From a426ff653fa5f8bcfd2c0958b84083f86b17c368 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 10:17:54 +0100 Subject: [PATCH 01/45] Remove docker build and deploy scripts as they are not that helpful --- 1-Build-Docker-Image.sh | 2 -- 2-Deploy-Docker-Image-To-Docker-Hub.sh | 6 ------ 2 files changed, 8 deletions(-) delete mode 100755 1-Build-Docker-Image.sh delete mode 100755 2-Deploy-Docker-Image-To-Docker-Hub.sh diff --git a/1-Build-Docker-Image.sh b/1-Build-Docker-Image.sh deleted file mode 100755 index b9f61ad..0000000 --- a/1-Build-Docker-Image.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -docker build . -t railsgoat:1.0 --no-cache \ No newline at end of file diff --git a/2-Deploy-Docker-Image-To-Docker-Hub.sh b/2-Deploy-Docker-Image-To-Docker-Hub.sh deleted file mode 100755 index 0de23a3..0000000 --- a/2-Deploy-Docker-Image-To-Docker-Hub.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -echo "Please log in using your Docker Hub credentials to update the container image" -docker login -docker tag railsgoat:1.0 contrastsecuritydemo/railsgoat:1.0 -docker push contrastsecuritydemo/railsgoat:1.0 \ No newline at end of file From e0be30b41506e395e80ba2486f7ec2071bc958fe Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 10:23:43 +0100 Subject: [PATCH 02/45] Move GitHub related files to .github/ --- .overcommit.yml => .github/.overcommit.yml | 0 CODE_OF_CONDUCT.md => .github/CODE_OF_CONDUCT.md | 0 CONTRIBUTING.md => .github/CONTRIBUTING.md | 0 ISSUE_TEMPLATE.md => .github/ISSUE_TEMPLATE.md | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename .overcommit.yml => .github/.overcommit.yml (100%) rename CODE_OF_CONDUCT.md => .github/CODE_OF_CONDUCT.md (100%) rename CONTRIBUTING.md => .github/CONTRIBUTING.md (100%) rename ISSUE_TEMPLATE.md => .github/ISSUE_TEMPLATE.md (100%) diff --git a/.overcommit.yml b/.github/.overcommit.yml similarity index 100% rename from .overcommit.yml rename to .github/.overcommit.yml diff --git a/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md similarity index 100% rename from CODE_OF_CONDUCT.md rename to .github/CODE_OF_CONDUCT.md diff --git a/CONTRIBUTING.md b/.github/CONTRIBUTING.md similarity index 100% rename from CONTRIBUTING.md rename to .github/CONTRIBUTING.md diff --git a/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md similarity index 100% rename from ISSUE_TEMPLATE.md rename to .github/ISSUE_TEMPLATE.md From 4702e91878bb753adfcf34292fc3e1bf03ae85e5 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 10:41:22 +0100 Subject: [PATCH 03/45] Move terraform and jenkins related files to thier own directories --- Jenkinsfile => .jenkins/Jenkinsfile | 0 main.tf => .terraform/main.tf | 0 outputs.tf => .terraform/outputs.tf | 0 parseyaml.py => .terraform/parseyaml.py | 0 variables.tf => .terraform/variables.tf | 0 versions.tf => .terraform/versions.tf | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename Jenkinsfile => .jenkins/Jenkinsfile (100%) rename main.tf => .terraform/main.tf (100%) rename outputs.tf => .terraform/outputs.tf (100%) rename parseyaml.py => .terraform/parseyaml.py (100%) rename variables.tf => .terraform/variables.tf (100%) rename versions.tf => .terraform/versions.tf (100%) diff --git a/Jenkinsfile b/.jenkins/Jenkinsfile similarity index 100% rename from Jenkinsfile rename to .jenkins/Jenkinsfile diff --git a/main.tf b/.terraform/main.tf similarity index 100% rename from main.tf rename to .terraform/main.tf diff --git a/outputs.tf b/.terraform/outputs.tf similarity index 100% rename from outputs.tf rename to .terraform/outputs.tf diff --git a/parseyaml.py b/.terraform/parseyaml.py similarity index 100% rename from parseyaml.py rename to .terraform/parseyaml.py diff --git a/variables.tf b/.terraform/variables.tf similarity index 100% rename from variables.tf rename to .terraform/variables.tf diff --git a/versions.tf b/.terraform/versions.tf similarity index 100% rename from versions.tf rename to .terraform/versions.tf From fb43086372bb62e728a1ff5f084499215f8f8751 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 10:46:19 +0100 Subject: [PATCH 04/45] Remove unused app readme --- doc/README_FOR_APP | 2 -- 1 file changed, 2 deletions(-) delete mode 100755 doc/README_FOR_APP diff --git a/doc/README_FOR_APP b/doc/README_FOR_APP deleted file mode 100755 index 2c9ee3e..0000000 --- a/doc/README_FOR_APP +++ /dev/null @@ -1,2 +0,0 @@ -Use this README file to introduce your application and point to useful places in the API for learning more. -Run "rails doc:app" to generate API documentation for your models, controllers, helpers, and libraries. From d372ced6ea75e797d1e847f2d6ef81b321824089 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 17:39:19 +0100 Subject: [PATCH 05/45] New Dockerfile based on Alpine and using multi-stage builds --- Dockerfile | 142 ++++++++++++++++++++++++--------------------- docker-compose.yml | 12 ++++ 2 files changed, 88 insertions(+), 66 deletions(-) create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile index 0074015..b0c9708 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,68 +1,78 @@ -# TODO: change to slim or alpine -FROM ruby:2.6.2 - -ARG username -ARG service_key - -# Add build and runtime dependencies -# TODO: separate build & runtime and purge build dependencies at the end -RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs - -# Install phantomjs dependencies -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - ca-certificates \ - bzip2 \ - libfontconfig \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Install phantomjs & clean up -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - curl \ - && mkdir /tmp/phantomjs \ - && curl -L https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 \ - | tar -xj --strip-components=1 -C /tmp/phantomjs \ - && cd /tmp/phantomjs \ - && mv bin/phantomjs /usr/local/bin \ - && cd \ - && apt-get purge --auto-remove -y \ - curl \ - && apt-get clean \ - && rm -rf /tmp/* /var/lib/apt/lists/* - -# Build and package the app -RUN mkdir /myapp -WORKDIR /myapp -ADD Gemfile /myapp/Gemfile -ADD Gemfile.lock /myapp/Gemfile.lock - -# Add Contrast agent -RUN bundle add contrast-agent - -RUN bundle install - -ADD ./app /myapp/app -ADD ./config /myapp/config -ADD ./db /myapp/db -ADD ./doc /myapp/doc -ADD ./lib /myapp/lib -ADD ./log /myapp/log -ADD ./public /myapp/public -ADD ./script /myapp/script -ADD ./spec /myapp/spec -RUN mkdir /myapp/tmp -ADD ./vendor /myapp/vendor -ADD ./config.ru /myapp/config.ru -ADD ./entrypoint.sh /myapp/entrypoint.sh -ADD ./Rakefile /myapp/Rakefile - -#Setup the database -RUN rails db:setup - -# Make port 3000 available +# Multistage docker build which first builds and bundles all Ruby gems before +# creating build targets for the development and production images. + +# SETUP +# Default Ruby version for this project. +ARG RUBY_VERSION=2.7.7 + +# Base Alpine Ruby image for common setup +FROM ruby:$RUBY_VERSION-alpine as base + +# Set some environment variables +# ENV BUNDLER_VERSION=2.4.4 +ENV GEM_HOME=/usr/local/bundle +ENV BUNDLE_PATH=$GEM_HOME +ENV BUNDLE_APP_CONFIG=$BUNDLE_PATH +ENV RAILS_ENV development +ENV RACK_ENV development + +# Add basic packages that are shared across all stages +RUN apk add --no-cache \ + nodejs \ + tzdata + +# Builder stage for building Ruby gems +FROM base as builder + +# Add packages for required for building +RUN apk add --no-cache \ + autoconf \ + build-base \ + libpq-dev \ + mariadb-dev + +# Set the working directory for the app. +WORKDIR /app + +# Copy the Gemfile and Gemfile.lock files to the current directory. +COPY Gemfile* . + +# Install bundler with specified version. +# RUN gem install bundler -v $BUNDLER_VERSION + +# Install gems and remove any unnecessary files from gems. +RUN bundle config force_ruby_platform true \ + && bundle install --jobs 4 --retry 3 \ + && rm -rf $BUNDLE_PATH/cache/*.gem \ + && rm -rf $BUNDLE_PATH/ruby/*/cache + # && find $BUNDLE_PATH/gems/ -name "*.c" -delete \ + # && find $BUNDLE_PATH/gems/ -name "*.o" -delete + + +# RUNNER STAGE +FROM base as runner + +RUN apk add --no-cache \ + libpq \ + mariadb + +WORKDIR /app + +# Copy the bundle directory from the "builder" image +# and copy all other files to the current directory. +COPY --from=builder $BUNDLE_PATH $BUNDLE_PATH +COPY . . + +# Recreate, migrate and seed the database from scratch +# each time the container is built +# RUN rm db/development.sqlite3 db/test.sqlite3 \ +# && bundle exec rails db:setup + +# Expose port 3000 for the application. EXPOSE 3000 -# Start the app server -ENTRYPOINT [ "/bin/bash", "-c", "/myapp/entrypoint.sh"] \ No newline at end of file +# Run the command to start the Rails server. +# ENTRYPOINT ["/bin/bash"] +CMD ["bundle", "exec", "rails", "server", "-p", "3000", "-b", "0.0.0.0"] + + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4fb27ed --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,12 @@ +version: '2' +services: + web: + build: + context: . + dockerfile: Dockerfile + target: runner + # command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'" + volumes: + - .:/app + ports: + - "3000:3000" From 37ecbcd7cc13fee21bbc730f2dca4d7c5d608406 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 17:41:45 +0100 Subject: [PATCH 06/45] Upgrade Ruby to 2.7.7 and Rails from <5 => 5.1 --- .ruby-version | 2 +- Gemfile | 7 +- Gemfile.lock | 421 ++++++++++++++++++++++++++++---------------------- 3 files changed, 237 insertions(+), 193 deletions(-) diff --git a/.ruby-version b/.ruby-version index 097a15a..1f7da99 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.6.2 +2.7.7 diff --git a/Gemfile b/Gemfile index cde13e6..1644973 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" #don't upgrade gem "rails", "5.1.7" -ruby "2.6.2" +ruby "2.7.7" gem "aruba" gem "bcrypt" @@ -23,8 +23,7 @@ gem "responders" #For Rails 4.2 # LOCKED DOWN gem "ruby-prof" gem "sass-rails" gem "simplecov", require: false, group: :test -gem "sqlite3", "1.3.13" # 2/7/2019: LOCKED DOWN -gem "therubyracer" +gem "sqlite3" gem "turbolinks" gem "uglifier" gem "unicorn" @@ -51,7 +50,7 @@ group :development, :test, :mysql do gem "capybara" gem "database_cleaner" gem "launchy" - gem "poltergeist" + gem "cuprite" gem "rspec-rails" gem "test-unit" end diff --git a/Gemfile.lock b/Gemfile.lock index e53a145..3bebd2d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -38,41 +38,39 @@ GEM i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.8.4) + public_suffix (>= 2.0.2, < 6.0) arel (8.0.0) - aruba (0.14.9) - childprocess (>= 0.6.3, < 1.1.0) - contracts (~> 0.9) - cucumber (>= 1.3.19) - ffi (~> 1.9) - rspec-expectations (>= 2.99) - thor (~> 0.19) - ast (2.4.0) - backports (3.13.0) - bcrypt (3.1.12) - better_errors (2.5.1) - coderay (>= 1.0.0) + aruba (2.1.0) + bundler (>= 1.17, < 3.0) + childprocess (>= 2.0, < 5.0) + contracts (>= 0.16.0, < 0.18.0) + cucumber (>= 4.0, < 9.0) + rspec-expectations (~> 3.4) + thor (~> 1.0) + ast (2.4.2) + bcrypt (3.1.19) + better_errors (2.10.1) erubi (>= 1.0.0) rack (>= 0.9.0) - binding_of_caller (0.8.0) + rouge (>= 1.0.0) + binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) - builder (3.2.3) - bundler-audit (0.6.1) + builder (3.2.4) + bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) - thor (~> 0.18) - capybara (3.16.1) + thor (~> 1.0) + capybara (3.39.2) addressable + matrix mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.2) + regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - childprocess (1.0.1) - rake (< 13.0) - cliver (0.3.2) - coderay (1.1.2) + childprocess (4.1.0) + coderay (1.1.3) coffee-rails (4.2.2) coffee-script (>= 2.2.0) railties (>= 4.0.0) @@ -80,49 +78,69 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.5) - contracts (0.16.0) - crass (1.0.4) - cucumber (3.1.2) - builder (>= 2.1.2) - cucumber-core (~> 3.2.0) - cucumber-expressions (~> 6.0.1) - cucumber-wire (~> 0.0.1) - diff-lcs (~> 1.3) - gherkin (~> 5.1.0) - multi_json (>= 1.7.5, < 2.0) - multi_test (>= 0.1.2) - cucumber-core (3.2.1) - backports (>= 3.8.0) - cucumber-tag_expressions (~> 1.1.0) - gherkin (~> 5.0) - cucumber-expressions (6.0.1) - cucumber-tag_expressions (1.1.1) - cucumber-wire (0.0.1) - database_cleaner (1.7.0) - debug_inspector (0.0.3) - diff-lcs (1.3) - docile (1.3.1) - em-websocket (0.5.1) + concurrent-ruby (1.2.2) + contracts (0.16.1) + crass (1.0.6) + cucumber (8.0.0) + builder (~> 3.2, >= 3.2.4) + cucumber-ci-environment (~> 9.0, >= 9.0.4) + cucumber-core (~> 11.0, >= 11.0.0) + cucumber-cucumber-expressions (~> 15.1, >= 15.1.1) + cucumber-gherkin (~> 23.0, >= 23.0.1) + cucumber-html-formatter (~> 19.1, >= 19.1.0) + cucumber-messages (~> 18.0, >= 18.0.0) + diff-lcs (~> 1.5, >= 1.5.0) + mime-types (~> 3.4, >= 3.4.1) + multi_test (~> 1.1, >= 1.1.0) + sys-uname (~> 1.2, >= 1.2.2) + cucumber-ci-environment (9.2.0) + cucumber-core (11.0.0) + cucumber-gherkin (~> 23.0, >= 23.0.1) + cucumber-messages (~> 18.0, >= 18.0.0) + cucumber-tag-expressions (~> 4.1, >= 4.1.0) + cucumber-cucumber-expressions (15.2.0) + cucumber-gherkin (23.0.1) + cucumber-messages (~> 18.0, >= 18.0.0) + cucumber-html-formatter (19.2.0) + cucumber-messages (~> 18.0, >= 18.0.0) + cucumber-messages (18.0.0) + cucumber-tag-expressions (4.1.0) + cuprite (0.14.3) + capybara (~> 3.0) + ferrum (~> 0.13.0) + database_cleaner (2.0.2) + database_cleaner-active_record (>= 2, < 3) + database_cleaner-active_record (2.1.0) + activerecord (>= 5.a) + database_cleaner-core (~> 2.0.0) + database_cleaner-core (2.0.1) + date (3.3.3) + debug_inspector (1.1.0) + diff-lcs (1.5.0) + docile (1.4.0) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) - erubi (1.8.0) + http_parser.rb (~> 0) + erubi (1.12.0) eventmachine (1.2.7) - execjs (2.7.0) - ffi (1.10.0) - foreman (0.85.0) - thor (~> 0.19.1) - formatador (0.2.5) - gherkin (5.1.0) - globalid (0.4.2) - activesupport (>= 4.2.0) - guard (2.15.0) + execjs (2.8.1) + ferrum (0.13) + addressable (~> 2.5) + concurrent-ruby (~> 1.1) + webrick (~> 1.7) + websocket-driver (>= 0.6, < 0.8) + ffi (1.15.5) + foreman (0.87.2) + formatador (1.1.0) + globalid (1.1.0) + activesupport (>= 5.0) + guard (2.18.0) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) lumberjack (>= 1.0.12, < 2.0) nenv (~> 0.1) notiffany (~> 0.0) - pry (>= 0.9.12) + pry (>= 0.13.0) shellany (~> 0.0) thor (>= 0.18.1) guard-compat (1.2.1) @@ -135,73 +153,86 @@ GEM guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - guard-shell (0.7.1) + guard-shell (0.7.2) guard (>= 2.0.0) guard-compat (~> 1.0) - http_parser.rb (0.6.0) - i18n (1.6.0) + http_parser.rb (0.8.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) - jaro_winkler (1.5.2) jquery-fileupload-rails (1.0.0) actionpack (>= 3.1) railties (>= 3.1) sassc - jquery-rails (4.3.3) + jquery-rails (4.6.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (2.2.0) - kgio (2.11.2) - launchy (2.4.3) - addressable (~> 2.3) - libv8 (3.16.14.19) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - loofah (2.2.3) + json (2.6.3) + kgio (2.11.4) + language_server-protocol (3.17.0.3) + launchy (2.5.2) + addressable (~> 2.8) + listen (3.8.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + loofah (2.21.3) crass (~> 1.0.2) - nokogiri (>= 1.5.9) - lumberjack (1.0.13) - mail (2.7.1) + nokogiri (>= 1.12.0) + lumberjack (1.2.9) + mail (2.8.1) mini_mime (>= 0.1.1) - method_source (0.9.2) - mini_mime (1.0.1) - mini_portile2 (2.4.0) - minitest (5.11.3) - multi_json (1.13.1) - multi_test (0.1.2) - mysql2 (0.5.2) + net-imap + net-pop + net-smtp + matrix (0.4.2) + method_source (1.0.0) + mime-types (3.4.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2023.0218.1) + mini_mime (1.1.2) + mini_portile2 (2.8.4) + minitest (5.19.0) + multi_json (1.15.0) + multi_test (1.1.0) + mysql2 (0.5.5) nenv (0.3.0) - nio4r (2.3.1) - nokogiri (1.10.2) - mini_portile2 (~> 2.4.0) - notiffany (0.1.1) + net-imap (0.3.7) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout + net-smtp (0.3.3) + net-protocol + nio4r (2.5.9) + nokogiri (1.15.3) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - parallel (1.17.0) - parser (2.6.2.1) - ast (~> 2.4.0) - poltergeist (1.18.1) - capybara (>= 2.1, < 4) - cliver (~> 0.3.1) - websocket-driver (>= 0.2.0) + parallel (1.23.0) + parser (3.2.2.3) + ast (~> 2.4.1) + racc powder (0.4.0) thor (>= 0.11.5) - power_assert (1.1.4) - pry (0.12.2) - coderay (~> 1.1.0) - method_source (~> 0.9.0) + power_assert (2.0.3) + pry (0.14.2) + coderay (~> 1.1) + method_source (~> 1.0) pry-rails (0.3.9) pry (>= 0.10.4) - psych (3.1.0) - public_suffix (3.0.3) - puma (3.12.1) - rack (2.0.7) - rack-livereload (0.3.17) + public_suffix (5.0.3) + puma (6.3.0) + nio4r (~> 2.0) + racc (1.7.1) + rack (2.2.8) + rack-livereload (0.5.1) rack - rack-test (1.1.0) - rack (>= 1.0, < 3) + rack-test (2.1.0) + rack (>= 1.3) rails (5.1.7) actioncable (= 5.1.7) actionmailer (= 5.1.7) @@ -214,11 +245,13 @@ GEM bundler (>= 1.3.0) railties (= 5.1.7) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.1.1) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) - loofah (~> 2.2, >= 2.2.2) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) rails-perftest (0.0.7) railties (5.1.7) actionpack (= 5.1.7) @@ -226,103 +259,116 @@ GEM method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rainbow (3.0.0) - raindrops (0.19.0) - rake (12.3.2) - rb-fsevent (0.10.3) - rb-inotify (0.10.0) + rainbow (3.1.1) + raindrops (0.20.1) + rake (13.0.6) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) ffi (~> 1.0) - ref (2.0.0) - regexp_parser (1.4.0) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.0) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.2) + regexp_parser (2.8.1) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) + rexml (3.2.6) + rouge (4.1.3) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-mocks (3.8.0) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-rails (3.8.2) - actionpack (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.0) - rubocop (0.67.2) - jaro_winkler (~> 1.5.1) + rspec-support (~> 3.12.0) + rspec-rails (4.1.2) + actionpack (>= 4.2) + activesupport (>= 4.2) + railties (>= 4.2) + rspec-core (~> 3.10) + rspec-expectations (~> 3.10) + rspec-mocks (~> 3.10) + rspec-support (~> 3.10) + rspec-support (3.12.1) + rubocop (1.55.1) + json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 2.5, != 2.5.1.1) - psych (>= 3.1.0) + parser (>= 3.2.2.3) rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.28.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 1.6) - rubocop-github (0.12.0) - rubocop (~> 0.59) - ruby-prof (0.17.0) - ruby-progressbar (1.10.0) - ruby_dep (1.5.0) - sass (3.7.4) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (5.0.7) - railties (>= 4.0.0, < 6) - sass (~> 3.1) - sprockets (>= 2.8, < 4.0) - sprockets-rails (>= 2.0, < 4.0) - tilt (>= 1.1, < 3) - sassc (2.0.1) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.29.0) + parser (>= 3.2.1.0) + rubocop-github (0.20.0) + rubocop (>= 1.37) + rubocop-performance (>= 1.15) + rubocop-rails (>= 2.17) + rubocop-performance (1.18.0) + rubocop (>= 1.7.0, < 2.0) + rubocop-ast (>= 0.4.0) + rubocop-rails (2.20.2) + activesupport (>= 4.2.0) + rack (>= 1.1) + rubocop (>= 1.33.0, < 2.0) + ruby-prof (1.6.3) + ruby-progressbar (1.13.0) + sass-rails (6.0.0) + sassc-rails (~> 2.1, >= 2.1.1) + sassc (2.4.0) ffi (~> 1.9) - rake + sassc-rails (2.1.2) + railties (>= 4.0.0) + sassc (>= 2.0) + sprockets (> 3.0) + sprockets-rails + tilt shellany (0.0.1) - simplecov (0.16.1) + simplecov (0.22.0) docile (~> 1.1) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.2) - sprockets (3.7.2) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.12.3) + simplecov_json_formatter (0.1.4) + sprockets (4.2.0) concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) + rack (>= 2.2.4, < 4) + sprockets-rails (3.2.2) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.13) - test-unit (3.3.1) + sqlite3 (1.6.3) + mini_portile2 (~> 2.8.0) + sys-uname (1.2.3) + ffi (~> 1.1) + test-unit (3.6.1) power_assert - therubyracer (0.12.3) - libv8 (~> 3.16.14.15) - ref - thor (0.19.4) + thor (1.2.2) thread_safe (0.3.6) - tilt (2.0.9) + tilt (2.2.0) + timeout (0.4.0) travis-lint (2.0.0) json - turbolinks (5.2.0) + turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.5) + tzinfo (1.2.11) thread_safe (~> 0.1) - uglifier (4.1.20) + uglifier (4.2.0) execjs (>= 0.3.0, < 3) - unicode-display_width (1.5.0) - unicorn (5.5.0) + unicode-display_width (2.4.2) + unicorn (6.1.0) kgio (~> 2.6) raindrops (~> 0.7) + webrick (1.8.1) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) @@ -337,6 +383,7 @@ DEPENDENCIES bundler-audit capybara coffee-rails + cuprite database_cleaner execjs foreman @@ -348,7 +395,6 @@ DEPENDENCIES launchy minitest mysql2 - poltergeist powder pry pry-rails @@ -364,16 +410,15 @@ DEPENDENCIES ruby-prof sass-rails simplecov - sqlite3 (= 1.3.13) + sqlite3 test-unit - therubyracer travis-lint turbolinks uglifier unicorn RUBY VERSION - ruby 2.6.2p47 + ruby 2.7.7p221 BUNDLED WITH - 1.17.2 + 2.1.4 From c55f477078ab0c9f8b326f5f2228364dfab71077 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 17:46:49 +0100 Subject: [PATCH 07/45] Run rails app:update to implement version changes (does not seem to have been run before on previous updates) --- .gitignore | 1 - app/assets/config/manifest.js | 3 + app/controllers/admin_controller.rb | 6 +- app/controllers/application_controller.rb | 4 + app/controllers/sessions_controller.rb | 2 +- bin/bundle | 3 + bin/rails | 4 + bin/rake | 4 + bin/setup | 38 ++++++ bin/update | 29 +++++ bin/yarn | 11 ++ config/application.rb | 39 +++--- config/boot.rb | 6 +- config/cable.yml | 10 ++ config/environment.rb | 5 +- config/environments/development.rb | 73 +++++------ config/environments/production.rb | 118 ++++++++---------- config/environments/test.rb | 28 +++-- .../application_controller_renderer.rb | 8 ++ config/initializers/assets.rb | 16 ++- config/initializers/backtrace_silencers.rb | 1 - config/initializers/cookies_serializer.rb | 5 + .../initializers/filter_parameter_logging.rb | 1 - config/initializers/inflections.rb | 1 - config/initializers/mime_types.rb | 2 - config/initializers/wrap_parameters.rb | 13 +- config/locales/en.yml | 10 ++ config/puma.rb | 56 +++++++++ config/secrets.yml | 32 +++++ config/spring.rb | 6 + 30 files changed, 371 insertions(+), 164 deletions(-) create mode 100644 app/assets/config/manifest.js create mode 100755 bin/bundle create mode 100755 bin/rails create mode 100755 bin/rake create mode 100755 bin/setup create mode 100755 bin/update create mode 100755 bin/yarn create mode 100644 config/cable.yml create mode 100644 config/initializers/application_controller_renderer.rb create mode 100644 config/initializers/cookies_serializer.rb create mode 100644 config/puma.rb create mode 100644 config/secrets.yml create mode 100644 config/spring.rb diff --git a/.gitignore b/.gitignore index e4d9e03..2a085fa 100755 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ /.bundle -/bin /db/*.sqlite3 /log/*.log /tmp diff --git a/app/assets/config/manifest.js b/app/assets/config/manifest.js new file mode 100644 index 0000000..b16e53d --- /dev/null +++ b/app/assets/config/manifest.js @@ -0,0 +1,3 @@ +//= link_tree ../images +//= link_directory ../javascripts .js +//= link_directory ../stylesheets .css diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 53615f7..974854d 100755 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -34,7 +34,7 @@ def get_user def update_user user = User.find_by_id(params[:admin_id]) if user - user.update_attributes(params[:user].reject { |k| k == ("password" || "password_confirmation") }) + user.update_attributes(user_params.reject { |k| k == ("password" || "password_confirmation") }) pass = params[:user][:password] user.password = pass if !(pass.blank?) user.save! @@ -68,4 +68,8 @@ def custom_fields def admin_param params[:admin_id] != "1" end + + def user_params + params.require(:user).permit! + end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b99f51c..0e16e78 100755 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,6 +8,10 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. #protect_from_forgery with: :exception + # Update: this became default behaviour from Rails 5, so we need to + # disable it until we figure out how to implement properly: + # skip_before_action :verify_authenticity_token + private def mailer_options diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 203f116..3221cb4 100755 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,7 +12,7 @@ def create path = params[:url].present? ? params[:url] : home_dashboard_index_path begin # Normalize the email address, why not - user = User.authenticate(params[:email].to_s.downcase, params[:password]) + user = User.authenticate(params[:email].to_s.strip.downcase, params[:password]) rescue RuntimeError => e # don't do ANYTHING end diff --git a/bin/bundle b/bin/bundle new file mode 100755 index 0000000..66e9889 --- /dev/null +++ b/bin/bundle @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) +load Gem.bin_path('bundler', 'bundle') diff --git a/bin/rails b/bin/rails new file mode 100755 index 0000000..0739660 --- /dev/null +++ b/bin/rails @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +APP_PATH = File.expand_path('../config/application', __dir__) +require_relative '../config/boot' +require 'rails/commands' diff --git a/bin/rake b/bin/rake new file mode 100755 index 0000000..1724048 --- /dev/null +++ b/bin/rake @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +require_relative '../config/boot' +require 'rake' +Rake.application.run diff --git a/bin/setup b/bin/setup new file mode 100755 index 0000000..78c4e86 --- /dev/null +++ b/bin/setup @@ -0,0 +1,38 @@ +#!/usr/bin/env ruby +require 'pathname' +require 'fileutils' +include FileUtils + +# path to your application root. +APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) + +def system!(*args) + system(*args) || abort("\n== Command #{args} failed ==") +end + +chdir APP_ROOT do + # This script is a starting point to setup your application. + # Add necessary setup steps to this file. + + puts '== Installing dependencies ==' + system! 'gem install bundler --conservative' + system('bundle check') || system!('bundle install') + + # Install JavaScript dependencies if using Yarn + # system('bin/yarn') + + + # puts "\n== Copying sample files ==" + # unless File.exist?('config/database.yml') + # cp 'config/database.yml.sample', 'config/database.yml' + # end + + puts "\n== Preparing database ==" + system! 'bin/rails db:setup' + + puts "\n== Removing old logs and tempfiles ==" + system! 'bin/rails log:clear tmp:clear' + + puts "\n== Restarting application server ==" + system! 'bin/rails restart' +end diff --git a/bin/update b/bin/update new file mode 100755 index 0000000..a8e4462 --- /dev/null +++ b/bin/update @@ -0,0 +1,29 @@ +#!/usr/bin/env ruby +require 'pathname' +require 'fileutils' +include FileUtils + +# path to your application root. +APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) + +def system!(*args) + system(*args) || abort("\n== Command #{args} failed ==") +end + +chdir APP_ROOT do + # This script is a way to update your development environment automatically. + # Add necessary update steps to this file. + + puts '== Installing dependencies ==' + system! 'gem install bundler --conservative' + system('bundle check') || system!('bundle install') + + puts "\n== Updating database ==" + system! 'bin/rails db:migrate' + + puts "\n== Removing old logs and tempfiles ==" + system! 'bin/rails log:clear tmp:clear' + + puts "\n== Restarting application server ==" + system! 'bin/rails restart' +end diff --git a/bin/yarn b/bin/yarn new file mode 100755 index 0000000..c2bacef --- /dev/null +++ b/bin/yarn @@ -0,0 +1,11 @@ +#!/usr/bin/env ruby +VENDOR_PATH = File.expand_path('..', __dir__) +Dir.chdir(VENDOR_PATH) do + begin + exec "yarnpkg #{ARGV.join(" ")}" + rescue Errno::ENOENT + $stderr.puts "Yarn executable was not detected in the system." + $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" + exit 1 + end +end diff --git a/config/application.rb b/config/application.rb index b27f634..8cee1da 100755 --- a/config/application.rb +++ b/config/application.rb @@ -1,38 +1,30 @@ -# frozen_string_literal: true -require File.expand_path("../boot", __FILE__) +require_relative "boot" require "rails/all" # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. -Bundler.require(:default, Rails.env) +Bundler.require(*Rails.groups) module Railsgoat class Application < Rails::Application + + # Initialize configuration defaults for originally generated Rails version. + config.load_defaults 5.1 + # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers # -- all .rb files in that directory are automatically loaded. - # Custom directories with classes and modules you want to be autoloadable. - # config.autoload_paths += %W(#{config.root}/extras) - - # Only load the plugins named here, in the order given (default is alphabetical). - # :all can be used as a placeholder for all plugins not explicitly named. - # config.plugins = [ :exception_notification, :ssl_requirement, :all ] - - # Activate observers that should always be running. - # config.active_record.observers = :cacher, :garbage_collector, :forum_observer + # RAILSGOAT SPECIFC CONFIGURATION + # Disable changes to actve_record belongs_to which breaks associations in RailsGoat from 5 onwards + config.active_record.belongs_to_required_by_default = false - # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. - # Run "rails -D time" for a list of tasks for finding time zone names. Default is UTC. - # config.time_zone = 'Central Time (US & Canada)' - - # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. - # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] - # config.i18n.default_locale = :de + # Disable CSRF protection for RailsGoat + config.action_controller.per_form_csrf_tokens = false # Configure the default encoding used in templates for Ruby 1.9. - config.encoding = "utf-8" + # config.encoding = "utf-8" # Configure sensitive parameters which will be filtered from the log file. config.filter_parameters += [:password] @@ -40,11 +32,6 @@ class Application < Rails::Application # Enable escaping HTML in JSON. #config.active_support.escape_html_entities_in_json = true - # Use SQL instead of Active Record's schema dumper when creating the database. - # This is necessary if your schema can't be completely dumped by the schema dumper, - # like if you have constraints or database-specific column types - # config.active_record.schema_format = :sql - # Enable the asset pipeline config.assets.enabled = true @@ -55,5 +42,7 @@ class Application < Rails::Application config.assets.version = "1.0" I18n.config.enforce_available_locales = false + + # config.action_dispatch.return_only_media_type_on_content_type = false end end diff --git a/config/boot.rb b/config/boot.rb index 5e28a74..30f5120 100755 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true -# Set up gems listed in the Gemfile. -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__) +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) -require "bundler/setup" if File.exist?(ENV["BUNDLE_GEMFILE"]) +require 'bundler/setup' # Set up gems listed in the Gemfile. diff --git a/config/cable.yml b/config/cable.yml new file mode 100644 index 0000000..211b6d1 --- /dev/null +++ b/config/cable.yml @@ -0,0 +1,10 @@ +development: + adapter: async + +test: + adapter: async + +production: + adapter: redis + url: redis://localhost:6379/1 + channel_prefix: railsgoat_production diff --git a/config/environment.rb b/config/environment.rb index 0effbcf..426333b 100755 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,6 +1,5 @@ -# frozen_string_literal: true # Load the Rails application. -require File.expand_path("../application", __FILE__) +require_relative 'application' # Initialize the Rails application. -Railsgoat::Application.initialize! +Rails.application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb index 5196727..5187e22 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,51 +1,54 @@ -# frozen_string_literal: true -Railsgoat::Application.configure do - # Settings specified here will take precedence over those in config/application.rb +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false - # Show full error reports and disable caching - config.consider_all_requests_local = true - config.action_controller.perform_caching = false + # Do not eager load code on boot. + config.eager_load = false + + # Show full error reports. + config.consider_all_requests_local = true + + # Enable/disable caching. By default caching is disabled. + if Rails.root.join('tmp/caching-dev.txt').exist? + config.action_controller.perform_caching = true + + config.cache_store = :memory_store + config.public_file_server.headers = { + 'Cache-Control' => "public, max-age=#{2.days.seconds.to_i}" + } + else + config.action_controller.perform_caching = false + + config.cache_store = :null_store + end - # Don't care if the mailer can't send + # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false - # Print deprecation notices to the Rails logger + config.action_mailer.perform_caching = false + + # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Only use best-standards-support built into browsers - config.action_dispatch.best_standards_support = :builtin + # Raise an error on page load if there are pending migrations. + config.active_record.migration_error = :page_load - # Tired of caching causing issues - config.middleware.delete Rack::ETag + # Debug mode disables concatenation and preprocessing of assets. + # This option may cause significant delays in view rendering with a large + # number of complex assets. + config.assets.debug = true - # Do not compress assets - config.assets.compress = false + # Suppress logger output for asset requests. + config.assets.quiet = true - # Expands the lines which load the assets - config.assets.debug = true + # Raises error for missing translations + # config.action_view.raise_on_missing_translations = true - # ActionMailer settings for email support - config.action_mailer.delivery_method = :smtp - config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 } - config.action_mailer.default_url_options = { host: "127.0.0.1:3000" } - - # config.middleware.insert_before( - # Rack::Lock, Rack::LiveReload, - # :min_delay => 500, - # :max_delay => 1000, - # :port => 35727, - # :host => 'railsgoat.dev', - # :ignore => [ %r{dont/modify\.html$} ] - # ) - - # For Rails 4.0+ - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Use an evented file watcher to asynchronously detect changes in source code, + # routes, locales, etc. This feature depends on the listen gem. + config.file_watcher = ActiveSupport::EventedFileUpdateChecker end diff --git a/config/environments/production.rb b/config/environments/production.rb index d61091e..2441228 100755 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,109 +1,91 @@ -# frozen_string_literal: true -Railsgoat::Application.configure do - # Settings specified here will take precedence over those in config/application.rb +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. config.cache_classes = true + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both threaded web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + config.eager_load = true + # Full error reports are disabled and caching is turned on. config.consider_all_requests_local = false config.action_controller.perform_caching = true - # Enable Rack::Cache to put a simple HTTP cache in front of your application - # Add `rack-cache` to your Gemfile before enabling this. - # For large-scale production use, consider using a caching - # reverse proxy like nginx, varnish or squid. - # config.action_dispatch.rack_cache = true - - # Disable Rails's static asset server (Apache or nginx will already do this). - config.public_file_server.enabled = false + # Attempt to read encrypted secrets from `config/secrets.yml.enc`. + # Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or + # `config/secrets.yml.key`. + config.read_encrypted_secrets = true - # Compress JavaScripts and CSS - config.assets.compress = true + # Disable serving static files from the `/public` folder by default since + # Apache or NGINX already handles this. + config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? # Compress JavaScripts and CSS. config.assets.js_compressor = :uglifier # config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. - config.assets.compile = true # default is false + config.assets.compile = false - # Generate digests for assets URLs. - config.assets.digest = true + # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb - # For Rails 4.0+: Version of your assets, change this if you want to expire all your assets. - config.assets.version = "1.0" - - # Defaults to nil and saved in location specified by config.assets.prefix - # config.assets.manifest = YOUR_PATH + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.action_controller.asset_host = 'http://assets.example.com' # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx + # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + + # Mount Action Cable outside main process or domain + # config.action_cable.mount_path = nil + # config.action_cable.url = 'wss://example.com/cable' + # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Set to :debug to see everything in the log. - config.log_level = :info + # Use the lowest log level to ensure availability of diagnostic information + # when problems arise. + config.log_level = :debug - # Prepend all log lines with the following tags - # config.log_tags = [ :subdomain, :uuid ] - - # Use a different logger for distributed setups - # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + # Prepend all log lines with the following tags. + config.log_tags = [ :request_id ] - # Use a different cache store in production + # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Enable serving of images, stylesheets, and JavaScripts from an asset server - # config.action_controller.asset_host = "http://assets.example.com" - - # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added) - # config.assets.precompile += %w( search.js ) + # Use a real queuing backend for Active Job (and separate queues per environment) + # config.active_job.queue_adapter = :resque + # config.active_job.queue_name_prefix = "railsgoat_#{Rails.env}" + config.action_mailer.perform_caching = false - # Disable delivery errors, bad email addresses will be ignored + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false - # Enable threaded mode - # config.threadsafe! - # Enable locale fallbacks for I18n (makes lookups for any locale fall back to - # the I18n.default_locale when a translation can not be found). - config.i18n.fallbacks = [I18n.default_locale] + # the I18n.default_locale when a translation cannot be found). + config.i18n.fallbacks = true # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify - # For Rails 4.0+: Eager load code on boot. This eager loads most of - # Rails and your application in memory, allowing both thread web - # servers and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. - config.eager_load = true - - # For Rails 4.0+: Use default logging formatter so that PID and timestamp are not suppressed. + # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new - # For Rails 4.0+: Disable automatic flushing of the log to improve performance. - # config.autoflush_log = false - - # Prepend all log lines with the following tags. - # config.log_tags = [ :subdomain, :uuid ] - # Use a different logger for distributed setups. - # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) - - # Use a different cache store in production. - # config.cache_store = :mem_cache_store - - # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = "http://assets.example.com" + # require 'syslog/logger' + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') - # Precompile additional assets. - # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. - # config.assets.precompile += %w( search.js ) + if ENV["RAILS_LOG_TO_STDOUT"].present? + logger = ActiveSupport::Logger.new(STDOUT) + logger.formatter = config.log_formatter + config.logger = ActiveSupport::TaggedLogging.new(logger) + end - # Ignore bad email addresses and do not raise email delivery errors. - # Set this to true and configure the email server for immediate delivery to raise delivery errors. - # config.action_mailer.raise_delivery_errors = false + # Do not dump schema after migrations. + config.active_record.dump_schema_after_migration = false end diff --git a/config/environments/test.rb b/config/environments/test.rb index efc1521..8e5cbde 100755 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,6 +1,5 @@ -# frozen_string_literal: true -Railsgoat::Application.configure do - # Settings specified here will take precedence over those in config/application.rb +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that @@ -8,9 +7,16 @@ # and recreated between test runs. Don't rely on the data there! config.cache_classes = true - # Configure static asset server for tests with Cache-Control for performance. + # Do not eager load code on boot. This avoids loading your whole application + # just for the purpose of running a single test. If you are using a tool that + # preloads Rails for running tests, you may have to set it to true. + config.eager_load = false + + # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true - config.public_file_server.headers = { "Cache-Control" => "public, max-age=3600" } + config.public_file_server.headers = { + 'Cache-Control' => "public, max-age=#{1.hour.seconds.to_i}" + } # Show full error reports and disable caching. config.consider_all_requests_local = true @@ -19,8 +25,9 @@ # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false - # Disable request forgery protection in test environment - config.action_controller.allow_forgery_protection = true + # Disable request forgery protection in test environment. + config.action_controller.allow_forgery_protection = false + config.action_mailer.perform_caching = false # Tell Action Mailer not to deliver emails to the real world. # The :test delivery method accumulates sent emails in the @@ -30,9 +37,6 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # For Rails 4.0+ - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Raises error for missing translations + # config.action_view.raise_on_missing_translations = true end diff --git a/config/initializers/application_controller_renderer.rb b/config/initializers/application_controller_renderer.rb new file mode 100644 index 0000000..89d2efa --- /dev/null +++ b/config/initializers/application_controller_renderer.rb @@ -0,0 +1,8 @@ +# Be sure to restart your server when you modify this file. + +# ActiveSupport::Reloader.to_prepare do +# ApplicationController.renderer.defaults.merge!( +# http_host: 'example.org', +# https: false +# ) +# end diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index 891ade3..a8598dc 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -1,2 +1,14 @@ -# frozen_string_literal: true -Rails.application.config.assets.precompile += %w( validation.js jquery.dataTables.min.js fullcalendar.min.js moment.min.js ) +# Be sure to restart your server when you modify this file. + +# Version of your assets, change this if you want to expire all your assets. +Rails.application.config.assets.version = '1.0' + +# Add additional assets to the asset load path. +# Rails.application.config.assets.paths << Emoji.images_path +# Add Yarn node_modules folder to the asset load path. +Rails.application.config.assets.paths << Rails.root.join('node_modules') + +# Precompile additional assets. +# application.js, application.css, and all non-JS/CSS in the app/assets +# folder are already added. +Rails.application.config.assets.precompile += %w( fullcalendar.min.js ) diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb index d0f0d3b..59385cd 100755 --- a/config/initializers/backtrace_silencers.rb +++ b/config/initializers/backtrace_silencers.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true # Be sure to restart your server when you modify this file. # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. diff --git a/config/initializers/cookies_serializer.rb b/config/initializers/cookies_serializer.rb new file mode 100644 index 0000000..f51a497 --- /dev/null +++ b/config/initializers/cookies_serializer.rb @@ -0,0 +1,5 @@ +# Be sure to restart your server when you modify this file. + +# Specify a serializer for the signed and encrypted cookie jars. +# Valid options are :json, :marshal, and :hybrid. +Rails.application.config.action_dispatch.cookies_serializer = :hybrid diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index b7fe123..4a994e1 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index aa7435f..ac033bf 100755 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true # Be sure to restart your server when you modify this file. # Add new inflection rules using the following format. Inflections diff --git a/config/initializers/mime_types.rb b/config/initializers/mime_types.rb index f75864f..dc18996 100755 --- a/config/initializers/mime_types.rb +++ b/config/initializers/mime_types.rb @@ -1,6 +1,4 @@ -# frozen_string_literal: true # Be sure to restart your server when you modify this file. # Add new mime types for use in respond_to blocks: # Mime::Type.register "text/richtext", :rtf -# Mime::Type.register_alias "text/html", :iphone diff --git a/config/initializers/wrap_parameters.rb b/config/initializers/wrap_parameters.rb index 6780279..bbfc396 100755 --- a/config/initializers/wrap_parameters.rb +++ b/config/initializers/wrap_parameters.rb @@ -1,15 +1,14 @@ -# frozen_string_literal: true # Be sure to restart your server when you modify this file. -# + # This file contains settings for ActionController::ParamsWrapper which # is enabled by default. # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. ActiveSupport.on_load(:action_controller) do - wrap_parameters format: [:json] if respond_to?(:wrap_parameters) + wrap_parameters format: [:json] end -# Disable root element in JSON by default. -ActiveSupport.on_load(:active_record) do - self.include_root_in_json = false -end +# To enable root element in JSON for ActiveRecord objects. +# ActiveSupport.on_load(:active_record) do +# self.include_root_in_json = true +# end diff --git a/config/locales/en.yml b/config/locales/en.yml index 0653957..decc5a8 100755 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -16,6 +16,16 @@ # # This would use the information in config/locales/es.yml. # +# The following keys must be escaped otherwise they will not be retrieved by +# the default I18n backend: +# +# true, false, on, off, yes, no +# +# Instead, surround them with single quotes. +# +# en: +# 'true': 'foo' +# # To learn more, please read the Rails Internationalization guide # available at http://guides.rubyonrails.org/i18n.html. diff --git a/config/puma.rb b/config/puma.rb new file mode 100644 index 0000000..1e19380 --- /dev/null +++ b/config/puma.rb @@ -0,0 +1,56 @@ +# Puma can serve each request in a thread from an internal thread pool. +# The `threads` method setting takes two numbers: a minimum and maximum. +# Any libraries that use thread pools should be configured to match +# the maximum value specified for Puma. Default is set to 5 threads for minimum +# and maximum; this matches the default thread size of Active Record. +# +threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 } +threads threads_count, threads_count + +# Specifies the `port` that Puma will listen on to receive requests; default is 3000. +# +port ENV.fetch("PORT") { 3000 } + +# Specifies the `environment` that Puma will run in. +# +environment ENV.fetch("RAILS_ENV") { "development" } + +# Specifies the number of `workers` to boot in clustered mode. +# Workers are forked webserver processes. If using threads and workers together +# the concurrency of the application would be max `threads` * `workers`. +# Workers do not work on JRuby or Windows (both of which do not support +# processes). +# +# workers ENV.fetch("WEB_CONCURRENCY") { 2 } + +# Use the `preload_app!` method when specifying a `workers` number. +# This directive tells Puma to first boot the application and load code +# before forking the application. This takes advantage of Copy On Write +# process behavior so workers use less memory. If you use this option +# you need to make sure to reconnect any threads in the `on_worker_boot` +# block. +# +# preload_app! + +# If you are preloading your application and using Active Record, it's +# recommended that you close any connections to the database before workers +# are forked to prevent connection leakage. +# +# before_fork do +# ActiveRecord::Base.connection_pool.disconnect! if defined?(ActiveRecord) +# end + +# The code in the `on_worker_boot` will be called if you are using +# clustered mode by specifying a number of `workers`. After each worker +# process is booted, this block will be run. If you are using the `preload_app!` +# option, you will want to use this block to reconnect to any threads +# or connections that may have been created at application boot, as Ruby +# cannot share connections between processes. +# +# on_worker_boot do +# ActiveRecord::Base.establish_connection if defined?(ActiveRecord) +# end +# + +# Allow puma to be restarted by `rails restart` command. +plugin :tmp_restart diff --git a/config/secrets.yml b/config/secrets.yml new file mode 100644 index 0000000..4d1e3c3 --- /dev/null +++ b/config/secrets.yml @@ -0,0 +1,32 @@ +# Be sure to restart your server when you modify this file. + +# Your secret key is used for verifying the integrity of signed cookies. +# If you change this key, all old signed cookies will become invalid! + +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +# You can use `rails secret` to generate a secure secret key. + +# Make sure the secrets in this file are kept private +# if you're sharing your code publicly. + +# Shared secrets are available across all environments. + +# shared: +# api_key: a1B2c3D4e5F6 + +# Environmental secrets are only available for that specific environment. + +development: + secret_key_base: 04c89de21cba0e495aa6dbef4b65fb217438966206fdd7f6f81ce745bc61cc70cb72553a7e3be2c7d8ad550cf664bdfde571ec04e06ce7396750f79e38216e04 + +test: + secret_key_base: da8b0abe0daef4b2b62bf2eb0900cc0241286a4dc92fac4eca1a46eb8156da7cd78bf4155435f23f4e7d477fc6714f4d9b1d449c05f5890bee1ca4f7d0fad069 + +# Do not keep production secrets in the unencrypted secrets file. +# Instead, either read values from the environment. +# Or, use `bin/rails secrets:setup` to configure encrypted secrets +# and move the `production:` environment over there. + +production: + secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> diff --git a/config/spring.rb b/config/spring.rb new file mode 100644 index 0000000..c9119b4 --- /dev/null +++ b/config/spring.rb @@ -0,0 +1,6 @@ +%w( + .ruby-version + .rbenv-vars + tmp/restart.txt + tmp/caching-dev.txt +).each { |path| Spring.watch(path) } From 6d292f61a416dad8778ec9a67dafe067f108f70d Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 17:48:32 +0100 Subject: [PATCH 08/45] One more change from update script --- db/schema.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/db/schema.rb b/db/schema.rb index e9d5e1e..074df54 100755 --- a/db/schema.rb +++ b/db/schema.