From 6294bdb88d777564362935317aa2a89d23cbf817 Mon Sep 17 00:00:00 2001 From: Christoph Hamsen Date: Sun, 4 Feb 2024 19:12:36 +0100 Subject: [PATCH 1/5] ci: add initial integration tests --- .../workflows/.reusable-integration-test.yml | 203 +++++++++++++++++- .github/workflows/pr.yml | 2 +- .github/workflows/push.yml | 2 +- Makefile | 6 +- README.md | 22 +- charts/semgr8s/templates/webhook.yaml | 2 +- tests/{ => demo}/failing_deployment.yaml | 4 +- tests/{ => demo}/passing_deployment.yaml | 0 tests/integration/README.md | 14 ++ tests/integration/data/00_namespaces.yaml | 15 ++ tests/integration/data/20_compliant_pod.yaml | 23 ++ tests/integration/data/40_nosc_pod.yaml | 13 ++ tests/integration/data/41_privileged_pod.yaml | 21 ++ .../integration/data/42_hostnetwork_pod.yaml | 21 ++ tests/integration/main.sh | 55 +++++ tests/integration/scripts/basic.sh | 10 + tests/integration/scripts/common.sh | 168 +++++++++++++++ tests/integration/scripts/rules.sh | 10 + tests/integration/test_cases/basic.yaml | 19 ++ tests/integration/test_cases/rules.yaml | 31 +++ 20 files changed, 619 insertions(+), 22 deletions(-) rename tests/{ => demo}/failing_deployment.yaml (93%) rename tests/{ => demo}/passing_deployment.yaml (100%) create mode 100644 tests/integration/README.md create mode 100644 tests/integration/data/00_namespaces.yaml create mode 100644 tests/integration/data/20_compliant_pod.yaml create mode 100644 tests/integration/data/40_nosc_pod.yaml create mode 100644 tests/integration/data/41_privileged_pod.yaml create mode 100644 tests/integration/data/42_hostnetwork_pod.yaml create mode 100755 tests/integration/main.sh create mode 100644 tests/integration/scripts/basic.sh create mode 100644 tests/integration/scripts/common.sh create mode 100644 tests/integration/scripts/rules.sh create mode 100644 tests/integration/test_cases/basic.yaml create mode 100644 tests/integration/test_cases/rules.yaml diff --git a/.github/workflows/.reusable-integration-test.yml b/.github/workflows/.reusable-integration-test.yml index 43a8708..649fa82 100644 --- a/.github/workflows/.reusable-integration-test.yml +++ b/.github/workflows/.reusable-integration-test.yml @@ -29,13 +29,210 @@ env: IMAGEPULLSECRET: dockerconfigjson-ghcr jobs: - do-nothing: + integration-test: name: functional runs-on: ubuntu-latest if: inputs.skip != 'all' # permissions: #TODO: reactivate for non-private # packages: read + env: + IMAGE: ${{ inputs.build_image_repository }} + TAG: ${{ inputs.build_tag }} + strategy: + fail-fast: false + matrix: + integration-test-arg: + [ + "basic", + ] steps: - - name: Do nothing + - name: Checkout code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Login with registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ inputs.build_registry }} + username: ${{ inputs.repo_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install yq run: | - sleep 1 + sudo snap install yq + - uses: ./.github/actions/k8s-version-config + name: Setup k8s cluster + with: + k8s-version: v1.25 + - name: Run test + run: | + bash tests/integration/main.sh "${{ matrix.integration-test-arg }}" + - name: Display semgr8s configuration + if: always() + run: | + echo "::group::values.yaml" + yq e '... comments=""' charts/semgr8s/values.yaml + echo "::endgroup::" + - name: Display k8s state if integration test failed + if: failure() + run: | + kubectl describe deployments.apps -n semgr8ns -lapp.kubernetes.io/name=semgr8s + kubectl describe pods -n semgr8ns -lapp.kubernetes.io/name=semgr8s + - name: Display logs if integration test failed + if: failure() + run: | + kubectl logs -n semgr8ns -lapp.kubernetes.io/name=semgr8s --prefix=true --tail=-1 + + optional-integration-test: + name: optional + runs-on: ubuntu-latest + if: | + inputs.skip != 'non-required' && + inputs.skip != 'all' + # permissions: #TODO: reactivate for non-private + # packages: read + env: + IMAGE: ${{ inputs.build_image_repository }} + TAG: ${{ inputs.build_tag }} + strategy: + fail-fast: false + matrix: + integration-test-arg: + [ + "rules", + ] + steps: + - name: Checkout code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Login with registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ inputs.build_registry }} + username: ${{ inputs.repo_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install yq + run: | + sudo snap install yq + - uses: ./.github/actions/k8s-version-config + name: Setup k8s cluster + with: + k8s-version: v1.25 + - name: Run test + run: | + bash tests/integration/main.sh "${{ matrix.integration-test-arg }}" + - name: Display semgr8s configuration + if: always() + run: | + echo "::group::values.yaml" + yq e '... comments=""' charts/semgr8s/values.yaml + echo "::endgroup::" + - name: Display k8s state if integration test failed + if: failure() + run: | + kubectl describe deployments.apps -n semgr8ns -lapp.kubernetes.io/name=semgr8s + kubectl describe pods -n semgr8ns -lapp.kubernetes.io/name=semgr8s + - name: Display logs if integration test failed + if: failure() + run: | + kubectl logs -n semgr8ns -lapp.kubernetes.io/name=semgr8s --prefix=true --tail=-1 + + k8s-versions: + name: k8s versions + runs-on: ubuntu-latest + if: inputs.skip != 'all' + # permissions: #TODO: reactivate for non-private + # packages: read + env: + IMAGE: ${{ inputs.build_image_repository }} + TAG: ${{ inputs.build_tag }} + strategy: + fail-fast: false + matrix: + k8s-version: [ + "v1.25", + "v1.26", + "v1.27", + "v1.28", + ] + steps: + - name: Checkout code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Login with registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ inputs.build_registry }} + username: ${{ inputs.repo_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install yq + run: | + sudo snap install yq + - uses: ./.github/actions/k8s-version-config + name: Setup k8s cluster + with: + k8s-version: ${{ matrix.k8s-version }} + - name: Run pre-config and workload integration tests + run: | + bash tests/integration/main.sh "basic" + - name: Display k8s state and logs if integration test failed + if: failure() + run: | + kubectl describe deployments.apps -n semgr8ns -lapp.kubernetes.io/name=semgr8s + kubectl describe pods -n semgr8ns -lapp.kubernetes.io/name=semgr8s + kubectl logs -n semgr8ns -lapp.kubernetes.io/name=semgr8s --prefix=true --tail=-1 + - name: Display semgr8s configuration + if: always() + run: | + echo "::group::values.yaml" + yq e '... comments=""' charts/semgr8s/values.yaml + echo "::endgroup::" + + optional-k8s-versions: + name: optional k8s versions + runs-on: ubuntu-latest + if: | + inputs.skip != 'non-required' && + inputs.skip != 'all' + # permissions: #TODO: reactivate for non-private + # packages: read + env: + IMAGE: ${{ inputs.build_image_repository }} + TAG: ${{ inputs.build_tag }} + strategy: + fail-fast: false + matrix: + k8s-version: [ + "v1.20", + "v1.21", + "v1.22", + "v1.23", + "v1.24", + ] + steps: + - name: Checkout code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Login with registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ inputs.build_registry }} + username: ${{ inputs.repo_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install yq + run: | + sudo snap install yq + - uses: ./.github/actions/k8s-version-config + name: Setup k8s cluster + with: + k8s-version: ${{ matrix.k8s-version }} + - name: Run pre-config and workload integration tests + run: | + bash tests/integration/main.sh "basic" + - name: Display k8s state and logs if integration test failed + if: failure() + run: | + kubectl describe deployments.apps -n semgr8ns -lapp.kubernetes.io/name=semgr8s + kubectl describe pods -n semgr8ns -lapp.kubernetes.io/name=semgr8s + kubectl logs -n semgr8ns -lapp.kubernetes.io/name=semgr8s --prefix=true --tail=-1 + - name: Display semgr8s configuration + if: always() + run: | + echo "::group::values.yaml" + yq e '... comments=""' charts/semgr8s/values.yaml + echo "::endgroup::" + diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 4c39e0c..b5d5611 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -25,5 +25,5 @@ jobs: skip_sast: 'none' skip_sca: 'none' skip_docs: 'non-required' - skip_integration_tests: 'none' + skip_integration_tests: 'non-required' output_type: 'sarif' diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 1c5516b..ccde0a8 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -25,5 +25,5 @@ jobs: skip_sast: 'non-required' skip_sca: 'non-required' skip_docs: 'none' - skip_integration_tests: 'non-required' + skip_integration_tests: 'none' output_type: 'sarif' diff --git a/Makefile b/Makefile index d06e2cb..a281738 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ install: @echo "####################" @echo "## $(@)" @echo "####################" - helm install semgr8s charts/semgr8s --create-namespace --namespace $(ns) + helm install semgr8s charts/semgr8s --atomic --create-namespace --namespace $(ns) .PHONY:uninstall uninstall: @@ -48,10 +48,10 @@ test: @echo "####################" @echo "## $(@)" @echo "####################" - -kubectl create -f tests/ + -kubectl create -f tests/demo @echo -kubectl get pods -n test-semgr8s-passing @echo -kubectl get pods -n test-semgr8s-failing @echo - -kubectl delete -f tests/ + -kubectl delete -f tests/demo diff --git a/README.md b/README.md index 8dff3f0..422cd5b 100644 --- a/README.md +++ b/README.md @@ -99,22 +99,22 @@ Once all resources are in `READY` state, you have successfully installed semgr8s ### Testing -Several test resources are provided under `tests/`. -Semgr8s denies creating pods with insecure configuration according to the rules in `charts/semgr8s/rules`: +Several test resources are provided under `tests/demo/`. +For namespaces with label `semgr8s/validation=enabled`, Semgr8s denies creating pods with insecure configuration according to the rules in `charts/semgr8s/rules`: ```bash -kubectl create -f tests/failing_deployment.yaml +kubectl create -f tests/demo/failing_deployment.yaml ```
output ```bash namespace/test-semgr8s-failing created - Error from server: error when creating "tests/failing_deployment.yaml": admission webhook "semgr8s-svc.semgr8ns.svc" denied the request: Found 1 violation(s) of the following policies: + Error from server: error when creating "tests/demo/failing_deployment.yaml": admission webhook "semgr8s-svc.semgr8ns.svc" denied the request: Found 1 violation(s) of the following policies: * rules.allow-privilege-escalation-no-securitycontext - Error from server: error when creating "tests/failing_deployment.yaml": admission webhook "semgr8s-svc.semgr8ns.svc" denied the request: Found 1 violation(s) of the following policies: + Error from server: error when creating "tests/demo/failing_deployment.yaml": admission webhook "semgr8s-svc.semgr8ns.svc" denied the request: Found 1 violation(s) of the following policies: * rules.privileged-container - Error from server: error when creating "tests/failing_deployment.yaml": admission webhook "semgr8s-svc.semgr8ns.svc" denied the request: Found 1 violation(s) of the following policies: + Error from server: error when creating "tests/demo/failing_deployment.yaml": admission webhook "semgr8s-svc.semgr8ns.svc" denied the request: Found 1 violation(s) of the following policies: * rules.hostnetwork-pod ```
@@ -122,7 +122,7 @@ kubectl create -f tests/failing_deployment.yaml Securely configured resources on the other hand are permitted to the cluster: ```bash -kubectl create -f tests/passing_deployment.yaml +kubectl create -f tests/demo/passing_deployment.yaml ```
output @@ -153,7 +153,7 @@ kubectl delete ns semgr8ns Test resources are deleted via: ```bash -kubectl delete -f tests/ +kubectl delete -f tests/demo/ ```
output @@ -162,9 +162,9 @@ kubectl delete -f tests/ namespace "test-semgr8s-failing" deleted namespace "test-semgr8s-passing" deleted pod "passing-testpod-1" deleted - Error from server (NotFound): error when deleting "tests/failing_deployment.yaml": pods "failing-testpod-1" not found - Error from server (NotFound): error when deleting "tests/failing_deployment.yaml": pods "failing-testpod-2" not found - Error from server (NotFound): error when deleting "tests/failing_deployment.yaml": pods "failing-testpod-3" not found + Error from server (NotFound): error when deleting "tests/demo/failing_deployment.yaml": pods "failing-testpod-1" not found + Error from server (NotFound): error when deleting "tests/demo/failing_deployment.yaml": pods "failing-testpod-2" not found + Error from server (NotFound): error when deleting "tests/demo/failing_deployment.yaml": pods "failing-testpod-3" not found ```
diff --git a/charts/semgr8s/templates/webhook.yaml b/charts/semgr8s/templates/webhook.yaml index f7183fa..657e5de 100644 --- a/charts/semgr8s/templates/webhook.yaml +++ b/charts/semgr8s/templates/webhook.yaml @@ -38,7 +38,7 @@ webhooks: - "*" operations: - CREATE - resources: ["pods"] + - UPDATE clientConfig: service: name: {{ include "semgr8s.serviceName" . }} diff --git a/tests/failing_deployment.yaml b/tests/demo/failing_deployment.yaml similarity index 93% rename from tests/failing_deployment.yaml rename to tests/demo/failing_deployment.yaml index c61bdc7..b4e6695 100644 --- a/tests/failing_deployment.yaml +++ b/tests/demo/failing_deployment.yaml @@ -33,7 +33,7 @@ spec: drop: - ALL privileged: true - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true runAsNonRoot: true --- apiVersion: v1 @@ -52,5 +52,5 @@ spec: drop: - ALL privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true hostNetwork: true diff --git a/tests/passing_deployment.yaml b/tests/demo/passing_deployment.yaml similarity index 100% rename from tests/passing_deployment.yaml rename to tests/demo/passing_deployment.yaml diff --git a/tests/integration/README.md b/tests/integration/README.md new file mode 100644 index 0000000..0da5f01 --- /dev/null +++ b/tests/integration/README.md @@ -0,0 +1,14 @@ +# Run integration tests + +Use the cluster of your choice, e.g. [kind](https://kind.sigs.k8s.io/). +Specify which semgr8s image is to be used as environment variable, e.g.: + +```bash +export IMAGE=ghcr.io/sse-secure-systems/semgr8s +export TAG=v0.1.0 +``` + +Run the desired integration test via: +```bash +tests/integration/main.sh "basic" +``` diff --git a/tests/integration/data/00_namespaces.yaml b/tests/integration/data/00_namespaces.yaml new file mode 100644 index 0000000..651aa0b --- /dev/null +++ b/tests/integration/data/00_namespaces.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: validatedns + labels: + semgr8s/validation: enabled + use: semgr8s-integration-test +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ignoredns + labels: + use: semgr8s-integration-test diff --git a/tests/integration/data/20_compliant_pod.yaml b/tests/integration/data/20_compliant_pod.yaml new file mode 100644 index 0000000..1a3b303 --- /dev/null +++ b/tests/integration/data/20_compliant_pod.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: compliant-pod + namespace: validatedns +spec: + containers: + - image: busybox + name: compliant-pod + command: ["/bin/sh", "-ec", "sleep 1000"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 # remove when using openshift or OKD 4 + runAsGroup: 20001 # remove when using openshift or OKD 4 + seccompProfile: # remove when using Kubernetes prior v1.19, openshift or OKD 4 + type: RuntimeDefault # remove when using Kubernetes prior v1.19, openshift or OKD 4 diff --git a/tests/integration/data/40_nosc_pod.yaml b/tests/integration/data/40_nosc_pod.yaml new file mode 100644 index 0000000..8ade569 --- /dev/null +++ b/tests/integration/data/40_nosc_pod.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: nosc-pod + namespace: validatedns + labels: + use: semgr8s-integration-test +spec: + containers: + - image: busybox + name: nosc-pod + command: ["/bin/sh", "-ec", "sleep 1000"] diff --git a/tests/integration/data/41_privileged_pod.yaml b/tests/integration/data/41_privileged_pod.yaml new file mode 100644 index 0000000..143f94a --- /dev/null +++ b/tests/integration/data/41_privileged_pod.