF0R5A==
-
-domhandler@^4.0.0, domhandler@^4.2.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-4.2.0.tgz#f9768a5f034be60a89a27c2e4d0f74eba0d8b059"
-  integrity sha512-zk7sgt970kzPks2Bf+dwT/PLzghLnsivb9CcxkvR8Mzr66Olr0Ofd8neSbglHJHaHa2MadfoSdNlKYAaafmWfA==
-  dependencies:
-    domelementtype "^2.2.0"
-
-dompurify@2.3.4:
-  version "2.3.4"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.3.4.tgz#1cf5cf0105ccb4debdf6db162525bd41e6ddacc6"
-  integrity sha512-6BVcgOAVFXjI0JTjEvZy901Rghm+7fDQOrNIcxB4+gdhj6Kwp6T9VBhBY/AbagKHJocRkDYGd6wvI+p4/10xtQ==
-
-domutils@^1.7.0:
-  version "1.7.0"
-  resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.7.0.tgz#56ea341e834e06e6748af7a1cb25da67ea9f8c2a"
-  integrity sha512-Lgd2XcJ/NjEw+7tFvfKxOzCYKZsdct5lczQ2ZaQY8Djz7pfAD3Gbp8ySJWtreII/vDlMVmxwa6pHmdxIYgttDg==
-  dependencies:
-    dom-serializer "0"
-    domelementtype "1"
-
-domutils@^2.5.2, domutils@^2.6.0:
-  version "2.7.0"
-  resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.7.0.tgz#8ebaf0c41ebafcf55b0b72ec31c56323712c5442"
-  integrity sha512-8eaHa17IwJUPAiB+SoTYBo5mCdeMgdcAoXJ59m6DT1vw+5iLS3gNoqYaRowaBKtGVrOF1Jz4yDTgYKLK2kvfJg==
-  dependencies:
-    dom-serializer "^1.0.1"
-    domelementtype "^2.2.0"
-    domhandler "^4.2.0"
-
-dot-prop@^5.2.0:
-  version "5.3.0"
-  resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-5.3.0.tgz#90ccce708cd9cd82cc4dc8c3ddd9abdd55b20e88"
-  integrity sha512-QM8q3zDe58hqUqjraQOmzZ1LIH9SWQJTlEKCH4kJ2oQvLZk7RbQXvtDM2XEq3fwkV9CCvvH4LA0AV+ogFsBM2Q==
-  dependencies:
-    is-obj "^2.0.0"
-
-duplexer3@^0.1.4:
-  version "0.1.4"
-  resolved "https://registry.yarnpkg.com/duplexer3/-/duplexer3-0.1.4.tgz#ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2"
-  integrity sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=
-
-duplexify@^3.4.2, duplexify@^3.6.0:
-  version "3.7.1"
-  resolved "https://registry.yarnpkg.com/duplexify/-/duplexify-3.7.1.tgz#2a4df5317f6ccfd91f86d6fd25d8d8a103b88309"
-  integrity sha512-07z8uv2wMyS51kKhD1KsdXJg5WQ6t93RneqRxUHnskXVtlYYkLqM0gqStQZ3pj073g687jPCHrqNfCzawLYh5g==
-  dependencies:
-    end-of-stream "^1.0.0"
-    inherits "^2.0.1"
-    readable-stream "^2.0.0"
-    stream-shift "^1.0.0"
-
-ecc-jsbn@~0.1.1:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9"
-  integrity sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=
-  dependencies:
-    jsbn "~0.1.0"
-    safer-buffer "^2.1.0"
-
-ee-first@1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d"
-  integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=
-
-electron-to-chromium@^1.3.723:
-  version "1.3.785"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.785.tgz#79f546c69a6be4f30913aaace361bc746f26df48"
-  integrity sha512-WmCgAeURsMFiyoJ646eUaJQ7GNfvMRLXo+GamUyKVNEM4MqTAsXyC0f38JEB4N3BtbD0tlAKozGP5E2T9K3YGg==
-
-elliptic@^6.5.3:
-  version "6.5.4"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb"
-  integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==
-  dependencies:
-    bn.js "^4.11.9"
-    brorand "^1.1.0"
-    hash.js "^1.0.0"
-    hmac-drbg "^1.0.1"
-    inherits "^2.0.4"
-    minimalistic-assert "^1.0.1"
-    minimalistic-crypto-utils "^1.0.1"
-
-emoji-regex@^7.0.1:
-  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-7.0.3.tgz#933a04052860c85e83c122479c4748a8e4c72156"
-  integrity sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==
-
-emoji-regex@^8.0.0:
-  version "8.0.0"
-  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37"
-  integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==
-
-emojis-list@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/emojis-list/-/emojis-list-2.1.0.tgz#4daa4d9db00f9819880c79fa457ae5b09a1fd389"
-  integrity sha1-TapNnbAPmBmIDHn6RXrlsJof04k=
-
-emojis-list@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/emojis-list/-/emojis-list-3.0.0.tgz#5570662046ad29e2e916e71aae260abdff4f6a78"
-  integrity sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==
-
-encodeurl@~1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59"
-  integrity sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=
-
-end-of-stream@^1.0.0, end-of-stream@^1.1.0:
-  version "1.4.4"
-  resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.4.tgz#5ae64a5f45057baf3626ec14da0ca5e4b2431eb0"
-  integrity sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==
-  dependencies:
-    once "^1.4.0"
-
-enhanced-resolve@^4.5.0:
-  version "4.5.0"
-  resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-4.5.0.tgz#2f3cfd84dbe3b487f18f2db2ef1e064a571ca5ec"
-  integrity sha512-Nv9m36S/vxpsI+Hc4/ZGRs0n9mXqSWGGq49zxb/cJfPAQMbUtttJAlNPS4AQzaBdw/pKskw5bMbekT/Y7W/Wlg==
-  dependencies:
-    graceful-fs "^4.1.2"
-    memory-fs "^0.5.0"
-    tapable "^1.0.0"
-
-entities@^2.0.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/entities/-/entities-2.2.0.tgz#098dc90ebb83d8dffa089d55256b351d34c4da55"
-  integrity sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==
-
-entities@~1.1.1:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56"
-  integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w==
-
-envify@^4.0.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/envify/-/envify-4.1.0.tgz#f39ad3db9d6801b4e6b478b61028d3f0b6819f7e"
-  integrity sha512-IKRVVoAYr4pIx4yIWNsz9mOsboxlNXiu7TNBnem/K/uTHdkyzXWDzHCK7UTolqBbgaBz0tQHsD3YNls0uIIjiw==
-  dependencies:
-    esprima "^4.0.0"
-    through "~2.3.4"
-
-envinfo@^7.2.0:
-  version "7.8.1"
-  resolved "https://registry.yarnpkg.com/envinfo/-/envinfo-7.8.1.tgz#06377e3e5f4d379fea7ac592d5ad8927e0c4d475"
-  integrity sha512-/o+BXHmB7ocbHEAs6F2EnG0ogybVVUdkRunTT2glZU9XAaGmhqskrvKwqXuDfNjEO0LZKWdejEEpnq8aM0tOaw==
-
-errno@^0.1.3, errno@~0.1.7:
-  version "0.1.8"
-  resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.8.tgz#8bb3e9c7d463be4976ff888f76b4809ebc2e811f"
-  integrity sha512-dJ6oBr5SQ1VSd9qkk7ByRgb/1SH4JZjCHSW/mr63/QcXO9zLVxvJ6Oy13nio03rxpSnVDDjFor75SjVeZWPW/A==
-  dependencies:
-    prr "~1.0.1"
-
-error-ex@^1.2.0, error-ex@^1.3.1:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.2.tgz#b4ac40648107fdcdcfae242f428bea8a14d4f1bf"
-  integrity sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==
-  dependencies:
-    is-arrayish "^0.2.1"
-
-es-abstract@^1.17.2, es-abstract@^1.18.0-next.2, es-abstract@^1.18.2:
-  version "1.18.3"
-  resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.18.3.tgz#25c4c3380a27aa203c44b2b685bba94da31b63e0"
-  integrity sha512-nQIr12dxV7SSxE6r6f1l3DtAeEYdsGpps13dR0TwJg1S8gyp4ZPgy3FZcHBgbiQqnoqSTb+oC+kO4UQ0C/J8vw==
-  dependencies:
-    call-bind "^1.0.2"
-    es-to-primitive "^1.2.1"
-    function-bind "^1.1.1"
-    get-intrinsic "^1.1.1"
-    has "^1.0.3"
-    has-symbols "^1.0.2"
-    is-callable "^1.2.3"
-    is-negative-zero "^2.0.1"
-    is-regex "^1.1.3"
-    is-string "^1.0.6"
-    object-inspect "^1.10.3"
-    object-keys "^1.1.1"
-    object.assign "^4.1.2"
-    string.prototype.trimend "^1.0.4"
-    string.prototype.trimstart "^1.0.4"
-    unbox-primitive "^1.0.1"
-
-es-to-primitive@^1.2.1:
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/es-to-primitive/-/es-to-primitive-1.2.1.tgz#e55cd4c9cdc188bcefb03b366c736323fc5c898a"
-  integrity sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==
-  dependencies:
-    is-callable "^1.1.4"
-    is-date-object "^1.0.1"
-    is-symbol "^1.0.2"
-
-es6-promise@^4.1.0:
-  version "4.2.8"
-  resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.8.tgz#4eb21594c972bc40553d276e510539143db53e0a"
-  integrity sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==
-
-escalade@^3.1.1:
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.1.tgz#d8cfdc7000965c5a0174b4a82eaa5c0552742e40"
-  integrity sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==
-
-escape-goat@^2.0.0:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/escape-goat/-/escape-goat-2.1.1.tgz#1b2dc77003676c457ec760b2dc68edb648188675"
-  integrity sha512-8/uIhbG12Csjy2JEW7D9pHbreaVaS/OpN3ycnyvElTdwM5n6GY6W6e2IPemfvGZeUMqZ9A/3GqIZMgKnBhAw/Q==
-
-escape-html@^1.0.3, escape-html@~1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
-  integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
-
-escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
-  integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=
-
-escape-string-regexp@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz#a30304e99daa32e23b2fd20f51babd07cffca344"
-  integrity sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==
-
-eslint-scope@^4.0.3:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-4.0.3.tgz#ca03833310f6889a3264781aa82e63eb9cfe7848"
-  integrity sha512-p7VutNr1O/QrxysMo3E45FjYDTeXBy0iTltPFNSqKAIfjDSXC+4dj+qfyuD8bfAXrW/y6lW3O76VaYNPKfpKrg==
-  dependencies:
-    esrecurse "^4.1.0"
-    estraverse "^4.1.1"
-
-esm@3.2.25:
-  version "3.2.25"
-  resolved "https://registry.yarnpkg.com/esm/-/esm-3.2.25.tgz#342c18c29d56157688ba5ce31f8431fbb795cc10"
-  integrity sha512-U1suiZ2oDVWv4zPO56S0NcR5QriEahGtdN2OR6FiOG4WJvcjBVFB0qI4+eKoWFH483PKGuLuu6V8Z4T5g63UVA==
-
-esprima@^4.0.0:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71"
-  integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==
-
-esrecurse@^4.1.0:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/esrecurse/-/esrecurse-4.3.0.tgz#7ad7964d679abb28bee72cec63758b1c5d2c9921"
-  integrity sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==
-  dependencies:
-    estraverse "^5.2.0"
-
-estraverse@^4.1.1:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-4.3.0.tgz#398ad3f3c5a24948be7725e83d11a7de28cdbd1d"
-  integrity sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==
-
-estraverse@^5.2.0:
-  version "5.2.0"
-  resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-5.2.0.tgz#307df42547e6cc7324d3cf03c155d5cdb8c53880"
-  integrity sha512-BxbNGGNm0RyRYvUdHpIwv9IWzeM9XClbOxwoATuFdOE7ZE6wHL+HQ5T8hoPM+zHvmKzzsEqhgy0GrQ5X13afiQ==
-
-esutils@^2.0.2:
-  version "2.0.3"
-  resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64"
-  integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==
-
-etag@~1.8.1:
-  version "1.8.1"
-  resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887"
-  integrity sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=
-
-eventemitter3@^4.0.0:
-  version "4.0.7"
-  resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f"
-  integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==
-
-events@^1.1.0:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/events/-/events-1.1.1.tgz#9ebdb7635ad099c70dcc4c2a1f5004288e8bd924"
-  integrity sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ=
-
-events@^3.0.0:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/events/-/events-3.3.0.tgz#31a95ad0a924e2d2c419a813aeb2c4e878ea7400"
-  integrity sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==
-
-eventsource@^1.0.7:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-1.1.1.tgz#4544a35a57d7120fba4fa4c86cb4023b2c09df2f"
-  integrity sha512-qV5ZC0h7jYIAOhArFJgSfdyz6rALJyb270714o7ZtNnw2WSJ+eexhKtE0O8LYPRsHZHf2osHKZBxGPvm3kPkCA==
-  dependencies:
-    original "^1.0.0"
-
-evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz#7fcbdb198dc71959432efe13842684e0525acb02"
-  integrity sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA==
-  dependencies:
-    md5.js "^1.3.4"
-    safe-buffer "^5.1.1"
-
-execa@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/execa/-/execa-1.0.0.tgz#c6236a5bb4df6d6f15e88e7f017798216749ddd8"
-  integrity sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==
-  dependencies:
-    cross-spawn "^6.0.0"
-    get-stream "^4.0.0"
-    is-stream "^1.1.0"
-    npm-run-path "^2.0.0"
-    p-finally "^1.0.0"
-    signal-exit "^3.0.0"
-    strip-eof "^1.0.0"
-
-expand-brackets@^2.1.4:
-  version "2.1.4"
-  resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-2.1.4.tgz#b77735e315ce30f6b6eff0f83b04151a22449622"
-  integrity sha1-t3c14xXOMPa27/D4OwQVGiJEliI=
-  dependencies:
-    debug "^2.3.3"
-    define-property "^0.2.5"
-    extend-shallow "^2.0.1"
-    posix-character-classes "^0.1.0"
-    regex-not "^1.0.0"
-    snapdragon "^0.8.1"
-    to-regex "^3.0.1"
-
-express@^4.17.1:
-  version "4.17.1"
-  resolved "https://registry.yarnpkg.com/express/-/express-4.17.1.tgz#4491fc38605cf51f8629d39c2b5d026f98a4c134"
-  integrity sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==
-  dependencies:
-    accepts "~1.3.7"
-    array-flatten "1.1.1"
-    body-parser "1.19.0"
-    content-disposition "0.5.3"
-    content-type "~1.0.4"
-    cookie "0.4.0"
-    cookie-signature "1.0.6"
-    debug "2.6.9"
-    depd "~1.1.2"
-    encodeurl "~1.0.2"
-    escape-html "~1.0.3"
-    etag "~1.8.1"
-    finalhandler "~1.1.2"
-    fresh "0.5.2"
-    merge-descriptors "1.0.1"
-    methods "~1.1.2"
-    on-finished "~2.3.0"
-    parseurl "~1.3.3"
-    path-to-regexp "0.1.7"
-    proxy-addr "~2.0.5"
-    qs "6.7.0"
-    range-parser "~1.2.1"
-    safe-buffer "5.1.2"
-    send "0.17.1"
-    serve-static "1.14.1"
-    setprototypeof "1.1.1"
-    statuses "~1.5.0"
-    type-is "~1.6.18"
-    utils-merge "1.0.1"
-    vary "~1.1.2"
-
-extend-shallow@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
-  integrity sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=
-  dependencies:
-    is-extendable "^0.1.0"
-
-extend-shallow@^3.0.0, extend-shallow@^3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-3.0.2.tgz#26a71aaf073b39fb2127172746131c2704028db8"
-  integrity sha1-Jqcarwc7OfshJxcnRhMcJwQCjbg=
-  dependencies:
-    assign-symbols "^1.0.0"
-    is-extendable "^1.0.1"
-
-extend@~3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
-  integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==
-
-extglob@^2.0.4:
-  version "2.0.4"
-  resolved "https://registry.yarnpkg.com/extglob/-/extglob-2.0.4.tgz#ad00fe4dc612a9232e8718711dc5cb5ab0285543"
-  integrity sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==
-  dependencies:
-    array-unique "^0.3.2"
-    define-property "^1.0.0"
-    expand-brackets "^2.1.4"
-    extend-shallow "^2.0.1"
-    fragment-cache "^0.2.1"
-    regex-not "^1.0.0"
-    snapdragon "^0.8.1"
-    to-regex "^3.0.1"
-
-extsprintf@1.3.0:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05"
-  integrity sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=
-
-extsprintf@^1.2.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f"
-  integrity sha1-4mifjzVvrWLMplo6kcXfX5VRaS8=
-
-fast-deep-equal@^3.1.1:
-  version "3.1.3"
-  resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525"
-  integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==
-
-fast-glob@^2.2.6:
-  version "2.2.7"
-  resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-2.2.7.tgz#6953857c3afa475fff92ee6015d52da70a4cd39d"
-  integrity sha512-g1KuQwHOZAmOZMuBtHdxDtju+T2RT8jgCC9aANsbpdiDDTSnjgfuVsIBNKbUeJI3oKMRExcfNDtJl4OhbffMsw==
-  dependencies:
-    "@mrmlnc/readdir-enhanced" "^2.2.1"
-    "@nodelib/fs.stat" "^1.1.2"
-    glob-parent "^3.1.0"
-    is-glob "^4.0.0"
-    merge2 "^1.2.3"
-    micromatch "^3.1.10"
-
-fast-json-stable-stringify@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"
-  integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==
-
-faye-websocket@^0.11.3:
-  version "0.11.4"
-  resolved "https://registry.yarnpkg.com/faye-websocket/-/faye-websocket-0.11.4.tgz#7f0d9275cfdd86a1c963dc8b65fcc451edcbb1da"
-  integrity sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==
-  dependencies:
-    websocket-driver ">=0.5.1"
-
-figgy-pudding@^3.5.1:
-  version "3.5.2"
-  resolved "https://registry.yarnpkg.com/figgy-pudding/-/figgy-pudding-3.5.2.tgz#b4eee8148abb01dcf1d1ac34367d59e12fa61d6e"
-  integrity sha512-0btnI/H8f2pavGMN8w40mlSKOfTK2SVJmBfBeVIj3kNw0swwgzyRq0d5TJVOwodFmtvpPeWPN/MCcfuWF0Ezbw==
-
-figures@^3.0.0:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/figures/-/figures-3.2.0.tgz#625c18bd293c604dc4a8ddb2febf0c88341746af"
-  integrity sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==
-  dependencies:
-    escape-string-regexp "^1.0.5"
-
-file-loader@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-3.0.1.tgz#f8e0ba0b599918b51adfe45d66d1e771ad560faa"
-  integrity sha512-4sNIOXgtH/9WZq4NvlfU3Opn5ynUsqBwSLyM+I7UOwdGigTBYfVVQEwe/msZNX/j4pCJTIM14Fsw66Svo1oVrw==
-  dependencies:
-    loader-utils "^1.0.2"
-    schema-utils "^1.0.0"
-
-file-uri-to-path@1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz#553a7b8446ff6f684359c445f1e37a05dacc33dd"
-  integrity sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==
-
-fill-range@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-4.0.0.tgz#d544811d428f98eb06a63dc402d2403c328c38f7"
-  integrity sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=
-  dependencies:
-    extend-shallow "^2.0.1"
-    is-number "^3.0.0"
-    repeat-string "^1.6.1"
-    to-regex-range "^2.1.0"
-
-fill-range@^7.0.1:
-  version "7.0.1"
-  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
-  integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==
-  dependencies:
-    to-regex-range "^5.0.1"
-
-filter-obj@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/filter-obj/-/filter-obj-1.1.0.tgz#9b311112bc6c6127a16e016c6c5d7f19e0805c5b"
-  integrity sha1-mzERErxsYSehbgFsbF1/GeCAXFs=
-
-finalhandler@~1.1.2:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/finalhandler/-/finalhandler-1.1.2.tgz#b7e7d000ffd11938d0fdb053506f6ebabe9f587d"
-  integrity sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==
-  dependencies:
-    debug "2.6.9"
-    encodeurl "~1.0.2"
-    escape-html "~1.0.3"
-    on-finished "~2.3.0"
-    parseurl "~1.3.3"
-    statuses "~1.5.0"
-    unpipe "~1.0.0"
-
-find-cache-dir@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-2.1.0.tgz#8d0f94cd13fe43c6c7c261a0d86115ca918c05f7"
-  integrity sha512-Tq6PixE0w/VMFfCgbONnkiQIVol/JJL7nRMi20fqzA4NRs9AfeqMGeRdPi3wIhYkxjeBaWh2rxwapn5Tu3IqOQ==
-  dependencies:
-    commondir "^1.0.1"
-    make-dir "^2.0.0"
-    pkg-dir "^3.0.0"
-
-find-cache-dir@^3.3.1:
-  version "3.3.1"
-  resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-3.3.1.tgz#89b33fad4a4670daa94f855f7fbe31d6d84fe880"
-  integrity sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==
-  dependencies:
-    commondir "^1.0.1"
-    make-dir "^3.0.2"
-    pkg-dir "^4.1.0"
-
-find-up@^1.0.0:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/find-up/-/find-up-1.1.2.tgz#6b2e9822b1a2ce0a60ab64d610eccad53cb24d0f"
-  integrity sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=
-  dependencies:
-    path-exists "^2.0.0"
-    pinkie-promise "^2.0.0"
-
-find-up@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/find-up/-/find-up-3.0.0.tgz#49169f1d7993430646da61ecc5ae355c21c97b73"
-  integrity sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==
-  dependencies:
-    locate-path "^3.0.0"
-
-find-up@^4.0.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/find-up/-/find-up-4.1.0.tgz#97afe7d6cdc0bc5928584b7c8d7b16e8a9aa5d19"
-  integrity sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==
-  dependencies:
-    locate-path "^5.0.0"
-    path-exists "^4.0.0"
-
-flush-write-stream@^1.0.0:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/flush-write-stream/-/flush-write-stream-1.1.1.tgz#8dd7d873a1babc207d94ead0c2e0e44276ebf2e8"
-  integrity sha512-3Z4XhFZ3992uIq0XOqb9AreonueSYphE6oYbpt5+3u06JWklbsPkNv3ZKkP9Bz/r+1MWCaMoSQ28P85+1Yc77w==
-  dependencies:
-    inherits "^2.0.3"
-    readable-stream "^2.3.6"
-
-follow-redirects@^1.0.0:
-  version "1.14.8"
-  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.8.tgz#016996fb9a11a100566398b1c6839337d7bfa8fc"
-  integrity sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==
-
-for-in@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
-  integrity sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=
-
-foreach@^2.0.5:
-  version "2.0.5"
-  resolved "https://registry.yarnpkg.com/foreach/-/foreach-2.0.5.tgz#0bee005018aeb260d0a3af3ae658dd0136ec1b99"
-  integrity sha1-C+4AUBiusmDQo6865ljdATbsG5k=
-
-forever-agent@~0.6.1:
-  version "0.6.1"
-  resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
-  integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=
-
-form-data@~2.3.2:
-  version "2.3.3"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.3.3.tgz#dcce52c05f644f298c6a7ab936bd724ceffbf3a6"
-  integrity sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==
-  dependencies:
-    asynckit "^0.4.0"
-    combined-stream "^1.0.6"
-    mime-types "^2.1.12"
-
-forwarded@0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811"
-  integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==
-
-fragment-cache@^0.2.1:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/fragment-cache/-/fragment-cache-0.2.1.tgz#4290fad27f13e89be7f33799c6bc5a0abfff0d19"
-  integrity sha1-QpD60n8T6Jvn8zeZxrxaCr//DRk=
-  dependencies:
-    map-cache "^0.2.2"
-
-fresh@0.5.2:
-  version "0.5.2"
-  resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7"
-  integrity sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=
-
-from2@^2.1.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/from2/-/from2-2.3.0.tgz#8bfb5502bde4a4d36cfdeea007fcca21d7e382af"
-  integrity sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=
-  dependencies:
-    inherits "^2.0.1"
-    readable-stream "^2.0.0"
-
-fs-extra@^7.0.1:
-  version "7.0.1"
-  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-7.0.1.tgz#4f189c44aa123b895f722804f55ea23eadc348e9"
-  integrity sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==
-  dependencies:
-    graceful-fs "^4.1.2"
-    jsonfile "^4.0.0"
-    universalify "^0.1.0"
-
-fs-write-stream-atomic@^1.0.8:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/fs-write-stream-atomic/-/fs-write-stream-atomic-1.0.10.tgz#b47df53493ef911df75731e70a9ded0189db40c9"
-  integrity sha1-tH31NJPvkR33VzHnCp3tAYnbQMk=
-  dependencies:
-    graceful-fs "^4.1.2"
-    iferr "^0.1.5"
-    imurmurhash "^0.1.4"
-    readable-stream "1 || 2"
-
-fs.realpath@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
-  integrity sha1-FQStJSMVjKpA20onh8sBQRmU6k8=
-
-fsevents@^1.2.7:
-  version "1.2.13"
-  resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-1.2.13.tgz#f325cb0455592428bcf11b383370ef70e3bfcc38"
-  integrity sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==
-  dependencies:
-    bindings "^1.5.0"
-    nan "^2.12.1"
-
-fsevents@~2.3.2:
-  version "2.3.2"
-  resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.2.tgz#8a526f78b8fdf4623b709e0b975c52c24c02fd1a"
-  integrity sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==
-
-fstream@^1.0.0, fstream@^1.0.12:
-  version "1.0.12"
-  resolved "https://registry.yarnpkg.com/fstream/-/fstream-1.0.12.tgz#4e8ba8ee2d48be4f7d0de505455548eae5932045"
-  integrity sha512-WvJ193OHa0GHPEL+AycEJgxvBEwyfRkN1vhjca23OaPVMCaLCXTd5qAu82AjTcgP1UJmytkOKb63Ypde7raDIg==
-  dependencies:
-    graceful-fs "^4.1.2"
-    inherits "~2.0.0"
-    mkdirp ">=0.5 0"
-    rimraf "2"
-
-function-bind@^1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d"
-  integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==
-
-gauge@~2.7.3:
-  version "2.7.4"
-  resolved "https://registry.yarnpkg.com/gauge/-/gauge-2.7.4.tgz#2c03405c7538c39d7eb37b317022e325fb018bf7"
-  integrity sha1-LANAXHU4w51+s3sxcCLjJfsBi/c=
-  dependencies:
-    aproba "^1.0.3"
-    console-control-strings "^1.0.0"
-    has-unicode "^2.0.0"
-    object-assign "^4.1.0"
-    signal-exit "^3.0.0"
-    string-width "^1.0.1"
-    strip-ansi "^3.0.1"
-    wide-align "^1.1.0"
-
-gaze@^1.0.0:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/gaze/-/gaze-1.1.3.tgz#c441733e13b927ac8c0ff0b4c3b033f28812924a"
-  integrity sha512-BRdNm8hbWzFzWHERTrejLqwHDfS4GibPoq5wjTPIoJHoBtKGPg3xAFfxmM+9ztbXelxcf2hwQcaz1PtmFeue8g==
-  dependencies:
-    globule "^1.0.0"
-
-gensync@^1.0.0-beta.2:
-  version "1.0.0-beta.2"
-  resolved "https://registry.yarnpkg.com/gensync/-/gensync-1.0.0-beta.2.tgz#32a6ee76c3d7f52d46b2b1ae5d93fea8580a25e0"
-  integrity sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==
-
-get-caller-file@^2.0.1:
-  version "2.0.5"
-  resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
-  integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
-
-get-intrinsic@^1.0.2, get-intrinsic@^1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.1.1.tgz#15f59f376f855c446963948f0d24cd3637b4abc6"
-  integrity sha512-kWZrnVM42QCiEA2Ig1bG8zjoIMOgxWwYCEeNdwY6Tv/cOSeGpcoX4pXHfKUxNKVoArnrEr2e9srnAxxGIraS9Q==
-  dependencies:
-    function-bind "^1.1.1"
-    has "^1.0.3"
-    has-symbols "^1.0.1"
-
-get-stdin@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/get-stdin/-/get-stdin-4.0.1.tgz#b968c6b0a04384324902e8bf1a5df32579a450fe"
-  integrity sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=
-
-get-stream@^4.0.0, get-stream@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-4.1.0.tgz#c1b255575f3dc21d59bfc79cd3d2b46b1c3a54b5"
-  integrity sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==
-  dependencies:
-    pump "^3.0.0"
-
-get-stream@^5.1.0:
-  version "5.2.0"
-  resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-5.2.0.tgz#4966a1795ee5ace65e706c4b7beb71257d6e22d3"
-  integrity sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==
-  dependencies:
-    pump "^3.0.0"
-
-get-value@^2.0.3, get-value@^2.0.6:
-  version "2.0.6"
-  resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28"
-  integrity sha1-3BXKHGcjh8p2vTesCjlbogQqLCg=
-
-getpass@^0.1.1:
-  version "0.1.7"
-  resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
-  integrity sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=
-  dependencies:
-    assert-plus "^1.0.0"
-
-glob-parent@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-3.1.0.tgz#9e6af6299d8d3bd2bd40430832bd113df906c5ae"
-  integrity sha1-nmr2KZ2NO9K9QEMIMr0RPfkGxa4=
-  dependencies:
-    is-glob "^3.1.0"
-    path-dirname "^1.0.0"
-
-glob-parent@~5.1.2:
-  version "5.1.2"
-  resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4"
-  integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==
-  dependencies:
-    is-glob "^4.0.1"
-
-glob-to-regexp@^0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.3.0.tgz#8c5a1494d2066c570cc3bfe4496175acc4d502ab"
-  integrity sha1-jFoUlNIGbFcMw7/kSWF1rMTVAqs=
-
-glob@^7.0.0, glob@^7.0.3, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6, glob@~7.1.1:
-  version "7.1.7"
-  resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.7.tgz#3b193e9233f01d42d0b3f78294bbeeb418f94a90"