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true # This file is auto-generated from the current state of the database. Instead # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. From 6197bb198fddd66010cb34074c0b3d182b7d19e4 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 17:50:06 +0100 Subject: [PATCH 09/45] Updating capybara testing to use cuprite instead of poltergeist as per https://github.com/jasnow/railsgoat6/commit/35f897c97ba7f57fcab4b8245d9ff5ae388ad218 --- spec/spec_helper.rb | 6 +++--- spec/support/capybara_shared.rb | 15 ++++++++++----- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 3e79dbf..543daaf 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -9,7 +9,7 @@ require File.expand_path("../../config/environment", __FILE__) require "rspec/rails" require "capybara/rails" -require "capybara/poltergeist" +require "capybara/cuprite" require "database_cleaner" # Requires supporting ruby files with custom matchers and macros, etc, @@ -28,7 +28,7 @@ # If you're not using ActiveRecord, or you'd prefer not to run each of your # examples within a transaction, remove the following line or assign false # instead of true. - config.use_transactional_fixtures = false # Capybara Poltergeist driver requires this + config.use_transactional_fixtures = false # If true, the base class of anonymous controllers will be inferred # automatically. This will be the default behavior in future versions of @@ -61,6 +61,6 @@ config.infer_spec_type_from_file_location! end -Capybara.javascript_driver = :poltergeist +Capybara.javascript_driver = :cuprite DatabaseCleaner.strategy = :truncation diff --git a/spec/support/capybara_shared.rb b/spec/support/capybara_shared.rb index 7216b16..4b5490e 100644 --- a/spec/support/capybara_shared.rb +++ b/spec/support/capybara_shared.rb @@ -46,8 +46,7 @@ def login(user) end end -##Hack to fix PhantomJS errors on Mavericks - https://gist.github.com/ericboehs/7125105 -module Capybara::Poltergeist +module Capybara::Cuprite class Client private def redirect_stdout @@ -93,8 +92,14 @@ def ignore?(message) end end -Capybara.register_driver :poltergeist do |app| - Capybara::Poltergeist::Driver.new(app, phantomjs_logger: WarningSuppressor.new, timeout: 60) +Capybara.register_driver :cuprite do |app| + Capybara::Cuprite::Driver.new( + app, + js_errors: true, + window_size: [1200, 900], + browser_options: { 'no-sandbox': nil }, + timeout: 60 + ) end -Capybara.javascript_driver = :poltergeist +Capybara.javascript_driver = :cuprite From 6876f510c4314c9fe50096ac58fa2cd1d6d8dcb4 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 20:36:18 +0100 Subject: [PATCH 10/45] Upgrade Rails from 5.1 => 5.2 --- Gemfile | 7 +++- Gemfile.lock | 113 ++++++++++++++++++++++++++++----------------------- 2 files changed, 67 insertions(+), 53 deletions(-) diff --git a/Gemfile b/Gemfile index 1644973..e701849 100644 --- a/Gemfile +++ b/Gemfile @@ -1,13 +1,15 @@ # frozen_string_literal: true source "https://rubygems.org" -#don't upgrade -gem "rails", "5.1.7" +gem "rails", "5.2.8" ruby "2.7.7" +gem "websocket-driver" + gem "aruba" gem "bcrypt" +gem "bootsnap" gem "coffee-rails" gem "execjs" gem "foreman" @@ -24,6 +26,7 @@ gem "ruby-prof" gem "sass-rails" gem "simplecov", require: false, group: :test gem "sqlite3" + gem "turbolinks" gem "uglifier" gem "unicorn" diff --git a/Gemfile.lock b/Gemfile.lock index 3bebd2d..19ee371 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,46 +1,50 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.1.7) - actionpack (= 5.1.7) + actioncable (5.2.8) + actionpack (= 5.2.8) nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) + websocket-driver (>= 0.6.1) + actionmailer (5.2.8) + actionpack (= 5.2.8) + actionview (= 5.2.8) + activejob (= 5.2.8) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.7) - actionview (= 5.1.7) - activesupport (= 5.1.7) - rack (~> 2.0) + actionpack (5.2.8) + actionview (= 5.2.8) + activesupport (= 5.2.8) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.7) - activesupport (= 5.1.7) + actionview (5.2.8) + activesupport (= 5.2.8) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.7) - activesupport (= 5.1.7) + activejob (5.2.8) + activesupport (= 5.2.8) globalid (>= 0.3.6) - activemodel (5.1.7) - activesupport (= 5.1.7) - activerecord (5.1.7) - activemodel (= 5.1.7) - activesupport (= 5.1.7) - arel (~> 8.0) - activesupport (5.1.7) + activemodel (5.2.8) + activesupport (= 5.2.8) + activerecord (5.2.8) + activemodel (= 5.2.8) + activesupport (= 5.2.8) + arel (>= 9.0) + activestorage (5.2.8) + actionpack (= 5.2.8) + activerecord (= 5.2.8) + marcel (~> 1.0.0) + activesupport (5.2.8) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) - arel (8.0.0) + arel (9.0.0) aruba (2.1.0) bundler (>= 1.17, < 3.0) childprocess (>= 2.0, < 5.0) @@ -56,6 +60,8 @@ GEM rouge (>= 1.0.0) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) + bootsnap (1.16.0) + msgpack (~> 1.2) builder (3.2.4) bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) @@ -71,9 +77,9 @@ GEM xpath (~> 3.2) childprocess (4.1.0) coderay (1.1.3) - coffee-rails (4.2.2) + coffee-rails (5.0.0) coffee-script (>= 2.2.0) - railties (>= 4.0.0) + railties (>= 5.2.0) coffee-script (2.4.1) coffee-script-source execjs @@ -184,6 +190,7 @@ GEM net-imap net-pop net-smtp + marcel (1.0.2) matrix (0.4.2) method_source (1.0.0) mime-types (3.4.1) @@ -192,6 +199,7 @@ GEM mini_mime (1.1.2) mini_portile2 (2.8.4) minitest (5.19.0) + msgpack (1.7.2) multi_json (1.15.0) multi_test (1.1.0) mysql2 (0.5.5) @@ -233,17 +241,18 @@ GEM rack rack-test (2.1.0) rack (>= 1.3) - rails (5.1.7) - actioncable (= 5.1.7) - actionmailer (= 5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) - activemodel (= 5.1.7) - activerecord (= 5.1.7) - activesupport (= 5.1.7) + rails (5.2.8) + actioncable (= 5.2.8) + actionmailer (= 5.2.8) + actionpack (= 5.2.8) + actionview (= 5.2.8) + activejob (= 5.2.8) + activemodel (= 5.2.8) + activerecord (= 5.2.8) + activestorage (= 5.2.8) + activesupport (= 5.2.8) bundler (>= 1.3.0) - railties (= 5.1.7) + railties (= 5.2.8) sprockets-rails (>= 2.0.0) rails-dom-testing (2.1.1) activesupport (>= 5.0.0) @@ -253,12 +262,12 @@ GEM loofah (~> 2.21) nokogiri (~> 1.14) rails-perftest (0.0.7) - railties (5.1.7) - actionpack (= 5.1.7) - activesupport (= 5.1.7) + railties (5.2.8) + actionpack (= 5.2.8) + activesupport (= 5.2.8) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) + thor (>= 0.19.0, < 2.0) rainbow (3.1.1) raindrops (0.20.1) rake (13.0.6) @@ -266,9 +275,9 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) regexp_parser (2.8.1) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) + responders (3.1.0) + actionpack (>= 5.2) + railties (>= 5.2) rexml (3.2.6) rouge (4.1.3) rspec (3.12.0) @@ -283,10 +292,10 @@ GEM rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-rails (4.1.2) - actionpack (>= 4.2) - activesupport (>= 4.2) - railties (>= 4.2) + rspec-rails (5.1.2) + actionpack (>= 5.2) + activesupport (>= 5.2) + railties (>= 5.2) rspec-core (~> 3.10) rspec-expectations (~> 3.10) rspec-mocks (~> 3.10) @@ -338,9 +347,9 @@ GEM sprockets (4.2.0) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) sqlite3 (1.6.3) mini_portile2 (~> 2.8.0) @@ -366,7 +375,7 @@ GEM kgio (~> 2.6) raindrops (~> 0.7) webrick (1.8.1) - websocket-driver (0.6.5) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) @@ -380,6 +389,7 @@ DEPENDENCIES bcrypt better_errors binding_of_caller + bootsnap bundler-audit capybara coffee-rails @@ -400,7 +410,7 @@ DEPENDENCIES pry-rails puma rack-livereload - rails (= 5.1.7) + rails (= 5.2.8) rails-perftest rake rb-fsevent @@ -416,6 +426,7 @@ DEPENDENCIES turbolinks uglifier unicorn + websocket-driver RUBY VERSION ruby 2.7.7p221 From 067aefa3cb8a1f30d78652ea901f9d7f0bcd141c Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 20:39:30 +0100 Subject: [PATCH 11/45] Run app:update to implement version changes (5.1 -> 5.2) --- bin/bundle | 2 +- bin/setup | 4 +- bin/update | 6 ++- bin/yarn | 6 +-- config/application.rb | 25 ++---------- config/boot.rb | 1 + config/cable.yml | 2 +- config/environments/development.rb | 11 +++++- config/environments/production.rb | 11 ++++-- config/environments/test.rb | 6 ++- config/initializers/assets.rb | 2 +- .../initializers/content_security_policy.rb | 25 ++++++++++++ .../new_framework_defaults_5_2.rb | 38 +++++++++++++++++++ config/puma.rb | 27 ++----------- config/storage.yml | 34 +++++++++++++++++ 15 files changed, 137 insertions(+), 63 deletions(-) create mode 100644 config/initializers/content_security_policy.rb create mode 100644 config/initializers/new_framework_defaults_5_2.rb create mode 100644 config/storage.yml diff --git a/bin/bundle b/bin/bundle index 66e9889..f19acf5 100755 --- a/bin/bundle +++ b/bin/bundle @@ -1,3 +1,3 @@ #!/usr/bin/env ruby -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) load Gem.bin_path('bundler', 'bundle') diff --git a/bin/setup b/bin/setup index 78c4e86..94fd4d7 100755 --- a/bin/setup +++ b/bin/setup @@ -1,10 +1,9 @@ #!/usr/bin/env ruby -require 'pathname' require 'fileutils' include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) +APP_ROOT = File.expand_path('..', __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") @@ -21,7 +20,6 @@ chdir APP_ROOT do # Install JavaScript dependencies if using Yarn # system('bin/yarn') - # puts "\n== Copying sample files ==" # unless File.exist?('config/database.yml') # cp 'config/database.yml.sample', 'config/database.yml' diff --git a/bin/update b/bin/update index a8e4462..58bfaed 100755 --- a/bin/update +++ b/bin/update @@ -1,10 +1,9 @@ #!/usr/bin/env ruby -require 'pathname' require 'fileutils' include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) +APP_ROOT = File.expand_path('..', __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") @@ -18,6 +17,9 @@ chdir APP_ROOT do system! 'gem install bundler --conservative' system('bundle check') || system!('bundle install') + # Install JavaScript dependencies if using Yarn + # system('bin/yarn') + puts "\n== Updating database ==" system! 'bin/rails db:migrate' diff --git a/bin/yarn b/bin/yarn index c2bacef..460dd56 100755 --- a/bin/yarn +++ b/bin/yarn @@ -1,8 +1,8 @@ #!/usr/bin/env ruby -VENDOR_PATH = File.expand_path('..', __dir__) -Dir.chdir(VENDOR_PATH) do +APP_ROOT = File.expand_path('..', __dir__) +Dir.chdir(APP_ROOT) do begin - exec "yarnpkg #{ARGV.join(" ")}" + exec "yarnpkg", *ARGV rescue Errno::ENOENT $stderr.puts "Yarn executable was not detected in the system." $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" diff --git a/config/application.rb b/config/application.rb index 8cee1da..6567db3 100755 --- a/config/application.rb +++ b/config/application.rb @@ -13,8 +13,9 @@ class Application < Rails::Application config.load_defaults 5.1 # Settings in config/environments/* take precedence over those specified here. - # Application configuration should go into files in config/initializers - # -- all .rb files in that directory are automatically loaded. + # Application configuration can go into files in config/initializers + # -- all .rb files in that directory are automatically loaded after loading + # the framework and any gems in your application. # RAILSGOAT SPECIFC CONFIGURATION # Disable changes to actve_record belongs_to which breaks associations in RailsGoat from 5 onwards @@ -23,26 +24,6 @@ class Application < Rails::Application # Disable CSRF protection for RailsGoat config.action_controller.per_form_csrf_tokens = false - # Configure the default encoding used in templates for Ruby 1.9. - # config.encoding = "utf-8" - - # Configure sensitive parameters which will be filtered from the log file. - config.filter_parameters += [:password] - - # Enable escaping HTML in JSON. - #config.active_support.escape_html_entities_in_json = true - - # Enable the asset pipeline - config.assets.enabled = true - - # add app/assets/fonts to the asset path - config.assets.paths << Rails.root.join("app", "assets", "fonts") - - # Version of your assets, change this if you want to expire all your assets - config.assets.version = "1.0" - - I18n.config.enforce_available_locales = false - # config.action_dispatch.return_only_media_type_on_content_type = false end end diff --git a/config/boot.rb b/config/boot.rb index 30f5120..b9e460c 100755 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,3 +1,4 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) require 'bundler/setup' # Set up gems listed in the Gemfile. +require 'bootsnap/setup' # Speed up boot time by caching expensive operations. diff --git a/config/cable.yml b/config/cable.yml index 211b6d1..44a04ff 100644 --- a/config/cable.yml +++ b/config/cable.yml @@ -6,5 +6,5 @@ test: production: adapter: redis - url: redis://localhost:6379/1 + url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %> channel_prefix: railsgoat_production diff --git a/config/environments/development.rb b/config/environments/development.rb index 5187e22..1311e3e 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -13,12 +13,13 @@ config.consider_all_requests_local = true # Enable/disable caching. By default caching is disabled. - if Rails.root.join('tmp/caching-dev.txt').exist? + # Run rails dev:cache to toggle caching. + if Rails.root.join('tmp', 'caching-dev.txt').exist? config.action_controller.perform_caching = true config.cache_store = :memory_store config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{2.days.seconds.to_i}" + 'Cache-Control' => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false @@ -26,6 +27,9 @@ config.cache_store = :null_store end + # Store uploaded files on the local file system (see config/storage.yml for options) + config.active_storage.service = :local + # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false @@ -37,6 +41,9 @@ # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load + # Highlight code that triggered database queries in logs. + config.active_record.verbose_query_logs = true + # Debug mode disables concatenation and preprocessing of assets. # This option may cause significant delays in view rendering with a large # number of complex assets. diff --git a/config/environments/production.rb b/config/environments/production.rb index 2441228..01ff55b 100755 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -14,10 +14,9 @@ config.consider_all_requests_local = false config.action_controller.perform_caching = true - # Attempt to read encrypted secrets from `config/secrets.yml.enc`. - # Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or - # `config/secrets.yml.key`. - config.read_encrypted_secrets = true + # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] + # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). + # config.require_master_key = true # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. @@ -39,6 +38,9 @@ # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # Store uploaded files on the local file system (see config/storage.yml for options) + config.active_storage.service = :local + # Mount Action Cable outside main process or domain # config.action_cable.mount_path = nil # config.action_cable.url = 'wss://example.com/cable' @@ -60,6 +62,7 @@ # Use a real queuing backend for Active Job (and separate queues per environment) # config.active_job.queue_adapter = :resque # config.active_job.queue_name_prefix = "railsgoat_#{Rails.env}" + config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. diff --git a/config/environments/test.rb b/config/environments/test.rb index 8e5cbde..0a38fd3 100755 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -15,7 +15,7 @@ # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.seconds.to_i}" + 'Cache-Control' => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. @@ -27,6 +27,10 @@ # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false + + # Store uploaded files on the local file system in a temporary directory + config.active_storage.service = :test + config.action_mailer.perform_caching = false # Tell Action Mailer not to deliver emails to the real world. diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index a8598dc..6bd831d 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -6,7 +6,7 @@ # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path # Add Yarn node_modules folder to the asset load path. -Rails.application.config.assets.paths << Rails.root.join('node_modules') +Rails.application.config.assets.paths << Rails.root.join("app", "assets", "fonts", "node_modules") # Precompile additional assets. # application.js, application.css, and all non-JS/CSS in the app/assets diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 0000000..d3bcaa5 --- /dev/null +++ b/config/initializers/content_security_policy.rb @@ -0,0 +1,25 @@ +# Be sure to restart your server when you modify this file. + +# Define an application-wide content security policy +# For further information see the following documentation +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + +# Rails.application.config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https + +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end + +# If you are using UJS then enable automatic nonce generation +# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } + +# Report CSP violations to a specified URI +# For further information see the following documentation: +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/new_framework_defaults_5_2.rb b/config/initializers/new_framework_defaults_5_2.rb new file mode 100644 index 0000000..c383d07 --- /dev/null +++ b/config/initializers/new_framework_defaults_5_2.rb @@ -0,0 +1,38 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 5.2 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Make Active Record use stable #cache_key alongside new #cache_version method. +# This is needed for recyclable cache keys. +# Rails.application.config.active_record.cache_versioning = true + +# Use AES-256-GCM authenticated encryption for encrypted cookies. +# Also, embed cookie expiry in signed or encrypted cookies for increased security. +# +# This option is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 5.2. +# +# Existing cookies will be converted on read then written with the new scheme. +# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true + +# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages +# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true. +# Rails.application.config.active_support.use_authenticated_message_encryption = true + +# Add default protection from forgery to ActionController::Base instead of in +# ApplicationController. +# Rails.application.config.action_controller.default_protect_from_forgery = true + +# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and +# 'f' after migrating old data. +# Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true + +# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. +# Rails.application.config.active_support.use_sha1_digests = true + +# Make `form_with` generate id attributes for any generated HTML tags. +# Rails.application.config.action_view.form_with_generates_ids = true diff --git a/config/puma.rb b/config/puma.rb index 1e19380..b210207 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -15,6 +15,9 @@ # environment ENV.fetch("RAILS_ENV") { "development" } +# Specifies the `pidfile` that Puma will use. +pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" } + # Specifies the number of `workers` to boot in clustered mode. # Workers are forked webserver processes. If using threads and workers together # the concurrency of the application would be max `threads` * `workers`. @@ -26,31 +29,9 @@ # Use the `preload_app!` method when specifying a `workers` number. # This directive tells Puma to first boot the application and load code # before forking the application. This takes advantage of Copy On Write -# process behavior so workers use less memory. If you use this option -# you need to make sure to reconnect any threads in the `on_worker_boot` -# block. +# process behavior so workers use less memory. # # preload_app! -# If you are preloading your application and using Active Record, it's -# recommended that you close any connections to the database before workers -# are forked to prevent connection leakage. -# -# before_fork do -# ActiveRecord::Base.connection_pool.disconnect! if defined?(ActiveRecord) -# end - -# The code in the `on_worker_boot` will be called if you are using -# clustered mode by specifying a number of `workers`. After each worker -# process is booted, this block will be run. If you are using the `preload_app!` -# option, you will want to use this block to reconnect to any threads -# or connections that may have been created at application boot, as Ruby -# cannot share connections between processes. -# -# on_worker_boot do -# ActiveRecord::Base.establish_connection if defined?(ActiveRecord) -# end -# - # Allow puma to be restarted by `rails restart` command. plugin :tmp_restart diff --git a/config/storage.yml b/config/storage.yml new file mode 100644 index 0000000..d32f76e --- /dev/null +++ b/config/storage.yml @@ -0,0 +1,34 @@ +test: + service: Disk + root: <%= Rails.root.join("tmp/storage") %> + +local: + service: Disk + root: <%= Rails.root.join("storage") %> + +# Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key) +# amazon: +# service: S3 +# access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %> +# secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %> +# region: us-east-1 +# bucket: your_own_bucket + +# Remember not to checkin your GCS keyfile to a repository +# google: +# service: GCS +# project: your_project +# credentials: <%= Rails.root.join("path/to/gcs.keyfile") %> +# bucket: your_own_bucket + +# Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key) +# microsoft: +# service: AzureStorage +# storage_account_name: your_account_name +# storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %> +# container: your_container_name + +# mirror: +# service: Mirror +# primary: local +# mirrors: [ amazon, google, microsoft ] From d424f9ac0ad809f454381d8abc3c2cd1d3e5aed6 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 23:06:30 +0100 Subject: [PATCH 12/45] Upgrade Rails from 5.2 => 6.0 and run app:upgrade script --- Gemfile | 7 ++-- Gemfile.lock | 106 +++++++++++++++++++++++++++++---------------------- 2 files changed, 63 insertions(+), 50 deletions(-) diff --git a/Gemfile b/Gemfile index e701849..bdf0787 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "rails", "5.2.8" +gem "rails", "6.0.6" ruby "2.7.7" @@ -21,12 +21,11 @@ gem "pry-rails" # not in dev group in case running via prod/staging @ a training gem "puma" gem "rails-perftest" gem "rake" -gem "responders" #For Rails 4.2 # LOCKED DOWN +gem "responders" gem "ruby-prof" -gem "sass-rails" +gem "sassc-rails" gem "simplecov", require: false, group: :test gem "sqlite3" - gem "turbolinks" gem "uglifier" gem "unicorn" diff --git a/Gemfile.lock b/Gemfile.lock index 19ee371..8fd84e1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,50 +1,63 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.2.8) - actionpack (= 5.2.8) + actioncable (6.0.6) + actionpack (= 6.0.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.8) - actionpack (= 5.2.8) - actionview (= 5.2.8) - activejob (= 5.2.8) + actionmailbox (6.0.6) + actionpack (= 6.0.6) + activejob (= 6.0.6) + activerecord (= 6.0.6) + activestorage (= 6.0.6) + activesupport (= 6.0.6) + mail (>= 2.7.1) + actionmailer (6.0.6) + actionpack (= 6.0.6) + actionview (= 6.0.6) + activejob (= 6.0.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.8) - actionview (= 5.2.8) - activesupport (= 5.2.8) + actionpack (6.0.6) + actionview (= 6.0.6) + activesupport (= 6.0.6) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.8) - activesupport (= 5.2.8) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.0.6) + actionpack (= 6.0.6) + activerecord (= 6.0.6) + activestorage (= 6.0.6) + activesupport (= 6.0.6) + nokogiri (>= 1.8.5) + actionview (6.0.6) + activesupport (= 6.0.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.8) - activesupport (= 5.2.8) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.0.6) + activesupport (= 6.0.6) globalid (>= 0.3.6) - activemodel (5.2.8) - activesupport (= 5.2.8) - activerecord (5.2.8) - activemodel (= 5.2.8) - activesupport (= 5.2.8) - arel (>= 9.0) - activestorage (5.2.8) - actionpack (= 5.2.8) - activerecord (= 5.2.8) - marcel (~> 1.0.0) - activesupport (5.2.8) + activemodel (6.0.6) + activesupport (= 6.0.6) + activerecord (6.0.6) + activemodel (= 6.0.6) + activesupport (= 6.0.6) + activestorage (6.0.6) + actionpack (= 6.0.6) + activejob (= 6.0.6) + activerecord (= 6.0.6) + marcel (~> 1.0) + activesupport (6.0.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) + zeitwerk (~> 2.2, >= 2.2.2) addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) - arel (9.0.0) aruba (2.1.0) bundler (>= 1.17, < 3.0) childprocess (>= 2.0, < 5.0) @@ -241,18 +254,20 @@ GEM rack rack-test (2.1.0) rack (>= 1.3) - rails (5.2.8) - actioncable (= 5.2.8) - actionmailer (= 5.2.8) - actionpack (= 5.2.8) - actionview (= 5.2.8) - activejob (= 5.2.8) - activemodel (= 5.2.8) - activerecord (= 5.2.8) - activestorage (= 5.2.8) - activesupport (= 5.2.8) + rails (6.0.6) + actioncable (= 6.0.6) + actionmailbox (= 6.0.6) + actionmailer (= 6.0.6) + actionpack (= 6.0.6) + actiontext (= 6.0.6) + actionview (= 6.0.6) + activejob (= 6.0.6) + activemodel (= 6.0.6) + activerecord (= 6.0.6) + activestorage (= 6.0.6) + activesupport (= 6.0.6) bundler (>= 1.3.0) - railties (= 5.2.8) + railties (= 6.0.6) sprockets-rails (>= 2.0.0) rails-dom-testing (2.1.1) activesupport (>= 5.0.0) @@ -262,12 +277,12 @@ GEM loofah (~> 2.21) nokogiri (~> 1.14) rails-perftest (0.0.7) - railties (5.2.8) - actionpack (= 5.2.8) - activesupport (= 5.2.8) + railties (6.0.6) + actionpack (= 6.0.6) + activesupport (= 6.0.6) method_source rake (>= 0.8.7) - thor (>= 0.19.0, < 2.0) + thor (>= 0.20.3, < 2.0) rainbow (3.1.1) raindrops (0.20.1) rake (13.0.6) @@ -327,8 +342,6 @@ GEM rubocop (>= 1.33.0, < 2.0) ruby-prof (1.6.3) ruby-progressbar (1.13.0) - sass-rails (6.0.0) - sassc-rails (~> 2.1, >= 2.1.1) sassc (2.4.0) ffi (~> 1.9) sassc-rails (2.1.2) @@ -380,6 +393,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) + zeitwerk (2.6.10) PLATFORMS ruby @@ -410,7 +424,7 @@ DEPENDENCIES pry-rails puma rack-livereload - rails (= 5.2.8) + rails (= 6.0.6) rails-perftest rake rb-fsevent @@ -418,7 +432,7 @@ DEPENDENCIES rspec-rails rubocop-github ruby-prof - sass-rails + sassc-rails simplecov sqlite3 test-unit From 440fd9fd36627d4ec7e9c69496c6725dfc62b318 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 23:07:17 +0100 Subject: [PATCH 13/45] Upgrade Rails from 5.2 => 6.0 and run app:upgrade script --- config/application.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/application.rb b/config/application.rb index 6567db3..cadac85 100755 --- a/config/application.rb +++ b/config/application.rb @@ -10,7 +10,7 @@ module Railsgoat class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 5.1 + config.load_defaults 5.2 # Settings in config/environments/* take precedence over those specified here. # Application configuration can go into files in config/initializers @@ -24,6 +24,6 @@ class Application < Rails::Application # Disable CSRF protection for RailsGoat config.action_controller.per_form_csrf_tokens = false - # config.action_dispatch.return_only_media_type_on_content_type = false + config.action_dispatch.return_only_media_type_on_content_type = false end end From a032d3c2358aea21f0015728311d6eb2d6d1e515 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 1 Aug 2023 23:15:48 +0100 Subject: [PATCH 14/45] Upgrade Ruby from 2.7.7 => 3.0.6 --- .ruby-version | 2 +- Dockerfile | 2 +- Gemfile | 2 +- Gemfile.lock | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.ruby-version b/.ruby-version index 1f7da99..818bd47 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.7 +3.0.6 diff --git a/Dockerfile b/Dockerfile index b0c9708..9932177 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # SETUP # Default Ruby version for this project. -ARG RUBY_VERSION=2.7.7 +ARG RUBY_VERSION=3.0.6 # Base Alpine Ruby image for common setup FROM ruby:$RUBY_VERSION-alpine as base diff --git a/Gemfile b/Gemfile index bdf0787..901ea97 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source "https://rubygems.org" gem "rails", "6.0.6" -ruby "2.7.7" +ruby "3.0.6" gem "websocket-driver" diff --git a/Gemfile.lock b/Gemfile.lock index 8fd84e1..d0873a3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -98,7 +98,7 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.2.2) - contracts (0.16.1) + contracts (0.17) crass (1.0.6) cucumber (8.0.0) builder (~> 3.2, >= 3.2.4) @@ -443,7 +443,7 @@ DEPENDENCIES websocket-driver RUBY VERSION - ruby 2.7.7p221 + ruby 3.0.6p216 BUNDLED WITH - 2.1.4 + 2.2.33 From e5532a6592daf8f89f3e5e8cee47310f4019cd8e Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 11:53:46 +0100 Subject: [PATCH 15/45] Upgrade Ruby from 3.0 => 3.1.4, Rails from 6.0 => 6.1.7 --- .ruby-version | 2 +- Dockerfile | 47 +++++++-------- Gemfile | 8 ++- Gemfile.lock | 157 +++++++++++++++++++++++++++----------------------- 4 files changed, 112 insertions(+), 102 deletions(-) diff --git a/.ruby-version b/.ruby-version index 818bd47..0aec50e 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.0.6 +3.1.4 diff --git a/Dockerfile b/Dockerfile index 9932177..e3affc8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,15 @@ # Multistage docker build which first builds and bundles all Ruby gems before # creating build targets for the development and production images. -# SETUP # Default Ruby version for this project. -ARG RUBY_VERSION=3.0.6 +ARG RUBY_VERSION=3.1.4 -# Base Alpine Ruby image for common setup -FROM ruby:$RUBY_VERSION-alpine as base +# BASE STAGE +# Create a base ruby-alpine stage with common configuration +# that can be used in all other stages. +FROM ruby:$RUBY_VERSION-alpine as ruby-alpine -# Set some environment variables -# ENV BUNDLER_VERSION=2.4.4 +# Set environment variables to be shared across all stages. ENV GEM_HOME=/usr/local/bundle ENV BUNDLE_PATH=$GEM_HOME ENV BUNDLE_APP_CONFIG=$BUNDLE_PATH @@ -21,8 +21,10 @@ RUN apk add --no-cache \ nodejs \ tzdata -# Builder stage for building Ruby gems -FROM base as builder +# BUILDER STAGE +# Build all gems and dependencies in a builder stage, +# whch can then be copied to other stages. +FROM ruby-alpine as builder # Add packages for required for building RUN apk add --no-cache \ @@ -37,25 +39,25 @@ WORKDIR /app # Copy the Gemfile and Gemfile.lock files to the current directory. COPY Gemfile* . -# Install bundler with specified version. -# RUN gem install bundler -v $BUNDLER_VERSION - -# Install gems and remove any unnecessary files from gems. +# Install gems and remove any unnecessary build artifacts. RUN bundle config force_ruby_platform true \ && bundle install --jobs 4 --retry 3 \ && rm -rf $BUNDLE_PATH/cache/*.gem \ - && rm -rf $BUNDLE_PATH/ruby/*/cache - # && find $BUNDLE_PATH/gems/ -name "*.c" -delete \ - # && find $BUNDLE_PATH/gems/ -name "*.o" -delete - + && rm -rf $BUNDLE_PATH/ruby/*/cache # RUNNER STAGE -FROM base as runner +# Copy the needed gems and dependenies from the builder stage to +# create the final minimal image for running the app. +FROM ruby-alpine as runner +# Add packages required for running the app RUN apk add --no-cache \ + chromium \ + chromium-chromedriver \ libpq \ mariadb +# Set the working directory for the app. WORKDIR /app # Copy the bundle directory from the "builder" image @@ -63,16 +65,9 @@ WORKDIR /app COPY --from=builder $BUNDLE_PATH $BUNDLE_PATH COPY . . -# Recreate, migrate and seed the database from scratch -# each time the container is built -# RUN rm db/development.sqlite3 db/test.sqlite3 \ -# && bundle exec rails db:setup - # Expose port 3000 for the application. EXPOSE 3000 # Run the command to start the Rails server. -# ENTRYPOINT ["/bin/bash"] -CMD ["bundle", "exec", "rails", "server", "-p", "3000", "-b", "0.0.0.0"] - - +ENTRYPOINT ["/bin/sh"] +CMD ["/app/entrypoint.sh"] diff --git a/Gemfile b/Gemfile index 901ea97..669ae1e 100644 --- a/Gemfile +++ b/Gemfile @@ -1,11 +1,12 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "rails", "6.0.6" +gem "rails", "6.1.7" -ruby "3.0.6" +ruby "3.1.4" -gem "websocket-driver" +# Add the Contrast Agent gem +gem "contrast-agent" gem "aruba" gem "bcrypt" @@ -29,6 +30,7 @@ gem "sqlite3" gem "turbolinks" gem "uglifier" gem "unicorn" +gem "websocket-driver" # Add SMTP server support using MailCatcher # NOTE: https://github.com/sj26/mailcatcher#bundler diff --git a/Gemfile.lock b/Gemfile.lock index d0873a3..a5c7d03 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,61 +1,65 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.0.6) - actionpack (= 6.0.6) + actioncable (6.1.7) + actionpack (= 6.1.7) + activesupport (= 6.1.7) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.6) - actionpack (= 6.0.6) - activejob (= 6.0.6) - activerecord (= 6.0.6) - activestorage (= 6.0.6) - activesupport (= 6.0.6) + actionmailbox (6.1.7) + actionpack (= 6.1.7) + activejob (= 6.1.7) + activerecord (= 6.1.7) + activestorage (= 6.1.7) + activesupport (= 6.1.7) mail (>= 2.7.1) - actionmailer (6.0.6) - actionpack (= 6.0.6) - actionview (= 6.0.6) - activejob (= 6.0.6) + actionmailer (6.1.7) + actionpack (= 6.1.7) + actionview (= 6.1.7) + activejob (= 6.1.7) + activesupport (= 6.1.7) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.6) - actionview (= 6.0.6) - activesupport (= 6.0.6) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.7) + actionview (= 6.1.7) + activesupport (= 6.1.7) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.6) - actionpack (= 6.0.6) - activerecord (= 6.0.6) - activestorage (= 6.0.6) - activesupport (= 6.0.6) + actiontext (6.1.7) + actionpack (= 6.1.7) + activerecord (= 6.1.7) + activestorage (= 6.1.7) + activesupport (= 6.1.7) nokogiri (>= 1.8.5) - actionview (6.0.6) - activesupport (= 6.0.6) + actionview (6.1.7) + activesupport (= 6.1.7) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.6) - activesupport (= 6.0.6) + activejob (6.1.7) + activesupport (= 6.1.7) globalid (>= 0.3.6) - activemodel (6.0.6) - activesupport (= 6.0.6) - activerecord (6.0.6) - activemodel (= 6.0.6) - activesupport (= 6.0.6) - activestorage (6.0.6) - actionpack (= 6.0.6) - activejob (= 6.0.6) - activerecord (= 6.0.6) + activemodel (6.1.7) + activesupport (= 6.1.7) + activerecord (6.1.7) + activemodel (= 6.1.7) + activesupport (= 6.1.7) + activestorage (6.1.7) + actionpack (= 6.1.7) + activejob (= 6.1.7) + activerecord (= 6.1.7) + activesupport (= 6.1.7) marcel (~> 1.0) - activesupport (6.0.6) + mini_mime (>= 1.1.0) + activesupport (6.1.7) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) aruba (2.1.0) @@ -99,6 +103,12 @@ GEM coffee-script-source (1.12.2) concurrent-ruby (1.2.2) contracts (0.17) + contrast-agent (7.3.0) + contrast-agent-lib (= 1.1.1) + ffi (~> 1.0) + ougai (>= 1.8, < 3.0.0) + rack (~> 2.0) + contrast-agent-lib (1.1.1) crass (1.0.6) cucumber (8.0.0) builder (~> 3.2, >= 3.2.4) @@ -233,6 +243,9 @@ GEM notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) + oj (3.15.1) + ougai (2.0.0) + oj (~> 3.10) parallel (1.23.0) parser (3.2.2.3) ast (~> 2.4.1) @@ -254,20 +267,20 @@ GEM rack rack-test (2.1.0) rack (>= 1.3) - rails (6.0.6) - actioncable (= 6.0.6) - actionmailbox (= 6.0.6) - actionmailer (= 6.0.6) - actionpack (= 6.0.6) - actiontext (= 6.0.6) - actionview (= 6.0.6) - activejob (= 6.0.6) - activemodel (= 6.0.6) - activerecord (= 6.0.6) - activestorage (= 6.0.6) - activesupport (= 6.0.6) - bundler (>= 1.3.0) - railties (= 6.0.6) + rails (6.1.7) + actioncable (= 6.1.7) + actionmailbox (= 6.1.7) + actionmailer (= 6.1.7) + actionpack (= 6.1.7) + actiontext (= 6.1.7) + actionview (= 6.1.7) + activejob (= 6.1.7) + activemodel (= 6.1.7) + activerecord (= 6.1.7) + activestorage (= 6.1.7) + activesupport (= 6.1.7) + bundler (>= 1.15.0) + railties (= 6.1.7) sprockets-rails (>= 2.0.0) rails-dom-testing (2.1.1) activesupport (>= 5.0.0) @@ -277,12 +290,12 @@ GEM loofah (~> 2.21) nokogiri (~> 1.14) rails-perftest (0.0.7) - railties (6.0.6) - actionpack (= 6.0.6) - activesupport (= 6.0.6) + railties (6.1.7) + actionpack (= 6.1.7) + activesupport (= 6.1.7) method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + rake (>= 12.2) + thor (~> 1.0) rainbow (3.1.1) raindrops (0.20.1) rake (13.0.6) @@ -307,14 +320,14 @@ GEM rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-rails (5.1.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - railties (>= 5.2) - rspec-core (~> 3.10) - rspec-expectations (~> 3.10) - rspec-mocks (~> 3.10) - rspec-support (~> 3.10) + rspec-rails (6.0.3) + actionpack (>= 6.1) + activesupport (>= 6.1) + railties (>= 6.1) + rspec-core (~> 3.12) + rspec-expectations (~> 3.12) + rspec-mocks (~> 3.12) + rspec-support (~> 3.12) rspec-support (3.12.1) rubocop (1.55.1) json (~> 2.3) @@ -371,7 +384,6 @@ GEM test-unit (3.6.1) power_assert thor (1.2.2) - thread_safe (0.3.6) tilt (2.2.0) timeout (0.4.0) travis-lint (2.0.0) @@ -379,8 +391,8 @@ GEM turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.11) - thread_safe (~> 0.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) unicode-display_width (2.4.2) @@ -407,6 +419,7 @@ DEPENDENCIES bundler-audit capybara coffee-rails + contrast-agent cuprite database_cleaner execjs @@ -424,7 +437,7 @@ DEPENDENCIES pry-rails puma rack-livereload - rails (= 6.0.6) + rails (= 6.1.7) rails-perftest rake rb-fsevent @@ -443,7 +456,7 @@ DEPENDENCIES websocket-driver RUBY VERSION - ruby 3.0.6p216 + ruby 3.1.4p223 BUNDLED WITH - 2.2.33 + 2.3.26 From 1f9a808f272de209d30f2480a68fd4c2602cb1e2 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 11:57:53 +0100 Subject: [PATCH 16/45] Run app:update to implement version changes (6.0 -> 6.1.7) --- app/controllers/admin_controller.rb | 2 +- app/controllers/application_controller.rb | 2 +- app/controllers/users_controller.rb | 2 +- bin/rails | 4 +- bin/rake | 4 +- bin/setup | 16 ++--- bin/yarn | 12 +++- config.ru | 5 +- config/application.rb | 10 +-- config/boot.rb | 4 +- config/cable.yml | 2 +- config/contrast_security.yml | 44 ++++++++++++ config/environment.rb | 2 +- config/environments/development.rb | 25 +++++-- config/environments/production.rb | 52 ++++++++++---- config/environments/test.rb | 27 ++++++-- config/initializers/backtrace_silencers.rb | 7 +- .../initializers/content_security_policy.rb | 5 ++ .../initializers/filter_parameter_logging.rb | 4 +- .../new_framework_defaults_6_1.rb | 67 +++++++++++++++++++ config/initializers/permissions_policy.rb | 11 +++ config/locales/en.yml | 2 +- config/puma.rb | 14 ++-- ..._to_active_storage_blobs.active_storage.rb | 22 ++++++ ..._storage_variant_records.active_storage.rb | 27 ++++++++ db/schema.rb | 12 ++-- db/seeds.rb | 8 +++ 27 files changed, 324 insertions(+), 68 deletions(-) create mode 100644 config/contrast_security.yml create mode 100644 config/initializers/new_framework_defaults_6_1.rb create mode 100644 config/initializers/permissions_policy.rb create mode 100644 db/migrate/20230801225421_add_service_name_to_active_storage_blobs.active_storage.rb create mode 100644 db/migrate/20230801225422_create_active_storage_variant_records.active_storage.rb diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 974854d..f2dbfc0 100755 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -34,7 +34,7 @@ def get_user def update_user user = User.find_by_id(params[:admin_id]) if user - user.update_attributes(user_params.reject { |k| k == ("password" || "password_confirmation") }) + user.update(user_params.reject { |k| k == ("password" || "password_confirmation") }) pass = params[:user][:password] user.password = pass if !(pass.blank?) user.save! diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0e16e78..f2c1491 100755 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,7 +10,7 @@ class ApplicationController < ActionController::Base # Update: this became default behaviour from Rails 5, so we need to # disable it until we figure out how to implement properly: - # skip_before_action :verify_authenticity_token + skip_before_action :verify_authenticity_token private diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index cc04a07..3a5e061 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -29,7 +29,7 @@ def update user = User.where("id = '#{params[:user][:id]}'")[0] if user - user.update_attributes(user_params_without_password) + user.update(user_params_without_password) if params[:user][:password].present? && (params[:user][:password] == params[:user][:password_confirmation]) user.password = params[:user][:password] end diff --git a/bin/rails b/bin/rails index 0739660..6fb4e40 100755 --- a/bin/rails +++ b/bin/rails @@ -1,4 +1,4 @@ #!/usr/bin/env ruby APP_PATH = File.expand_path('../config/application', __dir__) -require_relative '../config/boot' -require 'rails/commands' +require_relative "../config/boot" +require "rails/commands" diff --git a/bin/rake b/bin/rake index 1724048..4fbf10b 100755 --- a/bin/rake +++ b/bin/rake @@ -1,4 +1,4 @@ #!/usr/bin/env ruby -require_relative '../config/boot' -require 'rake' +require_relative "../config/boot" +require "rake" Rake.application.run diff --git a/bin/setup b/bin/setup index 94fd4d7..8afef01 100755 --- a/bin/setup +++ b/bin/setup @@ -1,6 +1,5 @@ #!/usr/bin/env ruby -require 'fileutils' -include FileUtils +require "fileutils" # path to your application root. APP_ROOT = File.expand_path('..', __dir__) @@ -9,24 +8,25 @@ def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end -chdir APP_ROOT do - # This script is a starting point to setup your application. +FileUtils.chdir APP_ROOT do + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts '== Installing dependencies ==' system! 'gem install bundler --conservative' system('bundle check') || system!('bundle install') - # Install JavaScript dependencies if using Yarn - # system('bin/yarn') + # Install JavaScript dependencies + system! 'bin/yarn' # puts "\n== Copying sample files ==" # unless File.exist?('config/database.yml') - # cp 'config/database.yml.sample', 'config/database.yml' + # FileUtils.cp 'config/database.yml.sample', 'config/database.yml' # end puts "\n== Preparing database ==" - system! 'bin/rails db:setup' + system! 'bin/rails db:reset' puts "\n== Removing old logs and tempfiles ==" system! 'bin/rails log:clear tmp:clear' diff --git a/bin/yarn b/bin/yarn index 460dd56..9fab2c3 100755 --- a/bin/yarn +++ b/bin/yarn @@ -1,9 +1,15 @@ #!/usr/bin/env ruby APP_ROOT = File.expand_path('..', __dir__) Dir.chdir(APP_ROOT) do - begin - exec "yarnpkg", *ARGV - rescue Errno::ENOENT + yarn = ENV["PATH"].split(File::PATH_SEPARATOR). + select { |dir| File.expand_path(dir) != __dir__ }. + product(["yarn", "yarn.cmd", "yarn.ps1"]). + map { |dir, file| File.expand_path(file, dir) }. + find { |file| File.executable?(file) } + + if yarn + exec yarn, *ARGV + else $stderr.puts "Yarn executable was not detected in the system." $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" exit 1 diff --git a/config.ru b/config.ru index d10ffdd..4a3c09a 100755 --- a/config.ru +++ b/config.ru @@ -1,5 +1,6 @@ -# frozen_string_literal: true # This file is used by Rack-based servers to start the application. -require ::File.expand_path("../config/environment", __FILE__) +require_relative "config/environment" + run Rails.application +Rails.application.load_server diff --git a/config/application.rb b/config/application.rb index cadac85..d6135d6 100755 --- a/config/application.rb +++ b/config/application.rb @@ -12,10 +12,9 @@ class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. config.load_defaults 5.2 - # Settings in config/environments/* take precedence over those specified here. - # Application configuration can go into files in config/initializers - # -- all .rb files in that directory are automatically loaded after loading - # the framework and any gems in your application. + # Configuration for the application, engines, and railties goes here. + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. # RAILSGOAT SPECIFC CONFIGURATION # Disable changes to actve_record belongs_to which breaks associations in RailsGoat from 5 onwards @@ -25,5 +24,8 @@ class Application < Rails::Application config.action_controller.per_form_csrf_tokens = false config.action_dispatch.return_only_media_type_on_content_type = false + + # config.time_zone = "Central Time (US & Canada)" + # config.eager_load_paths << Rails.root.join("extras") end end diff --git a/config/boot.rb b/config/boot.rb index b9e460c..3cda23b 100755 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,4 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) -require 'bundler/setup' # Set up gems listed in the Gemfile. -require 'bootsnap/setup' # Speed up boot time by caching expensive operations. +require "bundler/setup" # Set up gems listed in the Gemfile. +require "bootsnap/setup" # Speed up boot time by caching expensive operations. diff --git a/config/cable.yml b/config/cable.yml index 44a04ff..6879b93 100644 --- a/config/cable.yml +++ b/config/cable.yml @@ -2,7 +2,7 @@ development: adapter: async test: - adapter: async + adapter: test production: adapter: redis diff --git a/config/contrast_security.yml b/config/contrast_security.yml new file mode 100644 index 0000000..e5ad988 --- /dev/null +++ b/config/contrast_security.yml @@ -0,0 +1,44 @@ +# +-------------------------------------------------------------------------+ +# This Contrast Security configuration is Auto-generated by rake task. +# To List all available rake task use 'rake -T'. +# +# Please enter valid api information, for the Ruby Agent to be able to +# connect to Contrast UI. You can validate your config file by running: +# 'bundle exec rake contrast:config:validate' +# +# To find your organization keys please follow this documentation: +# https://docs.contrastsecurity.com/en/find-the-agent-keys.html +# +-------------------------------------------------------------------------+ + +# This contrast_security.yml file is intended to contain sensible defaults +# for the application and can be overwritten by environment variables. + +# Contrast Security agent authentication keys +# Either set the keys here or use environment variables +# api: +# url: https://eval.contrastsecurity.com +# api_key: contrast_user +# service_key: demo +# user_name: demo + +# Application configuration including name +application: + name: OWASP RailsGoat + code: demo-railsgoat + +# Server configuration including name and environment +server: + name: railsgoat-docker + environment: development + +# Configure agent to log to rails log directory +agent: + logger: + path: log/contrast_agent.log + level: WARN + security_logger: + path: log/security.log + level: WARN + +# For more information visit the full Ruby agent configuration guide: +# https://docs.contrastsecurity.com/en/ruby-configuration.html diff --git a/config/environment.rb b/config/environment.rb index 426333b..cac5315 100755 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,5 @@ # Load the Rails application. -require_relative 'application' +require_relative "application" # Initialize the Rails application. Rails.application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb index 1311e3e..7a9f6c3 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,8 +1,10 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false @@ -16,6 +18,7 @@ # Run rails dev:cache to toggle caching. if Rails.root.join('tmp', 'caching-dev.txt').exist? config.action_controller.perform_caching = true + config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store config.public_file_server.headers = { @@ -27,7 +30,7 @@ config.cache_store = :null_store end - # Store uploaded files on the local file system (see config/storage.yml for options) + # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local # Don't care if the mailer can't send. @@ -38,6 +41,12 @@ # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load @@ -52,10 +61,16 @@ # Suppress logger output for asset requests. config.assets.quiet = true - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Raises error for missing translations. + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. config.file_watcher = ActiveSupport::EventedFileUpdateChecker + + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true end diff --git a/config/environments/production.rb b/config/environments/production.rb index 01ff55b..2336e27 100755 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -22,26 +24,23 @@ # Apache or NGINX already handles this. config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? - # Compress JavaScripts and CSS. - config.assets.js_compressor = :uglifier + # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false - # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb - # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = 'http://assets.example.com' # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX - # Store uploaded files on the local file system (see config/storage.yml for options) + # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local - # Mount Action Cable outside main process or domain + # Mount Action Cable outside main process or domain. # config.action_cable.mount_path = nil # config.action_cable.url = 'wss://example.com/cable' # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] @@ -49,9 +48,9 @@ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - config.log_level = :debug + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). + config.log_level = :info # Prepend all log lines with the following tags. config.log_tags = [ :request_id ] @@ -59,9 +58,9 @@ # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment) + # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "railsgoat_#{Rails.env}" + # config.active_job.queue_name_prefix = "railsgoat_production" config.action_mailer.perform_caching = false @@ -76,11 +75,17 @@ # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify + # Log disallowed deprecations. + config.active_support.disallowed_deprecation = :log + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new # Use a different logger for distributed setups. - # require 'syslog/logger' + # require "syslog/logger" # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') if ENV["RAILS_LOG_TO_STDOUT"].present? @@ -91,4 +96,25 @@ # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + + # Inserts middleware to perform automatic connection switching. + # The `database_selector` hash is used to pass options to the DatabaseSelector + # middleware. The `delay` is used to determine how long to wait after a write + # to send a subsequent read to the primary. + # + # The `database_resolver` class is used by the middleware to determine which + # database is appropriate to use based on the time delay. + # + # The `database_resolver_context` class is used by the middleware to set + # timestamps for the last write to the primary. The resolver uses the context + # class timestamps to determine how long to wait before reading from the + # replica. + # + # By default Rails will store a last write timestamp in the session. The + # DatabaseSelector middleware is designed as such you can define your own + # strategy for connection switching and pass that into the middleware through + # these configuration options. + # config.active_record.database_selector = { delay: 2.seconds } + # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver + # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session end diff --git a/config/environments/test.rb b/config/environments/test.rb index 0a38fd3..17ce39c 100755 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,10 +1,13 @@ +require "active_support/core_ext/integer/time" + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that - # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! config.cache_classes = true # Do not eager load code on boot. This avoids loading your whole application @@ -21,6 +24,7 @@ # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false + config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false @@ -28,7 +32,7 @@ # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false - # Store uploaded files on the local file system in a temporary directory + # Store uploaded files on the local file system in a temporary directory. config.active_storage.service = :test config.action_mailer.perform_caching = false @@ -41,6 +45,15 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + + # Raises error for missing translations. + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true end diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb index 59385cd..33699c3 100755 --- a/config/initializers/backtrace_silencers.rb +++ b/config/initializers/backtrace_silencers.rb @@ -1,7 +1,8 @@ # Be sure to restart your server when you modify this file. # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. -# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } +# Rails.backtrace_cleaner.add_silencer { |line| /my_noisy_library/.match?