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: privileged-pod + namespace: validatedns + labels: + use: semgr8s-integration-test +spec: + containers: + - image: busybox + name: privileged-pod + command: ["/bin/sh", "-ec", "sleep 1000"] + securityContext: + allowPrivilegeEscalation: true + capabilities: + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsNonRoot: true diff --git a/tests/integration/data/42_hostnetwork_pod.yaml b/tests/integration/data/42_hostnetwork_pod.yaml new file mode 100644 index 0000000..11be564 --- /dev/null +++ b/tests/integration/data/42_hostnetwork_pod.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: hostnetwork-pod + namespace: validatedns + labels: + use: semgr8s-integration-test +spec: + containers: + - image: busybox + name: hostnetwork-pod + command: ["/bin/sh", "-ec", "sleep 1000"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + hostNetwork: true diff --git a/tests/integration/main.sh b/tests/integration/main.sh new file mode 100755 index 0000000..3f1ac21 --- /dev/null +++ b/tests/integration/main.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +set -euo pipefail + +declare -A DEPLOYMENT_RES=(["VALID"]="0" ["INVALID"]="0") +SCRIPT_PATH=$(tmp=$(realpath "$0") && dirname "${tmp}") +RED="\033[0;31m" +GREEN="\033[0;32m" +NC="\033[0m" +SUCCESS="${GREEN}SUCCESS${NC}" +FAILED="${RED}FAILED${NC}" +EXIT="0" +RETRY=3 + +# install/uninstall/upgrade, utility stuff +source ${SCRIPT_PATH}/scripts/common.sh + +# integration test specific functions +source ${SCRIPT_PATH}/scripts/basic.sh +source ${SCRIPT_PATH}/scripts/rules.sh + +# backup values.yaml +cp charts/semgr8s/values.yaml charts/semgr8s/values.yaml.bak + +case $1 in +"basic") + # testing basic functionality + basic_integration_test + ;; +"rules") + # testing multiple pre-built rules + rules_integration_test + ;; +"restore") + restore + ;; +*) + echo "Unknown test type: $1" + EXIT="1" + ;; +esac + +if [[ "${EXIT}" != "0" ]]; then + echo -e "${FAILED} Failed integration test." +else + echo -e "${SUCCESS} Passed integration test." +fi + +if [[ "${CI-}" == "true" ]]; then + exit $((${EXIT})) +fi + +echo 'Cleaning up ...' +restore +make uninstall >/dev/null 2>&1 || true +kubectl delete all,cronjobs,daemonsets,jobs,replicationcontrollers,statefulsets,namespaces -luse="semgr8s-integration-test" -A >/dev/null diff --git a/tests/integration/scripts/basic.sh b/tests/integration/scripts/basic.sh new file mode 100644 index 0000000..a32e0ac --- /dev/null +++ b/tests/integration/scripts/basic.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -euo pipefail + +basic_integration_test() { + create_namespaces + update_with_file "basic" + install "make" + multi_test "basic" + uninstall "make" +} diff --git a/tests/integration/scripts/common.sh b/tests/integration/scripts/common.sh new file mode 100644 index 0000000..3fa0cb2 --- /dev/null +++ b/tests/integration/scripts/common.sh @@ -0,0 +1,168 @@ +#!/usr/bin/env bash +set -euo pipefail + +## UTILS ------------------------------------------------------- ## +fail() { + echo -e "${FAILED}" + exit 1 +} + +success() { + echo -e "${SUCCESS}" +} + +restore() { + cp charts/semgr8s/values.yaml.bak charts/semgr8s/values.yaml + rm charts/semgr8s/values.yaml.bak +} + +null_to_empty() { + read in + + if [[ "$in" == "null" ]]; then + echo "" + else + echo "$in" + fi +} + +## INSTALLATIONS ---------------------------------------------- ## +install() { # $1: helm or make, $2: namespace (helm), $3: additional args (helm) + echo -n 'Installing semgr8s ... ' + case $1 in + "helm") + helm install semgr8s charts/semgr8s --atomic --namespace "${2}" \ + ${3} >/dev/null || fail + ;; + "make") + make install >/dev/null || fail + ;; + *) + fail + ;; + esac + success +} + +uninstall() { # $1: helm or make, $2: namespace (helm) + echo -n 'Uninstalling semgr8s ...' + case $1 in + "helm") + helm uninstall semgr8s --namespace "${2}" >/dev/null || fail + ;; + "make") + make uninstall >/dev/null || fail + ;; + "force") + kubectl delete all,secrets,serviceaccounts,mutatingwebhookconfigurations,configmaps,namespaces \ + -lapp.kubernetes.io/instance=semgr8s -A --force --grace-period=0 >/dev/null 2>&1 + ;; + *) + fail + ;; + esac + success +} + +upgrade() { # $1: helm or make, $2: namespace (helm) + echo -n 'Upgrading semgr8s ...' + case $1 in + "helm") + helm upgrade semgr8s charts/semgr8s --wait \ + --namespace "${2}" >/dev/null || fail + ;; + "make") + make upgrade >/dev/null || fail + ;; + *) + fail + ;; + esac + success +} + +## UPDATES ----------------------------------------------------- ## + +update() { # $@: update expressions + for update in "$@"; do + yq e -i "${update}" charts/semgr8s/values.yaml + done +} + +update_with_file() { # $1: file name + envsubst $1 + yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1).values' charts/semgr8s/values.yaml $1 + rm $1 +} + +## TEST NAMESPACES --------------------------------------------- ## + +create_namespaces() { + echo -n "Creating test namespaces..." + kubectl create namespace ignoredns >/dev/null + kubectl label ns ignoredns semgr8s/validation=disabled use=semgr8s-integration-test >/dev/null + kubectl create namespace validatedns >/dev/null + kubectl label ns validatedns semgr8s/validation=enabled use=semgr8s-integration-test >/dev/null + success +} + +## TESTS ------------------------------------------------------- ## +single_test() { # ID TXT TYP REF NS MSG RES + echo -n "[$1] $2" + i=0 # intialize iterator + export RAND=$(head -c 5 /dev/urandom | hexdump -ve '1/1 "%.2x"') # creating a random index to label the pods and avoid name collision for repeated runs + + if [[ "$6" == "" ]]; then + MSG="pod/pod-$1-${RAND} created" + else + MSG=$(envsubst <<<"$6") # in case RAND is to be used, it needs to be added as ${RAND} to cases.yaml (and maybe deployment file) + fi + + while :; do + i=$((i + 1)) + if [[ "$3" == "deploy" ]]; then + kubectl run pod-$1-${RAND} --image="$4" --namespace="$5" -luse="semgr8s-integration-test" >output.log 2>&1 || true + else + kubectl apply -f "${SCRIPT_PATH}/data/$4.yaml" >output.log 2>&1 || true + fi + # if the webhook couldn't be called, try again. + [[ ("$(cat output.log)" =~ "failed calling webhook") && $i -lt ${RETRY} ]] || break + done + if [[ ! "$(cat output.log)" =~ "${MSG}" ]]; then + echo -e ${FAILED} + echo "::group::Output" + cat output.log + kubectl logs -n semgr8ns -lapp.kubernetes.io/instance=semgr8s + echo "::endgroup::" + EXIT="1" + else + echo -e "${SUCCESS}" + fi + rm output.log + + if [[ "$7" != "null" ]]; then + DEPLOYMENT_RES[$7]=$((${DEPLOYMENT_RES[$7]} + 1)) + fi + + # 3 tries on first test, 2 tries on second, 1 try for all subsequential + RETRY=$((RETRY - 1)) +} + +multi_test() { # $1: file name, $2: key to find the testcases (default: testCases) + + # converting to json, as yq processing is pretty slow + test_cases=$(yq e -o=json ".${2:-testCases}" ${SCRIPT_PATH}/test_cases/$1.yaml) + len=$(echo ${test_cases} | jq 'length') + for i in $(seq 0 $(($len - 1))); do + test_case=$(echo ${test_cases} | jq ".[$i]") + ID=$(echo ${test_case} | jq -r ".id" | null_to_empty) + TEST_CASE_TXT=$(echo ${test_case} | jq -r ".txt" | null_to_empty) + TYPE=$(echo ${test_case} | jq -r ".type" | null_to_empty) + REF=$(echo ${test_case} | jq -r ".ref" | null_to_empty) + NAMESPACE=$(echo ${test_case} | jq -r ".namespace" | null_to_empty) + EXP_MSG=$(echo ${test_case} | jq -r ".expected_msg" | null_to_empty) + EXP_RES=$(echo ${test_case} | jq -r ".expected_result" | null_to_empty) + single_test "${ID}" "${TEST_CASE_TXT}" "${TYPE:=deploy}" "${REF}" "${NAMESPACE:=default}" "${EXP_MSG}" "${EXP_RES:=null}" + done +} + diff --git a/tests/integration/scripts/rules.sh b/tests/integration/scripts/rules.sh new file mode 100644 index 0000000..bf1f7dd --- /dev/null +++ b/tests/integration/scripts/rules.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -euo pipefail + +rules_integration_test() { + create_namespaces + update_with_file "basic" + install "make" + multi_test "rules" + uninstall "make" +} diff --git a/tests/integration/test_cases/basic.yaml b/tests/integration/test_cases/basic.yaml new file mode 100644 index 0000000..8dccf3c --- /dev/null +++ b/tests/integration/test_cases/basic.yaml @@ -0,0 +1,19 @@ +testCases: +- id: b-01 + txt: Testing compliant pod... + type: k8s-yaml + ref: 20_compliant_pod + namespace: validatedns + expected_msg: pod/compliant-pod created +- id: b-02 + txt: Testing non-compliant pod w/o securityContext... + type: k8s-yaml + ref: 40_nosc_pod + namespace: validatedns + expected_msg: rules.allow-privilege-escalation-no-securitycontext + +values: + deployment: + image: + repository: "${IMAGE}" + tag: "${TAG}" diff --git a/tests/integration/test_cases/rules.yaml b/tests/integration/test_cases/rules.yaml new file mode 100644 index 0000000..fafd7a0 --- /dev/null +++ b/tests/integration/test_cases/rules.yaml @@ -0,0 +1,31 @@ +testCases: +- id: r-01 + txt: Testing compliant pod... + type: k8s-yaml + ref: 20_compliant_pod + namespace: validatedns + expected_msg: pod/compliant-pod created +- id: r-02 + txt: Testing non-compliant pod w/o securityContext... + type: k8s-yaml + ref: 40_nosc_pod + namespace: validatedns + expected_msg: rules.allow-privilege-escalation-no-securitycontext +- id: r-03 + txt: Testing non-compliant privileged pod... + type: k8s-yaml + ref: 41_privileged_pod + namespace: validatedns + expected_msg: rules.privileged-container +- id: r-04 + txt: Testing non-compliant pod w/ access to host network... + type: k8s-yaml + ref: 42_hostnetwork_pod + namespace: validatedns + expected_msg: rules.hostnetwork-pod + +values: + deployment: + image: + repository: "${IMAGE}" + tag: "${TAG}" From 8201cccb089759df853fa7b7f170bda1ff4a5361 Mon Sep 17 00:00:00 2001 From: Christoph Hamsen Date: Sun, 4 Feb 2024 20:57:43 +0100 Subject: [PATCH 2/5] ci: adjust workflow defaults --- .github/workflows/pr.yml | 5 ++--- .github/workflows/pr2main.yml | 28 ++++++++++++++++++++++++++++ .github/workflows/push.yml | 4 ++-- 3 files changed, 32 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/pr2main.yml diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index b5d5611..338529b 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -5,7 +5,6 @@ name: pr on: pull_request: branches: - - main - dev defaults: @@ -22,8 +21,8 @@ jobs: skip_build: 'none' skip_compliance_checks: 'none' skip_unit_tests: 'all' - skip_sast: 'none' - skip_sca: 'none' + skip_sast: 'non-required' + skip_sca: 'non-required' skip_docs: 'non-required' skip_integration_tests: 'non-required' output_type: 'sarif' diff --git a/.github/workflows/pr2main.yml b/.github/workflows/pr2main.yml new file mode 100644 index 0000000..7dfac1e --- /dev/null +++ b/.github/workflows/pr2main.yml @@ -0,0 +1,28 @@ +name: pr + +#permissions: {} #TODO: reactivate for non-private + +on: + pull_request: + branches: + - main + +defaults: + run: + shell: bash + +jobs: + ci: + uses: ./.github/workflows/.reusable-ci.yml + # permissions: #TODO: adjust for non-private + secrets: inherit + with: + #TODO: adjust for non private + skip_build: 'none' + skip_compliance_checks: 'none' + skip_unit_tests: 'all' + skip_sast: 'none' + skip_sca: 'none' + skip_docs: 'non-required' + skip_integration_tests: 'none' + output_type: 'sarif' diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index ccde0a8..09a96b0 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -22,8 +22,8 @@ jobs: skip_build: 'none' skip_compliance_checks: 'none' skip_unit_tests: 'all' - skip_sast: 'non-required' - skip_sca: 'non-required' + skip_sast: 'none' + skip_sca: 'none' skip_docs: 'none' skip_integration_tests: 'none' output_type: 'sarif' From 85e9e0b64fb721e966c6c13e81456c23ce8b6466 Mon Sep 17 00:00:00 2001 From: Christoph Hamsen Date: Sun, 4 Feb 2024 21:13:30 +0100 Subject: [PATCH 3/5] docs: adjust logo frame --- README.md | 8 +++--- docs/assets/semgr8s-logo-full-dark.png | Bin 0 -> 59965 bytes docs/assets/semgr8s-logo-full-dark.svg | 34 +++++++++++++----------- docs/assets/semgr8s-logo-full-light.png | Bin 0 -> 57915 bytes docs/assets/semgr8s-logo-full-light.svg | 34 +++++++++++++----------- 5 files changed, 42 insertions(+), 34 deletions(-) create mode 100644 docs/assets/semgr8s-logo-full-dark.png create mode 100644 docs/assets/semgr8s-logo-full-light.png diff --git a/README.md b/README.md index 422cd5b..78a3730 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -![](docs/assets/semgr8s-logo-full-dark.svg#gh-dark-mode-only) -![](docs/assets/semgr8s-logo-full-light.svg#gh-light-mode-only) -![](assets/semgr8s-logo-full-dark.svg#gh-dark-mode-only) -![](assets/semgr8s-logo-full-light.svg#gh-light-mode-only) +![](docs/assets/semgr8s-logo-full-dark.png#gh-dark-mode-only) +![](docs/assets/semgr8s-logo-full-light.png#gh-light-mode-only) +![](assets/semgr8s-logo-full-dark.png#gh-dark-mode-only) +![](assets/semgr8s-logo-full-light.png#gh-light-mode-only)

Semgrep-based Policy controller for Kubernetes. diff --git a/docs/assets/semgr8s-logo-full-dark.png b/docs/assets/semgr8s-logo-full-dark.png new file mode 100644 index 0000000000000000000000000000000000000000..52a2c96a253fe608fb9b5781e0793a2596aa484d GIT binary patch literal 59965 zcmc$`^K58d@0 z&*O96^B=rFFwE!Xo_p5bd#!6->)LA*p`oTgh);u$hK5F{q$sO}hK9q7dO!0B2lcuz zI3kDog$GvDcSS=Z`t|n*y&F_yiMmMbCimV=8)WU~`N72s&C}D9$Ii*#)#3x#iU;Ik zla7?2K|^CgQ<8nH;|1B9_w-61KSLZH#9Q|I&QAMQwLkL3WpBd7&*tXF#>Y;O3C7^g zu)Ens!zWjKRQ=nyeaq}EDcPgky$m@@YD+KiSPR36tGlBYmfk&ec^AokQp350f+>p^ z9SyAs$c76#zOJVh(ft2^ynO2*g<)=$TuX|VNYI(pUjv@YQnUUx^-n6&0%%|)F|GZu zl!LQS^@QJh3jD-I8^QTnCd2ZM0-79ILHeH9vBd8MXM5|!dTnAkRP}su#7jZHbKu^w z2h1419Ql|k-^f3SJt;ER%8r*! zr$=I$rzr(X@mHFW9VRx14fg2zQr89P&Q$H-#e!t@`q|#Aqnph8TquKZ1;~Wb%Wk# z1~Gm3OPHTM{bd&j$O0x4Xtwjc?gyUT3(d0uUcOGo1MCq-hYcs1^*;NP%O!W_f7Xke zbNu>;+`=Mw)QUEd=8IBMRpj@(S;4A`@IdL$cYZm((3c74i{UI<^gnf$S|0f^ku2hJ zOD*0ICh`=kxX}IA`q3olIcC_w@ze0cqNyVi6~umeIO|IfuTpefM>NdG10ql5au;NgRVdfjOf@Dt> z8R@dy`PtWMD*FO=LewARb*gllE4!7r&ny6qWs2~a5B8Y!ZCeCjD) z%2SF#8Pq&eu#8=sd?#&ryjI5p@Bin%Dp~o^kl;HHuRZi=rfJ%@z6A_y@kjiJJcmSw znc)s#0d@n#7-sP$K>AR7!viI(M1j{bR~9tXX@PXV-!y^g~rdVa z?*T8=YqR4f1{O~vV_?kblH%`;8b2h2AGigN{h8KJ7@~Y3@p&tEyj#V8P%VS{KVh!o zqYac+`?M0ewaTs)Xkn`!8hjBXI?^2lFi+->-h6)ypd2f_iHzkCpJRi>xDYMyVkfiP zlQ6`v6Hlt7H6r%SMkn^B?{lhDzg&e@2Uq0Fa1_Z-OD)7^99MC3vGoj{%uWWsguQj? z{TLcJ?IrLZSNe8Js`{P|2SVr`nYZ`xrSjzySuS2vhte7AO9RV(OhTzi}u2uy@*m&Yolfbn-E$Y+5?se z2}w!h2P2E#DC5CQdM=(>w=hH}!g*@Ai1WkJqO4yvG`6Xx-GkF}c&pHfc-;DGSj(oF zJ|+fM9!lc>F3Fd3Q%}muD!;MV+~!Jxum$EbTC?d8@Nf7}QJ(Mw zOmv88rk?ss2{#K(Am~OmZ)D$0Wzm8_PxCVcjPe@K7{f<&dqI!MnG#*#Z8~P4(M6|n zT|IqtDuraAXE0X#CV^2@42(hZgJ|DAHMb#h7Cc&ejxiI_9NDBS!0h*(J=JWrtdKGS ztXyvWV6~n{P+I)`AFz9cLsKxR&=xUq>gm+PpqTeqb6kL|M*8S&@oT^19J71+=NLOp zr0Z{(CilHYJ6MD3LM2z`{bu8Vva3R6neX{3++_x-0lZ>jBRw(`?ptJ8bN^n4 z2MYsbKuRb#!v7w;3%d3p%|#h!D;MyCRFpXR$LvvFG0xZ7c66s=6b#4Aw*40yOmm>r zB5d3NF|U?9eo-zFElmPOmpu4b{m&ZKMfO7+|x{gb^cZ=`iFNh~$KR=wGT8O!jp_+M~5p z$4o3vD+&Bd-bxa{J5n$i-^Bj=$GbsU7{mq^pu|W1tls>GM@`j+F25#=!DV`VXNnyP z=V@)^Tnx(cZ%qaksfL{LKAgU!kuR0G<9NmEfOZ80W*c8$d_P~qzB_-E#*QgV+a|*qU*58&|ctEd3Osp+=fyZxv?=}~&UICrZP%%!lS8pqkiP*?Y%_g>aHNt1jLHJxZ z=RV1R)9}R$Js^Ydx)KaCLLA7EDZR_}?ATW)tdU-=2_WSnP5*AW{pd2i%E#|J_?(hP zK5*skh>eS6{6J4F?L2fgyCVZi4hL_32HfK0&+UU7k5RUR>4Lj5H{Ul)TtpnU)?JlD z#qO)Tox08cVf^+RATjPeMzotal;vMWy*<@*M)VP{ow`RE z@Njz!r#-u~+7n6q#y+wc*NyJKU&#h9?B87b-;1}rgu550$4V~qkJlXl)f>%YX0!k6 z^iZvFCNuBi@LEccVMWCymnT$?Vn5gdDD^nQ!XhTKYb?Prngv6u!&wx{c*s0N@>|( zHY5A(BVwVz3m8_fu~5RTRqjzOGf#7!83AE#N~QPd%bDi7ug%6}J-kq%$!(?7a4cPYcxsZ0NF`dX0xs?S94i(vVE}91yH4M11on%GLCFPX%-X)Eu!r)&kt@ z`!_5JH6TH-Lh$NbY(DJ-+Aul@gApwYEg3+%aE=8W#0bO84GIbV6^t2_V~LwC(;qx0 zXPG@4{OwPQM{iV)w|Gme$JyAT&PxiRmlu0F|JJA;Z;97?VD&f>; zh*~XrmJ@5bxE@TeJS-ChBU)dRjGItB!995Wb*QqmhdB9vgB2SpM(0I3HMXu{UP*K* za7awz4KJk997h)kT)Yd;4SF8DQZKs|Yp~=%@_iK*1Mc~%$L6QnurD74?%=@XcSiTV zSLp)1rebN$R?p*w;P%c%?1o{b1s=EN?G5S1QMt5fuLCmin^th)F3P&v%3Bxgsmqm% zxrh{pT!f|UzIwGc(n}MF&Wd4!VS~21>L15!i(L@e z)8d3{u9av*)z+BnHDv4?3E!