-  integrity sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==
-  dependencies:
-    fs.realpath "^1.0.0"
-    inflight "^1.0.4"
-    inherits "2"
-    minimatch "^3.0.4"
-    once "^1.3.0"
-    path-is-absolute "^1.0.0"
-
-global-dirs@^2.0.1:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/global-dirs/-/global-dirs-2.1.0.tgz#e9046a49c806ff04d6c1825e196c8f0091e8df4d"
-  integrity sha512-MG6kdOUh/xBnyo9cJFeIKkLEc1AyFq42QTU4XiX51i2NEdxLxLWXIjEjmqKeSuKR7pAZjTqUVoT2b2huxVLgYQ==
-  dependencies:
-    ini "1.3.7"
-
-global@^4.3.2:
-  version "4.4.0"
-  resolved "https://registry.yarnpkg.com/global/-/global-4.4.0.tgz#3e7b105179006a323ed71aafca3e9c57a5cc6406"
-  integrity sha512-wv/LAoHdRE3BeTGz53FAamhGlPLhlssK45usmGFThIi4XqnBmjKQ16u+RNbP7WvigRZDxUsM0J3gcQ5yicaL0w==
-  dependencies:
-    min-document "^2.19.0"
-    process "^0.11.10"
-
-globals@^11.1.0:
-  version "11.12.0"
-  resolved "https://registry.yarnpkg.com/globals/-/globals-11.12.0.tgz#ab8795338868a0babd8525758018c2a7eb95c42e"
-  integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==
-
-globby@^6.1.0:
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/globby/-/globby-6.1.0.tgz#f5a6d70e8395e21c858fb0489d64df02424d506c"
-  integrity sha1-9abXDoOV4hyFj7BInWTfAkJNUGw=
-  dependencies:
-    array-union "^1.0.1"
-    glob "^7.0.3"
-    object-assign "^4.0.1"
-    pify "^2.0.0"
-    pinkie-promise "^2.0.0"
-
-globby@^7.1.1:
-  version "7.1.1"
-  resolved "https://registry.yarnpkg.com/globby/-/globby-7.1.1.tgz#fb2ccff9401f8600945dfada97440cca972b8680"
-  integrity sha1-+yzP+UAfhgCUXfral0QMypcrhoA=
-  dependencies:
-    array-union "^1.0.1"
-    dir-glob "^2.0.0"
-    glob "^7.1.2"
-    ignore "^3.3.5"
-    pify "^3.0.0"
-    slash "^1.0.0"
-
-globby@^9.1.0, globby@^9.2.0:
-  version "9.2.0"
-  resolved "https://registry.yarnpkg.com/globby/-/globby-9.2.0.tgz#fd029a706c703d29bdd170f4b6db3a3f7a7cb63d"
-  integrity sha512-ollPHROa5mcxDEkwg6bPt3QbEf4pDQSNtd6JPL1YvOvAo/7/0VAm9TccUeoTmarjPw4pfUthSCqcyfNB1I3ZSg==
-  dependencies:
-    "@types/glob" "^7.1.1"
-    array-union "^1.0.2"
-    dir-glob "^2.2.2"
-    fast-glob "^2.2.6"
-    glob "^7.1.3"
-    ignore "^4.0.3"
-    pify "^4.0.1"
-    slash "^2.0.0"
-
-globule@^1.0.0:
-  version "1.3.3"
-  resolved "https://registry.yarnpkg.com/globule/-/globule-1.3.3.tgz#811919eeac1ab7344e905f2e3be80a13447973c2"
-  integrity sha512-mb1aYtDbIjTu4ShMB85m3UzjX9BVKe9WCzsnfMSZk+K5GpIbBOexgg4PPCt5eHDEG5/ZQAUX2Kct02zfiPLsKg==
-  dependencies:
-    glob "~7.1.1"
-    lodash "~4.17.10"
-    minimatch "~3.0.2"
-
-got@^9.6.0:
-  version "9.6.0"
-  resolved "https://registry.yarnpkg.com/got/-/got-9.6.0.tgz#edf45e7d67f99545705de1f7bbeeeb121765ed85"
-  integrity sha512-R7eWptXuGYxwijs0eV+v3o6+XH1IqVK8dJOEecQfTmkncw9AV4dcw/Dhxi8MdlqPthxxpZyizMzyg8RTmEsG+Q==
-  dependencies:
-    "@sindresorhus/is" "^0.14.0"
-    "@szmarczak/http-timer" "^1.1.2"
-    cacheable-request "^6.0.0"
-    decompress-response "^3.3.0"
-    duplexer3 "^0.1.4"
-    get-stream "^4.1.0"
-    lowercase-keys "^1.0.1"
-    mimic-response "^1.0.1"
-    p-cancelable "^1.0.0"
-    to-readable-stream "^1.0.0"
-    url-parse-lax "^3.0.0"
-
-graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.6:
-  version "4.2.6"
-  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.6.tgz#ff040b2b0853b23c3d31027523706f1885d76bee"
-  integrity sha512-nTnJ528pbqxYanhpDYsi4Rd8MAeaBA67+RZ10CM1m3bTAVFEDcd5AuA4a6W5YkGZ1iNXHzZz8T6TBKLeBuNriQ==
-
-graphlib@^2.1.8:
-  version "2.1.8"
-  resolved "https://registry.yarnpkg.com/graphlib/-/graphlib-2.1.8.tgz#5761d414737870084c92ec7b5dbcb0592c9d35da"
-  integrity sha512-jcLLfkpoVGmH7/InMC/1hIvOPSUh38oJtGhvrOFGzioE1DZ+0YW16RgmOJhHiuWTvGiJQ9Z1Ik43JvkRPRvE+A==
-  dependencies:
-    lodash "^4.17.15"
-
-gray-matter@^4.0.1:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/gray-matter/-/gray-matter-4.0.3.tgz#e893c064825de73ea1f5f7d88c7a9f7274288798"
-  integrity sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==
-  dependencies:
-    js-yaml "^3.13.1"
-    kind-of "^6.0.2"
-    section-matter "^1.0.0"
-    strip-bom-string "^1.0.0"
-
-handle-thing@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/handle-thing/-/handle-thing-2.0.1.tgz#857f79ce359580c340d43081cc648970d0bb234e"
-  integrity sha512-9Qn4yBxelxoh2Ow62nP+Ka/kMnOXRi8BXnRaUwezLNhqelnN49xKz4F/dPP8OYLxLxq6JDtZb2i9XznUQbNPTg==
-
-har-schema@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92"
-  integrity sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=
-
-har-validator@~5.1.3:
-  version "5.1.5"
-  resolved "https://registry.yarnpkg.com/har-validator/-/har-validator-5.1.5.tgz#1f0803b9f8cb20c0fa13822df1ecddb36bde1efd"
-  integrity sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==
-  dependencies:
-    ajv "^6.12.3"
-    har-schema "^2.0.0"
-
-has-ansi@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/has-ansi/-/has-ansi-2.0.0.tgz#34f5049ce1ecdf2b0649af3ef24e45ed35416d91"
-  integrity sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=
-  dependencies:
-    ansi-regex "^2.0.0"
-
-has-bigints@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/has-bigints/-/has-bigints-1.0.1.tgz#64fe6acb020673e3b78db035a5af69aa9d07b113"
-  integrity sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==
-
-has-flag@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
-  integrity sha1-tdRU3CGZriJWmfNGfloH87lVuv0=
-
-has-flag@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
-  integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
-
-has-symbols@^1.0.1, has-symbols@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.2.tgz#165d3070c00309752a1236a479331e3ac56f1423"
-  integrity sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw==
-
-has-unicode@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9"
-  integrity sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk=
-
-has-value@^0.3.1:
-  version "0.3.1"
-  resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f"
-  integrity sha1-ex9YutpiyoJ+wKIHgCVlSEWZXh8=
-  dependencies:
-    get-value "^2.0.3"
-    has-values "^0.1.4"
-    isobject "^2.0.0"
-
-has-value@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/has-value/-/has-value-1.0.0.tgz#18b281da585b1c5c51def24c930ed29a0be6b177"
-  integrity sha1-GLKB2lhbHFxR3vJMkw7SmgvmsXc=
-  dependencies:
-    get-value "^2.0.6"
-    has-values "^1.0.0"
-    isobject "^3.0.0"
-
-has-values@^0.1.4:
-  version "0.1.4"
-  resolved "https://registry.yarnpkg.com/has-values/-/has-values-0.1.4.tgz#6d61de95d91dfca9b9a02089ad384bff8f62b771"
-  integrity sha1-bWHeldkd/Km5oCCJrThL/49it3E=
-
-has-values@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/has-values/-/has-values-1.0.0.tgz#95b0b63fec2146619a6fe57fe75628d5a39efe4f"
-  integrity sha1-lbC2P+whRmGab+V/51Yo1aOe/k8=
-  dependencies:
-    is-number "^3.0.0"
-    kind-of "^4.0.0"
-
-has-yarn@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-2.1.0.tgz#137e11354a7b5bf11aa5cb649cf0c6f3ff2b2e77"
-  integrity sha512-UqBRqi4ju7T+TqGNdqAO0PaSVGsDGJUBQvk9eUWNGRY1CFGDzYhLWoM7JQEemnlvVcv/YEmc2wNW8BC24EnUsw==
-
-has@^1.0.0, has@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/has/-/has-1.0.3.tgz#722d7cbfc1f6aa8241f16dd814e011e1f41e8796"
-  integrity sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==
-  dependencies:
-    function-bind "^1.1.1"
-
-hash-base@^3.0.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-3.1.0.tgz#55c381d9e06e1d2997a883b4a3fddfe7f0d3af33"
-  integrity sha512-1nmYp/rhMDiE7AYkDw+lLwlAzz0AntGIe51F3RfFfEqyQ3feY2eI/NcwC6umIQVOASPMsWJLJScWKSSvzL9IVA==
-  dependencies:
-    inherits "^2.0.4"
-    readable-stream "^3.6.0"
-    safe-buffer "^5.2.0"
-
-hash-sum@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/hash-sum/-/hash-sum-1.0.2.tgz#33b40777754c6432573c120cc3808bbd10d47f04"
-  integrity sha1-M7QHd3VMZDJXPBIMw4CLvRDUfwQ=
-
-hash.js@^1.0.0, hash.js@^1.0.3:
-  version "1.1.7"
-  resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42"
-  integrity sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==
-  dependencies:
-    inherits "^2.0.3"
-    minimalistic-assert "^1.0.1"
-
-he@1.2.x, he@^1.1.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f"
-  integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==
-
-hex-color-regex@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/hex-color-regex/-/hex-color-regex-1.1.0.tgz#4c06fccb4602fe2602b3c93df82d7e7dbf1a8a8e"
-  integrity sha512-l9sfDFsuqtOqKDsQdqrMRk0U85RZc0RtOR9yPI7mRVOa4FsR/BVnZ0shmQRM96Ji99kYZP/7hn1cedc1+ApsTQ==
-
-hmac-drbg@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1"
-  integrity sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=
-  dependencies:
-    hash.js "^1.0.3"
-    minimalistic-assert "^1.0.0"
-    minimalistic-crypto-utils "^1.0.1"
-
-hogan.js@^3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/hogan.js/-/hogan.js-3.0.2.tgz#4cd9e1abd4294146e7679e41d7898732b02c7bfd"
-  integrity sha1-TNnhq9QpQUbnZ55B14mHMrAse/0=
-  dependencies:
-    mkdirp "0.3.0"
-    nopt "1.0.10"
-
-hosted-git-info@^2.1.4:
-  version "2.8.9"
-  resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.8.9.tgz#dffc0bf9a21c02209090f2aa69429e1414daf3f9"
-  integrity sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==
-
-hpack.js@^2.1.6:
-  version "2.1.6"
-  resolved "https://registry.yarnpkg.com/hpack.js/-/hpack.js-2.1.6.tgz#87774c0949e513f42e84575b3c45681fade2a0b2"
-  integrity sha1-h3dMCUnlE/QuhFdbPEVoH63ioLI=
-  dependencies:
-    inherits "^2.0.1"
-    obuf "^1.0.0"
-    readable-stream "^2.0.1"
-    wbuf "^1.1.0"
-
-hsl-regex@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/hsl-regex/-/hsl-regex-1.0.0.tgz#d49330c789ed819e276a4c0d272dffa30b18fe6e"
-  integrity sha1-1JMwx4ntgZ4nakwNJy3/owsY/m4=
-
-hsla-regex@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/hsla-regex/-/hsla-regex-1.0.0.tgz#c1ce7a3168c8c6614033a4b5f7877f3b225f9c38"
-  integrity sha1-wc56MWjIxmFAM6S194d/OyJfnDg=
-
-html-entities@^1.3.1:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-1.4.0.tgz#cfbd1b01d2afaf9adca1b10ae7dffab98c71d2dc"
-  integrity sha512-8nxjcBcd8wovbeKx7h3wTji4e6+rhaVuPNpMqwWgnHh+N9ToqsCs6XztWRBPQ+UtzsoMAdKZtUENoVzU/EMtZA==
-
-html-minifier@^3.2.3:
-  version "3.5.21"
-  resolved "https://registry.yarnpkg.com/html-minifier/-/html-minifier-3.5.21.tgz#d0040e054730e354db008463593194015212d20c"
-  integrity sha512-LKUKwuJDhxNa3uf/LPR/KVjm/l3rBqtYeCOAekvG8F1vItxMUpueGd94i/asDDr8/1u7InxzFA5EeGjhhG5mMA==
-  dependencies:
-    camel-case "3.0.x"
-    clean-css "4.2.x"
-    commander "2.17.x"
-    he "1.2.x"
-    param-case "2.1.x"
-    relateurl "0.2.x"
-    uglify-js "3.4.x"
-
-html-tags@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/html-tags/-/html-tags-2.0.0.tgz#10b30a386085f43cede353cc8fa7cb0deeea668b"
-  integrity sha1-ELMKOGCF9Dzt41PMj6fLDe7qZos=
-
-html-tags@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/html-tags/-/html-tags-3.1.0.tgz#7b5e6f7e665e9fb41f30007ed9e0d41e97fb2140"
-  integrity sha512-1qYz89hW3lFDEazhjW0yVAV87lw8lVkrJocr72XmBkMKsoSVJCQx3W8BXsC7hO2qAt8BoVjYjtAcZ9perqGnNg==
-
-htmlparser2@^6.1.0:
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-6.1.0.tgz#c4d762b6c3371a05dbe65e94ae43a9f845fb8fb7"
-  integrity sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==
-  dependencies:
-    domelementtype "^2.0.1"
-    domhandler "^4.0.0"
-    domutils "^2.5.2"
-    entities "^2.0.0"
-
-http-cache-semantics@^4.0.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz#49e91c5cbf36c9b94bcfcd71c23d5249ec74e390"
-  integrity sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==
-
-http-deceiver@^1.2.7:
-  version "1.2.7"
-  resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87"
-  integrity sha1-+nFolEq5pRnTN8sL7HKE3D5yPYc=
-
-http-errors@1.7.2:
-  version "1.7.2"
-  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.2.tgz#4f5029cf13239f31036e5b2e55292bcfbcc85c8f"
-  integrity sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==
-  dependencies:
-    depd "~1.1.2"
-    inherits "2.0.3"
-    setprototypeof "1.1.1"
-    statuses ">= 1.5.0 < 2"
-    toidentifier "1.0.0"
-
-http-errors@~1.6.2:
-  version "1.6.3"
-  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.6.3.tgz#8b55680bb4be283a0b5bf4ea2e38580be1d9320d"
-  integrity sha1-i1VoC7S+KDoLW/TqLjhYC+HZMg0=
-  dependencies:
-    depd "~1.1.2"
-    inherits "2.0.3"
-    setprototypeof "1.1.0"
-    statuses ">= 1.4.0 < 2"
-
-http-errors@~1.7.2:
-  version "1.7.3"
-  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.3.tgz#6c619e4f9c60308c38519498c14fbb10aacebb06"
-  integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==
-  dependencies:
-    depd "~1.1.2"
-    inherits "2.0.4"
-    setprototypeof "1.1.1"
-    statuses ">= 1.5.0 < 2"
-    toidentifier "1.0.0"
-
-http-parser-js@>=0.5.1:
-  version "0.5.3"
-  resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.5.3.tgz#01d2709c79d41698bb01d4decc5e9da4e4a033d9"
-  integrity sha512-t7hjvef/5HEK7RWTdUzVUhl8zkEu+LlaE0IYzdMuvbSDipxBRpOn4Uhw8ZyECEa808iVT8XCjzo6xmYt4CiLZg==
-
-http-proxy-middleware@0.19.1:
-  version "0.19.1"
-  resolved "https://registry.yarnpkg.com/http-proxy-middleware/-/http-proxy-middleware-0.19.1.tgz#183c7dc4aa1479150306498c210cdaf96080a43a"
-  integrity sha512-yHYTgWMQO8VvwNS22eLLloAkvungsKdKTLO8AJlftYIKNfJr3GK3zK0ZCfzDDGUBttdGc8xFy1mCitvNKQtC3Q==
-  dependencies:
-    http-proxy "^1.17.0"
-    is-glob "^4.0.0"
-    lodash "^4.17.11"
-    micromatch "^3.1.10"
-
-http-proxy@^1.17.0:
-  version "1.18.1"
-  resolved "https://registry.yarnpkg.com/http-proxy/-/http-proxy-1.18.1.tgz#401541f0534884bbf95260334e72f88ee3976549"
-  integrity sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==
-  dependencies:
-    eventemitter3 "^4.0.0"
-    follow-redirects "^1.0.0"
-    requires-port "^1.0.0"
-
-http-signature@~1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
-  integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
-  dependencies:
-    assert-plus "^1.0.0"
-    jsprim "^1.2.2"
-    sshpk "^1.7.0"
-
-https-browserify@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73"
-  integrity sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM=
-
-iconv-lite@0.4, iconv-lite@0.4.24:
-  version "0.4.24"
-  resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b"
-  integrity sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==
-  dependencies:
-    safer-buffer ">= 2.1.2 < 3"
-
-iconv-lite@0.6:
-  version "0.6.3"
-  resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.6.3.tgz#a52f80bf38da1952eb5c681790719871a1a72501"
-  integrity sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==
-  dependencies:
-    safer-buffer ">= 2.1.2 < 3.0.0"
-
-icss-replace-symbols@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/icss-replace-symbols/-/icss-replace-symbols-1.1.0.tgz#06ea6f83679a7749e386cfe1fe812ae5db223ded"
-  integrity sha1-Bupvg2ead0njhs/h/oEq5dsiPe0=
-
-icss-utils@^4.1.0:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/icss-utils/-/icss-utils-4.1.1.tgz#21170b53789ee27447c2f47dd683081403f9a467"
-  integrity sha512-4aFq7wvWyMHKgxsH8QQtGpvbASCf+eM3wPRLI6R+MgAnTCZ6STYsRvttLvRWK0Nfif5piF394St3HeJDaljGPA==
-  dependencies:
-    postcss "^7.0.14"
-
-ieee754@^1.1.4:
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352"
-  integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==
-
-iferr@^0.1.5:
-  version "0.1.5"
-  resolved "https://registry.yarnpkg.com/iferr/-/iferr-0.1.5.tgz#c60eed69e6d8fdb6b3104a1fcbca1c192dc5b501"
-  integrity sha1-xg7taebY/bazEEofy8ocGS3FtQE=
-
-ignore@^3.3.5:
-  version "3.3.10"
-  resolved "https://registry.yarnpkg.com/ignore/-/ignore-3.3.10.tgz#0a97fb876986e8081c631160f8f9f389157f0043"
-  integrity sha512-Pgs951kaMm5GXP7MOvxERINe3gsaVjUWFm+UZPSq9xYriQAksyhg0csnS0KXSNRD5NmNdapXEpjxG49+AKh/ug==
-
-ignore@^4.0.3:
-  version "4.0.6"
-  resolved "https://registry.yarnpkg.com/ignore/-/ignore-4.0.6.tgz#750e3db5862087b4737ebac8207ffd1ef27b25fc"
-  integrity sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==
-
-immediate@^3.2.3:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/immediate/-/immediate-3.3.0.tgz#1aef225517836bcdf7f2a2de2600c79ff0269266"
-  integrity sha512-HR7EVodfFUdQCTIeySw+WDRFJlPcLOJbXfwwZ7Oom6tjsvZ3bOkCDJHehQC3nxJrv7+f9XecwazynjU8e4Vw3Q==
-
-import-cwd@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/import-cwd/-/import-cwd-2.1.0.tgz#aa6cf36e722761285cb371ec6519f53e2435b0a9"
-  integrity sha1-qmzzbnInYShcs3HsZRn1PiQ1sKk=
-  dependencies:
-    import-from "^2.1.0"
-
-import-fresh@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-2.0.0.tgz#d81355c15612d386c61f9ddd3922d4304822a546"
-  integrity sha1-2BNVwVYS04bGH53dOSLUMEgipUY=
-  dependencies:
-    caller-path "^2.0.0"
-    resolve-from "^3.0.0"
-
-import-from@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/import-from/-/import-from-2.1.0.tgz#335db7f2a7affd53aaa471d4b8021dee36b7f3b1"
-  integrity sha1-M1238qev/VOqpHHUuAId7ja387E=
-  dependencies:
-    resolve-from "^3.0.0"
-
-import-lazy@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/import-lazy/-/import-lazy-2.1.0.tgz#05698e3d45c88e8d7e9d92cb0584e77f096f3e43"
-  integrity sha1-BWmOPUXIjo1+nZLLBYTnfwlvPkM=
-
-import-local@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/import-local/-/import-local-2.0.0.tgz#55070be38a5993cf18ef6db7e961f5bee5c5a09d"
-  integrity sha512-b6s04m3O+s3CGSbqDIyP4R6aAwAeYlVq9+WUWep6iHa8ETRf9yei1U48C5MmfJmV9AiLYYBKPMq/W+/WRpQmCQ==
-  dependencies:
-    pkg-dir "^3.0.0"
-    resolve-cwd "^2.0.0"
-
-imurmurhash@^0.1.4:
-  version "0.1.4"
-  resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"
-  integrity sha1-khi5srkoojixPcT7a21XbyMUU+o=
-
-in-publish@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/in-publish/-/in-publish-2.0.1.tgz#948b1a535c8030561cea522f73f78f4be357e00c"
-  integrity sha512-oDM0kUSNFC31ShNxHKUyfZKy8ZeXZBWMjMdZHKLOk13uvT27VTL/QzRGfRUcevJhpkZAvlhPYuXkF7eNWrtyxQ==
-
-indent-string@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-2.1.0.tgz#8e2d48348742121b4a8218b7a137e9a52049dc80"
-  integrity sha1-ji1INIdCEhtKghi3oTfppSBJ3IA=
-  dependencies:
-    repeating "^2.0.0"
-
-indexes-of@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/indexes-of/-/indexes-of-1.0.1.tgz#f30f716c8e2bd346c7b67d3df3915566a7c05607"
-  integrity sha1-8w9xbI4r00bHtn0985FVZqfAVgc=
-
-infer-owner@^1.0.3:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/infer-owner/-/infer-owner-1.0.4.tgz#c4cefcaa8e51051c2a40ba2ce8a3d27295af9467"
-  integrity sha512-IClj+Xz94+d7irH5qRyfJonOdfTzuDaifE6ZPWfx0N0+/ATZCbuTPq2prFl526urkQd90WyUKIh1DfBQ2hMz9A==
-
-inflight@^1.0.4:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9"
-  integrity sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=
-  dependencies:
-    once "^1.3.0"
-    wrappy "1"
-
-inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.0, inherits@~2.0.1, inherits@~2.0.3:
-  version "2.0.4"
-  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
-  integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
-
-inherits@2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.1.tgz#b17d08d326b4423e568eff719f91b0b1cbdf69f1"
-  integrity sha1-sX0I0ya0Qj5Wjv9xn5GwscvfafE=
-
-inherits@2.0.3:
-  version "2.0.3"
-  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de"
-  integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
-
-ini@1.3.7:
-  version "1.3.7"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.7.tgz#a09363e1911972ea16d7a8851005d84cf09a9a84"
-  integrity sha512-iKpRpXP+CrP2jyrxvg1kMUpXDyRUFDWurxbnVT1vQPx+Wz9uCYsMIqYuSBLV+PAaZG/d7kRLKRFc9oDMsH+mFQ==
-
-ini@~1.3.0:
-  version "1.3.8"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
-  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
-
-internal-ip@^4.3.0:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/internal-ip/-/internal-ip-4.3.0.tgz#845452baad9d2ca3b69c635a137acb9a0dad0907"
-  integrity sha512-S1zBo1D6zcsyuC6PMmY5+55YMILQ9av8lotMx447Bq6SAgo/sDK6y6uUKmuYhW7eacnIhFfsPmCNYdDzsnnDCg==
-  dependencies:
-    default-gateway "^4.2.0"
-    ipaddr.js "^1.9.0"
-
-"internmap@1 - 2":
-  version "2.0.3"
-  resolved "https://registry.yarnpkg.com/internmap/-/internmap-2.0.3.tgz#6685f23755e43c524e251d29cbc97248e3061009"
-  integrity sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==
-
-ip-regex@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/ip-regex/-/ip-regex-2.1.0.tgz#fa78bf5d2e6913c911ce9f819ee5146bb6d844e9"
-  integrity sha1-+ni/XS5pE8kRzp+BnuUUa7bYROk=
-
-ip@^1.1.0, ip@^1.1.5:
-  version "1.1.5"
-  resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.5.tgz#bdded70114290828c0a039e72ef25f5aaec4354a"
-  integrity sha1-vd7XARQpCCjAoDnnLvJfWq7ENUo=
-
-ipaddr.js@1.9.1, ipaddr.js@^1.9.0:
-  version "1.9.1"
-  resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3"
-  integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==
-
-is-absolute-url@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/is-absolute-url/-/is-absolute-url-2.1.0.tgz#50530dfb84fcc9aa7dbe7852e83a37b93b9f2aa6"
-  integrity sha1-UFMN+4T8yap9vnhS6Do3uTufKqY=
-
-is-absolute-url@^3.0.3:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/is-absolute-url/-/is-absolute-url-3.0.3.tgz#96c6a22b6a23929b11ea0afb1836c36ad4a5d698"
-  integrity sha512-opmNIX7uFnS96NtPmhWQgQx6/NYFgsUXYMllcfzwWKUMwfo8kku1TvE6hkNcH+Q1ts5cMVrsY7j0bxXQDciu9Q==
-
-is-accessor-descriptor@^0.1.6:
-  version "0.1.6"
-  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz#a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"
-  integrity sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=
-  dependencies:
-    kind-of "^3.0.2"
-
-is-accessor-descriptor@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz#169c2f6d3df1f992618072365c9b0ea1f6878656"
-  integrity sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==
-  dependencies:
-    kind-of "^6.0.0"
-
-is-arguments@^1.0.4:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.1.0.tgz#62353031dfbee07ceb34656a6bde59efecae8dd9"
-  integrity sha512-1Ij4lOMPl/xB5kBDn7I+b2ttPMKa8szhEIrXDuXQD/oe3HJLTLhqhgGspwgyGd6MOywBUqVvYicF72lkgDnIHg==
-  dependencies:
-    call-bind "^1.0.0"
-
-is-arrayish@^0.2.1:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
-  integrity sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=
-
-is-arrayish@^0.3.1:
-  version "0.3.2"
-  resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.3.2.tgz#4574a2ae56f7ab206896fb431eaeed066fdf8f03"
-  integrity sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==
-
-is-bigint@^1.0.1:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/is-bigint/-/is-bigint-1.0.2.tgz#ffb381442503235ad245ea89e45b3dbff040ee5a"
-  integrity sha512-0JV5+SOCQkIdzjBK9buARcV804Ddu7A0Qet6sHi3FimE9ne6m4BGQZfRn+NZiXbBk4F4XmHfDZIipLj9pX8dSA==
-
-is-binary-path@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-1.0.1.tgz#75f16642b480f187a711c814161fd3a4a7655898"
-  integrity sha1-dfFmQrSA8YenEcgUFh/TpKdlWJg=
-  dependencies:
-    binary-extensions "^1.0.0"
-
-is-binary-path@~2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-2.1.0.tgz#ea1f7f3b80f064236e83470f86c09c254fb45b09"
-  integrity sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==
-  dependencies:
-    binary-extensions "^2.0.0"
-
-is-boolean-object@^1.1.0:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/is-boolean-object/-/is-boolean-object-1.1.1.tgz#3c0878f035cb821228d350d2e1e36719716a3de8"
-  integrity sha512-bXdQWkECBUIAcCkeH1unwJLIpZYaa5VvuygSyS/c2lf719mTKZDU5UdDRlpd01UjADgmW8RfqaP+mRaVPdr/Ng==
-  dependencies:
-    call-bind "^1.0.2"
-
-is-buffer@^1.1.5:
-  version "1.1.6"
-  resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
-  integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
-
-is-callable@^1.1.4, is-callable@^1.2.3:
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.3.tgz#8b1e0500b73a1d76c70487636f368e519de8db8e"
-  integrity sha512-J1DcMe8UYTBSrKezuIUTUwjXsho29693unXM2YhJUTR2txK/eG47bvNa/wipPFmZFgr/N6f1GA66dv0mEyTIyQ==
-
-is-ci@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/is-ci/-/is-ci-2.0.0.tgz#6bc6334181810e04b5c22b3d589fdca55026404c"
-  integrity sha512-YfJT7rkpQB0updsdHLGWrvhBJfcfzNNawYDNIyQXJz0IViGf75O8EBPKSdvw2rF+LGCsX4FZ8tcr3b19LcZq4w==
-  dependencies:
-    ci-info "^2.0.0"
-
-is-color-stop@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-color-stop/-/is-color-stop-1.1.0.tgz#cfff471aee4dd5c9e158598fbe12967b5cdad345"
-  integrity sha1-z/9HGu5N1cnhWFmPvhKWe1za00U=
-  dependencies:
-    css-color-names "^0.0.4"
-    hex-color-regex "^1.1.0"
-    hsl-regex "^1.0.0"
-    hsla-regex "^1.0.0"
-    rgb-regex "^1.0.1"
-    rgba-regex "^1.0.0"
-
-is-core-module@^2.2.0:
-  version "2.5.0"
-  resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.5.0.tgz#f754843617c70bfd29b7bd87327400cda5c18491"
-  integrity sha512-TXCMSDsEHMEEZ6eCA8rwRDbLu55MRGmrctljsBX/2v1d9/GzqHOxW5c5oPSgrUt2vBFXebu9rGqckXGPWOlYpg==
-  dependencies:
-    has "^1.0.3"
-
-is-data-descriptor@^0.1.4:
-  version "0.1.4"
-  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz#0b5ee648388e2c860282e793f1856fec3f301b56"
-  integrity sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=
-  dependencies:
-    kind-of "^3.0.2"
-
-is-data-descriptor@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz#d84876321d0e7add03990406abbbbd36ba9268c7"
-  integrity sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==
-  dependencies:
-    kind-of "^6.0.0"
-
-is-date-object@^1.0.1:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.4.tgz#550cfcc03afada05eea3dd30981c7b09551f73e5"
-  integrity sha512-/b4ZVsG7Z5XVtIxs/h9W8nvfLgSAyKYdtGWQLbqy6jA1icmgjf8WCoTKgeS4wy5tYaPePouzFMANbnj94c2Z+A==
-
-is-descriptor@^0.1.0:
-  version "0.1.6"
-  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-0.1.6.tgz#366d8240dde487ca51823b1ab9f07a10a78251ca"
-  integrity sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==
-  dependencies:
-    is-accessor-descriptor "^0.1.6"
-    is-data-descriptor "^0.1.4"
-    kind-of "^5.0.0"
-
-is-descriptor@^1.0.0, is-descriptor@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-1.0.2.tgz#3b159746a66604b04f8c81524ba365c5f14d86ec"
-  integrity sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==
-  dependencies:
-    is-accessor-descriptor "^1.0.0"
-    is-data-descriptor "^1.0.0"
-    kind-of "^6.0.2"
-
-is-directory@^0.3.1:
-  version "0.3.1"
-  resolved "https://registry.yarnpkg.com/is-directory/-/is-directory-0.3.1.tgz#61339b6f2475fc772fd9c9d83f5c8575dc154ae1"
-  integrity sha1-YTObbyR1/Hcv2cnYP1yFddwVSuE=
-
-is-extendable@^0.1.0, is-extendable@^0.1.1:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89"