(line) } -# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. -# Rails.backtrace_cleaner.remove_silencers! +# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code +# by setting BACKTRACE=1 before calling your invocation, like "BACKTRACE=1 ./bin/rails runner 'MyClass.perform'". +Rails.backtrace_cleaner.remove_silencers! if ENV["BACKTRACE"] diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index d3bcaa5..35d0f26 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -11,6 +11,8 @@ # policy.object_src :none # policy.script_src :self, :https # policy.style_src :self, :https +# # If you are using webpack-dev-server then specify webpack-dev-server host +# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? # # Specify URI for violation reports # # policy.report_uri "/csp-violation-report-endpoint" @@ -19,6 +21,9 @@ # If you are using UJS then enable automatic nonce generation # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } +# Set the nonce only to specific directives +# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) + # Report CSP violations to a specified URI # For further information see the following documentation: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1..4b34a03 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,6 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += [ + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb new file mode 100644 index 0000000..9526b83 --- /dev/null +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -0,0 +1,67 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 6.1 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Support for inversing belongs_to -> has_many Active Record associations. +# Rails.application.config.active_record.has_many_inversing = true + +# Track Active Storage variants in the database. +# Rails.application.config.active_storage.track_variants = true + +# Apply random variation to the delay when retrying failed jobs. +# Rails.application.config.active_job.retry_jitter = 0.15 + +# Stop executing `after_enqueue`/`after_perform` callbacks if +# `before_enqueue`/`before_perform` respectively halts with `throw :abort`. +# Rails.application.config.active_job.skip_after_callbacks_if_terminated = true + +# Specify cookies SameSite protection level: either :none, :lax, or :strict. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax + +# Generate CSRF tokens that are encoded in URL-safe Base64. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_controller.urlsafe_csrf_tokens = true + +# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an +# UTC offset or a UTC time. +# ActiveSupport.utc_to_local_returns_utc_offset_times = true + +# Change the default HTTP status code to `308` when redirecting non-GET/HEAD +# requests to HTTPS in `ActionDispatch::SSL` middleware. +# Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 + +# Use new connection handling API. For most applications this won't have any +# effect. For applications using multiple databases, this new API provides +# support for granular connection swapping. +# Rails.application.config.active_record.legacy_connection_handling = false + +# Make `form_with` generate non-remote forms by default. +# Rails.application.config.action_view.form_with_generates_remote_forms = false + +# Set the default queue name for the analysis job to the queue adapter default. +# Rails.application.config.active_storage.queues.analysis = nil + +# Set the default queue name for the purge job to the queue adapter default. +# Rails.application.config.active_storage.queues.purge = nil + +# Set the default queue name for the incineration job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.incineration = nil + +# Set the default queue name for the routing job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.routing = nil + +# Set the default queue name for the mail deliver job to the queue adapter default. +# Rails.application.config.action_mailer.deliver_later_queue_name = nil + +# Generate a `Link` header that gives a hint to modern browsers about +# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. +# Rails.application.config.action_view.preload_links_header = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 0000000..00f64d7 --- /dev/null +++ b/config/initializers/permissions_policy.rb @@ -0,0 +1,11 @@ +# Define an application-wide HTTP permissions policy. For further +# information see https://developers.google.com/web/updates/2018/06/feature-policy +# +# Rails.application.config.permissions_policy do |f| +# f.camera :none +# f.gyroscope :none +# f.microphone :none +# f.usb :none +# f.fullscreen :self +# f.payment :self, "https://secure.example.com" +# end diff --git a/config/locales/en.yml b/config/locales/en.yml index decc5a8..cf9b342 100755 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -27,7 +27,7 @@ # 'true': 'foo' # # To learn more, please read the Rails Internationalization guide -# available at http://guides.rubyonrails.org/i18n.html. +# available at https://guides.rubyonrails.org/i18n.html. en: hello: "Hello world" diff --git a/config/puma.rb b/config/puma.rb index b210207..d9b3e83 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -4,12 +4,18 @@ # the maximum value specified for Puma. Default is set to 5 threads for minimum # and maximum; this matches the default thread size of Active Record. # -threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 } -threads threads_count, threads_count +max_threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 } +min_threads_count = ENV.fetch("RAILS_MIN_THREADS") { max_threads_count } +threads min_threads_count, max_threads_count + +# Specifies the `worker_timeout` threshold that Puma will use to wait before +# terminating a worker in development environments. +# +worker_timeout 3600 if ENV.fetch("RAILS_ENV", "development") == "development" # Specifies the `port` that Puma will listen on to receive requests; default is 3000. # -port ENV.fetch("PORT") { 3000 } +port ENV.fetch("PORT") { 3000 } # Specifies the `environment` that Puma will run in. # @@ -19,7 +25,7 @@ pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" } # Specifies the number of `workers` to boot in clustered mode. -# Workers are forked webserver processes. If using threads and workers together +# Workers are forked web server processes. If using threads and workers together # the concurrency of the application would be max `threads` * `workers`. # Workers do not work on JRuby or Windows (both of which do not support # processes). diff --git a/db/migrate/20230801225421_add_service_name_to_active_storage_blobs.active_storage.rb b/db/migrate/20230801225421_add_service_name_to_active_storage_blobs.active_storage.rb new file mode 100644 index 0000000..a15c6ce --- /dev/null +++ b/db/migrate/20230801225421_add_service_name_to_active_storage_blobs.active_storage.rb @@ -0,0 +1,22 @@ +# This migration comes from active_storage (originally 20190112182829) +class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0] + def up + return unless table_exists?(:active_storage_blobs) + + unless column_exists?(:active_storage_blobs, :service_name) + add_column :active_storage_blobs, :service_name, :string + + if configured_service = ActiveStorage::Blob.service.name + ActiveStorage::Blob.unscoped.update_all(service_name: configured_service) + end + + change_column :active_storage_blobs, :service_name, :string, null: false + end + end + + def down + return unless table_exists?(:active_storage_blobs) + + remove_column :active_storage_blobs, :service_name + end +end diff --git a/db/migrate/20230801225422_create_active_storage_variant_records.active_storage.rb b/db/migrate/20230801225422_create_active_storage_variant_records.active_storage.rb new file mode 100644 index 0000000..94ac83a --- /dev/null +++ b/db/migrate/20230801225422_create_active_storage_variant_records.active_storage.rb @@ -0,0 +1,27 @@ +# This migration comes from active_storage (originally 20191206030411) +class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0] + def change + return unless table_exists?(:active_storage_blobs) + + # Use Active Record's configured type for primary key + create_table :active_storage_variant_records, id: primary_key_type, if_not_exists: true do |t| + t.belongs_to :blob, null: false, index: false, type: blobs_primary_key_type + t.string :variation_digest, null: false + + t.index %i[ blob_id variation_digest ], name: "index_active_storage_variant_records_uniqueness", unique: true + t.foreign_key :active_storage_blobs, column: :blob_id + end + end + + private + def primary_key_type + config = Rails.configuration.generators + config.options[config.orm][:primary_key_type] || :primary_key + end + + def blobs_primary_key_type + pkey_name = connection.primary_key(:active_storage_blobs) + pkey_column = connection.columns(:active_storage_blobs).find { |c| c.name == pkey_name } + pkey_column.bigint? ? :bigint : pkey_column.type + end +end diff --git a/db/schema.rb b/db/schema.rb index 074df54..7e82135 100755 --- a/db/schema.rb +++ b/db/schema.rb @@ -2,15 +2,15 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# Note that this schema.rb definition is the authoritative source for your -# database schema. If you need to create the application database on another -# system, you should be using db:schema:load, not running all the migrations -# from scratch. The latter is a flawed and unsustainable approach (the more migrations -# you'll amass, the slower it'll run and the greater likelihood for issues). +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to +# be faster and is potentially less error prone than running all of your +# migrations from scratch. Old migrations may fail to apply correctly if those +# migrations use external dependencies or application code. # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20171007010129) do +ActiveRecord::Schema.define(version: 2023_08_01_225422) do create_table "analytics", force: :cascade do |t| t.string "ip_address" diff --git a/db/seeds.rb b/db/seeds.rb index 338f956..24cd8fa 100755 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -162,6 +162,14 @@ ] work_info = [ + { + user: "admin@metacorp.com", + income: "$200,000", + bonuses: "$50,000", + years_worked: 9, + SSN: "111-11-111", + DoB: "02-02-1990" + }, { user: "jack@metacorp.com", income: "$50,000", From 34bcd89cc38da3d9f5beae61b9ac8598226b9539 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 11:58:56 +0100 Subject: [PATCH 17/45] Fixing javascript loading issue by removing turbolinks --- app/assets/javascripts/application.js | 1 - app/assets/stylesheets/main.css.erb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index fd0a477..6b7dd0e 100755 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -12,7 +12,6 @@ // //= require jquery //= require jquery_ujs -//= require turbolinks //= require jquery.min.js //= require jquery.scrollUp.js //= require bootstrap.js diff --git a/app/assets/stylesheets/main.css.erb b/app/assets/stylesheets/main.css.erb index 2c1e9b6..3965893 100755 --- a/app/assets/stylesheets/main.css.erb +++ b/app/assets/stylesheets/main.css.erb @@ -1967,7 +1967,7 @@ button.btn.btn-mini, input[type="submit"].btn.btn-mini { *margin-right: .3em; line-height: 14px; vertical-align: text-top; - background-image: url(<%=asset_path "glyphicons-halflings.png" %>); + background-image: url(glyphicons-halflings.png); background-position: 14px 14px; background-repeat: no-repeat; margin-top: 1px; } From aba7bec58b2c20ec7602d2b7af843ab15b43ddc0 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:00:10 +0100 Subject: [PATCH 18/45] Fixing graph loading issues from upstream: Implement upstream fixes suggested my mkouhei: - https://github.com/OWASP/railsgoat/pull/438 - https://github.com/OWASP/railsgoat/pull/439 - https://github.com/OWASP/railsgoat/pull/440 --- app/views/dashboard/bar_graph.html.erb | 90 +++++----- app/views/dashboard/home.html.erb | 63 +++---- app/views/layouts/application.html.erb | 4 +- app/views/paid_time_off/index.html.erb | 225 ++++++++++++------------- app/views/performance/index.html.erb | 134 ++++++++------- 5 files changed, 245 insertions(+), 271 deletions(-) diff --git a/app/views/dashboard/bar_graph.html.erb b/app/views/dashboard/bar_graph.html.erb index ed8c550..b05cd8a 100644 --- a/app/views/dashboard/bar_graph.html.erb +++ b/app/views/dashboard/bar_graph.html.erb @@ -1,54 +1,46 @@ -
- - +
+ \ No newline at end of file + var chart = new google.visualization.ColumnChart(document.getElementById('column_chart')); + chart.draw(data, options); + } + diff --git a/app/views/dashboard/home.html.erb b/app/views/dashboard/home.html.erb index 36e5d6b..e9d5a86 100644 --- a/app/views/dashboard/home.html.erb +++ b/app/views/dashboard/home.html.erb @@ -1,43 +1,38 @@
-
-
-
-
- Current Statistics -
- -
-
- - - - - - -
-
- -
-
- <%#= render partial: "dashboard_stats" %> -
-
-
-
-
-
Need help using this portal? Check out the Readme
-
+
+
+
+
+ Current Statistics +
+ +
+
+ + +
+
+ +
+
+ <%#= render partial: "dashboard_stats" %> +
+
+
+
+
- - - + - - - - diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 960c521..dc1d04c 100755 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -2,8 +2,8 @@ RailsGoat - <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %> - <%= javascript_include_tag "application", "data-turbolinks-track" => true %> + <%= stylesheet_link_tag "application", media: "all" %> + <%= javascript_include_tag "application" %> <%#= csrf_meta_tags %> <% diff --git a/app/views/paid_time_off/index.html.erb b/app/views/paid_time_off/index.html.erb index 58b1e35..4cbb604 100644 --- a/app/views/paid_time_off/index.html.erb +++ b/app/views/paid_time_off/index.html.erb @@ -121,131 +121,124 @@ <%= javascript_include_tag "moment.min.js" %> <%= javascript_include_tag "fullcalendar.min.js" %> - -$(document).ready(function() { - $('#calendar').fullCalendar({ - events: <%= get_pto_schedule_schedule_index_path(:format => "json").inspect.html_safe %>, + diff --git a/app/views/performance/index.html.erb b/app/views/performance/index.html.erb index 780b891..7eea4f0 100644 --- a/app/views/performance/index.html.erb +++ b/app/views/performance/index.html.erb @@ -48,79 +48,77 @@ - + \ No newline at end of file + From e32d1a3635033a18cf9a04ef64a28e6874edbe47 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:04:08 +0100 Subject: [PATCH 19/45] Fixing SQL Injection test spec --- spec/vulnerabilities/sql_injection_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/vulnerabilities/sql_injection_spec.rb b/spec/vulnerabilities/sql_injection_spec.rb index dd22d32..3196975 100644 --- a/spec/vulnerabilities/sql_injection_spec.rb +++ b/spec/vulnerabilities/sql_injection_spec.rb @@ -22,7 +22,7 @@ fill_in "user_password_confirmation", with: "hacketyhack" # this is a hidden field, so cannot use fill_in to access it. - find(:xpath, "//input[@id='user_id']", visible: false).set "8' OR admin='t') --" + find(:xpath, "//input[@id='user_id']", visible: false).set "8' OR 1 == 1) --" end click_on "Submit" From aa1ffd37da73eab9cef480e78fda223bc7b5c797 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:11:05 +0100 Subject: [PATCH 20/45] Add to .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 2a085fa..57fbb73 100755 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,6 @@ coverage /vendor/ruby run.sh test.sh + contrast_security.yaml +contrast_connection.json From 9daf99aabc31467a42690f54ea6bb41e1998fe88 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:11:33 +0100 Subject: [PATCH 21/45] Create .dockerignore to stop unnecessary files in build --- .dockerignore | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..04ac851 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,15 @@ +# Ignore root files that are not needed in docker image +.github +.jenkins +.terraform +.gitignore +docker-compose.yml +Dockerfile +LICENSE.md +README.md + +# Ignore directories that are not needed in docker image +docs/ +tmp/ +log/* +public/data/* From cd6fbad6527f067b4fbc383edd7ae8ea590a65d6 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:12:05 +0100 Subject: [PATCH 22/45] rename .gitkeep to .keep for convention --- log/{.gitkeep => .keep} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename log/{.gitkeep => .keep} (100%) diff --git a/log/.gitkeep b/log/.keep similarity index 100% rename from log/.gitkeep rename to log/.keep From 9643daf476e431d729a1506ff92e73acde888e9f Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:17:29 +0100 Subject: [PATCH 23/45] Adding sample .env file --- .env | 16 ++++++++++++++++ .gitignore | 3 ++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 0000000..5c67e5e --- /dev/null +++ b/.env @@ -0,0 +1,16 @@ +# Contrast Agent Authentication Keys +# CONTRAST__API__URL=https://eval.contrastsecurity.com/Contrast +# CONTRAST__API__API_KEY=XXXXXX +# CONTRAST__API__SERVICE_KEY=XXXXXX +# CONTRAST__API__USER_NAME=XXXXXX + +# Override the default application name and code set in config/contrast_security.yml +# CONTRAST__APPLICATION__NAME=OWASP RailsGoat +# CONTRAST__APPLICATION__CODE=demo-railsgoat + +# Override the default server name and environment set in config/contrast_security.yml +# CONTRAST__SERVER__NAME=railsgoat-docker +# CONTRAST__SERVER__ENVIRONMENT=development + +# See https://docs.contrastsecurity.com/user-vulnerableapps.html#session +# CONTRAST__APPLICATION__SESSION_METADATA="" diff --git a/.gitignore b/.gitignore index 57fbb73..3e3e4ff 100755 --- a/.gitignore +++ b/.gitignore @@ -14,5 +14,6 @@ coverage run.sh test.sh -contrast_security.yaml +.env +contrast_security.[yaml, yml] contrast_connection.json From 89c7b20d7d31b8e4b912cdcd157532a397f504d8 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:19:44 +0100 Subject: [PATCH 24/45] Adding dev and prod services to docker compose --- docker-compose.yml | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4fb27ed..dad2d3f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,12 +1,29 @@ -version: '2' services: - web: + railsgoat-dev: + image: contrastsecuritydemo/railsgoat:6.1.7 build: context: . dockerfile: Dockerfile target: runner - # command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'" + container_name: railsgoat-dev + ports: + - "3000:3000" + env_file: + - .env volumes: - .:/app + + railsgoat-prod: + image: contrastsecuritydemo/railsgoat:6.1.7 + build: + context: . + dockerfile: Dockerfile + target: runner + container_name: railsgoat-prod ports: - - "3000:3000" + - 3001:3000 + env_file: + - .env + environment: + CONTRAST__SERVER__NAME: Local-Prod + CONTRAST__SERVER__ENVIRONMENT: production From 36d60291da5bd4a08896a3adff87201d0cc669c4 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 12:20:41 +0100 Subject: [PATCH 25/45] Check agent configuration on container start and fail --- entrypoint.sh | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 48410b9..f0f8160 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,7 +1,35 @@ +#!/bin/sh +set -e +echo -e "$0: => Running the docker entrypoint script" + +function check_agent_connectivity { + echo -e "$0: => Checking Contrast Agent configuration" + bundle exec rails contrast:config:validate &> /dev/null +} + +if check_agent_connectivity; then + echo -e "$0: => Contrast agent connectivity check: SUCCESS" + echo -e "$0: => Starting RailsGoat with Contrast..." +else + echo -e "$0: => Contrast agent connectivity check: FAILED" + echo -e "It's likely that you haven't set your Contrast Agent authentication keys correctly." + echo -e "\nSet the following environment variables by passing them in your docker run command with the -e flag" + echo -e "\t -e CONTRAST__API__URL=" + echo -e "\t -e CONTRAST__API__API_KEY=" + echo -e "\t -e CONTRAST__API__SERVICE_KEY=" + echo -e "\t -e CONTRAST__API__USER_NAME=" + echo -e "\n OR add these values to the .env file and pass this in your docker command." + echo -e "\n OR add these values to the contrast_security.yaml file in the config directory." + echo -e "\nTo find your organization keys please follow this documentation:" + echo -e "https://docs.contrastsecurity.com/en/find-the-agent-keys.html" + exit 1 +fi + rm -f tmp/pids/server.pid -if [[ $TEST = true ]] -then +if [ $TEST ]; then + echo -e "== Running RailsGoat in training mode with Contrast enabled ==" bundle exec rails training else - bundle exec rails s -p 3000 -b '0.0.0.0' -fi \ No newline at end of file + echo -e "== Running RailsGoat with Contrast enabled ==" + bundle exec rails server -p 3000 -b '0.0.0.0' +fi From ed7a720b1caeb565f7b18e05a5bc538e1445b485 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Thu, 3 Aug 2023 13:50:18 +0100 Subject: [PATCH 26/45] Rewriting README.md and adding supporting documentation to the docs/ folder --- README.md | 123 ++++++++++++++++++++++++-------------- docs/CONTRAST.md | 14 +++++ docs/DEPLOY_TO_AZURE.md | 14 +++++ docs/UPGRADE_RAILSGOAT.md | 94 +++++++++++++++++++++++++++++ 4 files changed, 201 insertions(+), 44 deletions(-) create mode 100644 docs/CONTRAST.md create mode 100644 docs/DEPLOY_TO_AZURE.md create mode 100644 docs/UPGRADE_RAILSGOAT.md diff --git a/README.md b/README.md index 51aa38d..9e663f3 100755 --- a/README.md +++ b/README.md @@ -1,62 +1,100 @@ -# RailsGoat: A deliberately insecure Ruby web application +# Contrast Security Demo: RailsGoat -This is a Ruby demo application, based on https://github.com/OWASP/railsgoat. +**A deliberately vulnerable Ruby on Rails application with added Contrast Security Instrumentation.** + +This demo will give you hands on experience with Contrast Security's instrumentation and observability technology. You'll learn how to onboard an application to the Contrast platform, and can then get hands with Contrast Assess and Contrast Protect: +* **Contrast Assess** combines Interactive Application Security Testing (IAST) and Software Composition Analysis (SCA) to provide visibility into vulnerabilities across your custom code and third party libraries. +* **Contrast Protect** is Runtime Application Self Protection (RASP) that protects applications in production by blocking attacks and complex exploitation in real time. + +### About Contrast Security +Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software with patented security instrumentation technology. [Find out more about Contrast on our website.](https://www.contrastsecurity.com/contrast-assess) + +### About RailsGoat +RailsGoat is a deliberately vulnerable Ruby on Rails application, based on [OWASP RailsGoat](https://github.com/OWASP/railsgoat). We've added some Contrast dependencies to this project to help you get started quickly. + +# Running the demo application +## Run with Docker (Quick Start) +To get started quickly and easily with RailsGoat and the Contrast Agent, you can pull our already-prepared docker image from Docker Hub. + +First, retrieve your agent keys from the Contrast Platform. To find your organization keys please follow this [documentation](https://docs.contrastsecurity.com/en/find-the-agent-keys.html). Then run the following command, adding in your agent keys in place of `XXXXXX`: + +```bash +docker run -it --rm -p 3000:3000 \ + -e CONTRAST__API__URL=https://eval.contrastsecurity.com/Contrast \ + -e CONTRAST__API__API_KEY=XXXXXX \ + -e CONTRAST__API__SERVICE_KEY=XXXXXX \ + -e CONTRAST__API__USER_NAME=XXXXXX \ + contrastsecuritydemo/railsgoat:6.1.7 +``` + +## Build and run with Docker +To build and run RailsGoat locally, first clone this repo to your local machine, and ensure you have [Docker](https://docs.docker.com/engine/installation/) and [Docker Compose](https://docs.docker.com/compose/install/) installed. You can then use the provided Dockerfile and Docker Compose configuration to build the container and start instances of RailsGoat with the Contrast agent installed. + +First, retrieve your agent keys from the Contrast Platform. To find your organization keys please follow this [documentation](https://docs.contrastsecurity.com/en/find-the-agent-keys.html). + +Set your agent keys either by adding them to the `contrast_security.yaml` file in the `config` directory, or by adding them to the `.env` file in the root directory (you can also find other agent configuration options in these files). + +You can now build and run the container using Docker Compose: +```sh +docker-compose up --build +``` + +By default, two RailsGoat instances will be started, one with Contrast Assess enabled, and one with Contrast Protect enabled. You can start only one service with this command: + +```sh +docker-compose up railsgoat-dev +docker-compose up railsgoat-prod +``` + +Open your favorite browser and navigate to http://localhost:3000 for Assess or http://localhost:3001 for Protect. + + +## Running standalone **Warning**: The computer running this application will be vulnerable to attacks, please take appropriate precautions. -# Running standalone +You can run RailGoat locally on any machine with Ruby, Rails, MySQL, Postgres installed. -You can run RailGoat locally on any machine with Ruby and Rails 5.x installed. +First, retrieve your agent keys from the Contrast Platform. To find your organization keys please follow this [documentation](https://docs.contrastsecurity.com/en/find-the-agent-keys.html). -1. Place a `contrast_security.yaml` file into the application's root folder. +Set your agent keys either by adding them to the `contrast_security.yaml` file in the `config` directory. -1. Install the Contrast agent using: +Install the dependencies using bundler: ```sh - bundle add contrast-agent bundle install ``` -3. Initialize the database: -```sh - rails db:setup + +If you receive an error, make sure you have `bundler` installed: + +```bash +$ gem install bundler ``` -4. Start the Thin web server: + +Start the Thin web server: ```sh rails server ``` -5. Browse the application at http://localhost:3000 -# Running in Docker +Open your favorite browser and navigate to http://localhost:3000. -You can run RailsGoat within a Docker container, tested on OSX. The agent is added automatically during the Docker build process. -1. Place a `contrast_security.yaml` file into the application's root folder. -1. Build the RailsGoat container image using `./1-Build-Docker-Image.sh` -1. Run the container using -```sh -docker run \ - -v $PWD/contrast_security.yaml:/myapp/contrast_security.yaml \ - -e CONTRAST__APPLICATION__NAME=railsgoat \ - -p 3000:3000 railsgoat:latest -``` -4. Browse the application at http://localhost:3000 +## Other Deployment Options +There are other options for deploying RailsGoat. Please see the docs/ folder for more instructions: +* [Deploying to Azure App Services](docs/DEPLOY_TO_AZURE.md) + +# Testing RailsGoat with Contrast Assess (IAST) +Interactive Application Security Testing (IAST) works by observing application behavior at runtime to identify vulnerabilities as you interact with the application. To start analysis, all you need to do is start browsing around the application to exercise routes and the agent will analyse each request and how the application responds. Routes can also be exercised by automated functional testing such as integration and end-to-end tests. -# Running in Azure (Azure App Service): +### Test the application manually -## Pre-Requisites +Try logging in to the application using the supplied credentials, logging out again, creating a new user for yourself and browsing some of the other pages and functionality in the app. -1. Place a `contrast_security.yaml` file into the application's root folder. -1. Install Terraform from here: https://www.terraform.io/downloads.html. -1. Install PyYAML using `pip install PyYAML`. -1. Install the Azure cli tools using `brew update && brew install azure-cli`. -1. Log into Azure to make sure you cache your credentials using `az login`. -1. Edit the [variables.tf](variables.tf) file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment. -1. Run `terraform init` to download the required plugins. -1. Run `terraform plan` and check the output for errors. -1. Run `terraform apply` to build the infrastructure that you need in Azure, this will output the web address for the application. -1. Run `terraform destroy` when you would like to stop the app service and release the resources. +When you're done exploring the application, look at the Contrast Platform to see if any vulnerabilities were detected. You'll also see any vulnerable libraries that were detected, as well as the route coverage that you've achieved with your manual testing. -## Running automated tests +![Application Details](docs/img/application-details.png) + +### Test the application with automated tests RailsGoat includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following task: @@ -67,6 +105,10 @@ rails training For Docker run: ```sh +docker compose exec railsgoat-dev rails training + +# OR + docker run \ -v $PWD/contrast_security.yaml:/myapp/contrast_security.yaml \ -e CONTRAST__APPLICATION__NAME=railsgoat \ @@ -74,13 +116,6 @@ docker run \ -p 3000:3000 railsgoat:latest ``` -## Updating the Docker Image - -You can re-build the docker image (used by Terraform) by running two scripts in order: - -* 1-Build-Docker-Image.sh -* 2-Deploy-Docker-Image-To-Docker-Hub.sh - # License [The MIT License (MIT)](./LICENSE.md) diff --git a/docs/CONTRAST.md b/docs/CONTRAST.md new file mode 100644 index 0000000..43ddb1c --- /dev/null +++ b/docs/CONTRAST.md @@ -0,0 +1,14 @@ +# Contrast specific changes +Documentation of the changes made to RailsGoat to add Contrast Security to the project. + +## Changelog to add Contrast to this project +* `contrast_security.yml` configuration file added to the `config/` directory +* `.env` configuration file added to the root directory +* `gem 'contrast-agent'` added to the `Gemfile` + +## Other changes to RailsGoat (Not required for Contrast) +* Upgraded to Ruby `3.1.4` +* Upgraded to Rails `6.1.7` +* Improved the `Dockerfile` to use a multi-stage build and Alpine Linux +* Updated the `docker-compose` file to start two services: `dev` and `prod` +* Fixed issues with loading javascript and rendering graphs on multiple pages diff --git a/docs/DEPLOY_TO_AZURE.md b/docs/DEPLOY_TO_AZURE.md new file mode 100644 index 0000000..bae11c1 --- /dev/null +++ b/docs/DEPLOY_TO_AZURE.md @@ -0,0 +1,14 @@ +# Running in Azure (Azure App Service): + +## Pre-Requisites + +1. Place a `contrast_security.yaml` file into the application's root folder. +1. Install Terraform from here: https://www.terraform.io/downloads.html. +1. Install PyYAML using `pip install PyYAML`. +1. Install the Azure cli tools using `brew update && brew install azure-cli`. +1. Log into Azure to make sure you cache your credentials using `az login`. +1. Edit the [variables.tf](variables.tf) file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment. +1. Run `terraform init` to download the required plugins. +1. Run `terraform plan` and check the output for errors. +1. Run `terraform apply` to build the infrastructure that you need in Azure, this will output the web address for the application. +1. Run `terraform destroy` when you would like to stop the app service and release the resources. diff --git a/docs/UPGRADE_RAILSGOAT.md b/docs/UPGRADE_RAILSGOAT.md new file mode 100644 index 0000000..ed53a59 --- /dev/null +++ b/docs/UPGRADE_RAILSGOAT.md @@ -0,0 +1,94 @@ +# Upgrading Rails and Ruby versions for RailsGoat +This guide is intended for Contrast maintainers who are upgrading the version of Ruby and/or Rails used by RailsGoat. + +## Why Upgrade? +We will need to keep the version of RailsGoat within the versions supported by Ruby on Rails **and** the Contrast Ruby Agent for this demo app to remain operational. We may also want to take advantage of new features and performance enhancements offered by the latest versions of the Contrast Ruby Agent. + +* See the [Ruby Maintenance Branches](https://www.ruby-lang.org/en/downloads/branches/) schedule for specific release dates. +* See the [Contrast Ruby Agent Supported Technologies](https://docs.contrastsecurity.com/en/ruby-supported-technologies.html) for the currently supported versions of Ruby and Rails. + +## How to upgrade RailsGoat +Upgrading the version of Ruby, Rails or Bundler that this app uses should be done using the provided Dockerfile, as this will provide the most repeatable results. + +Follow the [Upgrading Ruby on Rails](https://guides.rubyonrails.org/upgrading_ruby_on_rails.html) guide from the official documentation. Read through this guide first if you are not familiar. + +**General tips for a successful upgrade:** +* Upgrade Ruby and Rails separately, building the Dockerfile and dealing with any issues, bugs, or deprecation warnings as you go. +* Run the rspec tests in between each build to ensure that no functionality is broken. +* Ruby can be upgraded one major version at a time (first jump to the last minor version of your current version, test, and then continue the upgrade to the next major version) +* Don't upgrade Ruby past the [last ruby version supported by your current version of rails](https://www.fastruby.io/blog/ruby/rails/versions/compatibility-table.html). +* Rails needs to be updated **one minor version at a time** (version format: `major.minor.patch`). This is to make running `rails app:update` command easier, which will attempt to apply the changes required to your codebase. +* When running `rails app:update`, you will be prompted to overwrite files. Please view the diffs of these changes and test the changes before committing. + +### Upgrading Ruby +First upgrade the Ruby version to your target Ruby version in the Dockerfile, the Gemfile and the .ruby-version files. + +Dockerfile: +```Dockerfile +... +# Default Ruby version for this project. +ARG RUBY_VERSION=3.1.4 <--- + +# Base Alpine Ruby image for common setup +FROM ruby:$RUBY_VERSION-alpine as base +... +``` + +Gemfile: +```Gemfile +... +# frozen_string_literal: true +source "https://rubygems.org" + +gem "rails", "5.2.8" + +ruby "2.7.7" <--- +... +``` + +Now rebuild the container,test the app and make sure the gems are fully up to date: +```bash +docker compose up --build +docker compose exec web sh +> bundle update +> bundle install +``` + +### Upgrading Rails +Now that you have upgraded Ruby, you can upgrade Rails. Change the version number for rails in the Gemfile: + +```Gemfile +# frozen_string_literal: true +source "https://rubygems.org" + +gem "rails", "6.1.7" <--- + +ruby "3.1.4" +``` + +Rerun the step above to rebuild the container, attach to it and then update gems again. +```bash +docker compose up --build +docker compose exec web sh +> bundle update +> bundle install +``` + +You can also use the rails update command to implement any of the changes required by the new version of Rails. This will prompt you to overwrite files, so make sure you view the diffs and test the changes before committing. + +```bash +docker compose exec web sh +> bin/bash app:update +``` + +Now test the app for any errors or deprecation warnings, fix them, run tests, and commit your changes. + +#### Upgrade bundler +It's unlikely, but you may also need to upgrade bundler if you are getting errors. You can do this by running `bundle update --bundler`. The default version of bundler from the ruby container should be preferred. + +#### Migrating and seeding the database +If database migrations were created by the update process, you will need to run them and then seed the database. + +```bash +docker compose exec web bin/rails db:migrate +``` From fa1c3ec47797485210cd04c457dd3df0c93b2bb8 Mon Sep 17 00:00:00 2001 From: David Archer <16766645+davidaustinarcher@users.noreply.github.com> Date: Fri, 4 Aug 2023 14:49:31 +0100 Subject: [PATCH 27/45] Updating terraform config Updated to use new image and reference yaml in the root. --- .terraform/main.tf | 2 +- .terraform/parseyaml.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.terraform/main.tf b/.terraform/main.tf index 44d4e43..4bd8207 100644 --- a/.terraform/main.tf +++ b/.terraform/main.tf @@ -26,7 +26,7 @@ resource "azurerm_container_group" "app" { container { name = "web" - image = "contrastsecuritydemo/railsgoat:1.0" + image = "contrastsecuritydemo/railsgoat:6.1.7" cpu = "1" memory = "1.5" ports { diff --git a/.terraform/parseyaml.py b/.terraform/parseyaml.py index 2f50efb..2add4f2 100644 --- a/.terraform/parseyaml.py +++ b/.terraform/parseyaml.py @@ -1,4 +1,4 @@ import yaml, json -with open('./contrast_security.yaml') as f: +with open('../contrast_security.yaml') as f: config = yaml.load(f) print(json.dumps(config['api'])) \ No newline at end of file From a29e252175a7b0623190e004b2670c5648878100 Mon Sep 17 00:00:00 2001 From: David Archer <16766645+davidaustinarcher@users.noreply.github.com> Date: Fri, 4 Aug 2023 15:08:49 +0100 Subject: [PATCH 28/45] Adding path context for terraform --- .jenkins/Jenkinsfile | 101 ++++++++++++++++++++++++------------------- 1 file changed, 57 insertions(+), 44 deletions(-) diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile index 49ddf69..069b69f 100644 --- a/.jenkins/Jenkinsfile +++ b/.jenkins/Jenkinsfile @@ -3,30 +3,36 @@ pipeline { tools { terraform 'terraform' } + environment { + terraformDir = '.terraform' + } stages { stage('dependencies') { - steps { - script { - withCredentials([file(credentialsId: env.contrast_yaml, variable: 'path')]) { - def contents = readFile(env.path) - writeFile file: 'contrast_security.yaml', text: "$contents" + dir("$terraformDir") { + steps { + script { + withCredentials([file(credentialsId: env.contrast_yaml, variable: 'path')]) { + def contents = readFile(env.path) + writeFile file: 'contrast_security.yaml', text: "$contents" + } } + sh ''' + terraform init -upgrade + ''' } - sh ''' - terraform init -upgrade - ''' } } stage('provision') { - steps { - script { - env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) - env.GIT_BRANCH = checkout(scm).GIT_BRANCH + dir("$terraformDir") { + steps { + script { + env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) + env.GIT_BRANCH = checkout(scm).GIT_BRANCH - withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { - try { - sh """ + withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { + try { + sh """ export ARM_CLIENT_ID=$AZURE_CLIENT_ID export ARM_CLIENT_SECRET=$AZURE_CLIENT_SECRET export ARM_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID @@ -40,10 +46,11 @@ pipeline { -var 'run_automated_tests=true' """ } catch (Exception e) { - echo "Terraform refresh failed, deleting state" - sh "rm -rf terraform.tfstate" - currentBuild.result = "FAILURE" - error("Aborting the build.") + echo 'Terraform refresh failed, deleting state' + sh 'rm -rf terraform.tfstate' + currentBuild.result = 'FAILURE' + error('Aborting the build.') + } } } } @@ -55,14 +62,15 @@ pipeline { } } stage('provision - dev') { - steps { - script { - env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) - env.GIT_BRANCH = checkout(scm).GIT_BRANCH + dir("$terraformDir") { + steps { + script { + env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) + env.GIT_BRANCH = checkout(scm).GIT_BRANCH - withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { - try { - sh """ + withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { + try { + sh """ export ARM_CLIENT_ID=$AZURE_CLIENT_ID export ARM_CLIENT_SECRET=$AZURE_CLIENT_SECRET export ARM_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID @@ -76,10 +84,11 @@ pipeline { -var 'run_automated_tests=true' """ } catch (Exception e) { - echo "Terraform refresh failed, deleting state" - sh "rm -rf terraform.tfstate" - currentBuild.result = "FAILURE" - error("Aborting the build.") + echo 'Terraform refresh failed, deleting state' + sh 'rm -rf terraform.tfstate' + currentBuild.result = 'FAILURE' + error('Aborting the build.') + } } } } @@ -91,14 +100,15 @@ pipeline { } } stage('provision - prod') { - steps { - script { - env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) - env.GIT_BRANCH = checkout(scm).GIT_BRANCH + dir("$terraformDir") { + steps { + script { + env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) + env.GIT_BRANCH = checkout(scm).GIT_BRANCH - withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { - try { - sh """ + withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { + try { + sh """ export ARM_CLIENT_ID=$AZURE_CLIENT_ID export ARM_CLIENT_SECRET=$AZURE_CLIENT_SECRET export ARM_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID @@ -107,10 +117,11 @@ pipeline { terraform apply -auto-approve -var 'location=$location' -var 'initials=$initials' -var 'environment=production' -var 'servername=Prod-01' -var 'session_metadata=branchName=${env.GIT_BRANCH},buildNumber=${BUILD_NUMBER},commitHash=${env.GIT_SHORT_COMMIT},version=1.0' -var 'run_automated_tests=true' """ } catch (Exception e) { - echo "Terraform refresh failed, deleting state" - sh "rm -rf terraform.tfstate" - currentBuild.result = "FAILURE" - error("Aborting the build.") + echo 'Terraform refresh failed, deleting state' + sh 'rm -rf terraform.tfstate' + currentBuild.result = 'FAILURE' + error('Aborting the build.') + } } } } @@ -122,9 +133,10 @@ pipeline { } } stage('destroy') { - steps { - withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { - sh """ + dir("$terraformDir") { + steps { + withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { + sh """ export ARM_CLIENT_ID=\$AZURE_CLIENT_ID export ARM_CLIENT_SECRET=\$AZURE_CLIENT_SECRET export ARM_SUBSCRIPTION_ID=\$AZURE_SUBSCRIPTION_ID @@ -132,6 +144,7 @@ pipeline { terraform destroy --auto-approve \ -var 'location=$location' """ + } } } } From 36ae54491f9e9e045edee78788d684bc1f6506ea Mon Sep 17 00:00:00 2001 From: David Archer <16766645+davidaustinarcher@users.noreply.github.com> Date: Fri, 4 Aug 2023 15:14:09 +0100 Subject: [PATCH 29/45] Fixed block order in Jenkinsfile --- .jenkins/Jenkinsfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile index 069b69f..26b313b 100644 --- a/.jenkins/Jenkinsfile +++ b/.jenkins/Jenkinsfile @@ -9,8 +9,8 @@ pipeline { stages { stage('dependencies') { - dir("$terraformDir") { - steps { + steps { + dir("$terraformDir") { script { withCredentials([file(credentialsId: env.contrast_yaml, variable: 'path')]) { def contents = readFile(env.path) @@ -24,8 +24,8 @@ pipeline { } } stage('provision') { - dir("$terraformDir") { - steps { + steps { + dir("$terraformDir") { script { env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) env.GIT_BRANCH = checkout(scm).GIT_BRANCH @@ -62,8 +62,8 @@ pipeline { } } stage('provision - dev') { - dir("$terraformDir") { - steps { + steps { + dir("$terraformDir") { script { env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) env.GIT_BRANCH = checkout(scm).GIT_BRANCH @@ -100,8 +100,8 @@ pipeline { } } stage('provision - prod') { - dir("$terraformDir") { - steps { + steps { + dir("$terraformDir") { script { env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) env.GIT_BRANCH = checkout(scm).GIT_BRANCH @@ -133,8 +133,8 @@ pipeline { } } stage('destroy') { - dir("$terraformDir") { - steps { + steps { + dir("$terraformDir") { withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { sh """ export ARM_CLIENT_ID=\$AZURE_CLIENT_ID From 9556a113e752cc294aaac7df781b1760298906f5 Mon Sep 17 00:00:00 2001 From: David Archer <16766645+davidaustinarcher@users.noreply.github.com> Date: Fri, 4 Aug 2023 15:24:35 +0100 Subject: [PATCH 30/45] Removed checkout from Jenkinsfile --- .jenkins/Jenkinsfile | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile index 26b313b..86efe33 100644 --- a/.jenkins/Jenkinsfile +++ b/.jenkins/Jenkinsfile @@ -27,9 +27,6 @@ pipeline { steps { dir("$terraformDir") { script { - env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) - env.GIT_BRANCH = checkout(scm).GIT_BRANCH - withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { try { sh """ @@ -65,9 +62,6 @@ pipeline { steps { dir("$terraformDir") { script { - env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) - env.GIT_BRANCH = checkout(scm).GIT_BRANCH - withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { try { sh """ @@ -103,9 +97,6 @@ pipeline { steps { dir("$terraformDir") { script { - env.GIT_SHORT_COMMIT = checkout(scm).GIT_COMMIT.take(7) - env.GIT_BRANCH = checkout(scm).GIT_BRANCH - withCredentials([azureServicePrincipal('ContrastAzureSponsored')]) { try { sh """ From 7fce2ccb404e0da06ce6759da4cb3699d743328a Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Fri, 4 Aug 2023 16:30:46 +0100 Subject: [PATCH 31/45] Force committing images used in README.md --- docs/img/application-details.png | Bin 0 -> 369701 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/img/application-details.png diff --git a/docs/img/application-details.png b/docs/img/application-details.png new file mode 100644 index 0000000000000000000000000000000000000000..9d6a37c4ce8fba9e92230e4da8c5a40701136382 GIT binary patch literal 369701 zcmdqIhgTC_+dhh-AYDP}MFBwt=}HF`kQR!f6zS4LdJDZMO?vNDX%C=OA&}5pKsrb# z1PE0~0t5&U0%!cr_gm|{zvul6&aA~EnVHO#-AD6ibee8?C!MvS}l!AL9dcokSHwh@jEeS%NV*bp=)pEa5H?F zkNyz-B{qyxMdjb(=B*SOlvb01if{Tv@+_79_|+Zt ziMjkiO^!Qrk6$aV36}idYY+?VWzt#cGZtR%iYe7Ky!{I-&CR_Two!V+rA5D+p*=8V zMshlKyRkcF@Ii|`<4Uhh6BVfy)G5j1ZJo5n=FX9XVq40{%ucqM$1V(Ib4+X=?%{5bSEoXSrk>QZAemlr z3Afc;eQ#@4-6G2m*S?tuR$gPBP>T5P1r zI~8MLuG3G9h<|!vb-CmrvqtNx=`V0u8!Rm8`E!MYprO}NM*ds(PuswwRWaqv`7_?Rr>?2LU=U&BA7^Oa`vHM6?z;%F0rT)%MD= z(c!`){6074tylED9BVv%p(OA9l#|Rt_0xdtuSUDS(%RShmq_n0nMqui+OOU zCfBEiP(j=skbzLn=tSj4fvbE+#F4Ssr9#Fj{`AQBtcu}3rYFsHn=zbZ?=--uN*S2i z48d@LFze3;=(wGu<1Loi<}+_^ugzYwe(FM9?7BG{f8L@3{IIZ)=J=*8Z$1 zOgDfA!A9KNsQAyA&@GzU>UXVm=7q#JgZK;onLk5EbW4Pq7g+9p9qwio2MxNW*;kiG z`nop*`&(z$P4gD#d@@~_bPAyoDsO*=BisVTlfU%W-u6@+nXth{vO9A{!}P0nnf!t+ zhP#Wzs{ZX#`+X$Kf9A_KHGeINGoClDHyvqm2i6oLh;P# z5W+LeyVm3qgJHXF598ZD|GE5sg_YznKheT^d~I>9OfR5fTdi@BB|~A#Gc4otJ>Vo@ z^p;8ssg4;E@5Px?50Z4u;9fK4&)n>V9_MlFB7#FU(is;^KP}k2Hj<8tV&Gf$_OEry z**Mn!NHXvhc3U^v@TY1u-?04VB9|%qI<}!3`y6Jgu-4t#; zq!j*cKKfmS$z$*bME8jY*@`Z6f(`xgDTR;REI3WSf+Z_+=IuLcuZ;9x zI*X8pAf_UH{zMu0o*S^uoxLzYozFkoFg5Am3aZa52*j=n4wrt(oD;gcFkJ-;9(sX+ zLmiGZfX|n);KY9~^{s)3L3djBv7J)6tmX9M=~pb1{%Eh;@;G)IEi_2#_cJ5^)a1vq zHv%uHm^nxHW)MH)mh%d_U18)VL0w-XEQw5Jfk=Dw%wzPARDK5bLuj+$=CXa9D5sD6 zv7T5-&WGaAH;=-d%4(h17PM2oz`uC@93LOoQ1xf4^@)A+NNZjjFSwZqDpBKws`D}M z(o;;7-)=-($UbdEFDLeCmvv}cmZcP@P)uy|Mk#;(U=Zf{NS&MW{=|}osxeg_+R4*P zMU6jY7R(BFb7d!A&`#3!O3}Wr#t*BVRA-0Zb6S|S&v_%G^0P7}J)KXexin1ibg#ux z=SRQqP78Xg&2uh5|A$%DRN*OLYDTc#AbpcSNw#U1fp;ALRu1l>hq(*d^3Kk?%z2FK zzR1g4pB5CS@%4!L=&X#$CmxK_!IudqihK96)7v=sS>@djT<2_`5&{l;yzEBr;knw? zmzB7_ZdVMtL80+g*36l`z1;#6ZV|2Kt0Q7{k;97q`6ba z!9if)4gEr+o2wdM%1;Qyy{3^h!)8?sv9`9BBKWu)3VZOUY%<;aHNeA(=Dvj`BcIros5MMA6pUVQS^>k<7VO#C zsY&4X(m*$NqAfDXA}s0meAUZdOKEQyljnM7SE=z2YaK~R4Ykg~k0mwc+P2m7Hx1VU zJk7`u8Gz%R_rlx3Vig=_^5iY?OAMq{yQkjUZ;3j$XZIGz1AT&s>Gkgm{+-ZRA6^@} z4O7Yz+8&f$P?a;=s#YkVXqKhTqg&FM@#gGuw(q=g?MA>k!&(q}r-@0B7tcmFe#}&` z)sES`kYR9#ILWl1b&Pw3KL6|;ki17~-reeYtC=n^vQaiZVg*(Z7*V=zKr@Rb8rm93 zpDLb<8Zz#y26@aAnp*1fxERxGWY_pCO25q88MKHeBDLix8dE4z*~TWHBlsmWcbWxuSkd6M98N> zo8*iPP2X=@_~C~CcHOC?VSD%;1LSaYB^F~`_KCbsV$A1+2MT5H^iLgsrf(; zx+SzksJm7~IzzZJR=V8oGT(SD>c)+TdJiI{M<5)LCyz!s{`rb|_P9149IGq|xS-;R z5K_~;SJ}ogdnYZ|x+o}#y6If+&wiH=Wj;-NCh}zzb$^R)wQu1LBE^mJtdel!MqHleP)CJIAP~a>9?>0! zRY_7$IJHRr4m23ew6X!#=li>Qca!i=|4nc)Kgr?9x@o1s!E!5ILS^9X|42aoC%}%U z?Ih?X416>6?6LAqH;v26i9t-iTr)sw!>L5m#tXRLfi!*0%ApK_?y9V^hmYPs;4`yTpCyE zRtOfxZH^Ru`}R3eF=Q0g?Zz&c!PYM6F((4*=oEV_2m!*C8#_5NyMbr~C_Pf5K zD^$AO<<#tE%t_sSH%KZ@WOn ze-}sAha~~_9mN&03J0}~E@fydu6qsMqvOsyaJO%&q(|V*@h~4GlyJPN%uQP50Fl6( zKE)kGyfr=~Ejl^3giemlE0m9Ebe}Rqx)<)(Vv|&`J}Yl3t=d!zznUsX&N|l#d9Iw zE5a$8!}szu##y#`Z{E1I9Svl8$+0T?FzQEqsUmh~w>O3}HC~w|R{V+r3C<0R=YUfr z9)r=dy_a(53<~Gtqle*(dHHA(sV1qQbdD_;W_IxK$760Q^!HPt@V5^7bzlUs3}F+{ zbPxY&nvN9$m=zD(<{Nz*QBbhVJ^WJ2m8Y?x+K2xR*vWw$RUnC4ku-E0Xy<9(pR#oEzT1kMk`1cvepY9oD27p7 zZB`Jz9;BEdmi2^2a$ z%S(|uEFaAq_{0@Am6!tltqanRmL>;eEf(yo11<~N*e(f62~S)UrVm+okv@6xunR84 zsGR(Fx5XIYuFEz>^1qHGp2Di&eJd3c3bsC-fAq2}N0vRWy2pl24g#E)%%0>eh7@SQ97J{{QhsSGsdRMv zj)ADh$NM-t5TE2SPu7>Dt@z|UABvNJ)H`dnANs5T6L}`WzLAz;zMAb&wL{ft_t91C ziA+`-I%0g%erZ53=@c$K@3uq|D(+#Nhj)V69c2;q zo~1=l`|Kva7sQ=>-)zrEo!9G2MSwYf%{8HqkEyD<7H^r@$Wc)Wx-ZF}v90&$Mw1pu zR%KB;SsPm8#FjCr5|7kWcMi!dEKnk++mA$6+iXwRGzn6%NB(q5(YUW(s+Uy=vtI`M zb_Nv?6h+xzmrKOw^?}*h9jQS>^?PfiNgka|#6h+nu7@AM9*WbX4xD@+7X5yWY@iSo zPx!Ivm&>hLMD~G!tF0bhrOq+90bN<_;MThaTN@rF)dyJ2mw)eLj z;KN3vEi3Dew0m)WM4#Wh%)5H|Uhd5jx4H2^3E7YYup}P!qv;G&U$JDBSAkgpyD6r5 z{9w2++>w8{@@sRW;E3NaSIh5GTVnHHiiT2xVs36jl}MB?QSh*fKe)93VnIJ~er7x9 zfa0}3m=0QX>xS-L4t&qV{b9M2v3;BUb!~&0LqE61 z^*IcE&weSzA8Vg&D3qcsrf#Lj;}!W)y=?L%K!GwwzXfG4+#oC*C z68+Wv*O1_7P5-I=;&p_oxP*c}M~|vNhx|0hC|qo9Y3I|EEVrq&0H2pQ?28ChoY4O* zEHOE<<->Ek*v?~aWYCvo^UKFobz%V!B1Ka5C9%Wn`qkU#$8IeKk9is#__YM8dYzp) z55RJoLU4b?5sBwgF!rC{L4swFkyl)&Lor~lq(-Mk=lP+qIx#-2e2~b^4wUM_|71!ysMAgnFHKDf{r2kktpRQq+8_mH zO_))7kg8-fr`*CRT)HyGf&EqsmW-@~+|rRUR8ahy``J;aw%_;v71kS>bi}wSD;QZ5 zG??k_!8Mdc+03PhsEt&$+}SmRVJ_MR+43g?_5VKw6z_uLLTP1XjHis22y+h_YzHfL z`}+0kr-%qLl2Walmv?V6*E^NHez>|XHDFB-_!Z!;b@#ZrV<2;~4mg;5DmuygG5ea6 zzp@oekm7X9DX;lLraeynCj6dhE1iK6OI7r*=kSLo!&W{Srdl7doY~bdGQ!@9<8OMC*-B_|X4>S3#KW*V9}UV3#A>W&V#LfNF^+U7gE66yA0U%!RE zk+~l6XVumW<1pgYlEs~(yb zGvRcbqyh$8OtF~REHvW`3eA5+<4O&92zrFN;9!>oqDfFP0zg^Txjm>di|O57*J`iU z^6KksnJM=zHBmwf1OwzvtPmU=@n8WiXFR(0MmiVP`Y6upvAcWGsrNl42!IL&;zD9s z2i=o2O6pA``ZIBUh=A>U{2>e@V16Oph`3x9zJ2U5=#;S{MVp{_K$*ueUMq-;&6X<( z+tC*+#psGV6wLZ`wE-+hE>`>a-RZ>rNs^jL+UhnF`E(nbG<(~ny&1L*F_SxKr=agc z_%F|NZw_`W?OOnHE<~g zuc%xB+fe}?$r-wibgjs(XivLl?xb1|1;tItr%zw&=_yIDqVaxnsQtv06!DD}%swA$ z+{EwS*Phv|cXU>bTQ59~q~-WlTbnd8GQtpVc^;(LX_1(mOs}D#G2$Z+;QunDhOc!g zpH0;ImNe}DglF&4y;`BWS|d3>uyWFjo6C(Amfi-9wa&RSfMS=MhD9FuItWxf)UziX z@<&~4k%tQX$}fBk#`${4r^)cXBKvfh95mRYb@ zaHD3b+lUBtx=`i&ja&*));s079+P->j76}QIH5Af=ct4=JBNEtNH0t$2+ShgtU$tf zI>oj-FX|fNAu?I1(X@Gy^Y8)n!E7~hEfN`c5oUvFzO)63!|}Y;#ygjCkGvAR2a%!~ zI>DHajteWYNS}z!0{Q)JW)^>!_V+Rdf|Xrv7K6r-hJ=%iNzR={Z(-ZM@1XuoIvwZr z;TZ?jN>I9~Yz{tf>orLmKJQ5Gct=vzY1gB-xI8@I^pi2k?1?)~W&7a*@Y^?Vf?nC3 zBd47Nw&T5y3@)x?=I%SxzDC4lSf*@yu9nO6LE75{`k4Ew5~bFWHqA{qmvmH}7*~GV z$s*@Plci32C9Ao@VeNfEs0hRA`MJ5=P!$J{teeWqm+&sDoq&K5h*OT!LgP_*Q$mIs z?}v{czX7xm5JSc7CwQs5nNg2Mh4b?Ac4uottE#G=XGHbB?|Cnpot^#R!-v9(3d-sk z*@(BaItB(z1U!~sQZgfof!`LEd#m0l#}o#(%;pof8yNz4I=kPh{KGOUP|5impQ6BB zg$$zFI*9N33zFZ;vZwZF%qwJsC3Aoi=03^KGWx~C3B5A;X|MZt0-EY5Ln4ozSAus& z3-}ns8oSgZd7S_8^3Rk=28y|x!K-ec3r+=B{HJdQA3|p3k=7pHJIEEnDg`Hf?w=t$8~o`t`&9<)MGttAhI~WQIg%C zacJuU+6c?TmY0%he3Ly^2&t;u<<^unoh027YI9=~zh5{QNJjk(Rm|%G@psx-j)`+c zQ1MU2F(g=CbFZ0vx^JD0NmViy>`gjmj%0ne$7;_`-eN|_5OXkVq&HeMgIw-%sJhP1 zzR;&8+vG?Jv0P~s1er+1Q<1Wt$vCx`}&$Fpb6lAJmtbZ`IBNbGln;R+29BtS$8Z5`y*-2 z7&v%=Qy3?!t5s&K^Hk?z3z3kt+g)pQC^HEe-{+XsfnXYTFkC;9*Cd)u$Oh9#IS&qu zC1>`rNMy(Hk0ZO9ib-*o=hBjG4);iG)|(eE1_TUoC8~8MQ_BYjq}Q%;{@F2SEbRI} zy#VuM#8P2tap$J(_d+cn{MvU)M<1Y|cVdhPJ$-_2pFCAKuXP~2z$9*m1i{U}FFTl@ z+AvniG_NL`$Z^ITA3sPMnJpX)ben?xy{S1b!$dTaNz#!mM$9I**@O?$Y9|_eu`;;l zL*TO2%75LTCZB=yD@qT(=oA0V@sW+dZL^poSCS}ux$({x?-`7K@>LKb+`|yVcQTM* zwziLSo`@1pew$&c5SKi`ewU$*&3TMiRPav2O`SQ!7}=V+nU9d(6&-n!zP>7~7_5cF z_2-!zj!^A*Z?jqUeVQje4uqE*n9JtmEzs$;dY_n1GMdX}B?QahD(LYQ^NaJ0v)GG`)Q-f(9X7D`&O66(rH!rIkvl+rc#K7D_t;eO#=t<&*mwco76v33{QQx+50oF=?pk+G0!-Y+ zrL4I*>&+t-Jv{~|Cnpp4f%`skJUb@7rH4xi)ZJ42pD{^lVcn5*2|FoN$}hXao5L3s zwtG^fo$dHE&3zm}A0Hf_GzCt8hVnP_f1>t!lHO%ASRri;tXpbVg>G~>S0@a@WK<>e z*K&{@mlt%)j|7VLyn_qTDO~)``)^683lciuiqA(#%}MWGY`Lhn9JnK)5u>V|)m+12 zi#t0X2q)+!4NW(i!(6NsFT}BLTdvj&d*HBdQY)c1N{WyB5Ugzr6kpbT(Xf%(rz5uq zQDog6ot@xZt2%zN2z!fW6K0`${G<3l!os@yttjQKt=OBC*In5oJ;mbIwNb^BQsuX^ zzPH4sXe4U$ioSO8gfp<)+iywJPfCF)y`NuVo84}CDjG%ZPo|+o zPHUgW-rbd(A31i$0G4St^(T%0TJ{ypyTHQ(00RL?hV)yJKNC1yc%K}NpmlY4rHuNC zzpgZTRLDd^6-k}&vw>1`0mmcV&lY5ZzAx=tSo0eIcJp?q_#}w##R1jl z^TS|;czf3Kxj5u~MlEYtG42=I+eC5si0kykYcpU>p8dGM)l_@rgy^?2dOkIL-mSz% zx_mKpIc$I>^cD_Akj+B&q?ROEvV_kOvP~aP$E!rk-(;UDp?Op6fAMV`$$LMB)+7g? z?vpp+v79VZv{mlMIbuJ)M7H4-7BNNDO!M>KB-k-`+wZEqa=XzjvPUi#@Mom5*>k`X zbFpAIdAC@xJnj&Rf6 z9j;(T0?L2apX+PW?R+Tmo1k5-bH4s|@uW)Sd?VOwQ6atdB7WO?&%?rRAs?@sh^IbW(Bvb~Q0H?Eh|5Pexsx zk&%(2QSwiD`O4T=rPTEF_=QB-XL3Q#*I$n|5N}CyFl{i#s~h0iH2IIh7q6H^bjoT9 zoX)Xq{Sk6+v`+{RdEj!Ydck6U))6$XaB$_|a#IpumWodjsx2T5mXc2`v~pSMVqfV?y~yBcMi2iT9oPlSaIXg3s3k zQ3+JF5yE5=kOim=wqI?B&XNEI)peqj7m0$C8v0EIa5mvrEW>*vVZ%%FI$(3DslZ)p z+|oS#*Kd2IN);**SQkZtChZIa4-?{_86BD{30OXc=sgjbq&PeC9mX62`M@0YPt}?Fm=|Cb}Cwo)1`#1Yn zrbVkh?w+r1j^dizTWQ)AJ)X@X^48je{5FR8`K@!