^}`K~nSU@FKET;pB*IBQhUOtRLOD<}UaD%F@DrPXZ1 zIMu(^b?nQ`XzTFXgW$6F1$|gBi)l?WWg>57g?P9*mTa@Y{U0h67QXruWBA72BxH8E zW^-I7-Ou$Go_0zTy`t~CjUln8rfce6m#Xi6@PBDmm-j|tCS7xE<586DV1=jnH^&Xq zBmbtI%l?T*`tbi|$rvb-SO*OowU7~?5yU}k%n|8hI%iMJUVw$Z);FF;@XN_sH_(SF zNfu``Ya}N`eouYwg2{6~ibLbd@m?Yf0(?tyHrhVVgOzq2C_i7%B1omzM6aqxL(Ws4 zDR}k_hIs{nCJkkI$Fx6q7f;Ikl*+ngvFI_8#M0z_c&CtPyGk{tr89OmmRO>@tTh}1 zqe9-cwu6F$P~&6EmCE|`KR1iK+Gssew&igNM3NQhj7LFZ)6W@U7XK~bDm2C`5y~ z$KucpwYFEHaQEf0w4Y{$y`7FI>@rMw2w370UfoiZH%7-+R+yceRDR*3?(WnjNYva> zO^=NEkHM_eI_`Ww(VlL2aM61)UN(k%6{KcEi7=edhTO$do_-Fli0lcRC+f(H{bS%B z`64}V@|$AbKED}A7|96bDKI;FUo}Cj*dVuRTuVNog|a**WWvW=u$kgqZm3**tE6a`JlI>#uim&koMlo6eri^+pIz%C<2Bvvy6fK< zo{=UU`SMz!!TDjxPwITs40+NwrM)Z%cNr>B(w-kK_=iQ&1Uj#I@%`C-Y|n-U_$;h(m$G>#Mf58Mm{7l6vI>CY^r zKJ72})W8)+iFca0=Z0FoL;EILBbxH7EJh#+M);K(3uylIiDxOq7D|N4% zyRc=|EQMk7my$Dm7v?Ve=3U0u#!3!9x0A3UpVZj}3k7I0p^vb&h8vuy?wf2#eg)KrEVM4Ii>>Lk=4Gy~IT zm-kfaTXsIH>hb&gnCm{}EWnNANPh-adQ;9wK;be$lxMcgU@5rPKpAG(K5c0G^e%#` zD+~X&>UfF+E<;+)9r!=6Ty=YazNpf1)-<>wCA=wR)2x~%COIuE^soA{)E);cy*2wW zTUnD!Gi53(a@67 z%Q-3sWLxhj@D!q`8i0CXn}hREW4)m2WM%$+!_Sq8H_~kiL946Y^Y0`6KZe%e6uQL0 zKodx;yN=yTd(hQ)H9V(B_qg^}Z{+!k_k8Bh29Qm8tYor2FgYI;;8oo(yZ`YpGHK|w zVYBbMB`uPM*?lITcfbl9ClB#hRQ25zp;$c|{Pf`1?HJJb^;QsUn{!a>KjI}3JXj7B zK7=ST4QzZUDPn|$)~UonQphqkwXcp*A+tKlSG-tV-DemQZ_^orqe;TpkVTXaUiP|G z)mMVIOx9wfX0|qZFgJB%LyPq7()NJHiQXh#fV;Ltxt`P}@m>40E7_jV`}5TztYVRDN7QoTarSe&q>L2cy3llaUkG)sY+wqmNWzsuyJ zp8uj#{DbvB&S;VitqxM2kIlu@3-6(K!W}V$reSlT5rM^1)O0X%W%CwLfhg?#(mOu- zv!$tsOgZ=5*|*3ltDcV^yLnk5w5cJ)l5EZMIl+lEtj1c?i6CBxxW%_cHrJpL=h)J> z_bE&b{qhNL2f@~qXv=vaM+e5hs7ISZtT*SNnwo76LN=9>onB$80k}n|slTf%HT40) ze3`)JYm;BSz(p3$y18eT09W+S7YZId8l*4mU?pC0U9LRF@TTxb@qP8Bpm>B^@ujmIj8lJAx=fM z(;TV6iI4l!oTi1yP|R-6iw^ba+ompAfa6IpI$mVSTcPt6?g-bc!$@^e4ilE+|7x15 zP#+3#)U31Hk~@iL$3D}F67T?v$5lL5jf*7S`G3sS?v1+VT`-xTIcf>&%RFkWgNr8K z=I8br3X$5KxK#1W;R&8SL^qZ=)ncgSwlE z?$32M&SzHtF;~eQddGyh`{!z$6bENhpvTKuSlgX@P;WI?QTZd3Qa~J z-)R5Emx_7uj+a?BYARQrka*9drcxF7Kzv#G_kst>Rp#vLrw2!}$2o3ociuCN?mS?P z=5lJ=fqb*0r!KmLa)M`+$jB2vx@vXS?4ZN0QR@_cN)PcoCwq?4{D3`D8r(9~W5q<9 zsI+!dq-}7;QoeZ9?S~hn(~qUzXQ|&O@LN_eKoV9fN)f{&zF!V+md;qXOXt4&tR9?v zUc28V6T2tREFB_%v<0Wu)Loq2+8{ZH9=(F2?IqT;*Yy_-7czbBHc@Jgvp64Oe$Lcf znfHBtR~xkVib_vg*vUDkYvDOCy|1-vt=G{RUiFVmF@J-a5X^0P&}Fcb#WS4goV^6n zV{qZ3G>Fk)bves#e@E;bh#1P;pPWz)e6AJ|wI9{>_Q{#7Q^Bm7v`7>q#8}3oC&H8h z8PFJflQ|y^?Qe5``?K!r=p->K{739Hf7VZ{9vU5hQhjwS=uj9pXg-k&w2(n!`$+mR zGqZF2|KV7tpxWFDhWNp8o3%u0w=PrJ<=BUblg$PtQ1m?KcOZ*ptIt#JtT_01QO5(L z+)_=#;BpgmNqpa5lKdl)e8O*SmfZ57Px-mpKFFKV>}exUT`B#xeb+@}bx~K-7kEG_ z?aca0PhIEfg74#CyJjBSe*vUK4vXo>(@2kvAV4G0FM~dyx9*_m&QmD#POjtgOP;QN zBh%#<-XAtpk~msg)QTGa=B!==X(lVG81&dh-b7j+_BS(EsaGQ*wGuZTJ1OGCHo~KP zKGdk9{l|R=3%~68Y2RvrM8hnVPQK-R25}CA>cH1pH~A~v^09svOAE29QHF;GCHz+R zLz8LKP9}}XE!aNcd1MxN$a<%XJKuS#FhVJ(_`ZIp-VSbepo}WPjDmX{kKo%x7QCIC ztz_rJYo41h>5IF=V4BQ8Hk2ExL!59l3iNvQ_^OGUDS?JS>L_^22c*)Sp6@ji`uj@UMBO} zNnKB(sFA*3FdS+B4AW&1g(6G8r9Pj6)_Q3 zE^JWm_Sz)(MD?Bp?BV)mU7`xB?>0TlIhud8!M^3>|velTjpa8f)W?wT$ zLMfMTZ)YD4_ghUPIy~ox@}ws5b5aM=y;*-FdDh=sI&tMb5On_r-H+H+df{p$?e6k9 zqx0nr+`TY8dScs`vvr5}IADVrpE9<4GL57{S=hG26X}JeV(?Z<(L=`*}rUj8n~Z)qGUDO zwTQ4$M=?XM+ao3OPz~>9w*^Ns&$~C{mD-DlZez*DolVz8<~~!&(&0h>ZB{4OtOWW9 zS%&^}fn4TR5}JQX{2MR-XDnrjRGI{HL_f$(7#X{;l@^B#bom8@0oUyBOiCA@lQ2%( z<7of%;-V(x4>as6o*lg^*h?Giwe`sGYXt|P)RrDY(de*c6z6J6sw+jFoj+N=dr=0d z+|5dD6|^V~yW*TVspNTq0?#+gInG!@o9Cx5GxZh~y0hRcip%Yi?C-_G!v0aVfy@iN zC+wO>!@ReXm?8GV^*=niE4EYWc3Ea0D3XHtjZ5MN{QcecIxUcxVYqk4PpWOQI@WrR z%6{4WTbiTwv(9a67^dQ8ptOXrY|@iS>Y+Z@Y&3~|NC2dSy- zc8Uj;ara%P#ZG3Ta)Fw;U@x2F(3^!HHflMigAtW%_(_UbElEmap7-dI?!N4!8@|bz ztlKCdPmkyzK!O8m?V2|xx3a!1b)Q4f8FmR_=sg`aMs;9mF~d%Vy@lef>^ zIKY!J{e}kif>!MN&1k^hnHzEzd6`h93RjeM_%G>IFfoM?HPFkDdWm|+n^>``7%`ur zq-g?AlWeeu-thmDMTZJyy!iOAu_Z?(-}}{R=Ad{!=sRerFQ+&!{yEXi-Ap^(vP`vOMFuNK;@{ zkRwP1f4b$1mcS5zN`_1W&jF!-3dIsa-<7p=#dyH)`bM4&okp}FUL&x~Od&W0l6Ht! z(8L=DEE7x<>?RmUBx~hHvF^T~D2Vf0ekelqKO|x(mV%>WoeO zZ!bWdKapeGm4g9Z>EaPQcW_RUgQGWUM17tCde*xLver9g(^~HG0g) z*tdACo`m9oYR33n=u+StcV5&)r#U>tu#<^hH&(m~IZh>J({aon6q<0a3rd}!&2MCO zM2}oZm-$)n6&i8ygY@dhJK>?3BhkCe77jMLCA`L??9NHL9KSXatX=#S23P3x`&p&q z(!|d7Rs_}1kF|`uM-%JXEeAJGR%d?7Fny)=&fFgB=J&tel0xFFDz{cL0Z- zYmRc7VrT$~(gksL`jPcRyp*<_4Db$t?(hKdVb6dRseS@L2!(L>k2gO6jeE|Ai$UlI z5sIT~z04Bcng-6@l~ALFZPx{f-=tKU>0*Ww$W;Qb*)=~g@;?ge9kBAX%Zzk4SXdP! zCCfQi=$q+XT>TXQv>JQu9c>`m8aE>z3FA0!Gug=ndo+(^aDb@71haiz6J+;okTx*xOob;9lQV-C0^UbG~f%JrQ zo#*reZ=D0w&>?d7A0hBf90+!UUJ#XRUSD$1Y&I0rIidQwr`O|7YFDdMPTBGe%K#NEcetkM@0Cbl+ z6geykFIBZfixAPeX=tmMOBnw{=R>?1V&3F3@i^!7EQE|&{vEY0!%}6|o{5w^1ySp< z0H6+Jf$MWM>-jjXa{nQDF#VM%ApT3E>*wa=UmO9x50_t3a=HkImJTNOr97P+HDl|$ zgyQy#c7kA261QVh@Yl?v6FFq|>X2(51bS+PIF*e}CVJQf!Qob%XVwj1q(R*gd1G`I za3IQ(CwAe7;)H5Doa?zcAdF$`AxxqUj)Qo$o#5GEL#_xCaUgv}b&&vx4ZpMWoc`Wp zOhydQ-r?o%vZg$^H#k;ngs?Kd+d9V*8-VnN zD27>c+jfrPqh>IQDGS@w8%^!JTZtRU^X3Z>$_!%Us zwc#2}8Yj&v8sqp&q{8q4oq?QW7#XQMo-IOPZ~AN7cg&a@k%+)VB=+u+kW0!rlY<}6 zE>@o^x0lfdS48!!D%DdRdS^8ZdfnVz>jRF9P(?)o)Tu3z|up$JE2L#DqEH#f9S5MGnjca*l&9VwObd)CSH30a^A0)3%iVU*zI;< zt^wzaY2tfA=C7S7@TC@>Ka0ZI&{}c`$G-hDEeA7!%J)|rz;iL)F9Jc_TRUm8-k0J9(CihH#w68>> zJfd{YWMLskFMxzaJIufqC7^T{$LtXmMD8fp8I{3ny!aK;fh|(;;R`w(Q@41B9%_)8=i4m{>@M2La`xy`FSLmu z0IO9%&~K?WYnM+iWv5!V?3VHA^2|9hyqh3Xp}>iI z5ztdHawrGu?{E0ybP0uJx!BD@hAs9AtWq}7R!;)HI;pj0tLCFhERVYmsl41ZeTBe< zR3#Cah0&4uTUMNuB+&JE@Yn=>x!NxUvhn4q>W*oryg~K0(bx-YheBZ#V|!aAb;*p% z`8w_|hrVRuL&&K7tzPotX6lY-HPDCa6@63$4r`8o0e_4g{^k9!eKwD$FA_!OiPjH1 zdkehFfHI7y%bn_wN>ZN)fm8akLxa+T*mA{9o8*9T*bBG;?;!7t8V2HA8$VP+Gk2|- zpgu1S`N0AUrTz29xR@t8XN*v>zx__ZPzG|<_YUn!PmF`K)!2ZROG)+31n*0r>LokV zBbmngSCT_WV_0aA9pVf0nu2N-O-kM14rkMC6&4Q4`G|2?4;_lSV8sMVY5^YzN;|z7 z`S3i+s;LnnN&yc?Z%7Zu$=K@YWj=XV?g2y!2Nzw$!xyy1S94jC7uvnmfm<$$y$OW3 znn1?z%umtj9V%*2(g<1W5jlAd-?DT`ffkOWk)tpH)0Y=H`Hz4@^tZpCn^K(CAOk={ zGi?!%IP%>E?>o9onq2eDjnu#lYv+{lu^Wl~eO$lxJ>( zX%k4)Ulu`4fpBy`G>K5*w8h3YT$E@LxaPs+q%|(7b7pNuID{PU{T-93w@^)`M*Wp4 zm;x#$X>bqVF5Y1><57c?RESWsi9XdnAOjBSjEjRwt(}DQRFYmURY0#VY+d*AP+Q$2 zp=*hGo5Sb!h&RBN-}^FJ@lfmH9c<{e*rAwOJHVLq3)?EB6gA5*=+5S<^!1|lJiZf^ z6#}kv7B`X!P%4D_uH4?3s{390yIGPRWIvcDN z_pSAtb4vU0b6kPY+>32aTID8|vBhuhf$Gr5Q3Erp8-s=bqA@%=j>@vrIZJ7LJoI8Hzr z^zU+8M)FVw8Ujt*r(^tIE!-WB)4mPPT4mRSO892B=NHr9It;=W3Wp zH{d7jV{j!@itg_22C%>x6>L?)ShCZ@I`O?@2X3q0e^fJAOKge9V6Cy0J_TqPbcZCg?pZyxGh}5{#3(`wD-9v)Hoqd+>jh z3DQRO^&C%Bz>RIimu5+z$OT__QxVLE4Z4bnRJYC_q|&CMrK=4GdW$bQ4r=2*GJK_; zog(v#mwwW1Ox&9Xm4o^S|3uroY@MFw-Vv-+wI3PP(02Z~ApMAL+eubw^%n>CE86#E z(8+F}7l?kHvnUyu`T*;Q_sHi;kK&zF=d?*y*Z6M7UqO+wDe;k+f@zp@N{bv7Xle-? z`+|$hvz*Yh5~y_NwhfqmTk{QI>`pS6H_|@3#u(v6~Gl_;piG)S(q3GA;E>|5lxPq+^X2+(*rJ zvZe*S%!YR5CxPZtL)zOQj2OlfA^1S5Xa2c)pn+=&4---@Hf<5};U{tp=dQDwMbH~s z$xlEQB|kegLgN^Cju9hn9D(Lni&c=q_vCrnz@fR+gxwyzF?i8QWokMLU8POIpnub& zE~#@OPXFa05cA6vS&ealU^#^6(Sq9B3U=(#x`)qVF+RNLDJy$n2mNRA{mwKs1pz4~i$QTomiPM1@T^hs~|P+`j&*6}3o9nh$q5FAs~W4PiT# z{=3I9i3C)!g=X24z8tJ!>JV+pTpUZj=B%vXPIR1(7lEHami@`$oOf<%KogBl9ZJBR{F9I;3Vg4`{z`L@k`m zBC<5^Fi&^QNxaj;3LcdR*H(gS1!#wnX^zirI=bV*d&OqZX_4#i*uQ3))k`v`==<0+m( zUWxvc9bk82_{8z4x0D*@+HyG#s>4Bq@ft)HPXh~y019qb#dl1w#o=PhhxfbydrY8T zED46b0!tsxFARx~%=dd@+H|o%|4^Y9MD%dMFr5ugPsbiZI%1XRQzLqeBkF%biMlzS z?Ib4(D+en9s_I&J<*9_S+Gdps>1)yR0b1z;>ChcXL}zcajqodsRXNL;+29WCnv2NP zci$Y*PnbKT$ zyI-0FQwDV$1)C{wKP-LPJ~Fy^VN2}Kc+W%V1X+7JMqZad3fHsSfl1Y|MHy+j?`DZ3Vj+B{C)Du|Lsr%$1JwJ)YFdq0{^ z(BVi?3`RzO2*~1MO<8^U;<5L!pdUB&QDe)daM+?;nYEvcKqax1Sr(D+WvG=W89(P^FLNPm=_BX+2iDbk*D_@_o#G4unSP$4_=STC`x@Z$4hU|8qtLe0tnrcWE%@ixjucQc;s&N_^YhByiDE zUHZ9j!PXqvkZjk@(4HNB2LHt_E$Cfpdp<6qS$-pKv3+tttV zlohJOM^vS;Wu{K@{sDhKM3d4s89TJ>MLgh7rXbEH835Lma?NpFY#-kiJ#UkEKhFp&nfO3ZpMbcS)W=JTuCy%|DiqnhkJsvkF^0Lp^kT0(VM@H;z8J(*m?KFk#{ z<;^5QY+pE2YJ^pju#J;ap`92tUt}Qkf-Q`qvpHeKJK})jMihXw3BoX^UQ2?V@tJwf ze~GG&3-{r6npQ}cbXk2a_CxOH&iLKSb$ol=Ys~*C!Sg(-yG*i;4SXB$9U{(=>L2Fo z`{B4{o%`0?>G_HDT%?bW&lam`s5<;oWaq#q)%|{yA65H#l74zeltrwT`K?npcJM>o zvjv7g5Rc>Xu&eONad#$f(;|1g45xkTCG$+Dz0<;RJUP4xl#ugIA`5|cW8;j>qdRBV z*sr`m)-@c2lsSDN)!PACoTV}xxa{qlY5%b54<}?Zp8eKS-}n{?k9EDBm<{QfZRG+y zxQmA)BhN|dlmFN*LEcSZE>gyC&JkJaL4Eku4jv_%1aJZ1+k1FWAG$-&y^ui98nnX5 z9wQj0QqtC^-xgD96K(+ywKSn@)2@UsR$wV<3O%Wxf+25nCli@vsEe$e8Y9=*TetPbk z2H$}Z({8VdI)?3VZ8Vd1Z91=YGXrfnU!{{7zFgaC5%})n!()L{(3RHT`aEP#;$@FQ ziNW_PSMKR>A~rN87S82O8DiYamvctJZOJm7^&cWSTe52 z8G`G$>ht>UFNuqD-5nUS(`^JI5AVB?hXKR$n?m`lADG=(qF@#N18&fVu2sV37Or#F z-FX%aw!PHeqZ_Lcc+YVAc$viIt+mjfuE5)?c51Ah6Fcsr-Ba%f8sCt2w~zp^(B}pz z-BQqc0}Q4$`|Yv;w6pCU&G3!J0tAnLeNIcg_6t}x;MW{Hnab>eOhN0=4M>;Y%{CU+NR|!4YjwZR|D^LfY3*=wq9cn z7wrs+MD<1ZR=(;w3WPR7bG0#`*Zz=#@>&xx`%|IK zN-mca&T%lk;>cEItlBp3cn}f%oj(}6A(PeFD=Qsiem+SK<)SM|9;fu zT;ehtxZ{1gemVRLb^S1;`efSEk`FnlR`9_6aU)D&N57VzZgQ7$?ebfI6S~4di!1RD z6my}P*X?B6UGbF;N^6nM3)maw$r8RS);eIalESgn`3zVpK&*_3jyw#anIaO-m|U!n_*j0WBZOu1#1m!Pr+TAm>aazOWEW=7aiJ(mkLx#BTQvI129XUo zE=J)|2oxuXHmGDiwv$<9&Zn+urysF=RG+f_dsuc&&j}Yj3*>MuydV`%k5i88bnerT z>xk<3l)$4q@Zi$CSUM#++8gGbQMm`2h0j*z)$?imp2aGzfN5gg8OaNiQnhYq%#opv z-AD@r7Iun*(*x;VL4gvn1IZ=O zP_*v~#!{NcM(Z5cakPb+AnKmBj)a4#4OY& z6V-HFlS(K7g~}aXZA0~bcF0LQMq|(&PYT2=fPNMsROfb%U%+4WDr;Hs;vSO{zA@gD zmCeLxjn(e!E5SghBDA49SA?=79i4Bz*qo0%%_6(Ws8AJX4wv(YFTsj)Rf*nzcEm6u zieJwP8FL?=g)ZXW#33(R<~-E~*7tIK0*@U~7-4N{+9e#<-?q406X%JA+1|;vc^tR< zj#{|hlVBx)an9=l$*TBv%g=``vo|!?I3UYP)gx{7;nj-Cl$Rf64xo6bXU8mZm@DdcPl{Ul@ja7<|1KCx zw264?i!Qw<4Mml+If<^KyFClT{_Rrs7D66im_P;P|Wc(5Ga)#H*r2U0+^G(+YhpAF7!dZ1N?2R!m3Ei8R= z8%UyJ;}R^55(-D?hr5{j*v;yoCWOuCDqzt}Hy6I&B|algQ7K%-2%5SJY-jI`IMzLf z>bK^v&@w;1;ReKE6s`!mo>wIX69dl_MiRp^$uc}Q(M&zWQ;PHvFxifAd^G-g>Z!$j zrqPa;qk6@PlHav#$)u08jFNs4tfaQ%SJEn+cte{Nt2F~D~KGzx19ZhOeI`l zQW5*t4Yt?e4(U)vQpoAjzC0h(-+BMCKe8)-EV%;0OQ>u(QEkrNx#VTS#msp4DZ8|} z$i7w+;*)|nyn$f#3>0@JQRN+6(n|6nOv^d;j}GjtHR`Wca;DU}R(yx^w7}ad{d!POgTT}`O(Q3CU++eZncDC{lO_g%kSWYz; zm#g;C{&t~TqmlZ$^mGsp=xf$`qb)s-=&OKEYsFgnsAlj-@)F z%hb^#ufOpMaCqWMAbJ#pjDfF6FkYBwwxfW>7r$;AkeG{Rt z0K`_0Ce?YCP)g0-#DO7dQO=s==osFv?4e4%aAsQ)(f89wm&&r$$O1~MqnYx}R>ll% z#5S%cXpaJgP4*x0QXvVcUlU)X@631|{VJ2FVydgW*e>8ZsIXOHSbBvDA7gd{%sh%TZri6+S68lJ@m4t9I$B*QlU6iJcPY*iWT&9hV$;uyYC|0ck{JrSrUqEH-I= zaeF^<&Epw)A#bDF^mbfM@gmG&Ak(WQV)+gO68OfcaCP_~WD#O2dz9-wfLyB?%wB!_ z7p_IWx5QnHseZ`xcI6yyo$u%)+>e8ozV9}jIDZYCf3n<33_D)=q6R2npQH|C+so>G zZSkf>&GN5ZgH)cGGPDc42o(01TRxN*R)x2N7@-G;HcyD@_XCJ0$XOlsBp-%!!!GQX z60{q?-S{0wxe{;;ogGa^s%^CLzYciFSR3^Je>8msR8(EmHYp-Xcgi3j-Cd$Xmk2{M zAo(H;-Hix>l!SCBATi{Cbd7YQ(m6DeLks+_U%D`+1(d4(Ea{f(+;=zymLWq#aWp>CP|2nMFl>%1v>ZuP$cQWjNmm$+{+W@6 z<+I^p$&M=Y$}>hooVwqA;__c9?G^oHt4UlXwR1K^cZ9#Z&T`wSyC*Sve^R^jZ~}WC z>U%4xuoetxf}o59*c1g88e$fZ$#JE1LI6OEg%kfIr|I=IW*T)&DOO^TL4Ako;P|YZ zcB$guhN6{ON_O64=be8SuwAR^IF-ua+LQ_DLxW}+#BDI~tsG4>E`*zoW7 zHFSAvub@V1?a=9yd%)f77E(yjPLpdhz-RK;;r(8YPd3BG(Z@X9wqX0~g*chz_Y8|g z44O~aIX+lDwR|~{KrJ2iLiH(r(k~gpwzLn_PruDmj>omQ^);^Yv_r)@6buOLuMd8- zm^c{vTnEZu;j*=%vqkCmM_WZub9^m97?$K7bP-jix_fY2YnZ78+-CICgZcV&R{bv; z)%-D=Ws~b%o5BZR}4cj z4g18OzYif7mcepk!{v5U`Tn9|_Zyj7Pkok)Z6QK;XSz@BuSz1@7sDAF8dgFEp8b^J z{>s$qAwHdL^dJ22{4(i*b3o~Pd{hy}N2I1H^o4c0k?&B@n{Rc0G6|MSRtxaY%v?Pc zKQ9Ij}M4p#SvQ=JtyXL3Xdpv`6=ztb9 z=|<)K?kN8Gmp71>4Hh?~5gVqCf3vP{Z{x|rl@-2+VbRq2%Sk`Hor3QCvs5U}>(QrL zJw(eU!nODfkJms>Vuwu1ZytXoF2O$*>V8HfM1F=V)ZKr*wpUs#ysW;=LMO=MO|Tr| z8Q-ZSR*hqnaO5|QZA{Aq#y?Ww|3#r{HgZaR8|tI)r9ftUP%o780Ut?$^q~Iqk{xLk zi;zZ=;AE-b6u%vYk9N;wsB?$fhi--WfV+nWQnYCE##;F9zrq)VlH@q8pM|t0oeFg^ z!LQ<@(z7};?DXpha*9u!*$=5A@5}odsb{c$v?E43pMx>o&xsRypDPpp6aZiOrkxAF zkh~-S+laY-fHM;=e9%1|dsd&IQ2#euZ&C~CzS{FRwu{73XjSV;Z=F5mntv@xHIp*U zKL622k2Uh_6*i!b{BjWXiq~BzLyGn5Cl)lMqvw#J=OPZ?`}YBNXQSbM{87sSOIN~P zbV0oq(;??F2N@zYMKG*_XypLC;1;F2{G_aESISYxeF{@o``wl!F4i5ha=9m3vUc5n zi4s3PE~kIwj&rj$ZW4)ka&&INk=A;LP5*Eu`aw|uyBGA{dOTB~R} z?n6W=g@@$YXW8bh`3`53#^yvGW?t(#?4~`0HDwQJlUDbtSlq(72^D%wOO|7Rs~xpQ z@$RZ>aT65~)JQYS;QzfRGRS9eHM{F%#_dJl-TB$42hiKX)cjT~ff4xI;ja%vGN3jN zo57CyE4O}L|3*R?{dK(@IG82ugN6y!-j~m7XjWxWkp!yQ2m%CI?%ufE3 zD%KgWUU+Q{{`D0aed}@uS3U@;NCFI&S!UjL4a%ZBAJ9d8Kef9SZBwN&);Q3nOowne zMRp_5-xD044?j8F;jDX%w(o9NB}bscFO~O9(_e&_i0N_IurmhW_uBjIp!j;*)ugiB zT-^~aKO5rAE??6XYmQn^Gl3o|_vwJBL#F%Nsvx(&GE#`!Q76ES!x*l~zaol$E!S|_ zhX6(B!82elyk4!4qG!uXeX6k|c$-^M=i>)%HB9r1^02=&4w{Y3KAgE>JV zuJch9x|6_N^vFBUTP632u*9flEJmyr=X2uf2|luU#fbQIePax+RQFEwB^y4O zmZuv&0v(snE6=b7FM5ghrn6Y|4Kb8sSK=^xT$wzdEO{p%d0Uzxf|j+wO~4ijtALd!vPe6`aFRQbv_9EKV@lk898eiI4g352OboE`Sp3mFur`U3a2q~DnL-sf zxiw{;ri~L1vhi4<(J@>_N(GKPUs~?<21L+?#hQ#wa@_S6>a*!hrZ-t7g3FU^4@Ha6 zuWeo|+Xrm99_T#kAJV?*g-mq!M?Y}dP31LP?AIDIoY`@f3Pzdn-y5$UCB{sPy8nrr zs$w~*iO?e%UP~Ehs+UnOzp#K*xcBi;wI06J>a3(Fo|UyC+bE#EyC8Wq-{vhDc6Az; zLm6hxvFZ9#chkzk78d)TkyD5`s$3`#&BK5|r$7HQN>uJ~H*gA>{ zcZbn@ujp-WfmW=~(m8jxv!}#m*k5|#q`{<@7dpNp3t3)IqO3ikzBy@Oj$j*YxcKWy z-q=KT8EhF#Gv0dbQ^U8Eyqj2g-93*)-d{xAKaP!A(o_`Mlv5yX1%ak;wNzrtFukM$ zx#S_fXAiE4EJMiDN*`!*@b9q7ASnxTT zSDt6jS}lCb@#<+3pAhC{DC?gEFKagJSNFe(1^-$r-2>}QE{0J6x`0I#F6Utk%~CNQ z?NiXUjKdckeX&QH1eM5XZr7MI+K%7nws0Wp7mW?Tt~wEN{T?-}I{5%j-}&5TuR9?k zPVr_Y$0R`r<3t=;G*IrTiC?`0J>9D%TfesEb)jV0O4in2=}B-*7pjWaD57@#%RkE` zkJ5bK#J58qYcnY#0&k$hwn<$mX$sf(CIQsf%%cb3yhYqYsV?tWizP#J{G7p6> zTd+*cXs2dQnIX1AAa#R_RR+gb_H||+Z&=qN3rFwmM$5Kz#+>Zd?9y&rc=p3w1G9Cc zbt6JT^t-M-b{kJ;aEND{)@JO_Jt`buANYPx+OnHV2(k;RDoFHW($%Y4IQM6-3V{x} z=^mYExaiH;fu|fw|bWRolMdY%&dB*d=zt~vzDL@z=UDN z{n@}4d5Gm&6~(JP$#GP;N^zv3f#WaTo1WQSZ1AU#A4vhf(yK~fKOxn@?ohWgsG|a} z^FVSQn&I3e4m0T4rTHNTwz=1PTPm~-CO-;llVf!H+QkR@BxzkM=Ocf7g>QY9iiqJ@ zmRi;(yL`^X@TtETSq%5*a;5AIJi|Q<{x)2Ea#XCTCECCtpS#Hnxg`*!T9c`3Xfg1j zOT}ui&Tc$kfB1^X_ZCXE?7vLn-NHLeZgKA@TlCRdib3D3)#1@+-`+k0u*M=ofSC#1 z+K$R#69(bFGe>4oH*^Du%k~`S$PF9|J|^b<4?4qJ{o`=4$ZoW$_Je{#OGczO`15}L zyWu5;``kCvk7%$GMNpg*+s zLykC0599+x2Z=GMSoEZ)t43X7ja6`Dxcb4T% zxsT?sJ9$6H$X!Ck#$DVvFd2MMa1yQK zRUlFlqd{BX9Jp8eaLpv-a}*;tsLDHEd+}B%Sfgzav@F~Z=gQ#NLj=*4oETLmqtR(^ zuv>yF-(7gRe=MY@|KiBZvsEP^>EkauZ-YaUq;R{`2?TzcEe;eGyjpiYyOoAK5~htpfh<22>4*Oh@Ku`l;@@$qP-ROzpo2J{!-uKPqAhJf zW3*1gw~s|5qV;`Me%yB9pQS)%Tc|6`?6_}fNs*BE5yuz@wzqR{v7#fBC+e(03fhCY()x<)ZJkes z^}8bsw>Le{fwre*bOABV4|;>m+bh{~&=k(gTu5Bd;z1Xw;APhuSoLUWd(@jsBjf9f z&s}>?R?m{!3KSuzl57uq!nl#Cs_6TxzzDXSN2b<%VOx6vv%gAiFp2K-*80pL#hJFd ztz!OsCdUN_q2^@s`nr&^Y#*P}3NjH1*|v-(o@BKC486qd*xzSd#f6>FH@A1wWoDB` z4l${tM6Y)HWDr%Aic(wgZ%mo2CFBiPREs;OjE?0#N(-2jxad~~7cSIm_prG@5boi9 zRu&ERsaY#oPw@ORj_|_KbTBP8$3#yNTjqrc(KMv zCZz|Cr%qf{vI&h^k5SCKNYCR`>b?ZO@6-J!r8R(&K?dE1sZVQDcmpDdhk%PnkX80a<<6Xh!C{>XqO|C9T9GEYGy<>&7F$K$@Cw|o;{ zGT@lW(g;OLV!jaGzF0xj)=PPJi#TsK!PR>Ek_tc6M_IYf&Zt8Wn?c^Qt5oSGFpshC zcI@AU^Ov}SRxN@g77O9b_*2uccaetjN4fX-yR{D?8~!gHZ5<;qgk&|}wgdOoA~a=? zmoxS~=f_N#ww2qLvVm?wLCv#KK|;O`skP?MwMqYbOcC8DUsm{^=Y%(x(YRXcq;#@k zH<4cD=q)-_j26@(&;*Mz2d@htGid3FoZZUc{>4GR%*`$r?4 zwb$-U(wF==dYl`Ff7yGSPy$YlaiPc!h1zpyQD*8ay1uWZFeV!oUEZFaK%YN%~n9- zXV)VgqQ>imgZN%~9=4P0_@D$cv*GG?OrQX1D32`tHOM>0E}uZsk#KoGMlqBXzGE9E zE^tEAdU;vd^{XKrUC%lI0^Q^Bd;k7`jdU?zK=GK-Os5@6hu{hOQJ-~zgaMC4PDXQt zfxB)FY%lOayW9D50_K)uA79?pM@I!Fuu7Wk*YnA9Srfa83%&r4k|#_T)2V|yK6zblPG-MzGuK$_oDQslEDFAMC5RH-DMeFd+t#HbZfX6I!+i8qdlP%z|FB8mm1L zL?f(IZhLLmVaelQ4gaSjilB|9;|>v$5uN74>aD2fIu^6ZK|b!AK{^fhX9v{l?I-@O z+Y>mZOs^}XTmz{C;t!z*Ld~V=C4E+?ZN1~9_@IBt+HBb;DI0rxtGw@(A|I_#Fnbxw zYi00kz>o7lfwBpV*i3wo-NMqin(5&k{#(*Rl{F)v)&hHcvA*ERPH2JjxU4-{)04Hr zEK{?u@YJ&dX)+YHPc!TT9k`IbAT%+00=L6w{vnZUWTNXSy@KAP=TeIKBg*e?3T3iD zP|*Yf*F^QdTvl(`KXl8Epq>7@rnG+N`}iCY1>Y>$kwOM8KZzZs5=cPoYOY&*qDEp8 zzGUw7UUWX=@}9?{xLJVVwuUGO-^w&aS^uRgk;^+-I6TDTNskSrm( z-7MN%H7PeRA|B39$#R#$$Qj<;7I<-iS_6>VkrD>j*DKI6DJ0h9v-}Wf1thXh0qlIO z-(>L^XTjY-;?7l_Y*vlq?Rcq->#q;Ix$XJs=Jg5B>a-pCGfXTUDc^7p%*{|78STmV z)rfSSUCv_Pd1i_r1Z3jcCH%~&$1En3+mxkfuK8u^Kdbi32t5d%FhhiiibXhi8F`0J z$IxI+UoFz4HetIg(dP1i@>*cvM~!$F$nR}Hu}jmB2AW1C@D8wga1yX>of+PSZz-*t zHpB^Pm}%a)0Ndb$h|skw2<#hNF6`tFB28-wm!=8!A$;NEH^Q~#%M=`YY-{kk#gXr- z_5W1nXb67TM`J5DJL;y{D=gz%R>HOQAPKhib3LX7!gHJX7cS0ey*F{i-5j&CNJkOW zn4GY}HW)p{h%gn`F@p~O4Z|o4giWp^+5#1|^&2<4U*2JcoGCY?vpoKy*!qP6q&>*z zx!%{!u9u_N>gh}Yv;{w&Q#xUWFH1#$&+g+L=61{kXEqnTZc8MQZPFcA>{EbzyO{bd z=w-Z@qLfm}R0imaUUrE7J1f*$8kGpQIby6cs1vZ-O55oSO~9=zbydM4N*phx{%PgeSr9~#KLoJx%Z zXlbw8O#Rmcva9uE22ptnLBC-#PKP87PpW^O_xxhBr3+?1OMA|&Z4HEE*7?!L|?E_$fWW600?sm#okKy`dA49HvM+ zTdy|POIw!nCL($pfG0KcO-RR7q$G{iAI6D^e&Iave(6)rjKp)`3L1~o z+|rn!V&-&}U)Bz2-YfzF@V=L^cPI^o49t!3@H5=MjC@0@RkAssx&YQTPM$Y=kb0*? z`)aSI?8w;+^>o~K5{AoLLw7D6uGWL1tHiU(>c8fzo!8K%plBJ}3P!kK^5fIPzJ56{Vo?+hK^h z;1}m@%w`ZS!uaUY^6um+7$GjhuqK+XmkQR84EqPrXID{gU zd3?ZRbu8&}nP&*Rt&JUXd(z2#ihg_N5g*y}=4aPne{1T@`EpeZ-Hb>bLf}h;TMJlY z&wTp1bnb4Y#~)K}CNrMN>_@|IAQlT%OsiT!