-  integrity sha1-YrEQ4omkcUGOPsNqYX1HLjAd/Ik=
-
-is-extendable@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-1.0.1.tgz#a7470f9e426733d81bd81e1155264e3a3507cab4"
-  integrity sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==
-  dependencies:
-    is-plain-object "^2.0.4"
-
-is-extglob@^2.1.0, is-extglob@^2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2"
-  integrity sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=
-
-is-finite@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-finite/-/is-finite-1.1.0.tgz#904135c77fb42c0641d6aa1bcdbc4daa8da082f3"
-  integrity sha512-cdyMtqX/BOqqNBBiKlIVkytNHm49MtMlYyn1zxzvJKWmFMlGzm+ry5BBfYyeY9YmNKbRSo/o7OX9w9ale0wg3w==
-
-is-fullwidth-code-point@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz#ef9e31386f031a7f0d643af82fde50c457ef00cb"
-  integrity sha1-754xOG8DGn8NZDr4L95QxFfvAMs=
-  dependencies:
-    number-is-nan "^1.0.0"
-
-is-fullwidth-code-point@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz#a3b30a5c4f199183167aaab93beefae3ddfb654f"
-  integrity sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=
-
-is-fullwidth-code-point@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d"
-  integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==
-
-is-glob@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-3.1.0.tgz#7ba5ae24217804ac70707b96922567486cc3e84a"
-  integrity sha1-e6WuJCF4BKxwcHuWkiVnSGzD6Eo=
-  dependencies:
-    is-extglob "^2.1.0"
-
-is-glob@^4.0.0, is-glob@^4.0.1, is-glob@~4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.1.tgz#7567dbe9f2f5e2467bc77ab83c4a29482407a5dc"
-  integrity sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==
-  dependencies:
-    is-extglob "^2.1.1"
-
-is-installed-globally@^0.3.1:
-  version "0.3.2"
-  resolved "https://registry.yarnpkg.com/is-installed-globally/-/is-installed-globally-0.3.2.tgz#fd3efa79ee670d1187233182d5b0a1dd00313141"
-  integrity sha512-wZ8x1js7Ia0kecP/CHM/3ABkAmujX7WPvQk6uu3Fly/Mk44pySulQpnHG46OMjHGXApINnV4QhY3SWnECO2z5g==
-  dependencies:
-    global-dirs "^2.0.1"
-    is-path-inside "^3.0.1"
-
-is-negative-zero@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.1.tgz#3de746c18dda2319241a53675908d8f766f11c24"
-  integrity sha512-2z6JzQvZRa9A2Y7xC6dQQm4FSTSTNWjKIYYTt4246eMTJmIo0Q+ZyOsU66X8lxK1AbB92dFeglPLrhwpeRKO6w==
-
-is-npm@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/is-npm/-/is-npm-4.0.0.tgz#c90dd8380696df87a7a6d823c20d0b12bbe3c84d"
-  integrity sha512-96ECIfh9xtDDlPylNPXhzjsykHsMJZ18ASpaWzQyBr4YRTcVjUvzaHayDAES2oU/3KpljhHUjtSRNiDwi0F0ig==
-
-is-number-object@^1.0.4:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/is-number-object/-/is-number-object-1.0.5.tgz#6edfaeed7950cff19afedce9fbfca9ee6dd289eb"
-  integrity sha512-RU0lI/n95pMoUKu9v1BZP5MBcZuNSVJkMkAG2dJqC4z2GlkGUNeH68SuHuBKBD/XFe+LHZ+f9BKkLET60Niedw==
-
-is-number@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/is-number/-/is-number-3.0.0.tgz#24fd6201a4782cf50561c810276afc7d12d71195"
-  integrity sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=
-  dependencies:
-    kind-of "^3.0.2"
-
-is-number@^7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b"
-  integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==
-
-is-obj@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-2.0.0.tgz#473fb05d973705e3fd9620545018ca8e22ef4982"
-  integrity sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==
-
-is-path-cwd@^2.0.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/is-path-cwd/-/is-path-cwd-2.2.0.tgz#67d43b82664a7b5191fd9119127eb300048a9fdb"
-  integrity sha512-w942bTcih8fdJPJmQHFzkS76NEP8Kzzvmw92cXsazb8intwLqPibPPdXf4ANdKV3rYMuuQYGIWtvz9JilB3NFQ==
-
-is-path-in-cwd@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/is-path-in-cwd/-/is-path-in-cwd-2.1.0.tgz#bfe2dca26c69f397265a4009963602935a053acb"
-  integrity sha512-rNocXHgipO+rvnP6dk3zI20RpOtrAM/kzbB258Uw5BWr3TpXi861yzjo16Dn4hUox07iw5AyeMLHWsujkjzvRQ==
-  dependencies:
-    is-path-inside "^2.1.0"
-
-is-path-inside@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-2.1.0.tgz#7c9810587d659a40d27bcdb4d5616eab059494b2"
-  integrity sha512-wiyhTzfDWsvwAW53OBWF5zuvaOGlZ6PwYxAbPVDhpm+gM09xKQGjBq/8uYN12aDvMxnAnq3dxTyoSoRNmg5YFg==
-  dependencies:
-    path-is-inside "^1.0.2"
-
-is-path-inside@^3.0.1:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283"
-  integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==
-
-is-plain-obj@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-plain-obj/-/is-plain-obj-1.1.0.tgz#71a50c8429dfca773c92a390a4a03b39fcd51d3e"
-  integrity sha1-caUMhCnfync8kqOQpKA7OfzVHT4=
-
-is-plain-object@^2.0.3, is-plain-object@^2.0.4:
-  version "2.0.4"
-  resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677"
-  integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==
-  dependencies:
-    isobject "^3.0.1"
-
-is-regex@^1.0.4, is-regex@^1.1.3:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.3.tgz#d029f9aff6448b93ebbe3f33dac71511fdcbef9f"
-  integrity sha512-qSVXFz28HM7y+IWX6vLCsexdlvzT1PJNFSBuaQLQ5o0IEw8UDYW6/2+eCMVyIsbM8CNLX2a/QWmSpyxYEHY7CQ==
-  dependencies:
-    call-bind "^1.0.2"
-    has-symbols "^1.0.2"
-
-is-resolvable@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-resolvable/-/is-resolvable-1.1.0.tgz#fb18f87ce1feb925169c9a407c19318a3206ed88"
-  integrity sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg==
-
-is-stream@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-1.1.0.tgz#12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44"
-  integrity sha1-EtSj3U5o4Lec6428hBc66A2RykQ=
-
-is-string@^1.0.5, is-string@^1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/is-string/-/is-string-1.0.6.tgz#3fe5d5992fb0d93404f32584d4b0179a71b54a5f"
-  integrity sha512-2gdzbKUuqtQ3lYNrUTQYoClPhm7oQu4UdpSZMp1/DGgkHBT8E2Z1l0yMdb6D4zNAxwDiMv8MdulKROJGNl0Q0w==
-
-is-symbol@^1.0.2, is-symbol@^1.0.3:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/is-symbol/-/is-symbol-1.0.4.tgz#a6dac93b635b063ca6872236de88910a57af139c"
-  integrity sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==
-  dependencies:
-    has-symbols "^1.0.2"
-
-is-typedarray@^1.0.0, is-typedarray@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
-  integrity sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=
-
-is-utf8@^0.2.0:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/is-utf8/-/is-utf8-0.2.1.tgz#4b0da1442104d1b336340e80797e865cf39f7d72"
-  integrity sha1-Sw2hRCEE0bM2NA6AeX6GXPOffXI=
-
-is-windows@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-1.0.2.tgz#d1850eb9791ecd18e6182ce12a30f396634bb19d"
-  integrity sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==
-
-is-wsl@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-wsl/-/is-wsl-1.1.0.tgz#1f16e4aa22b04d1336b66188a66af3c600c3a66d"
-  integrity sha1-HxbkqiKwTRM2tmGIpmrzxgDDpm0=
-
-is-yarn-global@^0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/is-yarn-global/-/is-yarn-global-0.3.0.tgz#d502d3382590ea3004893746754c89139973e232"
-  integrity sha512-VjSeb/lHmkoyd8ryPVIKvOCn4D1koMqY+vqyjjUfc3xyKtP4dYOxM44sZrnqQSzSds3xyOrUTLTC9LVCVgLngw==
-
-isarray@1.0.0, isarray@^1.0.0, isarray@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
-  integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=
-
-isarray@^2.0.1:
-  version "2.0.5"
-  resolved "https://registry.yarnpkg.com/isarray/-/isarray-2.0.5.tgz#8af1e4c1221244cc62459faf38940d4e644a5723"
-  integrity sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==
-
-isexe@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
-  integrity sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=
-
-isobject@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/isobject/-/isobject-2.1.0.tgz#f065561096a3f1da2ef46272f815c840d87e0c89"
-  integrity sha1-8GVWEJaj8dou9GJy+BXIQNh+DIk=
-  dependencies:
-    isarray "1.0.0"
-
-isobject@^3.0.0, isobject@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
-  integrity sha1-TkMekrEalzFjaqH5yNHMvP2reN8=
-
-isstream@~0.1.2:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
-  integrity sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=
-
-javascript-stringify@^1.6.0:
-  version "1.6.0"
-  resolved "https://registry.yarnpkg.com/javascript-stringify/-/javascript-stringify-1.6.0.tgz#142d111f3a6e3dae8f4a9afd77d45855b5a9cce3"
-  integrity sha1-FC0RHzpuPa6PSpr9d9RYVbWpzOM=
-
-javascript-stringify@^2.0.1:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/javascript-stringify/-/javascript-stringify-2.1.0.tgz#27c76539be14d8bd128219a2d731b09337904e79"
-  integrity sha512-JVAfqNPTvNq3sB/VHQJAFxN/sPgKnsKrCwyRt15zwNCdrMMJDdcEOdubuy+DuJYYdm0ox1J4uzEuYKkN+9yhVg==
-
-js-base64@^2.1.8:
-  version "2.6.4"
-  resolved "https://registry.yarnpkg.com/js-base64/-/js-base64-2.6.4.tgz#f4e686c5de1ea1f867dbcad3d46d969428df98c4"
-  integrity sha512-pZe//GGmwJndub7ZghVHz7vjb2LgC1m8B07Au3eYqeqv9emhESByMXxaEgkUkEqJe87oBbSniGYoQNIBklc7IQ==
-
-js-tokens@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
-  integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==
-
-js-yaml@^3.13.1:
-  version "3.14.1"
-  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537"
-  integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==
-  dependencies:
-    argparse "^1.0.7"
-    esprima "^4.0.0"
-
-js-yaml@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
-  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
-  dependencies:
-    argparse "^2.0.1"
-
-jsbn@~0.1.0:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"
-  integrity sha1-peZUwuWi3rXyAdls77yoDA7y9RM=
-
-jsesc@^2.5.1:
-  version "2.5.2"
-  resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4"
-  integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==
-
-jsesc@~0.5.0:
-  version "0.5.0"
-  resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d"
-  integrity sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0=
-
-json-buffer@3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/json-buffer/-/json-buffer-3.0.0.tgz#5b1f397afc75d677bde8bcfc0e47e1f9a3d9a898"
-  integrity sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=
-
-json-parse-better-errors@^1.0.1, json-parse-better-errors@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz#bb867cfb3450e69107c131d1c514bab3dc8bcaa9"
-  integrity sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==
-
-json-schema-traverse@^0.4.1:
-  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660"
-  integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==
-
-json-schema@0.2.3:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
-  integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=
-
-json-stringify-safe@~5.0.1:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
-  integrity sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=
-
-json3@^3.3.3:
-  version "3.3.3"
-  resolved "https://registry.yarnpkg.com/json3/-/json3-3.3.3.tgz#7fc10e375fc5ae42c4705a5cc0aa6f62be305b81"
-  integrity sha512-c7/8mbUsKigAbLkD5B010BK4D9LZm7A1pNItkEwiUZRpIN66exu/e7YQWysGun+TRKaJp8MhemM+VkfWv42aCA==
-
-json5@^0.5.0:
-  version "0.5.1"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-0.5.1.tgz#1eade7acc012034ad84e2396767ead9fa5495821"
-  integrity sha1-Hq3nrMASA0rYTiOWdn6tn6VJWCE=
-
-json5@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.1.tgz#779fb0018604fa854eacbf6252180d83543e3dbe"
-  integrity sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==
-  dependencies:
-    minimist "^1.2.0"
-
-json5@^2.1.2:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.0.tgz#2dfefe720c6ba525d9ebd909950f0515316c89a3"
-  integrity sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==
-  dependencies:
-    minimist "^1.2.5"
-
-jsonfile@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-4.0.0.tgz#8771aae0799b64076b76640fca058f9c10e33ecb"
-  integrity sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=
-  optionalDependencies:
-    graceful-fs "^4.1.6"
-
-jsonp@^0.2.1:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/jsonp/-/jsonp-0.2.1.tgz#a65b4fa0f10bda719a05441ea7b94c55f3e15bae"
-  integrity sha1-pltPoPEL2nGaBUQep7lMVfPhW64=
-  dependencies:
-    debug "^2.1.3"
-
-jsprim@^1.2.2:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
-  integrity sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=
-  dependencies:
-    assert-plus "1.0.0"
-    extsprintf "1.3.0"
-    json-schema "0.2.3"
-    verror "1.10.0"
-
-keyv@^3.0.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/keyv/-/keyv-3.1.0.tgz#ecc228486f69991e49e9476485a5be1e8fc5c4d9"
-  integrity sha512-9ykJ/46SN/9KPM/sichzQ7OvXyGDYKGTaDlKMGCAlg2UK8KRy4jb0d8sFc+0Tt0YYnThq8X2RZgCg74RPxgcVA==
-  dependencies:
-    json-buffer "3.0.0"
-
-khroma@^1.4.1:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/khroma/-/khroma-1.4.1.tgz#ad6a5b6a972befc5112ce5129887a1a83af2c003"
-  integrity sha512-+GmxKvmiRuCcUYDgR7g5Ngo0JEDeOsGdNONdU2zsiBQaK4z19Y2NvXqfEDE0ZiIrg45GTZyAnPLVsLZZACYm3Q==
-
-killable@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/killable/-/killable-1.0.1.tgz#4c8ce441187a061c7474fb87ca08e2a638194892"
-  integrity sha512-LzqtLKlUwirEUyl/nicirVmNiPvYs7l5n8wOPP7fyJVpUPkvCnW/vuiXGpylGUlnPDnB7311rARzAt3Mhswpjg==
-
-kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0:
-  version "3.2.2"
-  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
-  integrity sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=
-  dependencies:
-    is-buffer "^1.1.5"
-
-kind-of@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-4.0.0.tgz#20813df3d712928b207378691a45066fae72dd57"
-  integrity sha1-IIE989cSkosgc3hpGkUGb65y3Vc=
-  dependencies:
-    is-buffer "^1.1.5"
-
-kind-of@^5.0.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-5.1.0.tgz#729c91e2d857b7a419a1f9aa65685c4c33f5845d"
-  integrity sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==
-
-kind-of@^6.0.0, kind-of@^6.0.2:
-  version "6.0.3"
-  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd"
-  integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==
-
-last-call-webpack-plugin@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/last-call-webpack-plugin/-/last-call-webpack-plugin-3.0.0.tgz#9742df0e10e3cf46e5c0381c2de90d3a7a2d7555"
-  integrity sha512-7KI2l2GIZa9p2spzPIVZBYyNKkN+e/SQPpnjlTiPhdbDW3F86tdKKELxKpzJ5sgU19wQWsACULZmpTPYHeWO5w==
-  dependencies:
-    lodash "^4.17.5"
-    webpack-sources "^1.1.0"
-
-latest-version@^5.0.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-5.1.0.tgz#119dfe908fe38d15dfa43ecd13fa12ec8832face"
-  integrity sha512-weT+r0kTkRQdCdYCNtkMwWXQTMEswKrFBkm4ckQOMVhhqhIMI1UT2hMj+1iigIhgSZm5gTmrRXBNoGUgaTY1xA==
-  dependencies:
-    package-json "^6.3.0"
-
-linkify-it@^2.0.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-2.2.0.tgz#e3b54697e78bf915c70a38acd78fd09e0058b1cf"
-  integrity sha512-GnAl/knGn+i1U/wjBz3akz2stz+HrHLsxMwHQGofCDfPvlf+gDKN58UtfmUquTY4/MXeE2x7k19KQmeoZi94Iw==
-  dependencies:
-    uc.micro "^1.0.1"
-
-load-json-file@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/load-json-file/-/load-json-file-1.1.0.tgz#956905708d58b4bab4c2261b04f59f31c99374c0"
-  integrity sha1-lWkFcI1YtLq0wiYbBPWfMcmTdMA=
-  dependencies:
-    graceful-fs "^4.1.2"
-    parse-json "^2.2.0"
-    pify "^2.0.0"
-    pinkie-promise "^2.0.0"
-    strip-bom "^2.0.0"
-
-load-script@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/load-script/-/load-script-1.0.0.tgz#0491939e0bee5643ee494a7e3da3d2bac70c6ca4"
-  integrity sha1-BJGTngvuVkPuSUp+PaPSuscMbKQ=
-
-loader-runner@^2.4.0:
-  version "2.4.0"
-  resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-2.4.0.tgz#ed47066bfe534d7e84c4c7b9998c2a75607d9357"
-  integrity sha512-Jsmr89RcXGIwivFY21FcRrisYZfvLMTWx5kOLc+JTxtpBOG6xML0vzbc6SEQG2FO9/4Fc3wW4LVcB5DmGflaRw==
-
-loader-utils@^0.2.16:
-  version "0.2.17"
-  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-0.2.17.tgz#f86e6374d43205a6e6c60e9196f17c0299bfb348"
-  integrity sha1-+G5jdNQyBabmxg6RlvF8Apm/s0g=
-  dependencies:
-    big.js "^3.1.3"
-    emojis-list "^2.0.0"
-    json5 "^0.5.0"
-    object-assign "^4.0.1"
-
-loader-utils@^1.0.1, loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^1.4.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-1.4.0.tgz#c579b5e34cb34b1a74edc6c1fb36bfa371d5a613"
-  integrity sha512-qH0WSMBtn/oHuwjy/NucEgbx5dbxxnxup9s4PVXJUDHZBQY+s0NWA9rJf53RBnQZxfch7euUui7hpoAPvALZdA==
-  dependencies:
-    big.js "^5.2.2"
-    emojis-list "^3.0.0"
-    json5 "^1.0.1"
-
-locate-path@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-3.0.0.tgz#dbec3b3ab759758071b58fe59fc41871af21400e"
-  integrity sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==
-  dependencies:
-    p-locate "^3.0.0"
-    path-exists "^3.0.0"
-
-locate-path@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-5.0.0.tgz#1afba396afd676a6d42504d0a67a3a7eb9f62aa0"
-  integrity sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==
-  dependencies:
-    p-locate "^4.1.0"
-
-lodash._reinterpolate@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
-  integrity sha1-DM8tiRZq8Ds2Y8eWU4t1rG4RTZ0=
-
-lodash.chunk@^4.2.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/lodash.chunk/-/lodash.chunk-4.2.0.tgz#66e5ce1f76ed27b4303d8c6512e8d1216e8106bc"
-  integrity sha1-ZuXOH3btJ7QwPYxlEujRIW6BBrw=
-
-lodash.clonedeep@^4.5.0:
-  version "4.5.0"
-  resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
-  integrity sha1-4j8/nE+Pvd6HJSnBBxhXoIblzO8=
-
-lodash.debounce@^4.0.8:
-  version "4.0.8"
-  resolved "https://registry.yarnpkg.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz#82d79bff30a67c4005ffd5e2515300ad9ca4d7af"
-  integrity sha1-gteb/zCmfEAF/9XiUVMArZyk168=
-
-lodash.deburr@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/lodash.deburr/-/lodash.deburr-4.1.0.tgz#ddb1bbb3ef07458c0177ba07de14422cb033ff9b"
-  integrity sha1-3bG7s+8HRYwBd7oH3hRCLLAz/5s=
-
-lodash.kebabcase@^4.1.1:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/lodash.kebabcase/-/lodash.kebabcase-4.1.1.tgz#8489b1cb0d29ff88195cceca448ff6d6cc295c36"
-  integrity sha1-hImxyw0p/4gZXM7KRI/21swpXDY=
-
-lodash.memoize@^4.1.2:
-  version "4.1.2"
-  resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe"
-  integrity sha1-vMbEmkKihA7Zl/Mj6tpezRguC/4=
-
-lodash.padstart@^4.6.1:
-  version "4.6.1"
-  resolved "https://registry.yarnpkg.com/lodash.padstart/-/lodash.padstart-4.6.1.tgz#d2e3eebff0d9d39ad50f5cbd1b52a7bce6bb611b"
-  integrity sha1-0uPuv/DZ05rVD1y9G1KnvOa7YRs=
-
-lodash.sortby@^4.7.0:
-  version "4.7.0"
-  resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
-  integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=
-
-lodash.template@^4.5.0:
-  version "4.5.0"
-  resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.5.0.tgz#f976195cf3f347d0d5f52483569fe8031ccce8ab"
-  integrity sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==
-  dependencies:
-    lodash._reinterpolate "^3.0.0"
-    lodash.templatesettings "^4.0.0"
-
-lodash.templatesettings@^4.0.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/lodash.templatesettings/-/lodash.templatesettings-4.2.0.tgz#e481310f049d3cf6d47e912ad09313b154f0fb33"
-  integrity sha512-stgLz+i3Aa9mZgnjr/O+v9ruKZsPsndy7qPZOchbqk2cnTU1ZaldKK+v7m54WoKIyxiuMZTKT2H81F8BeAc3ZQ==
-  dependencies:
-    lodash._reinterpolate "^3.0.0"
-
-lodash.uniq@^4.5.0:
-  version "4.5.0"
-  resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
-  integrity sha1-0CJTc662Uq3BvILklFM5qEJ1R3M=
-
-lodash@^4.0.0, lodash@^4.17.11, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.3, lodash@^4.17.5, lodash@~4.17.10:
-  version "4.17.21"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
-  integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
-
-loglevel@^1.6.8:
-  version "1.7.1"
-  resolved "https://registry.yarnpkg.com/loglevel/-/loglevel-1.7.1.tgz#005fde2f5e6e47068f935ff28573e125ef72f197"
-  integrity sha512-Hesni4s5UkWkwCGJMQGAh71PaLUmKFM60dHvq0zi/vDhhrzuk+4GgNbTXJ12YYQJn6ZKBDNIjYcuQGKudvqrIw==
-
-loud-rejection@^1.0.0:
-  version "1.6.0"
-  resolved "https://registry.yarnpkg.com/loud-rejection/-/loud-rejection-1.6.0.tgz#5b46f80147edee578870f086d04821cf998e551f"
-  integrity sha1-W0b4AUft7leIcPCG0Eghz5mOVR8=
-  dependencies:
-    currently-unhandled "^0.4.1"
-    signal-exit "^3.0.0"
-
-lower-case@^1.1.1:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/lower-case/-/lower-case-1.1.4.tgz#9a2cabd1b9e8e0ae993a4bf7d5875c39c42e8eac"
-  integrity sha1-miyr0bno4K6ZOkv31YdcOcQujqw=
-
-lowercase-keys@^1.0.0, lowercase-keys@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/lowercase-keys/-/lowercase-keys-1.0.1.tgz#6f9e30b47084d971a7c820ff15a6c5167b74c26f"
-  integrity sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==
-
-lowercase-keys@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/lowercase-keys/-/lowercase-keys-2.0.0.tgz#2603e78b7b4b0006cbca2fbcc8a3202558ac9479"
-  integrity sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==
-
-lru-cache@^4.0.1, lru-cache@^4.1.2:
-  version "4.1.5"
-  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-4.1.5.tgz#8bbe50ea85bed59bc9e33dcab8235ee9bcf443cd"
-  integrity sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==
-  dependencies:
-    pseudomap "^1.0.2"
-    yallist "^2.1.2"
-
-lru-cache@^5.1.1:
-  version "5.1.1"
-  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-5.1.1.tgz#1da27e6710271947695daf6848e847f01d84b920"
-  integrity sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==
-  dependencies:
-    yallist "^3.0.2"
-
-make-dir@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/make-dir/-/make-dir-2.1.0.tgz#5f0310e18b8be898cc07009295a30ae41e91e6f5"
-  integrity sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==
-  dependencies:
-    pify "^4.0.1"
-    semver "^5.6.0"
-
-make-dir@^3.0.0, make-dir@^3.0.2, make-dir@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/make-dir/-/make-dir-3.1.0.tgz#415e967046b3a7f1d185277d84aa58203726a13f"
-  integrity sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==
-  dependencies:
-    semver "^6.0.0"
-
-map-cache@^0.2.2:
-  version "0.2.2"
-  resolved "https://registry.yarnpkg.com/map-cache/-/map-cache-0.2.2.tgz#c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf"
-  integrity sha1-wyq9C9ZSXZsFFkW7TyasXcmKDb8=
-
-map-obj@^1.0.0, map-obj@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/map-obj/-/map-obj-1.0.1.tgz#d933ceb9205d82bdcf4886f6742bdc2b4dea146d"
-  integrity sha1-2TPOuSBdgr3PSIb2dCvcK03qFG0=
-
-map-visit@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/map-visit/-/map-visit-1.0.0.tgz#ecdca8f13144e660f1b5bd41f12f3479d98dfb8f"
-  integrity sha1-7Nyo8TFE5mDxtb1B8S80edmN+48=
-  dependencies:
-    object-visit "^1.0.0"
-
-markdown-it-anchor@^5.0.2:
-  version "5.3.0"
-  resolved "https://registry.yarnpkg.com/markdown-it-anchor/-/markdown-it-anchor-5.3.0.tgz#d549acd64856a8ecd1bea58365ef385effbac744"
-  integrity sha512-/V1MnLL/rgJ3jkMWo84UR+K+jF1cxNG1a+KwqeXqTIJ+jtA8aWSHuigx8lTzauiIjBDbwF3NcWQMotd0Dm39jA==
-
-markdown-it-chain@^1.3.0:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/markdown-it-chain/-/markdown-it-chain-1.3.0.tgz#ccf6fe86c10266bafb4e547380dfd7f277cc17bc"
-  integrity sha512-XClV8I1TKy8L2qsT9iX3qiV+50ZtcInGXI80CA+DP62sMs7hXlyV/RM3hfwy5O3Ad0sJm9xIwQELgANfESo8mQ==
-  dependencies:
-    webpack-chain "^4.9.0"
-
-markdown-it-container@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/markdown-it-container/-/markdown-it-container-2.0.0.tgz#0019b43fd02eefece2f1960a2895fba81a404695"
-  integrity sha1-ABm0P9Au7+zi8ZYKKJX7qBpARpU=
-
-markdown-it-emoji@^1.4.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/markdown-it-emoji/-/markdown-it-emoji-1.4.0.tgz#9bee0e9a990a963ba96df6980c4fddb05dfb4dcc"
-  integrity sha1-m+4OmpkKljupbfaYDE/dsF37Tcw=
-
-markdown-it-include@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/markdown-it-include/-/markdown-it-include-2.0.0.tgz#e86e3b3c68c8f0e0437e179ba919ffd28443127a"
-  integrity sha512-wfgIX92ZEYahYWiCk6Jx36XmHvAimeHN420csOWgfyZjpf171Y0xREqZWcm/Rwjzyd0RLYryY+cbNmrkYW2MDw==
-
-markdown-it-table-of-contents@^0.4.0:
-  version "0.4.4"
-  resolved "https://registry.yarnpkg.com/markdown-it-table-of-contents/-/markdown-it-table-of-contents-0.4.4.tgz#3dc7ce8b8fc17e5981c77cc398d1782319f37fbc"
-  integrity sha512-TAIHTHPwa9+ltKvKPWulm/beozQU41Ab+FIefRaQV1NRnpzwcV9QOe6wXQS5WLivm5Q/nlo0rl6laGkMDZE7Gw==
-
-markdown-it@^8.4.1:
-  version "8.4.2"
-  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-8.4.2.tgz#386f98998dc15a37722aa7722084f4020bdd9b54"
-  integrity sha512-GcRz3AWTqSUphY3vsUqQSFMbgR38a4Lh3GWlHRh/7MRwz8mcu9n2IO7HOh+bXHrR9kOPDl5RNCaEsrneb+xhHQ==
-  dependencies:
-    argparse "^1.0.7"
-    entities "~1.1.1"
-    linkify-it "^2.0.0"
-    mdurl "^1.0.1"
-    uc.micro "^1.0.5"
-
-md5.js@^1.3.4:
-  version "1.3.5"
-  resolved "https://registry.yarnpkg.com/md5.js/-/md5.js-1.3.5.tgz#b5d07b8e3216e3e27cd728d72f70d1e6a342005f"
-  integrity sha512-xitP+WxNPcTTOgnTJcrhM0xvdPepipPSf3I8EIpGKeFLjt3PlJLIDG3u8EX53ZIubkb+5U2+3rELYpEhHhzdkg==
-  dependencies:
-    hash-base "^3.0.0"
-    inherits "^2.0.1"
-    safe-buffer "^5.1.2"
-
-mdn-data@2.0.14:
-  version "2.0.14"
-  resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-2.0.14.tgz#7113fc4281917d63ce29b43446f701e68c25ba50"
-  integrity sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==
-
-mdn-data@2.0.4:
-  version "2.0.4"
-  resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-2.0.4.tgz#699b3c38ac6f1d728091a64650b65d388502fd5b"
-  integrity sha512-iV3XNKw06j5Q7mi6h+9vbx23Tv7JkjEVgKHW4pimwyDGWm0OIQntJJ+u1C6mg6mK1EaTv42XQ7w76yuzH7M2cA==
-
-mdurl@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/mdurl/-/mdurl-1.0.1.tgz#fe85b2ec75a59037f2adfec100fd6c601761152e"
-  integrity sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=
-
-media-typer@0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"
-  integrity sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=
-
-memory-fs@^0.4.1:
-  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/memory-fs/-/memory-fs-0.4.1.tgz#3a9a20b8462523e447cfbc7e8bb80ed667bfc552"
-  integrity sha1-OpoguEYlI+RHz7x+i7gO1me/xVI=
-  dependencies:
-    errno "^0.1.3"
-    readable-stream "^2.0.1"
-
-memory-fs@^0.5.0:
-  version "0.5.0"
-  resolved "https://registry.yarnpkg.com/memory-fs/-/memory-fs-0.5.0.tgz#324c01288b88652966d161db77838720845a8e3c"
-  integrity sha512-jA0rdU5KoQMC0e6ppoNRtpp6vjFq6+NY7r8hywnC7V+1Xj/MtHwGIbB1QaK/dunyjWteJzmkpd7ooeWg10T7GA==
-  dependencies:
-    errno "^0.1.3"
-    readable-stream "^2.0.1"
-
-meow@^3.7.0:
-  version "3.7.0"