=^c9+Mh`2n5`<-f-n8a5v1_7fC*9x|E9MZNiDi^Z&Xe@gSn zu*nKo!7hz6xd-DKNCPfqccg3DOI)&aX9sB{h1U?+_DqYh!4dS?qi51EBAm`_EuY+( zPg1f&Psfon134x!ojf3cyd3ceIH)(UT%f%?`{6~**W`r(<9e8n5&!IL?4hu&BE^{g zR=^7Z%Q-KKa$-GVwb_mB+rQ9-yEcRP^w((Yhu}dt#tfmXzQYQ7u(RS2Dxu}cE|iz> zOW?rJ=lRBdY3AmjD1J&{m* z^%DsdqagF1x0uZPTIMHDo&+k6=1Qj=92}%nSs5{k+YS}h)w!EQF5asT-c0sz3RdnD zU`F%Oa7oHZ^}PJ-Kc7D3BA=@8>2@hRC6G!OF{+gR{?Zq7iBV@| z8s^!o3{JpjJBZ>AL~sWkjp}HG(hQ_ceI_A@1nva)Uw^9_%>2TNga_Y)vd2cV?V0$o zY%7u5U+%QCjtAv}QfzAHxH|5N2ivhhMk6hmeTY}wsiQttG+!Ab)S98-IFl#xT>lC3bfc)K zPAjQ?uIUDpj=w{YM|{>KVJ7}}8QV7neZImL_t{VQATN`tU_v*|5|{Dd-`1y_FR@+~ ziG*#bDJNOon-|tV*GGHx#bjP2Lu0$3_=YYfl4owi0;kAIxMx*aB;VJU;oyT#V^zTS z?lgl{HY#%!_cI24h*Ly~Cok(vEF(}Il5JzKvtV4RWoA$raCz+Xm@~M6B=rsXV`6z1QTu zzcH-ddYc-6cJlK6{KKpI*hnVSUOf8BEDZK(%G@vP%_D?MmYSX9B@SocyHV~W2m?RW zQTP^8oQnWER&Is{pD6_>NWKcp(JkQTLi9}PICa-@Bo7>x8zhS2f`xa#{&=Ec78LTV zqdU!DbPeCmb`~`~QdAix#UVM9fP(K9iiji$Syhx;u{A*9j+^R?{ z9hoZs8}2f@nJUv+@P>8z#KeSN#A3qwk>BVWqoNIyosgg^bV9$6mwk|E$ZFnSBE38%9R=fko-x z)4L_>t{mFM9MzEA&#PjMj(#brP9hG!ZaW9SU+gO9`WOg2{-L!NM)d4Ou{+Mjthn1P z35a%xcGL(4tcbKdy9pVc(St=#ma~d(V=lrs-)%o zW?D*gWWxyHV*k3?fQU!Q`*&~diPYAS^m`h!Z-o-Ah;H2j!NQwmSswA=HJ@Ecm%N+q ziu#%!OzjuF4py(y`&sN3MvV5~`F_6-Rh^zv8;O1MYonYWvbUtzel3K}*+^uq5N6pC zofF@-iG#tPdeFAFC|1YzS-)aDUSK`T&zd8TzE^nH~ zEow4~$Zk-k$dyUCQ;HYmZ=yFgY`K$e0QHSB_j3_uUI4HFdQ_=VJk8gpUgPug8vg#W2n6C<=yM>fJb3(=fk96**X&fP* zCaGP6yWI$X0hDr-R8-_>GNf#KPlVk7f%m>`2uTN&J-4Boj_vxc7viYuGzYfZqSJd^E z!55efSSJJRzECLiOYeIhx%{?;y28RjWF7FfJt#LBS=lQ!PJ}QbMfeN5-T`uMyHI03 z5C+y#RZbhS-pfD;Dl3HD@NC?C@!%JOv~Ll;r($~G+KuBRo+26BM){6RfT7B3+19N+F~ks3iNosP(DuvMn54o#L{UjC&c2n1p377_mxVCAEAUD?{xT7D~t zPfk%AmSSi8^u=!;x4J~a|FY2J)FlOi)bhV;2p0N3q-$a4|67>_;b8*)>C#3VqjU#% zc;RM}V@}{Yi%ScBL7=6n1bNV!K|Wvb6?(wCBMrl4dKvMS)09}ax@csPr zO@?2Tv(2rH3nOMP;HcV6iRQ3*(l}3V{>X+ZOXfG)kGOLgEN0?EmHuSPnhYHj*KwVsLn^U2A%f208K7iI8A9yj2a~TT1lPkxr0qrWi;tr6!?bqw< zuPYcPM+N?3qs_iq&WUX1RbLxQV(jwg`?MfJSC=Dl7^$VV6c!2E>h>e*q+o9NL~TuM ziSE{xx)eDr`(0sSx^|@Et{afGEi^jqP+cDX+1e^>Ys;UX2cmesmNTX!q2Tf3$GeNo zDHzNJf2tQ?i(_LQE8USEZ^_1Y176^tsw&Kka*1~^8!Kz3tT%?D6Wb~A zgd@}Kd*GxY|d)V3W19LD;S1~eT0Vd|S z)Y6QUE1TR70@?;zFG+wW)Huvk1re@gbr69U1nARm{{zNqT3PWJLyi^iNoIlSd_68l znKnl9WS0Y?`}c192M9jw&z1U}ud(-Db3+uylg0~o_fYA)Mk#0Zj$VevXv9U>>y4}L zxIV3)yj*t9DA1NxX0|PN^ubxd%bD&DLfvflpMJ1(S+DkjlvJ_az|xQuN&Gl23vwks zk1tDOdG@J2KTUjSXedonO!Ud*xh}$|jRsJbWr-C>IChYhpzev3~+p zeRkpk&v(4@3!BS}T;`G|LM{W73_!1x~q+~mX!F3`2)#TH1LjVcF zDX|w+mv}nB&h=Bl=rQ1CKK$c_Dw^0-YI2VGDPH;$^>$py8Y6+EoS6P^Z7Am!~o+beLtC58ctx&7hoD zL%+9Gfbw(Q!ij3iKL=p;Zj8z`5Q|L>6pzbGKz}Hz1My$&q}`jW#%%a?9>HH+xM29O;(h7cG~GAs-@w7ZQ`vlR4f8>W zl=CZe3<3ua@)Em;=2T%26AuJ?a#WG<2u~7*0V>2o_BTD&OdlzH|N2UJ_;Xqg#}Zp} zahDcw$Yue;_t(4Y3J3c;XTN@{n>_e;U~2@B`hnTs|vzp!FYx;&D!uu@tx#KwlnH8&lvM~M_1MsNpG%%226+=WW;}>AF@&Ia6`1el zfiRvJ0DL{&55Dk1j{a5Gg(Y9E&}Qe}_s;DonGNCGuHW_yB3hx=V!#`a&zcNd^3od*Yd)J-G1T8ss_Z`cac+s;3E0P7zEmYF zCkQ|m!7K%rt4>3Cidni3a91>q9m0llj&W;6)q4mR#h?jzJ5HrLsVHIRZN0|+>0%G6 zTXuidN3Zmb+jg=&sQQtm-&;}61eM`7K0r&>dN;xK4)Eo?hmZJ~YSyAzvNnIPr~tbJ z$`Qz}B?Qg+pLWUD-XE43IDl#N!;qIx0gMIbf?Rm^O;+W>uFb#%%aFNLk}nm%ZGOhF z#K9lUsqca3Yk41HG`r3R{Dt4o$G(5Ww?4_CQ`-*B`V$y;ju{`Oe8FC}(m#F*UbNj3}7LtZig1A zUf|>OruE;juf~s>gpY38!W;cA2xa_1JH4wh{PkPkGywX;5*S-X7WI4A>HR{wOumox zWMP6lk1s;f-;70asV)&nb5nJOipn2$0X*jJyjvJQC!&~k!LH-?c5lF1{NR<@#*%pR z^GyMzcP^dZD1};l=y6Qi))T2Oj%OqQp;_jip!ooC&^3*yVc1q`5-O{6hJUj30=5fU zFTTpkDpS6+&<|iUD{*n8m#t(K+h^`6jT0byXMIGugUTT*@M({nkf~T4u)bn; zW-J^WZpUc*<^LsAb)+}c@;wv?;p>3D7+oIHPRr+=+BT{%=^rf7nROkq+;0+0k%z_a zp{o@GyIOKF4*8wOmj9zMslLN08Jl*aRb-7WKQ@!hTSd1VU@PocI@=mi!NK01XgLkO zHP`LrB6tL_<11=$@uIWsXmpo%+=JSMnarW>Oo-%t?KN{4ejvs9(zC!rd|`rc)vk*M z!XDUiLQKiRb9 zg>(=GMsu^q(cie%KRC$4PRo!0FR!fR$pTF*E)HD~2|71s={9DU@wNP1vA@46Mb5VR zOD1lg8JU=Xq}cl;w19HP-qDd4NP?Ueo^mJktMB}%swyohxei&-0y02fU*F=_4_R4R zzbJDn7rg@S&UUW$sv;*JKX_0GgXMV2ARq~5)%Y;yQ_?(8qDBc&F*zdJIN)wTodG<- z+gnmvS~Z6%Zta30N_n={ioDSYg**M{`*&Vu>SXOQdw^mCveVL1zDEKAKr=Q_-~mNl z$dFUIb{Rot2xyR6RCx)HD@hUYAGsg|c0W%BZ#19L(U6}`9+WpxhXMq^e*HW`i4#}x zO-yLy@q07vD`^*ZpNwmRRpw8<0%@kkzbazWeTXeZ#h*`C0yZLW>e5eTdC)CO(>>LH zbk0Em|1hpI9(;;s`Q2L-0P$l(fU|4XH!8Zs7&jPe9+ch8u&jYq=4HHN^*P)NikJ}F zNp5*B^h@B|qg2heA{p^-KDU~3IAT7mLyn&C=3P{WUbMU?V_IWOu5r3RcW57b(OhI> z(kW7!8-2Jr%CDIth>WJ?o#v1r+dn3y*SdNp?b}+cP>CNiz5@GXb<>yauB!-Q9r-`d zT{fVbs|F=bjh=7#E;>pRT||G$ba%RT)H7u-TBP$m67!%VtTjxM5K|BW}@pO7z*E~|0du-9V!x0}VdClRK zeyW9-<_FO%3YyoqlGEdBdqJjJ92JRo-=jvKJKIO}@rkgEfB2pH_S%^BhvM2c#uAfw z(0vsVst3iCZz%8Ipcnj{S{&Q?Z4BX9+FX81DUd^p{z?|;xuyq?Z9PSOZ`j;bt>NLV zibv(;<2*?>)JojHz3BGC&NuRu1Pi(Zy7F6%Y-9I=&N_TX3dEy#T(bMT4BGn7p3IS? zru|`2sN+(K#FLiR`l7Bt<|%K+krV{4za(K)Y%kWcp`w0sP{8EkI?+STHl9Fr=}t?c zC^*-JboR?T5Zi3Xv*bB*BWg`HolH;!?2TxY4zrI)D$2c&yE%5uqVSba5NXB)#a~kp z{kSQeQe~tXzbnqCxO)(2@ROp{bbZRq8bfi+c0J$ZuvxWgk0b3Xq!tNU#t>#*So?ER zJNu3Z-?!&sJuW7YQ514BDm;lM;`aaP1t>_7e%M_i>u0MUF-RDHJI^nFvtS{ZTt`x> z>Fj%y^RIQ(&@;A=J8K5|zopq@bf|6CGL>J(tFNWd1@Ul;Wo9fv+0%YKwa-nwt)X08 zUv!#i8F)e7`CvQ3(vuq#vA4^hnB?8%_2tLK_A6?3!H6=PL36$* z)3v6()fE%}NuSD_4RK>N&tArk7 zBeL`Pp5y6}RCU`P74(rr&hB`xYvb;d|wz^8ChlG!->Yh-I`pipw2K35PakQSp#kql=30}iO+HK?+ztOCgZ&rC2mCiQlzDGF<4S6+?MFRWEhE`zL zufxFE6Jgg5b~Pnkd(Q{7;cM;>Ny+bvxawZTUC89y<)1`v=AX?EthW-eU^sH~wSL8B z0iD_IT0herj;^U0t$X4Ep;UH)+?#4i-ELW+Uo(T8@BhTE{8VM2SKBE5WUbBGziwdX zHh5HBW0&E7WvSqbsg3-UAL++9Mfc`Z7$)Zzl@4+7KL17hJgL(Ml5W-eBG_u4lMNg? z;0%f6P*CE&)pT-@Wa5i9Eb~aw<5AO&vsi5=`l5Ty4Pk#0C+!@RNSUSiZiPI~Nzi*c z)xnc6>=u1;i}O}brduG3c$M&|+%XRg&9JubFx27(mGiLj%BIv}Y%Hbip|tu?o@8vo z5@M(hdn_eoO3acD`n^FWN9ek@JD)VVguw8p%W(7QcPnz`ul&{~CyV+PQ7%q?u+vx6 za=glV_;w`6RA$n9zP>&L(B5m;1z1F7KAB5$%9r%7tPZM*S|&3`*-h!h(^_3Tx(->& z>P_7yWnVIIIFH(4=nDIOyEIQRk?FENxkxp)m)Ue1Pw}|}f!A7ZVTmtbxw)nK;{5}L zQS|68U?uZZ4ztbj)!o>QB9Ck20zZ!81I>Fl=%YGlAlB|H_v6ueeanVoWN*ZuHOCTpNCFaT_|H`EGYL}i zUXtbNWN+xM(`eV1@u>4APhl(mLllNkx@zam_2I>v9{vwmp3cE-=bmg_t@z4?bLhgx z|3lMN0JYV1TeK8t(Nf%<;x5JADXyisyL*ef6ev!LL$Trx#ob+kdmuoO;Jn-KpEpBh z7!s13o11;sUb2t*n|NB*&x&6X$?bH=O@UAUu1nTZu#k|O1|wsPj_KGDR3a?itw3hT zAJg4?&)+U;YmZYfK$j#SkUB`Ff2@vlH0=GN**t1?KE+SwcSBWj<+lIU!`BJoL{D-& z-6+@>C@Jj+yw3eTvTt}g|J#s=Xjp#duWpme`4PN_mLsQRIG5x&p*%mUGt#={o;HwR zf=@(((wEyIqzKr*^DVvxsXVBuyVT3s${sTZjsrbP>SuFlW*W$7Z_4rkx>vO`Uc>HQ z?KHa_sH11|){PaXfM#x<_hRI-T!`5qlJ_gI69^EMC`DBdXk0~eEY6ra=B?&J`6s(P zP+AOCe0>F%mzQ;!-^a>O10YD-3l$0HK#FajXK-+E%q=czXlU##q_zRh@4`YF92^qJ z<KievZy&xcD+ zKG_-YP+DGI@bl+a;H@-CJp6;MJw0-&s$R|H+uPei6B9Dk|6VLarKAq6OHxu2_3hiD zva+a+z=yY3Ia{+cGlqdOezkRV*ht^HLr@GZ?M1_nC!REPbt9MUWtdVq?U&e5zWG{P zGoYfP0`E+}I;*Qol#p;+@ZblF0XxAP;Cw;+MEq~h$#9S?rI&eQSlJpJ-oNB=gSz@6 z-B8@9cJ2x(4pM?`TBLdch9%Rnw+=V6-bgm%uO-w_ny%Kh)FK%v;;I%WQ0X5nJY%m9%;+LKnT3NjW>K?EGSM1s3K{~B+RxE*N_T(?m;{`{rCpseATFn% z48C5fvhO2uj@DcF0k%%~C8KghoLETAU!|C^N!M5`nJuTKjj+V%Qn#zGB&m`qZL&15 z;F!5@89$-C!o{yDDz1W$1CetUy=eiFuc!qvg$_9ZbCU@*}~sdJ6kb})WtP4&^H2GGJqCP!+2w;85Oblz8xSuezVgSHOdd||$IriuAXCChbxkCs6TbnWt`_8sK=8{7kf zMyGL;@n2vPL0viZ4LMGFi$op^_Bu9#-gLK_bpCtt-Gi3+Y@!P7q->nt2hbWIC89zcTSNWDRmZu8_RDDc2bsRns4!NGpL+Ou;i;e>)ryyg|G;iUCBkjvV$N2SH0V-e zVTY{9!>dvdH|i%>S4Kh|rXSy5GXZGtfUMN3%c(9a17sFp)%*pA46K?3vLs-agE8Wf z@u1OKPZ>{#$%FH59EIres2EI2GiPQS#C-W<{E1N~qi)=U$3KlMMypTHQ(XtnD&^;S z?G-<0jnAmqnsAb*mAX=1v$mTP9;IuL;Xhgs@U4ps>#qka(=USp zz6XCK&BVf!42PKjP!CvF6!qlaI(62@19u;ZQlP=hO-72drs+@etg>V;wT+<#{}Cmx zMJ4n+WBziT@KDB3O-;l7)r5LGgS$vHB;uMj)dxF2NWx*%+VW4dZ5IE?9nzAx98rU?3D< zNTN6R&Ud-DaDeSMMq>Loy)k%jEoMNl!-<`{Ky9cZ3n4`TIVQI?6Qq4YaqyeK^`;UN z>dr`ok1`Wa9iQcxH5}gHcL%lmG^GK2;8j)A$JS7X$0t1dwVP~@L@QMdjhJ2!9R~A{ z?T4+5Xh3K|iP9$yyV z@l?!fKFL#{q_=h$24U2=^d&f;pLPR-^pU6>hn=DKAJxs6e(7mnm8y^XDuA4C00u^CF!oh1qBIsZSbW^ zKEyDxx}N&JVSmV{d_#(zphUMd_09C=gh{O0jzWMZcvxc=&@N@-l(%QfWejqXRtdPd z;|-u=5>(iwO+{VzIYapq~~aSMJ~M!?-N&;R0_1RU@j-gXkKc0udy8y&tvE z5D=ccAD3fpeeOhl_;+L_hvi0`lkhWyOTVY=ZlsY_eqpK;B=L4pCdNno0R02F9$Jo=T8qP!b#g$^3^C%Cw`X^{0 zVtUC_=V%p~16~V=xx#dKv5j$TF%L~G@%#JXIYPv!Xl*W6rF_-H^%%KAgqP<@={LlL zsy=!wZC<->S8{|LF8R0~n)R7KDQFXf-LSpDkD?Ld)Tb9$>&<%;!`kpE)7IOIaf3s` z+TsBLxKHX->72r(Wtu(6L4-0BTQeBQ{@u1g#Y&1zXg@Nu;<$pU+OC=0CT zQy33UIQR^iNExfpT=(@5zV=X7@o~Rd=O9w9c-dp8)W=(yg4^Df{`ML8K>AO!mrkkQ`a*n8 zM*M%20N3;6i!dj^+x)D}kB@*p4Tv+GwWYNsG!68CPgj?AWq6=gba7am&)z!ZzZ+0{{FZrq{C`5-0b-XRpRB(0W1SqcBR=ZUpU%LkVfjHuW zM*oY8if*sCanhZ7^`9YJ6ma zFX!eoO-)U+*L4`)_4V~7rlmy;o992GasZ3UuK z?d1e-UZErjZC?3#96Z~!d1*1FD&l*VX&yJkp@{frml=|8fFRp#bhm~dho0(C&c&ax z*C)^PkwDXwTT*vX*IV6!!h5{nbmBJ`x8aJaqsU^MVx#LB|)g4WIR<2ZTJGv)`}aF9dVOrDQ^>Q{_Jm?e$6ZW4$AYRAQ3G5@SmG`N@tTCD$bG z<4(0Y_U2iFCPJ_@ck%}qCf&z+Ag~b;iKbnU7}BR2)xU&LY^i@t%+5=Ao;>u&RGbnf z$(s5}!$8r@jZ3^6UQ_$%6UwhL2W~YxYcVuABy?S7xk7c#K(zY-daU<2!BSXQG&oc} zy}%L3A)~67A$zD{AqY(ioXa73Q9;0<8_;W zZG0Y{IF+pTx&?!UK0uZ!6|kn*&UmGEn8L z^X`|Z)%q82>sJ?1`klA#A2tGOLRwdfweff1BEqVEpNmzs*&qbNjVsFlWZQ~-Gu3P7 z<$1H_zbkHuqeW}Ji{>|m22)32XHm%-l~gbX1C?`-^aqmn+Q4f0Wj^7-=ds0yrbNd1 zl2q?xCHHKTfZ#pZPy=7QES8kXu28kpm*u85QjvqUYR_mD{p5$sqabOW??COX3=Vq< zbP1Vn3EV zT{&y#S98&TUhJuGNQO(SpzMLD%6gyeVOJ~QTNv3bne2UIg( zUFAg<5gsM6k2l(QvEiljk7U$j60K^zF?_yW!dsAk_|g#l58Yg<2JN^I3R~RYQD;j* z$vc}e``MVchVmo|)ltm`i!T0jv0BWug!pW(V^&akeNA|23m>hXkibHUR?+_Z*KMQD zbeR|J?`Tx~^xwlB9X%8qI91^w($P-*oQh)zv3z_-ZXz%><$5XAFwo-%5BLKc>z+s3 zMj>@gsSw%iVi5)vEIgd<+2ug!vE3ARo??Z~{%7tVdTz3H{zuwP zca1E60-yTnMEsq241$ED)P6^|z4%}UwfV*KfX9}p2?YfETUVDSRVOx{MHYS6%sJh< zW2NnN+whZzV+~m?7S^Vjn=M|od6Lv&(7c?qzbw$b!aS3d$mi$CUgC@OBTt`D4$A7Q zCXTOtPU|&4V?9)3;AiDpW^%1wAojN1a=n4NxL-X#?o=ubDNs^TEm6+MxFsjee76O_ z&;>Y6=x#f?663V5$rxy}k$3JOsRfC{g=5C-xi61?VXL*Vgo|l2--*clyb0;!1ynk# z^*ka6K{*i=f7W~?@1W&57#NjlM#8V6r2d$5Uj7j_7K&8%vLD|AE+bBNsgEs#Os!XA zkDnMnRBm0TExMi|n!dvTD76aoaOdYWN)i#Zv2YJr-LCuJAv>4ye_e+OWwQjcMJ%NOwA7)5nY#Em_c6NmW_|T*$w5G7bhQrq>I#@M@fNH zXEk}NmS={NX`G{mq2@T4FK8dDXtPOq@bGH>zQ11XBl(oaPUW0s|Omz?m*(X((`TU`{p#A#Tx5OHmc#*6|aQ}1N zmyf`2F3lyU^2Au(gsyuU%g`eQPiYp8O{2+91KhiQ|Yx6P4?o9I-7-$BM;5Ym^Gv2SZ0Aby=1n*fZn&dzQJ zpN@-GzHbi8T0nxg93w)CG`-*vT}9IG_~fa2G%ix`RJZ2<4CW;eaHa9>$OVGjOiWDd zME!T($-`16CX{=7dv6Fiky1zYnG8OCf{zT|{QaA~>8^a<7SJp$>oV@|eNplr%6`AJ z^U`~I9pT{O3XPTL=l2|+ua~Hjr%`#S9?Cu1pG7*d6R0q{rzsS@4&J=BR(0r#1Ar6v zT*oFS1HXI;QxW54+=WR+k4Y-!`Op67Rb&H*Yo{6U(Fz2TiheG)zhtDI6@^qT09 zXb;L=1gS!+yiU)^-{f`??~m~6gkCVxK1q}&cr`P76Dtqo0`4vAU9?w7HcL7X=FAB+ zT)qIFOl1aI_3&~@)Rf^eEv?4Njx5dAUBz}ZwmQrL8WD^Y_I>%7~?nW61-28lSC zfkiJ8+MCHg`(G*EN5sI4)yrZV;?|cF7Y+LQ`*Eit`aXK#DG2J(>n8(L8Q}H!sm%j2c z$F8&r61{n~>q_{blKlnJ8DKpxF4aG1`u-2oQl4(zkr9AF#3dpM*Tjm9 zi=rKQM~U&A_%r1p?@EIzS*`}|SWK<2KcqhxPB-yqq8CeTL6d-<|cqCf-+;wk!{=R=*5&k+lW?5u?4V&e~RwaNTO?Vs_#PKP_y~&<~H1bUSG25<*a~(6->zT{`RDR#a@?MB~VHRh3jl)OXWzg zXHs?Gy2%`2J9tk~wc7QFOw(X>h?p&g>hL_0!g7po*V+I1?M}s(S=WPY$!M6$*8rUi98tfu&aEwn5Rl@W4zCYN&`-zszFoV+a24!2! zp-8K%rDw7r8F?2x4SJCwU|qL3%Qbux4y+5F>1DX&?pO_Wk|E82j4e0@iPQPvb`+*s z3#{W;S|0CmDt0sIJ6&-aHZEW-7_8UpVsy!WuP)0JLGxxFG71Gs%0J~23F!SnaYr>Ds-P;LTALf6%ZVT{Z zzjc{OM74YJBSbxj;6$2kWi*+rP{{op4bGVs4R1*7v`>qxs*<*;NMRe7B1N?ExB)k? z`Ja?g7+qVKijBWLugS`rON;vZU>lDECuIqLhn~nijvt+WIMEp(=+anTPeDw%W8S7`e7;?Z{hu-GrOtT6nb; z!2DkKagB*SNk|OfO4vl(Mpm@rKq*Q}*$>E~z`{S8X6`n8vgq?@EXp6X2Jh)OX*S7P zGf7N_EoGnWXCfz|&XAgV{n2@n?_^ZO1}}nuC==|+?lBm=N~eFeng-I_qtLbOwQoG1 zfDlhXh!f?Is@fMCO{R2o{3236*k^gD&*mRyovhSYoKK1L^+m%9^71ko%E3Y}AV=*N z_ph?gca=a}AIB!LZ2R=|Pz3Z>n@eX`o>@R6hlNep*Msuod~_1U+6Eh9STL>Bu>R?A zXIwQ-4(;D~t`(|LM%k;gF zPi@&B5oH~buDXq7jr{!9ph++HmwJZ@;2UF7NA6Okaw)!VvhPgbnP zsq&#QHO>;ZoGChcrh-XS-VHKPbg?2=kG5zhh!z!k=V|&phyiR5(9)D=XR}?^LF)9J zO`IxbUOxJ`@XK|5LTGnp&tFeo#2C-R371Dq#fS&}#@-#L1<`&ntxk`gXzotFP@6J{ zm=V5vEDncn@U*H5xVOory)!%kU8=4)D(_Pv(hBcmMfLBNs-`Eh8#$zJW7=sqdzD$( z=D~dyE6!ox=N8(Vjz?|Sb2>{MgLoH?@4px0g5qQgc9uvs@Ai8{sj?7*y}1Q3zH;Ye zG_-bh80JH9@$lruzQDNz++*Pr%l>473tPh!ZNU)@`!1%1Wpd2k!?P7y-aGZmM(wWb zJb4u8-)|XHknT_+8AAY;AwG*2ZR=4XPm{Q(kJg7P5mjZlL>3PY?Xs zpTalkDUz}n%9tgrN|C|{#ciqB`4cyPiV?fO#v^@mc=AftseLxdMj=v&zCO{`Hn!>#7CnyE1_mryJI)!)8S@h2k390)CX?>2T#BPBPhIE@MKqwvRcO#Q>bW!d zi8$$%s{juAsvb-RzAwdA~?tq~DZXLWlhRUUI6-ay(`PbR2l zkGFJnYUP&msq9_0kh1%utt0PWaGLOHOPz7^38Pi6DB>cRe;k+}VC>L{L9@b6ka-7% z7?ZBIHRhoE%eKGVOrDHRc=&cH=nSU4xcO_##2qcY-68kt+?g4_%;5`k^%ngop)8Sq zxvS(B@vnN2L7NdhxZ_&*sQQ<*0pJ z8b84eE7eK2Ep3BWD8doR`=J3(6XJl-ejDm6lViHm8*x_Y={sp!bAE{?o8;d04z_hB z6R$$cTlKK@;pNRgR1X~nH6Jui-W^2*s01&UTJ!LMMWWI+TC+t^<5k`OrCe9qdC+xa zsgt&87UWd3sctwUV`hdfP2Yb$22j=I<&7WWNtlX?S32tEw-6f-86EZaOyW=UxJChqaF{lAnWYSY$B-1P1`VcR*Fi@<7i+&D$ zKA%l$Cfls+hX_^}2vf2TO%gp(i>fZ>olgMGSA1pu?b5T}#r*two`TNgSyqCcaU1T? zvXlDfwtKY_XR&*M?;DH?yK}`Jo|iu0VYKED{$IDQ@u9=I@TmFi8qjSQQ_#m z&Z^6Lr=8P-D8IUslKiHJSkig)b%5Ke*JlZN_15%!vsvw;*yn^lIALul_{6J4f7Y>N{kd~sNqJPEPIOr)AAi;Cz7keTS>N50_0xBF2As?d4 zytXhtTiKf!74c7`qT*OeH$&Z2rev_Iupr&S^Qk9ZTMFwk$t`AF@iFQuQTg~Cdk$8$^!aY8~_BQwPNdwr%WymzViX4-NbqeYtYI#e+Ha}Big ztT!}+eM#>ZQBw5=iZ^atxP>sg?PU@bY&bGX%c^?pYp_bu#F$clCJtY~H1hvm4jOMI z0Iwz*M($chQl=TMNhLYW6sg0Ma{J-&9CkUV>au?|tty?>DMozEUtG>my%nP>Juc^} z@a907eBb$_+l<)EtH@$xr}k};;HnSzt2RQOj%Up*D=p)m9~-(JJaSZ@+lnjS)F0sTj-=y__CR zuYsB*Tppd;?K-HyU^N><>@~@bC&Y`VZY!^oGE%!G(b;yQ!a5F=&I%4%pv9=9WPDjH z6^1pSgpHTfeGPsg7SS+kQVQ1f#!Xl2pqdcHgb#qD=u=TSy%e#St~bT=vuj$_NmXQ% z!5SlD73J`FumZ7G>#H8>;KSrExH$v;5xPbf805?~tUa)ID6rL6HwTlXN?(4G8wWIk zE6Wowt>!Y}0Ox#muOBF|dBI{uRaAfUpY+=KJX(a?e0Fvwz~A8&R@p`Fg0(tG-|E$O z8rc(!1~8X6i-VqL1N1V^+=I(4`Q?Sh0vOf{RqH$2W9y^}idPubJGiZ$%7T)so4?~M zHk@3t8uRj^c*SroCY}yraKbL zoo9F=_nY`4FXp5G zkD}#EUL3oY0=^h??9kIuC(C;ujgQ`) zgU9W4-FE9)-9e{7fUM4cnCu7JvLsMkTr!5U`P{zF4;#@XJMT4^P3!RJBJblwi5Zf+ zP&L;VW@1%FV^uylgKzriL)G=SPnr>PuXEr6H~dKe4<4Yk$$)0@l_N*WRJSRx^p4Z3 z13;zvPKUo$X_6G!vsmP45H3)meB0jYH_2gInvl1pJkK=OZ+BXBUPkE29|z(qeMGG4 z>k`cbEVRW{%~KxKptUxqduuyg z`^3s{wa_yW5>W+q4V8Y0j``K0IkMjUAL#z`(AQ^6z^Oz+PV|NaBkRpcjV^P=^ATLy zBst=rJGWOZ)-M?>f1F_-Z~FYT4cmVNi3U&tX8?Fc)sOdx4|S@o%7C2Mp{O&^vwpm~ zG@B8)7+tjdPbd(J{eHgx0YVaQC!rZj%C_Du5TQuQD|_v^EcCBNqxhA5MngrVLN!{u zKq?3b2o=PykB^TdBM;XfZB}7OAMbM=hzVCfevMN(5A?LOVSqzOvZhfdkNk#nZ9&M;3@`M+5fc-``t62=|Kg>ajEw{tNN)aC zP__mm{`O1kIE%Q{riz+fX*_BT@o=PEO+k!W1Dga_zOG+NQUPc1=8U$v{@X=??3atW zsiheS4~Msd=rNHBhx9VD;&9yv5_Y0{q=R+Vfpb?D3V}0d9Fi!6c`>bu|QIe0;phB(+~+*93-c|T*Np0E#&56 zv!KHWjXa2svyQW(3IYz80MFwA=3l~pH$Vzn`w;A99N_M$29Q0&!AyTI-ThzYRmvYG z%B&rs-f2Q&?Kx8&fLO-P$Lq!Izd_wP#9mbSqykE{eyAXJ91b<$6c(IZmuBUi zXl!e#n0wgXxY;GE-h@mxx?Sv1!>4;Y2GQlNg4)*c z#vuOBBMTdt)JgmiA@>fm;%Mkh6%u~|_ASlu$1uuS#fdhdf+7i+VjH)oEj2A~-$u1%`S*n_aRiSPh)8XC4t7jG2y^YUE` zSeT~XPkY_RK{zD552xZr7B_#pDoAB-U#J#<%xTwMB$j|ll$}TwO!j~UEMWVqY+mQ5 zX+i`dOy2-GDZW_C-fMP)uEqt7ZEHsq75&M8T1rZ~+~>NZ{Nrq+;Ob z&VrFMp>@hKPL9O$2~9C>jSgTKQ_Dgg0S_l!aQ z?C(pPAmRZZ43KoxdRJFrhfI(=hgpt=D#0Z?s<-4hvN|TXIkHl%_&I*Q#%&TzsaT{1 zbll8|U&TbfYuNW-$fI1_dWp=EJzN0BHKq(bQrSHlNh~QBlfYbza{wMw`FX+9qnAg< zp^F!(vtO)fMhqcp6l4CDiRQ2GO2-|XVBIQQR`%Oib%_7q`)d*iRsKeO7IG~VH8_{a zf@I;Ji_BVC=?+=|TFudvm7w7p85MK2#NS=G&>%fnNSsTe2z%)|EE zs}T*Ek-y+kVM(k1ueCSkz_n)Rb%~UsAdp;AeEDpUW$oA)WmPgk5~)NNO%`al-)vIZ zG`f!60k*RDYpm+v82zwO!WA02bo^uA(nT^17z24;*?aC5%{)bMv`$Y^1~K#JVgVzyqP2yk3r#PmyOXv`As96JV`0%@Pfm>9`C zHFsy3!6hfUbE#Vg(7?P*C>NpAny769QG{9J%PZKj?KSBN=9S>ybxVL=_TEI{2OlVz0 zPI^ZI=b!tg4!O2Esk^eo1~lH$%(tY1g&@`w2oGxf&ZSgprIFspp=pW=>im@W;5(1h z{x_du%)oB-N&d#!=#j4T@|D}y4VCfd5T@vsMpY(-s1(4vVPEkM`Bb4S1>4r8(hU$3 z8dyp01FqhPrWJFv?D5l6#XS;KY{9;YRV`?-H?0Jiht%a19b<_sgnyzu=+zr=L>1XDd9n08LsU`$e>ZEL)W+uSL7p%!Vx+)Ba@4M(bZ`Qw;L ztk2)xg{9@ruu~E*&4k%gT22x4WQp*BD4oxZiOGRIjt&u-9-V=ibqmOp^L_OGfFqv0 zS`QFFtI<|9kb*xg#6&j5645*E^pqyzic*rHV2G!$8#+Yu>Bfnntg5Y z8_Sikt*cY~{tGi&z!Az0qvEK&0%}m-mqWvpna#}wWgQl}2#!XfV@MWIe{o1of=24C zICG=H|7!0nP>lEN!h(k2JF%S8k85UrY@G;XL) zsh#PeaKJ(xPy)^C9co%?+b6VKt1r7(vxX*TT~6b6ro*F?*-)eMXlTM+?;dL&JC7Iu zF`&CrV*`|9hp*(}oioSxooJ_t3={;8(`aLHuP*a+SFj`h^{WZkov$O3tdCvaNSq3r z-|3#+vDrtE%QCJ$I^H+=M&%xFkCg3a6aEi+_vxq?&5zHAR;36j|JJG!`LNKw*JS$M zgiRYfSwfD1Ax>Q@Yt$CE1)nq=Hd7CDW`RlysHSj$X~9gGjL^Z(uhk$;cCb{yOJDGx zadA}^Vp~-z%g9!~7f&p@H?T^_5va}?Oz~55B!itX3^iGON{8ost1V0KdMD67d^yML zpb?1eKe>JOgE0ZlLBN{DSeA6MmU}Q&!T_k;na7>Ud}DXX{EMR_Vo*(F$&GaEj7L zzEr>yDSt#hT^{hd0bCcjtH#(*e@$B0Xu{5|VY6LGgHC5KCOI;cfImJy znr92~0F8zZ8hu*~%d!&*c_Lf^6>+rezl!Ld3UI;;l_F!Y%Y;a; z?*5%(I~`JlK0&v8<{FmjYA4etwg}RR)6-h7zKkiW$IVma4l4I1ue(NkiE>RQ0A{{@ z`!+wlD48^3U_j>PWH|(I#8+x_IdA@PL~U0M3s`>ps+W-39TO9io}WKGGm{926$~bj z)3dNtj^34NGL^3en(dS=`k%~ZD@%AeZHTIurTi~&!0_S2&Yy3Ha4BhN51~+z=ilaz z`UC79483zz1u1W|A~=;!1^@1#+>uU_cY=bNdv~hR?GE65|V!QREzID_TCG zsz|^HiYisgt&i`Cnw$O#kiPyZ!@3YQZplT=B+N&ASJcDt>neN%2YQnA4KB70x77;C z4pl4C;jk5relsIhaw8N@%cQhL-%N)i{T^7$|^R-w}RW$F#^B7 z*YSUhuIACVoIlJ^H&9;EBN#3c#^WUHLMqcEtH>+8URQOrrtIR*Y=~RY$PRc<6`6#f zEJICKhpJf4ZwQwaZHQGt<*EpIaHzJ489^G_<76UMHa{D;l=Br7hliJv?%zHGn(NDt z%*qHXdprch?m!RzT_#p$QByK!EO>fN0>JBGwEZN*9}q0q50r(-ao-~;+WDODZN2`| z80iRwbD*sa3ZNSYzGBvTjjohOh&whm92cV_;D1gTps6gXmr}Kn$1`U2Nt8dp@XQ)4 zXJetY8~K7HzFE9FdGPGFez1b9ku+KaAdL0Er$Lo8$k0~um1=@yULrPGUU9|TQ@SRA z3Gi4PbteSWcX`3fJ!O4Rkt9FZp+}ydYGec#{T)e$(e!kK2yRtI8)q}Fh~FO9OCJ=x z9(eN+uem7z3M2)+&!=YXNqcxIO1R3IFsdx3C4~1f@CcEkFYmDEN{p&){b)OPYF4g!o($UmfPr?Mt!7Y zY)C%i?|OiZI60a6wmiK4x=KGhQc>|Zs<#5P!%%H%3;}PC0Jjd1AE52mVn}r@Ih&b% zx0{;ecyLTcv``~y{;+fBlk4#7h?#|j?%8Lt%^#q%9os$VfFz%4B<~bu934#}Oyo|e zg^uTUiBn3yE0He)dSc-aR-fotf7t zDz_SI?!=gg5|)lVQHx7W%i}ZEc z+7s(r@a>zFcSlh%i@-wdy>*mY0+zp@dNzf2?s450NhR_Wi5{5K;euQ5H~<<#wac3$ z;duiF)L<|D(Y*qj*;z{EW6WzG?>AXeTC1}M}mL|V-wBH;bt;#XTN4c%(& z?h2nsD+o32{~bo@@(^JAuY(6G;qY5 zgeH*~J8iQ3n(68JOC^Rjq36he0l~;`$k$kdt|S2cVhz#x+$xu=ria11f;EdAZpK5ATThu5}b{Cwfh9@2ipzI zR|hgj3kA0`dbWr!aQy8$JuB_&94b%F4in=37JZbq1Tjk_>Uw#W7Jfbc6 zq^OenLrIy{(m^;Z5N#b5*l=^|^(#Um0#j>>qOv3rmhn&`1GS9tY)cS*!f&{@IH;+d z0?4k&0)YxQx8+L^Ct}zjPXom?@_Ed9-H@UcH3GtG1Ymkvy0YablJ#GvPOFDY;m8-l zT=lqZF*Zoz6p)_L+vh!L-7>Gt<{;0`Q!{ScgA^2e5PJx=H*7jnW#JdeX>MESgq#(WXDe)Wx`0J;tv&Rd z*s9JdrbsEoniC`5f8L*NxnVsM>2AYRWgKb>>qd(?AIlJ2V>L4AJTR$8L$|ki=!lBXe^AFgYO_%K=WuCP#gQrchQz|aOE#+wxG2~i%W{M*pmJj8XkKKK50;g&U@QR21B zrlt&jAFRbSXR@F>h<7<8Rf2M-mAK?C6q>VXE}qJBlG8n955C?2w|)d--t@U3S*40s zG5tMW#!&OqV@VRxWBxm=MOi=nP^g1u%HqZK!Rp=pbSH03JTDuOGIKa0`67V+rXOnz$@25Hr08_{SD)oLB;uLX=O3KoW(&Qo`%uBBUwT z1BkW?uSlI}6c-`pi$Sl`7TDcxDC{zg0|hrfMK08Zt=qf#7EI#4H^I%!Ik5!0(rx}% z)}{h1Cu&-39qz812fK#H1VUcFzM`&iBCtU$5U78-YQ^w``CQ%j|5&yc*U_6aOJFv; zSk=J-oPpUslE5gY6d>N>>)v_x87i-`X?;?om`J^Qco2&0-Pzv$H){;A z1ONsAlo}5|fNTU>WovHUy0?DtHA?%wHXVQ)@6(&vw-P|o5)CaMn1T&VSiJJ>Kp}}E z{eLfjq|XWvG(B_|1d^J9r|KJ8fFm$6KEAkAE*nwA{SZqqCmskkG%Xeb=}>Cf_@9fA zPfV$A$VJweZlH_RQzdDhm^v+r41F~cXi0Fcy6hQs00vQdVtZmueL*WhO~= zh>sPkl*s;pDmMY$!L;u?odHb^yYym#cMA9NaTRpet(C#Lv1Uv$VP#W#QgsE7a6L^fQ-C?36nBoxN<)GpF!#fh_kb5jJu@>!LL!LXM)527Tekq z|FX8Xm10f9#Uc3<^~;s1yqvLm3UIIv3AKZK>Pi4ZFnY_Ebqguk{>_prS*E1=cpyk% zZi5GDirOT-w?VK9uJn7k;s?Z|0mSOg`U*uVFRZRr2;0ja^y>9cecV5@lg6@!HCJr*7y7s#ZOR_O33m)n6-P$WmdmXMw#m zc_^8BdiqiOT36_L2hr^;Hr|}SYl_v`eFX`|HUR+uPw9OKBA;1W z;z|2KSSQ2ZE|NLR<8r^`VpGZkk8wsSbPVpl?nNQ(U(3)Vw3ZB+((-Ne_Iy4`0xaqY zqPJlNPTuo&=&Inn4z+-R3hef~W7jmBR0ZT@I!ssZ>Ld?>r2Y*uz(zV0r5K^lJwZT~Z&YTZUjfTL%@#~qYf254GO`K=V7sg=)$k+$ zwsNY1U_t;w{-F@HTtb!7Za#v%+t=y#zBs%3Hr+wz-eh%_D*Wnd8#G+azFsXaqP|XPmq)f1o)2ER?TIgd}=fJCRxpM@V5xlxI@3gRUPFBKH9yCZVmySrz8+(V~B*W1(}mUJvo^CWdsO(Ld-$ z{;z9}(U-}T+P3Y41*?kk@;bBtU_KH9D=Qr*=l8E);Q*Eo7)k_SGCgo7{5|aKi~{Y4 zLeUjuF##CtKLt!80t(I%P>(1nDH&1~fZn&Eq2V1qJ}`wfoZ@vX0Y?uLNh3bi!NEat zW~MEkK5?AP-^CYcAB=LU}GlPQ>Mn?L4KQb^3QKQ^dQ6vv1j_%dh z*Q)_LaRIX?^(%k;`o#nkbvcD&{lW$4x~SjHNgnWjKt>-xtrf7wVe^0ci2%wG0KcfH zdX5YMHuT>jkTt%$w}(wmp3wc}XJKJz;M0A}8uvCJC&A>f(n&20aPKHyeh)%7P#{+y zb9r&TE`Pf4S5G&?^ZvoRvX5-~glL$3N~kriT%SHZM2o|Xh77Ns5iSyECsES3Ti#g#0uW+y~Vib;}K z(0Ug2gOSo{`M`o614hP9#_Y|~iddz^#KolhSR+a8Vr8V2IWn!4g4C6!rTnSrd`x}s z`rj$X63to9>8cf|pHP%uQF-X;Hl`hM9Xvi0crJy3Ego3UeT>r5PR260VA%q0#|O{r z9e$r_EB)H42#%vs)8*sG*QIm2zO`>t2=$o!GK?gU=_>mLPJuTUz-VEN$PSGmZ77X1 zzclH^YUF>S%3uEQ2GKqNWz9WtWm$t3Y(18A<_1~^bDg9?TFq4~4ds#$7K?y1;Rm*s zuf|U|2^Fyp6z@?rG!tVM&*+8tFpYntk#r?Ug@l~~8x#vm<+~^-C`Qq1XwLDnTl5gv z=A(M1&at9eMv zI;$G@?Br$1cq;U!I~G1Z!gN}I{KfDn=HDaYN#xC57~kc6z7~qN#c1vwY?ax^N|-*^ z|J`E1Ju~#->C*r9dH<=HIH2!~0Z}=%J$^MG+8?-b9chz4u-sy%Qkx-a}|1gmM@6oW0L}-@X67;~U>N&lrp(4=HQS zHP`IxH)RQ|r_|dBy}h#3&`3i8|4BnHJCSTn8?#no-J>c6;##l5TM~Lr!}vEfTS2{( zZ!&yP=!EW^%kVw>paY$n0_+n!Bj>t->N}2wDP7~8Hf)TTg+ajM8ZMoJ*VEM{SwCw& zD${lXcouN9$zH^>EsWiupl*1TtJ?mBIa}gG7~0!*Bue0kVpbM;gyg-3*yXRw7;jGF z^`#K9WKB(47#zOD0VLb zhDj95>+r~5Hn0^}OAlE*F~eiuoOUTM^A@~Ad5~PH6+r!19`fm_wp+j}H`L{t9@6Zz_{m|{vI;;g7G53VN#NO)zen$X zxP1}@o2aXFd7#;oJb>6S>KGF9yJwa3a!Mp$!FzwpEZI1 zt~?x~UuUWty(F}sRx8A@ED4(DRSLDfRhV*zUmH|m=$^S>*;Qp~A02w4`xEMf$k8v2 z=w^&`Xc=WHa`5On9cn-HSXInptgBC?e+UgdDs@0ieRIM5xfsO-bv-GCW=~(5#aks0 zq7dTC-ElH1DsHjf1s?A8D;q<@Yrkp>dxxDq9#qfFwa4!7PnHWhWx6ye_U3n8n#@Rc zy6Js%^6VK|t|r6AN|nQp_tN?&5(h2&InURTTXWcYkI4LKX9k1h?#(lI62t06%C+^M z^l_mhi)BuTN?RB`itf)(O(X`#)pIXqbAIoRT#YXhK7h-7i_+6MoqiwA0bV7}Jc`VLO%wRg|l|k!Y5XJ;T zU&X&fcPIvmC9WrwKe+qWBs0XWQ7@#O;|EI^=gqQ*dc9HGr-_)`Z#EXXDAQUf1-~sU;k2hLc7^{X}?6^7wN+O^e*R<}8m=8-v|V2<)5G zJr&_0DX6D}m~-U7_1|XuZ5)@1j!FNJ6lA9mH5YMn#8=sV$*~Pz?0kdiZ_7PK;kl!r zJdP{2L=^PT8ylGX$)A`{gx$Epzxv6vPts@W31l>0xe6CVz0+cnZ*dWAkl($b+Ov?9 zJSlbhfe`+~>RsSYd3{Y6vd&2)J@z!@w6EQ2>l?)XtS$Pir3vokk9@z|K`S|X06Png zUgk2{P3HwaVRRH5afpM#%%z@Isja~4?Ia7eeh#9?3`IgZQz^<5K^Hxg_t$I)?|RM_ znb!0ag|lrzdDZbTa%&0=n!4QFHLQ+DE$`4>3w28}qoNxA1Xd z77S14?adRNh_MsH2Y75W)OQc&ecb&%)_dA^ca`*s4Nk^;ps=}eZ+^AG7PQCtC`n(z z3s;-9O~9iS>)ZIr>by{{H*c1C{cs)Mvzs_x>Nbwfh0%FAQ=dxwU0(js3zt`W`@*cW1AKeEPLIvK z>$f+;K?jTrk2}^~T)lRUzuFv5;Bu7`o#(rkcTxDdKi^VT(WvEJTZ|biW}_1>5Wkhh zIyL9J$YHo*wRbd-?9hW#+jbjVpW2>#b_zl3>N&1{jagAT zc!>kaa?gY_{IGItuX!AiMOREqHth6!hQZ%R<^^M{tj&bO*l9!hYp) zy}k{!nIhhBaeHb3qvf$%P0c;OfjOQ#>t2dmS7mzASv>6+Ww!JAeTLns>}m-0zSFDI zlhLBCU5&{5NiKU5_dNTT6we%-S=3AOKSu=Eb!wUmx+k}7=St2%OQ{C41`%c#2P7OmminPQcuzg27xn6S~s)XDER z@jcO@@3xza)34cidqia4|AWrvWLz5$^}g#`E67-H^%(qFm6yPq(o%AX|6f zok43?MfA>*HRP=I4hPX)pD{??p`?X{kE5!1)%TZ~@1;qFHiy2&ufy!(=E5%PIWK;{ zoxHB#eKh$jyxkEG!HucKa%b&dEj9tIeW>fboYUuQ9ze6J4F|7Jv_{jT7BGYX9dZ7I zT-9%11TE{}2rnKVMr-ogtFH@{xT_g%I#l6fmMgLz#Mq6z;(!RP1wJ$PUQ6qmra0a2 zCNC?)mtZ|=C8|u4v)3<9HkT>))Y`sXLPsa9YenV&3yiN5xm+xQuOY!J5B57{l(p~4 zF&Z6h9ZEPO_H#yRj+-8z?xHCOXvCSL(Z@4CySm4p>qLv?SNHg(xQ9Ti9^Y2n=}>%6 zKqJZ?>cA;~Ciwn6Q%zy!{_Hef8s%ODO_VUVK88AF7;*mr?K$p>Fr!{q;PP#!-vRdGigz2B_pc!==cm?oVrK-M^n`s08 zhR0??I7Do#qRXK+H#0NvhN^fN<%8#@O-TIJOBaE|=VLjTUP@yhuva8`w2~UjZ%Kv2 z;Xtnqr9WAiVg{$7S9I(;-h#hF+wm`~Byx1)fI*%L$ z0W5Xr3wft|D>07r1{3<>ID8Syu3NdAP(1ci;WcpxL}2dE?PWWwMx(7n#~1NvJ{V#O z?};R3j38MOiZs(XHl0&Qh%p@6I>3G!-XHGbQiM0$+1TBcGzo1qDWfyqjbj0CZWd@p zlpKnuHLnw-9*-rwih(e=pZh2mK6U^{e4(Z?sjkH7-|YKW59%`<8<&6p|-mEn_~NJw<)(}GC>PFit4x`F(P&ICBpyQKM8@U6`H)WGHMMhQsFZ@G2%}d; zoX~B~xpui_Om_0gcX#id`kK8thwqx2uMN~>U7^#VFZA?>86*}Kltr>vh9a6ZAi(QYKm7qwLG_bw z6O2CHK*ixdY`(k8iO&6C>z%t+_pb3po%ix-sH$Y~`n1`5V_fUC;lVsU9Z_4|8Y8oS zk=dlfU_l$X@!vZT&m~jfp;W70#My6amHzy$X{ggYw#?Z5EyeYCEfl%4B8@Jx+2?fL z%=zVFdI3SF*~OZd7?riP3;yw1yB~9Z7@V3Epw@RIy}?4Zm`Ngi*nE;aR~QgoV61MdrWnXl` zPBZ<+_^Zwz_bU@@2iPE9!|FiLwJ~S|m9nE%43L-&5@XNylO--Ue|pE?Zl^G%BBW~WJBOUxnSRy4FD(Pc+*v@l5W`QMiv(VZP%{AHS^S*_}( zRq23R+g(8p^31P?Mn36~I!XffSG)A>dt%5dyaZ;H)?@2hF_4iwv5308QbpVVlJk6R zU2#u6>S~45RYjl|0kx=9C2_YEr=ecbJ2#LCjV%ffTzB_}7nUxIV2>Yx6`!fvx&V{e zq+MeWtobI3K4ssEN*Y!#E1KYN#3Cu#`JRpy1vToSX3Xyw|& zV|VfW7G1o=6g|XYuu@OJU6jE4urnGr8=7Y^HV_O(9V6_@jG(W_GR>9cE(T0oe@h=3 zxtLAhuPA3H*|hdkjAw#nio3{t3bxJdP2gj>>W7=QVA!N@h&*O z5DNIJFlV%(K%{Xiq03_Hu(g)v^Qh_Oic}&#d<3i6Md8Kjb=RfOSTXT4PpFUnwh`WHT zIzzJO!u~KMqdL@;y>p?AQLp7NHDG%xJlA?mz41q5rBZ_U*L54=%k`3;A()Z5;2iy7 zcyn~L^|bDt{e){F=i`qTjB;2KnZE;!hDyl|Ex%uRTMkb8Kim`S+q8Ce2U8k4z7S36 z7X518b-`3ddSKQq2yGi5B20ZIgGH;hHs0}`fK_wY%uqFNN5zY{4ZQ4ucr(Ghuvtnj zbz)wjlXeo>9NwoV&q8R#zO^IBmk%u;;6NY(_9pGwy8W`#a;2>%&^n#Fy&iweG}FX* z1d|Xo;@%qOiSHD=E!|a1a-Sf+2G{3qna8m_c>eXzCkN1EsQ=w}se64^0r63wMJ$W* z3wWJ8O9a4}7iXX_$S?1ncTes`q$xz4-(;dx8U!|sG0GiQN&$}B0`yTdcKrC*!@MV9 zY)fzpHPs$5xXeOzQLtE+z}@kPAlp+hvHVU_cCYMc6X{>F5+qMb!Fl3wB_h!D^tYzCMg zq{wo(h!F6yO=yU~u>uglp0DDZwWR^gc=0EjqO2U8oaVr+l3@xXuT_zWqh0BqEAgqV z@3-g_g~ZJio1u80ZVp}}R-3`RiVU2+NCBO0plHhwyW{P=@apST)8Zd*S%39kms=(^ z(wUM{;iBt0kPj3`DSj+p43WI{#JNa<>g^}VKSs&PlB%(dz9^xBycB=-&bK;VlomHh zQ$`t0wUsZc?don>kL#XRn33^a4Y*z+p~vgOe4}{RHOG;U(QhqNq3zDnHCsJ{3(@3v zWW$7N&rsKYn`n2RKDf$}Inl11+GcW>$mHVcs|0HG5)TR|4gFiUFl>ai+Od|@zvJBN zhmxOd1p}38oep*n>e>;*iz$P>yOE1#L&I;1XX?33m{S)Pmp8KpY>eVo=ix|#X6{1L z8`RM<;wl|Z824h!%=ZlqmyiwIP_Ux$i;JV}H%Jao#CM14v#$AN=@j2a@@~5mGQYJ0 z6$xx(8XX~DtlmE2hB8(*-lO^EIB)?zSX3Z!`w^?(`@`+S0TlIMiQV?~;A-JAKg*}$ zpafqP!+X#Ck8RsTEWHOboTjo0bQr;i<$yu$g+l}tCnnzwNS zi8?~C$0n=Qv=zJV6h+YNFPrlCz4#wuCG-tjUsw59vF+dPCywX?U`NC zYObae*U_mL8@K!+_ISVimmR$g&&Cv4BI`mQc0IXP$<EK4wUio=^ervgbjJT&}V{vl|Rd9(Gw zwZpAM>e(tz;3@iy)hR8qAnb61=-Y*sspRsso4On|zl)M^pwU&Ic#`|l(BldY@Jn#%|Dkyd1^5K4-}R@!l^T#O>FrVor+)iR142 zJ$q%Ium|ofpw-`X5I?IVOa3|N}*-Y??oW$4|S z++SEQHG6*5b!(LZ7)`|GlXk{J9y?Ks3udqCszV;M-L`9AMA*rmX)^qy7681a{LFkM z;O)(u<`%y>qOG&%$|b#jA;#?rv=2K(!AZOJ@;b>UH!@?mE#GC|!k$NR>rZe`V%I#B zIdqF6MW#LD^1T3b%2nS4w>B*m2@~s}-Or!qkLOsqoZkPb?FZs}H0RmY++|wc3p*o2 z>H)a6+}*=AET_?Nzch`6xlwlg1*DVfM%Y7-L$77&ErL4s__#Q3V5`_vIf)8QiYAW7 zT}ij(&)%t98Fos9jELz0YH$~vk>NZA{7poyh6BX3j(Tp}RNzQeL`xS_hLK>*6O0f= z{_*`;4ntQvvS>Xox>N+IDfmGbqp9GH$GNTZrFXQx2b;y_=)CGcdt= z;SHzK>L48%HsWNV2rGy0z610E$LZ~Yny9rTN)m+j_H?P9%j#4}tg>9iJH^L~+lXoQ z8Dhz*oB6#hLq{I#S0Yubkb(j2<~{dllI03lvwjhhd4R4crY?5ub-Jn9braetiw1 ziM(8e@QdDWKxDt#`P1 z8dpizj4bx7_c$1@j29}y$LdPI++zH0+hx}(briRGe3m2JkbNYFa{md{7da0P?DK~r zd=bTG@)zliQG#P*^y@P3P=X>NBKmIAJ!`90OZvm~(+a6|r#TX!FTE4chSy2UAdhX| zD-CW8t;?9^2N8ufj29E?z0zzglSf=5v?f6o7uChJix3u&MFbItE-*e^H5ojMisluJ z>2zwHClGd@;qGA=_4xh^p52L?9sf1qxyOIChC|Z?Zd+-x`P$2V?=xxl)o*Cb&M;3z zobnB)*As>2B*UMDy;tUcxN9)Abu-ogJVj;Ww><=HmmF|gVTe-UT;I-Slu%KP-#4+e zX!M9YVe0X!CmuY;AEh$~j^o4!q|f z(Mou?+DPtYIr4T3*#@}|zaNw=Pc)hdI(;q2jC5%HeF@!t&@Ac3GjC@`iK-umf0{EE zXW()wEoG)s@X*#~zEE#AhZ+4!?{Eoe0GH?$$I|JRM;2JOx+!%s(}i3Qks&$sY{AUw zaOV^dG!r2Fw0JN3e>NL;VW-ujCcM#H#zS@k$t^Fk+P`q)5ix3SX4l2ePT?0_nax;7 z&j9@bh1FT0L*jn4WY02}w>4f=p8xK02>LjY@noA47-N^}r#nN!UpPk(o2HNL^>g|! z=))VZ)r*SMvsiZp7PZ(H7%0vN$KunrNSu%dU|jPjc8CdzifZV1oUfqDBL`o4&rtF& z^~7c{l?^D>U#;RYCA{~p)g3o~tMp^Uv>C1k_42ojRGSu8`^&zd}awC5a;;XKFyG(>79 zCy^Km@ylqJnG#YQFPbs9o4yKwC|V2+`&VKj>P=4_6e|}ysU0@HKe%$~U}~EUr2&-O z)Vu{&yk|+-tlI#;I)>e;Wz_4YuCuo*?m*vKbUM#G<5njSS-B*b&NKILm?!#1>^Hcg zO~n@VKcdrSQCag9?B1{k4mREu()Y2?t2?bKPH#vqe#ur@Zj0}=7~n~byL?y<<*;Za zj>pwkhN3l7>Z&EcSG#W3Gj1>D8+L%aZSbp9VgdI$58&jAAL^LLDjY3g`BdwAcd%s` zOm@2c&Z-G-%hBw&{gV32mOauKO4q>YT*ydYs2GQTssvw6JBh(3Q@Si)ufCN=Y6 zorK~?9@n|;KG3tr*(G?M_5)uxa2nmNE}hE;n^|Rz+U>f5#&#&9eHF%fMC*1-5tShH zEV7$`0WMXEwo~p)wziS(NO9~?0J{t5Y%QPq5N*9Q(hK>M0TT^wN8C~qe=B7!VXr@c zxD+I`1HO!r+ha=m$rM+LsqQUcGktK}u9X1NdpDO$vg4L!a)Tvb8;@I;6bNucb9BIw zyHnM=hgg%&I1RSVoN|M+K#FOu*&|w&*-tm*cye3_Tyd-O_YihtRlmXm7+r$O$6tkM zyM?T$*Jo!WYxQguiE`Gyy($;N_!VIirX*^8nwemxShn+LdU~}Cswkec(1V7w2A3;Y zw2jRdLZ1{vV3T_7=W7wvo7>`~KjjUhRa2pH{UGAZ1=RN2DR*|)_k77!tNd*YBA^Q3 z!1=ini&~C$X~cP~E1N6V@^;xsS=F-mSyw>pkLvZRn!XTQz0~ucEY)S0&7OvYf+gv( zF7I?6E_9Q91Y!x~4^i1!Iqzn^WUJm2%kch`;O3q@n1~P$llOs7O|-;mh*fU!u{wZs z&{xr)*PFQmWvFrttAhZ{JSyuITa~Ubokb5eY010J0g{T?AiMv4^Y?rT@zmPOKeewk z4=SrT`<$c$7VRd6_UcS5ETI|MegSvi9>1S@orhac(28pJi>4c7Uzv(^TGo{GjOFs4 zPcWy~1Tlpq&o#m&i4wR>%GQyD^S;~2$DyH5xPJOGfKSGmYHK8Dc-DinM!jw?%hk|{ zuFe$e^{ckG9!yN~HkV~tsXMOC-CRo>GaR3qgsyk+n9Rf0XIblq#2D3OWXRn+-#^hd z&~3-K`gJpS8=>5ykZ+t_Pg#hf$yFHZ1Hws8%b=ba%lk8B`x7FwmwckSA4)&pdD%{+ zH*kOJtlW%@_L-BOkO#YoPo{N=#WdM2ISw@;YKX+kTth}HuCF;kfv04R0t-mJUI*8wPJpjh-eyG*MPS+G; z#HqbB)vwd>mU1dVyZi*cq>t(Tm__R~$;Fo! zZ10zkmY7g0P>ZJrWSa2KX7XrNw3xg)K4pK~&RnSOc8Rf>zt9?;yWBdW? zJ`g#rd;?Xc@GycV-EY219Vu7<&Y9NfH{b(XsdDruaZN9Q!=_tr&qDxWiGshxs_M|z z3jB91x_^g+1~Lu&xw2h&%9Hf$#-zxeJZ$r2Rd#o6C1JwZ_#~9b3tgFQ;np?*$=F}p z&!sN_H8Dkl&2=RQlO_AOXIpBMcCaV9& z+VpI87Ab|$Nz&C%E1JpbSNoUjxUfGDz0=h2u@Y2_@AS7NCjO2iUS&W4LF2#P)VBX? zlGj61P1bjZje+M|Fs<`zLu$zOHMc(nvwozs22zg~_gr*e07<5PT>W7=ADNLA5!;fk-c95OK>f!+VsvYP%abGSANNm;dv z9UWWOo_xA)k91tFsB3mq!^$!fdOZxoiS^RXdy>g<_TZBeu-na!)Weyw_1jn5aJ_Pg)<7 zFdo~hKXAI?rVlqKa+g*$TPHUUmGq*l$8}16mTC6D?G}q{jefp)oBTyU7ugL2_Xo$z zPQDVdi*IaFa(*Vs3^cA|t_QUium|l-R{y#4@s3TCQDb6Lz}vsX&@ z$<)=6RKW;4`e=E6pIK3Lk z04l~;^vyEH=mSE9+MioF!j$PLZ>$lrhsxjxnc{G^vczTZhs)dh8o_eHss5B#@urV1 zlLT}y4^P0x#`f;OrT+KIRHhwqAH7&!Qr_CsWb?1CmA8vKAu;Yq@ugnt6PXM<92`mR zI&C&Q;6aVfVxCUanAFt`y-lAcvF7GLzZw|gAsL)V@77GJ0gJY|X%$#lnPMV+OX$tz z%Yo0wsY8e}f0H^rk^ynMhp6A8$5rYb#&QbyCuxF12(4-z>B@b0n0x|76l^WZHPSl& zhpGFtCZFQ31ahpB3iE4Fw&P2-?(B#=N$nQ~MIHl-xRP{W2rX7q=!xWHL~dnn6dIrc z9)pY|8*C-YNJl(r!*;&`xX1zmC#ljt^A(e?o$$6dNf2VCj4%bJFwu9}FRSuUDf8iZ zUl0)G71Q^q})Eej^Te zBWH1!a~9$N9iU}9?EZ9IHPTLU#8X@V#SO!-^dJUKZ}bDdiC>26(NEzkbp`I47YB&r zU~r-dzFmo8?6bC)wzSM67W)qpH!58y+mlb5>v0P5?6CP6wAu|%@PLs%j-Up_9tbztN2!jCGUcN zY~F@}TD0kVg@>PIt|oI`Lpa&#QRgFr%wl9xDa8#av>}Y`E(wv4a$i z3wc5DFXpONuVM^fx6|)jAha*?<^R-doee*@G*){^__XL4LQ1OC$hWO=~N)WFf&8*a9)bDen%aYbJBb;oW`p&mOoE}ni~rJ;BZ*( zG8xf^JBoapc=N5A4xM_uh*-kUZ{_0I4B zpKgcc61r!w1Vi^yfrRcx`I?uR+rhHd`J)$%N_FJ1If8f@TIW^ZocRi+d2v!r1Tf3!n%b52y@ z**;lK=`Vl3_0GUFIyyZ)z3?pNewVK<;xDesi$0=Kq4K`>VG~BrON!qcF*x+J zh}ew=oAIgi$hPXLuS-(`p*TJ)#Vyrjkyuc@1!}U~DC!73RX52rvBbF?0qN7jKP9GH zze*&RXGnvJ4{^)QYRjzO-t&&*RRa%yC^V6&{Uik6EHNJxZBc2$P4>y78Zyz zeDNnuE&J&+?(g;{O4~XsgxgGu)7STQmU_4g(}i@B3Yj^cCX#?$0Up8c!>$grng0)L~rDrw{HAW~PuJ+=2Lc`3b7F7^ZhSQJ;nQYW#WF z15_3ETe;tD?g^sKF~u}RZjz5Nve8XW1Di0s_1c@V!`K67@plkUSjBRlYwjs|yq8el z5wjYC@m970({%5Lvdp@L&+Xrvj z)@*NFm9tH_88Sa`{i>Q8HIq>Jx1ar~JbD!U???d$&r9(xrV%ccDL)QtC>wk=V#@1> zTy9oi`7HZDtBhFno>U$5m71C|bac`0*26;ymZwkrkjmFXWwR&{nZaV8!Z|UfU*6Fv z4KlL|QFk5~#S4~gHWtxQVNBiX3}^@WF*pwzno)*ptcxG6Jz|}NghFowA?zj{Z@E&g zdJ-%50nhCsdb-|0FzDct7DXD*#MB{rY9RXl1|T98KPTFL|Cq2AF;Tr#x-KUCa+LnS zKLj;zbgfdzD!0nT&?<`xUpMY%1Ei4Y$VX2}!+H3)BfWNsky){ktK3v}R!9zE@cLBB zM5C-*TR2>BxBbc41hV^EbKmZn_5cSxj44bQ?sb-8^DYd4(EQ6Kj~02^mf1hye6!$|U|Pj56J zd#hbTku?Yy=FO*_p{owX8GzUTKdh8SctqfDMn&QWGKUo(pr{rT9=*j0*`rTmNV1ij zN{1y%eohNO16x%w-$AMP#^JUPo1l`jM+q5!A96$hP+?5-uM9&An&xHNV^w24Kl>c0F7N&fFs`RR9$;!C&| zKf0+zA%nn(izE(f4E)LNzIYQwfv~%>v|u#zR#&j%`V~_Xlwg)R)gZS#b9e>krw7Js zckkLNUn7o|;eE=xcs=A(p|}A^-j*R)#AaBzSmS?4en6PqAiacfsRe0WQqm${5f`kw z6~!UpVGRV7S98vYa;BRZ>j;KKFfoLh(129xB|Sof9boO0msgM%=&0o$!NVX9eHxC_ z$h!MuAg{)ksvztMG&;!UfEjh|@|mmjh)*Lm;_)V>nDpV@kK~%JFrC8cY+_<%l>Ltv zbCZ}U?1Vu6SQX)F3RED-pjJCO9=$)kj34HOL76&8Lh~pCbAg1&hgpq; zeXz*{#Y`XYQdq{Bn|QFKfx7^Dt(iX%F*oA_jR#7)vBYyrfg~PW4BHkX!AhJ9p8$3W84pi{%+bM#82!&!a=j9m?9fLG{PvmpLC`<4fQd**lR=qdZSppqL zKQ9j#7@x4reP%A7I+A^UJGAA%txzdKsv*>DT)09jUDh-6f?jmo+6#|U0&VRJRG*pK zWxh_DRkN|*{bY$ctYN4zU<45*NF_>gp>HolE)_d8D8G7D zM_VuXN4g$05TK~F&{t-O^dz`>^CrLhaRGT1A#u*o#2|V4w||{|V4%G2O-E|VRsE|~ zL3D999ix5wD{cs?y?N7kNOGeB)5bM}ag%>IM-%0@E-W0P2u=xqHVrrB{RqsEIlC8% z@atXesqbD=es)RdW`s5X!$OQT+C^N&S%usnnIc@_S^pJ`R>C`ep9?K-Us;C+s6SSa zmcG(i64(YN32Gy_+GVbWB8ZwBmOGg!LuZ9&=BR@GF)lTi2**HG&*R6=5z)!2+}G36 ztG@W#22Lc1ziwxayj4wNzPz*IDR$(>6GT^}bFB*H*&lP7#$!4~ZHzrHr+?A+Z>-J4 zWdCy4t%$@_E*4a@_>4V$-F{P{nJH4q_%4xGeXes4idxHIVDY)~NJ@sF$^7B_=z6R_!XA&HG&7>No=#Y)A zt!2ufmXwC5%d2H(P4ZJy0uFEg9J`%+(DmY=GTTj^&QSQ+cy z>Iz^^&S5U48_x-oXPHtB7F;S_~6zoJ~(isT9t%Tu% z{$khLo2vTI?#u#uq+oebwUk zhoTmimgcI+(=F%HUSIOL@U~F+vy9Ik`{bTGjS-6BJb|UA@H&e*&v-_doFSB$pqU@I zBF)?dN;mS6(c~QnDj>S%MMoLp+lnw{&>JLjfwHN>SvNx>n(XwSk?nuCaXvC{{6e<` zM*noM!Cf;u@4ro{r+pO(l@4whZ)^TB^nZDjhh>c}797^cUnpQFOzsVu_c4nFTX=1a z_T3dfd6pZWo{<5+(o7f7Y|UyNG%W_zHtX$8^ZS(K0d{tPpYoBuP?U>=0edIYsxb2$ z2`M2^JbCLzF+_P0O-=(J9h1rHyc7oD)FFxnG^U!3J?hx4QOuDq`d=DS zq(24L#dXqefrvsVEo&s$M&Hh>lHSrt-MikvtsLHdiQ#)y)Y%8^>AJ?Qd0KL787@jo8DW%-3p}5 z_pWb)ilRc71omV`(AMHQok=smiPSyIW5&4e*|9$;ikYyzbKn5C3viwSsgO!AlK|;c_xc zN)b|ioA0pSj59BY$_ecI-;bdYO_%w+m zyZ#r-g-IjO-Z)+YO+z>@Kpc<#(hS~K%iz9{*d+0=*;NVLYz zApJUhlN&*8{~|s9^=ZlT|I8$SO*GHd^nbd-yk!6PL+6C~e@Tc|TYco_`t$R(+bdbk zKg-CEzsDqDgt-$9BH4dsFtCrVfdl#f6%wv^T=k#yAmGmWpMT#z|6q*0C%`uQ$BVx_ z{(s~{{_9o$zOQ5!&Whp7v#%ntXJ>|EBp0Z{3GPcZ)uH3>8QD?WJ^J}G@Y>JOHELN7 zPAy&8EFJ2@o4LbtmvyAn4`i>ty&(HkyXkEc6^Oqm+`CUZ77;tmsMj9K&1YdA9^1w2 z3dsw~UQEDGU^f>MVn5eyVaW)<_0DBraPXnR?Ch*Yh+01Yo%!oEqj9B*@UOQB2x_iA zh5!BD2hIB{i4@cSY5_j?W5*By!fe$(Za&(`1X5#&GX``8U_ddO=M(ybeR{A4Mx}o zD8~z0B0}hslKeHVQcxg$DIl4k=cTIZ<-h%q6k$|S66fmcHk^H3Qq0%ths?~^?S*V- zn=a?-ly(db{_X7q1leo)eYGVe>g&jS>>hv3RF+x>DDGcgwfy@#KV0@!Rc#msQd8sQ zOC!4)jqEp8Q#F;u<_oT7W@e(UJ83|1{ic(&oBKpWN;8w9{rA~?aN6fwNdh1@b~&K9 zB97lOoY;I`0yO6=HEj=ni~yt*=coPquNHJ82XEL4ydR#>Ew|bH80$j)KL4qgR~@nW z#lOF`4b0@cWZ%4riW7ouoiEf{ENH@mJ3P#MmHIp>>FPfT zvld(W9w|C}dVqq#2bI>M0DSmLGlitOon2vTB|!U;I2bhnC<@WU<|76FrHAOgB?B-m z2u_BFho@?PMEBP1+e@pDE)cAJ1l`@<52h=x4Q7PeR4(3DRsA2ewcl0cw4Pw4+IJEz zH0_}#7eZI)3Snpe`oo>$-nnj^mRalLhbARMJgYz(d(9v|pXy<3GHxVSS3^%P zr=>;4^B9A0+bBc~{gl0?s(MXI;?3*VKLO&~V+3eeag&N_F6GX!H#pb&7+^ZvvkMDr z0o&Q;4jKikAI{USW>%A`&61M9BK$SRph)Po+XI*@}yd`k-R7ZXE_wQ_ce4vd5LAj{Q_77Pnzn(;~ z^^e31+kIcx>VYS+Qa1eAO&2QXvsr>6dcjn7z zQ*-mRYIL2Nj!qod&yxp@jg4z##TiF?tEqr0$R^TP$%!Hk&w+d54-JoqcyB34M*9># z6sKKm{^-e*&QymOL1>()^TtZQ2!U;WP7XUj?#R|b5?#8KX*b^n`hmOxD>GbZBImR^ zAPZIw07yAtlxCG7_zk|Gm#9S|3Wg2!Oz!*lpPrp!>vNN?UA;O02)Ai#2%tvYFs;;N zC~?3F)_x1-)1KHwP#L#4E&c4-P^E(fMb8z2my7_-O4Xt#A?p|q;P4_75^`ct$LTU? zys@|UVKd`Uou_-i5g=mBr2DwRbq0Zm@88qFr{9P;?+u~mb z$Qlf&3cFMW?_;~a%yg+MR&DcJHS^|Ju^a{D@JG5*>`!7wk3K&>X?;y~^)yWbS6P6L z@}0RmhDSPrRdwV+s5q0M;dF;{$fe0&iW-w#6jjvJ)a&OGe4-Mc8VVU`4WbqR2g|8X z)%e-#4&n(2`U=3lvugGyb30ni5OChmf{vH8532bD?XM$yw~xV5F7-EWmTbL2JV-#) zyAt4M(I&x$e@6oFExIj=p6Z=g*hEF4Kk1#h?R`Mr@p4!)Kt0I-qp5On{$No#f7;XA zi~LAPTmqYh(2KkDJ@mXd)zRCl3Sbm->^C;XiYM^@*g`*^D$2`e+A#v=JVMr={;G6X zt}=R_NdbDo2zVatbpTStDzSJTj9J9-nE2Z}IGFLq?#+ivT5XP(lJDbi%gLHc9{^MD zgTwWj{u2Q32R0>+Jn`k{{+@D)fQtvdrS~f>ZB+cM<%Vje!*UP#{w+qve7|edJ`lMNJw zGoCkA>3rJ8@wM()tBDFb^6pI_9sHL!{q|n*0SWa=M@J{p1W*osIL5`nF?@{M1%ilO zVXZ$kpn3TC0&F=C?~dD9eDUH%xTB?JB*gP*s6w?No{UcTrR3>hDyKn>ma8?Y4EisW zY6P;$PTO$WV>cLV^CZs$?dbi_RT&i(T3|O6XxmyX_awS4gvl{0tgfz-W2@bqVTN*K+xPW-73c{4^PkiAvIMI39NqzkU%b<8NHADx%))Dj$HzLx4?G{0<<@1 z5~Hx~y{Fi_Ck9xVfYb3EM!y6A+>JfkN>WUW*27HmV7^{p!`8+(TpJV33QPcFaAvmMh2PE{9P%|L3_Erb2ka>y3 z7DWGGhZzYVj`=MInDssPhaa=C_5Ie!E-~x89gwGAW*y5+=?wb;=04>zPgd^6#J|7kz6OFK3u~+!T%3X>I4Ko^2X~tt4~kR-tKO9ZNoqZIohOhYT^6> zING2Z3c6l=PfUcCCyrTtf0Ew-Jn9hsGI4_cx}v&xJYwQ99V;XI9um zm1_c7FCh^u+B!XWL#nyZw4Ew4I$CVPYipuXr`#s7dv~%LjtpS*S{b4P_GqFN#Sbqx z>?B;ksDU78URG9C)cdpsXtRv-jj_Kr3_7dxZe*vW$-GDA4Ktn{%E6VXOIr;3PX2^F z;EnIz!C-i-m*xBP!{_Ga95+jmcgsXP4hv>+Ta(rQhrRdyiYn{6Mp4^DGyzI9q7qe- z5)~B{1wTI?4$N`8m}jl((gq-uLE+%8@m zN#qE-U~QddSQpNxqhtC~+&fa-R6bE9`K>AEjvac=Qpb*6ZD?o^ezW7wChij_8V8mx z03si{gxp;CK`|obji6CGxnKa9_rQ=ggFVK$UBo5IbI+`%%0upHeV7jbuBVm|F7t2OGL}cAp6aNk z^WtW(Vgl|A@L3|VoX@FncU%uw-J^zT{J<1(30{R)%g)93bogWnts5>k8UvNB056raK(Y^Ws$)Q^R=+UE# zKfM_e$b-N8Ys~CDEW})=qq#fxa5O<}7pO=u@0jqm+r{n_G0EZR?!tbi-&Ii<}1xZk*OBdB^VRxzRl z@G=OAmWG-Ch?tmqn7C8RudjjR_Soms)Asnv^7tJUL&FazPMk0}@uoRNOT6Oq=OZE_ zD##w!5x{;;Otj~|_G1<>#glC>^(s9fDCht(gZ#)XByzyf=>fZkrc zmE}KmL33wKO%qUtYtAyc{=nClxV;4<35m^xPF9$h=@f3roNnATOO3Q$iZV!b#!#h&N*v~sWHF4Jm=P#6ll$}(Z_CnU!9K8GZx(? zm~JxBvhZgx=*^q>S9}@?NPi=p`I!aw!+L79o$R>$mv7&i=W5|bG$-B6WC>_Z)sY_W z%x@Z4z>XUJ5Nes>BE`@Dy(j&#pC8hu)ovA0SFd3H+SZ!{=9+2Map?X0sJbo>S1N4Q zas|4lY14MCTOc*KE2JA&C zUGtoo=+?m^Y%g}pt<`)IGa`3;j-Vxsx4c#t21$6i==V5F1kfg6p@iY4SaA;vgaE{{ zWTH*f&```{<@2MRVI`Y_!BO}L*mmghD`SMN0uXTWEU~6AV<$?(s+bgY>=qt7@u8uE zu?k_tyCufOUCcDBZ441M<4ri{>*J%c^?hMX9S?yb8=}v*r|Ei=N6Hx6vrJ-)!d+z1 z@t$mR^*7Q3$W^!_r87Pw<3!NV9Qs;n> zX4aDQ+}@<8yvXIxbggLj4=wBC0E{dB0$v0uU=KMfkC8;fQNA3FQ+-u*9dy9v5gxN| zE>~u$?jvhYx+7sJJOv;%vipWjI@FnOCz5K>mhnD1CWf7ZM_gQ^<`rL4l;+a=H(HL|(5C`-{FbZMwAIF0ItrT5c@}U?c zvK89uK0NUI_wO6p+LQ#7Hf3P7Cr@aJpvf$t{W3K*RYpc;7ZcM5CO-A%YBoT4Zsuy# zlDK(!uOw^aI)0Ver8;9F5*qaC)dx%%>>nIV1QGxRB*;&wh=t|}RWoi+DQxYaZb48N z5XNYgWc7UeySG5}Fh18|s`oq*G>|fo1Wenr;*lJ+G9FfF%{f^p+s`$7{Iq10UV8hM z4Ihz!r$tRimz*(4QZDKd7J74~`rEe~cq2Rm6812j%TXbr=5hVP%Q(_u{e}(rI@ery z4;`u)KQs5Z&L6v*k(rqXpY@bQ_}ayb7sEWz$^4(6(<^qA&Qk=SfA7%}lqRmJ4=zKW zi!*dcStdP1uhsGj3SRH_S}T@X__foQS;Kv4JeQvNfUGi-jutfs*xzLy)s&ZQ z=8p3PSg{jj3$?P1AMfRBdv^hlDtK{r>0NbhP z3!EM|fV_gW-NuE3CwA#w23xO)PJ==rZf{{?5|2e>L6LnH6m&apZy7cz#%owRr$G85 z(h@xmQ3Jhdr{xf}XuqLV=tvrBh#|eZw9|Jfn1AJks*+Y7v>BFDw(lz3uHsJTn72h^ zIGLKe>^yQe_DskzU76%rk5id#1XvoL>?tRxYEN`{T-*^Yuay~kKHH2~$aG6{6RqIj zbY4=ctE(eF(qmj_M&5&*+!$RtD=X^*koNNR>$pFIbsgra=`j}woS^-&$A78A;Kb3x zhcCcVQvLmVj+&;Lii)ArcBMHAnGsORX*Ilnp)(opznPxxs;1^!tmmX0la{16#M=XX zCqQQ)aU_apm)CSNW5GKB37UR+wokbo+J@;wS21xD5X1Qvx6sq8Abex$*uZl+MlKw& zBWiiW-Q7LNE1i^a`?BQnWI1+shD$Q^Qb3Xf3H@27IOX6ra}|u~$H&q#r-@j05{y>~ zZ_`v7@Lwo%!xt~PzVL3mSl8npFF?qC0A%74{tVR8XR}MW=Mm76$jWa~1*q^Ak zLX5mAckyCcM>pWeO#NAgsqT)1yOH87Mc=+%LB^NI%1U(P+`4sZ$Vr=MOb?A=*(hyi zXE)PsmfA-9?(+A|WV6OWWZ*3O;cKy#h1U?Q`W=ZDF^BmAoIxPDI^QP-$s)T-L0%qD zJ#ZS-VgxhbtcODI36g)l3AO`xWLNQVb2mz_PBE~bv_3si^hY6##z7+x&+7t*%R5!3|v#PQRA#lFAHNVZ5mKm=VyZ)or3!l}BejxwhfC+Y0V?CQDwCCbkatjnSW?h=_>tGjraX8Ag^SN>#D& z$vFrd?KmhL+wNGVyWmOHZsO9?I?`*)c0tD$G2tfLb;dMwt`v&`x?1v_7N(Oc z5%I8`#ua!y%XvzVZqJExqGbE)+01HexS7QNL~tI@!SwScjK6W19#SFz7JenLyyqtY zAd$xq5bTC@rr~lk21qBCEYM3V?wAtbW~N)1IAy}BWI+~i>%?0pY+@j=z6hO4crJr%=x3=jXSl>-!R-%5nY5I8Ymf0A-ETp8g4%2M-=Vw29#MreN($ zFHd@VE>B%Zj7VezzbB9|W~3t;UJ>oIKAXHkb0F~RyVTOvc0JWFD1l}`Yd-tts6lF! z?@{98<3Ygqwa#fkR>B#kzFjfcImGq`3ylNxQV@9k-_2pIVs4&PJLXf!t5c$Bn0d2K za!#|D+p_&CyO{mOsi`SB1qBsA7KI3@WFT+f)k0T%%jp&ktD~qqq#)AV?Qj z_uSL%Km;*^Z1VWgBPG1Co}S*WojYT~CEZ$v*%QsYomN|2BVQrk%Mub;xh~xS3{W7{ zTWpXUpl|k>2`$rhO=DnGC)qZA}HicVb^1XbxM8534xf((; z4Un9DU9!4p=3Ca&^)pz<^SH#s#h*U{>s|^&uOf01TbEQ-`waL?JmPw`sg{)iQl6uC z8=%ADWH|#nwUJn&PN}C)DK9D|#=z-JRZp3|blTSNEh1s^`Rn9ap8=A*hMQ24AEIJU zXhi^ODLA#BlooaX`K`cS?UspK!F<=8ERSZm7=hZl2=MYLqpbn@ag*88H*noxBUpkGdATYFK_c>MxGn$ z>LZiuwG>Nzu*xB$5u5zQq04W(7>%Gk5poWP`{bF8n>UL~mSiHZ>TkET0-Pc)$#+Aq zDrG+|kid4?#tmhM?7n^fuJRx98di`3wHJw68A)ffIa>K2M09m-8e&3=H>L5tjQfi% zg*pSso$7^-$>rntx(VRUip^W?n7ofR$lIuLMWyX6?ONwo*gd zVN#__6mdT7q95@#Y*XLGCw_zld^KqF6DS#KjJS-aMM!z&k8>$`obN7^LI{Fam{r$q zAQCzQ+}@#OGmu1}uuu0k@{c!Z;g-Z8r|ijjBjJ+K;{uQ)o3NyHR!o?PsVUeCiJn2cuX?GyA&dsXU+3{KZm0yf@%s}oA(>Doz1C?+MTW?XJ*`sexzY@EH*}p29t^~-_LU^Ns+DnyQRVfy zyM@Zj-%@Dv!H=#$8zm|w2phMjI(00`n6*PF_~`^H53MDNj#${YumX|cpv^>r*2dkg zc_redDu+yr_?#$QB8XAqkw|r_r&@sBC8z7pDv&2yq?}ST?<;E&;TkCUEq%T!4jaN- zJUbio^S^prLQO-oJS9!9f||gJmICd{!8gXPQieDcYrcI;n$3n@ek0eC{Izk_AfU zWfUc6Ue=1}xKBMGkF+rYQW25|grK(KDgweF7ny<|sMHClXI;d8vNi6+%vx@UF{p}J zAK9B>Nfy&WXk@{Jul{ty+K`(!Ovs?>5V(yqBXB}Tyvv^fWq;!1Uo;bH`_kH))i5A| zPmt%?vu7bI-r=rd5w$dL0PS8$J%7HMC)>R38iT~-9bzdwd$tWRLrx>dya5UaZR*lk zX5BObuLgT7E0I5tXIiU+c<4H`97xJcsr~&DD_2e(ICA77%2*KKoQ@Qs)bRo3fDxn! zo3HZ(Mnj!}{Bt~Fb^0*bzDb^cPZNvV87DK{QiMalTN)35AIvao9%%GB_HM;OUfxNp zu$1a_$X4Y+U-2MRuU>st`v-5e2(n}GXSu(uyc`?gJ@kh1xxK@Uy$?&5`*FXFpP%&* z-_OM*3)oE0*M3AmpcSGi04>)><<*QZ1;uV+%&c8rAwDCF;#6?zux{&t!N_lrYXRD#lqN_IZ<*bMat}V@sBPCWXUqrL+%=oDyffP6MRRHUcxc2smpFqOOwARgU1mPA`m#AM4VCm zQQ(kRu|6|0axXO3uLF{%XvVk?UXr*>F&Q8H$qQHoV#Ttyv<~qF=aiu&@S{hL>7SHC z^&Q;`tf>3xwAJ$E(*%)OQ*bX-VND|!xSan|DrLIu%p6|kFwsTczqkD=APPxtrl8>9 zp+o06-6!wrhNAu?A0eeR*J-EN&-4ds8?a@QS!%JNT7x4LJ}}(`jhsMhr}~w_2(OeK zZ_^E-&ok|78ci+LcIx)XoZb&*nzzLCb z%h5eDkA;G5-Nft351p5UjYC@%1fIcVf^pRZ3k1QsfwT*hxYEbDRu6rjE)`5X#j81k@uzD6HVyC1j4`$u+Y|kD9kSINa%#Q;tZ;xV9_e6+7>oNsJ0VIw4B^y zT!WF*Z9{^zuP#ln=1lz(?B9Zv2l#fgRog9@sD8tPaH$ajC_(E@+cIwZqeK; z#*ThH96_vo-NGeGVV&j1l@LN1CE`q`Tt@cbGzhZDpp^6Etp`XwIDSHfIZ`cg$P=)? z{9~!o?rwtCM1iNwM)LorGuwWH7pL*d3nXDH;3G_M1> zowk02w}Gf1LE8=@xt1;ru<~i<)laq~h#cbLO29@UadclK3>1b&1-mQEZIag4;3aY}rjz)3h6#McrZjHn0 zvdg9562Yfzr>?2$cx014CPCR5VfIp;mINL~p*hyJK>_-!W$B8e!`P38fjkJgAt!D> zE?NG4*-x&O*d9w=cKGi2-Kt(^{3>+H67IT?Y!UDbZxn)~p?}9iF>~s2i6!NLnSc#t zs<{u3jwXg$mE1%q$v&lEY#c`@=_o;=wx`PEr-99#>Nws`RCapRQN6-xQp%oOjM8&8 z5ZaWN-b{V=xXQ{c#d*)$TNp#nLsJ95_w@AjiCXU{-Zx$CKFV|Nbvzf&qpX;A>Q!!$ z596mXlov-)?NP$gNX|*z@(D*wngVDjhX+Dy#f8@LbsWS^y$<}4X!{K{N%&Umozt89 zvC4O`u&DRHi5pgsXnf!8HpXXaN4Q!3mZ?4do3=kH6E)P|H3DYPV;%o6P_CuZEc~gH zRzy7}p5hhZsOrCw?%+^(aIlf6&;y^_fMz~t?qV?l1F99f&Lr4&0;dpR2zYq<%Ygu6 zgfNxVy6@jxAW#W=F3+3Rr2|`ybmXSG&QX$yasa#t$P&VfKONsGx+VU!%mOIEWbr&0364LANNMdS=t;F8Fr-36$ge7b+ z%&9$zS`)+%yIB3kHJwbur#&lIrz(bFLW#4LfV4=&YN8~GB||c`E-1qi$J?@yp+k#w zIJ0K9nL7owA>3HnovGTuAQ1`8eFT&0MN;Q()UOaPwBZE0T0}lh>Z%F;gWdU%@Gjt9 zXPxXq8K8J|aTM^M$PBfkb#G5yPqq<2;*5lT5#Y!Zq-|F#%%8|%^%-{xK7jQ6!gJu4 zAgBprvevif=WTKOQkHeh&dh=F_W$~IL`W#>_v_+~f8}uVUv5OTCgHC)$qRoX*34%H zIlwKwR{um0m3_;3^04&ULO_?xAba_7^ZbQ@P$GV)E*z?_s=5F+TTdfU6#3(aS}`KH z&zUvs>bB0Pm=8%F9C`XZA(>!gB351IHp?MqDe0`XsoQq%jsu0zfeT%)068DnGyCM~#|;d-eF6kpb1XFEQAPpA zGYP6UgRGEaNmh?7N!?9s9}R@Gq@&kAoSa_Z#9|;qdRLJP6U{Ctd9>b?u4$GWQ<5C& zw-EsNV>uQL(GL)|KcG4sRXqg-F;8Ns1cIpr{2tZEb#!#(UmrUI=tQE-Ro8K-ZX|0# zww1?Sv#!xI|0nz1;nyk{${!4Gf_7t+tMOLQ-z3$+o+UiJ2m0khJrSJw#L z*@q~km~OW%)kKol_Lxy#SZw#a4;#^%vYRKt{##PC5`k()iH8Jx7hxKLIP=-?yp`(A zo8aJBR69exP$M)s`5jiNu}$ln8XJ>1Qh)recvVO#sM-I^GankK44V!oyuM;Z}Eq}{XE1MAe>l9UIWgx-xQ0B16-BS8-{14&SrX#za=yE;mU zxK8KND}Z+}tu(c#_?lMAP$5<{J zUp6w!FY7PGGQbGQo~cg)0#cK@v^bjwu%rlw2Gqz{ru+p+d&#pAZ{C=cLd5pZm^!f=u(`3gF3dya*fQt^~+OF|Aa zBje3vd-r_!1F9(VL~RVw^LFNr$)Hao@KKDQcI)HO<+Zlr2uy^kl$t>4az^bRn6OZ6 z3Wstza@8xGY0sXUeb%0kae7>0s8_oZ;H`tV0ek#8Zr51OTr=X|x(%CtSTq$lm?4|} zFg#Wb&0JVGyPfeebiA`DidCe^L)Vdl+RM$@Os+k0kzb2CT4!~!Enx`9W<^%7Nn8Is zjbgkS-NUMi3gtG7vLi!8CCWZRV+~e-OPQyCa<`oEvz}_0z>fkQP6k7{!wA$=J&yT57;`P z{6Lkw!66906wpuw{Ykp#nUIAZJ$;(JaO#%9&yRQ8p%7K9&nB!@NX{uC+Kef#bjZ!4 z^>ZmT!lum^fkr^pa(8z#c2@+-zWv4!@x`nv?cF5xi~5juxdjArUF5;cn^9ga)E6~v{&Gw+ z?D=!0{s~;T;8-dO-i|!ks(FOPb;3qEc>T944%}A7?8yiL2znN3yoVrRiX^_#)~=95 zop6AE3uLe4b}<_ayRpx zk>8b(Zb%oTiCrYR4njhV=FV)`f7%QNqH&e3RDP$~@gru+F&4^EBLC4sDyC4XDOg@= zg?)k7|NMmui5^R{q!EE5N8+mQy`=^vB#oq&*bGQLgL31~cB*%p(@gwQ-dWILl2&48 zez|{Us;fvHvLA5@)J9qJam%$x(ENkTBpf^Kz;!# zju1v~$99Mv6cK5OCr1m+fw2rhkhK{JL57C3l&{|Rz{e*6Xopmg6BQXP&cf!_gYzwY zPIan6mY}VRfVgZKT7x5`RTEE`SQW~ zQM;>z76}Wgilbvrxa&wf%S^w&QFTxX?Pu+;E%em0%RsO`gDcC+LhvX0GUex~qnZL0 z+}v|(vBZ$4%f%Hr;G3NJ!tCV7gpCWZ0*o+B!lm(;kl`--+`0EI#PzH-8cle#b}bpn z&o3+-#jQE^DI{%E;8VNuc6_|c`A(ZN@b7b%nu zrIrLqquaM{T7qZS44bw99$P&PH;gL*WMHC?}1QDhlZXTY%Qm^t=hlV#x zr(b}IjZbGDyo7pB%IxuPC~9d5@`iL*G` zuA_TV{Ba1BAs$ddyg9hoI#x-UTtF0miPFw1eys$2-C-ydB>J3oJppUI8%I~lhLkN2{sT|35fauH$u3Aip^U%&voCgq8x{(bPZ)r98Wv} z$H_H(1Hv%kTb26MC_!pBHhfCSqG`a>?ouzW&`(qNSY@Bn78}W-!e)ls?b%NlJbcA_ zQ?DThz7k~ik=E1*vOqJyc&-ZtCQ_ePONcK3#K+CAf9i77A#Jr2JAfl_CznxwCX1Db zrq9|DRX`96n6QFUiJHLm*4Bdt6JJZ%Z(BT%OrA3_^OM3BM_sn}x64hMgBmoy#bS`I zn5wF4YQQ#66^gqyJALom?C>CaB8L#^Lu)PLJ$r^*>)YpL3oo|42oFzz5`ZG#8Q|C4 zElxU6O;{vd?Hyuo^02L}e7Q;IafbGv2OCHD4TBGoTz{;f_Sj$Q*L)oJ)f9{;h`kZg zgaf#U%F$n@wFFOxFLfBIi86#JiyVSJLyaE4>IpdSxCp)_nZt8Nt1{4cQ-zT{HW|fR;~xY=foPROxADH*!A;DJ$cWpOw{*HWQ}Z7<(R3WHrSD;;T9&E3`o>l zTmm6I4ksk0*v5@BNH0g0uFj+qNv3T8)fecvePb#fDYbZD^H9rU0oN;fB7zbLs}YL5 z>8>d-G(vn*MG8PSi&1thp(m|(gaDp#sta_D1S1uy#Xk&L|Bt{v-~xDuUYpx>sfFH@ z*{(VA%pSAxQ~ccA8HJg5#c$F?VJGHiaocKXX8n>wfejvzAg{M=mkvlvclWBvmk+kU zu9A?I)!eV&R?yWht?Ho~xD=U^mi-JRzt4x1*N=>vIZysPL)fiH@^K*85Sj<97hbED z2(;QeZFd@1=pEKl{O6&ZF2CNPJBK7U`bxtxJ}CXCHVRfO;*Lq!38uN@>H1Ydx2tza z&j0i-02UxYl}8DRAox(~nxHCWL$WS>aFFK-r*!x;H{tE}7rd{B>e3h`#<&LJS((7@ zWXW(sC5>5)mWIZzCU5rM;P*{q;~V=f%gMbRsbj@=F@@7zz0|WfHnw+rtESyk0*6bY zG%nI%U|=vr2vTtJS>(iz<00T+=S5JtB!v3>_a`zWWrLay4MRwL?C-Clrx#87Lj=o{ zz+mx6vZHt%(;)bbkjrm_^2ZR~oJ46~k_PlxoV+UGE9{&sD&#Kcpf1ozbk))@?OQqr z4`@f#Boh=-RN3!CSc(Oj=Q(g7M)t6a)t-O60ELq<5UI1-Rn0M(^<8Y?$q*-WWZX9< z#srI}syca#QgJ-yeC>!5wqiqFS9QvH;4TBmyP3?PvonRhpm5Zqi`B8`pJzZtSBI@} z2m&H#&d20F36${*2E*Mt#WtC?qSc0ty5RCP;0B_!wvmSE3y?gJQ1zED)+akXPbo4k zCNZERDU6Z9-z+Xw*<#bv#6La*be^jVMv~Y^Om`1EW#nf2@$ii6@S_HcxOJD)?Nd#` zY$yD@g#6VE{_+c*WzA@a7jm68CLp0Eb5522K+#C>3dy3^ladwZhR7?7y!qrC{Q5I!q9}tEWc# zj9!UPY#6?F$af^JcEUHO($+qg!Ku{8p@HBOHhr=L(tW?8jiU#fBHbVlFE1}^mIz*l z0;Sc?`OnS169dX8aLJOUP@1^SphVQjAkZdU?$C@NzzQBhGr zgM>ewfZg#nUROb~%=^Q7H44TDP+96llKjQezYfEhuL zBb?`a>RDG&uI6Um#)j=Y&U4u8GCVMJ-V`K2l>oPqHwlVFRhsPF_mt(h-nnG|(ZRu3 z;F2LYDzaTy3Gp&91~!);hStu2wV-)#DyEQ{R-mV%i!S5TVN^5}RoI<`-ITw9XO6$J zAxvrq&E{~R-OH5HRab^@A1uFCS2qH9?&9Q}XpTMwY1Nn6PEBK%kyUKSNE)MUZCzce z%@0W;KE2NLTPeC}(Ycv%yf`e`tx5Y~L5}uWD`Dd6prHY39%0F#hwjy3yI~rjLf|Ym0fr< zqW6gK#c=E?AYW_t$2s|0C9q{7U?d&y9KLm+d*#$hz$4y-Kx zVPHEv@}d$E$bkSbezziH!{ZAowI4Ju#_DJ;aWzZxd0AO*_@W`*!YrWNo}^W%0zKKj zZK4g4>+&@~=$GN)lotsUDJdzqHsWoh|Jhnp!u=y@OHGQ>$y;}F<-HSd4yX+kHG@B$ zBdnY#P9S-YIF&AiT^LkqCH535DbR2oz}^)VD-t0gwA0m)h|uN}^jzFw=NPJg$t*45S~E0yNl!^zKb zb{1U(){1a~FU!I*pvugcOw<&fJbA)h%0swU;6`W!wKgld`WcN#ysvF4dILf69Y$Mf z4=HoQd8HG}H1&^F=gwlSvaXX1W#&3$oi5KM3q{4Vz!NYYeIQCApo5BvvES2Hbuvfu z2qyqFE$uWKbK8+|I+?cpam39KktoG`x4(JFOjMEKw=fT%o11g$c*Q%L(9J3B+1XQq zJ01%GKz$_>IEve1oNs;}m0&iG)+5s+L(W|WzzIHs_(#Vr8Tc+n$g)sDc+29#-9L;x zCTdiKg%dUmhbnfb-8owMw(n84R=F%#`1!~Xzm_`W3#EGUP?6FDE6BM>yMU{0$MD zu8tG2-%_oOu=s`Ettu$fp21O?i*e8dEcXvC@lO@UOxRb!K^B$t(xPWV;%He)oE!KI@ZVQHdl`PZ)(DYjSy_4 zW}@+er0hsMrh8^7`LcLS&r8?d(;5ElfJtOrgBsD2=bA2vigp;iH$Y*VM+>TVz0;a( zH;)L~57k$l@q(+96#S+N$4Zzb4W77tpq zAGQd|F_CFJc<}z|AKUc2*9jKWISV|oxYTtvqjG}5e?mV>_v@E0AD0~H2i4|0C+0jI z943O=i%KI?kHfNB;P1$%2=QYZKuv%Jf}F<-E`zY?XJ66gH4U zTd<*(TSp2oMJ>Z%E7(73h3g)j>z(xS=VJ0>my(UY@fdYM^h)$iRdH5j+^(sd;mopP z27I-)v&+oWPHpXjnc=S7`;7d$oE#CHbL(HX+`}%@b>qj50)E|piWR!9>=%XIUw;`FG9_EAb>#cm`WOtaO@M&bnCh0|!nYiY05*Xw4X zA@r6kQ8EkH#L3B8AFODv#qUBPJiOjxc{aDyVdwxI>ZDdqk^Wn`JuAboo* zWY(h^WMH!rb=DXAQO<9)6kRQZywB;D7Wh&n@w}&}6p^KHbx+#5I_I8drp9YDpy59a zwtY4{KD|&7IDM2*)k@qK%-(B8qkKt57EDYGibDSyWJfzMkH;UAyl4`_sqtLo28PZ62pgpaF)f>M}1= zz$x9z7mu75zd0}3x40Z@V@FywxG5(`4cc?%)t}w%mf#`8X90CK{6_ZP1g6@Jc|( zAN@<4KyQX7CaU0R))kq{a`|H@u`=C6@51R6(jhh^)qucq7Khi>H#U| zlPdrDGqOSirJx^KCOZiuC$DzVZotefTesd-PnJb!K$Ly}EjcPJt=_nBZ6RXqt|osK zYT<_$Elz6M+Y1#H74fPhvv0ky+QZ;=jCyHicD5I482av4?~II$9G}yV-#>|Lyp5IB zub@E8Z^;X`B&C}-A3-tDMR9y`YU<4O>pS7unkrpeDplbzsOh)OWMoD+#eKqyrII*f z*aLWx<)tGnh{vv9j6~_ZE%F9tnlVug2ea7!bfL!;7x$A7CyOQnM7Y zA1cfepy@L2UA;fyE0~UTmvVZojOtX;#@;O4bhr`iW*b4dGDox2`BF6V?}1v##5T1x zN2I0-5GW+0v#qr`c?8`i<+xABj~%;}UHfE@;Lp)f@t!^~w~WN%WKuh9R%u@7R%_=v zd|1PS<*P9orOy}|a={tMo1+we!x@gC^jn|SccQ#STqI?q-1{Av2zk+*xm4%CIr7>)PDu+8>3u1-=WbUZU%qC+OZEX&e0QUxdHK$yTX^2cu z-;QAgh7n~#FglH)gVFe=vN9u9##qAVE^G~$DcSJ|NEcziO2^#X*X>k90!@B z=$%+N&g0%RJ_t4RL1CfzDq`UVDuWYyJbwp9+=5F_2F-oDQ8I7*5V-_OaevKmw5R88 z_ws<~j~okD6e2zLIsL}Gi-4O4gL(DqS2kTa_kb)OZ<;EI+6Iv~Gt?_s^O$5-V1B#5 zN21kN^4sy`1InzGVlrcvZWY|P}Bos#o~r3?5~m0QJaO|w_}d| zRJ*|)RI#!)UnNbfW@CpXxUp^l&r_u+pUM$_QiRlyx$mfxlT#6bDG_6nEOpe>jFx`*%`Gh~?5W}597PbD^58Pt z4xzXy?*=y`bdV$No3M^5f!EF39W!=5I`^!mU$!(}n1v2|UGMtUtjx@vXrtWI-qA7M zH384Q{Q4nwcJ_G~Sp0oCT(@8}f&T1uEv=_eQ&=`^*nquTg+U;C*D6jOIIsbxV`L6t z^%9E?ktFqOY6w+qcG7%&eDi?V^7n=TFc1g!*tvb28Wg2+c6BWykr-K?RvNo#X|baz z*__gJbMRAbbc69ENb@a}RB(CvIT%DBgrIOMLqbxL+&i1QblhGDot+YJJUgSp`jl(r zXpr34kM#1CHSesbs87F^mK;N#{c9_nvlk>I(BOa^XNdmydHvORD?#w3dlUm>zm8(U z#Q9sd_WE;5`vak@NAZKp0wB(OWOQ-u)!`kFh{yKs!w1*_N>nYh=+#;j^!hKeA(?OF)yerYL`mldf9Vzv#s z0jLM%yu755{xB`!2{BGaPnm)!jm1&@%Y?PKxOg6^`Z$)!l?W+zlxMhlbdZ)pLRj8{ zMjM={Me$@C2Zv|JUq{jWdW9PG;uAX7gUh?{^*SB z7`c#HHAV9iUbHv3X5aIRPjbd7luA5HYg9KfTf3me)rRK|oLpSyAWzJYlIF%cHp7^- z?`1N{)CN{ZT*fYFeO2fzy|QT2;$jU-JlBV+BJnrRUcK^x4=?c2cH}v**E}>MeVx@y zcm8&X?(g-ClxyCewG|^#(i`5T*8~e3z$F8X=frc`m2S3Jk#6`G)PMM;8JyD>(xE%p z9n~FN~6%)D7uHRj=V)bC3qUu8j?uU($EUmPZ@^=(RiL__ zNGkg!hY1^Ci=Pl$vDUbQs69M9xIFUn^7f)!JLZWBtPO@?>B6MSHTMO5TDuq-w+;gK zUI4#J(Jp@c>C+iMebfq4wB|w{oh)5Pz@&piUEpt}=$yv2-^UnhnW#JJ$(yK%HILH3 z7HaAf?Uio^Kb`Y?^yrL-horq2JA|%h!NHqVRaNi%`0PJ+Y#S~HfwJuQ2_snA^gW%r zzE@dCf3B?51I6NEoGx8kbt6bFK5b;ywYbY5{2TKn*SUve#zGM1l-PH zl22?38`dX$?^;#)H9Wi(_0Gh#WK25y{fd9mH8E{<%sFES6}dk80RMgzI%IpOLQWz9 zVO?^-8F4g_`e9$s$jD=ihN*I<=qxsG8PP$UF+Rla1k0v20i ze|BHxgyJ?|YvpNoR)06oXHUprHgglaAmsCy5fp$b9My?8=HF(&mwd2PhLKudVHW|B z!Kx3t^X7PZ&i+L{zkfR>zepJt!i{lGR<^x!!WhltyadF_D=Z8!TN+K)Dr5qMpyYYJ z+q`jOPj2Z-@}>7S8j_$%DiPm$jByEEpW4t$Qn+-p*fqOt;%-lmZdO)SWO8!tk>&2T zwo?Q5W8tOU53@$EYnXy>ON$DsrPS-LU*0!|Id(+f{p9p?))c$EC-{XSk2|E0}WV6(zuoijkv}qhoYY5gW`-r}gz? z+MX3ACh~YrdUL+^kZ6AhPwg^*RF<1DF$^x!acc(K)qz+x|SywJV<&ijjYv zU0mMqwvNsiTUlMWeA!Rwjz(%L;g8}P4|CzTk_CE@goak*H?lEj&YsR8yV@D6hw_6iC%87!a*Qc1hq+R_rDnK&y&dhqX9`;hGb7gy!TBAU*+ z-rnu(*=^71i(7|#qoB41@G{m{ZKC(ELazvY9t0eD{_2$o#dF|$m> zu#V`XXJa1H#8@~f&y>XNj&3hC*q=y_n;AHYp7)S%5U(Upc>1Dvu8Slgvf1%)xv)bb zF`$jWjoG!(PbSewrZ9BUd~1PUg3SP;th)Ufc~qXbT~obr zV;7Nli(o(NONj$hx`*4{iz?*_R=sQknAV+G{h(RfY^qyjYX&zIcBs4o! zD#bs2hWtR_FQU{HzH2{|A9|Q+C1AjXq|1@%0iF@=GO!1evGg?qF9P9B{?HH5#W*ZS zE1E0c7WjhX(&5n!t*e2@#4jMwZouW(bMXITW-Yu(&0ka8Y_DG3#^E-0ypZcQIR(KB zBTqS?OUTyv`1nl1;-L>-*X!7-7-#F?(7$#{_TLEf*Fj>xqBQyt6^=K{9YrpJ+AjT! zMhsK_w-(+^87SG=2@0{)-lu@kR;Ey`C+Fe&>!Y?bzj{+C6yv4#Qe8TC=El;*6p&?1 zTG}>ANlBI5=QaI#qbY?DxT-rSe{7wcsuVqc?<9ak=@NN@7$R}wxt)-el@+Lkr1QWV zqo3pBbW|7NHxb)+P+HpS+s`aOVQ6VK=&Qa3K6KK3{ut3AH)BGLq@715%>fwN*M7nceuRf7Q;m)}kEt5-#6AHYrK2d0bA)WhS*Z|EIle_mbFQs) zuUQBe@i6)IOiWm13m`YS&-eI3j$j~s7g@Qv8s?+@{kPM_Toe@OiRj@DL3$paK>Plh zNlw_sgEF$Ro3x#KHWKglF*|bED8j?grW6pWesrcU<@cEJ{^wf&H=tEx(}Ms0g$luT zM#cw7|4)}P!w8V@1*wqOaOnW@iLI+}V?82v{;^}$GL^@#DHq4bf7J^G^($Q8dB=kB zC%e*DVG$7~%rT$`6}u0&!Y%@_+4essS#*-g>1ZwmOWpw{lizb}`b!f#Y-vvsa*ELN zdeZtQ)uv6GzU9pQ{w)J!k9Lq#$ZF*Jk}4iS!JWPgoFZa#5JA%5B`sXMN$Bjoy@afo zdB)|<6(7_?akz*7!mcL`#QFp_j!8(MhP^T_B}LZDtF&SkUln=dqMRIy-TJS|3V=TZ zQ2>2{&*45ocIG$^ihx1^q5BccYcURJ-Z%or8^oiUw7Tioh5gTOP4!kl_7=m!_Xfbk z4k|a-Kww0H?sHYu0YO2#ZxgelF0QV6hzA5ld;It@PEB|KMc;3{xTxsavuAfOMFqdx zku6}y)w`^4<;rJ>ZGJFUL?$Fu8x(`rLPbN)P4-E{gqSP$Q6AU5hq)sxm`!7Y`s>S= zFJBk0BBwzgN1^jB3QdJxR%HLGNkhmlpBOwRH-OGwox!+U2LuZ;FM{|E)LfZFpJ$8f=lkae3zjNJi1o z>+#M6Ws!S-4~P%Y2OArl9=?+kl##q#mZ!4bK0cd3q@#0knD90rCKz_}5%R9pkslTe z4`l8FH^trHJ`yBHOGmd4Zk#P#if9LwkqS&nK_`s$I_d}O!@|Ob#>XE71Tdfk2}*Gs zV;&*&-jOc?Ro>0Q~_(cuU27~cF45aMCax*!!uEDnmsu=dB@jxGcM>S1Ox9Aa<>L zAhQk(|F6xP4`7#S?)=47?s80N+EsEF^+s1WH;B%g0Vr^JpX%!BqDqyl2K9%`4=aWX zximI_n3y&-vHyE%JbY;BaNzt(N}cerAt{CI?CdXfbr;T_^**~aGdcMYFf9#kP9HX$ zkMZzr5|#(tg`)7Tw4LBZkK85L9HTp)sw7qrQv|1HX13PA=`#sAK+FbbhyVLWGyunc z{HZbMipH+q#>{+J;$ElHXT2%*>-*l~y^S+2%gaB&a&vPlOdA6ocr9o|pUAuuXMteM zLD!LA^i-%`*)|&g&uiymSc;fakUhBL(b=`*zi>#&IUyH><4!b0$<`p)Si{qO_$gjv zc^GRIiod8j6EZJmqy7E2|9Ugy-?!?+i2wfb7*n3Yf5ruVNb_2fVzS>^g+Sx?W- zvhZmjtsnlh6W)mb`*Zh<6M@5{k85#?jX{bB>3n+$)wb98Ul)si+1{4=(of%+3E+UjKCoLM-0IX*B;YKSJ@xhKOhR|MC+^{r|t{@7wbKjT@17 z(v9kz(1N{_)7h8?Otas4{lgWTS?h;iHX+Jy@?PiZ>1l1#(<=Udx5_{NMs8PY2zz)1 zF)lJTb~Cs_+u42lS!brFiT?!0CI0h&{S@f(F32ey7ZN&n|M;ODTQNS8G>f#in}dT% zyRfj3#tUKu*L^{97F~|fkZ?4MoVTBNLko)Vo#XrcH{T-G zZGR(r^5hopPgEasmQFRCV`XErpKrPdl?}`w6wOKD`YkpQyOF zEmTPMRGgd%5x}oXoeJ;r?TZI@P@P8J zfyu_uQT)-l^~ej(Zf*yTAKwnyvCJ_B#Jp( z24(u5(B)b(IvsfS_U%I$w?R$i4EWeHI5_xgdjs09o^*9-Q=Qh++Ygxf6Mq%<0eA^- zIy5wN2O5QJ%-t(oXam`Xf$M|>_w(mZn>nxlBi2Ftgper>yf{wLM*~+}Lc%?$Ea+mS z#<*{r03!*Mz)B!XP~9mlmHyvb(*81{sihfWE{X*ZfMxXc4`3KlI(XK(3m3%Qj70=@ z(?ZNykGl+U`>iC~{@BK0``v78e^Es}KG|TP0=*1`9PTv9L(~ zDweJObYQ>`a3CfxZ#VAAXOwVj6&zV>F0SD-0b#h#%;6W{3S)sA?d-*i58I?LR*H%W zvMNE0;ix3{{T=uI{p<>w5O;FJ;9DWm=dEM6Zr!4idw*?9IZ;l8Dbg zfBwO-26^rv|IthPfI^K;Oo)ep28OSTD2X?dNQ9w5j}z^2RcMab&cx({iz=-8Uy;=Q zupaKSI4ruZ(Q}7Zobuy~v{k2YM@ft`L^^4OD2P43pTge}9H5oB)}= z)*X9x@BWCkyeO4K>=9zFaAx;&)U+>NzI@ifL6~2s1OUMBiJ2Fa7iY`|Kw8+hqr!_P}125bTMfs(+Ku=yR`_2F5b)wmtkm zKMmh!CqAzVLMYQcN{&yXc|&(M0~L{v)FKXGI*#tK-DE0#zJGAf&Jx*^zP7fsT)yWQ5(2nU0;K`?#9s#a%itcOtN;_rT#?bJ zc&N345KmBt{$t6KAsXYY$b9XLrwv}ErFEPf!@|M>VA_dg19Efl;&beG&6MKvCg4Eu z!DgJh`t8NMg(%vt@q1rV;>ZddJ$kgOF-iEUwQGL~U4I&b3$TKA)k-80#HNCRg1_)C z)y{tXdQ8=_fXvYoCUhl-I+vv1zo~7{SPm}<(y>2AKLXzu)zmma6^RgP7%n9;Es`5L zOC@w-oR$VtVLS=}LovvGZlOwW5jgtE)29mqGH-AcD08iv0Eg{VYrWVl`33e051t`NYW<~GsXN=oO%4cNU;@oif@8rLKKaxaZH@N0g4-KYgYpC7t* zZ3J5YIQpLLnNg6_>IXxk97u06%jeDER{DO62=)h}tve}?A1~gy58)4a5SdLUQ3-!OQ(5^mkCDuN8hS!@lfj+xCA)VLqNIx#2fBnpo3lV2VA+26AG~|o;5+Equ=H`S3P6RUpMzv~ z%JS~q3JG-OP~kVs2u9V#4fl*sd8XsF6)RSJMHK%#s|C5b`|X`a`gtd^h$8g9U-EqE zO!|&)a`EJWi^sVX(FqJ`_!t#`D2dA5AD_=2pQ~CY*aey+w%8N$MCOn9>qb=65d7Gt%#=EFCyvDZgXQdR zQU~zyzhjgw=Y89f{PcrZ()*^PL}T*3phue@LQ3JAz1gf#qODdH0oWXsvajVoHnD$J z&TEmuQ)Bypo!G@MShkE=9NkYxRDSyOh*pmA4>n=+(0B82b`C>s(nE)=-n2>B$s*TC zFTXnN+gmG3%TW{wi0Vff>X|EcBncESmvrk0jW9wP#Ye2!* zGSYKo4Ib$&(L6YBd!eYPYijCjT77r6be@U6; z53N8|hSMeAeX2_+&EBJFChOW76%+HAZkzSJ3H~HMiti(2H{X3nl3lYC8arj)U);5w>wnfM-|JR|MNZ6o5iL} zJ#v6eJw{m*A;r$l^nAMYch=6a;uRrKkiM+u0nqbGBjecJW#MK?ET$0JJv z{QMSD0KU1#udiL^Cks*S#s2iyl`B`WnY*BmUBWPBPPH9hMX+EUDwKqPhGN^ufv3)l zlO{YCK{X1#5Jd;tFe3igz-+_t*?5kmTh7j3n#fU=V8Rw&+R`R%)v}; zb>CqU)I*f^!^tNY$Z(nc_ShfBn$I`&>+9WMsO_C?K;CBJ7>)HdRk$;ld8+i;@oP+qZ8oC1Mw2 zLBVk$dT+MIsm8QjB+1lHkKSIs{9-Gz#4ZPonl~*~R(-m8npa%hrmj)Pj~*R4d-h-` zc+JQ!b#)6M$hfN=w{z{F@Ep*#Vc(i3JL$&*3wP<)}UQfa_sADagLy$2* zRSLh`=yTuEiWc}Wk^sj^G2n2qb14S$LD(D908$d!9eu{Q7Se1Y%J0{&@eQt5m>|D6 zfTm8dcrF`Zw33pvtE;Qf7;+_ z?1S)?Bvy+H;)7HUeE8zs8Oov(Lg3n0+0+Xbnp*XVLx(z`&KomvV$#jj^V=@D zyH7f*Ns>lw&WXC|OWb6-PQHEf=16M44(+XlV6?M{(h)b<-zaRFGM3Q8?Q(GWIO^(s z{Y&)3J$&x!Ri}6FbV!w$1}~&eATp9YyxE3O-`y6W7o>Sg)aCddWGvABZ{zG^Or3a1 z?fY>XH*R!nm6dQgSxYDK62xf|Uia<|V93M3@qw_c5A*Yf0c)u_i@O4HoTEk)^IoBv zP_pVNA#|c6zQ6CXqxCXGFP-y;fo0-kg5p_WGNJ_97&}OSZ9tXNlvXEip0+^FZ5w@4 z0G))ox@pXsI*WtCFA^w*(%-z1Q9l13Co~i(k`dSBjRw*~IC9-qlU=(I0Q}C^88g{q za%I;@f8oMWx~mqFLPthg>(oAXrbT)i z8J~{dMgaqA9DhqYNm%#0!pN}~q8ZUGaC~W3(ZbrRS z%n&}qt9r$RhOYMAsXYC>S4@mFUn1rc{YEQS3gKQ=G*=?q#eYsyK*B-rndpxOy z;P2UoE?%vPmR)svcsN=8sO$$W?%K8M!8LvlK1o)abYf86ptjyUdkSUw>akxav2`um zhy<3VwzPNedP*QC9Vk@GW9iE|n$2InG|OZ-y2~E#wM}E-Gx!tM@#rcaWy+<3%LE;e zEc`)jLgGDE9{1bZT3^*sl2P=ijinaxp}#7&7?X#_ zoZq(?pR~T}T9aHCrHM%i304$&KqJ>z>+ugN&8L&h^afvks1UYt>0V+Eo#(rQAJ+Vd z8Q-CwdH-W_w=;`s#;6>B*J0%J>1)1DUW(vN(CwI`WY#MGcY<|eV<$4KrJ@4C5jgMZ zS$*f6l4;P5s`B@@yv1SKJnfEqYcKjP`yQ?t|w()3k6@Z&AlyJLJ_UY=t- zPwe^{zvUgD9XWC&q0syBJAM`+ko7wcbFcGi?GM8r2Jtix8cALV@b^zkOB?y?^`)nE zjyI{#h9l)M&U9a}pp?cuhPm=9QGdF3BkQy%EkC!oU!OjGT()OxWkJ^;6Ia=s13&a# z)03ATuF2~7_-7^STHhKz_gF4B#V|=)F^`+{iku)J7 z#v7RT?CH~PlBV#jj@69oK*8OA2?ZJwQ@%Rk8A@b|54tuyp_iaef%!kv(SMBO6=V5t zLtj@mCKQUBGBx!$>=jZuYIA}_pr}A>TfWon(j}W;YM+Ert0xur=CF_(Q;}Ih>XNj6 z>7>?8(H7m1_zG-6S6(laDsU3ring*=pqcJ@XM6jCO1HoaX+EEE`SAt8@>EtXMqami zflWhH-~Ro7LI1^-bDfaO_1C4&A$ybrDzpvxXHl11TSwjrIsau(gYDwdGrbKwVnWVt zGO3lXDlP4dzIXXNRN0T-zxPU)>9cHbGA)O^se{BD!oWc>nm|d`PJsh5GCS0fnUp0jQ)Fn-^e3y6bq&&p^yy)PF6`)d2JZ3(xDXJ zBai006fd|`x@H>n8Ls>n^B4vQW!cb{C$bYKb}*f?f7v!sg#li4lOXskB9&+(PFKy#01tC0J3^U`sAV+Jaa|-7D3{yEv}QAJ z760s0e~k9_&yz4Mc_ArEvIH&)wkRk%b1l68*&lWo8Y^}8HMaAF2@@9R>5YIv7PT*( zJ1NZc-v<=QVJ!-Wvk;}l4%^s*@ zq*d;{{BpzC2<4}n?_t@}Z4{Zoax?