(je0VNW!7bpG>p6+q|HP3 z3-gleJXTiY2Ag*V7f1`R<78uJhF=eG^}YW4bS_EglIPuS4BlB3@9g6om9;b^^P7Ub z5~hMIYD4n+F3gvfU;%-=2!g{fxO^#mNy_+!&Dl$Ae&xk74`gv3_G$sC{~kp9j?vNn z$kLqp8@-EXJ>}*DNp}*Df$woySxtZMgyFk;OgYTJf=Nz0Uq4(N-naL%3v3@4?+a>S z$nW1``Qp;TX0@`T9DL&1w7nIuf7&7%U_AjvgH9rH#Mnp7jx6cCo?vdq;9qN~e%c7; zy*L2O9hU~PT;6r;s zoS@>04dUpFJKJSmzdMPWu{R{L{Re+vr$@~AR5w^zkh3v(1niFoMTHmfdbw733R0&R zz|TG15?3*jBxnb7eH@8q7#PTzXb+LEMkM~f7Qk^~d!Og)F5!dV?Rso)(!@#H#m5<) zvJFpE-!}o%Ok66z;jjE@S|@UZ_KH+q9=gnCX+dVZTF;vC37#9t+8b0pRCF<;5=s$v z3HQ&R?{(^V^fXzy@d=h)$&Lqn?z<;cb1@WdRpy&$d$MlNE$N)cIDWE(_Wzzlcd{e7 z8&9szz2{}WX-7Dn_on--n3A1xO+4$f<4?`49v$zo%?zG^niJRS{Qf*%_!fXFT%gkG z0vnMFD_?%Lz0zdd-pzF$89N^lGJny0`~A^Urg>l00k^G3o!q@6nST3bcjt%TJQv-r zPGGnRH7VJXtlU@zE7ZN+aM>C#n(xsXeY@G5<&KyPhD79TiO0+3oUk>_C_BCQR>1j9 zaZ<*~j?~sDxjIjBOi+j*#Wn90H2(}Met|8^K6pHtuxs!7XCKk7)O9@hKZK>0IwL0N zmH)>X>kmFw7QP;=VH^P_&qjWRR-kUYjc{z{qUQvAC1cs){%P=d@A;&-GD*j>!%M((3aL{=-8;b&|x9`&J-dil&=Eb5d@<|2(g1BS>x{t z;cJ;+a=XoraApTaSD|!t>^KTSe&iQfVsSv~%ZC+XAmM(+mt|Dv)Yvr_MKb>)p{^@xE&@Cj6~cv6=pBt|*uQgj6JBNcJ6x zi|4#=#0w;;xOmsXm$=qjFD5Jx15wv2KK61hgvCR7J1b%x=x;>&jcSb55K~;pPAbjv zrbvt18DVq`2h-7?a(ez-6}q#y$ooZrr+jyuy{*eNA>JzgN=kqbhDj09>5mmCD;(_~`3N3P>H#SW(ua84vh`d)oYiMx=$= zoX;Ej-rv3vc2ARgf<+u2zvP&07K7HweaWHWw0fr9s?PCf>e^F26-$9CQ8S|$&86?f zD99kW1TzhM(6)yDzlvUO+m4a^KQ-Ve`u0AL;cFkvXvo?>&l? z9!dX6RxcuTa?)8=n?`mB&Zw$uv8)wU+DB4`IX{dq(aG>dzM zxn-a9d$HP+PXzadbxKLWlf4{8sG8^=)a-djnA|H_UtOVbk|pmzJw@%%Z35Gi4#48F zy?@nL%{uC**jMfi1Y0MabO0Ck0M4tZ34(CCYlth-L9$57^OUZ8*;_4qj&cA-N0rZk zFhLCiQ9&n$v*&H8zu(%kOlj}QOk|?}IkWOt4RQYyPG_JfJ$_xR2cn~W%9=J2?wKZ& zL_kX{n_gKDgv-56o2>lB{CFyX)tl*+vjt0*Wi`t-xO_SMBmCXF9{tvj zG%62*_(4Pq;-JN-{w<^_KkQyF4WlJ7c_d_>q0ZseYU}PkR)#*&=9(yxl2+Q4R%AMC zo>#u`^xF}7L}OmWGohw`#)%|AK5c*yh=IQWQp>p=v z`*5%?Hop03GSY1foR=BbmI4Zy&TM)1u_Ppns6$pXArZH$^%BB|O$N}!!hV4UZ$zdc zE2D-yeitM4GBB2a;<=Qk?$4evHfxBF4VTorXmWOz-~Xej2u>QblAPgDM?>@K7xQ$B zP6^)$@mCh|)@#p8o&#@v3v-~5A$}+lq|V&dVtn3lk}zmL{8>Jpq%^8 zmn!W-D3qF1jU;W-cyqJ1pP+`gx$0$31Ji3$4Iz&=h&?{S z0!nrQ0f-o^e-^k*9ZQ=!5cu(%&oNastx??XktVvoe=WgSYf!fL-(Z4RYwb?BEKarE5)v3Da5TVLz=`O+<-dN|$(ih+1?Xg16m<~|VZ^F3`Ju$iH#YLG1 zsaw@xjTW|@JA0Og$dsHBD#qMg-L@VF^wfmd^R%0SSkz7H=hEc8gzt26&xcubyoyR{ zr%Rp(#JSt``g=Tf_VxGpNQjc+p-->P4?}QxJ|;$u2tY#Cnk7k zmJECAIH@wVRU3L5za+0+3r6lgUTQ$k^5`+`PH{XdAyZdfK%W5rEpa8 zt;^>uhUO=hrqFD}+3EG@|Pz*Oan&f%Wugj5SJ|xVODcMFmEqS6@_0R~Z7& zHdKJ2&g}$TECCK*nM8Oi0LldgYc#Xczo=kg_V(u;e*9QSlrsX^_ChF9yjSW)1pJQ1 z7vHynBDY=!Z_R4P@n#-|YqlPOY(OGK(JjSr>QAa1gfFizJeBJER#x$qe@@&o++Z@+ z>apd`bG?u#z+x$MCyByL7wg#wQ?V0p?x_=-)XK-*Nf2=dsqlELU>rvLy|{)o1XVEZ zsotcBQuo~qK~_{hJtT-IJ?WrLPg7oy@2*5|(kCn}%us1v#*nX8vGbC8q~B78NCg&O z=9-x}AHgLo)LA0cOJYK^PZsl&C2wh%Nx(2Owwj@TZZ~3Y?c4j(5@YA2~Ow{})z5_NwPQ^dT#=7Mlh{=|m z9QSPB{%&cIoRX$vX>-rh+x1JqS(c2=N__&qYKKGf;o3fk#vYr7C;x?0fodjTYzv^f zHvgH3if~%%iNL_XRxNJg$9q}t#d4nMiPZ;6lQhIcH5vEGD*&{hm8Y2vNF=l?bYE$m zM2(tX8Vsh6?neRKh^5N1axkyAjdTZAuDcsAT8@7|i@!$j=9GEa6mt6#QWdv5WP?Y@ z#P-6edhYpOCAoYb#5M7z_EzwZuepEJJ&N^Mg3CT>QH=m}IoY?zF8`I4M7#aIwH<~! zJJ0oGSxmZLjy;Nsl)*%YA_27$VRC*BQ|;aP!GbjW9fe`H{!05a4_8&Z+cpAUEpG4# z=ld5S{zjmzrfh_2=KflVkA_LFIxe_#>cji$d5rE-jr zd^0=jqVty#fu253JF45BG3@)^2S5|-|1cWbTSWlqs1ZN=`mJQ)c(*gGoRzj>RQre| zR!=N~xN;lvo|Z5-D6FG&$84E>c~*bvS0SwcwLtsc%hlieLS5g3&IzDi4lXP#EFKp< zL@aryCqL#N*wDkTJeG-tt70sLToF;No4uQ$8oWlJIm1J{SGn6ZaqAKp}=$0yqL#EKQQ_Wv|Go1t{s9{2&pkY9zZ;g`tZ;IW)8( z{XhS+ag#x~)q-Rj!)&5vOzi`P!AvQ1?wiyqi7GKe^Wx!b3m0`-pDNwpBP)sI9-^|l z^WoTc;t)}fE-oc7Ib~AoU}lotXj@ClBr5B?10Y3fsVB4O)9TOvR+_h}enGb#tMO%( zeNo6W02@U1wx8LK0Ps2&k9hid+ow!g7XFg0P(-vfYN?=AuQe(KgZyh%udJCxux5Gm z60EL&CVHB(F6r$gw7x=pvt;+5i4qu9SJ6&osb=@RZ zj75d?+g{KIXX>A+$KnMWT0eBvy+OQ$un^>uCiWa;*0B@Xn?C$AzmvZL4}2dNZ698o z>H3=1#i~8TCO&*wO~aXIpd%MKpm(1?hkwyS4-w?u8%-6q46 zSS{%7YK3xqC*C|-E^G~D0+>~+X6r5uUeoFBQ&V+bDt?o6p|OPkF}Fe>518TzARq*@ zQ@wX>z~<4bcIFVGZX`7N4zDWP(S`4v$rt4;iX;0xfMbY4t8)?(bW|i4{Z?$h9Z*Y8 zJDKNcT7LtU9Qjd~kbu=Ii)khGP%e;r1kEFw3bI5kkUM>(bC*flh+3)#RB^bUC9 zxbspsJZ_5Ot+P-Fgw1}*pfj?@&a~>@SGSF8B%yNwE2za!jx$-h9?haHx%6;($o7e- z=-f$1RjQcaZ7TWH{0;Boat!;EY%di;b}9@x$}V}oE#|%F&`BibMKj$TrwyEK3*aFq zCgxAt{L1L1&RnuCrj)S<`8F%wtpkbJ%xh=#wXoy2rWwN&hOa(}5>^)f%d~Awm$EAF zKL@=b%8qoiDlMbHBJQE(tOIHu;!)jxiRJ+G(dR+AdP^}QFK?b>1sU;iZ4)A{{PKu? zk<|a}$e~BN;Yq*X0saF3*~6#CZHeiZac1~K209iO#P%J6nI^4!LvsFhwvQhXt?=y; z%HjkT!$Tkt!;Y$G8G)2s0~)bj{l>9h?VCTK^3as*qCbFP1^by2o^+huo&AaR^UD6R z9=)CPiB@AO^V;;|nTLi;Ur^+k(0Rj{`k#9Pr~g(@vothAIGm5C485{_bV~QFSZPrb zwM-0Mn!TZ;%FTf;KtN@`U}9xb+pV>fXWD1nz)5p0?(A$g+dO>IRuYGcpI^BC5vW1y z`zw2RnHYwAf>ejJDM1JtVZRJw0ceCpM;HKefjxkHweaDFAi=acJ|IO{9^bf309MW; zxOChw{cRIoIxlEwQM~&xsD^Cq^F*@qd=j4Svct!iLqf7dTO|JWf(Y(kY_mtax|1sU zUWE+G>D#T<*~lp8<4B{1S-hn^+X0`zF9yAm*BEm7^gJ_R!7r^>4t#01wXw~S>t}|W z<$}hof7k9V1RDVPj%VlnzgqzE7B$WSy#YY6b1~9oD=I3r9Kxe@Wr3>P4zVL@(C%p$ zap75c#jsZVM@eI^tYLO#B2$WIq|F}64Ym1Vbgwn_;@u}2w@UoGw9Ye;FJ{ZrNMT5u z4&=HC_L{MZvpjI&TUpHa>kAtk?Raao2&~3r-&an<#XNdIP>~S|$8?hZ9ii(}<{ziW?=;(%r&;5m?^khMX>)W9y2>vd2c1?3``OyG=X@ zPMRy`6Ly#gPtY;!xmxJQ%#Qx7dlUA`hfZEzo@?{`g+xPKHBw-;_(&w)7u#C;uynru z+0R*ca{|$I?nji?Br|sGXlWDNzY31g>MM#C33wU*MI%gA&1cL^`c&v!Lv>MM#-Pbo zuZu+Aa%SJ4-`drZjY_#AT`)!qcPwPadwREuc+B3_Wp`kvDow)mdWfpXt}d&`3CHCH zLSnPMMG@^B?HE2ZEipIM@?T6O#|EGo^1Ho)eh8nsMFY%x>&-y@M`b+8`x2b1^Xfal z;F^-$YiQMvo91}I-H>@N-FuO>fU*vk{N_<9z~4rqfNqow)90We<-P0EEPv=l^**k~ zy$@JE+}}7M$buiXJZi|@61W$mPfhCdc$`t(qCAN*W-D4X0uCHX6{nC|BIh24!m)?% zD1nako1eU%#QOZ`$UASi@0^H*1--WJ(q!nB0hp379?*yG<_}DU_pmjp6@a@3o`Qf@ z@WO{wqtrjfm9Q>a;0LTAhau5ER0Bn*Vc6}TI+sW?oY4nGr8{-V{iFBBgW|ii?C)%U zmZ+TaBT2Qix{uFB$KF-JA)Dp@Stc;?wRx5Ez%~az4$kEav^&8l5}+oU+7l*Lhh6xa zV7rRy!NScKZec#;zT3Uo_fi7hW(HK&0NxkNK#n+VhA?C`?j+WDpFMA1oEZ+MIjhc2 zzk7&N_0s>mEWZUHE;4&KaiXki%$KOeI6$JK%Fa3Sxb`v*l2 z7McDwE3C^it#Aql1-2%zMRP-_ZqTj3-gSI~Eh44r^6RnLKgrTlkcR%*yJdq07-GN~ znTQO9P8 zDh7sXQXAne`uw-{*AYa5A2O6QxM^zBZZ`STcKrBM7 z?9NcH3Xqdwh-fThX`5HJM^a&gMM!*g?yTsHiycfqI#Wu*10f*Ro|a`>fqXsv)eMtR z;|;u<^0G3ZlL1kc&ta!7)8!apI+VZoZodJ=@21!^fDG845$KY7oK8U_rAf2YRC01e zpCNkuv#+>pRewu~n%V;gusV4_!TSyQ+j;(N7>$URnZC>dQQ%fRnVM@3L)Ir%KG(;G z9~iFfXD|qnKAs4GC5SmDaLL$b`3sbj#?ax%f+;uf->hCkIXJn&FQZY1UR;N5IS(S} znsVx9&im}ev;Hjk26!_iwA%7vm?Zgmln?@L8@!zF4kVtN&qx}5J|2ys1{Xd~$5}|N zloLr0Ty_I`MnT4ZU*+UP$^{B1^ZsA>r-#z(a9vqjOXj6XGG1(TV42QT2NyD50IIiV zKk*=oU2$70xmo^_MSob5Ica z*5cuLqgV&E##>ma-3`=45Qe2mPq(4dQSD88{JWvd*RkF&@e-*1SRVTRq$p3p-!i>S=lL@fnDZ0W z@P);TVJ}usjv6g$A_<7(-vFF|z5nDea<{=^RY7+0n8mX^bvr&`mTT|7ESo;#pPu(0 zSzG-0!O+b+lN^cAHFe_r^9GprpC+G3cY1(+z~~&w2X_t@%l)Be16+*L$^_S= z`vzoRU!ORf9$VXOo|s4!_ugYZitIgvLfjv_WMbTu=2`wjEbp6 z*=At=uT_2&2E6H&RI43m&Cd9(!le6|!g4hVz!Tzy9c(5HYIZW{U@;T*D!dQIf?juZ zCvKt{Nan?|aC_~Jes^B6Ff$~{`YqbjY|_@SGUjZHW}J0IuHRHWmq2zW>SCCwY*+hB zD!^@!d%)|`$d|v}TG>Qf$7iH>{gkmk`Td^dc1&|iTSYYUR6(Y5BO^A$%>=8CxVv4A ztzeJpTuugocF01wjFD|xqsUrpMf}XBNZQYjI{n2{ICld!mt=H$+Kod0GbTHeQy-DD zP#e+g!Hen#^sm^5q^_Y1;x?pfVa9O(4^hKvznP~@N&}n8+g&dH_a}YDQrK}}{S9yk z-TcF1vP5Y}5V2$*%+$&KJv>(cw5jt)IyS1c0B#-H5=yaH!}f|6Ygm7B4g74|>TAZV z@RM{#hUJRYh^FRfj- z)?~K#B&`CxXL8TkaJJ!Cxzd?vx@LdfFPmezdUx`c+RuY{?vD5KUf2Kqv3Bcy5_i}k zFp?MS;ui;T&+k;EsFD1yGvQ9c1Ii?_IeD@H9Qc)0(MDrOloFpKHAFg0<6N;-loKDc z7Wu*WwykbPVkr`Bs{))-V(+$m0SiKx**;0N&YL}-ajc}_;}SP-ecc@x6VnAWZi2{> zN|H1(KldC;eQb#(_zFToo;apg9lV<1EN@P=3o-&6QpP98Xb=lap7zfpX9mkemj&^s z5wcpF)B=w}qmkFn^kgi4fl2T?qE~owlR1YOn%IYM_?;OTs%gji5m1T$_7cr9dnd}; znwiG8*JPcdR*=6Z#vQYYW3LjXNlU%*-FQm-sSa&w;JNcXvtp6<;M<)-Mj-al=@8Op z4*_6;y6@3C99dLjUMA?L6#oflL`fuz^7Ru|Z#`W5a9xSR5;yH1 z{ra}UOnXKkZAW?|xo4{Ry%h&jb=hT}A4=mU+q3(hip2z)4EVvSBIxChFX##pvg_fi z-04RR#_Wq)W7g!+O$M!k7#jS8*OT@_o3(d1=*jTbm#l{t5V_Z2JDJw{yy|0z1b|3f z2K@|?@iUd_iV2iVRGR>|S6O}@Y1N6A*fU9dXv`8!z{7gwdO5%pw4}h%c-wd@WE7M7cCY=(l#a9al z6T}jK(#6fWg|34mZu@Ky_q1ywW{7Xm3DgrOE1eeu>*Ake?IIf6Qjr=2b~^42?B%>T zGN(i$4*DqoEJr6J`SNK*!HG|O`eXinLc#K?+HsJ3ZT;ROlln?vjH#2A_tJI(j!v~a zY!dGdw6@>%5Y?{z0PTbC|9u-d?ik>)#j?<=l`c0;&ZJRLDL;0dItSL~optR@$X)^h z-E|RFT9sPA_$9HlorY^0`%@`-Xi30+Bamf2L2kqS1ptvw%@Bv*mjmRzzLyV~@%D1_ z6g)=WJUZh4CUQs69VghT7jS3XGFWYZ>H@ThuPE}EEV^{Zl=jLmqyG+|6Y0rHae#Jk z1Yr!Jc`Gc9jxi4p-@~=36BG7%myM1fH9g`$wR>$?~(EP!yM{Ug);1J}LOMIQhxm&bda45u6R9iJ(C zi=ql2I-4go6KAM;<-F0WA|#UKBV6B$s-7p-#msUILfHyVwF~Z_>@wsFN+9i$LERLQ zN^f#gn5HDU0pFmVk*xs$13-P0-DuU;t(2F7C;og)Swt6?(| zfHWaDLUH_x(>k(H0F%=S*$W79X5ta2MF{8x3CxhPn&qfiLm{18+>LX72r*pT;4zG}aOc$U7u9{&nKzP-QXqbO6 z^R<@dox)R(7@C3w@vnT~b%y0FpvL$D*EI!rK#9DuIK7pinyHqjr5HRM@W?4o2XEbBo_dH;acH^et_!1LP zz*F#X;7G|9Qu(*Nd9?S~?!o!N1&{Y|H{+6lxor;(~4~=%QRes7$V4>d}sT!sd@UH*n zlla)QuN??!FMQv&Ik>qC^tS&kVlMhb6I#mooq^1cW`?IS+Ktfl`Q3KvR4l;(uD08M zZNiTii7c{bi^WhYiK#(=d;5VP?C=F54eOj7026qS)8;EQ4lt-+Ti_T^2DmJ z0*IG=Y{2B&A-ce1oW>UlIj17iSS==LX4K_p*fkzozG0=>|S$Q z000&!tN@!R&YsZaJ)&KDr^x;HlR1s@-cWW&i`QO&x1E?y ztLg2lJqDoW+(FM>%Bq2JnkdlV$Z8t@#T17J!IPBq(r_YYHV{#$2;@w7*=9KnDd|&j zjOSCfa}9d4i8Rp&+h;WDEA}{ie5eD+{sAmf27o`FV&~iz{z%X%5*`NTF#T&kzagbe!j zpEe<>6u(Hj&p!^J$acb-7&}~uf%3`kPfaC#xAsyVi5Dl8S09e6Nd*daES;KNYi|83 zYr9LtFWOoSh;DUSi4Bhf^>!%0zZvR&9$2f9<&k8d_L$hQDquZ%`NtD@~?)>di71!PL<}U@l%!Oq9?2OkkNbANn74 zE>5`uwuJc$XhFpPPV~e`#tba%UIzjygilcufQ&AobSIwn9L|XozW8HEsU|E7YkVAs zyeMJoaDWEt%zVaDaSZ8{1euLE^_wBPx$fVqw zLNXZK*@+0)aNR~^0Od4V-e5_GdoyDCyru}EP-ukWKl3piJJ5DEcyP~381*3*H1eg- z*6w$`*zaoBoAxGv0o{rU^0|S_T+S|Cy~_U{O;XkkJfd(eE=90BMdC?lFmU3=E6)*w zMGr__0`BgxkL8oRVLNd_2)O8SEk7`@nb+grf|!LfOKSl~gp9v$@d(-1U9ZP>utWg% zp_mK&36J8XPAm)kM$4Asj62oj_=Sg&O2PBLPupbF?+(fS zc-+odI!3#7@3+%+Jb`m|z8$0jW{b&y(gi?U6PtJ#j1cY7Mw^-jSJ-6F`5*r2Q2C6l zaAEO*Y(7HRx!ln3?I}|5-vt>byHD;-e(q1@{-PW^vWO5$e~P{{tp=b+}1UWMT*gexV$7!hwSO%b3r(S+ifu1X_o<(eW9;&^sisoJYpsGPE@wOcDjq}$^-;>3J3V{nk>7dP z&I%Mi|E~Sj_VZ}*1eZ}n=%Y0U{r%#vl5#GX-AIvLJCB3a_8bSdqxHlTkE43#rL!J| z7QasBT)Rd3ZLjh+N={W58VV>BPPvXN?|UexzKGWbno~qHb!vx$Dzl*pJ+@McZrm^0i?ztqp)N)up{6OX2^friM zgrB&V7KjM$tc67}8?^0Pk;>|tE6KokrW-jk(*>6EGw0@NB90odGYvK)sqJYyGc;n~ z0?2-CQkB*|y^T_3J2bd)3xmfK#CJEoSjZTa@j0b|`+tcNeTL{Yd_locNoQ^u8MOxh z1^*y~944~aLU`Gs_fg2h;G@pIK8=SNesPObpJ)K;$U(+F-15yGK3Q|g^0@5Hcbb}z>-6BXxcMD1l4H6PVNJ&e>07D}=^Z-M=*U$I; z@h{JF@0~Mq&)Ivewbz3Dx~fa86Hc^v^tD9P7>tS?%$Czo^<`aDb$nkNj(ldUDf5-z z@ej23%RJ9WBL{W;2HMV?H$d6(r&l>y@3yk1*SJ{zUVIA};uV$L54zPdljXt<`@dUX->};ob?9LRL|(yo z+xRP8ZtmlOSuY?s6nItKavt=6eijwX9C?mk7u3o3uf|*9m9ucZx#NAD&IHAEs=I1? z`)@A0{ue)PZ!}T5Ow!Aw7aYHpD=5~3V0bI zi!$3LMz$69VNp6QPKu9yZ@zJ9gyDRDOlE+yM7UH51n80hyD4r;*0=dZ)~LdVlTzTz z)5ku%Up&N4W>{KUc^Eg7N z`7}SNxv$n+RPTac*t3z`*9=WMv~FPoYt}mDSYc z_;F8-N8m$r>lk9#YoNS>z4avm@~s{%H~qqa#SQ{eW<@HS6(kGF*N}C zz2cLn%gJ79+-7sV$effMcwJ#-Rzw9Ipb3%WNR&3PHc_doeBN&he|5YdY?QBm1g80t zaC?37<90A??MI9VLgdK^cmU+SD?Kz>4==~vZq;fjE7$ubQ+GLl(KqQ8m#XtLqs6%K zkD^p*1*#|h0bp#de$?k{bS|7WcC=x~QJkJwF4hKHymbPp8!_XUkF4@#Fc@_SCKQ_@ zd;klHYDymaJwemdIFKzvOwj&tw!y6lE9=y>pU`j#B2Cx-OHuLspHTp}otk5HyxU(vI=c_bqrRCX zuOJOJ;+ekimY-RGoHs=A5itU^4yZ~E4Xps;4Pbj&g;i*zU-cwPF%RQ+0r1$LQlrF+ z_vN5&Meh+cd9^P~m7&Fc4{#Uf?PIvp)AXWWccZj>Apj%4@NRZwfPmFZ@FR~$RN&VZ?SBhd@ zvhFN^o?QH#5bU)c0`G*tb5q

+OqxdXH-s;};;B#$gTh0SNiNK#grG-t16-Ib6e*`%dYL<|_mC>1)xG z%x~J(3dlj@qy5G?#RGI@&&3pU7P(Ea=yDNS&noKE4-Ema+h>BkEI_veR5;g{DE4}m z9$w;+Z+e=c(B+Q@{6!n%H9&U_6_@vOXgXWu1(@M4w5d?%{AU#P*MUj`i@Ap$ODo$0 z6(*-Lv|BU$P=l$KKJMFgM~jR#O=9|jzI&_s!BK&XQMzgI)b#ZT@Pm;yU~+c0|F5V5 z6jS=zld9@EB7m|@-VYt;g0OD*k|E??k^t}uC)@gkJ*yGVVQH?hG40!$DZrd_UC}ht z=K68tk{=PWv#hP`)KUMpt^dU8|tZ72rCH)BoM* zH{eMMP=ViyN)G3n9V9LfZP_j_9*LT^C+ef9c)(fve{E>vqd48_T)@j@S1*sXeX8n5 zM3Om8qZC!a1-Lw(V^0-+%778%WIG{pK>&0dXn01x^1^h}3NHr=3}^u*gY++&W!4y#144_x1GgOm)}cEees+JjTrtS z2WD3NwRLPEW!i6{XRYmhj{ngfBF8txbXll?fac>EV!UeO?xz<};U9_10k??_@3(CR zEa3sSrE%&~j<=G+4UtN$FpaBzOFp0Xm}cBgtA{oF`ak?(azSbx?sFB94{=L8BO4iP zJRdajQd5%G`|1LAzI%;KY63PR;~~!(K#z~oLFPlBh}C18f%>JNsa3G4q=>!0&0`Pn zhG6(p%jYJSirN1jKv22sVWK~!9W*7)N?TmfkC$)-52Q;r=7s;=_=Usj;er?UmA4VR z0r77-OTJ4#wdg_J)+;`SU`lG;N_t=kN6q~lVB93~1C>2o5 z+Kf1$Iw~RHl^mmifRp*=fp{|Zgwge{_zQ>Be*kHDm#vBxDN4*Y_S5{_n9IBbUCt|6kZm3GCZ3Cswi5`3GA>`^NX@HPW}ahY|0? ziYvZ8dEAHb9Ip)TgJm3<)m#~WKgPUZ-<1jXwpl%7>jHH&-gpU$2<=#KAnt*#{h*pzGoCDx>5QOho>Xb88-4Z0A0R~+i;;b z?qx-bz2)2kc7p?5s#+S^%2iod2DM5*P6W5hdft}W(n%l@2ZL5u z5@1>MQb>#&a@_x!Xi20YMn_F5`@xPiBmk2AOq%Bgjxd@c-D(>pGky4)ltC>lvWI4H z5?5^TCuzIa0=3EiRgZdqs7Gm`Q}E|P4?Zr8ptV)r%>qYS>`4L$B-GM+r12J%nDXA^ zVWHhydpO+jxTC|41J$)&&GL(&2tVDA7v(<2mqEBY%~|t{ z=?1X}haKD0TZbAszNjhoBj3WvlzvLrULh#rf`snsY~;BSbo$vEkC)R*#!RxE7_XR& z+;+vD;_5T=O8DjclU?s1GJ{Hp3jR^XDgaiXla*hVn&6s) z@87;nIyn}1qa8=Xah?vwPxvLpGY}Ho2|ZyTP1=I^(;TCvM_Ntn9#`6P`Ta@$bE?EH z`p6N~5luPUZG)6=D+s8`pObc6#ci|JPR;06Fcahubh$6?BVu6Zm0RtxYIQxlJBt1W zL^dbnn^2(gHRsAUca-0x4VTjE{wU}ug$zzs9tC|BOX6o)BzLDeg09p!Sl4j3C2mMsrh+jLa0<9t9Mq zqfE=+D?T{-Q`y$q%bpg^sQX92a~!EQFP%Ux9SAS{ zcQyBhh=RCg1j^L#AQ0hH9q0bw(75zq_#zx|9B&R_uMqxZ!bH_5xYi@I(Uv2`;H6Y< z3p$bm<}x7pXxuoFS56wZ=dN~n0kt+2I7w3adCVb~|ND+MC1hMvK;l-r+LDN7X2#Xv zi9Yk=d^UYa__KonpNKrL7l>?k1OY?G9HVeMp&BQ#ToriU3I&v`WwV&SIjpvB$_6ra{T=?8xMQUva zt_S8$OrS3idTH*j9^glubJm0K3YsgEVzM_)Yru4dzCQBWLlmGYpkGs2It_|_?05~u z|8**MK zl<;N1jk*`L93Gr1qmC<3!W`3m8*;{Nk~o)R>+P&<^TF*4A@I^xsUZS{&+W~7JmbS; z1l`j3PXww-q9?VDOMhw)C8W@Dw5H4$H2f3c!BV}@Bk(}^UJdvHA8hg! zQc%9f0lA5UtUw?GK#ow47fyKL6f4U`S4S}5FF~OrSjI}6(*2Z|aCaytm@e_j#;s77 z)lyDI!DCaZB+mot6DqQ6;>_J<28M|>gBkDBH$~*aeq^IgMTKx5^)IJ!4`UUqmaO9f zmI?InP0z*_896wfq)Ke`J*-zmjsu>H_Avvv_;sg2jM`E6$ID8r!Pv&Y*<89A4?3&p%4#_o$H-1%#^cRPP8WV1jOdu2XYn zME}jY#j3bD@v+`2r8(j3!FEs>YiLF20-)=Y3{lXyq#=y_l!+r!!>7d1eB~6HQ)VyJ z&7^6^_oMISe@l7yZz-vGFY`T@6<)83b`t#!B_4+~eG}I#a!UcBkGey{c%52(M5zuz%RUZz( z3)s^Jf@^KGGl4i8;g7r71>TJeui_NuJ`%=@O)NNcdV0M)la6yS6Tz4=b8UK9A|;SU z4)VmmMJra>3V;|e#mqBG`)u{H#GIy_2eIaL91YL@INnw`LFR9vAPiL*dCyeo^Nb6x zX+MM9kMl2s%vwEfU!{L4Lv%9V=M|0q6pd5Sa?mVYa{xXV+8l-||LcQtfFUOXeCH(Z zgjlG`_Mi}df@31xH|z8V4!H+7OC;@IAvWo)-R8Awj+7&WorfPjpFnP`I^$fE)p?*_P+kz{oQg9?7#y7#gk)`K@K$laxzaFpw7(bG^kyS{3DE)>4}eVXnxf z*``B|tUw!>8QDx;UM=rNcV;Arau)Dhk9{1U%CC3}<3H@6Qfq(s*-+<6F+iD^Wlrzz z+R4p>kg@i6NUy5%#2|F?n5#S#r(6G1qrl!N#ddP%)6;$3)JD|>aqYbOd5PKU60|fp zK+H9)A@zfg`Oo{>ep8dc%DcN}-{RdHyMzFnImfvL(gf4KETwCxmBOaDdi(N97{ch- zfP$dYb=yc?xd%zKTQFKo90=zy6E2NFXlp)?3|eY3&L5g|88F_miMWrKn-C6#d8j{N z2X3EcJ5OT!8h}yPPEnvTdlzuW8?ZE*6nZs!^0i3uC8^OC4c5BqhjyUIP&(~sra-#9%MTifgr zRIkp7PASo2+d_-r?=(21UyId)35o_4@`X$~7gRJNo?VOoYFC47-%|+saML zpV^jTSV2Xdpm$Z8)bdN(HVq6YuhG?%Xy2yw0x~EhWYNGj%1nn46_vi;1m`GfPkQ4a zMi+i7^c8cRy5Om@>a7zw>88fra_BWgY~Dq7Nd^q)uC2jA=vUM&L>1(7FNm@76XMwU zfmfKAEXjQ};ookESr_=;cGdddDU-bEJgH%YzN!jVbEXbJ)0|;34~2WrKaCNDOeBiD zmacF<`imaFr$y!Wa}*`_O!@==8qaISAiI+;hepTh#tih9?eEnGjj;_LOZVaK^B%US z@o2fjgiV9S!oKw5v)SAOzD!PxPU(hBN$>gxafybn`CATCCk>nzODK0DL88k`xQoUM z8&_#t|7=`D)^OL#Wx*7^uFXh&^Fw-#Q$V|hQSQOJ09IDadrx&?h0b3gJF|8E;V(@- zF(jePDvImJN)RYJJ%wOG^Q%>QZ-mQ(7lFd+80he@BW>R(^Kb$wN_8|wdi5)-k8s!J z0U3Og=bv60Hl{rKwWe&@Nv$m*`gzUw{%m!niHO&FEgfH@Mt(gOrL^|Om3lYxqbgf_ z=Fh(%J~ChOEB;mR$2GoH_Jmm>;J{AV?b->Z`$N1_VQ+|g5B9?18*&jRj0B8yF7)A6 zlX1cN{`Prsbw8F9m|odLD<(?YPKN!Et`Ji;wYCQMgS_W$AJhqozrk6vsSae+y@FDW z3hMNp-Jwu0Xe-BwY#M;)c0>AI$AC?e;? zk|+*%sRt!<*-m++>$nueCt}JWvF^x&RYXUBGHDL-;rqAGPSto9hMA87#ONT48LN77 zJjf5r4*2(k8`WLE{>9B6tvB;~znckz_;)~p(c1}(3BTKapGt#>vCGd1&=A_iNBuwp zS%CX-(mv~WWy0S+?cNHeGv{mRC6W=-rN1`?Pq9t7WNZMZ4ZG&YnnutE9YN4lG2Giz z=CdtW;dkt59mt8&!XO~Q?iqyHb7Hb<=h)PAvg_mcLEPQmf?zm|ch6bnS5ZI)Av<9M zlW&!a)=|)c!Ewcp=RG0YV*9Rj;&1ZR{zDB`z01mg(Rb4`>QXBef7LXgRuZcS?++VT^j^%4spNdw8$G?GCq zTKKs{-+!%S;Z*{rpXK(T&bS3?@Ujw^7d+$FrPoyuDjCSfhMD;XpJW#&yqi_dT547? z^Q#t~L`J-rB1DW@O6v*_h9#k~h80{neKIPuXLfA`wgl^vsKCF?WOic( z_`v8&+iwCiu#L}o=FL4_`O?cP6Uh+2_MywGeCE4`pAK61^4EtCzk>x@yDlp|LqEeS zi;MdGj`s`a@+1*gWY`Qbf7R)=yV5A~?6OA#X%>fv1HR2wF)PGDjIe zNWkatc<2AL0LOx!&$VuA^c>2oeV`AyQsZN&^)GG_#_qX6N!Fnp@M_y50b8p|!ZC8G zfTPsWFG_3->@FPfJWs@@pooCKM5ql^({}fN4-kGPu6lcSo`}IC{U-|%uy*HfdiP`= zs_~K)SYgFi%^TKfWlf^glcY@GQB1}sSD&-A%p3J$2R`cV3fPyCwvb&JfpS)RJe~qAD2#qBa^N6V_1{{3`7ODqYHl6%vhb)Lf|t;dmiabnDn5?q zdh&>~EH?hx`ps1AZ`XIW&DGo^qZ*HsHsuWTsJD3&U=JvU+5q)7{4bTNT%nF24vaCF z78nFH!3TPyK8WP*q+c6)Td{x*)b5ZVhnGD4LFWuz&(fu_KOP$p=tf0$e-2lMCBS{= zE-7eeX~*Q&g~4xq9n~$NHPxEerI>KN)Pn9mPFGT7Em!j_)#9UB2qUA%+b$Z|fe8Fm zrepNcW$|e!#-DB1ruM%bny_z>1&DtxL|tzN8)687ys#$&&%{Am<-kn3Gru8XT40ac zS}(db1xzN(plcGb2D#pS>OyI>-Bh%F{9A0mX^f9@WaKR+Rk-d4s(x{)-ez_QMXF+0~4>{UyW@aEmskV~PtT(^F2?vHZ*;n=c{rY9Y zq=D+VzRX^)5=%?$Se)#{OQH%A^DiVe2YgXAzwkq|`CZAsfu@bRkKcb;=DmOxK?2au zloFDR5YdVT3MB5i?VQqn)b>2x=q8Al z*KT#e=a7Rml4NYn3`l-y^F;*-Sv&+PEYkQu^*8=qhcN_}rTe!1L~hXW>g;}gUkKjgETd~Gv>DD5={Y%lvO z7}B0xn%dwPhxqe%N-P#495jPb@7`-c#i?{i4CL>4;EMsZLlxl9YV}E5t_k{+>yONd z_y{sFzM%V~SAo?q&ilw|#Bp0FDxQCP3x;dY7=gWtAeTx>qrjX;D`X6v8ckZU&&y=h zuZEXYB|cZFw!