-  resolved "https://registry.yarnpkg.com/meow/-/meow-3.7.0.tgz#72cb668b425228290abbfa856892587308a801fb"
-  integrity sha1-cstmi0JSKCkKu/qFaJJYcwioAfs=
-  dependencies:
-    camelcase-keys "^2.0.0"
-    decamelize "^1.1.2"
-    loud-rejection "^1.0.0"
-    map-obj "^1.0.1"
-    minimist "^1.1.3"
-    normalize-package-data "^2.3.4"
-    object-assign "^4.0.1"
-    read-pkg-up "^1.0.1"
-    redent "^1.0.0"
-    trim-newlines "^1.0.0"
-
-merge-descriptors@1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61"
-  integrity sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E=
-
-merge-source-map@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/merge-source-map/-/merge-source-map-1.1.0.tgz#2fdde7e6020939f70906a68f2d7ae685e4c8c646"
-  integrity sha512-Qkcp7P2ygktpMPh2mCQZaf3jhN6D3Z/qVZHSdWvQ+2Ef5HgRAPBO57A77+ENm0CPx2+1Ce/MYKi3ymqdfuqibw==
-  dependencies:
-    source-map "^0.6.1"
-
-merge2@^1.2.3:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae"
-  integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
-
-mermaid@^8.8.3:
-  version "8.13.10"
-  resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-8.13.10.tgz#b9d733b178bbf7416b9b46e39d566c7c28b75688"
-  integrity sha512-2ANep359uML87+wiYaWSu83eg9Qc0xCLnNJdCh100m4v0orS3fp8SScsZLcDSElRGHi+1zuVJsEEVEWH05+COQ==
-  dependencies:
-    "@braintree/sanitize-url" "^3.1.0"
-    d3 "^7.0.0"
-    dagre "^0.8.5"
-    dagre-d3 "^0.6.4"
-    dompurify "2.3.4"
-    graphlib "^2.1.8"
-    khroma "^1.4.1"
-    moment-mini "^2.24.0"
-    stylis "^4.0.10"
-
-methods@~1.1.2:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee"
-  integrity sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=
-
-micromatch@^3.1.10, micromatch@^3.1.4:
-  version "3.1.10"
-  resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23"
-  integrity sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==
-  dependencies:
-    arr-diff "^4.0.0"
-    array-unique "^0.3.2"
-    braces "^2.3.1"
-    define-property "^2.0.2"
-    extend-shallow "^3.0.2"
-    extglob "^2.0.4"
-    fragment-cache "^0.2.1"
-    kind-of "^6.0.2"
-    nanomatch "^1.2.9"
-    object.pick "^1.3.0"
-    regex-not "^1.0.0"
-    snapdragon "^0.8.1"
-    to-regex "^3.0.2"
-
-miller-rabin@^4.0.0:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/miller-rabin/-/miller-rabin-4.0.1.tgz#f080351c865b0dc562a8462966daa53543c78a4d"
-  integrity sha512-115fLhvZVqWwHPbClyntxEVfVDfl9DLLTuJvq3g2O/Oxi8AiNouAHvDSzHS0viUJc+V5vm3eq91Xwqn9dp4jRA==
-  dependencies:
-    bn.js "^4.0.0"
-    brorand "^1.0.1"
-
-mime-db@1.48.0, "mime-db@>= 1.43.0 < 2":
-  version "1.48.0"
-  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.48.0.tgz#e35b31045dd7eada3aaad537ed88a33afbef2d1d"
-  integrity sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==
-
-mime-types@^2.1.12, mime-types@~2.1.17, mime-types@~2.1.19, mime-types@~2.1.24:
-  version "2.1.31"
-  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.31.tgz#a00d76b74317c61f9c2db2218b8e9f8e9c5c9e6b"
-  integrity sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==
-  dependencies:
-    mime-db "1.48.0"
-
-mime@1.6.0:
-  version "1.6.0"
-  resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
-  integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
-
-mime@^2.0.3, mime@^2.4.4:
-  version "2.5.2"
-  resolved "https://registry.yarnpkg.com/mime/-/mime-2.5.2.tgz#6e3dc6cc2b9510643830e5f19d5cb753da5eeabe"
-  integrity sha512-tqkh47FzKeCPD2PUiPB6pkbMzsCasjxAfC62/Wap5qrUWcb+sFasXUC5I3gYM5iBM8v/Qpn4UK0x+j0iHyFPDg==
-
-mimic-response@^1.0.0, mimic-response@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-1.0.1.tgz#4923538878eef42063cb8a3e3b0798781487ab1b"
-  integrity sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==
-
-min-document@^2.19.0:
-  version "2.19.0"
-  resolved "https://registry.yarnpkg.com/min-document/-/min-document-2.19.0.tgz#7bd282e3f5842ed295bb748cdd9f1ffa2c824685"
-  integrity sha1-e9KC4/WELtKVu3SM3Z8f+iyCRoU=
-  dependencies:
-    dom-walk "^0.1.0"
-
-mini-css-extract-plugin@0.6.0:
-  version "0.6.0"
-  resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-0.6.0.tgz#a3f13372d6fcde912f3ee4cd039665704801e3b9"
-  integrity sha512-79q5P7YGI6rdnVyIAV4NXpBQJFWdkzJxCim3Kog4078fM0piAaFlwocqbejdWtLW1cEzCexPrh6EdyFsPgVdAw==
-  dependencies:
-    loader-utils "^1.1.0"
-    normalize-url "^2.0.1"
-    schema-utils "^1.0.0"
-    webpack-sources "^1.1.0"
-
-minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
-  integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==
-
-minimalistic-crypto-utils@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
-  integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=
-
-minimatch@^3.0.4, minimatch@~3.0.2:
-  version "3.0.4"
-  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083"
-  integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==
-  dependencies:
-    brace-expansion "^1.1.7"
-
-minimist@^1.1.3, minimist@^1.2.0, minimist@^1.2.5:
-  version "1.2.6"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
-  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
-
-mississippi@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/mississippi/-/mississippi-3.0.0.tgz#ea0a3291f97e0b5e8776b363d5f0a12d94c67022"
-  integrity sha512-x471SsVjUtBRtcvd4BzKE9kFC+/2TeWgKCgw0bZcw1b9l2X3QX5vCWgF+KaZaYm87Ss//rHnWryupDrgLvmSkA==
-  dependencies:
-    concat-stream "^1.5.0"
-    duplexify "^3.4.2"
-    end-of-stream "^1.1.0"
-    flush-write-stream "^1.0.0"
-    from2 "^2.1.0"
-    parallel-transform "^1.1.0"
-    pump "^3.0.0"
-    pumpify "^1.3.3"
-    stream-each "^1.1.0"
-    through2 "^2.0.0"
-
-mixin-deep@^1.2.0:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566"
-  integrity sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==
-  dependencies:
-    for-in "^1.0.2"
-    is-extendable "^1.0.1"
-
-mkdirp@0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.3.0.tgz#1bbf5ab1ba827af23575143490426455f481fe1e"
-  integrity sha1-G79asbqCevI1dRQ0kEJkVfSB/h4=
-
-"mkdirp@>=0.5 0", mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@^0.5.3, mkdirp@^0.5.5, mkdirp@~0.5.1:
-  version "0.5.5"
-  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.5.tgz#d91cefd62d1436ca0f41620e251288d420099def"
-  integrity sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==
-  dependencies:
-    minimist "^1.2.5"
-
-mkdirp@~1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-1.0.4.tgz#3eb5ed62622756d79a5f0e2a221dfebad75c2f7e"
-  integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==
-
-moment-mini@^2.24.0:
-  version "2.24.0"
-  resolved "https://registry.yarnpkg.com/moment-mini/-/moment-mini-2.24.0.tgz#fa68d98f7fe93ae65bf1262f6abb5fb6983d8d18"
-  integrity sha512-9ARkWHBs+6YJIvrIp0Ik5tyTTtP9PoV0Ssu2Ocq5y9v8+NOOpWiRshAp8c4rZVWTOe+157on/5G+zj5pwIQFEQ==
-
-move-concurrently@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/move-concurrently/-/move-concurrently-1.0.1.tgz#be2c005fda32e0b29af1f05d7c4b33214c701f92"
-  integrity sha1-viwAX9oy4LKa8fBdfEszIUxwH5I=
-  dependencies:
-    aproba "^1.1.1"
-    copy-concurrently "^1.0.0"
-    fs-write-stream-atomic "^1.0.8"
-    mkdirp "^0.5.1"
-    rimraf "^2.5.4"
-    run-queue "^1.0.3"
-
-ms@2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
-  integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
-
-ms@2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
-  integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==
-
-ms@2.1.2:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
-  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
-
-ms@^2.1.1:
-  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
-  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
-
-multicast-dns-service-types@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/multicast-dns-service-types/-/multicast-dns-service-types-1.1.0.tgz#899f11d9686e5e05cb91b35d5f0e63b773cfc901"
-  integrity sha1-iZ8R2WhuXgXLkbNdXw5jt3PPyQE=
-
-multicast-dns@^6.0.1:
-  version "6.2.3"
-  resolved "https://registry.yarnpkg.com/multicast-dns/-/multicast-dns-6.2.3.tgz#a0ec7bd9055c4282f790c3c82f4e28db3b31b229"
-  integrity sha512-ji6J5enbMyGRHIAkAOu3WdV8nggqviKCEKtXcOqfphZZtQrmHKycfynJ2V7eVPUA4NhJ6V7Wf4TmGbTwKE9B6g==
-  dependencies:
-    dns-packet "^1.3.1"
-    thunky "^1.0.2"
-
-nan@^2.12.1:
-  version "2.14.2"
-  resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.2.tgz#f5376400695168f4cc694ac9393d0c9585eeea19"
-  integrity sha512-M2ufzIiINKCuDfBSAUr1vWQ+vuVcA9kqx8JJUsbQi6yf1uGRyb7HfpdfUr5qLXf3B/t8dPvcjhKMmlfnP47EzQ==
-
-nan@^2.13.2:
-  version "2.15.0"
-  resolved "https://registry.yarnpkg.com/nan/-/nan-2.15.0.tgz#3f34a473ff18e15c1b5626b62903b5ad6e665fee"
-  integrity sha512-8ZtvEnA2c5aYCZYd1cvgdnU6cqwixRoYg70xPLWUws5ORTa/lnw+u4amixRS/Ac5U5mQVgp9pnlSUnbNWFaWZQ==
-
-nanomatch@^1.2.9:
-  version "1.2.13"
-  resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.13.tgz#b87a8aa4fc0de8fe6be88895b38983ff265bd119"
-  integrity sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==
-  dependencies:
-    arr-diff "^4.0.0"
-    array-unique "^0.3.2"
-    define-property "^2.0.2"
-    extend-shallow "^3.0.2"
-    fragment-cache "^0.2.1"
-    is-windows "^1.0.2"
-    kind-of "^6.0.2"
-    object.pick "^1.3.0"
-    regex-not "^1.0.0"
-    snapdragon "^0.8.1"
-    to-regex "^3.0.1"
-
-negotiator@0.6.2:
-  version "0.6.2"
-  resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.2.tgz#feacf7ccf525a77ae9634436a64883ffeca346fb"
-  integrity sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==
-
-neo-async@^2.5.0, neo-async@^2.6.1:
-  version "2.6.2"
-  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f"
-  integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==
-
-nice-try@^1.0.4:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
-  integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==
-
-no-case@^2.2.0:
-  version "2.3.2"
-  resolved "https://registry.yarnpkg.com/no-case/-/no-case-2.3.2.tgz#60b813396be39b3f1288a4c1ed5d1e7d28b464ac"
-  integrity sha512-rmTZ9kz+f3rCvK2TD1Ue/oZlns7OGoIWP4fc3llxxRXlOkHKoWPPWJOfFYpITabSow43QJbRIoHQXtt10VldyQ==
-  dependencies:
-    lower-case "^1.1.1"
-
-node-forge@^0.10.0:
-  version "0.10.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
-  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
-
-node-gyp@^3.8.0:
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/node-gyp/-/node-gyp-3.8.0.tgz#540304261c330e80d0d5edce253a68cb3964218c"
-  integrity sha512-3g8lYefrRRzvGeSowdJKAKyks8oUpLEd/DyPV4eMhVlhJ0aNaZqIrNUIPuEWWTAoPqyFkfGrM67MC69baqn6vA==
-  dependencies:
-    fstream "^1.0.0"
-    glob "^7.0.3"
-    graceful-fs "^4.1.2"
-    mkdirp "^0.5.0"
-    nopt "2 || 3"
-    npmlog "0 || 1 || 2 || 3 || 4"
-    osenv "0"
-    request "^2.87.0"
-    rimraf "2"
-    semver "~5.3.0"
-    tar "^2.0.0"
-    which "1"
-
-node-libs-browser@^2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/node-libs-browser/-/node-libs-browser-2.2.1.tgz#b64f513d18338625f90346d27b0d235e631f6425"
-  integrity sha512-h/zcD8H9kaDZ9ALUWwlBUDo6TKF8a7qBSCSEGfjTVIYeqsioSKaAX+BN7NgiMGp6iSIXZ3PxgCu8KS3b71YK5Q==
-  dependencies:
-    assert "^1.1.1"
-    browserify-zlib "^0.2.0"
-    buffer "^4.3.0"
-    console-browserify "^1.1.0"
-    constants-browserify "^1.0.0"
-    crypto-browserify "^3.11.0"
-    domain-browser "^1.1.1"
-    events "^3.0.0"
-    https-browserify "^1.0.0"
-    os-browserify "^0.3.0"
-    path-browserify "0.0.1"
-    process "^0.11.10"
-    punycode "^1.2.4"
-    querystring-es3 "^0.2.0"
-    readable-stream "^2.3.3"
-    stream-browserify "^2.0.1"
-    stream-http "^2.7.2"
-    string_decoder "^1.0.0"
-    timers-browserify "^2.0.4"
-    tty-browserify "0.0.0"
-    url "^0.11.0"
-    util "^0.11.0"
-    vm-browserify "^1.0.1"
-
-node-releases@^1.1.71:
-  version "1.1.73"
-  resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.73.tgz#dd4e81ddd5277ff846b80b52bb40c49edf7a7b20"
-  integrity sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg==
-
-node-sass@^4.11.0:
-  version "4.14.1"
-  resolved "https://registry.yarnpkg.com/node-sass/-/node-sass-4.14.1.tgz#99c87ec2efb7047ed638fb4c9db7f3a42e2217b5"
-  integrity sha512-sjCuOlvGyCJS40R8BscF5vhVlQjNN069NtQ1gSxyK1u9iqvn6tf7O1R4GNowVZfiZUCRt5MmMs1xd+4V/7Yr0g==
-  dependencies:
-    async-foreach "^0.1.3"
-    chalk "^1.1.1"
-    cross-spawn "^3.0.0"
-    gaze "^1.0.0"
-    get-stdin "^4.0.1"
-    glob "^7.0.3"
-    in-publish "^2.0.0"
-    lodash "^4.17.15"
-    meow "^3.7.0"
-    mkdirp "^0.5.1"
-    nan "^2.13.2"
-    node-gyp "^3.8.0"
-    npmlog "^4.0.0"
-    request "^2.88.0"
-    sass-graph "2.2.5"
-    stdout-stream "^1.4.0"
-    "true-case-path" "^1.0.2"
-
-nopt@1.0.10:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/nopt/-/nopt-1.0.10.tgz#6ddd21bd2a31417b92727dd585f8a6f37608ebee"
-  integrity sha1-bd0hvSoxQXuScn3Vhfim83YI6+4=
-  dependencies:
-    abbrev "1"
-
-"nopt@2 || 3":
-  version "3.0.6"
-  resolved "https://registry.yarnpkg.com/nopt/-/nopt-3.0.6.tgz#c6465dbf08abcd4db359317f79ac68a646b28ff9"
-  integrity sha1-xkZdvwirzU2zWTF/eaxopkayj/k=
-  dependencies:
-    abbrev "1"
-
-normalize-package-data@^2.3.2, normalize-package-data@^2.3.4:
-  version "2.5.0"
-  resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.5.0.tgz#e66db1838b200c1dfc233225d12cb36520e234a8"
-  integrity sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==
-  dependencies:
-    hosted-git-info "^2.1.4"
-    resolve "^1.10.0"
-    semver "2 || 3 || 4 || 5"
-    validate-npm-package-license "^3.0.1"
-
-normalize-path@^2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-2.1.1.tgz#1ab28b556e198363a8c1a6f7e6fa20137fe6aed9"
-  integrity sha1-GrKLVW4Zg2Oowab35vogE3/mrtk=
-  dependencies:
-    remove-trailing-separator "^1.0.1"
-
-normalize-path@^3.0.0, normalize-path@~3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65"
-  integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==
-
-normalize-range@^0.1.2:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/normalize-range/-/normalize-range-0.1.2.tgz#2d10c06bdfd312ea9777695a4d28439456b75942"
-  integrity sha1-LRDAa9/TEuqXd2laTShDlFa3WUI=
-
-normalize-url@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-2.0.1.tgz#835a9da1551fa26f70e92329069a23aa6574d7e6"
-  integrity sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==
-  dependencies:
-    prepend-http "^2.0.0"
-    query-string "^5.0.1"
-    sort-keys "^2.0.0"
-
-normalize-url@^3.0.0:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-3.3.0.tgz#b2e1c4dc4f7c6d57743df733a4f5978d18650559"
-  integrity sha512-U+JJi7duF1o+u2pynbp2zXDW2/PADgC30f0GsHZtRh+HOcXHnw137TrNlyxxRvWW5fjKd3bcLHPxofWuCjaeZg==
-
-normalize-url@^4.1.0:
-  version "4.5.1"
-  resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.1.tgz#0dd90cf1288ee1d1313b87081c9a5932ee48518a"
-  integrity sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA==
-
-npm-run-path@^2.0.0:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/npm-run-path/-/npm-run-path-2.0.2.tgz#35a9232dfa35d7067b4cb2ddf2357b1871536c5f"
-  integrity sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=
-  dependencies:
-    path-key "^2.0.0"
-
-"npmlog@0 || 1 || 2 || 3 || 4", npmlog@^4.0.0:
-  version "4.1.2"
-  resolved "https://registry.yarnpkg.com/npmlog/-/npmlog-4.1.2.tgz#08a7f2a8bf734604779a9efa4ad5cc717abb954b"
-  integrity sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg==
-  dependencies:
-    are-we-there-yet "~1.1.2"
-    console-control-strings "~1.1.0"
-    gauge "~2.7.3"
-    set-blocking "~2.0.0"
-
-nprogress@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/nprogress/-/nprogress-0.2.0.tgz#cb8f34c53213d895723fcbab907e9422adbcafb1"
-  integrity sha1-y480xTIT2JVyP8urkH6UIq28r7E=
-
-nth-check@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-1.0.2.tgz#b2bd295c37e3dd58a3bf0700376663ba4d9cf05c"
-  integrity sha512-WeBOdju8SnzPN5vTUJYxYUxLeXpCaVP5i5e0LF8fg7WORF2Wd7wFX/pk0tYZk7s8T+J7VLy0Da6J1+wCT0AtHg==
-  dependencies:
-    boolbase "~1.0.0"
-
-nth-check@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-2.0.0.tgz#1bb4f6dac70072fc313e8c9cd1417b5074c0a125"
-  integrity sha512-i4sc/Kj8htBrAiH1viZ0TgU8Y5XqCaV/FziYK6TBczxmeKm3AEFWqqF3195yKudrarqy7Zu80Ra5dobFjn9X/Q==
-  dependencies:
-    boolbase "^1.0.0"
-
-num2fraction@^1.2.2:
-  version "1.2.2"
-  resolved "https://registry.yarnpkg.com/num2fraction/-/num2fraction-1.2.2.tgz#6f682b6a027a4e9ddfa4564cd2589d1d4e669ede"
-  integrity sha1-b2gragJ6Tp3fpFZM0lidHU5mnt4=
-
-number-is-nan@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/number-is-nan/-/number-is-nan-1.0.1.tgz#097b602b53422a522c1afb8790318336941a011d"
-  integrity sha1-CXtgK1NCKlIsGvuHkDGDNpQaAR0=
-
-oauth-sign@~0.9.0:
-  version "0.9.0"
-  resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455"
-  integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==
-
-object-assign@^4.0.1, object-assign@^4.1.0, object-assign@^4.1.1:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
-  integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
-
-object-copy@^0.1.0:
-  version "0.1.0"
-  resolved "https://registry.yarnpkg.com/object-copy/-/object-copy-0.1.0.tgz#7e7d858b781bd7c991a41ba975ed3812754e998c"
-  integrity sha1-fn2Fi3gb18mRpBupde04EnVOmYw=
-  dependencies:
-    copy-descriptor "^0.1.0"
-    define-property "^0.2.5"
-    kind-of "^3.0.3"
-
-object-inspect@^1.10.3:
-  version "1.11.0"
-  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.11.0.tgz#9dceb146cedd4148a0d9e51ab88d34cf509922b1"
-  integrity sha512-jp7ikS6Sd3GxQfZJPyH3cjcbJF6GZPClgdV+EFygjFLQ5FmW/dRUnTd9PQ9k0JhoNDabWFbpF1yCdSWCC6gexg==
-
-object-is@^1.0.1:
-  version "1.1.5"
-  resolved "https://registry.yarnpkg.com/object-is/-/object-is-1.1.5.tgz#b9deeaa5fc7f1846a0faecdceec138e5778f53ac"
-  integrity sha512-3cyDsyHgtmi7I7DfSSI2LDp6SK2lwvtbg0p0R1e0RvTqF5ceGx+K2dfSjm1bKDMVCFEDAQvy+o8c6a7VujOddw==
-  dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.3"
-
-object-keys@^1.0.11, object-keys@^1.0.12, object-keys@^1.1.0, object-keys@^1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e"
-  integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==
-
-object-visit@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/object-visit/-/object-visit-1.0.1.tgz#f79c4493af0c5377b59fe39d395e41042dd045bb"
-  integrity sha1-95xEk68MU3e1n+OdOV5BBC3QRbs=
-  dependencies:
-    isobject "^3.0.0"
-
-object.assign@^4.1.0, object.assign@^4.1.2:
-  version "4.1.2"
-  resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.2.tgz#0ed54a342eceb37b38ff76eb831a0e788cb63940"
-  integrity sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ==
-  dependencies:
-    call-bind "^1.0.0"
-    define-properties "^1.1.3"
-    has-symbols "^1.0.1"
-    object-keys "^1.1.1"
-
-object.getownpropertydescriptors@^2.0.3, object.getownpropertydescriptors@^2.1.0:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.2.tgz#1bd63aeacf0d5d2d2f31b5e393b03a7c601a23f7"
-  integrity sha512-WtxeKSzfBjlzL+F9b7M7hewDzMwy+C8NRssHd1YrNlzHzIDrXcXiNOMrezdAEM4UXixgV+vvnyBeN7Rygl2ttQ==
-  dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.3"
-    es-abstract "^1.18.0-next.2"
-
-object.pick@^1.3.0:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/object.pick/-/object.pick-1.3.0.tgz#87a10ac4c1694bd2e1cbf53591a66141fb5dd747"
-  integrity sha1-h6EKxMFpS9Lhy/U1kaZhQftd10c=
-  dependencies:
-    isobject "^3.0.1"
-
-object.values@^1.1.0:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/object.values/-/object.values-1.1.4.tgz#0d273762833e816b693a637d30073e7051535b30"
-  integrity sha512-TnGo7j4XSnKQoK3MfvkzqKCi0nVe/D9I9IjwTNYdb/fxYHpjrluHVOgw0AF6jrRFGMPHdfuidR09tIDiIvnaSg==
-  dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.3"
-    es-abstract "^1.18.2"
-
-obuf@^1.0.0, obuf@^1.1.2:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/obuf/-/obuf-1.1.2.tgz#09bea3343d41859ebd446292d11c9d4db619084e"
-  integrity sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg==
-
-on-finished@~2.3.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947"
-  integrity sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=
-  dependencies:
-    ee-first "1.1.1"
-
-on-headers@~1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f"
-  integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==
-
-once@^1.3.0, once@^1.3.1, once@^1.4.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
-  integrity sha1-WDsap3WWHUsROsF9nFC6753Xa9E=
-  dependencies:
-    wrappy "1"
-
-opencollective-postinstall@^2.0.2:
-  version "2.0.3"
-  resolved "https://registry.yarnpkg.com/opencollective-postinstall/-/opencollective-postinstall-2.0.3.tgz#7a0fff978f6dbfa4d006238fbac98ed4198c3259"
-  integrity sha512-8AV/sCtuzUeTo8gQK5qDZzARrulB3egtLzFgteqB2tcT4Mw7B8Kt7JcDHmltjz6FOAHsvTevk70gZEbhM4ZS9Q==
-
-opn@^5.5.0:
-  version "5.5.0"
-  resolved "https://registry.yarnpkg.com/opn/-/opn-5.5.0.tgz#fc7164fab56d235904c51c3b27da6758ca3b9bfc"
-  integrity sha512-PqHpggC9bLV0VeWcdKhkpxY+3JTzetLSqTCWL/z/tFIbI6G8JCjondXklT1JinczLz2Xib62sSp0T/gKT4KksA==
-  dependencies:
-    is-wsl "^1.1.0"
-
-optimize-css-assets-webpack-plugin@^5.0.1:
-  version "5.0.8"
-  resolved "https://registry.yarnpkg.com/optimize-css-assets-webpack-plugin/-/optimize-css-assets-webpack-plugin-5.0.8.tgz#cbccdcf5a6ef61d4f8cc78cf083a67446e5f402a"
-  integrity sha512-mgFS1JdOtEGzD8l+EuISqL57cKO+We9GcoiQEmdCWRqqck+FGNmYJtx9qfAPzEz+lRrlThWMuGDaRkI/yWNx/Q==
-  dependencies:
-    cssnano "^4.1.10"
-    last-call-webpack-plugin "^3.0.0"
-
-original@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/original/-/original-1.0.2.tgz#e442a61cffe1c5fd20a65f3261c26663b303f25f"
-  integrity sha512-hyBVl6iqqUOJ8FqRe+l/gS8H+kKYjrEndd5Pm1MfBtsEKA038HkkdbAl/72EAXGyonD/PFsvmVG+EvcIpliMBg==
-  dependencies:
-    url-parse "^1.4.3"
-
-os-browserify@^0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/os-browserify/-/os-browserify-0.3.0.tgz#854373c7f5c2315914fc9bfc6bd8238fdda1ec27"
-  integrity sha1-hUNzx/XCMVkU/Jv8a9gjj92h7Cc=
-
-os-homedir@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/os-homedir/-/os-homedir-1.0.2.tgz#ffbc4988336e0e833de0c168c7ef152121aa7fb3"
-  integrity sha1-/7xJiDNuDoM94MFox+8VISGqf7M=
-
-os-tmpdir@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274"
-  integrity sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=
-
-osenv@0:
-  version "0.1.5"
-  resolved "https://registry.yarnpkg.com/osenv/-/osenv-0.1.5.tgz#85cdfafaeb28e8677f416e287592b5f3f49ea410"
-  integrity sha512-0CWcCECdMVc2Rw3U5w9ZjqX6ga6ubk1xDVKxtBQPK7wis/0F2r9T6k4ydGYhecl7YUBxBVxhL5oisPsNxAPe2g==
-  dependencies:
-    os-homedir "^1.0.0"
-    os-tmpdir "^1.0.0"
-
-p-cancelable@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/p-cancelable/-/p-cancelable-1.1.0.tgz#d078d15a3af409220c886f1d9a0ca2e441ab26cc"
-  integrity sha512-s73XxOZ4zpt1edZYZzvhqFa6uvQc1vwUa0K0BdtIZgQMAJj9IbebH+JkgKZc9h+B05PKHLOTl4ajG1BmNrVZlw==
-
-p-finally@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/p-finally/-/p-finally-1.0.0.tgz#3fbcfb15b899a44123b34b6dcc18b724336a2cae"
-  integrity sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=
-
-p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.2.1:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1"
-  integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==
-  dependencies:
-    p-try "^2.0.0"
-
-p-locate@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-3.0.0.tgz#322d69a05c0264b25997d9f40cd8a891ab0064a4"
-  integrity sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==
-  dependencies:
-    p-limit "^2.0.0"
-
-p-locate@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-4.1.0.tgz#a3428bb7088b3a60292f66919278b7c297ad4f07"
-  integrity sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==
-  dependencies:
-    p-limit "^2.2.0"
-
-p-map@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/p-map/-/p-map-2.1.0.tgz#310928feef9c9ecc65b68b17693018a665cea175"
-  integrity sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw==
-
-p-retry@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/p-retry/-/p-retry-3.0.1.tgz#316b4c8893e2c8dc1cfa891f406c4b422bebf328"
-  integrity sha512-XE6G4+YTTkT2a0UWb2kjZe8xNwf8bIbnqpc/IS/idOBVhyves0mK5OJgeocjx7q5pvX/6m23xuzVPYT1uGM73w==
-  dependencies:
-    retry "^0.12.0"
-
-p-try@^2.0.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/p-try/-/p-try-2.2.0.tgz#cb2868540e313d61de58fafbe35ce9004d5540e6"
-  integrity sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==
-
-package-json@^6.3.0:
-  version "6.5.0"
-  resolved "https://registry.yarnpkg.com/package-json/-/package-json-6.5.0.tgz#6feedaca35e75725876d0b0e64974697fed145b0"
-  integrity sha512-k3bdm2n25tkyxcjSKzB5x8kfVxlMdgsbPr0GkZcwHsLpba6cBjqCt1KlcChKEvxHIcTB1FVMuwoijZ26xex5MQ==
-  dependencies:
-    got "^9.6.0"
-    registry-auth-token "^4.0.0"
-    registry-url "^5.0.0"
-    semver "^6.2.0"
-
-pako@~1.0.5:
-  version "1.0.11"
-  resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf"
-  integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==
-
-parallel-transform@^1.1.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/parallel-transform/-/parallel-transform-1.2.0.tgz#9049ca37d6cb2182c3b1d2c720be94d14a5814fc"
-  integrity sha512-P2vSmIu38uIlvdcU7fDkyrxj33gTUy/ABO5ZUbGowxNCopBq/OoD42bP4UmMrJoPyk4Uqf0mu3mtWBhHCZD8yg==
-  dependencies:
-    cyclist "^1.0.1"
-    inherits "^2.0.3"
-    readable-stream "^2.1.5"
-
-param-case@2.1.x:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/param-case/-/param-case-2.1.1.tgz#df94fd8cf6531ecf75e6bef9a0858fbc72be2247"
-  integrity sha1-35T9jPZTHs915r75oIWPvHK+Ikc=
-  dependencies:
-    no-case "^2.2.0"
-
-parse-asn1@^5.0.0, parse-asn1@^5.1.5:
-  version "5.1.6"
-  resolved "https://registry.yarnpkg.com/parse-asn1/-/parse-asn1-5.1.6.tgz#385080a3ec13cb62a62d39409cb3e88844cdaed4"
-  integrity sha512-RnZRo1EPU6JBnra2vGHj0yhp6ebyjBZpmUCLHWiFhxlzvBCCpAuZ7elsBp1PVAbQN0/04VD/19rfzlBSwLstMw==
-  dependencies:
-    asn1.js "^5.2.0"
-    browserify-aes "^1.0.0"
-    evp_bytestokey "^1.0.0"
-    pbkdf2 "^3.0.3"
-    safe-buffer "^5.1.1"
-
-parse-json@^2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-2.2.0.tgz#f480f40434ef80741f8469099f8dea18f55a4dc9"
-  integrity sha1-9ID0BDTvgHQfhGkJn43qGPVaTck=
-  dependencies:
-    error-ex "^1.2.0"
-
-parse-json@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-4.0.0.tgz#be35f5425be1f7f6c747184f98a788cb99477ee0"
-  integrity sha1-vjX1Qlvh9/bHRxhPmKeIy5lHfuA=
-  dependencies:
-    error-ex "^1.3.1"
-    json-parse-better-errors "^1.0.1"
-
-parseurl@~1.3.2, parseurl@~1.3.3:
-  version "1.3.3"