-`y0RB1O-FF^o&f}1B*>%taYDA$7&Uw*oWjXQ z#AMX{vBqzmM6jdrShy4&2ooA9j%f!yqhDp3dFgWR>Oc+UtJAl4=cultWyRU~w_iJV z?tXond4F}dr-LtEs6kDCc+_PCDB^ayozcoGULIvYdzFx-S37?oG*BhJz5*BYOk*5{ zUe25Qa5e4gj$fw8$oz^O_w?veu8?7IE0N}rpLP3jR^yQU^!!0EID2t>(TTN_#BOD= zot+|ehbz+uE){5mlKi6Ucl_+3Ac3PD0S8nS`XXLaskCkX?`p}7yrd^%BmW8n-=b+5 zv?)6~dmD_jApak2COwlD4}wu`ub0sFTemekSodwX zkz3z~vHbv(5)i1GLZev7wXL#c`NOsaQB#m7)oq9j4E;I^QfzOkMw4d3GF%6kjs<5+cRH*5@~NDpl?vnQwXVPbj^gVU>8i& zL}~yfSmZtw{??Qhh*4LR>?R`LJRZpmnttKD3eq+9bcWs}2XRe;!Qe*ea>5y8uO&5u%sN3@IeA6E_K^?iY zo`-tnZ`A$j$Z_h6CJzhEX(=Ib-(KjidEAIYKphgmr8e{XZx3ueJ%_YbA~=7a%DBzz zXH5T$j^M3K@w|fHDHQ$BUn?{NIZAio`lvT_FN%ks+~1HcVA!EQM*r^j5RE!UJ`)RYHtc6?-6*?#@|3*-i^^O4#{?-6c99~~VXuS`R@x!qQ$X%~U! zcmmTSf|mrEq=GJhS{9S5oH<(T%;NFUp!@Xyk38TKoOM-?+EYa*Xik7 z21rzMH?THFmU=vZe<6Qyg?EskII|m?W?CE8QYp(ya2 z20h0{h=smwDM?8Smn`W786t#lbZU&G4?!SZYGCNR>vVw)2K5#a`%YhdFT^C6NIfPI z6^z@REx(XxrP~LFh5ZIyEY!qn{GK4K3@ng-hHqRK+9G(F!`#qVxt_!*2mwf6fE&p^ zjm3)~3djz6`mIykRny~P_={$qyb9Qla>Zx*ny4sA69$O~6hZKd;o zeK5dDmzF!IC~i>4h*z&(edVWyerx-0p!L_46AP`)eyU!-*F8oRc5tA8D<~Xkh27Kg3f>J?k=C_5@P~;>?fqv8H=?6OuMLFA z;dPT@ugC4_60u)2MAkJo5AyF*Up2^S%5^m|9BOKar6&9&p!T6uaAP%O0vMd#Y2r{UK$3S z4CNU?V}sz&QxBG)PVkJg0ue01(L!|QUC}azs)Xan`J4C8g`x%DomNWIro1WoM`11O zVmI9{g_adFb_R?bK4cl`1&=1wyiEP(?b}e?3n|s`EqQjLtI@#V_EY;E+qV~SZ_>j# z5{Ps3#dV-L-e!YW|Rn-C;o7tcrLnEVfwivAt-Y4JB{LFiR6<3TKLXicyff*odg7EsvX zV9_}jwR!|6Qe~xq>8~gLILt}d#?1kxa$Gw|VP8+sf@9Klm!i07xwLu^n4BQ-Ns~rk z?l)+hpAMcIz38b}w15BiUbWd*AYa#MXk4em6Iw+uJzyrpMu+JS3CKJ7$7mrg#N_i2 zNjZG5Gj&qNwmw+2^S=YgDbvfA7ii z9oy18ue`|49)#k2B);x@KV^(X5Odu*c-^EWKzO8pzhmhj-P-{Q%PTxw5&?GFCkt`q zZQt&*D#=b62ImM2r&!#}Gs=!VoAujiT!tQ8KTsn>oD||vQ6C|KZ;66Qru*##u(Y_W zOlf8V7Rv{b2GCxI#mhjV#b7C^!=y>L0s!PzYiM+Oul=;Pre+UYQsTZoG$8NZ5xy^9~Lcl|b470?{gdPk#~t6B4X}u5xu%~gTd|57xgS+<(^t?^Y>W~AG^f9_DuWS zs+jkO4|*N$5&YNQQ@*SBEw-frqHXA(G{=v z!_ubG*>_2t2{^1&Yh~TW zUpdEE7OWii$JS2$+kYi(@C!r3<9{9fjqc{d9P{l*dMW(L1-s4dOB85ht)`~t%){00 z4B^~VgJ4*^O~BCYZOOvYm#W8Z<{CJjv+~>cz-BLJ`!$}k^*wsb-Hia_u~%$UX}KRmCM+|;zPrb-)66!IWYbh4&YSF$6=BD zC(=f#@QYI)BU{w6+0O{8TbNw=1qY|le)XD9D=&4zo>2*ojZ${X!G5{tUlZi-zfd2* z<6F)aAcjY(mt6?wia1Xiev5{MUIh+P0lMowQ3TFpTt>^Hvp+Qaew@b3>7IJ_R2D)E zNY!k0(2jXW$|Ig?s_uVAWvJ!wq@5>^Fg0JIVsX28rpjz%T`V4Uct)o4o#Dji``!5D~_%|$^4&2pQH0I9nE;3dSvQS z<~wQHz6??a-pAK9vGXE!w2N&- zy116E?0d`k!grC+8^r%;TE=M^qw$}4yArFkHi&({ZBT~`7sa4eEW2s>OX)1VJMC@B zg_{%vN{ADGQYYgIxJ2>iHqCaQz~B+Nh5^pqoS1hrfe@R@pR8r?@bD~%!l<=haH2dp z5;Lt%1dd13r^>t7HI$#nUv;L{9KHL(zp2g!uUBf= zpI;XSEVTa5ZzLqtPSVo+&#$pd{`YPFy&C_!$p37M|J_pmti}J$12hxYX3cHc|Gc<_ zL?@O1d9-H=SN#9+BM-CFsAR6G6*23dzxlt9=%2Otzxjy%KMJigjjB3+tym9!6xSh@ zX9Gah8QtE2;oRf5pc_CG#-h39ZOK31`_69*t)=uq1sm>cUbxMzL*-N4-Gm1)cQte0 z46wRTi4aZRY;4_A-~7lk|F8RRmEy1Y8-iGa zv8n*@f<)JcgS@Q@gY&chxlecQ|Ns4^w=3&yr-x+%e+g6{WnQ)e)%GWXfkKYHOI37b zaE|HYUeYlSoE5gexS+!fZnPhJI`# z^Wj8}ZJB4bp%OqX32#ZyxlM1!(4ZK=ltVYYt74y%N+l05xU$-07_eWBZt(1uyI0Ax znEmC>RI=^2J*~8F8;6#H0PFbxW0UOWTE+WgieDkNEY=ZwQ|6Ric_vpTYxMMo80fGo z(?3%xg#O{w+Xz&09NK?~^sV80c9D68fV43H>++*Nb_-WuP&k6~Q84G)Y=e{OZDMQNVSOsBYyGgEvLvw1XQbVxB6 z{^Nq`bS??u{sWBxdOl=GdTU&LOh^kI&+QB16}v^d9i0EYsE;k}xohyk0C7(h*`Ab% z=ps#oBD?DD?ml#1RcK32>Vb$&hD>17!G7wZ%mxC6T~4Xi2JHUmTXvO6;xF81kdU&i zS<38>r^$4Ec$87(=&#vvH?|+^Gva4H8&e%&ndLy*Y>u75pyB9EtBr;|(6qrCx7j)PZ}>0m~C$Lt_u6V z*6G+3IjTDU(tGyELAn;{Qb7(+CAEs54$@ohY?nH*z2cfnMCj*Oy3kv2pW1XOuIQL_ zhOn9p^nE)h_Uz1J?L(G7-)pKv%d*&15rRB+hp8&S2khnp&%xgLE@QDAk|aCoMX=fC zqF70k3Tb{hBlRZxLe&{-odI!ED{lVbw?2Q4a2gT$hDe*HM7$l1wX6<_-`%N!7vUNP zIh`lP8Zfs^YN&X62ag$Ma6C`$iEAmnVv(VGP1;N^XK|mo7jU{MrM0{L@TAs?Ph>HS zY+W_e4}lw=WE5r~PG; zstDYyRY>|b;hzgqv>o##fXqTA0A$0TmZlclkmzd48$$GPxv7f2CpuNT|IN_YBkr zh0+<~E!2rCA|x%b&T0v}-}&eL;dT9Vxq8yz>H2?)MY~~(eMqwEc+U$66?X8nmcjST zu&pl^c2~9}o;}8_9G?U|Y0f6!QTP7Qr?;UW-EdLw2B zCc<1nLa3T>Ni(;oPAWfh3q=y!BF919z5fhWU)u(_iB9 zb4kC&*T?8L3%$J;)_O;|#Szp?nEq*wZ$@<$QeO_?7ec|C)k}StON4Q(W?W;CiBDi) zV9IpHvcG~Bn`ga|O!_5`6z&vQkhWjz-KU^Yigs(^5925LCj8H z!3W4BVd(5aARc&&O2QR(^&Ry@`|X84YOKu}q$v4{5dS>xOn2j91x*2-!V{E6-NVV0Q@qO-yw@S?X|J?bG)bTd|L)KF56D#bxEZsA)fl zbqZVMuZ2J^LICfsnlACRdj-sH3O|z2z$}$EpX~R4@5O01l+G}GtRR`*aP673m|?8o z+)CeT;}W}Ma^Q={lA0~U&~3^;6%2Y#`-2$vgNE|MScqZ@|@cyyNNioCnJG;4ZkFA zC|*vt{u+LzyJ&6Mk^}lFyZ2gs85qpD*rV|K4qo7aUF1G?b_wO#<<1Oho?mvwTs=0K zXSTxjlaHITjJWZb3VTr_uFRnmNafYSF2gR2T72v#R|vDW*Tpr**4o$D$sUXAjm=l& zit#7v^0Xe|bEHxJhsE11$9=483v#xeno`e<+tONx_I*Du^fI?hD5f^o)5GT~ih=Sj zljGHQ6M4Ti*IrwAq;tvRKJ$eEi@1%aRyD?}RTpddWraiwG$&>bJL_lMR6V2fs=}V= z>{zQWapzWV#d0s<+nY)W9xKi_K#dlqe@$8&`&=)0mj%rTThkjfHyXS0c`jRR(5z8WvciY}{t7z-mxB|mA zOp(N2Ot7#Y^%p=<=Riw|rOE&rW%e>M@-oWwQpypjyz3Ql29oOYdWbs1<72&K-`HfR zju!#UGQ$4#idoya8B{NJSt1_Cc8E_o?HYD>3RA*w)2Ah)s;>Cyrd?rWygLA52QxQR zoq2}En5=E8{xe!!#b82DnTfKpve7;`<;=(7-*&vJ8U8+lESIlO=L>#mZ!2tH=G=4e zw2@#P`y-W}3dY*Qu?lJ^PaiY>is>SfK=$%A{o=&)bV@FV?7cwFcZ=sgr}Wacd9&`t zu(my=6((~9ZW^b4U(<~fMz=%$QJDQg{#fr z)Rc%s1|Y}hx|>9Qx`om2Y+a7!s^iBbUtOK6W@s748 zv5lIT^lM+@@-biCrJkwb?mv+zIR@jnaoq9$+v04k9P-E zgilNn`^H5sV@n^}7k1kY?g(*1II$%X!c~I8bH*E`YC(mkVy5mbGDdL&i~C;eKQbhB zK7;wQAqM)QK$cM#vDY|N_e4bKJlRbSSrLa=l0=FL&Xa53N7Ckuk&{01!^^YxZl%@Y zD$~rj!^@{|Icm;aQ~piap#ZQZ(pXV%5GB2pF5?2?cjYpewR?7r!Iix#*UfAFgC(w z7sBZ$vmJN)ikTW!4mSa^0YA26g?CMh5~|p#Ed|YST5k@Bq#xX5As)1-=Fr$8)@h#g zJu&%n2k6+bGFEgO3h+k0aKQvWJ~8;~h@lQAUYPw0|FI#sf>K^{CAFN_WvJ-_&yVLy z#Aascg%Oz_wST&c?miv3aln+d?0EqP`;S|m$U_!K=w~({?v#A1ylV4!r9kz?A&=1A zpUnNlYWeV?er^F0uv=_w)r;-M#^1kw-bF#wX@1*R%5Rq8A^6rd2-7U_Ue}KgcNd{I zsPJEt2la*~jgZPeIVN;`vWaKjxe*3h_kJ|xiTd=Cg*AZcVx__sb@karM{jIQng97o z|Hfm_+(2mqB67AI9~Q>S54Y={d*!TYN| zq5;+E8a+M9PWWEB>Lsxv9 zeY=Cwy3btjsxL`Knlq(#}qpHG^!z}!F|uRs7scln0w|I82B=R;PPx?Gordd1?F%$ z-4{0Vv2UdG4i}*B#wTwlMgMZA9zV14w{t54?^gU6Wy>YjQrq5Ei&i6YXB&xeJ@31n zn=uh^p;x=lo;=o!V`4zo!9AxB18HblT>- zS1;$f)|A#1t3!f#nNt?Nvkk88Jh5iJfv2UW=a>D?0z06wOW_I@%8l=kHYtR=jW!41 zu5!$hr}S9ZY?(7&OIeRWi1Vd)-&rVt*h`ODA$MMim<6nfotA$tVy|wBZtk<_($s6$ zAR5MPC`h+tAFgl~z?{iv9Q(EPm=Bg1;Kn^E#K;guhd~tM;2C+6I^fkc7*nyi-to-m z)ZG7A?>*wj1bSmOgp{R{?MXI8PKkUsomld4Qe`0P>d@ZoU;t;H!+M>n*{o3*p5T79 zQY&z~%L;`J#$`oZ=s&pzZpVxmYm-sUl4zQI>TKW{0bDE-9890=z zwK41NBqOt)!S6f84XvEjy3xm4G`70KIO9n(jh8uzqcHn^GuioL3D zd;2`>(!GKb?A2Qm_O8nNY-MSv7sH_!Y@b|o`Hjii_k8QV3#vhYW+$bZKVhlFaS}$m zOY#QG8?Fy zTXBN$vpv;$pKnkRR|sLY{kss>Tx*SscVY|a+34hTyQc}^8I0HbqOw435q+FX7PgRq z&LIh`(6*emCsF<@*N8c{yyT|4n$_|x1o;g+V?^kEI~5a9k5h8dJHta9fGedO098~l zVqfh%Q~8tIdY?S1T-{p~^U@pq6MhX4Q$_^rW(e4UEd}5Sm&tv86B&x*w3>6H7T1&7 z+(_AZD&#@E+UmOfPrbeo3r=+`VJTJ$B6~Ocf@I+tH*`Y6*@@Y@*1BBcdIrVy+OnPd z+BH>O*0stRD`Gpz-n|0DJ%16gf+iHViLFj+tX0u-KL9`(2V{eYf?^AEB4C2{3BDK? zm9ns8IoV&|9PcHqS=Ob6KMzhZii5$h>}V?M^e5S9YZbQ9Mh)}gUQkk4|8;K-rl;$T z(_*dK{dGfr&*!Yz;@ThfsIzpj*OA^YgdhYqRdBa2;VA`3)v<5Pj3TgC2BH9Zdxec5 z=ppUMJ)T6e-$jbTbUhCmM+T|<_(7<+%H}Y4-O@tXEh7TUo*wsrXT0NI+N25HqptDv z9UuNwuL$A>fmsWbmjJD|klr(cWw`?FB$>z3L`pA^Cg(Sal;YYjtGAx{&)i6F(2~DV=r8zd@ihdv05z7vlP*U= zvzGA_@CGHkK`K2b=E%89NR1|a8)e7qM}diG7s}v2V@0B5*I3~S>M3PcC9&;9{FHBR zGHGuL?`|G!Qx!aTM=hW`uH}`9*j-6nfHQVw+_ak?BCbyH*~tXz@tGLEVfbd9IkU6> z9qga)HN$RxP{#nFVQFF#u|N>yh{;qF>IsI$Fwt=F?_Bi0e;Cy3n}Y`#i8vpG+^N#W z_f`i33vYZeBofK7(?}J@kYT5wh+8$d#g;HT1hSTa5kFu7wA1Y8q7h5PnABythr$%N z$yZ{T?vd_-p7w~dNq$sz%VUokzT)PvcbPF~#Iq!Py#m&|$q3k+f#incaJ%n&oomL; zLi8q>mdntYXlKsThF-?8m{dEgPP}ea_8f(PBT@8_MMKdl6-%@?H ziR#7LF0#i$wf3x}>!Kbp)ojv6@%;KN9eSSUHbYFIBb1179cAJw;7odmd;ubO=c*}2 zc0Gd!uXliA`GU3e?{waD#AauZYzgyxc8z)&!?NhR=~^WTxf4&PRHPbg zMDF#-H+hHb0YFh8P<$s`M5YN8YQHKtMvV%}*W7zX_?8cNj}08w`cFygKb!)hvPNX`#&WGxa! z#w++KDgy%rAtWNTV7`RjOf0$JwgUn`izfi_bw$)-1+WwQea%(6?z^|1ISum=^RpZub#8+4g$DG@?f%bM;zpid(X0u`&GNl7-E= z{c=RA1p_rurI#m{8IvQz6|XxA{=V)$hR2Q%MQuqgrYbDKT=1SEWm}XO+axbX_8>&O zqGHSb-}1&^Lr|JR8f&-ohfcP;^j0#vC>Fi@Yw_Vlh4#kAMJ9YyQCKh|!@R{|WQ5@h z0TBq3bA$vKbA;(g`DBup7Ww1A^xZd{fV$|Qz2F*n8|b7N6cKNX*o55fq{=Y@;E(tV z=S=;|Ic9#R@Ia!j`u`cm-mO9(Ad%;kT-xR|QA*cxiGb81>|ts)$oL~sD5ds5bIb$oBvHo~dgiHP2g9(r2-KJ^d$%2i?*88%? zv1?jLYad)8$rc2fz`Nr32_hqXI(`hICh08m6Z7Rh72iS>$_cou29I^OL=Ex)I<=Sx z6a1y!4pWg*z@#qE&s?l1VRJ(CEnj)#+sk2*!T19;PC8+8=%#nO1H zs27&N+9t#O*7FT_K$1<+wkF9FTqr!asB)n|E+x1p^V(YX-T|<>dp~ck%r-gGRw}-W zsI`bHVUNmTmTy*zYo>-*{K+mrPg#*&>saSoI_3&ZfnbQE%5R(!cOL{wCzaJsD9SbVb^*B+okJe!lBcsS%Lo=@vv|+}#}$8VFR~=c}*uPzc)j z<_p3OuYzd@Xqq~CxExWuws9-~Vnghx=El|Li-mf8!s#2AWki-4d*~k8@B%IU%9!Oi0~%=@sW`cEtF%nkg}>h(29Zl*-9_B0H1$ z1<2~Y7muH>8une`qio^T=qwgY5Ok&7VY0c+T0QM$l5jLXB1YYbLTSb6gW3F@q2@1t zSG{<)ckEV!%dTRlv@qUbL#=`kRSmo~0$(GIJ>GBf!Jv*#69(y+E{r`CNYSdSu&uh# zSqAjAxhS}|YWFcGt)K-8A~Sy-@V6FV^=r{q5Z=RV9>~*iL~3Q_>3dMvl5HU(FUvL#g%f=P!PdpgveaR_%pUie^(N2O3vlJQN`t)l`j^Kq&`G!n;ECvCB7EW0 z;OeWqoG4m}1z1v+;;Lt2nbr8t$2ic4#J7c->t&f7ut~+yHY70TNC0N3{wy&PV}h-f zz`3^IRu>ssN)p-pS|&CoLb$;U(WrTai_Yh+(jo!~6^osl05jKLe}FuRQ)zwgzCLvA zLuQq&shuuhQ;}0QL3YJ!dMOr@5*ga7>6X;yjL1=T) zYKhffQfbz+0P4iCwoX)JJI$3_1U8Ypo2NS3rM-bT3I@I|9q|ZYb!2IyPgu! zjM_ou!YveAQxz*Oy1JGCMdX&l8d3q5SSqR5^#KHKz=K;~qlLyq zAeMxO{lx-qF!0o{X#>Vj-oNAdQ1j)n!x{|pQgc_oXHr8-g6G8S;{wY&N;%E`@Rx>_ zdjV|MDaBjEKqijrcNiM>2W&<~;M%;)(^Z+kbN88b0ukzc`?lH?Zx8=3^PC(qF7Am) z8|b@WSx)EfVLcK@D;u2y?L5R z>%%(7s%Z|7ks>e2y&t>3rG8C^lQ=KhV~gh;xG=-Lr{SCcK}Z~1TK(8AqQXfbqGTAB zi@&~ofwEWW<05O@4k~#|GAoX)XRz$)yofa24KD(QkKa&uxB5d1-A>8_HG_M%rb|M3 z-AqhOG`k(%%kr9sM*!@@;ARk=p0nlrEdj^ueen1&4+F=Fber=wkxicM?E_ORh*CB%!UHd{UKZO0HA zR^@XCnz&xNai31P>)yzxw!mghHLKsU z-9>R>Bsm%71GG1lU0YTHi#k0knIE{Qq-$z=XYacp-~Q*%1mt;P$e3`S<1}%Gjq&TS z?aMyy`-~^RhrT!N1;yifqaAB!>1TU4EbO#lE;Ne#MK`6CebrH|`&2Q?!jz6NI z&eZ-@qOoDt<>e}gRHnc5KAZWbKHiym%cy9+NVWx3SSwpsO{MkpOylde=7G|A_qgc2 z5yq*gW|inpf7=Q#s}|N)Dl`+5V$WjjG(EeTF4K?uQ=UJ+{ciOIbUTxhqBrHXM-=xo zNNuKRSOen3Y=m{w&_=a;G*!nkne$mZY@#M9=~-w*lPe#;wY2Qw(DlA{-8g^x<>iuX z1$0lFSbQa;nXcFvb>xTjNAXNPwP4hJdi&M$=Zos3Z@$9)^UMut%Iy0ZrT%UR^WCeZ z^-00Thf8Jl(O}&uFLyULt%@7wNh7mJ#v8#rYGInEbg>)l7Z}vP!ru zHZe#nR|%;*OE`AJVx(50Zlw473?@YmZoJNk&wXHfmxk^}WQ~St zUJKcZm*CvXKd_T=S75bu#OzSZ zCetNsW4fgUoHxYw3P-6-$~)_K_*i)WJu1mmMF$HCLkyt`;+rQ^pc(CHPR8 zplNuJduv=x^TYf2%dyh5obN)euE^B918pq^=mwK*9?)V+cH=2yC_DkY;X1-~5CUI2@ zJC^4$%Osc!)(93@#rI7Cg95A`*W+p5(#dglfmuPOP@kSN0N#l<{j`q`3Q&ml;ULo1P|2CaV;d8SyD@X#fApc}G zxZSl+%a1$xsYKKA^?{g|uU^S#onm?I8IGnt_qbAkH$J&WWY^!2t5{;*BcN9GqR1al z3)v{ia^-tQ?8xDuhtAV{cAy0V@K2=Obktmax#O;8khTwZ`ozhTm$R&IK-bzIi{_bZ zmF}+V%%)mvDAQ{n0e&@h>rJ(VA?$_#O7U(tPHgvo!70?AAp5l>5Hkx=RDV{83yBt+ zMfQr&1=yj%Y6MG7#3~q3=NmZh60Su=u)6@xl1@(~nq{L#Sh%^rv(|bx?73Xi87DEk zfG4LGc6Gewn?v`wBUM&e!u0w~+LK#*#9!&gAC_kZ|Go&e`4FF-QR_8*Eeh}N_3k%3 zc0idKWI!6Enl~S3ie8)!;)rt?$H^GgWeV50r;D#w4i~0BVT`Pxn?dFFlQ6hwRY& z8px41ROwyMo%2E;G{-_J`Q^(uu&bk!zHM-=TCnct8M|w+66(izkG;Be_0-)9t&_BM z9%iL)L0&oCgUrUc3Jwy}3@mB8Gwf-M)UiZS|;U1n!s#$6um?_$O;gg3C zAFe5Kao+M6&(#X(Udx(S8ZH6GRw_x&P({{r)@?D%V!=hVc$qWi-3?>`J6Vq2XP0I5 zxW*#PELaAngzhx%=_d{`Z4K*M8bbyEMKmxx#xnP3R~Gau{z8hj^*8r+2u5a5k>PXd z_{IuFM!&Uu{px%F{(7kVbX1S;-|VmHdYbHYBQBTO5Pz;79viF6WKV^JgzSyMc2H%L z_qd#nrp}h@O$`?H#cIn(?(}@dP)aG=+(Dk{Ps53ym)8Qm-ZyfTpFt$yXg8@@d#>c= z)f#7HWDND+9!Gg!JykTARFIPeo!Fs~=vw{cKy<~r;~0Wu-r4dPTeaT9=Ivh(*2@62 z++xe$O=v-2b%SKMocnJTxEh<=5PWmSjvF`W_up4jElP*(^Vdz6PWjx}DDS@~dfR-P ziB0*gd$U7N*?$~SrBp}aYOUg9Zcr*aKmUED@5abr@xTdFpOF4(+Sx_- z3%u(YgEy~^v;TEaW;FC{I3q5(H5W39T58_@`!Yty)sk{M1cX&Q)jEPr^{Y$2FYcpU zcQ7n0tO1gZl8Sl-9LVL@d0NdFxCS<~RNoH0*1YDf@d(1dJEL6Jet8q37oV|9C%uc{NPtTxBXFcC-!?_CqRZ_lujiTYENZx<1{S4&!l;Atv1ML2A!mbn8D3JKq(U z(Y}GbZ9p3pz%4~)3*vOf&2~WFzFw4yLf54qbk}b4y%dx6h4#CNqem~IF~huTbjZd? zb?5NGM^>N&5o`See!&jj{`90aXUn-0ObSa?fmUm*$WusNtTzIX}gbL2LMUl^x6a zyNAtCN*o$}{hOlqk*Jb+zZPmIji-L4yPi;q^>!`Bz30rSL1WJhQ_AY9?eS`d@!LCM z;h%jZ5>1gjH+4u?>xf*BnEM$!3@$wQGoBKd+u<4xjHi^mp=e@Mb*5f2h@ByIHcx9; zWS?jgUVvfKGly5^h6iAi=>PqjR(E!PuMzWf5J35fYa&?3kDP1bym&>Ga+)F z+LsH^HhyTNNu(~|zxO`lTj@!f#>%-woOvoxjsfHh{>aFqx%UOQfwG&EA9`yvUNz5* zTd${29dt%|mcpJvl9C!mE%a@wBhy(6FoG8kWJ2dod^)HXW`MKb#C`gp8o@Tg)G2@J`_XWyPc(n`Ej(A1n z7j7>C05Ux|8W{rSCljmRhAwsvuZWpZo1<$iT71^6TID772iI&i0M@cNv7f4ziF|Vy z^EWCW65dc`+a9`pCiBO^w)=WZ9yG2>b*oDK@nW0DGyUnd4d3tZlyYPDMRL>z^zZM@ zb8 z7w^km?^7D&S911bl##=h>6hQ!UO56bcR6ri9V-oMf6u{%-furjlfT*=Mqn_trR7y!^w#Mul`6+mHiJ^rUEO#N*65Sb5b&BqL=2cH>{rky->@#W*0)?3t>q4qmaa5CAHV`Vdm2W+;El~jUC^aBA>b3O8I$DXfaU{DJJUoon#RoDRWF*=) zJ*w;3B#~^a$*LJ#i6Q0F3_#jIGr6Sbd8pd&zr3TPih$5P?nl$clH%f>9C67#UuxEQ zR%1`~?7necXa6y?XRoIPC5u*`n^jf2>6cr^B53LB>-&89#uY5?i#L8Q(15+^yV$1a z(Ds0QW@*}w-$M1e`1d!9y3o4E;C|~{%kUa$pZSw^s%5}L*7i-2P32~2IP378Q>G1u zjxC;-_c5~(zY*%>o_g2D2*aXC7n^}$UfxvHSNZDCS=|CwXK#ZS?Q6ZBX*Hq42xT)TVZb9 zYBhfR`2UB!uZ+ra?YhNoOauuN3|dN33_uA{k&+OkrKAx9Fi@0|mKH(j?vhYiKtu$j z1*9ZJLKM!tbi4Qd-fx`q?~L)CG0rpIck2*%xS#vJu64~d=Ui*$B?J~CA46C;y!5of z(Q>b(E8N$o3`RN%TKONOx+U(uD5UBiZ+2;Ge}S(Z{OyF40DUqD)mhcI?kmnM9<*`{ zsL>;v9{KWZ$S>F+CXKkx5<4Tqxd^S%j~b^xZ0^EUzQD0>()m&y5nUb|89ip{AJN=< z@E{Jbhot)?yrEYnX|{8X@~T&0U@S;vDf~La&X)zS6N-zAiM_8d${D8rW{B4N5%{q~ zyu1o}X*ngG{4A}fl%h6Z|?nJf7880eHkNWSO?RK0Yrwz2_Ukj-Oqj&IYSy_Qb#%y$HdV zl{$L|*ke$H4Bjq?ad>hTyTl4@U_phvqgp`&%EF*6QC6WZkZ8@4sgzCyX!=R(Afj5t z#K;)==4oUey~uTWWM$quBf%Ciu^G8RY*VQ)5oJBFU%8$}^WIwH;cvc%xcuL2$3Xq7 zn8%=cri`?AtxUMm*dmL2r6;opYJW#aRO~)xW~n;S#eA9l-UQo$Qjix|-VBQM+hD^f zFDs0Qd*H4REs#mM(~G{OLcuy_y1h2GQoE@!{c65h_Z>{0oHTm@mkxM=Lirw9zwr(cmuRwu8GY8@^r*BRCDb z;=?u1URCNCASWzNN~Vj24b6g+AC2mtIlVGZddB<;UO3L$RZ=!yFW>i%X8wG_$flnA z-lT4Lh>r#U43&$LsrDbJZmq%8Jy-vB!>#k`S~&YVX(2AvirDo18B_lE9oC++Uw#sgHD~O$5D8 zf4|=I-x(dJ1yfW{PLfz!n0^-%ahI=vhrNzgVpCygJd2OghycRyA`kYzbhKZSVu|sf zIb0Gwps1#1+@^6}msEYxg;Q0kh+C0Ffm72F8t+jzz+n=1p=E|c(i&;cQzCPN8^#K_ z62Y}2ZYyHJyB5MD5RU}Y2t-97=jA&jL&(nNhgngHfGUu>hU;&bjKOTj@%5R`#qMu_ za=y7qK+(D@w*9#dg1`YrNicsr?4SMn zuwy0kS1YxgxC_F(Z)L7=xOdeLAZPq4X6wQh;}2-m=h}r&u~p5;n73K!N1Uv04@~c; z5p=TxedA$O;E=>-7T~ z6w=*4b|_)xw)0h0HI70#DjN`DBC^fuXbtGy66I`4*_NFnl#L=bDOc0K!~W=2%L%Q` zT+l#0PLYk&C3?j(TsB$4BniUQA6S^FQe|^t{@459cYv<_hNeCx_Cyr`0@G5Rf)~+J z`&P^swM0Cl46q|4%Vac~%|bqiqdGUzw~ylh?p&aN<%^UbP;KtY4P#jEz53f^6h)tn zOm$sd6K)05MIq}&2(RYX+SL0;YeVVMuXbJ{ggE2y!8LG-ve|wFIN1>*$9y5g#0(WQ zUh(r4fGj2e%bm$h9bt*d?JrQc%opTl`P8ei z&&0ygG6So@BJ7n7yXDltc@d!JLzU&q zeW*ByAmdr7^A5kv)zJbeldG(DN6E{(8g{Lv*pVz>c5C8Y>n()h$uu#32dv{G-FgSy zc8OjB?dug^c&4RRN%}kTw+u{LlKjv)ZyfTZts6!*E{TvIkmRaHwn6k$8C__ot2+zw z!R1%UZ<#>=)X1RLk8A$gi_vyq_Y~kjUwI4B3)!|>0CjTp7DOB*SPDsn3%M7lp5D28 zm)D~A^n>{yKYy}p2!pu1?mLFMe|eh-I-BGnf;VTAUy1ht5Due$(k%98tyxBm@5IbZ z6BhRSf*ZCyM{yv*!9*fDetN7K1#Rdomg+z{_*<9B5-jJ-ru5%+PE)1Mdu2sem|}PUPzy;k#W*pP}0I z1iVJd&MXLSQX?FRjK~(h!{h}Z&IYnL`rVJ| z;#n`>^B}C;q}*}9HsGN2@%E0`K*#5^Qq5x z^-BB2pSEa!7yZrwm!)7o3VlNa?Kg1OkCf!$p9rrCYv$p7&hqV+yKP7F+QS72x9NaJ zsYgteo^L%@IXDtluERwtz`WwazCpf9MAl3*tdB$$$8-{w%`nQ7^I#-8`JmsrX`uTGY`74lMqWjwI219vd9vc8A;f+?m%mZ4E# zEP)vegf_$MU{shDV$Xwe2apybxIPJrG*$o*?$|7n7LsR#3it%9cq80U!lj{oPApEY z^!KU$hI(@m7NgA?&CL?!kfp=G{=84VeDcA0Dr0EQS6!8p!S6`wD%sEQw9bVxlJXkL z5OsWb9*2dS1&9H%Klz?`dWHjMGvijQK1qgHp=>&Z;ABZJ50A3}A*;`2qMvTWRtMz& z&?AoH(64MhwNuny4K-n&XeoTC^7_jkD3Qv6&OH2~5ezKAlBG49n*I(r zGXL>5aeF4PFRvOo6w3__X9Y; zp1*K$b5j6mWd-{k4K-zmH5$7NAQL*Wu#-#2dGoutXmx@hA?~~&mF^!49SXU)xLnK8 zs=M*IG&KV6O9}S9x!{d34%i5y7P+i+%mN{~LiCdZ7w-m=lLnQ=%BH-+m9&akPPLeX zz=IM9uBdfu*3{#pkzn<}?s8vG4~78qKd37YpxgkG@H%8?k|QFAAqw<&EVI7hVIz52 zOqKU0cWqyM{~;XCu&Vi?JBEp_zP=HnfLHujxDHhbe7doK`s{@th^GerO<4f}fk1A3 z_m`M;*O;KHgncK7`FbRXlWZ(RNC_M()zK!D=n-o2OaNDD^a-QR4yY-#)OH*huoDgf zR}(QGZfiZY^?vb<$wc22`l$ve=;`6%fzB;-pp1sG{`};x&tb5{5K2FIm>=rt=?&o^ z28;e4rn_H24wF(RCnktSlA?h&R(Ehj3EJkHB&8FsD)O*S#bairErkGiQ+SJL%x6R4 z@&~wMzMM<21~?;UDuU(0gogwFn^s^+bu^SI>#R+rZfuuDV5z)r-Dgr4FqQ58J$FgItK=Y@gmD4HtH3iAtK8m7u-fm z8;g=Wni0$ii6gFM=7P_C>;eKg@=vl@5nVY26$Nm0m#`tr?1gskF4{9i4Y*F;A4f@| zN`$mo|I1c&wO^o!q?3Tz$cr!M#5NvPO*aUKo-|l=dl?bNh~xm)McNDB7KKY6M(Uu1 zGIMoIX3|M8eg2D!~0#u8}Od!_sU3{LjPDzd2>^2Hxxm|DP6J?hkpGXC}Rq|TLlhq zfK*BaZ*(<{0R|BIW~ZP}ck^?A{uJ=D5meug7;=|+wUgbuk`b!#gP}207&IV@Vrj$J z&}Z+lzi`cG5JNE<$JfTj@>_lr6|oyEpi>0q2#`*??;vX&fV|Ft*a7M3yo`)1SrY>Y z#2l6jD>u+a1KLT+$jIZ#5|1)Cl41C!K)rb)#hkz)H3Y$0K}zZo;FbOxjSJPgs4UAD zN?st*SW8LC=VvQkDD-WlRS9P%cW5h}KfsAdBWxQ`BhNtz{)p~mFiXTDry&0VC5WUA z}Bsh7+M;J8QcDTB` zf8eeY)^>I5m4(qciij?FGS8!;jF7|wy!MhJ)aUn=O-T}%Rq3o3g&b$4*IE@ z#!TDo_zT5#y+dQzBx@kJVcc>5Qmyk668C{Gd~xt2{vrxwwS~Kd)MuKg_B_*2upar? z7#$2Y?&9;v$Y|t&*e9Nw?b)R5e4T>(q=L}te(b#!at~0_jnMKG)YRg!F9vWwK`I_$ z-k?ZoE@ZRD2wJk&g3CODn)zdR0vCupA1=zsC`PLJi3M1SrA6rl1gP(5 zl(OsReCOf^6!lsUyxoKNdm50K#CrtaXqXT{#@Y8#GI3lyDTdQ?=xz92lw~oH6-`zH z^e7Y=g=3u>q1y{W)0<<5z?K3g`C)Mz$-kZY_Dum|2gA~{wV12%Hp1g*EUNGa07X6^ zVYKcpS)n}#$~hJbBo|d2P@PU{zr$+BGRz1NP}bLTnabPWm-}Dd?XXS<7x4e@1Sh>zPGu{@C~V_E?V#yu;Kq&P*A!w@LxETsM>U>K&0S&KLkhJXN- zi235D%IHViydV~W;1n}AGlKvnr)%~UJt}6JaOnDmg^_stfU^M_&3pLINSGoR6AK;k zU>pc|0?dds4U?pzp+i?KazgwH(yx!4SvWvr)rw!TCT2G3a2;Y~d~Kj4&Y(2$fRJ(k zNODjxL0UwDVUr_i&BQeXiYZW0L$LfbVxLoEI~ zoejr0T3|j8RE16_G)?Vgz2n=LmJ3k3)^6BfJ?nn%9adll5+PkZJ>r@&J>=D8O5g?> z29cX&2o8xT?zjco^sQv?AkihDmS)d$VWd}YQE*{f0L7IQXdeD}0pH$;0786>A6v&8 zF_Lf){kqannG+6kHj(#nU??Ea;i(aM1-ktpmP(T1si%)Hm+lHG2?<+x^!va*5<$U2 z65NY49(LG7$Rmn^si7m+XlQ5#{JwJi71)ZN>w@OWl0Uj5Q8Ba1VRSXyl8&nFjLz=v z(`M3b2aX(30#SVq+%eXkaC@*6pwTeaHg13d2pB^~WmuEK5pNIug#n z12J=PrIxV|?5-*_XLe)anA3v?!|T|@1mai<9etu#J8zAQ?p{GWiRD3sng+VG-#&Pje}wVjpRZ^Qg`jGth}7m(6p=hJh8OKaWOsmXQB;N(SP6q zyk>S_XN+PmDv9jc6=rB1XkDI@$1*Riy29KxPB!~}L$SP4?TxsS%neGqLcmgKjKj_c zd@E~f{TT586=*E{4NW07{JK}MlkH_Yu=Y%Eu=8Uvvhk`^JjW%+=Ks72_X607XN&@_ zwSR=|?34zN&@O3FHO&!+Ah6SPGlkNR!Ltrtj0wsqCy-Av+vWmk96WmT zk{1t}(@4MLqZrr2uO|qWF$P%1@LlA?2daPPL@TJ;e~EY5C6Jqxfv^@97T_)XYGp~0 zO$d>{qA{=Cqz-ZN0VpT}o52AR4Wp1rd#=JMcY04of;)(ACemg|F`kdZdl=E(EBf=F zX7v8tfA!f_JC4!raTvrT`3_8t0wBxAtksTjc$zV!Gx)$8mDgzdL;Y{>n8>w*S}n{Qhea20{Gi zKXxhnx8FoTk&jui|M`uMN_+m*GWoBsjx+z4(Ez{y^^((n83FL?AB*DtuUw=&Ng2Fw zHwU`?D0p9Gnznwh{*Md42Ble^NEcp+q9gz3ZyN|SO7tWQ-@yY1%3mccX(K5Ei6{%o z|LO((>lbu^?mQpv=tzMB;j|aDLm!+E7-Y0DYi)EW{v>aLv%qWHmMtg5|MO;YeCi)u zSu_uxOwtQ7I<)i4@)u^C9)|Nj{S&a&58oW31^74$t-)5Wv` zoblUTN?#?MP}pRZv;>T{7d(Akh@k)RQaYgOmjy%#>gHZM2lw)JBS({E;}hLIe`MM} z-!EKzwAyH0&Q`0!n~z`r=Q(C3zOUDQ?!TWgU9rczeoi6={&|-_fBwIHa{c)ffByXc z0qf75z@Pu~fQsnZBfqat?IOs0`UT338)wc*|Lc~aT{%_zY5~}|EUbR}J z+z}x3F$Ps~6(#*!Q20K6elL(aJ#g>>2|YBP1eOQ_kS~Pu=grN^sCz=T`tH@(>Ob#M zx9@LQcZ>>-{44N)V)5Z@o( z(6QPbI#uVVK?$`h04WD0LGR5Vv5wOmuB)0GTGw~AJ^oW#tw#0|!@#ozr&m}FCw8fh zJ$A_2i8zW&F>9=@s4$zImzuX1gC9~(V5KN{(awrke3Z#!-+b-zdxbwtRNbVQ%hv5%RsM|;5aLQy<@dH z2rEL#Awjyx`XTJ?aARB)abzK>Z2-r<8+oUwUiP)~9}6|4P`1}vs3B;BMg_Q4i?bSD zCr(7ZeJi@)@z7Hx%TG%?VG(~M=9FCd)m7Lox_8A6bg#A3lAp8KD@#W!z)pWk5CoN2miKNOER64{=AI5g{s=W?Lkyq>W>Y4OEdn0l8^7evV$7iGmq}Jx@ zADz#(P_qAZaoc%r`jlJ>?H|<3cKU56hK%7892_4VeGpeA1(Tr?oTb9;`PCg@qeu-H zmJ-TknECh=Q5_bmnl;K~_Y?niChVv>5IgJ|i~1Ny8^OFa%fmr`zuUGGYxZn1GzgbI zwe7smv(!f$Qf{wyUd=pz;WFDc>*MO;n^{@nx>yc6$7M6WyWuAN;NCWs)qD2bUM_b) zSFc0#L~7aN$C5#k*`iGu{(7}`wK;Xc@!SD9b(VgLAMFu*_$_)@gAl;5_jiz2pzEAM zk3MFTFbsxQ*dr_)461!IHT5av!!Q&qgYd&*^D{l22R+lyf8s-sa7H=BfHL3AA1{FT zse;7l0rtIn8*5O%|Agnt7JMj*YuB!gLsUKt=Lsn?&yu??_+xw->&2z2na4~`8}C_~ zSF#j{PAnH5KUQo!25F9zXM-7_No!eu4EpUXT1=7YevLX?!EXJ2#jKRKvbATY78n$Ua zBtbIIQffxk6W(vq+Q!+{HGgOlgbnJB*hojg7y-!NMcN)B_d({M?m5xt7N&=~L%i~S z@P747qFXQ-@RH=4Jx%)N%Ca2ezTH1_m|P#lbBBeQ=i%BVCE%prhor;q!4 zL~q46DRJBWsAo5*VkO0AvQ14G7>-B2p=HRvemh67xzIrr9u+~jL{>h9ps{?_s;%3$ ziRtO>2h&e4Xtg@1Mgl^ga{jf$*k1~ML}X#)a>P_kIW`!9zH4l~h8j*mJM8=lVhzSo#)T9MnF!1O?Gy zF@n#$4NLLPYh6o7`PbUcENAD_x{}h;J@CwY24RMoqpmQmJVwF{%B2|NJx)tXhMx^P zdJ~PJY23i=-Vm8IvjgLCF3GKjv2N z$6!iQH6z6>aq3jhCpi&~6GRkJj8|S#q;A_@3NaG3KWyo;va*!uGsA`+BRfE3+K9bb zdl_^-uhDi2XbW2Kr#tzTmzRIVLm?YYV0Q>^Sqqx+gn^u|$K8d{a1UFxI2CurpR_Xt z-am2TL^dvHotp?Qh63M6rUxhls)~t;1)s!JVX}(Q28bfvv^@~6yeH^T)|&tq!1(7N zv)SZj7yL>>MaKOLk2NK7YOlOK(^)su=|J4unAgJv{=18GI7YjK zrz1Lx1>koTo~~plYHakya>CiN6NUDd8V|F`SXuEvDJ;hqpn&IAOk$Og-At%kM=Lxf zUG21%wWG{mt5}k@G3P8xH>kgZdV)2M&^EU1*tKKF!(z>+sQU8VrAThX{Te@8?FL9F z4Y-R~F^}pEbPzM{?Gy=AvhZ+rJbt&UcvVPY@4~4El*Q;wtLx#agHU`E!f!_tD`$6FBqK=aeUaKKyc!?~Wjl&*g9ZtuLiX4(3TUE5b#-HbJvbyOI0Ix>^uO5&+_GZc z{ovKn*NP9uA8`zdhjp?Ws`F*|7FN_f{5$G8J9A$+DI@m!p>aq44o3t5bGWxYiY(w+ zy6zGU#Sf>zVYs(C;@LAAZoTy&16DX)cZ4`Z`rGZ*hEKH|c8L<`a%be_x8cHj(I9|g zg?QghEc(x+xMkK3Hj;cOVvLN8+dk^ytiA>|e-HpM{FeiZNL$281}7Ey!n#LOfWep1 zx)cR?k01z5LYAbW6@tc#&8VOw(Iko@Rk8{w@=+m7!}MkKpWRKmBVOF-lcquzsQbQqiXt7<`lq-Nn$c7cMs-&?o zqj>^|btQO*G&qllHEBqjG=L$Kj>GdQ@J0tJ&Gc7*Z}?$rReSapR@y zgG?w4^E{yu+8;IyrSxr*hA4UvN@K-Pz)r3Qm)VNpP(kZQBt|4BC!c6F#X*ES^@7AV z!TpH)0yv#$(B3|!nr-_!Kp2Xr2zyR`C<@%3)}m(SsfJj4>|s(ALWNvGA9XJJww@tT z3Ka$piwifiZVI^39=ZSO!C|z2Iudl_%wyjbR}0;`%Xf9pkL?h&I=E^hy=Lz|k7QIy z;mWG9Ezu(=w`%my39)zYrzv?W>doeRH!HoAAHl>C-%(o_D~#K+J%O3HfI1LhPU`3| z!j-Cx57dS-&)NBTOElR+amOoI3C5?VKcm?@b931)eFcpatrc(@mFRFyG;4bxLTn_2 z&YnFtp~s@o<31#Lf0RT}RZhZ`;_c~4#;b_qD4zv>Zq6{GCQa7{Thb1|LZk<;H*3y^uJbz#lbM#pC<){0O74`=EV`6er3#Md1xrcxa z7$R2!BqW2PbsAU(D7w45g@LM{)aaRF3utW1OIR4Ve>AG*5gz-}u(jk2m& zn1yppO$}8bQ$?>{-Nl99=|gdxFq-4{_V#k38WatOogX|{MeZ-!Te#BlKEh%3Es%TA z#ku0!zC(u|BDQX!qAEqv+W=N^cptPJ3VMDsv>scD9=(eS|Py}BO;jzvc7Yi1G> z3PO(rbaZ&atxt&)F6#yzG*VV`i5ZXp<5){nf%PIHB4};#z3cPmGU%@4pfTSCJ4Y8R zcG&ulf&Qp3hWhxtMpH~lLqld*KS-Iu!StJbRlfPCAO*MygD}@KGP0qUsttwJ`yj&; z5Q&J)OoIV~{E)SriZu_)Jq{CffK|C))J5d8Xp)lJ=sU7Fk%C6xJIGolO*}Ngr}n^; zrjNHr54C$?RzvGzP)?NpP!B3y=)EfX+T;`;)YLY(S<=~Djsf5gEUkNbid5|c| ztlJ%#LnPlD^J!$4VV7ASx%nb~N*)cwJtu%@^cSgBA=FK4UpQ(H(Wgua0Zcy_9y`rKs8XimHAD z-|0I$dNHO!2+IP}F^inVs)3fYeubHD2zyJ%yY6n>4)90gCV^2&INfwnwaTQIsG7x& zaK8Z#Wl9`yuQfT%fW?r=l>s2tk-nn#V-&=|N;s8|8DZreLWW-f~^;y*0)ZkpJ1U9Jx&K_vZ;y~j`vdx%YMr{IO z>eo+eNp3L~hPjr+EcD%y0NKqzR$E$^AcmF<_A#oUW<>(N{PMn%A zMxgjFd5h+;aqLHE)?-G!Kj6x?_#13<+I{cfFpD}WBj>op5Za{zn z3IFqt{f%nF%`khN#;N!4(W6f=CZm1#bfESlZw;S1teS&ii{}^2gZa%r1-5e0x*-IL zkpH71H5D8f@%|#^eTCz60;ePKU#54y`?1isOBELwCxERv0;oJV1rgI%3&*`uNEAZa>fjfPMn`It9wsm~9G>K>_Hmb!RJl zY zZq5}(F)^qv*x)(cE!8SUD#FT5>r$8kYm`1kwpsU5JeVx5w+8L16vPMPm@Lw;ME z`6{)!8((v+rVie>|Ec-&I;eoluose9o@m3q1ims&_}ZBBT>c!P&dwLk<1Jr5Bp^9C znG+e>8BQ}FpIez)_MXRY& z!>`a(p@JiKnQ?2T8zMt1Z%0iH$R5WUy|m%x$?7)6xQzGnlhf1ePuj`ARg|_gC&oYT z9vZ5`@-9b#HmHw%pjz-4!0l{zdH!1ajS?ihr&j$RYibf+Yt4uCQO{zqz-!oFq(x-K z#FkH95+w~5(9=n)Df@?z56ZITB}h&cql3GPZa{}&?B6|>$blT+v02%-?W_2yS5J>O z+l=<28(uduj5mS2E_f_p7PbPL_6*$n*ZNx_)ycngv!~Py$be;Luz6yBiPp^Q53QS5 zq^gt}aPDCKR51=*GPrBWEWE!s1rB}Vg8__!-*!|jWw@84S|f`YC%O-K?Im{H%~4TN zxG%3>MLab#txM_is0=$)z=LgrRkkYnealZ&bE%GxA#W+hi3iem>87n)Eo&x_(Jq&o zxrrRUBymUgWR`lP?GXgR{w%w%ddRFwNp*WpVq9FDdMi*24+SU$4rw0T2lHeA9!zxA z!P!P27q{MM4eaoxUXM}VNR7SiWpLc@t;(K z`e!GcW`Ag_f?-xD2Uhg~$%K`G^qOLFZ3hMLS@zJAPob@_IxZO}Wl6nvnUBlJtjA4c zv6(|U?U=vgXF);166D1DD9Dk?o7D-oJMK5gJ`|E@SciaZO3+j%Eicvpz+fSrfQq56 zEiM+RCw=y;K04|Uj<)orA0Ya6N0cV{U(W+lCd5HRz4CYexS2L#aE-*ETsxl`qqM^AZZ(eSNT)!Pri`xLpAj-DQwL^C|f_s?Sc#Pcgx;=%yN zy|C=>10IFV_7O>H$l=25R{r`mCwgm;R10KY1%l<0)$7;4Zfc@-^kq@nPHPFG01L*Z z@m8Wr#v?=+>g%i^$njJ@b$6fV%;W!&l+Cbf*I5e-u4Ca|EjZ}Uo;$Y*+&m~%>bORg z=>kh5G;KJ0_AJT8jcensG$-$Y;jhdv z1I6J<;Qy5j>_7yEIV{-4terzzoQA-UG6TRU>mfoDU$z$PwwdD3bNhBH8P%1<3s_s*#G-VVVpp`|s(F z4;f%eCc(AjS{oH>1J&T(KZYQ4=Y$fdDRQDb`AMgVsv9!n`Pik4v#4bt3J799VWL6F z-u^8Ctki@JpHMgOzMElO&lb?+I4gn3ceAs*qdwKQ9P=H|y##PGgV7tV{^RK9+njI5 zjiCuEaZ;>6_x5F|B?~~4MufzHjshXn@1l0o66z%SmKKq=mYl-^MQGks3&Q0!Jk0BS ztCt{IDFr)i@IHDos?b=|Sq~hD()`ef47wi8vW<=wqA@xPIx1`jC|u!zawAP1S{%KM z2M(-q#4O!=NZY$Ve^yNH0AWs2zU?kf$p1Fc)4w6G8w+1jO6nPI1cvcYBZt`LO6m;B zLHGEG5iz0@Y7Yt{2244TBE`1?bK1425dz01Zf0gy9G{Nh0a*BHbhH*%PG&DAT@S{U z>fiubQOH4nBa(NteQ<}~MFE6FMrAl7_oJBsCZ9wds%BaXK>7i+MuT?j1Un{jmp5cr zBS~@0zq1IA55yWcL=T8T=men-Nu>;t1>B`JQg}?f&DWe~3K za0Uhyu)_L)`H|0`n}4l2LM8%gW$oF!m-hn5JAm?odTBeb2T)Gyfouy~oh4hfiVST# zL2U_ZGU@&Se)DjE49d4dQQ5PJfuRN;AIrH7K2#F?vvYF=hu#{xie7T0;O!aH#xZjV zpsEk~VUYn(DwOm5x&zzUQBP0LkZ@f&dsCSQX+DX`Wb5M^tAJeX(6Wj?MCQ){BNln$ zKQgSf)-PVCOxB%;!Fa7m;j$)%I;UNJw{pkHcc@LzgzDJ$u5>#azcDCZ9q~T%5`$ADzmo zKmlT;>4F?%6Cw~gbkm}|3aCoZcJvK|2{MRzfbq-^ETXk2;| ztDXrFE(Pg1BM*-c6j2muVk2WdYcL=xCkj14rd(@G!LlKH4ok<&&+mS{K_p}tg6v)M zxVC-_!{EoqC@HW2cLL%LP3!5dVgC=b=glb8NxlT~okW4284|=hS}#33HfD8PXCZN! z@Cy_C9GCJdup8eX>1; zJk4RPni7wBS$c6hX{w*|2I4jqdtP{yZB25fjF9$ z+U?RoazY-SmIiexWKI|7(+W8^=eV#b@VIWHy7hB=!I$yN1Fh5xW~&4b9Zyi%v}I|C z5MfJ61seK~okUBU7_<+GX!wVX_6d44T6Hp-(=@5*!;kjT8Uz$Y3X2fq-iHPHc^#O3l@B7BV*&*F9 zz?_Jfj%E~vklX{T=SZzBn_gM~zz-h81N7f@x~c(nH3`erBnjgUIgSfK`kB)S@vx<|4Yu&u9uQ+OhR zVQU}E(7z2S8VRgP*Q4mk&;NRP4v9gARZ^>OUl`QBlU^!+i~gW z3-KviqbvFh{ZdpoZ-(lK4V#Qo6sWv^t_vK5uS>)-XL;VvL5K1L)s3ghqqnn~_n)?( z6ENPf!`=PwUn!>vJ(oh}3FqyiqGPiYr_c(bIL6TN+i-VzI9*8MA1}bJHTjG7M8GCG zDN>Uh#0iFfMK`g;llNgR3W_-So@a1ykm7xUYE!Xf6-T0~>Zw!F$`V@_L=#Hirw2rM z%WvGiuKz*Doo^?eMR@y2MlADmcZa;QcdvyyRxkUM<(b)eW$+c{plY%)-w8Zr7nUY+ zc!-nGDkCBq*Q@816yF73wt3sOdl0Ju*D#E_sJ`;=U@KO|xHvD3_yCG_zxNs>XvLal zW?Ys2|7NuKT^E9McHLca_xNG}VO)N_`VRwuQjkHT`CjuJh0(p2JSiFOXgEB_aR&x| zWb+v=2r26`ZK1@xxT=KmcWJJqwsAHBQE^2#w)CU zc@O?vNz8V_p->=g@|`L2*AV1%3%Pl-NXNqJ(Yw6Kw$GwXb9Dv(WXGo!%+0MRHg7%@ z%F9a?zuonvH9dp)>%o@P)FOk|T|+|y2Y-KFT`!Xii=z#1a$MJc;(8O=*ZVfvZ`G2} z3Wwxz(pYdj|W8 zTiEbbUbI`Z8vh^YGTQoM?{%4rD9x^Jn;U71oSRhCL_z za-P2N@$oHv9#604x^n17_Jz*&g08TR#P1(3VmCzYKV4h(dFHjt7s>ph(0l8?6h0Pv zQ7RXkV!soeGm@7aSvA{GczM~K;n~<(EbBf!KyT*3ysd}sPO)et{>LWXzjcA7Nz3r# zn|jIERdK%e!j~m8hT2+rab2-0vMZF~aA#uola}7@{c~9A^cia_de5Oaaq0E89m{5f zy9S_K%hg=7v+M5Z=^3DDyaWL=Jj|%1vwW}n7GJNblXO{@T)YYIwJ#NfZ*>@c7ry0! zZ|zW8|Fvrkl&8uMez@IjTOXTg+c-9(wT0zuSYH(P;b2)d4ars=PBY6_E8AN04>?@f ze)^TlPAZ>w0=yvcva|UK&x3la%Wrohs@11VE?-d$hI!d4zgu+F>_xqm;Qy%nms##0vi2Lb@ zw{HD3DHxJrrK>A#<<&d3&tcT0Bi(BY*_1w^rFz;5GOUYhMQbx>?`=7tm3(U1Mq7!D zHJ<{y_;?pASvH&7&vk0#W@iJ~1BU{NtzW6`)x-KXAe0^!7YnX<&g4>gX*wf9+gaWr z>g?tDFZbzSnsArUz>$)Tp$qAnI(oH@IEXJ@L5bW4l7yWIZEmHrG2#WD1-!O3CXwkL6faU^IvrNqePWyZP0Gb z>g}h>s~U27zjUB?L|?0Wm_`TdxBXjh&YP6#uq4$4?O}5xIue8mVm@$njWlVc#<+9)BJCwZL7PFYvnH+L z5~hRfYb*Nocw&juY%ittVHOvTeX_~?lgm?f1W>*FDQ3Cd(u2OICwa9*x^eAShSvJp zEE}gWG{80Fi@*`*d^$8eqp+{0mwhi)S>|{B)k2>JXvkuNgTPz;jP&!pa+Wu5{n$2R z(yVAAJxWo|9>p(s=R!qAO+)tSxSmhh9*mXcvS4%lnA$Mv zg@EPk9C6E*D{xda;q%xk4@IfUpB|~KihlH>;$w^P-MHF{OcfSu2a>cCWb}!Vi!Y%% z$W2C!S$67>@eLb6K_{%*lc-A~M{3g{I!^7*%lpT^a|ks4SQn-pSRc}L z_S>b3o{cG=O7#QnELu%RTa(=`#PCL)%fvV~3PAZMGmdFK38Hh$Kc>etn;>en5?(MX(TJIS+IKJf60UQ&Cr?~-~_vw6Axu#Xk{@Llikf2n~MPt6b7ZS%x>Wpq| zJZ$lmvi610=T9+i{htQszpC(sxY$-KuzWP@A>`RWM=TX=iIu}@xyvBO2))P65*8h-M%KQ%ub}pUe8_$con#aduDXv)nslzN=q=vR`Xu?*S>H~93d6LC zxs-z|6IJRad;-rKe*Zjs=%s*tRsCUtKBP<N+ZL4mtmLs z8f@85G32qWkKgVrGCZ&i+3M@Vzdu`rN{#;c?VdviaJs(D2%4LdshMpZ7n2HXsQWND zG9-7UH8f+9b6v?^W|R5nzE@JlD?W!9yPY+&^05$bSP(|Sf!cRcRes{SAieOwfHJ4< z+9xul9HO?ArZ0Dtc|1sZdFR%A*MnVMrPP(puud_b`hJDis7^5Ry%qnVfFOs9)wTyB7y={mOE{j7JKUHS5WJ5y zdpgEMn7Xc_Mkwybo$^n3J~V~5HX70YSU~@@;4ng~{`I1?Vw~Hu%%QdDwu>YJ)n#|} z+%E&GnPPE%BX0YqjtH#sm@GcuAK)w6pmq86i;*wv4*5zlRH;$T;)=F z`(Yx+F3##gp7w1!c{1tc&CZubbn55%GsxOzG0<_EpIY4-+a02R zX>CjY6txZU3-q?qh85v41Sj@}ayWS1_l~*p3+Ky9b+)-U^Dl|;*!aR-9k$v?G{38< zUqd7oq{)_6%Qxpx{`jiAZR6FBNtWt)+$cNE z9=;RaA@gl&XBNJ6%PLsSd|kFH?2~`eCH35qFYT&7xV$T0%J?1<9%ElI*ME%cSNV-W zwWVJN_V=^o^jBx9*y%Lbl*HE0d+Q#MO=BF2#JPr-Pu24;#${JKd(y{NeO0fmy*xCw z3fGC{<3o}d=dY=Hk=oTY=2ou5_xp>ABS$+ZV`A{x;>7+&pS763cF%sGj#W-pLqpQhBj4vY%eMw89_>g^9Jw1*Sux=w|BO9q zi*;WZke2`a-s-}iGrP0+44s4Ol}Fof8d~Bsl)L@L$e!uIrza8Gr+F3oA0Ad)n(Ck) z6VNVR6(L@YTux*ozaWVR+(?+gi1H(Ly+3z&aEEZZdESLOn@gLY$;nk@Xs?{)%eXae zZkaGne~F!)=i6jtP8M}dLBXta+OeBzEcT*Cb!8J@1JZPNYLwTwZTxQ2zwr4?l3;bN zOYyO-9A^Ws*>S~R*?p)*;ElkxD*f`khlYj6(x!KP=BQaZF*AP9ax~WGdLOsfou+}n z$$-lFv6GVhnu`mu)fQ|Hf~#V9`{;2$&MiK4@9vDMa=6^=D6wI%TggK)2KPT1MV$cagZ8GoZY9zBO*;vYTi zd-?fHb^ZpN*LDzWVvgN6oa}qb&v7B**wEQqA?b zXlpAUO>sXLIS~5!rtSJ<94MSN#uL@tT$&9pVyi9LltL{@QXSmc_r(|=Ts6^TYU8-R z#0>k?x0$@5$@>|?*#bp{UH$tc{bz?m3+^$h9sGKfBQR~Yy!+fj$JhH@S0hqcMa=_~ zB4h>sI^u3w{;&!VeK2KX-TmsQ$hBzQv^d$SbHR!k1#=VAs>)PbtJ4>E_R6SS513w* zPA7+++>>95V#SRL^=lh*s(-@+Y}TdmuI}9d429lTQm_|%ll9B4+j@KAjaUw!>AOB= zMpLi*^FBzrXl9NAbKmJ}%bJbVZ4K&%@+f_ZVU!i$t88HN){s^35UTzG0(AQ)db zOz9^UqJvP#sOxL8=(6uDXW9*FHMcS@x1{yhtxr;;Zc$@1O!Q~yeiybn^F;tiwe3vp*U)ofV)W8UtN$GOdwqLwr@m~XF7t*OpeZ>vWfQ*b_x%&z%VR%= zt=xF}zFF-*Fx3+d>#_|L=+DWWGUD_MtT3n~R zITTJ)9&*}$2AP&YW9+Oo7Z;4@dkTzg*8=Dcw|;NtmyP|V+6(cQ3! zl4HeUV!aMTcm3-XbFA`W%X*DM->YYX*_&)+R-ViV8WG-i#DC!ZJ8CPT4>2#rXRcOV zvkxPE3Z;C{Ql+h(J9j|rON^fA2Rlt+^n8fnNW4L z+}2(ww4+AJ^S~F{hPdOmmKF%J9P-3XuENiA z&E}M4ckVpWDA&7tK0>oGHnv*VLo{UBukcbgC&Nvr-ScH9wOSP4OooAC_(frv{h!;L z<7Bk!Ug&SK7RWg9wV7qef|=vXLXx`nO*Qq4!cTWeevX%tA`GB~N#TJ@uMN}s8*+p% z2(IjrTeH>FDo!IwW~<$6{a@+uVg%u_e!otyXf{9U*{XE4S4>JJC$pig)n$V%rOr9c zeW`4<>cJ2ru`#D?QVaZyfw&w4TCUDF06VFUyr<8@F4L(|3;S$x+mv<3g zQkJyH9&MNob7In9|CZa4$j&n{8ULEccVD?-U!HfpjR!aF`X3n=%$OLfw6Q!2Ye%Yi zY$_)%PzArxQfS@LKL71*O;GspyT6ua`K|}zF0t%N7Y!tU*P^JsG#z3Ny{-1%e7uHb z&zVqFI$qX>?5_dtEPQ7+wA9u2O53>E#am17G;VSI8fb@XMvR`7vHMxO_WsPPE)QZR zN10nbG%eI^dXsw%L2uy~3jDpvJT2Brzm$;`kRJ5NGOet;yXstLJA-4q;jEKv^YeGq z?X67{2|g_+Sz3Yo*q@|*+1b>PbSXejEvp<>tWSpNi~Bk^q?l8(`KU|ZWf7l1L2dr3 zKweADKsj2T)gKa;b#56|c^tA~p9KGm%;;RAaQ|HY)8mqTw}2m=MRX75iZ;AF6VM^# zqc|_9n|H$_qQn2D16N?_uWgo_xpCLj$dYrTE|*B!Q$=oNQ7L0y8TQKI7iZ2fF;z8W z+L+{(zqheYxJPI^b&~r0^^%k2&a?e||GRZH&j$m}aYc{Bn;(;?O&t!>>Z-;z8G~N= zaxmBSp!P&%y<%xFOGEbY+iuMKlIQX0+TOoiSZa}2Qx=$}E0h?EQV>-NyeqQ0#QcB> zme=Fm18=idtpe-p+iO zYWelX)EllMk&LqXzpg%?&;R%R9mmh{9M93?;qJcA>$=YK{eHb) z<8Z)kc2?DjvyXZ%?#=xWo#)o;>Hq1m)#YuT{IYkGB{Axp^*oedo(Ko%EN9XDXLFz3 zuJQD`@crn~bSS8s`aeB{?TI5#trn-~Bkw$Keepsq;LlujOsk!+E`7=SI-SV6+Vt+q z{H|+83t@V%$DVDtOPBAKDP%6}%qc9nhYda?a(~M^<|&^Yn+7dhx4irmemwGyU(31h zZMYfjbtESW3R(|8$7!-d*va%>Tl2m{I`%q+ea8Gncfjyz^Z!4sIuloIO%(0w(%=LK zcY;nC4(I`z;^!(3Q&$}dXmn3kr`j(yjPGbE4P4I?bUga*Z^D0ufv=J;)}umoP4e?+5oZyFGgtI79?d1%wKQor zdjdX8d7j5IHCssGal~}u!F~hYqkq)&vnQ035AGFbxyZtxH`Ounv1xjj+UA5e4TqWA zQwuv6@&;&aBtDfcpYo#EEt+gR)KMislm%$A;{C$;P)hFl@_LSAOCvMY3@^j}JGPgG zc!UzWW!@C31fyvTmH*E$ka%oEwjVy6bR6yKyEPMgzo|tl)mWlNr3k8vKK+j0yGxri ztD3jsZp4I(b2Vz6g{!w;BCf7f)?#W(o@$RUPHb`AE1e1FMzzxO*#bhJrTv({NgIT- z%#BL|lrEb$hr8aJ&NWHx&$L@O0J7+}CXEYk9t{txsoDn>tF?5Xf#YdP#R@bQm#}uf zw+WH?dhKP{C-nsFC-2_XAI;EbV($A3B-P*yd!G5@dxEqZU1b+TmYu>57hkmJ#Vi{` z?O+Vur)g`xK%oKq5cUXye!%}ok*RFYCbSIKmLsh0<(miMUjM(>`g>KWOs5;S-^fAD z*!1s1apQOH7z?A8(>x$V>-K17v9AxEOA>b7S84BJmXqSUdVejZ84S$CyM=vJ?o6n+ zPycquU>_#%ba27~gtV20CIPHsn<|)2PX#-7XU)_2btb#R=%Z&bzA<#Mx0xSdAa zBb)_Ny8Zk2Z^m!Il8_@>SwZ24dK;+C`|PefuWob7jP#d7Z!+JTF)+<$Ok!S|J?CZi zTR(Rn)GfRM0%^4)Alr@S_E;V2$hADS8^SRV%Adx>fL+H6{)Y!h=$AmPl$Mb(?ae2Y zu4CPrE)X4H5MB=!LTy9CK9JckvhMBcqk0SL?^ujLF{a~)L?YyCNg%}gkI7VJh@SEC zoY7d*j(qq~Lj3;>>-dAi{i)1-cZ`0rEb8KnRh@I@5Es`kd&zK-GSAVlu#Vww^1{0# z8Z}+LWIOcF^MB1JYJ7>aV?SogKbj;86jETep@% z$>JV_{29&|U*Kj)kd}~!)z@<{0CXwP|F_c8)|lmVi?y5O?1UsA%o>Q05aAsH{>aG4 z<(%17oXs!#UdX?6Ot&Vzahy;+ZiIWX`yVqJ&osVXKS4ni|J2GH+XScIcDNu{k5FbhS=t|TWRwHo^P4^ zXs^D{{GkzQRiu^+4D}EgFVH{?4wDxwHCF1plyq|JElqu7bb0L0|F{7DR132~ZDxW8 zD#i#EY{-)rDi=oXyy=>`tvA(H)stgeR=M$WVOQzalU5z9!kR4117B!0Uu8d0J6?^C z=P&4jV3gjB;Ux@@wBFsI`SgkDSIl8i(GbLg(eK*z32XRsZZ0W!nw(u??r&GoudD-8 zB{YM})T^blTwC8Jc^n#kLT*(MoS^;Y4aXtfqp5jKpPs%69aBsEdgDf_!&S9QM;i4Q zoG#ry?WjuEWfJ1P`^NaX7uQ+C8=N;H$Yz@zT>fyz49rLWeBtEteD%+U&Oa*U z{+;8WLN;ekF7;~Q(5vE|C&Lm)YM$AD_fueH5RQ*^-ppQc_bx zA|tye7rB_MCX2wzSBa6{R&X^V@Jr;`3l~n`y?X+hC2BXfRmXG<1A`zuG#n5>s9tus zmzonQ^-zFaxO!xj)eM5FA~PK7kN^Ld!6APiS#(p| zS^n@58%LotGpiIA*=76=v3);(H}8tpHQ z$pbQNu{FbX0l_Q3JbwQ=Zgr<=_g@;ERNZPC20^h;yf^nL79CG5h%9SWzV1B!+w|GF zef*74&2Sy?JL&%`C&FvI|M`4K-bk*$sS9)?X&9XZsZqsOy)p$EC*<9h%H>$pc-ivZQ55-k@7=iDYS08 z6LfE|oUFIl<#MA&4rs$WK;N1SCdeN4a+fRxOV6oPc?>L#q&{F&(x5KzEs_|DGV(gA z&OuM_;JDH)_z6l@Tfw#A5CggjQjH9Gd6(#zk%PxO8>5}ta@JbzdJEy0XqHIU~;o2JGu}$M! z^kxq&g2Tqh%$(~gbKro|5F7MK5_i|~CF|A9n!%ZWj9lUb7l=)jV9;)srX}Fx#AC6TST z4eaGpFkvygp3vKvh8qxaE#-imckik|qU@ngym{lsF!tXA!q%&0-)sxmVa-|r))UuG z(@EwXD5@JJLk&Ez1-v}ZBc~m`X>8{<+mw{ssqs5g7A>s1?CzfUZGG$B!#_G_6%;HD zTcRH-`KoJZ3}JsIc|d?)`Q?k+&EO&vhRq$wi8Ay{9>I55 zOGl@&riK!t*9Q?C@~BY4^fUqvbL>#mRGJjsyK?lzZfR2U%Ac+JiRaaXZ^a~sNft&; zZkzp{QBTOiaRL$Pwx|pr+;o;eheF5j3L9`3x4cJ|2ow$1z=NjqQ-D`TSZ*qogM%;R zQ`YdjgPdI~?RPSBd3iC-P5-v1&Rx$^e{=Fxwr$I#TvT_HDU{_2;W~IQxoxV>-VPBV zlE^h<3}o>C$cj=0AH&eXqW4E+PL3FQMG^_NJ*VJ&0W$~2jDw-d^b8DML|*2Q770vC zMeXOq3`rpUih>aIeIm!bDhU*4BE|1VPaZ9H?^|{j`udz!{l#5BR;74&;+sZoFNxv^ zOLfq@e_B_2FiR(n34FWh)AV3h&6@7y{-v*&R}x8_meI?YV@`1s5%FKgyk!^bDIn=tbK-gWsW4MkX3nDfGC#oKGY zZ-Xer&mN1G3n%1(wk)pW$F+x8ckkYvaB3#t@#DuLP(;IEXor}Xm}TGvW#wylARd0d zsLy=EIY*NeGc&Z=c)x)Y@Y~LmKpf^r4j;asoP3Z}-ml-uvZ&VxJN%!JTfK^lBSBA4 z0~O#L{?iz;{+5o88ngmgMCNih9yJ9sE-W(Qs*V24kKuSzZqz1NgchA7$l#?R3Hl9@ z;~dPsso*1_2z>*gEW}o7mT$`wpRxa?!m`(lti12%u9{}9ycC_5HQSdQeK`vW(JdbWOabi*>ZLvMA2i=P*AhYdtrh?;S7(sI18Mu89d5j0QSbWvp0UK3h&UJ z-Ps>@Z+Tm*lK8UTbM4>9L^Z}-2BaCc-(+CO>3DSrY$KhLaTGih6kf-^fuXfpdPZIl z3!%zCdN&h&Mn!kG&QN}2B%8_2n}^snFJ1CPde9;EMCIC&5I?_dL}-A`Rae&)_eN%H z$DBt?EYq^AJ{VrTYe62fylhm9bylwo#EBgp@%;HNh@^bbGG1#B z1TFJ3u#&{-StYE6Uq+95pJ)nX$S+Dy8G z_=F@pH%K?2gL52aArF2y`PE(Q$_TA?cQ!j;hI$P=JEXY1}Wm0_~rU%$jC{P zSZ73nhD1g6OfEuo>1}?s?5^GrtCW-!#P$XW-6UB9gFWyUsRV0;F|ZL^p0BTBl<~7| zqq^8b>+8>T?TmsX6&sO#6bldKNldH~9>GJTb)c3f%j*JA~Wt~RD zBhGu--F+eJeYvV4<@u$Baw;;JIh6s~JM3R*XBTKb94c88`C3EeZebb6w=+4tpK9~z z-v{^Wjk#QRs3aeJLr(E+djI>UcM8gDx<13!j+*ov+JN1KE-KH-A9JRUr4)K(8+#tS z92^}T0OdDxxk0lSJ^dwfeMyHMf7-Yme(@2ku*1 zW?9G@~{>DxnIA2 zy_`bfe)_ccpbYN8!uz&U^5;dwmoB`n`_Wv?oVFtyk62*)A-c zd5l6I`!qUrC1vIN;o&UkHff%gag=E5>j%OH5X0`H4q^H3tH;3d*{rCjh`LKmsxZ5_ zm>mLsr3)9l)6)f^T^gKpy_fhD{b_4^dprp7Bog`|P%6X0CVpLM-`Thzmcmbqs#<}+Ke`XhLkLH1KoUQR-&;@tfF{d{lQt})x= zaAbrI=<$;$J7H*6+1yN9U0uB#pt0y;c}D;zP3@;oo_TrVu1i0*p?nG5148>H&1aF3 zkB|>SIJRh&xQba=Sa5|On%OOGQcDLu?Qn8pjM-0w-KH0w+t1_5;ksoGFxeSyqz%g={Hh#r4IZ1C`b9qdK35 zc)RZ3_)v0!Ds2IjEU9cc9HKYcv!<9JW*?Scp^ZR z(k+d8!pn2%#~i+GX^gWd>FFxY1smx81Q68J)^Y_k#|A>U#HX$fegFOt&JW^JK8HaG zw;OM$fLM(c5{|mFQ zL1+a!p@Bp#lLga>H#$T%AM|p&@S4c~Cc_5%<=VrNv@~kMfWyq(9L20B^PZbQoHR92 z?X9hb*if9IJZ6${zX0c{K&aaWmW@nMq!9%*GC#!D1&$nHfRN+^z`)1=v17-okuY=d zeC!F1c(?o1btf`qvuW0O|oId0bGWEJ%V`3QsBl#w1zN77QtG(_CqMu zQ+)U5@M+Sm!sCE%)o;cp`ifc!v5t(B$L+Ctra5>^<%D#@`Jch>C>j>L-Pui3GK0{t zDdbBGt#4FlxrlM@{$jN~<49r(+tgPp!;E{h3E#Am<|6GfQ(TkdT&6VynQ}9+tI7>HH%q=wm2}xSardtS< z+MI6b4R>7``Z?3rdX+v)>esP$-Zx3ovnO9t3?_QEln4>cy@P{;f5*bYLJPoPZ}ZX7 z1EtB_NJjp+4(QfRJ^V}K&l@;^>T*_I&(uSI${Rgw$=y zgx)BcjA(uJdLhmGi7-23+{U=?Pitr}5$7uW0Hu*zDd9Xf=w2}od;2?xm%|N0JjDQB zVVLu|HQgN&lYA7tM9~V3YiD=&HMnd@xGo$Z{5NnBfy57&>cBK82&O2T4nL=c&{+2L z>CK1|d<1hlXg^RqZ-e2`N7!fC4)nq{FTSvl4Mrvpii+I)gWA4)*@^Q6nJv{27|}z& z1l_GMR7fq>d(Y#nW){%RrRE9QdQtl4CTJC@vA4jGY+KpdJQbmnAjCx^w!*K?5uy|* z)(CJ8j$TH_#$MPy2`jtbP%?)+d2%1hw%Jm5Mwv`JkP(s&{1Cwb6!Dz+npjm)L53>e zH-7kMyRLObOA8%}Ps_z@{C}APaNBRq4O8H$fTktOVd@GzGzr;_nQjzT{hOuH4(oe% zIT;gHHy(+}%hQejc&KSC6rWP6-y#{Scd_zFX}^g2;m&JDTt8l^zx4dIv~#6ci_I~H zt_em&bI1rBMgUedav|yNtxHme33z_*Fz_5Tu?+7h_`NE>(Il0Wnhe7wDz5PQpI^=i zzr;S;ok46wt;xkwziWOT3EnPYdNbHd=E{Qw4Yv!=nL;C+R*LI>y>WJ^vKVN;7&XoR zpNef{#BShVd3rz;1gEGiE~%<|;EJOoc!`VA)YLS$xJal+i_A56r8kzJ+Uj02P5wQ; z`Lw6&>AJc)#=z{iZ_PS5QLpNSsteT=g=cV&t8m}t6y1bw*?rWZBfDtUG^f36Hc39dMEH zM0dlCzM-+5Xm#*Xgw|YqT^go+#G7KcDD4Sesu5C(mfa&#zq_m>A_?YB-Y{pr1|z8p zCzqF(72!8f9keG15>U8-P@g$-#_|L$(NA^aF3X0>3kPr9+qXLj2chxi*v!`OIQ&od zi>_{!RlU?f?2A-^#dXz4w1JRCue7)Tq3ApP`cA($~;9H`d~5mVTNgG%Rcw^y_r} zvgL(=+=mK0c=jvX+m}jbbz75Pzg8Gxy?*~s-KK`nZ7F%DpT|j`G)Jdq*0a%b+p>JiI7r`^6P`LJSe6CFqk)X83z< zs1d;420ICI%g@8okY*Mm5p3DJm&_3E57_wRjf{re#gJOgwRbNChCYE_U(N6{yig%AF841Bo;tv_RpL<1W5;kg%xr7M0xk_)<&J&*~v<>!C^sc zCvV=ofqU16yRrM7JA~zyoKW}(As?T0)oo72!w&-sG7`?cg4x2SPZ`bxaR#6|hJrcg z4?A{=5L-k7(CyiS?AOCUbI@B3&yUr23xRZ`F7n|sXY3A6F6WKUz0wIaI@_r|G^wbG zE9y~lnvbebS6h3i?C-iTX%MD`6?p&X(FT7t=Umn1oBzlnt4aso>wjA-X>Q=}M!2T{ z7WtB^_Ho`ll7Y5<3S$M=Lbgtwq4tjIS|6Z)-|?jLP`;K{+81`2f8X|OlWDXnOabUb zbOv9)zN1LJbpCl<5!@9kMeB-Vk@Ks7;zP}0T~AJq48=${yRo5R%kc6w+_%vcX`Fqx z$3wCu4&P;T4A@pR{?O?6?cauXMB->~tT>|t6Kq&$`+9R3fU*8g8%bIKk?udftGqt* zWtit-L#rEm9`7gf6f!}M*b5wqIU^iyi<6s4wav}G>im|DA6_LS?0<9qdHlRS5F(NX zTz&iVcuBBreAT8hx@F52=gH(mqPHWwI53a7&~ePVpPF=G=+5a6*F<3i@&HQHm*}wJ z9axT*+GeU<5Z-= zTN_d4;s=#3UM#bQ(}WX=1PLTm&3TosXlj!z;W2Xx7Jvv|n1fyGND(}t;Sc%Sx+TQstKYfTZ^CG>Cp3dS9xzi?Wd+{>{kd+M-24pg*smJ6cS#zD@m~PV#$_S|+1K?!6 z=n8~JrDQxDXrjJf)G@uQR~Z9g9^eVw364Oz9G5XVKn2DnEqyigFc}HxjD`d+f_26m z@bT@vb6#?%G4(PYprpH(x2eavzjEoZKyM12BgHO~MUe~DE4^sZzM6A$YAx=|y#RDI%+C)_1V|8BTlEpcV)$TT1lE#`myqUYeCL3o~==MlUXJaMRqJ(Lj9 z56=x%b>`pR%PgQp3Q=lZ7M?uriccUMd+$5yi4BTeW5Gg@|pIe?6VLuIQjSSI3NTv z`0pHriP}Npf8(#Gr=#`6v#MmHwfqN2+7 zq^a0KzyWneEzwE=AC`7>3(4(w&8TxHDd>GIQ9PJ3U%^3wwJG7vp`@bXgMJ3PA|(c2 z&Tejp*2zrH0bCKiJ*)sPH3p(QBdj`bX3Fu0UV}hg#m~R} z&6`KoYg|0>l;>_+3UVHIruN&PaDTjvnbjk2CF$gO!H`cPs{oC2e?E6VXYrW&XVqK< z-AOKS2SlgjxHe+XZDX*=8G|vw_L~13p;wX@;kUO#S63GpN}l8yo{&M<$;n}x!Gw@0 z!)2tJ=Ep#p!H|TouyAKr*FgdYD2+J{HXw`nnb z(OloWlm1fT>pSE@4+}X9uJ$kmGmAMItY1ZCa8UTSDgbb%B8(?oti`mpoh|fsKC%k#_8QG=-V^&`~lR-nHW>BOK-KG zdNVz5@0-XsN=bXl#4-TRrh5ptSfzcHFyNzOWPCk633RQdH$A;-FJ;h>&QCqLU*CTJ z8LaY*+;&i~#F>eO%3nQZc`-}Q=JK#YYzE4(w-fKX!@hT$-@`Nlk0etd6=ESx`(Pb* zNV+i}2n*4(VAyo&>Q(AL1Eq?gpG*!22w)z_xMSk>XJ8DrH94+@tOI>Lxf1-4} zb?X3dI`rAFv0*d>+^OuK-iYf3h*78H?(m0gB$^uSV?L|9gGQyD=i(|eX5jaVc?K~Y z%CTDq4jWmW0%{03E)y{&%{KN`w!<4!5=F!GLfT~~L8^H2bh8N`jyNvTSp_-ur@HKf zDHD=9C8VUpqjTXb6|ETY?p2&i-Ihx4E#+V9A8>r_lWURe8u>kHkbrs@BahG37&5bOnXOQP!muI5TNU&TtKdH2=ja zIVisihUQxf6sdL;T%7KwiKX3@G@iotqa-vSb69s{y;QK7azWN4kMi4x5wxeZCU2QD zpGQQL*VH6>9WskL+}E3)mWE7iom)*Xc7yShdS{#x@6#bP{zTe6;iNz~7!yb@P>qL3 ze%%RY*}sJ0tM}?IR#rpQ@5)Zme3+l4^iS=1ENYb!8>6eH={s=P+B^<7@8n}*tTH(a z`EdX$$YZNrxE}};NYuX#QQ{X97AOBoudK~R^G{AqWn=EN#I%}NoiP(ou|VW}C%X{H zv;Mtxhlbdbdr(Of7P#2sy}!f*+Qa4Gbed-; zHK&BVl^w4xzZGG~k_^_@7rLeI)|-;_;B~0%W!>J!^F~}V#d~)7EAZ5g*#c@}gdx^; zpzvs4f?ys^URqi{@wGfwy!d1=IR*DgyDf8zAJH^K#k|@~#cT){z2N#W{%92_e)V*X zYu8iCgI6VJHSdVu5&6L8Y+0aj$uC?b`m&3@@a{u^xDuCK?X}^rp4#EMIGK=D@1lsz z*pk`Rv@mM6qe&AACp3UOUPFbbTs9D*w6C_Y@iZnPC=a6C@3k_!yStx{JbE^H3qUdj zz38pwC%s&^M;3j%lI!Zv%@ePZ`YZPvH?A#A-1;Xe9dHKK0C5P_si~{m4iZ%rhNnX_ zGl8f}z{Zmm3O7cICox7!&H&F~goqmeYGP<)LjI2|6YwZzNa17erQo8Fqt&ixe?1QV7wDdLz&@@sIDK2 zTK7;FvL|3L8ny9jx`!rO2IY3I{ks>ie0dkOLVO53kr<^>5NIDre?z0A5AcY<+=hZA zf|!=#-^2bK%d)ruEf-GnXzgN)e@%3ho0T2yosJ&!Nlhl^%^Es?k#{lE-d<5%tD4|4 z9ddoxsn0XPfhuq!yeF`BV5UzC#>mkEq=U>@%{|#6NxPk?t#A3J$ZY%xydj70)^nF)_iK%PY%#5wcGwMQ$J z-M%?F<&27k*wqUcj;h0q#(_B=|6g(qT5hvrPb(DU;?Ks6*JBo2rr0u{V| z{kn~ff(_84Zj51s9j&sF~o6%Kv+POU{p3zO}g$>JSkpGqaYx zW_fkLm=|e2lzF+C#_{xtk1l)h-!nbd`k9Qf`t$)Y$FVl&v|_eQTfKpkjE_wFWB8jH zCIjqPe#+Yx*8RH6Ax8eH?}eCZ$P!MRVgykCo=nXokzmJNh246$%IDP$x51na53@FF z{qKzD&wB`$lE$07)%iaHCe3o3)*+SS4|5+`3`7QT5Hvn(6|=W3Q`;vndZM<1v#8pq zs#o@1NxQzpF0aOkU2J{w;l;gQY4`XpX_~5BxIj}1#Ocazz5ouXD>o$zV~^Wy`PUL# zm3xo@Tee=li+&sr80=Hoaqje#=)@t*c{ zgECH#AOLzR6rH*WB$2=40JHzl@NoQsvqPUm%TBxq&YD{$pn~w2eb2p)46W(I*n0!i zCz|?eKYh@e$abH8(3k)8st)h17}c};E0-8ne%tq94T%8}@qiHNE&zwKuK&7`-xN*t zz=!85R`Yq zXc)I_PtKKdD8_-MZsz0T!%F5(Ef`?)%&6{bP;V*TNfx_^?x$mKyCWHn_2rbLBw6Hd zVCN+GM*rs5__jjy!{E50SNw8Lx<+zy->)t@JW_xCwv_W5)g$$oZ&o+9yNzTxRr)FI zyN{>!$^LV5aG9?B@L>}gL4|?4>%thtOx;q8|+xB9oIN5}8&O zru`9IQGs7Mx$)cha&2@prY=dB&gyaSa!B(^jAAd^Lfl(lT4WnTbJAj?S0Y#JVa;?q zU7u>}Ru50Pnl;^={g}tW1Y1p_skN0cNP1qW%1@g7lgVK;dwVEpIa`%#*Y*GW`9s** z5ah?t?s(KB8E8G_meu?e8bj&mFWvk=5LYLjq4WX(PCil--;O(X2biZKl~oT;J!`Gg&o6_|)JV_%^c;EE;N+z(3*P;v%6kt-=ei z+Vb(l-%$QbU0@)zlX-*YZBBJY_E6U0qw03o)2VWEd?GThr(;$wFDECL+JRC>Dl0M! zn~M?XO4~0+eE#~C2-#?8XxKEnKUA40w)gS!rW|dqt=)>j1g1GK6yVS(JwAw>FdUpG z)gysYyxxYr#zsJVPk~08PHIJ?x>id`VJL$cW?>caf8LE?>D1{^AfbG(>g&_%NdQcX zuSiP6D_`?PzN>)0G33+O@4ZsAfZL_$<<+uGg-Zir{^z25eJ%SrFRBkHt$bEDlQ z(eEc3KFPJ5@U@-a)Ogt?wx{y`Ox24YZCCwfFoyn!1DY7>NJvWZ$jETuBrGQ;DkwdD z%72F*DxWQ*@S-#?>TRdlMgF7ftLoIVgBXQZW7`qM;0A6$1Ud%`(+@zLbg9kg=|6j= zi;mt+R@JKQYp&br#u?~Qa=XT-cQ=hA<5Emo>QkkCAXJzwx~i(GQeLqu!?6axM-Gft zx5H3WiW#$m>26`d?#~R*-k+ zIAM68RHckAotJy_`n?`sMcO?zOHp}|7*KG5IxhS|(sz1Sp5*)7wMjO)UoSM)dO=7k zQ8b(6<@P1E+I6jFU

%2$n-MDGZC@m)9WrEnB{bJ z6MGJ;^omn#zlgZA$PQsz2lWk~4`8)lksk#h^t~-Lys%D9+qkym&6(RRf|!hf1u)(J z3tTMa0JqT)#g?*r_a1(%`^dMj2$D%H9a348lYatjRt^AAvXdv_J^Qbws~&%I2Yx#K zV0s;{@&33z=;j|Ue+#*CrC*MT{HN17+)KwqFWK!!J+@1fU_t!%D_RF-QsCHVs`M=P zO~p_OHLEwgTb*vJxn#z7>sXY8B+pB0q!C19>o*sjk~sTjdll~Wrx7#@SU?Vm|CJ_ivhvEC? zX?j-Ht-$}hN01H~9Gkf^dk8C0SDTbn4zf#9m~v>$UJzIhETwEoHJh=?&0^RZeWB|! z*mE9~BgfEo{P%0}?Oi1m`4W$eHU{ado2QrG2eBYiDp`8=>(tqZp^=0T+4g|>?LYF9 zSF*oil61tqxK;n+%_D%537=JT0a}PPB9c$g6butRFaWTh4M&=ZvqB_7EcN9p*VCJA z=J(NY^v!*nzb@-7{H*77Chfu$-;~b{(M0!>Dec?&qpN@cOrRRbNVr3kNF-Q` zRsjnd4d zcarWI7jI?m3=sUOZ=3y5=g8j5IyMO`C!>Ys&~kq^Sko9Pr0dge->z18%%RZkTi};} z!P;=kRuEj(FR(p5#CrMiWpJr-%!%xtK|nXB+}%qmi8z8G$7zr?TAy6XXtFsbdPYBI zxTD*R1Aq0a<1Ubdq`jpv-rF-95R!-gJ?H$XPX`m9 z?Y=**V#C60AKTeT6Xvt!K}A*cs~Lr9B!|DyTy0naxl`)$jarmZ+)B7?zoHOF<{+y z<=}VD@!jp>Mrel67-|pKE^pS7WYu!;co4H@Stgimr=5bMx6qvQ$ zIYF5Ff#)6^)w5LQemgts?=;SmgYkSjhYnf`-{FjfYB0|@b9iB|N=wJ!!Q-*j`?s5^ ziq=-BP_+HG1p4fC{$kqnb|o@x?SmhXpeiJPvsQVA{F-Pi!+&mj4vi~(o&}zzXC%Y& z#shwZtE%g!&KGm-Hm@MFW{{CN|8t=nofqYgzYO6XiiHIgvT3Ew*T2-&W&b(zCa&P( z^7o8f$-*bVb8wGvgTAsGW@i{N5{epZCx+;Jv);Zvh43o4bb5mT$s-~{2V<+DAT}^H zIqt3fq(qbT2<6$U_wV0NMB>mya)zJwyBpjXtqHCY1?`e%t={dqy!}FNcsp0;l$9(`iF#Yhl>7(fUzQ)gN{ zm$*Hs<7V>R7h(>N=LekPC09gVZ|m^9(-w4U_REVGWPkPPXk4~#-IG3zit1q!6?$`# zqemb3`JF8)LLP`r(utB7LiB=-dk2v3$4*Wk%kI1Jw48a@C+1{g!mVsrzPig`)^S?q zoo{$toZDKT+S+O*)0()tjOX{d71su7$1RX)j1}Oic=%)d4Y>R%$kiZd>4*lX0e?Ch zCfY<{j7OO$h>2vzxR*~8;erfC4p0-^*Y`kTtEjAu@7hDcXy1B?PfBVxL5oyYCPGty zd#YZ!(w?>h6Drumb0R+mS4_+IBq$lJE}?B_=e`>aaXaxb82@m0-d8Nx*miYS@@32} zAiUBo=H2PXW>q&OoARL7>py(`oSA#G7w%hTzq@=fQR_PSFYt(hm5`nzqFNt=t$BGq z@9hUJN~ssZs_QZX&B@{|RbR+6mzFfmFN7{GM$o&n<*2oteD{ULPb4|2NM{O&WRpMe zA+eP19F8Xsrn-f^B(qlDuOKvYjK`t|r?Do1|O_ zP+tO%F(}rpt*zx~B|vNM7V>+TblF8_oCj(F@%3+P$&6A*-epa-TQ>Y$tbTG=E=%mN z`f6#}KwWixVl!3bl%-MN@w?Mhg}#!VuQ10KVq#8}US1tNN}ZMWk$O+2V;hMi9D5?@ z!_Kk$()X6rGHK5*EOhHtdBtbfOOX(sJczoS;A~;b)UvB}S5lapU0K|l6DhBoLyW~g`Mp}h|N{{H5Rcs_3W-fe%WTq}d; z2q?uRH=4RFed+0KcE%Y20Rd_wpdhs}X8^WeDayO=W;D5nZ*!xb>jWFF8vVq}7@w_e zi)tY73OqSi&q!-k0ZL!MofxJ6-S7K`IexdQ?4Rn8o1eO38UFcrYdfjPNp^?q!n}ER z2H}HO_%J1fpJdnx)yvs|eQ%CY6%3r?1q0-n{aWO6?~m@}qCI(1kJ}hiHn@*-{FS`7 zO|9T+%i8iPWtD92#^paJsHTG+y5E!KjSK8B7OHHor5owh+dQo&96l1=nfhDsS8m*& znHz7kIupa=3O0c>R{{1ck-X>OBde*byd4QR1VxRIXfQJNc9d|GyX*CHu(L%7E6FiKDX|m>QdPUF>rBVD_8i0bWSVxbG_6u%Ry%dH>%}qqfL3+A_O9^`Ty7 zJx+M%wv4@CKz)*Ho6fa?7lr`~izE6s~Yc(pj{`;LBGi2nh6!foh z^tNFOa-hdEAp$7`*c!R#xOu*q-gY{dHTp%vdjyE@Q0zBhqqZF92At;K*4zhgSqR)} zKIi>W>&{Ppm2WItBWX!q>_6s`5?upN%-p=`|84!woStoDot^n>HEEXxMt$nJkCYVm zH43*4o^jb6Bel!RpSaY$%u(xBSsFl?d>1DdbO9+^*gs^IEGoRbhan=Nsn4t z-g?+a>$|t*j7(p~*>?aVcDNi8*N=>dh=YioLroE^gk0-^z{yE7Z(|B_azgs?u$w;K z+#e(vwGl9TTIbi$@$!o`_4XF`{o8BDqDwuU7v^ru*`+3^2?UlrGWc?2&h$Hp`u2NG z)4S>FKC@51&c)_$!aR~eoub8N=g8AOna#~;{xW9&*S zUzea1fX!zYCQxSb4ke7uF%RX^)nR;C8L0!rEa+k;->~0IjB~u3_yft#3U#?oNyrp@ z-`Zt=yK-ztZb#lfl$Cc%#0i%zI?aoD#-^_BxTu1IX*4uOmbXa9 zJ?@{BS3e%wrX+CC(kZ{>bCjHnsMbd-^+#H4Y=$4pOPyy-9uJDCDcApO_paAsblWT+ z%{~aSC<-b}M!4{FX@_d$U%A6_Fkx&uqeIq%WxvkG?pbNVoF02xbD0w{~h9Kr2O`E6S( zOFiI5Y^N3GwPY45&E?|@)De?Ydpq0Nc2u9qI&%2F(k4drj`+AY%)6MF?nj+`Z<3-Z z4gz(ur3_$gwtuQLvTKLT2UTKlcNfnb*dP(EP)baP#hl*kji7zLyc|E@~Uac)j$RpCmWvGz)1e00fEU(^LN%GP~QiJxfYlt>@RIG)~Q6fDT{eR=_hM2$~Tx zDD54Oz}~MIw50*X)OT(C@DQuGr9wH3_@WEa8J4I$Hc@o4Du4HK?qB(k9^6^TJo2+ zx22*vc_slpiSN+Mh{4Y;_y6EP$^LhD)AQ0Bt5(Dnam91fnig%sRh+zb{`~p(dgSyW zO|~M(Drb$WvL%+bgV%3X^x~MeMCZ`Gy*}klwMp_zcA{bx{U@tt^7#3sOfFuR9-j!D z_3=FwM9eK=l&OO$#u1kHdOqEut?hX2Xo!zGCdE+d2K0R}0JRzfCMXnnLbl=`B889t zP}}OpZ@?SGB)6flQMb z)=W{!)_RN%hF>fU_dxWIfPk#OLt7QlhqoRc)6bKP)Y@0sZR91=^;Mq0P(yYQ>JueJ zt;f+G-SyeQ76b9qYLelKiRALW=0)3ywKxT)f>EoSrxFTWWrKZ{irniW1 z@xuZnv_no$Brd{A~#nV`%uAVl%Q;CYuqTRenknI9~;0hDBK4w4MC{7pycZr!X z5(v3|QEo0X+9ij7hDt`&H@=m$~;)?JPx*pMXO7F_loptFLuaZm;h()X^1f- zcISu>b&0RsgbP>qvz?>o`tbDwR5QMjU-`Jso%56)@yV_K!tv&fhZn=(SBm%zFORv; z9x*ZhMAY#rDgw+^5KMr(_hVE=VV_5y_wjaLnvdT1c?1faX>QIi-b&a(?@?=I_1jQ( zkF#!sd4i7{pyr{${E*)UlQaS)&NTZS95`~F45W775p^c5bY8!a9=^Zq3O*+;0-1SIbjm^7j1rvSQ@d z#{xTdZd;e$6Leyx;l=EqCa0#yQO{>xVw=N>=vOEV;8L-tDrq|~?8AsTUKo`QqdWDG zEiNXT-fd;c(7olt_$p;^NR+1Fh)8SOb(JXQ;=Z>BUEi+6;m2&B#1+wl;$QK-lI^MWo_Aw@_y>*||E&+QJZ_@L!QmrjJKERYcuPNV$=Ic7 z{tKDDgTsxuS2A|Z2G`8BOhQk@7I>2F$+P@u;>2PWJ0y1V-s9l##(IsTv{Z*^#U=D&qWa>=+_pf-7opfjC6pEBwKCR^(3ftru4tl$2> zPB?h9UkO{VF!aCat}AUZY4kc#w}2w^ns?2!xqIq4rb~RS$=6$M5b^cxwqAloi z)YedGuVS~Zu13WzyfrM}1qS#A!Q(5r2PBMjR>fZ?@Nr^76$W00AK(v7Wsfq1%)wK^ z2V5#+WQJ~g#fV=_(f``bEHK*|<~^;GEyxpTob4nL9-*LKUE(`)*+9{^-9hkYR`&RD z-Q6plJw|b>CXEBza7kVEeHZ$Fu9gDRE!~bs?|;5Zabs;$(Ny#mI=1-z+U1~Tsoebn zf?m4MpMSVQ-^lil)|xl{dV^pVD(Tr>9Sh!+j>h@6=z9k3WfgdQL}0DEavDQM38%qem<2 zYUgJEK2Ex6q2OkINU|-}Ke_Y+Jzhp#C>lm$7aVAZP3>m&D?%-Sr?g2wQFJOw*L9$M zX*)4t^lpU9HIOFt^=eUOATQtGwa^7Y{)~-}gOi;1|MOY?Dg$`ZS&sD?sQKTmq~K83 z*mxZjC7ib5`6Zwc5IM@CL6Z|tLPF$V8-?~VNu6Jvp9y<5p^CAvc$}RriZIbi(8L%R zo=$RR{P&h5-`;EhzTvCXRDUQ6B_$7%sDE%H{fbarSO62Ws-YpR(D#2o9lv#3A=Ur>Cj?B&cX|=|i&WT`si~_G ziu?Ze7pTkpfB%j;d@C@51i_j7|3}@I_*1#IZ7;Q(B=)YP6q;lvg(8%sGGv~|5E(LL zNaiLANns^J#>`XZnI;LDN#>F%vdm=4ciin~zwh&W@B94$pWm;&w>E3t>%On+I?wYs zkK;I_ak+!!EG>*Y7g@@4p)i9ukOhZjN-4|7^pXKd!7E`=6KgZx`wN zN6+uw^v{d`^PB&=5v}ao9T@)m$N$HFDaBoE)ce1F=ik3Q=YLSb>HqT!SZWg^{cj&Z zi67Q6qzG|$?J*f89LQjsNR|IxBhr^gv@_x!k-- zx;XN$+cy2_eJd9w@JTxP_v@=%xn}#h-w8Z-S@nz zJ+$@NHhtm`{r$nrqJtEmP3(nT7bbRM^KAHn_FFt;@M_bdI5yoczbZTIrPe3$hVu6t zJz%>}tcci+EoK53orv*b?_kacIcp5Y0ud9Af!`~`zGalzh}`kgaJ_-s)CLm97QXN5 z(&_kAWPcTM7%GC30udnH4?fJj1icu3JaQPBhwEetb)9bKVY)&D%gM+JE&$Bh1rI1R;^HNdSH=(nT7;Wg@my+^x)TP)E(li zK;MPv5Rt@JCf~|TRFtZ9vkV}dqjz`IqBTi|G4!7&`g`l0+eXjGSObn+A&An+R^TDO zN9$`zRsO7{0As6#;F&B=HuQ{Z@~6S{8-!w*O<1_-vk=Jr#2{%X0#Hx7=1LG}Mt{~K zx>8ytH+WD?R^~fWxQ3B`Eyr6s|&)+yB01lI=mZw#iNwu$Xi+5pS5F(Qz;Wpfla z%#prgAYi+T98&5n4H!R>18F(51m`g~BE|Rt@r0A2ac_K}^x|09wryKhZth`Na^1?g z+HefgEDz|8H|c-ChY)2QKzI!R4_0#VxuL14cSeS_*E}69?GX4X4v-ycejtY65tP%2O1?L?s^5s^U(8*+(P!K%D$@sG)g z2}LGWVeQHO=|0zsmOoTC;D6GQ04+FhO|D2K3o8f@Dc!r%U}(JG z%2!I-8R3ZrNW1JBUxc!2HWUMVhSpuFa1_!sDoDO5- z;|l;ES+nRgU`2=t@1VDc`VSJMAng8TbRiRk*bm}OM6D>jWwj{ysT!M_3?VtC*>@7m zrycN~f+j!(RvLrow!(%ffWg2mtF;^(?*%s-4<4+=-f8UGG9}zm_R1WoOuWe3#Qr?_adr zYJRW@vW3vq8yL;hZJrhkGwLe&+-iI>k!o*=bujr9BH~751kYU$wo7P~n@ed~t{C z8LP=~qgBHJBZ`SpbgJwZ+e~V&aoM22ptq4DceZ|H3=bEx^HjL|wt(_yrZRb~jOUW3 zwzr*bRf$kWS`3ndn=(*%gzToqal!~>u(GRbZyttaVK^N+FaDW<%sY0d^hn;kBIYvt zs;8%{_`Z@c4`!dkL(u5jHMsz0u@u*nf_Kn*!|qjUc7oRgPGA$zj@6ngkcN#0g@jar zQAmt^3_dHNXlq^h`t@x}PswrP_cR~tSUlv3?R0Y=a~Vwleq1K#@#9z6!NJS!OS6W+ zWr!ipIM|WlDd4-`!=a1p6V*?;LiwJgnlifkhCluG?L<$HbSX@L*tdx|W=BRx`@ej7 zrDIc8iFP5%m`j2Is>De%=!g>$rx^(jIY#du`~?{osS&bI;@pfMhb5Hk_%LXYVEd3J zG2eF8GWErl0~X!@gn|~FE-s<<8gbgQJnX{kPcfgW{k*bLSNraAm+aFt`oQ$XRC{Aw zK%~)a&+nc=^1VKZ-!fKLb~EbZf4$-pznxJ+H)U-0bA46YyEhTTV_ob1418Mu=z;Gh zBOx#E9rk=XNPHKTWwsO%2WafjcZ^s@08*!bWtzZvVdgTpf7zT}6)3Kmv5=}-T6R3Y zulsz&ydMJ@v5jhbJaEfvJO^X}Hm;6>UFiHL-Oi%p2j(;uJOnKr!xrz7U>-b3jR zs$oik5;bv04$=P(jf>DZN-HRAdiDOjH(Yc%U#Bm3banz`dkZ%L#bi~S%sF7tVoMjf z%yDXD=t^9;fL9S|#9V8mWyA=uk1l9yGs5_VhDk)VBSAg2$Zn7tG$2G=xb>ZZB^WUk z+;=Vq5-DW1U>#x9rx(&|oaEJOt9@%tDQaBloGDQL5ycJ+Jiw;O%Fj>0F$-GGsuG=^ zkCCx4xeNMV)_nfsTxEB3F}xmn3dBPYOD{q+g?d&hnXC@aLgFeRgMtw2+tAQ?n3lcF z%HsI+33I7IQY3VplapuSnh1?Iyh_fZkG@Cr=F3my7J6p|90?B+L(9s<5N-~zvE9d9 z_ma;9<8N?&HK@R=xuwNj|#^4cnRZtKb(?HuF}vilQ^NX*QKk=Jg*}Bd0i@- ze30Uc^mHHo@lkEVq{Q0FlIn9N-RsZ9tIyPTY<0-WN~m6+;;CR~|Mlnior=4A@4VeT z)~`xwPoNU=?p{gcTbRz2-%or5He$yRQJ4hxxTK+`U>*!5#!$>rX74`*!{Xw;Nsc=$ z&3?b%iv;9cU0_sH1F*s^+qP}MK7Wo&2mklZ`8Z;}I;0l%u#=v3*G@42l|)zhnYu5C|LB+ z;>KR%O2J{1rkNGn9P-Yh`)AZ(ai&2cU(xw6mMJ^>4c%dgx#K`q$Gk|6(kw8KoiL0s6a}aJ*E0~;6wMD zf6BAeD8^nGosX4$b^^K7J0ZeZ0%SHMurD3HE5lU6cXb=X*#}ivB>qq_zy($T=7sb}t%^q3LJTg;Z-)Tz@hb^p%(l}*EZQ&x(vw@7V!dE{u4X5;Gk z@n6~p7C0!EG+Se~y?1dT4Oj}eIf^}_tKamhZ?*oUd!#$x&8NcUw;yeLDae0>SGKa_ z-nn%u%I5lsH;VMTs!vUI%hi&IfH6GoYfy@)g~ffLsb~;;;8@pr;i>H|$TkyTM8z+K+!>p_biUIv-ov22y80{f-NVQfL>x!IjF0R6 zSZRE_F95|P*u2#^rbb$mcaX5gOz{|TUKyL1RLb&|or5Wj-*|X%Frm+cUrn(czZdvM zAnFj-Q@i(CW->c0&6?9Pi*9}e4lf4PbA7rBxi&N-2QZ)=usW=%Z0+si;QV4zzgI${ z=^%z=uUo$!x|A50wicF@eEa@g8W2TIHv@G&%k$Hok>IN!#$5oD5F^+R0YP^AQcf3l zu&tX#%23T|OUc#)?}9RIA8m`a=_|+jT~}5y97e)e`-TU99fJMoNfZfJK;>!^RK<#m z)%}gq2%fukEls(ODH<+ngPoc9r%dB2Ql6wX3p@&cd?Y~MAY0gBtD5v@HG<3<+yz#> z;(Ow0QF^$Nc3m|#mRz9p_&jnVeqRiWJQaRR_+#YVCO5HJnKWIP|@x? z`Rdd}Y1|*Z_z~M1Hvs;6;~7J3^u4F#1O}0wPgkFTYQt{4Q;-B4+#J;nC)pRDH(EJa zv)oM>YsC#djFpjGIC-JvHQ*YsHZqD;jdKrPIEN7av!J@6p{l)IqX-6w4Gfk!nCCe- zL4onY(yO2-;GBiXXTJUTq1*E|NnN3tf6~7+zFVlVZLrJwxw)0v1?P_!6+&2 z(v;^`0SO75G5pAmtc&SMQ;oRQn06MBJqN!(o;WxE#aAv}U3%zyp$8k_0%9TLb}?vOHSfBS_H78gQT zMREhj7oHN~2PD0Ne`<3Eq0pvKD5cAk5)$+j)5w-b~L3o7I>+Jc0?dOKj zN-*ecY$lApy0V{)%DMb{9ieTT`w8c=4mg=3>wq*V^Rq`l|F4E96tPOogbv5r69YeS zRK`NdD1p3`xh07>>+Z7=SWVIa9C5*2z!L^Do_!e@c+m~8@W`=a+W{b-f3&X}L1yDC z?AW|J6tA}9B;@kJTi&5)<+?rU)a!g72M4Fx2Ut!tAU8c}KSTrZRW7(a=@0@*5MnGIaHycAdc3-0drONk zsFj4hYR!P_wQJl4?sN3SAFIyXul^@`qhYsPBaY1htvkno1?cdJjlSrnN_rDAzW%Pi0lYNIY< zIEKx%hf9`qBr-5aQeB@pVQGU(c1U1gUMIwHjnqY!R+aowcBjVhug9H7? z&a{JFIad{k`WxvbQX1IUuVU>UbD1^!1p#;ecdhx+oCD-k~Vk(tyNS18pDSAw}pfP){^lAj~(=on9gBRDCzm zk{FOZt`u+~2FxwuX91|(y3;SZw6uh*mxJNR&Q4%gvQN1s;+igBz6>txdb5sfR=~^f z>-;u0CJQ0c)?M6}AxVh$p7bq-%^Hi_Boz|N&s|-|;iQ2??!$)1cTo5sAJkQ3kDeet<3*!lEIbdIA zow*!PULn9|efHW#jv1-(3V4gkB0g6ASj+8yxB%#eh;E?XN{j6tPL%R9X2c%5@UJ}v zT4it-?2-n<8rMVq+*lkH9DEP%ph({i!iW!uHVTG!V2USk?}f{SK2eCFTK0wd0 z#*u)`n4qGTiDsncjPzKYYrkS*avfoCyJQ=Ro~xC<^sJ9^URVs_1S3XPAjl%Q+_H6R z98Bg1U3v!FVk9?ttgSkUudUdlXoL@bc{b1f{kK4j<~OO?$vSca7#X}z*6;jd*3Y|} z3eP0L(GwnCHRD92u?%g;;yVsi36XoiL>~vQ5iABP-@|fF67=s)=*7g(-83m>BaZlr zN|>~xw%kU-Q>&D}n2?wVeeMJ>5kL6-;`5G-)hZYvwI)QgKswEl00S&pTHjSwSqZa$ zLZ?ln5O{9Hrvb$ERMY+F!Gm{zP8b;){x-~Xae>}x8gk$3C{$21@#y3a;JZq&sXHM3 zi8{Tu5`;YuQ!K(F1Y2Cd^3y{IrL|J6ln7kp*s(yW^&8n4^jQ$=k%*!M^e2<)!7mI{ zudJG8zB@T-3nC^I!*Fl8hbKy?+)?=ZfLwsO`VCHoEp&8j;^L8DGb4dJ56LcBt(y5o z#*@FE#ND^$VfEVQDBknqnv7NW+=7h_N%oK=>j14SkFZo~x+G7F^78f4iG}{TU{%qv zuBXjQQNNZt+lSA{U6Yvm`Cw$z#&*y0JrebO72)@Vg^kRwY(8UmgLW(LE>*s9-G<_i z9=m=T91&*QWO?Y2xP{LA^7RVA+Y(4;FKZvy2>ZnQY~m*u@9m2I?UQ~Ahjr2u$ZAaJ zs73qL-BoDyei3iaE%ZoMx_Se{rrmp6YEo!dnHU>;J5%1d&sV*(+kfO~zGM2$w!F(; zw{N|;qHeJD;89k3Nj)*N$ELm>=gFIwt*tikl;aKwQZ5XOI9n$4gf0a2KKwkSqcy=Bn;V~oqZ5BzKxGx z!pRrqKEDTl&+5VEuIbgcZQ)19TjX$5yH8l_CL3P61@1X}39#pQ>j1?6G@2$hH}skz^jFhuPS{PG|?e+^NA%kU?l ztRLLB^UT?^>ySB~!x?8~RfqUOAON{bs4y78&iI|kin9^3$sr+5QcK-Mcuormt+_Ew zK-mW!!l5Ha5hUk;VMz%=5#}v7moEJvRr27D`p( zoX{S2Ae1?{t>iyFOgOklh>BSC+}FOz)>c(CDp!t!~ez#DA2Uqx%J%pAF{_5@GZ&(20(h^4kTFQL$cP%Yk#Ofom7&!4`-e z35*6+3k2%mlRh^ql9H0PFY})`k%&Blz$}re6PHWiu+iM9W>>DfgDJ)BJ3*^nNTWkf zdwOIIb4JW=-L{SAI=2*?YprCu`nQ3Bb7#(wNI2K&J1a_Y(tkvE;WP?+LMusV_~A^Y zn4hUr@CXUeE~u5$+vlTGjuR;+A{`0fNeg0}krk@l8uVdqH3xLTxkZb6fR;S-cM`D? zukh+OX6TOwC9;OsAPlC~!F}*W#J&~y(3;`wbfi(+d_X1-gDlY50Yp=|{w@U?ma8zn zf$brCfL@sk8HHxHRhLlt%Cv0y=u^c>S4%A7GZKOq!N2mRW06-@4s1SxGYVjgP7w<; zb3IYW{~H0bx#fQT}(T&_c0cQ0vkckVYHQi=%;`kb9TLb^Tzi2^(N}# z(<8f4UBUw913nRKLfSfS;P;{J)_L#0_kKZvlh5lE0D&{OL!1mAlCNcSL5LVe;duq5 zIl^LNklLh8NZ{t>#wGcuzB4{f>mr{;RimI!!?e*WCwwybqYc~mPE5cwY1&! zWaUkCZtgtY_waJdjGis`H=~WW9(Ic+M2OV(j_7Cyu#_-WrKFzF?Ebo^*G#>9>oJPc zah|*F^3PwN=9eCudebnX(SG-5f-GBPUY1AFFC1&Fxd1aB(H5+EJeak0c0xdDP?3&7l ze!F;#25ZPbr&SB1h!z!ENuU_zF`q`d36=RFSl4~S>CSOOe52yf0VXCUXP7C6iaKYj zpFe~u4L}MosNj6aKv{Pwa@SN<-3NF97Qsi<<|-WD+@CqO0Ih*X5%g^5vWD0FL=LG{ zXlv-xcbhmUBmVBXm^HuHf=;VU2*> zU+Cr^Xv{(ixG{JA44MHZ@}?$WH~cKTeOn^bcpDB&Y~4dR1#uVx<&Rb~)KeLFaa|2~ z(BNQ*!4UBWN@Tc==xu3d0izbj5mNNL&XB=h#s-100ex$S5+9?}m~Q)92^`(s*XgL zYD2{nXkk&W#Nj)7mvL~5W$51{ZRLlu7>nzooZJA2m@8hwT0S=oK|;twYA`3gA;d5QfM`7u=XUAc`GEj2RB z{qucq<3gLdnR>RLJu!ACm(Mz%pQCTL>xq|dvz~G^EgV~{xL2YpDM4ZiBy-*k#c)rTT(Yd$Y+uJm+Fe3OP-GQ$IL&GzRgJ(qAa}o;N zr-G6*_pSN$C~YvD8vb$ZW@V)hXkPD+;9HV+P?4xUOkhJ!84@MJ$w0MuS<4Y>O?E2cIW;~|rlgz<9QO!Qsg8>-C})@w8H;fWjeAg0Moqx@2}Y+NPIy-I(t zN)H($Q`7T+2cftRR{t6rJG>D`!+GGrGS90#yNTEel=2-cirxShss@w*0ihA{wlfms z*=3D-_ttOME1YMB#9nre{#sq8dRb7=UR*e*)baT<-0cV^1DvS%+MRO&)p60!mX(&) zq%lu?{rVb*Pp-Zv2Bl=L0e7ugaZ*&iMbz0hyEoG8euYv*1~m?we8goOQSexPf=q|( z+G~lti*WPuKM!%+dcbO&85tP^gM)wl`R6O5kq1EInSlBBQ%)4_xe{gIq+IH0U$Bc% zKsR9~9;gy-!);&tG>Rdb_37n&{AM`YZckC;;82Olwn3r2gN@A*ac~r za}fSUn1^wPf~=3oSir%Kz%dk?nwlyqjzX2-NZ{cWI*#osFE0mVk@ij;CHq-9IU1tT z0GCVkJIqpi(N>?*LZ?ftP|<1|Mk&ReZ$c*%(M1m3Pynjjb8E+;t$%jPiMK&?h6XW( zcvI($HP*4%yG!?CBxdYJ*fR(_UvS-!TR&H$;ivk3c~s!CWrOu>Uc3JDFO}Z3G~z34B)@eTyS5fj_&!uROR*`q zR#P>uts-DOFleT5qQpf`zis+_Dxz?Q!h&)nmjwAz`Nm%(eSTL* zf9253t6nY)I%FKM>ZKiLSVHw9CDW})}*_wD_xlbXGfBlPLv zb?bMpB&&*Up71GX(7&wE$2>Ty1MnaSc`_}6kpSa1#7ekDQvvQm$jO|0KJ8&>xRy5G zoNZFgmAn&4>Mnx*i4+-)OW+-~KT0@zO0_1-(7Pd`I>+s#Krr7mELqr-maJ@S8o;h0 zJoqKOX$*lOW2dd%rka>0%#B0ozt&P4ttWbK5E>Fg837-W`STF>kay5qt|e8)vFqvS zp--kd^b=*mhmYKv=}Ab<=-kBUo3KXEs`b%MH^q<)lrN7_cs1jXa#Z4oB^rlnDLEmB z;fD4*!o&X@DY*LW7n@d35kw=4JD{!dJC3TF42Ix?pul>CI?7QUX&>e;g8|m%!iwg{X~YKT~{}wu}t% z_MI&?flqHBA36*;?*I-H;-R$3J&%YO`J5HkoB@2NW*o=mmwshuw!G8JKaR5wh+DL> z6Jv$I&8LE`PK>ho3(lmrQDx8Qc!tFjV_&|I%vkQn2K{8cZfpArT^N+p;Hb!&nkIa* zi@x>g4>PF%^M4&VK^bNr^b`~V0J5F6JeHM&^yLezSMxp&tky>eOX7(C^yw4S(CDtG zrZ5%*zzf99%!co!Q9yf&8d1!1vfV+uc3Jr@1?o&p@d!ot*FsER;HI^uW$KCtcQxo; z#7Iw6r>#(H_T37QES{b^<>Ci1bZW3hs5ZpJ?Ky55tjTd5a3-u`{n6G1y0CF@ z!9iO)O!;;eI>)TP&U0IlGkhOtBqLJC%xQ`lA42uw>&oP3G(P9x@UvK!&6{bF&1|-% zZgal(g|AoC{oDlZCHA#YtF6z?O^c&f^>{p$;jgvb*1vnjE&ra>wE41-HUN+pKlZuB z8Ig`2Z@ijoA7{5JG|NMu!t8j($0FTA|yLVJ&Ue$?TQiws8=>C9k{}yCL=dXm@qiI}b_$ z|KW#R)f}Xs4%Qm|SF1jriHc{6`s%g*g79^=NI$0_GaU`yBm}rbViLw1BpA2uyx}Go zhzKWW?ZEBbV3JZY@wC{cNq8DLUr1*LrWY|m%_J4COw>()zFAf`h~9g19Y+cngllBW zsMyMD)EW<$8$5qWf>I0>6~cNjTG6O=#))Zs-~R;hT9xl}ydmt^N+}lN2)n90!qy!KncbD#f8n1?z-rw6Qwi z%nJ7cx#uEeI5RPXU)4d-MQU$sZ2Y@qTG#~>Fk;gn(XT^~|0h0}O23;PfKT*WOh5?I zW{}wReD6LqJBU%zSd~QE>Rq%e_CUqjuTvzz;1cxng{`4BN7vBZW7V20mx3k#OZviphW&| zo)I9jF#>Y}E~Rp5ALhIgBvNo82z0)?SWU4l%}mhg7A_kU7D)hVz)je%S66j+>w;F1 z%jq9-!SG}(vVRmQ(V9_etSFR_)HkE^VcHOxPOl3JP7U3GGeu$fBY}}1A{v3PpiRFD z2whrQx;0gU4(E1fzE$cU-v|U8P)4GlH?D=F05yR@%#_C9-z8Hug|2A%=g&seCCXix zX~#uX-3;#eQyegn?(-d+@_|H+w&F}sE+{H4Zcezg7nTZ}w{BJ8{Ij>Aqhs-jMmjO3 zuBqt>&d&7xveH1z7cP?dz`Mx!qm9TtX?8l_ylFf1aS!Gn23Ntl3$r;`F_0T&>)kCo zj;PAKT=ghs{V2$qlMqB^ViuL0~i;M7@)t57L zu`i(ZuYLdd8N=Sr9I=C8tr5EU7tYOO`vs|oBg#Kcuitdp;oJGv=FDDmVM~$X@NTB{v!u#P1Cj+<~b{2k5i9c4YVqEJ+y2t)U5pJ zYsa-+myYL~d){$=Uj6}nvpcEBPaWF2ZU!hW`P4}H@Wkl6>Bgm-g4|+e^J)HqkOf~! zZu=tvT1xPoBbBj(0JRc*BaB4~_FIp8tZ%f8v@hMA<;93oL+rA+wYR6|aQ4fWUyx{V zwTnw>9KCag{?R<8rxyG2BRcj_r(FOo2_8ZKUK{Wj7qQdG2Soz9R@vius*;NsPGr``q=?SaJy(DvS zxaz%s#3XBEgnp_pI+PJWxi?