(QMi6oa`1XBpIcL(uLhY)*Oxq%r-Vc$YDXMiO1I)}TkRf3(nci`AN zp&oO-?<6dz=&o_VLD2QYybuzPge5k;n<1?1?aK;=S@QYzVs=#o(L)?QxQrU3leF@%a+#5>vhJxneenP9OQ>mzFy*=+Ej! zf!IsUnVs5xK8EC&{npT`27AjFQ7jtsewj8A&*<)?l0tD45x&sK1Zcg>#%i#EM4*?( zCHxT8S5QiCFOAmbFPjOXX4kz~QGWVp%Bdg&NP&WDiy7qlQ#TMi=7eGwu_@V4?T;+)0>UFsd=~(V^Ni zX^@-mkd-nBFy(^&`|so4WUjV~y##0HQw^GL;?<`zOSD)!(y7j^p0?*wb9 z9TM)TGtopm#O{-cz8u5w!n+eqqXzS^LP~;oR|UZx&(k^a2qA`_E=12gI-U4w+TX}g zR`A(zFJS|+ZMjpC+d#J82m z*&xtwyOO|OE&om*zSnVrf{mORD<<9HdTD%LGdk|(DnwFnt2x)=K@ORsHSs0^wr*YK zs1zONfa=A|mLHeCUUrzJ47$f1U9JJS?jO*F$12x>rs?+R+_IHg1Rl~Xr9Ijnx^Mi0 za^{_oJ@e0;wke0#{#Vejj=XDVfbHDrU{2#X@9)i3CXtgMK{=E801qj<&0oAZw9X#z z0^ouLfqA)zoXbGLnh=_U4$zU7!u6m$!y``@d8;4%62mGvhSAt~_m7PCyH91KUK+jz z?}xc_FMrnh+PJJ3HoIUauWyKlE#p)9C_AqX>RTd?j8z3_)>#8ET!0#;+gwqcr+ZJG{;-+(FcEv{k*dxNf!roRCy~}ncx}v6ZzPO5yc@7O z)&U~-On*IBRR-Od#}$Z+<$d}N_ToIodrcJM#EfyPDi`?Y$-5b)u2)MW_Xzs7APsGG za8B(Q{jQ%xgUzS)ux4vzx0`dD~QJs5Xf*o$BrFpsPF0Q_j3~@;7iQIJcUc!I5 zOp87C+Qj{nORcQXsqm^TB66iz=kShpIi2JJRw?wa>fc?alJEp;_){({1sL=cb5Odi zCeja89H5{`-B%~~J4e@0pr_p~tT?!avVPtve0qce)XE!wumoeY^A?v^1Lyl$h8 z-~62)mMB1!L9V;3y5wqV8i}yGLg$?nzF}V}KzN_C#Dcw8jxlES*=27gm;ZNsGXq0! zHx#Q3+w=LI5|6UOlka^p~)kGrXIcML+}0+y9s~P5m5aMQbKS zep9V8ZZ~RPWLi%#0pZmNc-Qa$Er*z^VYf*1WsG5a$1Hox0Vcv>(alPbm7UGCnE;W@ z&O?fQS+bHPlkROp+ZSZtf)gDAZUO(BAuC}6Xmy`Ahn#oGQ~H0-@L@*z#4R$-GJiu4 z8+9jN%LF^wWvU>`zqYO{+|#vbn6_CS7*RwUT1_rl@9x>a@<^{mqd9o;P2Y{5gO(eY zgHlh)RPcNj$TzDOt=KNaOFttjDm|Kz{Re5o_}^~Nf(pcFLef*xS`Yzl7MRUa6pnZ7 zSZ{EHWnyLX%0GNUN!EWbDoMHN?Ta4^xg-Bckt7VbUzs;Qrxjxv>}kUZXYT6l6;8kq zx^jvoI<5U72GyGBgxD*KG3j_c=ucWxxiYi6S1xQ>B0oa(dk*Hs(Q75G z93RGfFXRl;f|xBiMogDhf4860D#h^n^u9#Qdi=6VtNzk@nhaqIR9_x*OQy7AdD0o^ zL;%w8VU%kco+8M_XMnw5JQMuX;Wvz?J20-Mq4QHub2{xN+t-RTU`fzb z#M~TzV1k%AqyQ&s&_VyDp2OXbUx}1(uiJktRa8P$C3>*p%}66JMleyO&Ws<#-@tJ? zhO5^m6;T73E8i>aQs}aV^4{C?9k@mfBEpPrn^@5W>d1L(AbU^#>$&d8(!FKHp7Pv> zYxvUxL{@s@Pi8O9*_|pUa&=Rkf9!~+QP1P54>q6bH3_1(aoQ3c07ep|R%5PR-1cX_ zgnFwwqrIFS{*G+zroQow_8YF61yPQ#oLK6s%9 zkmJ4$53}i!en*lnm+(&0s;zB~@Pd{y*cKh+b7f3`S?d+FMmXZ9uYZ(QMoKeK21@e! zQFIyuoog>_<)A|W4%sN-_=rI5p4uICLmBO99af-#n8s4@8EdFouAkb>aOPvcK7d8TtUj&iX znpuOi0^JY99ywo?0XeFI3_$k!ApWtCvA)U08@#KRq)S=#IN>BwgEflqm%oy_>N8#I z5jPBw>?(*b8ZYMMb^vNvbyY$dtJP|w=;%ohR<$?*Qf#+1)VlvII{D~T>D11rGdfPX z#);_6GTzD;L>^=CVFT!Fhw|FPSe4b34Ps~t==o<)1`98v-U5f8{nbFjQIvRql8PqL z7Hj$&ToeR6DE=4aG80KX_OmgUcebthfziJsJ?1e&isUHhXXFh#^1eEWbLmt^&?g}E z*drx<{rMZ*A2oASJY^aLa3nyG?A%KB+U_sG0un~6JS3Ux1(BV50Df{A*yzx6X*#K; zBm4JjakOGhMA~23BcmS-r5GJrt_;7ZsjaY$F6gSXfyq z>XOk}lH4%SFMS)p{3c5RAkkuK_H{EYT1u=O&2$bVH> zy&!ekhNpnfj&UNmmxnlxjadlspd^r?j=wdd8SJMJrI#+29Y4dqaXGxPm(uF~cf$CQ zd!9n}Vv$C(YP=L@!C5@__ohD#(q<-1TlE24zE^Rp8Ua@YGVbY;A-4E~A=`D}-)GC) zc%UUl%Q23lFND&2U4hjSbzD}LLu}FmKxxvcz&;Q^xMNGv`fh4f9nH_fDOJVh69(@X z5$SKI@1ExYA8ZD?um3}w2%reAiWt}KAEY%4)04YV_^2JXnciyp`sQJ14T>7Bw^M{@ zJI{Z_==YN7(zNL%yjd_t0?59q*NLj5&;RH^)AWugmy3mw_|zjls`3}PJW+dD;abSj zwgPr8z*gt>O5yffk}m)>5`)|(qRT*pUX$qw4h9n446=s+3$nc#spF~L0kq4|@)nz9 z&SQnu45P8e1`Q7N?7s1Mxq{V+&p0TP z@^;l%UqEWBUjg*I;ngjS8u}ukmY>o>R{p6oTFVnX&gX+)0k8@OIcf2RR|UJJi4zN;Ax+_A_=Hu~^3RqZp+*K*sR-*(ahMRIw}5PNZ&JS-Tt3B1-r32n(+ zlf(4jiUy~?R%)oe%Q(`@=_2T^o@RRPG^hD=7^?+6i6PMU9-oqU54RMII(y#243WSx(E~Zyn1g8?Y(I$dGIHcL zTdhISaZE(PbkII#z^ESn){|Q20Ik(nltHaf?D*Z25w&eS(;mosQVQ~ApY zGVrJ;1z%ZCk_#!i;^3F{z zB{QOUUmdX8QZ{Ul;?j|Z-Q_|Y2 zNTYz_vGl?juN`EO!6EP?v!L-amS&XGCkCAhiBoK;ADONhJ9UUsLqYBK`ug?`WAYg-pGgSBR|JbdsWz62KiPQx?jQ-)dnQnoI8 zZpp7Mq0hgHnS$Po*k0n?Ut)Of z#9_M7!ydPq&2tqOUs}3>KOxv-ascV|8^j}45;fIN-8zd-i3Plld>3`fQmPzq;Z?dJ z66Gai^w7x`1$)P4krL1shIKuzsj)&^O`p$Q{Q6CV$WW|J@!s5L}jN};4U{Os`Z1o77(?FrV zRjKNyyl6UJRJCn%4t|O>e_2@6g6Sp~qS$JAx?_Z?uN>8%M_IB7bWH-&aN@sMk1(r& z7qho2d+xH|%&`a4;TF^3*K~w{#x!iDDO{h7Nj7|l z{;qJ$n2Y}u#%zMM*<1pBrp%ks$bM^?VVbqu_;C988C@f(K=K^FngU!8R(AgUh#u;a z!7zb*&)KP|`$;20<;u=z?Mi^{j7*K2(-8XQ>(QzQ(H?)!VBz8Eu$8QMneIm3wl z;`y2=kh$eIeLy+o0vtDxt7+F3_^xP+1Jkg?KTXBdy}`VlwY$n zhu(H-JRQ$_BaXf2ZJ=ZdJ$zg z_87&)w*CAQSg5-4%XASW)w~|MyQZ7EFJpmph6y zqwh4ff(s_+xg^KzV|BgrJ2G^kF7pFQD5;2j?HR8+s;RKC2D^{lxLvPVCd(l@^52c+ z#;}7GALG89`sBZw&=t&bsvA?&k$qm4893mAnY`)LNmToL0G*zBE%j@YOATd`7N7z6 z7&U?wX}QZxONa)*%}>g}FtqWgsOy#FH*!y(vSe88mPp2>$p~PD+pj*ZL}b=nJAEO_ z|3$7T+%jOe%18EdYE<6jMZux+nxsrmgF85NVzBQMfrH79Av&N`ut(klGDFuX3NW|H zjOujh{QTl1A4!Mia3j*iSy-mosDOL2@T$do)zIGO%o!uv=EL_omk*U)&G{z1Y~K6k z50YojlFbs}Q3bQ><_G8!%{HKjyB-bCfvKqz?#Pk(Ko{I8WzaV{bAQ+&n8OW6R^SRXi&NXbg99=YXV1uI?I!%er(8$+)=Xpuae~SH zi4rkvj{b_aQcq(C>GVJU$>FE+a;8AP$0j68l8#aw+PR2Tr1WK-ne&QDzBjP~koBjU zwls|bb1s;RtJs}Hil6jB{kvUqldGyWinQAJ+dd!PJ~{Lp5CaBMBcgH%55fiYq@x0? z6$;TSJ~(NR{RGQRt~ZhYp98`xZI*9=5rKLm|lqtZgMxP!D1b zR(j*0?3{7LSkkZ4^_4kt&EV4k0U@WRe*ZMj(bYkV>n{sj8F$`i&YQ~eYN>1$+4`-m zS$$kNog9AyS4i6UwyuhVFun9{8$LEm6FIv%Y9~B`(xIBT#4rJOe-d5QO!xcO8P!aT z@+;_%B--?om)zV)h!@0#kAi^CEWw2npv!KIE_lW^qt^WXyOqyyA>Vk;2PZ$TR5q?0 z{rdmzcGVO(tly>*|6(1a;AQ9WVDd_`HyIpuWaIzML8;R!ogsKmTpyz$KT&%*4fs?F zEZu5v-WEb8xGDd8H_blWwyL?=rK(mp9X#u?k)Ir$eZT9@GSiIBq~aqkCcX zE*ec5uP0v>2h8wkMw9X>6BTx3jAH8-lGs?tHf9PiD9R?4W98Zpn9Swn5J2_{Lid-A zr?7dv+FIumMIfyNuE37>?r(#r_@fzM`03Jf|I$GojO|NRfr2H{m|^P044#>qblve9 zK(qu9)jsd~pEjs=N8X% z(&@PU(T*8~^F2|~l$DNS#7)iiE74;QhX!S#+p8k~P|OlX5xO({uc+eYOJ3e!RM_jRwaA(EHFUwj|1kfN zTd$fHs6Bv4l}H)>j*J0xW5?a12a->6(18&Iv*cU^>WT{x`{k9z4FLa8Z7Wk)>Rkr3 zoW>%OnNZ$bcvnBZN7OcZmN6M4UR=&Cfls9}A$XZVg>)2)DOWSh>)k^s-5cB87ziWU zEw&;m)IH`ICL`7nWzr|{Z_Di7ipCi9tIaRm-kGO@sI1E0f&;8}vpp|h=|We{QGl?A z%=s&19Fyb9X+T$koy8U?PysTUUsvW-`D^U>_LV#q*E6c6y)ndw{3#1TChqUPEMseS z*Ak<%C8DE32wT^J{`v~)#!=n2m{8@5Uu2Zdjgu-s==oGO>@fzzl5Jk0gD@ZifhUs4a>7Ff% z5@em2!Rq-NRNwIFBYh!M311;?5vRCa?2WwIc?kGIUDV2$c`ldofzV^^oKyu<_pUli zQz$ME0U49ICHU=Ch@awYf7jVI=Euj2`o_E^Z$|XUxIg%YO_HWz?$QKQxW_4dZS{<3 zbgWZ)%bGwu!&)n~^Zmn?HU72HVQ2Qu3zUn8lO+mq%j9KodLj?IGo~8rXw2Q($Cx$A zq>WY-3AmaRNAWn^X(ssjjHZ_5Z*RSCd%>i90_sLBwO;_cK`ljtO4IQM)rN&dcn z^&n67a%?L;HlViyQNTOrju;kv)-*`#C)!h4-m$y#9@RbxK%BWjDt=#kQ)F?2L-oWk zt2hI-`JE@bsv;a!R0fo0&(DJ& z%uj_c&ko4d?Z%PIFWVwfrua>!3IR|T0C9fl%u`y<#+frN4==qHdu4G7Pc|E5(D4$P zkm3>(ujBXRK;ytrup*~b*N;xC zz4C!z%mf!gFl$#fe*JsSR13SD5z?g8c=Zz-G|>tAEyGWnHu=$7QkMKLOe#$3pNj$l zc(VfX&cSbm27ZCTwU`6uyUe$?&Vk~{`DZz2A(Xl5OMA=}5*o%&if9c4-1d91RgOmA zUZus5Kd#Gk%`k7T#{SteBOPZZY6@UgZ>Lwc|5Q*m@3-5p0$j`y+(03Eh-7AlZ8Z4SuOf{+d z2+z4~90XD7Ke{DW5jHQ##PczH%42y;+cNCJYRQeI{`Y%#S!@``oscD0^`2ui0UD6j z)UvEVQPjmN9;E;|lD?O|IW?%u3SWI|upY4{WAUFYHPTQn_5sE1H*~4!x zeC&Gpi6=jLLA>xk65He?i0su30dec#1JMs)LGq$$DHY|=C*QS8nwiW(%Am7gTTx#i0rz@Y>He~PDhR% zbIyX{%k6q+7g?T{Tu#&v^SI#_s*vykwXO&jfl&oI33<8dUUDUk3tJaKS4fmZ=K4O6 zD$h-t)KL2|snmi^U~;#^IQnA2i+mOtb|$}>C&ZXjAl8uFKeZ=K_6#?^+rP88XwsFz zH8<+EKTuC4MDDx1+zMsVu)H;CEeRjKFCpHSxB4;VnE9AISl(nwYe4QInIGJ?O-r5o zb?~!Us4rI8>B3X#C=7&!S1aNv%RuyCNc(K#2a@q*5E=k@+$lsX{H~@r(o(tZj(x|} zn0N_Hk*dVQf^|c<8bHMw2gMMcp^sZ9vDyMJSNjXR61d*xKkos8EE9}B#WbU9g3Ix| zM%zE^7aZOmNuN^PyX+S%P4y2-Pis@Bt=`HpQ zmg(_D+SL95^tdm=s&3m7 zBLy37e80-c1wUmWiB;q?tem7Fvm;Le$!*%|qgPUdhNP?n*byCbALCZSOEaPln8ZIw zQxGh9K9bvHuiV?!iM6glSEopNDgTtlsfm%9g^cVcj)P7l)9-4wE@l?@0+Km(z$TeX z_p^l&`iEveMj9R#jncpVVRCX1`OWAma@s2JOo0`)#m6^T!*k1@-dnklU1vo}IDFd| zxIb7mU%%d|iITHIG$UU_|JbgJXfzt21Z%cej0vo<>sBL=E(siCnikdXfvpdb&%f zx%5cU-Trz?qcnO2!r=`Urw<%x|K^Zg5J@41JF=hX` zlS`{tK_vr=cP==TKiQE!o~;(41lb&Kx&&xW3INu9u5r>EJ>l18d zzU#srf2Sma=lbSydU9`f&QF6Bh{rd!3z`p6_ZP}9e8w+-Bja)u8VIb&!B@}Q%7Z%r zKq0588z4%s2yuy{?tIM5ZO!7`-#$CGIJiVVu8yii&V6Sf0grYqihs7i9w5QILD^3u z?a-hx%g`^&>6lDjvpk`f@4)EsnCzI+y>$F8eUIdph(-t@Uw>wl*;A*Rj!>GvTFJwu z;tG`}^40C#fP69Zl9RgB{w4~Co zG%TS=NQpEENJxi(^a6`CF5T=di_*1(z|wr5{e0f{{SUtLBNx{^XU@6j%*>hlo;9Yg zolv&Ti`nwgG_1dKCoIL#vF)3tF~+olCZw{_w~>j+E@t+;fywgMhO+@5$mONHe|Q-t z{wP?Mg>N>Uyu3zC4YT{K2S1`a3ZgIv5Wqt?Dt1!?3Eqb;!r9|>xu=6Ih$>*b_l>zg z_be+l!G`q;ro*KqRvUs8u&muGi|5he%oRt_mgmYZ&Ybkm3zxg9ZHLX*-pMB)Dw4J_ zBz#>&O!f*^DYT_W+ssd|YLnE=yA1rIS-q&Il76+{_(Tfd0j)n=M!~Zk5PyqnW@j0a z|59Z6_@L_n#I530wX|r9@&~~&iT3S>hbCg5-yO;NyP~HrPLZyx5G#cF&qg`Zp#tzY zpXwY?xs|*gkBpTF=*Topo^TUzaCyty>X|aGv{0O7`cnvz}-%~ zwZoqUEjC(j_T&11F7nyEynH~Ad;7)a8OC`R% zMD)kS{IXVSHW^dw^Q{mP{5cH)jvmKH)jgyFsjs&S8P0uq_EMsp)ei!)8Gz@~ z;(N-7S);l2v!aAvh)(B0c=iN@WFjwkyQsc*;R9M+cR)iY_ z1{Y^M3chNc?J(^is~~>SEYA3tA>DGN*Mw(Li)Id09n(iES5UJ6=Bx?#MQGVSeDQgM zphB3ZI;y|V0`Yd8wZxH%|GI`Om5M2J1s!PPt>sM;@Z_Ke=~2>qAh%+Qnzo_uspvj< zx?%J-y|=`Xa+-biIJQRi`|VO)FY$v*@aBwh;F1l^DQ`~$m-e6tR&F74pMz#t-G?pO zcHDQt*pnAgHSd!|5V`EWoBY|QZ}#GF#I9m4IkMpE3_XiD@qoLe zhIo0iA&u=RnVQhy$g9 zA;Ynv+uD1(p%ea~F`>-f#`}RcYIAz}bt~zXm09EwyD{U$jL_^8qgDb)O^~)^1thyC zmFo@tv_%zN;;>9U=+W~j0b`9eSK~lA5Qt~$rT)}X7^8vz5LY@M2;kFOJ6RJ6$=aO$ z2&%xox;^bzezf`*u_#`aIgo0rx|LCw{;1%h@yeI)$oSl_CWy+oM>yq4bCg)%+qzD3 z>$O-5t!wzvf_XUCK zh_+rZu{gzoufOCWqN)B#t#6csLj<_b^?d2G&f0l~HX4^C3c znUWmeOJ&bY9=3Ywp&#fr(4bo@ZmZ)G!p^L48o+;pU-vCg;cP~WR0~d2?E=q|e{f(Z z++6^K9wIxZz^m1!;N)X% z`~_0(eC?c}w!t*@zN657Mm)!2X()l^)cW$c9e8ql(2WE6<@le|l7CIya5JESr#Tk# z&C5^b_%SPvelQpZl(2F=?1XWH1jerPNebVsJGjld6itkCMIJcuV3`QSJ1B_va&VgO z_&U8PXCeAbm0qB=@tyxK=4jqj2IbMxTtWJZ{|M> z$tyw)+DgtsM;ycsHKMPOpD&756ZbI>GXk;FCEab+N`(Ki&KBYnDAcSD%;}-6`M2VB zIwTcpk1bmq&7FT8B^Y`F>p!oxxjX;?K#M1iZAbdNj9_tIaAS&V8>EGtWymdj5w>s5 zjlcFUu-)h^!HQz}A|THUe0O_m)e79_Q1tL?ubADe){4ZxS9-%|&(~%HLoRf=CvvLq z)BS~{c)w8VJ!EV{1*V(_Ybv34if6d{w^ml#T-}}i=bEolz^w)A_l28q792=ipd1g; z#B%5sCtZ37)q2jhNk*LiVU}n-JR*pZ-zf{qdXH64m(TOE2%u)n_m&jX?^@mBN{cgF zzNDm+C{d-Xx)U6~0bO-~MDH7tUSFe6WF?_8U=2{tFII)oH(OVX%E}z6;R^ z*$MRyr_`){sD5%+tkId!pxD*HeE`YC8QT1iXu!M>BEs?)xM=qiVL>qZ=%%v0-u*U+ zo!U77SW#wK0u5!~czg|y#u)E-y#6=P5jqiN$3*S;PztZ6zS|(rOtk8M!hJRza|bvr zLK11FZif}w&U{=J*OxhisDZa`=hZZWNp|rZnW0n*(sb%Nta&-=z1@D%WT6i)1m?Pl zo=A1v;|2{<$il9)RQ}|b7QP$3!EwLiljoC!8o7}e-uGy$iE4;`@N#mB zE5H4JjJe5BCPUcN?a z(PRp(oHk&{9X2aN%j4#e4smC-<1!eUX_?qt${bH%Q0n89z(Td4u`dE!~=J|ql>9s2W-?Qus>n>Wb9 zEHjh;tsz2&N1ltW9XslwA3(Km91##$Kc#Q!9N;ekUD2y#tl^Dtw;FS1 z($A(xpO6w~?r(xmiK1p1Lvm%rne(?FcV9BRq)Z!hr+30wWxdX8sd8LUN;>{4(r~ z#@j#c#K~Q){AXT433uP`e~mFwv}@BLhDgnQ0~n-V9TQSqjqTL&bO}E%nUi2BhWHe6 zOAWHsO8RsuA~gfEH+zE-44ij&1vBXzjxBZS5PWDe;n(BUwEn9R9F~UYwtGQhqebaZ zmPsu7$~fEKi9cXkz}sjTo8_gU7#;IMM^2oUS@LuZ zCWhs&D?z$3Q9vY`+bZ%naWrdnut!Q(c^RxeZ{Hv|2@WbxXsh5coZd2goI}>?zwWto z9+Yo=P4(8N6I(jS@fqdzFVe{)7W2xM481A$n7?PCkGVRtLDtGxoG%xdI@$U2dAY&6 zEfh_UGweiuzBUCXTy3|)XZKaAoZHae6p@tou9e(Jv`b5xnn{YH#y3Dj7P(6BE_>y0(8jZ@I zb3AvVsl*@9Rt&|{z?@<@Zp1uPPXeE!vd;a7mZ?OR1Lf0Bhkh>yjhsSs1EP;hPf^F? zaa;3_EbWQ5Lz~YG3c8Lork@=p3kTah+Q?qfNKH{%PrrDKxUZ0AI{*}PeoRXsbBueQ z*|ZGyp`uUMZkPMxWuM1Ghm$M{A)9U_FS?_{`0DCdQn_d~m4WsSj7EFW#-KXl;}owG zMN@O712@ekQ}4f@w~}1bcdDJ$q?f!gvLK%Xr`KE31oGG&iHq9l79s_0-Za3PC{}3< z`;Dbg9+=@G1m?UrqPRNvzB*$rE>9^cs(J)dX&O ze$6>xbFOl_FR-OinDf+$a@eif$xkft9f{r?bXf%4LD8=j`E;%QLTeqF7WdoW)WQt} zw4R?RzA%5-dDy_AON}8Vxoj-QE}`e{fv=1o7ClPopfEaiX#R^s#d68|yF&djuX}CA z4k;TD0OH2{mL#K$SDvXE*OJ3cSJQXue%toSi*gSb*QON*&OLVW9tRU&^#>Vjm;RmK zs=Bk7!yoCeJ*YCFpK7A|PPac6Voz!#K^`F)PNw?>^BRoe4N!H_En7Y_+veC!uUkwh zBxToJ`B+5t>SONj*kQFx;SpWy?YgADdM(TTEonpb)aE0>2Ps;B zU4_QYfo$%Ngd#i9Hy^6zO4MDGvnc}RcKl?Wg;2YAA9Z+*WK&+$c8E7z_7KbH1_*Z= zj`zKlTZ)E?3m}cznzQ{2nHlle>KNs>#DPr(V~TN-e7U9byv_S2r)1+;Xkf*`q2E(muXRU4y&b~n2|9^12ZGwXZ=m&r5vUm z-}qM09dQBDv5~1JYMMmOZzY*PC*EY1<+CZ}J;syO_{2K~AzH_W5AF>jo<)pXk4m_( znfF0+(hgj&+8PcHk*O^aL;ljRd$wz4`;i~3kg>tljRYAJKJyblvX8~8j?!*Q7Q39e z&3aF!at*GKyY^Q(o*Hh!1-YkhNt;!I8KKmjbN0wAKacmvrCS3!GtGj+#4g2^1zYKo zXQrKK7F!p0jm z=#y+vb7dIO;o(KQqN(qyE;%=mYdbS`+3pYRV36!6tn}%;zOU!}xC)zu)|` zwf3->$iq+BSGFBl4aAimaBiIQb)+(ZX{J8rflau9y`iM!koewnG0DDx-;0`thKEfB z1;r~dYxg28J?V?k-Exb&w?m)omI>>hiRYd#aQfColXmnS{IlFS>qi)J6m=@qU0v|d zTjN(n2VaR?J8zm`w)MtB?(fvu#pJv>%|Xj-*xt(o&Z(p{|DpFfj|(H&Zd>Gm$0Ncc zx=g|0ArjpPxk&x`KhxOTJy^U4s|8o1$E2$5B4ISuY-(kJ>hhGr>)m#8+v(qn1RaM=EG2UV3`7)2xq= z#2+7u>FdhxaL#dARs9AC-9|R&c@Ezv$yaX79P`@Pb)93whTo-T2P7WWAO?rVX|t{m zjQ2fW%6Mp0HWIvIOP-s`M&)Y!cD^D+N= zSb6Yayq?Eym0K1f?XP#NHD=Y=e*Xh4DD3ix7a&v^vJTfMlaAe8VJGw z7)t|7f(_)=_20W>gebLmQ}BU6YLj2zSZo`NL6|k8NGGcJCKVU|;qHJNI}Cq&J5mj&7#=xBz_e13;HSX4u*EyYm zG2c9HjLM%6ioZD54bsNLyXB*y{M1mwx#cxlZKRAbi9ND+`rweMXS@mTO}Wzv_AqDC z78!g;CgwsT0OnS;{;{~+1HeD%Kn){L+;kuJWpCJHaRFszuH>gjt36k|BHE&yO>F6O zGBK=Qn6@4>Ub^@U(|3?&+ue1{Obfc}vgoQcFSs8%ou$|oNvGKC!v?7 z@sGqkF9vBso65ec6>H0Xvh(R8MuA9xG+T*slgX+f!-WEuc{OLgx>!6xJHOLusS;l* zm*P}hOKhCA-;0~p+fex;-0{FGUD=j-B4tu6ec$`bSl&{C_jm9V|hSIcadv{EDRc|{Tcm*Wy8 zS&Zj~l}$&+aJQcq;N*S>0b?C*l*QHGDQcP03p{Qf9w&P_eBkR@m*k%(TX;)cb)k$T!p5_p(9E?4~#v9jgLw%KVog7X&Qzf z9)FLDq6`1*2tYLDl?da-{l!?|L)|v^$Vn5#cYd!=)MYOOa^BAk!8Y>hlA~7i=pgl6 zk({ljM`hd`F{t*}CqG6#G{asy@yA~`+YP^)%B#bDh>pznn%5n?&U#QJvFIs!?!SH) z800zMz$y_Q=0(aYPx)R7SZUr8x#ntzXX6%PlbM~A?HjeBT`Iiig7^zlULCpqFVsa# z!#q*K2TEFG8@8yd*QM=F<5uWxr9P%F71APAPNkJ0Twb)etYN)`u_SgS%T@|)KV@Ld zn%h+ZVn!qVd_zL;*rTy*)pQNd@`eJ{Wfpn*YbT+OX73l5m+$SQJU{<~*lm-_MnWlJ zd#dz_S((hF0BcU%?3$aZ!5>9DA?kJ*Nyz(VL zRDf7DV%Xprxrt3<>!5Y2Yli8y=lbKGuhnmRr=)UWQHpCkBC?&kIz9WonsyN%ae zJ{P)67JD=Mn=*>P%*Eamhe{f0I&r~;r`kntgD3?=npjm+i45y%DU-GhdIM@)R%x8rsbzgIl%U)oVCd#XrEAe^33lTax--*Q)r$G@W6 z34=%%%kBoFDvuzg5ZK?p%d7)k*jVKf-v1DvOyvr7c2{uy zRa>B6?nNLSTa&RHt9?G2AOq(-pjwJ0%jOY`Wekmc3|y12$k~3I&H`N0pSXrm3KPf8 zM{*HCJT(5*5Zo&pSZP$WhGGZ}`7I9?9v=AHPc{n^IC!l;yR=@2P;){Bee=JtYQPMx zDXD#KEH{}Fo3oL(?Ij7zPzeOj1>JTnA2QC~(zwpQM4o0Ts(mI9lTe+iD=U(fpsHYy zO0tHK_0N8+BX;nYX^0eCHwRo%DAaWB0V{w7Dmw6Zn!_M4HW;V>~(9$y*HJqGd zdF|t6#Xkn!?6I#zOfbgNEa=@-86S9_Z4&kr69iWQYZkYW$y`{4FcU*f^|s&q2*rs=+| zh&r0bzxPU3f?T$cM1tY*+yFE|yKs~)Av^xnW3N=uA>X3TVzGV0BdiRjbJE_AEj6YX zZExq$^_0G)&UKuW;YCOLGeWmSYh2Jp*Ni;4|L- zVX2Wu;2~#;w!f!4JKIwH>Q$B4xl*M#a)=uju>`+lOzl(3QB1CtB2G-6wJgQX&yXaP?Gzk2&}-qwC@c_{{$ faQ?qrf9Hk5)1+Lw@9g;vctF!o(NV5aw0ie{AAmJy literal 0 HcmV?d00001 diff --git a/docs/assets/semgr8s-logo-full-dark.svg b/docs/assets/semgr8s-logo-full-dark.svg index 8fa4c0b..d0e388d 100644 --- a/docs/assets/semgr8s-logo-full-dark.svg +++ b/docs/assets/semgr8s-logo-full-dark.svg @@ -2,11 +2,13 @@ + fit-margin-top="8" + fit-margin-left="8" + fit-margin-right="8" + fit-margin-bottom="8" + lock-margins="true" /> + fill="#13bf95" + transform="translate(8,8.0000004)"> @@ -51,7 +55,7 @@ + transform="translate(8,-9.9999996)"> + transform="translate(8,8.5727708)"> + transform="translate(8,10.015627)"> + transform="translate(8,12.015627)"> SWIC=wg|A zC_xDT&;gWWUu$`#?Js(Iz394upB(LLU%13AfYGTyye+9l@iK5m87#r)RH%$W-`=Dh ztLy}sfy4r|UeLYtx2_FtJCDY5s3-d{0Tx}ndmyJ6sO?X812=hkOOLn`$T!YIn1+T9 zhQ-hDv0er}d-MO#TN7Iz+D^%Bvse-9zIlEveMf>t=oi==eYW6B^p|u&^k`}Zdn&I` zjQ3ip0>l6br5KZdgdc2jdqh#%sCHkIYLaw{I&{to!~3Rn7;i0~AHLUO;%m~>ifU3vb!zoU#3cpSs}@6Nh05%*%A@?JHgcr0Kd3|d=@ z*ni|)EKkaiTcP$F&|V02a|GEc5p`Jn{9J`$#Zj3&rYghtI;)!_N8xAdK{e6a-B;BH zc${O$DRLWUysIOO4Y3BNWP>j@tVh9e3EzJR5+|5R@Djn)zA}CNg*}8_{qV-nCU(pw zwoVCBu^Gfs%PfFzTGYOl0x@*^rTsJ8H%heoUgs80U5TX*V!= zneS=n=4C3UwA`hdGB&nZ^zSBPkz=Xaoz0+;%l~2t_W+VGr<{-+QyjA$iCCDF-O)OwX)D z>Liv+Q;2ebaU5P3oLu(;yvd%2MkKy5lF6sewx{*G2Y?xWO+tENu7gFwF~PB_xM9A# z{I5aP%9!|=(WsXlj9l1hxV_BFCUKOsC|&R-nZPWA?a&8-4r@|`B=C|je<0u#GRh9@GoLZWqME6Gd%qO@`VvL4tNgO3x)ju-1 zjLQ$GtsS2Vfor8(O$I*Y6l;>C{TjlJ*Q%B6c#+^+yWd-I)WndpnhN9aAm*_o9mW zG^&XKRsODuLy4r4+9=I{J1Q@9D-WR;FL9O3+e1Brhoo$k_khhrWUK1iwcV=Fg*sEQjtrq$?CF#&B_et$}CJv5eiN79*G2 zWDepV+j8Key+`>RrYo(o#rio4#zve~$sm50VMsu@z(~qmbsfXE%c(?O<&pQ_6_iO6 z24h_``PefK@pjvfe$*4~F8>pa+cbvP(Rg7GC0DS-R#U`Hdj}`Ci z7WW99;y13DWd(<$Tr3}WXn&;lvis)4^V)S;hs+hhd!;$b&YrpIk9*(y$og|F|3>es zx*R+h4h-@dS<(2a2;0#`2nL7oSy`eE8H!Qfx{^}3*vflg{SB~1 zG6jkBuG#X7KeRV|s!#tht`NiBab{pKF~nH^(2e)+GYe+-xD&vDALA#0A0)d}nBOW)0ZZRieQGH3Nr8KH0&~lpjU{z>+?FKLS}S=s+doR% zat=zka!9PHFuqkd1D57+eFReut{|T`C-4>&A+a0?n9Xm3>fb&^#S+B-Szu_;Exr>b z@7%7;lT`m@RKM3k05YK+L8ZtC9*Kmd1d4}XoexJzucX+`VqvCqq66~lMZ@8@?yKhp zg$kwF-ZM7UECsj0Tt6JRhfXC1eUk;nsUy>|BP=cC6B-Fi$~w6EDnGK8C>l$LF64lY zr(}(lxYG1hHg`5B@byDXtpC|a=+V|CdQGmY6>Du-B8=dsQnRxk}*sd#&Loqimwoai+RF7jy7su$&XPhb~@l)MJV*$mnRkNug8%PRBf z+m%^Uw@qv{nMw)oO}7%9*>##Dsp$P63|(LXolNApBY0QO#R?UC4<0V_^h&EA^!qlf zdBmud7pzN8m%Uc#bFPWM)8}>U_SZp{_`JV1&r5wTDKkk8<{dcx^Dlvu#XbgIeyqnY ze-WL-Qk&d@?=Q~YHM1iP2l^8sZS3O_j3=j++`!SU`w$X-*M^rmXJE>cB80ngz`lm3 z$^VH<8!@D{X!f!Ep|oZ1Qge)p;L zh5BWGte)Cs@bsGFFYiue8~M`gE_<|o@rl4&$ZqWy@%WkzV5aU-uhmJOaakg46z|^9 zvba2EQ2TA4kq`#33S!T*W}j=(D<*sisX=<;$MOsOT%f1!J;%S99EiLRq`_wvF9<6pI^g7a zpxMMpayr||^3FPGN2pCQ%ea7#g|)j<->9zdz8hx+)=;K1uCio+it@U9XGQJy6byJ0 zjSuGL62CkxOT(A@drRU5->onq;eS1}n|Xz8B@<32DWWbtIMPJmB;rK=ZFzksO%o*z zeb8O(S!}Zga~R+MWt<<|q$TwjA%5II(6@aOhCTz)7n5twocJXI?txR9d>$05gOojM zp|2V8mzg>^Zvu`M(sh=f*Aows)bB$!N>o^EyA&&@aNU&X^h)S6UGd&V3c*N#fLs;L~u+sH^E3|V-ilK+x!