-  resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4"
-  integrity sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==
-
-pascalcase@^0.1.1:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14"
-  integrity sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=
-
-path-browserify@0.0.1:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-0.0.1.tgz#e6c4ddd7ed3aa27c68a20cc4e50e1a4ee83bbc4a"
-  integrity sha512-BapA40NHICOS+USX9SN4tyhq+A2RrN/Ws5F0Z5aMHDp98Fl86lX8Oti8B7uN93L4Ifv4fHOEA+pQw87gmMO/lQ==
-
-path-dirname@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/path-dirname/-/path-dirname-1.0.2.tgz#cc33d24d525e099a5388c0336c6e32b9160609e0"
-  integrity sha1-zDPSTVJeCZpTiMAzbG4yuRYGCeA=
-
-path-exists@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-2.1.0.tgz#0feb6c64f0fc518d9a754dd5efb62c7022761f4b"
-  integrity sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=
-  dependencies:
-    pinkie-promise "^2.0.0"
-
-path-exists@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-3.0.0.tgz#ce0ebeaa5f78cb18925ea7d810d7b59b010fd515"
-  integrity sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=
-
-path-exists@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-4.0.0.tgz#513bdbe2d3b95d7762e8c1137efa195c6c61b5b3"
-  integrity sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==
-
-path-is-absolute@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
-  integrity sha1-F0uSaHNVNP+8es5r9TpanhtcX18=
-
-path-is-inside@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/path-is-inside/-/path-is-inside-1.0.2.tgz#365417dede44430d1c11af61027facf074bdfc53"
-  integrity sha1-NlQX3t5EQw0cEa9hAn+s8HS9/FM=
-
-path-key@^2.0.0, path-key@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/path-key/-/path-key-2.0.1.tgz#411cadb574c5a140d3a4b1910d40d80cc9f40b40"
-  integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=
-
-path-parse@^1.0.6:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
-  integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
-
-path-to-regexp@0.1.7:
-  version "0.1.7"
-  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c"
-  integrity sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=
-
-path-type@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/path-type/-/path-type-1.1.0.tgz#59c44f7ee491da704da415da5a4070ba4f8fe441"
-  integrity sha1-WcRPfuSR2nBNpBXaWkBwuk+P5EE=
-  dependencies:
-    graceful-fs "^4.1.2"
-    pify "^2.0.0"
-    pinkie-promise "^2.0.0"
-
-path-type@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/path-type/-/path-type-3.0.0.tgz#cef31dc8e0a1a3bb0d105c0cd97cf3bf47f4e36f"
-  integrity sha512-T2ZUsdZFHgA3u4e5PfPbjd7HDDpxPnQb5jN0SrDsjNSuVXHJqtwTnWqG0B1jZrgmJ/7lj1EmVIByWt1gxGkWvg==
-  dependencies:
-    pify "^3.0.0"
-
-pbkdf2@^3.0.3:
-  version "3.1.2"
-  resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.2.tgz#dd822aa0887580e52f1a039dc3eda108efae3075"
-  integrity sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA==
-  dependencies:
-    create-hash "^1.1.2"
-    create-hmac "^1.1.4"
-    ripemd160 "^2.0.1"
-    safe-buffer "^5.0.1"
-    sha.js "^2.4.8"
-
-performance-now@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
-  integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=
-
-picomatch@^2.0.4, picomatch@^2.2.1:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.0.tgz#f1f061de8f6a4bf022892e2d128234fb98302972"
-  integrity sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==
-
-pify@^2.0.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/pify/-/pify-2.3.0.tgz#ed141a6ac043a849ea588498e7dca8b15330e90c"
-  integrity sha1-7RQaasBDqEnqWISY59yosVMw6Qw=
-
-pify@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/pify/-/pify-3.0.0.tgz#e5a4acd2c101fdf3d9a4d07f0dbc4db49dd28176"
-  integrity sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=
-
-pify@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/pify/-/pify-4.0.1.tgz#4b2cd25c50d598735c50292224fd8c6df41e3231"
-  integrity sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==
-
-pinkie-promise@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/pinkie-promise/-/pinkie-promise-2.0.1.tgz#2135d6dfa7a358c069ac9b178776288228450ffa"
-  integrity sha1-ITXW36ejWMBprJsXh3YogihFD/o=
-  dependencies:
-    pinkie "^2.0.0"
-
-pinkie@^2.0.0:
-  version "2.0.4"
-  resolved "https://registry.yarnpkg.com/pinkie/-/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870"
-  integrity sha1-clVrgM+g1IqXToDnckjoDtT3+HA=
-
-pkg-dir@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/pkg-dir/-/pkg-dir-3.0.0.tgz#2749020f239ed990881b1f71210d51eb6523bea3"
-  integrity sha512-/E57AYkoeQ25qkxMj5PBOVgF8Kiu/h7cYS30Z5+R7WaiCCBfLq58ZI/dSeaEKb9WVJV5n/03QwrN3IeWIFllvw==
-  dependencies:
-    find-up "^3.0.0"
-
-pkg-dir@^4.1.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/pkg-dir/-/pkg-dir-4.2.0.tgz#f099133df7ede422e81d1d8448270eeb3e4261f3"
-  integrity sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==
-  dependencies:
-    find-up "^4.0.0"
-
-portfinder@^1.0.13, portfinder@^1.0.26:
-  version "1.0.28"
-  resolved "https://registry.yarnpkg.com/portfinder/-/portfinder-1.0.28.tgz#67c4622852bd5374dd1dd900f779f53462fac778"
-  integrity sha512-Se+2isanIcEqf2XMHjyUKskczxbPH7dQnlMjXX6+dybayyHvAf/TCgyMRlzf/B6QDhAEFOGes0pzRo3by4AbMA==
-  dependencies:
-    async "^2.6.2"
-    debug "^3.1.1"
-    mkdirp "^0.5.5"
-
-posix-character-classes@^0.1.0:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
-  integrity sha1-AerA/jta9xoqbAL+q7jB/vfgDqs=
-
-postcss-calc@^7.0.1:
-  version "7.0.5"
-  resolved "https://registry.yarnpkg.com/postcss-calc/-/postcss-calc-7.0.5.tgz#f8a6e99f12e619c2ebc23cf6c486fdc15860933e"
-  integrity sha512-1tKHutbGtLtEZF6PT4JSihCHfIVldU72mZ8SdZHIYriIZ9fh9k9aWSppaT8rHsyI3dX+KSR+W+Ix9BMY3AODrg==
-  dependencies:
-    postcss "^7.0.27"
-    postcss-selector-parser "^6.0.2"
-    postcss-value-parser "^4.0.2"
-
-postcss-colormin@^4.0.3:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/postcss-colormin/-/postcss-colormin-4.0.3.tgz#ae060bce93ed794ac71264f08132d550956bd381"
-  integrity sha512-WyQFAdDZpExQh32j0U0feWisZ0dmOtPl44qYmJKkq9xFWY3p+4qnRzCHeNrkeRhwPHz9bQ3mo0/yVkaply0MNw==
-  dependencies:
-    browserslist "^4.0.0"
-    color "^3.0.0"
-    has "^1.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-convert-values@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-convert-values/-/postcss-convert-values-4.0.1.tgz#ca3813ed4da0f812f9d43703584e449ebe189a7f"
-  integrity sha512-Kisdo1y77KUC0Jmn0OXU/COOJbzM8cImvw1ZFsBgBgMgb1iL23Zs/LXRe3r+EZqM3vGYKdQ2YJVQ5VkJI+zEJQ==
-  dependencies:
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-discard-comments@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-discard-comments/-/postcss-discard-comments-4.0.2.tgz#1fbabd2c246bff6aaad7997b2b0918f4d7af4033"
-  integrity sha512-RJutN259iuRf3IW7GZyLM5Sw4GLTOH8FmsXBnv8Ab/Tc2k4SR4qbV4DNbyyY4+Sjo362SyDmW2DQ7lBSChrpkg==
-  dependencies:
-    postcss "^7.0.0"
-
-postcss-discard-duplicates@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-discard-duplicates/-/postcss-discard-duplicates-4.0.2.tgz#3fe133cd3c82282e550fc9b239176a9207b784eb"
-  integrity sha512-ZNQfR1gPNAiXZhgENFfEglF93pciw0WxMkJeVmw8eF+JZBbMD7jp6C67GqJAXVZP2BWbOztKfbsdmMp/k8c6oQ==
-  dependencies:
-    postcss "^7.0.0"
-
-postcss-discard-empty@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-discard-empty/-/postcss-discard-empty-4.0.1.tgz#c8c951e9f73ed9428019458444a02ad90bb9f765"
-  integrity sha512-B9miTzbznhDjTfjvipfHoqbWKwd0Mj+/fL5s1QOz06wufguil+Xheo4XpOnc4NqKYBCNqqEzgPv2aPBIJLox0w==
-  dependencies:
-    postcss "^7.0.0"
-
-postcss-discard-overridden@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-discard-overridden/-/postcss-discard-overridden-4.0.1.tgz#652aef8a96726f029f5e3e00146ee7a4e755ff57"
-  integrity sha512-IYY2bEDD7g1XM1IDEsUT4//iEYCxAmP5oDSFMVU/JVvT7gh+l4fmjciLqGgwjdWpQIdb0Che2VX00QObS5+cTg==
-  dependencies:
-    postcss "^7.0.0"
-
-postcss-load-config@^2.0.0:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/postcss-load-config/-/postcss-load-config-2.1.2.tgz#c5ea504f2c4aef33c7359a34de3573772ad7502a"
-  integrity sha512-/rDeGV6vMUo3mwJZmeHfEDvwnTKKqQ0S7OHUi/kJvvtx3aWtyWG2/0ZWnzCt2keEclwN6Tf0DST2v9kITdOKYw==
-  dependencies:
-    cosmiconfig "^5.0.0"
-    import-cwd "^2.0.0"
-
-postcss-loader@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/postcss-loader/-/postcss-loader-3.0.0.tgz#6b97943e47c72d845fa9e03f273773d4e8dd6c2d"
-  integrity sha512-cLWoDEY5OwHcAjDnkyRQzAXfs2jrKjXpO/HQFcc5b5u/r7aa471wdmChmwfnv7x2u840iat/wi0lQ5nbRgSkUA==
-  dependencies:
-    loader-utils "^1.1.0"
-    postcss "^7.0.0"
-    postcss-load-config "^2.0.0"
-    schema-utils "^1.0.0"
-
-postcss-merge-longhand@^4.0.11:
-  version "4.0.11"
-  resolved "https://registry.yarnpkg.com/postcss-merge-longhand/-/postcss-merge-longhand-4.0.11.tgz#62f49a13e4a0ee04e7b98f42bb16062ca2549e24"
-  integrity sha512-alx/zmoeXvJjp7L4mxEMjh8lxVlDFX1gqWHzaaQewwMZiVhLo42TEClKaeHbRf6J7j82ZOdTJ808RtN0ZOZwvw==
-  dependencies:
-    css-color-names "0.0.4"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-    stylehacks "^4.0.0"
-
-postcss-merge-rules@^4.0.3:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/postcss-merge-rules/-/postcss-merge-rules-4.0.3.tgz#362bea4ff5a1f98e4075a713c6cb25aefef9a650"
-  integrity sha512-U7e3r1SbvYzO0Jr3UT/zKBVgYYyhAz0aitvGIYOYK5CPmkNih+WDSsS5tvPrJ8YMQYlEMvsZIiqmn7HdFUaeEQ==
-  dependencies:
-    browserslist "^4.0.0"
-    caniuse-api "^3.0.0"
-    cssnano-util-same-parent "^4.0.0"
-    postcss "^7.0.0"
-    postcss-selector-parser "^3.0.0"
-    vendors "^1.0.0"
-
-postcss-minify-font-values@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-minify-font-values/-/postcss-minify-font-values-4.0.2.tgz#cd4c344cce474343fac5d82206ab2cbcb8afd5a6"
-  integrity sha512-j85oO6OnRU9zPf04+PZv1LYIYOprWm6IA6zkXkrJXyRveDEuQggG6tvoy8ir8ZwjLxLuGfNkCZEQG7zan+Hbtg==
-  dependencies:
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-minify-gradients@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-minify-gradients/-/postcss-minify-gradients-4.0.2.tgz#93b29c2ff5099c535eecda56c4aa6e665a663471"
-  integrity sha512-qKPfwlONdcf/AndP1U8SJ/uzIJtowHlMaSioKzebAXSG4iJthlWC9iSWznQcX4f66gIWX44RSA841HTHj3wK+Q==
-  dependencies:
-    cssnano-util-get-arguments "^4.0.0"
-    is-color-stop "^1.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-minify-params@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-minify-params/-/postcss-minify-params-4.0.2.tgz#6b9cef030c11e35261f95f618c90036d680db874"
-  integrity sha512-G7eWyzEx0xL4/wiBBJxJOz48zAKV2WG3iZOqVhPet/9geefm/Px5uo1fzlHu+DOjT+m0Mmiz3jkQzVHe6wxAWg==
-  dependencies:
-    alphanum-sort "^1.0.0"
-    browserslist "^4.0.0"
-    cssnano-util-get-arguments "^4.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-    uniqs "^2.0.0"
-
-postcss-minify-selectors@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-minify-selectors/-/postcss-minify-selectors-4.0.2.tgz#e2e5eb40bfee500d0cd9243500f5f8ea4262fbd8"
-  integrity sha512-D5S1iViljXBj9kflQo4YutWnJmwm8VvIsU1GeXJGiG9j8CIg9zs4voPMdQDUmIxetUOh60VilsNzCiAFTOqu3g==
-  dependencies:
-    alphanum-sort "^1.0.0"
-    has "^1.0.0"
-    postcss "^7.0.0"
-    postcss-selector-parser "^3.0.0"
-
-postcss-modules-extract-imports@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/postcss-modules-extract-imports/-/postcss-modules-extract-imports-2.0.0.tgz#818719a1ae1da325f9832446b01136eeb493cd7e"
-  integrity sha512-LaYLDNS4SG8Q5WAWqIJgdHPJrDDr/Lv775rMBFUbgjTz6j34lUznACHcdRWroPvXANP2Vj7yNK57vp9eFqzLWQ==
-  dependencies:
-    postcss "^7.0.5"
-
-postcss-modules-local-by-default@^2.0.6:
-  version "2.0.6"
-  resolved "https://registry.yarnpkg.com/postcss-modules-local-by-default/-/postcss-modules-local-by-default-2.0.6.tgz#dd9953f6dd476b5fd1ef2d8830c8929760b56e63"
-  integrity sha512-oLUV5YNkeIBa0yQl7EYnxMgy4N6noxmiwZStaEJUSe2xPMcdNc8WmBQuQCx18H5psYbVxz8zoHk0RAAYZXP9gA==
-  dependencies:
-    postcss "^7.0.6"
-    postcss-selector-parser "^6.0.0"
-    postcss-value-parser "^3.3.1"
-
-postcss-modules-scope@^2.1.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/postcss-modules-scope/-/postcss-modules-scope-2.2.0.tgz#385cae013cc7743f5a7d7602d1073a89eaae62ee"
-  integrity sha512-YyEgsTMRpNd+HmyC7H/mh3y+MeFWevy7V1evVhJWewmMbjDHIbZbOXICC2y+m1xI1UVfIT1HMW/O04Hxyu9oXQ==
-  dependencies:
-    postcss "^7.0.6"
-    postcss-selector-parser "^6.0.0"
-
-postcss-modules-values@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/postcss-modules-values/-/postcss-modules-values-2.0.0.tgz#479b46dc0c5ca3dc7fa5270851836b9ec7152f64"
-  integrity sha512-Ki7JZa7ff1N3EIMlPnGTZfUMe69FFwiQPnVSXC9mnn3jozCRBYIxiZd44yJOV2AmabOo4qFf8s0dC/+lweG7+w==
-  dependencies:
-    icss-replace-symbols "^1.1.0"
-    postcss "^7.0.6"
-
-postcss-normalize-charset@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-charset/-/postcss-normalize-charset-4.0.1.tgz#8b35add3aee83a136b0471e0d59be58a50285dd4"
-  integrity sha512-gMXCrrlWh6G27U0hF3vNvR3w8I1s2wOBILvA87iNXaPvSNo5uZAMYsZG7XjCUf1eVxuPfyL4TJ7++SGZLc9A3g==
-  dependencies:
-    postcss "^7.0.0"
-
-postcss-normalize-display-values@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-display-values/-/postcss-normalize-display-values-4.0.2.tgz#0dbe04a4ce9063d4667ed2be476bb830c825935a"
-  integrity sha512-3F2jcsaMW7+VtRMAqf/3m4cPFhPD3EFRgNs18u+k3lTJJlVe7d0YPO+bnwqo2xg8YiRpDXJI2u8A0wqJxMsQuQ==
-  dependencies:
-    cssnano-util-get-match "^4.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-normalize-positions@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-positions/-/postcss-normalize-positions-4.0.2.tgz#05f757f84f260437378368a91f8932d4b102917f"
-  integrity sha512-Dlf3/9AxpxE+NF1fJxYDeggi5WwV35MXGFnnoccP/9qDtFrTArZ0D0R+iKcg5WsUd8nUYMIl8yXDCtcrT8JrdA==
-  dependencies:
-    cssnano-util-get-arguments "^4.0.0"
-    has "^1.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-normalize-repeat-style@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-repeat-style/-/postcss-normalize-repeat-style-4.0.2.tgz#c4ebbc289f3991a028d44751cbdd11918b17910c"
-  integrity sha512-qvigdYYMpSuoFs3Is/f5nHdRLJN/ITA7huIoCyqqENJe9PvPmLhNLMu7QTjPdtnVf6OcYYO5SHonx4+fbJE1+Q==
-  dependencies:
-    cssnano-util-get-arguments "^4.0.0"
-    cssnano-util-get-match "^4.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-normalize-string@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-string/-/postcss-normalize-string-4.0.2.tgz#cd44c40ab07a0c7a36dc5e99aace1eca4ec2690c"
-  integrity sha512-RrERod97Dnwqq49WNz8qo66ps0swYZDSb6rM57kN2J+aoyEAJfZ6bMx0sx/F9TIEX0xthPGCmeyiam/jXif0eA==
-  dependencies:
-    has "^1.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-normalize-timing-functions@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-timing-functions/-/postcss-normalize-timing-functions-4.0.2.tgz#8e009ca2a3949cdaf8ad23e6b6ab99cb5e7d28d9"
-  integrity sha512-acwJY95edP762e++00Ehq9L4sZCEcOPyaHwoaFOhIwWCDfik6YvqsYNxckee65JHLKzuNSSmAdxwD2Cud1Z54A==
-  dependencies:
-    cssnano-util-get-match "^4.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-normalize-unicode@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-unicode/-/postcss-normalize-unicode-4.0.1.tgz#841bd48fdcf3019ad4baa7493a3d363b52ae1cfb"
-  integrity sha512-od18Uq2wCYn+vZ/qCOeutvHjB5jm57ToxRaMeNuf0nWVHaP9Hua56QyMF6fs/4FSUnVIw0CBPsU0K4LnBPwYwg==
-  dependencies:
-    browserslist "^4.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-normalize-url@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-url/-/postcss-normalize-url-4.0.1.tgz#10e437f86bc7c7e58f7b9652ed878daaa95faae1"
-  integrity sha512-p5oVaF4+IHwu7VpMan/SSpmpYxcJMtkGppYf0VbdH5B6hN8YNmVyJLuY9FmLQTzY3fag5ESUUHDqM+heid0UVA==
-  dependencies:
-    is-absolute-url "^2.0.0"
-    normalize-url "^3.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-normalize-whitespace@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-normalize-whitespace/-/postcss-normalize-whitespace-4.0.2.tgz#bf1d4070fe4fcea87d1348e825d8cc0c5faa7d82"
-  integrity sha512-tO8QIgrsI3p95r8fyqKV+ufKlSHh9hMJqACqbv2XknufqEDhDvbguXGBBqxw9nsQoXWf0qOqppziKJKHMD4GtA==
-  dependencies:
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-ordered-values@^4.1.2:
-  version "4.1.2"
-  resolved "https://registry.yarnpkg.com/postcss-ordered-values/-/postcss-ordered-values-4.1.2.tgz#0cf75c820ec7d5c4d280189559e0b571ebac0eee"
-  integrity sha512-2fCObh5UanxvSxeXrtLtlwVThBvHn6MQcu4ksNT2tsaV2Fg76R2CV98W7wNSlX+5/pFwEyaDwKLLoEV7uRybAw==
-  dependencies:
-    cssnano-util-get-arguments "^4.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-reduce-initial@^4.0.3:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/postcss-reduce-initial/-/postcss-reduce-initial-4.0.3.tgz#7fd42ebea5e9c814609639e2c2e84ae270ba48df"
-  integrity sha512-gKWmR5aUulSjbzOfD9AlJiHCGH6AEVLaM0AV+aSioxUDd16qXP1PCh8d1/BGVvpdWn8k/HiK7n6TjeoXN1F7DA==
-  dependencies:
-    browserslist "^4.0.0"
-    caniuse-api "^3.0.0"
-    has "^1.0.0"
-    postcss "^7.0.0"
-
-postcss-reduce-transforms@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-reduce-transforms/-/postcss-reduce-transforms-4.0.2.tgz#17efa405eacc6e07be3414a5ca2d1074681d4e29"
-  integrity sha512-EEVig1Q2QJ4ELpJXMZR8Vt5DQx8/mo+dGWSR7vWXqcob2gQLyQGsionYcGKATXvQzMPn6DSN1vTN7yFximdIAg==
-  dependencies:
-    cssnano-util-get-match "^4.0.0"
-    has "^1.0.0"
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-
-postcss-safe-parser@^4.0.1:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/postcss-safe-parser/-/postcss-safe-parser-4.0.2.tgz#a6d4e48f0f37d9f7c11b2a581bf00f8ba4870b96"
-  integrity sha512-Uw6ekxSWNLCPesSv/cmqf2bY/77z11O7jZGPax3ycZMFU/oi2DMH9i89AdHc1tRwFg/arFoEwX0IS3LCUxJh1g==
-  dependencies:
-    postcss "^7.0.26"
-
-postcss-selector-parser@^3.0.0:
-  version "3.1.2"
-  resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-3.1.2.tgz#b310f5c4c0fdaf76f94902bbaa30db6aa84f5270"
-  integrity sha512-h7fJ/5uWuRVyOtkO45pnt1Ih40CEleeyCHzipqAZO2e5H20g25Y48uYnFUiShvY4rZWNJ/Bib/KVPmanaCtOhA==
-  dependencies:
-    dot-prop "^5.2.0"
-    indexes-of "^1.0.1"
-    uniq "^1.0.1"
-
-postcss-selector-parser@^6.0.0, postcss-selector-parser@^6.0.2:
-  version "6.0.6"
-  resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.0.6.tgz#2c5bba8174ac2f6981ab631a42ab0ee54af332ea"
-  integrity sha512-9LXrvaaX3+mcv5xkg5kFwqSzSH1JIObIx51PrndZwlmznwXRfxMddDvo9gve3gVR8ZTKgoFDdWkbRFmEhT4PMg==
-  dependencies:
-    cssesc "^3.0.0"
-    util-deprecate "^1.0.2"
-
-postcss-svgo@^4.0.3:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/postcss-svgo/-/postcss-svgo-4.0.3.tgz#343a2cdbac9505d416243d496f724f38894c941e"
-  integrity sha512-NoRbrcMWTtUghzuKSoIm6XV+sJdvZ7GZSc3wdBN0W19FTtp2ko8NqLsgoh/m9CzNhU3KLPvQmjIwtaNFkaFTvw==
-  dependencies:
-    postcss "^7.0.0"
-    postcss-value-parser "^3.0.0"
-    svgo "^1.0.0"
-
-postcss-unique-selectors@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-unique-selectors/-/postcss-unique-selectors-4.0.1.tgz#9446911f3289bfd64c6d680f073c03b1f9ee4bac"
-  integrity sha512-+JanVaryLo9QwZjKrmJgkI4Fn8SBgRO6WXQBJi7KiAVPlmxikB5Jzc4EvXMT2H0/m0RjrVVm9rGNhZddm/8Spg==
-  dependencies:
-    alphanum-sort "^1.0.0"
-    postcss "^7.0.0"
-    uniqs "^2.0.0"
-
-postcss-value-parser@^3.0.0, postcss-value-parser@^3.3.0, postcss-value-parser@^3.3.1:
-  version "3.3.1"
-  resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-3.3.1.tgz#9ff822547e2893213cf1c30efa51ac5fd1ba8281"
-  integrity sha512-pISE66AbVkp4fDQ7VHBwRNXzAAKJjw4Vw7nWI/+Q3vuly7SNfgYXvm6i5IgFylHGK5sP/xHAbB7N49OS4gWNyQ==
-
-postcss-value-parser@^4.0.2, postcss-value-parser@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.1.0.tgz#443f6a20ced6481a2bda4fa8532a6e55d789a2cb"
-  integrity sha512-97DXOFbQJhk71ne5/Mt6cOu6yxsSfM0QGQyl0L25Gca4yGWEGJaig7l7gbCX623VqTBNGLRLaVUCnNkcedlRSQ==
-
-postcss@^7.0.0, postcss@^7.0.1, postcss@^7.0.14, postcss@^7.0.26, postcss@^7.0.27, postcss@^7.0.32, postcss@^7.0.36, postcss@^7.0.5, postcss@^7.0.6:
-  version "7.0.36"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.36.tgz#056f8cffa939662a8f5905950c07d5285644dfcb"
-  integrity sha512-BebJSIUMwJHRH0HAQoxN4u1CN86glsrwsW0q7T+/m44eXOUAxSNdHRkNZPYz5vVUbg17hFgOQDE7fZk7li3pZw==
-  dependencies:
-    chalk "^2.4.2"
-    source-map "^0.6.1"
-    supports-color "^6.1.0"
-
-prepend-http@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/prepend-http/-/prepend-http-2.0.0.tgz#e92434bfa5ea8c19f41cdfd401d741a3c819d897"
-  integrity sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=
-
-prettier@^1.18.2:
-  version "1.19.1"
-  resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.19.1.tgz#f7d7f5ff8a9cd872a7be4ca142095956a60797cb"
-  integrity sha512-s7PoyDv/II1ObgQunCbB9PdLmUcBZcnWOcxDh7O0N/UwDEsHyqkW+Qh28jW+mVuCdx7gLB0BotYI1Y6uI9iyew==
-
-pretty-error@^2.0.2:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/pretty-error/-/pretty-error-2.1.2.tgz#be89f82d81b1c86ec8fdfbc385045882727f93b6"
-  integrity sha512-EY5oDzmsX5wvuynAByrmY0P0hcp+QpnAKbJng2A2MPjVKXCxrDSUkzghVJ4ZGPIv+JC4gX8fPUWscC0RtjsWGw==
-  dependencies:
-    lodash "^4.17.20"
-    renderkid "^2.0.4"
-
-pretty-time@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/pretty-time/-/pretty-time-1.1.0.tgz#ffb7429afabb8535c346a34e41873adf3d74dd0e"
-  integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
-
-prismjs@^1.13.0:
-  version "1.27.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.27.0.tgz#bb6ee3138a0b438a3653dd4d6ce0cc6510a45057"
-  integrity sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==
-
-process-nextick-args@~2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2"
-  integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==
-
-process@^0.11.10:
-  version "0.11.10"
-  resolved "https://registry.yarnpkg.com/process/-/process-0.11.10.tgz#7332300e840161bda3e69a1d1d91a7d4bc16f182"
-  integrity sha1-czIwDoQBYb2j5podHZGn1LwW8YI=
-
-promise-inflight@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/promise-inflight/-/promise-inflight-1.0.1.tgz#98472870bf228132fcbdd868129bad12c3c029e3"
-  integrity sha1-mEcocL8igTL8vdhoEputEsPAKeM=
-
-proxy-addr@~2.0.5:
-  version "2.0.7"
-  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025"
-  integrity sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==
-  dependencies:
-    forwarded "0.2.0"
-    ipaddr.js "1.9.1"
-
-prr@~1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/prr/-/prr-1.0.1.tgz#d3fc114ba06995a45ec6893f484ceb1d78f5f476"
-  integrity sha1-0/wRS6BplaRexok/SEzrHXj19HY=
-
-pseudomap@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3"
-  integrity sha1-8FKijacOYYkX7wqKw0wa5aaChrM=
-
-psl@^1.1.28:
-  version "1.8.0"
-  resolved "https://registry.yarnpkg.com/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
-  integrity sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==
-
-public-encrypt@^4.0.0:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/public-encrypt/-/public-encrypt-4.0.3.tgz#4fcc9d77a07e48ba7527e7cbe0de33d0701331e0"
-  integrity sha512-zVpa8oKZSz5bTMTFClc1fQOnyyEzpl5ozpi1B5YcvBrdohMjH2rfsBtyXcuNuwjsDIXmBYlF2N5FlJYhR29t8Q==
-  dependencies:
-    bn.js "^4.1.0"
-    browserify-rsa "^4.0.0"
-    create-hash "^1.1.0"
-    parse-asn1 "^5.0.0"
-    randombytes "^2.0.1"
-    safe-buffer "^5.1.2"
-
-pump@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/pump/-/pump-2.0.1.tgz#12399add6e4cf7526d973cbc8b5ce2e2908b3909"
-  integrity sha512-ruPMNRkN3MHP1cWJc9OWr+T/xDP0jhXYCLfJcBuX54hhfIBnaQmAUMfDcG4DM5UMWByBbJY69QSphm3jtDKIkA==
-  dependencies:
-    end-of-stream "^1.1.0"
-    once "^1.3.1"
-
-pump@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/pump/-/pump-3.0.0.tgz#b4a2116815bde2f4e1ea602354e8c75565107a64"
-  integrity sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==
-  dependencies:
-    end-of-stream "^1.1.0"
-    once "^1.3.1"
-
-pumpify@^1.3.3:
-  version "1.5.1"
-  resolved "https://registry.yarnpkg.com/pumpify/-/pumpify-1.5.1.tgz#36513be246ab27570b1a374a5ce278bfd74370ce"
-  integrity sha512-oClZI37HvuUJJxSKKrC17bZ9Cu0ZYhEAGPsPUy9KlMUmv9dKX2o77RUmq7f3XjIxbwyGwYzbzQ1L2Ks8sIradQ==
-  dependencies:
-    duplexify "^3.6.0"
-    inherits "^2.0.3"
-    pump "^2.0.0"
-
-punycode@1.3.2:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.3.2.tgz#9653a036fb7c1ee42342f2325cceefea3926c48d"
-  integrity sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0=
-
-punycode@^1.2.4:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.4.1.tgz#c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"
-  integrity sha1-wNWmOycYgArY4esPpSachN1BhF4=
-
-punycode@^2.1.0, punycode@^2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
-  integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
-
-pupa@^2.0.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/pupa/-/pupa-2.1.1.tgz#f5e8fd4afc2c5d97828faa523549ed8744a20d62"
-  integrity sha512-l1jNAspIBSFqbT+y+5FosojNpVpF94nlI+wDUpqP9enwOTfHx9f0gh5nB96vl+6yTpsJsypeNrwfzPrKuHB41A==
-  dependencies:
-    escape-goat "^2.0.0"
-
-q@^1.1.2:
-  version "1.5.1"
-  resolved "https://registry.yarnpkg.com/q/-/q-1.5.1.tgz#7e32f75b41381291d04611f1bf14109ac00651d7"
-  integrity sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=
-
-qs@6.7.0:
-  version "6.7.0"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
-  integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
-
-qs@~6.5.2:
-  version "6.5.2"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36"
-  integrity sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==
-
-query-string@^5.0.1:
-  version "5.1.1"
-  resolved "https://registry.yarnpkg.com/query-string/-/query-string-5.1.1.tgz#a78c012b71c17e05f2e3fa2319dd330682efb3cb"
-  integrity sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==
-  dependencies:
-    decode-uri-component "^0.2.0"
-    object-assign "^4.1.0"
-    strict-uri-encode "^1.0.0"
-
-query-string@^6.9.0:
-  version "6.14.1"
-  resolved "https://registry.yarnpkg.com/query-string/-/query-string-6.14.1.tgz#7ac2dca46da7f309449ba0f86b1fd28255b0c86a"
-  integrity sha512-XDxAeVmpfu1/6IjyT/gXHOl+S0vQ9owggJ30hhWKdHAsNPOcasn5o9BW0eejZqL2e4vMjhAxoW3jVHcD6mbcYw==
-  dependencies:
-    decode-uri-component "^0.2.0"
-    filter-obj "^1.1.0"
-    split-on-first "^1.0.0"
-    strict-uri-encode "^2.0.0"
-
-querystring-es3@^0.2.0, querystring-es3@^0.2.1:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/querystring-es3/-/querystring-es3-0.2.1.tgz#9ec61f79049875707d69414596fd907a4d711e73"
-  integrity sha1-nsYfeQSYdXB9aUFFlv2Qek1xHnM=
-
-querystring@0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/querystring/-/querystring-0.2.0.tgz#b209849203bb25df820da756e747005878521620"
-  integrity sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=
-
-querystringify@^2.1.1:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/querystringify/-/querystringify-2.2.0.tgz#3345941b4153cb9d082d8eee4cda2016a9aef7f6"
-  integrity sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==
-
-randombytes@^2.0.0, randombytes@^2.0.1, randombytes@^2.0.5, randombytes@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a"
-  integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==
-  dependencies:
-    safe-buffer "^5.1.0"
-
-randomfill@^1.0.3:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/randomfill/-/randomfill-1.0.4.tgz#c92196fc86ab42be983f1bf31778224931d61458"
-  integrity sha512-87lcbR8+MhcWcUiQ+9e+Rwx8MyR2P7qnt15ynUlbm3TU/fjbgz4GsvfSUDTemtCCtVCqb4ZcEFlyPNTh9bBTLw==
-  dependencies:
-    randombytes "^2.0.5"
-    safe-buffer "^5.1.0"
-
-range-parser@^1.2.1, range-parser@~1.2.1:
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031"
-  integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
-
-raw-body@2.4.0:
-  version "2.4.0"
-  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.0.tgz#a1ce6fb9c9bc356ca52e89256ab59059e13d0332"
-  integrity sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==
-  dependencies:
-    bytes "3.1.0"
-    http-errors "1.7.2"
-    iconv-lite "0.4.24"
-    unpipe "1.0.0"
-
-rc@^1.2.8:
-  version "1.2.8"
-  resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed"
-  integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==
-  dependencies:
-    deep-extend "^0.6.0"
-    ini "~1.3.0"
-    minimist "^1.2.0"
-    strip-json-comments "~2.0.1"
-
-read-pkg-up@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/read-pkg-up/-/read-pkg-up-1.0.1.tgz#9d63c13276c065918d57f002a57f40a1b643fb02"
-  integrity sha1-nWPBMnbAZZGNV/ACpX9AobZD+wI=
-  dependencies:
-    find-up "^1.0.0"
-    read-pkg "^1.0.0"
-
-read-pkg@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/read-pkg/-/read-pkg-1.1.0.tgz#f5ffaa5ecd29cb31c0474bca7d756b6bb29e3f28"
-  integrity sha1-9f+qXs0pyzHAR0vKfXVra7KePyg=
-  dependencies:
-    load-json-file "^1.0.0"
-    normalize-package-data "^2.3.2"
-    path-type "^1.0.0"
-
-"readable-stream@1 || 2", readable-stream@^2.0.0, readable-stream@^2.0.1, readable-stream@^2.0.2, readable-stream@^2.0.6, readable-stream@^2.1.5, readable-stream@^2.2.2, readable-stream@^2.3.3, readable-stream@^2.3.6, readable-stream@~2.3.6:
-  version "2.3.7"
-  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.7.tgz#1eca1cf711aef814c04f62252a36a62f6cb23b57"
-  integrity sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==
-  dependencies:
-    core-util-is "~1.0.0"
-    inherits "~2.0.3"
-    isarray "~1.0.0"
-    process-nextick-args "~2.0.0"
-    safe-buffer "~5.1.1"
-    string_decoder "~1.1.1"
-    util-deprecate "~1.0.1"
-
-readable-stream@^3.0.6, readable-stream@^3.6.0:
-  version "3.6.0"
-  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.0.tgz#337bbda3adc0706bd3e024426a286d4b4b2c9198"
-  integrity sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==
-  dependencies:
-    inherits "^2.0.3"
-    string_decoder "^1.1.1"
-    util-deprecate "^1.0.1"
-
-readdirp@^2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-2.2.1.tgz#0e87622a3325aa33e892285caf8b4e846529a525"
-  integrity sha512-1JU/8q+VgFZyxwrJ+SVIOsh+KywWGpds3NTqikiKpDMZWScmAYyKIgqkO+ARvNWJfXeXR1zxz7aHF4u4CyH6vQ==
-  dependencies:
-    graceful-fs "^4.1.11"
-    micromatch "^3.1.10"
-    readable-stream "^2.0.2"
-
-readdirp@~3.6.0:
-  version "3.6.0"
-  resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-3.6.0.tgz#74a370bd857116e245b29cc97340cd431a02a6c7"
-  integrity sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==
-  dependencies:
-    picomatch "^2.2.1"
-
-redent@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/redent/-/redent-1.0.0.tgz#cf916ab1fd5f1f16dfb20822dd6ec7f730c2afde"
-  integrity sha1-z5Fqsf1fHxbfsggi3W7H9zDCr94=
-  dependencies:
-    indent-string "^2.1.0"
-    strip-indent "^1.0.1"
-
-reduce@^1.0.1:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/reduce/-/reduce-1.0.2.tgz#0cd680ad3ffe0b060e57a5c68bdfce37168d361b"
-  integrity sha512-xX7Fxke/oHO5IfZSk77lvPa/7bjMh9BuCk4OOoX5XTXrM7s0Z+MkPfSDfz0q7r91BhhGSs8gii/VEN/7zhCPpQ==
-  dependencies:
-    object-keys "^1.1.0"
-
-regenerate-unicode-properties@^8.2.0:
-  version "8.2.0"
-  resolved "https://registry.yarnpkg.com/regenerate-unicode-properties/-/regenerate-unicode-properties-8.2.0.tgz#e5de7111d655e7ba60c057dbe9ff37c87e65cdec"
-  integrity sha512-F9DjY1vKLo/tPePDycuH3dn9H1OTPIkVD9Kz4LODu+F2C75mgjAJ7x/gwy6ZcSNRAAkhNlJSOHRe8k3p+K9WhA==
-  dependencies:
-    regenerate "^1.4.0"
-
-regenerate@^1.4.0:
-  version "1.4.2"
-  resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.4.2.tgz#b9346d8827e8f5a32f7ba29637d398b69014848a"
-  integrity sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==
-
-regenerator-runtime@^0.13.4:
-  version "0.13.9"
-  resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.9.tgz#8925742a98ffd90814988d7566ad30ca3b263b52"
-  integrity sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==
-
-regenerator-transform@^0.14.2:
-  version "0.14.5"
-  resolved "https://registry.yarnpkg.com/regenerator-transform/-/regenerator-transform-0.14.5.tgz#c98da154683671c9c4dcb16ece736517e1b7feb4"
-  integrity sha512-eOf6vka5IO151Jfsw2NO9WpGX58W6wWmefK3I1zEGr0lOD0u8rwPaNqQL1aRxUaxLeKO3ArNh3VYg1KbaD+FFw==
-  dependencies:
-    "@babel/runtime" "^7.8.4"
-
-regex-not@^1.0.0, regex-not@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/regex-not/-/regex-not-1.0.2.tgz#1f4ece27e00b0b65e0247a6810e6a85d83a5752c"
-  integrity sha512-J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A==
-  dependencies:
-    extend-shallow "^3.0.2"
-    safe-regex "^1.1.0"
-
-regexp.prototype.flags@^1.2.0:
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.3.1.tgz#7ef352ae8d159e758c0eadca6f8fcb4eef07be26"
-  integrity sha512-JiBdRBq91WlY7uRJ0ds7R+dU02i6LKi8r3BuQhNXn+kmeLN+EfHhfjqMRis1zJxnlu88hq/4dx0P2OP3APRTOA==
-  dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.3"
-
-regexpu-core@^4.7.1:
-  version "4.7.1"
-  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-4.7.1.tgz#2dea5a9a07233298fbf0db91fa9abc4c6e0f8ad6"
-  integrity sha512-ywH2VUraA44DZQuRKzARmw6S66mr48pQVva4LBeRhcOltJ6hExvWly5ZjFLYo67xbIxb6W1q4bAGtgfEl20zfQ==
-  dependencies:
-    regenerate "^1.4.0"
-    regenerate-unicode-properties "^8.2.0"
-    regjsgen "^0.5.1"
-    regjsparser "^0.6.4"
-    unicode-match-property-ecmascript "^1.0.4"
-    unicode-match-property-value-ecmascript "^1.2.0"
-
-registry-auth-token@^4.0.0:
-  version "4.2.1"
-  resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-4.2.1.tgz#6d7b4006441918972ccd5fedcd41dc322c79b250"
-  integrity sha512-6gkSb4U6aWJB4SF2ZvLb76yCBjcvufXBqvvEx1HbmKPkutswjW1xNVRY0+daljIYRbogN7O0etYSlbiaEQyMyw==
-  dependencies:
-    rc "^1.2.8"
-
-registry-url@^5.0.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/registry-url/-/registry-url-5.1.0.tgz#e98334b50d5434b81136b44ec638d9c2009c5009"
-  integrity sha512-8acYXXTI0AkQv6RAOjE3vOaIXZkT9wo4LOFbBKYQEEnnMNBpKqdUrI6S4NT0KPIo/WVvJ5tE/X5LF/TQUf0ekw==
-  dependencies:
-    rc "^1.2.8"
-
-regjsgen@^0.5.1:
-  version "0.5.2"
-  resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.5.2.tgz#92ff295fb1deecbf6ecdab2543d207e91aa33733"
-  integrity sha512-OFFT3MfrH90xIW8OOSyUrk6QHD5E9JOTeGodiJeBS3J6IwlgzJMNE/1bZklWz5oTg+9dCMyEetclvCVXOPoN3A==
-
-regjsparser@^0.6.4:
-  version "0.6.9"
-  resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.6.9.tgz#b489eef7c9a2ce43727627011429cf833a7183e6"
-  integrity sha512-ZqbNRz1SNjLAiYuwY0zoXW8Ne675IX5q+YHioAGbCw4X96Mjl2+dcX9B2ciaeyYjViDAfvIjFpQjJgLttTEERQ==
-  dependencies:
-    jsesc "~0.5.0"
-
-relateurl@0.2.x:
-  version "0.2.7"
-  resolved "https://registry.yarnpkg.com/relateurl/-/relateurl-0.2.7.tgz#54dbf377e51440aca90a4cd274600d3ff2d888a9"
-  integrity sha1-VNvzd+UUQKypCkzSdGANP/LYiKk=
-
-remove-trailing-separator@^1.0.1:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz#c24bce2a283adad5bc3f58e0d48249b92379d8ef"
-  integrity sha1-wkvOKig62tW8P1jg1IJJuSN52O8=
-
-renderkid@^2.0.4:
-  version "2.0.7"
-  resolved "https://registry.yarnpkg.com/renderkid/-/renderkid-2.0.7.tgz#464f276a6bdcee606f4a15993f9b29fc74ca8609"
-  integrity sha512-oCcFyxaMrKsKcTY59qnCAtmDVSLfPbrv6A3tVbPdFMMrv5jaK10V6m40cKsoPNhAqN6rmHW9sswW4o3ruSrwUQ==
-  dependencies:
-    css-select "^4.1.3"
-    dom-converter "^0.2.0"
-    htmlparser2 "^6.1.0"
-    lodash "^4.17.21"
-    strip-ansi "^3.0.1"
-
-repeat-element@^1.1.2:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/repeat-element/-/repeat-element-1.1.4.tgz#be681520847ab58c7568ac75fbfad28ed42d39e9"
-  integrity sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ==
-
-repeat-string@^1.6.1:
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637"
-  integrity sha1-jcrkcOHIirwtYA//Sndihtp15jc=
-
-repeating@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/repeating/-/repeating-2.0.1.tgz#5214c53a926d3552707527fbab415dbc08d06dda"
-  integrity sha1-UhTFOpJtNVJwdSf7q0FdvAjQbdo=
-  dependencies:
-    is-finite "^1.0.0"
-
-request@^2.87.0, request@^2.88.0:
-  version "2.88.2"
-  resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3"
-  integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==
-  dependencies:
-    aws-sign2 "~0.7.0"
-    aws4 "^1.8.0"
-    caseless "~0.12.0"
-    combined-stream "~1.0.6"
-    extend "~3.0.2"
-    forever-agent "~0.6.1"
-    form-data "~2.3.2"
-    har-validator "~5.1.3"
-    http-signature "~1.2.0"
-    is-typedarray "~1.0.0"
-    isstream "~0.1.2"
-    json-stringify-safe "~5.0.1"
-    mime-types "~2.1.19"
-    oauth-sign "~0.9.0"
-    performance-now "^2.1.0"
-    qs "~6.5.2"
-    safe-buffer "^5.1.2"
-    tough-cookie "~2.5.0"
-    tunnel-agent "^0.6.0"
-    uuid "^3.3.2"
-
-require-directory@^2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"
-  integrity sha1-jGStX9MNqxyXbiNE/+f3kqam30I=
-
-require-main-filename@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/require-main-filename/-/require-main-filename-2.0.0.tgz#d0b329ecc7cc0f61649f62215be69af54aa8989b"
-  integrity sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==
-
-requires-port@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/requires-port/-/requires-port-1.0.0.tgz#925d2601d39ac485e091cf0da5c6e694dc3dcaff"
-  integrity sha1-kl0mAdOaxIXgkc8NpcbmlNw9yv8=
-
-resize-observer-polyfill@^1.5.1:
-  version "1.5.1"
-  resolved "https://registry.yarnpkg.com/resize-observer-polyfill/-/resize-observer-polyfill-1.5.1.tgz#0e9020dd3d21024458d4ebd27e23e40269810464"
-  integrity sha512-LwZrotdHOo12nQuZlHEmtuXdqGoOD0OhaxopaNFxWzInpEgaLWoVuAMbTzixuosCx2nEG58ngzW3vxdWoxIgdg==
-
-resolve-cwd@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/resolve-cwd/-/resolve-cwd-2.0.0.tgz#00a9f7387556e27038eae232caa372a6a59b665a"
-  integrity sha1-AKn3OHVW4nA46uIyyqNypqWbZlo=
-  dependencies:
-    resolve-from "^3.0.0"
-
-resolve-from@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-3.0.0.tgz#b22c7af7d9d6881bc8b6e653335eebcb0a188748"
-  integrity sha1-six699nWiBvItuZTM17rywoYh0g=
-
-resolve-url@^0.2.1:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/resolve-url/-/resolve-url-0.2.1.tgz#2c637fe77c893afd2a663fe21aa9080068e2052a"
-  integrity sha1-LGN/53yJOv0qZj/iGqkIAGjiBSo=
-
-resolve@^1.10.0, resolve@^1.14.2, resolve@^1.2.0:
-  version "1.20.0"
-  resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.20.0.tgz#629a013fb3f70755d6f0b7935cc1c2c5378b1975"
-  integrity sha512-wENBPt4ySzg4ybFQW2TT1zMQucPK95HSh/nq2CFTZVOGut2+pQvSsgtda4d26YrYcr067wjbmzOG8byDPBX63A==
-  dependencies:
-    is-core-module "^2.2.0"
-    path-parse "^1.0.6"
-
-responselike@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/responselike/-/responselike-1.0.2.tgz#918720ef3b631c5642be068f15ade5a46f4ba1e7"
-  integrity sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=
-  dependencies:
-    lowercase-keys "^1.0.0"
-
-ret@~0.1.10:
-  version "0.1.15"
-  resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc"
-  integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==
-
-retry@^0.12.0:
-  version "0.12.0"
-  resolved "https://registry.yarnpkg.com/retry/-/retry-0.12.0.tgz#1b42a6266a21f07421d1b0b54b7dc167b01c013b"
-  integrity sha1-G0KmJmoh8HQh0bC1S33BZ7AcATs=
-
-rgb-regex@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/rgb-regex/-/rgb-regex-1.0.1.tgz#c0e0d6882df0e23be254a475e8edd41915feaeb1"
-  integrity sha1-wODWiC3w4jviVKR16O3UGRX+rrE=
-
-rgba-regex@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/rgba-regex/-/rgba-regex-1.0.0.tgz#43374e2e2ca0968b0ef1523460b7d730ff22eeb3"
-  integrity sha1-QzdOLiyglosO8VI0YLfXMP8i7rM=
-
-rimraf@2, rimraf@^2.5.4, rimraf@^2.6.3:
-  version "2.7.1"
-  resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.7.1.tgz#35797f13a7fdadc566142c29d4f07ccad483e3ec"
-  integrity sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==
-  dependencies:
-    glob "^7.1.3"
-
-ripemd160@^2.0.0, ripemd160@^2.0.1:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/ripemd160/-/ripemd160-2.0.2.tgz#a1c1a6f624751577ba5d07914cbc92850585890c"
-  integrity sha512-ii4iagi25WusVoiC4B4lq7pbXfAp3D9v5CwfkY33vffw2+pkDjY1D8GaN7spsxvCSx8dkPqOZCEZyfxcmJG2IA==
-  dependencies:
-    hash-base "^3.0.0"
-    inherits "^2.0.1"
-
-robust-predicates@^3.0.0:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/robust-predicates/-/robust-predicates-3.0.1.tgz#ecde075044f7f30118682bd9fb3f123109577f9a"
-  integrity sha512-ndEIpszUHiG4HtDsQLeIuMvRsDnn8c8rYStabochtUeCvfuvNptb5TUbVD68LRAILPX7p9nqQGh4xJgn3EHS/g==
-
-run-queue@^1.0.0, run-queue@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/run-queue/-/run-queue-1.0.3.tgz#e848396f057d223f24386924618e25694161ec47"
-  integrity sha1-6Eg5bwV9Ij8kOGkkYY4laUFh7Ec=
-  dependencies:
-    aproba "^1.1.1"
-
-rw@1:
-  version "1.3.3"
-  resolved "https://registry.yarnpkg.com/rw/-/rw-1.3.3.tgz#3f862dfa91ab766b14885ef4d01124bfda074fb4"
-  integrity sha1-P4Yt+pGrdmsUiF700BEkv9oHT7Q=
-
-safe-buffer@5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
-  version "5.1.2"
-  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
-  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
-
-safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@^5.2.0, safe-buffer@~5.2.0:
-  version "5.2.1"
-  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
-  integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
-
-safe-regex@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e"
-  integrity sha1-QKNmnzsHfR6UPURinhV91IAjvy4=
-  dependencies:
-    ret "~0.1.10"
-
-"safer-buffer@>= 2.1.2 < 3", "safer-buffer@>= 2.1.2 < 3.0.0", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@^2.1.2, safer-buffer@~2.1.0:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
-  integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
-
-sass-graph@2.2.5:
-  version "2.2.5"
-  resolved "https://registry.yarnpkg.com/sass-graph/-/sass-graph-2.2.5.tgz#a981c87446b8319d96dce0671e487879bd24c2e8"
-  integrity sha512-VFWDAHOe6mRuT4mZRd4eKE+d8Uedrk6Xnh7Sh9b4NGufQLQjOrvf/MQoOdx+0s92L89FeyUUNfU597j/3uNpag==
-  dependencies:
-    glob "^7.0.0"
-    lodash "^4.0.0"
-    scss-tokenizer "^0.2.3"
-    yargs "^13.3.2"
-
-sass-loader@^7.1.0:
-  version "7.3.1"
-  resolved "https://registry.yarnpkg.com/sass-loader/-/sass-loader-7.3.1.tgz#a5bf68a04bcea1c13ff842d747150f7ab7d0d23f"
-  integrity sha512-tuU7+zm0pTCynKYHpdqaPpe+MMTQ76I9TPZ7i4/5dZsigE350shQWe5EZNl5dBidM49TPET75tNqRbcsUZWeNA==
-  dependencies:
-    clone-deep "^4.0.1"
-    loader-utils "^1.0.1"
-    neo-async "^2.5.0"
-    pify "^4.0.1"
-    semver "^6.3.0"
-
-sax@~1.2.4:
-  version "1.2.4"
-  resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
-  integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==
-
-schema-utils@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-1.0.0.tgz#0b79a93204d7b600d4b2850d1f66c2a34951c770"
-  integrity sha512-i27Mic4KovM/lnGsy8whRCHhc7VicJajAjTrYg11K9zfZXnYIt4k5F+kZkwjnrhKzLic/HLU4j11mjsz2G/75g==
-  dependencies:
-    ajv "^6.1.0"
-    ajv-errors "^1.0.0"
-    ajv-keywords "^3.1.0"
-
-schema-utils@^2.6.5:
-  version "2.7.1"
-  resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-2.7.1.tgz#1ca4f32d1b24c590c203b8e7a50bf0ea4cd394d7"
-  integrity sha512-SHiNtMOUGWBQJwzISiVYKu82GiV4QYGePp3odlY1tuKO7gPtphAT5R/py0fA6xtbgLL/RvtJZnU9b8s0F1q0Xg==
-  dependencies:
-    "@types/json-schema" "^7.0.5"
-    ajv "^6.12.4"
-    ajv-keywords "^3.5.2"
-
-scss-tokenizer@^0.2.3:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/scss-tokenizer/-/scss-tokenizer-0.2.3.tgz#8eb06db9a9723333824d3f5530641149847ce5d1"
-  integrity sha1-jrBtualyMzOCTT9VMGQRSYR85dE=
-  dependencies:
-    js-base64 "^2.1.8"
-    source-map "^0.4.2"
-
-section-matter@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/section-matter/-/section-matter-1.0.0.tgz#e9041953506780ec01d59f292a19c7b850b84167"
-  integrity sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA==
-  dependencies:
-    extend-shallow "^2.0.1"
-    kind-of "^6.0.0"
-
-select-hose@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/select-hose/-/select-hose-2.0.0.tgz#625d8658f865af43ec962bfc376a37359a4994ca"
-  integrity sha1-Yl2GWPhlr0Psliv8N2o3NZpJlMo=
-
-selfsigned@^1.10.8:
-  version "1.10.11"
-  resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-1.10.11.tgz#24929cd906fe0f44b6d01fb23999a739537acbe9"
-  integrity sha512-aVmbPOfViZqOZPgRBT0+3u4yZFHpmnIghLMlAcb5/xhp5ZtB/RVnKhz5vl2M32CLXAqR4kha9zfhNg0Lf/sxKA==
-  dependencies:
-    node-forge "^0.10.0"
-
-semver-diff@^3.1.1:
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/semver-diff/-/semver-diff-3.1.1.tgz#05f77ce59f325e00e2706afd67bb506ddb1ca32b"
-  integrity sha512-GX0Ix/CJcHyB8c4ykpHGIAvLyOwOobtM/8d+TQkAd81/bEjgPHrfba41Vpesr7jX/t8Uh+R3EX9eAS5be+jQYg==
-  dependencies:
-    semver "^6.3.0"
-
-"semver@2 || 3 || 4 || 5", semver@^5.1.0, semver@^5.5.0, semver@^5.6.0:
-  version "5.7.1"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
-  integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
-
-semver@7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.0.0.tgz#5f3ca35761e47e05b206c6daff2cf814f0316b8e"
-  integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==
-
-semver@^6.0.0, semver@^6.1.0, semver@^6.1.1, semver@^6.1.2, semver@^6.2.0, semver@^6.3.0:
-  version "6.3.0"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
-  integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
-
-semver@~5.3.0:
-  version "5.3.0"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-5.3.0.tgz#9b2ce5d3de02d17c6012ad326aa6b4d0cf54f94f"
-  integrity sha1-myzl094C0XxgEq0yaqa00M9U+U8=
-
-send@0.17.1:
-  version "0.17.1"
-  resolved "https://registry.yarnpkg.com/send/-/send-0.17.1.tgz#c1d8b059f7900f7466dd4938bdc44e11ddb376c8"
-  integrity sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==
-  dependencies:
-    debug "2.6.9"
-    depd "~1.1.2"
-    destroy "~1.0.4"
-    encodeurl "~1.0.2"
-    escape-html "~1.0.3"
-    etag "~1.8.1"
-    fresh "0.5.2"
-    http-errors "~1.7.2"
-    mime "1.6.0"
-    ms "2.1.1"
-    on-finished "~2.3.0"
-    range-parser "~1.2.1"
-    statuses "~1.5.0"
-
-serialize-javascript@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-3.1.0.tgz#8bf3a9170712664ef2561b44b691eafe399214ea"
-  integrity sha512-JIJT1DGiWmIKhzRsG91aS6Ze4sFUrYbltlkg2onR5OrnNM02Kl/hnY/T4FN2omvyeBbQmMJv+K4cPOpGzOTFBg==
-  dependencies:
-    randombytes "^2.1.0"
-
-serialize-javascript@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-4.0.0.tgz#b525e1238489a5ecfc42afacc3fe99e666f4b1aa"
-  integrity sha512-GaNA54380uFefWghODBWEGisLZFj00nS5ACs6yHa9nLqlLpVLO8ChDGeKRjZnV4Nh4n0Qi7nhYZD/9fCPzEqkw==
-  dependencies:
-    randombytes "^2.1.0"
-
-serve-index@^1.9.1:
-  version "1.9.1"
-  resolved "https://registry.yarnpkg.com/serve-index/-/serve-index-1.9.1.tgz#d3768d69b1e7d82e5ce050fff5b453bea12a9239"
-  integrity sha1-03aNabHn2C5c4FD/9bRTvqEqkjk=
-  dependencies:
-    accepts "~1.3.4"
-    batch "0.6.1"
-    debug "2.6.9"
-    escape-html "~1.0.3"
-    http-errors "~1.6.2"
-    mime-types "~2.1.17"
-    parseurl "~1.3.2"
-
-serve-static@1.14.1:
-  version "1.14.1"
-  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.1.tgz#666e636dc4f010f7ef29970a88a674320898b2f9"
-  integrity sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==
-  dependencies:
-    encodeurl "~1.0.2"
-    escape-html "~1.0.3"
-    parseurl "~1.3.3"
-    send "0.17.1"
-
-set-blocking@^2.0.0, set-blocking@~2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
-  integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc=
-
-set-value@^2.0.0, set-value@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b"
-  integrity sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==
-  dependencies:
-    extend-shallow "^2.0.1"
-    is-extendable "^0.1.1"
-    is-plain-object "^2.0.3"
-    split-string "^3.0.1"
-
-setimmediate@^1.0.4:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
-  integrity sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=
-
-setprototypeof@1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656"
-  integrity sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==
-
-setprototypeof@1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.1.tgz#7e95acb24aa92f5885e0abef5ba131330d4ae683"
-  integrity sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==
-
-sha.js@^2.4.0, sha.js@^2.4.8:
-  version "2.4.11"
-  resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7"
-  integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==
-  dependencies:
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
-shallow-clone@^3.0.0:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/shallow-clone/-/shallow-clone-3.0.1.tgz#8f2981ad92531f55035b01fb230769a40e02efa3"
-  integrity sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==
-  dependencies:
-    kind-of "^6.0.2"
-
-shebang-command@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-1.2.0.tgz#44aac65b695b03398968c39f363fee5deafdf1ea"
-  integrity sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=
-  dependencies:
-    shebang-regex "^1.0.0"
-
-shebang-regex@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-1.0.0.tgz#da42f49740c0b42db2ca9728571cb190c98efea3"
-  integrity sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=
-
-signal-exit@^3.0.0, signal-exit@^3.0.2:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.3.tgz#a1410c2edd8f077b08b4e253c8eacfcaf057461c"
-  integrity sha512-VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA==
-
-simple-swizzle@^0.2.2:
-  version "0.2.2"
-  resolved "https://registry.yarnpkg.com/simple-swizzle/-/simple-swizzle-0.2.2.tgz#a4da6b635ffcccca33f70d17cb92592de95e557a"
-  integrity sha1-pNprY1/8zMoz9w0Xy5JZLeleVXo=
-  dependencies:
-    is-arrayish "^0.3.1"
-
-sitemap@^3.0.0:
-  version "3.2.2"
-  resolved "https://registry.yarnpkg.com/sitemap/-/sitemap-3.2.2.tgz#3f77c358fa97b555c879e457098e39910095c62b"
-  integrity sha512-TModL/WU4m2q/mQcrDgNANn0P4LwprM9MMvG4hu5zP4c6IIKs2YLTu6nXXnNr8ODW/WFtxKggiJ1EGn2W0GNmg==
-  dependencies:
-    lodash.chunk "^4.2.0"
-    lodash.padstart "^4.6.1"
-    whatwg-url "^7.0.0"
-    xmlbuilder "^13.0.0"
-
-slash@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/slash/-/slash-1.0.0.tgz#c41f2f6c39fc16d1cd17ad4b5d896114ae470d55"
-  integrity sha1-xB8vbDn8FtHNF61LXYlhFK5HDVU=
-
-slash@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/slash/-/slash-2.0.0.tgz#de552851a1759df3a8f206535442f5ec4ddeab44"
-  integrity sha512-ZYKh3Wh2z1PpEXWr0MpSBZ0V6mZHAQfYevttO11c51CaWjGTaadiKZ+wVt1PbMlDV5qhMFslpZCemhwOK7C89A==
-
-smoothscroll-polyfill@^0.4.3:
-  version "0.4.4"
-  resolved "https://registry.yarnpkg.com/smoothscroll-polyfill/-/smoothscroll-polyfill-0.4.4.tgz#3a259131dc6930e6ca80003e1cb03b603b69abf8"
-  integrity sha512-TK5ZA9U5RqCwMpfoMq/l1mrH0JAR7y7KRvOBx0n2869aLxch+gT9GhN3yUfjiw+d/DiF1mKo14+hd62JyMmoBg==
-
-snapdragon-node@^2.0.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b"
-  integrity sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw==
-  dependencies:
-    define-property "^1.0.0"
-    isobject "^3.0.0"
-    snapdragon-util "^3.0.1"
-
-snapdragon-util@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/snapdragon-util/-/snapdragon-util-3.0.1.tgz#f956479486f2acd79700693f6f7b805e45ab56e2"
-  integrity sha512-mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ==
-  dependencies:
-    kind-of "^3.2.0"
-
-snapdragon@^0.8.1:
-  version "0.8.2"
-  resolved "https://registry.yarnpkg.com/snapdragon/-/snapdragon-0.8.2.tgz#64922e7c565b0e14204ba1aa7d6964278d25182d"
-  integrity sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg==
-  dependencies:
-    base "^0.11.1"
-    debug "^2.2.0"
-    define-property "^0.2.5"
-    extend-shallow "^2.0.1"
-    map-cache "^0.2.2"
-    source-map "^0.5.6"
-    source-map-resolve "^0.5.0"
-    use "^3.1.0"
-
-sockjs-client@^1.5.0:
-  version "1.5.1"
-  resolved "https://registry.yarnpkg.com/sockjs-client/-/sockjs-client-1.5.1.tgz#256908f6d5adfb94dabbdbd02c66362cca0f9ea6"
-  integrity sha512-VnVAb663fosipI/m6pqRXakEOw7nvd7TUgdr3PlR/8V2I95QIdwT8L4nMxhyU8SmDBHYXU1TOElaKOmKLfYzeQ==
-  dependencies:
-    debug "^3.2.6"
-    eventsource "^1.0.7"
-    faye-websocket "^0.11.3"
-    inherits "^2.0.4"
-    json3 "^3.3.3"
-    url-parse "^1.5.1"
-
-sockjs@^0.3.21:
-  version "0.3.21"
-  resolved "https://registry.yarnpkg.com/sockjs/-/sockjs-0.3.21.tgz#b34ffb98e796930b60a0cfa11904d6a339a7d417"
-  integrity sha512-DhbPFGpxjc6Z3I+uX07Id5ZO2XwYsWOrYjaSeieES78cq+JaJvVe5q/m1uvjIQhXinhIeCFRH6JgXe+mvVMyXw==
-  dependencies:
-    faye-websocket "^0.11.3"
-    uuid "^3.4.0"
-    websocket-driver "^0.7.4"
-
-sort-keys@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/sort-keys/-/sort-keys-2.0.0.tgz#658535584861ec97d730d6cf41822e1f56684128"
-  integrity sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=
-  dependencies:
-    is-plain-obj "^1.0.0"
-
-source-list-map@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/source-list-map/-/source-list-map-2.0.1.tgz#3993bd873bfc48479cca9ea3a547835c7c154b34"
-  integrity sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw==
-
-source-map-resolve@^0.5.0, source-map-resolve@^0.5.2:
-  version "0.5.3"
-  resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.3.tgz#190866bece7553e1f8f267a2ee82c606b5509a1a"
-  integrity sha512-Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw==
-  dependencies:
-    atob "^2.1.2"
-    decode-uri-component "^0.2.0"
-    resolve-url "^0.2.1"
-    source-map-url "^0.4.0"
-    urix "^0.1.0"
-
-source-map-support@~0.5.12:
-  version "0.5.19"
-  resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.19.tgz#a98b62f86dcaf4f67399648c085291ab9e8fed61"
-  integrity sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==
-  dependencies:
-    buffer-from "^1.0.0"
-    source-map "^0.6.0"
-
-source-map-url@^0.4.0:
-  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/source-map-url/-/source-map-url-0.4.1.tgz#0af66605a745a5a2f91cf1bbf8a7afbc283dec56"
-  integrity sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw==
-
-source-map@0.5.6:
-  version "0.5.6"
-  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.6.tgz#75ce38f52bf0733c5a7f0c118d81334a2bb5f412"
-  integrity sha1-dc449SvwczxafwwRjYEzSiu19BI=
-
-source-map@^0.4.2:
-  version "0.4.4"
-  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.4.4.tgz#eba4f5da9c0dc999de68032d8b4f76173652036b"
-  integrity sha1-66T12pwNyZneaAMti092FzZSA2s=
-  dependencies:
-    amdefine ">=0.0.4"
-
-source-map@^0.5.0, source-map@^0.5.6:
-  version "0.5.7"
-  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
-  integrity sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=
-
-source-map@^0.6.0, source-map@^0.6.1, source-map@~0.6.0, source-map@~0.6.1:
-  version "0.6.1"
-  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263"
-  integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==
-
-source-map@^0.7.3:
-  version "0.7.3"
-  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.7.3.tgz#5302f8169031735226544092e64981f751750383"
-  integrity sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==
-
-spdx-correct@^3.0.0:
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/spdx-correct/-/spdx-correct-3.1.1.tgz#dece81ac9c1e6713e5f7d1b6f17d468fa53d89a9"
-  integrity sha512-cOYcUWwhCuHCXi49RhFRCyJEK3iPj1Ziz9DpViV3tbZOwXD49QzIN3MpOLJNxh2qwq2lJJZaKMVw9qNi4jTC0w==
-  dependencies:
-    spdx-expression-parse "^3.0.0"
-    spdx-license-ids "^3.0.0"
-
-spdx-exceptions@^2.1.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/spdx-exceptions/-/spdx-exceptions-2.3.0.tgz#3f28ce1a77a00372683eade4a433183527a2163d"
-  integrity sha512-/tTrYOC7PPI1nUAgx34hUpqXuyJG+DTHJTnIULG4rDygi4xu/tfgmq1e1cIRwRzwZgo4NLySi+ricLkZkw4i5A==
-
-spdx-expression-parse@^3.0.0:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz#cf70f50482eefdc98e3ce0a6833e4a53ceeba679"
-  integrity sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==
-  dependencies:
-    spdx-exceptions "^2.1.0"
-    spdx-license-ids "^3.0.0"
-
-spdx-license-ids@^3.0.0:
-  version "3.0.10"
-  resolved "https://registry.yarnpkg.com/spdx-license-ids/-/spdx-license-ids-3.0.10.tgz#0d9becccde7003d6c658d487dd48a32f0bf3014b"
-  integrity sha512-oie3/+gKf7QtpitB0LYLETe+k8SifzsX4KixvpOsbI6S0kRiRQ5MKOio8eMSAKQ17N06+wdEOXRiId+zOxo0hA==
-
-spdy-transport@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/spdy-transport/-/spdy-transport-3.0.0.tgz#00d4863a6400ad75df93361a1608605e5dcdcf31"
-  integrity sha512-hsLVFE5SjA6TCisWeJXFKniGGOpBgMLmerfO2aCyCU5s7nJ/rpAepqmFifv/GCbSbueEeAJJnmSQ2rKC/g8Fcw==
-  dependencies:
-    debug "^4.1.0"
-    detect-node "^2.0.4"
-    hpack.js "^2.1.6"
-    obuf "^1.1.2"
-    readable-stream "^3.0.6"
-    wbuf "^1.7.3"
-
-spdy@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/spdy/-/spdy-4.0.2.tgz#b74f466203a3eda452c02492b91fb9e84a27677b"
-  integrity sha512-r46gZQZQV+Kl9oItvl1JZZqJKGr+oEkB08A6BzkiR7593/7IbtuncXHd2YoYeTsG4157ZssMu9KYvUHLcjcDoA==
-  dependencies:
-    debug "^4.1.0"
-    handle-thing "^2.0.0"
-    http-deceiver "^1.2.7"
-    select-hose "^2.0.0"
-    spdy-transport "^3.0.0"
-
-split-on-first@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/split-on-first/-/split-on-first-1.1.0.tgz#f610afeee3b12bce1d0c30425e76398b78249a5f"
-  integrity sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw==
-
-split-string@^3.0.1, split-string@^3.0.2:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2"
-  integrity sha512-NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw==
-  dependencies:
-    extend-shallow "^3.0.0"
-
-sprintf-js@~1.0.2:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
-  integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=
-
-sshpk@^1.7.0:
-  version "1.16.1"
-  resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
-  integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==
-  dependencies:
-    asn1 "~0.2.3"
-    assert-plus "^1.0.0"
-    bcrypt-pbkdf "^1.0.0"
-    dashdash "^1.12.0"
-    ecc-jsbn "~0.1.1"
-    getpass "^0.1.1"
-    jsbn "~0.1.0"
-    safer-buffer "^2.0.2"
-    tweetnacl "~0.14.0"
-
-ssri@^6.0.1:
-  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.2.tgz#157939134f20464e7301ddba3e90ffa8f7728ac5"
-  integrity sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==
-  dependencies:
-    figgy-pudding "^3.5.1"
-
-stable@^0.1.8:
-  version "0.1.8"
-  resolved "https://registry.yarnpkg.com/stable/-/stable-0.1.8.tgz#836eb3c8382fe2936feaf544631017ce7d47a3cf"
-  integrity sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w==
-
-stack-utils@^1.0.1:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/stack-utils/-/stack-utils-1.0.5.tgz#a19b0b01947e0029c8e451d5d61a498f5bb1471b"
-  integrity sha512-KZiTzuV3CnSnSvgMRrARVCj+Ht7rMbauGDK0LdVFRGyenwdylpajAp4Q0i6SX8rEmbTpMMf6ryq2gb8pPq2WgQ==
-  dependencies:
-    escape-string-regexp "^2.0.0"
-
-static-extend@^0.1.1:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/static-extend/-/static-extend-0.1.2.tgz#60809c39cbff55337226fd5e0b520f341f1fb5c6"
-  integrity sha1-YICcOcv/VTNyJv1eC1IPNB8ftcY=
-  dependencies:
-    define-property "^0.2.5"
-    object-copy "^0.1.0"
-
-"statuses@>= 1.4.0 < 2", "statuses@>= 1.5.0 < 2", statuses@~1.5.0:
-  version "1.5.0"
-  resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c"
-  integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=
-
-std-env@^2.2.1:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/std-env/-/std-env-2.3.0.tgz#66d4a4a4d5224242ed8e43f5d65cfa9095216eee"
-  integrity sha512-4qT5B45+Kjef2Z6pE0BkskzsH0GO7GrND0wGlTM1ioUe3v0dGYx9ZJH0Aro/YyA8fqQ5EyIKDRjZojJYMFTflw==
-  dependencies:
-    ci-info "^3.0.0"
-
-stdout-stream@^1.4.0:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/stdout-stream/-/stdout-stream-1.4.1.tgz#5ac174cdd5cd726104aa0c0b2bd83815d8d535de"
-  integrity sha512-j4emi03KXqJWcIeF8eIXkjMFN1Cmb8gUlDYGeBALLPo5qdyTfA9bOtl8m33lRoC+vFMkP3gl0WsDr6+gzxbbTA==
-  dependencies:
-    readable-stream "^2.0.1"
-
-stream-browserify@^2.0.1:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/stream-browserify/-/stream-browserify-2.0.2.tgz#87521d38a44aa7ee91ce1cd2a47df0cb49dd660b"
-  integrity sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==
-  dependencies:
-    inherits "~2.0.1"
-    readable-stream "^2.0.2"
-
-stream-each@^1.1.0:
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/stream-each/-/stream-each-1.2.3.tgz#ebe27a0c389b04fbcc233642952e10731afa9bae"
-  integrity sha512-vlMC2f8I2u/bZGqkdfLQW/13Zihpej/7PmSiMQsbYddxuTsJp8vRe2x2FvVExZg7FaOds43ROAuFJwPR4MTZLw==
-  dependencies:
-    end-of-stream "^1.1.0"
-    stream-shift "^1.0.0"
-
-stream-http@^2.7.2:
-  version "2.8.3"
-  resolved "https://registry.yarnpkg.com/stream-http/-/stream-http-2.8.3.tgz#b2d242469288a5a27ec4fe8933acf623de6514fc"
-  integrity sha512-+TSkfINHDo4J+ZobQLWiMouQYB+UVYFttRA94FpEzzJ7ZdqcL4uUUQ7WkdkI4DSozGmgBUE/a47L+38PenXhUw==
-  dependencies:
-    builtin-status-codes "^3.0.0"
-    inherits "^2.0.1"
-    readable-stream "^2.3.6"
-    to-arraybuffer "^1.0.0"
-    xtend "^4.0.0"
-
-stream-shift@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/stream-shift/-/stream-shift-1.0.1.tgz#d7088281559ab2778424279b0877da3c392d5a3d"
-  integrity sha512-AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ==
-
-strict-uri-encode@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz#279b225df1d582b1f54e65addd4352e18faa0713"
-  integrity sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=
-
-strict-uri-encode@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546"
-  integrity sha1-ucczDHBChi9rFC3CdLvMWGbONUY=
-
-string-width@^1.0.1:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/string-width/-/string-width-1.0.2.tgz#118bdf5b8cdc51a2a7e70d211e07e2b0b9b107d3"
-  integrity sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=
-  dependencies:
-    code-point-at "^1.0.0"
-    is-fullwidth-code-point "^1.0.0"
-    strip-ansi "^3.0.0"
-
-"string-width@^1.0.2 || 2":
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/string-width/-/string-width-2.1.1.tgz#ab93f27a8dc13d28cac815c462143a6d9012ae9e"
-  integrity sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==
-  dependencies:
-    is-fullwidth-code-point "^2.0.0"
-    strip-ansi "^4.0.0"
-
-string-width@^3.0.0, string-width@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/string-width/-/string-width-3.1.0.tgz#22767be21b62af1081574306f69ac51b62203961"
-  integrity sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==
-  dependencies:
-    emoji-regex "^7.0.1"
-    is-fullwidth-code-point "^2.0.0"
-    strip-ansi "^5.1.0"
-
-string-width@^4.0.0, string-width@^4.1.0:
-  version "4.2.2"
-  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.2.tgz#dafd4f9559a7585cfba529c6a0a4f73488ebd4c5"
-  integrity sha512-XBJbT3N4JhVumXE0eoLU9DCjcaF92KLNqTmFCnG1pf8duUxFGwtP6AD6nkjw9a3IdiRtL3E2w3JDiE/xi3vOeA==
-  dependencies:
-    emoji-regex "^8.0.0"
-    is-fullwidth-code-point "^3.0.0"
-    strip-ansi "^6.0.0"
-
-string.prototype.trimend@^1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz#e75ae90c2942c63504686c18b287b4a0b1a45f80"
-  integrity sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==
-  dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.3"
-
-string.prototype.trimstart@^1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz#b36399af4ab2999b4c9c648bd7a3fb2bb26feeed"
-  integrity sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==
-  dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.3"
-
-string_decoder@^1.0.0, string_decoder@^1.1.1:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e"
-  integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==
-  dependencies:
-    safe-buffer "~5.2.0"
-
-string_decoder@~1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8"
-  integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==
-  dependencies:
-    safe-buffer "~5.1.0"
-
-strip-ansi@^3.0.0, strip-ansi@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-3.0.1.tgz#6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"
-  integrity sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=
-  dependencies:
-    ansi-regex "^2.0.0"
-
-strip-ansi@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-4.0.0.tgz#a8479022eb1ac368a871389b635262c505ee368f"
-  integrity sha1-qEeQIusaw2iocTibY1JixQXuNo8=
-  dependencies:
-    ansi-regex "^3.0.0"
-
-strip-ansi@^5.0.0, strip-ansi@^5.1.0, strip-ansi@^5.2.0:
-  version "5.2.0"
-  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-5.2.0.tgz#8c9a536feb6afc962bdfa5b104a5091c1ad9c0ae"
-  integrity sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==
-  dependencies:
-    ansi-regex "^4.1.0"
-
-strip-ansi@^6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.0.tgz#0b1571dd7669ccd4f3e06e14ef1eed26225ae532"
-  integrity sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==
-  dependencies:
-    ansi-regex "^5.0.0"
-
-strip-bom-string@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/strip-bom-string/-/strip-bom-string-1.0.0.tgz#e5211e9224369fbb81d633a2f00044dc8cedad92"
-  integrity sha1-5SEekiQ2n7uB1jOi8ABE3IztrZI=
-
-strip-bom@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/strip-bom/-/strip-bom-2.0.0.tgz#6219a85616520491f35788bdbf1447a99c7e6b0e"
-  integrity sha1-YhmoVhZSBJHzV4i9vxRHqZx+aw4=
-  dependencies:
-    is-utf8 "^0.2.0"
-
-strip-eof@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/strip-eof/-/strip-eof-1.0.0.tgz#bb43ff5598a6eb05d89b59fcd129c983313606bf"
-  integrity sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=
-
-strip-indent@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/strip-indent/-/strip-indent-1.0.1.tgz#0c7962a6adefa7bbd4ac366460a638552ae1a0a2"
-  integrity sha1-DHlipq3vp7vUrDZkYKY4VSrhoKI=
-  dependencies:
-    get-stdin "^4.0.1"
-
-strip-json-comments@~2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
-  integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo=
-
-stylehacks@^4.0.0:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/stylehacks/-/stylehacks-4.0.3.tgz#6718fcaf4d1e07d8a1318690881e8d96726a71d5"
-  integrity sha512-7GlLk9JwlElY4Y6a/rmbH2MhVlTyVmiJd1PfTCqFaIBEGMYNsrO/v3SeGTdhBThLg4Z+NbOk/qFMwCa+J+3p/g==
-  dependencies:
-    browserslist "^4.0.0"
-    postcss "^7.0.0"
-    postcss-selector-parser "^3.0.0"
-
-stylis@^4.0.10:
-  version "4.0.13"
-  resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.0.13.tgz#f5db332e376d13cc84ecfe5dace9a2a51d954c91"
-  integrity sha512-xGPXiFVl4YED9Jh7Euv2V220mriG9u4B2TA6Ybjc1catrstKD2PpIdU3U0RKpkVBC2EhmL/F0sPCr9vrFTNRag==
-
-stylus-loader@^3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/stylus-loader/-/stylus-loader-3.0.2.tgz#27a706420b05a38e038e7cacb153578d450513c6"
-  integrity sha512-+VomPdZ6a0razP+zinir61yZgpw2NfljeSsdUF5kJuEzlo3khXhY19Fn6l8QQz1GRJGtMCo8nG5C04ePyV7SUA==
-  dependencies:
-    loader-utils "^1.0.2"
-    lodash.clonedeep "^4.5.0"
-    when "~3.6.x"
-
-stylus@^0.54.8:
-  version "0.54.8"
-  resolved "https://registry.yarnpkg.com/stylus/-/stylus-0.54.8.tgz#3da3e65966bc567a7b044bfe0eece653e099d147"
-  integrity sha512-vr54Or4BZ7pJafo2mpf0ZcwA74rpuYCZbxrHBsH8kbcXOwSfvBFwsRfpGO5OD5fhG5HDCFW737PKaawI7OqEAg==
-  dependencies:
-    css-parse "~2.0.0"
-    debug "~3.1.0"
-    glob "^7.1.6"
-    mkdirp "~1.0.4"
-    safer-buffer "^2.1.2"
-    sax "~1.2.4"
-    semver "^6.3.0"
-    source-map "^0.7.3"
-
-supports-color@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-2.0.0.tgz#535d045ce6b6363fa40117084629995e9df324c7"
-  integrity sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=
-
-supports-color@^5.3.0:
-  version "5.5.0"
-  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.5.0.tgz#e2e69a44ac8772f78a1ec0b35b689df6530efc8f"
-  integrity sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==
-  dependencies:
-    has-flag "^3.0.0"
-
-supports-color@^6.1.0:
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-6.1.0.tgz#0764abc69c63d5ac842dd4867e8d025e880df8f3"
-  integrity sha512-qe1jfm1Mg7Nq/NSh6XE24gPXROEVsWHxC1LIx//XNlD9iw7YZQGjZNjYN7xGaEG6iKdA8EtNFW6R0gjnVXp+wQ==
-  dependencies:
-    has-flag "^3.0.0"
-
-supports-color@^7.1.0:
-  version "7.2.0"
-  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da"
-  integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==
-  dependencies:
-    has-flag "^4.0.0"
-
-svg-tags@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/svg-tags/-/svg-tags-1.0.0.tgz#58f71cee3bd519b59d4b2a843b6c7de64ac04764"
-  integrity sha1-WPcc7jvVGbWdSyqEO2x95krAR2Q=
-
-svgo@^1.0.0:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/svgo/-/svgo-1.3.2.tgz#b6dc511c063346c9e415b81e43401145b96d4167"
-  integrity sha512-yhy/sQYxR5BkC98CY7o31VGsg014AKLEPxdfhora76l36hD9Rdy5NZA/Ocn6yayNPgSamYdtX2rFJdcv07AYVw==
-  dependencies:
-    chalk "^2.4.1"
-    coa "^2.0.2"
-    css-select "^2.0.0"
-    css-select-base-adapter "^0.1.1"
-    css-tree "1.0.0-alpha.37"
-    csso "^4.0.2"
-    js-yaml "^3.13.1"
-    mkdirp "~0.5.1"
-    object.values "^1.1.0"
-    sax "~1.2.4"
-    stable "^0.1.8"
-    unquote "~1.1.1"
-    util.promisify "~1.0.0"
-
-tapable@^1.0.0, tapable@^1.1.3:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/tapable/-/tapable-1.1.3.tgz#a1fccc06b58db61fd7a45da2da44f5f3a3e67ba2"
-  integrity sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==
-
-tar@^2.0.0:
-  version "2.2.2"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-2.2.2.tgz#0ca8848562c7299b8b446ff6a4d60cdbb23edc40"
-  integrity sha512-FCEhQ/4rE1zYv9rYXJw/msRqsnmlje5jHP6huWeBZ704jUTy02c5AZyWujpMR1ax6mVw9NyJMfuK2CMDWVIfgA==
-  dependencies:
-    block-stream "*"
-    fstream "^1.0.12"
-    inherits "2"
-
-term-size@^2.1.0:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/term-size/-/term-size-2.2.1.tgz#2a6a54840432c2fb6320fea0f415531e90189f54"
-  integrity sha512-wK0Ri4fOGjv/XPy8SBHZChl8CM7uMc5VML7SqiQ0zG7+J5Vr+RMQDoHa2CNT6KHUnTGIXH34UDMkPzAUyapBZg==
-
-terser-webpack-plugin@^1.4.3:
-  version "1.4.5"
-  resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-1.4.5.tgz#a217aefaea330e734ffacb6120ec1fa312d6040b"
-  integrity sha512-04Rfe496lN8EYruwi6oPQkG0vo8C+HT49X687FZnpPF0qMAIHONI6HEXYPKDOE8e5HjXTyKfqRd/agHtH0kOtw==
-  dependencies:
-    cacache "^12.0.2"
-    find-cache-dir "^2.1.0"
-    is-wsl "^1.1.0"
-    schema-utils "^1.0.0"
-    serialize-javascript "^4.0.0"
-    source-map "^0.6.1"
-    terser "^4.1.2"
-    webpack-sources "^1.4.0"
-    worker-farm "^1.7.0"
-
-terser@^4.1.2:
-  version "4.8.0"
-  resolved "https://registry.yarnpkg.com/terser/-/terser-4.8.0.tgz#63056343d7c70bb29f3af665865a46fe03a0df17"
-  integrity sha512-EAPipTNeWsb/3wLPeup1tVPaXfIaU68xMnVdPafIL1TV05OhASArYyIfFvnvJCNrR2NIOvDVNNTFRa+Re2MWyw==
-  dependencies:
-    commander "^2.20.0"
-    source-map "~0.6.1"
-    source-map-support "~0.5.12"
-
-text-table@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4"
-  integrity sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=
-
-through2@^2.0.0:
-  version "2.0.5"
-  resolved "https://registry.yarnpkg.com/through2/-/through2-2.0.5.tgz#01c1e39eb31d07cb7d03a96a70823260b23132cd"
-  integrity sha512-/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ==
-  dependencies:
-    readable-stream "~2.3.6"
-    xtend "~4.0.1"
-
-through@~2.3.4:
-  version "2.3.8"
-  resolved "https://registry.yarnpkg.com/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5"
-  integrity sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=
-
-thunky@^1.0.2:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/thunky/-/thunky-1.1.0.tgz#5abaf714a9405db0504732bbccd2cedd9ef9537d"
-  integrity sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==
-
-timers-browserify@^2.0.4:
-  version "2.0.12"
-  resolved "https://registry.yarnpkg.com/timers-browserify/-/timers-browserify-2.0.12.tgz#44a45c11fbf407f34f97bccd1577c652361b00ee"
-  integrity sha512-9phl76Cqm6FhSX9Xe1ZUAMLtm1BLkKj2Qd5ApyWkXzsMRaA7dgr81kf4wJmQf/hAvg8EEyJxDo3du/0KlhPiKQ==
-  dependencies:
-    setimmediate "^1.0.4"
-
-timsort@^0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/timsort/-/timsort-0.3.0.tgz#405411a8e7e6339fe64db9a234de11dc31e02bd4"
-  integrity sha1-QFQRqOfmM5/mTbmiNN4R3DHgK9Q=
-
-to-arraybuffer@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/to-arraybuffer/-/to-arraybuffer-1.0.1.tgz#7d229b1fcc637e466ca081180836a7aabff83f43"
-  integrity sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M=
-
-to-factory@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/to-factory/-/to-factory-1.0.0.tgz#8738af8bd97120ad1d4047972ada5563bf9479b1"
-  integrity sha1-hzivi9lxIK0dQEeXKtpVY7+UebE=
-
-to-fast-properties@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e"
-  integrity sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=
-
-to-object-path@^0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/to-object-path/-/to-object-path-0.3.0.tgz#297588b7b0e7e0ac08e04e672f85c1f4999e17af"
-  integrity sha1-KXWIt7Dn4KwI4E5nL4XB9JmeF68=
-  dependencies:
-    kind-of "^3.0.2"
-
-to-readable-stream@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/to-readable-stream/-/to-readable-stream-1.0.0.tgz#ce0aa0c2f3df6adf852efb404a783e77c0475771"
-  integrity sha512-Iq25XBt6zD5npPhlLVXGFN3/gyR2/qODcKNNyTMd4vbm39HUaOiAM4PMq0eMVC/Tkxz+Zjdsc55g9yyz+Yq00Q==
-
-to-regex-range@^2.1.0:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-2.1.1.tgz#7c80c17b9dfebe599e27367e0d4dd5590141db38"
-  integrity sha1-fIDBe53+vlmeJzZ+DU3VWQFB2zg=
-  dependencies:
-    is-number "^3.0.0"
-    repeat-string "^1.6.1"
-
-to-regex-range@^5.0.1:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4"
-  integrity sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==
-  dependencies:
-    is-number "^7.0.0"
-
-to-regex@^3.0.1, to-regex@^3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/to-regex/-/to-regex-3.0.2.tgz#13cfdd9b336552f30b51f33a8ae1b42a7a7599ce"
-  integrity sha512-FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw==
-  dependencies:
-    define-property "^2.0.2"
-    extend-shallow "^3.0.2"
-    regex-not "^1.0.2"
-    safe-regex "^1.1.0"
-
-toidentifier@1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
-  integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==
-
-toml@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/toml/-/toml-3.0.0.tgz#342160f1af1904ec9d204d03a5d61222d762c5ee"
-  integrity sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==
-
-toposort@^1.0.0:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/toposort/-/toposort-1.0.7.tgz#2e68442d9f64ec720b8cc89e6443ac6caa950029"
-  integrity sha1-LmhELZ9k7HILjMieZEOsbKqVACk=
-
-tough-cookie@~2.5.0:
-  version "2.5.0"
-  resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-2.5.0.tgz#cd9fb2a0aa1d5a12b473bd9fb96fa3dcff65ade2"
-  integrity sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==
-  dependencies:
-    psl "^1.1.28"
-    punycode "^2.1.1"
-
-tr46@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/tr46/-/tr46-1.0.1.tgz#a8b13fd6bfd2489519674ccde55ba3693b706d09"
-  integrity sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=
-  dependencies:
-    punycode "^2.1.0"
-
-trim-newlines@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/trim-newlines/-/trim-newlines-1.0.0.tgz#5887966bb582a4503a41eb524f7d35011815a613"
-  integrity sha1-WIeWa7WCpFA6QetST301ARgVphM=
-
-"true-case-path@^1.0.2":
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/true-case-path/-/true-case-path-1.0.3.tgz#f813b5a8c86b40da59606722b144e3225799f47d"
-  integrity sha512-m6s2OdQe5wgpFMC+pAJ+q9djG82O2jcHPOI6RNg1yy9rCYR+WD6Nbpl32fDpfC56nirdRy+opFa/Vk7HYhqaew==
-  dependencies:
-    glob "^7.1.2"
-
-tty-browserify@0.0.0:
-  version "0.0.0"
-  resolved "https://registry.yarnpkg.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
-  integrity sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=
-
-tunnel-agent@^0.6.0:
-  version "0.6.0"
-  resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd"
-  integrity sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=
-  dependencies:
-    safe-buffer "^5.0.1"
-
-tweetnacl@^0.14.3, tweetnacl@~0.14.0:
-  version "0.14.5"
-  resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64"
-  integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=
-
-type-fest@^0.21.3:
-  version "0.21.3"
-  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37"
-  integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==
-
-type-fest@^0.8.1:
-  version "0.8.1"
-  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.8.1.tgz#09e249ebde851d3b1e48d27c105444667f17b83d"
-  integrity sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==
-
-type-is@~1.6.17, type-is@~1.6.18:
-  version "1.6.18"
-  resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.18.tgz#4e552cd05df09467dcbc4ef739de89f2cf37c131"
-  integrity sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==
-  dependencies:
-    media-typer "0.3.0"
-    mime-types "~2.1.24"
-
-typedarray-to-buffer@^3.1.5:
-  version "3.1.5"
-  resolved "https://registry.yarnpkg.com/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz#a97ee7a9ff42691b9f783ff1bc5112fe3fca9080"
-  integrity sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==
-  dependencies:
-    is-typedarray "^1.0.0"
-
-typedarray@^0.0.6:
-  version "0.0.6"
-  resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777"
-  integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=
-
-uc.micro@^1.0.1, uc.micro@^1.0.5:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/uc.micro/-/uc.micro-1.0.6.tgz#9c411a802a409a91fc6cf74081baba34b24499ac"
-  integrity sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==
-
-uglify-js@3.4.x:
-  version "3.4.10"
-  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.4.10.tgz#9ad9563d8eb3acdfb8d38597d2af1d815f6a755f"
-  integrity sha512-Y2VsbPVs0FIshJztycsO2SfPk7/KAF/T72qzv9u5EpQ4kB2hQoHlhNQTsNyy6ul7lQtqJN/AoWeS23OzEiEFxw==
-  dependencies:
-    commander "~2.19.0"
-    source-map "~0.6.1"
-
-unbox-primitive@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/unbox-primitive/-/unbox-primitive-1.0.1.tgz#085e215625ec3162574dc8859abee78a59b14471"
-  integrity sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==
-  dependencies:
-    function-bind "^1.1.1"
-    has-bigints "^1.0.1"
-    has-symbols "^1.0.2"
-    which-boxed-primitive "^1.0.2"
-
-unicode-canonical-property-names-ecmascript@^1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-1.0.4.tgz#2619800c4c825800efdd8343af7dd9933cbe2818"
-  integrity sha512-jDrNnXWHd4oHiTZnx/ZG7gtUTVp+gCcTTKr8L0HjlwphROEW3+Him+IpvC+xcJEFegapiMZyZe02CyuOnRmbnQ==
-
-unicode-match-property-ecmascript@^1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-1.0.4.tgz#8ed2a32569961bce9227d09cd3ffbb8fed5f020c"
-  integrity sha512-L4Qoh15vTfntsn4P1zqnHulG0LdXgjSO035fEpdtp6YxXhMT51Q6vgM5lYdG/5X3MjS+k/Y9Xw4SFCY9IkR0rg==
-  dependencies:
-    unicode-canonical-property-names-ecmascript "^1.0.4"
-    unicode-property-aliases-ecmascript "^1.0.4"
-
-unicode-match-property-value-ecmascript@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-1.2.0.tgz#0d91f600eeeb3096aa962b1d6fc88876e64ea531"
-  integrity sha512-wjuQHGQVofmSJv1uVISKLE5zO2rNGzM/KCYZch/QQvez7C1hUhBIuZ701fYXExuufJFMPhv2SyL8CyoIfMLbIQ==
-
-unicode-property-aliases-ecmascript@^1.0.4:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-1.1.0.tgz#dd57a99f6207bedff4628abefb94c50db941c8f4"
-  integrity sha512-PqSoPh/pWetQ2phoj5RLiaqIk4kCNwoV3CI+LfGmWLKI3rE3kl1h59XpX2BjgDrmbxD9ARtQobPGU1SguCYuQg==
-
-union-value@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"
-  integrity sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==
-  dependencies:
-    arr-union "^3.1.0"
-    get-value "^2.0.6"
-    is-extendable "^0.1.1"
-    set-value "^2.0.1"
-
-uniq@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/uniq/-/uniq-1.0.1.tgz#b31c5ae8254844a3a8281541ce2b04b865a734ff"
-  integrity sha1-sxxa6CVIRKOoKBVBzisEuGWnNP8=
-
-uniqs@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/uniqs/-/uniqs-2.0.0.tgz#ffede4b36b25290696e6e165d4a59edb998e6b02"
-  integrity sha1-/+3ks2slKQaW5uFl1KWe25mOawI=
-
-unique-filename@^1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/unique-filename/-/unique-filename-1.1.1.tgz#1d69769369ada0583103a1e6ae87681b56573230"
-  integrity sha512-Vmp0jIp2ln35UTXuryvjzkjGdRyf9b2lTXuSYUiPmzRcl3FDtYqAwOnTJkAngD9SWhnoJzDbTKwaOrZ+STtxNQ==
-  dependencies:
-    unique-slug "^2.0.0"
-
-unique-slug@^2.0.0:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/unique-slug/-/unique-slug-2.0.2.tgz#baabce91083fc64e945b0f3ad613e264f7cd4e6c"
-  integrity sha512-zoWr9ObaxALD3DOPfjPSqxt4fnZiWblxHIgeWqW8x7UqDzEtHEQLzji2cuJYQFCU6KmoJikOYAZlrTHHebjx2w==
-  dependencies:
-    imurmurhash "^0.1.4"
-
-unique-string@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/unique-string/-/unique-string-2.0.0.tgz#39c6451f81afb2749de2b233e3f7c5e8843bd89d"
-  integrity sha512-uNaeirEPvpZWSgzwsPGtU2zVSTrn/8L5q/IexZmH0eH6SA73CmAA5U4GwORTxQAZs95TAXLNqeLoPPNO5gZfWg==
-  dependencies:
-    crypto-random-string "^2.0.0"
-
-universalify@^0.1.0:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.1.2.tgz#b646f69be3942dabcecc9d6639c80dc105efaa66"
-  integrity sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==
-
-unpipe@1.0.0, unpipe@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"
-  integrity sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=
-
-unquote@~1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/unquote/-/unquote-1.1.1.tgz#8fded7324ec6e88a0ff8b905e7c098cdc086d544"
-  integrity sha1-j97XMk7G6IoP+LkF58CYzcCG1UQ=
-
-unset-value@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/unset-value/-/unset-value-1.0.0.tgz#8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559"
-  integrity sha1-g3aHP30jNRef+x5vw6jtDfyKtVk=
-  dependencies:
-    has-value "^0.3.1"
-    isobject "^3.0.0"
-
-upath@^1.1.0, upath@^1.1.1:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/upath/-/upath-1.2.0.tgz#8f66dbcd55a883acdae4408af8b035a5044c1894"
-  integrity sha512-aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg==
-
-update-notifier@^4.0.0:
-  version "4.1.3"
-  resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-4.1.3.tgz#be86ee13e8ce48fb50043ff72057b5bd598e1ea3"
-  integrity sha512-Yld6Z0RyCYGB6ckIjffGOSOmHXj1gMeE7aROz4MG+XMkmixBX4jUngrGXNYz7wPKBmtoD4MnBa2Anu7RSKht/A==
-  dependencies:
-    boxen "^4.2.0"
-    chalk "^3.0.0"
-    configstore "^5.0.1"
-    has-yarn "^2.1.0"
-    import-lazy "^2.1.0"
-    is-ci "^2.0.0"
-    is-installed-globally "^0.3.1"
-    is-npm "^4.0.0"
-    is-yarn-global "^0.3.0"
-    latest-version "^5.0.0"
-    pupa "^2.0.1"
-    semver-diff "^3.1.1"
-    xdg-basedir "^4.0.0"
-
-upper-case@^1.1.1:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/upper-case/-/upper-case-1.1.3.tgz#f6b4501c2ec4cdd26ba78be7222961de77621598"
-  integrity sha1-9rRQHC7EzdJrp4vnIilh3ndiFZg=
-
-uri-js@^4.2.2:
-  version "4.4.1"
-  resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.4.1.tgz#9b1a52595225859e55f669d928f88c6c57f2a77e"
-  integrity sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==
-  dependencies:
-    punycode "^2.1.0"
-
-urix@^0.1.0:
-  version "0.1.0"
-  resolved "https://registry.yarnpkg.com/urix/-/urix-0.1.0.tgz#da937f7a62e21fec1fd18d49b35c2935067a6c72"
-  integrity sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=
-
-url-loader@^1.0.1:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/url-loader/-/url-loader-1.1.2.tgz#b971d191b83af693c5e3fea4064be9e1f2d7f8d8"
-  integrity sha512-dXHkKmw8FhPqu8asTc1puBfe3TehOCo2+RmOOev5suNCIYBcT626kxiWg1NBVkwc4rO8BGa7gP70W7VXuqHrjg==
-  dependencies:
-    loader-utils "^1.1.0"
-    mime "^2.0.3"
-    schema-utils "^1.0.0"
-
-url-parse-lax@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/url-parse-lax/-/url-parse-lax-3.0.0.tgz#16b5cafc07dbe3676c1b1999177823d6503acb0c"
-  integrity sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=
-  dependencies:
-    prepend-http "^2.0.0"
-
-url-parse@^1.4.3, url-parse@^1.5.1:
-  version "1.5.10"
-  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1"
-  integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==
-  dependencies:
-    querystringify "^2.1.1"
-    requires-port "^1.0.0"
-
-url@^0.11.0:
-  version "0.11.0"
-  resolved "https://registry.yarnpkg.com/url/-/url-0.11.0.tgz#3838e97cfc60521eb73c525a8e55bfdd9e2e28f1"
-  integrity sha1-ODjpfPxgUh63PFJajlW/3Z4uKPE=
-  dependencies:
-    punycode "1.3.2"
-    querystring "0.2.0"
-
-use@^3.1.0:
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/use/-/use-3.1.1.tgz#d50c8cac79a19fbc20f2911f56eb973f4e10070f"
-  integrity sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==
-
-util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
-  integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=
-
-util.promisify@1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/util.promisify/-/util.promisify-1.0.0.tgz#440f7165a459c9a16dc145eb8e72f35687097030"
-  integrity sha512-i+6qA2MPhvoKLuxnJNpXAGhg7HphQOSUq2LKMZD0m15EiskXUkMvKdF4Uui0WYeCUGea+o2cw/ZuwehtfsrNkA==
-  dependencies:
-    define-properties "^1.1.2"
-    object.getownpropertydescriptors "^2.0.3"
-
-util.promisify@~1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/util.promisify/-/util.promisify-1.0.1.tgz#6baf7774b80eeb0f7520d8b81d07982a59abbaee"
-  integrity sha512-g9JpC/3He3bm38zsLupWryXHoEcS22YHthuPQSJdMy6KNrzIRzWqcsHzD/WUnqe45whVou4VIsPew37DoXWNrA==
-  dependencies:
-    define-properties "^1.1.3"
-    es-abstract "^1.17.2"
-    has-symbols "^1.0.1"
-    object.getownpropertydescriptors "^2.1.0"
-
-util@0.10.3:
-  version "0.10.3"
-  resolved "https://registry.yarnpkg.com/util/-/util-0.10.3.tgz#7afb1afe50805246489e3db7fe0ed379336ac0f9"
-  integrity sha1-evsa/lCAUkZInj23/g7TeTNqwPk=
-  dependencies:
-    inherits "2.0.1"
-
-util@^0.11.0:
-  version "0.11.1"
-  resolved "https://registry.yarnpkg.com/util/-/util-0.11.1.tgz#3236733720ec64bb27f6e26f421aaa2e1b588d61"
-  integrity sha512-HShAsny+zS2TZfaXxD9tYj4HQGlBezXZMZuM/S5PKLLoZkShZiGk9o5CzukI1LVHZvjdvZ2Sj1aW/Ndn2NB/HQ==
-  dependencies:
-    inherits "2.0.3"
-
-utila@~0.4:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/utila/-/utila-0.4.0.tgz#8a16a05d445657a3aea5eecc5b12a4fa5379772c"
-  integrity sha1-ihagXURWV6Oupe7MWxKk+lN5dyw=
-
-utils-merge@1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713"
-  integrity sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=
-
-uuid@^3.3.2, uuid@^3.4.0:
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee"
-  integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==
-
-validate-npm-package-license@^3.0.1:
-  version "3.0.4"
-  resolved "https://registry.yarnpkg.com/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz#fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a"
-  integrity sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==
-  dependencies:
-    spdx-correct "^3.0.0"
-    spdx-expression-parse "^3.0.0"
-
-vary@~1.1.2:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"
-  integrity sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=
-
-vendors@^1.0.0:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/vendors/-/vendors-1.0.4.tgz#e2b800a53e7a29b93506c3cf41100d16c4c4ad8e"
-  integrity sha512-/juG65kTL4Cy2su4P8HjtkTxk6VmJDiOPBufWniqQ6wknac6jNiXS9vU+hO3wgusiyqWlzTbVHi0dyJqRONg3w==
-
-verror@1.10.0:
-  version "1.10.0"
-  resolved "https://registry.yarnpkg.com/verror/-/verror-1.10.0.tgz#3a105ca17053af55d6e270c1f8288682e18da400"
-  integrity sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=
-  dependencies:
-    assert-plus "^1.0.0"
-    core-util-is "1.0.2"
-    extsprintf "^1.2.0"
-
-vm-browserify@^1.0.1:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/vm-browserify/-/vm-browserify-1.1.2.tgz#78641c488b8e6ca91a75f511e7a3b32a86e5dda0"
-  integrity sha512-2ham8XPWTONajOR0ohOKOHXkm3+gaBmGut3SRuu75xLd/RRaY6vqgh8NBYYk7+RW3u5AtzPQZG8F10LHkl0lAQ==
-
-vue-hot-reload-api@^2.3.0:
-  version "2.3.4"
-  resolved "https://registry.yarnpkg.com/vue-hot-reload-api/-/vue-hot-reload-api-2.3.4.tgz#532955cc1eb208a3d990b3a9f9a70574657e08f2"
-  integrity sha512-BXq3jwIagosjgNVae6tkHzzIk6a8MHFtzAdwhnV5VlvPTFxDCvIttgSiHWjdGoTJvXtmRu5HacExfdarRcFhog==
-
-vue-loader@^15.7.1:
-  version "15.9.6"
-  resolved "https://registry.yarnpkg.com/vue-loader/-/vue-loader-15.9.6.tgz#f4bb9ae20c3a8370af3ecf09b8126d38ffdb6b8b"
-  integrity sha512-j0cqiLzwbeImIC6nVIby2o/ABAWhlppyL/m5oJ67R5MloP0hj/DtFgb0Zmq3J9CG7AJ+AXIvHVnJAPBvrLyuDg==
-  dependencies:
-    "@vue/component-compiler-utils" "^3.1.0"
-    hash-sum "^1.0.2"
-    loader-utils "^1.1.0"
-    vue-hot-reload-api "^2.3.0"
-    vue-style-loader "^4.1.0"
-
-vue-router@^3.4.5:
-  version "3.5.2"
-  resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.5.2.tgz#5f55e3f251970e36c3e8d88a7cd2d67a350ade5c"
-  integrity sha512-807gn82hTnjCYGrnF3eNmIw/dk7/GE4B5h69BlyCK9KHASwSloD1Sjcn06zg9fVG4fYH2DrsNBZkpLtb25WtaQ==
-
-vue-server-renderer@^2.6.10:
-  version "2.6.14"
-  resolved "https://registry.yarnpkg.com/vue-server-renderer/-/vue-server-renderer-2.6.14.tgz#c8bffff152df6b47b858818ef8d524d2fc351654"
-  integrity sha512-HifYRa/LW7cKywg9gd4ZtvtRuBlstQBao5ZCWlg40fyB4OPoGfEXAzxb0emSLv4pBDOHYx0UjpqvxpiQFEuoLA==
-  dependencies:
-    chalk "^1.1.3"
-    hash-sum "^1.0.2"
-    he "^1.1.0"
-    lodash.template "^4.5.0"
-    lodash.uniq "^4.5.0"
-    resolve "^1.2.0"
-    serialize-javascript "^3.1.0"
-    source-map "0.5.6"
-
-vue-style-loader@^4.1.0:
-  version "4.1.3"
-  resolved "https://registry.yarnpkg.com/vue-style-loader/-/vue-style-loader-4.1.3.tgz#6d55863a51fa757ab24e89d9371465072aa7bc35"
-  integrity sha512-sFuh0xfbtpRlKfm39ss/ikqs9AbKCoXZBpHeVZ8Tx650o0k0q/YCM7FRvigtxpACezfq6af+a7JeqVTWvncqDg==
-  dependencies:
-    hash-sum "^1.0.2"
-    loader-utils "^1.0.2"
-
-vue-template-compiler@^2.6.10:
-  version "2.6.14"
-  resolved "https://registry.yarnpkg.com/vue-template-compiler/-/vue-template-compiler-2.6.14.tgz#a2f0e7d985670d42c9c9ee0d044fed7690f4f763"
-  integrity sha512-ODQS1SyMbjKoO1JBJZojSw6FE4qnh9rIpUZn2EUT86FKizx9uH5z6uXiIrm4/Nb/gwxTi/o17ZDEGWAXHvtC7g==
-  dependencies:
-    de-indent "^1.0.2"
-    he "^1.1.0"
-
-vue-template-es2015-compiler@^1.9.0:
-  version "1.9.1"
-  resolved "https://registry.yarnpkg.com/vue-template-es2015-compiler/-/vue-template-es2015-compiler-1.9.1.tgz#1ee3bc9a16ecbf5118be334bb15f9c46f82f5825"
-  integrity sha512-4gDntzrifFnCEvyoO8PqyJDmguXgVPxKiIxrBKjIowvL9l+N66196+72XVYR8BBf1Uv1Fgt3bGevJ+sEmxfZzw==
-
-vue@^2.6.10:
-  version "2.6.14"
-  resolved "https://registry.yarnpkg.com/vue/-/vue-2.6.14.tgz#e51aa5250250d569a3fbad3a8a5a687d6036e235"
-  integrity sha512-x2284lgYvjOMj3Za7kqzRcUSxBboHqtgRE2zlos1qWaOye5yUmHn42LB1250NJBLRwEcdrB0JRwyPTEPhfQjiQ==
-
-vuepress-html-webpack-plugin@^3.2.0:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/vuepress-html-webpack-plugin/-/vuepress-html-webpack-plugin-3.2.0.tgz#219be272ad510faa8750d2d4e70fd028bfd1c16e"
-  integrity sha512-BebAEl1BmWlro3+VyDhIOCY6Gef2MCBllEVAP3NUAtMguiyOwo/dClbwJ167WYmcxHJKLl7b0Chr9H7fpn1d0A==
-  dependencies:
-    html-minifier "^3.2.3"
-    loader-utils "^0.2.16"
-    lodash "^4.17.3"
-    pretty-error "^2.0.2"
-    tapable "^1.0.0"
-    toposort "^1.0.0"
-    util.promisify "1.0.0"
-
-vuepress-plugin-check-md@0.0.2:
-  version "0.0.2"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-check-md/-/vuepress-plugin-check-md-0.0.2.tgz#e0c5f296948fa5df24280971ee6a725c00a88738"
-  integrity sha512-XwA/IiMNvR42L3ajmkr+6JY3JRnhDN+uluh1wLYl0VAI8VqTkXT7Ng4xlxgebfLPChEFPnJgcydGv8E52Zdpig==
-  dependencies:
-    check-md "1.0.0"
-
-vuepress-plugin-code-copy@^1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-code-copy/-/vuepress-plugin-code-copy-1.0.6.tgz#6431dab764b48b5b203e4936d98b1943651ce4ad"
-  integrity sha512-FiqwMtlb4rEsOI56O6sSkekcd3SlESxbkR2IaTIQxsMOMoalKfW5R9WlR1Pjm10v6jmU661Ex8MR11k9IzrNUg==
-
-vuepress-plugin-container@^2.0.2:
-  version "2.1.5"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-container/-/vuepress-plugin-container-2.1.5.tgz#37fff05662fedbd63ffd3a5463b2592c7a7f3133"
-  integrity sha512-TQrDX/v+WHOihj3jpilVnjXu9RcTm6m8tzljNJwYhxnJUW0WWQ0hFLcDTqTBwgKIFdEiSxVOmYE+bJX/sq46MA==
-  dependencies:
-    "@vuepress/shared-utils" "^1.2.0"
-    markdown-it-container "^2.0.0"
-
-vuepress-plugin-element-tabs@^0.2.8:
-  version "0.2.8"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-element-tabs/-/vuepress-plugin-element-tabs-0.2.8.tgz#7e52c97090156c11b18450f848cd4a5767f76502"
-  integrity sha512-wyZNM++o5nIncgqHBHwlDf8B5o5o235ZWRFjLGgFiXY5Zds7Hl/fB0DL54skqNSP6Vn2MOEPd9pyYBW+piYjwA==
-  dependencies:
-    node-sass "^4.11.0"
-    resize-observer-polyfill "^1.5.1"
-    sass-loader "^7.1.0"
-
-vuepress-plugin-mailchimp@^1.4.2:
-  version "1.4.2"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-mailchimp/-/vuepress-plugin-mailchimp-1.4.2.tgz#373fa1df8f03a8993817b09ddfb8bd9d04a1c665"
-  integrity sha512-4t5ZaKZXu5ZkwgE+WW//7CgXgz6DEhRefGrO5aql4PwapauNXlHKgQ2JMf9FRe5y5WHjNpDHYveEDNzISZmxJw==
-  dependencies:
-    jsonp "^0.2.1"
-    query-string "^6.9.0"
-
-vuepress-plugin-mermaidjs@^1.8.1:
-  version "1.8.1"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-mermaidjs/-/vuepress-plugin-mermaidjs-1.8.1.tgz#299c19dd92bfef45f14deb5fdb7eba0c3c419290"
-  integrity sha512-gVnl2t2cbTd0ZWqikZzPPIjBvvcSKzAcuiON96Fi6RQo0QzIpjzXxuIp9bZ+tFUHn6UZp6hqqPtOdbsgcajilg==
-  dependencies:
-    mermaid "^8.8.3"
-
-vuepress-plugin-sitemap@2.3.1:
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-sitemap/-/vuepress-plugin-sitemap-2.3.1.tgz#51298aca77a5de96396fdbd1103e1637dd61ae6a"
-  integrity sha512-n+8lbukhrKrsI9H/EX0EBgkE1pn85LAQFvQ5dIvrZP4Kz6JxPOPPNTQmZMhahQV1tXbLZQCEN7A1WZH4x+arJQ==
-  dependencies:
-    sitemap "^3.0.0"
-
-vuepress-plugin-smooth-scroll@^0.0.3:
-  version "0.0.3"
-  resolved "https://registry.yarnpkg.com/vuepress-plugin-smooth-scroll/-/vuepress-plugin-smooth-scroll-0.0.3.tgz#6eff2d4c186cca917cc9f7df2b0af7de7c8c6438"
-  integrity sha512-qsQkDftLVFLe8BiviIHaLV0Ea38YLZKKonDGsNQy1IE0wllFpFIEldWD8frWZtDFdx6b/O3KDMgVQ0qp5NjJCg==
-  dependencies:
-    smoothscroll-polyfill "^0.4.3"
-
-vuepress@1.8.2:
-  version "1.8.2"
-  resolved "https://registry.yarnpkg.com/vuepress/-/vuepress-1.8.2.tgz#97e8bf979630611fc7b621fc4cc35b798ee5e847"
-  integrity sha512-BU1lUDwsA3ghf7a9ga4dsf0iTc++Z/l7BR1kUagHWVBHw7HNRgRDfAZBDDQXhllMILVToIxaTifpne9mSi94OA==
-  dependencies:
-    "@vuepress/core" "1.8.2"
-    "@vuepress/theme-default" "1.8.2"
-    cac "^6.5.6"
-    envinfo "^7.2.0"
-    opencollective-postinstall "^2.0.2"
-    update-notifier "^4.0.0"
-
-watchpack-chokidar2@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/watchpack-chokidar2/-/watchpack-chokidar2-2.0.1.tgz#38500072ee6ece66f3769936950ea1771be1c957"
-  integrity sha512-nCFfBIPKr5Sh61s4LPpy1Wtfi0HE8isJ3d2Yb5/Ppw2P2B/3eVSEBjKfN0fmHJSK14+31KwMKmcrzs2GM4P0Ww==
-  dependencies:
-    chokidar "^2.1.8"
-
-watchpack@^1.7.4:
-  version "1.7.5"
-  resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-1.7.5.tgz#1267e6c55e0b9b5be44c2023aed5437a2c26c453"
-  integrity sha512-9P3MWk6SrKjHsGkLT2KHXdQ/9SNkyoJbabxnKOoJepsvJjJG8uYTR3yTPxPQvNDI3w4Nz1xnE0TLHK4RIVe/MQ==
-  dependencies:
-    graceful-fs "^4.1.2"
-    neo-async "^2.5.0"
-  optionalDependencies:
-    chokidar "^3.4.1"
-    watchpack-chokidar2 "^2.0.1"
-
-wbuf@^1.1.0, wbuf@^1.7.3:
-  version "1.7.3"
-  resolved "https://registry.yarnpkg.com/wbuf/-/wbuf-1.7.3.tgz#c1d8d149316d3ea852848895cb6a0bfe887b87df"
-  integrity sha512-O84QOnr0icsbFGLS0O3bI5FswxzRr8/gHwWkDlQFskhSPryQXvrTMxjxGP4+iWYoauLoBvfDpkrOauZ+0iZpDA==
-  dependencies:
-    minimalistic-assert "^1.0.0"
-
-webidl-conversions@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-4.0.2.tgz#a855980b1f0b6b359ba1d5d9fb39ae941faa63ad"
-  integrity sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==
-
-webpack-chain@^4.9.0:
-  version "4.12.1"
-  resolved "https://registry.yarnpkg.com/webpack-chain/-/webpack-chain-4.12.1.tgz#6c8439bbb2ab550952d60e1ea9319141906c02a6"
-  integrity sha512-BCfKo2YkDe2ByqkEWe1Rw+zko4LsyS75LVr29C6xIrxAg9JHJ4pl8kaIZ396SUSNp6b4815dRZPSTAS8LlURRQ==
-  dependencies:
-    deepmerge "^1.5.2"
-    javascript-stringify "^1.6.0"
-
-webpack-chain@^6.0.0:
-  version "6.5.1"
-  resolved "https://registry.yarnpkg.com/webpack-chain/-/webpack-chain-6.5.1.tgz#4f27284cbbb637e3c8fbdef43eef588d4d861206"
-  integrity sha512-7doO/SRtLu8q5WM0s7vPKPWX580qhi0/yBHkOxNkv50f6qB76Zy9o2wRTrrPULqYTvQlVHuvbA8v+G5ayuUDsA==
-  dependencies:
-    deepmerge "^1.5.2"
-    javascript-stringify "^2.0.1"
-
-webpack-dev-middleware@^3.7.2:
-  version "3.7.3"
-  resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-3.7.3.tgz#0639372b143262e2b84ab95d3b91a7597061c2c5"
-  integrity sha512-djelc/zGiz9nZj/U7PTBi2ViorGJXEWo/3ltkPbDyxCXhhEXkW0ce99falaok4TPj+AsxLiXJR0EBOb0zh9fKQ==
-  dependencies:
-    memory-fs "^0.4.1"
-    mime "^2.4.4"
-    mkdirp "^0.5.1"
-    range-parser "^1.2.1"
-    webpack-log "^2.0.0"
-
-webpack-dev-server@^3.5.1:
-  version "3.11.2"
-  resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-3.11.2.tgz#695ebced76a4929f0d5de7fd73fafe185fe33708"
-  integrity sha512-A80BkuHRQfCiNtGBS1EMf2ChTUs0x+B3wGDFmOeT4rmJOHhHTCH2naNxIHhmkr0/UillP4U3yeIyv1pNp+QDLQ==
-  dependencies:
-    ansi-html "0.0.7"
-    bonjour "^3.5.0"
-    chokidar "^2.1.8"
-    compression "^1.7.4"
-    connect-history-api-fallback "^1.6.0"
-    debug "^4.1.1"
-    del "^4.1.1"
-    express "^4.17.1"
-    html-entities "^1.3.1"
-    http-proxy-middleware "0.19.1"
-    import-local "^2.0.0"
-    internal-ip "^4.3.0"
-    ip "^1.1.5"
-    is-absolute-url "^3.0.3"
-    killable "^1.0.1"
-    loglevel "^1.6.8"
-    opn "^5.5.0"
-    p-retry "^3.0.1"
-    portfinder "^1.0.26"
-    schema-utils "^1.0.0"
-    selfsigned "^1.10.8"
-    semver "^6.3.0"
-    serve-index "^1.9.1"
-    sockjs "^0.3.21"
-    sockjs-client "^1.5.0"
-    spdy "^4.0.2"
-    strip-ansi "^3.0.1"
-    supports-color "^6.1.0"
-    url "^0.11.0"
-    webpack-dev-middleware "^3.7.2"
-    webpack-log "^2.0.0"
-    ws "^6.2.1"
-    yargs "^13.3.2"
-
-webpack-log@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/webpack-log/-/webpack-log-2.0.0.tgz#5b7928e0637593f119d32f6227c1e0ac31e1b47f"
-  integrity sha512-cX8G2vR/85UYG59FgkoMamwHUIkSSlV3bBMRsbxVXVUk2j6NleCKjQ/WE9eYg9WY4w25O9w8wKP4rzNZFmUcUg==
-  dependencies:
-    ansi-colors "^3.0.0"
-    uuid "^3.3.2"
-
-webpack-merge@^4.1.2:
-  version "4.2.2"
-  resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-4.2.2.tgz#a27c52ea783d1398afd2087f547d7b9d2f43634d"
-  integrity sha512-TUE1UGoTX2Cd42j3krGYqObZbOD+xF7u28WB7tfUordytSjbWTIjK/8V0amkBfTYN4/pB/GIDlJZZ657BGG19g==
-  dependencies:
-    lodash "^4.17.15"
-
-webpack-sources@^1.1.0, webpack-sources@^1.4.0, webpack-sources@^1.4.1:
-  version "1.4.3"
-  resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-1.4.3.tgz#eedd8ec0b928fbf1cbfe994e22d2d890f330a933"
-  integrity sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==
-  dependencies:
-    source-list-map "^2.0.0"
-    source-map "~0.6.1"
-
-webpack@^4.8.1:
-  version "4.46.0"
-  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.46.0.tgz#bf9b4404ea20a073605e0a011d188d77cb6ad542"
-  integrity sha512-6jJuJjg8znb/xRItk7bkT0+Q7AHCYjjFnvKIWQPkNIOyRqoCGvkOs0ipeQzrqz4l5FtN5ZI/ukEHroeX/o1/5Q==
-  dependencies:
-    "@webassemblyjs/ast" "1.9.0"
-    "@webassemblyjs/helper-module-context" "1.9.0"
-    "@webassemblyjs/wasm-edit" "1.9.0"
-    "@webassemblyjs/wasm-parser" "1.9.0"
-    acorn "^6.4.1"
-    ajv "^6.10.2"
-    ajv-keywords "^3.4.1"
-    chrome-trace-event "^1.0.2"
-    enhanced-resolve "^4.5.0"
-    eslint-scope "^4.0.3"
-    json-parse-better-errors "^1.0.2"
-    loader-runner "^2.4.0"
-    loader-utils "^1.2.3"
-    memory-fs "^0.4.1"
-    micromatch "^3.1.10"
-    mkdirp "^0.5.3"
-    neo-async "^2.6.1"
-    node-libs-browser "^2.2.1"
-    schema-utils "^1.0.0"
-    tapable "^1.1.3"
-    terser-webpack-plugin "^1.4.3"
-    watchpack "^1.7.4"
-    webpack-sources "^1.4.1"
-
-webpackbar@3.2.0:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/webpackbar/-/webpackbar-3.2.0.tgz#bdaad103fad11a4e612500e72aaae98b08ba493f"
-  integrity sha512-PC4o+1c8gWWileUfwabe0gqptlXUDJd5E0zbpr2xHP1VSOVlZVPBZ8j6NCR8zM5zbKdxPhctHXahgpNK1qFDPw==
-  dependencies:
-    ansi-escapes "^4.1.0"
-    chalk "^2.4.1"
-    consola "^2.6.0"
-    figures "^3.0.0"
-    pretty-time "^1.1.0"
-    std-env "^2.2.1"
-    text-table "^0.2.0"
-    wrap-ansi "^5.1.0"
-
-websocket-driver@>=0.5.1, websocket-driver@^0.7.4:
-  version "0.7.4"
-  resolved "https://registry.yarnpkg.com/websocket-driver/-/websocket-driver-0.7.4.tgz#89ad5295bbf64b480abcba31e4953aca706f5760"
-  integrity sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==
-  dependencies:
-    http-parser-js ">=0.5.1"
-    safe-buffer ">=5.1.0"
-    websocket-extensions ">=0.1.1"
-
-websocket-extensions@>=0.1.1:
-  version "0.1.4"
-  resolved "https://registry.yarnpkg.com/websocket-extensions/-/websocket-extensions-0.1.4.tgz#7f8473bc839dfd87608adb95d7eb075211578a42"
-  integrity sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==
-
-whatwg-url@^7.0.0:
-  version "7.1.0"
-  resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-7.1.0.tgz#c2c492f1eca612988efd3d2266be1b9fc6170d06"
-  integrity sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==
-  dependencies:
-    lodash.sortby "^4.7.0"
-    tr46 "^1.0.1"
-    webidl-conversions "^4.0.2"
-
-when@~3.6.x:
-  version "3.6.4"
-  resolved "https://registry.yarnpkg.com/when/-/when-3.6.4.tgz#473b517ec159e2b85005497a13983f095412e34e"
-  integrity sha1-RztRfsFZ4rhQBUl6E5g/CVQS404=
-
-which-boxed-primitive@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz#13757bc89b209b049fe5d86430e21cf40a89a8e6"
-  integrity sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==
-  dependencies:
-    is-bigint "^1.0.1"
-    is-boolean-object "^1.1.0"
-    is-number-object "^1.0.4"
-    is-string "^1.0.5"
-    is-symbol "^1.0.3"
-
-which-module@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/which-module/-/which-module-2.0.0.tgz#d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a"
-  integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=
-
-which@1, which@^1.2.9:
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a"
-  integrity sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==
-  dependencies:
-    isexe "^2.0.0"
-
-wide-align@^1.1.0:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/wide-align/-/wide-align-1.1.3.tgz#ae074e6bdc0c14a431e804e624549c633b000457"
-  integrity sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA==
-  dependencies:
-    string-width "^1.0.2 || 2"
-
-widest-line@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/widest-line/-/widest-line-3.1.0.tgz#8292333bbf66cb45ff0de1603b136b7ae1496eca"
-  integrity sha512-NsmoXalsWVDMGupxZ5R08ka9flZjjiLvHVAWYOKtiKM8ujtZWr9cRffak+uSE48+Ob8ObalXpwyeUiyDD6QFgg==
-  dependencies:
-    string-width "^4.0.0"
-
-worker-farm@^1.7.0:
-  version "1.7.0"
-  resolved "https://registry.yarnpkg.com/worker-farm/-/worker-farm-1.7.0.tgz#26a94c5391bbca926152002f69b84a4bf772e5a8"
-  integrity sha512-rvw3QTZc8lAxyVrqcSGVm5yP/IJ2UcB3U0graE3LCFoZ0Yn2x4EoVSqJKdB/T5M+FLcRPjz4TDacRf3OCfNUzw==
-  dependencies:
-    errno "~0.1.7"
-
-wrap-ansi@^5.1.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-5.1.0.tgz#1fd1f67235d5b6d0fee781056001bfb694c03b09"
-  integrity sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q==
-  dependencies:
-    ansi-styles "^3.2.0"
-    string-width "^3.0.0"
-    strip-ansi "^5.0.0"
-
-wrappy@1:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
-  integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=
-
-write-file-atomic@^3.0.0:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/write-file-atomic/-/write-file-atomic-3.0.3.tgz#56bd5c5a5c70481cd19c571bd39ab965a5de56e8"
-  integrity sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==
-  dependencies:
-    imurmurhash "^0.1.4"
-    is-typedarray "^1.0.0"
-    signal-exit "^3.0.2"
-    typedarray-to-buffer "^3.1.5"
-
-ws@^6.2.1:
-  version "6.2.2"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-6.2.2.tgz#dd5cdbd57a9979916097652d78f1cc5faea0c32e"
-  integrity sha512-zmhltoSR8u1cnDsD43TX59mzoMZsLKqUweyYBAIvTngR3shc0W6aOZylZmq/7hqyVxPdi+5Ud2QInblgyE72fw==
-  dependencies:
-    async-limiter "~1.0.0"
-
-xdg-basedir@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
-  integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==
-
-xmlbuilder@^13.0.0:
-  version "13.0.2"
-  resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-13.0.2.tgz#02ae33614b6a047d1c32b5389c1fdacb2bce47a7"
-  integrity sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ==
-
-xtend@^4.0.0, xtend@~4.0.1:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.2.tgz#bb72779f5fa465186b1f438f674fa347fdb5db54"
-  integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
-
-y18n@^4.0.0:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.3.tgz#b5f259c82cd6e336921efd7bfd8bf560de9eeedf"
-  integrity sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==
-
-yallist@^2.1.2:
-  version "2.1.2"
-  resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52"
-  integrity sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=
-
-yallist@^3.0.2:
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd"
-  integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==
-
-yargs-parser@^13.1.2:
-  version "13.1.2"
-  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-13.1.2.tgz#130f09702ebaeef2650d54ce6e3e5706f7a4fb38"
-  integrity sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg==
-  dependencies:
-    camelcase "^5.0.0"
-    decamelize "^1.2.0"
-
-yargs@^13.3.2:
-  version "13.3.2"
-  resolved "https://registry.yarnpkg.com/yargs/-/yargs-13.3.2.tgz#ad7ffefec1aa59565ac915f82dccb38a9c31a2dd"
-  integrity sha512-AX3Zw5iPruN5ie6xGRIDgqkT+ZhnRlZMLMHAs8tg7nRruy2Nb+i5o9bwghAogtM08q1dpr2LVoS8KSTMYpWXUw==
-  dependencies:
-    cliui "^5.0.0"
-    find-up "^3.0.0"
-    get-caller-file "^2.0.1"
-    require-directory "^2.1.1"
-    require-main-filename "^2.0.0"
-    set-blocking "^2.0.0"
-    string-width "^3.0.0"
-    which-module "^2.0.0"
-    y18n "^4.0.0"
-    yargs-parser "^13.1.2"
-
-zepto@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/zepto/-/zepto-1.2.0.tgz#e127bd9e66fd846be5eab48c1394882f7c0e4f98"
-  integrity sha1-4Se9nmb9hGvl6rSME5SIL3wOT5g=