}02p9&C(*b+fjn4WH^!z_|*;MEmdG6Y^Yj(UV1W+(B zeHl2eL{{qMxw$!lPK=NQG#(RyHLSW#yBY zG|VL8a3)@P3jA_%iOYE@a{)%e=T0V`FhPaq8w=qVg&y)*NlEnFRUSbR!KJUSf9CZu zeK@N_7yJ;gEuLZ(aF@Gi#bHGD0H*p3;jf6cH&UW0oDav{e%j(PAn#!Vx{hQhMmhO2 zXpY;b3oy|sWhhwVpIFa{V*!;5C)=f-?rx&u$F7RYzG4zXu%u8js8<~Y&%G0+*JE_Y zNW?SI-D82-TQw887nE))*+MRtY=t9lk3iCZMf;#y?mAF(iw>sy+>`g}t%R=T>%fQS-1KOVXztkkuIOF~DdN(_ zfwmo2KX;Ved~of?*bt5FwO5G@nRW;GeQuJe#h94DMQ!Sfq3YXkKai|3c_KsWdFMm7 z2Nq*N-MXKdl@zzwNlw;*T;P9TP1W-Gfc}iej+|pl!!xcYPK6)Y>9)(}MFK~Ffr7NL z^s7AO<-#Q=^2{^W&?`fOhT3Nf*9MQs2Z*X4U+)gu#)o#Zi!S$srLWF-o>f!Y6Kay% zx@&fUKiSyq!*uO!lYGIYQzOj5f$FBGem9-b3l>LK2I%fK$Qr1o;JqC8ZYvdPsI=}! zetxc(`@F0$FA*i@lKKPl?m~VDj*+rA6<#++M{rJY^;uZhF-#)D&}}(bDT94v3??*^ z@{liIE)&HZ0fX=9Cl~UUTth=9~F-;JUv3KufW@f5SF(;LNQ_`2}TYl3o zOHN14N`O4rSs+!t#w!TJun&Mt5jHGBl40P#1i*;9^ByN8>vGgNoXBOMRr6j^*-io{C>RbqL!U5u8FBk(50R?2eO3QTS8+L$gD}R%i9s*Rr!Dxy$Q4PZ)4o4gg3<TgyZ?HH4_d-2fm5QW=8*wILcON!@)uTRh{@r^s5L=962Ac@KD-dneuCD2J2rcDaBO5 z>p~~qc62|K*f##XY>j<*$JRHL3&s;)qMn^QHP&BIrKA1HP`1IE^kQJ(vgzepv_}Uf zqhvnlq2v~1W~xb3)(@lH5CXS+2gt~4tlfj!cAPximg~PTL`C0=In|ab%T+5vH`AP2 z*XK2P+w*LX;n~g5N&h_~Kv6NiTz7fBmW88_#DZ^4yBT_+9|m9SJlouSQPm^}5<8D3 z3Gu_HT0Dn##`?N3aMqTUiW>dOuw}95%lY`lQz_KhnVyAEz_Jm1!#yxECn$H|%%ISE z33-_jS;%kWz1khmc&@2bc(|wA?~;0Z79k)&WMvblHq|Ur4?wm{PnL0>fwvxxeCe1~ zrvQkg#JFrMf*&d+nFUaBt;qp)u5vFR=KL37+IGH%4TSm904Gb~e%0*y3H zr5N`T^fWr&{)OFk7f>&O;evfZus#U-6jUdmI}>AjV1P}Y*nKNI@RBpg4Pwoo(Q3Vq zpn+Zo(aHp!fMX9a-4m@o+E-w}CXq{$9!&v+2Zt((-HQSJ_gcVdAZNyct&bg%@KH^e z5Gwu+*>6nID-lA{PB0sRTt@*Cga+xhcKUntH__8a=d}hc472u(p7qO?edS_+7HUFP zP!K-tya5)>?2nEhY~vlE)X(>|y+`(TlTtK%6I6`rPEMJPW6qcjQvLDc6)bg-iGqTI z&*A1_)XpzS#KS%C82$S7EB$DWXlZFF2-aUP;$axK4o4Gv*JyjD0%%#!FzYL8^vL}D zJWkoWMArw5d~{xJ-AR3pd-%rl*9?nxu31d3Ck*dVKp#Tq8P4Tixw&_CjA5FW1Jp#g z0V)O7J@-AB)TVy7Ar(@5BlfqM37Byn&^!VjQD7{?LU%>8lvF&#JMPOj5N9ialQKJ+ z(E)0_SX5>=ShGEqr>EiLM;i1O2g^b7fnU8Tmf(7JlsL3ez9quD`Z>_AatrJRVnc>iMYHicM{Mx8BXQZdQ`e zz3z93DzDw%cz^Mf-&{VVK9gD$Qd#(6c z$s-#1IGhP~K#jPXv#3mLW@Z3ZG)U(JI|;)IR7YiG;=lJ*oF=NWW5<+Jr;DN1h3yQ? zTXQhQ5p(ejV(2q`)i0g~ZUyv&C(r8ZVoXgx%&6nyjJ>#WPNNwV!0Abg4=Y#&Ne(g4 z0D12E{YQ^JM$6x_?(L;WQLQ4|G;T2b$blNfPy~W60fq&Uq!DQIEwEp>W+G6ced;By&G`{=5!t zO+fG$)()gRq*uSs7l3@NDP89T5;&~MH`r%;_l9pzjfuo$j@zr4P(loDA#zwGW61#X zP~z6iBeUAobrlU|Or=PE_luHw&EP4{ifO=EQ}_eNFGA9S+mwUoI+2B&KhlJqrCfOXj}&v zG(JD4obSx@*#)m!x@Q0L9T#az9;*)wfF ze7OtRyPH2ej*)*vHxh4ZpZ9b4>gnVg{M$K6`#>dvmNmNKNSrilgaT|oEK|Wi-Y+L^br$U zaP((lvPm7<3+QawMOMMQ9s@w1Vbkp|kY%`p;#3z9Ogo^SJe&cm*rvs+^IUxUAs|di z=hh5{G~HfLYN4OKay`j<8&0Ww_i<4kYw!OVTk#*tCu~4}bmBdHTb|@Y8vOwTO(_@gch#^si%nAPaL>TKrEpA~g zh7Y~c=yGv&HOL$AIOMw|NJS!%Y%Qxf1fR(z=mu@dY*$ebiwDQ?1Ej>r{g!^@Gzegl zN1j>JS;x`VC#k8HN>b$sp1)p?Vx36Y$zf;BVU9aUQ@NL}$jQrpLXwkNG+|#sQ5?4M zZ2T#aG%v7-hs%Go33QbwX~nEx~1MWtII;Qyhnn>Ej>eO29Jy7MRSsu zOFnoUIHZ!Q5ZOHaO-ZIi;ICBA)#9Qfv1=;AEqwvcJ?=VD7ly9m{H5nWr@-E69_B1e zj);xi>+z}bpBL9H^EJmT1doI>9;M+-$&3(}pP+qcIe7NriY4j=xB zjcA62UTpjI4sMfE<(cR0`mUFd(qwC=GopnB<+G#|<|A-%$-+Y!B8PUw4mi%eK&_yK zepvQ+2`EQ!RgghRRM5k5q6&u>7?j*yGsP>9vNmKPkn-pjPKMclDy^5Xiux`MYkH4& z3{uS@mupZr`S0dGt2{523Z@u$_KebQ1c!XRMnacuhR$$jiBl%zVkTLd4j9vQDdMCO zgk~+Mr|DT(JnM|L)78c1T2)57i*ks36va?iF_Nu+{&&t9Jw9;-h}R6FJ#i=~O>yS(@guJLx{71ikd!P}mqt+qPRYR-Dq#QfLSZ!QO4O>~~3BGm+oyDwpK zvu7JLwMn4=%0gAxgq3`43?;81M(~tD-qcy)S%H>VG$vzV0+e(p{MyH9-Zr9bKOGS~ z4!wegfx8;CJdZoBeL@{WtkF=pBcXimJj9j~gp^futDG=O>9$;R73?Vmu-ZS}qFR4# zj8io!8ZDs@Z{JD=s+QcaszdpXD^PN9$R$7zV7^ze(6TkTvwwYC_Y$~Ns%!{ven7xJ z;e&6F&VmFt3L5}r9HIl` z=z!}3i_$sp!ve^o17@>fQldH9jbX=3d`CZ}bG<$40Q52b#TCye5o`vW0Nm~6M}nlI z+@^id>Wf2}g-LvJhK7d6Xe5c(Y><>r0hM+m?Y?K0YecSyg9J@|GPvr%UkZk=Hv6$ORo$Z}nT!u>g+br6Esd92GFBf{s z%h+`0CWFk8fbc{d;Q8C#uHQt)nTPSw2(p;e(mQ{u1{g#tvH@p`aYJc{B?t&miN>Px z0Y@AsTPT$`N%4JL>tfLqf-}f5qH#QGV=9eCSp81JQ~i!Q9zMxTq_X9+dsDCWCU0g zKP_-ynK8IJJL!F?(|NwM`J-uN{8ckO)m(~xfkaladH#5(i?e>-W~+Q{!J91@G`gmD zctZEBj^tj!Leqph7Fy{kVfta5Yj};^Rk<5kYm`y_>5BKkwrjFGB%Pv8WyUcCWoSm3 zXN~lA-568NUiF>Kc=U*|CC%sX_bbZTM%%Z6VNKa`||1mLz&=L(K>dl)U8}7~@#0eEnq(1;6l3)>1Jf7b*U1z@Ao6y$m z;?W+^rc6v^V!?OFP=v9V;tAR{4y+V|it=<#n>_77>{zr%zk|NgjuX+2{xujk(O5Uy zcs@}n>gh->owPlJkgMV1Qj82L1*{iykZznQ1`x}mPo{t}tPR9jUgSPl z$)R-+ai#*q7XuXqyb<}8GxGAa77Y= z%TU6;1#GMmj;al$&sC6GWD)@w>TGQsNRbtEIoj!A(79V(K95^sze;P1sFT0-HSs** zkeh4-|Dz*hq38eQ#4hcT#0cnel?09g%4U&E+Q?eJ( z$UwGmctMtR7&kRtE9X3sGdj9{3r`2WqFwG*1nqb%(1#k-Miuw zjoM;D*Oa|kT@Nk|eaDWdLG*sx?^Uy-u+%;rpGD9dgaQ<+tsg26Sp_-3CvJ)RH(0M zzT0Qhx||+1R<7Nq)>Wt0#F4DcLLbLpGT$kl*?Y~y-AU8d(V?}3C;WSLRKa&S?Xb?Y z#i-szjpL3PU(-eCyB!W3lB}p=9r61Rr@eSJcpuZgo%3fHx;Fepy4Cz0d$<)andX;q zF;P+Yf(QWe;OVoHI}+qgvnLj+#}C(pxHvgwAQ@^`n=k+N=+rElxLmBPQXsxP2JDWp zy7pE%4&R$oncr4bT|gDn3SAC<#xoh+*!&5#nf}qy6e6!gn)d|1q=)JPmjceesI5_83 z{_ZHvHt-4oI;dk8;@#r0k#(nv*IE$w1)!G~ZAXyzx_6KL@ZobvfkBxMslE~zfZ)uO zspo!_MiQzh4XELW{1Q}RE$&^2QTlT;>=)|GLB7E$@;D$sA!DvxWbMQod^jW!?Ag^6 zKm;e!Md?T{qt*3H343HLX6Bq?mS27(IKR7Rs}r?2yA9;K9+KzBL z)eK!NNM>@~-H>@mE1x@eFVcBv56)gSRB%erCKI;`M(Y5Zq(Rx>RV~wXtaOqNK zEO$(7uG`f$T`EHbi1Ov*_ch>+vO`6CTr$B%7Pi$3Wj2o;nWj1)~vaT zT|=CdoT9?oyKOGtby=GJz&|d`kT|)O!Ew#$boG_p#|&KR2QM9|v-S*mBVT3F)O6ZU z)JZ~^(fes%mxQEePmIAYk+``;qugJr4{4;2yjA>kT0btOzTSnh@yL)r+epll-f@XF?d&Qj&f?q#5_~)9~(yZJ#K-bibd^tj#AiN}nU@OFrv54;r>jn@qI1iwe>;F8Fgg4>;~7 zk*;AQB5l(dSw*r7;dtEM8bySOvB)IKj~{8bZrvL5NaIvX>CWZonOFThbNx_&2B7zY zry{Y=E7tP(K7S0jdsi~%bU;r}&(@V3NhQ}GSyj2f3#@vI^BSurr=|=8Pm#J~f2~e< zrXnD_K$nBsD)YgE&0w|<6j>n<%>qzMR*vW5yWxrOcjZ`U?#(G92@HHhjK88rs$=HfjG{tHng%e14VU1T0!D7?9?LRIwX zVU`mb+idnFF_-6Maw$j@35%ozL}iKxoaB_Ip2}oPOdY8GYPNgHpxsr#x?zG^Y&voK z@#7}>+JoQw(}eURUGmHi38pG*0i$@za@tuXn;|$LJoQs=pLEV!I?Ji79U{+cC6cvF zO|;UF9qv&t3Uq0mYkGXf(>d6lbM{-Xy=`M`{rK!sM%mKPI}Rz7P$r-$x@!_bEBvV{UA;r)+ty&PPSWjej|yNS~LtxFsj$eRtEj z0yW;1;JL*0V`IHxyBdE!^b-SBuCXro4o0*ldly7nww|#n6D1xiiNwwfK22Vk zr3^;%Uu5LNlKE>MI4*4fc#d*F!#_8vxW=-JSYZch}88kJ11TW zPk@2eXXas|#&Cqj;uF?Q+y!RmbF>?Ny6+`LUk1-$*0M*CzMVr@SSyg)eXKZez+tAp z#FvHLLeRsnbpAZCBz<*ZEt(Nv;}sQfI}nj^4CrqPnpjWdFD)e^DU_0u;^5)Agbq*z zB{}p&P^D25G_D9Q1K+=EeevzFku)a{j~k9QQoMgQ6RT^vWs)bUe1DHHvZ!(RojCG%uXiBZ_p?@ z)$`dn0^p#X>C;hFTdvr9MS34Tv{nyXQRCH+7u2n-RXw-Hgo}^q^A=7h#wJgT3zbe;AaAs@!*_wG$aAWtGv^M30Sl~39&@;HwiIggk~s00_M zr97R^lcd;&Cqf{ZwX?OwRP;c@-BR->)^!&~w2w@$*{C>FY{5QeT`z^1=%iQT|Fx&_ z9XkhmafsU@eUD8~)>(Z2A78hWiBJ`M`Kcen4<;(sXRHSz8~*x_pLoSn-P8-5P(wyH zM<&^D?-lVv1K-u!-s_5i&Ke=>_STxU=#REm_L}3J$l$nO@d%TFssh)VfAp`D<@XDo zYhohF1gGt&A|Lh4IM(idC_b^{6s^qN&lN8|S6t~SmjZX?{oS$`o#ONI8%Sr8jj}X@ zpFT|h{0VAT4b+OgPyX$~*k|_rz-^u^xVLCeF0$Lg>ZDsSD_}lHt<|2E>$IIjlF5T| z9H&!LFaLl18g9**El&zv$hZWniQVkuzY5f;mtXgC;QHGLNqA(W^#rkj{`m?v-`PVI zeedG7W&K!1uf60*-my;xKc256-BRWg6m0AL_uIwZ^84j47d_rT^LqXKquV-C?<8E= zuo_xxKYV!U^v6FhihtJ#_)rSes9e%!8+skj8dUA*51b!meWtU&&|MIfZkIAe> z#T}(`DJA)U(~N_==}ZWD6JyO4*lDY zDkdm7RH+H8&SX3N5v?fmZPvHd8phJ*i?1iYp5ukrXZddEWo|;LP59O{vMV;3=R|V0Zp1>Ux2S z`lHpW9h~hcd1b~seUn|bsqJ0P=M}Qb$TjeMI(YF#nkRFP6L+v`Mn+&_foii!PW(Sy zfIfrsey8H)^$rJB_a@`HJO1~&jg+SR+hqs;xwGf`CFVo=A%|-y?DX9mMGcoDc=F_q zIM0so1TdG4KmYG1S`ZC27J=U$JV>-uh_ns07NLq8yA%lfO#3pVyI@3}fdv>f4UOvM z%NTK1`eWtc@AoS>=u2V$GvKex+CfUaj8>l9_frM6c9e%@hp2>T+e!zzM|q3p-Ev#y z?f!*O;)fnegk&{gS;i;JWG>#rDy^}X)j=fds4ob8W} zEAYf146qoFUcLoNimI-{@3lJ}JhOl%-38&3CqG;{1~g=kx8d-W4^L(o)smH2+wFWQ zC#Zg(YNRt-=W&D(U&|*QMjjIYBwW{?i#j*wmnz50jDiM5fo!M8zCp|ay~-!z6o?l8 z!34n#4JYE4jz*$96VbCkj;xAWz<2gK(FBR!PaKjvd;I?TzuxOse;%fN5?DCFT}%7) zgZc~s93(2R5HA9^l|-zaU%dx}wW#Sr4j#QE$b%R$pi; z+pY9BG97G!!-)8Mc4iP9TU;l~5@E7%F%Sy8o%{BsK@*h>#gCnX!^hsE{7OrM3>@6t z%T^Qm)z^5#{yY-YT3Xba9MoEr(;6drBas7^H+?0ZJO60xC*NDu^N}-C&^z z3WC5^QV~SDqy-!S5s;Lwt#k-TH+;v1<2=vvuJ!u^e((3~wPpzn?0w(YeO+f9=W!k< z4#c(tI`_b{V$I)QlWk+_1P!QYuwf?uFswT>oWp6{e2w~I=0>a9HWB4D>;2iJPM;n? z$5$N)Yc9ydF)8XFo<0U`DtKQ$oCk(roa3X~* zx*q{DPjz0fhot4wX}t~>lV-sdS2?#F{{ejhf)SrSfz#*zTI zRUa)5Yap8-BjcX)Wd(U>8Jd6Al6(W7vs>A4@^RzTU~?o8Lw(#J;*3gUK$e%6oUI0% zl-%8(3}wspx2iX#SCl_Y$REy=^%C_77CR^pe!Z~m*IQ^aVMqC6pK9WuOr5|^5IvCqF zNSrwrD5LxFQ?X7J;y-l%2opPs)?S-dD++cGXa4@Z*(A_7wpHpM`>_0>w>IsL>?HWv z0Fn`9kcUyreL{K36hcI0Ov;$Vy}RJ zlAPFtFBueGvb^ywociY&E`I>ci+h+;oB=)ve@tyO)E2Zr!Bl)4AP~`*5>Xcy;r5rq zXR5qg=z%2q?M2pzWUgULbrq0xKXFax3D)R;p+TMWGo&E zSc;>QlXd8)djVcXDe&t1_ho$6<|qE#yYI_BN|LDa*X#RxgVd7!YjdXCJ<@y}^!48W z+G3G9T?)L`$gjo1sFCH>$v-dY>Kq2?4DVEO_23PF9`=0^6d1t470cWIeVoTH1ZDYc z3weJ&N<(m6aF67IQS0Gj7UxYh=3zc^dHC66ic8+3G~XfCh9{);7ISjo#s zjPGy%*v+3;x%b-7?H92B${jXRut}31>aUg(wyVzlP4>=a&hWXRrvk!iQ1YlnUo5*c z6s_x##^M5lS1unP6ORAc(e$8gP4=O+{7J1rEy^7Ud7V)v!Z zn+`kA+ajU0AO&AoO|WFI4_lHex)td5zxTTrke`>>+HI?{yI z+?@_SD5z>ZYTZZ?!3c~2HjG?7Ng=tqOeaYn5FZJC;8aLbDWG3@44Hq5&0$0rX8@L= zmQf8K2WR{OY@mKmk)aFt{|N&}uq!bL=q@Zd-jmbDW-8G4XB_Tpg{MV=5VW4b+Y+6Z z+BcUJ0>sqS-hOHuk;zTS^%1s`FS{O61%(p^_(2pV-=K!ok8b#!FUvd1{h4=2NV#5_ z6fem*6*JBCL^yxDu&ot9n=q=HAp>jkFF-(Pyo4u#)KCfo0Q%{JB}jM`z(wU_y_{Zc zg{1g;1fD0Y+RQJ{Jq+n=ZqhhN%2(JFNc%PoE8ZaMyp1gB@g{o`Ge} z1x^8TL!S0|Mh{}ROZmEs1b+XcWVYF~#Pa5a4vuq{xI##4o`v~Kw>e0blYOJqln;Mi zSoSNi4>UCKafqo9dLE0{Lo`}LfLQEeQjP{E-VZv#9_$qW4?Mce+=cU@dPvwFD3uzZ zehsysdkl`pS-*!hA-cKx_I|$6nH1#oM0`9q3;R`jyRyZH?T#xHG0^td0NlTlUn8*McM_A)Nm;}*1B_l5- z->u7KA_O;Q;(fB&P*3cI&R;d^eA;X?a5H60%*=5Jgg>>mid8%u1czS<0|KrlslG+Q z$k9tTRZRf0b%h^48USe?9Up)9Jn849qhn(~ifm$|pIG~G&(?oCH63;+;?8+}?kNi^ z16(NLuVMf;=yy-I;U-Vx7@ZCtsqaDTRU|((kPR?D$GmRChUJQ$fFXx8g3lUA`H>0~ z>>{X2ob_h#f~0;9Z1mIqwP2GFL-DluYRQ<{tFSOOJ<12{7GpatqEOZcILiIuL+{Yg zP?ROugoM&##1jBw_L0`{vu72dD}e2Va#zoZ>rdEH8jZ3eq^~?HyT*LfToNo`JR5nG zt(8#sIC@0GF8Eokff6_eKS8e-=rG=k#0`VTREz?#F;D}E25gB<9WXcpn)M|#(IEZk zV5o@N-$PGxOWpe)H^6Z&pmWAb*(X{hAs#!E2NX$aha*S~kkd=qY5VmzQjx%ZSu#=n znV8WyK~SvtHt}dmX;f@}Jqdb#k3@Kt$yAP{dvJq=G{#=j7K2K@3IYMv>*j z=*3?MBW}s>jnp?zRWmLn^7VI) z#s?%L?0VGOX)sgOC4SW#BpQy^?z^1-$BizT+WuOETx+X{f)j{T^2>qRE%o1#DDKq* z6`X$OPCl+|OQ%eL^!lJ4f}D~CFW~3v8x8}~RL2jc=*=8w0ouvKGfpJ9EXcys5rd14 z^6`Sra{7pR(^go)`*e19zefJm5AIZd<;%N>_SyC1C>7w>hJlJi3WG=#m9ZvWh?fyP z4!rUbuSSqgFgF6;ra3{-_5}tLM7(|-jkUG^dizf#x$DR#Cv-mIGprDYz27=o{p$1v z!a{~5U&>CqPC8=g5y_j|*i_hr!V?Ujn(lvPi#-yXT4*Yuag>lW39*S(o_g1P5GR9Mf<9q{290_J$pHpyM!|?qH06n~X*%4tAD`B+KoK4y^ zM~`|T-3QlcKT(bSApp6x1t>5PoE80k`oqgd>elvU;L#g^E2&%~-HX2P@(yx=n}vdq zV3)^T!KUv8=G3hQ_CO@cGSWVTiihfAVOl%@3;2NN#Mr|<#NbZJpF;&D8g+65q`$%r zld*_n2;!|Vl0k?)sDIQzzM$;cf&4U403_Iw^59w@zERC)^}V4=P{|1oT;|+4IES2Z zIN@fF+H~V)WkirlkPQP{bxqJ7e(*DJ56^I~ui>~z3{Kb!_|Y3QU?~#jZ0Z8Sg>f)$ zWJ*HfM=OdlvFQji1N6xp-7s2z!&H$Z1_<=OFVT^&OHN63PQs*FvmrIBzK) z#}YZEBB8o@2PpuXOh!t64o<{p9PmHk^9G+4a>&=%f%WLu;`JrKb^r@SPAt3gFDDC7fLHjF;GVqOq5v$b{lE6Xh}tXFlYq!^{oB4g(9f79AsO(f~$k@z6R^$|F7+$;ouE@ zv(K_aj$qnMFzQ(}iH`CH{`tor1_%+6TU&+9p+L@0?Q4V1xPQ3gl)&1P@CbDgS_g{f%SNrB1jS9~>DZ1~;lE^WT+&2TuS`T49B#&8yKuqi#4PE7$m#I_%8 zNmzE2$={b2hnL=B<^xF+AQ^l6EQdn;1Tl`#g(g-G4hfi`2>Yt#&8Aljk_r$M#Q3~u z`US9bqgl|QC~Lx~mD{+9jq1rh`Y4y%||q z1kXglIFNu?5PZ}pGCYWBU{~UK>XGEIX)ZW+@8|(;0Rn8Mj17h9$KuZrA-NwWw2}~o za391aGVmyWP8H|lI}Z(`XkJDSi1`Nhta3u1%o8?3H+T2)q67x2huCQT48byX!lL_x zKY8-x`zpJZ-_j%xK4<&$Pp(5>+N9T*l<$brJxwB0#JS4onEiS1_I52-Cu);)Pp{ju z|HT=vzV>z&=@JO@+5|4&u_T~PHfaPiO;C`%J;|k=`;LuEOf2WUmqN`S8+OJL-632d z%sK$phl6%ZY%1jzdq2(as>HV_@t?@hxKfTXie43V?HhE6YrxIUwtMg!X`fsog+8p# zQ#N7?AkbejWeX94r@k1q0{KE}Q04OTeQ~xS!|WBAm4v9AAer*!$!`t(a&$GL&NKIY zdw>xZY`b<9H>*c0pF6mg>%c`}2W4Rk4u?$(=~NksCEmu7VUZc67Bc6RQHUnYHL!g3 zVdn@qobz;f<<=}$y!Jpgc@}{%1IE)03mzSStn3=c7D&oU`;b<05V=iOWS3=*&*TVjp%=oD8w==K`K}jViNac?G`y0pYd_J_KM!@1V2?qaLMI z)*UI2m$=VRuE>&cOKS>sem)%d5=Fb5FHi0{%eg>~h;VxCHbZF{ALV%8FYj;nL(Z8< z`ymbfi7VZbkNx^e?>CwVEi65oG>JG-gHKQmMS%^Yp`?9kFrsnAuKLziO{@zd7_}rF zsoRt2;Y>naeD!KLMwHObtJbrk+zJ7$3u?z1?jeWRy5hSDwQSFko*-yC zw1uDwiI)&TQ+)Tp$3gft6p~&7pjv@%)GVCR7z>L+sI0i&i;(BG7=(oKJgjh<9?HdO zQ!s-2q|rSB58vcxs12t_0x~>KpIU=d=3zpJV>|b3|8dNH%A9Njg8%w_Z~#w7>Ol9ii4ch7O{Q%)k)n}o1kDy>U`fJv&S4L*VCQW=6Qe?CR9>oQ4)vx*uu^^mOEgHBG z>$#955{Dm{Vgg7--S&?F=Jo+v^he$t;xLryXwltcUqKF8AxQ%WJsO?+Xy*+f;;{h% z_J!NES(mr@tsKY#_M)eku)2nzMERYoce_xNi2v1t(l1|D|M=E8Om%C5l3?DxOM1|( z;^LAffGXi3p{W>ktR@i#vX(EN>=;CHalsMdKNCm|dVz9Pk^m3tZOLVIyCX zg}+pW=H2)wRxjk9Iin>!!Z*L(LOT5tP4caFJ;8*gjZ7yTO;c|WaoKk~76K{Ksx?7n z*$Ad*p*H1&(P}=){51~K-yZlO5a>xG#0hvdk3&1j+S1%&Lw)9~PYqnf_q@#cQ4e1~ zy&grMYo8IPz3uhv>E?)2=bV|7O-hooY57o6;^RCcwZ1irRQ1%*a6*V*8#iA5C(u1{ zne6%lL^cLyhm?azbAooR205`n{xLy13Ncy?;4PK!^-!HdGOyo_F8bGuLNV~Cg_PCo=okDjFS0i*s#bKf?K`4PLLS8)v1XpSlVqs$Sp;^Z9EIlA%*pJ5`0Tgl zT{5X?W^-AXpb*J-aL(cSQGh(ZgbEs5qM8s9*8^(Z`}qZX$axD}tEgUb7AMi7`PplV?k zry7cXl$d&mMlm3=;7K~M`T|oTq^h>IwpHay7hI3xPG}}KE(3+RHp`ddD}et=%0ZZy zkbp4l%szFQY@24Gn%N2Y3l|m#;*@W+iIUieD$XUQX;3X`@a2?!AA6sH3#YW~Q*Nb_ zwxTw*G+*nXWeN}ghtkqg*(CNWO`>E^W*7e-7@~0l*LVINfoRlN&}< ze`xvR>*FroHJ+aGC+>81zeaJaA1%0~YmP#p{Pfm|n|~I@rtWzC{WAn4mk2fr!`7`_ z(m;|vYi-$YG5@nare(2ZF5REg61~IvHqgJ{>m6q6_Qf+r>EN^y(Yt#t7p06 zjV9SPQ0f;Kz?biTD+4Ta6q!08iJvcBE;>xni0gHpeTxhw)oY}~OGSIQ+uG^5$?HejQR9@r&gHzP@s^kMR#Y;5Jh{9pqcoAk^TW)op_1*vQ0br z`iARoJ^Wcx68_(kl3S;5^vabhQVmWeT$x1m!(Wj)7!pHZ?Zrx8@ z|5#t=<^QScv~WZ0f=8Mhs>wS~IR~G;cAK6>uUJps;sYr9^tP8;?4y+1l^Z@81H%I^ z8K(a&Vt5mD$R|77p?rnN>&)Z#_q4j?y)~pD0cdMxW0%$~Vl<66%=|8JhPN!?=SIBZ zNifKNU+?4E-NPK@eVD({UwE)y{z4^nmxJw@vH-n2JKN4YZG&j~9lV1rc4LRMykvWV zenPyyCjZC!N0^7ro!lVJdRmJrj-8aCh0?tc=aP3{7zGPo88qd9KNeI%;pboGwEVOmdmBYX zf$l^+TH9C3AAuSo=WGNo6#6+zY;*dV2kSrC zCQ=lei)fNfh1FB zC;gCaZ4*{(%BX6KGS5DIPU53wM&(o1 zwTNYcO>{(fcrQ-cr037Okx2@Yw>n>}7V+|Gu%A-K!itp)iz_9%p?Qc=5B@ zCt@=}y!LETNs#Z(N*H8b8PU2_Cv!!jK?DagLJbb4I*78Xn*Ovu10udU-2-^4~U@Bl&WT5Vx3S zU0mL$-j>2PX`tM-D1>!E_3IyI)(d)Wzs;=*^5Gpt7W^J=pB7QVDW+;i(O}hvp7?<~TK$9t!ok%C6OB7*}LydU_^~Y9l6b>-SIV zgC0N6k%+O}skvP2$iwjw>e^v39ByVG$8lmN4jcSm#d;GQ?hUeK#soU^;)Q zV5FnRr7V!T!>mleQ02=BXXmn>w!4{AKrnAjNL4cL{;hgn99`sj#jLe_^pWS4vsTck zP9>YZ-64dxeQ#%JV{=-vU@_CPH`_)fF@VAHyJ|uH2LAbgfduV9wYE?3nsg%`Q zpIHjG-``%ogrNgo&oFI0Nz2jfTd1~8Yx{uOISH2xyzxc?oT`Rm)Q->Yrw^mkm&`wl zPVoE1-=qEev1!8cD%8UFWf4gBa&Xhc*kuQuJ41P+JalprPK%*bXNQ8Pa(qLo6wS0B z6+&#`TjlXwO(S|!bb$bO} zJ>(Jomb?X2jAc}Cu#Rmd3&!&FVH$PGC2UqKPqR-(HKA=Gf&%2 z`X(mv|6GR6mx`6&s59j@*MwTkWmm;Kbc+m8o9+o+n*VOtHe2Tw5TI>Tag`-LN3ea@ z(t-9vp_h)Vl@Mbd`JTd~Fl;_QujVq9O?~X<1`ICqP9g3raR*ri`BXbuOUL;yN#82O zw<`_LS9oWAcbB0^`Uo7B{GK7&Uf0YrvE(Ew?=rn~%F-m-QVIJy{7c`Pm>7?=G{HT@ zI9--%LClSvmS|OYcgSV2hfYBOi%_S|>O9}!=I!m4o?z^9|Xx80SArERWFNW6&E zOLB);*1-wBqKbrxmXm*23}abn2ILH&u%^<-!grXJm6eXJs;*A?n+*Ag!HKD<9w$@B zwRj?h*8sUgnrTSi*qG>hO4?s#3(Ijz8?cL*pU^%%U$rZ)Jc*NoB|eM0z4B%4(M27- zgLDfE-p2ZFFb`X{Y;gle=QMyHy#W|_ZUd9WgHMYkg@Zk#qodD2nn_K+mbTwjg-2t?HMB39q#k5e?fB+Vg+{|RDRu>mQ{;~6Bk*}|bSTi_+894z)0UZhW$NKWx2Zgd z_K_l$p=YHdV}_zOFbgCcsl$|`f8Id#3NkwtNlC{+B(%tK-Kev1*lyhFHPf~Q%r=tq zZNpMQqM7e>7ZR2j%xabBsIzsTkZL@BOlQ-!RY5^vBsIZl9}CM+{CGZDdtQ$h%dQw- z#wKEu90mPrXHHJe$e^i7EM zP4A*hZ`m{wn77rex3a%3i+3~%ml|NGDDdBVah&NCENK~v9$w_G|M zAKhNQbW`MRuZe0*aGGNYaWE0w8!Cxn2p!!B@;k|b@2N0Nmz`wKojuEDNuT8mc@iYg z>gwvQJTM-&QtP2>I+Zg*_^3=V5Z2&|&z?; zN2?tX9e)H7TBs44es9akuJ*&5t==!>^1S#eOYr&AN=i!M@=@4E4DpYSS`1$VUfnin z$?i_<6<)V!Tao#09d_&yfy_9!_*7;^naO-Z5gwasZ%_Sr!eW1d4*mz}6eWl27VRz1 zp_pUKn~?9?vh{k;FA937S?RuXNi?*OS=34BAaWZ>@IqNkhGKmsV{z6kbe;|JO*>UI z%%mQ9c@;rBkXfkJQXzr|yJ*vi(^H*a{$*9wH6WwkVd^s1tP4%hosK{LZhY)AdEIYc z|B2CJxl@t_$iBC9baae(+PpjY38=x>6?=Yl3e&{&cI;ZRm6Q~PL=gn6HkG3l9C0x7OHj?0(NP!?Rad4#6~4!Ki){${XhFPncsQD}N4-Oy(@!O$EH4ezpO)BG)yga<4shL|L1B-ock!w zT#H{fEbcbX)M!C*>%h?ibeVFFEIRe^GL*E%?@bJu5({6RZQ12TvTFR&{I^|;SKdv; znZ{Y_k$cHdc@0$PmXUBAs zF5OaBo}}Z~m41BuGvYsPyKQjV>p3xA@TbJ|-=D6fn4vCR1UQI=QmT|Cj4M)p_Mf%C zjgeqafn}$Lh8OwT2Tc=hx~`t|w2>s=VkAbp)3A%n_~hhA z@FY4)wHM7L=i8fL3T}Q|jwNW66>&t{nD8l25?;RClRNU*RMN@GNfd$-Bi>$)Z1NKm z-VXC4ZZQe*mUhJ!Wdh{8Gqv?asGc+7dN*K!#h3pI^Ee`6u-`BH{q?IG>ixFtp{#*+ z)1^sMRzI0SwByo;E{;dC*48nO@Gosja&m|$l_h6?3g1Q5)!Cxf+75Wo9XF{x-_F$0 zWS9_VX@!f6#TWqmLtd)7nHqe~!&A=u;uBGFQj!Ic_}3Qb5Nn#Thi!k98?y+v`sGdE z8|X$7mbOL3sW0EQC>S6xRqt1BC;)qGbEZc8hgDdH#DM=it;Z4aQJ=cZM~dZ~4~ma^ zdr9(9JU|W>%3YjDIQ_k4>xd~H{6wuEUy6BrCWpDi{FQ?8;1Lv~offx|68*?SY+h_r z7$g~$)$p9$n|=`zZ>@Poo9*(ARvV6HY2m=3Lz^M3_>kXarj)KZO={@*b(XfpNf}D! zWZQ`6C$X`!;b|t1AMCW>3zT>Bp+kp8MDoT&MqK$Fk1rbpmj4(81|OLS7A!5mRpDLM zOFte+>_9u)vGArQmZ=&Ax?R)9B1$zx@K0xmJ-2*Z+(?w16E_&%Z8J~iSiM9y(e3F( z@_Ezy=Vrj_-da-%o4jG^$A;y{Z=TuW_(?=XefvlQcI`sm>6&_#tk1Oy+7fdj;*+XZ zV`6&p7x6sMAD&BmD+_p9StNw0d-Cs|Wh)dH(}DG1uJh)*WL(#cS=9aB^3cFn1FE_O(e z@Qu_tGZyb}Z^!97UIU?H6}-*#7g!#=t+z}Bx8^?Fj^WwLpR{?{a~;0#&S)ep@Nyo1 z)qug!LE=urLm3^O84y(0@xLS|jz_q0om>mcm1MON+LM z3z^~QNknA}bhQIO935#$$Z%Wz>)af>^LbTv0?y8~7pxYsAS{7pAA8`wGWz>tu4iW> z5t$#zJLNbQNLR0|{mq^7b#~yo;iAM6XIQofdTNWw?{!#&&S_jtX(Z}89Yqq0W*QEI zsdRKFNKC|Z;NSCf<_#iWTW}OQVzd_wh_E88V~6Ijy~_Ng>5?@ZiX{9>ft>TEk-R0F z0+(4iKfbAX;-ZUog~kES##ALvgqc$xv*BQl0E;%lU`YfM2_MN0gNB%2JkqjTzyD{C z{a)H-o`fI-^T>`lPUr9Pv=nAu8kbw5Cm|nMRimwlu9J zb#)6`Z7S-<^LL$UF*^-q1X1zXDzA^gyxRk*^Vbk7XP`f?1Iozc1Mmp_;sG(;x_1U~ z$rkqbMAY5f-1H%Gf0G@{KwcX9h?{p6;Y@4?mCi^~vIbJP#7021zy-t_-AO3~$JANn zf>&Or9ETm~zI-uM(BRmNkRau^DUsoz4J~96z~U(X(!oVkV#Ple6|u6kLvQ#Izf+&= zNL_lam9YT~BcIH|!U7$g_y6z6#rpV^((Yf*{=LCm52E|&@7E=^!+5jVlDxb*Go;=o!bkW~wI%W8G|vMB3mBP6k;5&LWfz@n&?UB149Z#r!!g70)IQT)ws3Nw944EHmR##JNe;sJzu05Bk z?ExKZf%wes00yyPNCs>n`CNN8b-~0D)jO}-w{Opc4nl8|SXtO_8w8jRQWc=-CT_Vi zRLt3%d;eeO@Fsj1e1{QCxBIwRPLvJ-Yw6r2OoIX>Pz2Aa3(iFn$g&Nn2pkp==yH;h zT)S>vm(v8IF|>&4BFD!l=UlSi*REgR&Fq3&CyA|!;5SI5_$6SW9QPOTf8OA3E|8Hn zQWu77Ivl8TTFa3r=ur$}&Vah`aLde4efhW#i2%B#dF&mr)4MiW%84JJ5@7qakB-R$ z@8Tx!1Mv?pFck~X4AG7Pf>diWYuKAo2Vimp*+7OyLJAZC7=nX?85SSog39G8#b$nQ zt^bcP#}5@lUO0>f^Y@0tOa6Cv*-i0(gFE~Z4cmVLM)K`LmS5LHzB?B7uLURHKH2+! z+n?sHk&nWNOjzGFD!&ph+$a<0rM8K4l}-$bN=k@afE6!iM`R7~y5;dj!`~+Up}>I0 zi#cxOMs#!s#Km_ad1Q!RW;g%*H9kK4g!~V>!s9l7PfZ;E`F>>&T0yAMg&KP`yveUu zVo7qN5k^oJqLWPW^ZlkTeU{fEP&O=NC53mG*bFVi3 zSFhf!RQ9jA&a1N$ye*c_{7xEb|9M@W_$xgDnGVC(4gYoPU+1g+_$HI=|o(NvT{^ruq$!cxF1N&5f~7k z&mL;QWf5l469esQh_xqoZ(uqIpM1SM=plGG=va3{cnvg%;A9BX$z2W(4p!m*pP#j( zb1&5B0LX#=F{V3(8%T~H48rdpL6bmRnt9J%FQAFwtd3D5kxMKP;^Ig`9CxBN(lyHRKo2eU~@x9y9f%SXTj}p z;V>{T2#bhdZ)$FSg*S+`@Xb<2epZDsEp;RJA3W#)t;VidnMDQnEz90pZinU)rgN%! z-ni7VvN8yO(&6Uy)_n%smEzduibvnQ?nqHlb{OOJUtEA9GVM_+p&10p#vZtTh`oEi zOEi&`1Tk z%|b>EKkgr&8mm?DbiFfVA+(}G0I&-|XfO2$o3%?~pyX#4?S320z9l~2>bg1(#0JO0 z^imoz)$$?uU_QY;I8^v85~U$%|A@r}4E~sWd|b)Wz~saP!-9)Fhh z&e%IJ;DIz41b+|Q%D$sU+T{ZA(a`~+r6$J4n$@{|uIDfu;sqC2}2QQ;sjB zvPkwr20I&OiGD?ql7N!r4bb~Gs~wF~Uf}m8dsb1Y zy8zg<*qt1TKun5JiTd-MoDxS(RUO#NK7TGCdB+`R;zjv#-L@4eTg#e~@==AW&=gaIs0Lm?08LV^& z#sI>jvMukU&>yJ3bpmEguho}}!B@Mtc#O6Ti$j?ZpPHIVuxk+0ne47=IhWaGd1BYL zZED_u_7>_m12@0EcfVhG{n|AdPuID*xq3$Ko-5<&^8w&wLU^SkuzX3o;n);pD9MbsHq;v^N=4h9P61=l z1*Nug_agdyM$oWAN=PNbHU&oYA3(78%~@(WpezpyVrgydpK5xv^jHW`I`k4T!qw;n zTkJvNLrjK{V=ES`imI!w-W=v%$uniT5f)zo<`ZIe{yQw{;T#kczRV|A!HbRQ#^WKv zri~>82ioQW+SUPWw=_NmB9z0^7Tqg;Fn!6V!etCpofzW-ZhJsjcpHKfsVgIyr^v-z zR8U9>w}1w1lKzmOj4u#@)N07JsIe-Y_yEg|>G`$3IjUgPRB_ zloG7#HZ7H(jJ6klCzOKUupPJYzlyp^Rdu!e=yh^~n8ZciB;b|=OzL4FA&S^;(;GJ) z0+ykqnsUM6@i1D31_TiM{>~W1x}Kc#5xka~PmSP$K{?cTn}f1;d{%#S*n123G0D%) z${^%vAI^{fX`DPet9^`fTeo8Cg65y8|2!Y8O(`@WhM8FVRztb{`wItcZEEr)zoLpt zdhCxy`Lb5FzM&zl5nWg<-hP`t1P)mbYoRu5{dE^kW*o3exLfx$)5c_WzP$O-utAHC zCi&I@;PzyM9||>DdiAN5ce7yEmO+Wt>EO&t35bJeZo32HPKK}afbV(4ar%c(&pkN) z?jBkuVJh*wEAkqR1VLw|SJAYp-5%0`u1TpY-(b^$%}D9iTJ*4K1ArxyRmPmf1qB(= zl4IXERzs`VK|DWPHF^7lw#+04UEPkbI}3gYHs}$S@i&30xRboehQCO#f*G;|rN!7t zAE8J}*|iQxkrFidol{-Mj&C?BL{DGe0lx-3Cq{o_CUb2e3>Y!JQX4eMhmiOUm;ODV zdz-(X2otgbKgG6JMHf!s3B65CEnFwma^Ya5Gvv(2tevzCLC%m8VjxqXlDD^R-@0YX z-X?5KW#!Y~C%VzL%hNANhNz)LHo*A3UlZ{Ttg&A4pR`zux9wITF|YsxghQ}oo~ak? zfUbh8J+6h@cJ4g?nObB{`~c2iL@Azu_v3n^@cUYaxcRk;(D#*peMuhy+Q@8IL}xFu!_IIRl3LaF_Zn zQQJiQX0!wYxYVSz{yQN)-V;lotS_DkEz!=FIeP_z^30T!L-FrMOTsE9GW!PxNZsl& zw%NNu1fwJPW?y!^e9YUGH1F+q_m;cIL`S(u&Na5(HP z1|vMwqly-HnV0r|%B^l~;km(X@)qWZ4l}WN18UGiVS!mURu|_;uGE=a18GxLWlg~3 zWdnlsm6cDJ-XH?Y-OceD%lfRgp}& zwvXELgruYcm_d>GW`IO>I50|8cUPb)Viz;%N1{+nJ4%k#g@b4RD=Wo-FSFAp?6(Hc zef`B~)Vau{>n7#%^|wDb$w$>}=gYL&LlOkF$pp-fDVBYWp0FtWW&}wTrDh!j?uBUB zR(tDowDl9Ux4X$;Fz_&T51?tqJ~X*sZsl>zIHDuin@f-2Qi{16aj=Tz_b=Gshu5DU zy-N7JvgzPagQHZ|oE8u>k6z)_H**u1xnid+0b1^12_#MFop#Og7L=H+mR`?{Ih47_ zb6WnaRZ)m)^0%)*^Mvj>2?fKKHP`i`>e-(b(+kvLBI70RnXBut>s7seZ@na7Q5qL) zhzAb*n@90tuDp-{qndq=FAOI}&6PCQRaYl}_0eT=mtWZzvA&x1n(1YFt%Qi&4PD$5 zi6_5po}}gaeo6wJl67}?zz<0E?9(vY-M1$DY=$(F;Zmeyif<3wV~4@0@Xn}4aP*a~ z3!|u&MPt$RA35z2`%H@v!e~o22EmvTUGXZ7J{d&n+}l?2ANEo)Sf5p6JN+0=;WTo+ zwlwJKDQ&o%4qE{QtI;&S{`DchHyWk&wjF~Bf!*foI})WBt)FWJg3*D;WB%NfQij$I z#a9oKXuea|FTjSsN9+8z9VRX=dG`@k#ERS*ij4+whjHKEe!g9$FkT*il!K>$%rU1| z*SDWWd)jis)xg&F$nYGzBfVxt;Tv*wEpS!*4c=EG-~gChzf;Up-t7P6U3RT>O&?R6 z@0<8|t?^Cn(qs zhCUG=>;xr*ChU|ma_;gk$K}6GjBzm-xivMN#ymEkm5w++59B=; z`9+F(*wPAdV@4uf4c+>IJ9QOgrrB=97(^4k{RGjxgY! z3XzJkYoFL=sa@=FG-5LN*|WWdt6V?a*MsGeEs?}=jaZ$P(!YlDi>zxnPlV!LrzGY~ zkn%lD^byc8F61(W$qO<0k2z49(&bBkFjybeID-%p?Frq+1H;4o_VO-!5NAmVVHt(} zEgyxG)ORcwF)?>cz8KJq(T?~J#S7Sc>|P@9*j4#CJ)SYNMGak|e<41hv5+a_qV#); zA<@GNnXLI*<|IK23hqWKPunNpQyG_4MOe#&H30zuIxuc_+7UZ%s%}u8(>gC{7n%=? z9d^`s`AEv)L0Con5r!O`;Z3+IxD6M3ZWoH@IHFb*7T?TtQfSJpTF6h?{zLugKgWb0fPnC>D*^DzsFuWm1Kyuj+u^246ruxX<-6h9mo6!NV-dW}`Hki#Q_FXHq`!Y-2+Ret*R<+XJotM7EwV=V% zN@&xjEoX(I|zcFl)*SJGV0*=Tva*3Uj#Tzci`2hSEdFbo$=GqkT%<{-M* zwr!hoY&@H~hv$&t$bQMFW3%!iS*Im0GL4}>Rm$ori9o>#eP?V@q?T}eiXcIOY{+cl zE(l;#IWu@>`-@z8w`s!`ru%iWV&640&e?$Tbc^;RAB87iR~+oj(Tem>>VVhBA{4r9x0;&CQmg{v?EXmSKTChjV?CJj?= zp}11s6QmGGayxw{qhOpAA537WQR=a~`+=lt>=cdU%VOAdcFq1@%5w7Z@~-}Q&y@s% zR-3eWB2KipmQL-HimLdebEmx&W={5xM9OI52Mrt{lSgPRw{o6??FL*CGIgyv=)-#g zaA6Bp)Te9UO=TCeAG*P6snyNdK`ZKG-*eV0Tubc6gx)~YezeDXv-gaU0Z*e75#6=Q z_B(Q#EGQNSpSS;YS};&k`LcZkgVwO6a87JyA+1!@K=O{#9Et+0Gatgx(QYrOX>7wC zj4%F1^F$w>fEG{Jqd(a>9!FBjwE{s8;JG6B|L$}|6omkN>`b@NTl2W7YE>=(sFZEH zj^oTgo0VYmGX__ruhvIGgXoc+nNw%-#w=EO%eHL+ON~hO+xGWrHLM$H3H*zP&Jqo! zUcfT=?DBwf>a~7`n}3YH>_PxZ-RWo(Ka6AB!uA`G)#x9`Td{S(#pSWr1nxsD>f>}G zU`NVIiDWRV-`WuVnj^6qh^Yu95%I=M4VdEg@|@pj0}WLLg_y)(1~I6`6V&82DyZr8 zq`y0T=G%&kTjVRc%mJ3(Y^!IwKU6VTaL$|{6A0$Xls&r*f}b91_+a6N3+&~f=GGSjT1S0Vfw|;i46`+*7p1@0LyPp zT!B9(v`TPshc?nJL%NY;cS`Zx*g1!QOpFTKoc7g<4^Fj$+*sID zmj2yT7e*7Dmrd{dfib3t@l_X&EOTwtau|*@q zQ`kZ7Stc3F0ohwixttsvK+iTOA>3Pj zJj9*xk%-Ce`B=o+7b*aO5t(Q)4dJZ%I}YOURBbM!wMtfhUf^DUis;_FdDB@PiL2e+Ay?*g6@%S7lMVt5`7y7CZLA)2 z#7t+AqZj}kzG6u;X;n)Kz{88+*^viDsxeP178!}N&H#czH)xKo1;G8jn)hwi#EIyb zm=1TIc-5y5o}<^b1I$`}wM$#~YLnas`7Y@SoG~V8Cm1@?`3QbD0jaWj*|K|79%*0K zs#e^;4kUZ_UZxVZt`iU#oFKj6IiTTD`nzXz1Z-I2_g~Fbb-gl9oc5~LilC#LF%EKX zruMhH^sYj^$~tx#I3vAC!6(g1pk$y!m<|w9m@&rlO9HnaQCqaCCb?w#KU(4HK=lZo znm}P0{m`QyE0%Na0d0txYCzLU*5s=axde>H?gU<>|>&=H;o?9lfamR6Zq}>h8Ly z%5w5b{aWQZp9OeDQ~=A*%d~<5!6uBziG!2VBQ1El<2m>K{(iVzci@*Z#w0`A{`Ik^ zC*!%#lr^8Udu7(Wfa5L^*NXaWOkTv<#?q2E!)Q6$ID9x(pL66x;AV^46CdJ-T!nhd zHIMENJFGsYYVZ0Ts!<10Qu3L*Lz; z2e*(hHTqK2en+(bVgq%pn*z#xd1A0FXYQSZEGPlm+Pko~c%K3 zmr`t~-^_xo+Lj~^RX^(2SB!0IagcrIsjCzD{K=8knSZgW zJz7=9hU>c;G(UJH({`R-&Aun6;Rc(T$L8i_cJ*Yo(*B%^N3RzaFIZYfAC5lcLroYM zWe7eL+0t{SDq`5lWq4Rj#|W0g@ak1bjC)Yf5|Y1|-1xETWe0^;X_~jX!9Fa`cSqCC z&yBo_&C%>< z`gE}1orhx5zN$MTt1*uI_`@N@yT^~)=?mCAEw+^A$T}SzvN7rlyRyZ|As>X68>t>p zB~Fx_dS6bHN8P0mHYYEyp%IIHoOs>`^M8({lVJ6X1~BpCW_3n7d|c)&46<*a@_NJr-O>EI|aqF7uac!6gaMsQweA+tg;m}L7=@Se$*F2^^ z_3_!%KgTAuvxphvNXH)1d7OJ2dNQU~_|-s}&GEk<-q8cV|1lSNEdvviLL#|@)m_yg z@*b;zQRPpv8(gLj*gH5jb9n#$%SKZZ6RVs|QW`f+Ug}l|zaDa~x=`oM*^M!k;S)$^ zUMwM%`s2rdSAEU3H#dW>VuI}P~sn(8Vp5GsGLush* zhkeedt?2Q&O-VBL;euu3P8-&*C&R&xFR7`kUvDnRP<2zP>Y44SG!pzX?mXYc<;8#a z0GA*0P{#E3LF6kYcB#i+Dz$P(XKYxz_MTEjX>swTL~C{*ggS{%Ns0VZxEV6=9Uy5f2VKSHQdlGugn<ZHu}<;C!;+!Rcr;ALPsG%rA0;Cvx1rytZ(!hQQOEPDQ9HEj zUYTRG2y@WV3ITxjco1B4Y}evG%RkDT)79cuFD>P3lvGrx$jW-`SpOh=C+FADh4J1g=iwUe;Q(#(s=mbK^>#)Rul9=@rZ~xG!44dH|T}; zPduGismja9&dK?w((O=bomA@Z2HEHk-j~Aip;Ab|RizeHC1r-tu{h+qvCpBFT+~$i zguMXDoNxKX#GJI&tT|858xt2NFqxX39upgDRKDDb_4#*()&r(EB=CYCCVRTN3SSB& zm45!bR(+II7kI10szP;hUH|A850yg+_Dim3{NcXvwL{+Be}NYqWu8f0<>< za`&SS3n`z6FF++%F+BV$iU)~)=_g%1%cMJsv%Yjq&E4HJ7%_4neuhu0>*kR=9PY9m zO0|*h)RQVkw3^0ZjPQb2hHaAlzQ!sWHuT_$9?G)OM=P^@b=W?^>q)8~+Df74Q2F~K zRrm~7hJ9}1hs0Gz$Hwk*Y?)qIbXy>2@R;b6UQfF(wY3b4pPP)*+z!3ld=4TLmDZ>p zH>5z@jqmEyP3NI5)sXw#l2J;SvpSV2u=1)W3bu)o-j%w1t01jJJHYn5Z<9OT?!Ejq ze6Ef{Lj88ZUNHu*qRrNx#a9E&ZyvS`!xo|6egEt}^3JNTKB_{M;8IFjFA^zZi_A3;lc_sGXNVL(e>F(;%96gH48_k)sSd#NIj^bGL z7zE2k_f1VqhQg#TmzR_TSXM5{Cv=OyjE&_r(spvn!4*Y{+SuBv0^eRcca&@IUI?iK zrwD%Zz*Bn5%5j)(QQjvo(4m-PhHUFE-cO%y7IZ_PgDFm2M|XHiS4_+;80hQ&wY^0! zud5TY$CzL*iks@@V*?=6MbEW@>JF_-m!f=qeYp~n5Jn}M4WcnJQKqj7 zajEOXfri0JuFWC)7-bvo{hrf5*X;EK=={6gdRK_*{BK3l}1SL() zxY1E_7-b$-)_hwb7Ih+kO?0mkIfdx40@Gx~XRLG&E7cyywRy4ZJt-xfk9s;k@Bo95E68_sH-4K=A1I*2J zb&Lm&cow3f#iG1d8*@ugQyY_Wboz<71Q(PJL!XyS2u?B}d3Vd)Mt z14sb^`zts;v)Ve_sl;GND?y0&xO22p#q0lvz3=eH^6%fiN>mzBQOPI?p`=9iNJgY2 zl7uKDB4zK9BC9Br?383y_RLHrE7_F2N66+mPU?Q$zu)tE{)5M>`&&1c>pIWR`T4xZ z@jl+iTPIbWSh5caRv1YS2j#!J0LTc5^flMjbuGYf@`J93i43k^zg}~*6Qj2VMn|cx z$Qc_L$l{0orDX#+V<)iF)0-Kl)OUD}A3qUbmi6KVeFC(2)q8i+(7b^ojD48hK6*)6 zIRFm!??@boSpljSpx-JG`prXS1OhG)f1;~(Kp_1=uY!&cbnR0|{7TFpf~X{-w5N|B zN5WJKget;%cyyLvq2={drZ7l7K{Hn!D6_=qjSjmS@MWNph2csE%0-&)`c~HZa;e1$Ha4G&VL;>!$A;wCs z<(ZX{p*C2b6#nP>gr}>H%hLfih4_UZb#*bw9?;WZU~bN<<8NnTl6dCKnO7F0@$vDo zi(534F2U*Fymd6mP;SET4+un7_ATKN61u6_{jV)Fv13#dHQpe@uFS|k@VIf< zlF(=+f-O;goN7FFC3W>C;Sa_)cLLugi8IUjT9GAZKoJ`I5}(cqd$xM2OxDzEKt8mt zpujl=Pxe_Zy*spzU}$g&FY!ROY~C!D@bicdn*cWyK#|bMXGuEZ*${E`vl)olA0POt z7RSNCQ5fh;2t#ax)N&Z?3)0K?x4=JHs9UBvK8fC=* z)!XNw(25VkF6l{lbOlQSt(L!XEuo=@vs*>=r$c1vx!KvPpu>uon;8+>)C@>Oa7eLH zQ94a3U8ex(f~a#AFxtS-(04Q@f7eBLgi^}~n3#jleloHjKdua1NCn|7s(FB{cc!{# zHyQ`Fnq0zA=oYWh8+v*i{QQ@2NoKbQL%L6n73Ij;Bm+{gyJzdzbzO_$H0K9c(5>|A5IAt28S`Kv{V|nuX|`fNXT1a z>`QhO1F=M0J3HjR2L1YV4Yne))x;)O6OVMSTyJfHbe>v9s|jIs=(pl0P#NYB5xI(j z<3tnxwkCa)eMAo*9`+vzxSib!iUeP2)mhd62!!DeERep)FXHXhzOqu@aaUYm`P)|h zmCkd6XG!k_uu^G2u-C#doYD{~s%I4SBE^Vb@O&_{B8uZIf9`|Sw7gXu7x7(E!S)+` zA*m2S?e6V;;J|nCBvDgE-c=Gw#HWA1w(Z^iw>LTvRH2suA7V2yP7b|CSb@3VrIADq z_J6-L88UTvgv`cTN=iyE)QOGv_e=S}->cU4Z-;@0N;{W>Y zzQ{-a-4n9<6Iu3E?B%~+2dI?t|G(vb7Uci0<$sm}|JWD#Z>u^t8lH60OkxsL<(yV8XZ6b5kAk7c_qK^8zs*=@T!e`xfqJb)2{wZB-BMPQQQGd2H1ZXj9uRetK-pzouh;scuBP_-exe))H{lDM`y=8Kt3^F32A%jU;7AI09M zSl`*Y&SR8}mV!qB-|5+5c2?)-ytDhyiP;WX-RBCd&nmwETDb=WD$kMNi!k}9{Sw@Q zbiM|7*oI^Yq)8^Xh|eHtM8G zB(BS}jj4rs=d6aE#QWc*>^elToqA76#&v`#agg%*+zHJ{Bs4b`LKIzBu7b3o9t{b~ z-PZ3Lxk4&l0Tn=~fIq-U$PM-rFVW^f&9??!=*Na9@c1WPsO-h9TFlmO93>@-ONY8; zE%OVV7&7vzV@pI?;wV`jvSRKU}02XUZ}9q}gc?esEkmO6cfWREBLaF?$w(mzVRni@W9F*|yp*v&{idh#eEKadA*naepU zer;>=i2CC6W39dUPA(-JDaXxS$o-LTVRpF8!q?7m18r?_R7J9^$D;s~;t#~+lduhA zdk;QDuK#6pTHb%iaz2Xj9wWwLs;E3o$%Q8V%Hio?Ie0>)#fWL^)6(QaD_!EeT4xo>{Hifjk2rGJ^ z)Czez5@E#FwFp_g+Yh4}Z43UtIU2D)8}o6S-_`xm*l1Xsf;7QPwA$g&6ndnciyvcJ zLtzv%O+Jm*tC-h*WkCrEH;oLdLB05X_fovZ8x^A;#pdCge0<_W>{M&Mc3dEN6(Pd6 z=ze-h(e^8P7ossbV`bO$JkZxks7ak|#~Ab-d7t)>xb#f6$ZnS#!LDX?Y*$=Z zBB$ky;uXJuDuu%FNl?BgiIGg{>6iS?{|sHmj1>yY*sCFX0+o8<5e z6ol9If7hiFi`RWXC9|;bJ5(sucDN~cq`sylekAe8joz-lVgA;g69RaAUPOY0Q^hKx zhmDV65RZ;%WbBh0z}d&1GcTdJ#3i)@X6+~ypGjMM^JvB?AQ>}mp+X0JE@>~-dT|dt zV+->*8EIP*r@~YAkUM{@aG52ma^Dg1WOHEb4wKPLb$xxYjJAFI1qTL=~RB0a3k+5RQ3JS})*{if1 zdyZ#~2VP-KFd@b%P3J8y&NZ-!9cpIQl-wh(BPTCkOYn#OWxBN)y(_Sb%A3qp9@+ZTYi%pDLSgD4-{lcc0KySy}u^C_kF=+cq~KQIPtk z&cSi(-#90uz|{wzA5N+ldQHqFD5$Bcs!wWN9(8&%skL;Lie5x?cw%&^vvY1Cppv8Z zW@x(IJ|3lNhTvB~5QxkNs~f-q_A^8?PHX6hJnv@&lLj{+IGpwk%^L^3N{;Ev7lICq zX+iH7;DrmAucfF>ra;EVz;L=##&5vbBDG2V3NbOH!+-m&#=NV0`EL2MBs3>WFy%}r zE{;JAL9oH1@9Cw6~q@<76zZse3mAaU@ma)ni)i{$M^eXMTh@(|i}(R4c@r2BgZ;eyA?atQYgJJ!kb~ z_nlW}hn!2eG1m>?Tg_h6oc(fu!!`-^cxf#}y-K#DhFTJ zzJX3f?%dn_xwjtE;P=!)ed|i@Y)=SGm_JYe+c`)#bi4w|F#dq@|gcOT{ zkbj}$w8PX}trI#~NM@ktq4jX?1wbK4%e-WCS}-GIhVg&VIRVq}P9U4jruh!)oWY>t z4M6NCmoV!A417Tk;-<6La@Ax4GCzVDhv{s|@Xul%{=ElpvX46&x)EjT$+g_}jWr^P#%i*^RP zEG+zt;RaHxqM>1I3@ZB|a^@#2&;llSH?ZqUw{9h%`>z`tC@AQ)Ro+A>b&?n$Z2(^Y z{BNRs4ipCi=74OW`k`{;MhtLJsJ-=k-J`q5N={-UF^!vYAfhqdG(0}w>utgug8>yC z7RGphM?^^I3Vu;N&ps2?C{`Q!k4TjXGu_mr4v^y0uqCvG4jnjf3P1@Vy-lE2mTjO8 z7@N1;J0eevIp9DL=1=7I;5@9}dw=GyS0UakRzbCIv=%#d#i5O-FBrRmLCjLYDa|OT z&7q6|>hS6*cVaBTxbn^Uqh37d>*Hf+ZD7zeyoZtQ;q$(&+J->)fExJcn4Z0fo{%kc zk4%k?39t8ZynFz>xl}|w*efxA{#XJk=fI$aQJYFT0EM)c4uI8wVFKOTGj60UtO3vk zJ4MDAO<}=M)zCKf^Y-4YB^0VCGTRkUYKbKSGP`?9fMM$ctc>pD76q2A@KXj**2cuD ziI+SM`&O}GD0Rjnu9B^h1xjLRnT8070K1Z}FJ%tt!tewqn-txTV3~f+2p@;af)HzJ^9s9{lvMEW2R z{{wPE0))KEPzK0O6eZUq!_N|pr*rmLr@7CU@*w<`7qJM;8qod+V&22+FxxYbE(=Ek z57U%j&5YV`dj8@q5h#gW3kTRi+%DjWO5q9br4H^T$@F%|Y@YI#&hb9leoooF3 zl#^`*prH+tx%sVsL`-ylP}%WLqlNmtY%Fq2xyH>otz@34`fF3H4N49u6{1?ZqZR#c zK9~Cd^8>aZ24Hqg%zEoe2Bfh8YwgE0Er~Kk`u6JTNMB##3Wzxt1bSCQ5ebocH@$)f zjBfYGrFA$`NUS^D|B^j+!u|q!Vf34g+tJS*FFy zwlb+2UVdhoe}a0vr`bfgt~`Kli|oug=VutBiy>~jfp%03RZI*FCptR5epNsbnwY=3 z^^EYCwJ^1A2QWWkCc-ryJp>zSC1D(wQS-uE6=_t;7`W#wo%K)UjU z9jKV&54Z>_T3Sg)5HB-6<`@h3hT-IGBBsLQ2~{M@(Xe-*H)KJm-;HDAx6@3pJ>n5S zw_BI;V3YLY;wBgFR-P8gdy}H%xAco@P78XCEQZb9L4$q2isFQ(pQ^p8EesH*x3$Rcs5c$(nl^ZukJ^@GScSGX&0 z+lM(dC8fvIyRtMABT|}Sc6Gal49IIV9cOP46S^ciYfuFstPH4`04iDh%5+(}`T6(; zAf@GLeK_b#O#WhXejO-%g<)@Uax_p+BJ7mCXgCt+$=p!~xTh5NG8n@hA;PqSHwm0j9U{lSjKkS^Tr#pXJPkvE;t@7w`;-XQ} zChCe3kw*=(=IiyeSy&|W-yN)JZf?dBGX-WamSetC+}-`5?@_%&`KT864-e0|e50SoX^Y)I0i~>4$B!B^oL*f8lfII9hru`!<6! ztcswT&_;`u&(q4dErAZz3spaJN_3RkuGERcfq1WT#Rd_9Xl2%LTC;b|pJT_4d0X{P z*}65M%wovWcuxPBE$&jG^0~#JcYgMqt=&{p_!4ioKqUtCE)6~8yq=;?#7CdIzp$P4 zUGLl<9Q%sRr_851Ln9Hp*8pB~5;M#wN=D%*P#gq>L&?-M2}*V!KJ-17VXU62*J65N zU~=r4tInOEFE@&F^xg}wTW&e)AATE?2yyp&ns?N7q105@-kt<@iEhUXG4q<(m;>7< zP(vW5B)GL*g1trrOH5^5T5{B-N&Way0+I0DrhKRTafSE8gpJ&wqIU7+kn_4ywxyY} zLzMy+9rup#op_TIC0S#A+8WXSS8^EJ`}Zky?c&aK?2sFQwm}UT@*f=LVX1HI>3qHe zp}{Em!AznzZ?2_Rlr5w}ZwTe{AIODOkb9o-C&tSVsZea(9Dn}o+0H>?BqGKdoJh-` z2pwH__Tp9m;E9+?H&~isVq=rJG|sfFWb`ARhiGQ6uFqexU=VZE@SkjMUs6qPvwe&0 zP?R`bizR0-Uqo|Q9icTDaS}}@a?21A(<%NS21&CIx0?A9wDL7!*~F;S9(UqJnU22$ z!e!~gH!MxCzqP>KYn%O+p9^^%R(sAj|BzhP^ykpI_Ij=8v+eUAKO{}bRtQW9yqNns za`oN1on4_{?DnMqn)xc;S7QPPtmGHE`zWgF7Yq&Gz{g|OF-_o%CR#t9bcF>3L=z9A zuL(75LHn6x_;7ARdz&0$iW(ZFOL>UlQkXF5Gfa%0;){#B3a+L^=&nelWt#Tmrw=@9 z!Q|KJ5#BWqo&IqFS|vgS5f~zvRfgNe3&H#*dUnRM;6iMX=XgtzPRd6;U3=0t7!=ElZ1Y+=@g4SD0Gd))-@VKI)1JtU*3cuu#s zh-0%1_I%Vg->pycP8?O$xB%eSSpfXzofmyf-kmYU>Bk?Ocn(fZWmprPm_>i9qmrlrPZ^2v069!M}7z z5t*3ROH>Eh%X8!770`;k@um@uDyAor6Ty4$L_Zi|9NgSgS8i2|P7j`QnhSW`g+pRK z+Z{xdW+lq_`1uEsfYg5ahepk)=qkgaF zNJ#*T<=O&sLJn4fru7mgx^xSSLeXuK5Lq1P1=ab-`$|zG&j!z&17l*)d zdh%(K{b@8FJ?0JD?O1W5o*h(-EWhnNLhZA@DNU9V5-yM%X1aHkpPTz!`_i9uXl**2 zA*N4N_SWLsl^wb{wKfVS=H+QpiA+99fkavU6++yzXymez(lre<_$e{^$v}+Kd1*>( z+2ThfoQZQu3Co-I{)_J#<4xNqEn71kFin}&t7vJ`XU8$QtciCC6P8pgeA`=H48b6T zO2fSr4B=!;U}W=QD{P1Ab?I-jNO-bpm;FB6-05iIjQDJ@W4bBZDhZj04C? z?3A8J-8a=w$NCxOo9{$!xo0f^681iGQmJm0+ncpAkeR-Zc*sqjInd;4~}{e4}<~bN}3g7!oq` zzN-DY*+?YnuUcJgFoOZE1!NgdfB~TRpk$rTCoCH^XMWJrr~M40 z)(?p3g`Kw0DcN}DHmYI4oX35*v)67{iY^HPE|WE=9R6^oaiUW6?Ogi94erm0SaKX` ztRS#bV%n;1J3&9BynXr|W(+zkO@xO}1``5xrS%B?=Vr>p7%j--aXuXWybrH?AUe4p zwJ$t{fsgB%zO#vrdm0L#&A?qmG|V0kpH=wYWrLCuhBCRk=9JmH@5y4OPpL1%mK8L^oH>*@uj^~kVzSt`?J?NxmmHK)3vN98W zN#h73Lsmo7pz6h&HfbV56PX$7w=-3*JGuqU__o8T_1+xA{zMH~t};bE0a}IaFF)FW zRd@bG7H47xGgrAt6^t87eX&4&LHPuttCrq!=L>Hb%L}B7FkdOT7ytxcSjC4M_Ib0Hbnw!7uVVFqCp^ZjpKu&ak2Uh zYNaR7gW~qRtM=u~m$CJlG%*ivo1Q!Obr{uPYhgw-*+_!6a`eyBz(7agOu5(2l%i7bnM((|vXzCAI} zi`pbHuq|Z~PS>=iGiH3P0e_oybV}TmRMf07(dtrKk4@Nwi1uZfDXlX^j4YlR_^b5vtEk4eE~*927P0csaTEisH*j{H0}w zM{-s(2R|t*@lLmHw6jx--9>d3*f479M46n@w8pxu=%Pw9JmIUMorVSmNAr$wa)y{c z(xe+TZp^ZHO9Y>Coo>JJpp{hv!xey`pJ%SQ7`g=)fZ`+(U$VS`yinf+o_=(I0PLW!J-jav%^W} z%}K2b7j#&%kR+CmPRk?+0vtT5jO#6}uf6<+?`Yo8$dGqNVG#IdKMTZ*Ct6JtME8~} zbY38N_7g{&P%WPr$Au9lAo0tQY~vr(j+iLwR_YIJ%)PZXaELtHTM;1ZUtJ?|`{1~m z>L8LG^~^glpiQyJ-CDC~jf6`gAX0bF1a1q}sa-KNR#jB z&$1aFu;yQHCKV+VF}~)PewdA(dT&>6?;wKGu&Ico+Ww0OM^i-VNcKO?c6g5X^PW6; z@~zY~lKIX-(CQ8aOvH?Hu;C{zDkCvJ56ax)yHb45{X94XCn(zYD8MLU=@Syv)33R) zyopFY+A|SIvvZ;HL=;OFljHCSk?}Gy#q6`oa}}mHjs2y_NnY~W78z>bCmA3(!Z8e) z$|YMr2JWTq8CI}ZE&^YAtRPBU1fR8VSVXaln(E0f;F6*pdi#2a?|OSqxbS4M(5zb! z^?j9`e4c4(?19g%jyre)OigPaZtd>wm5Kk#D5q`TNP95P*yvW>bpCv+VY=Z89CjFB z1+0@7Az7_(`5u=lPGKpyTZdk$DbR&m3x7m5i(Sye(hhFOD8fe0>pUTyt@OpzM5XPgbHAkL_sD0mZf_Ah zW(~djqF0x>js3$J+4%ASG%{co?}@+@O!V};fsaCN3FT-e0aQ5IE#Oi<97!zn9~}o+ zgyLfn_>7IQC$ukgeXe_p;C<&scW(bJA$;VA7u%XzgiVLZj#@EKtzo&K5Qb5AXb8Uv zLwc81jH0xt_L(?361>+eyRbh!^}6_OvW6ENaowsp?D%>@q=Id1c{K@HCxl zQ<_|7$xqy$v-_Bq>5C_FH8N?Yp}*C*Zh^OVf!6EB$G0pLTT2y_)e|Oc&mq-cetmtAC|hWHNU>D@`%bz~ULfqpWC4 z3AZW2ef2a{{fzKs6nu%*JS1mZwzNoG#DV>~n_d32TZY7&o^9C+n_6A;VAsopf(zUI zG75$*jW9aZc-dGr*0%&YwNXIIO*BWTz4}?IA1Dg?O}6O(cciU7vq$-=u4G^FJ?lw= zPV%!xxwS5#sN!&z<>?sJuIpvl0v-UfcnA_L`8jhx-dNH0HFwq3pIeT$i6l*Xu<{x@ z3RcoJ^z$^25*-C~vylv}E|oM%9MpKX;JpAf^XI3M5W_mD6RgJi#5$4bwzpbhGZ9&2 zfs%nQ-#w(vT|UKB^DaG3D6_0|a?I3eub&>7mnP19nfexcJ_1xmPlZkXITn|EuW(UMlDyRkCSdTYlA9oK}>gk+exH=0XIjs;kd$)hu3+J z_ajw*m~ro_s_GBd)N7IMqRpUBeRZ36QTeVPvh5Mj0P~X|k@ej&wQG(~#6^CeQms*b zDYX%c#&u*D9o=NjN4G4!c2T(tHaB8Kmt(l!yw1LID{Rwx(Oj%?bfAhkh3 za33qNe5E{saqY`J{41CeiqY4j#-IB)PttMJEoq0&^OY0S1DeeIvUqYIb|T`^9~0A2}()xR^EY;rHW)F<{LKIj70=s+n)-{t^SXuN(YAs#BqIXnX&^G+^ z?b}v5g)mbrCiSI3$`=Lib`p4nnUVJIxr=LcTN_KeQ013++6|bQl9E!-B6lOo5R86o z?9>>Gxv%ZpMV0<#$N6U4_Vr@1@6tK;HNSgz-Rlu)@Q&bA!vVj(zQ|LXS{1bAE@Qx} z>%lClEnD_@{)oJ#_8B}u*EFK7Q`sz~zzPqJ@ySuKT1y3u_lb!ns`Y0S6;)9Phav!r z9F!(dqpW|@8!BS=LoGKxD$12(47cgg$P`z3v!K65-%@M8e8Djei6p1odjQ(|5y5;Po zgqYJlTejHF&h~a&W_PxzYnvSpsgQ6hpD;v}rBiqc^h7S&FFEaEVYt3=Up7_Nkk3#{ zIzKg!B?iqKodF)6i1t)2Ul!;bbZ6bRdGlt4M(L#bw_(mSC(*w0+Pf36onCZw?$zaS zrzJnj(Z*<$b7NnAxY%fV_MLgA1}eQuM)F>o!q(@>s8t!)9u+~TQD=m@vYEwjrX_~7 zCeH^euwI4O;e_L;H9>ScecByu1uSw@qBB3Ac#dp+a0;sJ9w`oWDwoP{rhbcKaM?i# zO|}^Rc6()jG2y>+3_3Hx?q1R>S zKC$!{HK&(mAClb$=X3_sO{)kofGI|FHWGYG4RBqUZq8;t+8B>2(|IcWZz}3(wKak;dA?w3N?5zwBe|M$`P4pM9UOjARueS_P zP^^=n)o3qy`}z)`ig-M2xUmt%QaaRV`WKiMdz}>L!w92egQZEe5T)I^~SEmw))bK~=`JHFhTdV@wGI?oZ% z!<#b9I-fX@RU#NjSD+2Kf zhge~pvwVftQn%Isq0`UebIIHZbqRA+BV|OEg5VPFubumDlGXppqs%>#g|IxS+AYxN zn+j=PkVbOi|I%qb-Kmz0O8BVZ+C?N&lcRvy<~nxe$D-+)!ojjP)M^0j%>I?V${?qp z1{JZ_BxC>lszF(;R& z)66Pg!yko)COqZ5MAwXx;4zAZ=sk>#Kftw#f^G1q-=yFHE-9t_^9^W1i6a2mY=Sfz zTy^6In;kK@m+OTKWKsiK)+qR)TW89@J79d)J}xma@Jl!4d_4H)1SQsTR0@QehY{Dk zkS6NZc#`8F0J-2v+q7wuo9c;8J9h^Ng?^Ju$|kOrIqXY!4X6jNjOVfMCc6U8(QO=# ztPi=pv@jb{?0Ft+Gj{5O7Zi?^w3Xokjw<^S1lGyoCtX{$=MYE`1Iul)9f6(zvvW^g zM8sBeeKh7ebiZKcf>IXik{nh1MCS||%pCKzmVxp{5|e*Q^U&Sjk6wE}>(;7{+rZp> zn6cY?ivk*-q4Wf&b0N#w+kVXeXZoYx4($r;|;&)#Vzu&qDoc~gf) zXwR?HMblO7DJqed#0;F$JSwM|BI--jRQ6#&7YVRYDSUlF&9%o@{lAMg?CA}J_rKOL zJzPB6Zr!jvp*1iUzEn6s!2u$1^M468zTDdnqb-@rI9hnG0Hlf-H<9=@G3yL0$+a>|)E_Y<{LV>w z0`Bd?dqOoXLYIiFkTVl75$arkd}=J}ukQNcLa>o{Xu9VSJHEbZ(UOvMn*$a zN0D})@h8TUw_>of#ExQYj<*8?H*x6%!t2QvRz*}lR3*#+3PBn1f}LG93-Ua}=Cn@? zpKAMci3@*Zjo`roro10|rXdqXU@7b|Q;EeDyZcNWzTvc3@05Vgi9=@G3|AGgf@q$iM(}2$op) zm!P*PDQ4di8{zSYA%*dJda3FMD5~Te(L-WEP$4ZW0Pj{oOjiZ|43IxBD!34!0Y!3e zFAKUoD#JvsJ^e-oCj4HvDxiV3m_2k+Q!^2VZneB|1`E}cdG|FmbX9-~qIZY^9-W+= z9Lu4sr}v8RMIa=8|8*_B8ROXFlI@^_auZIubo0WuZ;B!S=}V8Jzk@(S3*9$Kr%pq~ zB6o4v)bHf`_M54n(V>NSr^fohuc zM}qLkc;{4Ayu^{y0N)Gc{h@Iahw>E!(sn;>%FfQ70?|Z*;LcZ82BAuK=@Ky-)oqT4 zICC#vyojw2^>ARzGX=NmJW}3w@7_H@yvJwefRhg!b*!Te?F}dl?=}0-Jgf?WUsiUu zTT=?UWRgdNzy`w9oynHFmF0s|pMTx%BhXr%1;hcewV#Pg%}YX=fX z3{i@G>wY$4;+v4g^5XQ~X4n8oBRp+o%#`d6%9}h$l+6eN5R{4`4{Sc!r$p%Zbc_=y z2{HT1gEJBGY=bglbB~v1!|D?pOfP0n z&)Q2j6DpQ{+-nM=EbEunn=hOCzO{%@T6XBFC-|!x+mBUzvA_>HESJ-`?OA(tnS?LL zNCe5Z=giq&KG3!GTZu^W$*Y0~0)tc0_=nyPH12&J5QHz;#jSY}EaKuli$GEcl1R>x zkRT5fD~RFb^;%9>;qxA&B!luV028KXlh;4-1oq^1V^VdnyG%>H`yIE>Ve4=NB2Eiw_&5pqg(!u9Ku-wo|PNt zi%BZ#ACphp7|=c8m}{Ne^Yz8ua3hbk^$v;iSu~Wy-bOd4iDjM?^G6I9j~BHcId1pI z7|a+-ssj8RfGKHG@%iK~CMGIwZf*!ksk7^WTO*|#-JKAP&f{d`#$)eC?l|;(3*Cec zd9TV;4#E&p28SO zDJkAI;KKWPc&L%>(cbNk#Hd!#oS)Tgg>?3KfZl@>x|?XZoG)^e%ue)1RvT171p@Z+ zCl0?}?;o0bSJWqODKJ0Y2f4<+9FwEFLE3f$=Sd-iuVTm^o58ptc@1za$rR@^F_NJ0 zlpO8}eevQEbi*J>>NSnrqa@2>kfyp#IMK^BT*pOwx2`$w`iABc4T6y#!^;!c+U7tD_BFj>UkiUlK5&2xo|m;*V8~}%zXOe#B|TkP;Z(20Zb1l?#MjAnqSK-*j1g!Iabw_{;S`_PNG}Q ztoH-^PT}zl%oJ**GXa%dU)T+$baZqg>TW{d{%HK5kdTlPaO9dTEx{mQLdbLfV_E6# zJsAgSy&mJTp+EtkHaazxhR&z7i{4Yp71r#){{7d^m$ag1SoYjG8CBK5y7uWM$y29N z%sQntGH$QI@rGvEG0vA8Hf#`wYR~o^I}Rrf@YC+t;T93G57a6|xzuN3YP#-Xgi$dV ziw6(hD3E&rZf#_`=WJKLu1>nT@O%~StB$&1%45(0rl*Ntjh24{fNg6hj}PIA(2U*GzA8 z^6uu>&BZ!icr%#jPPPc))1&ku3 zUP@ZJ1I$DbQUvs504kh+b20eX4a&lzqV-?N=bJ);2PWe) zJdUP^`>(?t>4>?HXa$S7@Maq$qc3#3_LrQJ>hyY@O%>L%kP=-gIQ{o?|##(>m==@VN9S}woW`&eIpNwy`yBJA#+JCXnAYxaC^**Ck!JN(k;0HaFYJ>LPKC!uq1JH#RoroRl=0+*x%q6*H9GFTA-Y#q5Gw zk%orGecn>pp554>21C~z1uT!|50xzZ{-MOaa|WZvsvxWqI{|j+@?J{!weV8!G7eZU ziHV7|fCWW%iJxR_N@Xc1u*Y3ArC+I45JnFN^y78aJHW$y}#igXLUS)bZtlu`22!F~MC z&!HjV4tgh+e;eFVmSsCJfpZ4?&Ijn;n##(GiV~dt3d_)Av@|sCXp_Cm!?j{SsTiGGqmKL2FCPQ4F!C z&D^o_MrSWTWsfkXwA`A)KQp0roP4<}3??11uixpBm7^zhouAA6HT6cE8OVVoXFc?k zV#fKWg9piBtSo)KSASd@f>QD|gl0vbsYQf^ z#}Z5(Hlc30&FiwO`09uJ=^W}K87vIiC1Zw(8&Hit^Q<*V zC@gF%w8WHreOE7v^#E;FK~0Oz?m4e%sU5l zbahS5?ycS}@3XNttc_2zvxW4&2CvD~@I_ZJq(MleVjUisb?QBPHe!#hmy!GX^6`@b z0{fwx3$3%**jVwqcaLwTAS3O=bt4heeIT;>xappN&qoZ0mBjV~-Sn{V^ix?D!Vbgt ztxr)K`pNFOa_a_Bx{*RYl#nd@8Y;94-t#=i(?@4wxNftpzEKu=OKU5S!<;$$(=%}9 zka12f2wh#Y`wA@EuR)bM7`hs$<3-l?Z)0Mryjr;W)4srK6lbD8mzAv-6&3Z}>bCk_ zgPL)iZ*!aGE?NDg-`ofeQkB&s#%J2i&tO#zyE8Xa4k}3Wp%4hc2$H1l&)K% zUwMr|j;`i$zOmlF8%XN9ulwH(+j-tx!8`iYzJEXKWSV%M;v%+w_2!tF?{b;1-YDIJ z9&WXtecLuH2&`O3^-Nigp7GC0m%kVBiGEY->WY;{_BE(+sb_t!zNT=~EAYr^bL04b zcSA?r6XaXA;Q#NJj?reVZdV^=qaR87Jg#o|#hv)4mHF<~=V|$Ip~fs&Yy0Y^p}x#^ z;cXp-%zBB{pBAxkau&G{8GrixrMj{DSKn<`E>k8Zsj_12C0FvH5Be^Wkw*mrWm&d9 zytnd^_q}Gj6Y!3FJwdB)AQf;92A?F(@$`94rQ}~*z)Z(O%e=bUk428=uO1ZU=l1b5 zSzZj(oBv+Q|N86kiGNG=Z|(m59mV7RZ@K?|=zsp=eU)7GcengqlK=cwy7S-K{I3t9 zt`08z&z1iBjK6==DXaA<{^#BQ$3Ju*zK9@V_Ev08&|K-NB=AL$_6lq z68zvKmRJ7yj`{9@Z&5MwDSC^xG7lukFejCagqgho(%GV<7V2Bl*Cu(DSep-D+lbTW=d74w9kb%#ems~ zbRo9x=DPLk4;((c1-8m}tIz6%8%Wj;PC=#5MS;~#;NYw&fP!^5T$s zA&XwQGiK)J85pD@I@`4aw4;rqXf2I;`Enf?CJh;8(f@go3~&k;jU(x58EyKQt8&}I zf}Di85tO|TOLXAkC0^HVoPDL9APqz7>gKj)($dz{z#v&L4f;liTJ0SihNqtXy)##s z(#BBLw3k0)1tPyjF?Cv0~vOq?0;^{70J!>otb;HZKpUOiiPyV(kuG!j+OB* zzYbkg#<3iPp1)GZCp6z&e28%B*CGNuk~jc~^L>dI-o*DrI{l_7kJEfK|MUVJ zG&ROEL21n%ENYT7))|g2(i*hE3iW=8_Otcu= zyo&?}NlirDZ9)sUiAlddF8Y=>Z0kg$Z2A4qJVbSTO_~ zXQ9MJpZw`6@=aD&>63h6>v0{~n3_n( zEvp+Q%B&Y3K}MTNCa$6JVl2yP+*LACTw6OrPO;5OQ!CO=M<*)zXzO!480ef)l25H1 zSt(w}NvF0D3`s(c*N`I}T^-yV9C+vZ((Eh9jOFC!R(ykfIAv(quYHPj^@G+HNLtZ} zFZ-IHjENoYj3vzy_xtnVP#U2>dfM)+`4PUS`k*8)(Dk&Afw?CdSoKr^gWPp{yr2ehPE! zfJ@zO`SFAAMbcltsOv4ooHCnZ6-fDKDl=iqSxqJI4R`Ay5^d;q!U*>~!V z|BYsfqw5DD>A~|;v1Jh$4v{J0O<{xSWBQ~aV7p#0bSnvQlb^FQX}!$q^O17B;8hC{5DX8eroudR*xNUU-RkY$W$;ejsT=DFt` z9Xde1bRfM9sNw-~Dt76U!pOcEk7(s_(WA-Q{;TEweaz1lvQ!wX**cXzb(KZBv{e7v zMtzp@$k^!*qm;rQ{@k+8nm;K>&wPyN{6Os}G9lqsRXtSNJAq9C?OHdIH$TGDSU!Sc z$qYDc_c~EIi`U9;bHO^ds(*FxG>Fo1l;hW%@UUB}qa=6N_(HA#m-Ifm1Mp?H z7iP?MZ@z!+s@B!3J|cF1v=O^|czM0QYhI*(boXt5yaCf-gnfcTe$E>_zr9+jbiv=i z7%hn@gKD}lRac{{Bi_BM=@P+120E$`F4`)gv~umOg3OOMtO0hz%e6W3+O;vN4dQoo z4-DKiQo5q-_Gb;7QSx<5IgkUinpV0Dj@dhB?2lN@9ObmVAx*$61O-8687foPq}_TBrGle1ap|@ zoA+-=y-cAE+Ff*LHK3-U>5ho?@GxQM$&=!J%#+VT7Xo7h2*o5Q1@?I8n6C&X0T`sJ zlbqp;aVO4gM@Cm;)F{s*Ct21_w>XJ0zfw%KRWwtg&YPK3{?y!j*fCFMYCxi1UN2O* z@k$@#UazM{KQ_-w)ZTQTpDYmTcCSF)`$*&|6(p!)_C2 z728U(uR14X?&UtSZokO5B58T{eXs}p+pMgnBh8=53Q%t>x*fSv?l~Uf`&V*4sNAh8785S*wkfd-B$Got-e53g2-FA3t8TZq~Y2=NQ zVx}HZ&)j}abn!z4vlU4;Sd>A`p=Zz6bMo1ztEsna5z4CdAW%FOmg4Gb4OdM}j(`aP zcRmoWnM)UL|9c~8A8<_oYv$LjrKAF$Q`{l_baP~8Uf(zWK7F*ZV_Z@H=+7^O%rjZp z*HkpTql@;_9Ru);I)#YkUelMMzlI?~xe4T%6(ivaeE~8OWaS?Mduw<(6N>xNA?~YH z>I?UppMwuMo}{K;lliP6^FUIH9{|s$O8XKW9;E5jKwX|GP>=wzl(>>_lD20`Ro{Zd zHhYLNvD#qYcF&=}Y2UgA^CWSNTc>%&*yxfBbxmQ5UsM(RB9S5v-`3vt`8oR zd6cfPWutj==Aga3y|gebDfS`AWcJ6S#N{uU#tW66TsbLib7?jQa@SWIfDg0R%tVlu=y(d=;N#_0 zgieHUG%sT8C^;&uC#^>41Gz3Ai?VAF@=McC6bzg&u={p{_z0g9PQnhf%k7QEvKm*< z=S;|)%Hqq;q74yk@|xGH{BXI?F<#+**&l{`7oty>PLGzo&^}_oTxMiy$~3uE3yFY) zL}zb)GeY}c76{<5;M*`+Z)X9fq~MxAwND)LPsqT=jlt zW}Wl8@a;Qy?TXIHp$D6M20@^80UQj_Mp;?e-50$1O~A(5)^u{(@*jB z-rpyrO4SaX`F>7cpN$wiL7$|aN(pByi;_te3SEbl8JxT;5R#kfd;ptiLOS`X~9$sWSQddVt zx~M+HrU#}R>NB--ADd> zjmC7zxH_;`uY*}d1_BTT4j}4F)ByV7NipTEalg%n+}>lv2bMDXX!?aS3cFHGByG0y zPQS}tNct(U_wsPf32A$1H2hsybun2h^|~% z@kXxm>H5ZacUW^7Gc%sa#ib!UdIIc5P;mX&o{o-=+w;TeMaXY@tXA;i!5^kg>j3tW z#2;w*=Azz^Qfu4Z%ap$?3Ul%Pwwaj=?>>@M%*o2uO8ARbX$*P_HNs@P1}MiSJMyOla&qmPGaVQq2>BGtq&1_laZLwx!^)kE7d(Z4HW zKfhBIpPI~>FG}@|?hllefBxz?#xcE*?l6j%pndF}oCOHWcQ-RdiZuY))dq3X*9D+- zllm&k=P6q&!^QmI_K@62_!y1~H??IBAm14q)LN#49b_HFBZ$U2p*W8SWE+HqJdxwJ zy=xc}2qKIHuc}3C-OSQ1tzQ>U*Cm%3AZ%V5JSa=~!j+u5$32XK#C<)iFubzcd*20S zx;UJ1BzdG<@;O`*iS$_Z9&+scNk_oMcH~`p} zcuROiaEP^!?v~C8*bC!deLXPv2}_QsZQr9hzzo0tSiY$ET==g0i~Hc^K1JP)2wv4N zH}#t8?pt5Jzfmqb8<{;mtq$?pG27YS-3_^R{CN6fKOr*QPv#4Lsh8H$@1Q>3CPxJG zYmp?N^nwB_sxLI(9Kia+xJ(nT9ULe`=g-w8DNxeEIASaR1QQ!o;|)|1IL#nhnHE4# z9TK={yF<>z6rz*TOFrnxM&gbSKsgje5%_+ZtkkPn<{JsV0r9SHsR}WA#wRIn?#xL{ zmc*Fp%?k?)=e4w`5G#Z#uE&1Gv>{2PKIrdGIjO3uN~>u%eBxS^EI?ye5=fgDK3sxe z2uWO1lMyvRfuXkCD{4N{MDVnuww^|1rfrv2Wc)@Qs|wGEBRG~-Q7c6jIN4>%=(ep zN%@^8P82m)&gLijT@;&`FC%IysNaOB_HmW zmu?GT4s0g$-glV8n4pBW@$?8vUuqe*_oIG&?=JQvn2=`Jz$l9&*9Y1EqQM-WdJ1Mc zb`I3NEi^-^1_|5Qr7Ht{eFX#{I5*dJl?Git?xAG_jA~#20N`xT;tlC+`bK6>?p>6v zZl@&o(Rx)_cJ9AJV8eS3VY{%3%%w?>c0z9xOqmx#R$IkKi>5#B%*uzNL!sL>RQE9C zI9~!O|5&DGQW?mFV`w3#!HI-#fV&oMbC|yRez;?4X*z#Xz!4m1l)#G7`F5674+2ci zptO;rm6haNuW7f1U_wbr-MegTn!lKKzU#<#&)Zm4C0=qrGePf2GD?6H&K!z5bqsHXD!VWIZHvu%-=Hs#=olaFkx-WIW|ZPJ$Bknk6^-wF??X8JLNx!8 zNAQQ!D@10CAav}FgHLV%JM(-OBUJw2W!heTia@N1iz-Bhw}uq%v?KsAWNve2`h@=& zSK4lV-j1+ydE(KMF0xuoL%CL)-Wd(t*XT1Ljg7>7xou_ne@J`pc&^v~fBe-tty7&8 zN$6BkMpj04OEM~(%up(u>{*>8yGT|=MtKnuvMDnpBQq;eHp$HV-Y=c^=l1#jzVH8j z=k^}wbd2ZgdS2J{cs%a+`{Vv7vp1^d|Ml`5wa7Kn)oXZAGfPyoC&{A2ul3ytFowK` z1O@GiXm=*6um^QeeK!}ZB7Bvbn;Sx}=etYC0d^bJJT<%V0q2MmborZo;K648#&PD4l1&O1Q{H494!u&!$<`9bx7b$2(m42%EH1?aq_ z_P3Jr5$4GISnE^NC{VpBn>;>(tXksqb`5pHiU5^?8v#`NCxUIK>#py}XPHpHFFN8-J+o==dst zfBwPud7sz&@bU53pt8phgXm*#`)@5yPS-r*&oqDGMcLAm9?B&GpCXt-zyTEbK1?9% zr}7JtF$VRZkzZ3dE%V+Ibk#n!8@~YlX6;x9DdwHvoc*Xt;c#T;q2NiOh!OqV_=_@DAwHSPB52NNx)HcSV; z&FDJ${+Yv!(%9BFqMV$u)7G}7b?XZ^Q|>!C{5el<)iRHvChLcxq4e5$4%_kRL6al$ zAIE6!MvUtvx>#^sS-6wLgiy?(!(^BLJa^V;WEu>QB1YP;xQt-*+?}4KE#J{T{fwVo zmf@PTHD*ME9>YQ2L%E6RF^WE0Rxoj<2B?pa>b;bZ#(86Yl_r79XM1atf*yC?G$@l7 zr*E5k7`z>dRhGAZC&*l`0ap-yadD%uDholr*QZ~6dUlE{b2cn4_1+xlsJe5gm*~_! zap4t^P4@) zoq%Zx9%3UF2t;}ng6tzPS$xgUtK!1G|tP89g>}|U} zCzQX`jdiu-me{^U2f9Y$r^1N$swHLtkNK0gX3?+k1NWH5Nc7bjF@{$b$xcYMyKOIB z`kRhR`d^ zkmj&;bNh8Mh$(nD?3mfGhgn#|h3Kp{lC@mW;a~10=u=E?xr~cL*XkreGx9jfKTAchB}p z<3oVw^j|J*OPZLNc&3)<(X*s=U&~-Y95PMQGBxZM^c$>#$1Ghr5N#TRiB~)o5wJd3 zxRQusbn?@M9_$LbavHDGtcDlEF99~%zke{T&%h!xf4%beW5;Or^Vz{jM1TInzt1^_ zstuW`slQ3e%3BSG>3trv{CVVI@;QG^*Hn${j`$acU`+r3aXhBE=ho%#A^ZhY6?W9A ztyAjgT_`RHuo9X9v!$W4_Rmm>WlUSxNhhiG6=FP$h}f8|j%u1D^feOme*$eHG_-6S zgUw?!&=eWyXK4B%mVJT2(g{q%gk1N|A7*QKm-3qiY|xv|_(Q$xw&mMAvZYq#dyFD6 zru9dt8i$?HWQPj59uL zUS+E#T%+~bxVXx2Ee}hK!bO9relamSd$+K#a8ariue1A&?;lQBTJiuF$Bls3c8f{W zPD6Y-wVb)w!fj%Y4XR?)pm6)y)alT(14XJQwxvId_?CRq3qxRIc?kD!0w|-}Ea4?SChmq>^CU9R7%rsch)eNS{ za+PnqxK63~B=6C~wcvKPXh}=2FPQzhIX55|&bx_i4*~>xO8Yp}lhebSLHrxS`R|x@ z?}nS5Pnuu{VrHxD{H^Y$>kZYOyu7R|dQyS@kynz z+=4tCMK-Fd)p$!_<4VfQQDQcIH~0b_E(j$;+GfHO|ruM_-x(E~Cz7*IHjm+rDc2O}l_$!9#fZ&e6)4|&m` zhoPv3UO-TzgXUFSoRotZ5B=SYYxpqlE?d7xXemU4#(04H!Wz(gPk*?fe#R@ncv)R& zb}vE5(eg@vjd|gsT|`GS>4e!2fhcN^+e*~6wOSj<28W9)y4pQ|I#_lRa)E!pW|EzXwRO*vLi0GZH|kf}P{>z1E@42zos%<|g#+qY<4DdM zb>@z8=IjLQQS^yeYG1r~-Bz041Sjgu!8a2BvwO~0urG#xU7rAk6@1u#Qz4xL2?XNkZLaJ2s(R z6H3b4-6z7zw=ui!^xVeyc0l=s{LnVMHB^_8rzB0tGtY{r*71m?2UH zAlJE#`z;YThd*a*Mt4RD+A}dd%#d$;ZELI7n)O==vaC_yA`IMaBPK`(@!oxH_EZ4i zqtO_-e_B%4z*Kz~?mthYn=$ahn$?b}`_i6$gAgDzG&Dax9Ia^?jwLuS;j34$`n{4{ z!{m+l6jcz2ppVW2K!drrhp;~dzmEMbMS|2)%I6)|{jj=G{D`H^JS zCcev^-+z^D>&Cg-$|Q2fliBJ0;IHZTF@Aph>aeCv)jZ3i@yOcRxy0zhzYxxjYDums zyMt~#SN#7uu#X`dG3J=a+S~!XhR)Vj;n*R#Is6?`)jc$1G9iY@`r)bg9`vQ%MT-QO zWn&W)MP=m!V$y2t!5C=H0wBg0=uM&_?)rUz$E>WZh~ODnB^Vccv4>PWlmQ`JIw!G3 z2x?=UkJ|<*$*RfkRz7q`80zicT!~Gc>cgQ2Bd`UQ;d?;TD5$G@LV866Pn&llkt9^| zOPyRgRK#}kTm*;;s+N?T|1)5$eIpW)W1^yl9c6wR*-iqWi0eLo_I~^J_?!p3o%sh;cT_mq~u-*rO-`K zqyc=l$aoF_J~n$dS_6d!N+87N%$uH=D1IvLe0S1y6+p(eLE<)6j3Dg=zJ=IgW?6Qx zCbarM{Xu=}7YGvs**w_1ogm#hcm8)|=ob!GZZJsUV zcDtpTsJ7)-E}_=yNoK(V5NsqV?!W`r)Rx^pu&;-czBRho`o9MK(^Z|%{5x~)UK=5}66_9m8 z$ZSftqA@z-;E?soFXh0-6cklvu^{7 zc^}Fjq$LPM`z0m!{_)R=W4f;|SH!#QLKKRwh{}jtw>%aX@=CvoF1CGPCMhCU^m%E? zCCx%jabST*_1yi6*KZ9Sz7NnHLcEo2v2Wi#RH0nHx!K#)0nwss&Wz4|56oXq!4n4E z=09e80tn-WVcH@jB!`l^An3M@2{g{nG2b0o2DwNuE4~=r(_WZOfU2GsSf&Pik1hSi z=^O#Mfdv!HZS=zyUW*5Pg_{)Gzu}JDT_m-^nxNKQ=?(%?yt_dI;1aoUV4A!YATlt# zZscejcrskhKMQ^7Z1nhK4&BjK-<) z>XJg=wnG7Lt{lrY#$a8rwyP)r4S#^WEfQiDbN>FHEQFy(B2SwFifnygYxNV>KZ0ei zymtO{38yST^Td=TEX6m7YG&u;7{E2>pHACB%zH$O%IeyP9Un3H>N0Nz{Ak%`p<>U- zYS9FLh--B&b)dW)S5^Rk3-A@!z6kilA4}*o}0TT((T8ppWHe{?T!p|Ogv@o$43t^i?v+u&yi-dx6< zyZ(V33j2~^#&|11H|BEER^@BO z7&JGa8}zMSLV!n3qQh6OLzY05^*MXiPa?Y($bN27WRwN?4`kuZ&fBX@)-8jM0qup( zvm)fJt0=fXS^EGQ1|8`|PReb(n6wx@yuq!mX!l3)&R6&i{M7m0SNO zC*@elNgq4_%dja0O@-q{o4Nm-`@DB~wwzU}X>oJMNEku-UYKruanR?|L zruAw6L2ioEhLj)Xx)SY=pICJb?}m=}Jr@#%+J*-HSd-Oj)<8Euspx&JA6+jp<{*v* zVoxqW@Aj-#hpG|{y$I)pxfR6{nDPVs{0)N+SPb$4hNdV^yRPlo73&VS%abR5ArhjO z!@!mkojed2Khtu>Xg(Ry24N_5KBz z*!=#5iHRn)OkYN+>Duj?oh(aX%@BE3WR zICr-dX@;_$ae$MiJ=?BY`&D~5)K){E;qCL$T!P})gBWJ);E*GuD761(FU3Yl7b z9KM3z7-Lym)2^L6|2(Fzdzl* zy|u`Hl%KOXMNj(7nX>!I56-g8;&_S4Zr>7MWi^M5f_@nO*dcT~`XLIeqCm?;I#T%_ z5PgRj84O#5qnKoOa?PdJ^il5WKjGe@zh?@xU37BtN23=MEyGoB;ihm0P!BETen^NX zn9G*-WNi>zFepEQT|Ex$&>nEZm6@XmMl@&L2(*#EE^bqhT!Od#70CdQ51cOT`F4>`*M zGHmxxdH^;gqo9z6SoHgyRCj<+0-Cor zAq)R%6BCnDh=Bx&dbDHEMnpTurXrToKAUYE2?~p3?pPJ1cG%)?asOA_{rbZxHyOR} zC#fo5(E^Gr@T{yXLvRa(4}S;CA}8BKIp#dgDJCYy`TaX+yeya}T8dq%-071WOm_YD zy58cG_TlM-@U6ej31iy#hMbz|8vwj$P~CofIU$A@R@8?PirbmDVx&OcWWAijAoaxu zwMewoUqT~4>yzrM)!|pHKY|wPU67P2!1q9y+fci(av|GrPLyyBxblpeFVoqV;1HdP$A`%72um@v7zJ(JfNDzvJX*oRPdUn4lo4ou@`6pwNlw9zJE()!a2GDT zwj2hA4&*=0nWnDf>uSAge@nYcA2{i9_swx!ZfBks#AJrntt(jbSlG$Uk$*>DqKQY3 z_p}}5ZT21kjez^BO6rZi^J4Jpr`$x#me|s4&+Jr+yI*|#;j~#o7DA2z zDZ4&!QimQtp*y@IOcCNx(OjEd(Q^vX{j9o>qFvf1yv&w>gYyR^K3y}Y-Qr?{O5Q7% z-3&Q9-ydc>1=hNqdACHoGg#vu>G^FN%h{9E92Q#&{yb~`oho6TJlp)nS$fj--dzk> z{uuk9`O;*K03#KQPptB+LZQ#NEy^*XRe~CZkZd0xv$??F&lhkrqxoBMAdsy4Mf~WYJr)V z`K+8=F-YDu5X1pNL;k*Y-MW3C_|W)=9dQC~q!-suFLjKKFtr69lq2d_509_v$kLOxv#)jFMv5+Tid331k!3`S*HNhB6~o-Y&kWkir=W;4$%pzwOMC2ZP@S@ zbGMF?{N&CGDpZVyOIOZ|uh*iy_y-RJ;_H57WB?jpx^wVeUFO@m1braa?*_Tc_SE6) z#@}K^qC+A#xx0+x}Fy}^!a#s=-Cjc$BqDH?ni#BWnrF*Yz29&x*{m+;ZY$dvT zMfKXMQNcZwo5T6t&FP9P(_a)_GQ^k++_*Qz&yo%A)w)H~m5H zpZeNcF$bVhIJYTzewX<+HN8W#7%D=^7k+N_EEhvMUbWdnzjd>-v;3zt2?E4KWN*nX^Or|t#hdP}<7O;hk zWM7SR^*z#ANwafjEV_msW(zn&Wr2=-;uRF!ri(5UUB_>P?AsN;I%4E2vaG@Ru|n?5Bd|DzYFOjI8Q;S*niK&&yU}&|sj>N7bc{D_ z4pS_Ze_9#8^qR2<4v{`0?WvR;GqBrOwC})_1szrD)Oul&$9r^}XuX!3`Ii1kg0e#! zK7xU<#NGIxKWLY3m}Y4DEar2dn|wYYbCHYT6jU2Xt5Xt3Gg)9eC7A&VQpO{wQxD$z z0;+5IBdQt19A4r6W067b-!xGpX>r3(yu5CjIZ-o7%@r!ZxgW*bI3}OQxi2pf>oYm| z)35AJr(Hr;eHrAPUT1kUUZ$sNb)srgk3?VviJBwlLDjtN|}^SmLPp=A8d%0VH&ZDL>?bb_M1gImCj6mVrU@+12+L zpn)8Zd>7^|)fuIxsmuy_`}(TDZlTgu`ch2`?zMEo@~uq5*0Ck_42ZeLO)taDb4T7J zc8+6YV-#!Xq`PQd(YP-6>xm-?Au!&N@wnkB)j0gE)skLay_rGW@fXmQ&v_2_{QUC2 zzk!836{lv8mMxk(@-(97Z?0NH9v-3!b_t1s5}B`bM>Ma^{^&-7opRVB@$U*3wNHlX zArXR;i>=F2feeR)0->#H#g z8^u_(EDd4$M)r5J4XYZ&beS{w$Cr}k97@kJi7&@+4dlg~T75I(cA{~j%t)tGbXPmW zgFAoIs+F|;Y%uixGj{b(b56Jjt#mf`gzIEkzGJnD!lO0kjpRcN2lJEXz>{Ry+pn87 z#48FK>O1?#jEJiVgvm4TUA_ko^%PhY9*0SoDh9n*3*dS&h9S`(+n8U%SXb@h|Jr5; z61{q=ToP56e|^d~9@LW_708B`&UmS{*?tFf(&T^$26?Ra4-8#%*tsKEE+bgfNu@^Q&O81h(_%_&C_#W>xNw zaF?W5-iV48tyIyJvX?Hsl;S<=Z-YK1DBRoQS#~ipzJz&*NkaIgR1M-ZgdtySLPF}W zUsnd1jx}(t9w!664<01Lh<;8@sp6Vp5Hxi-$4v(#1RHP?SnLyc?+JQ^1%pjV&gabV zz~{-(dAN+G+FpYHvB`p+H=g6I-)(Q_Y4zXFQG@3&7_+ju;;Ra&oGnm0%!y$KTLtLq z3YSQVcgyfEE*Sq&4sXNpI5xIl(!>TKznBzCb_v^YU)aB1% zp7QV@9`rM+58I5oM0M`$t~*+ybF;JY;L`1`SCy7ZL1JomJ@HxuN_#u%{myvB0|Lek z@3$(-KpS+>d<&T>ND+zv zemD8@mA{TlVcw=mAjZ9*Cx6H|298!jSNqMST;7Jf6iN$TlA@d2 zl0a9D3pe?LD87Fu&ys(@YMndG&#wX^$A2qX2Fgtu^5c~f)s6_5eV)wuY-!cKSCae- zN-}1bw%G<$z+hrz=gNTBsOK0AAS4w@{_V~10C_|0AapHyczUA6nfw{WTm&a&4uYND zex8*-5Kuv%E+j+=FD2pq2emx=(8{b^%bvgMm}tu?-B!Meu~@Okuno;r6cuUoSgIHq83j*= zJ$;&tW21h37#Z&lXo!E7=bfV7P$EbIGOI;?Q~9ofthJb>@r+|H=a% zuRhVlQ@N9YVX)S0$QwUgQ9Nt5CbFP96W44K+b<&rO;DRn^p}!)zJhld--KMK+wPda;W4msWnq zx2np@*TP1BUX=vF+6X}{Q&S=SLea<6ME20lh|N86Z5X=uLwyK}PG8k4ltQGVLmtc+|XKZcU^$GQFcZKRu% z=Nx;^NPAj;%84;i4{SF%d`Nm_^RIl-zyH%7Kev@WN;Jm~KR_rB|F7D$Y7H9fleg3U zJGcFRzWSzYgZ*2IfJxoSHuw2+(gBQ$-#s?_ZymV%O)K$H_#MwgGtaFm)+ybXY4tzf z^ZReuF9zM)K$CJS@k?+2|L0%f9}j!~mx06?|7G5Kl;*yFhrj=?AEJ=-Uxu*9tNp(Z zK~drOFO%65X#dNI*%}xIQ`zFF_oQr78P|I!3h6BHTn~C32n}1o%#Lgk8deY zSWbACuyP>?iIjz?{xg1%JV3k4S!?^pRqpnI9VV>57bWVC9*?t)`i(2QbkFXds)XX- z!@SM8fCm_S7`X(uEBs2scaB?n|MO~_@3O2dufY6AJkGzTI`@*xz%k#ILE~S_t_nsl zF|95cQ&9f*#ufN0afyi=aSuNeCKBXXEOqGhM3{e{imX)L?}^N_OveB7PzD)}Q*Xz} z*F`-y)K(V%fw?Foz$HdSy{+4Kd||5qt=A~|BZW1opYxo)*suKkC*EW#ehm403dQ@t z@111)w_1eywuPAuH0ah<5pbo82Dd*sraLP7_5`9h_8~PlT#&7&pQ2; zf1j}L|Jp)XC*TmSghVborucAU)QNw{bYGF*SO0MVcurQ@z)@1#Q-KU*aYRA>Z&YBH zf@T$?Q1M+4aEB1#F4M|=x$;YH?xFV@J^Tr^H51cGDzKl%6g^34&)=6=+$>miK;4KZ zvb|$tDdq0-l^Knw!F z*V;gXM4q3-3DA_lHzA*og+DVDw$m%MPRYsw#UJ~>KlDa03haV{Z2hyyx; z7(XRFbmfDqWA3@iJrud)_3t{Np$~rWKylC!H~7?Ohn63MfYQm6w=pwQgU#w;Z-C@d zE&309gBKz5djyFpdHn6$pXug1v9YtuvIbEr4Pbar_Bw-*IVV`i+{}pJ;5ZBh;7b{( zi}6Go2Xu|`kaH>`z}f}Gus|t7#*CbQeC%1!p$jBo$5~WD8U{SFAxTRJWrYkX234As zpz&o6&SHBa!FfVzq;}nF6aj?Hl|*^rZ_o$ROc>5x{$%gwR)9XnXk_zJV+HfcP;s&! zX;e(`Vtu4klWEqb22wkMg$mNS?2&cwK#A9mIS`2%n52Yp z+YvXQ=V^xe;^F=KQ4s9IXI-ECW;lkZQh8UliMcN9-cr!ZHqtrTUF?~0xgt=h#?!-t z3TyxlyhpUyF{`+6;ipeW&tY~X%HW2Zh(-98aFp_w2Z1jnzrIb$U8gTUP5%GQ#H z79u0GLxhE##Sxt~zW;(97X~$q20{xArE9|Q@UX1csX*wdO#|DDi;5;uNG75jNYKhm zM%DuCDF&GOHK=sSY(5r}=`u*VJk5eC2;)?s*@CY$OQS*kB*tRbPq@T8)BuJB>d0yup?B0?)$X1uuv z`uk5<6+^}@pcdg`j@GFNJ={W${V0P z6)nmR)$ogYwdqK3Xdfo&{!K&IebM$nMF;X_wD>oY@{xvS zKcpfkVTQoA6B}KE3BwN-ufF<;D9Hd+@uVC_B*<#Lt-cQa*xD*}+2k>@Nxqt~u0lN| z?W7pASz2&hT$&%V3+R50*35H{kJYhO5xGAU| z-i113jGbUJ8XnpB_>@pSFdVatIupR01OVV{An5XBQX@Kf{Eh+DSD+x?Iv^w|sTb)s zN5y%KfrKi;cyRg+t{lTe2N?!o>&vN6KK-r~F))Xxw4|iJQC+VQY&=Y_u`-QmS1*uR zy7dNRd*2K{OaO{M{`U6 z+p5Q30N67;Yzm3)(C6D+kWW4*<~U8dQmC{NqN1Wsx@UU7hqG?0X|km=QfJIF`U&ej zxn=y$EH^}MGGGo^X);g|@_e=k;a>J$j2;OGAapDm3=aEWA4jx zzY8X9f@vSodShcluln8k0iO)H_dUkIlfM#{fU#bf*C?(&d$Sy5R=2WWRw8)Hl9_|reyVGENj(_Ja-+vN> zNE6I2w2a*G?v>5WlUc3718__|VrM~aU~awSy>7E7 zVC~0KHjDaV)5eX8pnnA5jw#zZK!X1_G-!RgvvJ2{`Cj+4N^xVgYqh-|P%2fPs83_s zV_QZ(N~<=N=ZXC#4mLLF3_E& zY)wMy17ohJ&jan*Y3Nh@hOmBlEUB&9 zC=F6w14i|9gQqav$gv+wCZ|hD|1~DKQh)Sj#w0eh5;JLX#|w_T3ykez?^#3+@wRam z9N=V=mIbD~n*d`s{+vz)r1RxC_%ada>6a|m@xg(e-46;<&Ytl=35MH{&p$suUoL+- zcdUTq9kx&tMT`M1$iQ$>GFl!^-*vGvK_tC-)KXR#BOQGI{@>JB35&pc_#J;^@6*eWV4@JRDvOy>ULAeh8ljsQe?S?h* zsBb=8#R}YXJ;=&xyf8aX=1s?(dUwwEwEe>YBb`=moyEbWDz8yMChQZMX{|58hmdL8 zB5n&=ysJ86Wp?1nRe*`2dqaadLvkq64rjFh9u*2tRdgY%Ks<{%3V+Lx>413rL*!h& z*5C|`MQVd6XZ}s12Em&6h|4HNO1Sc4gVCfURpvI$oO~Yp)x4S467(UlmzVL7X@(xK3Dikde$8dR;PCf44Iu2N zN_XkemjeRC5NKuGYB0+P4h-Cnr$v@w0#DCy{_9F!JqgiZVKB0AP-&T|DgC;#!1emm zAf19)a2q6lI6Z^b`G_Z<(9x^>RRHQ0NdoZph(a(zUMGqo5jeLf>bL?uVc<2mgXCl< zBct~BG#6-OM6h?mn$LPn3?d|}<2a4$z+el@ivi33qIA2Pkq|0Eq-c!R_G~kJ@Go;C zEvctSV-}3i3D^tCwBgd~cv)0k%YBte{osVy#rDnP0viPV{vej`P%#kFB$*&q+P0tK z01wf%RR_wST!ntSkDdW?$C2s>!Ij~+e3j5Yf1oXzVPj7SLO!mLN`P>%i3T!hm6CUQ z1{pNs)w!~9&}ceeZB=#RqT+EF&V}(wq5Fp04$}zbki*nsbU`{Wck$^K!yN3VN*5zs zaw<=Nw&hQMHpyGN>e7K@$27oFmeKR<+jj!lLPBjm$v{9~=re{qVi~)~Zo7qnzZOXl z2h}o9+-3F$td*e?>Br5@OBWgPC>|cE2^)8?URz#TEPXl-izc!a-DbPjZ`sXvI_8WY zduru;W1e0XUm3RPg)aAH*VMJXNJMZx*?D;tB^M`y=B7syc@4{;luT+Mhc`FlOK3V1bNRM1ZPlzcuu8YzGZZGy-ls@+pXTRAHTFbxvO1 zSMhIC*j|(^*vPN+*N8j|KUA=@U zTm-yel@E==w%OhFYkr;sHwrm#xIR)dbWq}=we<*)yAE{5U3s$^S97I3X4LxamDI&g z4T4TH$7UcJff*L4s~Ve-93+?_#%pHqqc+4$1I#?GI+A%9UhIJwS*baN`=dQImIa66 zk(O1BqUxa2%xDs*8P)V5+|59#Pt$*|}`**c{JP^5QYz)^JssI4)&Da))7-=>gz?aECCs_q1t z7>aBjg5P65BeFKbBVO5P9>G%$zED)Fsew<@I6Ozc>(5{y0Gby=9L(y3yMQjeN2k;G z1uTf!QvNTrLR^1;e_!e6f##G*Qjg#epAAGqWehf4R(rxAR6wZ9T&R73d@rRrI76o{ zC^H&}iZ&K|3SzH;4*RZPl`PR#B%y!`$S^O)ccy|>C??1NI=$t&X6ruso0S9tQPDZn zaFFV@IA>>8gD8r^Jqz>~2laA3Y#Y4O*!YCmLC(Deq8uVTui|uIpMWF6v)G9C* zK?DKg3e^+V7U1;a|)He)27-4+0XB6>b1!EDN~Gb)D!_v_locP6NE7@E3YM4C!EnGExA zVB@f?pIJ(@IO#~iN5b|?wM4R05#60MiNgIumR5rb3M|UCJn(FDXIaPoQM`xI6=NnUS2*f zJ>Rmsh_5^qE)d48uj5##VByc${;aIUQ<7wZtPtoZ7FvHQuE%Ip4(~yGV}%sZJktm# zFKeH0nR>kAYn*|kPJ}PFY`!3>Dl*_(VsTPgrXKi@u2FO@EF?Q!CaU>@#!xCGqA}Re zB^P8a&5jOkfT8%o^yLQ^JJDJejL#lh)MfDF%e%N~XS8Ini->5V;KVX(<~dk}$qWO9 zXa?1(G3Y2mreRlGp)-Qo+=*L<92wl6EVLh`g8Gr>D`fw%mGN5d*ed@rxAXDSIIM)a z2n`Lj=Ai1NtY>yOj?($4KVdq+{P&|>ya`7l9)y9OaxRh*p*QWDH*Kn4zt`nbP%js4 z!7wo@Ptr2amQw0gGo?+6mqaE?VzE0opN2fg8@Sx%@!B7#gud;Hk>1wxIXdXOI=LW` z>-hC>?C6k7P~t)M6~SUZu$-b~na%h18~eI%*W0sFaeQBpwL(Fr3S9xIwjxZp4y`|1 z55GTwYqe1Z9A$)%M9IXkaWlfC;0%z5s6kXqXrxcTiwlQwA#N#C`RA+RJCW4v+_57D zNwD>`6pLOroGN-W|4({>0bJYqw|c#C~4CIDk{Y)~Mnb7u)u3ycXpCo-DL# zZz6aN&!i@d!A!#mnU@*+s5^W|1w}suKYuy1IdCL24|xp(`tehxHh_!^=ey!v-4)e; z1D{Eo8}Qwg%a>6@U%*RH&wT#i$NYb^0OlQxOf(8Huulamm94a--Wi&D4W7BjZ-P|S zq1G_a(#ByJ*I5MhAkxV$jKm)ort#0-3I+g`NCzK=hie)+Bl8uI=z=TAw^1%Nn`aYH zZ#;bRL}xGq36Qgg9Rs(B8mC#OJ%aifJ#vuoH)bFEdV5<~incKxd)3~R3`nS~4<5IV z9LUj?h;^zCDFYQz>z3Yk5Gx3m8Ad#IkiV9_|t79(ny??ee};cOPDS zro-;iJ-#^8CCC2K4lo&;o?e$hGf3HYv+dDRJ_gHIzxA`PBO8qSe5GdVUI0f#)PU6u zysUBy5YbITNOk*>kgB453lm+W9BxIZPH~c(@;-))@SMje2d+g@sRzcwU15Oac5(hG z=%yp7Gd|q_$W(rX&TfYQK0HMrjH`etWtSVR>* zu)*M$mrw(!%Q8wKB^e|$y`bQY#%*K*Cs15Q2#h?yz@ymv<1di%X)P_n zNY^oo^jPxyw4HvU!ot5ai-p#%U3+-{{-VSDGbsG86U_G0ivZwWK05B%Zy6B9Zboct zT^Ik#Tb@~O^Pv~7h3F24%a0C}ZVtE=58{CSaGGwzFZ^gM36xP!mcV`Xol#KawC12k5~gS!~zp6cKf zxpH;mgJ)_8`_Hb2B#Dt}wSu8evcLN7kw@Pu*L5Q44St&5jw{NxzxD*mG?Ij&PsQ)X z?%lgr4jh+G0#J%U3?ElPp+c}p1FdGwI4+V_x+XM`91UlG4tG5ZEtfGjTU~yCXdXH+ zO4;Kur0x^z?kixYuS^g1^u!=v8w7q#txdxYI*Ci!cZOyCHs*(o#z&^cegOj;gikJe z<~gjl$%)&dmLp_ZAdDkLW5=M#8p7>~rK(5sMq;`J7$HC$%2;WPlMZjfcsQV#6|DZq zB}q+}Ss)hGa164sHd zCy`7F@rFop@Gg=QSC|fgy#YzFSR7kb+R!dBIZ|ndV6*7sQbwT24B_vTt+8XIP z9Tr<;Hk>SPLoPJ}vQT;Ix+~ZI98`*n0*rxS^bqDBL|MOuNhG}_X$v&Fa@ym+pYR;S zL_qz(c6>`1h!aK z@ZqQ@d1ojyB{aw=nVPY z=d+jf0F(mi5xD&Rub!t>qLw<3?%%g;Tzo3wIybj^SrXYeK0HVV0qfqgJ=&-wQbnBr zQ-ljy=ngMM*BC&MNz=nIh=Pvx^I{$+QkYMVg>Ot&a-`5t6rz_5){{XS0;1l-NWNOHfimbGc2k|#qljZ5xr_YMeX z#+SsC!ExLhR-i;UBh|wPiDK)J#jfNBa>RJyz_jZ-gz5zbyTm*HQu zbzlZzA{>pvAYPu~J97OLIWVxU=B&gqr^$G?g>h*zrH~96O%?_LL_!?`{dp|k$}h7; zQUZMOCLtEV1!2l#BDPi8F93cFW2=GK%e8Mw?oT6K3;V`)0W^w2-9*1}J&KW9EC=`! zbKeTB3}aPe4_ES9{kxH#6C!IHZ?>a@iI6L|NrL zz&=uOlCqHXZIW8zxq}N>J3uhHs)f^6P=^%GjE3UPniDcvACsfP z77wu*QY3<*(6`l~AQ{2jPE;2SfXRs{2ieLwC_2+y6IKqQ>W!ZHcKJDZqBG$94#;R` znm+-UeT5vZj(GwuE=om~A_GOpFN7j4`xqQ9&tY?U`}qYUQiGc&I~j%4Ad;WJO}kv+ z?5GEw>Kq!b%`*!KE2!emk`p7}=y+v0n0rS8VNG#OHJ~m457rubA1cEp%pSKv(IUsL zUE!7;{ww2kv#|q}=hos+!3j{0LNpzp>g&_5)-WSRY5+Y^8txoSf8AA8C5IZh4*j6X z_^&RmC?d(Qk^r@fR)A0Vp$(Aek@^$^Ctu5Tku_3KMMOW0`&8Ofkr0la(_N&qLb`pmkcF-OsIIS4Ojc%S0 z@EC^^8`)(BL8f|X`KrHQU#HYv;)F!C5w{<-75%s!%PN0G zIzQ%S1g@yT)?>VPUg`lgTT*zg!=SIYB&eYc)vqCO5l8QjwVhpZZ9cd(!E!pE(phvS zMgOsdp&#r=U@SmtVVm|&d?OKsz&)h7BIpqEvuD=!KMGzd#+(r>M}DIeA!x>aq$yDQ zsbt6|pT`8&bI?H$o`k~11g)}_6%`LypzXE*4SXrMWFuDR?Ks3xEV#S|Ve!G^k4;2M z5tV*jY-8+fS%?s0SlWUYmAbuWap%a?$k6lGL z8MDd{<9Es6hEm5hNgy^1r!|3Eq3j01eh735DdD#-XIJ*GI-)sZ+-=^@;rciq5=*=1 z(UyCSB}Xes4d2KC?pkRoQHgBYJa-LTBlxv?rdp0c6)Iozr6Rv!k8gD?w2Z?x2mJ<~ z`2@Pd>e0oMeywgl!XTvUibVa5H`dqBgWq{Gq6tz$v%sjt2rxA*N9q=TIw-KWw;BVo z8bo>RF)F?Sd*I>C{IRIUEIICotOWOG=PygwOp5cLN|r`WBLN#684tq`RXuXxCkdX~ zFb_ovR_Fyzk4!zPJ@$wF<~4l|y${INVxwA`FQLrmn9{_c1(3K5H%7r-{FdgeP}F?L z>@g7UVFK_yZ;-}vT7*)lbd$*e9?J2!pQ|-_6d^iucdrn%zw|bHMQq-4jq3)Wf2!vq zbR{W}8?hl1SL(j;aGEAYM1>7QfB4uB!BQ+(bDsn#ij@56aAI$Y4SPYUyVC8q7O8ep2(%^y^VOO8jnZGu@{cxxmND)VPD z2{NsRXh>=7$Q&p3CTMvsE9p0t27(d65fR`z-Z@?m9t9sd)nXVxG}_RVK48H}`;5x3 zL?xh*Pi_T>zkv!`N8d95AjTNK2pA;$L;+A0q%-f235Lm&7K3U50=5th z7OEj4v&KvpD9<_n7OD8TO zuyEilbj%}yGhP#nlw4Z4J66U+>*f<-KwvCzY*l$k_brp zaHv1V7Jzbugk9?bb9MohjR(+Bp;+j)C@WukURJgqlX)lc8~1b(2nPp3 zuo?Cq0~g%qf&kWV%4in2WP>`KL|5@S0M&xc;nhafPsO#M5(s7?cdI7+J#}`GUS~aA zS1L#?9`ter7yM(d2o*vzazj7i29o9xUILJVlIfpepyH5kT}RFyxXFIW4Z~4VIHm#b zKuQR%v=QAx1XQksg~<0DQes9*b{XlPwr#a#BpN6ojOvYeoLe<<4ES{Y(Hb#B7et?# zknEVhEc4IWNc+L@I2kd8D7J8r>@2##0YE>~j2(EG%ELAn6ChC!SCWgP`Q*(&2jSbp z!SQZpsQCg;5ATwcB;pFevXRKez4-+I{5qmIu*t{fAWlpiW0go54*W(l)xZNavhT=n z>`y(XV>z<$xW0q!03RiCwH`Z`)i89ibtTtquECv+4Gk}(*Z3CpxB!CRB1sBiA=)XT z^Fc*amGqZAdM8}*Y09hsQ>Bi-fpkKLO;At`Pa47kQ?K&bf;?VF4UJGjCy@#En>~}W62UL+MNm}F zNSkV$g}9?i-o^rA_6Mh3p`9>BX$CSa-I|3`!g81#@ z6VVqygho1Yn~k>S;0!SwHInx-BYlVD9`oNT$wjqXKY|_*AOmVS-yUfJu1rGE18d)9 zRGvzx93{JNNUwSAc7<%R=PN`TUnQa62RwG^)?&)V3t&^oO0I!M)P&mzx}XFJwT>jZ z9=|*|H1yhnD`d!shp&eGbFn!|-x$%^$kan)5Q|KgC>|iC0fDH7s+8!V@Kw8Kh+Gpa zUd|{H#VZt`w(dt=b9mYnIcfC_U^La;bmk{<|C~hCRrNS8j~SPF6JTOl@x2TT2|(8s zptF>{aG_axuj}OrrMJ4Ie-N}=d%VU{rt1|CZc+%lI({Y6>v_K7?04bduwGaAHQd}nhH-W_N z69N3$+Nv_I)fKUNi2~_Edfc?*g4i?Qroj$1;D7{hRH3J3=mG`jTAF;rCOC(~cI30_ zSl)y`l;pguLSgdYrGLUW>Kbl7q!vn`wuxi&BHRs|ffrpIhDd70xaiJCvc!d$*aoEm zDEr><9`nY8U?{t6&?O{OkJF=y%|OG^yI0uyG$|ncAw=N1dbQ7F6cy+fS%NVmr1|zl zZ|3WQGzVH~*+7Vyr;xL$JGxM0?WTt>8fNxG8wbQzRZ|Zdj>2LJ9@e`9G*Zij065KODhN9;2D2LD%i)?ZmRbXU`iqyJ+M0u z&>ij50L*Kv1*9EKxDbyHJVpKEDb)JYjH_ayR*J_dRPg24-gDB!P z=Y&R0qSM02dKI#+K*t*}d!c766sCO2i?A+`M;e~L674M)VMQdXJ!OGnwqV<)O$n8+ zZZdTLY^m$S_>)T9P<7EB5AJ-ykwNjXXY-4Z5ljVd0$ezSUPswLGF?7I*GUG~p>fNr zXAlB?gH#V$2;3AEy}Y~xXC$Ft0_1!l)edogR2Iq6Aadge4cxTno76Aw;z#xfX@M+B zTpEoV5xDvFi`HU7`@kbDb4AEsY_URc*=q6q1++!Oh<4r^dwJ)KpT!{hJJA!dhvW z^0bngfW3?+X5Jue!D)^|aHTITVV4VF7H`PDah0$S1nt4?CpQfBn=&e^2FO|(A$_xM zo5IT`4V6HJh=Q5G57393CSyFWQl@#wBvg-&j=7t1BccyN%=h539;o*!ES3ObAK?JV z7y@vo-n37^Q7GY&rl2KhUF=FE!2sb0#u@SGXrtNOnQ^V|BzdPeeZ!wY6afLd1!=sq z)FC4|kvA{kmyPT0I&w{dS|dvYNI_PR336E^^lR2kp|m96R-Eopw*?0R??7bn47UUR zLv-3?FFUvb4WEKyQoYg}TQe45BYkiyhotPc8MmB;sg-*i ze)qX2A{iQ`j(9AUd=hdAwTtc#OIj}Ve2$Tpr;s8LO`t2R6z7K1YAy>#91PYucb=W` z1(GQh(gZ!lAgxB_kU>RqF4|dU<6PVT8WXTmaFJN7niWTCV5su4kkt3A=O14Sv9f|} zV+sI1d7d-di30{U%R>j!aEdR`VDp(>1tD}2ND9Ga@pVyO@m{B#NV#LLGs&I00*h^hOpq4CEf)P|_mZB=N8PNh=|% zO$KLVi3~So$PFuo3{MZ(Q6WSIq(c+d4iL;U)F^d6w!IkKQU%mSE+6G9(IFsOClkoR zLuM8o8NsiA5Pc7tbf(#gOpbXZ1|5n<)J zEv9G@B9CU5B#J*$KhrLmkq3=pM@vQ`Xk?;!)oDY|F%fYCBD&OU$Mg;g``@@p%FhD$ zWwD!ukS$CR2!T*mtE%u%A;P3%;FA&>0~7TM-GV!7zR}J?E~bn?g{Vdg-4s&biqda$ zP2O;V7{bkf3!e1pf-5oZ6$}Tf^p+XB0W26gJNb$F8$qC1)e&h>)bqpFd081TWgC4< zDx1~045rbmrNAQO|8GaX|JIn(NF0e~J$N!0={yvZxJNMS-dYJa-0Sux6_HtG)}Fr2M^-YzgJ?9O`Q9(zGn@R3o|wQj9lkLKj6->mk~H z9ph`HZAY6`Kg+)D8>#oG3HF3#za{Iw*#>+Z6ZDfehPhg^fNA#JHh=bi^QLOR7j7MD zG9){ACL7$yeoy{#ed}txQ`-38mBm+@g?U-BMmfnO1woSI<^SA`|6i|-b27%e{=FEgRB|n@8I#kZg!d_O`V@^7bTZP| ze*by3ZfEE)IwMW?p6cDdUBztTIl}li!(yxdZVHc)ud9ocvO0s`XkSWhd)q;_w5xnK zjShYyCd}~vCZL{E&BwcZ*|EWW`v!L@ttQdbu0P^gSy?_ssmqgZ%khT)ylPt!$h27% zk8B5oY#8g3w|BPGa=C!9uCN!TTlyQz|Ncp}Fzo-#TS!ExyZ>0f{|PGg6ErrLz|25A zVE`Pe@>*X8c{$ypOaR1*C+EH(MFXZ4L2Ho{mv)Kkrrjs@3l3*qI_+8npYPbux5}Ah|>oM=Mc$;>H#K21vZv{|6Kuiwt;>y2Q`(sPU1njQZ#` zh=4JCN*9|H7k4!y)i&Wd{4yqXHt9;*SEC)}7n+k~R&`RjPOm?J53Sw$ zx63?caSN=-c?~;U=RwL?R-J6>g$C!GscFZn0f4U`-rUt6(S#9-x8}if9^I$?2wVym z2Bbwl_4tWKG2=)(tspYn8v$_3|1&-i(iz3+4-*smpC0Si$LERGh(=$&k|TGqw6x;R zS{7->Q19LT^taAv>=&s3g6771wZlqi7E=PlP#0j4S^62hbQIDgdj)tNGF#u7#&AiG zMgq z0A{q!Cz&NtL?~%Wv}FIs9NMjg6kTloAf&h{zwT+YW7Jg?GjZUlY@MI;V+NaMag44sG+4C-AN(&kP`k7)Z>1RPoc6A1_=dA}Esoe`*o}WjEQxR! zOv*+51YAONo_Wz|QLnVnpIdro5ynuG$0!l z-OqUu_I;r;R<>(h|47gReYgf`JCb7MaLwG^5y_N`n<$yPrZn1-CS^cuAK~<;g&%Hs zcnXNgzmi|$@<#}|;gp-f zK;ri4TChgYE`#bybTtP*4q`bd&5{rmCKuh=dd>XJF3qz=3qSH&4Qi^<%^V%9>Bt$Z zVWR>!L@t|O&Gc5a;-S#-;$Q3Wta0laQ;EFr@5?pC72(um%@or#VqF);)9nG71O9*n zO>a6rcCuFLW1q9+E==UHk8ESfw5bR;d*`NKycqDA<2>Bk$sD5!3}UUvU#JW_$qE9i z3hIIS0pb6AG1tvx^{^#lXbn@X(^sV{Kkja1KZ~91d+PiBg0Y23ekia4e}1`iYOJKU zTvXv0t6F}q->cVLv*Uh4OA6fAdm*Q+nXC~GKInVu0Gx?u=bDP6&;prvG5GeszX|2) zzN6d}Lvg$& zXyl!zUjF{s#z%rXU(vV^Mv?Z3E>DV1rkFdi$|$OE|;Anv*JEoP8h<9}RhFmZim(aS6JAm($ zZIkuyZ$ZgqYE4{GQhphyEpkv?K3q-PsF|iwRZhqL3 z5a4hE}R$iz+m=dMr&*JI_DkG+lgqjW{%33!-<3rF8^<2C%>ZWj3Z+ObI}h<*LnIsSC@Dg%VpnbXdpMZOE^!4 zclAORCl{b@|KkaDWV>Z0Cysy=HGQ=cF3wyQ`Zsp5SE4!+LT-SJMd^+!y&x#J*!<_r zjq#TNlWl5@d4XziIL%4SLE|A==WxHasFU1v4Og0kW6=GeuVGhYdpNh<%^L}FGO^Nr zWZ}#fFHbLD$N5nMZYQJ5dHxy99T6u}G!9YH*8e{{R<*Zb+gTxbgH+-Z0<9vBZnBo) zS)ma7n#*0!SBBB0AnUV9I1UBH`RU?>=X&MdyEzX)A%uf%B{xb}#7+#%xx8tL-(lpA zTmHB3oKX~W`=asol@zsn(&|wG4GsAW)Y1E=Z979@oUy%V$(m_;^JKH$QT3bRFj}_k zXRwV&nKTp)yX>$tXC5ui`OhQB)Ix5S=8r#y#cBab&yVajGr}N{+TX9%g!2~ z*R>wXb}F9Nu$Zj+`6b7k{1T29*U)?PckN+$sjIiQ?!XE1&#U$!L3sxoJk$OjBk=2$ z2|z`i2g)=@E+>bH$k9v-cQt=mcA4vyAJ-p_ctn0FGl4OFe0YY`UL-{S^D>P7`%a*Y znPu4Fib2Bb?cuB|sYQb?8k8?HYt5chyjb^XhneKDV*y_jWKAU{$*+Eoc8Ln#KMe+Zccpo&?WoRJec8+qU1brkajk zE_m{??cw4=f5opB5&|cmaX1~t%E}#h>J?D19QBvUBkxvQL{5e^iKBhasEPKY6G{&C zT1ym+n}!Q!zUxpMTmNS#7$z{6Q?yq$*zPRu z3o{O2COf^W$SLslhzyIIVO4!LwafBtiyGmdsIrn+gBzrJz@SJeXF#!N>aqs zh~5(mO)g4^A8_|9U|{da zntiUEq)Y!wo-#$ro3kX2GK=7tC8q|8f~gyG&qp2aE#em%KQl4*z6E5jWxdSdXMi3+ z)bat_cg!~b&vwu}>rM6d@?-)?=#{YmI%pW4iC#8J3CMODEzFr3wO+i}5;K7qb~;4CF2r4$Vso|hOENxT