#8#i-Q0P6BR4SM>#(WY zxUsA}$^Q?0R^Ma=)cMorq3y~@9viMm4Pv9^Jx6JMQcCwZj)HKd2fmz!FUv?K9OLCt zSng$!`?aU0PfU#dGe(T(^fUGxn{$^x2zw8)1a<2iTJCuRHxkWU0Z|HthcrZ`cH{O_ z0ZS1I1w&Z>3*?Glg4X>zw-D<;UTP_CW~f-PE^N86iaTqARn8;L2hwUAOglGM+iMX! zx#2>I)51yhGzl%AN4@fl4)oM6v?nTWKk?AY%?aP9;pge=g-Vm@D_4 z=-Rui-38-V91w@?_yy9ecHW4e+0Uy4z(%<2fgDTcR>Mm|p9|0QN&cdalMcX(0J?)T z9Ez5PS8s9F^)c;<1QxD`*f&-I047@IKbGTjQwT*G=dg)`m>Z1JK$eCk&JFH z4gVL~W0zK71!(=ys~__LKMiU4dp+!Z%n79DJGEvjn{AMd+!c&1MA853nhrF?>ASZ9 zqMF}?Nt7_O@78F=d{DY5pR|e@h@(&z{#lZlpbk6jlTG7p_1XfG+)=PBvlztIHV`zZ z^sMoWxN=6yKDC^9Cu)IS^L9!!Q&qF^X?^y2zO`S?{Re}h-&9q;D7T~wV?4Hs^9#vo zIUuZrtBn7!fEU)_C~U}UWa52vS=;!VOjpa-{dJuOBu|Ey(4)JHX%sO?j}-=eDIBgu zoGQj&V_ms|ddiz-t0aH6mt1}M{=MAQfmXt(67wN^At-%{tKIrSE5_jUMY*6AFk*al zU)9-omukM${MHRDPZ^O1K4VM!x$?>|nij95cV;FtjS0L`H0;8On-?^`mrrw3Lp7JF za~u+vReC4cpJ9E=u)RRW3Otj*PP6Pe0Wm`|;~|;Wj`4Zw!1J)+|A0vQ>(6krAFbm7 z)mgYRn0ni8bc@IQEBFi24`9;cNTkJ{u3&~GSiqH?{h!8Jbve#4VO&Pb*&QQMujZov zAps+j;1PDO#!rT;Hz!N}qIK6J4K#NnfS%5?`cVyoSeWlK^>m((fa)7iG+iv;&L6o!hD8Km9h$UsagN?Wb<$TT1r~CvZRfcj7A_z zElcnrgl&A&!Zv_UCTlzZ>&nHQD9c^u#(agYX`}{p?8Ui6*;6O&lpZRqI`pkZD@tEo zBJG%cRS4?;34*$ylet!D;B{?vl`^Zsb zqw&`3MVZy1B&40@u?V}xQzCl$m~$+zIK}6uir9z0{#-8SXM+Ci(2edu z4hZ6)x(_3?1JE^F&Eeb<>kU7@-&S*=hnW`#zIxRCTMBH8Qbd##Z2?I}0Pi5`o=1=4 z>%CaLA%}g2_^4divIYC4p0cJxFz7vN7nvGfKp(PIMl>Fx;&4*@lZM_AHP8;*o<#@b zU##7cecu)KKZ*Oo%2~EpDmtj8r?U|?|1Zj;Lvd*xJJqu*y%la>ByUcR*x z$A}5}X;AD%W8n5rI-NvTQCIV6*YOIXpxNOdeZ!?j+)ABDI`9Q=s3Jlo=<7SSL@@Wy zpH8XwEDCxz zC+19NAt+yXBfT<>jGi!rf2J69kQ1#gBOf-YR8meV)fNh(XAk;6%tjrC(tO7m!El95 zbj&XGVYIj3v0Xjnc~$NLcA-2^o(H`9Nu9ujjS=L!i5l;Gv-v_MgGIF>J+&KARM}@F z6@Gq!7GHT!vgIXW<^za9r{#1s8%o-+^;^bgy;`)hMT{S7=qFvdT{aarv>aKso?5|p zeqUphCqv%vuN3t&vxLnXvCgmcp1k%k>Ixa4(ytM{nKJ_UQY3|EL8ounNX^_V4%OY|MaemSUEnDa6D^=q&b#XS%TfpYFml(o^(gI zt-oeH2!EkAs4httMK#?2Qqp8?nv%x5;k$xy$!pt?z=(iW`s6PJ_;liVafR=Vkx`3g zAV=h6Az3>&zJu-oH1j$CHeyKqAZ((7+M%2BcDR!7lidq|(s`ZD9wH>yb#Zt0$$jp< zoWR0kD|^QGqm+tpY45P^iiLp7p zD2F_=`|?$K;Mh%9%53(H=Q)I6m=9w7>S@BJ<|pHMasF1P`N3E95=NNM|E5jMPJ8+) zJa)yQCm3+=mCq{(b zIzrXVW3ZFXPePiY)l=b4xy?5VwRmPU zo0+^uG~{ejrQWRC_hn+?=S^x#+MrK%O#P5NDGB|xvdn}`{MJWcbjQK#mZ?9vUKu?9 zC2f)0rqrfv(6bPFY}YwQzsxd+wO`W7%p!%?IC<0WB~NX|=Q8DYX_ILL56YS#mbY#k zZdz?kR_-#*>PgCwOpV+ls%JK>2VC>N2Sw{tmg|Vso`@8k?-Y!5F^T+5hKgyZbSPB% z9)^5Q)#I;cSP9M$o<1&MOb3iLF<+LrOc46`+cV1yl)HkaG6Dy#>?10LG0QeWHoj2I zZ^_o~P&j~GYscrJ%iY}7 z3onJ3sQ=U zJ8pod<%9oS(@Y|{0S8`8mbTWwmjsq!Gs{*hDzkE1n)asO zT4&Uaifu&$gIhk8>_QHJw%2av#0p1?473oq9OVI z2-nOx&Z;%$Ns+iX`ni^pjH+WeJ16+X7AB^=d2o#YQnf$Udc zL*JG?vNL2;l)HM#-uR2UwcOO)%MDJNki5R-!1{RIyo0i2#?e|$!o7Kv&AEV7)@9rG z`#HXx!#FLXu133rnvY|b0|t8q$^|1cOPIF3AEcqpa_be8;Ete}MSJ#mm}AHk>?jpB zaq;-|^l1cE-n9D-y}3S+WT?fmeF{`I8yCu|sYm&nj32K3`q)T$&eUhN^1R+EeHcF(D;mx(7l?+J2+%%jEQ+J#)0^fmji5Emc36X&z|(IL}QK*GVqA z4U-AZdH9L!J5-?~o1E>Q1dR11yo4_sboAYO&_2(zgRL7}@pe;h<7;z5!%vLg3;JwE zn=<71*4=~_)zv_}SNHe{BCH_xoO#Cr2v)CclRUh(lz+7VUvgT&ehZcA{Yn>emm#yi zCGA}aH^C64q4G(-7K6HD#lwNBrF@ayaKZUj9gp*Bp0{26G^m1;Hka?OGtMFA+GCd< zd8*5GHKC`@#u}17lZS7&?5)G;X_kqtAlS;gLBT1_7^w07qxQUz6jaDG&WS&_$^=@vjreQ(ER4lxi|u48>I&oJa&_3;i(TV zpXv#-hZ%jDrMuXi>hY!;=1R-qB_^-66?cA(McA}xk>5B-_s=df4+_cv;}9OZ2k|g$ zzNK{q zNn$$QM$T8M=`p@2S{$UX1DOxuaj0Y1zfR zOv^TAFb=^}^!}Wq`8lOuzpj}1a7ixX9&eVO^q(Q?1ZpYW4yB*y{5(9t`qWYdp4b4) zS}A;+`y&A6I-3pTMdQFURRE8FOhAmmBZ8@b9}eZL>RXtewYx#HY=2UQE|Tl zY5Re(rJ&Itb0(SkssMBJ2HUV{)0BB`zja``15V_zkmrl*qmHUOG?UTE$_jgAEomqm z-}b4_WaKrl-?MwxkW8>)pIqUi4_rwud;l)#R*< zOIWoupi&1fBvft|mMMQviN}Bw&01d*M4jrbOXF*PW7PVgqE9zJdE~_##WTGn^*IgmAfuOl@bB05giCrl94^CQS%7KrB__Ua35unMKcM7Epg$H$H zb#1dnN!HZj)d9|a07dbi82w=WP->-!Lo2{k^_gC>M})7J=zrv)ifS}FvvlDv6R*c&q>sxeAxcd9@gS$MSpA3%{h9mBgEeK)ks_ zBx6-0JzITp&@d{+~wKU=ZU0KfH`+0WwdY&&v`H^<&aM$2(V)$<|j9aEQ)I~iz675v)Go*3ITLX-hp%UccLiVkryr5 zA)erlwEoMYu!v_9kXPx~cC7wQ*h<^^JyK?3F++?{aq2Wf=cSETg^*NfaFUWTqukgM zRiQYLpEX=aSX?BfS}GBAD%kKFRi)OJ?$GeHfQBQM1h@6%TRzjcw zy|PLjjNJ=9ExybaCPImmtHWWW(j5zD*>M7@V>hUSUCAz5KvCA%2Q!|G^HyDgi{7j(L)+p(iXTwXRO40^pshV4yZXzq(KkNEUnyi% zx}RV`we4t8`JI7bPok z1fW=?ZM;$?a_3-W?{`jAApieEg8WEif6rmY6v)Zq>ZD@42Fmk zlLH*ZsbyXqL^R~i1vRjUew|P;@!u6MgD(^r&2+gob=6YcwWC*Ewk=?}vA)ZQsS~0o z6lYXdQ9%35^(uTinl8y2B-QTsvU^y#yaa%(S@u{i>8Y7U#csVFbCH#RPGsbX+&KY> zebeVw>s0*F7I3+ZFmhq6su187}Q8C1vCfHkBdE`~7S#@rI z?yz!4G6M{8|nEF(g>-2Luv7C&DSF#t&xNuho6Ml`G6ui<)?3Mhw~HO zu(ISGBkSlssHDB`_|SAy6lOh9{5R3*RXz2#;~Pd3d7J9#&CD*{+6uX9 zK~4NfTR@wG0Op=hPZ1`5n+OKIq zPZ$fRnamXPmW$@dJ}i`_O#&_oryumMp%UtI|AKx;bDcOIAYw-_2;agOw3}jk*0H2_ z$d9i{v!P}pXu-T|!h%*g3oxO{y^AwU3#E{W^l(g|vp}DbNLvgVIy};y9F_P& zXSaCF;yxB^VL~?s<1aUGCl)#R^La#GiMtdDNt11=}Ir3o5jh; z#MhI&Y@!UgK`bl!T%zsvej4mdQCV{;h6FS~A@b@SAB!%#O_ar$`-`4R=z2!d)f@>f zeBXy8ZgAImqgotgH9)mjS|-uqS)I@T^>jgG-uq^* zg|>JPJQ;^Rk*u+fao?7FdEn?tUDLYn7J=5oxLybW>znell{6i#|3)W(9qW5^#t$M< z;&toVvGdr~fpU!(mP52fY_OQLfTIq(y@WfjMfc@0Urh=69U=c-x$sjnA!T12P3}Kp z3t-|Y;y^ws`_k@&BoQ1ird8VUGv0|^x;f`3%zUGX6>tO;rArIg@c4}1KRHx`fi(9; z8{JTUcFcVb$aD!yiQ~2#U2x+7p0=U)dTwpIQ8#x97Ov?!=u6Ch}R* z$I14c%W-r z=>m~8gWi8;mO-**eX7D%^)Yg1do%l9thD!{hjzO^^4jA`zgd$`UAvToAcaGT_--i5 zOM+$b`gPdR7VYMm^L)v7oF`efU~CQ-0s|IAlQ04QOvAIPV&naNhe3Y}vL2`Wd(4Fs|^TyY;`hJbc^Uqb_$WFb=b&#rlfivgkp z@zr7Gs9gZns7ESiKdw93sW^O)&TYf&=j?8GUGT4h_i0wkCbw~)h&pj6{M5~KUok}( z6Xg-LI@6M3Blvy8c7KSIunxSnrbx6Y0y=Exw7>ci{`Ly@TQXZ~T`g)(1@QVf`704( zH0?>Fjo;@KQq0Jw-{M~$l$Dq$*&U3WL;9pLUKm5p#2mpX*8iNSyj+LlcW!^Q@4ha(-b9@)?3iV2pI_BCd-xYQfCJR7o-AItznaLkt z=tJ9KYC3TMi?a}g6FGCib2ZVr zjITN-U!qK^X|}z zv!WNJcJ1L*kCMN&{W@jp8-9=KYFzm!UZUp_g#X91#UrT3-YOczTwNK=7mJTtr zm%NtzgOD>;t{C~kfaL)~S9qmNz{-p-Z0|VM3jkqwop@G;xp-<%$$L5KGaUJt&l&5x zvqxpQI}EJiShFsWPP#@cNhMTs$q6ZJ;9L841+DsC(r#LgDN2JdZp9YiO-+S==zYou z&moR}lQK%$N7i6N0!Z?$RB9HuQbRYH#(netQvSIx1Mfu}izu~XoG6y2r6|dMFxyLy z^6>!1Frqmnp{kfMH)*Wt;uax0NfS+F#L60%&&uystLT#M^QEMzSRpofnH!s z64HcBW{kA;m`dc#MXv^NkGxo>Ny-5t62m8jmn_8TYfm%*>poAgK|c=Qo}dC}@fi5dNLMeR6-a`gBFd;DPwq64&l`zkWe&3KbW zC4UBFJq?@)f6bHeWio9JvK$LW7xi7H!;EszJwhP6bgojxmP?i`KaULMyXwn+L2kEX zqC7j1a#~l!VA9(FGN%#TrcW+}$3f$-&)I0IEp_cvofaTRcdNLnqPd@( zBrQz-&}g`#-FSIXRsrQX!*B_XsRj{}?mYeALo%p#SW6!TTy-!~EwC3$WV%D!Z(>Nn> z$Tm~pctqGnzm`vMKC_jx@!k#c_ez~T1kt@KoXm-aw+!K)p;p2}S z=}hPa2W+UA00upe7YG2$n9**$UrQGvQdm!sJ*Un#fjl&;ENo5n!GoufVbDqKmaO7; zcNf=2g4_&ha%YEBqh_Czh|Dz@T`zdwWU5E@6nt#ca6%5bw$+C}mHj-V`Elo?O$;0= zGH+YMsGe^M(bFTGO20&%8^0*t+b7BDH58CSdCm0Iye%w#Ok_JB_mX_$@bYRjoH^sW zZpXYalcxSdsa*4royY-G^`ASn#2Ooso6LjsANl*1Y$6_+0>kNPZPzak9l)9PM+j0u z5o+ZR)4q6+>iAt>lV+w*s1|i<`-6#-Ls*`vpi{7OW^!^ zr4|hdx}@5)Y<+*@11k)p;L$qk>)#Ou#UyGV1A?wcRW-{oBZO%$^=4pC(5@iV4^h=F z)vP@$u&w2BE73H! zcHvW+N21g+!jbR^@+IW7S>v7Ypj|~1Z{WZsWCz>yj@E+s{89&xRW+sFF!uC)#VH8m zI_8O#s|cxh8k)qH;&xTJ_)ue_b#Z60=*3cJF@G8_vTb3lrAYmuQ?bJX;&6X6Rr(b? z%eT8pZx-Bnt`!zC;ZQ)cqDyJ1OFYfd;>>y?xxTAq&>c+;X>aJIAexaljicHGFs2`h zB1O|ABx{h0S7l2ja3y8jRpr>zN=w5J@4>S)uex&bTZlsz1n zRHcPO7`l&|72df+f>aK>x}d*-E*Z#Fg7;s_{B3#KMz>eYa;N>KG3ZO}bVgd>8je?f2&2YH_oiWzn@?T+b3D&$?^Un981rEs>@4nXaqcbL zQfS%%KUG8MxL(*1MS%H-s`1-tFY! zdTGu%FoK$!Po3}PGcSV+sLBgEj*#-24c`XKg%R)``e$73g`A@^HY5ymW<94Z2?Ze) z3w91-EH$@MWjT7)LQ)W8queeAX}p@$m8aLw-y*KK@*ny{ z-ydN)WCcLynkw}jMuxfvpDANV4dN{?LNzqneeVNs0;2XM>h}|r;MVGxFYQ**qB|zO zI>L)1itc-|}&gExscB+2q1!E;{Ti_RO@1AZ(ci$7RT*br}^Yr~fsHjqFer zXw{WY)cUXU<#a5ywIIIPlL0ci_h0W|JOa2;_PJh;@~1#;q1OcTmr{HiXYMaW>{Pd4H)C=dboDQ z&MnCo@AvS_pAQY3v~#KFgpm6jdGN{cD@6X*e)f9W`1`W?gU~yoM;EDGl*!%jP$U*P z&jnaZN{ygop-G(Wy&0CGN8<>dGlu6uy=_SSnqdBf_ud{5>JH}1=Cme8`-K4ClRRKxI6mG z+ZXT>vMs)1U=NbavOcO8)vPhSBMSd~82*Y$GA)-EjSmg!{Bq~lzj$B2;^T*xzElTS zh2@)@U8XnCUg2YfPL#K(F1SNq54NP?vE;mvA=p!Dl6jf?Jc6-S!?;;$`@XkOtx0~{^7u7ycQ(ZH zzgw(dI0lo{87K6#fzQ1`M*C6S~Q zG??}s_+I@_ZENg(%iYB``l4?p#(j7b_fSOXU@Tq)i6q|Z<_qe_C^R8PCkV~tCio)R za?|Pd<>C>-*F}Sw;3LT|N25QrEvAs>yG_fNzFt}*x3GJ8_t8r`1I9h;)AgdE$P05! zl0iR{IO>zm6>O8r4!-R09$vIy2VMVJ=%ol!Ah?-}!h?3w%1UMy0^$>X92;J9q&%bu z4cGQFLCH_vff%#?q4l9>aSAyc0Tq=c|}O)P68NkT6iD3aU(dE-ka83#TO# zpG97$;YMJV;yQQr>DLa*a2JFhPp!#6-0QfRw@o?XoZb9kX1AZKo<7q4;OQ+?_YoR0 zLVRzPv0PNYz9td<{r3g-2vApObjEJP%1D<3vTx-_QWML)_lE<$Ra`iE{VJ;De$!H4 z!o@u_B6?*1)%$5`Lk>f|^8A;7T8O6{@T#oTs_dzfFnz+Q@;02#Vq8Gpt;iBh`jIi_ z?Jvb2Ev?mT+~!4d>pZ*l_p=oRo{)Hp+3r#V%s4&0qX4sW>e7XulO~OFtunsSPQRhD zq%v5TO!#=PeP?c|(cToMxA@6${tQeaEzOW>$P-$D#Hqt(#u$dHKaEF->pkZ0c7G6! z@r)6y2ODy;ysFf8qpn3t(cWu;e8Rn$$R`*8gMhPCD2m)m+0)PD{8d6JxE((D`>Sqr z^t-+NYKS3MF@JUB4P4b&hO{z|b#0ldVoQD?n zM#y5*|6Ed1H<-2E#H5fj?u@M8_VhQYiahaQ4shPd_((uEEogJ-Jq4Tee;D&2 zZ_Hgh(l@1r*?=#jAa^yCzJ5mA_Vb{&$Mj4U#$PE2{kO?IFGfcOT9OZ7)AGRLC8Di+ z^C+MC;xIYeRMwJL_q{=;zQdtrwGWp=-`W`Ux(WE~9Wx1iyYVi&?8^}w_v4B`OQ9k&q+%6%TjDh&f}Ve(a+-qB0*zw6MX<^in6^cM)Qsno^8# zE9jZ28)Ug9+1)6KLx=hTf@Dy?3?OHH(`pNMz;PrS_zrUf&r?Zv($+DaRUn=y;cT3o z{oiss7p^2NjpuO^g7PUUg>t7^Me@qMwnpmIG7LbPdg%?sDcWQN9K1DNi?Bgo;EMJj z4Qsn(H%LfXlIF_pnky(&oiO)BPYUu;qZ~e{2J@*XQW)EU>>hs1hvWJie@($kJg^h_ zsEo<&0I@^K=wS?BdLlIMbJzyw;YFy4Xfm67W&*ZRRgiU&vang4%r8r2e@))_!?j=Y z3|fQ(jj}&M{mSUin)m?{)wPw)ri*NvV-H#@$$C~XK@mh z<6xSj?lDrMhy09bsRGN*U!Y62f3*O@2O~2;0@zn84XJD8)^P0BDIqO%z zYra*Iw5_dPei-{@?`JJesjcrG^iN!FnZ%+$CGub)h zfbXzgBxV)Tbl6W%>F~L+uw(hPgqr}>l5vKu;XL?$9OLU{!B%B_;|_xJ`o5uI!_wfc zq#mgnNyrrEQU9<^W%85?YTxNt=+&ex0L{0DK^!Wpwi!<`2!xUUs1 zhj&nuZS#rs!;UU3+4U>>hGAufoBfpr31T>2^uw!e=BQ5IUq({GNl}+EYmpD7kTIJm zqja|BW`u_Pga$-peUttAamsY5EEDA0W6K-JXD;oY1H_pg9TGUB&Qn5zF=%(v4H zEZBaKDt~d-w1llynI#*Jc_w~{7TJCdM1X|81G^hjmNC`Qjogrl5%&!d`I~xurY-*d z1A${Y3-h)>=qshZ9|XtoQ<%_^yb(Txl}{L3Vh#40=T51_V0Hqn>E({ofTaO>J$gNb zXA*}k5GB_xYbPZK3Vx_(E^SQiWX(9#R(=$jx?S=}IJMpz)wT6P6v_MEF7B&anj2!5 z-WUmW+@9=)rQJYhEbl|E|T34xO-ZP7;{c3XzK zt3|N~gafslD9x~#MEW>^5(`fi;z|k;b;`fq@8f%GB06~?UiKhrQ$~k$U6#VO;SpUy z=aI8XpNhtU`3l(%!}x%_mx?M*SBdz(RQ)&Ag6qLHOCJ_`fvu@sovYM!(lO@Bsd#&P z>%*2D*0bjCCkfXB7d+lOB!lhU@e^`qJbC^B7yQ`~e_aq4T z8+a*%?5~wme$II@yU8qUmseL8-tf3875+T*gOh{8$O;X`?Ot@zUvGCj`W9E3kqAa~} zzeAl-$HZazdd?io1t0!_(8N2dpeeP7md&1mFJ&*;gt==DmS`bf&=Tq>h;gJakuMec z`ERPiFapN9_P5A zli?(ZXo|r7a*uQ2Ax{uynJ8A!$u8fNb&3=;9f-_YSDpwt|D%d?!FhpFh$_XQTJYie z{`pBhl!#JBxN#!2=4#(I$B`57+fpmM-V7R$XWvi-s^O#?l|^qLq5Dc%W%nPVn8)bS-g2~|-j%XF z6QL9Yqb22gZe=?|*bCYbACCIJ5p=G{qPzibue5Y#ZJ5W$Nb3UOHwv%KE<>p#HBy1Y zieuoHpJV5g9eVR4?`vh00;^jE=tl%=r?0NWdJEMEY~ijE|9(+K;)dit}h2fS(-ba{GDP?1P7Y z1F!bWG9FGD!;@N z@mb94ARBNI^E4i}pFesW4-8g&UcP!u-tqY5bRhVxcd;m}H~fzJ61l{0pJSA=TiyA> zG~U6`*M9!fm076W!f##kIQ?-KYxm{gK>m*CRLWQb%FS#s)SNU^_4-t{KzzY{;(6wF zz3u$?J8*tOY&fpPHj9L<&V+GqPgom%3)cvKV6AK9zoW528l+lcFO)*G2VQyob*CQg zg*N;|M{gvT#BFz2HXfGXOtjxbI;;>DsI_j!pm&;~`KLfoDyGiz`<{;pJY;3Xc!R#M}}7apdLrbnvA%(Cfa-|sb`quPuT!ew zCrUka#aP|x{x7u|w75Ua#0_4%51@XV7j+-*>Tysad3tyzzV`9QN@P5;UyOfCeZFB! z^_h|B6qg4J>DUC)2KBSaVC%Xbo6~a!^lj6*8JAZP@$ORzzK^eYNy#Xi`#qG5C0eAC zQ)(m1szCn@35TWx&v8KtU*&Dw6^<*L|E_WwyN@EeNX~~~evpVKri$7b^ePnd3uxsC zWaW6(aC7TW=eW(BwiuW7n9Vv{ZYZ;VnkDo?#}u31*a@C$+S_3)vA-B1%nC%GmT67O z=vuiq=eyP*%Hig9G9~oLA`*^hHTDTX^l;$ueYyG7*Cb`?xY;N#3hfeLC@-a>*W9eQ z4~b*&e9b8R9YMz<^|)3>NATx>=Uri%tJ%+0Fx&Aco$?D|rn@x1X6Db;tq)?9yR&Rl z!KBm8G{f8>P3INPs?*FCq{)93ih2zh9~Hw`1`^ccm59xzx*9d!yRMdhE1L&NkP{sf4ZC(G7rDB3W9%V8_2x$^S6 zF>E*`e{bly=aVW^HKR|er^@qF_Gpj)eS;f764yMR^Hh>&QzCCaRs`cvkl(NmX2}yl zXQE~X`30btcQSz&awx>NWsdl(62vf4KdeNTnf;1n3SU27W=Hff4J$6k{<_f;Lcw*%nvVU z6b`(*Pt#oRlt0Q)H=~{V>yGk7SvPIY*v2k)>@LvO;+6pauNzH(*53?{k$xeobsOU( z139(%L%~NGxSW@7-KQ4&jw0(jk83Ap6nA!?Az|l(c~L|MYB+3T@{?X8nDCWQ*@}Og ztU=Gq9ZG+jR3h*^QTMS~OEGfpvBE2tO(8fCgM*~dcVQH#+E;-d%LaX3DC6zV3jz9R z`ktr{uo0&<++9kYbig17gUp8Z5ymKtmUdP3iPh)_f1$7g#*_5C>vVGD$xn_yti{|n zoikNC!#`$uaDDGQ?rfjXe zY)pN@ng_dHS%zu`d2XZs=ojAs_CFF${?-#;bR@^&~6;|E0nE{7*M5?l_ldxHOvR`P7jN;FTxe&jJ36 zPYVr=G=CRTDAu3Nd_sn4@Gi%BhKu90o(+0jJ+BgxD*f}cw4q@?eM@hVI!QG3 ze71_at6R#Z!H+!HsOHd2Oox%Q*<2Dhlj(5>A{x=zs622NrNLu-=rJC5%+@P91j zLu^#21EGl^*o(Rz6_o}~N~5q*v%){BTPW`NiEm2w#@wWYCpnTa@HT+_``#WHYvJJg-nozAe z4~jgwcTlEb=YT}{b1et@r*zx|{myEpK3!d|S8NViBx-Fn?a;XWImg8v3fZ!9E5?i~ z1)M}uM$^~&o>wUit;O?M`Kn-R@%hb)v{`xY>Tm^I9HLTdw@RPp5ZXeG-@ZSF&Meu+ zNkxag5)A94Kj_1pK35)(yp;ZnQM}oYIiO(Jw|+xcHvSOle1OnC`L$qca~+pFvv>v!hz~2W(*~j_iIk&_j8Ja67c51A#ORakHk*0f` ztL@UBfCkdnVu}Ko`pX5silH+JRP_;E{qc@9S^0qKLWBL}ec9BPuW)Qp{>-NHXmhE}ca@wo%cCF|o zI*r$oU~HtImX~N5!}v%&()3QxS+EHaNEBwY*u#8&$kq0}mO4Q>&8>ZCLJCSuIjQsU6N zdW60y^(g&X5!yPdO`cO$u{zUf%%kZ`io@e@vyUm@CXn0FP9dYK!VMUokHTaSd8wWf zk`a73-TBeL9a2Rvmdn+#o6%eMpJv8&M@=byfamXUmOWivR(6%t>Zx}igXjr0(QU%? zpbIaLyc0&6XL}33MauWiotW-T@lPjO;&8FOokPGvuYZ>oEC%l7kHDM~+Un5^qzsCU z4^Q2)K3ptm28M-)VRboomNi+kV|byU4VPI--pnFUSBAT|6qQ&Q%ry2gMYrZhU3Fw+ z_r5Ge>&Rz_;iL-#*x5YFT8z<@UUd7feVN-E%8OJTX!IwvUh&0Cm=TM9Y~ceU#N52i zT5JnL;v`iVU#n;i8!rPwLjLO+S2TFTcq0cjjuw=TLG~%qm?&r{bly&){GAWaNntIW z_CY6)7$WM*cV}w}A*%ams2y`rG#8z9uKrhOdP$b;KhTvYfx{jZMXoJbOlfoV7?8O^ zv4kBoZ}Yml$@0u6u@Ld>x^puirtk1%6{y0KA^wNK)uEEfAQtypwY;rQ=}buufeM5N5$4?9OoV=P1K!rR{N zn(5g4t;LJV_1}{-Fa|{gt^$hF!mlYYi`}#Pbm5|DZwa|0Sjq5XM?=*0RU|)y;ig8z zBU`BjL|i3Ad219E-6p#u4buPQ|$s0>t||)?qgvesYs|9q|ebmoSh6?w-E#!t&4mw z_O_B;%}_0rWf9Onlk89HjC00>vRjyQ#!jP=yZT%`J?dWz^}c|F+plaph01=r7bxKg zlVSjy$`j&ee)iggtg z=`zv@m&!Kdm2wsG1Thha=jptRn+p0ZNLspBuju-dQ4U1ZO^v*HF*H{(&R|9{`6@lw8#Sw+-Ip+7u;}EK5aF+!D}O?5dR$Kgl+p4^x+`Ny zK1=XZ&UhSkf1Qv@X`)iX(;8!C}? zkq(a~Rdl^|3wN^G>u`imifYe4y5f^&OX$&^VNjJoH5E*#nQ3I-rZZ9HbbZJtcopW3 zohtpr6Bf_)MdN9G(S+Uet=ZSx{U(h+bR0P#(@6E5VXQ$Pn(1J^@rcT$9q+8!u)Amw+I<9&yVcqDy?WwK0;b%tHBf?$l z!Fu#WhgRMa2C^r7qvGac3v>g6V26Gq@~sXv`$}-FrjQ`Qh?-r<2Z;quqic`PLWV+H z&&C%1aUAU(qd+o{FIU-Eqi$mSz%2H%XMp4zxom0zj|wqxq6gcptOvfyGFfMNf>0e< zC}@_*;O^9|mB9;_2IiW+B4o3Y3($ur%F5{;yfpR~T>6yX@^lPO8uVD1yJu$pR-&xa zb`mw&7rju%=A^h07Z;S9kuH8yZGm*%!iWz_6vc0h*PRR)Je7 zTl$zdW9+bbvg(Bx@A-$Qh+HG^cO(&pjs3|`RCq|?w05W#!Om2(R%jzU36kIs-C}k* zesI{5F$hc}9Bp^_ou$&kA&A?h=#$Fdc;SPw;4Fr(tq1Ex2-; zi@eoi>K z?>4K}C{#$x(&XBmPTJx=`}52Z20fQ^q6f50q%Wi-iz-Az#6(-&Y<$p2E%i@YE@y~g zgr0lw7fJ@fFie=2Y3Yssb)HF}V6-@$Y9`h2+#8K&{KpVTrbZP1p;Age%$rbjqOsx% zDvx&$+u(z&8j&^+oo=)XHD_h$lxU zDX)hDv-Y*(Eh$k(OpmMrmJ|V=uC8y_al_6C1U}6ht>GL6SK$yUxG-(;G$>F8Y?t&( zX7B~Ax_22mfi=1i*H`)cJqfE;)H>T&M=MNW^0(^uuHX*8#t4j!ZLZ_($7dMZjpf?3 zrywF|Pp8@8tfg~KHMpwS^*J=|?br@uW%r{iZTAu(Efke`y>lc>bMFhJSrOi6<_rr1 zqQNp)KV>b;H(GeY;BCJQQmAEyqnY(z=ED6|3>=EQ`Uyw1xAnctikBkV`;#9jA8voU zJ)D7JjrPg4deL?Tn?>T;qyiVC^e<dP8i3k**?j3|IK>77C|3ta-8E1GoR}StPK7^0Ll%!#6C2h3zP2M~YA@Fv+U~>;|dl_e@5*S>=f6i{A$*Fw2 z%5j;fBB1xh*EX92e)ehty}C@xb4Oh(VxMdj-*ik!;z#GPnuOv|BHhK72+Y?e)&q4W z;|G2zVkP|=&Rg%E4ZBCre@`90+HV)3q)udnsV)RgJ`@qJ1JR`AF9p&Zz~3ld@s0gm zTOGfrbk)$)JLv>(h-{$FhVrJiVN5&Z!1yrK_x9pbf*6zy;ZCNlTCvns$IN*#9}s!P z>&WSU%Bp$#ZT>Y!JF7t5EUWMTEvFb7h9xybomQVD(R5dWS!z96r-FWTxIde*wBpwFBelmiUBP9?NGRL;*M}^5 zyS!Pbc`k-mvk!Q5dyL*+-EckX@e57QxMFtxYoq)t+TSfH6F=c7ORBj^VQnCc@RM3*xTCHfV$1K&J@wYM zl7lTva2zpZ$0whA;Ty@waK94-6>frjY0f6wWi>W67weW#m<=gQi&wOtp7J zic%-~2^FPAG=VaB=KboI5SR1O?BnZ4JUoF5CP(~gl{#{?J<$-$`;y30N47Zl%$Nt_ zaShwyv+`c;vejntbm6t%F^8SftAR)Sg^~E=iCMn}H*UnH3-134KN-VKhk&eF{pEb_&TR|?A6s_a^qw3+IiqF9b1F?V z$=M`+(S#dEd1qq;VFhw{38elVnJjzrS7B07pUc?y17f;{Ju zNbmv>!m9goP}RO-sZpeKrmx)BiKG3fN+v^0rvy`?V7E?#K1>CDZBlxyYq@{w;{_tGX+DF6fFaL7V&_gb^+dm`|!1_Dk!^5MqwN1a%| z#H+^R6}@gO(w3`1bgq}nk}Z9(Asn0bdSa%h3|x98h;fMHR_DtefhmOV(;Odf-7q(5 zZf!OGTQ~?Sx`r%u)%0{#mQjQ4~Ehd`FiP}B9 zL_WxM?L|vaczEKJBcFLK*4tO{VMe45!W;hx(Lf1P%#|+&k^Rd;i;FPE496^fG8U2+FeV4Ej@%FN>-XWu9#~8_e7(@XqV1`gYio3y^ zkDE{cFSAWt+YM0P<@zlM`3;H$SyJNGYd?PR&4E(2|7^5U-Q&zq<)`0E!jg;`d*(~2 z;ShUqo2OGUPsU9rtr)smFJEl(AoO)f&RR|IS$o$Z;r6&eBK1auoWY;#Jm6nRyjy~y zA!*y!DLQdQPmJZ>3-}`N)aba9UB%~V^mE?9YJ4*o^SZ-AxNPTaeklA*g;V!RE|qV1 zmwzjcm{683Vl^Fqis4g*^5w~XQb&Ye2QEPPo3?qa+vt6EUwkkJuS5ELtKVRlajLQnwsj5S_#*z-)x&Z zR5|+V`>)al`&WZ9{FOK}FgeBCT?M16VGk9ya;kY6&J+}%m&NMHnPm!Sw_MuQAS4s~ zXX*&BanQO!4MEc&RIiHA2cEU&%F9ucwix@>**t@nf;-C@fisb&aa$Ls|9~`ea=9*7 z2G)C%1_gAmrgYzNq)=UZZfu!w5O94OC|g&9Kv+fBnf;mh>8F2U*i+(>Wef(M`3t?5 zz{eG`d5ipnh>0Pdn$EjG}CwraR8G3-veth z9XGWy_KJ=oqu*NZ80ToK?A!mrpg6GgGw7>9j=^Z**2mZ8$23A&b%vft_R3nd1vzWTCtkl&%A zu)9ldLC!bPhrBL_3;oV}t4i@Xv?%T#xnlV~^<;3IZ2IKp!PE{F3eiw!6Rj;OfJa2%GN25c z5IP8L6kaA{t22@^J`w*&!5Qrh(~x_%bR2-XZ;wg>AvXed=fgZeK|=2W!r@8!F&n}s z-;VqF`#LZDlZ~7NIQ3sG&M!NapNDZs3+1bx6z=aUXXcLe-q$hTTqV)4q%sUOYaP&q z@3S2goc1?@z5;E_#gO*8#5A=o5f>UEJ>G(tzV+TV|*L(Vsm&x z7mI9OaK!sb4sZd0#VhMfZ!^TBK3W-7Rx;mob_llr!V!j;Khod+${6hzc0$CdueO*a zjSb+4|Kfm&>i4+iB^H-Ytk1VUufMclvwfHFvTR1s=U5TXEazgI2DM1~&>TLL(ur7F z=*4P%z7pOLGor7kdOp)SX_7tGpM|H};n=|YO2L#@=Fhs$;!Lw+4kN^gg$sb&yqfUY}IBXhwc`%RNQp-1JCLFwMM{)@Wec%Z_Y0 zcVyo}?vF`g2>yydLG&P*n)La;2h6Q;mTopfyzEoEaMA94aXb*Be}-$ub#T;C4tG;@ z?9|BS9&h@S*OwjD_Qz7>yp9s*X0_CShp?(j&4kNJ__!g!_f9lND`Ku=^T@>0-~I(g zr7VVG@&Up^7~Eor1*zg9kDTuP_p4q3^?JtOj%?