Bg&lr>L^2ZgIQVej;T#+Ls-aq@+`ceqtFlKP z-42iodz^fgcp_c*WU%>&=3IXyoqQ3y{{7Ls(HLc{-~G=0C?<1SB*?#f@!}jd4a!6z z_(i4-f946K&oO%>C9RF$vdD)$X5J&>XxEW_^in|fO!wlK=+vRRBKl{IuhetBcoA^) zlA_hS_2f_Blq^P)AwzOlQey$|ZcL?ZrDpwYRFk~07Wh@qQRen_f?-Wep|A}=Z{;Bw zh$AAQ%r$^ls_~B(G4|*rz;zi%IpJ$SXyw$0K~LiZDLipSaq}dF?p;i?4&RVx`zxf~#YIu8 zExWI9I?vhvEiytpOEcH1&l{Z5CQx%ByX|ihq85xt%52>eggiLg;w1bhG2aR&oIypv zA?UVkAt`o?-%Ux5E7F@m^#kkuJGyd&(I$URIaMyorRd4adDrSlQRk0^+1b}_w9q3s zspN7&ORj)MNP_LjA@U$~BrR7ZcC+>0+v*28bMT)}51bo6hd-y5yS3SFYT3*uKZk*w zk-l@Z#P%YP85P0AHcn$@MU4*CYo-MWQRmq6le1nnTPZ2Y7#RiVqgz5|Vu_!MmxJ|p zZ2H`j<%;=b7p$9oRWn=nauY^0dkq$=jBdJs+Os*AoT+8smN|l}93B_#dd&zu<)Vjj z^7Vts8sV7XQ_=0&D=8&q+(mBB|FLu9RsTy6nO5a7 zbmY8Xp#>2TSYyuP7id?mv^*^=f{TPy#+{}M$z1E20XWw_N!EB)z?mqt=bN)}(_ zQ#4BZraEu4|5sos+MZ=YMX7Bhp+!wxdiswxSgfHMl4$<(YGc8*T=ko~V2y)yh&MCK zcVzeuw#dI=nM$bKe8vG32q{YMw&a(EvSv*Gf?h^)nI*a9Dzy@#0HqKuTk z#~2gJ4KSb(4&djr0X-Yp*Us!_DM&x!VsEOWsj3(g8E8| z_9Ph*<&VF^*P@B@0m8lKz@a@c&2`aA-tkKp5T| zy*wLDQdTy_wQ0_O*Eli=+&YgK;_RSNTd2k-KFu~t|3R9V5B^BvdH|U?yfU5WTDQ5LI}Lqp8xT##H&}>b8X1)>5ojCTRO>kac|h zMSP{7;fs=kP-MQP<~oX~YRRb(bM%4G(t~a*8UX}|u@|GD^ zYkN$YAUv2l{`n^=AjZL~Ozti_8`-3WE-3~MM?UnL^g2zm-NGD0U0%FKEz_eM2Z~wg z4GJaf%EgQRPzPS0E(E5qhi-ry?WPM*4}MZHh7r=e!QxZDOXMB@G$sK4GxfIM z)H3CD&Ej{u`5Nh&NgX?Pbys6tn*h_0N$l6Bj;_8VX;q2I$?Bu=r3l(w=A8x1B(W#F zpJNYQ*V&5~>#n~v0E(OK2L1&jD%Exc=j^{I$WX3p=ZdCM%&$TG+iGH+83f|67X+e0 zfY5ZiC7`cay;1F|4Vl6jLBaif{IBAz?Cqfs3oU(l<*C zYS+W?2)KZsW&XO^!H!R@*P6+URgy+ za|X>@z1d~vy+=7NPzCT8tjlB*uq?RyDv~aM0ZORYo$(CgQI7C+SX~0o8wfdspw{Bx zm5lzV+l0;{iyy`MM-WnRL3UsfIFtyJn;TJJx2oz(QgA=EvB=fRFp7xPM*5|g47Wxs z&wL3j*1Za@Ic+Osh*^@aW>h5~oInnr~j-feE17DCj@)x-J43n1E1>oiOK%fPkLO9TA z0-SVaKV2z$-Ew1Q*xV%?ONZpbB=xtP>Gn*3R>&UO_eqfSeSjQQ1XcmtRwy=DvQpi_M zO%9ix>zpnM2D-HLDj0!wFm$}9{ICoJ6G6DNTV4h1l<;y`phaUx@d|0C>q-*DMM&_Z zgs4v#F%tm^mWb%g+s$F#w^cvs`3X1DS}eEsiv&Y%%a18r6|hYqfKznw=XtW;;E|P5 zH8Gcxa^XlX#uZf}X$S`8co>x9`M^=o_|g*-pE(kqKZjlVDv?iWJ6>AWH5gU#GUw}e zIZZt45Y25dPE1Luf_p+RP8a41LSOa6!TR@g7aUHi(x6ftP#H07QxF_}4C{&BN2h5j z2&ITn*^l+vW+Fa~tcMQ(u?0USEDFz!hg^1J-!?G{og%)12!&XLDTUbL0gS0EEGo zb&S2ikOD&g@cq1MQn+J3Kk}jd6qz&Pm$7_EQfmOo5I;XHtGO75#P@lWwlzCw@3fikxTS3M9?Dn|5Hasw zEj(dv$WA_suVr{l=nHK9k8o|}MkKGwel(3MKNsMLeO#4;K|EuaGDg`R!p{!MErF{Uk8hTK>>Ldf2zZC7{E!@uMSa|M$p{p-&0UvS(F>nP%X z^(;?eqx|~3$@GPqh%1x9O`S8%<+J6lC;X-sIR3O{Dy$%cPhhQ#1qSJuD%!f@G4Kdf zgSRP?nM$+14LgcSGRRhD0_XTOob>D_1FWuqM}HfRh0yzXHh-j8k*_^qQtW zYb|k+?-`J%kcaBet_9#dT5G52Sj3||hLvlxm1TyTT&ez9DQ9XKvgM)eszjD*2^six ztbcp_|7&=sX3q>YoL6PG7I*6dNAc|9l@imhb1bHEF=A~eTuMJhEH{6l+hOtQN_ej{ zVw6syZDm@gpjrKp%hhi>S4SBvhaWBS{(Lh9NmYa4@s1qxE>cmVbBZ7*W?#6unVk@t zhV>$CUOX!+4A)y|SF~J1F?j=l7VmM3D70Q&U!V61%ig@;qOFg)&rl8OVVdy=y`Bdf`C9tYH3hJ1AOQ&(LA+lBmWw%%v1j=jW9bcZ$4P~=PR=F15 zSXcPw!pHSawpF`qhB9PoM1MTKv{znJXsl#q_;#yT#cW23P5i_>p)KB_IWJ4<(RVc3 zn6F!a$0NxZHAkm6IGDV#zBhs{`WJ2Engd~M1BIolr~1XPbeyIFcUH`A+eN+`ko*_O z)aWq@1eF}s(Mf~K5PzJh2`yB&3sDK=b<}{`8{oh>Zb-ez(OwfnU&ws{`-pIG`wzaL zRHVu-PzdnNiU&I2NB9=`Z8x=zn|wtSn%WGzNM#MZ_9w{);*r&kse*Qt_r(^hi3bWm z8?r18ffp}da^w5~AQy%&!zXmWv|Q+c9Gu9_VdR=}@mo(E%LT%Hp+SapOP==FG+S$y ziSb$=QEv%DDsjDdQABh9&erf9N=p2epBj#9eBsgWjMMXs_+25=l3^U2j9JmYUQe_y z&xOmc7(bbnHCxtTWIr>rt+3>Pi)y79`j<-ym&?IPox zH^Dxkpa5g1$k|no#N}76L62a+5PbBKUcC5(^KCxX_N@wTEd=GW;Q#s7cR~Cl0HOIg z0#OjP$$CM--Q*ANFSI(_Ah5R>Iu^o$nT(@T$u?1;5t;esF?5vt6?g_@Sq(L^t!1#f z@SYQA)+9_Bc!it+VZNYWhuL}~1qV~zck$KQ?}ZBtWtQfjwa8~r4>U97FmUp8@Q(Yo z(i#8w^n`k2;2>Il`|hk|{CK5k;)#zyBMvpXogpLGCHwYRX~8M!{q*4qfQrHXjTAAu zF@S)>GI6)QW4BnMej5)(7U(Y{o8#dPCzBVU#EoPWc1X6p=ny~>N|iS^bx4(%{`Rl* z7OWJ}*Quk9{etAj?|aZfFiNtq&aoMI9#$jD(J>a|A9K4s=)z37Y$`d+dkOw~(|7xe zJl{1$izNF|)fx=zw8SVVUdLsuolt^OWdew@ouGdjY@Mk!9Y|HeVKhOi_=Z*;jzFz@ zgdMB`^It&&LXQ|T+uBqV1o4_v?`aO z@I)`oDLkQC77jaNmh3!sZ(px1N)tW7tpXMBKZCO!7!&0puMPj_ zCNiQIO$uMtf%x)xHHy%o?l@jrWa zRtY@0_YVONvkeI%PngNakW)Vbb!lqxY3fk1JtuEmCL@!MYZVC*2?XfppbolJXU9Qy=-e{u#7s!rU=MJA5*5?1*+x~URPdK zyPp>d472WQ_1fs(?l{9VdpRdnEjfr#CYbr9pxAUFd8xk)sa<{@VZ^e{NDT-dP97nt z`jLc>?vD@3fg}?{(Q*PIvJb1?{|HbX?05`S z#;*#4fZQOFIXYV(T$FiHd>W-1R;0cAc$1=V&#MfadG8|#^a`FA4z_1i=575`QQg)* zrL=?2DH-=6wAex^&UAjNoykei+|i&){uV^%{ivc{3+N>j3P`P-PFh7vV%~9b)tvyI zg^AcjQu{_MvqTc>@=GrgbDH@P#?@k8Oj9GBK}pZ7PS5ORYQeY!MBq5H>Xq% zH-EgYs8~;H6)l{f`ciI@pDJ4(NxyN3-6;?lbnIzp%^uk!WOoyXLn!(PTnfdf=lW?N zRWIyl56oNdL2`4rl~$myGOS61lKbXlHuF@X6M;q@Ta;NV+OcR(P8 zN@ltb^BIknCPkOIqh~7(>VXG0?d3T_k}ll;w9cB4sh0~RQ{2RdM%)oLLzB=F{VjPT%Fo8W+Q@@SW2edM6x)R139r+eO}1K` z4-n3`sdz;rcq;m~w&Jm-*@C$Rf$nL)*LG8b>Zhz#!_-tyIW#}ov~=b(+lUB(R(D5a zG;II4EH=4xeCtP9FJEWeL6I-0wYF5&dY;IElWD2=}|0s3YqU3s#zsH+9j6MV1DR7#sLBA2Xp=1$YgYDrlto2-4#HILc z+9x7JFa^OL%oP`<8NS{O&PG+{u+ePHim|#IH;lOl9~h~;&U;-^#7eXK@s|AL<12)djPL7Es_~c79UadAmNU%b%s`^ zmPE5a$~VMLE))(wh)bCs`5s^A%SD&`n>25y=qxPjz??S#PAeyoV%rk*j_#oS=nfLI zfg8Ic;)!u~%W!bf?`O=`dUK#pf5E1jNTI@om(WWbjZS7Ra-N*NR32{@rHkB^lz8E$ z8WjQLfqh717KAt!K45 zvw4H}2I=T*c3Bwcg{;?&TfAP~zA&5R?vqX39;;ULTDn+$>YW#zQ$hWYAM$ytf90Q^ z_EYL9I|X4L7cyp#v^nG>=Hpz@(+_&7x19fXkz0c0KRo0|hSp4%HBYw_dBmA^|8P3IFN zEyYH)BnXq}E3tGg1dgO2^n3%4&9ZklBNE8`=aGob=9(z}&{*>EI;8Fvy{p9p?hQ%dsSUkS*O0uE}gGp%8_iTeA zh7fJEKwV}DmvmnHS0a@j3NZvZ;!)lvTT2Lp3_td9nB#e;b=@Bi`c>kvXg{FLx{L<) zt4jX;of@tB^EEUg`-O9cnk%^ne~&hvEdP~vsjRT`6tk$)!Mh_Q7icPvu4t=T#aJY0 zC{~o#=E)J#auw@T3szadKnKi8^DXI|cxb*A+q`P1VhZh%=+g;2Zfa=IpPl&e7t(?m zBgg{8`31I`e0^5trG){DDa@6nRDB6-ogSIu<^5$=P*t|o${?=tYMzj& zotadeY1@un{eAB@S7>Ru=mq-nzfAs_(!AE}ZOl9f_yF=W35yYs*QT{JU%Y%fL$tCf z3&yw}6~XcBm$S00d|xIdK{z}s)gfi=L`paoKR)f`S1yFJr+Mu-(zr`#b%&;fI!fF8 z=iXK?{5%1UA8cH=vatMNPn-F3ItQ|1?BTx^c}&tJvgH@~r+9STV&;P;I$iaFo4`B@ z58bn^qhu=#(S3t3gpEidiQFJVz7&7C;Wyv2l&SXvV0th|8tFiAzTY0peI%33VwVqLpj!jiAKd{6b(6EsH{MXf&VTcD&^G zRk0^4ex&*Urf^m*(Wo}{t+RqgpbP>D-d%%+Y;63~Fpmp_9O4-~HRyPjSJwu8_3IAf zMu#Xt3-Zp5S-9|5yK7>$7xkSBx>(0dx!>N*Z#|9EF+4CG?O-qUWz4 zpu}uK73*IQUTgm3&?QBPK!?VqXozm%C)!yM`Y`sd0lvVW^3+_15KY)S#{E{ z+K!ZF?;NU3PrcS;o-(g$dtc(|8AZjT9nY)`8Xo(G&MtBac14Co(b#!t`qSaBk(91rWONkZ^NeY+{iK!e!&*EZHv#uf^SQez*4)=20U8= zJbfr?9@~eW-(nS-ML$+nuJU|O6;<2(}#Uw$_HES?I2`Q~O8t6iz@ z6XN5w(YL)@)LCc~HT4dz?1FK=2RZAh@2u-sZ*fUg4U-g{3z+?ogbryf+(2EM)wt{ifc*~t{JwI1dUQi_UODKVf2 zLU>J8BlV(A-MYKgT2)o`9R}q_D{<-XQxdmm<{f7@% z>^B?+fqmJ{-Mt&d^84Q2XE5U&#zuy?FnXG`=)rxD^7x~Wko$v!Hz;?{o#N)^2FtMu z2LAGeyJpZAa|^NYjHD!!hzKLN%G$a*aU4vE%G}m$X>bD3#c|Z|2j=Z{MNaP{I4}&j z(;M- zi%TDy_#un2PDn}9va`#eR|7{Qn%jlpUZ>zZaR-jKy+3~3Den=#bZJ{(U*Am&i+AAS z!k>(34D1%M8`F*ubzwwVsT5FP^><^@Vn3mL4mX#TTf0|ufSIDA<+EMUZK;hcH?#O6 zifAxUeFrJQO?YXjzqv_;!22|J0)9l0^sbQhr586eJW^0tXyn4@R&xz4)fT%LUnC}e zL-JjUaYnRsbY8Gp#iUgvAS*yr-hK6o18!3uFnWl4@#3KcosEr+6b31M;DoiMI|6%w z^Wt7*W#tQsig#bWWQF+C4f)S^5VlX(@4a{TE@fR&k6TI;+!5aXuz0J_rDI@lcuEuD z?FcpjlnWtoZ}BC<<$BrmVQsOFhDHiI15~fnHq&*I>kw%@G1Tu~+2JS4ZXBWOgRT!G zzx1*DBgkCHdM`cfSV7A1-aKU`nb(F&51?pSJW)*ReCzvNPX&S2nZlfddpXL3ywkpf zjq#7-`YqOX=;`VnxwT?HKTEOQ_yJ5=rJ}4^v!)r1_mO&1XU=>>cYZ=PF)~`iA9BB} z0D$BJLaZsQk+BJ$bSN&Wv|~6iZ-* zRXsFBH{EC(;c?&4jfdHwwz=Kw2rO`5jC}&NmN5)%zI^4%X-Ub|sDRz^@u3C;JDT47 z2oWYs5N=7C5;iU7cgp&_kZR+8o1o7SvE#Jp*3Evc%ymxPi> zk7&1V-yZYk&2DI)N?{h2G`~)AgoT9#yTX6>^m_N8S6a(Cf6%=~i4d~iiUf1r=FR13 zGE3BZ_h$qd;NugF6r6KZ6g1u2%`00Z?Cb6d#L9S3ekiw`HQ+hzvHKF=WmkxcUA(sA zy0F6rvlRM#JUibhYmbSw?00)DaxWLGSyvQJRZ?2I+QGr$2s?Wj5nUY)3|i$ z9x^ByA!Q8>c|jI$?w+2Wq|vh059Q^TUbzohW$9$JT!ll&2MJah&wFrsU}k3iHu2;0 z)dIWps|H(SFndxLDCWq~SXB%$UAKKhJB-}<;<*IDm;-1MxW7;*w zTNct8%SLf+66?@e5zcO99+$dicys$;<=3w};1}_9r@=}X{B6zi5-7L+)$Bj_{^&Vf z-2-2PzPyvjKEcGz9e6J9vhu^6hrz+{DY|*;ZuAxGS0LInc#FPR{eYG?+y}onBQ1UK z$dPqeP)~BxoIxYb%+AIld}J3VCa%N%dj}ru=Hi^SNk`rjWu?P#%-Jv{f>y{ayLaD* zTSVQG-Nt^7b2wa(<(ykzbq4x0DSY!NQ5Ro?w(n?M69)-6Zii$s-PwRqKVBo)+)Rs;I1tcVd6H>d7N` zR1T`Di1xg*@l)CJZ!N$(38*ncEZDa)Ok!DpRoa0fw+FOiZ_CRQs-NC{_f8^NCBtLu z`umE?${sT_c36!)80-2LfWSz?)o;CD`AQ5gV@$?yMUI>HqfMJHD6Y8SRJ3Y!T>Prv zLu(oRJmH^<#>kBQz9XyNCHSG&>%)uR_<(K{IZnAO3Bg=s4TyV`dVB;#3~TojkbwHY z8_Ry0A1uK**xtQi99}|9jDmf66AmL_XI6p9ja?N& z3{?5A<0ekER#j0Gh@+{=sH>-kfV@_0zw+6$XDRpIx`v0-Sr=XSP|`D=hJl{BBT8xm z?5_q=I5FWY2D#gPAD>d#ULJibb?w?A7_d+HPpe3eTGM3Fr53snUU4BLgyhQT8*kFt=fsCN#>R5=ZO|f&phi$1@jZ+y%BU@y?Hc#=oA$3m#5qIvqQ{(>XJzG+HLfuEN>#*TjZIE|s*py1PEU zybhT+9x%>1$a6*GLoW=GY+|6RSd=2}*grDji>fviB~?B5fYLxU4rDVk1=EZclXEfE zy6J}RjD>~Y&Y$4qjQ#G5odaNUu^;13E?nP^13`D%%g?VIh|5Uw6>LAq!3BWK#l`g~ z<@C{hEVZ%F^xSic|o9gc9ZQLeG3F-}r)3C+%h2=0KV!G)g z`^#s}tipr~g~DZEjPIbBw&q_)5ArU!D#d))WeHr5V7Ytm-ly^Lt6&p(S$z_|%8;b3 zgAM0lja(9W#rE@HV#f|-YHPuNi`(1tOPoHP^z^LQqm71m0*JYoDkpzcP3>NJ&&6A} z^qLM+m6VmO!O(~j_~232O*Bw%$-|VgZ^%=j4HCin+AI93?49-r648Y0#wc(yArSx$ z?EVoE-X#2hHVIU9-Oo|~-F&P0w!JI2cH`SyXREbj8SjFX z%sJDHtH-aZsJyMMrNt~xoOo2xHRS;7C!FT2Oxm)2EOdg(pk}&-_#3+820Ucoox3ut z7HgsInd~mS`Q7*3Ko1WrCNZ7<9Uk{B%&O$ zpFi~227c?o?Ko@ifZJ7jdfQA%X$Ro8;p$b8;Y#5AjlrowVzlthQ}iZXMGQ~_^Q`Ui zTOD1q78zYu)=5ku!f47#tsKugEAO~4*sYiU5F_sToP|-;VHIyU^|o!>K-l@u<-Rs|V0@i2YN;TKpQB z_)5r(ka;{6n7sdR1eou%Wqhz3(AQLJNeKnW{@I3&?h>{-ub&|&$dnN1=Jp3305ntS zce;AKQQBH-YHUo*#N;?Egdasl`oN?48_EhtI5?zn=nii0tk{^eaF}*b`j^_R@?08K zYZrrYss&ocqbzn8bWe;GizuYknzY-#6!K;i4%?b%aP1lsFYiwDE%`f$_?5@CD^rPk z-HtVk&D{e04#Gd^A%~B*x3;#nD|}_iCa%c=SKD0VBnX|>LF?m^WyVio9d_3G=8pR9 zcWIbVH;;QDo0*lRV`Acsgk;eCgkSl4>`C0(d*ClB=rfKQ-oO8x=?K^KYm7^b5VZAe zZLF;ogZQi#4-}KWNIHtFO^9(bGN~28pG(22(h1pOhZ-uNPkRUWlM={IZ_fWQO%EE7 zXQ;tK#(l?H`-T=8?Ti*Yk$Xsguk~u1oBM$qYUEcKp0UK*B=Hfz=%hJsxV*3|vUzWt zq7!Am$Hro^q=G+`TYX=ol~}!1Yip5y>a`!=EK;&GDT&?VX=CYjoc&*(EpW1adzU`;1rUuQUUXI?jvvl$CMyXjMHh}Eg&G!Fvm_=fV#4|*hQ4`*5UC0 zCld~iI8A9u$!_fWxa`dg0?b)6Z(hIN3ZK&0@99V@^uXEZa-P@MXC@;B;EjB*re6=h z@(t8qXQ=D|kMM`2AGE`GA{~CdNbNiaH&pbD-$b_it1V|UQnrs(Ri&_X@&;U#jY!}j z+W{(ui$lpcBTw0l?YFYFF0E!edh{(qL!#Z+&Q8YSr8(B&3={%Nk^3jv9mLHC*m`EY z`5!zgW_SeY^Mxx{(A1Fof!z=Yv^mFoABIL;M4pBRj4_nhr03Z!)$B2thvDQ}Blm7= z|B#Tgdqy!2Zx8-Fa#bl1wy|KREE(P$#pt(vc%q(wK1dF~!}p)$nef!pxqh7`gD&a# zjq)z$P8Ob>2doZ%WX^W;`C2o;-XynXrKiKR*k`FXdQ@UY*3_>*vl`Cpp6k?=GIVP& zzPf2mQ9952IWwDDCFO|8dBA}reQB^f2;oMC5%Gb_D2~9&@AN!EJs|@YTCf zU?)9j4Ik^hTV9$LMKxUEsU7Qy6OXcMTaj6#B*&3i+J*@}~GoaqSdv~`_HR$ozwLkFNGmqOIT94#+2U%hW>3B6$-2v!3l0=jX6P*zpjuce_c!Oj_^&q$(GKEB~+ zXQAL!C|djWVK$jkTv@+G?o~{9oO+ZP8+!+Jkot%%;3Lv+Pn$&uSZ{C?*@qmn1cCoh z=WT?b#~&jr^mXw)#(w{fe{h`SYrvVIdHrC>b%??orc!@2$2r#wE>kEiZY3 zV%orXzp(H@ZDG>*pEZAzHcDcb_yLQ=<}~UC7{J#esUHTrre$S4 zQw?FAu&>1WLN6+|Bsh%B(j^3|TDM;lC*X4qTu*4ABW!H$4#$eT#>m;nnBQ<58baOPjJ;)qj=PrNQuKFWuc|G0Xk$6pVN5 zxJxgNxlxf4(@^BrZwL%Oou16&rqKyX*%#z~?UG0Q^XIz2C-?pQ*6ufCT81+9K}W@Q zhF1>)o;+~}gBSxg1uTmMQi!+OClV!+pVM01Kd?Rbe5Ak*luzyeX2Kv3r9jLmJv}ow zr>JlT(*p?=AaXAD3V`C2q>uY0C0+_F&s24iy0M%*I z=s^RBa$%nve;IC9T8l~8{IKUk1Gmy@*O;@Pa6SW6k-rdK6a4as++&agm+p>1WJ$;z zM7=e^pWQLFxLG&z!GrYxps~-MDUIHCG8A#UaOXp?8;Acf#?7K4UjBC8tkTtss>(EX zEhf^E@)^L2?BGg35()U?+WH59l3^E{bN9F%LegH;Cu1Mo=6j3``^&@=M7O}^;kLTE zEk#8|mlIxNdn1>5UsreWS38c!xa8zbuKPPr-TLkpQX5sF|E{f#E-x={=4V1QWnH85 z!Gi}6`5t|Mz84q)*k9JkjEZ7}XCrf#*A#G4;!H%TZa0w@HY&Iq8X4(;RkNEOVaPIb zMr$16#NX68h88^Q)UN|c-_k+*;*(Z&7CCvrN0IsP;gz)8FC4pJngtBtz!H$4mwW^# z451wX^H9t21{$yR{X95xbR&pR%5V0Y)Un7OcXMCgq^_Zn4*Ui^$-!gCUern0QZjdw zbhxbkM84L$U8hy#sh@jF#tdpPrO@tc^QFEKs~PU5YBn-a@?-MWF}7{&d?Vjfl@;Rp z_kX~>K^ShxJ`u}CeK9s4shV8Vm|qo&Ut}-APu0jZK&sJcXnnM+!;U&efXg>$~Bg ze3<)!d-o<77QUO;x^sO0P5Z=-Kk8d?^GP6w)2z{hy}13ztLx5C!O`#I$B&Qr`w~Ez zOCMP)!V>rZS;v<%+bFe9B{xEN7178}hNSBbH&DIp=ODGB5R4>fUimB|gBy_GwDkpa z-^6Q7b8cCxUf&Ugvfja)U&ns0+WT|2T;fW3dF}R7pq+XEG$~?>#eHArZlBptD{|iL zoutf0HV+REY^N3b?T9ZkBkYWbZpz{C?m>yGPt0%J*s$gv6`s#v?%_j+o^|#>Xi1I3 zDKRNY{Os9vh-jN=JXeAP2{RTRi>@tv{@mjRXP5dGwwX;h_W_vz;bT%$H4W+vPve?b z6fMme-w3~twR7vwVP>yku(ZEN8%tUCj7MXug)(dF48>4t6`syxcns+gh zhsXLDqpcVg78YWT>oV_WV^p*%P!31X)Ek>TP-~y-iK5G3!O(Ft+>GdPMx)EkwA%fa7G_vgDkKEZ=9OTO z5Xmsbm%}X1T6pqta#Gc%UHx+!Ab;P$;NacQKMvq@9Q+n{Hg<*BciDHre86_Ci~C}i~d^XY6_v%BWJ7N?pQZ*A18-JmEggHE0K=9&9}X4Z4X{&0eX$h-7&lz zT1D}i;h~`q9<)nt(KvlAqlGKqeak<2+{b$ZlUe|xrM|33k6yg4i(+;;iUj~5t1v<& zw~XYMudi*460$!q6@kNLY}WAsL$-VAcs-91UXMdMFj@518zI%~ylPG^E-c5!ZDDPs zOI?wJ6U&O_klCxxmDxpdAt&y9Xj|nj<~HIcFmAuqr=gy!wJ0j(cUpn$BK`4ab+obh zj~1p!$2A7F(aT+yvj}>tUAvV9T&mr&rbYc>lng-iHv9ov*}>)c{3&o(rh8v2Ok=;a zQk^>|MhZ7CR(z?gEg>f6)&&G2qUza@oxIu*9hkp53+YfGRII6MXowGxMq?!#&mip{ zue@AkB_*b#N0X}OG35xA?9(^Yl(COdE4dWC1!x>0M58|>`T!6%4!-BvIFi&2Slgh> zz95qaYj*OvHU+O=2V~nRUU}IC2C2S%uRHtLJ~~FfwIb1enDG6sy`3JD1>QI>=85%o zo}FIU?2){-NlN(v?|Ln#)hLG{2||fEEiJ7C{BBAAzWai&;?s@F2wrRUpG{t;w(w~qSg@_EsEj?n zUx(>OCh46x^njICQz9^HRCD?w&jhmyWD={at*r}OmKl*wtk_T6_drDJ*oN5McmD2j zY~%OKS$3Q=CdRCW4gQaR`}nSw{ zEj?RpY;6cA~KQ+4}F_%aASf7r}UnS+t~&ZeXzojcg8c0 zqU0nbESxlq74|}~z2EJrCCAg~!pKMlC9w;1)YR0fo}qnP1GlYPC839uDmE`tRYgU{ z%Fx_I2v)b=a7wOk+<4>Q@mlVaC!bk-qoJWe0W3E6Tcam>O~rvkaiHV=3t;+OEJ7WA z_#krV`}Y-;`}gmQp>kF@`s}QJX^78`V-0IbPP2W6@~7x=kwT-&6}r!YZQl&F3>LU+ zR~OslyuZ?Cx<4sFk~-Rt-|xW1I@cAEt?EUNp$@~{-Avo-lmn2 zOMe~4uiZf!I%X#XFS+2xiWK%#&BBMM!jgO*qutKR$;CIics+c0bMCj%vBS&gjC&C3 zzb*&GnnZ)VhK9@Mz8p|B;ZUF7iJ^e5c$jA+!_z*V02jSAz5mCLI=3Md`<`ody}7m0 z(SIre)TS;3YFnG$1qKF^I$v7L?~xKL>&KjCPJ-dv*6mwS`b3LXM9`Ndp+}L$>6TKy zXt(UBy z;KFQ9k|rbG zL20PK0J#1Z3cr-Q%o{x4`{yN&4h$Uma>p9;;jI~WJ^>*p=Mqv)M^O!T5OoeVHlETRv}j8v5LyDLD0g@lG)tjI_2!~>;=5{$h&P}B2 zT|q&C;el#=d9V{SJ9q935pl{>A1xGVP>2~A8al|qu^Bw5ZjBYH6}yG(PN4jUdi2IM z_b&E#EtE;DTDR)%DU}F|;}2-HzKz7k`PlQ;x5=^;vAVk)6nr*LMSot#Gb?*%-&M5= zp<;Fv>9zIs&+vP8CganjWZym9&>MabJN|Lt3mzm{V*_;uDFJ#GlI6x(doZXt zvb=b1kTpy;`Z(c8FKjN&$+febjmtY|e@m6>l1z8tyg>>w=1Af6&cVrZ@4G`~9K)Y->nW!&UR zfHpzRga(tzK(#2Q-TfI|OFYfw=KY({%ij+A z>G+T?^*%M@*1S=%gDWdX4BbN++H^E$xZ{KCsw@=GeNH>bzQuUh)OhpJn^A#6+3p@*mGdy>bgj_8Tiz3!m$w%UR)hjQWb;S&#BS@b(0_rIvj;dh z{Oa$XegF0?6@ZSvgSxczT7ruNE? z{_emB=zbhz!5JD&C~`ASAuq%N=8PeInSDvoR5eF`q!_c zRv$txqYcd+b$pVDo{ti`sttJbZl#+_m@1huDVLvSZT*59xgF8`8>PlnR#pazhtES zlq?82QdHpKwc~trPo-<8Pn6&PBJQoDvRb39@fT1LL_$FYL{LCVK$LFjknR=)B}8eE z4oRh6N#kVXVV>bExM+8rS9718m zb=I7y$0~|CG~F??BJ`~Agd_U|xVU1j2z#(xOfbRl0;YKmOZa;(9kIOe^XG3VHYX}r zY0Z&35?Fe$+@xjG0{z+Ky;D}$Uf>b|Bj29_uC=wlFDW5$;ob%ObI!Y%P0d1k#6qmj z`xh?Y3B#8Q4eIfsYI*hQ6-sOw34?&&)c4FIlzV8XLc%4Qe*ra=S47c0>kowRctG}e z1$Hb*)D;5mc(%iOCbIdMB56+))ONmOrW&E6ctfj03&O@^zq9RbMqkJ`4ChPNM>^6Ac=^;f;F%Po-Fqq zUcOTVS}MSnk4|CkWNbuTb6TrfCC!$}?dH$HtD-NVR2$))@cHa5(ft!jtRV{^#{zq^ zM8K~`8fOY5GsVz+^=xMn&IXmqIyZ8lZy!O68h$&q_v^7y07uwNMRXW<4%@#0 ztQlaHvef6`Kwi?sUqdq|?*9a>W?jpfCY;0;;+Vk)MvN~@#uwmJ< zIsY~dOc+FY>ECB&z6|vdJp%(qe7B#E4_3FC8#E^)_dYc(E$5ECsHo`Uc+SgEb8~|l zxnMAyP*zqJIzcIb$diP00You|a8n=oTl0sa4q5o|1L7S%F6RPwM0&LCe|>kZqhczBimTqK)jZ9dZrvk-QwOX`ea{LVjf z0am#L-{0aeC*Gw6uc;sqqmFyqs;UzI`gJ0U8+=Qkx_|%02Iyz{TIPU+Z-%xk6a6-$ zlI+$I@SXR?nX)i92L~Qc$edOP?12j?NG)U_)ca0Y{?!b?pNQ!l(K~-#^wiXRq0a02 zETO7NC2jnDanTnJQCPuVy-V|u4YdHO(+B)MD0Ru)Y6vAwV0IR=EIqLS#8Dr4dmYBJGXz6xT*FROQ7eXk*+ zVzgrg{sfw3X6NQaC_GM21VFxEw&a1sF8+Ds1{u?`DLqKRBK!2vgWXw=RTlISyaR+6 zGW0iyiQm9lgag?tsDpxnV)05R?4G79%!m#op9jVa4_InY@Q7qmm9lNW0}cyrxj)p8 zh`^AR*7wR=0Ql2@Bz({R`aynv3*QWE6hjys24bRCK>EX@qQnd2vf(uVfC6~=Zphae z!WEFDRJU(qjEsyxJs!rZ07=2Wssv$3(O{2@@*I_$597juXaX!EUaUA9&QIWt3}KrC zIU{0Y^8gq|BoUDDfKMFG`?;`}NCavf4gRe=0N1`}_AN(BDT1F#D?^?o<&+ z@py@$kOYkHh!6%Sy+y_k7d&BfEFydah1TWHuJd{rAlE_E7rIq8=Yc~8P3sLlhkN|| z{Bd#^2$zq*UERRT6LVgR>B>lCCa)I!xx6f8AI;3nEDppFXjn}O)qvlIqk;gMgeXA1 z4lE~C^z-4-(KcYm8fLA)8tEcHPTCb#5E63=_nHc=K|2LvwiL7LzQ~;iFb2WyU^AAL zm6=iq0qDT^Yzv&*??XUC2-cPA!mKR1k^XpL)0c!Pe2?$|U`US~(Bm7oFf&qdJPc(| zJMGg@@-iU6b`l_TR19(HQV-~J1FG^{xg|N27m!T*0({s%o(wW7Eltga>63X67CE^` z7*ny2zL|d#q&HGZXq%sfyM)Mhhs%G9D)V*xhI`yAv&{0>mW6?VNY=AM1l``y(sGVY z{sW>_fH@ObC~py8D4Y>d8w}5c_v8hdOK50i)!_Ki=GnC<0^AhHEF|EToFyUP>vW%t z1Gl&WTWnnR3fZI4!iM&6r=1^{VUPeOO7pmAt2XD&gL9a(&A0L1leB`=8UqDHt*PSo z0$`^=Qj8*WZG$K*BX?y;0y13CDWkRwn$mz0Rs?1H>jDrhgF`m!K0hdVF9C&y5(a@X zAi&9x(g4#U#qR-#o=s>iq{h6VT@k`Wh|~^(D5wnFul01oHWH?ddCNd>i#oMfbM0IC zEj_k@q4b_rBnjZn#1Q7HjpkmPJC{k^=$%tdcCs;X)$QeEOlgj>Ah9WU70@gF7XzB(?!yzr0v5nN<4KW`Z-D5$$>)HF2&Wtz{9plqrO{0OrG6ZMI0B-g)N1D#wb(fmK?c7C zj7m!!oQ2?`Ue>x=y*!vj0H-w;OUzqH<3N^$+#ee^x>sO+roZz6Kx=5G^aMGLdAMF# zL@YgI={6oc&}7vN;|~CGnyh*V7@DWIHzq94;e#=Hk!;usC)5?uuWz6#ZPtVrxhUK5YFaPu;k~? zokLV0&YOT(!}taeY&XLh0?7#@nC)_m9iD+dUc%XOpksz2G`XlK6f#y$XMWhLre?#N zq#Am9de0h@{QM+*Mn1x+?!{?o9DfDC%^Reo!!E8+S602H!g&)40-UR+P+qsSz8fub z>wJ6{zlOUbVawFq?-QE{lNt$eT~YeFM+b{q`yT+vZg5*sAvKF|aW)HawQZH|xeFJR zmx6G=3nAUf#z{0-;*|xjCdx0vaJiInAlLh$TO)Tj2jFv5W3L%R?BF^BOY;gHk5heq zo<9tO-;!)iOfp)I$;imQeSA&;__8;cB2fXzHG&xfB@uK^Rf1X=D3@&*#V@0$d!PwW z79c8kH@OKB`PQXNK1oTGKoWQ+d0gNZKq?7>6B3)h2M4oo7$b}00^SXjU=r)zX{a!j z>ljQao`s_ib&mN5IRK<+CTXfbKN^0rpwD-3#P29z`t~lVtnZy2g7;Nzs4P%Sr!k);U=Lzg+4Ucp&yno|8pCb#jOZvgP zN7PV}K1Ew`pdSOY1sk~GR+x}MJQ5D?fKc#!+?_--7&_=v__Rb5s!{d!o5m@rsRQ4+ zD^s8_s7jn7W>%#lth1}U!kghR66JCEi-e@jG}Fm?%>|q(AORjv0Py)K@*(Y23W{Km z_ds$#ayT7K3)ngcXfo!|pky@y4TW-j&GGT^>btj)ZsvTeaG1?Y)hso}frQ`0X&Z#q z0Fz@O9^R8rmw)~=ggpqD4=)Uk-i8JWe&^p8LEbU+8P3uY*8`h;@a=u8CG-#LxV23r zsDn?=`8X4c50Z_t+aivb!3GAOi6=B#=MA^kpTv&-qNS1H-{4QSG;mzU&QcH7*}8zT zuw=#&aqM{e`?4WS*?>wE>NBuw^#!pHLd`>7jPmwvVr}IqbnyNG(Z#Q->UHfG(-$?> z&==4zwgEEo7TEJNyl>StG`N7FcR>FXW#)CI2Ne_H_3PNe-}|;;{?YKNvjm0F4X8kY zG34gs1MM2psQ@^-)9+;>NU0erHXy%1N*s_gnLAiozbV|X7|HkY_s0g*?;Is1Wf>_K zzLhPOx3?fHM@v8a^Iw8R9UM53e?=ju@fo~F*s{I9j|~!ZAD?DygZFd+S4l|&!F|)z z)D&szpmgCq*YsS0BouqoKh%0ZxU$_Xuz=&5Jz61|v17PbN{&QNyOYjo*@8-|VK+5> zTV&s`+0PJ);A~Jy02l-fF88gz3r9vpDf!Byh{qYys|F*td`}!5dYHHkGvb|PW z($CM&FNW$bU$X=gh!qf*OKNJ~0H}jrvKyqeh=#!9c=tN5-Lm2-*CU8JNmMk6X6}S3 zm|n@6`SxX7WdYMTk8^HqW5{+^UH-Wc1^Ox=NJb8;$B{Gx#)g^y=H6X|ZVpu>T#c-6sWIA+E404cU=90^cJ+XSGN9PMs;3JL_!A7SO_2zRI%=|XZl zbolJDj}P$>wgnBWn6r$9@(q|Dg1?)nmR77?)NR5#Q~v@fz?q3F0YzP~X;@NEJM*Gl^64m9iR zZJb9T8cTre;GhCEF1NKUY#JjF;GH|x(M`X|=WwVHjY5>hRl_9 zkA+Ly-Rk79^UF7B_BDg;cL&v8Vo-Cau{C~X&-(K>IW5fx$a2M*eXdv2EdViD?{DaJ zmS}?t77D}Qy3wpA|De(I6w^nNqC~-6a*rPi{yC0E6U4f(adG(reuSK&kUJo!w8zN- z9n`llw$K_#bJ*H-(i?KHHo7lg>1AgPfJ|4Bf8>hpXoO4`%?F0q>#xSH?33r_jJU9X zSRo_mIe;qGU>;I69|ZM}qJ=L~yMaw$gYkn^0sk*lb_Uo$fL&ncz5C$d!!)>+$7H%J z8qd5G0NsI!Jt!2UILb9_0GApX z{dp}}Qz6#w90f9T&#QpEBpR`&8_=Kv4En{y+S680uIJh;V2E9v1T+~pcA`zVe_Pv4 zsVq6|HlnWSnq3+h76(=xGB*`Ao_J=h59coaQis^as@rMOpJ_*aGgs$3B1P|`904*!l;TdQs_Q(l)&&8 z62O;gzV4i9VIW^ty{7@)10Y#S*7gq9g>D=eHYs%+vDmZ;CF<4Xww9K50oH%3BENw= z4OZZ90L$Bcs^AN0#95SiYNTUJ&!x0mbHxY4_VQ2W$W_r!KI_KHSnn^_?o?-kd8aRg z1Eqowz`!hC(|OCH+&Sm~%jQeX499t>EQeO%-V9esG2+&HO`*g(+S`+Pct?kW$O$WN z4f!Ji@E<=q`6a(SAVI;iTd@yS!01o11{M?QhdZP81MXjds(Bc7E@H6(jKY!9+ENG@ zj6xR=QwTHw*1m^~5cVm6?4G%uGFu*haR?9aaBPe$FQ1Hm%62`yg;W$EPlo=6zFHSY zgmWUK87Q~Zf%i(pwg1f9&+h{8I`_er77iuXwVx3Fnbr7jWl9lM^)C0}lh=$%SLVK? zsrpMh+B{rTS&BQhNMdwIKDR;_2swmu;Uc7&m3BX`K(u>IK`G!|raK=Hlmf*QlL{5f ztNgRYOe=zwMYiwyYp!O*OIs`9W;`A&9%u^sisLc888m zvPTOD;HIogfzRV8#UNRyzonx`F~p)2;&O-&__wh>xxV6?s|-Jl4)uaBuhu3WK|V6B zJqhZZRr^|ymldEi?YiZO`#Hp38#Rp2oW6cNXI()EiOR|+Q&;VHxbYBy18fwqY2yDP zQtqj#gmFPI5Eh%Q3WG8MV8Qrt2OAr-b0H1%N8-VGZ_dZUf)B~wHNM`-$qyroVr9#^ zNKW*ErS?M~iYHWHK=)?sESETu4+4Dd9djAH)lg2~k zXPlkp<}G_QWaRA5FO;B5Ns9UYFDHILH&^Rjs;WD6zmeQwv{R6h%2rWy1JQbHhj(Zz z3@#Anc@K>Qfq|jp2sH{y>I=A+E|J^6>K}1KL6Z{8?j+f6Ixk2UKuqxYFr}B$a1*MXU9ZX@)dYbOHp9wiL{x~Y^G@6w>l)qAxbE$vHjhZ^` zg1tF0Nt^$hH_7SgVrw`1jh0{~0m(DOlL-n!%fm(=Y~|kd$%A@%bI6PVo=yJ7D*^3r zpnO1Dj>p~2B%VXQgcRr~DzH3WsWt~P1m@m^0&R;DhS~}6b*(nOh_5hl#`M`skf4ZJ zS>0d137c&E8xTq@$P7BNt0iME5ZUAe)Y9E|)c=(vBbnQEU{eT1C9BSV(D^xfm=t)< zI;)_N(|%G|Ms_=y>vaH&JJaZ7t`q+Y*IRVfJ;#@IMmK{yy|VKTLGqh3`ir*>!!s?7 z`o?LwZ4ull$bA{_W*6q>A`MS4`6Nc7r}8HvXD$fd1qE6$B>jN}Gr(P!faGCqrk)a1 zTg@=z-z>?%t$$#^8&Zn1w%y5k4}-POkj1$|>!*?TtJk`}BGBlwZ}+_j?VwyBiI%q9 zU+%|((>Jjp0z(AbbtYrtu6ZnnV!1h#!d@KC1@K#f)0=>HmU)nN-Feo|s>*(1-+O|8-Iy3iwa(~Ru^Qj=_M zoohhd_}0}4esTkA@RCXZm#LxV0KGuoN7Ub^Y3)u0b?m;$X`IlT(*V-Y)|+_1<1H9MvI#yDw# zs+#Fx5F^vUTtk|_9_3dvbo9X5CY8@YW%n;C|+BD7btnX^DHo-1Rjl<{5CM*tuQ&I#Bzc& z&Xb(5V1uNQ_#XcK8)Q$L1Sem?4FpCn(p=HzVX)vHPV zSXkb&^N@S-{mwGO1MWqmHcrP1fAg#N8ZJ``-h@7x)T&TYQc|#ux@8mEpQAztgLR3| zq}NuMARQNjp3CHdf?)96{_J{C+M{mQjqpPA&^(|jyA3N55XDqLEQ?D@kQOSyar{6> zF@6{e<+N%BF>iYp%(X#?OVlY(iBJUcD+RyMeSr!$Ptca#5mz0H|uT3Sk^xhjbAuYHJ5UQrz_ITc!T|C&06z zv7!-R2q3oM`;o~H-zFxSM@FuJcFXDD7cE?y1QR_p8WCGO9LrT>fkxs$iMr#5H|={op^Uakp4vE2yN&c8%qjQ z=oU=P8FqOrzNimmE9Z-Ep77KVb`HuHB+G;EgocDraKC}>DhyyUG8P3uJOo{I0~g%y z{F{Kh`4LcPbLoZEvNvTDwb|hTNkvf53Ylb@6NTo2DJ$CZujUf`S?8srZx-7KSvV0aX{#f=rI*pCx=<_wR#u8*(YGB zH%TQh1mvHAELf0lBc~q#@-vlzTtq-bz*;7TGb1}4>7E8L3UvC@IMhKe!ZlX?cgR%h zztaFwwm~!V7K~j|JOs9nA-sZ6KtLd0rve{D2uQO$ii$=4^CeGuPEOAEAVC7xIUJzG zp#d3M9s&}w^77sS&cH#=<%mL3K4>fzVSWj^yjfV2C}CUAYy#-q5rw6@1>RXI^&jDY z3L(z`t zn*hUl1AHpY-Me$~fmdNn0N$6`<|pY{Sf_Uta6T;$Vjng8H_qE^ceeyW$2`)dhkuLz zBFd;I?B7*rK!#Khg06Rz77EiQF7+!esxRs{TznS{zB z`wI)kEv>Enyowl@JNH1)3Fl}#M`le8A85Rh^ylh=EHYZ45^x{*Yao)mJl6*Nz;0y- z2e!i-C~9DQ7$qaioE0}v!cpV>PSB84Tu}l14<8}Synx3#ZVd|yQH{XZQmi2wJ1rP3 zQeKYChJlU=JYhl&NE@yT3JMPKAabnTUEhQRik?J)x3Hy4tf3ATn1ln`@3`pQ$j&vAB)}GzmwSh3)8A~s)PchN8z4bx zgxK|cX~`eJ=D7hzOM-U8!lt9TsuI{nU|+pibGG5e@Bzaq}ttb3`%btK+Fg ztt5@=I!B*2t`Rv}Unjc#!qA_F#<+LvnY+h1d@-swR%o7%1NTC(bbOW=J2`9Q@?&!6 zv5`@#zSHb^m=9*{3@J5-Nhh%Y*qM|XycYiwKs4~^Wmy1^4>s4)I1SD6igd(pnA%Ez z`}QN4?CuQ_2xc|!9n@Yxp$IKD{yeKXsWF*w-&gyC^>^uSu)kg1t4@cN9JN)urM}yT zYc-DFLVrh$USC&vf0|vXN=Xv4@zC9a_jPTxhvw?nZt#FhT7jRAS42FG=Besh9C#Wk zkO@+(RhUgV^;{ku9i0h=3esGYRzBq~#;y#DJ2I5+d=l-~_QjW88UK_A(?;w2SY8z>SCmLhpx!kiv1dwefBI98iUgyty+a)k`qfm-b@*6 zroLqvfU!D}Aiyhufe$ED|6=BCNz=#sFXKuVWZf!uzANaX$$q#z484^v>$3Ri&+08x zlC5ZD>MH>+>$}jlySvh#<`4R80;jJ~C)mS$LJMF?7@=Q6UOwd4 zuf0np-lFbS@=2>KUuKq9;X-Cj=OcG7=gSeUyM(+8MwOm=bq z5HRxsfJ-=E?-bMMfd^YP42q09-UXF#9#nL<>?Wa}FMCLG6f>W;*TGU zfQH-(%^EYfir7_YHvunJ)BMSQV!C1M;i>0~{t+X&qd&G$hsVr+ zoqYyWc4MCUuVlab?L!c9r}2p*R11B8qeg{?r@+WUdLEvG@7NLy6Xl3vt5`wt6=6uRCIK1VWB)IWml$a4+TR# zUMNhytav;)1pX;GFt=5?+;SD%2Q4&BtahILd~-GZa<|LcbN`qm*2A<=W4qN%@QRj$ zxou&FH=O4J>Fl5^?JB*eZi}7T0&^p{Xn^VMo23!98*}?e%cQzKL(tU>I!}CBvl-Wv zFz1t1wet>9uGEVkZcY6j3T)eOoMDPDUmowRQ;*&3TUx3`NBrKh78)tRet#%Q4mSsi zwym4xz(Elu@bTPMhP7*5EYdcco0HQIB=Ew{0Xs~P%E-)=Seq;`fqQirX?n-rk_J7h z56LgmBdDgTnhhXeXLmPfKGcT{_Q3<3t^V9z=z+=LdxP>qPm`Y|O&r?A?jP%zXL63C z&i{(IVlVMB#9gSkzPhDiz4>2bB_{l30)T>y_)>B;BHq8yR}w-XB%!d`k|bT)KG(SMD)tN5$TDLv zhmlYg9fll)XA=J&d@D}A`|Aty-?~(r`lmY)5q2{2(e9379`>@2P3O~5#U602H}E>w z9V{R}gl*donHT%(U&a|(SzP>k+sy3wJxjZ6w3ijdb5JJbw z3t+4kuddB=TA0-Bc|pEFB8-$Wi%x-Gz39bwYLhyp!c1@OuY}L~!JRz=!;-&; z!xP3gBVv)wiBevwFf zGWJ}S(rv+NfYV_v5Q+8@&ebqGQc2HkcNnZ~tHD5q!{g-0s$=Tq4;2Aa+2xHs?7dLF z)A%nzE)=qs_tQDlh8cGcR7ox}QupMsY+J9yqwif;(17dhZaKR0P3T9A+*5bNh?m;} zD(T$(d{sbbhhS<&);!8T9Y8Ob#3&;trv|BILWqxOL(qmP*MqswodG-MR$1&>X(-{3 za2FNnX+T{BPMk7m81nHtx0;u=yXs??u6I`ck}*4R^&cz`?_!BKZn^qkZk_`= z4Z1(@sKDL_W7c6X+$BHZNL#=cqeR|8Yr<&&N8rmCzx%A9&s^!j5tndJtB94RT&Kev{;BNn$!;i9Y8%O{K{$_v4C3rH9RmKfO-MX6{L zo`h=+?vNeJpy4-D$YY9yPI=sNI6Xiv$ja&~tCt%rcKDod9S+;5#6%Y9@nS=i0{ zSyeSKkTKADU6x6Mmx8Ml7dQR7ewZI#e{^>|#~xZ1IpW*zpWVZXNgG)wT1S};;orFh z1;ZeEqJ`0@uP0MN--BX=qK+ONAKxV&j`h9&7hL3@+dpE2pMGVH_dlRTu9*U^v&?o$ zKIUlu@L00sdaRT^oJVtXv2wttR$I~u)z`n1>FyJ^TDNXi^Jpdp#0W*{=piY zFEvx(>A|Spr`2Fy47c37G5JOO;hLxEk8LMot>~52RW&80+c~q=Mn02a_9TK4`};54;E7l&la;7EL|E}8XCAk*Vx5WZEL1v zrhs6e+$In!(f+}wO# zCh@3DS90eRE5`9_X;=3BY-hF|Hyg;;Qa(NTb?6$$=~lf_yRWYmodFy|?N-wzGU(2t zbxfw1!*_c^uyG{Btv(4`t-t{zToS+Ll?UocnF#U zB;gF%5sfr>x*%c9?nmr%PCVUW;W!?Zzdy*a2XA?&g`hJPVpuAL(Z9i_+7z1FwP8{l zjTyk9NECV;hA~A zUhLje_t&QH5szkA3NG|;L%vhRbkV{e={T-eiG{U$+9cPnciqR+1HX9Ztw!vq`1pzY zf1)(f`8Fd34_X>qE-!iVgxdLRZY!o7~$2yE_V#31w(*s z*@54O88CeVNL=)|$E<(vxc5}5--<|xM~h6T?)IQ0rS#J;rT`mOZ&a_cKWRY0nCDZp zSzH|d>r&uOIG}|JVu3J~a0dnQmjCm^s$COosXaN%_g6MxHm)x;!{-B)DTRjG!yYn@ zRk+`(&|24w!ND=$eSToFYJhK3%5vBAd4&$|!GfRn;rZ)tF72<57L5X`Qvmank>nDc z4prwWjPCA-R&m;rAb8*<0VMlpzcsw!=nC?Q=QrDAk|_q{&ZC;|FF4eg-0-9M2?_5Y z_*iBD38aW#*mh!n_VtF``}>c;Att_;|7;=t#4ilYzRe@g#N}6GCvZR%UX9Q_tdAA2EJPZ!v ze+*Rr>$*gdJ3?<9mkCUL<<<#|hF$^Zv>}+9*=({60{&nMK6OAM24PH*N!*Xbt3yLl zOd6a=nkA{TOP9&hb94Qak2aDr{05w5Iunz2ex+kzrF(n(C1K-TEE;E#jy5ravKv`t zh?RGCS(&P`sPt*sp!^^d-u7U#Ep1L;=`V6yD|+}sJ@|4`ktvCt-8nJL9oe%_j0nWx z+)n*QaA_09PxS#j!trXFzrdhgke`K_Sq|F6hZwRxq=MYu0!mM!?h=@5R|~3k=${M+ zmlQq7)ZXkbE-hIAeNHCi{uxAfG)h)*;SE;z&e83DZE(Kt7?`Qv_GuWC}Js(M+>W_HK!ceJK5*b59B;ZHEBv zln-+f0^FxyKx8l(hYXbDBj6UF55rmf_s7bayGkLRzKA~+gr)X{{togJQFpw~Vn3`# zeirm~7B6fr(>1$nTOt z&5;dMcyQ0F35PUq_$duu|NC9z^_*g=-8`w{Sko^_h?>AaHKhEn0bol04FpH#rxWEO zDT;rNH%O)(i}p^M)n+^@F^{HOcc=0`ZJum5AD_L0|NIZP@7X)Jao+wvzl3}uENRU9 z-*-6jRnJHnEkcjZn%dCIiDB(IB z_cWw_vsP!ZO4#Mg(G|<}t{~-F?a$J(d0lGPw)iNpm3|CUOUj_lC2q~b>nM~4YLaBp z)B0{+&C;;MzF6MvT$NGDYPsDh!y_?f*4D}XS-wr=l9F8;#(~hG*zV~`mbZaBi;JXL zyvOm>>Fll`XKr^rXW#Sz9ZNLLYoW)soEJR@0ymxDU>(KHm{551zMCTcA@DO` zsbziM)5)SvK2Kkr7XCeEvgGW{?}mh7kf_h=J{_{;jIQsUJUo~gkU@o(0~$QglN5wqK^a9bRn$z@{)NkxEnW9JI2<3wwVe53$6lt9sUwla zPs*TG>i80^S0Y}@oTY+cD(*)oD$z;EpvjQuTxERlA>`Z>R*;b}^Y+}wgX&6>`!b5V zH;lbxiHK~pwut8E^swyirsZnF<@04%pE=Xf8gOU@E*a2J3mW#~PpCg>b)slTXD3$D=*_@O#xW#3j<={JNIS3=1%9ZJ z;s}@=mUmRpXC1WN-HmZ+n6fcRU?z2m5?v3=AK)U^wDwtBSu6-66VCr=sRQ$YM!?~P zPP!UeIqbpvg=1B-ex?Xqw3J`f9b|&axp_j5B?e4w3IIyBfbNq5G&#!1tH!`1L%vGh znl9n<%<=B4`kc>r-P<30qmWbc{v#vq+db3{N^f# z=f}^PIXTCnBg4szgviOb0qWQm&8+FYFo;EcJeUyXeYsvk`Tpv zPqgj#XC;9L@>84oF{D|7dOa%oUvivZEpDo684Q(gqmqLm+!{(B)|1M7UM|Jj;QFjj zYrv+2^ZcFC&&o^2YHKf=?M!i~IdrBko!+7T_)7Hyc7WQmrHDlyXD>X3zqct@I}d~T zu}<%h9v(cOw(3}WAYmQ*oN;TN1lQ7?6VnVM*=uHV6wvfS=$E4SRRW~xC4PBwcm><2KQOIG()ll2|!OWqCL?4Y32Xe71SCCzED7$jzNofs=d;m5~1_z+-vI?!~_4^xKT$h@6H zdUlI7971@f4oCgaF7)Z+G5V_O9@pr>=>W3a)+BcAju?f=@W}M^uDk80yD_<^o2&9| z7d-I|h4)Nm(JsNS^3-3r$eRpz5tpq*UP&rC(Q9L5+P(2ww}ZEQpS|{@5n6=bl0X<+ zqMw2}+Ns~^}1(58(}sKZUb<31pK11zynzf zNW}q|#GMb2yq@#VjDjsalyKVuk5Tc!%fqMh=o(9=V%J#X8#epoRLz519tzYf`ad0~ zv(RsQ!}V0w6^+EesZg_W;bja7!`2UqQcgG8j_AiRy2lb-Zk?AOpn1D&NAR>-nM^h( z7wlf3n2nttEF5ghKA5YPE+rZN!{y5<2w^A|&$0UJ@A(CmN=XSLgDPiThMH%--m4q7 zyqts|q20+2+{B<U0Gpw+|Y&k8(4_)s6h64q z;x*;YAf21fG~nVpN>7-JvspwCnUlW4L^1k2(`GOc(O*B znGCysb6hwzqaAuGwRSJfgz0I}NeA(r(5?J#pnfnnM=QOZ^?_wG)UT9LH}b*ZyRiKa zHM9!e#yX`;%6lyW=6Ya|uidDIs=zE!*PTUclmrd*odw< zn(Sd!ot_*vQ#OE-Ko9ZzaWZgqMe2?mu#J<~(6f(1@OuzRm=0wtb#`@S`ea>CtUlG$S!%FNQ<;q{! zC<;IIooO!|uX~e%noiUkkCO02-e`cDb$G3WK;U=Sy)G!}p=@$x z%Ea_6e@Me2>T#3%vDwQa8ncZ|HOBnHzV-8M+#m2vDc`+0*P3u&1g%>CXI+AJzxJU1 zNOyOWS@|ei#l&Ib4s3goiSlw2Rn)Robw(0>M;MJ;?Y0;4O1Jt&v&HlTD(RI-ZphF) z@e3AvS;Zc|CAYS5`osk{HV+8c zBL}f|agPq2wJe0J*7$`VKdAk6^WbYD+GUFOK#1qjFH50zFPDTnZk6x;_>s$cTWp%C z+RW$_FFzXdD%ESl{2C9*<^J_*#^>dFupEO>ZlD@Ou+1NAKV&` zqSx5-wIn8Nn1%7THTup!X{86i{|)h;^1q7FFuNN2KGpvMWf6OY#-oV=N)5MydXj>$ zs=WIbzJLGR91<}b95GbL|N^b~L3sUX^3j>o{b`V^=(FKN0gTXa5(Dh3CIMI7dKA zHI~xgZDDMw!}4*-Is`ey5*uw7IxRKXI>rx5Fb$3#m)DCu(CrrVA2S)1k!zHJkTcRE zrQ&nNF`rMP`LUw0r=davV!=2fo)KKz!i z%VWiHH8eG!f6`TcTO?0^DQcYlLn_gUL2>2+4u%*y*161~=*~4px4e#$ksgI~#ZL<| z(cup&FArdF>w@2T8GvIzodE;-Ap{FWq@=2oLCg2n-q`%P+~J9>o0igw9ZmAocI|#h zc_`UkYQaY->l1OeUThrP8!RlcFrq>w^9a&^mJhV%$t7Sv_P9~O^yo{Wp!E9fd&w73 z>qN+1K9H-AsaY~u>|8HwaGdGfqxkM4leV3(?I1vDDnV{BY&1rvOM8&JXkZn**6H(D zRp$U=7Ov$7W{sX!TuX!Gh5;s;)xOg@yuxa=l*^&g(FzVvBqN?)R-lufW1BB-hoh1WXQOS`x_mxn~3)%Oq75J*2d6`X%J^dh!O z2u-6!F8FHoJ?c(N;l$2@pN}9(k5z}%TJ5TEApvIp25e(xdSZyJ)iCon0a;)svXPTs zoKGA!QY(qlXr#TOW|&mJ1~sAju04nd9a0h~jHZcFb<40Mq2&8;5v3jT(+*|#B5+Bs zY$@2JW555f$G6eT7c=}|i$Qq_!)VwrdNRIQYMHjTpH;?BvbzJP)9XPrHIOIEw@R{SlN$`t#>c_CL-v~jv! z)KY#dnk%ROA~la};>S(&q&~xf##UNA4-v8Oxo>JSZw%t~dQ5Hd^H$HJnM!6W{|3v2 zod2F5OwP3ecEe#b0GS01PXa3aHvMRmhO|bIGTVKv2tNzMGo))>M%8`kBYW}0B3b{b zd+@SH{bb=e%X>QMp`(*?cKj$)`~2k)^@y!O+r^Dhp`*H!buN;7+N)3QpaSFy*WMb_ zTn-C=AXd0`iKdx3Z|>6hx;oAB`k|jrC?j15hjOrb&x2tF765`eL+l11@cH^fP%GIx zfA_*}+6?9S@xJ^W4vHdXC`aZdpFDcOWs_o<)qP@C4Ao~% z>r`!OdSdTlSprp@Zo%Z<=X-qLHCa%mOaKxv>Q3!M?s+_H+APSGQ4{?Adm~> z>?Pdn8wbK!cuJjPeW<=iH}s1JPXBnm`}1b2yi;h3g|DI2nw|M~tLqpaSBJ|+k}-_~ zy8pRY+OdOWEGDabwA$x^lsBk5w8eJbpXpo~NpHOlan*hn^U>Jy)T7j5v|Xw_rvK-; zs-3&CKMLstd{>Mu4ZgoHMPWnkobG#x{G|jbFkMg)u3G_e+BfZldx7zI&xJ-hMUK2| zCwi53!hxFvWv2_kQpT`s)b|cm?~1pNo722M7-Vb2*zW$Uo=~eEy?TI3rcPZB33$l& zoN+#!&X|Ul>qW7p+T)r>aGHI%d;!JQ$>^f-?3Xa<_7tsS?$>-KBO*cZUK`B#T|*hU z6!2(Pj>9%d^*HsE_Xh5|7g5Ze-Z97awc5PNTiFqxo))O8+@;RQd)HHIO!KV$@a=0{ zW;bas-+d|dKDgW3UvrPNyS zUzi#ra;_durxB>@Wl;>z@O-#}(gr|ZEHXAa^POa3WR0Y|lg?tTW6sHxI6mZg->&^x zN!_w|xPw=9*c%Du-lXItYwWG_qbD7WcBsDZkt*{2V9%HaT2_6a0}z!8jOdDtiOB-@ zN;yzus99T=fVajUs#~Z#jqFi^^DM1NuI5fE#}lt|e?3b4;^$-4*1@;IK$<|V?s3`u z*BkF7LF$9tX3=+%g*Kt@?~Eq1*-+T0yj!?;a9wv^)d)pIIR2MFi*GtQZ`A(5U`Tkl z-5cU>xAUBR^9y>rh7a$;(*$^esqC*q);uP+Cx^wza)RS@I86eW%YuNYs5ubuGncuZ z)tq;+1`A(QME>{mG!uw-_p#1~;MP2l7n4hZ;eLR*FmyyMzI{uq4%BtsJR<15|dbB6L zC@Me9r?Kx=rHAX!MD*cOFTK0{ZxUj;~&n`Yy4VyBa9p{`!3 zv4%#@i-ASleC?lh_fP>^B=#1nx(BhPgCQCc1Hx5$fw+F=32%+@cZ%*>H~`}uW0t^=WCvBgpOXo`#6H}KYdwX7um*qe3?%DpQi(Jg(xjWtU2 zyj-6i6=H2Kps=Ao3XG;sl7{KTTYNf9D=J`1oWcB?Mp_8`yN6(AK4iiu&%LH8>iU$0 z#9=iDxnPIKf1@zFVt4={RNp{ooX;#$2>bKJ-s#(bPg4gwj9#@42sC7dxO7j zveADo_%TMOx;uJ^JkgT&u-R_&5ve?f?!>e!&gIItP~7}5vTg(x6od52K*rm`nhjp~ zt-^fIZ^*>EpPd*^5vN_fst(;^V|C8hJ}ClhgDz6&wH2eWPbP99pWg20uRUAi#TRZf zq}dB!YR`g#^Z42M`uMdMR4BPPaEy22*a!ddrdf8_+O<~py%Q=nMR_V?!y175jLNrR zdgABk{8jipNNq5rC91EgEwbqoqOfJW;cSvOQeSJ|jN$1+Up-&ERr0 z4B<7lD~F6PjZ^02$5=E%1F~Hj?%l7wM zG@l&0prInB3qO)C0k;7I=|uXw)l5JujaYjEf%W|?qTi~lUdq||u(Yre$6QkAX2$HrVG0F$VS`JQw>>Rim*?sJO`UBsrn^|4(XZin2WFdIx*7xn z9N+fBa<^90y zD@U-nhr6cI%BIKnv@%ZZxrsb80dS)``U`Fij`u;*W6G*K<&wQKZ%Zz-;hxm#u}_Y` zvaqj~`xsY)RJChW(UA$9y2sV}pJ%LD9?FaE6h$~{uo~;MN?Jw}p+0ZsH%@>iczPQl$6oemh2TpW7`l2wF|`VC}quvGb% zTdJ*}x+qCMZR?Pd2At~f<~4fVlbGW@}~70h`Y(V zq-fsP^JJE?4x6v%R8uDk-qr45Gs{Lb3hT6Dr6vN1&MS2CL3fM?o&J~0AY%XhY>?3I z;|~4?=eY8MzrL^9_dEP8-xH&F6In-RvLY_s3U7-_Z>-W_cz7UX`E5Izados~T}Itm zgmQP?IUGH2Lo2=b$yd8>k-=XDOL!Hs0nz6-R_r$OB_Qklg->yJvoBL){BgC@hw>zT zT?fxg=apI)qliv@hLfhYXJaHpsw0PZj;8U4q)(3X|6b48L6vkSFg8bhbBZrnO)_te zB#N0bjai?$J?3&Ec)74j=h+C)0~PZ+=pCwLP zxjxClG%y&?ow@S=vG?ZDRQGM$xF)1DT%`;}N-Bzyp(sNGAsMpCT%pX$&|qvbMXZPeWFv#Noh{6a1fA;-m6!{Csh z0B{%ufI6#iQ8^Xs+GVqnSzk(+93ImewucYOas57B^s#7@<=Di_j|HbjX20%T)Zu<& zY^*2Ew!%{AY}t=t^IXlajhiw%7YtX)%mq?L@4PLWcj(%KeMg=srSr8nDlIDF5x>cZ z;9L}~infqT6HG3BXf|`9%@s$EJ~Yu@*{Qo{T}siGGUvglWjP)0O+o(c zYziJnUkC8pW|9r5ofFF)*)nu7s`HahYj3iD)?}z(AZ2Xu38!A+d^6LnLoc!|gqT4O z_Gvv4)U@%o>(E;iGOL3Dg|~ayR)m9G=1S<%=jPrnS4i>^@Y?fx7L$cR2TUK6%L0WK z#0`q4XJPEE(nJi{IwZZ5<=vy$D6^Wc<|YOv@9i0lKK9#wj%bV+|BU|lLrEf?qkCr3 zjBm_9sm#tJcUJ~u{i62S^aV=u4n>F>v_GADc%dy;z}Pb%c=7sWi=wxo0Vh*_uAsBB z4~!0}b6;LvUx&ijhFmwML-qL*Q_W*6EE%m?zMI|p^B40z`la3z8x?)2^2y=DJLD3m zQ%u9cnW$#1EUmx+V=We|O{?3^fAEX#ek(U`u4uj@?Pb4jx4ZZK*8Qm=qC+wg|G25% zvTZn~eqqM#rgSCc+(1;UmVf%Gd0*HDi>4hw;V|V7P>E6YuMzheUJ}1)o?`yR6V8{y z7w;RZOlcCFYaMpt+(St*-}2$(57FGNv4^cQQfXOU@n2K|%9=-m@j{3E&VJ~U2;>l| zh_4!3#F3I)(RYMp*=ZoHFR#Tn-+B0X?i6m`ZF<38FkqEq>F+Jl`#3kR=GYstkmct=kd%+9 z+~$yy@^^gJ)zDLQxHh67b7#X)!cx@eBmyNY^&NsujJ~;SIJBaHn?-VMgV>d~rTeJ! zepS4^SRU^vyMErlJDSS9heC9}eI=bjEV9qq8jxQ7t-3dwfBe!Aaqr3kh|h)!Sz1^~ zHh(5G2N#PAiWfeq#UCfN+uka>CQ1t_RmuLX?2>dWP)nO+j-1RYq6yaQs(6d}WOD^S@PemfNZy z%l_1ZAM6yS<^TQ14OH%1>IU0N_pD#AL$P|je~!-x8xL8GunNh?dYhac1(C}A%e#}C zH(Fa6J{SAI=={q%xXn8m`I+J{bp+M?MLDOhDS!1IbB^Cc{!}r)^Fn^)y(`OZ{2>;s z$bV$Eu|{}&-H|3jJW>3(dugcK8RKX#gSB$&7wtHNcfI7Ze#=nf9N3xU?+@(K|UFaeF+#C*%`+rGp2Pp85iOT1|{P+ zJ-vB?mu31$?wBw|b!4t(K{&#z1s<(^*w9ZwsbT5c zbF#~1xBh*}($c@|Hd9YfEm%;<--oM{o{fI3YWY3;W!FU>*&{roOpkpY`*NUfbyh6& z@m}Zl@6LGND@&CA^SWKpc=}8(2}6B~;==zdztv3s#2NIQ^tuKrq)I(c$-41 zAH5$oeZqJTJHK zOC?stiWl!@oPM6i9C(j2-iQbX=riRzOJU=gP{^Cc6+Jw0bJvyH_Cj z^umtIpXyZriK7VuwD(vPxcBbalYnkN8w_<$rQieRY{hUtOfLG+NFHt^#|(o}cW#QwkAhrgZ>XyNl@;XR3J7RS=14@q53 z4fJsP&NZ3x&|9v$zFgkQE)~RbG*NsSX(VvGp<$R%-&HpLDqxsR+XL>_4?uO>?Z?Yf zzX9>0i34cqwt2l~CZNnh2SQ>9{2qpf8x44&Ka+yCOMmaBFR;DQQlxvf9rMyu17l)h zvQQ;`v%@CRp=k0<%-qkp*^W5^TYNur+1Sh5DgoeA^&_E|kX`xoWPkomBVAzy1v88~ zE61$AG7AY`QQht@Up8R4%VjsW^4i*3;pcMb=gF)_xkCqFZK{LgWsKfv(iPS*7p zr`iX7QK>9wy(BBl^lAFnC})TfU=|hY?yjzw%fG%Qf@H-hd(6Tjmi#%?J^Fyv)XtAdMV@%AT%{4)l)#yRqy@ULg^5 zOruo|AFYuJ@oL)rVTkddr2dn2y)A0mvd}eywB|r|MN7-{wU*oUaWAK8@RS7pbcMJh z>ANHSW}C7ztUaJHQ2z0wT}BtPuU18-{gQdi`sMyKoUwS#C_N`9r_9c=5p4UzCr?r! zE4x=#mWn4Ojod#52Ew0a{(E_%#n|)S`j%PLKwRI>4ii!gFb10`{~1~ZN%wxC313ES zx+)K{{#KJCJ!ok?e)OmxE^4ax?=AsO*?RDisP_--1ylPk7XYK3js#+kc?$T0O&-jC zoNik2^%4xKKUmeqijHCtVPRzqFz1w4#w3S(0t#Y~l$)HMrr~t>Hy*&J%3y`=!4#y0 zXb=ihB{S=;UmHA=ZUAWoUD!1tvW8&_-d-_TT*(K`nQ`8eJ!|pD8iAuwVDD$pQuWaE z%$J$0Aqde7C?8vAbouk_z7?JC4}G`@@NN7WDyKxm#Pp1fBM>pgquqiA4Ilqj^5%cO zs#Yv)JJkc6A(P`9>!L+cTgfvwB83+y+L2UL3yt*Ue?eDN-EZn%58@FsE{>e_wZZjU#B&k zUnU@LccXQ)HPqO3w<@PM7JC;%#$}VLldCHotuaP9hjSVqe>(I2-8+b4Cu-l*M|TxY z52V}^Ngs#P(SLnzma233;Fhnh%!9&fDEgl^t6~&|+eD{NKV?7^#UrTZmW<)}_V3>s zaQ8ZFFGRRvq0MWG6<;g)YUa!JtkmIbGq)?q?SS5$`+cJfw9)L&oiy63b9ab zUH&pQt!JSDI0aZ%DEKDJ6ZgSf-tloJ(>`OY^9|Z^L^p0cfWnHuTPu1}4j(#Xg^x7y z^QTpv`GRC3pP%W_Cd;{AR@ZyFrGv5h;}T9zI=H+WF=q+Xk_;ZhrZjBRDBy7QK>T(* z`tIRT#99fz5fh2r+Rj3x+v&oEl(7pHnYvssr;`&Cgb+y{Tder^h@ST2HLu<~qUx$# zRhW}=0x~>=Io$8+hv@~h0W_3K8sbpbWr~}G_oo({-nnxJ>iIQ(JiDo$mC*O8!!(u6 zs&Iol_+7kF@_HB*Wi~K?*;-ST-m~VIzn1f&8?C|fxn@*~kz-+Ib4$heTUrg|tR|dG~iaXyY+4FTxhupNK%L14~)#C}^63x=t#T z%*snk<4dldxeL!kf(&SiSl?QcRe*+i@~uvjb2b!l9O`h-m=NJ_n7nv;valhzu&@w( z0e7WRj0da3`}lRivKx_(*yPehSDs6rdb2RovBMOOGO+wWKXY+j=);Fwg@oQUl1qoD ztnD2*)L(VN(;BB{|IBEuf7P>ZsL8zGbxduHTEfnL^4eulC$tSKFV79Vh-rElRXP~R zzSr#IcF%aI2lvBuRpYFSv$6T`4jnf%v>Dw5LACIh$2&eF?t*uL58cuBPz~~)&jh@G zYiGAz2#0 zi|*TJj1Iaasc4;cb@9SjSaRMLbRZD(ciP+>VUgf^1utWTnb9DanHcE5P;qx$<)v99 zpF^C@28%|zpkvc~V=?{5b(!iwN3j{SB1*=Hn1|57!Yd)@!i|3T@S)*22KpX{Pw)Bq z^%-VkCqzdpVio}0657vHlgAYVoVK0db4 z32`l|gs?jL=4ViR`~_d-iEdS}os%2(lt4G-DXC;K=8#S!P>aV9HOTSWzefRF!}I*zieYM0~DR`lBeIX!vv{{(5mFUXFZx)S{mFs5WDojPnV404)k*=+Ni>< z2nVUImvymvXbuIRvbMIu*A>_FEhHXyGZ=>PUFZj-VyM(H_2GII1h^z3{xmeIb4KDZ zV;_6V>IRxnPj~l+va-Hw3!3p-@cq(K3HYrf7!kwq{?^=d92x5G@G?ks07%0#*zUu$ zjUt#g2IVD3&Z9@4&X77j%s2(DiAH&Q6Jqif){By|Fvh~@bjdGXyqLHWp}ue7jwubp zo*o_|CI_J*SchuLQzM7m!-V(^yXOkA?m}k0ks&06g4^b0Jc5zqRvL#3UBt#_3-H`E z&rwV3{%|^CEr`6;2-(|l_|tvvmrotSq4SqMB`Gehi44QlFfleE;Rsn3%;~F>*F)rq zlT`Ajcr@y`}c=2H6vlf@j2`+ z9;x>6?z1)#H%wtcR&6zC z76g53>qHDWqNJ96#=V04NIreeb*SA0qxS;Kg((n7KY+N%@a5^7p!k?rd;e?qU2*Lw zVHkF}(xnn+1tv$zrY^y7C>wg^f9$?)^I3#3z7X9K0+H+(F13+=>F==?$4oTRtLi|r zboAXS&APt5x})R8b0%=Hfw3wAp1O#M(1>0SQ5M(k4=c&_L9PMs9h91ydZzM8GVCXP zasp?+Ip=%~^f%W=%6l5(TbN62NR`!PJDRn*)M`kHd9Po$E{WKa!0w)&IKp^Ah*FJl zEiM>?8M)UP8l=ajAY&v-8QC5FsTm@hP&7$_Kj2mWn3t22fEbQf)+OQF=Sb1z%LAsK zNH1b#wZS?Q{{_7r9LHFw*Vue{brn2-dl*h+*fnDY0U~qN26(z6)9)Dt;>Evfa)dEV zfQcHFS|C(dq7nPGHdZ>>tJXjUG4tf>`R3CYuXtQh@rwLZ?jQ?5`^aE4Gl2*UZmF@LPJIaGnEm0W1!p0 z+d}%l;ZS3+vN{Ogu+4!&e|qXE`X-dVS*Y*VmH6{zo~`6J*GaxF#^lqTt_QYNNjn7 z%H+<|h*l_3ze#cfrSc@`oT0kcJ~4+rA$sH7!&s!C*61QH8ADvw+8Z?8-*q50w4}%s zbDZsAZ$+_(X!x&16SwO~wMtdMwvIkGq)Pd(?Qhxl z{tbDV;0uxN^vq)!H|>ucJLVAB^#r#HvY>&wb9d@8dG=j;K{~G?d?gBthg|Tfsn?{X z@W+2y5KcuMc1j+a?wO$FabN9=j*gaH)P{jm{!!xjKO~q4h-*k%taa$n4WUGw(MOsLm@V46!10xwe9Y_5LV~QX6-o9N0S3LUlu6VuSRa%}oX*S0i zVfH1-grN(rHSiCO02aSShljP1osj4p?$A668Wq?(J)0rh)WYW&RID$11~&u4FSxL= zgb@4Ghrb4kW9uQd22Rf~&EgJSF)fZWQ>xYIC;GmohH|8G$(e=K|=F{`JN3}rMa0QZ(t8Xs#6tavo&A7 zSD!#GW4Uh#oY!r8_MCvM8kO!;5Yk`x4BL+(xTG6ByWNde!$kJ>49fTYh}WiO#yiMu zpyw_938yd`;Qjj`Qq`=fIm|T%SAl_Bp#^30$kd*akVlVB#5ZijL8jfGhFK#3762fU z!Ir$zgYze`k+B(NSNJDjOQFTZb2k;{MRT3Mc(DNq6BG8lABpu8mf8jPQD)*247n_V z5q#`81b@(yGsP`Xj1%d=okF-$2Mh2V`8nls5>#(V*oqJ>F-`3Zw8X}SI#S_AiExj! z%%jM#Fe*ex-8w<)nf54ka$lIJ)r1GwJl$bnIf6 zXUpr?PnCiOx5H7A3#V@Ld&RZ)q+k!}UF=#PoIyQ4H64Sq)uv&{d!f(l>+es&HH4(s zQ;75$-Hd{MV*=#6F1x$i!p76(�>2IdJeGL56Ujjc$%HoIcMpE;#e?(Nm-yM|BJu z_abMkzi(+}l>ks6>7Mq3GK)0ELHg)kT@jj_vDe(KV`ps28H>UG%8U$2BE?X$(EKjWC2as}LwW?kL2!-xVh^S!o{vjF zAQdywATXm2^~9uF-^+mr{T2Ff1oZJ6^f@T{Zv_xQf)_M^>2(R+CUyu4JPzyPe^1gb zc|O!1mR7Ioz!zfeJ$$$t7gZC!Dixm6sNdNg*_D5#$r?mx9LtyMU%He-blbdVe?>|0$0tHWkgsDm zJr-%3p5Qn(3u-F_VPnAF44Xt{XJ-S%N-FZEm1E*G9U4pF)5ZZ)j}^R&h_)ZuDj3K* zC{h`I4_-@k8f@K5a&@N1w&MpZf)oC-!=p%XZkRwCls+(I0 zvB%)hQ2oTplS^RWp(D8spzk)w0K$8XjE|=}*}d9`?}$f)o*+;LtINA?g=V%dU%s3)4#JqFx?q+y2?P<_2anMzCM(LzYcK#E zpjk9@i|QIL1^}YP;>L%h%(9A^Q zeHa8dYe*VDCy_kAbvK8~9IuhU5^*eQ*%WTS`k+5ZR*NXD91WC305q z2oE6QDS)uriT+*T*Wjk1PAzL*rq# zDb{u0&pmzf_ANPawEOO^VPD-eG&LI#(53*CQPuHTw!RMfAeLv(itgG~&21s`_~=ye z+_ZuxS_SBOx^l3=L~2W)qZ0FXD*%Nh#Lgm6vI5MKDc|v2Yjy}beBpxL>jtDN+b~f| zr)e@xH}N5XjS+OxWfPu27Z9g>3Gb@~hI~Mfhr3Gqp@B$3PqHcA-rf+LdD>pu3?Ql9 zd(M+KemQY_f-9OYdm)A+Ia>s+R3@$?L67vf9CzTgfCHRXwN#3u9%vv+I1sNPG9ej_ z?iLha6Bz(>yLOviMzUXz(J&&EsgEB%RE_jh_%}?BU=WHV#9LsIM1_P733!e^pu3aF zwEj^vxhPix^{85&8hyUhz2icQJv{w!SS*5gakIAU5Ph+IUHST{1dlwYBSBp$A>g;AacM3QA zw4WxEMLsCa6ciS6@$uP4M8PZ;!v3foJ!*F@Zfr>p%prXXCV~_UU#=MOyn7f~^X6a; zd4WCWqA?6!Br!?Tw01A1j=XTw%*d3_)y?idY?IgTirKLo%a(=cW;sRnTnxN_|D?wm zgb39bf+z{6V6#Qrs3<^WZsv*Zg&Eiq*wm6oe$W>U(B+`Z_%!PsO5Z9l{}ZBLoDu(_ zbS!_e{I9(H{D$T&1f15>t6!widZ^;p@NhMe1I4huZ7|C;z2usM%lGRJb)gK!fZF3O zJ;5E75aK6T)h=t<-Medh*+`a-Y7*5Yiu~2)&4&^A*W=FV_Kjivt((#;ZEBzULj;>L zG$tK~t3m#NqGu8%>q_On^kp8c;RS|-5yhITSFZ*O-*z2nrYx7Ah-O{RpF|RMAi(*< zVOv$v5%8jUu48WYV&+UzGn9F^NlNPK)UJ_wEM*(wHPyETAvE?WTBoWo<$EfoD;gHM zWnwasBtR~k)E2x);aIb+8m=fLtprjN;0}4%30j(ONJB`OJ-v zh%2Dad4^)JdGoGa+8D}^x3ZTw5#lC*%v3gR0Sf!)pUY>U%0xOpX>dC9EO8Y2aJfm@ zt;CNf2ClpU*)bp}<@Zl;*oZ<|N$8hIS=Sl}?ip=+=Y?#MNJBy4FBpfPaC6a-q|f)y zizBM44`9#;GJ=`BhKLqJb=OEv^u<-dA5yN%RInS2RY4KKwk-v=%KK(3FMvkQIuDL@H_5&eIZ)M@fJVQfgrNd=6v^ z$x!=B5eZ;oH4JaI&W*+^kQ$4G@OF$5Bgiu$=ZoB=gdarnCgtWw#vVC2BhF%*`-WX`Kvxsp)E;is8!k2`Et)8RRDnt-yB&oA=Dfh9j${XejNt(5KsW~D70*BsHCceVB`RD`M~mPZ9`CdA}}H{Uj_i=bj%oe zh%gdRo(Z&B>!H5bJur|AS7r+(IilH!@I=TO8gV7l{Wo>*Aa0QQ?0!5osRk44;ZL~* zQ%2+`zAS)aB2|;HUFNrlQA5}QEIR2F)he~94MF@UoDz4-@#jaaAIKY;Na_h-$oCGi;Dk>`E6u$LY-f&;= zAmXfeoCoe{OqytA&z0M=r`OSYI{eJ1FiY3=O4MR73xSWGT|C7Q^%qbms;7r-7aRxr zO$id#2rMox{_*1nQI^A*wjKWZzC^?nb8jQ@*PG4EI(P$`R=2jcj?(qbcv{RnnZYaH zjE;_GdshLK=q(*BEpc)p+Vm-tu$Wm2*7~A8Kbak`pA-LP#uSI zJpr&;^BUja_{SA1%4-RG9o_|Lk_E`*y8O8tl^N; z$=W4PRumwxu)eAko_(>eqKv&WMU9fEn^EBqZ;-^d1MENNz%=8Qlb` zfi4q2PkCaBGV0*9$YuS5-FMJl%_5a6xncj;Hosca^zHT*y90ow;AZ`8Ix+Rtby*$; zdNhA~`v^9>iiqU(&0)NDYAL__QIeO&roDcFsjn1+MKg%eB}L5PQ4b^QKNa`-CHy*Z zQ=~u!`Q$iQ5l_fSyA8izYinl)#9$O}t}j=WPrySp@w;oqQ=IlTUb(_Tw%rXHk3zwV zIG#OwMl}&>z&!9{mHWpdU{uv;a~BaQKm%~IqoZTta0y>vIqR2fyC$9fSF|0ErR~H1 zf|JPSXh{rH9i7v<;}6Q;Y|J7RtSOY>P%Abbkk`0eC@Uw|k5<OFB|Y=aXeZQbM{Yojk9mLvSD&)0B_gjI-f=Q4$ZkFovOBxqAK`9q{oo-EfaBxc=*s_ z>B$!Spt@SS!Q^7(QQ;uqrS=P>F~Kkz(G*c1ry$yz4}@iW6hc1?0QBSt+!ZgfTIi0~ zCjyG7sd1MMBa=c@5(^j4qcn~_>&l#&0}q!A>M}3K?;-`1mKGy8Q>pg+?NCLIC8Z4D z-g>Jx6R%=T2rO!9H6*e{FsKI5n+TX@oO;VjipQus-379QON4SB189Y^l@hgMZ}B4} zJLSb|N1L%CvbsNG_> z%z692xd20Op^;FW$p7_OjzrD4hkZzs^ZaZsrzh9t5DnnIa9Sy985;zLT2rRHu&saYFz^2^pov+(1}I6a7#VPxgRu zpwl$o*`uJz32pO$xrN$HE5}G;?SnA9U+}pyD@x$3ha8(p;L2D?&oSfeop; zYhFPpCPO)ZKN+sBfqRPV6y-&h7$qAkT%;yAK7uN;L*~a{1lG3BH87IKm7+0@^eo`$ zLG9}U^-azWu?K_SzCCX+bx$t2?|$4Y6$1zkWH!)HrKM1!sk2XnNU9~{HHJh1DZlA} zIm!kvN{Tz5>olD71PrbnC$VG4r-WzX!5XKxncYFDBB$PFkm>31%@S0 zZY6-aGtNp$07CUhtvD_^BQ!L0WyE%Y6KMtVK%Mn@Qf%(MVnPPYzvI)6?ADs@fGuSc zg$BYNhD$NL0D_+B9J%V2-%BMgtO7l z(Bj{5O2v)`*mD|>M(n9(3>E!e_{+Dv1JHvl-7Hb@T7nO}?P-Hj znQ}46Z%ypY6zuR`saqktcklL>pG0(I8?kzzug_ZQWuBPl2#|3jW`#)JkF<&;k!~f_K8|q*g3%`Ho9Ps=i3m zV72Qo&x#>=XQQa7ItK94V$+IgzN-v2^N4z((8}8pY&dlf=yh;POjVT@7MO3G)>!NZ zh7;o4m5;JFBLOBCl^RiCxs5j{GSYtZJmO>EvzrqcUK-9!*K*C+l)lWImnWt|5lSgD zy%J}?SK@PGgyDVNHCEy~c4X#h0&&8aW1%wY1`P!EvDC^`3}RllZXNIMR>LLWIR5!c zMi^I@;8C?-L7~HjXLMvcMJYB-?Y-2ZSo_xiPHm0fw80Gno|4L<@#?}% z-(}9aa3S~W(?Cl|FIK)IG}B#y2{v3R=ugQ%2HA@0z|HET03GUcQiW(#Z>~_)WHtLr zm8p(b{<>p_-Avx*WxcAduBOV?0K^yJTy~^BxC`Y#{qKxppSHoKAhw~Mk9uBYYAa_t zdGey0n_HYxVMN3_+6yw#(`Nln@j01hV+3pBy|V;IK@676dcgejX+M!$8Z#4$wrf|c zIJxxbU~BGiprTZ!e2CgTqHY4;2z6-Dne?L`B6G7=i#HxReAqzaQZraYv1#L~>fA-A zSG?BYNy)MqL>^5PD5$^B^89u@1}4@+i}j=MnuKcs-!}>z&@j26+8BLln-YJFcNBZi zowcb z!{?MYrik@ANIdo%7bqK}<;o}vd`0#EI^NDK8uhv96AW^MuJ~!YhPu)Ry8XVEC<^bK z>c%=Jy7t6Pjg^)9@f^2xrH4D@mG#O%0e-85L|T1UbKpo25Ab8!@5mo*`3=2n2+M6C z@BWEi;FdVxX3gkF{+%e*ZaO=pN}X~~8Ck_acDGNSivT4}Zy)q*c_4ELdn<(z+2+@t z>SoCvd{1elnoEa^=WxDQkHc!1bM7fzvnxPa0!U=G!_?}5mI>YkNl~aj%)WtoOQ%zC z_mqn_VrP-Xfi5PkXY-)^zzKHf@HS`d7%)O1PBVTJcR0OrbBxa zHc75kpVJ9kIe5XvMY70@#H0@E%lvCX?$nX#et>3&=R)q>Bq=PwQ^GG`-FLS>V3w%Bqk*QM;#sp+t4Z-k zw9<9I*EO$Ry;8gGdnUa};6R0^@Q7kpnmgP0*KCP_J9Az4w z-ypVSODWY?>%G$0NbrnZ+0CU^7yIiqP!N&Mx_kF7+`T>51*`H>HnBAXWhe3V&!6W! z5nF?}PuLo$(q;sjDs)j;~YRPca%!KbP|8|C>N z)PvreP~iuXkMk0baDmQyB~J^90x1Q=ep@1lK!lre%r@+c9x5q7qDci0n);wng~Y0@ z`i>+s4lamHmXh`Qoui#B4p)zNBAUtwg#2cVrXpH+)n7zsS$LDB=N& zux92725YqL5EBd09WyBMxRR4eOdg?5rC=*vaqTod%NvBJPY-h0f zju$XW)-q_2HeTA{{_G>psB3?6HUkB4ZB&5>JAtN}z-5pUii~GJ@RCe^1w1N@k{;qD zBJc#m56AFvf-ikkywsm>3%<;w{%pz{hU|kpkIYfuu$Xh#n(V+cO#`Wg)NPngbmc$F z0|+MNMp9Bk4R;f=NJ1w@`d)*N7FG}$Vl#N~*3!hZK)2)Ac_gFPEL|!6{cf`!o}N;u zhY+$LYRbyNbEqwuyFT;{!aRkZHH3kLn@5Nd1W;bIaA7YgOM?S*UbXP~e{t9&f!*m5 z?C#nifE7I)3pz^^u(V{VZ=+jJPKnO!UKNxN$OIpzd=Hy2pF4{z$WkCllBAnFi;hlG zNUOasV-F&dK$y*yz4(bu$h{0k5R%g;3Kz1m87*ofhLo~HX zmX~-p62c+jz}g?xH}fPQCaK#ne>BxLj{AzHQ~_knK&2m*DMIBWvyPyBWy`tK#QBpH zJ>^=huAmqk9I^p|#Ir41mr(otI&p8H78n+L6_QFOjy5m`%_*#b6wWB}JI_qL2>Y$- z?599)P<}u99JN=g8;5BeB*78gy7fpgCUvj;NGl^O4NM~Q9`Fbd9*Lu9z=&0i+&XuqT4U!T@Vi-QP#MPg3f)Pn-QHA3u-!mSI7F^S6&YGuTX0 zlbP!7S>U5Vd07v70Q*)n5K5JqOLF1J0b!^9Wt!PA+lC>k~%3XdBj(AVNUNj0UC?dNNzV z!CSuXr=owUD`xhJSgTvEdV28SL1K~t>tpK(#5^`OrhMBI0`nZ8rvkc@!~_Dg81Yd^G?M8BRUrB97@v&5f&ZcEFO31=W()kjI#qp0)+kh~x?w-z-L|L8z4Dr1260 zf|zlm#Y`viAs#MfIBgDtKW&n_btrRbMc*|=roA?SJAg8h4x*yGi$f{6nIgc4v9GDR z5hZXBx9nmHF~GU zM%3etL|&QwK)H~@^$ki*F&s7~QuQpO$a+Sx*CHY!R8WltunYh>CFieAw%0NdF%p>p z+vA}S3c!v83)uBD7f)wiOu!5To;zwvmRPDc*t(YM-*ZMULe0FKC8+DPu(qZCW&vv_ z5pW6bYA46ut_473Wn_pJK1dSJU_%H3Z1d*EV#;6(s%I$AeE9S!xt`+^7a3N7`5{to z`f;aG>5&%cHyGO{;F7&v)XYfgV&e8ziiuSAb1g6ppwVxIrz5;+GAj%U9jJ+Xz-AK> z1iN!Lr-pB6WW+;QmbEkn&uep3QW7)q`vq2*v!PmT++J{?2}LMfRrx z;mr}$jY8Agwr^i6yAs7>ab6VQoc4fSa6zOEinjBFh;PX9JTtg*6eV|GI{{mNUw1lf z1e!!<-gI;|^q`;+YUX8tfLAZOA@0B>5)-4OZQ@F&ka0N(Rpa5%B~^RfK+*uinmv=! z<+vR%%kK8MvmYM`qW0gFg)QIIJqsSbzTvla3GEaS@aN))*ep(`eOn%d@BoE0Fe|eD z+)-yZ0R3HlitO`31OIYQNfD34X}0D^j@+&mcRqhU@xn;M`)>!Pqx`E&u|Ix<5=g5Q z-0wE31xy#gACPT_qk3(C(=bQc{dItWw(U^Raz5#!xSYydEkHju^_muG%EJ_gN3Jkg zn{}?RKGq}3IIYd=^1&_Mp+iCH5(na$u(m42zc^KhQTraHG^JUE6rd{;Ot#DC^Go{ObQ&5C@eeZYvHV(=q&` zOo*U&?^7R!iPX@6;-mm@MnMX7SZWi1w*^t>VRrV#;AzLUyv*wBgNT4pG?mE$<(QW_ z@rlgSCd@%(zru;zg(MIrZWb2ieR_nAjSZgq<>v6qN_L%Y$r=#7^pDytA)#w%XlQ=& zMV#)sb*VH=NZj;0Ff_E`OQ|D%;rh@LW4|+>BN9nh0lufRHWAPsj?QMNy-<(qK>r({ zlQ2R$7(xtg9U+X8iG?^RFPhJyi3X$u(y)|-1REy4PV{G$G2(rp#2>p4zQ3QZTg*ao zUNYDUU@?7yA8fkTXzDrO7=$(cmrOlA!*?2Q{ij=^4BUG#(|zazA&e1BaY|h66lx>y z4b}*$u0bM}2Dc87yBsJsOjfe`!JfMJIkj_DHxO@PI}dZ^Y)DJp&A$^mv|uY5(+3FXqnE zfj81X)~Ud$Cbx|)^nJ;GZxVmN^pl$d0>KfTCU;9udA2FEFJX5eSeQ0UK*SECfyb7yZ?;$nC7b?u z5;tQy$Y&5KsQeAQZ1lJ^>R`yc@8GqOGPK?T22yIPu?|ObTe6x!ZFYN!A&`cz)+l-+ zIa+{1GS4bbu|qJ0;uGAj-hV>`rw7^=U~+1KCypL54TSy!ajH)kFD(*_@$SiBzfnk_ zj8aOX+SMmmU=f6S0A$d|kV*aKunQIotR`zjZY7>!$5CGai`WQ+f|l&i{QUf3-ZdbN zxaOmj4_B5f-(Y|lzocCP0ZKZ@(Au?Y`++fr#;QFX8cC%f_Rm9-6&w__DX2{MdnHH6 z<{pHDBWe}-GP+25D0|4*Is`(;k$;kp>ewN#YMIIecyKAMOaqYbeIXJz%E&ZOsdngY zBqWWlE={Br7)N{^sq|)5vX1Ck5*=u`@9dQ*c;$*Z9f*LxR|Px=;f;%c+w_QA$V8Tw zq?+dDe-z{R#^jH|gbq)}0B$!d^2jYHCqTO-62p6ohIhcc@xM zS=zk}JMWnRK!Fc!Jh&f;=pfN)`o7+%ySrNmkBz{gzTXQxh_#Y^t=Hry-&c;T?}Q1W z77(b9kb?+maR8-x5+V&2{5nRXvx444vP1yK4BUkDyg3{uQb+&_Ksr?5_mW24c7kfrTv5XP$~pWEzqw9Uk$+0g3kElyB~9s(fBys2^R`gOvDMQPDh zuZs;azp_Hpnl1e@YyXXqW(7pcG2X#+!bnMloJTNIgAx@J6n38Jy37NZz#7n>b|W#F zG|H`9Cy#(2U11h5w0{)LZ^uT8K7gs@ETjJDDUce-puz+kBpx0fQun1)%@Fq6>w2ks zAwW5gzjSN8vucZ-L~r|Z4L;PNc_@7SYszT_ZFRy53=8+6>5 zA9q*kPG^%*U!>Of^5sk7nF-&X5Q%|5gYS*BBalY3jZ?BwC4COKTmCyWD1tQ9yH6}~ z2$Q=F(AKOER7>jE7%3luYCsxtxzJSsIQ!4^HEaMWStBTg#kK*B0%fvry5~g@K2ZW9 zeYPCz>{{?M6fLc2%>P2MUlop}ij@9cqfkoWUL_QY4pvS+>0T6~ZRX~h@_*$dFlM~J zq#B$&$zmBqnb&mVU0a=z;Ugn4`X@6>lN}YtX`kv-^>_aYJM%a=_%id`Kz(LfM!4ai zXjo5(+}3Mp*SDv={qXAJ-eQH@tKKf%xnRND5jS~$`91yLJ-(g0vG-$tfx@w46S!Es z$vZD%kGI`8`AM+Hj5zh|JNNFDfP`iJ(<@UMl$g%$?i*=o5-1Y#p-EG21N(d+rYqO3 z^}%+WhS_3fA%N0fDj>fO=oKr=(MLO9cVE!h`~6VeUO!$b4*1)f$KnrqdC6l)?8y~Q z=-WJuiX5+f{9t9y$cR(;!i;cHgfn5sG&OznX!dlQvCN^eO`A5^J1tXJSC8Adr^;)n z41m(Ykl%&MxjwThxYMpbkM9PkK||K-&xZ9LKgX6@-8@D)uhOKlb!GoIMN4 zNPz@h5jdQ1j}FJdmx*2B``x8sZyo?Za`FUaU?(c0cFh@!0iwJCaI=z|n>|?VCc;hY zSWZBHF)NouMnqJ_YYIdtc=KQBb1x0EN3_evqI~sd$OR;F5g?|vGtuvPX}s-XXHU;f zoC3`M{0b`GTNIYb(jmQyz~jOzUPbfHYxbCiRI^f8H9_|I*REY#!Nao{?>I4W>0N2* z+xB*TWEGOKXHZNy4_fZJJ?B_(NYN6esH8McFU8nePci@7DJtSS!17X^N!$QfuS;$` z;pxU?+(eidwoWi++xOHIpqJ(dHdZX0cb%0}Vs8yikM>@s!{a(q@*l0at6-82p=s@Y zaPUps+<7cdz-yBpmqXLs->(Ge%U$6sD75t!#g~RRV(R=h&ldneZ-Zx3k#xaE-$6S5 zz{9w!HTB>Gh-jGQVZ8N~XS*^*qh(a!BPC6;zgn3{dH>EngqSR*#SWo+7&tuEL9Z>G zLG${GWIptpH>h;RIp^jnx&}W3C%BPnt7ndx1iMH*Wugh_wSr_`K(d##6_wxMHb&a`k?>RQGYb`7+PU59N8xhc=P;P>>WR5VMefe_7pO0WjShQx`pB6E$|Gjc9 zeKqe-T0DSp;_)jXVZaBAH074WnIb-`-$e!cTZ8&tWO3rll4g=z1CG1jcvv!6Hm^=@ z>Zs?(+$|k1&DmUJBPBcP-2Jmof_G5ka`fm@5`urac*CdC-m@^Q3lq45o?j&3z$4?B zYQ+^dLIy(~JZ}wRV`Y7YnEmI-$N|{8a2Lm9oy4UgJCB#f=_LLH*6Q~ZlhM#c{>8EhEY#?1|A?P zpzk#mW^N!E?}XdB1WP~cjkQu%n|~Wp2Y+<|1ZNOICmCjPkfZM4Aa-G>-5`~mmA zOFPL`l2|PdM6%BdIr9QQ>)gA~ECqbRH_(N9bpO#Kc5?qYrt7~A4&DPd`3w3*MNK`K zl01mr}`#$yB37GPfYR0>Luz<;K0Upq$4qYg|O!~LQs@)SR4z6S>fWs$FBX? z)iPWxnitdr&$^PA*B7=?Y4zbGa6Sw#A}a%2_xjKED!MShi%h$p^T<$BIvdh`8`Dyw z5AZuLL8`Of+JLv<25&l5#)6Fn>DwFB9BvVwgvXV})i@FNMVzDdIJ82&9fjSuHfdrjodG&f7L(#oI|U!^(;=7G`C*8o(Fp^NEcJ_}Q$ zDKdRjT@QK>JV;K}cSeITCu9*8YRw4N!5QuX_7c>Bn|F#%rR-?mavUtF2QVqVz8vXU z7lCw6O!j{LI{)#}GukJW(3I49pF=yK*?_MGzMliDW0%WBR7QC2{rCh zpnrU*tW+^D;6Z@@<;Rch$!0|!mkXyEOt&BHg?x%Lf;V{o<5jv4!wGxA4 z{op~R`zJC3RtX3!_g6kXRM>^?xfQEcZTb}MtT_wHyx_)-^O3X4T?NP`;TsqZZ|)9 z-YSRs=)?!Wbu9?qp4ZRI+yaJv-2v<-_wKyc6`R4 z!^69#hpJG;ebJn2$MC%58Rj%=gIlp7sQR(0FwqbE8u8LR-D2;pA|lsNc{eDI z`mcM|JU`^t=DT&XUkbi0aE+dNd%+pKC1z76kHpt@!qiGo|H1IOn=q42+dtSWL+E(D z%1BL(16)DdpI7ZTwO79c(7fF^X9Zy7M>3B5$j8E5f5Y(-asAo}fK;3!x${6Wkw)8` z5T~or+lb}Au=(h#yMl?;F^YrW{r)7H5)}v`cA_%+yl6Fzx?k5FNlDXNZ9)VWKDc=O zQ>S$&r~B#aaGs?S#B#AF>-IXmv&u*H^&}F=8m+2iB;AjbdX1xSuZXnaFYLq`{T^`W zcTJz#xX~s;E$$k~ss@7N_l{r+dCbuhIy}bMLi95Ic$H}^=7TEaVZre+WM&JHA+idN zmmqAJk0j^k&!4YQgZ|iDTH}1|(E1K=1mZf(5PeOL_L=|Gx@?ZdCvgp!pwcgb-*^#o zlXHvijj-yj5GJ?_YMajE^nHcLdJDAM#;FCJ)Lr=QppMQz$nkCxVz5DJil?S2=I8cQ zgvP|izB?I?m@mn!m>>KV|JP2=3$nnD6a=W?H^_8$a{BrES0&%RR?L3aJTdi;;h_Qd z5zHftDORZ~g@?9?-Y+Yg_twwOvI0wnCTZ4Sri?@D*8Lt@M%LEbh;}>356|CE>k6nJ z{El_1$PmSM`Z3$Y0CR2P4DlG(-y9Fojmbg=U{F@0Q6JWH30qz2~I0 z?cRssw83k`%Pfo@W=ph1ZGl`~9;Yo}jgYTr7jAO3m2JeOEp| zkcx^rC0#RO&s7lrI1uprq^Ivj$ov4^6r)NGMv`FiLi&SsdVGkD1&Q$~aCUlIvc<7K zortke)(`|6YeTQ>>36r!=o`9&qk0~ARNsOT5KK8xlu)*?5L&l>JsLT$0+R1rP}a;9 z+wV2u;A@zy3|9vjHAhV*?pZ?cl=pr#7LFyP=c#4(>9xdhzyTUk44qzc8aR6E6w`k!}4P9X$k*Xq4c#%Z8wSdHA&(j%&CL zb?_daOv>9uyKg5jw+5@hMwV|KCB%Efy3dd>K8LuP{TfT;F(0@zb95c{Hl=TIXfL>f zhrLVP+~S*`FNbS-7tI?i&$a?-UwC)T4ia;$)7D{Ly7l+|lvGD0@mWvwn8KO6&m8jd> zQLKOx0``vFYMgep765;%VF+#O`(K7&yYU2ljnQH2-sA7yVGEHaMMc?$IDjKb}p zz`$$hC24GGGWh*7_rOy{w5lG@S36X<5yyp$8wBI46WM5*>&1UZ?b|nUY}`;kB{F}- zdyv`FgO=VeWBFj=?U6joC)Mrk(Q_qYJ@55Fia?T0jlx(DoRDAj*mC(zo%O*(3zOm1rt9_q9=vCFv04p$*%%Ek?C; z&$%yGs->NB*8yMMhc=SeXA0NY`XU8|H{VPVX|R&ic_FuNU%_inaCppDxCqF5T=Jng znA7^{#=zEIq3(Yjt?O!=_M?Sk)BgQ!C*{C{E&$W+653si;>@1kxOtO@Vw)OZnyLb{ z>U}AWJQm(!L*VU%$b95CsHC2BbPND4(UK>3sO~fPpr1GNrsyP|LsDl{r>v#50#3^p z|2#h-g~JWCKY=*Y_$%?$S~&E#VBFWkUKm3l}7K1)M57Vt?pgU&(_3itfx}g*O8SR&gZUmg2coy=RGdsFE=L zS1Mq}<1u6`maqnb-AWn^k3U!_S+mHrYE(VMFVpCTm^tb}h;k7JKL3EMtpMYZ`1+j3}S3OR9 zv1$HORy$xBf${ICmtVOuliy$YdNHP@TtZ9J7sO@#gDbS<*7Eb;L)F|G71K^F8huUn zZloLq7_az~$&@nGKd$5fOOk`{TRg515seA3wa=ku__m>;q5FCsAU6_w$WL~!g3~hU z$-yO?K$Y??$lN@Un;sv%h4ugvq`(5cfhS*DAGO~-t2%3~xTzn^GE$INU!o>AG`g~eJq;f^mst%ex_0ig=_q}&NSmp{^fZfiL)zm5TR1-EoDPB%|jPt*~Y2@VRzXiP& zJG#T|sL~38#h|4MR$Wk1vW`0R9lwbzh&5U7E)K7>b7lQ~JigGDEiuoY%}3;e17tty zxEM!O5)l~-3!k)|A}CI_F7)Si=L-!%uU&!|{^$6(3OaJGd+Wbkq`mq9dq6UiF6 z#`i$4jd`=YZsd};>Y>QRL*jfT)9Qa?n=zHTyDOL*7kaLuWo0kST`F;NsncPmzD*0* zr1Mz77iO*CaoMtQ>Mi&|FHq%Sd4-;kE1{-tWhMKcjlBsINJ8(&#_ijelD6Vr9_C$&78e6w4)6U1DTnFOa%bYrs+4bei6_EEx z>s{hmi^c6`|7f3mGhK0OcsB5lt4oMnF;7YSKpn-WwZ&<%>*E8gk9C&i9$?-1t6iAB z*2U4toNv|2rrTS68v(>hDnKub?|;$t9`IQA`~Ubwl9VVkjI29}jATVJDwR=oA)}(~ z8H$oZDHVl?BuX|#_9$&6BO`m0O;!m1=eu*CbAIQ0&cDYQJ?^`4U7yc;yk5`snz`P@ zj@<%T&09Qkl=K1u0xxnIp!&h9VPjx8_UCY`-SP*j>XYANP=;TIZ~FQ3XHw!HsLo*2 zf$OU3=^;`*<_xVD{^zCZ?{DZwM<=^J*5nsoN860v@kg7u1()cGgnELqQkB#bx30}+ zUQb2*kYtTg=+>=Mfve_@=Yf%XDAx`gpux!nc2QGP(;NCLj~w*P-Y9TjEvo`(q(8jl z&nD7pz84C>{){6KB0+2f1@b4HIN^_Dhwhr@*i2elnxnh>jpSq@ z7W#uiv*G{xunAH31aotuy$g8O#}>;@iRk#JjJF*X`*HL@)P0lm8!AsraP^GC(9n%^ zhzIrZu&<@G9ju7ePma+~u7>Lndqr1IFD4^n12!m*KfGe-&2DIyn!fwTBb-C&R%8;0 zV&ajU`#N$_otNdLm;o2VQSriwF;PAfzdkUK5t0h-TfB&}i(5dByhv+sGlWq2$$#H6 z_`i|s37eJ^xha1_~qsls@f+%&!Dh zm7UL4twV8|0)Q1dfN>0^{o@$QS`GK3Jh@=}U6+_f0T!ZyX-+s^yB?<_AY%N-$ldSX zkLmITDy8j;wKtjkX1E-sxo>#Do8&StXu_v78Qc?=2byZqf0Sf6s; zKZ+-R;^pa;czw3DkX8NbM^frjJ*V_AZsi1Ob87D6)Z!~Aee72Ij2@`n0bgY|sf`BC zlMMk(!x5%9C6Tb^e4D=?24@6$UY9R}R$hzKi{O`lZT*0Mrxsud{p$xW_m6}AvQ)7k z&7IRH4!OE3g(&ft@f`o`&EL~Hv~m9B^{*zmVM^}2gCS@Vd?1PVp3naG?~eKkym}W% zDkFEFe?13(|G_^GqUxr1)oSWdSAV<&0ZJ@R1da^a!M^MR39T*N=bw+u;fwsQA5q}~ zl+zlYi+1Zer3aGl-V;j^um~zm-rt+bYAb!HwfKBb$KSuX)?77?EGom)je?|(;){` z7RMbGKEIX~)YQMm_ukuPEtr>c`m=Gu22JOpwQ*J!0+soGw<1HUHd@69ecPYToW$Il zRZ8*GUKf{1EqI)jWA8|3Pd{B4<=pwzPS;zGuJa6~-zo@>?N5)3LoK1sI)Rh3Vo>L) zlBVrs^hDxHqlpY)Q|ZquU>Xb$Hqq1$BQjhc0qE$6FSf|N6yU& z2npFp{IEZ=%}t9brr~DLe&3TjZk*^pxY@4#eQ?tWv!d+$lG*&2*}EGq{PUSZ*lO?S z?2MSX9k>wy!lxGCQ`%xrSZA?`h=`=TIz&FUD*4!)>;L}PhIdt-Qc(!x|52XD`p^Nz zs(>rLEk+`}CK38~*eIdN|*bN@i{f=3+smHDYLaaS>+qy=S&grUR2MrE8UaEskrIj%aXbLg*t{JX_g3wV^`g2TgkKfEC{$z zA>ki~TkP5H#ckwi7TUJVt^%&*-%^@9&7h@%2A`#I8Haa)8d`rR;DU^+^2i=L1cnDH|;tFR>m^)^y6E zx4J0JB-XY`v0G{C`r8ry*VI8boj><{98%BHG3BCk4-QF|tJ~>Fzc=wT*ni5^g?h|R za`^9c^p7w1@Bh_0#7`Y-;+w!+t>`qtze7Xl({zQEz!8y5`*#&VFQr#~n6RMp_{{jV zb(upcsp)dYk%_(2E5F!0h)k+7@r=$tH5-x6u=0n-%I0Qk z*S{Yz*@XY`Lsm?SDcNUK|7hO1=)#-6cSLOu^K$EWerv1w=b{*I z&&xwJN;EWzzH5V?>PPnJxl4c0Wu470w-L1wm@;v1s(sm{_P_p`ow^1Fs{y1_g35aV zdq|D0chv_#nvjx0Ae^M6BwVOwU{nE=nuK8?>ZU%AC@^c4@R%>&`IkfGE9*%8?bHpg zH4f=HvHn)MXu#o^E+@RyNHKR_8KSzahkj3w^B%-pPGz}mHXc+>m7-A!S{j)4KskYW zfx>iPeO?o9kF{Emj+XBiqm_q6%9T#(ZMl^!@wwpv)fI`6l=I%fQ7bNSoa{_?I}{!u zdWo|YKfCd|X@#5f!J_!*#cw=~l1BggjotG@HZ<`yQB#1dUx#4#d+wpyhtP;X%uGQB zLzSh(wEa1B1pq|`OpWM-@S?Sbm{+d9X5zcW??c6d3_fP7g3Oc#vo&hX4;e1Ud5_M{ zZ(jNRs=|uV=hsFg^}e#wuf%r?p(o>-xWklAZNH&z)#jPf)amZ`R>s@piSUPcp@Inw z?X|aF^;Ri)bJK4;-g*3UkLG7qO~vaA`HUsQ<4*qPM|h@V`lcoHsfvYl-Tyul{=Ebe zf=eqZJ|H1Lr~Qj*JJJ8f|Uv zQwsZ<2JRp+F%bb#QZ@@fQ=xT1nD{EF&FJXpyl>n%v}TqR)=e9HF0>~7m$Y#hPJ!0_SOkzm{Jd>NrgAp4EUqaP94cU$n_#!Z{}(B7cQeGe!JoV`C( zsGI-;vb7xKMA1rxg!rNWFPhqmA1g zcrSWB4>h#8JW$~L#8K<*8O`GZi|O3DH{ROx;V@h5oRK|nd3sJVCrOT?OE3F=Q(Sj< zZuGcLQz?HTeR*6+FK^t=P3`f&uLr<9 z+ME8d{;1nG?}U&0c<{AR;4op=m|*t9OR#iYfOL!-lq7{|8=930K2|6gB} zv;a_9(Uzy3%)5rzJv3W}wM23jH+Tc`)jPDUj9mL}gQ%ybAcp4MlL7|F;Z8wwr~TPD zQMU_tK3M_;R7Glor34$6c^4$U-!m-MpzjAl5AeMj@_nymL#2ZUS3>KhWnf@c=O!d1 zw4R+EjWZn@d&4X{-q^bxNTVUhCB#gBYX5w>3b)R;D=&dP-Z-+`ZTN)xL-Dw_X*|;t z`RA>QhUE9|B|Itc72oUEdBw$RV!MM~{bOB|^Gw?x(I!itRpSkMDY+`f#ZwU+e%sfr zs&TOc6$1zT>DP-NTvQr=bnEn`^HxGq+c>YP#HYF!)bslDW=PD1PYiw9+*!w-eo)@O zWNQpgTiUu-J5IO%-tx?ikR?l`>IwpSc-9MXbCzCCLa4A&wt5m%ny%mkf(&>B1 zKXLO~r=wm(kmyy^AC37!Dk7%Ew^569;g3HE9d+XZ%#tUvxMZW!N~GY333~MVT<;j{ z7iVBSK#!SYt&l)<+Lh95Sl6QCW*+-j-WNf;td+e3IYI8ZbV|&N5$)mJ$}9(P+3K|( z^p|njy?%MD_AZn_2 zKrVUzoPZ$CS5k)CUvp)it+=LLDxh@exW4{%sA#ObU^`IZnSE@<8uCvqKt7a#glt3r zkr30t^(YJ90*Aeg$c~h_f@Uiua49~mmdKA%jv<{lm=&I|a`HsLw?WdOru1yS)^`Ak z?egUXbfxdXd^R7WV>(Pi|`e!3wGnCcr)asW`USOQ@ zewvfiXm``2S|HST$B*%z>N=Tl*R9tCBo;Oc+v&CF4}ba18QnfXtz7V{p51MgVS2t? zd(5Ab{NELe>jqc?LSVnXe!UCHoo^vy3`8O=%f^k!|6$&|?^5m^&qgsV7R0X8$7x$- z3D$yEfejGHrltUkzSTE2>-jnyRms;617l^Nu7ajQ!sa!Uh9rA$2^#avt7l zKkz(y)OEtH_L$ueqn&8Gb^dEb#X$g>Pn$6-gBOYFJ+4N0xR6D)AiAeS3JN@+WY$`G zW@z$2m2w2kY6-C9j$}8pwT>db0ZW!BHUI&Bv2Sl}!GYZ6H`;|)7S^i&*teN7$WV|&`;TJx-wV)R_9o8k!{5Nu`l<83!znZY z8N&(+ge9$JRhOaiBlx<6DBTtQb3`?S>qvDHNlfcN9FN1_q*@M`?io;rV`th5FV_49 z1Ncl#*O=`NEsQyzz&$vPG)exzv}$jlHu!o@0KU7Shao3P;z=DT+7G`4T2Rmxw)M|e3XO#DaqAI*aN?x85N?}PtJ_39KSC8@yGzG!t zp!D5uW;S_E2DC2iBoSSCwnH+rvV87!hIYIYa-w(G2%T_ZxN)T_G0{AWi<8Wc0%ZzQ6E>no8W1tX3m0T4 z5^Qdj6%~GseS?|LDNr^5TWc)6aFNp4=x= zt1H~tB!~cqtShtGKkO64n(q(6l1g z^d=Urhffi(Y~01MrLIu70#pp@bCu;pZoyD%F$53jQE4Zig9`3U&1n<2EU;&XwgKQJ zdtYUAAhKQ~Y~!=RrLQOBkmKH58rc{B{5h|rBA+>w&vmgs_&0#36r)lxBp}PGeA~wX79|l!V;gWyq_# za7nK8rrj?Lx(HnVz4H}yfTeQ17G={+U*Cm#{uJ`P!sXoUpEB-v|MBB#q++S)eFajD zlprQ3La{^4u(~%Re63Up)atXL2~=qKBZxfeB_wh_BU2voHQ&BLfO!`&Hw;7|1;(Yx zY&m5I;9jlSkk|%021k+@H7T^MucLC;=7f#(O&}Q=S^V7nehUut}CXb&y zc^en95-2KgHt5=uW^;ilA68Yp2627K!uyEXM7(g+%GhGu;PtBk)C?6nvadfC6(mP# z`L(T5aOA`R+Jqv`&W?%xh1QJo41#KdR}{W+G`{ZRo2u>$+_;UN*X`V+lEUES4CQoN zhXKE_AlGCjhnYy~H|H&8AFTTy<<{!jb(8Dh5~I(AM}`ldQ-W zKl%Nn$;$KzTEH1L0q0w7b2_L+wMk$b(7b{0JNOTN2K6m;u`o%kRALgt9EE@d8r>_E z7$WtoV-kq;T_qpd5)diXm+P!upO!4+5-CLD4lV0BgtHSt9f}wp(8{>tsWlg?N zj{|wHXaBl@BX}ITQ+ArH%a;kU?TecRM~zbaH>Kpd(}?;+kYNcD_SlEdKx%8^F|ZBM zk5m*)MWBXAo`7;#pB{9vz=@z#*jl_eV+0?TgojrOk7)XY80?U{f9)d}AmTD9Nv1{` zdLB>am+u4w5U*X@d&3ha=!#6*Q-c0luXPTT;thcN5h?lmAa4BfXwSEf{uGn+PiRpc z5wz$ZdrF|Opmig zSl1UhCt>_--R>o=B`YhZBQQ<< z-6$bM{^N(MBVb>sVZ!>LCbxOvg;2y3Irbn8(Cbdqwj#9qF78dWN%*s_p)r#o?D1-5 z{>`>Un>9!&98RT$jeFfDqVcR6u3N?%M*!ccR|NfrK_0Vx-n}a(%$DQL_(5l@(ht$jf8F zx{Szukzi%zh50m)Jj6g{0XBc)_44Aeh-e9`4Mc#0e#Oc_MTM5gpr8$*Bw*J1X0bOv zJgwG2fed-&3Uqy|G&%bo%ejjnJ^L!j7ki?b8;A3;4f$U?o;=r2COhRYA04HxfkeNM zzko4TpsOrY=sT?0)zd3iI4UYT#SaN`#spaaWa2vt}r|q{0_u0ckGd*XXz-6 z7GQG<@>r!WI4Y&;OS7HdL_>wsm|>rQ@__@>a!@HiXt3tV{Hzy5BQcr+ju`nuRPb;{ zj89I!Lk{Zpkx2-;aagW!baVU27r6Ht>I5`&L;#LA{|TDr^{lKbAzNy}uO@nT=#D8* zp!TILnd#dbq_;c&81ynm&mue-{FJYvE5q*OA!3iHZT-g*bx&jGeJ{MY8_~A6z>Pml z8T5j%75;c+=&Z*HNAZTNs?&6Nev`TQmeJSCUPK*5fy&n(F86MbkR{=}&KM4JykcAL z%_^ARAGIUFKAH8PI-?X_o=t$D(?oDG(|O^|TQ^;e?5FR%eB)4Xq|Ci5tjD5%=f3l8 zvGHem`TO_mkAWV))vd|PuV0=0{@*3Sx>4wNAylN+04&&Z>wD597^DV0dSgd=4fS>~+Z>CR4H#$WKOC-~U2Ii!^m9dp7lNrVz^ z(;%He=y8)>^f%9swQ-WF6>FGJuSNlVF#rk*5sN`sM+?iDocG`p+^@+mt-kRSUBqTd zYu(^$_Mogd30?gp|NbxhTL$F;3Iy*H_!TIHeo?)Fn8y!C%I2tUBHIFkPf1EgOi29} z<5due5^eqCi+x)l-GZtGRnBq=6kP1X$xom1;UQcFljqZmcH|d8pu5mvK~O}Uu(TBh z)S|v+t21~Gj?;sBR>k&JMKk+1P@ZY6XM?@=Gl&2!X5`>9Vg*2-Dgl$kHeoLOgeV*k zJkx==v-bcPp0!UxR!jLK{3km@$q3TvtEzFhL*#~Ve_U62dhgmOPKZxfz>%$EFn1G6 zhhn+DOM2(fPyonIbJ+L_&t*>ihM;Pr!qP835Svao%UiB2FRFZMDsUI2aLdXXdQ`gO zA5z|6wXOBaIi#X;8Z8*5N+~HXK)*D;y-?HAPyb85^xHMX?ry<-eu7k+_T9aaosjV% zFzU+7gi@v1_BH99iNVP+%v1WKdd=L*?}yv#JNmT(cD;EzU*uxr*BW{JO!WWLwUD1S z6-K;~qTJrR>uo|;JTz~#3~c7ko<>^9b-Bn@aKik*Gbrm+I{TUs2qLU;Tu+Y&X=0X< z=vDYIjUfU~jrcptqgf;s7-a7%O=F7!w}f0C=xjdVFp3NE0^o?(#Iv$aJ+ajdc7>u& zCZG~P>r^L?r=8rDeC+vWbMc)<*=va;J)z?<$bP8zPhpW=Kn(CW6l4&Cm8M9oR1!;2 zU#{BExW%u?tK)}M@*Zn5`VZB^;c*g;;bAI-{KJ{99&Ay zKQ{a}^c6nVX)q;EXIp4U#w>jVUwuSx03P|cTeFI;2Tj4CTA9RulQgVot?6c7e{UCr z{(E5pq2(E2lN`&0!1!5oDQ+Y}pqc%=th|4WGbPbYa`w8HgAq8TI-aviOl#XB4Lp{R zV=E|MmMAm>dqjkbyaWNsUeSNCaOG$6mKjh5+^X6q=pecT|_o8-0 zI%iv|9WGVv1gMbS5y#9O>WS0=1QdyRHY049{Y!j&Jp0NlWCrtUpoTkx@p%l{1JI&E zI^T_&h~kYo6U1n92!bJO73DC}$6svdfH+zW|T)b_uT5^MFM$ZK&PSJ8eLP*@H^6!S+fm5tK#PWExRohF)^ zlvMrZu9$aaWqo==(}2X`>n{00^`{`NNET^oAurwvGM<|ACMH{<`Nv_ko{7mD7$w{o z>yX3y7f#OlB&8uJd>+Yrf`(pUof^|ubPaW$C(C-Bentv06`{vPWO)}FSYQ+{UbUiG zqfh{k_##B>)n1g~=n20Uc}j!l6~kEyb&uqNYu2_{0cz#Rcb~R3l$(WSjGql^F0Y== za}*d}zC_vW>b}wbcSOS*6McT_EnzPAPP;ST5Q+ZeusZDCy(`Rm9`aMyC`v4v7G3gn zogc$1g+@LE;IOKQ2k4A%krd=kGId9^yNQG5VL)F{!*S1!2ncher^I~;=crxE1 z@$&NNk);1of|&u|3cl9hDwNZpuQN~tjS-NELw7k!a-F&jGm|y+rJ2qqC3Qf=9XHTy zUr>?ahK;==s-Q`)Qsca zFBA?EP5LpK5+`mJV`2^O3n(8^g`dL3M8;4m`PD^uA*6+lTxhrfP_9_ieuYo=*#MgP zKb8NP8@|4W5s|?9-6p5u^_69n=KH1QP}Mw0%8}BoZsl;@?|{k$gA~(^AGVSivUK$H z_er;nR6B;P`z%ZG=BuOOl7P^ah>DT>1b?8~khQ`k37h(zg*Xv$Nx#J%Mtmp$I{9Q} z+3<1fC%o!)T@W!ESgJZG%(HtpGX+CNb;ic@Tq;e`G0cl2B3#_d^_TLb&fMW`jRiJ| zSDEvUJN-OMZQo{Hq&ipcCa}PJxA){ny0Nxt+NRVk{{v-S(Trd}33!HncwpH=E)Iw5 zv%xUzpidhOT)UuSZTT0vl&Ig@D2TEGJ@F>!dHIecb8!nzwj zZ4o!8yUxgU7eE;mh16qU-*~YT5b698n$~KJ(Avmou!@Gp48UFZ9v6O$bqvJ6B)~rU zmeA~*aMZy?{1V20L|?HFo62#R!m5EWP?8>BnodnM@nq+Z0JN1TD7yOv-6MC8$v?1P zear2<))o-$$pGcRVRm||Dtt$g$MjoV^S23pLQo01l2_6j0LMxqaq5-tUdP|7mxv&x(8vGNmSot!*XWyCyi`ZS#8`=v6(dDOua#=Zua!vj{^Q5s6QDHD#MV;)Jw7iP zL9ZpWvQ-q)b3Z@ZgG@AN;a8F_2b-d?#|@~g<4}Dx)qU(cgQuSNo9eo3E+I{CvxH@k zfu0hQ1YTlZ;HA0VFrr5l5=R;++O3Zi49nuhDj~pA%gLh);I%zF_d}=L~J9LbfUd> zQW}0YD69#Z zAV9(Fdsj-(hV#X4eu6YH>8uL@wTTGZ}tPEKYQD#oUTuXq?#a+Y;YeC*S6s3N^o^e%CC>}*y zF-g>_Xrz|G=#_5x@fc0T^oA7_oS_qd2s`7#OvG(WA*dt{7ocMA37>)u&x6=7L$X=% z^vSb@NA(j4iWW@Dp}|`~1Aro!4Osa*^gdL&$B(w>xx_22{C?|JpP!5Ms!Z^93~8VG zvKvgoC(V3!fT1P^9=o5jv5B9y^9~N9IYymH1*J8byiQC67dv5UV$x>Gj!Fxi)P5YS zFOZ&2;11&6g^H%}>6dUJ5s`JUqfop_igl7*Lp-F)2$`a$AVTF7Zm634zDEkcZGkCt zzr;`zmqkv z!rLZw)xJC7PD{PwTRdbv&$y*~P8|3l|4YJtRdJrz=7$l#Kf2qms5fr)sV-iOTji+X z*OI#a(ti_%D=;AppZ&Ik=q+BzX@#xN;8sPWalJ12=fg9&-vO)QD(!mtY3uF;Zj=2e zfj6H&o~R35W{}`r>3G>o`#+t?bKXX*0p##b@M3@n{tXdTy2*iAAzU*$08v6tBbBQJ zrJ&Pj%O31EilVYIH8`#t@TKPJy&Y9_rFcMVp6lF84-l9_L31TWmk;iNZ{NPH6fs2k z6k?W$#=gg@amrYoMAk?N-+gW!L8b$mUbqRokgQ#oV#F&gy$KvP#Z1iOY8=9OBML86a7-2TU&JCn-b^P>h}2A^F{`7D#G0Z;!r zKYbJ=!IZtb!X8|z8GKFf4$YIAqMFVS?qWo@m1nbL#xzdT>^@N`}n z9KC+1EF;9{?bh_!sM`$-M?V$@553$rusO;1f&6lX>t4~V4|}DnTk||#r9?y@t4|wj zTUwU>Kdjw7v`=>rm;87RBJCZX^)A@Pgr>_bfi4Pr4%|u!xM8Nj2xgh9Da|&8)})p| z4vej}pBQ&IIBtU?1!T!i8HeMRZ|`1?;^N|sIk@fJNsEs(LJIy|VkZXd2T^A%G$KaX zwk6oD!q&UNEg-@!xG(xb*Xjc*DiK+TM_z$A!vNgV)D)oX4E3;ktA0bvVM1 zOpFOM0-V9}Hujz)N;;-z5Mhp(Ef-+Uk_8MP;GbdFk*+KacElU;@!Nr{@(QaRIiiG9 z`q>-+=u0rT^Up4$yCB3CsB5;J3eG)r6mGYD1mq9S z$*SHaAKc26SreEq^ZI>v60s2s3?7zbpaVj#+pAA#jFW4Ko|Ag6Q(Gi}YBs z287!IGXx>}JvG}$+y38owl}cwZ5kMjxEWc-yFA+o zc!w^A;=Nqi1{g{!m62n4^trSu_g_3(dhap}Ca!GFq^Kgd^++xIU;<-=nIuN9o#TPjBRo0S#YD<{Wa$bn5N9UeyE zGFHgEaid$qidGjFmptd*TR)e;9%mGM1r{l!^bKjc8-;@ribuoPkfav?NG`Y+!&B8! zPEp2ZX8J&7okmz67<44$y@N~Z9bD>X#pNskuY+Eq;B18iTs`ewd3gW=tnNieSK|1f zdxPi-;d!|!kj3z&tna;y&h5k1Q3{rC*$}p|&zn#T>fJF3ut^0o!Sx>MmSg1Zy`K-! zt~Z{nTm&vioFLoe3gY1AUrk5%qji zz<-CF%U@a7-NG@g{o3pD(~H@*uQM>9>I=RtYR&VbEn9$IJQau102W$6$D^d&lyx0E zkY!y5`l$;wDFw#G-VcC%Heh?eocgzkbh9>g?41MXRl5iwr6C*8R;PsVmyds~<-H>Qdgk=fhlR z@lm5k1umgXcE`L`J?X>qwXIo|>3DpZ{^NfRgywlI=5OF$D+aq1q!&Avr12ArM(}-i zFnqnBX$eQujxAI%5}sBU%g%0;KB%z!2M)V3hL9SA7iLr#La~AT_cbUMzg}1Hr{Ngk z^>ZKQByb1h7bA{C94xfTU5+F0yZBL+p?T3XiAR3&!){@{0yjG!vp%#OY_>zUKv4>& z8)aErFjdvW9$eGw>g2QwKA9H@M_quvkD+USggnc%`O!`26ZJ)zSy&DzDpCL#N`JSn zPtZ%=Xr1M|VKt9$Dj0_&NMZO~Rz}zrOnoQDTT%#20%+Z0VTX`{Jph>Fpvs4+AsBKT zT%yV+PjVm{;1ozwexJA7k3CL#)bPW;j9tc&8{|*gi#zy7J!o=4$cv+J{Per?EPh&p z6f%6bQglEUQ9^4h$;;N;E9eYiP&thm2nYUhoT%W`oN3o_(7nOJTFt=Fi`GfPy4L^V zWFOiq)8?fP&)a;;ccUH&jTJsI)N$~cZMafY(pY(>wD>_l_5n4mqq}lq?OldPcC(yi z+0lE6?PBM*@5wbydI`c(a+U8sgl_9z(y|(o>Ya9by4tgcv+!ig*r11SXpqaARDGK% z#kk1z|^wcxsE~_5r=9J6>053 zUIVB>s$ASZe$#{30tE$4rRXsHqJ~@3*woos9MqRoxIURxV~_8QE9xG$Ev{Ub!K%ccqy8EDjD}t4x*6&GMVVuh_P{Cl9CHWBUcwYb$`Tfiw5gWMd%(hFNz4$ z`BMMz(W5W0bz=3=p*fZemqyrx*YAl##D?|jH6||>|Ng0l{a;a!2&i4ea{`=mzoVn0 z-<5AgpWEA`0UvMscI6=A&Yawr`F@pt`m_p4Lp{ZNkdR@xk$#RI9nVq`wd`I2-v_scp!cSgVKop$m}6HEOGbIlTW5-v!Rnmt$!ytSSN4jB0Pj30EzgH zhK44@$ix)w-W;Ipl%;0KQw#In4N^B}M;D_9!o8<~?}aSX)JA87Y5fMfNP`|H5~qtM z!bO}bMMve5mKQT8+Z4_@Y*($3ylZ*yp0&mjoqodu%e>ryTcyqi_k1|n=ox50ql%uQFn0Y_adHd>kI;+uzPo zh?a#A#6n|W$TiR=epxrf4_|MUBCwqQ^wF#U7D^t zUbX<2XTXZ)DU_8pW(!Lo-iXN*;?p|wIlLHTN?riYUTvxB6NPJuOoi5J++=crN;JLZ zO&pAUCYL4-W;TvvTxca)kk7!`4D!$KfQSLw9AjhTpXC2s0@kh`C0l1MmxU+dHqwPz zP24;@S5X_Xn@7KnhKGqw(%Rf<4pk3EwT8?>lAwRCVl5rri+OkQV6EUaM5^?6?!(RG zA-+XGMAsQl1g0mLzAo12r=Arz%8u4gw!jhRJ!d=m{KwZl%eqRVvQjiGVZHkADySHC zRlHjcoV?o-viH{HZ3o@D(){~p#@pgg^;(=iR=0VUk8)}6-tgsLGUb9=1EUg-k0^m` zDMNCRr|#r8vg|Z5cx5K_R8FSvh}!*X2$tJZu;h+`-q4zHq}tV%vEii6}KT&F}A);qo17UVi2**BBS6Cil%=z#_> zGEICLaCZlu7)5o(^Zts+LvYMm)~9Si)o`--(nE+u!fib<`=WG!BuJ6Ddeo)ZzDkH% zAhj|uNp2yb0FVw&KYNZ?kZ|N(KnvBR9S}EJni`Og&vZ+t$nH8ZN za7w><`*sfs#S0fNPJqwRb9GsgXt61{zs1yPk5NzS&NuJUCB7T$XlseR>iqroOKh1H zOVG1CJLmc2{mPEnQ_nYq?jPMP7OS85Yp^8DfVm*-;=T4gfBCnV95oD8axCy-Do)+f zQhs02{r^@UzD!-m4k#?-<3XTO$WDBW58mC`iP6T7wH+GYbfUaORr}oh;A_{RjgX71 zG=nu!#T8gh*jVwx(bCUR$nv8R!~C?GC$``<9?CfJ;a?t+b!`X6-<`n= zR;|LQjaQAY$#6iZ4{;PrJ*l$>8qSZQh*md>Ay(N1ZT2>S){S`lJy?Kd_+5$v3{*&m zXT@vME5j_~Ymlm4gTBKBnoh%MCeIL<_jnMa`>BO(Y^6Wtlx;Z|Ns<*1G zt!>`JDtxF4%t$(hW3l1^5)%c$ruLG06;-UF)yyK+>cgGw$Vwz4GW1-fbNDCQ1O)t{ ze$dg>B!O~BfanJ)eYRm4IW_G%jUsjs(_4n5wmw3k{WN~%iMNf753y{Q2QsME@c90+ zsgAmWP=7AzoU(FduXfEu%|xZ-m+5Tj9$W8P1+H#vaG9{v;iObj7;C=@N_=>}A}3jL zcGm?=+ ztl2L5<66_S&zNg}*F4o&HqGl~&RYHde$mRhF9F2@;|!UFGxktwwy?yTii!$uzCOJ3 z9fIOt9{(5{tAr$SVsbJw;V3SBs3i~JbQ2a-KsEr$RyRa(C{c;(9>h%sxCqis1_>{L zzzPWoUpEhF*J%Vgg1Nknb>4|dO1jTc77!uvmngZ0G;a4OV9Vfwm+0=2+m*0XN?VX+ zO&t5kKRATEboF{HzY-MYji9`MMrRZlOWM@;U`L;W>IkgtHGGJNJL9zzEvueT0Yj%J zC@j8E`ioK2H6$AXaQabfQw`czI0MCTE&v2O6|(qxcz(aK@-OK2h`Rv`Q%tbCr{@3` zgaLAT2+~%Ja1*YC(d)n`QDBqoGwAO0S|52{ zqvzOQH}dWCl!pJ^AlGe17e{)Mo_9X+;4jb9caJHpnlJNARZ%;8DZ4b|E|ZRPt7TKS zu}5`6_Q0e|u;AQTH9Y0^6{}t(4E@#e=%k>lG3)BIddeM@r!5jjQssqw8DEppeI@O4 zC#S?eUg@ZfMW!lHdp#|+e|8crmCvqRT*ed}e%x;;)pee#Fbp=N2O>bR@uy+x0~CYM zv^u%E#(@XKi5SKn5*-?P5Gd5Zz<`8RjW13fxxdcjqzMz9bw$M;bf;_*mS*lnGZ+EE zEh!m_g#$w^+QT=HlWAv$42icuRCyn=MCdNClRn^b9Q9s?k{*B25e_YX0=v4jv$iPuF}+>?7k=+Id}394)fdt+ zGw3jmC`5OLtAuJ5#!ZyHMxm1)8B z!$his)0Xl4Yq^}Y|6N6pWn~+S&D8X22U-DvS*z8(6F+}~feMF;WVJI{_DjRMW-Lnf zK20MwP3;?Zi;Gw|^)1Kl$knkFYpwhALE!VEevjQzkv*nXN~4q;w_@)+7v4I{n0&28 zD{<7reCCBpt3ln+%9FK6-Cc`xA{7v8&MxkHK0V7Ywd8e%y2kEL#r>*i8~?S!|NXO3 zdUQV6aG=wAapklWUyg*JGP4(L2~xe|F!o0`-DFWDTbFz>J;0-J`Z0CiH*FqmXbcNr zPgmUbA*@~YVx-*5hZ0eQ`Te(V%=rA+Ns32~knA2<2(+Pv4Gw08IEQ3t4DXCl!UKM9dXHXn z4|is6<_%^l`NhL~&X+HheG$NC^cbvb=epPkd&i){_FS7jnPXPdV5G z$+b+=%>DB$`S+(KKRe{)?EDs;sC8WuWIAdH`J0%U3gIR-Lsz=G9^3g5|2ISVMT;C& z+~tQP0R(sE1$pw(p44$9PdL8RoE9!SH@5Fs` ziK6xuoGD3%;?kOKkIGK(y*wx1<3d|M_M^%}FX6(|#b9;oU5cemCR%0%e21SD{Qvy< z_=~Ub3L5LXuX=AH?eVI3F|_5W*JlMY35`_kPSe!udeaGylJ4T!9K1{$Jz!Y?rvec{r*#Vvu#j8@z0Drqy5yae*eFJ)34oHi=w}ps0=>JuV}H7 z$bGzm&DFsmjO%ONeIu1`k@blI1RbR0M_qIlzv>ar9gG1nAuDwxy?K%mO?$M(tFH6nbT5VjK_g^u&*n1u)J~naG3Pb^@jmI#Nx1r>O8920#n1@vs}SD6iIh;z!(#+%t{Y0Nm!8V2&xcp+5muNymVkp9YFzZ_5H;uJ&B1lGHwfC z;-6>}yw*JYNxr#}XuQ|9wU_rln`OSEvLCh;XpGPw85Eub#zI&NG~UjK<*>-Xg&?oJ z11;0^Prx*AJ9PB)Oog>b;~A(yt&6_=G!!$a$prfomX2NQH+*n%jgz^;yqE0Q0>Y>u zlh~iCp9$JN$^NT+C#rrzpirRA3;?-$+$rDyHk;w&+*#e)RjyOh4GSe0mY@c&4zNy= z<*nDs!DGu$?s)8%Qvf&YgW#5cy9WQB{JT*N!zval{D)&h^kZj<(C=9j>k<+NcYd9F zxV-VP)Sk+U4}Kw{QXPY~1|m*b0c=?T^N$(NyGt0WzeKQ2oHoh6hMi#k_`L4bn(wNi zs&T)+RTm-Td(|6+TbaoN0|*fk6ugDLGNPix9z(!R% z*VqXkSRXM%U1$VRL^7KwBv%f&+8KAx(d~GYzvpcR_@qXsOX>@H;gjYQ7QO?0*7uX2 zkRgjiLq-ZTXWi)Ac86bq&&r|z63uSfNo=5Su~XE9P{D}!M<^y6TOL3uau1qq>K9PB zO4)ulW4Ul89cRtm3}eF_d*ctOdG5%DGHw(J-23w|YmSO;D8R}L=;tZPfkm;_049{? zMhTQpdvz47^KEwNyV$D0!3j7?Ma9}a?V+G{^r(LJCqSb~xsqs>m&<_~z~0b@O`$Ie zV$r;y9|^{b$ee6OSa+5)KYyN%r@dX1A_7=gRoQBr^84a#xO_!gW{C6Tvx^ zwn1{jlNzInwP*cWa-uqd`VRgpQOM8ui&z4(W7ek+F45wIgnqmRsLD7}4 z^&VYw2pX%?*fdfMQ)@a81L=?aIS+A=zOd)qPYa8nxWZltQ{F>z44vT94|bTv*NHw< zKkE=aXE&$32gZ`0ej?$>55%~02w6^MI6_o|9xy5UD+FRCk7M@w_qti(ojc8e7$fsn z?uErTI<8DirnphR!#8VKz9Hiom)$^KeXGnEGuA(+TKemzA<|>d3^$@IE71PaAd$VH zwF@;5t`{o8a^t}uIpE1Hqiyet4xu=6(>`@3<>kHWK7-Ykj`E*$-8Q9`GoIV;HP>(} zqBiY}fko1?ozAqWSQ$yRJD6O@Mw2_#78Yfq-)K?Bx24tZ2> zQCeZr(l%UzDi%0A=P=`kfDm6FwDoFV#cDv2_<^hsSll_ZKI#~O1+)T)qDYk}0!$EeBXs?Nx z87U9nd_D-HU)VKEA^W%IUJr_w?f0Xjk6Bs@phe^Fhi;36pZnN;0efMNR+GP+3u-4= zWNw^gzJjrjmW>&4=4)8>KDN0CtIbzGcx=;pXL277nfjMg^U3l!_@Fz9dGf@Yz?Smb z27g!Z?_0b3`&YdIWRvSU^x!XlmbV-XmH}ColIxO0nF@EeeBO8dO3TR%eg{)O)Z~>@ zTP(FM3rZ$DT8?OJiIJ!>jxT)U=9!V_gEEX6UbU}q3TxYM!58!4#AUe!lzwKfLrZQ6 zgd8}9{ogfRg!y~l{0}~4TXwvV^?O0|^T%+bfWpi4c=8@MA9$cijNTy35lJl%?%i3@ zCWA0B0B!1^DA1wj47~w;_;wfdiWQBoteEjcoQWaI&rKIL|EX>1u;?G~o!e##sq zfu%%mdxj2}7m3u^U>``pnK?MrF;H{ZYAXe9EnI3?3SeH$aSggPU@IZ@<^pDg+nN-k zO1sUmC!<9i+jV0@13Yh$&AeD+&X_+Rg2{LKhKqk%i!1wJso@h5Nox^*KHu~F`2Z%l znd6k$i)le_S&U0RfI zrqsV{J^zAte|nS3B>U@3vr@vS<}Gh!$?R+@+G3tlzHOWu9RAw^2jsg-l>L)zIAcZDb=I zBicGD7`RXA6qI>D6CZl$)fJ5NJz036nrE8cDgB6Q#xMn&sw@2nsi3ifntk#;QC zexNpy8H^bGxIPG4p}+)x!+Cc@`iYm3?{~}EqibXa0ggBQtQEbhZA(w)(hU`6kQyKmbDDW2W7LI+fLlR8&lQ#0sg_~ zMC*+twGO05hwS5oAl45hZt$Z=Yu^xz-rryBL@{9IGI96<2~$MDf$M`yJHprje*yTl zE(qUIP(%SPWZt~_GoISStmyKAZd`{PdoKhb(*SM)tLoU5;2=mM>P80}9n7!Xb77nt z&NzN4sR!_LQ~~FGeCg*ADA~)5rOekfMKyy6}H1PH%lA@eIZq$6r-?k{!$`dhtwa zPnmpso8mS3W68+3Bhk2xBV6q4JWZnjE zTw*|@^g7$K;m?IC_b>|U@O_s(@+@3Gd85T*f{=^6aKZxO=0mAHp7VO~4)inCmW_b7 zfn!(V3lPmOZd&va8(3Hnq|5hZ>+W)|2ROmVD#e^jtZS?GVtEX7c#iX}OdJiwX=v$4 z$n?NK;w62I@=SE}{61N*Y8+#aU}F1#6CD*<3_wH#bNPXmKAt-ac|3x#f zFF)bA^P6=RY)tnA1xQrY;Jk(Ys1px_5C!;F$hm9;c40Jf}2eSu~4Kn$$e@GxZoDnY|WkJQNp{W^UJgq$7v}^C) zN0^nyj3*2<*bXoR(fgJBe4h@(t=BTSu?hF>E#4=4=LUs55FX zpDLg^aflIl>)}vJKG9FcLeiP1hPO(8`rh!KFn84H56?Z0!Iy;bj#STN&lwuBp_A!C z5fhImLR*eOh}ZEjH{esi^p~jhlos5GIaZebWs~fwD?9fzh<`e%&{U7=q4{)W-U;k` zXlAzW+xHlsv^qhH50~u#($cXTUJQ7x4#W`!3E58^Gdh38D-Nx99iu83b>E=)QSRJVtqP6?Es+58V#L%mI` zZ1(VW3k9`1D(|p}_FxxbEyUpc?8SILlCe-Gj?I8{8fOHiBLmm6C3hFur7)LbwTBeQ zCuJ~NkIvf|)Son^LFND~RyQFj6!?ZKj5wo1WA}Ji^~_s-dRq*fyx5pq(+$ zt*=*dP1P?46*f@)6r&M^j4Da5b9r6@{Q*1VW`&pMy; zgi2zr!-sJvTcJa3!g>^4f8h_t`2|V(N&7hxo^%O%8p>KEK6|5yw8+E3=Dea6V`dIw z?gO~HSF%-$IE!uD3LhfJfEclf$(yi55^Q(0`#^RQ2m*xY4Q$wm!bHX7x(ry~iI)&b zzia#aZrlLb+AfBmWE4AR&zCIWrIxiLnJG{k{Kdz+oN6BPT&oHo9rE$6z|}@FX$Tvu ziBc&HQt5N}3Oi5c24VSyF3k4#^kDeOUYt`7VvAVim!KbjeW>VlufnOhWM66}YU*zG<8 z{gu(%ckaB6DdE>~a0y;bvk1c$eO}VR@CL4xt2IjRF*7{0ATR=^?GiN8SV&@)-*69- z5GFKq(sRGuu|n~5Dsi{mDb6GwQ7m#2fe%T&X=6K{UPctA?wX8xpF`p@j-c)G@=@T^ zw$S7?XQmqs!c+-1E$q=Fg{}QA&}w8mv>!#05q;_BYO+GZw?3j5<7l zF()9>PNU}w%_y{Am|s{xoyr9l^{J`aI|zM}vTyl}a^AuDMHR=PI=gcB7>t!OxPsnu z^S(>DrTN&Q6`%;IENh;v1}?DMU=#!1$S5=H8(f38otHQQ+yP4mkQ~)`DA`R=| zNiVFCVa#)V%f3h?W=D^%g9C=&XS?m52aEU^SRmh?T=MY9ubx;Y6SU|*=FHBbRAV6f zremxaabRdbegi(Dy-G^wl;bnG)^}5-qxTOu*TdeQexuO#_9A#04=i@rf&vVJUrZUqaqc zx@`7I(=VStKRFh?Pi4phXADDIAdm>0!tCmqv$LHjOL3w2VAry%D>!x0pt$WveUZ6? z4`|EZ7sFD7t~IORCdnpV1{s;}t?%0JyoqPm$w}wh@jA|F(vnU0r^Om!!zCTZ`=C}* z$~sK`Kfc}rp3A>&1OCYjA)!PR;AKH_Rh{|h^&l=vQi0Y5h){kl$B8^qbPe8 zDcO6E_xSd|@B4Y~_x(Jt&;7aoOZ=|u`d;Taj^jMeFbn6#=6YeZ&+I>w&&vKd-Ar*j zM)S9MKLi4o%aA6^LU|GVm_}A5F9>BsWvqB+Mg@(d9}cAU86e!2mvaWLgHmSS|5jBC zBkwWIaW5j`6Fzw}UQMFSg|Y+ZKC|TeDO94w0tK&331Tel1S^cJuv&R{)h##!xVLd)%6ku&^?K z#APU#wehBdjv%rx^H$s#^fZ8l1Hj;6 zm&PuwC1{t3&lI#|kh75Ok3fZfq0J(AJoyhm{IxgqzJqWM_1000^g_zE3l+;|sH2cI zFu!v=qK7+t;)Eaj?U#?mfM-dEO@$AB>cu)J z>|?m*L-i-@A)XxC*k7mt2=tGacO2oV)xNk7g%*k07_VMYgXx$_BW)ya7qLNcp6m$%%HJb^zfhX zt=qOCF?EPLkWQ{!4{zZ$AMCWcn2LN7CR8!8Vl`Dbk$ zMp(9~r{_iPz2b#h7vitwLaBpufqin0cTIuBB zES+l91*cG6fxg46L`2ntq`XmHrAy|1{{9lqhZUTh-j3xCoaT6mAtra z$yY!kM6lx&^(*B-C(p zj~F>phJBx9uIoSXZS~}dpxo0f&CEj|O!w{R)ei_;b2NOf8b|d~N$01AU#5+T{nrR7WMlP<@*~BwATXFh%(kLQP zm{uBjI%AC>m}fGhg50GIJ4?J7QaQ;;UvS(fs{=7>ukliLvhLi$v5%XGkrAqYLZAXW z33Pubau~aPv0I0A&!rAi1QCjTe?#?4&kIk{a0+`HBJ9S?XUCwnlE63{_ELUCjrjo~ z;}qJ@&@X$i8u`2e5VtX?V}S5-DzSFY!gl8 zcPJP^6#1g=_m;*EGhDX<;CX!P9y00J)Jd4aXBcF|fkG>@3iW+)YwKfxIkgZELp_M; z9|mAcb%~l^Ok3@#@hCMlW#}&tyt{Y?ffPY@F9PNshK>kWI}xiXk{VDQAn6e|L^F4E zkGQPukfotns{%YmdE#Aj_dUa?coVMqOrV3|1~ zBOzkEZDrt)fzSC~_fmn`1jE*o%`Q8vk+sld(i`Ehll*{fPcZC_e5fB@&^e4W zNQNZL7Rl{L(o*@w$|D_!aS*iMsLl4+wD6%q-7zfIdUZVK;-NbXWZIQ1Upk1>OM(a} zoN!Xsv0i?a-ei}ozS>nblK4Xi9SUBY>rYvge43ee?_JbKD&S%!r*#tR@1tu%ehW+& zobGQtd*MCqb)eUC+{Ck3%fyYwR%Pofj*>WH3kld@(TScOkAZfeP~+D}xArG6B4gv_ zB@c;tjsZ=ZIpoNsD1!EY7;$uXEW4S#+cc*%HDzLtX%@+4I!WfpcxaGs16sv0>1~*0Km>R_@jTL{FP^c#!QzvY z%H=lq6|rswpyuwQpc4KDx1nl84H)mCp<9WhFox7Wj?oDbGd#X>biah?#`KQjp5!)G zH)Y)vv4nanQdUzs+@|%-3iVQrZZ!AD+?jDBd$S(!PZLZVBNFNthVd+`@B^@mnHwF; zn+vZ0!LYi-lxVFiq%5UkuMCAwWbWO@D&^o(AAKf8$I@TQ)SyD(w~pw(PqQ2^I8`62 z9KUjA<(8xC)y$$lW?62p;|htb-lQIK^!_htO{I(M=j@(#2CNaP(+Oj)P?b8hrLLYf z=RkaXNzG?h1e=hfRQ;Tx+r{MGE!1gtiIqN*n@*4D+ELAGG3c^m6g!i4;Ymf=8!bbY zkRfb+{rq_WRIap;Fb4sh;ikgx5TaI#@?l_Bqfd}9JAgu5l^wN#IDA!(J zUvK04G_MEExa9g5D@YheY(sOxRsP|F&^Q=fZCt(bquBxYD@o4AOaO@biuqqpy9@$f zkD&P3g+U2#`HPG4=b&wcGu|g8DQxR?#XA;C)sY@t(D=Kjrxe(PHQUc*g0XC2m_+eM zr~Q0r8$fj>-`@x^Uw>|LQy1nW%4LL36etHOqIN%!@z*-GXP3SP%5P=~E^R9`^8lx+ z_&uqMprkjFt)qS1N7lijP&LNOtvLS}3taDi+7E0B{jk|H(RGT6^d>*_{$Dq5-W-8XAGcZD#MqcIDEo@}bO#S?%7iMn``52B^fcDHJmbE-y<)Ou z#1iiZ-L{oeqA4i=VBqibnV(Jn_r~R!Tj{4yyJd5xWnFYFWXkRIh8P+OtiZ7PMMdTf z`yYTVdtPh#pxmVY+p4&JiLcrvrKLw_SHY1=$};>N{3}DSeAr0h@%5wdp&+;dbGkYX zsCQKaOkPl{b9us-zTL=3D|Z-b(g`ZS)038BMAlmAJ~9ka01>G=ZiZCkYd%2^n8)m#AM-po@; zXwkB-OX&qShVBf6YbI(0q0<%C*3x{f_1si3s}3a4gYH@A&`(U0ZHKcYjt%wy%DmYA2+6iWXqQ&3>L}iBRcNg#=z1T#THo7Z zbJp-vhx@5!yKMLDusHwzTgX)B+(W=O7-hDh(mU(Y$}*|F}Wv(%jc}tp|@DDIu~4 zB^zSol9aeTWHBT2uTHVQu}G(~qw^N%xh-k(*mX@nBo)_sD=7fz*?*j%3-|{exm~!I zGfuBA?x}iPkkG}fj7NPt3*s9KS$3A~5p>eI+EP&Ke`jN+`I$)v=2IT6-#eow9GwO} z(;o~?BRucu`OoIkKR0ep=uLm`-A2_`vH4xym!HY^Z(DDA`K-uh&|#Lb@kdR|2e;}+ zwe z;Y&uOfxpJ8id9SBK%-KU4GOHXVOMRK<1vnIH#uK=ZJcw;0W`^DZtJ9N9yZ&78C2pD zS^NUxbALrYOduccUi%pChHEmY{eMmEvF>ZA?WD&RPKz1sxr=larGWcQW42 zs^oHB-Tv(9yr@Vw{bljr%8&F1L9ohQxRwtfnEGWfXYODd1Ph6L=a)dS33<07+)6mB z#_Yqc9IGOGF5&Bkxv&N(yZ>m+Rz z68iXa4Db=XQpQ(vGqdgA1{Ys{d9p8NpcNgE$aIrl#M$#{6IvRpT?;$mpi~iZ>5;Up zmBd|zSHh7>o1o^UL!*3pvN$P+s=an`3}7m%Ki;T`x8yG%e|H)Xr%ky(S3Hn7%`3rS zZNJeE@af6kE72vngZq|K7_%qt@w$noFeynoJTqUVZwS~HMal)Z!z`HnB;t*x!! zb?VU6@is_9R4?JAb}U?6H>MUAzozQ#zvg}#&ErKxq|LnWt;{C!8w95)D5zr#OLL3V zQwvi}FUcwznz?5yOEt2>stwfUTUE%&*c{Cj0HTlclOMcY#1BZETL%x@appj_+G%;61y0 zQoeG2XNGSn__egL{6{Ila8=E5U(<$D+ky)tE;N4&76}P)m&}vDoA=@H zL%Tg)N1lj?3N8s(>DNie4n*Zj-56?kUA~@>2^iDABA&YI-&z2iC4z;4!f^f*8!oIj zgukn>KBrwU3E5LE&L>=|z97BTT1s-VEU@q$da*cq_JFs~~A-w0)GaDb!HEIT}5+jac zHEuEx8~}zyVObSce`uBbw9{pw>N^+-ID~SHz`FQVzfk`|Z^NgO{!pFn>ipx_iQTMy ztnNrW;KNG+Cw#`igE}BeLYXm^N&&DKwGw^z1pO3mK}u@^V0I`j*)wbbRv+t z0u>I)-d-?;B3Q_h32S4}3B*&4X8ln|aq$8D4PP4cz6`}grY)9+7c0X&4 zru{|bX5K41u6`Ky7IjJovCLkDnT60ebamz#JpCDaVqDE8Dv#lYpoDLN1`A`QWSEzv zlxU+1?N^$%su+|j^nkD79wp8eUACo`P1tC|fey0m?G$5P2t)pha&!&ZRq(Sz2wfs zzFAdgX2+xUky!{?6)S?wSp0RUN~Q>b9)V8HyyR#P}ZF(`1#U1Hw3^?bNG!tE37E9qq+2 zm_n?^?mXbt7|At7$44lv9#PN_Q4?7^_I-vLQ6y#OsH? zFTs8LA|N`&it?X#b5Bot3~jqJa~+uYF}S@E{Sm}o9*g~kWH)#;s%tEV2!#BchbC6T zcWmw=jyDl|;P)eTo;Z7U8;0WszH!+WXj~H;=r_tg>t!;hbf-6?C0b&>XO8#E>7#`y zZqSBpsW}9s3O*{BJ+M2Mlf3*6%3ZYebPqZ>UNSK^PIe}#AS$9NEl2*|=Q_260Ha=a zh%dypAT;4+L$8beC{xs2lMX?@h!=b}seyhpvxJ?bkZ0gXq9CbZT$OG=dU(c;D0gX`3ImY2f`c z0}V|~=rM2Iaee$W6ys3`yP7x_ZJaUDOu|FZYoBcMsdNt5CU3~Hp*q}89skG zT4GgP;VHMT?~&6cEAFdjS*gc(i{P!j0-tW)LoOVs>l8y{1GIMd9^dSx8eg|hPPaBb zEH4StItZ^)8pZpHH&JR}rvb5vF$xdDTSF-RTus=gH~~1=Ut4;M-raS$IRHVtFla1* zwF<-CaKRvkB*Z!zM@a!f)?Lcv@t#MmKWE8nkz~DSCN1sZ=9ZXzax(YyvxC|xHb2^IuQbv3)CFKN)t*A zCN8}-jsUk%#Bo67af4KAK;E&a=op!Nz_(J006E+&x3ZF!mR8UxL$}%ute~#{?booZ zJ@h7q){_H&kb9(Tdkl>Ih9yioJE0{iSxoR$5)_mOMt=E$1Lrd6ikV37&nl4dW-MyJ z+oK32AObN_mSB6?2B5!3@gyAh&?0W5(GGiaI{ECBYtcyOa;Q(1dnMNL!g+=fywZDg zD^(5V4Gl~2r%sK|sU_)fB4fWtl|uw50I4=$10=jDXE21H2Fx6MCI_sL%$=EYp*+Mo z9U8J?7q4rj!)pOIGtSudguzFWM|D4O*f#iAakvR%%Lk18N>QK@asxKZO-)SY#7=QqUNbR2AA@pFJjhmWp|BLi2 z`Bj64b>Z7(HmWUh5NGlE4P-eb`P$6(d~Zn3apt41L`W(z1KGAncnI=|ilzXUXRYZuQZDJk`oQwL$-3td`Ht;5c0K-YKBycpvy!gi+w zv+yUY??=CrOpz&`PjEXTxEk>I3(cpBsui9hEAdKKI* z^i_Po6a*A+WC=9#7c(C}3Y-!kxZ-f^Ip{P(fw1uiNklkRpBJs>W^;mipPHTzOZdl|66OuFb5|)A`YxhI^|AG3WM;-wqQL?oB-&emb2mv!a==d8IBgxkBk{Kb=}pbe&*5Bf z{M4zx99_YgK)0m&-DR<_UOmorS#i=WoO^yrgVkT?i?9sVK)R!aP}I^|hffzlggEaZ zwwJr2(Fm}p8%iZJK8vBy4?ubZ(iQ{ec9s72Mh%RPm8|n7qroX%@_%0}JT!`+AA|9|b&L`0O5980#Y2K= z41zq0Z~H6R6MY|9ES^fpY-9ybOsr&79t3jsQZsuWr#e>x;ux{G$CDufJkPH0*KN5?Y;A3Q zT77&tO|@Be)F<~ zKRNv>-e4nU^B_`M12EYVRxXt981P$P+56}l-hxzc145xnC`h`YG?)R}9)wsM1JVYw zGdr*P_2Mk7yde$+E|L^^>u`!c7>g4baMwC(z5W(N#1%r%qUuu5AEuOgdnWXE+|A{7 zy>4cdFzqFLTwf~n^?K#u#+1l1$0x7{fs-su=djF}0rdF^hOu2+YYLE4N`BX()5V(Q zZ8Y8!gRPANl`e_T%JCo6n*tw|y=&-$$?k;7S6aiX$a+>gT65XmU2P`5oDko|&kje=f=MC8Pat zePXzZTV2BNTR0b?CuG}p<_VhyH}{^4Pl|i`VkGpog~qP3@?SdY#yvl46z|T6=tRDv z!~H%89=9oFYxNgk51=q@k;{6iaEM*C*3h0dH{gh1ND!xZ%~MJAyBpA`C1_V%!|E?Q z?kd%(N*i0-G@K6s*E28>`@Bbu@D8tS;ZVLkD`p>P-;XV79aSQz7S@Kf0Bqe$7Q)1< zF-HAVt%8q)sKPEcMDCo=7AFuoOTKsG*j3BSY+So`8}ogLzaI@gqUEOvUQx>ZSa_2< z|9%S82jwr!fTEr@p?rA~5nK;ZBpn5NGy_3;9XC;yw{Ieq{s0F_@uxqX zMa!f+r_)HVUx<$BD8%M;eXu@fradVa=-7h}y^G#m?<&vvA{h}M%sQDC>~`nG-VWl* zDK}~~hqi+;YHw?-xHi{O!F!6|n*fyTyuK&GRc^yfzjM`>FPOiGYyM)vKuVQU&(UFt zIT%iEsjqy0ztha~%J47*&)z_w3|IU51%jd3uUN~Cxm2cdxU!O=0Mlhy|LN+KF{MynJ_EAG+{mG>; zP2o_58U!}|QFMKe2K8dIJcQR=Es!xz)7tbcHMZp^Mn^d2G68i@JhF@lLRr#q@lA!P zguvA|*bZ1$5n7fVTGi}vZuP^2v!$Ottt1o`WdYt>M2wGj8d*WTD?^WS#vM@;_M?m; z9DxznSt!6E*puhcEop20$%N+@>OAR$fpoR7{udIN@~3MHc3Cc^6VVuO4;-yc1o)J*UG<93a}3|*U3meC1rs!@D0@+f#B+Cm z0QMQE>%+W-Jzvbbo0su^tV*_Uj{E%Q`}e5b496#1LVv-9ijD3wc%JR~!S<`-bo+FO zOwv@xUGh_p-E|P_C9Hq9CYj9R_zQ3aV3p5Ey{2L4{!~srK2cLe$@)>wr>My(H5f7! z2>A(N0vXZ=V;)1ig{IWag7aJ^6GpVh?R@tgM$L0-X5k#IE0Ro=;F=29WC!DLQYdKq zHT$N&;9bRd>V>KO1yxOrxhVOG9M`j}aR`)qjmrRjs!yP2k6FU71a2Lr2qgT;#eDH! zi#xdjd^&d_GeL>a;DX!pdjuqIsE(napzvex*)T@59JAw*wDg2sRz$v@KKznMYN>-q zQ~!9&^`<_0xcaK1y(Suz^8i>&N+K5Q?sQPQI{46w%`}g17O~% zseh{aeqoQ91UGOYikyY)SrG6LB}8jF`(}IWknil&F%zGfgo)q&1OD}`KhZMoetW0q zx%(OY#v&A2l~p=6#|3t%Zik$*vkB!hX%hyWjRO>o5B-9^gMN61P`U@*B z0wOGNh_UiWw8nf%&6|Y%hM~ghH9)A}Z)ETA3B4YbOT_rKZNugH}`6fQ?pwDbIDig+>jD_uR}Kh-ChLNl4w(qDf0y$9_Qkh;-NT z(S*msy#;T1-}IRUi$v(ktK7>)sd4f_uNWU`s>7vkHmAI;*+_48)0wd zGV0|ws+C|45}PxcEx%zu2Wr@)szoxnM=CW65de{So$2AuTUaHBr3)Au^CeE(I0Y0> zs9D0S{p>^0xyo;5f1aAE{Ba=B+S#77p1sa4hZkH*87@%;j_??){DFc7R-nQ}5})?^ zdM?R%gmt7Cfzf#=WzB^ty&zmBoSsn$7$ZQflexZ^XbXr90A1wCLl0fhy~2Bib4e6C z9w0K>1*yqFkEQ&obPQREV;KpunesX#r@4vkUf$m1U;OZPf_9Luu~8XP;x%-qhTC$y z0ci+|iLs)`MC-VqoScqOXM`Q%{}|18fqW!mC)hOgLUlXTiDZ)jnYe!_>+!CPqKZlm zFS9RZ#`r}=&&0H$_c|X{)7YqKk@_+|o^BXQ-AHf)(3vLn8_$6d|7a|&>@=%x>fnMXm!|Sz}TZOyS3c1mKX$UJY4%3ZO zi257;MdjF6CXP!dl^9tSR<@bWBshgR&{-_*9BpEvmm_{qj6?G{%8rtT1}>;$U@p7D z==!g{QG30g_GPKMozXUy+aSbphG^YAyX1cW^Vx)E6yJ&8fGwp&73)jO#ASq-hq0{v zxD7j1_c)a0HwfNiz<HwYlCy~HA~4JaXs5Ov5Ni9-y3 zlkES-1!|?6uEcZlSqyaZfXH0sZCN9BzY^61uxZR($wR6OYpfgaVtm?s+3$ATb?6Uc z?xm?e1~ABEJBEHTY<(43Y=iZMiB*2zUuvLkB})v9F<7eiIH&yKmBa)O-mp}#60MyPeM5&- z`6eriv*if#A-q6_F(XlqLcyo#OZvK&r8F8h59`pzqg~_{A(xWepO%r4F$%4tF&1pPIGBdNNvUFQbb$&7b3~pX4Il(MjL!?N zd#E~#5Iw0l&T2dbAyjtdZx2(gqY{yDHWr0JYFgS2J<+vuv01cOERaDUZ0fFtP)w9qnF(1B&R+9AiMpb_4#wLSj@=?X#!Nc$E|;1sUHWx+Fo@$wWm8C zNe!8y%Ot`?vi$4mJi3kZ$aRsTZM(P2qXYtgAmbUz!?c)(;iyW zyP=^zq`3i5q?KWQI^GN=JrjNibo*4wPkfHKDVG)(Q=x)W#I-Ufr-*mB^zS4c7T}=e zxyC}tY=?m+6>GW+wix#J#6$RjbreUTdxN;z3lnv6g7 zstrP$`DE9Wyy-W$2ULRd&SuAghUyiVJ-K#fie~=$O1#tpV8GE$rU~aS~i?Q zL0(?3EgvL~NH)-xvj+Pfpz$pNNObYO-Q*|)Q=8y*59nO+%$YlEdgEgbD>y84)oCTP z?x&?>5mOTYJG}esXy81)MW!3Sc?1J1hc~nTfbvwtaq-lozBDiwfy14EMWm7|QG#B0 zEoV|SpNHc2Zzqa^@UUpO3EuXmT!%zOeLQ6!BH>#jF^n4X3TAL=DEl>|h!MR(4@8vI z0L)UGUetv_Iylp#!!%KR zw6?SmcMJkt{IuIgA|T2mc^r?zMMKOyR6RSStF`m9&W>4KcSJaBI8uOO4`wmm_|_t< z0RX56Rn-l+>_cq4GyhJk_{&9;i#@YR>Rg8nH`d=Ahb$Fv4>!hl=&dh>yoB?~4%g>ALL8~aT0 zY0%>Jhu9|szopC5L;8?7Jvd&~)z{~b*TD!dqQ-`8{Qp!w(H;z|`LkEcZ^!>Mxt7mS zlvmWGDa6aP>FbY{cRQV{|H{8lY~rl_VF;~hE5fVwJKZ8`pW4F%WHqsR_1+!Y(%Nc* zX<_KFBR_=;3bEqFf~<`lwThSn0fWdH1y_$XV5|rqKKzcbTEJ8lCsIinFv`G+xtMpG z=MXn5d2K?DZ^n@lfsp)WY#S#dEo4VNaH2U6$Yvc3>|jY5f7MU@WV~hyAE{Y)Xr)rn z9SdV40l-Bc?E^R(r2rnUU~C;a(T2FI_!O*gZ15^5I0Rbv3R+JzQ6<&YtB?iD!TZ+W z1^cn@o8k_x7z}01pot@Z6)-Rc`60B*M7?`$py>vx`}OLYCIm7?*>|(d74l^ra@GJ_ zSE_5EFTV^ZAI&r2eM%_s+`E~Sv=bYqJ@LjGBlH5b;k?5Hi$yfswfLQwuEPxKO0qZw zO_d5vyG}jXyBbIkj-hySw3>( z1v1is;36a@Nqo8V*?JMXD~kacjdm_Ctpy9~iz`R!Wi$q2+e;P{@H>KrP;vOXKmr~fG5Ai>cVTIm zyq6c-8L`Fc$DSK_$T-tPA4@(D8N!}(jN0N+$%?UBbmsfO_y~l2V&mrCP9yvU?Jg#k zjuNK^z4k9nQ^7f*zu#zRGrPHwQvx-g32=LGGv!E1S1>V!-nXQzj1GTHdym%{TRXbjOJ`_%NQiNPtjmWMAy%bcbLxFKvM zi}Ap`J~o~GGbZsn3sBbGyLUZ7jdAmSe1eVCpo{UUuj9CDJpjDm`7o_@D<&<;mL1ei zQ0=dKQeUSAH16*G`(8w230Rk_(o~ZV%>iI}GGOeq!sx=OQGE^ceGqvA1TAWB*B}1f zSu^d3jsO*M4Ib?Iea=7>HK|2xqgg_~pajQVzkw$m_HibjINBq+(i3Zg6&iQN|AXg^qr+(yU1KazM0+cvhEHprdGA$;l5=xuxA9rh&s|KK;0g%N49!F zor8%ZY6vXAwxMFBMzXts$4-I^v2;>jaT*_GX*-%tlsY#tmI!$|8#;~DYoYjn>uwuS zLAXQOQFxY<;uhb5q2*|t3cMP0B&R`uYGul~1u6JjD-=1XOjc2_6Hgwg>b2e`!RW%Z z|GwNMz6XqyiY`w_Au1m|Dvr(tL$>@DSs(Voj>22dMPxIqp4x7a{@CvLF~K436u3`9 zL>okW9B4@9HD$NJHa5MZu)y`MU@Hd4=(9EP~>c+x+(z#NKKP%!%~sKfkFO@2N^9 z6e=jh!8r4FPr8*Gm0a>&-8{xnUxY_J(Z-Jr$!A*K66P!4OZE?twNCer;#(o#p(Z;c zNs*?NqxdgYXPFngT3O_%8QAL)(KP8HwV8W3jp2r2fJ}LsEVKCMe-#o>Be4zAh zQ@{_M#PuyMm=6&aexRh6?^=$#umg|Up6-oxUZ*ni-@ShcM*x5a;73za&>tH8yzC#Ak3?tJyT)C}>Dlhy@oV)YcGM zpr2K}PFiupY4Xvzdj9BXuSgh(v&9isILTMxPSa|$CSUJQo zg6jI|fl+v-@HB_TJ*0N9X)ZfcxHDR9o(UoTK0R)A#GHny3HulmGn>RZ5%L z<>S@D-X@(9@ zk4k*(VWgC%1Yt#1Uww+-REqQY$reZDB$q2it_a8+j6Q5N1}(Dc+GVEK{?D7^J|G!DFpubwyBtt0Kcmen|rspIS! zmpgB$-HQU&`fORzKDqMxp3UzMQ2)P|H2?ElJ_={jo;V!;;fIF@oh}bgV%>I`$?f-_ z9m=T4IgO{)WjAvubIgTRSNf@J^WT^KuYcn7 zf}RI?ZGNjkZ$qY!dLJ5w(cj%PiBDQNWFEewy2Pv(Snl^{tJr+M7^}b!mE6z#j<(FJ z{_jV4Guft7jQ&(*j~(w!lL0Wcg@sx)}~GJ>gA8zYX0)3yKt?t+Gcv?YesqE|JTK9jM`n!bTPk-EtOQZElAuZ zNh(q_w+u5YoGbgi|MZJrXxnp_i$mw<_2%Z;x31fsAMwn~_H@*LGg&O>_+N41-~W)l z&X(#+%ZitwN?Xuf{9@hclXl2O_ib2F?waxu$=&a}e%Civ_p^$>=(K3c=w9LPZ_0IO zy8XaPNM815VUM_#pd3Q=-8wElhMll`fJ_OdiPB_%zaqJ zJe0=}{(d>LVs>Mj#|nyh-x8m>qobp#S**DDDQks?PL1~Ahijfx>I^L2m^u(T7u%?xlPkNp#z zKfsos`qF@C0#J%RMSxyJwxS$h# zSn0v^qXngl?}>`d|GEW0G%>=&Oi6_naRDM0&TA`j6WT+=!!3FqJ+Ox(4_s{4Qg*?F z3XI3s3Mq*~s3?dfa+FD;TD%vuX!WKJDyJLJ@$Au#_+M|V>HfYO!(tXI!Yg}lR^oaF z0t?2ujN2M3ulxvZ<%-vIxyJR5ab=m;>W1Jq`Pcu5nio!QG9KEdn@{a;_v{wG_t zys`(rBNs_%Uzr-y`TTkB)F)$Ro7Q4M#0B+REOJ}JbqB7Cg;a7jWe(B!PAo?&(Bx2K zzVwDcN@ViZ0?R*4++1K>Sip&euc!T-!($XJ*A1R*1F)1(kpF8TY2P4%-AW5PWm6sF!OIq(N-dI3OE8^As zAtrea7=!E3vaCM72dxLKu5PQ{#(uaJV@EkWhSXCQ4fCCD5DXO|iHw%WZ2Vt`RsCXa zdM>pmqAC*Kz`%f!wTU-1lT0ydd9cxsWZM$)U-zFz2A`d_DIZ&QZGHW_c59!3;IGdM zt2M=r=`OUz#`g`x?T*Qdm&n^)^HiA3Xhq}prlPq+o4mt)3CqC(B14vptHy`HQvkB= z&q~2BgP58U1yl&F?e3ZUe_iQX=$Mbd-Qyk_Dg3tx(}?0R^k@+sA>p4U0teS{W8|h| z9w;|EIzqtHmkMoX?->94@!_xO2PeNzr4OAG;=l?@LJJfm?fg}+kKJIhulxP!{*leQ z-@l%0yF6x*|9cPfP;yqa3twnepx!{sHNKOwtxWNm9|eE!2+qAICFRvxed7k6nd{4z$XZrV_VHjqyK9(c`DN(H{NRdY79EFCUt^ z(cBj*7HV9nLT*uq^bQLhii^6gGd~E(kgelio8Jo}{9ns|RqhejeZzbCz|# zfj{}L5V@5Q-eh^nP12@`4QKr(Krh}68%`z>_h+Ih1jxGph#d5Z4?rXc%Yt#j{!H$z z`T>NT(B;5ugFyljsGA^=JeTrsK-bWB@XXc_qBJ6{All{gphZ!{Bl@m@ulRcIIwnTO zyHB13!W4>O8WU-j2bYmBpi1#R!S@ZPef8S4^b}$oCEwfzBJ?smxZuXjg9sG|{FA_W zfGhj-6+t9p7?2IT3Pj?FSG*tyEL*d80+y%sJ0ds$2_4~aN&tofYdi)xKxyXzaq-m{ zH}yiFhYtw%(gWvpakZe6$%TM2jz)TdsHDs~rN9@oMc91KU%)uJFc?SkI|x=93cQ|Z zG1pSl#K*VeFVAOgyYjE@+0l|gU0i7J;ae4RNQ26AHRFzk)9X5NM4oJTdP?;r7XQ9) z+SWAlex=RgD5&|I6BSap23PxmuX;1Ox}JI4y*iGn#%Ff<&aH`W&az&MBtc6deit>k zkwJstbjdC_fR1E0+j)@d#6-%^?t`)TODIY(H=0s)6$@EeAVmk!>zdU`gqXi;#L$^Cirn++^H`QaiXVYAD5>1V*_nL6zxqle z7>nRWZ_ko}HorkTd<=`Si7En^4~%cX41w{|!tBS7LbIh>n7M)>)&`s@ z8VWI8oPjTp(g1A4??6*Vq}u)abh2&yAd`O%i4Dcy`-B>GH)K>F@PU<*h#LoaZvm=y zI-#`=d^Df}XOG>Af05Y)mG zAcB=mCu~kIR6zl-4xQ#o+@Vqs>8w5qD$($la5)dnm6^dNykb~_r5WMCv(N7DX0IQY z)a9;%I~@T+ZiFj)3)<1IJ3%AKAIGeZnHfvJ-ea)Y4|l+--5^$pvkI&UI6I+?JHmwv zV*w*=tJdw3v)t5o5}5%?4`SqpqNBl$$R}Z1q84*bvj=NHixDU?--$vGh8pGr2E-8Y zf`QXB%ECA@!hzIYz{D#j_hu5e7b5%x^p1PQaDsVa5;}7t83$J)l6HCrmkEv+sd$hs zfm|g|Is^p=mt!Zz<@qVwq~CyPOViCNYvRvs`$3kIuKcuG;qc*;t7uvHW=V!@ z3J1F+xz#={5khdX_zm#gpB;~pZhMDs4xap*vZ6h*!*@SST+$E@)mcWYOzIW{seGYX zyUArpl54Q}{Fuw!+dU7XpV0knnd zXplIC`4H3z$noECxKIa)-D}s;92rI~NCQy{(bgIy4kDulVtg5bxg*Dp!8@EK(rttr$F8dj~BEW+0A?>#-V==va@BXsTC>$4Is&qm$>tMGWUtByACN#bBH zz>tTdgqgKNWN9j59X3R*6EnysgB&$5yoNebaj%AyCAKjzAW&f2s=>z(?ns!Jf$2g} zoq=h)kK8oqVWO6YU?_fI^Lbf?D#H^rRx~M zAYyfH2^!cL%EKF%9COx{jBO}><^5KWV+mIQw4x##CgvNlB^w+Md z`Y}A#O3A0eNc+Da4wZP^T@r~QXLydY)!UY{n~=X?;CP|$#grVZ3g1IIe$q6WAMpX&UVm!VI8^%V6?|zjs6{x3FQvq>k<65z@KeqKary`D)9he91jMc zXJwRAx)YK}EwtWPWY&#@?zAu?j-N}1`v&vrqun#;*Pbswhq`oRdivJm$B$DP+sRxF z#0^B4g25P~0l{%lR#xVxF=|ZGT?;;|MyQcvaW&|Hy>L*akdC^C#qO+<5(cf;j0`mI zrpV#BVw+R|Qt1zjF~P0h%753MLkfRGH4L4g_6QE*|q13A=p zv?~g!>JS2u4S|#*1d^MOJ8J#j2h5#{gT5ni>m5oFyf<$^%K!kCX!wZP7l~V7e4ZS1 zW+z1kF5|yok7b5F?l!|EUES}Q!Wr|GCS16e4hfA#UaOZL);aQDdmcqZ~K3yS*QIjxot+ZRuB{WMrlm;0^r z40I*r6Tpm&1;a<{TOlY3fKAa_3bYJ!64cmU);h;)BeO5)X35%90e<~bWLjt-m4!G+zQ&Bzl4cV`uKNV;UY{N7S+6~d zwe*2-F~DKH!2B>#qI;vPyWTn>76yi0&XgNgW7NvLdu6ZBjM!}u3$ILrw+3EOpef&p zYQ^a~s=Xq(sS(Ar0KYtJ0b0nY$ff*I-@Ec>xA5~*Kwg$3Q(XqnPOb{`a5uGfDB=;5 zJZzOrNy_lRsZO2yJ`LP>!r#mG~3SsH@m8n3oOSSbZbyMkieg@x7x z=z!9q96GXE)X}ON1GXb-<)izCu!Ia15J#vWmJ-B@^JoFczXZQS{A9pNsyDrZ8Q$|H zs2zNP_h%!MQeg8$v@B1aKE)_s2PO#CqTVD=mr|-d7QREuEl*jlV2|DQiFI4Y+6drzyOx?plRJ%kzhTfw%!vN=RohuwSv=G?eSs-TLx@AiyIsAnA?`-h8%2TMB$eB4_r1he zhu$~q?zwyKF(BX;&Dxy-2wsJbHb+y!l4^f&4oggb`Skf15Pf$&NA?46mb|K}@+E@f z&@d@l?%9%tFcE}G8bz21u&nj+L&7Kk%b?GpP~Zn9H2VA^3lITFkv||6 zpCq6RD%V;FcqwEFi=_D>^tvnG5VcW~**t9cC#cUDB1^(EfZempW~irH@m0kmdJ0rT zwG4KeWDCPPm@uhUVvS)b+)YPu(89EojzVFD^T)M>0}*z4o(Ryr*1|m@ZZbFQlc|F8 zai~ZnCHNGN9itX{_cGJW+tJ?M^k3ZDpFwzSZD0M9g_4|{Og5BKuy{w#GT>prty}cy z)M8ivOqMXK;CS9XY4>;mDOur{EsEr%MWUkv9jpjR9SmXpFwPM1WAy_`pp?9_?!0JD zL~7khy?J-bK@hJnGi1v)v#{6%iGkb|X~#)^$56~Ky~ifmz^q2-VOY@o(I`KuF32DJ z0&5}x&oY_IYEH|7RL}#fF}2YaDUoZ zf*?k4MM`PNPPMxElNi*Co76&D4pL|SH$j8HE?vkpTcv5XMzehzAmPxk4Vg>+x`!5K zmTcOVu2GA6WUXIbG!j*G9A2sGcRuGmz1ussw6m(27hOlA*>pV)dSBV}P9fzpQ_X07 z^Njmst?4yBYjK7q>G8dJD56htqpx_F>xC4)d6wDS#ei6V@2 z$jS%fmf_44n#Wx4nJ=7|D_Z96nP}LE={@#~2cXb|YKr1X#M~%+x7;}dgD*@jP+7tU zWXZ)A?n{z%{r>%{ggr3zTR@{Ah_ij|$AYxs~hrz$aZ6Ts4 z80sw)OPWyKkmPG7&}sXem_ZHC^!4l49r{vFp*#>Xz3KtfrowFjgRnl0*2v~Blb;nq zY=XIanyA^f6-2>t({Bxe;8Fw%m7n^58%80cl#IIXy@Gg0hX^(+IoD@)hZ8=h2)jzYGH1|gb>0dIj6 z2d|W~CqW!5bnkaiiBVDy@{mg0|Gu=Dd%0!Q@TUF@b>5rE@`N6Nb-Nc%<~P`J^);>w z&e`qp;Zx+M)zc%O;K#RGWZ#Tbknsvg%xK_uyt>O~j!I>V1`K3>TmztiaZ8&}mpHKt z&+gq5Xv0h`mpNyF)94Ba@oKbzoFreKN8wVE-q`S>;vyXdt&_rcPYlFCdle8JEl6zg ziLwrcH-13M!#+A)I)UQdY3%1piqY85Pg^A7`ww$+{OIdT5SO#HQcqC3fyr^84(8@B z%d*kD5#>Ee##o35|<(%7;e#CR$Vu8;+}Ovp%OHYtl)>JK?Yz^?vXYj z7cwE6;J`qR%TJrj>FMy?0%A7 z4eB0=UWxUW5{>&Y#f0-jBA=>X?)vF+^*Kz;{ZCKyocL%`3KURUrM)g7tch?D>(v)_>^N+=!}Iwl|% zr3mR&i6$kOcON@&9}MI8>WP-)@n41z@n3Blp^)mg-h|i!UlFa9Zqx~$rm?EqUsE)= ztTR6W3nbEQGDl4$O0eqMbx-#(!VXL)xX}kFpxA---4`P1V$5M9a=*vLr~sZ|l38Jd ze=Hf7#Wrm33T0ONJv~3iaWC3(9hfkMdj#no9nA=2Eq!gWDAJ%ZL}%nacVbhGzSL|! zP+nr7Qg#JU*Ixl7S|1{DMwlvr(v=i}nU^~GaQez&6IEHi`k$KYZ(%m!XnZ{NfHH5Z zg|#&kI-7vHjKoV!1I*8YM`JVu{jYeod|HBwh~2@^F;L>Gd$84na=2i{PVl4b-0 zoH=Dzjn2@s@Un$jM?#_wpcE9Fk610Hn%3#RLiJ7Ly0~zz6}^+3>(<>yDqKOC8fp&! zzd@P7aE+_0D@1V${b_^(gHSLKr-bxo03z}1$+ko^Bcmv#jp5p_cu?XW)SyDXUi$Ta z93h}Mm$C?zM4LyA*svE)#Td+(lu3rrrzzW(2P;NyKpWhJ-XHTI@IxsFWkm;Es59f815QQ$PpL#CzTc-5~t95`^myJfQPzuhT%_BQ~v#2<%hhQ@tyQWIb; z7W;01S$s)1FT|-0`(YEti-+67;(^^fO<`CmW0|L}|~Xx};d`NBn%6W(-h%IB8fS&U*m z@QtA(oOf>Bx^-E1Ye(aRz-_~P16Y?XRkfp9=x6x?UXen31gJQ6gjL8wu27i&>|s1jL{Z3j7heoq#_JC%%CNwozXI5itxPezIk5X z*Y5uC`~lDX^2%iHnfty!hwJdZuIqi_NxSfp0DiHskrNvMAS@LE+#`G~D#w?SGCEK< zcB%%H`5=v*iK?cn$;os-hq3>Xxgq%wvXL>vGvP==kv~Gg!6Frvc?s6?&=ZJK_Zc?z zPqlGno!<_gy!?Ag#_BUO>HTLMQs>%tdr&|a-B?Xxqwk8KM z-_9+qiA;Z}MGa6Wu{v7PXteHlV}(`o@)tiTP`)><*jBQ*^h$mG;uyW^_ov8u^cX#D z8`ZvX-I(f_-r@0y8w#1Ck?xU`DR2FrBW)j>u?aG=03M*|)h}iM{_R0Tcq4SwsRxjc zWZMS0Pe=3oTECD-Ok4AGN)VR@@jwAY-rDn7PQ!BLyshNVR15}6B4qsK%ab;^G1xac zG&Gpxjq(M7a@tDj>iMV#B2NXo2HybzYJ&0Py8{W<-vZp&0gucfDCj;?|I>k5tw#II zA$4b5f+;+arKIhgfk+Oxdo5WKpr*5rEp5l97F0;kHR&dw>9Z`_oZ0gr-eIo{b?94Q zGUt|-I-_2w9^g+QxRwOrQxm14`)#pTu5>!y8i$f4vz~i2K!O(_HP&gZ61g6Z;|CQh zIQ;<436246v?Vc`LJfv@<&7D5@`uvO5qZg8lFn3jjI9KP0Z;n_v_RL6ikmdI<6U!@ zx)KQaWzm!F14!`Q4U2=g!x=soDsQ52nzW1C83fvtP!MObGEijb3C}Ihw`No9P_UPa zHxOQ12vtYGMukAyctEzFK7Cpb!!P#dpZgv-G{mABMmp5t&aww0gs;TbAhVD^%?21% zUUjTSyXd=Bt1RF?)gg$nl1y*{fC^xZY~iOlix^DFk0>l+)?OPN|1y`amCJ8kcR-C~ zNSO+GrzkM;_2f#H&PBuDvEOs=Nva0kZ%p6_SJVkLnCDUrzKBI;?MgDduB{`tN*nqE zOuRx6@g|ykwz5Soz9rjH@)xg(%}oyC@}9SjW@cuZ!wb2gxtc_BhTLv$L=p0YCQWS| z_(`unFDFMUrG|hYWI8X=#JRGn>b}=n2uv~E1Qn4JB1U+OX7q9+XY5a3Y6wTCU&pn$ zE@#94&BAX>*2ZTb48`o+G2kyy79s{R@kYO#;_2y`RN%c?Wsv$K(>zx1_Bx$5Cp(6*EOdY#1{qK4x=n*Wuc00$)cPn`kd@?^(u8GiLoxef#Hy;I~~Hw6z=-FOXkwu~|X= zL28NZ)USu1@OZB777P1KK>-@0neg0$dFBsOC&^fA@pP*&kUUk$d&tXgQi*MWFGc?T3Ho7!5J)Q*UIQH0N zQiH5w5>{q@QTeEi$ms3ES>oS`&IB~r4KInOeOg_8)Vy_J$us6n`lO5spKOZ$yq1MP6-71)o;)oPiY93uLiKq>x+S~U< zsfX2}(HuK5F;PzhqVIjdpf%Jaqhf%HeGTD%NH3`;fE0*&B9V~if>@Uwio4JqyRG}$ z%?Cu)CgL65!-c4>CEI}%0m0GsHr)@$WQfYV1pBCXp@Y5ztO9EgutK7;U(~ae)m?ty zftU)=Pl@Icz-rO=1Jy$Mz2b%u9LT+U*A7Yu)6R7+s8zbK9sjweiTz0P*JY9|t*rbn z|A`v8x=po)=}=qQkbN-1>f9%Xml}ajd}D&O@zAs31^;5xxcA*svHdJDM2-HnM!n5C zQPBMM`}XZ)aU5O`!3_c&-xo;BYPbz@wj(gI&>|tpM=vQPp>qFAxVBU$r`72%vn3MA zo6qHmv7a5$d!h^2DuT1CK}2Cr)PbD8aG|ZN96K9pyBbmwl8K+(AF84p_{4^g4hKTckx@ljM&O=wXUDi&+AG8p~S4k&CtSBp&yi zh=?Y_Cc-{>DNIjK;1;Y5=ymfS{{Ugic5`z}7QwwvObmt!!I%X2anF^8WC)+MH#9px zr?C+I4+N)x6${f87Z-O6Tp`4?!&hrX1s%E-Wvx0KuD;Lj$D)GrY0}o zz6cJ)kAFLniLzyGet+=`QBvvqlMvkSZLbsBGA=f@(FKjdjCmt33|JiD;?6avKPQF? zhw0%4`?sx*eS#&&n7r#dv)B&a4`&U@pW4b4gyxQ_1)KTb9ik$?ipJIvSC{}mG?b5;r*O?6u*#=Eb)T37J?RHA|Pp02B@dTbMpX( zb{E>4z|(+qcqMvo28PoNKDB!O{Q1;9dtP;uFy~^O8@w=ZQU>#&B)OLAMh0gb<$iqERieGJ>@K|aex6L|-7typLM~w(xEAjMQpCqvD1Zrn z=Je?&U4D(Z7ma;htp`_JNo6Q*vDoaH4O%8qPo69TP@D$H6T?h=640i-tLt^}w&tVh zO5l)?Mm#Ng9yES;MKo`hx>2w_nBC5wJBLE<340nX5BfES!`TTZV(gLnWT&q61gPk} ziKIDF@)*>m3!?=Fxh^2?^3fCE5oiSkmF5w6K$bgqj(T(7AiSMjT)YQ3zx|OTx5rh^ zTlx5~5fMvAdd=oivMCD%7I9avreQ4&U@XA+n+Pebk@P$hTqd_6eNYHduf}XoL-X9t z1~*VZL4S2;>%u5AVz{v#LpdSn4F@Ak)N;>)5Me}-KKvXcAP!;@SQ)4%Mz!yDZ9^?$ zkcp%HmFvDh#)x4@Qk!te@uC)=d5Vfu=y21jHUne38VAE$TUz=P^~Y`0#?tH^yy>Q6 z!`G@8-+VB!zu;>Ir^@y#vD9ORt!SAaGwr59XBJ|zYxMPt+)~Q`FFbwn8viI^Hm|@9=9?xbD&@# zFis;2iH)$$0LoaYNWI$(Bssq=>g-uBP-H^d$7tfCw?Rlj%%`R0d4kuGkk$aejMXVa z)q&P1s>_59d(|5Zps5wXDfp~`=z#vz<6b{}coHah*$%nHUWF^|1s`79NRyb9Iu8(L zNdefe(a@+cB6zql|9q$xbkGs8U6_3LWCjEAIDt6=mPPG(a`EQOkpO0Iq37#4gvrpW7a$YvPjAI8V89j(N(|;nR6=e!jZGlIdXjr?co{#-DB|9Q>oP3+1WebjP2gG zEi!(s(@iXH&!@4g#r~5YWxGyfh;iU^q6<19OzY6_bMcp7rbFZOAyJnPuyzTsFZdtZ zV0G`Zwzi&sc^)x_#G!A@;8%v8DKuKc4RK&HZLHvI#8mFT%J+&B_(; zgXy(Ot3#bFM^tA=RIHeIJ!v5A3fFFQ>{z>dAY+j)Z_rbL+`Wdemk>JZj_AaW5eBcDdSb{KRTs8*pPME-TkJ1 zyRnfG4NV<_K`AUjZ!_T#T@=Ixl9C2GPrwJY`MZqp*ehrg293L|rY_C-&_z-&+_P2% zT?3#`>U~39@*Lvg<8z?sVH|jGEc?n6{$(SgF?^VMQVeG0<1V0Eq@%A-0|2`P*->8G zPwUM^vW9eKPeo=~nX7sFFI4>%uYB~9!N!jimKbPpmnG}ndBKGQ0|8_(LHslz;1+eX zp*)XJV2I3tpvC^eI82q|MSfwQ5tHK?eU>jUGT~+#b*SzPNjkh941o#wSqy5sD@TW> zMlI;BTnqQ5lPL?;NqkR}R?9tmvdx7XOl8)}9E+@ubd5)2iOC0U(ci5%- ztli3#E3RO>6zzmrb4`;DjsT#s1D%WDKcsG2@spgKBjYC`j|$fMW?1`>D(v*A*>ZAz zg02t$BJQfrS-9=BqM4X;#J!8@KI8bQid2m4vgoRaIUN@+U*~&U6%CrqpR_2vPvY~p zKsY(`+C(|I zxiMJ54gIl%jlEHMftcA`6LZ*4*yUI34h#T4zwo$6s=b}YE;}x7XxX%c6jH@LP4Kc z#(U(?1qC5Vy|%~OHmx687R%TpqOlAz#4U#(-Qg8kjtIvB=F~spGWnevp_`BIP`62B zwR@Tvnn@IANfoc@NL$|h z&7ZC<7vO6{Wy-GmYBdVhcZ=6Z#KAJ9yRvS2*lvE0>N^N^0k{QMEB4j_VI?@0FD)ll1ZmNQO1mL{0B8oDnsRj;uy3etZXB4nD_5=3FDE9l z?DeO$(^NL+nNhE@j=M z#~1V;N34h!rYqjL91?WYaq~}17PRfMitN+A-6*!@+B|32K8O@&UQ%B0@%;byPl1Bt z&)j{TWnCw0YlWGL@@Bk1RZg=jck<%Plv?f23KaYw^0v$tO#9E%pKO1dIKPY=|6X+_ zLm9=*LEewLwH5QnRej6jHw4a(6i=Tw{hOrd{v(r7tFaP?$yTivsa&j}c z8^kHzPVa|e*n3y#B%@3u_F76fN2l=KX1)m^7lE4NZnSa_MbC8 rz4*fZ@53n Date: Tue, 8 Aug 2023 11:26:21 +0100 Subject: [PATCH 32/45] Updated Jenkinsfile to use standard commit hash --- .jenkins/Jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile index 86efe33..f757317 100644 --- a/.jenkins/Jenkinsfile +++ b/.jenkins/Jenkinsfile @@ -39,7 +39,7 @@ pipeline { -var 'initials=$initials' \ -var 'environment=qa' \ -var 'servername=jenkins' \ - -var 'session_metadata=branchName=${env.GIT_BRANCH},buildNumber=${BUILD_NUMBER},commitHash=${env.GIT_SHORT_COMMIT},version=1.0' \ + -var 'session_metadata=branchName=${env.GIT_BRANCH},buildNumber=${BUILD_NUMBER},commitHash=${env.GIT_COMMIT},version=1.0' \ -var 'run_automated_tests=true' """ } catch (Exception e) { @@ -74,7 +74,7 @@ pipeline { -var 'initials=$initials' \ -var 'environment=development' \ -var 'servername=Macbook-Pro' \ - -var 'session_metadata=branchName=${env.GIT_BRANCH},buildNumber=${BUILD_NUMBER},commitHash=${env.GIT_SHORT_COMMIT},version=1.0' \ + -var 'session_metadata=branchName=${env.GIT_BRANCH},buildNumber=${BUILD_NUMBER},commitHash=${env.GIT_COMMIT},version=1.0' \ -var 'run_automated_tests=true' """ } catch (Exception e) { @@ -105,7 +105,7 @@ pipeline { export ARM_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID export ARM_TENANT_ID=$AZURE_TENANT_ID - terraform apply -auto-approve -var 'location=$location' -var 'initials=$initials' -var 'environment=production' -var 'servername=Prod-01' -var 'session_metadata=branchName=${env.GIT_BRANCH},buildNumber=${BUILD_NUMBER},commitHash=${env.GIT_SHORT_COMMIT},version=1.0' -var 'run_automated_tests=true' + terraform apply -auto-approve -var 'location=$location' -var 'initials=$initials' -var 'environment=production' -var 'servername=Prod-01' -var 'session_metadata=branchName=${env.GIT_BRANCH},buildNumber=${BUILD_NUMBER},commitHash=${env.GIT_COMMIT},version=1.0' -var 'run_automated_tests=true' """ } catch (Exception e) { echo 'Terraform refresh failed, deleting state' From b6dea8b2ba4ad77c7daf5140524956c49b855b3f Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 13:45:05 +0100 Subject: [PATCH 33/45] adding .env to git commit --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 3e3e4ff..4ac1298 100755 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ test.sh .env contrast_security.[yaml, yml] contrast_connection.json +contrast.log From 1c87c40fcf4f41e4eec5f533d3a54e34bbbbd547 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 14:59:36 +0100 Subject: [PATCH 34/45] renamed .env to .env.example --- .env => .env.example | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .env => .env.example (100%) diff --git a/.env b/.env.example similarity index 100% rename from .env rename to .env.example From 0290c66393a275f7d05c124c70d8d20eff12752b Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:00:58 +0100 Subject: [PATCH 35/45] added .env to dockerignore for builds --- .dockerignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.dockerignore b/.dockerignore index 04ac851..d3ecc46 100644 --- a/.dockerignore +++ b/.dockerignore @@ -13,3 +13,7 @@ docs/ tmp/ log/* public/data/* + +# Ignore the dockerenv .env file during docker builds so that credentials are +# not accedentally built into container images. +.env From b1430e86c988f82544ff88fbdc5aef8625d9d68f Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:02:50 +0100 Subject: [PATCH 36/45] added contrast_security.yaml to gitignore for all directories --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 4ac1298..3606cad 100755 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,6 @@ run.sh test.sh .env -contrast_security.[yaml, yml] +/contrast_security.[yaml, yml] contrast_connection.json contrast.log From 51e8ed8df0e144d4dad238a21adf9cab9d3b2f4b Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:04:24 +0100 Subject: [PATCH 37/45] added contrast_security.yaml to gitignore for all directories --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 3606cad..53f203e 100755 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,6 @@ run.sh test.sh .env -/contrast_security.[yaml, yml] +**/contrast_security.[yaml, yml] contrast_connection.json contrast.log From 7c06291de92956f181cc2934a1b2de22f58fd8b1 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:12:52 +0100 Subject: [PATCH 38/45] updated yaml.safeload in parseyaml.py --- .terraform/parseyaml.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.terraform/parseyaml.py b/.terraform/parseyaml.py index 2add4f2..9f85a8f 100644 --- a/.terraform/parseyaml.py +++ b/.terraform/parseyaml.py @@ -1,4 +1,4 @@ import yaml, json -with open('../contrast_security.yaml') as f: - config = yaml.load(f) - print(json.dumps(config['api'])) \ No newline at end of file +with open('../config/contrast_security.yaml') as f: + config = yaml.safe_load(f) + print(json.dumps(config['api'])) From 3e068d92594748ecaab02cfefe1a99a93df618ef Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:15:59 +0100 Subject: [PATCH 39/45] improving startup scripts --- app/assets/stylesheets/main.css.erb | 30 ++++++++++++++--------------- app/controllers/users_controller.rb | 3 ++- bin/setup | 2 +- entrypoint.sh | 2 +- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/app/assets/stylesheets/main.css.erb b/app/assets/stylesheets/main.css.erb index 3965893..cd11ffd 100755 --- a/app/assets/stylesheets/main.css.erb +++ b/app/assets/stylesheets/main.css.erb @@ -1974,24 +1974,24 @@ button.btn.btn-mini, input[type="submit"].btn.btn-mini { /* White icons with optional class, or on hover/active states of certain elements */ .icon-white { - background-image: url(<%=asset_path "glyphicons-halflings-white.png" %>); } + background-image: url(glyphicons-halflings-white.png); } .nav-pills > .active > a > [class^="icon-"], .nav-pills > .active > a > [class*=" icon-"] { - background-image: url(<%=asset_path "glyphicons-halflings-white.png" %>); } + background-image: url(glyphicons-halflings-white.png); } .nav-list > .active > a > [class^="icon-"], .nav-list > .active > a > [class*=" icon-"] { - background-image: url(<%=asset_path "glyphicons-halflings-white.png" %>); } + background-image: url("glyphicons-halflings-white.png"); } .navbar-inverse .nav > .active > a > [class^="icon-"], .navbar-inverse .nav > .active > a > [class*=" icon-"] { - background-image: url(<%=asset_path "glyphicons-halflings-white.png" %>); } + background-image: url("glyphicons-halflings-white.png"); } .dropdown-menu > li > a:hover > [class^="icon-"], .dropdown-menu > li > a:hover > [class*=" icon-"] { - background-image: url(<%=asset_path "glyphicons-halflings-white.png" %>); } + background-image: url("glyphicons-halflings-white.png"); } .dropdown-menu > .active > a > [class^="icon-"], .dropdown-menu > .active > a > [class*=" icon-"] { - background-image: url(<%=asset_path "glyphicons-halflings-white.png" %>); } + background-image: url("glyphicons-halflings-white.png"); } .dropdown-submenu:hover > a > [class^="icon-"], .dropdown-submenu:hover > a > [class*=" icon-"] { - background-image: url(<%=asset_path "glyphicons-halflings-white.png" %>); } + background-image: url("glyphicons-halflings-white.png"); } .icon-glass { background-position: 0 0; } @@ -4720,7 +4720,7 @@ button.close { display: none; } .modal-loading .modal-image { - background: url(<%=asset_path "loading-orange.gif" %>) center no-repeat; } + background: url(loading-orange.gif) center no-repeat; } .modal-gallery.fade .modal-image { -webkit-transition: width 0.15s ease, height 0.15s ease; @@ -4794,7 +4794,7 @@ button.close { height: 40px; margin: 0 2px; outline: none; - background: transparent url(<%=asset_path "social_icons.png" %>) no-repeat top left; + background: transparent url(social_icons.png) no-repeat top left; text-indent: -9000px; position: relative; } .fancy-tooltip-wrapper li .tooltip-facebook, .fancy-tooltip-wrapper1 li .tooltip-facebook { @@ -5049,7 +5049,7 @@ button.close { .colorpicker-saturation { width: 100px; height: 100px; - background-image: url(<%=asset_path "saturation.png" %>); + background-image: url(saturation.png); cursor: crosshair; float: left; } .colorpicker-saturation i { @@ -5093,10 +5093,10 @@ button.close { margin-top: -1px; } .colorpicker-hue { - background-image: url(<%=asset_path "hue.png" %>); } + background-image: url(hue.png); } .colorpicker-alpha { - background-image: url(<%=asset_path "alpha.png" %>); + background-image: url(alpha.png); display: none; } .colorpicker { @@ -6120,13 +6120,13 @@ header { background: #f9f9f9; } #dt_example .dataTable .sorting { cursor: pointer; - background: url(<%=asset_path "sorting.png" %>) no-repeat center right; } + background: url(sorting.png) no-repeat center right; } #dt_example .dataTable .sorting_asc { cursor: pointer; - background: url(<%=asset_path "sorting_asc.png" %>) no-repeat center right; } + background: url(sorting_asc.png) no-repeat center right; } #dt_example .dataTable .sorting_desc { cursor: pointer; - background: url(<%=asset_path "sorting_desc.png" %>) no-repeat center right; } + background: url(sorting_desc.png) no-repeat center right; } /* Progress UI */ .progress-statistics li { diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 3a5e061..e355ed6 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -26,7 +26,8 @@ def account_settings def update message = false - user = User.where("id = '#{params[:user][:id]}'")[0] + user = User.where("id = '#{user_params[:id]}'")[0] + # user = current_user if user user.update(user_params_without_password) diff --git a/bin/setup b/bin/setup index 8afef01..8bfa480 100755 --- a/bin/setup +++ b/bin/setup @@ -18,7 +18,7 @@ FileUtils.chdir APP_ROOT do system('bundle check') || system!('bundle install') # Install JavaScript dependencies - system! 'bin/yarn' + # system! 'bin/yarn' # puts "\n== Copying sample files ==" # unless File.exist?('config/database.yml') diff --git a/entrypoint.sh b/entrypoint.sh index f0f8160..671a8df 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,7 +4,7 @@ echo -e "$0: => Running the docker entrypoint script" function check_agent_connectivity { echo -e "$0: => Checking Contrast Agent configuration" - bundle exec rails contrast:config:validate &> /dev/null + bundle exec rails contrast:config:validate } if check_agent_connectivity; then From a1178e538eb6112a4cf018f1b6627f96320c6024 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:17:37 +0100 Subject: [PATCH 40/45] Update Gemfile --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a5c7d03..adb8300 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -103,7 +103,7 @@ GEM coffee-script-source (1.12.2) concurrent-ruby (1.2.2) contracts (0.17) - contrast-agent (7.3.0) + contrast-agent (7.3.2) contrast-agent-lib (= 1.1.1) ffi (~> 1.0) ougai (>= 1.8, < 3.0.0) @@ -243,7 +243,7 @@ GEM notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - oj (3.15.1) + oj (3.16.0) ougai (2.0.0) oj (~> 3.10) parallel (1.23.0) From d37565dc0a37bf0346baa8ee71aa38f10c3433fd Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:18:06 +0100 Subject: [PATCH 41/45] Updating documentation --- README.md | 2 +- docs/CONTRAST.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9e663f3..1eb7055 100755 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ rails training For Docker run: ```sh -docker compose exec railsgoat-dev rails training +docker compose exec railsgoat-dev bundle exec rails training # OR diff --git a/docs/CONTRAST.md b/docs/CONTRAST.md index 43ddb1c..bf8ec95 100644 --- a/docs/CONTRAST.md +++ b/docs/CONTRAST.md @@ -2,7 +2,7 @@ Documentation of the changes made to RailsGoat to add Contrast Security to the project. ## Changelog to add Contrast to this project -* `contrast_security.yml` configuration file added to the `config/` directory +* `contrast_security.yaml` configuration file added to the `config/` directory * `.env` configuration file added to the root directory * `gem 'contrast-agent'` added to the `Gemfile` From 164170e12e7fca216d3d1e31b818805e34afe8a4 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:18:30 +0100 Subject: [PATCH 42/45] Updating docker-compose --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index dad2d3f..c0927b0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,5 +25,6 @@ services: env_file: - .env environment: - CONTRAST__SERVER__NAME: Local-Prod + CONTRAST__SERVER__NAME: RailsGoat-Prod-TM CONTRAST__SERVER__ENVIRONMENT: production + # TEST: True From bce91c3fd136749c801a692cb3b4705cce31ee83 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:27:22 +0100 Subject: [PATCH 43/45] fixing location for contrast_security.yaml during Jenkins pipeline runs --- .terraform/parseyaml.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.terraform/parseyaml.py b/.terraform/parseyaml.py index 9f85a8f..5fd8035 100644 --- a/.terraform/parseyaml.py +++ b/.terraform/parseyaml.py @@ -1,4 +1,4 @@ import yaml, json -with open('../config/contrast_security.yaml') as f: +with open('config/contrast_security.yaml') as f: config = yaml.safe_load(f) print(json.dumps(config['api'])) From 48c664a6d3cd76c4150021fdd2d3e939237f3805 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:27:26 +0100 Subject: [PATCH 44/45] fixing location for contrast_security.yaml during Jenkins pipeline runs --- .terraform/parseyaml.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.terraform/parseyaml.py b/.terraform/parseyaml.py index 5fd8035..974f1b6 100644 --- a/.terraform/parseyaml.py +++ b/.terraform/parseyaml.py @@ -1,4 +1,4 @@ import yaml, json -with open('config/contrast_security.yaml') as f: +with open('../contrast_security.yaml') as f: config = yaml.safe_load(f) print(json.dumps(config['api'])) From 9f9b4f1e57e21d6b3f51bba0eb32fcc259b75207 Mon Sep 17 00:00:00 2001 From: Taylor Mowat Date: Tue, 9 Jul 2024 15:33:56 +0100 Subject: [PATCH 45/45] updating terraform to use a unique resourse group to avoid conflicts --- .terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.terraform/main.tf b/.terraform/main.tf index 4bd8207..f33ad90 100644 --- a/.terraform/main.tf +++ b/.terraform/main.tf @@ -11,7 +11,7 @@ data "external" "yaml" { #Set up a personal resource group for the SE local to them resource "azurerm_resource_group" "personal" { - name = "Sales-Engineer-${var.initials}" + name = "Sales-Engineer-Jenkins-${var.initials}" location = var.location }