`V9wDZqZbNfx5_83~KL`nIvIG*Y zi+{{(Kqf6L6n&l@(3P}a(@Z7i<<_w2MoiVRK-P*N*T^U!WC6FOM@2=o9VUgCkS2$i z=tQV;HR|c0qf^ewG~sW{_IwD%N<)j5!j65H1;a&qGD=|&qQO2vzyH4FRMdxR4Q+O7 zi(}w-DE&zOa^ob9H51pF_3@QJ3S*v4u*ds|2Fd4Z#({D4f>fpM{c?dDw&s9anb5lg z^^aZUGhP9_oNk1bp)wP_XEns@`2o9*hnFHkdw!;jUma#S7nY9S-i=mvEN!Ib-V2#Z z3u*4-? zNhl6W5pniZb9AjA-29b_@xV8W)^AYvM6+Pn6#!0OYt#Mj@|BVo3n1cH$ z`UIC^2V7m`HC@-(!kL-z@bI3uaM|?qRK~Gq;dy^@fO^S_%y>1R=E-TQ)vGZ9mlj@Q z;ooFIiF&PGpe^nE@!KHfM6AcB*&}ki3dp0kag&nqjPO@sVa zloh$(2(ky6G@63Ci{IOX+9JEI=r;?t^I7j0D=oAj@px#_?xA@k*?cP%wl>*9=R3zB8LqEx13a8<%+uTg>MpLs3 zjEa)eD`y7pn7r5hwDaO0m-xZ}I#$)+AqbV$5jfmq54BWjhV?nvREN5UQu=hlPiE1U z)8ax3Rya@kEadP(8QWW+cfSs{EzpLD)CP24TJ;IZt)BdB3>mc|e=_)qq4pwl`y5S) z+rO&sTg2=8B>sqwx!@w7jTK3X0&_z4Mm3gAy?EonUkWj}Xi0O%WS=U@TXY(#n-f=n ze1vW3enc}6?2hK{M2q1g&Of|coH}l4rm7+T0 z!vT%Z^;T3#(Z}2jM~*u>qZ3(j@b^tRqeLB5%sr$H6}Wvr1UJ<&_guU@kp|+_7`n(s zQ9L$#kl4Iyw@>!@UDX25g?N+7CHyu3q#EQ3OIPhfGhXpRxsu3EYM#q8F zQCT0|)~3wMSbg6y^*qS5xX+ZoT4*T~K3k#;^eQ_pK?j7K9F2Jn;2!H!Ul`Rdwuii# zv-HH3o0>i}+D^5ZR076TA4{y?=>WN-g2j(KH>av^F?Nqzh3@j!f&ADjPA-cRH6PY= zvq@2(oc`SI+ww<){%+UY^B~nGZejml^E<@)!mq#bjVg+8CK_QGgf7bX>}Q1PNHpko zj3Q+4YcZ`kx`+lw1#T3rtjBx=2_UY{S_Tm>K9FaS{cJQ_L3F-FcjIjug z!^aDpE=LrVr}y#=B|icZSdd7Bf`S3A5cE>fax>hM$i{?_1b z6B2dClJF+4cGas?r}yXyIm{yuKhHS%AVoHaKd~g8bPk~It7n9$-&_i6SEG44%znI( z1x+ndlUwusM}rA*lc2)H6SAu+5Z+g2fx}pQSVIIsC|6bM(d-*dVEZr~mi_AnQW~{B zYb^G6nNSDQ155G8O9)`If*(j&mFqz8S`iary7@~OGWF!?1qSMN(l8%Dgd7^U+h$s* zdRbd8OIf}f@ICh%a7KYhl%~MIDq8mMKkhJYlNEMG4YM9TXgNtl50f&33wN49IKDT2 zs60ZdqIP~;PmIX(vbb#gC58-zNQ+d3IByLVj6=T>A~6+ZX%l(O)vk;7Kps5Ishf_Pbjmzu~HgU{69$+=vdjv?xJv&51LP}&D? zDkKJKftGD$pm?9EQUf`{e{iQrsAMO{AsHkm7>0s>Av`E*Zj)aXa^CBz1({4o1Q3Ho zKgHR#p_=nNLxDJxjvm#qk30P@IC**S!C+1g6y$8v)#xkI*seHC_?K#7SdYXfwBM^v ziL=ZKo4;`|0HA}j?L(bm!SXM(8Jm|Kot$LY1E8+}@;49}165LyDpD)%2GAxkH`q76 z!R@zUdNh~v2?B4tpa}WpyRVkX=^v^D@Mr}hzlyW$m`V6$4%mPKprUNDs&fVaM$eM} zl+Mqjbvhg8Hdk_vy=*k5RjYv(Fe;lQhSm(PyksAM*ahxQ!xR|<#~Ma)Z5Q+hsdycd zjplL-e@G=&XQW*1eRBU(Iy(zow^?~NXR6o^KEJaioeV5f94fSFzZ|~?I26FL^J8=fv>j*f+!7m{a$$f@~*s)DCO<^fzjKQmGpV9 zqI5qVonguM1X;~=8}&KjX*Wtk=cwm)C}KWZ0~>butZE!G@vz3LBy2Xxki8S_laPHo^N zBAcHDs}e8BBjxvDJSb?&6KIwg*h)nv2B3qvC%d7@D+%Mcbj#Ow4Yc!X9qqnQJ`;E! zFX$2P0+xaF)x~yi)et-fx=&v$8Nc${lw@Kwfac_^F|kdTY2#C@cV5Q5m3I<`@Z|y! zIeu$)P8`oUL^&QKQ;#00ztk`d)z0q`DSjK5?@G_TUETqMTTbdfpD=Cv*d%WF0P;7` zqjUI@nY1@R=!TfalT_y9PjqYfx{&9I;{4W`sZ`&A&9qXb&8?w0gWZD{9qoivA-|UnA8M@ySv4;Prqn_k145nt$;@I;KxKi>(CJ0q~R1 zXDY61ghntIk$Kkw5wI9#!}eb*_l!QuMd9m=i2b7Cfp#gU#Gd%g-(m6KA5}q4mcq+N`{kaQ=@-FSwmm9PRWGDp76&gnVDHfI zF>&VH9)=kT%9AJd9(KYA4W641-7H3(X5Oq+&VPWwY{~=SQuc+kpW7WQ0F(l4_`>7s zg6ZqfLFx~GV#av4`s|(dA9p{1SG+cnO(5q3A&4PiBnLV=`9@+HRffF zCnr9@yFAnE<`N9(|3jd0?N#yqZ`-O2scrK95=wx|{&v-(S8`@c`G=FMhQTY%jxj14 z^j>R^Ij|ix3H$x!6vjj$p2c5#5bt`o_khf|Bh#zws351q!9%zqD@iQ5$21aT`ZAtB zs6hRPW{N5*^v5plQ#L%XC*%B7+e^SldXEeD2mLrB+RS9ncZWy&8ZYnL9&~M?5B8-}*!HJC+sfex$S6(YUNpdd5kvPoE%vV~o>YH!4|JFkk3W7WP zSv+X`pCp$J9r>@tOvKK4_us%b$_EQ%b}DzGcN&$U(NUf-wRKWz%`lUjlvB~CKm6Ssh?Ktk{SCSr z#7fVR`q6wS%u*Dedq2Xu?pQ%V&xilOXKM6Q8TNZ2=AGm#3+9go3-#In!^h`Tz!uBr z{m$90-#q$N!FU*8{$VUDdL*4GkPsQXegORy&HmyG2gD(AaKYnSz~h3)%LQj2 z8sh0i8$c&7=%g2)54L&KNBXg$|4q<4x{BJ(u1d_*kGg98Eq4DzzU3~3Q+-2jMbxWY!br@7)BBMc{jFEC^V5d% zhV2h`-XQxYy)>!Ys9z9CX;QfNMg}V)TTEve2 z>v?BeFk;m(!IVI!#r00hCXu1Ze}Ln;(U`msb@}k01C`y+i3H%_v0@2*SWJMLL8)7go)~jqWr`Z9t?Cuwg+;_V~LxK&R_pDuQ{G1`o*2@dH>CWIiv`U zr4hbL5S)XRg3*NWfaL@Db*|OG!%klDhN#(|^~b#_4L0WF-L0)HH8q-OV1H$frivh+Jh*G@Zo&(7h*9th&M<=w7hF*x3lEAFF=m)q85FexOi+Q`OkD2rbu!h z|CkqA5znv;9Q>nt@bf+`FX51PKYj2Fh=s)N82e%7?472cn{6Gq(!?qj0Y>iU9Ep^x z2D#$}HR29cZ4J|T>n|T@G2-P1hN+Zlr@s)-7`nE`kz)MOWAxJ^+m?t1F5%F6l77Bh z-p#>#e1QU36x(%;ZDr|b4g>8*-*^02-dt2b&(Y;mHogjZCr3WBZv5-#TRs`o;GFXF z#fm^8dTZLY9GPjbI~^G60GI`c+VeJtTy5w#z`O(XE{5&Dr|WCWzf+BQb`j>E9 z5anA?Df`9TlGHK_@#N&~gA7$i$06;_>DKl}5IGtthN<+qNEb;zld&lidU!-+&}zl2 z!EXevJ`^N2^PdkW^Y$?pr&IjqOg0B<_IV4G3=4J*;s*3TPfzS+1GT4(a+v)k(NUZS z+P}izqio1*S--xb()<8c?B>w+^e#Ml!l5YSAKiUg16-rR?Cr=gQI(M3YZFgF1rD3( zye(XM#G7Bs1Fxx3_#|vF$|;F-DQolOLJH~3!TPAqx*WQ7GyySqWFrgWpwWF)lB2=( zrC?KS9T|H!Dj_gLKfQ91Ng0CE_|X&QfrwS3g0H@S1T63Ip?a)qo3M<#`44q+33q32 zFSXeWg)^-E_rBiVUb<%}5&#Thcx`^$2f?;oZfI|iZg8&jwG@7Y za-clhwaDNLG?R!ng7|631f}-Sl|=WR>Y#H|#fw45khj4Q*Bkz13l?)7lFJhDn)hWP zxo({z#0mDHX()!7D9evCAo0ue5r=m(&H~)RkNy&004=S?JZd1pTqbgNj;8o|LmUX4 z(&L-PAK884&N?FhWB{~PmVv*p-(BT%-)|33C~3RJ(tc}QRtp9FrnPu>y_+nmjRPF~ z-*l^LjqJW~B+p!qb}f;pil$jPOV0dZdq@w&JPuBMgmy-xNPvH+`kC?CClXr zVP0@}Wq`*)6+&l9{Lz;E37keD$%om}cJe!Ha$s)Ca)qMLse2mOIll8tYp9mrbJk7O4Q7 zdZ6w%XX6~47Glb^61CXKkZ_KHFS+aZW>oaP%F34EhMIN7PO-;EB1;{`Q4zsZFxhxM zen~mSdmoN+cTV(;-e2fXL(X_W0t5KOK@^=5SJdfQiG{FerLw5^h`1&$ zq*;Yiy~cOmc0w9gnOoSgJu!L5^R|Tx#S%(J(CgCinlo$;P8-eN1g`mrgg>BntPutEnal^?zfK*nFUGqWL`zg z%v@ANNPT$pdyFt^4D7vzW~b%On2R%@?GL}r7i3*@aG)tD<(m0S)f$V^F=4z5=;{z8 z;%Yl6*fK=COOe$E5K=zFCE>C{0i>fQ|6NuQ@7?XeC$eWCK98t4Q&beH8%2)12-Edh zK6>oSZSeNQOa?g3lb#Np2O{EbF4z!pn!aBg~B}~9F>{NfPg9Z>m?C&aTSa}RJ zJCOu!L|aumahMap+JLwRy$|CT7yw-WlmMLkz~kt4I(w-sX62p>ao>lb+L&yC5>L)} zac3j~@)+cPGhosNK`U2nIv~FMZWN`WxVJvv?s6g^7N$_}>YAkMxq#k_N18PF06U#f8ut@rX$w0v+;8l$#UsYgVWfB~ z$x2-SY@;Bl`Gm53Y(Rx1{)lsg`@|w5-z=F7>&PecPtos z@E;3gL#xcO@*yYcwiQkApLYl^<-c0VI%p@$)2wM`X2pUy;NB;ewj0ts}e#2+MA!4)+D_q`h6E+qn1dgI4A0^ij z0m9;S+{ngA_mo$FBI=?Qq11U!vYPR}Ddv?;COdytn%vRv`!#{AX*8MrQmop7`@Q9e z5zd%(GNwoZ;FO3$m>!EsScom{H%2+&Xwe`-0f&jqX>5Tx?Hxrp#Y*83Ya z$C!{{FmMbeF>!PAz<4ai@9-<=84%YCs#k>C_sd2)b%`hlt-bs*3kMa9mwu{j#E14f zZou?BRI0L!VHI#((Dq2UBqeT&=AKWEWsEz2b%dlI8VXhJ4lGO{OWxrvBVz8tN zosQG^V&%6^WdWxnFnNX8=a);OClp}oTk+RGi+jn<+7?dq1n9*g(#$c`BL3Py2!j=L z3=jvb_Qfv9_)sLyt^Z6>=mvAK(LaOVe*%a4^R!%s562kS&i-9<&zOMNN8~u%FY$dM zww%-FmHhA4g8~Da;E&I&)Qcld+q+rJdM`f8*x@E%m z#6E9TB~IOr>SP`V2Er(xf44=~zxH!wx|piU$ocx^6=h+#N^iNV!0O5U^778^G_Acc zS>m{hQAcxpi3tQATWtITs}TI%mPP-%&2@P*0Q%{C*JY)-s=ljz^|jSc*TeO*UAOmeUmifr=FXKNhoQhSeQ``e9_1xj0NtuOh!kEevgVRCo` znPJhS^cb@~+ocD1Z^*p!aVD zw3orCV)Gx9cVw2#GXVyan2lF_9)`s$jTEpYP4bP)bvlfPWL0(-ZqeB^h!4n4FEoS^ zPVS|mtyf_nF5mo;Tptti_PCoAl3E2nx@(itM9W%q(OteDck>fP<=ZkwU)d;!sAo{9 z&GZzPOfLc&>U`HnP%lyO-PzXu#ow>Z_16j87RrnN=LN_(%(ajr%W^(F4qzkU#*@;n zM+JmQ~P-uF!7<#ec}#bmC&g<^?(BHVRiX_*}z?7b*F{ z^rs?-|7>(u>vR=&8UjF0FLe_(%rV3RON3>GA~Y&0Yr=7l%UzcaT(0`B8nu!wru8gn zPds3W$`wL>Iepw7swEczcEXMM`1%3zQ^TZB8BBcd~0e%7?s`kffT@L0) zpG z7JCy7Q6w&0-|fuuv>?{1A+x#^*g@Cxg-C7JpEBxf0$eQ zJIsoF7Fwd>46=Ly*R)bqtPrqy;uGV&-;tl{NY;Z3wE(jUkm#=0G6|2mORhVheIA?g zlX}_%UWHf+0;Ck$#%6(Y8V+vL5Qq83`If|sHa$4NDQ$Cewv+Eslx(stP+M9e_x&7h z$ayl)z}2BP3G++Th?^o#FYCZdX#Z-bK{#?xA_(zv?hir()MZ0kQYTv}Xc`|u8ysIp z437d2D6l=iLn=UJB>{X~Af^ed2ZK5gP%j0-DG04H-R-jAO<{LSQDrC;nIAMtxIe*_ z!=E{LVng*)o~g(6r7Cv4HaTwkEScdZO&oe`|HcM{SOrI!RzVSF7)7$Q@ogM1Azg{q~S=)O)euZjW=}o~0 zaTqq{C}yzKxC6UPf;3$rFTckq@OW_`&+m>@oIS*y*ddO36fZbzXEsvVqUFdgPVgz8 zgg9DMLu)<20byEl8y^&*0OCJH#+woo)qPiR!wfm@-e;o&mvr3v>~DLAx`v~$V}&&( z)uR9ylT-N$q$;9lM0`LOd~2cVA_6V@2(I@< zY9~#GJi-mxY2B#rOfrLyW5VoWGSK=y;a8Wzb!HCVrAADDyuC{jyqCvbQQ-p3oR<*{BrYN_M-3!E8LR) z1IY$i5R&Q#{Xd%CIxMR9`5y)(RHPB4MY>t(T;C#HA|+kYE!`m!Qc5nZARr;#we(6$ zcdpW1yRgA?{CuC^pIp~+@;>*>yke%FTr~%mH&N{~8-)aS9QsFabO@Eg4xYrc_`tFm zP~N{8q6Ok*A2-0pw6q-d_~sh*FT~H8^~XLF{rwQAY$Jb`le|_TIaTT_Vk*3GqrA?A zWZH7~l9}+o9kCNL{5_hpSW481Cce)$WW+$F`t6f* z_QwZES6dxG4eG~EgaX3ot-uiplZ}l|n$XUC3dPiuC7Bo1TJn8y-E4$0yJZ<38 z&neBqbj_LA*#3aN6a6!OdWNkj@vDwubz*MU=Tf*$)C)(=InnN~wZRh>_J;@`Ow;{o znz@vmO)HOToKET6N3{PX$q6Ukb?9n2>c1}qRi4Tf)mAs~4%RlivoUHWC4YZo$S(J} zW1(5w5L~_LGKvTlNI3tCrmvfl1JsX#*Gy8PuVAJ^Ch9*EL)Nls8m_#Ri90wxBzA|9 z=OqIO3afN<-dybrbM1Q`3Y|Ik2+eRNE}!S*v?qv)|Jz*B>zU6?p6fNTjtS#UnpM6v zn;aOhr4`2w(Ff%40DLy9#GZ8|SshD(D-I~HIH~VxOURPGTB*oa)eWjRN+fy`&pj#{ zuLm%pmmjmM#Ekk+=S;wjZ{9faA2hZ~4p$cY@SB=U6#7_&E;6%H|8Cj%r6K(%a5s0y z_T60u7@GTtEar&zPyEfCb06R;c>Y6qza%J$K4XxKk81MRC4ZXii$%LHW|||-U;r6l zgOq4L7nv3%-DUU#07wA-@P#5}WdCY+S6%fVC;v})=cOtTKljn7rRkq87eIAsnbK9= zN@AFgLKtiOMhe1Ej6y}XL|Kh9{#*gFZOyc1f6BIgSUK_=K}(sVALoYt=(sbx@dt_d zNRNb(+$rgD$gK9^hTKbFpxLUyynLf8!K_*Nm)9&O_e7r!(8K}MJ-;cJ^?G#lf*)Y~ ze^@8yJ%o5(XE9PMB+=LR4MlL{6meBst(%`2v8uZh1dslhJ=0ecIZdXS8G78Po&MT< z6)^wQuwFB{v0wX~8kzV1wjMKV^ENYiw>M-=CM~1bgJLyc&n=vJ27km_`%LN4w+hcj zvF*3xv)x7ESKtyL9taAypUYnhSifVPO9%$|Nub1FLKiOKq)G-nG@;>g3a#wvTyy`# zLcT=VjN`{D{yUvCaoR`RMO>;rUD-IbX;EV3@WVh0WIPW!jz<4x@x@VhotOw0v%9d_Upyzk2<9 zeml?-!JTIQ_^dUYJQQoEBe2e2&ap8MVAtV*V@R zm7F1Ak28oVcWeVCo!%0!!rN=!>-xhk2anSXVUVVp3`b(;2e)GXVB-GI`yWnBH}n3`q@gMwpxrP2qKz}Kb)_e>a|f~@eWW=6r>`M((F=aVyO-ao zL7dFF`BPWwTnQ@w*t1Yw$(l&OjRGf2i~k=S(ABbsr~@*L1I5PRRdN(im<#)Q#CrBk zWeb#yndncfq^rh;2y`gY*AmPX)Xdi6L1M|%LUCE2?c?8?cqACsxKk7ny`+U(%|-)T zT}#7z^LyCJrC1ut$IY>uTh?3|0E)tHU@Ehm_lHZm5>|#y;}x&J$loPkZ{T!!xpI=D zN62z+GgU0p-yCV&7K7&4`?@m;l4Ci)T1QO2&(Dd@yuINO?bF;F8 zCM7_f(8W0r8~PuR<=X${JZSqBVh#~D?)otQ5cq!n*-U`W1R2bTD2lx)V+xkBpN@6m zwK9M}3#cg}t>2Sk)~hYIdiH=Xq|l;ItrkLRf!6Dj(;ZfsRrD# zycu>p;5ReH`KPmEceSGIi=!f02XIJMeq2(;6^6Xx1sb}owF-Zfe1U6zNyO^KhYDmVyTg3o%Q#N5{(!`%Z`${SuIctyDNEfep zI{ijz$N$FkxGwf$?A{vp-$#m#Gw?MJbCvYz4ZT{c0=8EF>w2|(Ol1m?(s{e>*v@X> zH_@$m>Es6}QU_*Q#V!xFff%=0I(r3JjSGc4gwZCY~PKM9u#2(mQ#GU=7xMX*ewNX znypQ?CdUimvbeIgleLv4Y{1y4>i_@cNKII;KU0#33Y|p(88zM~Ado`qOcL-HG^90zHSO z{?GAbzJr@U9oOE-HkOH>8OEUZ{Tr`)d$-!HUnvxR0a!PwqqQSO-)R~x>SpQL$4cO6L0$2h&W_& zWRl+j+w#EUxDa!oGy`g3vteT3;B&h&!9tr0h>%3RLk1a9YCq#&_w9mDVCh%6OHWY8 zOM~_o39v4}VEgF6#_UiA;54MSfqpWJBb3QT6%rEtUFLU82!h|wDrCfZw~;lbofXp<9sV~tQzZ(B%(q6I=c`E$s>c!vWhi) z6CuZL9t(L}pCEcMO|X0OS~Y`rgxTEem8$})x-5u`0Fe^tfZoPJHO<6=`|scC1eiSA zvlW5K;=IiGv^goeH?}B5Eb=$yzA>)$zJFZvfX1 z9blVcw^^0P%$$OArQ`~;1-hwcmHJtaJIlQ(6yhBdEbu=R5s47L>3hG=7BtuuBhM{SIs4@oZ-r9A zU>ES!WI+e%YOCvZ+U)Me?uqEyt5)f0M85eVwLM&WhD_VyFU=A=6U z`pM~t$=KEL58-SP2jOMi6W#19g~+q z`6;s?H5wzw2ZLP{gYpOf=?j*EI<5nn=9S-PX!Ar}C5}0d(CbaQghL?~RPJ+Jy&Q{I zKAD=DcSR-hME4rO-{%SqV8*kA{XN64bU9A#iIX!QVM#6lJN{IkLI9tXh-r9`u-0KtV?)x3!IO9aDyrC!Aip!O*|_trW)Ig+HtT|_ zJ!&$u-@(<5RT$*K?m^|@jC=gTDn;emhg%EFtbZm3jSZ@=^-c;YuZT91yJh=7{a{cz zbeF?LGB$tS+}g5E2xD#db~ya5ayshG7|;aE!&4Q9$sc%%oKgTBs`|au>E0t@0%xv~ zWqMzzVPjQnkD1@V@2t5Ma3+bVl4j}8sTkb>VE?IBKSr=fi1zaojrm;U2iDZihjjih z;KfA&N~Sl?R`h$H;eTU$221+@C_HFgEw+jaO~mx2_axIRZOjK=x|W z5!Yx3^b8=mUB3&h{9@d9S>R`)C4QpSj92|lHD758ulFuEW%+j@2#JvK?ecpwF<8j$ zt~S_J6#Wrm`97s*m$$5%W=8F&Rp4po!!jS2MDNjy_Y0w%)&&;u;|s4x16^TISC==h z9uFw&P>nlcg9`V8zr6G^=Ihi4J|)f^9m=P8Xk1TSC&NJ8=?M99lG@m(9`x2ufR`Qj zm3@^yWB9Iz2xmD!@=s;(;A8)-yWNP`^q&#adJG#|DNmE(vLuAzUgUf-CJaU|`~dqq zr9!2!Hz;}aL|=VNuIF_@dD69N{awi(HM3-&vM$d zJ#hVE5A?ZcPZ?2L&4d8uM`ii6i%!4}lI0|PP4^gi?QpsSoW4CC zy^gsab;^)@5mQ`3k*y%G1`h(X1Fe#w#3xWFrY{Km8iNRMg;;Y>juL-Wm)O zIpwsLQ>%MO5`!0}Jyi>YS!1r$h`;{=gsLPIN0?Dk%I?2A~{p@X0Tq@n}5yf8>Z(z`5eQ z$RkeIbxc#XkI7%En&c3@|1>*;r{Sj|*n&<}Qfj$0gCtg_KE!BPygah-?F#}OYQA;{ z%Ayj;tI9YICFQ z38Mr=WDw(>eu$e;c~rFDNM~}p{lvK3gw#YT^ZZNXWAHBR{Dbgp!uTL8g9S8dt+H^= z+Aaa3dHas{I6IrxFm=nH)@?`7#Zq1Ikyw@SSg;j>a5PWKSA(`_}tIjBq-0ot#ju!%q zlPuTp?~;K-dh;eL7byssxo&9ea4n19m1FwjZ@nBtv86-|2?$yh11axS=hM(ccqqhf zegY?`jZwW)2?t6vhZ7&6u3}zR$_Gm9{z(3e#>$e{uC&rn4llt=CKew(b%YaDGn5FK z?g;gg!y26?&z89nk+TtVd&=A|7{LkM^d&djJvS1oVplpvmYJkm+u9dU9h<1{p8n0h zn+?6eD6QRyHodnbz~G@>o!m6!1mAn%X)x2G@LUw?x4SaoCir|6N$1rBXLm-j4D0*cL4Ax?WH#C}ONRc}%EKtZd3|O$Z8@;| z+24zMc-kFiZXownBP{YQ8oex)8xR}}KiTFgFLSMrgcP z+iu=QsMz>iNvxuZ=4Q6E-}*TQC{@o-wPRyiAU9Rgr?C_ zo97&-T$W(kt^1bQSApoqo#ed=G*(&(0s1T(Qs_mlJ^u~~Q!2=N|2YRoP zzta*G7w(H>NyD6SV%IyJ%IlRyh2mJn8fEk3lLM{1&#SietJ6v2+r!ga2LabxQ%dFm z7PtHT>dq~WZek>3wE|tqbYBL671xHQ8(bbmo>b52Oq1Us;}HkeH=U9dKgcrkDT738 z!%NqkEPIBL!zOV^N-&B{-R8OhEtuL;%9O5Ytaj+N&gR~4KId*v24!BK&kKBKkolmS zg(Y=NDD27l3ZgfNq@%5O*{eV+?v1?X0|TXbRlZ`Mn7_{yGoMGqoMII;=}uce%v(f- zsgYmdy5V)+CDGx@Y{nxA+_PEKb=8IEotOu|6DZ8&6#_q;L3o1RoQ9yS@(~4s z<)!T&WPe_t1xZKJCk_j``MzX8_jeFx;4ZUePE`cazJn>A~3c; zD3Xm!-N*Qu)4m_-93_IHinW2R4xZm{mgg8tYj?H@h{`F5#h@fY*DtlG=*oEPSfvck zL<86KeL4pest3B_J~i6zht+bSIM{Eww{C)xW{?ycwrrW9EzFn7NYmo z^+93So*_=$MF!$Dx47?R0pmooWuhC@8k$Fb!oG0!S-q%}aD)dJ*=K}lMYf;m>p8?ZR0VzK-A=`KtDUmpTl|xex$gdFaiErql5~|T z4|?~!AOhpZVxJ1L8<>@`nd?|;2{bv}k89pKD4sMoDrle{V3}a*p3sVQ4|R8%G(|XY zj9IxSgN1_NeVp5ZpF)mh9A41_1BJp_k48OVi9-n$?!V>keroR8BSyEPTLK*$B(C4! zodPT7B0hC17uB1+F8?O|_e$O)v7))jnw|ODkUE2E0~QH^XqOnasc^pVD~RGX9Yh-a z@o?eqcVP@CX`iTF{>Q~)o%n!SFPV~8zrV5% z91Y=(_whTq4v6xCiRx|UN&7%Hmv$SPU+b>SB{ndGLF;(8?MzYRy@m!jhV4wRXqBwZ z)v4Q=RJiaU_=AgXM9-oWnDNYgWMbWrV%t|=3RYj8=jTz@;^?l;2t2&dIHlWOJTV?! zPwau%_lgsAvvyOD4t`gBA;wt?YQLiIOQrV0K?;@xZ}DzG*jFWVKynqnCn|++vscbA?9e&SpJsxy48LCTNxT&jz_w7kYgh> z*F}ZnED>{aGSxq5&Q8C+(tOA4$XGWWELRiuu)g#!Ob%g0UlmsQNz5V$wX-DoBcU8r z+bsXuc+5vQcRZN*qW4(K(m|q2o(Xav{cyT6fT3jYSQkROZGR80T6yvxeT~qmtA+?v zLRfkIE^#pt&Vav?`2Vy3jb;~2Wd!EhQ=R3)rA}=ts&Ji;-5sAW_R!-S0;GdW|516=Ar{u-v*IxZ;+ByY41niLN1-nPWFT5RYCW$N4)fF1pD5 zNiL*&or|+?t+AwL8@^9pN~+k1bG!P;e3m2#58En8)M%G}T<8NEQlbLk*8O-bhIyc-MlwV`dWQYghZBM zgv<8;%Ej5Q0r zS&6+op}IS0%o3XM@1hA_Ziz2xCeN+OjW}VBGn~)P?#muIF5B3&_$$&O+;nER0R9+L z^~-*{!+2Y;(!M&PEMcANdYIQw-jK?Ru5rAht>cSG(g=1C&(mHDES{6IZQ!-lq7mw6 z7j|n417qF7N}@k9pM0PIQlguFj(2+7Z;(mg?JkOY@Ep`}P+3w~hY{>InmS4LX?|-p z%}8{u;jJeXOYmgxH&7C4I(cjxUQG%7GO#Op9(;Pe5dUX}O4iyjGqJ;O>YbRPx%cxD zU;J>ejk&|3EA>&PsRK?Vi)9ddqLDXIz2$GB`tIELMV)%0As(SW4MY*|u$$&F zs_#Z&Ib-#3P|KBT-Eu^WLzo7h_I=hZPaeB3C)~~V_FnPIXnC9CS9(e?;*i2zG8X2K zUPP%xJ|E@$Jb$WGw(ypuH@95wL6}%B^F8#vYQdx%U(_vqda@2qh)9A$HG^onc+g#H~ns8E9j|3zK9Rj7<8z! z@)wlqXu@eCMm|5v)x8#Bfe3D3)KUie=xPM0bDdTKM zQ(>I$)(U2Ad#IUScAZF}RB6GW;gq3x^foN;={Z&bngcq>qGzQMAK~2aAJp1}@g)VDmT%jKdkz8gN4?$h zExPL0uQmuqC(MxZEW)KZhnK_~p*huiQBLT|%Q`l7VYw*uhTaAg2&|fHac7&$9N>XN zJRb$tQ}GhP=6NwIte0Q#+6nVl;!Xe^NUse{sP|j7)XWRItu@eN4 z^EaWo1Zey)^r*7sHe7Cnl%3EJ*RRFH;$s=*sXFcPYK~@a+Q$AHM6#w6=7ns5dA$YW zRjXN@6t(T3++)4D0l!z)Tex%}E@6IG-)GB?vx6R^Tx?Ts^qOhU%uSbmx!#@m;@uV0g@BJ_U6d!XyoAf8IkQ^Zg;G4NpN;vM%WtV#ZYXe_v{h=VAz`D#&N)! zmSs4n~?b)*9+nosFgsS1Oei*!hYvslwaM}-Bn{#Q-jyF46mf@AXUma`z{ z%of&K37iM){cknS-!XZBgDr2XIr2|*rQz&QDx zkLjjBFey9Ts3h3MN?`Wu;{1Uid zPvtVTl5S5U;Q@#1H>GvIe{+RfQMO)`_wJ)M{aE!9`F2V>+(IL1Hf$}fn)Q7p@Zo2~ zia?)-OW}Htq|W~DKmPVqI50LG<(#-M1l=oNx_g%V_QD4ekEMC`7CyQFJc$S&lfwcO zrR(eU^t+DfZkD^hnAYm@ptz;0$L{G|^{+Vj7xr(wT7b)#jfE z+7vHiNq@pFd(PEYQC*P1PG`_xYe86=Wv%){PESv!(+8)l!g=oEagPfn+L&9$j-Ix$ z68!7K@AZ7bxhrw+Xd?!H5b9BF0rOl4JAdn~WrJNCtXx)2DBt3%cr9Hr$l&U&mUbSe zUh}-8^P4l~`o8W-m1R(RXGPtZ)mZMGbbV^Dx?&m^4aXdJ2U~LHoYw`_Y|~7w-y8Vn zpL$F+ZGFk8;z@M&80Qy?x&Tn?H=~PgzVQSou&nZf=CjTa2*ZPxE1nZB;eEu)tFa$G zN1>xaz_`I>Hq-ZhvCnf-TQmi-gYFJSZ~tz;PUBjCZ+9ps4$U{ozr?Q03w!g;qWokL zJ{n*ZRn@vF5h%Q}Go%ey)xv6w8`0CK(@t$r7?F4jlL{j>=XSgB zP_%3JLAT4s!;PKpJqSUs0_gA8Tg&~l9cwkmL_#e>!5;o`!S1wz8*(K0P&4WNB$a7A zn2OF)E$(OkCFbH~ShDDb(uS>us(5t{ac;6qV#i})syor%W1eF+K;-**!;{OFV5`cO z;eRz~ihp)eo3(;bQ~^fpS2@Y`5hE568Q5ef-E4;WHow0ms5nD65(z}O_pthF(For+ zE$#w64@SPld(O_CE+4?%S2Kjc?Q*}e$F38h%I4KYg>$V?B1EUDxA4YPvr-T|@gA?z&Y9|~X_81-&{4YYu6kGsM zg>-O$pR}o>=p5U%^2|3Lh|=P-fD9`d^Ny{18ea3-E2OXb|I%5eFaLL+H85%dq#AMU zhw)#3I{NIdsK(eO^q#i0uSGSExV09OK|@!%)%L`l^>C4CVi_tg^|1TnX_hl64ksBL z*T~0!B;ID9S8Oq4KIXQRvQtRS95HPSAeW?_9+@D4;lNGX{M;MqkeVG9X}>K=wep+D zFJ9AUmY~VgZNOT8=2R&vYmoz^%g=}{icHLlzBLWCAV}`o#O#w91VZYH)&|rPUAvqa^?>N6&6LFJxy)N+df7}~ z%(ASjhL(x3_54eQ^1O_odsned{^ukh9aZ!sKPqndr4{ zi!eA%mIx8Pp4!Sm`IhKt8&X^3kJ<^OruYlt0xV(phmY7cTQ(1VtV1Ywf{drVaxQtH z{Zg#zJC&Cv_b0QUcsu0w4}!?(aAk3VBUITRsZWKF5#$rC;gV`i$x(fa0OLWsS9fRv z3^c3md*G7$P5+HDOg&fM$tAumSiN0(9FtNXTK!7FBlnGmmJW+uFjUBq=bFFUh+aHH z5$U1}nYD zFn1ps_%*WngSiRHA-Uvm*Uyo$L+-eG)IvT#mxPTmcE}u;U?+?(MqTSz{gbAY_sDaZ zWAHMy-Kw1kRy?NARk$h|`m_Vh0wrWgDicu}O9ww7T*u=RaS ztE$@|j%7yK#&@(#H4CAKGNQEj@Y^;t87aq3MQ84VVI{Sm)`1YnS!d|?rAwQp2C2R4 z#X(_bahN#b$~gxW{r&m-nk--vW6JPT;B`ziLt5Rvei7MdI}RuBudNV;KbCy%-CL}F zlvu8tbE?cVm;dx(FpK}t(F^G>q$}|OXS^K;o}*QgTxh&l)T?IVa*(DB#_54a)bfA* zyLzKZK4AJdqaWwx1$fD=O#OoA5j(23!?^(1sMDnM@cBUIZRFBJfnXj>maX7hwJf)%kC)YSPw zZ$Z)QX^XoX!IR55(7PzKj+OOjtf-q5IMeFpS}?bVX5X>&R%-sPb8k_GowG1a$P7I3zk$yswDA6KwFt!C5*#5!jItZ8Lj;a zENN)rYpjpiRIS-#*g+`@DNj~Yqot0-R)O5r=1|QV7}QI*!=gkfL600gdKw79+o0H> z&V<)Yi)*x&B0$C0;+Ene`Zij6&CL~pBv0-?A|UP0ZIdLFd=!?Ju(W93ofU34te0k$ z@?UQN!gBbzZ@hqdDnW65_1vmUSL#&m(B~V)@1k~#6rbP#^ec#Uvly4{N_Le=?X>jb zRvWU>uSE7PYgYRiKzBGJsn)c2>B|z09%Wf*e3j}e`H?#-B-347dij?N_KwTeQ^H6* zO|fOOme-)luL9p1y|3i*)O+ERTUdyiE~kPTMg;Nq9ZyMUvyeUGI;@H6Kl4)`VYMN+ ze((nHz>u7gF@9mky2g3*xv~OT#ENX;SE?Nr?!F8qNi_wG_hlo%NgW6pXOPdj1Teup zUf7nVqv~O5>{SIKoNbl#nNsP-5!JiAMF!;5(Nk$p!R>eHhQLVpnP1*gq*mbelqZ(H zRVU8Vjk%OPx%7^{GM|}Ma5JsV5A50*)t|pTTu@2*5Y#D_dy3;h@Ea%^WgPL)wcNYz zcRlRY&sICb1=Mv6Y%W8e&g4~#UHw^)FU#+sosn=n4sMFBcN5sT5CG;O1r5V28a)OD z{&uNZ_D`uu(S$mRu9uYbY|WLHOYJm0Wf%?|LH-To#;>k z-R^2r8atYRw4TKOl(RVuxzs1N$F{B*K1j&GosA+r!mgC+un@!xX-c8j>C*pSqKK4O*L zN@rTmyLqB&DXDnROZaawO)GHw_`*5d@Asr0B=Bx{Z&-IA{8aM|^APtv2p_NucbBj$ z4Gd+@ThgC+tB-`2N73S^{_Ii}@pv(@kkq04AMfT5FwGfjm(pMB*;1*rXKNYHg}tI*e0=Jd--R}%8DRWS-a5>wKZ zKfX^NIN%H7mf)O;(NX$Nb{|0oqyMV56j(6RVC0!G)X)O!RsF9u}tc~*RJ_=!i$ZMC_y0xuMQ<;eG`c)&wl^L-ZJ5=Scg(vsWgRpur|p&h#x za9^AU#z($5pt@6EsgkOh)NU^iN~A4g=Dku}`!Big%1<-xRoB*k9M^;^13P5q?{0HhH^F&;@m6qXt9LPFG4d5rVnB4qg)PJJ#Iz zcC*?IK6D3kH=p_zt>k~jMY4I^7X}X@u#91cUxSyAa40V`mT~)c6*>%!pP8G>&2`dD z*UV^dWl-$t+S}-jFW7rHm9pHO)G4_I)MfuYFs?B* ze!ldYX7h{0e#>^xuomt9HFMf07IC)u#Dy2DYvcOtlekQ-^o-KxJ@ZMc{hUF5AZ)(T zO1G=_{OM-qaUxWxNy&e=Q9AU(!?slQ(-#HlJNL6sD(h{nK5XKW?_GcLM^a@Xt&bTN z2Nr?=E+;IsJo|4!yTtXJyM)(zBbmOhv7pl*%dpW9-(2eHQv=1bOT)vsA13m!v~r5L zX$avD*zbCljP-8Ww6#x%HT5RcNEzXWEx3OBHztsR+Du1u*e4eXtP0Il6eT|~u*~lX zwE&~v(`~ZD@}tS}$6igPZH&$1Ya;7~jI?VBkq00EErpT6MOXQ!RIgAqvb}5KL<=Ivi;A05&|1!2Fjw!W-prt z$i!KldMHq~4egc^U$w)vB|a{`-CiZ^8w+@xrfvF=)a}`vF}Up}p#UAS@C9o8RR=uK zN0JsQQw;7SUS@w%VGXqSuIlF#}3qe$YpxBSM7{VR$jz<75O zvMvJ{aAm=*0xz9jc<##Y9VJ20p*)qyj*kM5*O*kQf|J9+{1 zsN2BXP||og;(HDKHD&x)DEC5Kx|Vii(Iom!%O91Ta=S(60@kuoj3#S@Z&%Pi)Q==t zzgB7n3-HxhW|wfK5)puZ3ZnV`yz=SC2#oI55{2pdcO$4=?~X}dFj^l%26eH*T#wI- z3?^yVZ_miSuk(dY5?M5OOqzXLxTjL+U`J)bmANz*^Yxx4oln_~NtZ+;t|dA_V5bmS znksQvHQ6_f+?hS9#uYSL9ZkHevJ0|>!QBg39TS$h5+{R7K*5&0edoGcZj|QB4z-~{ zX+llewTQ_~EAb3Jd2G^x&<7d8aSpx^#91@4-cGO`R?k2%U*XNk4-IjsxicY4)QA%e ztzry*adp1ZeDYgw8{1a1+Uj((BakL*Fl+U^-1S(-yTDtCOxwoaidW%+DhDNhJN2)i z&r9x9K&b9il?7Z5tzeW!<{LfER@ZV-&x{gX@=QOaf3bYbIiT>Za1Y$fRUUN|uWI+F zohf!g58$+qVbReJ^5V=bbh;*n{Z)+qPrP#5m$^!qz6y^8!+`fLBPvWm8SAGmbc z@z#)^u-ot8*~5oQo6Ut-M2N7AslUmu`Cy{1`H8CHC^NxrBOl<%XIV-cLJ+FUBzB=C z$vSew)9uPL<1*VH{loesZ^g2)&ezR+{LARSy{1}EGFz8X&h-3UVK!2YiD#Kx>e~8` z#5guDt6hQL zV&|thi}Zjs>MY*nNZ~g&amMG{(6pN)Dh$CJA}Mmzr_5SiOe#t5X!`Im8EYZ_9W(u*Hs-Ky|#JP3pW3_5>?VG+=;EB+5=FEt<+3)s1-vq z_cIJQLuY;=v37oZrFnV5c_xZ77d6gv+*hr2F~8D$gj8%`mq*N&r_EqKz_eGLlugC6 zqIj6LT5o1Q41-9B?csN3!@j(DZoO$UluSXy^&f7){>@xtlaLf;bD2;%DqZ{bQlwN# z6l7ixw+L4Vlc?7JAEbZfSZF3yC@QX$YYxeLA5GXop1QD0;si=eIKeaT0Ta7Gd-$Ce zf8xAN;ECTYnGZkNJc@?*N-~Pr=Mp^fkfMRcTWhI-BlkEqm5knS9mS}ok^0Jzv;4Tn z+@0I2s^Q7731#k!dKbF$ zeEP9a#v^tKdjxuFY0PT8Q((7@bL3l}!G<17q&U5}KD8!8tykYN`lh~=XXdciFZr4C z@>As#mSifxXnydq^(gePYR4G~%ehib;+B^(`gE7^$O$3(d-%#qutQ|mnC0Ut_kHHt zgf=WH2HaXuLO&mo4jjH+oj!UY>m*l_bf|!YF8)kS>P~Z)V&b9w zZTFbd@eKd8Y^1h-AJJW~LTb(BZbLtUXoxu{0uf7^TUn`*gLi;Dt)22h_@so}&g#lG z6YgP5TEf0s-2FDw#&g(M1MeKy_wc=WVwuDVQ4B60W7{<|guOR{)C|fuVWYNl*#Lbk zXGXK#zd{y~`Z-ETcFvlT_U`)*f|ow&hKU6@I)K-9omCEma z!Na7YUwV|=y#Z9puT3k`IYq7LzA(C@P3uLd4KXd4ygyg1+wvEXRV#B7_NU0u>SH- zu@i51+Vc-@}!Nqji3Ap;egCijjiH~+q% zdV<3M@;c>5Pv@>UQfzRHZbwi+?5n@eNBQx`=>%;he6E{Gk28m9Ybq`uobuVMhQ@e%sWpF29&fn4#)gRJ9(e`x=8~KWiPbuk&I#e^j-)0O^&lvbLV66)ntshmVqnsoe9c^pvDFF{f~n-I|-fW(IA8z z#`oSA(zXY=GE$|h`E)~b|D$f3MniNOuDnPK_OUqo3*w`sO>vMs!KAr~OQ2M^*tm%J z4?EX zBh>o3li@~evkh7H^rL8?Yk8teQ(D?a*^>Q7D0l`(SD1LCb4&*EF+HN24iXhzuwQRz zh4lschX!uE94)K4e#gPb%^=yyAbdZV_5ziWkQc)cp(|`#_op%Y?jtC1C+tB&zYBg= z^d8rrVrJ_hz2rqp572f$`Wqzi`AI8Xn)-hDh%kJM~N|?#|L-NS~Qs7bI{eE+lX@v7`=&Tx2Si*1xAv zhUbK4FS|{jzl(b(K`v{}V=UD!T;5oI|4Kcp?E-cEHdr|$8hnWE@>n;186)IZgEXG! zJj`6%KzNuSn5qCv#n^3_E)L#3|R z(qzoEiWXB3TSluiB9SR;eCEVg7IEWvs6T7cap8z!D0!p1p$%r*I9{1A&Hs%b6uPFi z*B&{L+3BwEcBqEh>w7zSJvYkGQXXp@91AOj47BTlNQj^$vY*QQ1SqE;b>N_>>px$G zjDGP03#nBTur${Aw57u}UO$Q~)ZP?z@Ec(kksbeW{9)j7+%!92>dz6r^ge<%9? zv;bqEou)2#9y^`((i_Hl?ht|!Z6kRP`t1{McS%o*_{Q!4NWiTOq;i1(u9iH{kO%eLD!uBI+D}83=;ZWMA-IOZlG8Z zi1^0OipBxs89Z&yWqm82`>7KXL=Td&JLye(NtJg%rqRuwxwMut8-DDpu?KBx9svCN zO1#_Dr6^cTy8)4R2i33?$~ts?e1N~3W6MiJJB4V^D2MPBg4@!4^y1flkok-v&;;LF zndV9t@2I~yQE>F4UJdpARysX0Vd{&7rRxr9np7OGt;Pzfa^VRE*NF;sVO53+wP6-0 zdP-_1B9wiT*pb^*JmRoAwLSCE`;~6g+wpRsHY>lz>YUrPNyAJGCg4u|@1nB;+efEhraxIM&CQ>~4SOw}zu7 zT?yCi^OHB}vnj?JR~%+CZH(m*QS5H;zg2(hwf*xy@idN$w5pOr2*QDJ#_DB=t%KE# zq?%gS*=Zg)Y%YgetTlCnQ-0cs`>ij2NSD^}LOb>li?+0ed9CNtItQGJ0WaKW@6(hC z(U*)VEExymZ0<$oQwtZ(tp(lJq5W^@qZjL%m?mjbd9@&23rX<-dNeiK2g_aU=o9i3 z3%hSL^{J?eytO%87S;#ELd(P#r>zH1=yAVu_`4E&{pldB|MfOW)xp&j;}>uM9TAR; z7kIE%%{4-#HF$_8gQuI^Dnrr$6rd-r@i9VH!;$xGB)3t){3R48^4@odr;%AynbvCP z(IP~~-vxc}=w3S;=wjl@minlnjTUtWQ3pZC%L%aDpN9V+ibG9i^L?N&79~p>4kAlR z?YuD=fkVhnb0fC>sPV;e;Wsm%K7?y$K1*;!+`K>;1plZR6b2rg40xkplcLEd{8!h! zrz3;v8BGA>#zuRT@j0Uil&n8Df7lh18zte_Ttp~>!1oJWP6$YBr4g}5I`4dg7TXMV zS4})YS*tzgklCE=mnhJM_9i4I8{f?vreyR?Gi;M}Y zBI&h+Yit`$$y#1VB5pd-&q6!scl{u|GszyI$1?VUZ2>tdULpsv0!T9#!v@_c8}bng3eJjJ6k%q3{0;z$v(okaWX@ICs!tUST3 z5TMoV2tHx=a)G!{cK;JO*~Bg*TqlM+@YSm1yMyt>w7ep3bv1T4(ri8NZd~+B$f8u|9P!!f!MA4s?LbE+_OZvmlQy7$c*y=vjlQ$6p=>0;nx^et>rnj|HpV%mU zpXAcjS^tAxaAvFn)YPtg>RtQ`5vY}n)eQ%mlRW*$ z7DkV2E+=ZNX!Y3JBLL|`%G9Aa*i1XyI^v?YlkQMyk%t;PWCswX;SuPh z$|8?J)WxtCdf<9hp1cODkpTPuD!b~3rrz&Ax}>`mkq!|QWFXQoq&p->q{kGk^J?EU~^m#pZU!PU2EK8(Ps)Ad)f&)i% zf{aB)T=S40@s*uOU*z4hxi~I^u?LFZbeFMwP8X;e{<6Mn@0XS1Y@eh-I zM!g0aErVJshJlGemUhHpFvqt*XA-S)*PY@x{1S1g*F{@F^a{jx!qz_fOvU`QNf4q^ zAhs#a12Vtg00dW!KQNtr%;`6!uK&+2AB!UWOxF!R*|jQ7n~Z>|R(my|eF5|+muSm{ zZ8YuCRjB(VNB8Yjo1>GG!{CzWD^vf)n1;p{Fc7kp=F|K{MsE`7Viz*>-Avc5f9D4a zDZ(w5YNZ7=pJvn#|6zEx|M6!*1IX-YQ?m4J<$7}@T6+U8TNWByzun12W zz}FoaUi#s>AEHm-V9=c~Dp?J^k4&I;_2KIxI_*gh^kiU59&Gm*U{mo>&dC-Ij`lY^ zW@rt}iz+xwN@hFmStQJORd?C>lXuoB3mH8#9yy55+oa9S%N%+8QW<(sowZL}S}d}ys~iZ7ewH)bfQsNWeB5XyYt+6CG4hby0>)Hy`as$i)L?=~*K zWj(IIMUG%o#E4oWN<`rWXIGqbQe5H0Uoxjtv)wh>*^7e6hhKa%&jmJxg3jHMyTB=h zIheI25$}42iGlX_cD4wk)cJ*OmoMjutN8=V>;2=NVgQp0#0$#2^Uw6HQ9{1|<9g^L z6CW~Z^>2vq)VSb}ASEw^S8uQ|dCHt|dqeaE0yaYa6JNQ#gDa(%Yn3HCUrnQ~dQ{;vacbf@cU-fgKM0^x?f zB;{Bo8%!E0L-3y%Kv&&@pg%ILUfFDIoL(2$_C?niRA*oc3u^vtia(q__3T1PZ0Y#_ zgrt&oH=eIJ{B3@GzBV&!{#yPcWK=aLy{ywpZ0ByOSGwRB%+&o%mR<<+qHDS?3%)bO zw!v(-`~JFU5onSS*YpJ%99@b-~c%lvC1($)S6E5S>V4`0@5^im%%>zOG*?2^gj;X>lisUw|Keb>IC zfyww+p6)^RJ!=;J6wZo~GwOoz9Qe`CsKsty@B>{FX>gZbiM+T(ym{WEmtrr1DwcYa ztA^+oIG$W#?1>5--GicoXZB*lD74+ZKG-Tl<v@*(eY?%ucISd|VaZEs5nsUqVz@u!jc zwtXAm?MUdCT;!mDl>cOE2r`&hf;RvS^o0SlWHf$$z5{hypNRGY)x`FRE_P0+HJsCt zE8(GPQUCP0N z>T)l3Wakh$Tt_{VhsUs@DsnerCg|?IpD1cR=l8FaX1lIVtU=xhb07#IsyJ&HwaElk z^4$gC_&%k)VjzJi)LcPg%eOdZL-qr8uHJy~H#9DJY~lox01l#mWAWo7X%9CPYj5;U zG1K{-UJ3~tV~DSGvO;vIF|@bUwRK-4;rRUCqOsVCT`E~De0MlLZ&e z^Yh|Da}77uQCoRw-ZWxGtY`G_SHbrEorzydZ4V^OX|Dd;lVK6UQs6KT%x@AncLu2L zvkZ0Hti)1c2FoH{FWP1U3E^jFx*7xg)L<@Jl1g;Er*UEp1u6=RwIA1&C!95lsQ5oa*?pmVCkJza4;M8Bm%aVZJPOfs@ zX(L}}u-e?^>!+I?*(N%A~9z%`l??aGWiX z+#?cJ)fn&Db(EW}+#anXaKf{H@1D`SgG1dDPX8p8!&$0du-kw~udejHa74qRSHAa4 zKKneBV3~rU)gf~sf62ITH3|^(RH7;pNDu}*o~g6zLguIiGERtCJ7{hsGn<4b1G*qD zLyvx6-NhmhsdD}v%yRzthKf*J375mUgyy6;F?|i+0Gfx?No$0vEc|u8ob{sB_xU>~l(#pKqQpmMk~R7fp;HDtcka)74)hgCJjuT;HAkdFd`D?_rJ0+s zEs=k4pkqFqG|8Q()#(T&K{4T^YQUwX^-yp2^Pi2{s2s->A3?<6%ioF60w{){?fHrF zO9S@Ggdg%#+btz)QK17ioC8CxlYPZb1Y==Q4i`M}(XWFJR(i7!I{2k5L~A{J1U{cz z=!u=+nYnyAuQrn8mY)63j!^VC$TsJ;*`0`l52hg!e`$ee$K=MyHVDk#K6&xx^Sr1d z;3~W&BFu%ZEz?9qmX5?=(tf{57k*nvKW0p)dHpecOo%W2dCmeMxa>2HmfhY3m)@q= zR#VBE(kP<1@X4MySd`f?O5=_4FlYI86!Ko-S-`v^-=+RkX#?5k^MtaOBhmttSKJlR zP@(xsAnJO#kU;(mFu$(a9NW&&*C&lYr<(@=X8_w8AmYX=X10>lcZD39Mr>UDiXZvP z7Lmw6O^ljgPKB!K+dQ`K5~*#bY}euWM+|~8@mOz?*SM4H!iKC5qDe5*;_^?1Us@1id0Q{lOx{m;|c@9#2K>pzL zaesb;=!!Y3MO+(olac^Z1POkyVu(o>6SAxX>U3I4bbSF@7eH z*heQI7pbpRDAXd+ZYEs8d_Q<~oG$4BC9Ci6TQ`%sfR0F;-3q;LE`pY7^=|0rDHhB% zN2f(vpDNl*$$WTrdne|M_+`TLGl4&fZN-2HUk7B-rtBPhJB7I_lR2&%fBb20gi;yh zpVCe{K|c2&!KNKYppOV=1nt@x362~_Y%c~2iVa&kYnm8u!~=G3c33)qY0uKPOt*QC z1+c~{F##KBD9|PqLS)lNC z5n|d%dybFT+d4^xt@Np7aok_T81J^Grs`&bJ=QI?Xk{)g@oAYhI{AcE)o~TE%DNb= z0y;!UB6e?++!767P`3s?RHLy1Y5;*K(QD~CF|#n+mvtgpSqJml#O$@WxN*lWYtQKn zVlF>LWSg@!G#O#8qS8iayQ5KVUdx2(#OdzqtJ4u{gEJg%je4n39-O*B=2jgeXAVUc zGF{`uzNww^XebC}RV3>UW|BGiTWhamOE2T`V-m!M1XA%J4}v73GHwaW)hAPY1x%-6 z%2|%X~h)c9Yqq}@C*f@G)lV*#h!YNzXj9b z@d`7VF7W%lAI&lqcYce#aAS7zdeQtgiGfGr3Xdhi)o1abhDF3XFWXa+F0t>4>bK@k zlf@)}(cJM}k$>UJZrimIfCK^uFsK`l%A1P*2^JiKWa{fmEWyDd$yCF8=K|z)^KGT# zpU-I=kZ(z1tp>N3(VVZ>ZelCVV=} zdK$;miAhm-zrFKtNYLxogjCuSE6TeAX*LdivdKvd`9c49iYQGKC31g7nhTNP>-F(x zdPkz1f>)Y7cA-fu{-kIZ=aK~K-*+8`-76n$%R@{oi@Q1?l=_md@g5SDR1`)wnNdB> zT>0Uc*|*&4-%pKS(uD|2uMbkO7YTfHi}!p}R?Sh}cacFh4p2KGFbj7qrxG)Dd>cktA#Jn`aeA#!8 z$Q*$A9K_4gfB%Sb1^`X@Bdhv#ApP>iGIe&;Gg(I{oFq@!S)PWRJDBc9R+Jd>{KTTY z(o+Oi*6fND*7g-zoVR8^|ITp~HIE;`)9q2}?gPyYn3%1f)3Yt602aHl+&!!7_<4zb zWB2DQT#m$SgeRH+oIi{;#FrsUsg z1>Q;vq=DBzKM zIrgGsCzp^c+V&vE5Z0COuH&pqs}^_qjnTK6IAw2z3KMgTZR>l<8_wSL67;!)i3hU{ z+g@b#08m?iHA~q?kvRFj^5o>LMp4d#FB;k3|BG-U2qrzzO#ii@{|!cD7d@0PB14K2 z?BpCg@&dE%lTQs?NE^s(XY!5S)#{~dy0o?uoc3 zpw@~tLsu1GJJp-A^K@Aq|E&v?m5vo zacV*8PMP;A2ZR8oTwL{Ge^mr&o``&@np-Go6y)qw16f7z*+f|7e4ifgE)7}_LpiNY==GLuMe?eCFMm?g5psI!b>7}7Fg$Fp<(kWwTBXxe+ z(fP(D0A+w`KJF=yef}dPpT1>5Ipk~rIAY18B5sv0K$D&~w1q%wdfOx*(l==_*?RB@ zs9+Z(0LXyW(?WB^x9K=!ir-x-Vv8xkFMQ5uQii_AqeC0oq_Tgu-2?E#15{1_z*l&C zOqP9w{tK<%!tTX@&RiFQL~t|UU@CxDTZiTckvJiL1X{iO9Qk1Q6rSKT4)t}USurb6 zoU|_b@L7JalK!id*h1Yq2<= z{~w0XmiJuqJ~B`ADKYVM-CwKfj!bSCRZDnw8y_$NHPK@!clvTH9vyH(eQGqh?7;65 zsV>~Icanz`7WSbDkJZc|%h|47R+c+H_k$8ohkAk#JtN{IYwJUa4I14^MyIGTluYf) zD}B~!iXZPuEgN4IXla}kDrk?E*G=vFr4D80;9V0-qU3bEhLq`HZ-H_WD65s*>74>15L1%gMo!Gs+6W)^YEz?FBOxy5X&jn}_@h8HcEPwJs^j~tI` z!yC49- zKUqRCX}8aAswvFO>!gvc_4Jx)W;5>4ID1rven6YROV4Uyuh6Cr@1}TJv)=)gdV}9_ zxX8Mb?GYz50U}yZO!&SQAzwE8hc_+bat4%^x4>=vX-e$z3)#J>p^X)`q~l4p8T=Z>}sQI>!nyv2{nFD8ma0{BQ3$F{~6K}d6 z3$0P(XHfoDSOz$>4V5}Ynnqxo=$`%NEYsyh2;jzjFGGdW*+XaL4^@hgmhlmLH};=V zMYQ+mKHx`Rm*V)b=s(yHe%i56OR4!t_jjzdgPW)Dh ze1$^$lo9tzdK7JbP=wwAZkNLWW8V`UiuCV>AI-k3 zJ5S-eL{^S48a+in(?w8rYt#ka2^0><&pzDghV8I2=hkqr-oCH$ttIP}@B|kl_4=I3 z_3+D|&BR4JjjBoof-xNn8jpXoHJ+oNM-4ZUU0_qUtuNVS ztvV3LMKsg>xh?p#<D@+rNIN;=wDZDoK@-&osAQQsErh~vG(^Qx^1%Yt9)s^H8NO4nN#|nT1_4$+V zvgj`dU-~wO66;I_M6!^_k}9x-lCqDadTJnDv^&kLEM=Pe(ASR^WZy9M3f(g2f5oqH z8T`ukJ*(j@0_&q!%p_{~d_zyU|FjYESqtj4shH3|B&T=$K;^1{qnS^#P^R{5pD;dD z`WLh>-eNof?&i>)97w5R_c)c~8CbZBsk?AT3+~*rIdIi#I(#-Fg=UH69G#G;VPQn) z`)G+sTg56{F+?}#eng43UdlZHfmmThmWE};s$*&0n)}5Vo#x_M1GnP2u~cf11$7D& z2n1@=tTt~h$S~HP%n*;M+R%sB!*+|`^Y@XrB~K=k12=%m8#s*mi@JIritiYomfpWg zU)4zJ_8D6Wo+&*MIX?Z;|2*hX@U{2k#qY~kUN}33$2HPLabw$u0c_ZB|Nma&RKXzk Wz^L&GL;nx{GrOYz literal 0 HcmV?d00001 diff --git a/docs/assets/semgr8s-logo-full-light.svg b/docs/assets/semgr8s-logo-full-light.svg index 3017308..28807af 100644 --- a/docs/assets/semgr8s-logo-full-light.svg +++ b/docs/assets/semgr8s-logo-full-light.svg @@ -2,11 +2,13 @@ + fit-margin-top="8" + fit-margin-left="8" + fit-margin-right="8" + fit-margin-bottom="8" + lock-margins="true" /> + fill="#13bf95" + transform="translate(8,8.0000004)"> @@ -51,7 +55,7 @@ + transform="translate(8,-10)"> + transform="translate(8,8.5727708)"> + transform="translate(8,10.015627)"> + transform="translate(8,12.015627)"> Date: Sun, 4 Feb 2024 22:05:29 +0100 Subject: [PATCH 4/5] ci: nightly jobs --- .../workflows/.reusable-cleanup-registry.yml | 10 ++-- .github/workflows/nightly-build.yml | 27 +++++++++ .github/workflows/nightly.yaml | 59 +++++++++++++++++++ .github/workflows/pr2main.yml | 2 +- 4 files changed, 92 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/nightly-build.yml create mode 100644 .github/workflows/nightly.yaml diff --git a/.github/workflows/.reusable-cleanup-registry.yml b/.github/workflows/.reusable-cleanup-registry.yml index 2bef523..66d0d79 100644 --- a/.github/workflows/.reusable-cleanup-registry.yml +++ b/.github/workflows/.reusable-cleanup-registry.yml @@ -9,10 +9,10 @@ jobs: cleanup-registry: runs-on: ubuntu-latest steps: - - name: Cleanup test images in 'connaisseur-test' + - name: Cleanup test images uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3 with: - image-names: connaisseur-test + image-names: semgr8s-test cut-off: three weeks ago UTC+1 timestamp-to-use: updated_at account-type: org @@ -21,17 +21,17 @@ jobs: - name: Cleanup dangling images without tag uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3 with: - image-names: connaisseur* + image-names: semgr8s* untagged-only: true cut-off: four hours ago UTC+1 timestamp-to-use: updated_at account-type: org org-name: sse-secure-systems token: ${{ secrets.GHCR_PAT }} - - name: Cleanup all connaisseur images + - name: Cleanup all images uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3 with: - image-names: connaisseur + image-names: semgr8s skip-tags: master, develop, v*, sha256-* cut-off: four days ago UTC+1 timestamp-to-use: updated_at diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml new file mode 100644 index 0000000..1b1adb8 --- /dev/null +++ b/.github/workflows/nightly-build.yml @@ -0,0 +1,27 @@ +name: nightly-build + +#permissions: {} #TODO: reactivate for non-private + +on: + schedule: + - cron: "30 1 * * *" + +defaults: + run: + shell: bash + +jobs: + ci: + uses: ./.github/workflows/.reusable-ci.yml + # permissions: #TODO: adjust for non-private + secrets: inherit + with: + #TODO: adjust for non private + skip_build: 'none' + skip_compliance_checks: 'all' + skip_unit_tests: 'all' + skip_sast: 'all' + skip_sca: 'none' + skip_docs: 'all' + skip_integration_tests: 'none' + output_type: 'sarif' diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml new file mode 100644 index 0000000..96f8a3c --- /dev/null +++ b/.github/workflows/nightly.yaml @@ -0,0 +1,59 @@ +name: nightly + +#permissions: {} #TODO: reactivate for non-private + +on: + schedule: + - cron: "30 1 * * *" + +defaults: + run: + shell: bash + +jobs: + build: + uses: ./.github/workflows/.reusable-build.yml + # permissions: #TODO: reactivate for non-private + # packages: write + secrets: inherit + with: + skip: "non-required" + + compliance: + uses: ./.github/workflows/.reusable-compliance.yml + # permissions: #TODO: reactivate for non-private + # contents: write + # id-token: write + # security-events: write + # actions: read + # checks: read + # deployments: read + # issues: read + # discussions: read + # packages: read + # pages: read + # pull-requests: read + # repository-projects: read + # statuses: read + secrets: inherit + with: + skip: "none" + + sca-released: + name: sca (released) + uses: ./.github/workflows/.reusable-sca.yml + needs: [build] + # permissions: #TODO: reactivate for non-private + # contents: write + # security-events: write + # packages: read + secrets: inherit + with: + image: ${{ needs.build.outputs.original_image }} + skip: "none" + output: "table" + + cleanup-registry: + uses: ./.github/workflows/.reusable-cleanup-registry.yml + needs: [build] + secrets: inherit diff --git a/.github/workflows/pr2main.yml b/.github/workflows/pr2main.yml index 7dfac1e..6d9633e 100644 --- a/.github/workflows/pr2main.yml +++ b/.github/workflows/pr2main.yml @@ -1,4 +1,4 @@ -name: pr +name: pr2main #permissions: {} #TODO: reactivate for non-private From a22ab40ce312b17dd90c02a714b5dad830aa203f Mon Sep 17 00:00:00 2001 From: Christoph Hamsen Date: Sun, 4 Feb 2024 22:18:36 +0100 Subject: [PATCH 5/5] ci: avoid dependabot duplicates --- .github/dependabot.yml | 26 +------------------------- .github/workflows/.reusable-docs.yml | 6 ++++-- 2 files changed, 5 insertions(+), 27 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a53094d..bac4996 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,32 +12,8 @@ updates: pip-packages: patterns: - "*" - - package-ecosystem: "pip" - directory: "/docs" - schedule: - interval: "weekly" - commit-message: - prefix: "update" - insecure-external-code-execution: "deny" - target-branch: "dev" - groups: - pip-packages: - patterns: - - "*" - - package-ecosystem: "pip" - directory: "/tests" - schedule: - interval: "monthly" - commit-message: - prefix: "update" - insecure-external-code-execution: "deny" - target-branch: "dev" - groups: - pip-packages: - patterns: - - "*" - package-ecosystem: "docker" - directory: "/docker" + directory: "/build" schedule: interval: "daily" commit-message: diff --git a/.github/workflows/.reusable-docs.yml b/.github/workflows/.reusable-docs.yml index fce6553..2919eed 100644 --- a/.github/workflows/.reusable-docs.yml +++ b/.github/workflows/.reusable-docs.yml @@ -11,9 +11,11 @@ on: default: "none" jobs: - deploy: + docs: runs-on: ubuntu-latest - if: inputs.skip != 'all' + if: | + (github.actor != 'dependabot[bot]') && + inputs.skip != 'all' permissions: contents: write steps: