From bba55a740230863495e6c23f178cc1a3db7f3fe8 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Thu, 2 Jan 2025 16:33:04 +0000 Subject: [PATCH 01/41] Use homeserver in a worker-scoped fixture Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/element-web-test.ts | 69 ++++++++++++------- .../plugins/homeserver/dendrite/index.ts | 16 +++-- playwright/plugins/homeserver/index.ts | 36 +++++++++- .../plugins/homeserver/synapse/index.ts | 18 +++-- 4 files changed, 101 insertions(+), 38 deletions(-) diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index 4fe51d0a8a0..0e54ad9f230 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -14,9 +14,7 @@ import { basename, extname } from "node:path"; import type mailhog from "mailhog"; import type { IConfigOptions } from "../src/IConfigOptions"; -import { Credentials, Homeserver, HomeserverInstance, StartHomeserverOpts } from "./plugins/homeserver"; -import { Synapse } from "./plugins/homeserver/synapse"; -import { Dendrite, Pinecone } from "./plugins/homeserver/dendrite"; +import { Credentials, getHomeserver, Homeserver, HomeserverInstance, StartHomeserverOpts } from "./plugins/homeserver"; import { Instance, MailHogServer } from "./plugins/mailhog"; import { ElementAppPage } from "./pages/ElementAppPage"; import { OAuthServer } from "./plugins/oauth_server"; @@ -73,7 +71,7 @@ export interface Fixtures { * The options with which to run the {@link #homeserver} fixture. */ startHomeserverOpts: StartHomeserverOpts | string; - + usePerTestHomeserver: boolean; homeserver: HomeserverInstance; oAuthServer: { port: number }; @@ -126,7 +124,15 @@ export interface Fixtures { webserver: Webserver; } -export const test = base.extend({ +interface WorkerFixtures { + /** + * The options with which to run the {@link #homeserver} fixture. + */ + startWorkerHomeserverOpts: StartHomeserverOpts | string; + workerHomeserver: HomeserverInstance; +} + +export const test = base.extend({ context: async ({ context }, use, testInfo) => { // We skip tests instead of using grep-invert to still surface the counts in the html report test.skip( @@ -153,28 +159,44 @@ export const test = base.extend({ }, startHomeserverOpts: "default", - homeserver: async ({ request, startHomeserverOpts: opts }, use, testInfo) => { - if (typeof opts === "string") { - opts = { template: opts }; - } + startWorkerHomeserverOpts: ["default", { scope: "worker" }], + usePerTestHomeserver: [false, { option: true }], + workerHomeserver: [ + async ({ startWorkerHomeserverOpts: opts }, use) => { + if (typeof opts === "string") { + opts = { template: opts }; + } + + const server = getHomeserver(); + await use(await server.start(opts)); + await server.stop(); + }, + { scope: "worker" }, + ], + homeserver: async ( + { request, startHomeserverOpts: opts, usePerTestHomeserver, workerHomeserver }, + use, + testInfo, + ) => { + let instance: HomeserverInstance; let server: Homeserver; - const homeserverName = process.env["PLAYWRIGHT_HOMESERVER"]; - switch (homeserverName) { - case "dendrite": - server = new Dendrite(request); - break; - case "pinecone": - server = new Pinecone(request); - break; - default: - server = new Synapse(request); + if (usePerTestHomeserver) { + if (typeof opts === "string") { + opts = { template: opts }; + } + + server = getHomeserver(request); + instance = await server.start(opts); + } else { + instance = workerHomeserver; + instance.setRequest(request); } - await use(await server.start(opts)); - const logs = await server.stop(); + await use(instance); if (testInfo.status !== "passed") { + const logs = await instance.getLogs(); for (const path of logs) { await testInfo.attach(`homeserver-${basename(path)}`, { path, @@ -182,6 +204,7 @@ export const test = base.extend({ }); } } + await server?.stop(); }, // eslint-disable-next-line no-empty-pattern oAuthServer: async ({}, use) => { @@ -192,12 +215,12 @@ export const test = base.extend({ }, displayName: undefined, - credentials: async ({ homeserver, displayName: testDisplayName }, use) => { + credentials: async ({ homeserver, displayName: testDisplayName }, use, testInfo) => { const names = ["Alice", "Bob", "Charlie", "Daniel", "Eve", "Frank", "Grace", "Hannah", "Isaac", "Judy"]; const password = _.uniqueId("password_"); const displayName = testDisplayName ?? _.sample(names)!; - const credentials = await homeserver.registerUser("user", password, displayName); + const credentials = await homeserver.registerUser(`user_${testInfo.testId}`, password, displayName); console.log(`Registered test user @user:localhost with displayname ${displayName}`); await use({ diff --git a/playwright/plugins/homeserver/dendrite/index.ts b/playwright/plugins/homeserver/dendrite/index.ts index 0886dc1586d..d59afbd4031 100644 --- a/playwright/plugins/homeserver/dendrite/index.ts +++ b/playwright/plugins/homeserver/dendrite/index.ts @@ -73,24 +73,26 @@ export class Dendrite extends Synapse implements Homeserver, HomeserverInstance return this; } - public async stop(): Promise { - if (!this.config) throw new Error("Missing existing dendrite instance, did you call stop() before start()?"); - - const dendriteLogsPath = path.join("playwright", "dendritelogs", this.config.serverId); + public async getLogs(): Promise { + if (!this.config) throw new Error("Missing existing dendrite instance, did you call getLogs() before start()?"); + const id = this.config.serverId; + const dendriteLogsPath = path.join("playwright", "logs", "dendrite", id); await fse.ensureDir(dendriteLogsPath); - await this.docker.persistLogsToFile({ stdoutFile: path.join(dendriteLogsPath, "stdout.log"), stderrFile: path.join(dendriteLogsPath, "stderr.log"), }); + return [path.join(dendriteLogsPath, "stdout.log"), path.join(dendriteLogsPath, "stderr.log")]; + } + + public async stop(): Promise { + if (!this.config) throw new Error("Missing existing dendrite instance, did you call stop() before start()?"); await this.docker.stop(); await fse.remove(this.config.configDir); console.log(`Stopped dendrite id ${this.config.serverId}.`); - - return [path.join(dendriteLogsPath, "stdout.log"), path.join(dendriteLogsPath, "stderr.log")]; } } diff --git a/playwright/plugins/homeserver/index.ts b/playwright/plugins/homeserver/index.ts index c17ea15f554..c4782373add 100644 --- a/playwright/plugins/homeserver/index.ts +++ b/playwright/plugins/homeserver/index.ts @@ -6,6 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ +import type { APIRequestContext } from "@playwright/test"; +import { Synapse } from "./synapse"; +import { Dendrite, Pinecone } from "./dendrite"; + export interface HomeserverConfig { readonly configDir: string; readonly baseUrl: string; @@ -17,6 +21,17 @@ export interface HomeserverConfig { export interface HomeserverInstance { readonly config: HomeserverConfig; + /** + * Update the request context for this homeserver instance. + * @param request + */ + setRequest(request: APIRequestContext): void; + + /** + * @returns A list of paths relative to the cwd for logfiles generated during this test run. + */ + getLogs(): Promise; + /** * Register a user on the given Homeserver using the shared registration secret. * @param username the username of the user to register @@ -57,10 +72,8 @@ export interface Homeserver { start(opts: StartHomeserverOpts): Promise; /** * Stop this test homeserver instance. - * - * @returns A list of paths relative to the cwd for logfiles generated during this test run. */ - stop(): Promise; + stop(): Promise; } export interface Credentials { @@ -71,3 +84,20 @@ export interface Credentials { password: string | null; // null for password-less users displayName?: string; } + +export function getHomeserver(request?: APIRequestContext): Homeserver { + let server: Homeserver; + const homeserverName = process.env["PLAYWRIGHT_HOMESERVER"]; + switch (homeserverName) { + case "dendrite": + server = new Dendrite(request); + break; + case "pinecone": + server = new Pinecone(request); + break; + default: + server = new Synapse(request); + } + + return server; +} diff --git a/playwright/plugins/homeserver/synapse/index.ts b/playwright/plugins/homeserver/synapse/index.ts index c98a1f59bc5..e2047115266 100644 --- a/playwright/plugins/homeserver/synapse/index.ts +++ b/playwright/plugins/homeserver/synapse/index.ts @@ -88,7 +88,11 @@ export class Synapse implements Homeserver, HomeserverInstance { private adminToken?: string; - public constructor(private readonly request: APIRequestContext) {} + public constructor(private request?: APIRequestContext) {} + + public setRequest(request: APIRequestContext) { + this.request = request; + } /** * Start a synapse instance: the template must be the name of @@ -130,8 +134,8 @@ export class Synapse implements Homeserver, HomeserverInstance { return this; } - public async stop(): Promise { - if (!this.config) throw new Error("Missing existing synapse instance, did you call stop() before start()?"); + public async getLogs(): Promise { + if (!this.config) throw new Error("Missing existing synapse instance, did you call getLogs() before start()?"); const id = this.config.serverId; const synapseLogsPath = path.join("playwright", "logs", "synapse", id); await fse.ensureDir(synapseLogsPath); @@ -139,11 +143,15 @@ export class Synapse implements Homeserver, HomeserverInstance { stdoutFile: path.join(synapseLogsPath, "stdout.log"), stderrFile: path.join(synapseLogsPath, "stderr.log"), }); + return [path.join(synapseLogsPath, "stdout.log"), path.join(synapseLogsPath, "stderr.log")]; + } + + public async stop(): Promise { + if (!this.config) throw new Error("Missing existing synapse instance, did you call stop() before start()?"); + const id = this.config.serverId; await this.docker.stop(); await fse.remove(this.config.configDir); console.log(`Stopped synapse id ${id}.`); - - return [path.join(synapseLogsPath, "stdout.log"), path.join(synapseLogsPath, "stderr.log")]; } private async registerUserInternal( From c3316a80135d9f02a422e46a4165e433535d50b6 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Thu, 2 Jan 2025 17:22:51 +0000 Subject: [PATCH 02/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../forgot-password/forgot-password.spec.ts | 22 ++--- playwright/e2e/login/consent.spec.ts | 10 +-- .../{login.spec.ts => login-consent.spec.ts} | 56 +------------ playwright/e2e/login/login-sso.spec.ts | 34 ++++++++ .../e2e/login/logout_redirect_url.spec.ts | 34 ++++++++ playwright/e2e/login/soft_logout.spec.ts | 18 ++--- playwright/e2e/oidc/index.ts | 43 ++++++---- playwright/e2e/register/email.spec.ts | 44 +++++----- playwright/e2e/register/register.spec.ts | 8 +- playwright/element-web-test.ts | 80 +++++++++---------- playwright/plugins/docker/index.ts | 33 ++++++-- .../plugins/homeserver/dendrite/index.ts | 15 ++-- .../plugins/homeserver/synapse/index.ts | 16 ++-- .../matrix-authentication-service/index.ts | 76 +++++++++++------- 14 files changed, 273 insertions(+), 216 deletions(-) rename playwright/e2e/login/{login.spec.ts => login-consent.spec.ts} (79%) create mode 100644 playwright/e2e/login/login-sso.spec.ts create mode 100644 playwright/e2e/login/logout_redirect_url.spec.ts diff --git a/playwright/e2e/forgot-password/forgot-password.spec.ts b/playwright/e2e/forgot-password/forgot-password.spec.ts index 0a12514d9ec..4c82f5c94fa 100644 --- a/playwright/e2e/forgot-password/forgot-password.spec.ts +++ b/playwright/e2e/forgot-password/forgot-password.spec.ts @@ -14,18 +14,18 @@ const username = "user1234"; const password = "oETo7MPf0o"; const email = "user@nowhere.dummy"; -test.describe("Forgot Password", () => { - test.use({ - startHomeserverOpts: ({ mailhog }, use) => - use({ - template: "email", - variables: { - SMTP_HOST: "host.containers.internal", - SMTP_PORT: mailhog.instance.smtpPort, - }, - }), - }); +test.use({ + startHomeserverOpts: ({ _mailhog: mailhog }, use) => + use({ + template: "email", + variables: { + SMTP_HOST: "host.containers.internal", + SMTP_PORT: mailhog.instance.smtpPort, + }, + }), +}); +test.describe("Forgot Password", () => { test("renders properly", { tag: "@screenshot" }, async ({ page, homeserver }) => { await page.goto("/"); diff --git a/playwright/e2e/login/consent.spec.ts b/playwright/e2e/login/consent.spec.ts index 4d8dd821e0c..80738c39edd 100644 --- a/playwright/e2e/login/consent.spec.ts +++ b/playwright/e2e/login/consent.spec.ts @@ -8,12 +8,12 @@ Please see LICENSE files in the repository root for full details. import { test, expect } from "../../element-web-test"; -test.describe("Consent", () => { - test.use({ - startHomeserverOpts: "consent", - displayName: "Bob", - }); +test.use({ + startHomeserverOpts: "consent", + displayName: "Bob", +}); +test.describe("Consent", () => { test("should prompt the user to consent to terms when server deems it necessary", async ({ context, page, diff --git a/playwright/e2e/login/login.spec.ts b/playwright/e2e/login/login-consent.spec.ts similarity index 79% rename from playwright/e2e/login/login.spec.ts rename to playwright/e2e/login/login-consent.spec.ts index e1307f7402d..5e0b86df44f 100644 --- a/playwright/e2e/login/login.spec.ts +++ b/playwright/e2e/login/login-consent.spec.ts @@ -9,8 +9,6 @@ Please see LICENSE files in the repository root for full details. import { Page } from "playwright-core"; import { expect, test } from "../../element-web-test"; -import { doTokenRegistration } from "./utils"; -import { isDendrite } from "../../plugins/homeserver/dendrite"; import { selectHomeserver } from "../utils"; import { Credentials, HomeserverInstance } from "../../plugins/homeserver"; @@ -77,10 +75,10 @@ async function login(page: Page, homeserver: HomeserverInstance) { await page.getByRole("button", { name: "Sign in" }).click(); } +test.use({ startHomeserverOpts: "consent" }); + test.describe("Login", () => { test.describe("Password login", () => { - test.use({ startHomeserverOpts: "consent" }); - let creds: Credentials; test.beforeEach(async ({ homeserver }) => { @@ -223,32 +221,7 @@ test.describe("Login", () => { }); }); - // tests for old-style SSO login, in which we exchange tokens with Synapse, and Synapse talks to an auth server - test.describe("SSO login", () => { - test.skip(isDendrite, "does not yet support SSO"); - - test.use({ - startHomeserverOpts: ({ oAuthServer }, use) => - use({ - template: "default", - oAuthServerPort: oAuthServer.port, - }), - }); - - test("logs in with SSO and lands on the home screen", async ({ page, homeserver }) => { - // If this test fails with a screen showing "Timeout connecting to remote server", it is most likely due to - // your firewall settings: Synapse is unable to reach the OIDC server. - // - // If you are using ufw, try something like: - // sudo ufw allow in on docker0 - // - await doTokenRegistration(page, homeserver); - }); - }); - test.describe("logout", () => { - test.use({ startHomeserverOpts: "consent" }); - test("should go to login page on logout", async ({ page, user }) => { await page.getByRole("button", { name: "User menu" }).click(); await expect(page.getByText(user.displayName, { exact: true })).toBeVisible(); @@ -260,29 +233,4 @@ test.describe("Login", () => { await expect(page).toHaveURL(/\/#\/login$/); }); }); - - test.describe("logout with logout_redirect_url", () => { - test.use({ - startHomeserverOpts: "consent", - config: { - // We redirect to decoder-ring because it's a predictable page that isn't Element itself. - // We could use example.org, matrix.org, or something else, however this puts dependency of external - // infrastructure on our tests. In the same vein, we don't really want to figure out how to ship a - // `test-landing.html` page when running with an uncontrolled Element (via `yarn start`). - // Using the decoder-ring is just as fine, and we can search for strategic names. - logout_redirect_url: "/decoder-ring/", - }, - }); - - test("should respect logout_redirect_url", async ({ page, user }) => { - await page.getByRole("button", { name: "User menu" }).click(); - await expect(page.getByText(user.displayName, { exact: true })).toBeVisible(); - - // give a change for the outstanding requests queue to settle before logging out - await page.waitForTimeout(2000); - - await page.locator(".mx_UserMenu_contextMenu").getByRole("menuitem", { name: "Sign out" }).click(); - await expect(page).toHaveURL(/\/decoder-ring\/$/); - }); - }); }); diff --git a/playwright/e2e/login/login-sso.spec.ts b/playwright/e2e/login/login-sso.spec.ts new file mode 100644 index 00000000000..879869c37ab --- /dev/null +++ b/playwright/e2e/login/login-sso.spec.ts @@ -0,0 +1,34 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { test } from "../../element-web-test"; +import { doTokenRegistration } from "./utils"; +import { isDendrite } from "../../plugins/homeserver/dendrite"; + +test.use({ + startHomeserverOpts: ({ oAuthServer }, use) => + use({ + template: "default", + oAuthServerPort: oAuthServer.port, + }), +}); + +// tests for old-style SSO login, in which we exchange tokens with Synapse, and Synapse talks to an auth server +test.describe("SSO login", () => { + test.skip(isDendrite, "does not yet support SSO"); + + test("logs in with SSO and lands on the home screen", async ({ page, homeserver }) => { + // If this test fails with a screen showing "Timeout connecting to remote server", it is most likely due to + // your firewall settings: Synapse is unable to reach the OIDC server. + // + // If you are using ufw, try something like: + // sudo ufw allow in on docker0 + // + await doTokenRegistration(page, homeserver); + }); +}); diff --git a/playwright/e2e/login/logout_redirect_url.spec.ts b/playwright/e2e/login/logout_redirect_url.spec.ts new file mode 100644 index 00000000000..991c9d9fb65 --- /dev/null +++ b/playwright/e2e/login/logout_redirect_url.spec.ts @@ -0,0 +1,34 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { expect, test } from "../../element-web-test"; + +test.use({ + startHomeserverOpts: "consent", + config: { + // We redirect to decoder-ring because it's a predictable page that isn't Element itself. + // We could use example.org, matrix.org, or something else, however this puts dependency of external + // infrastructure on our tests. In the same vein, we don't really want to figure out how to ship a + // `test-landing.html` page when running with an uncontrolled Element (via `yarn start`). + // Using the decoder-ring is just as fine, and we can search for strategic names. + logout_redirect_url: "/decoder-ring/", + }, +}); + +test.describe("logout with logout_redirect_url", () => { + test("should respect logout_redirect_url", async ({ page, user }) => { + await page.getByRole("button", { name: "User menu" }).click(); + await expect(page.getByText(user.displayName, { exact: true })).toBeVisible(); + + // give a change for the outstanding requests queue to settle before logging out + await page.waitForTimeout(2000); + + await page.locator(".mx_UserMenu_contextMenu").getByRole("menuitem", { name: "Sign out" }).click(); + await expect(page).toHaveURL(/\/decoder-ring\/$/); + }); +}); diff --git a/playwright/e2e/login/soft_logout.spec.ts b/playwright/e2e/login/soft_logout.spec.ts index ca0c11132a3..bf0c4f5eadf 100644 --- a/playwright/e2e/login/soft_logout.spec.ts +++ b/playwright/e2e/login/soft_logout.spec.ts @@ -13,16 +13,16 @@ import { doTokenRegistration } from "./utils"; import { Credentials } from "../../plugins/homeserver"; import { isDendrite } from "../../plugins/homeserver/dendrite"; -test.describe("Soft logout", () => { - test.use({ - displayName: "Alice", - startHomeserverOpts: ({ oAuthServer }, use) => - use({ - template: "default", - oAuthServerPort: oAuthServer.port, - }), - }); +test.use({ + displayName: "Alice", + startHomeserverOpts: ({ oAuthServer }, use) => + use({ + template: "default", + oAuthServerPort: oAuthServer.port, + }), +}); +test.describe("Soft logout", () => { test.describe("with password user", () => { test("shows the soft-logout page when a request fails, and allows a re-login", async ({ page, user }) => { await interceptRequestsWithSoftLogout(page, user); diff --git a/playwright/e2e/oidc/index.ts b/playwright/e2e/oidc/index.ts index 9403406d80c..af1cedd2ec4 100644 --- a/playwright/e2e/oidc/index.ts +++ b/playwright/e2e/oidc/index.ts @@ -13,30 +13,45 @@ import { test as base, expect } from "../../element-web-test"; import { MatrixAuthenticationService } from "../../plugins/matrix-authentication-service"; import { StartHomeserverOpts } from "../../plugins/homeserver"; -export const test = base.extend<{ - masPrepare: MatrixAuthenticationService; - mas: MatrixAuthenticationService; -}>({ +export const test = base.extend< + { + masPrepare: MatrixAuthenticationService; + }, + { + _masPrepare: MatrixAuthenticationService; + mas: MatrixAuthenticationService; + } +>({ // There's a bit of a chicken and egg problem between MAS & Synapse where they each need to know how to reach each other // so spinning up a MAS is split into the prepare & start stage: prepare mas -> homeserver -> start mas to disentangle this. - masPrepare: async ({ context }, use) => { - const mas = new MatrixAuthenticationService(context); - await mas.prepare(); - await use(mas); - }, + _masPrepare: [ + // eslint-disable-next-line no-empty-pattern + async ({}, use) => { + const mas = new MatrixAuthenticationService(); + await mas.prepare(); + await use(mas); + }, + { scope: "worker" }, + ], mas: [ - async ({ masPrepare: mas, homeserver, mailhog }, use, testInfo) => { + async ({ _masPrepare: mas, _workerHomeserver: homeserver, _mailhog: mailhog }, use, testInfo) => { await mas.start(homeserver, mailhog.instance); await use(mas); - await mas.stop(testInfo); + await mas.stop(); }, - { auto: true }, + { auto: true, scope: "worker" }, ], - startHomeserverOpts: async ({ masPrepare }, use) => { + masPrepare: async ({ context, _masPrepare: mas }, use, testInfo) => { + mas.setContext(context); + await use(mas); + await mas.afterEach(testInfo); + }, + + startHomeserverOpts: async ({ _masPrepare: mas }, use) => { await use({ template: "mas-oidc", variables: { - MAS_PORT: masPrepare.port, + MAS_PORT: mas.port, }, }); }, diff --git a/playwright/e2e/register/email.spec.ts b/playwright/e2e/register/email.spec.ts index 665e20ef01f..89df6e12629 100644 --- a/playwright/e2e/register/email.spec.ts +++ b/playwright/e2e/register/email.spec.ts @@ -9,30 +9,30 @@ Please see LICENSE files in the repository root for full details. import { test, expect } from "../../element-web-test"; import { isDendrite } from "../../plugins/homeserver/dendrite"; -test.describe("Email Registration", async () => { - test.skip(isDendrite, "not yet wired up"); - - test.use({ - startHomeserverOpts: ({ mailhog }, use) => - use({ - template: "email", - variables: { - SMTP_HOST: "host.containers.internal", - SMTP_PORT: mailhog.instance.smtpPort, +test.use({ + startHomeserverOpts: ({ _mailhog: mailhog }, use) => + use({ + template: "email", + variables: { + SMTP_HOST: "host.containers.internal", + SMTP_PORT: mailhog.instance.smtpPort, + }, + }), + config: ({ homeserver }, use) => + use({ + default_server_config: { + "m.homeserver": { + base_url: homeserver.config.baseUrl, }, - }), - config: ({ homeserver }, use) => - use({ - default_server_config: { - "m.homeserver": { - base_url: homeserver.config.baseUrl, - }, - "m.identity_server": { - base_url: "https://server.invalid", - }, + "m.identity_server": { + base_url: "https://server.invalid", }, - }), - }); + }, + }), +}); + +test.describe("Email Registration", async () => { + test.skip(isDendrite, "not yet wired up"); test.beforeEach(async ({ page }) => { await page.goto("/#/register"); diff --git a/playwright/e2e/register/register.spec.ts b/playwright/e2e/register/register.spec.ts index c1274362668..7aa494f2b0c 100644 --- a/playwright/e2e/register/register.spec.ts +++ b/playwright/e2e/register/register.spec.ts @@ -8,11 +8,11 @@ Please see LICENSE files in the repository root for full details. import { test, expect } from "../../element-web-test"; -test.describe("Registration", () => { - test.use({ - startHomeserverOpts: "consent", - }); +test.use({ + startHomeserverOpts: "consent", +}); +test.describe("Registration", () => { test.beforeEach(async ({ page }) => { await page.goto("/#/register"); }); diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index 0e54ad9f230..5e34a565a02 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -14,7 +14,7 @@ import { basename, extname } from "node:path"; import type mailhog from "mailhog"; import type { IConfigOptions } from "../src/IConfigOptions"; -import { Credentials, getHomeserver, Homeserver, HomeserverInstance, StartHomeserverOpts } from "./plugins/homeserver"; +import { Credentials, getHomeserver, HomeserverInstance, StartHomeserverOpts } from "./plugins/homeserver"; import { Instance, MailHogServer } from "./plugins/mailhog"; import { ElementAppPage } from "./pages/ElementAppPage"; import { OAuthServer } from "./plugins/oauth_server"; @@ -68,12 +68,9 @@ export interface Fixtures { config: typeof CONFIG_JSON; /** - * The options with which to run the {@link #homeserver} fixture. + * Wraps the worker-scoped _homeserver fixture to hook into testInfo. */ - startHomeserverOpts: StartHomeserverOpts | string; - usePerTestHomeserver: boolean; homeserver: HomeserverInstance; - oAuthServer: { port: number }; /** * The displayname to use for the user registered in {@link #credentials}. @@ -125,11 +122,16 @@ export interface Fixtures { } interface WorkerFixtures { + _mailhog: { api: mailhog.API; instance: Instance }; + oAuthServer: { port: number }; /** * The options with which to run the {@link #homeserver} fixture. */ - startWorkerHomeserverOpts: StartHomeserverOpts | string; - workerHomeserver: HomeserverInstance; + startHomeserverOpts: StartHomeserverOpts | string; + /** + * Internal fixture to scope the homeserver instance to the worker. + */ + _workerHomeserver: HomeserverInstance; } export const test = base.extend({ @@ -158,11 +160,9 @@ export const test = base.extend({ await use(page); }, - startHomeserverOpts: "default", - startWorkerHomeserverOpts: ["default", { scope: "worker" }], - usePerTestHomeserver: [false, { option: true }], - workerHomeserver: [ - async ({ startWorkerHomeserverOpts: opts }, use) => { + startHomeserverOpts: ["default", { scope: "worker" }], + _workerHomeserver: [ + async ({ startHomeserverOpts: opts }, use) => { if (typeof opts === "string") { opts = { template: opts }; } @@ -174,24 +174,8 @@ export const test = base.extend({ }, { scope: "worker" }, ], - homeserver: async ( - { request, startHomeserverOpts: opts, usePerTestHomeserver, workerHomeserver }, - use, - testInfo, - ) => { - let instance: HomeserverInstance; - let server: Homeserver; - if (usePerTestHomeserver) { - if (typeof opts === "string") { - opts = { template: opts }; - } - - server = getHomeserver(request); - instance = await server.start(opts); - } else { - instance = workerHomeserver; - instance.setRequest(request); - } + homeserver: async ({ request, _workerHomeserver: instance }, use, testInfo) => { + instance.setRequest(request); await use(instance); @@ -204,15 +188,17 @@ export const test = base.extend({ }); } } - await server?.stop(); - }, - // eslint-disable-next-line no-empty-pattern - oAuthServer: async ({}, use) => { - const server = new OAuthServer(); - const port = server.start(); - await use({ port }); - server.stop(); }, + oAuthServer: [ + // eslint-disable-next-line no-empty-pattern + async ({}, use) => { + const server = new OAuthServer(); + const port = server.start(); + await use({ port }); + server.stop(); + }, + { scope: "worker" }, + ], displayName: undefined, credentials: async ({ homeserver, displayName: testDisplayName }, use, testInfo) => { @@ -289,12 +275,20 @@ export const test = base.extend({ await use(bot); }, + _mailhog: [ + // eslint-disable-next-line no-empty-pattern + async ({}, use) => { + const mailhog = new MailHogServer(); + const instance = await mailhog.start(); + await use(instance); + await mailhog.stop(); + }, + { scope: "worker" }, + ], // eslint-disable-next-line no-empty-pattern - mailhog: async ({}, use) => { - const mailhog = new MailHogServer(); - const instance = await mailhog.start(); - await use(instance); - await mailhog.stop(); + mailhog: async ({ _mailhog: mailhog }, use) => { + await use(mailhog); + await mailhog.api.deleteAll(); }, slidingSyncProxy: async ({ page, user, homeserver }, use) => { diff --git a/playwright/plugins/docker/index.ts b/playwright/plugins/docker/index.ts index 6cc13860be3..d1c7716c288 100644 --- a/playwright/plugins/docker/index.ts +++ b/playwright/plugins/docker/index.ts @@ -9,7 +9,9 @@ Please see LICENSE files in the repository root for full details. import * as os from "os"; import * as crypto from "crypto"; import * as childProcess from "child_process"; -import * as fse from "fs-extra"; +import { ensureDir } from "fs-extra"; +import { createWriteStream } from "node:fs"; +import path from "node:path"; /** * @param cmd - command to execute @@ -122,18 +124,33 @@ export class Docker { return stdout.trim(); } - async persistLogsToFile(args: { stdoutFile?: string; stderrFile?: string }): Promise { - const stdoutFile = args.stdoutFile ? await fse.open(args.stdoutFile, "w") : "ignore"; - const stderrFile = args.stderrFile ? await fse.open(args.stderrFile, "w") : "ignore"; + async persistLogsToFile( + name: string, + id: string, + since?: string, + ): Promise<{ stdoutFile: string; stderrFile: string }> { + const logPath = path.join("playwright", "logs", name, id); + await ensureDir(logPath); + + const [stdoutFile, stderrFile] = [path.join(logPath, "stdout.log"), path.join(logPath, "stderr.log")]; + const [stdoutStream, stderrStream] = [createWriteStream(stdoutFile), createWriteStream(stderrFile)]; + + const args = ["logs", this.id]; + if (since) { + args.push("--since", since); + } + await new Promise((resolve) => { childProcess - .spawn("docker", ["logs", this.id], { - stdio: ["ignore", stdoutFile, stderrFile], + .spawn("docker", args, { + stdio: ["ignore", stdoutStream, stderrStream], }) .once("close", resolve); }); - if (args.stdoutFile) await fse.close(stdoutFile); - if (args.stderrFile) await fse.close(stderrFile); + stdoutStream.close(); + stderrStream.close(); + + return { stdoutFile, stderrFile }; } /** diff --git a/playwright/plugins/homeserver/dendrite/index.ts b/playwright/plugins/homeserver/dendrite/index.ts index d59afbd4031..75516a93ba7 100644 --- a/playwright/plugins/homeserver/dendrite/index.ts +++ b/playwright/plugins/homeserver/dendrite/index.ts @@ -75,14 +75,13 @@ export class Dendrite extends Synapse implements Homeserver, HomeserverInstance public async getLogs(): Promise { if (!this.config) throw new Error("Missing existing dendrite instance, did you call getLogs() before start()?"); - const id = this.config.serverId; - const dendriteLogsPath = path.join("playwright", "logs", "dendrite", id); - await fse.ensureDir(dendriteLogsPath); - await this.docker.persistLogsToFile({ - stdoutFile: path.join(dendriteLogsPath, "stdout.log"), - stderrFile: path.join(dendriteLogsPath, "stderr.log"), - }); - return [path.join(dendriteLogsPath, "stdout.log"), path.join(dendriteLogsPath, "stderr.log")]; + const { stdoutFile, stderrFile } = await this.docker.persistLogsToFile( + "dendrite", + this.config.serverId, + this.logsSinceTime, + ); + this.logsSinceTime = new Date().toISOString(); + return [stdoutFile, stderrFile]; } public async stop(): Promise { diff --git a/playwright/plugins/homeserver/synapse/index.ts b/playwright/plugins/homeserver/synapse/index.ts index e2047115266..b899364cbad 100644 --- a/playwright/plugins/homeserver/synapse/index.ts +++ b/playwright/plugins/homeserver/synapse/index.ts @@ -134,16 +134,16 @@ export class Synapse implements Homeserver, HomeserverInstance { return this; } + protected logsSinceTime?: string; public async getLogs(): Promise { if (!this.config) throw new Error("Missing existing synapse instance, did you call getLogs() before start()?"); - const id = this.config.serverId; - const synapseLogsPath = path.join("playwright", "logs", "synapse", id); - await fse.ensureDir(synapseLogsPath); - await this.docker.persistLogsToFile({ - stdoutFile: path.join(synapseLogsPath, "stdout.log"), - stderrFile: path.join(synapseLogsPath, "stderr.log"), - }); - return [path.join(synapseLogsPath, "stdout.log"), path.join(synapseLogsPath, "stderr.log")]; + const { stdoutFile, stderrFile } = await this.docker.persistLogsToFile( + "synapse", + this.config.serverId, + this.logsSinceTime, + ); + this.logsSinceTime = new Date().toISOString(); + return [stdoutFile, stderrFile]; } public async stop(): Promise { diff --git a/playwright/plugins/matrix-authentication-service/index.ts b/playwright/plugins/matrix-authentication-service/index.ts index eaad350b829..f4214f2194c 100644 --- a/playwright/plugins/matrix-authentication-service/index.ts +++ b/playwright/plugins/matrix-authentication-service/index.ts @@ -9,7 +9,7 @@ Please see LICENSE files in the repository root for full details. import path, { basename } from "node:path"; import os from "node:os"; import * as fse from "fs-extra"; -import { BrowserContext, TestInfo } from "@playwright/test"; +import { BrowserContext, Route, TestInfo } from "@playwright/test"; import { getFreePort } from "../utils/port"; import { Docker } from "../docker"; @@ -59,13 +59,43 @@ async function cfgDirFromTemplate(opts: { }; } +const ROUTES = [ + "**/_matrix/client/*/login", + "**/_matrix/client/*/login/**", + "**/_matrix/client/*/logout", + "**/_matrix/client/*/refresh", +]; + export class MatrixAuthenticationService { private readonly masDocker = new Docker(); private readonly postgresDocker = new PostgresDocker("mas"); + private context: BrowserContext; private instance: ProxyInstance; public port: number; - constructor(private context: BrowserContext) {} + constructor() {} + + routeHandler = async (route: Route) => { + const baseUrl = `http://localhost:${this.port}`; + await route.continue({ + url: new URL(route.request().url().split("/").slice(3).join("/"), baseUrl).href, + }); + }; + + async setContext(context: BrowserContext) { + if (this.context) { + for (const path of ROUTES) { + await this.context.unroute(path, this.routeHandler); + } + } + + this.context = context; + + // Set up redirects + for (const path of ROUTES) { + await this.context.route(path, this.routeHandler); + } + } async prepare(): Promise<{ port: number }> { this.port = await getFreePort(); @@ -99,40 +129,19 @@ export class MatrixAuthenticationService { }); console.log(new Date(), "started!"); - // Set up redirects - const baseUrl = `http://localhost:${port}`; - for (const path of [ - "**/_matrix/client/*/login", - "**/_matrix/client/*/login/**", - "**/_matrix/client/*/logout", - "**/_matrix/client/*/refresh", - ]) { - await this.context.route(path, async (route) => { - await route.continue({ - url: new URL(route.request().url().split("/").slice(3).join("/"), baseUrl).href, - }); - }); - } - this.instance = { containerId, postgresId, port, configDir }; return this.instance; } - async stop(testInfo: TestInfo): Promise { - if (!this.instance) return; // nothing to stop - const id = this.instance.containerId; - const logPath = path.join("playwright", "logs", "matrix-authentication-service", id); - await fse.ensureDir(logPath); - await this.masDocker.persistLogsToFile({ - stdoutFile: path.join(logPath, "stdout.log"), - stderrFile: path.join(logPath, "stderr.log"), - }); - - await this.masDocker.stop(); - await this.postgresDocker.stop(); + async afterEach(testInfo: TestInfo): Promise { + if (!this.instance) return; + const { stdoutFile, stderrFile } = await this.masDocker.persistLogsToFile( + "matrix-authentication-service", + this.instance.containerId, + ); if (testInfo.status !== "passed") { - const logs = [path.join(logPath, "stdout.log"), path.join(logPath, "stderr.log")]; + const logs = [stdoutFile, stderrFile]; for (const path of logs) { await testInfo.attach(`mas-${basename(path)}`, { path, @@ -144,6 +153,13 @@ export class MatrixAuthenticationService { contentType: "text/plain", }); } + } + + async stop(): Promise { + if (!this.instance) return; // nothing to stop + + await this.masDocker.stop(); + await this.postgresDocker.stop(); await fse.remove(this.instance.configDir); console.log(new Date(), "Stopped mas."); From 07641060d2e44af32c15e4003bbc0bc37d41d7e5 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Thu, 2 Jan 2025 17:49:56 +0000 Subject: [PATCH 03/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/plugins/docker/index.ts | 6 ++++-- .../html-export.spec.ts/html-export-linux.png | Bin 48699 -> 53755 bytes .../invite-dialog-dm-with-user-pill-linux.png | Bin 44821 -> 55451 bytes .../invite-dialog-dm-without-user-linux.png | Bin 36886 -> 47445 bytes ...nvite-dialog-room-with-user-pill-linux.png | Bin 26832 -> 33955 bytes .../invite-dialog-room-without-user-linux.png | Bin 18888 -> 25239 bytes .../account-linux.png | Bin 55908 -> 61273 bytes .../account-smallscreen-linux.png | Bin 30299 -> 35747 bytes .../share-dialog-user-linux.png | Bin 17787 -> 21426 bytes .../user-menu.spec.ts/user-menu-linux.png | Bin 15540 -> 16191 bytes 10 files changed, 4 insertions(+), 2 deletions(-) diff --git a/playwright/plugins/docker/index.ts b/playwright/plugins/docker/index.ts index d1c7716c288..1fde5eb66e6 100644 --- a/playwright/plugins/docker/index.ts +++ b/playwright/plugins/docker/index.ts @@ -141,11 +141,13 @@ export class Docker { } await new Promise((resolve) => { - childProcess + const { stdout, stderr } = childProcess .spawn("docker", args, { - stdio: ["ignore", stdoutStream, stderrStream], + stdio: ["ignore", "pipe", "pipe"], }) .once("close", resolve); + stdout.pipe(stdoutStream); + stderr.pipe(stderrStream); }); stdoutStream.close(); stderrStream.close(); diff --git a/playwright/snapshots/chat-export/html-export.spec.ts/html-export-linux.png b/playwright/snapshots/chat-export/html-export.spec.ts/html-export-linux.png index 465e58ca39ea377326ed91d1fc81dbd879183639..7a108b441c8838fce84eb05e78672850f0056e37 100644 GIT binary patch literal 53755 zcmeFYcTkhv_b&?iDk|+oItaW55tSxgx=Is}-n-Hv^cF%@d6Ccs>AiOdJ+u&zCcTH6 zgx*5vy@U&Xf9KqP&YknmJ-?Ydb7wNMpJeZ~*V=3Cwf1MN{Uk(9MV|B#!y^I$0#bz! zG8zN~_ii5V3_rMY)4XL-B)n+|-8AIi6O<1=*&rbJhd@E*ot9VX77A>nX^pkjx2@V=|L+e_n~*IK>KlmV z8A?0lJldz%^jCR@pSV-R9+5mH>{{o9RJq=I&5|KiTLgXX^G6zg$sh#59lfwtx?3tT1Vac6$BM1CAmTU+mWD>6Z`CXjGS$Cuv`HF-^o*M8?XA}v%2 z8pnfmc3LaSi|-!+^X~uGKrzDl7eiIv{Yd^`p7BhF0zzE3JlUA24Kw1;>TjkZCOqwJ zNc}w=V5-npWd{6Hqd|&om)C$z=UP8;9T89-%7Q@MXKre5n zdaG?m_l0;MJ}2YZgeNZm@bFrNTflHLdu_(u@oZkI1-#EI`a6^vC(PfHOw0J!U`Qz1 z;23j3e1X+$?+#C7wDu3DzSYK;(IPwKR{z3*hkM&A!@U9i;GqlrSyJPAbKP=&x(ek` z_j+qg%n$F31P?SG)r0|0!4U~dU)mP1pdr#HxN|z-t?Ll5l`N1r_qNr{lrQs&!M4&i zEfX8BEDmehB$`Pa{O+0r3hY zZ@zwGrebd}J<=H;yM8b0ZX*~bNY{8smfrCEY02`Lxm%-GkYnWaX(t-(AdjF$Pp+*< zuhv9;uMzmmNeDerT;_zJrSbI~)Tqpjox0Z+a41-Fw9ok37Nt-P*;tB3^Y|uPpSyqa z>1)}^74JuaeHa<^KFVqKm}w|QUK_pH&c5Lz60X1O zh4l(?ad_8cb(i>1B4h1qF<%r|3KECnsA*pB5Aako`~ALk)p^~#?}Trbn)?4JV$w#2 zQvs-x#t6rUjj@ANTqCa6V%5iTBupYCTtpYHT2@tQ|LxY7kzr-v-7&2~?=R+e)Uc41 zk;hNz|3nr*AQqh}Jkvi@k1;6zqwe^A zgCxNDJh|t<5hZFqj{UmHFMp`rK8<%kuXLmVD=X7)+9K(_SrDJKV;?0}CFQLy>^8nU z+^HZ7(1<-8OjIZdZ*ddGsh*mh#5}EXLaxW$Ef55liBh%b^LqeYXQD}^Ev^?6UCTwx=vc{!&Rop|n}EcO*X>1Q?&!O=(5fOdVZt5mvXi-CxA1X?@P%;YX{wF*)5mUpTQL0LUJx->fkh@g9o2GP`bkNhry@%`8dC^Zf{! z$M)PJHes2%&PI)~41)ao$rgLp*vp1&k8xW800WV(d|F+vL*<+ZapMbNT;K2Ml9(rV zq%RsnKOpf(877U?Q-VtQYv7# zVpGqp^DBL}JU#cXnq44IDwiXcP0TN|aq=YI-_jfgQSYQL8R*7T_=#>K**vW5`x?RZ zENHY!2J9G|5uq>$&)9VkN4d3&$OD;NSzQ>wyCCPZvH?0Li9 z=uE3OEKY@>E2&{hJJSIp-`S)O0RY?XL4`29|Mm)$q0z@yQasI$YI1zcDnb_|ea5jZ ziRM~9$Q7Vp-~up!GO7~X%NZij)yf-Z9Srgja-8v|mvP;fhK@ z^nOEnht?qp3#FjoWib$Uu~eT*{#{YEYgd^lyJV2{u}m(9LMdLKQ=evJqlUUpf2o+F zx?ziCO)<`<_>$sQ3jY#2uLm`QwdxMK`}`i<0M|+Pf@w2~5nBO<2$kI5_T}}l`W=;K z&&t2OM0jTUt-nHfQY)B^i=M)!N|GlBOyBBAs;uVP+ks> zKTf4#Nb(SS@r6I~HjKWdzgdG{I=^^_hT!tW+OfxE0|e6Lv`N+80%pDA6PXD9$a0QP zE^?5OF$yjX_b-5f4{}@6@n0!*8Lns?@t@q|Xj|;~y?g`w>`puO_$38B(<^=RK?bLV zUs~0PPrx4yYc0-+@yUJ%a-5Nfp^p`kuQ`8zn%iGYRKRMm7(vbFe>GfLV6em|tD%tc zi)^kEeDRq*GILwv;y#b^abo4?11hI7hz)$r!GM24!ey_p1?5AQ+@wl-*%qIN+6j0d zd~1srvhZ1$(`2T8*7SbyB*MN^n590~Zt6Ek%1e%`ZaJh6x#hdNe>9<5*8Ey`BGaF= z*qcs2MIL0jS+&^&A@r#E16W#lG)SR$916zVuLD|49Ypt9*&M`RSAJ`(hjU9{M57Yo zmKQ;1@xs$#0H2rV7e&oJ1?{{dDGQZPxZ{VneXZvAJ{gb6!Mi05OFDnM@tldRGa?-` z;_AOUDlDB^-wshrPbT_ALC?ot5d;G|#Emv8g}sB`AO9b)=1`AN51R=-`#BPkA|me3 zbdFTf%t_aso!CvaxFsjp-l@D(0eK@h3BT;IamcwJHKx%1+%w=B^num-qMP#%e*3aH zzAN-0Zm!;-{?*~nL#J>-n~RS-NJ^XaB+0yGrc>oVOGG_o8m&=G22+;4NQ*%)yB!zl-Ca<$n@_FQVN~hyVQk-+})B z8xoBFpT&QysV1>;$3MhAKINrpy4arn<_drQW$L%fl6xAe41$$T%l4SkH2m~uNyz{^ zP16C;pMbv$)Yv)3&8jwjH~sMqE9-;4+8pj$if2S#aOQgqUoHd<-nG7LYpFc8E+xC= zqUQG3yhhz(iVL;{kJyDiat&jy3W4Vw4^?{;efQ87EHv$&__NEHX$kdYa{rgv)@CO6 z?No2eo)YxMxrsz)UAM%(5qjvj**_8R9DEToJ=O zmts6kna7)dLfbf>EYW-l((q=2K}E#*sj+3Au`$0VRvBA1Q}~|=E~uEkoX9gPOF5R7 zp+{Q=r&z!>b>4p*bewzT{(SS+H;EnQa+Kr=erQ2_EMf*n`G+w_EaU$!*{aq0=XPkO z&`SXV+GH+yDTU&&bV_`hkxkvW?9gr3m+q`#0^il$GttIRab>5gN$qRc>_6eMbxF;J zKt&|+m;?9ZcBC5rBhprSj3r)C?2lE(!{6Vn5aGDioe{b1&a`^ail`d=qgTP4;r~k2 z8G`PAN(1JY+OFM>`I7vU;JR1z|0b6wg8k1fbsK_X@Sqwf?E>H6hw}Ji$wK;|`}4e>>T{%lLl+#zGGy`6vS_lva4;c>OwG>31k%+#B|XUw7^> z{Y}Uh7kismw4(4SE+79xWJIFzi_fM}pEBiwPWe_^j_6y}-CaMV1bqRr^> zM*(&j**CEE|KX^ZDfy4x`(k~l*FznRxQwXJ70!jb7;60TLD&$M%i7PBO``v`Ie-sZ z^Bggae(p;9gP@k*{3x&A&&jxtrPuI9)`h0N0{KEcR*xPqaKbRAcy+Pye+xMZH-FO&^Y7h)0!t?iNtN=;fz2R+5vtQ=-vZR~o zZErQJ`WJsI!p^qjKHZ!l!}}a%kH+LVzn{&940Ar5Z}i*ALI?7d6!v(POqidX{!0ES zTWiF8OD0aTGDvVulRAsn-yEu7aC^VSdypgGe1gU0AP$Djgz}%|rEmfO`KJLYU=$D& zL$LbwcAsAM-}tQA%aMzK$jcO;7ebOd>I?$w;^xv8pYl{9;rv#<78;chI*=cgF#D$$ z59w}5T8F}`k3g4w~w*4fF{nWaKpmUGPvL&9h<(~SA8D>EaYTAycp?S2{l8}+hbBF;jDR>HxVoaZDSWz{12Yj|`xz{9&o!=?HXWynAxJ(1-}yYqBme@ZaQSX{8fT|98OIpp<*!JK93%qM_0|J{uP~F16S%I-(CRP zU{_G)YEz4-HAUKpjFHZHeA7lH+X13W^`_=h4?9eLe6ntiU6*o`Gd14uEJ*w4)8XRv zFWU~fW-ix*U;Y&Inr`O&et2qK`629+qMj7jX%yS6m|5?+xqej3yIafndn6K;zbzPx z$6E-oIe_<8f?U{KdScRQumPqYt7Uecr17~N&Y9WTBWUud(m6 zegbhyqIKfF=m3q9mR_xU4c#;m3<$~EQI^NI#2l%gq>{>IyJ z`U$kt%Nr9sMmgGlA<2wWUy3db)hQSYNtBg&W#29x+0M$T|9R}ALP=M+NsJaB71*{L zU+vY;HrN{X;C6fM8g`NF8Y{NPch);>>{FezeEyli zvWUt&Y#7HWnV8f+Q=p~ep!mLTpcBKw~6NiFN!cM12QMn?3TB z9R2;k(?=QMvnJequA)Ov-QuCMhYO9=OLtI=5J=)b?vzB&TL6DGH`sVB&E z#JI0pjI0wHH1G%5yhH|-P8)fr75IPM?z}QZJ3WrBxnf~4oDxyfjIH2ncJG>C^XfbX zT_h}5d?CbtpZ`is*$?Qt{x?AMD(dt1M@ixmPbWazgQS{b*k0YAYBUW@v!@>0Mvr^O z_&C4guSfvdSj2qi_I(Ol{*#G%Ds}X~5U1viUzVphky|u08$G!2p>6U5e;nmSA~?O0ksq zV*O_8i!cWn3-^?0KUx+J8Vd7E|ABuCr#kVG0L>=VN2&FgXMok*e+B5(emdN0YqzA0 z#CbwAIC94*#>Uv^gePNHfW*5pK!IW0eFsx!|9Hy2*f+#ti1z)C(aKaU=HP2ym{mb; ze#i%nt*7St!90i1zvU(F2c0LVyeZgLDs?w2UVsw6%EfHb$#G9t_@llbVTGCvCEsy+ zM~&VIbsLCNl|`PaW=z9N4Wr(*;q#=D!v$MvHC(n5W2&9|@W3^xT7UeR;d8rb(I_%`z1HDaR; z%-XW~G_r9-1^@%Hc~4PEpU1IBfaeqxVOpUoqJde9A9InYZezvmaiFO6W8O5SK5nqA z`R+kWlOPs7H(3_eLmcymD6KnBr<{exle*Np+;u& zVD!SMXhX(VZ7UgwcD{`8(<-y5c{}d4M@bLJeVh~Xi4P#nn#9Vg+|<;XNmkf}#YERV zED^H%JbzqSo}fHNE~nw(ts%ZTzb(z@#Ae&peT|K%yXjj_d9!eJr^Y#AbV8so_O)On zgR+96U`p7ww=8rLWgWNjF+-V2z(d#8Xne!49xKRDnK;U=E!0*oSia>e+=BF6?Mm6_5w_Y(#UB6d{ommVJ$bkzxakXJ1VFaSt?NRlMAM;*Cv9H; z@u#tD8g3DNNy@9;CADDITM+eD0yYVLl!igNA#hvTyGdsoX3(%&Wk|NB#0dsDdGqDJgzQ)n{VfNE_Zr7BgpF#uKN=%V#|rRmZXr&CMpJX==o)(p1+hA@h19{_7n*qnY0?`( z+5H#orWmt_#5bRlR4#6LDzF40U;@;EIAN1kM>k@B3$y~)rTcDrT+*$a-*iV zw0{dt)#KZP9!h(|62lYJ^r+zN=iq8-G6Y&O@xfKG)SZlg))@^Le{ z6j?2w*^NmFs3N2@v0w7uoroBk>4sx>*0Luda%+o|PDZClu7g+T&dHI0&AO`#^tGY$ zmxQL4uX3ymX<@JcOa&H?((-Gf4o1l0Ro(oO>;dlndy`n zecwB9=Z8qii9_=870$tK>2&q}VR&7|~EqGYwaf255qMdM~+8SbPA>Wk;}&$nR^$Tkm40PWrlJpGe& zWdf|e+&UUT=-dB+`w4HMA3^4WzdqfzUjWV&e~Lw40I%=fy37BOE7|{}34r$5=WY&u z-Od!*(gJ`rH{=p|o=aTJwlb?-#t$?#tk~~>&!*5K%-T3o#;`S_w`(la3?*;9_Y!ED zaxmIY9;HK1Jc0YJn*O>u;(QH?eQLqhnP*fU5&6jfjpyO}1wUGsT_(ZLy{%TYl|r}V zUVO34U))rg6+Cy39g>*?_6@Y5vw}eEbU*%C+uNu}Gtj zx9F?{zW0`XUP1k)bdp|L8Ys`*=#e6%k#-VQ-@frRP=W*QC_#N@P!nz_ke6eyY%qGv zB-Wxb#7SjLyhE7t{lwOi-3;z)wo@ljFlfZ}xHhnR=gxciGoLyB&qmG*yQ?^tmr|>S zxKwfUyxdJ{{-1XN0;Fu_{$`=|F!AlE3gr3@Lb!jL46<5Eh}f`$dwrTM4=mtW)03U7 zF^*~r3~Wx5k$Kdc&QmijxVO8(@9PU)-DL6XH%?15|2Y9obD$N##+l66^;Vdu%$=!k z6@|Z#GbheyLv1sCZ9auqs;}9*ikkICbC1#bgh8nCcg{YYpvUsx*J?Il$Wz{A!*iB9 zp?Y;C8~+9bdD9rZX$E7XV>u=t$ztbfP;PlkYHj3VCi;F3Zz1g?4h8lS1N2GgmAi7JnN_EKLtdU{;S+HYTV@E zsvM@@xVJd=l+yI!RbQ*)dB3!n`QV1nStFWyxSt)+ev<4bZQU$TXey5j0CjdyOCEF| zlLjbWZgw=x$z4g~C5uafk(ZVo$?zlZYrpfv;ddzbcu|I5s?E`!Q%QCDG(!V79K7ED z@~7No&*W1-Ogyw4e6;y#_mOkMDOfQK!F6!~K{5dC1TBruE>YLYqj>P>C4zL@yuz;m zI~>(ODt5VXQYNs{X=~u&lmE}&zqLa(E1!oNKMaQ4Wgjx(cI02bR(`ZSR<_W2bq#7B zF3}C{>Xdr^L}d0i)U>;~?7CX8ox^>*udU6m$;(JJe8w%$FEc^26E|>y?_=HQGBg=d z_4iNIrBv!g=BX#7`}^+$&F_Q*Qv9h=jS1=&U1}O76wue@0mJt7p%B86xeKIkkz?JRk$TD7#cI0lR z_|@WCc(2rph}3qckVd`9lXP=hlxJmqW7MO;13Q5>k=YW5Cx_L7qtXW^0E=^@)gcxp z-mN1ux9U@4yT@`T&24kucH{Nnth!9cAgo{r=@A^Y>b|*TH1TV-v|qfex;WQ32^19dz1Va?sK(KGLD-@NbHjRO-_rSYsKP4)2Lr zho>|WJQ1(dlu0}ZO$Ci&d# zBTdftEw|Fro;VcI>&jX;KUWrQh*MqJJRJ0t712FVnwb?7cx9YrkXPk499O41T_n5w zSws9*2U_`a1gS2|zx55HH*;VGu@dIh(`21jo!qu+7_K%gO%JkT@zWxbf zdZhiuYg&T|m2{@7!1wIUdnf6UYmX_zPxR+{+V$g7EMH;J-=1ieEAEWQ%*`E92g|yC z6bUl0o|KC+{^ySdm9q%z=V#k{f|!SnYW+1ypV$Cdy@*YC4nBP}tg(Y$IzRBl&Ct`YZ(enIB2 z(3!MPvAvY=ZDVgKV|M|o9gv6)1@IWwq}$BYa70uxB_c9QO|NRo`FG`Nu01LqKxQ`B zU`0)#9)dF%ocMJISZgVOog3uhvDBSYy{7~Gx~JFwSu^fulU>|^Z)dFGC%@gx-MIPy zuE;6p#ezE&(Z9lp^NqyVg;9PCQ)hp9&0hZvJDLUF@ElA^l-M|CYC4-qAXT#WE{Et< zw@iCH%TXwhbYSsZo$_AT{XP&p23+7)yVXkU`=sEvreX{r_@Vb*~Y`m^W~xxJD;n&wj*Z_7C2`2JIkXDQ%uIBFO6Rb zPIx4}X>dM3GC2+Qz@|lNu}{PuJ}5;i^3K){bv#5SN~rgl4!xujn~XP>?uxQ2q1k)L zFwMqih2xOdisYIhr4!7;_K@p#`PIuvEU`0zWY3~f3|{s z|2mAqI85c;-6pymZZxG^3JA9X7C2sNC=iRxz^o9mPS&h-`~a%^NcviuwBq6hB;yUM+I-c5U8zDc|Q=ieR^yAp!K%>|7+6^T2Dl)k8AI7 zsOs&2C3*Zizv&7UNNKT1$sqXLw42YOC)3~oE3utTe9R3f%7l}FRqC;Vfu#MmA|Imd zgsuGrWw%?1d%4c9+W7dgYNb@8IbYWH8ifOXek`i%%H>(0s2tLai99@Cjb zpP>Wf<&T7+;AfbarsJ=slTwl%+acR$9(rAAWMj%qCPL){MeuUBgZHbZsWJ8?aOM*2 zAEyhkmM+sLrZ3pHBa&E{%NC7ETbDF$vGfDrC=nEjchcT*;kw_9H>kEV5IK!Zp8u?i zDv3Ma;J0+ms@{Hz?NJQnZ@70ZZZsLiz1IJgn2gXkxddCTFj#cgbgh;}EWk`YSYA&F z=QAGN?6v;3_|oxGN**k#<9i;wu8S7??77Z|#mygkXslfsp%Jbl%vZ~nIahX~u@lE? zRmRjA>b4%rhUfRm9&94#@Vs{ZoJdU$Yrh!Ror6D8ePX&&r@D0J)JGM`b2K$>;G?PJ zn=Ml$QjeTh=3x|@!9XU;uFtq6uUBu60QMpl#;lBNu>uyX-X?Z?o7UEyzY2BT z$LJ+cx|mS6ly)ky?Z_ZEC$-gTctzLX%Zoe2vL%`)JKHs8Uedyq4kU=v#c4$*piUe} z59OUx?jQynh%HFpt1*2uV_7(h!i4C~q!LL63^54dIH)lBT_c_++@2DwAawlP6v?ay zxHzuhs-%tET*7WY!Z*k-)BlKi=JAQu&_(eJ-nICtqQ0&pkR<3(N4_d9DceL1>E~wJn7a>3{S4#L!`ALs_;}Rx=|#mT*KN;6U&*~6d3oSa zR{n09+r?CS=WN39$jNxmnkY<6VzMwUr@eUon>8%4uFg@Y_*^R0XKpP}{`2_)6HBLW z$}IS@cQ`cTd8u^^e0|jFOBe*QjQ{&Yef%qx_D~SOLxY*3=>qz8Un3%i{dE z5F6CSc-hQj;0a2C<(O*(-BVpQ)*f&Eajufx$xAiE%HyDi?*c(&)^fD7_k!>=I)!SL zx;WJr#Wb!efR{Y~F!QMN)tU|$Q-(8&+E_^vtS@64EK!(h;3LR!mFUpoyV_kHoXu@z zP=FZ4W}Qrl4twv`grx06=Gc`f8JCs4UTH<&br27rAbiu_-1CA#TcVQMNz@`q$Vju3 zFY=g&6dK0!A{6P!;k<>p9F&L8F>3yTu9De#*82oL%Gkid?AGY;$*8W~zRyj9^2MbU zj`{#})Bbk>gKN;FVs{vcUnY|UGi%$7KPJ?Ke=l{%{Lt~R_Y5@3edbcmu}DRZcEz?R#)I(e-%-K}&) zd3j{iqSM$P**6rQOG}K;Y+^p~{e+UtXw0>w74Mxr8Y(U^OmM(9_Unsyay-Xg2$v;* zk7vds^q)4;5M=;g+r`LVKjP1{_O$+$5_i5+n9D$K%CkX7ciqSNgHi_Ur_9%U=~Cp=HoFO zpK>Lh@wmwGq}s2J*G(t?>O85Ou+ea@sruJ1+@+K zk7NHMH_vO;oeL664g2p&;D*O91a~}P?T5c^fSnmZf%E?P85lkG&MlwHIg$U zGmcB~yP36cYswoL*^D;Dp4Xe z$6@@QJ<4`XEs+_vl;gotY(4bIHDRkgqg4D8>4PLbc%10kVLExXkp08}i9-qZsgQSP z7s*iO8ZExOL6paGR$fe3PJ}CIT@w$59Q{H^wY20v4rYj?+r<|26L8x3uqTXy?hwU6 zdfR&PMmv-~pQn?1?npSi(h{q^xT*+Yoe@(sxeT>zN>(}5ExdVAyF&&iao%oOt!z1& zo8*+SkOki!481w@t3-jji$#Q@K)J=i0Ur&%a++zah`CwMhmYu|vKISy$;DR7Rr)J? zHYW$`h?50XWVB+yX5FjC1%sxw8wOtF%(PF2wYdJ56(lWx82niI<6-$vT7F`OS442@ zZpo!@qSV{^4a=>TDHhFq2hJHuV}Z#=;uQ{)ZDR>;j~qOe#eL67STH3G2FtEnp~3;X zWDar6Zp#KGDr80MuLN8WKx&0bG0)VGLxYsHfh~UX^FLbBBa23$rDC7!dLk`}kG=0* z1I-E^d1&i`Z)1B@4LeHJ^uzOE(2NE zXT^gNQ`^2<3p-VzDSb$j`Efz6^$Kkoy1Lmhl19JnBSz>4sxgoBlyQx z`FRabm?fPLzl|jfX)#qE{c1l~v?Fii}#GFD~HN zcABP`ctbXlf`n?zlT?SkX8B3rWIIxsDQj8r!9bl_&5Lxu8EwNRE`GLk5d5JNe`V zy6L;SX7CEwI+dvfY`DV#KxUWCmg5iVS1#V$Zq0rA{m*HqXemt3GL=JMw9Dq|)t{8OOlm;68-v+Gtztj~v zt7mzFvT-;)I(?^ncf6CLkGsqRbitkLj?ruCr&Hg5ebTibp*xvgYc;be=;`=67op_k z6rq#*qFvmr?`SGKWik)VpH4~}>B+o#9IJP5gQ&zJ-Fs0WkBssj5L84*!XXaG;aX?P z`$1}4TBgIHer)((j=eR9t4P!B>LELdJ~tlB1G;JZTnNMg+ok06+>l!j3)**R_AfP` z_C3OB67jbmQ>XJOl^{tm{v(!!2bwV{h|3i3F%vhgjk@a(Csq0|!%5jrP2%VUm;Iw=!pQZp84!?lEq`qY%U-S_X0 zOHudsL|`?8$ta=jyJ_}62KD6UhrxDG{s+MK^9}BO!xM59chZvz4MK8VBL*}AS#gz+LWG){yI7iQVoKI-T-WVB%bXCH3K3ybu$J~-p%XZ z-iT{D(B}nE?2U+IG-11@k|>qZU%Zg~d7!m3LTXqfn~Uck68+1*$+gQ%srSwo)1wX8Z^u)}MP z)}iNlpAx3o0=A6POs`%A*oDd}-rZ%zolV$#^!W6}r$VT(_e$y;Y)u)q`DP1p1Av#2 zTi}PX1&?woa~iK%QgulxfSdr4NuNQ)aer>Xjk`#srThEo)PPOD;~K?}!f()XjM%2YMpo=lt4^r8(fnv|2}d8{1LNAiv!TnrRU8fgDeP6F@~Dg^`(sVC-+n>7W-?0o5vIB3xyr)Jcs zG-R72+87Ekhb^!ojE~ig?9^seM6C8m=!Cc{;Bd&B3-X<$`WM^w`KMm-M^CEH{w-Hk zMWs9K(5t+C`G%-ovF@;5=3(kC)H2M3WsZ~Ie+^AcZCd-h)Az9xj_;~056DWxMPlbK z`TV>!&d$5h)uJ8g4$Iu&V2v*~5YG=zJ$>xzFp#NneWm!~Dl`%IYEyB#(|$WL1q zp?40o{n|JtCMlY<#%pmNJ7}PtG9M76O703v51FpPebXG?k_ED&Q~9ShF6*Mqxgn53 zoK{__Q{O`o_RQ{KVr_|P@%@kKEcAOwMoO_2=F``F+sR%;*FdW;DaF&f zlV}65?s-|ceG}Qc_C^}!>Aw@$%m${aSxp+liT7)0)k_>iLW24Ir4}MOp=GI3bGYEN z=t|lW;~kV`FurpCLp;X~Hd;Z34Za)G{mx@7;*;1N2j|F9St%A%)<4z&5otF?AF%GY z6;>PM(L^h`7*c8*H-VcJqW6{~A-haHjogGL-aUP9=sf1bwPmzk)k2Ks7%w!Np0+Jr z)M%M1OV#t97wXIGx18BbY~C#r@x-0~Mf$*om7e{i95Urn5QketCu;dXxg~s?iT?6% zr=-xXMzaP6ii)m0_iyG~ojoY_eD}1?&p>Y|fQgCTZN$5vn3V-LbU;F~HS^vQzt{1- zkg~xO$8ofqX>437lmaOn_XN0#IJP6QA8S5JYb0Y9XifpPHBhQk08i*v@H|C0EkI04 zy$^Jv0JLVc`CiktzgtO4G=F=p1W3$lDq1O$zu$6RG0qj(byOqPV1DDVziUs+h+IX< zSSCB)$*|QO2AX2!2UBa8ac9uOnyv&g4`liTOE;}>(Js?ZQC;QLiwIADuZBMV!I2 zljX|(^reL6qhISAn(4r7R~B(D*S+0i0DUEp^~Sa;K3sg4Wx`z^d@NH`;M3#}pGT3( zM6TlO+$L0KNTs`5Do>i#j-KS;HbW%jGWHH=%M1>`L2(`5qsXjheWcd%6s3HNw=TBy{x5|j{T|(u9Bv-}jjq*95?}D4p0oqca<<4qDL>e+HEjcP38^NfA*&jrq3Sns zoGAwSegbnW%_;|{4yAk4`NNQQF4a5vb?J>5dJybbHYI-ciKOv%5+Z+P;nUIN>_;HK ztn0zAUr_v1&&p|2*#X9(Ww_zR7JN&l1TsEW>=fW%ScrKR<;KrcEMYTNxvKx>? zkP+f^V+)o-R*8OKXx;LUhI`#VBQ0%XBGXU%xa*SqDy{$BsO~oe0FZ_aIt|WqhY7M$ zjYFrE?N$AdSRWPcfq{(Lc2SF(gS4VwbItlA$fxFMO+~#{*S%O`} z^gt2*42wy8?>XBT;Sdeak8{b-Irj4W-DajPCIiO`$>~BdHc?wmV^D~V1S2%V*ZQ!0 zZHf=4rHYl|g9gb`+g;rJOBb_ws&~;L9hAft;CYjaVxiAPg+=g=z$M?cZh1KCa)(%E zdG)0GU{RKTyucoi)!W94d2G1nL(xUX&s{$>L`PwXZ`nt?V=qwCDO-%tS4D_q6m;Ep z;ic{0!;SX3>cBg5E8}3LXaPEgQO;)I8PDjsxg%W1(UP3Sb_nWNlIMlOpsvj9EdG<`J=tqfYOx*D+iN$hB+B{ zXXd2LI1+(Px^_GWYRs;1)@;_637sr&s6uZ3eRMq51xtzK>}RZee)4TDG^&N~pm`H_ zkLzGk+|M^r)I|x&cw!RRX=UhB=(QZS-Q|4pBEt|UY!U&}L1gy>KdZ+dw{cZXdaWW* z?xk}N!UlQl*1Ua7b#kgOc*mYuh>ah^eLb$qH4Zpf=U{Im{pQr1^0|L#r@xXVmY`a& zR%eGX;kr2rzZ$<%wTi8e^+vBQ%)Xbox$Inw7XS7?-vwCzvQKWl3KT)g4JvDEIE!2r z*LkF@TJlVR>n03&@~lI>4jCjYWiG0;4F`1hwUiGnFKPw-R1eirUtCbzXRc4w9^Y}E zcp`R8KZR5%s{2!a{K>h`2mz0&UaZDse)<|3`^rCPN7cwu zw{)1r`An_0Y`@IA!>v`*u9Caf!`K*mH0D@q>QH7-5tjbGC`JCEIp1yt;D>M41N-|rg zty4H3VcDkH-w=LhtMAm0^Z++`S*;^BeS(mje!0^}zVjY9L{BF>QEZ@d&RbK-2&@pq z>-;$zL9EoFc)6Gz=bL9Iqt)h?nnaiNgAEYv^Fc$d>l4v90g{LJh}@|wxK|H=WL=ic zn;M=oqnko=0cM<dsd`RsK0X&*i8>|3F(IvF`F#3Ka+E56q{nmYdMf(w}Ya|4ko#CTGl#~~U)XU18g?Sw{?2JDV88Aq%F~g^>cj!)jZ~AeDZ1^VXAFCbM zp!i+~3JEu%pnUZ_Tg6K5vgCkOx8pAbNIj!nM4UH?X4;XX#=arVb=|h6%gtS~9Gqbw z)++tN$Hh@azIF58ws%I~z7+mV9uLuj?$T1HHa34PkkcL^-P`Jne)N#yA$*lH6*r?} zFnV(loh&k$nfT+O#t39@d(&6Dz|`Ho&<8Uu$i96q%Rn17SfT_?ZU*G!E9sea`X8_c zI*=tWpZ@B-*#xof@N9#jbJ_a}(2~&e?XV5tpzwol?Q!JHB$~DOn)F=7f`r_DrRpw) zq6>G5lONMD$sR1o!yjsgBXY3iAV+;@Q+e7;XXKu-9SRSGFXQ`(9xmQ%i-~$HGxRv% z5}Jw&Z-mx(iuHAqnXGzF%$4oBhyJZ@uHNk;ce&xp&Jqt{N_hiJ{ldh!AS*-Wnm;Kp z^HCaZ++{+@-<8A$kk6QZNPE4W#K}G&do`JD?a4{iqYv=hQra7RkhZ7iM_ws2jxCKX z-#04_kEsnsfY$ZaJo5U4@@fxV_aYnah+zNG{eUL%Y}W7xecDW`?Aco^0uX)uSmW^Z zOF4>bJX#Lpz~>rp`c=VTMLm^IGCI8Pq>h>)4_#E#VJSj{ZG|2fd_g5T$ce269 z$&lZgR8N}&*0<8+(jkp~VWN>Rjf57T@l`$3?I)sHcHJFt!qP8KQsEsO?3$gm7g57C zga+;3HBY|LG_*X+=2+=^6umwGzGDseYSirD{KTnxp(bA0;Mwu#5See>>A3N>7w>!5!=4lzNuv#hSNfFCtV z-4e$~^k4b9Ma;@y59tw#$Z)2(3!-prNvzR1s)b(VxlP$CZB0MS{cF|g-fqA6JHq(2 z(m!jbqHx@|a0$@^y05?Ay_L~;r?FqHJNZVRevOj>%Z`JOif5Oq^JFkbWwq1|0F%uQ zyA2$*iz6fnLy5j?uUW4E{c_BG_4(++pHbdL9U_uXFoF4GJ?h3+ddds+(m?y{`d^>+O&5Rbc0FFI`{Bp z$ya~nyol`z?&d5N_kYbQy`7__azLC$vCht@&()HHH&S^ARw@|zDAVC)1^pV&`&f8- z9no!+5>NS?oy7B16`v|?<6J&l6|d%q&4iU7ZJFQa>m8|{1o^V41N!0uwN;^0DQE{O zgxh1&K7k`3)=slP4j8ZE#`uvfrs2bY-~f|M6kac{qh0B}OzF7x2a6b${U48`KX6h$ zrthB{o?ggL9G|42ZTR?hQhA0ZFxt@;@>`p?0a5=@QMIjM_PMe-W6+@!^*r#Z^oL^N z>gDA=e?xG?SIr-=7s`ue>rKZo^*xZ9=KqVmw+w2#``SjiOMy~KDbV7S60EqpwglJW z9^3=P9ZHJ?FYZv>-HL@4cXxLuxCP0{-9GdK(F`vVy?_<{2{dPONy5o>|GJE0*#~%&Ys=d4Ex7| zgiT)VuW%cCse$PJ-s4XJ#%79m0AYJy%U0T+QV==cp$c$wp3tG%;5?C~bkXl5*L|8) zt^kLegOGK`e?oGT8b5_QNKmM5uXo617h0dHCpjOfn6U^U${HN%7w>{EkbJwj+!%`wyxM#l@FI6w58Pptn`RSX7$w#_$jD-wJ$C*I9ghUENS#U#f^#J9qti z1p=!G`>8=v!>6_>5B#wHtlPOs2T^vK94&s#Sl+Ee%NismBB7)2Md8;-VqjkkC094T?fh0 zQrtIi0SybHPSLpT(=dnYI~GUx>51t6p)w#0NNtAUCH~Y=Qc*8G1Kw-Uia4G=H|QL6E52SX48!okO^~`(o*2@IG{P26cD^`JSjy;E~$DA|b zeg@=1R@~;dBn>oO_oOeJ0h%V4p3GhrQoyqh95N46YOPl_p(O^*_xRte67CYuyKygT z>s@0_4{K0$`?kW<27#vIt~R}=bHC~6O-&w3^;^Py-+7xWynnfC2ZlByO6m(u)LQzj zK3kWsO%aiyGcmq2gD`#dSgyV6s23g3ms3sqD$%MbyP)aq$VfBiR5AWrW9)a8fu;$@ z0w+sYo9LG6l2w`eJ6jk%qP|3#rIGLEbyY8X?>hg;f(?D&RrF5FW}o}&+v|p`9E7`t zZ^e{GYVG}-^M^@imtqMkmE>gSrJ2iCKM~h-Ve_hwj&1S1^G6{W2h8R%{Mbu}2^=Er z8Is_JkQ>I1moUzdYN%u51D#8O?x4O9?kB<-(r(euBM^r)0lqI^iKz^GO`G36cYQQW zFuz^SpUBt%#ASDJrW>eewW7Oz$C8=x6};SZK`)h+J-lm6wHJsjis`fs{f=woXjN(d>}EVT9B*S9NwFU(#;eOhxS!R%N#kubj2tm=AK z(;KJM3?fYc^|i>pwoDCq?NGFLt}{7Rcc~ulad-CIyh6LJeWiM(n0{xKFb@_sT`=@X z8Y2Cm4W}H?9aHk6EgUNWkGm2P1%;P^B~#v$*N<)7TG3WkGnxIsafoZW3eFbSjhJQ$ zs)Jr3BaK0?m&|FUnDj+^6lP-(zpMIjE2ceT>Tw3`hIrHFuZ)uGb0*#&3d%^{j@+|9 zW?B#fjL}`ka)vo*Vt#u3T#&XsoFsx6@g0HjZ*`SSsDAl&T4R})%P2i3gR<6jMWw`F zn(!LI$SUrS)m*~#xr*~oITPN$mCtVWYC#IQB83e}(^sz4NX;Zr%4I;?;KpKlwFY(s z&D$Q1C=rJX;f(H(?pK$K8!`;UyIt!FcVX_0j-_e6&PR69!0$r)oqSJNcUaxRNDm_X zSa^MX>Rr6bPbRn;(=5{pYOPBS{Rh^)E_y+?EOoB8J?Ini4eL)AI2WsV%*~BUncN8Y zUv0djc>X5ILZa0L4#Pl~tn#g9*KdOThA29HLX=5g`1}&9hWc07&;o_-gXVLbZ(nj& zm;Uo)Z?;G!WuL}dV}Wa@wA_38SI))|Tzu%TUtRo@)(j4~t&h7xZ{yVLMC+gE{N3)j z8dNVa`aARBK~paLfoED13wy1w58*@Gv$p0+Ya!FvGu=K-V~n3*(v#lO-h^afDw1T#F&;41@t8gQ_Bj z0?=N1ZSz(Vq|!5i)U~WGn;w`CBO_uAadF2cmFK$Kc=8Axyq3J)o|1h|s1fPp-G{(g zh}=#PLE}v7Qs`~B0^1WwWb=L3Anw*l%$lvY^ z9v8zZm#qPS58K}+dJmj|CK@6qKaN$6=O2w0WZY&DvWZXS$RXheE0gyf_Kc>4rDxXK z#tfxD@4%PolS}E%guQK1KAni%w~n_LyEom|b;`IVHnWBlIZg2HO2Lip?yso9SU1FS zD;{$d2rO!XFvx_q9{%nNG8w(x2SmI}!du~(xm|(=2cG~71nRa#cqVW5PyPK;{tO zb?8V@7!*FXWJkJaBneK9bU3e`%DTp}DzQH#b)I)E>jHN63h4u5g*JiCx;|xX=)4EI z^1$%Kk@u>?sUeW?h7^1JXemq6FYP{0Y<9iV1nY649<){@Fh}@t3x@f%^QizK4T(t* zyXmD}K^u3MBLzT={8>U|^*(#?h3U`YSWtX3%X~GhSgKq5y3yV6cBFre?n==XQBev0 z0gN`UetUtyN=Jt0w^{AN(-=(0s-irHLbzeDg459x32 z=Den(`RNzSZbah{TZ}u9AFzzpTyU2=Canh zNv8b*WNLkTfSQ+DYmUtim+AF5n=RVD3mihOVGF38^GP(HN{z@?QvK)M0oOLg1;#{n zRIl-SaF>t87N^m-K#kqDX*UYd*~43khz!KoO)ACUwRNrP<3{(RkyP|)Y=qV13F@&5 zOyl8)@WpCQ7gYpPm~+s~M5=1Bl*qjB4Np4b)Z&|DL)fUueo6yj@!fk0tR=nRv#IL;3?ZF>l zO98nHzTzDkAonB_8+Bv-)}S7d(GD<4&sg|AcK!B{)V=|^cv{zP7kJ)WrZ8Q(QcPG% zq+*RMDc%}chOuC;^zy;6ms#wg=N43VFpo``P z1@5^rJ`eYcJ9i7{w=xaQ-r1tg5*_rBrVJKldjNp`t~9q{eSXx+cKlSIN69+aLYR1b znbgx(a)8(IrHG@He|Wm=cIfZpuq)W3QxN047ekqNXA5*UQQE6b(VlTfiWzA|9GIp0 z{+wVi{z!i(nPNoa-cVV)FH5T9^5xRg!*d)15p7H8qP)nXK~DZ!g+>X@^EUr?$@YT_ zZpt(v3$-3>a3q+N*gm!Bc)9({0;Y4s>>4v31}Ut$I6=~ZA@X@OUn0e4(%ZmAZp9te zS{trlMVz`kRL1K@02`T2)4qN$-h=Yk^$x|?yG6k3x?Ff}>PQl>?!r4sqWI3K&Nsb? z@zHi5as-PMTL|~Gp@Mtah}sV4g^x+^V$soRIFDbz?3a^wV^jB~>#5z)qGwS@3s-%C zYZb~nj~R6~1HW4Yn3aGn^+k$uDw>1|5Hq5h$NcWz)9^5POY0&q2j1!Y{$cDCHEnDC z`ETQ3o+`Z_27tlmiPvfTEB*M<<&=m)GnF8WxwoMv&GYkEQcia8t}dZt;#%*j27#Th zc7I0F?RtiS(pb86UDmW_Z>hILo2NuuI!m$bU!M7W693?8MyJ$ibKrP3nf(J`sSsMO%+LxaxgWn3yo`=@p_-6Q}CdsT}p_VPV6Fk=r z>Ma#XR8@92Ndw9Q8-{m4@0s~re$G;xK?Eju80{my3%-_-kw_v~b#A=%;#8#dj*?3` zP^&@%&szhWcY<>=%?R~+2ObYkR$$+it3E@&lABHC9Fv;p8<@jx2}l_)(~stH5if+I zt2nML%j6c%2wU$7nKP%8ooatHB34t1&*dg10UT;u@myH(S*luRFH-MH*Y5Y$%}rKz zE1dE?qZ*w`Ux*nJ*FftOEH*vPLQ~eJ4bIdJa{M9T%x0NK53Ao=Qac$w`k>7`AAZmu zz+cgJX{wyxW=3;)+!G*IGPM;r*B2HhB^tfPCPW)fH)k2?v(LE5u3MwLRz!S8yp7PV z?0uNvMnx=t*8VlxY7-QjBhQuhotClZmBr%c%A?WiqXE&WOsF}*do+>fR%e^+ol6SB zv%aN;HV?rK*;n;Y-uXD4NL69-X0B@tx|{P)kxu1pIqT%@#!K~>*kR)pBez->DZG@7 zSHyc=)5%`V^5=`9`+kd)V@j|eMZ5{;z{v@%T)`!zKhENUV2WR?OT(BnP&mb0HQgaR zYVebY>KUHHar)1RUi?#UBUoATaf8ppZiAD%Nq+(QQt9dO`yNYYZ-i)0UB1=D!oYDV zM4qGr7Ph4NEgc=*ab+RXX7U6mX@_W_O*wo`Nplusr*=gqFrBb8=w{VuLMMQgmmUAl zOKRc?o$`gxr6tNHu<>N*u=PqAd8&}x$%3cS)FLUDM`6#nN5b8deug@6EQ`5(QxZEp z}9ex)0VJYGEU35;lAe>xm-0-wX5=;90UND{`1%ap z{ufI)dt^2+t>^)S_1q0w4D7ebeAmQea(j{I2JBct-&;wuMx@npRhM^ePZRHPRQutL zNt8^_(Fiw>2-``=l|PZ-j7|8y7g)Ba=#zz=8mWq71c}mG#b$l+TBTvU<~hp<)SJaF zo~}6xGli}#X`O^;ZjYw#K^#O3r~PfsbbOok zALiE*xCsDn)ZLMcX^9T3VCWWPPSW!yDQ4J?*ljmE=O5ye)5*jM#nN#2`D7pclx}fb z(;~Td-9@)&6NV=rTh>e&#N_q~_b6Fo)d>TIBesq{wYA>5`rt&rv!eCNlWqoqX|v1C zAA**c+xWerAicfh15>_&_tYoJ^x9(GOO28WD_@TET4k@~W5)ekkl-Kk+{|O1bVZ89 zL(hD@rZX0GcvR(%>}4wpAogl_LEB9MZ(Mjjf>RgGDwIo=LkFj5h!(JZtf_ZEOk^(_ zG`Qq4Z->7k?&IWhK$h=`O_2g1+dAv(rXd^IyFgE0HryOC<*7Ts77*^47&=2&JY8I6 z6I(9i-MvWn%osF}Ra{8S(A4CqQjL4~zyV71s15Kkl1XDVnIwguO%i)#V><149mqP? zFxnqnr0=h*@?*2q>@aF)Uwy^T)OQJ!OQYh%$(?Z$qF)~$M|_WN5*Bvx@I5G%g{<1@=sT(G5LTm`k%rkxL4|dX$ahp7!G8r_suXw(DmyX|7 z&wV|(ray;Xlk5<4hu+#m>)nZ8Q)(~08=y+(b|gTNT)W(DNEVHVnN+u^Ig7Lv@dyr3 zJfnBwVfJ%yfBN2A#3+yUU~p`SMrU~Nnf~jMu5!?!0x-1l)yP1g*K%2MD+4nN<)+wh z)(}m&bBv?Wx=mJMqRa&CM^4I#p2diGVR5WhYuKsP8>^YdeUNcxX(nQ)x=SJ8aVm!1MX zJjW^$c8bJQ&Z;ey)GRQGgDR>LJ)*rSy-{xkb@}p&GSJ&{;i6(z{?rFs<;8vK4`r{Q~_`RW}i&;pZC;)A}6(Xgg@w~Pog z6N~wnts4Md7rJ(6%-1w{CF`x^ZsrS>NY~`A-P$e)UeHMgFmV8 zB0Y!C4}Q*E=Ur3=8X$A<3@^XjG2|Za#KIJFE20PkjT)yL!5R-&F|&EUw6kdep4BV?`?`aZRjC zX;I5QcjfareLT(f>id9WH(_BrPWpC3(F&pLOP3dvw$uaG+in8Gv;ea6?+ftfAEtu1 zxi?uzn_ZJ_k4wkwl%JwS#S#)@xeSZ=T&nWf$1TbCZ9$b@(N>(xzLnj*dU(0d;VKx0 z-V7uI5JV`!fz7)^&BJ&-KeSo;WbJrytJ+su*HRom3hoR|vz!xI5I4V@e)xuh0XQw7 z7pA8Z*uL*MVsSh<#e+!`i}pJWQ|ULKTY!%*+bq2i9JPZ!2`y&vW(2L*H|!#uc}8y< zEZ%OAdIbMiJxvZn&wp~}D4VbcQf$+=IE?oaKHnoL!okID-p9W7qO09&P65$jPz3Hy zL~KxL0g7&N;xZbPb`#oG#w1>f7<^r!iBcjttYCKq?R4|WF~P`np(8=N0-Qla7>#kn z4oZ{!zm5)z>#;#gXZN*I??_X>zgr<)l{TG+-fdH$!`yO@?G))8GxwIOw}}tT{{7e6 zR#kF8K6ew;8OHCGxHYtC5#-*m+Gh2YgG27pg%ykPL$^zCQClnYLnm<1`N1;%y^sA} z&2PuJv0i^=U-oeZL5oePpf0~Q#b zTTIcTpIBUw*rTP%$U;FALF-&OrDH;bej0Kp4yEhe6hD{V%UQ4Zu1~-AsSs046UbXSdAyX2M2aU(X$(SfPYn1Q^Ne-w>WG53t&Gk;AS8*O zvgBBJZLw8+WxqhtRojpsw^r?JuX}k?70ih!>jAzLk^Q70yYhN*BW5MZP+;p^PHSI|e%)>|vzl-4TTIJ7 zrs;MlR*9=qTo(t*_Q_r^*te~u2`d@kF|tjqs8?->qzJY6L9i=bZflvx;ei;S+b+Mi zB@}#gQ1?4LTn`%C=fwv}NL%e{j9kh5HEhmb^Gm~#pQZ%xpOTnO&7shr{x$*K{rfL# zpeHpASi!|q-fL4njQ8Eat<@m|LxanRR{sF}*EO1L3A-J5#2x*0iT~jRC>}@|A~QQ$ zHe#;})NH>a&88-pK@I;-gNH;%0053j5Ch{*``fJ{ToeRJ_r;aSm8uMi=u7dnM|}%D z&_Ydn|9MQCyG!u6NOP|T&AqGmWXG}x7NRg{aR|e{+te1~UK<7n5+~-RigkBu@xpQDeO>{Q?QU9yn->m4L_UtogMHF82$D z{)6)9a?*2E-$Lh9p~Kyu=8AHngd>cM4^$$ruu&ryUfO)qx|c}ufEWFa{)6*9KKP0$ zsuTLixX0-=(M|9;>arV0tG)nUmwD&tJ?*skb@a50GcZadlK|zHXioWl;6gO8nG&4W#$l-9U!@1i#^ZL5&>?LX9v1aFiLGU`DmwBr*8VSCVa) zdTX>IXeC9o!8?*e?V45xMnTDVn{Lz*;?<_Z!+zS6xrB@2Ye4h_`%f?n9!}I@7q1eW3AU%&e_(NTT zg2I-v?8k+A@&BnsVVLo`dAUFj=kJpKLh;7)FA)#QFP3+Isd!LOn!g~ooIlTDd#nhm z&^G%OvB5llN#7rx&lL<$y5bE~!~8J^atd_q zN|@(r#K~I^>XZ{o?qF)JGWb$V>@2^-Ht7%!4ii71Xt8pUsla|9g&qR)cXZJ?)u8=ZmLjXNZ;S8~)E zouyhF3+Xh~ES;4Jtws^cnd4aufy{nf1?GpVSl zUOd(7qkeZA=L?x9 zuwSYg=ovQk!pb_8j#X(sCIPNN{U)QxlJ0>2K&>%ZldfDrX(1!wb(UsH@b#tV5Qu;? zS)?M1MkU zT;0U{@Ma141q#wB68YQ&&sw3BvNRjrMq^@PW_+$|`Rz1akx5K5_kFs${iRues9Yyf zEpzN5OexFb;8B|ldDyvq9%AV|%eXL+C~vVK%jyP~2=b}|QmX-jdPx|HDTqEQ0QcoC zxxk8r0TAg;Qi6AO4EB{TUJ#GPeczElS~=)`R_di@lx`35&hS)Ce7r|`t1+~Tw@4nJ zxv5JA{(KePD@9NDZCK33ucW{#8W+ZdD}%c8wB~Y$RI;<+#Q{DZ168(eULAVd$$z=R zz4EYeshf5c*L(9jg9*1!Sf5DKtWr>}v!9Ot6fXE*8^vmmVS)IM3VqwEo6SN!?)afQ zxSBc;Uc6T=T2wn7i@iRDR-Ev%BO|UFI$~b)qmt4(@VM7m5>@JBRUrbO5f3-|cW-iu zB5Xd5^E=^z@g@XF#k0jf%#^~#hhL{mOI`OHNRShyoj?qawcQ?cG><+I6ZyC%-c3-m zzDDBIJ?0RAbUlH8;NK1B|sW@rLIU`!tp4Axa0c##h z1nwi_lUCsf{1~k)o%TVAng*~wud4uXtCD7VW{{Tfn$I)0=XqfGCwr2cUMp;BJS@xF zzGCD|AoP2Q8vVUrpxdMmQe){ha*o~M;)O|kj1Ahj`=-_UTlz^zr=HGmj_DZeaeaoOgr|W`ILyQdz3-(O>g5#4 zDqKS#qr$-o_E*v6OxM?U=acuHqgLztPo|hNAkvz#Ztt7t_c?!s63Z4dvrOUR65Gi3 z^Gg&S@3PlSrD=D?g>=tXGf?3=xOBZqiKgTd2TIoTc_sjTIbVC5eJDzRKxQ;d-wv15 z5Q{elD&m*O_0M|%)~9I9Qe-~-6GLbD>`&W&MYSt>eQC`fuz9@mgFjAF2u3@W9*=kt zY96)n3C(?5NFXRN<1`L#4U;B#C9tNqmRFvHD?`Itu0Q2^vk6s5OYU68E!ilj0fvEO z21V*bbH30S(=4CkQRPirzkeRCzv9W@bX-mbFkbwq*)@_dy8F=Zyo5iPS*8VkJLa}x z(Zv!=74Iwma6)I>^$+E;h2rtT_^Vif4%v)SzeD(KV=@Iaa|pkR<)5*t(CD1H;Bkg^ zgOGv#2SX`J+^X{asgfP{SJ8DrtMs5h{khqT*gHBxVv8BR>KUW>>Y#;#r$<aX&Ehg+0F?JRza}+f+fL8R1{*x0);1q9;Qc+4E28vX(3@d8Y{q+vZd+ z>~8##M?cPz-oq9~>bR>J&j~6P@{A!~fVRj?#-*P=T5yZHUV_;Yj^u9NgYKSTk`Bn~ zx&zh+B1>1)KOYnnE^dqx*eda>^oxG%_Z4q`(9lkvzj3xXuX(Hb=l|VF4tY_^9|sWk z4ttpT2k97^dpgI+a!7FJFK_)dv&1CJsQnl?#z*GkpS-G?H=;{$5to)GzKY7Rdne5f z9_^d$@VwuLIreNn7wieP-pmmD4mSN6s$Zg%g5*!YhaBW`kDeD?nTWeRu%G^Qc-W}t z%lKlr3}wh#c$1iVIZhIDmEK%j&D~FSql1#i+>$=Q6xDp5B<(8W<>4pBRK^#Z;+kb`CJ`7IQkuH$&HtwTCLdZ%M&A!{D_P z&1@lN+0lf1*iLN|^{x-ynJN$+vBTENta7oCJln_Q4zB5UPDrf;>Zx+#*YUedTx}WbPtb)@ zv!|-^w#M#iq-&Pau9FVGWyuP((!D;Emc!;u>tnH`9WQd^tWZQA#P!0=^dBoUke(4Y zDT}Bp$$;s+qdsXb#uR#iG+i_Hv{{?S>Li(P0Ii2tHU;h{o7QtTb^UUXw+0taeY z8Ko@LL4{QzIDTeM*8A`sSejtM$cUeroKF9|71-izYPv^|6Bu!s@;wjPjU&CCije_U znyo|nAnU0i=;cr`$x>V;%BK~&M937oZ}>v{=49@xZAvd)zqOMp5^dwNe;Y#|E&uy; zP&QHvP!3%rs}k|(sK2=Bi`W@{5#i{DiG6Oz0v+YmOS5NUq-%Qy0{-2-5M+m3C>n`N zmG`{?0Z)~F>MXDFAIyw|$Jk2SXd4A{v}e*7KeVGZu44^Ns}Pei>~}t%dj|r!L=NMR z_T=(wz5u3V>xfRSRBC@e zd<{xwrUXoPXi{=J*PnYkf$;^IJC%UIQh-or7$u zY@;#Kjw^D4AP7-CE0iR>I$R-;e`lDN1Y!o^-E~L9bx70R6kr3_Dfi;xo|0LN^QO(} z2`Yb2evMuuA=y#2j$80`>{qgV$yMHUL-ZhU#DR(j59z2+pg@wwtNR{5X8v=}{73wd zkbrf6S+>q+=#Ou?BTWOTihC5XFndM3pn-TpW?N}1)(1sJ#}im5MQspM)`tND0WK7qLry%<5`U2%Y;CFUTMVk z>NDYCeI+cQK@%}*GtwVE=uycoq zseM>y0tRHpAx-+dxz)v9&FmiQQ)LZpb!HGVrp%=`$=?L1Uor!br~g$73&p)I9%-&^ zQzh@FSodL+;(Zsr^HfcEo#{8{MA>4R4_PpAxo%NH>Js(%1F8Ji3g?LPiQL)7JyElZh8 zIPh>aHTAOC@o{g5luzQ(@^kyuTg#TPLTJEguJb8 zkU;)MP=7mmBt#mdsy6W6!dk76#_!QJ_Cm%110OQoyT`n)ddx$xQ3gfP>8vhatI`+g{KwA$JFygE2o z3AWIgEOSU+CEzO{S9=rRd8m5F`P>~D)FsTyt^y}|V^JU_<>7PImGGjfb4t+oG#fI_ zT7A7;rlcL?etDjA3>^v8r@Xt3MEEW2^W=)a0R`QfD>zL?hLuJt&I`ep69P&NT<$Ed9+}Mnc=8!-j)9_b zIE%gRU)(xhIDGQwGY`VTwNkg>xMa_QvbYocfr3^E?d0w4kMY6R7bRx_8HMoq{PJtW zHDc@HT2h88E_?yLf{@xiy5Ds9=J%;-UHn-8rH6%n@5W-wpRxXunT(XZ1P{TAMa1~7 zl?K8AGaFR-5tN?3LQM7svP<}Ht<}u1^edF>qW(7cZCmCvwihKEZuI2RUOdA7^rDa+ zVY##liiBT4eQ0Pa3iA$jymY-z|H3Wzj&m+3@<7S-y}KyZLe~0PHDsiMQLJ@gMRHS$)CR(bv3;8sAo$X{-06qGCU|GRj%|7|1V31^4R_dgv&ISkOhM$y~? z`S9NV;`Iu(#+nRr&B!_h6MFvJy(oEM&Uo!8x=*#BkcGw_G zHF9ml2Z!be1>eqTE3EngGWsnkU9&p798Gtv{_g5=f)X^LQ2%qMIM2t}TkST7e;au+ z(&3A`y5Dv`LXns;TDR=+IUb3vAj|I3F9v7c7`TRnTotku`MnE2`-^c+lpRmZ=xKw! zVRgbq(FW5qD@^^2<(&7Eb)KO>&IFhqATXu8wi>SCSbixon_*v*L#>@4tFBg#JYykA^W_!XewLx<4|EwRs&11^W9}H)` z`Ru3gA&`p&>|>~FqycLT670kadBe__Fz9L#(ssMrj=bpbx4#$liD@GF!&_LJ9NFx>Qj}c)hO%|S(vr@xxRQ#zBAT# zzI}?ZdB{#Ik4WR2jQgY%vwi%M9O@k0*5bDiL9?*Yso|QB2CZY_SPBhjYNs_E5B}u7?DepQO_p>(3(<;fCzw?2bltf^Yh*+xA+*9Wp#7Tf?RUzihtCb?y_1c7u%^tyLgX zJz3hu(yCrg@TM|B{0B+aFo+Sc_@#Q{6tV71@OOcob21-kN6Go&@VHATZ%tIfB4By` zBOr(i8~l49w%&G$ElMr8#(vl!w${u><-MjOjDxpYvh312^X7<{Sa9Zjt;cPi_`_KP zmeX^~M>rDA^x`l`2bUMx)!LGqlv##NGiUO;g=Vz?mu7yLt4G+$N}q@Ud*DG&mG!L< zY&XMa)jSefqlTF^0>`#Rrejy+R)TK1Fb489k+vvHX?Fvu-PU$pXgE^-iAZ}2cE$wzg(j1Zd#H1 z_@SbrgUn_pn3jkrBA(fb-lm`~y-)MJe*W>~{&;dqMP7D3LqByL_(q%GMQCYQ)U$YA z*!3>5HhoVHRmTzM_2OIKlCS_mpsEcHHJX;A2pOF091?GfEe^)O!I>gUZJHPVd7~zYPBnAvnrqg=SLwe zK$E(T%?Z}=UFzj?oahD(O`9?nYJlV>=_VZjK-btTCO{+h8!tL6QE=}9=LN|1e}HZ6 zEL)WsD2MW@+jw0`<}h(fG$n7f?96L+{iiVtf-z3w36Wm#P1-trXaTo4mzGGjaj|-M zObQ(U?6LR(KsGa2!b>=2(`k&iV$<9o$d}C* zC{jdoo?)FEhxF2n)$Q8+#~0uN&ECYsr=}iy5wx&q83=*QhTuB2aK~RBaUJ$Xdj2`p zf3>|sVlX~O#$jD_Qd`AEw#zdG#ei{5g~SJ$yt)kAR~0PEbz=IaCDc4%~7X&%E}+>;Z0Z71WHny z1-t)u)BQz|Af`*(91+Vq*58Pfa(HpSPIXqq)NTCN*^64s>qoRBG>QjkuE?+^KOjr` zJ@xPpx)?lMhodsu=w>Zyf~TyCa?icnv5uP3HY@}HE3&B@zwx-Y?f83faj8th(~3j` ze;ZN*j0277v}gO%LzbfwPQ~Or&c&NT%BbB-t2+T%G99N6|3obtQu_k|+ht7NwV|TV z$2#X&SyL5|4&2o^zP`1cUUE0Pm&8@ANJaNFqisq}p>PLv<3W;4AoIKOTJ(6(f}^^H zSS{k@z4{?9-L(BnT)$?ngPI(=)(1Q$4aXpVt@sHiYCKL+Tkc#Y@=ysLqW9n&EQ)Hb0d-d-N|9)9Ne)pWpf3Q|S$Rz?@=kdOG;8$^2WB4hS0E z6)hK{auo_ALE&s(auHAe-THikN}Vxl50rPBE4uK5y$qPN2rK!`HuGCS*W{=02|cGF zmt~Q7yqgKaCyHzlpsi%XmW{KjVBem%Jql&vur0Fz<9c-Z~inA>eym68`;jV zM$Ree$l-E|4>VTQFJK)iuPV-r1T5m$Il0T~*qkf`qO0)3CS9;~kh#JNpv|+V6;FiQ z2%}8{8l*k4cNye>rDwoTN2_Zh#x;Z#t3G?ry?n1RGEGag0LElw`dw~xc)F4^Il9g0 z=zMDC$Mm!-uNq#e@BLUc$_{NwQzfa02Ga(oDjw;z-QKt)K#05&ACD;Vc%~D#)b}Bf zR%JC$@Q;yJa7WWa%;ykkn@P9K7Fbgxyh$JgIRwdG)sf*T8OP)gv!e9-eY1ilYQ8fu z>Z(>%D!Z_~!&QFcldTpL!a5*OU~8;Z@cDw!x1~NpaZRWCUA?7>HQV?9&c$x8ti>1o zV1Yy*)ul6?^S$LxC0zp&#WpC+dBL3gE<>Q)`6P38`!hL4CT=9ZM;CAQ0{0t?A>US` z1L)w- zMqHr{%UNx`bD;e$^=e?}&s)!$W<*srt@ZHN6X{GaKcfgA?49d{%k^tFKGUB&*8t<( z*nEZg*v6|?A%HR5YdDGB`WT)|#B+W8=Q%9{o1^j`21lcCshSx9(fqs(BV^?(rJ5RGoGC z?Q;dO%s=aFp;@^f`&|Y)cKQaw(eInC<9~~(1^APo^<=;-Pwof#B3xnR#Bl~}ZkzUH zpHRn=(TRigXCMNn_>Up!3y6&|{U0Q%uBAQ?s-6VDd`b(bcG?#_vfl_sX3a5T(ej6z zkn&Iz$A)`@;jbGDF^>M&CRQ!_i?Iv=Ku?FvNOl$25JD5YKDI8LUdu;{3=Py$`D9@Njc>7!4m4b1GU5ca){ zUfh6J)yYj0Rta0)D%TQ*Di(QuCXC=Xw)MeTUwSwk+`q-}d{{g^-d86oFoDL4mq~c->e~bf*4~n#$B3;i)DkxjVIJ9+F*yWZV#=1Eo9*viEI@Kx(3k_BhQPq4`|ve7PQ@%Ea?4(`~h7>L6+Ah{$xd z7%$`7{jf2{f;;xkgd_bEhoRmE0!0VP@z=RfO#(QqWO&64Hmq(9F?xy$O2WhE28wk~ zlOb$vt|TRG2xK(r?2$4TzAx7VHQSMqEuZbx`qI4?e9SoC;D&9- z9gJ}b5BWw;7D}(gIu#H1vgu(QpAg3e;ru*S9V4*QR_0^VQBH6I&wdU3WbA}lB4}VM zl+o1G&M2G9)U@cXa7>2FnZn%5zcA`PbTfE^NXNHaxpgD^SK59xX<7Y~hNw_cNNofK zV}j^_O%Ihrek)c(>2mu`sc3r^$OXtj_+xJ}gfU~S;yLm2OA+rMH}GCIC$pe@%bfzV zmku)L!cR4^M78TKD{cCp8foZw>i_y0$EGP+u-NAD@U~~m{^{(}%7FW68iVs=Oo(d= zXX?s;kQy$$P zOrk7j5t;pB7W z`b_fT7fDq1GV{Es_uhd@kw#Q$=Udi<5gw!Fm7H%{YeC02~ z6I{>i{_s?kIN>mt_V*_)OhWOo|St9^%DcS8BLR5?jIr= zHRk&{cO=fn-aY}4yy64ju49TP2dS=ruAgH$AZZldVPkzR6w0w|2uKn9Y?_ovjvKNh zL>`esONALcV$k?GUr!7;_^J`hsir=Js7iV^caTxYPoiVKFK46RrnV@1$YpP}zvzs% z;`7r5-@l>ZF7JeSybw?dg)T1rgO*C7*x>o_#~Ih)V9keuXCr5<`Enyzz#I! zwT)v{b*PS+(xA7w^FnWC15(Ffz_0ADHRBoI5K5E0Z=eEXadDU$68bsw+p|D_6|t5u z2xz-%4?WMto!AL?Y^ezTr6^z5B|$@2ZbRHNN<7gKoD@~c%&Hn16j(1G6BZnGvCS}S zz%@}`m0hdI!D0JK92ox4`-;~kFT4JzfU|uini9}GR@e4vV)B;bFf!A`q^n3ShA=z# zBa+1-Fw(I^Sa zY*E^XGz3uZH>{?7MCUxAk4&*XY#VyJ>odUu_a&8M-ZjlyW_DToIupSm63n8c5%(?q zCt6WgN3{w9c*y)+a~vNjak;Hrx}EMsv_AjfCNQa(!o@s3?s;~cnPeJLxaSSaN?T_n zS$C9KDa^qIa#3^aUABvR@RPpeu6z)dQc5A(qHL;2ZDcw6KYIJhu&BHBT})I2q$LC$ zK%_xZS{b@TK)SoT83shU1f;t=hZ<_=?(XjHjxz%9e)svu-uufre)76zv3@J>=eeKf zUTdutv(@nQvbmCDKNrgH3$lvHUIzLz|B`tF}mOtv1&AEp1%e^0A_4G!bDPF2)e<2 z5Z|{paqap8ZTcoYEqlMHVI`w7k6z`|VO@I+d$^w;PtrR)GccK}V6T0BlsNzAMs0Fhxv;DRaV{6N77{DNu9Y+ z%xG5ApO1KRG&+JC;M%p9zXGGkiTL1Riz}n6Zi12D5s9KB%HwFypPVZw8{%f@_oJ&) zy-$OM8=l+qr52i-B|yx6$=(p~o$;hfvbDLZ^MT$xOivd#Hw;mE$6N7!D^{JEX?=W( z?=9x*l3d$91Ct^WgOML{#3I1PXPr%CfP6`eYJNCar5|sOLVLP4{4emHA^JOMuL}Z7 z_ngkT`)%UPM3~D6ls{D5K-7lVV!yuqc!2wCv&l*_xAGuN&)VU;8tvw2j_u=PjXcH0 z`A>elNRnCU}?a#AH%K%-{a-YVt@+h(6XN{22-O{LOs zCB8x>nzPzzcUkdZ|BVx7FkXh~(2**p8yL!j7F6-Ua>&DolwA+bp@J0c+(`l7!nI9> zWHTx|!iLu5T^q+--}RGAU|zQt<%Cr`T!suzQG=dzyKP05S_bJnm+AvOt}%96mB*Gtd-ruyjIUMcW6ov z>2Y9dgWX5bfvURRUWK-6GZtJ7;awHk&f`Y>PoK{y?q~5fjUbz9`mLQMB1k-x&^*= z`m{63M~xOFZf~^{P%j>+_c7W`LZA;t5uEo`(v2bV4@T6k%dfpGfRpDU(=0_5L$0al zQ~eH+hP9EASd)ny%^9hdP?T$o2`WYFUEH~d5LqYU3S}wt-pvvG(rramIRSJ3IAePu~uB_j`8DL#_sFwnaj^U!G9+D3!2= zkOJxw(DJ9EueWkUrn9$7dH+YA71Y`iUAglLy#ML}8uB4w$|oCsyyfOsLH~{6y$hlv zVHSoS?d-&2dc{=pI>pmuGvVzhx=_BRC$G>_)Y+dWKqM>M<;i>-?j?vvxCWutZ9;5$ z(-=^*9XAi3(PmL6GrFr7j??rM*kMp53EG%xLmpjGY{=XsQ(G zA>85D+SXTxJViY~OEngkC*oqNb=t+H_jmj_EuRB7FCw*zBLrPc!~lS~3-o7~^5$-M z__0-c%ppd99akQ9bjPhu{giJ$LNra~2;xLhJ(zunPdhDlHqUL1$BSe9SYtZa^m=u6 zIR6Ct8PTXO@2rJH1cx7a^YcQB7iZZ)b(rR_IIH)6<{e=-Lv9US53$U7fTe2EIvN+B zEaAMwD=O#cV1y7>kKT6_GDGg}R{iuaVPrvjP|t5NfHLEbhsid=Ilf{H`}fe}a4PHQ zN3Pypn=$9&7Zaz6bK9uV_{F^{ozo$EGNA$GB!nL+j!Wp)dJL(zk2LXzi8AmR^`~RZ z(g_*w_P^@;Y#JAD!R%r1k-6)Bv9NVsn3s|Vn@GGZE+>niUQ3yr$8Bp7b{W*R{=wOv zQ-Yq}OZsz=U#Q)cD0uPVFQq<3!e8_++vVY31s|RWk?sDRdws9rqf{Sic^iA*iK#A| zk*$C9LD^PzTeb3+X4!Tt$y@g%o~rQRITW? zmlA$QG_K#Bl&klKs^4U*0=|t*O`fh#Tef6XtoOwATugJZ86?aD-Ak`_Cf`?wVj4!S zpXj>F5cYIesyX%RUsA!zI4UMffdm^e08nvhe7tuchB}-Mxr9mtI)WRrsPVrWj};gk zwBH~zVH;1&CzLAX-F^61D2?mzbT61~M{UHo|2p`n8$4~-uA;_OKUVKk_dx1PdHZDj zH~*eiW+^Qk)SMcIM>#Yd)Ak91V_I6k{=PzbN#4he!||d$tkTZ0uRYB1n9oX%2Mpg- zyh6j>@F{irC2KAwa0NKLAn-aNsdhBB&WvZFD{Y|iWl?$BmiKOEVWT@fg!U)G#% zikmo_e(*WMa%qo(9}gi21P)N+{~Px8V>Ec>%Vv?WCvB?q!0Zl3VbCCZ67xrfo@~0w49GxbB49^ zW*^I}j&|(iRI{>^`)&P#oaIX|>#;o%$6_| zj2h>ag{-!o8Cl<~4HN8?_%#xqflLfp4&KEt%?yK;@A6M8&b~(_#m0wy5*1Ro`P`oL zY(W-2shaZIaF!S=;nW^H_}iX=prdq~{G087yO-Ze$I%>E<#Z15Ao+YsvXdJaBBJH3(FjbQ|>AFu>yz@~HiEI;s& zIv9a3(GD zu);~CmPxBZUN4z3Tdv5j`Po13z-Vx9Y7u9)VZjbu9lIe$dl_BMLEb)Q)U87gtng); z+KwnwWp()6f0-&p;;3d-^GGaI`eP72OTe&BmS*&iM1WDg_GC04c{!BXg&HnbhNkFl7eyQJLytbuq{DDqo=q@qU5xqoQyWZ2jmcIl#!?0apwT z^RIURM&!dWsB0N$)#&nh0HRqFghp+`$LaDK<{@zN;rko)GplE80@ zQqDnpD7)zBXvE0R&9)psJm8*P1V;cm%AQr)d+U&~h%KEUXy-2%G!&rKlC*t@tY9q< zTpc*_3t@%LJt^pS6V@W9!OsYIkQHr}xI%6mJrOoI;{Fbxi{oelmQW@0@G>Wy3?G^_ zf_a6roBf0l!>M4hAvig$O|X6rB1;oPj`IqQ0k~a1nNtl>h@d<=DJBLKHh%5|HLFsP z01A`ccxFbE3yYnF*gD3jw%^XE9|Id%Us@!5uIYit@<&xQ(ha{sfWU`=E{SjnWu7KX9JO)me(Anni4^G#H4eqfoAp?^Y__tm{ zErvQgpbO^6t=J(`>=}vIE<)9bK~lav|LO_GVvaJk!O8BVmR2@Arz^}@(oGJEm&GOA z=&Ok>6%u$TxzP>u`zi<&Q;6N0tU<*l(DQE^HM9oS)4(BL*32|^CpOSeCYIAIBO$4; zRl7AqpN_5MSbf_$?IkZTMQWq`$ME%+LQeQIJ?mBuVoTFcmU8u93yoVTrZc>_C^G?5 zzp{d?VG|o%Y|-Nn2oApY+ZC6K{oVqzMJyB)bnp)-8NhXS+u4Ruo4xu~BqRXgoD=z3hn4x(0raRKmCLgjtDu3PBgp{n1 z?VAma{vMkVu{bxDm-zMVTjdasR=5DrwnUuP3jH~s)65s0aawg@m1I&=bEhD~TF@EI2X>{LU4aGC&!q27i_P)%G7e1XP)klS3^N0r@8JaVBhztr)&$NU+y<)c ztp3y7TzNjto83t>&;9y-lnr6`X$$>hTUHK64O-(!54=>WSlwgAE zQvG#pOuM-9wNtj;ikJ9Sih(KY;7d{Ci~V>JphEKWq%xcDn7m@!Gt;1bV4n>9`tv34 zr1822P$S9FNy`30IwKG`UWAd#w)QO0GnPdQPH^9v+o*Y2wPUz*7g1$zIpdm~XsUa` zd1sMXcg22^6dph$A2U94ZD)C@H~IACtSCtNFD<|tQw8Gr_sI^Jr5~e1OiziXls^Nu>Q;3LOUX-|d4xNJZoQu54HrI1=?zluW zG!P75j)oSoV~GhUE%lCnYo4PuJNAmY#R^7b8{CZfk~Mpl^gu^qIG>WA`9Dd5U7V@=+H`Thm#?5Rm<{QE%%;|}l#}{PbDj4T|_EfWi5f{S4+g*cj8d}&- z+6!Df>4$*NjST*Ko~)8PageH$$w@;?xp|xv3WxDu1*byaj9PBrFk>eXW>0B2!~&hDF|3&ysx~tE1dGLB-R}BY<8_iD zbvM)qh6j2`Y9Zb)u4Nq5nqu_<@twLffN` zfTJYMP9OT@m8YCP{O*3O73R!(SbkQjKT_rPSNF;efuxhNvG-rUj?32|=o~dm z%rj6I6^v^oNvyolvgSu>yzj(@&e_A$Y%unrQ_qTt{#Q8xz2bRe-c0Gb9dnTTW~@^uzN|x@#s=BNLXrS>X5c)>1^iM z(7x^QDaX#Zn5EcM7m=@YSbIV2xG9$EG(d$&F)J7TB5Rw1p=bJvD5|sJ{J>wV-5E-y zgb;sra%M7N#_NGugsOnP^^o1MpZIT)n!TdI3`!B4mU?@q))a`Rhg|vQiUR4*=lu_ zji)!bO~-$XP?Zn;wF}0ldDVABjdVjhH!~8ef>)wzZ}vf1;b4T;rczTFvn_!~K5&WWf~RplEK zCc~y9gp}ei{;Jy9E2KxuO*bYdiap}sMAa=YlhyX5NASeqA;fUT&Sn#dD|((YE)Bo3 zpO(|7_}1G-NWh`0dLC9$6D=(BifOV1F8iIcI+kcYXGjh02|PA)zD5;S&C79&D5zFH z-ANaS_Ig@H2!AW2_u1OO&GlRdZI*#5-gFbBMz>p;<(0iXik`jK*;qKgDcIXoV;TJpjKwRi)M@!{8|==)ClMc6nf83?Oq2jXq9O4?c*A?Oe=R>h;Q00I zIXh8!sCA%0e75*15~lo!*Q!B%ir918{IJV{o%UV(N9;Q`+1U{ssPUYpoQ`GA%STx9 z6pD9M+X-URxHJWT@-qix;m_92zT!gbJ4i&5@OXtrye$A++%qz(9l_;`J%(6r8jf*z zzeKzN6$Y&8$LoHHFExf*@$P93gY&oBjUsSp*K(r610!rV*WG=xOBOdpt>%2eJ?(>R zo}SydY--Pxxn}fc9a$0gz3}k&uN{3`AiEQHz=}|PEQh4F2PBeUhX)Mv;w_`A;}K8A z31Z}}G9hc4g(0a(v(4?wPs+TXR+Y@#S}LqK9z9V-zS=<54Y>Y_M@tWWOV{`7*-iKW z{O-0+@YbV-->$OUVi$XrijSrpJK{JzyALEuK4b+?qm9(`rqf*w4hv80iKK0Vy>;h0 z@8?z)KE{dkM;pJ^S1fV0%5cQzE12Ek^9uDu z42;Xv5+b6-y^^eVu6XTX+S3RU5tl%Xs3x(R5|NN+hTp^U=ie$*K$}*P8f%lR4EUx& zXoU&#w0&j<|N&CxccwD}M7JuXE&^hF6e-zRMa=mGgn0_Q9Pr z1Hn*p4p$A(u5>*V4(3*`bJ4sZ__!C_hyC(i3-Z0So}m_qc{Cykdh;{PXL#iE>(Ent z5x(2pB?3aW_SwS-+WD?Yj-ZA@o)0LVIv@`3nXE!B?f($1IPFkSo zLd~Q#w6<1-U&D^hUZgyH# zh3ocXNQgjlD|M(=S0Z>jq_by~O-->CKjP-D4R(UxD;`%+uKzIh&j0z;u7ktLO(m|3 z8fMK`Tyw70K1lyy`Xfsu$6EliHaIly16b&5Yr7M#zOa`lwyhl4^m*|+vO2}E0@a`r zl4U;CNY66W#Yy9)DE7qlgXuuu-Gkk*Kmr_C^;>SHFW69pzISLshvzwBQlL$`o4ff^ zd+@vAG85y1B<%LPqCB{)7UA1Sny;hauFJ&(<9aWO` z^GCRjF-WNXK)joVe3~@?Op6jIp!MO5m5KWUQ)Th_MT2+nkHM6q7XZLeO$u}(Tf1$| z6E;~wQf{}DM2rla574HWk<>V0^}N3|Cfnm-IWlNFz*swYw8ZfJMF)ZMQV@AIhEn@L zDb8x!SD9SESb2n6WOlNz<8G(*TD)l-De?R#AA2B2oSadMDZa0O)^6OT`w|ZzBaa1bUCITW zeb#h4=cs>ow^6$Ied-izo;;hBWi37E-Pl)R~kMOk&f*mI+0!YX#DI@{NScw*si?$%}P!-B^Z$T-}l zh5V`SA}cRq!896ia)7xI{vgMc@;La}K=k-R%Me|A{B~gl39^qIt(;mkDHM4o)DCc? z5jI(L%5zsy!W+z5<6Sr1=CVCrfHIddW5>OQO-&jxGUJ=hFf&D) zu&{`n`x>(nbWGnHj|!cwCk4~B%t|Ap-akPREsVG(<=TUc`lMG)PJ{<`+xLbNP6Q3D zpLR)9IM1iE8LEAYPmg-^KK2K18T`E_v|cG^=Dd)M{0ZLabB|@R%9@7{;!l3v9>+sK zNbt-lLohL6R?dRGU!!HdP?Q=7O!GO4iMA(*^EUc4Sfn-ve4p$M-z}TXqjufIbG4pA z2{n=n^OHn|iFcz(h`KTLq(XZMGNu}dCmvn%rUx2oI1tYI5Fg*w-@mt+Ur&>GcJ!Gs zD=7NYI5>L0InpF%XZ>kZ{~Jqzj;Z9~-;p=fv4W#!VwyqsSB~(MJ z<{$fH9?}vZDx$--d319%Zg{f>Kt?e) zDQr%EY=?eFv1fxI{kUpj)m>_BjoiTOlB&M zcn?^tqIt3slr-C|?dMjK@kNThA4*j;=rW$~jnyGAU{(V43*F%~&&gMWvL;(Vh_@*4 zJw~LcNcd29Kt43F<{)C*AHQscWUvZy*&h28m^RT>TK`#sP5*u{2w%)H8^!QP%3&}? zXGE?t4>7%tH+RS?J?_@52&aMg^&7%=WEH^^$~L-{RJ0P#r=}MbsB4-ZqeS^JrqY%bLB?lS zjpD)cAHLr z@=}Ow_Mmfk?ye>^`R@vFw^}(ls%N8NL(}<5k@pauM76$Uc7$f~++pF;==e8yJr|{I zwRom4GGvSVJvzA3i`!`SUYeF)i&@rvxLmbT|hTE^#YI;084T!h$P;8zkGr^TlE`*NN z?|Azor=x~<9L^ojjcfGi-j;MBd-xAo#1o|aqx-1Lsr{FK9e;ChJl*P9c}282cmEfh zF1TuUJ^!DD6l$qYc3HfqX-qysZZsJ19Ei#cj$Q}W+WJz5>hNAKL;Hw9+Jw{lK@0ON zD?^GDck+6dqqzvt>T$kxoEmsEA}e82JT_ZYL?MdO(Ne04Hr~stvFI&P3*w9K1$v8k zCx=(&dBF9e7-Hd;Uh`{I>^dr5^Y-$H9{o+#nV4m=@8O%G%AsV}8`r#h`<|$GprPjO zP>FO%8x!mJwZO4MWRHad;CUDJbuE6VW(_h&XU@ zr$y>G>$#M5Hn6NN*-z{%$^tjCQQ>l6j9F^S zkhVtv4XI<Yw#Y(;*tW8lSR=(j~(VsZ+CaGQC@{wfQez%-Xaw zi^WGOd}LMMn7hnBNjp_mU~ybdqW}P!1S~NEci)?G#5l6i8ZJmr2bJmMQY6l%$}6e{ z?^cCCM0{8R7G``K7SM2oxx~9rg}Z2SudmILQr}nrG8GM z0$mk+6cjPSg%KB<-PyOj9XNDG8s50iGp6ZqA5C>OhGT4E&s1TqD0-z$mlilOIh*67 zw)GDY`|;z4oVZz8G9>so7*v+lR_3U2P@1cQF1UBdAwVDK)q>%>b!x1+=k;ol}t=IfVYLp9IAZ!|}g@2TJvQeR+o^Au&aokK?BB^L!On;q&Z)8mdgmkl5__!0hr3J&wqD zM?;xT9A7&vIz2CGZJ9+tc-iq1qCfKbfc9%K=k-qc_}9&*m#p1ai2`@-k6JDq({sA@ z)|sAm;h6V;%y)uaU(#efO`44egpjZ^8_&SDC2mCD2RU_4YVUL-Z|juls(8A00rA{i z?E+2=bmL;neZN$^BeOS{f2XpUS8a+Y;=uI&ZbQArtljc{)5PJ;!E_~db3wCjr|}#O zt%u2IJF5VieTeK+b+r+e8+lYpVmm>J>NFb^VXI4VisGh_yq1#ro?F|X9!<#NJb;ym zA@!b{9}K`%&JjI zJ+){m&hQ%L90EqocOB?n={MEQuSYq^$n4D-;|^)S-r}O|*>QYZS_zewVOn*xKppW4 zU;15X-}Ko%t0wI&wZ7XAvX29zAg!q^Q~N}zD<)Dn!LYr?3LjE*?!6nF?+-*0CW6Q| z$LkbJb*47G)}IEqE~@Xb2kW+Z>5VrBGIcQLL|2zp%wbCaj!=~=uBOc4x%+rL94kia zF=@Wlem_1=s5_O(LR41DP#Xq75I}S@g4H%3X|DZ7AyXI&Ifbp5ak&?SWABHKUVIFvnU@+S`Od>VhA@mv}Z6srDyHF^~&D_vJPxvB{YF7%57D}9-y_76SWKk=2nh)pd8 z{QSnHSW=m9bmt~))X!tOC0Bv7nRs_f14%nGpDW^{Wv8GiJb2->Sbo}N&xHNro`Jcu zzL(0k2|9N-{gIkS@u5;`g<>E$Y`J}U5_6{menPvDsLe9<-Sg1dgE$s-Rl& z>ZiAgxpCv8%brtH0%}A$4JUE)SM08f*resLwO`Ee3Is2q65Y|O+80MQIIF6x|1x+Z zm%)?E9VPiibLQ%FYfl3J0CTIDt0_&Z^A%0Dd}O&Bf&!ZVr-2+p`O&I>L~&@4TQVzs zg;~m^Vbpd&4*DJQ>N{hE0Q>m=KbjLOTk7DZl1tI85bW@?UZVxd9cFvaQAb+fX+T^4 z_)1O1ND^ic9J&e7_|kInXkLeuR;zu_Qk5z3(X!P1p=|?PWVKYT$oKi*a2p^m>ZdCF z4f;ilD=HcH3FhVXdK>(d@K|w)DYoZjzHq-hKeGOSTQHJWWB=aHwkpoT{_E*GgXW@2 z+6lKG6qF;oP7RB;>6+Tt&X4efg=HEKi110e715##*tR-?@tDS-=V#?Ul>yBmXV9|m zO-_Yg0#DuGBBbwpG#2)Ts?NQm30$!)zx+Tq2RVn}9LFxc!p%_qiH^gt*LOhcf>r<0 z3_r@j|MLOgq^0U)rPf>8}G8nw^W6J7#w5#`0Kr@0^4J3;6uLV)wB}w>LPC zzCKZ2+-pP!0OAZsCuP(vW!LaA?Jq{C6&W^+g|36!Nci%iM;nz%)2MLM0 zHiJZ0r#@-fMwWeC`4EVJfMzTN{472CHR~(dJv_Lm)S|C4D_vGK;e~o=ZExFNL%r-Z zynjmI@ofjqI{*OlB2LZSVsT5xA1EcK)^zQDIkqYZ$|y}K9IhkPP(iiRBG=6f`Y)~R zPYf2K)-8~QCfPv>_X*sJAMi+@^KK`r{ZT~<7NW1r(Gf*cIAt0iU*mS>`+iK*IPMJz zN|Zk_l%<_JFvF^UKQ@qo+)p!O}E@44RvddRXs$EcNGB0{cIe+3h-pbE4l!PVt~e za!@%7>{H>QiA|gq>Wq04p$ zvXoRT>>}6NzN(NOEyMXfU_suA!2KK^iw?^b>Y$XxJr`8EY;L9%3J6NRmmb@t{C%9X z7G3WirT$5ye0cntgo@*?aW1Nuoqy%wW&Vz*{~beepXPexr+I%#)4z>9{qJ%3k1_xN zsIHQ>U5P)hz)tP1RU3Wq9KZA2<$|qNV{w&q8Yy*GXf>34IvjpGpho241Gj$ycrB&* z3kw09j`xNiuJzVTu=?DV?+L_7VgJL?Zq5&*)k~?T_=G`?7frJXD$QBs`6dbMb(@Pp z^cKF_V_ymvrZ}ti`ljWdV58id85y`b!b*1V$ppIUbL8DH`_re@9HxrS8$NoVqq^Uj znh&eAO+MQ50FBzODL5ssgA;y*o_X~DeicczU2r{(uE#6>ql`)&1~3%r^sV`bY6@$G zPWUj{ei>S+Cc>FpnWHB9MC0uE+1cPHl|@Ot6Z6nS7|6)ZnC}Poj=BGxlRG=|{D~R6 zc63^gC^c?O!I9bZh@;dcO>Q)&r4$xg(0nq~Tfi=ag|M45HoU}~Vy9IR@;&tHZhuZL zt&rVx+ZbsRe#_oY(;VE>B_&E=imRYeX>IOUwUtyuxi0%(m$&^fUhL}ncVN~Htoq`)@rKd?>oulF z)%c>_K(bgWjl*yE0CG9uci)gOY~QgjIhY_p+j*MFUz7Vaqac@| z`F3&st?bFj9^El(vCZuFIDf0T0Il-YX~C&gE8<+IioUk@5HE}o?{Si>kl^);&q!;h zRp0e8j zCe`UMY}16H>?;e?_GhQty0YOmU%eMb0mC|y9BKBjT*^UQwy*itM-y{3`fw~Ri*g|D?e5>zdRFVGXCk(?yn3m&ONJBLZ-s`oWGvxV zLe^|BRDZ5vULF&`md7_a+T16IXUs!oZVKyy-CA-O)co-TU}iEh_y5 zSNs+W^S5;3Iu^i`CVt%XSY*Vz`A^nY{7N%|vD+_T=EVnxEu;tYouPTyX!H`zycC>H zMUI;`N6(+WqMsijOB$aE-r*a+u}jSVrdbkRvLHWbf(}-!`|%6H{uJ01 zm3(kbEj>);Nwz#(Mz!Ly{oLwUMUY?Y;ceK0L+Y{GpJF^xYR_*8R|5H~y9}w=Ts)pp zOTFfwUu%)vU)&b|`&ZYy`=s?=_}4t@q!;{C$_3{ImfD~H@JPMAL-?qN4{nWdFD4!c z@$|`wGVErsiyi)=ku%c;pR{Sg%)DI-yYJi?3>gtTbO=B9r{Y7jrZ~YMbTw1c8R+2* zy5%puKcg5C5FK@Kl1^%zxmnEUjbDl%mqLL+AVVDUl}-=r(_FNwpCjL4-Zf>~1ccVo z%1H4r07;7e#!aMMb6e!^O3F^ZsLxdAkK4j$686TVxJY4|LPk3sf_)%o1^bw_#hPS4 zUO!jMWqnJB#Qbethzet4x4E4U3uagcu^mp_)3X6%OOPz5SHv3;3> zI^BB}!x_4pdlfy{Ba25Jf+Nm(4hm6-JdZ$odO_mYgz7J#r0iMg5qd$XS5Cr9?K zvf!tJa}GDg`dkB%0D$3jv-dv&I*YAh=n|-y!U%8=H(}iQXyWBC+KaX7O zKqM6>!(VI5ja6CfCQQ(RUC8V^Pv3Q6ten{0>&oVD7?9y+GxYp80K7NDlFn^3QDaZz zpp#k@C~<3gx>AH#>drseG}&w_?v0pksaQ1b$;kwn9X1znv44U@upQ`sLy3ChJtyK_ za1nkXWvwz-a*LAe+1R-%zih0PE?@yu@wu+w&)#uxR4Q%zIO03p-a)Hp@_3e$u`JEX z(#m-^edUxQbqxS$pNM;HDB(Ah<$lxze{OV>n3EH9Nsm_E{n{WMv#MdNbW7E!puxB* zt>Y#v8*sNH?Hs6FryDSK4NJ9s=MJ`Mb^8&?{Vd|*hV74onOb3Cr{3n4bG0?#w0ARVzZuNL| zx2?X<7ilG4>lv{#D2bIW&WRRKan^z=5Ue2KbP!ajl$h9aBZYsVwcjb!fjvdnPz@G8 zCN#FkzKfQM&8Ak`?l2FU+@$v>c%{cdbE^TZpS= z;Jb5z8J~pl+*_ueioCPnR^5pzl7`K!`9lujUL)JM3^o7u4+ z%D7ll$zYx~HLqIe4HAKZqIGi%?5-QR5m9iP=LAoBg$qkfIsY_-2V%drJ>_8&_ zH%_C&Vr#K|V)+PXpm|oyG+G1*WF#J3ch2fATA7L2?V@e2224cH5r$~_xpU?Okf=fLdZ9%`?M^wo)7b`R&NzDQDVuJJg`{>r^JGtY1u7y(xi(S6i>X( z>?)b8c5z+m<-!c8gr(I-h6Vkev7tesc(2EgLMkF{ib3nQ7i~m|htRlQlTM7ST`vfr zUikAGC)#pHbWf_HDN|A-$8NH2vZye1HUw=aHfe~FSiUL)D?_!v?7EM#WUa-`BZSUeQne4mA%A+gVtS@=e7Z3L41hzJLM&v-r} zIs+;3Cs@(>nY-Ec{#i+uR~lhd>+wly*1q0wHKR!luD5?)X#CF2ZDPz>0`6rE_Cp4u z9ZrV4F+MkJF$E&~pV*f!>l87W`;dzG<>`&?R&dssNf=x&OLxAKG!gUukg89OilrOs zwGgPhz7GW|@iXGRGR!WZ{#H}{E7WY~)H`AB$X#6d&C7A_;Yi_<3TpA?@g=2Qx6HGq zNYsgT)oX#1uVKaoe^y)qJsh=ix~LUPN}^HQ3*pbDSTMoVyM$d(&OH+qzj>_^jNop)#6natdqd!GB8r=6#rbHiR~C{bN!zD_|wL8YP$(x#xe ze0F=W@9M>~%M%XO3ul)L?%GPvC`x)**C;6NQmBBQ>UyVaOa~b2LP%tCywt+Y`_Hd_ z%zM*%_2I`tOJwf?!Gi;4b~&;9jtr&_14`ijXv4U$Vr`pM=ujn< zx+32N0T*=8%T~~>u-}ZWOnXO^48RY-cO$87#MWXKQTHBfU60?DfAH#`i;vE)PXPb>0iHtmzf2S}>?z1V zXBR#UDs}Y48>A^12(V?jGqm-TL{0l29Le9gwH-3UHf-U1PQ|a@+@@@`_=z&(0~#?f z=Ggzp&&)8e(!^Z2IA-}M`X8FW<)bJs+eugKIW$FO*7U_vVq;5}p4q9{?#ghiSg~SYzuR5@KqY}^$$Se=+W_#<|WUEWDz{Mug-ftqoCEtnA8RDAhkvPuI4fd3Y#4=b+! zWA%5~=8yX2+3>0~?b~ESBah8x!UF+WK5A-bx+y8St05VbwW? z78&hBgn`)KF=l%|iV|rs`XEvcHxc1LNR!jERH$-R|2yc!M`7JX?!qs8#tP>6+6*OI z2AXIco@RxVkWG}tR)j1bwmSsSoa}`#<6jbs4){-ZmxO$O=KikOiPn76{4plZGRcU5 zJ2P4eilF66VG3~9NC3xTm6s?GXh`m=NGL{TxcN!fKfu?=yE|n(v7K1`xrQ?GF4bAw z7^*xtP#`DByfpiIy4o(4xSTw8_Z-gySb<|9+xQ+%p!QAdnGQJp>Zwi_oShVR4z&$k zs$bPPX9S5U6wWf!U?bkn&BZ$h)9iUgebIpWb*8lUZ%UNuonv`bF5W}25@<9w1DmpN z#a8i>f_XWXveYBlXPvjNMR@xwYGkifoGbvJol*rn%Up5br3ZYQM{rWz>xHJ&*gVty z`MV9{jcFfe`h1|o0NxukeHn3G49|G;-p7SpcspM)I*`0^i`??F_FL~K|9O5X zb;425Um_>>9<+Gv3&Q^*hxcMjbTpU+`6F%T-D$x4D;(sXc`Ai&T|mpNXc76{w|e6t z3vzzc0RjzTe%6nfr42h@S|X5kFDI9y{oVvMoRJ{;ruoxJ+8v39uWRkce*oSFoKne? z-fAr@4{sUSPS`XBStBir^QN(9c(+!Pqems^h1ZvQRh|9Y&mG6CL3ZSY>f_|^hntJs z;r5S#BU5ypQPEHWCd6G_-3@ba^yk{(KwWCLq>Ch$<9RnneL{*Y9U#)Cxz3z4Inp+2 z!N5LA^sKY!O4#?T4^_5pt!!TLvYBVFJoO7)1`po6tah8HMA8&&?4It8BU@c*sP-J} zjMgAMaP+5%oSUnJyJ5%`*6KZ-w5b@NaQFZT&F?<=U8~$2ucNlhf_SXJ??4)Y%%?J^^HwM zGxBA}b+wtKc=DFP#g|*$*;C&yP5hNrd}ic@F=O9)v`o#~JTt(4cA@uEjeU#Mo90KE zKWu|FG#^WcS1Uz@4jC*l3r#>yJ$OgCj0}Ym7j8z2>yy(hOb2 zWglH(L3oGur}t2|oU`Vw zh+C3YdeM4)o^p-p%0s_Cm<3H|VWQlUar77pT57LR(X+$Z{9r|no zn5FjuiR;Q6K;-XLLxu-p%#ooplNFl)*bB~)4!mx@@D&y@NP|7qh1Bm_uXS}er7piq zU|TgdQ@6i~6X^NFmF8)MkGMjqTwXk+gsO4ndlS%U(J64H9RI;y7M4 zvu5|j-d@O>t!AdT))up@n+=2klkbEvbdxcBRe{n z#-vS}*e0`ZGPc*nX&@|T-0ZKpHR!R>ydSCYa@x{>=F9_u1~0vmiuKQ=nc2Szvg=xI zRZCP%VNsg5`eA9cXxNm))xt8300PC93zE}RhnYTHyclueLTk{rib@RCW!{Pz1ygdu zi(FcJ+e~r$BK^YEDM&_PBr39As9Nwg#zWzp@olpw-!6<9ebsxFrfq-S{d&u-+2Y|V zS6H$iVO=bV+F~_?z3htV&2~ZQ~U&ryZ2R?gdMh0H_*5$I`_4$>RZzk0OF-`}8+ZQrJt-C&@Cz*sV7fqWP8|kO)^`~407d?$(zvfgD zRH4zaTV8%WDt`S#q+Ag};dQb(pFj`MyQlJI@9!7FOAHBo_DP0i=|LKtBOj*ImKg3B zn3@X%0R30g(~fwiOB7X@EP=qD=eegfNHRWIz9@KBo%IWNT> z0-+X*zrGC~VQI-_?^K-ufTIL1TR4?C9Ckg5m6+><`!UL{KoU`#jF+?q15b;(ld>mgy#va~afTOb3)3u!I4pnt4aNvq-N6nDWtmMDRW5?hj#Y3QQ1*ae5^kiYI-!tC`Z}ALt!TG|W=o?eN z{N^md%BOjO8SY+NCiGzzM7R##BA&DKs{CExvlC}|O?ar9*R&2t#E9pnhp6J_#{Bla zLYs#tr0zdyl?qG4mHaS{Uc)#p=&Swgd@3x-YFmyLgWrRhusYRKozF#KG$4QBHAs-? zVT-A)Q->2#1siSpCG(5R$FnI4H(%adcTo!QT>DE`P+TRLqD0S~)Ht%(D~dU3#Ao7| z!);-Y0p?q5^28$vpN+?VaTX8tT&Rwl_AR?xv0bQsk{ca&mi);FmKX`DtO!QIOxRE- zYtPvqAJ$-UGx1iM3V(U}dElf%@h|S;gKb}*BMJiE3i>~j+Ww=!034~fJFUW;}lL()bIaN_J4Bz{|hYs|5NS&@Pske^>J80bO#CdV^T>eTR{!IhWhY=t3z z3Z3J6g1Sf1nYggT8%CDZc|Egy-NX+iU&H;osjb+A@V9iWnEyE^qmt+Il{ewzwOb#jz*kB@tSYp{U%f+S{TRiOdi=e`(h0!Q=Ca=a^rB`ux8Q%NgXnvnn*Z<*#BKGy5nU z1m(#89lp2?FOocm{ONdy`CpDi^$e!See3jp0dp3}PgTSJ#({|!=@%qtp-sj7?8izC zU<1~3M1A7dseVB}ZfZf+z4`ghLdo0_!Ouz2@_g)9_o~a?9z4>?4*t=h-XtPvZ zZ?dD*^V|QI)&tM94xAq_IU1tOM8IUGUw)H8Ny-v?h0lEPB>Z2dC8M*c_mhRNlVWK& zPpN2@G*P=g)Z<(Y2HztXHW~JkywUy2$GdZIq6TL%oegjuGcYl{2jw{?( zAk~>o0-Jxe<5F?;mqDIX;9L9MmBcOox5R$W$d*ctq|mY>>NFA|S=N*JTqN5S_b4Qq zoY1eo8XgbloDM2={=3x?|DRUJ>Ha+$X2R6gpjPqzVD7o5XGcH(rv;NE{6DYg|AX=2 z|83`)ch=8Bs#{J}&oZHkff?7-Np{l@Rwk$W;L|&F{Y~Uld&k2v4Qceuo12keIN}-2 zEwaufJ4N3`K`x*Z3>Wb}e0)DAc6y*&*D1|n!*-i>`<({M4dX}gu#V|id2;@0yORFm zP^G)yxmNp_J75<`&Mv2!(Kn#M-3b*Uhsn+smwSKyzJTwPD7MmpI%y^9fwCM%F+2^6 z4FS-9_I{ne2etZV)~xKbl1)L0R6GSMD_nn}zk27iYyC$%x8h;L;cE4dsT;s|6Q@qg z8=;gc|9Z!i_2P8<858nXdQ-1xrm0NYWpR@;$1|@`o-p1#YklNC#24v;KzujEyO`Jj z^Um8lG~r46MmhO!aUGTY!Kvr3_2wy_ypv1a+5JR`)en3#RI#;U9Pp!DO2NEeG&&;m z>W;+m8Lo?*?5syGJK|0|;*84KHItd;eqk!CSNG#zF#9qG3kVgM@VUQ8u-5!I_nWTG z-gz`Z-jC37jfR?feZhIv_EGT7DCpw2o?*_55cZWGmN(mHV%%VomQl;fahW`I?Z0&K zto6})fs^~bqm(IfwZ!__&C~{1oR$pP9)CCItS6OAUhHDw0I!s;_1+vF#(BNfn4^kn zqI&4FRHClVV-6hCd3!g_S)id{aqEagwoTP_zOF1pyz4z&kyF4d-R?T}* z*{@_pq&D1zZMYm2`JPfFRzJ7?Dvr( zsO*!$%4}lz_cXG>(>;SkyDT?y-6vOP2IFeu>J8n^lKm+YnW|p!5$T^yeP#)J@#Gsb zX_CGgL{|8)hc`iHu>5-WB!&Ywy!_1}N(jC;=CHg_e?q0-*6rjwmbP66rp zpy2uunSZTcr`#6eGEsf4lO`E^C?T|v?b@3Xt1 zzyyJ)l?2#o5f9Q{vZNODx=C*(jECzN`&bXpmwiixfj}MQG2HS5!@-l@@`xYN*Nb4X zk))?DdQp@Ds*{xuW?mh=?u+RZ6%RB24+iKs@tXCSh$zT<2^XA3@-Je?D%IUTB7n4wMS%%b(+`1qhG}kwR)38u}= z*-Xr7zN(<28kD=;3nkm7-P81g4^CZQ5Rg$H-@5~QjitGsKf;vfqK=MwsiKC4ECf_a zl3gL;W~couO?K|DLAnX|pvO}WD?-=I{%~lZoIj*%aSL_uT}`R5J^1m)q{*s$ofGN4 z^>cQ1LfQ1SgV;^KUw47EZ-wO9oo;=baZl}@lC>&UX-+}~G@Jm0V2`!G+G`Z0HOF0h zx)bQl)yW66b}zqvU!Y4)>g{H@={DX8_m| zC8zpAO=b`m)dxnR*|!9MnSRmCNtNUep$VS2z6i~3-R7f20KzL)bgH`G z!}E;j7yOFoukITftPIA{fV`oPq_u7&zo<=WhVCHh5k$S~2!%5Kkq-=y8U^6=plo&!^wkSpI_ z%*I8WmD+nz8$Q)1S?Sp90a%##8zrqXNp-zCa(&-Q{&wvxqBqKYEOZv1KUZFkWj8*L z*|VdOOtV%sOg9gdE`@8ry>92<21MRl-MyJ<3TNP@1(d1AtY(QaGWUY)D zM#YEyU=xxB6GB^WS=708&s@>`1_YEPUB9k4C8RLKdv~|P6092+Q}s@7Vl(BUPU6Y4 zL0vDs4pBxTi=!f@v_ik;73V-|Zi`(?1RyiFH<@0~%gGhnmhQ;Oo%(x*isSj}f$z5_ zAW%B+dDEZn9t~d;Vudp4JgXs10)mpW`)vd&&LR1%o2BXh*Fle)zWWHUywC1roESaN7G30u0G7!R%ad9RC|^|I(v?QB2j zEI<_v9qq;4u3P3(lbBEJ8*o%wK#UU))G=H?yu#fKJxtpvNkHP%)!Cc z=5414x*jig{Ofe8YO{w5wd)rY4G(1}9T^uYzr}Azyl~RIUdWL!65S-gDttBxMaOTc zU&tUt-mjrmEA_WfqI!U{CLqB1BY675=gS8E_ev7>ZZMbpU|r;u==zatfUJjZb3)b( zvRXZ+Ji3RS@@E$4BaTX_NLH-r>#chE%a&>PVotoyVW7D!m z1JX*XFH`z_QGV4mTbrj}y+p*t!++|z`%e=H_6?O)I^JDxj&dMiUE30J$6SY%hNS>; z@gx39vyl&NZf#Qc*>=+FB3|`hqC%r4UptK|4^OyG4it?PsB!Y|&Uv{L`uwN!1$7>s z^(-ZeiBIk9BaH%uGh z#R#>iRQBSA87q%keCNHDdSZtNvFS==56{@o7+^){51g{bcLaS%O5v!Bt|m0-4^WiU7>v_aj6AXI@(RXh-*25)#{bu{3nA zw8ou%Ol~QL@7s+U=Pr|jC%DnQDk$rOW%Id&A25eJ!CV~Cn5!7Ie8?{Iuw5Mvi0lzq zeP8wmJ1U1c2K&RBava9Wh#Y}o(c4EuUIR9uOn1>>D%iHs`k{JYw4I486=MU?=Vjhg z9t49w_4OOO16Sl4xW(3b-(LyfiS!s?xoB=BgsHdEezKi)xq_0#1DK@YYyN7RsykLX zI)NN*Z64utwhbWZ!~Fasl|&p=5dTQGf$qQB1BqWE9$!d73UKL>aMNVxF-WUpp+nRQaq9bax@ z1(^K(V@)WBwS0OrctWKKidb#$STQwrn_VXsPauw4679pCZ2z_lT-12wDGXNN{!WLq zgP8GAhljd^R(UD;DkOeotB_9BU35e|_4C3GuRzEC*>hj1&@l~;v8uP&-<&IUAl%}?WN7oJNAN=Kh(gT`LxPqSi7Cq;|DUq} zUMr5&f-?;)!s6V&)J+ifYmJ(I&B19CH76jX>kST^vrLV9)3PQ_njkW)q;M-}byYGm zJX9G%B+{dvGr)uHl`UL>7;sEVTKjm`n8Yb~4M{k)c0HY-pD2a(%x($En^;T93H(AQoTDH?A8igcYo&ixFSU2JGs4X=@N>lk%^hWe&av;i`E|1Gf3439ZLcBw@9M>x zEpGYd_xjgVJh{k8@FM1~X3~+5C%88M?9gU5)u~pDI0(AY;8si%>Sxh0UeSq?qC1*R z&kwjz64@N1G}k>EfIkyyvhF*JQgX}hHHT8-?HXoMQf*JV1E5~eG~&tog;-cfq>prZ zL;T3;_yFCc^i8PmL}nOgBXRgLM?;$9jjMb8<55MLhI&JCuJ}b2PV%i)-O7OJ6*|&K zJmV?nlm_%WWi-f;->ERQ6oHHu;XiMYbx%yn1e)wOlTuScx7%Tsl zXrkyr1fJr2P}d8<#?{^i8i@uL`xKfyh)lJ#>fU< zip{_IAN#tDmQRmk!t;o?txf~<{R0gUp|xP;1h|e~S^l574uL9He4kd#^Cun_UP=JS zDAe^5Y7#6g*b@+P^T<`JkgfJ}uy-M!Y6lCOm1Bi27*vei$fMViIca%m`2EhL$Aqyi z(5?5^d#E%eV&Xdz`E!CtBprT6H*TFlqIuL)Ql`PE2MP<&jc^r)_SgXse&p)+N4iT} zGR8=O=)R}WDB%1o4rAglO?h*pgdQ-OI%ATxI0T6r`D^%AyvMgzcR!}F$H|*V_5gv@ z?=M{%flpMx>oB)Qm+8gh<8*CJreW(&1t`kTo(w1QTM^URwZ5tv3yLT@0~PX%T&nnF zzKvRnQM{Czb=ubpKp;IJ_G96UItb*j($O=a>FjTN*!tqLt_h#RfJqPAbX;npbwOTL zc<9(ePk0V*RYvt^an>H)&=RvIYAG*BzslM{tK!mxo>@aOU#yX3g~UYagp71gwMW2i zCE65xG44fBo5`^{rA;nlWdP75-_PBwGVLp)~Vk6F#YVIwK9>H6k{4 ze9z&p8f%p>Kwt{&txT|r>6`S@zR>OMj3%XBYC8XKVVdMo#r%Xjgp-nckZLT8jw=7d98zDXS+xP>cjT>h5|4*QzmwO}t)6Fifl9-9-4{w|^@fM(FcuER=!*6d{WEJ^@%Fb~Pu(iC7aBdC z`QA`65qQ`kHvOULV%A+bIkE>Ld!SN545AjNlBBWk8+@}KWo3r1a_(>hR#k*lJ%ox` z5`~i`tE;7l5~$OP=*wbP;FzyM8t(+*rD36Y&8Aw=9&JbavPh@j_3U~l$)XMLs__DK z!r;*lF`1e|{qb(=4!%Oi(KHVEm=oWDfnmyeI6a{3PTGS)50{-j6Z6XF} zJ7aM}#amrdE~c!~e*5f?9bYDZWAq^RXwxc-Od58U##eCEg7v?5bj*FfJPsS*e9j$( z%yw2c+1IX7WS#Om!mIU8@u7IU3G~Wt)z1Fn_!b)Am{XN*p`c7cv&9$x6 zs<(5E0pB!F#d1E2%Vu&%6&Rt#mdI)hCecvWrsps7dEj4arU^8=Gx0m5l%{|-^es2o zH>|YFe8QJ=^8B~zOtOa|2T|S+J%1rCmP#@&Sl@S0Q8yF8nV|Aub%8800{4EEy?rgO zO2F>(orPq7yt==12WnVJW3q>}8{fFeAdz=acrK_{)ztBVCbiT5Iw0rL$-95c=KOik z!2iYF%Kwjdqv4(wOYTB~Qg2Y}qym$0vy_^uJUy|f?Cz9$hxn6VWPoSe_dhDh;m+RZ z$&&R>M0l<`Ozx!kqXEs7(D<61{j#hCA&g-lYHCwsyHg)wZz~!|$`z&8gj!++PCg3o zVMX(miO&p8V=$BBEgMuV=oo&odkgHauBd|cd$^y1d*farZECN-m$TcS454C$O7aNU zN=9Kh-??p(=yBsZNpddHSqbV>HqFBFLqW*}{+r7d9UW3Vyb_34fM)T*3k)RXr5 z|D>g}ob{z6b&;s|lZ|nN5w*^SDv3Si=)Cw;>`0@L#`|jvXjUWNN)_0>n6%33b)#`j zTPLeTC5tCmRZR6Rr;Mhg;wKLSOs!rA&E{!F$5t5w_aUVAeQ{+23)`O-ZY4vsfNc$CQ zj`i9x)Sw9v$e_t8*Wh9P=jX$CnzSL}auw+_`TOaQcs)H^k0_UV&PVzRkh!(y$O*a3 z$_agVU?f9&v8)1dIx-EqBC;OK`<$5^xcIUkpw>Hw9s&ZZ1_H1OugNX8TWzMP^aIC+ zQZTP)OELw?p}76`0{LJX`q+`skN-`W6+sTx)FoyOxK3I+`n8QUg$MWU4ZuD5motjj zlD#T#6u^CJTTHo`hSE?@F z-?x#zd&Wve_b#}*BQkcPqzBLg%AaUk|14zvt7jF89ZcU#pVE2Jt^Eni?0 zDmgBzwkwTs)`s5*C5y9x0|rg6x*!6{YZEluGs8VF=4I||aC}3B`m@_<{zIdGw11r0 zx87Esb$94q5!^Vyf*5?N8hd(?I&c5u9V}N~U zRg)z>B7AF$JxOw)*Ra4-z_hvsdpt^uZt=e_2brul&+Yb%eID=h{`osvN|Qvo=u4mT#Ju{V__RyUgW>i5%uBP%-!dw7zU`C+BLdw$klBXeQN()oXWUdI};-VBU znfBkFboVr&G2b6M4lS_*Os-v;6nBvGUNnw8iw{tiZwa@ShwmfC`RZS4PNuk*H@`EG zT0;}4nOH`9%OQVGVYxVMS$BNuy}{fTh}3@z(lNGL@5?vC*d+2$MvES;^YPJ4w0?Bi zTg9uxz4^0GGWBHPV<4y2)<`Ku>p~DN>nJ>eU36%&=C0#%!6hq{gYogaIQe*#=g@x0 zpu!PcZ-{!lq>GUn4DriXbl@2kGEQ6(g*ttJV&*@m`L@0=JPh=m_s?!wURSV~N_Zp$ zxiN_@#|5nhWhM(nFLpiEh$IM}i3Ms8{Z{j0=s@(|`bSkoMaF~_|*k>rmC%?V1h5gPB#9Oouc7Ui|EP>-?N zILWDeF`c~+f7 zONwS^Jfd0a7P!SXii%e=vu}9DvUN*o%RT7Qa%dR`4|pvy#HJ$i&a#nRl!6rqG|jS4 z&mj#f^PcGuiN3e+PC!P&g2ABRARt&lc7(h?;e}j=6}WEn3(f5ulSb7pM@chCj26xq zjMj_$Mv}o9NFz|sMqJ@0v7mQ~uA+&X4rZJVUXXO8YpsS7yCd$j5V=oBMidg|(E7 zKyENf%DUzuGeZ-?2XrJhrS;$HppL0n=O^E79e(eE6nfoBC}=*|{90XBMr5NF^x^HM zKbq?5t7Uk5@ZM`VOSO@If%0)=nS$k3iTndLcElXbjB@$#f~acg zfRh6GS0D#5tV9ZdU@$^{y(l=UAz^LZIre# zv}jQBaI}lc`D!HtG8aZX^QC7lXQG26zNGNA?^yw|$tc`)@cvZP{-Ue`+q946E)D91 zN8~HB*R|V2s+!TxtwU&WeZj{9#c0Emg^Z(~Vp%)>GOy}RgihBZa zL~6hZKQ^!{V>myAnBF;`H}Plt28XjG!7c7UfqrM(BSFlF{OPQQmHK8NZf<^1BFbQ| z>vh_S+$)T(p+ezf)YQ5MmR9JOCZVqifsNDJN>VeBNGcPw&Ro^C3RQ{MpqNu!@Dt)r zn~Z$`i~}Nva6=x170Tb0^s{ldYyHicy@KN_4$)NJNLamVGF*~a|Rin$SECz_02pY3Uy39B%Deb{kK(k_)JzCwf+zZo1D0*+Sms(m*z+--b5 zV_hYn(haY7(}^9oEu^u{%;^Q!c>Koda6&>P>XUVr=tLdeO7(|jNC%6yuBla=Yxd$P zE@8=H&PxOF)=DUU)Esf276`PXj79JF$uo%%VwnPcigx%6HoUd)9ZOOLc|2yyhWHK) z_hI4GiH54xXU4OWH|%ri>-2;vezg+i1_1=Fk7qNT6o)PpRa10m0ZVLt|61lc69u$G zpk@6uceYx|0&6u~Le0LclRv(@mbc(c$35o*)RoGg9;8=tVKr-8)xqEE-ux*Fsq1k7 zfA=lbo_5}CLRJWFQfNSXKyyOS z3vo2frZ@BL8__SX3&Zvr=KFKtH(cd27CqErg$xf>#oYzwiW)SeCc&It*Er;W;zMZs z@%y1{eq_?(1Wi7hE>JrWZJ8|a#>GVfk^NAJNW8qYX+TM{j(OgdOI@Vyj5l%=fb>?E zU1D<+FHv|)n?HttTKize%I;|Z`N|jq@SmYW`%HUg0dJR|OqSH93r^Rb5>4WuF=pPD zmb*6wflHlU7!`@IP*nl##EJ%s+3FLxtcdT#A_0{ro0*$)zXcz5$GYg{A1$ghys_#o ze;~_bZ=Jh(N9uKe+9qC1rW4J>-L2-c6!swGQd+9bX4W+Tq2>};{lbE20@7iI^Znta zLd>-LNWXVOLxD~2?+Qrx>)nP2-|N$f@YH6+aGh75AYXT$%ZkPAcCF{Tb`^Cjq<#SRuW*3O1GQ*y=(vD)Yi{v z9EchW39svguh#IG5?g}HW4VB_dbHnr14essg%X=m8iavNb(N zWgq>)9((Z6)HH3G<~C4!)?qu6##vNb{fFn)a{W@xT#t5Cs1+O(M3)C|02P)TA27LZ zM_K3k!PGa)HrOZkoa3OzyxOKxZ--Af8mFTh)&dTPOEMqona_yEKgR88ALd%sU>1&9 zyaMS8<#)F#!oQRt(ycrT>fG1EO|BG5%L^0P2Nz&xNAr`enhgi;3h*R36!`aox2z08 z?GbXCUkwco z-0P-Ws_H2*!OC;N1;@VoR)e2?C_{)&oi(Ji&-Q^=ro7r+I2aHU>0p~sWI;w&ovRH3 z{LoYDyl^?o>u)9)SBIu7B)s5aG#LWg!OW&y%qG(}xbqvW%ElCzW`EKH+Dh(e-sci~`D9p! zz}0n3C^{yc<&6;J*GFc#1@Cn9h-UZ>ubH>QpjF796gP# z5;!C4^0553YXRqE88lSitFLNOSK5+x*aVoHhqN`f;q4VSVr!q$(gGJ+Z|>-X>B1h0 zgbz8I(%m|97H~6i!f_r-@u4Dt+91rfcNyLr{!w^mt>5+Aw`;U*RIUuXa;3Ph+0bI< z(R(r0QIVRAvx7WiU>;xw%~h(kK|M$8?b{N3q(5b4&!0V?4<@XEIyCRV&{KLVzs;4} z6kkNK(9ZL{Q-EZ>#tmdWb6?Qckk9pTb5N1dYp)&vfyj_g1j{s=b_bno8unf?!%8J8V- zJ7lb4Xva~SQdFT~`y*kYA4h-YT`=jWpYqcNfgF(@YYc4jn;T<`-bWd*aXM&|Il-$q z07CVJ0DG?GNiqcY$G6$n0Ymot^A&N65|2enTNdQ8CY zPmbWEIjQ02s`Vm)8{R90T2bt0Mw?5y0ORB<#K_=d@)Q>bOzL~0eeyT8G53Jzize1o zp4C8#$%p(6FkX8`4vj^6C;!bWIAGvjj@=8LN;AKK(g+gv@)=&f#x6Ex;MyqK3mz` zMe#?{>wQT}Dk|(~{{SKpPkD5JvSa@3xw%@k-zBS~h%f;)Tb20@ZzZbcdZ7<(gX7BG z!bh6WbH%aet@3(7eg@k)RmD*|Fi!N{{8pUcYs8>=`(m|eJmD-MmZ%dQgy0@Z(Zvcl zk7kNFs{LnY;m3b=7L>7?g+q|Nfw0htn(&Xxk?zq>J;3?Z#r3<|mPlhLWEJf6^A zQm9{F$Sa|z*SU5Zur}~$X?_!%Kdo=1IqiwJx!yOh#FEm;BR93OtFt^moK3P^7#kn{ZK@5K;kJy;II8vUL(Vkmb@b|ufrK*L z&ZOh6T~)j@JxSJTWAuN}-UntHfIUu@5i+nHTk*;lKvHM~tZIox8X5uczqZT}|l zXhY~IC4yzVVt4yJXDw7TpoAnbKi`HDu+Dn^GO!H=%1YDuRKU%NsYBy?D8W!m(wo|C z4nSl`)uAY7@sSDd3=pVbL3DWr>d`$2#Jhd(|1qW!TIsS@6dpS~Kj(8I+DF^sNkemB z;zyq$vlJ8y_c3}#Fo!>y9Ze51>@~PE_<>=;O0UI zR^jpDr4dq0N$6{uAEP}QUe&0z8digXDp=`Me`n@gpq|$hZd_}31EV)lFN!&PWIjD@ z*Iim`UK1$2t9OF&9A$lMb{kMew1DWE93(yqL9tvfkg*wNv)d4G&if3joiM45@){Q; zy|F)*EYeqZ?OE>j`|_pGj@(^bCSwfIe}=uo!B>9pWf!$S%CXIB7v?n zuJ){rtM?Z3ur{|v!6IL-OBeGz`quR!;F(AyO9Y$4MdhX(S0nMeZuX@pSczu=56SFq zd-hY0$4ER>-_*lEu2)CXNng%S^G@BviO)0fDAd%P>eeIbxnVG^UfWNUvbhG%g|6J8IXH`aTI8Ic}e*BTdZ>0XU1R& z>aho7u8B++4_Q&T{rMbN;@g<$>@v?1bt!qTO|^OdLWSW}5BP4mOqyK*Y~#E+Jfvsk0~$% zykANd@>mG}ofbPO;joK;Ft4Nm3Rr;)oHlFK5XSSGV5(_glbGd=Id@JiCb(rtO(`g6 z;)smcl^2)$t=t(4zZLzZ5W2&1l=X|#)FZlhkX)5UPn`+-&N;ICG1+ais=*&#Tfj}eJ=}VwR zy4YJ8+b-4uoJXSegqiVZs@LBRPi5z+EUhcKf!|L~RKxO+#EDfsPR0q}Fy*RWy*_bz zNB!B9O~{lJ^Gxg)w&Z6KvANt+4hjQuvYwD+r3l%D4e96u7x$dsoA0k#;#D>`MZi{H zYy4Clm>FjWMYaiU<#YU2#= zw-GYlGrEm^(+A)CUel_f*^xH2J+I?M(h<=dz>y`%qlP){^0?o4+Ua$cWIOvuq>NJQ zwUA|&%+78k%)iFwGJ`;1mle-Puek|I(aMtf+ z3026Ty%@kKa-G%`Ksu6NNHJ^Te|xD0PA>F2^(EmO{5I|f?lM^)GL3&)YAlW}bUF>$ z!EzHZ4)p`YfK1IYl3$Ez^#P5OO)xBJ<`>l-#Q#tDQEZXJYu`U;j z_Rv~Bf7iriP@rb-R}8Yi705$fjzSnhxMSxU_yneQo?4=`?gD?04LjYpHeiSgwPZxq zAbUG*M1-eQ98^LK!~V(CfV@!B7GY7!aXxg44a2@xJdK{l579B;F9Ss&x(3GFmJY{V zTLpfSl_DI1p65_BucUT_}vRWi;YddPQPDvif!pXhj+u1@OUNgKfo zU5!@Ct;Q`sMob`XB7QcT|(XyDf}eKuQ2bq-kg(O?n5FNEHx}E<~DiqI3vF zMInHIbm`K2FQJ3<-g|)1TYvz8(8-PXJLfz7p7pJJ*Sc%no4;m3^5&h%yfb_6XV3Gb zZ>O`Xih?)1cN<9%>LG_rvT`a(xA#42RUx)iur*X4Cc`0BJFO9inB7i_yeJ=51c48o z5L5Xf$K6Rg9%@*J1#jra`^;y|w*{BS!PERl#i>aSVzfc%_*KX&G0o|==${$=ewv=% zY$w&K((y=nY2CdDX;E8`P|K5P*Oqq;M(6s<$8)$NvWuITBYp^b$^L@|l&=uj+mR(e4F@6y@@3^NvGvysgJkLvF znl&yPS_=F?@!N(shD%05)w#yawZ*jJXWo}`8RS;ZZMvEt*K=F(f9SdQdGo6G@SoPz zn1i5m!$-vEvsS(|DW}Z%Mag2c@Td-%j zj~MS%K;L=wx!yYu=s6rfG0N63;}izxkI&Wa=psRVp}%!ywQ@A>w3{P?gR1F&DOIvqVQ(UE3tkW3*>?us1+~b?jT*3Dyc2;^z^Ce6O)cw^PUCZl*vVwGy zSyFn9^@2|5 zwTOLRpPZqhsC9*HnJf-n2_lj%?f!EHX}2Znwhy%IZ0d zbn{HBO9yqK^2kL+N=*m|}n*O%x-(!luK88WeK^d?1>-H)I!*b*k4j<;b!y!2ud?MO^IV^d~sP!NDi3 zxwzR7P;R9f_oMb3h#%AJFfk3w1@b-FE8H`)qxwvn2=wmIbqFkSM5$K!N8 z;xp~xm@gf@G>hI(CkG}zD9D5Zg(iNBxWSh}WPo5JX&Y|F)j^*_a%*=9#Z$9wxW@$S@|X!%p&?u6jMM9sxk&Bh=_accK#)<* z1617;;bT7&v5Z?u3+v;{b%?Ix{-MfzeGm97*BW-xu-fSSbU3WoZE)Z9EZ{hX@qzZ) zNug?Y;%)Cvv)nLmKbX$8_xX?$g56}g@Dwt^2-WMmU~V<>?pOp3At9&ki0t`F9AxgM z4)Vk6_@CzJAaCK|r7q^wc(s~fGs z(aw;?&S5{qd9{8u{~*ONZisB0X2yFD3J$2Kud z63*RJBbN%_Y)tNN%bI^XO)%@jS)S1zhpC z#wqAW#PJq91MmBN9)@(=lCuvnSnwS7!sr2KDfhCRA|SY5!lLN%BQ%!ZQaLuYreC3S zPpki8E(H>@m4JMUJ4(Od)a~tP{&~F+F-tGTlXSSEYAUT(qyjQM*H2B9c9`{O>o`Zk zSHxZAc*y~w%F;UvkBm_I#C*H$jClA`L&DTZKtPu8ZexTh3ALx(by1K32HJPM3XeY; z$a3%G@O1p%f1G`-N;>Cwp)Iu3Q?#uCaos*lV)uK0xU_#P_!KC7xN7O&pUqubvgG^b~>Y-!u&b<4rTjm(_48Jq%ju)T%Uluo#VEAt z_GLCm0s`38zj-15RjbKo_S)Hm%yzp^^GwIz4nMth|L;L10s^&vxH+|d@A8~*o-Z5wmkz^c{$@fXaQz9AygIG!xtu@I>^6=xE zxE_y)q2(xD?-W>k{}~A-K)3uBybf#|Uz?|)k7Obb{UsTznN@$$81%RM9&mqQ0+bZ4 z8)~f*a{^HTn{6~4&&FyTb~L_#_L@a6G4mKC%!)ZBfHw*q#%@TzhA$N(Fk_&iU~R>F z`Ro%ElDN+g56NUi|%ezNLU)O9yMg<`d}ZS3%oxj^CzM`JCLt4>+B*a&)TgoWi8#ni_A6P6ku} zjCIGDIBjj!*IKIEsy(433f~H4i#<*=%{842B#K)qL3wWz7*>pJMe0(uVv;Dwwd1wh zxX1*B;bi*XYc<|X`R>14zrz(W5*`1#e3H4utzY(3nMQB>VqadZS$Tdhd1hRzuIdMj z^CTqL<3rVWi$lG?bxHJbaSQFpGK-Z@j7}6rFRWgy(|h3xKri4h>LXzyeYy5EE$TEy zYsKzdF*^z+W=-Zo{kx05DMTj#&m9Ex7o#?KCnorZ%s&PwD1`}U@w}xK*t5fDP*B~E zng5%ch~Sg=CwaL~4M#GmZbK7=9;2%@-YzU#t%SNGBi@*l982GuoCi+hk;T6$v}hOw zbcUZUR7U9Pd(>(sCOQ;7MF*K-`vasb0oR+W!gDTu*$?>awq8;AqP3TK3c*z8iN9$V0|IWE~Nrj$ZSkpQXCCL z=ss)6!3j51)a^>D{A_FzgFI-YQ23~@ufLmPBJHV`*0{cc1()<$HkX&uc75%%aM(}G z%Vn-`J^>~C#SeV#CN+N)JdH@;(H5~jDlwj~;^JGg@RJR|Q zCuYdSso%ilf>`>4rSxt$#d}tNYZ$7tK1(P)6sGJkRym*isyVkTQ^{4v@oAW ztL;`P$mX5ReK52bp~h}4r%@x|YDpjm!laI`qTk-_A{_%W5Wa#PnEAsrm_c3Qv5vzT zuPH;5pQ}FqsKy5bDm-(9mE{(j7(X>-CT0TvAP4lixELKj=NGlnU9&?O`v9-8fLfjy zGkKab?zw2P%2tzywt&|a?uCDwY8cUY{i61k5~$DUBOveMMSFxtSJ6eNnmw@E5c!_) zd(ghIKkOhVXn%8j{X0JzhPNj9u>e&WsoOMZ=6_QZClap^uEhN#>Fmy9m?P2tsFEaQ zy=3zA5uN_=?qt+a0QC9rdG``UvX}aV zwSbR+fst@{Jo~hv(AYhc@v=X&Mh=k#B%1TSH-#YEYR9|c!LO6;oZZvs^86J&d(L>J zMx4$iq^dQ~aqq^Xo!Z{%k5*8`go`*kr*n!zul%+^x4v6ujs6b>7E^xAm(phXP>PR3 z#VL1qRZNn2k7+KSY=*m`H{Z>Vea&txS&ce#WH3LOL=~$nq4rgiW2GxZo;brxlB*}# z&CKn>+7oWbY#bsBhBI$I&ZLU?K(~93Ka?K;kRE}AyUMeuXTl<@VvI`JB%>DZ=S~V? zBZc+kfleut3|h-YX7e1u#d{`OI-J2b4=nA;`2kOx4-I?wkoRd zP2Lf|%$-EA6GXXAWr2L%zuR9D@xg4o^;)PO#&}lx;J7v`sQ+njKoGy+$hzsg8iPx8 zkGIs@*$hhoRW5cyA}yWRTzxK(=}=UIXV%a|SGgMsPFB56pJ5#%dTyX}2UoHp=N%D@TxI#KVTv6+|BFl9Xb!E1`Buu<=drDsMo0A4#aTJ81@3+%4`x8|r+?R2oH z?%5cF*2bRA7rq~Zs`brU4=C2PKW@(j2QS6HB%Lz#(I|4i zj?zpkQ03x6Ho$#hI@)Hkvhmaa(J8?6GG3a%zmT=b&$`bOXFsg1mPU8FLPmuX zy!@|s-|puF(ntSYFkK@+4?g*?eM^!&lvZun+~kFvJTVV(!(sNj=M_F99h3C>w?#%; zxC2OAb}lm`5i~Zl4zUj`=CLBo8)_^nM}~)oA}Q5W{bEi|f6E>9d296bj> z3H~+-Ldntp%mD6Qe|LF*crNf?w^k6_jqp2#&;L$GazeEb0{9!S8wYkL37Y`Xpyia& z>i$u#YnTK;e|Vho!Uj9GOY_tO@;q zI2~;hrP>@BJH(5*79sEN<`jBUCe$#>I$czx9yHM@&VD>B0*_mfjQJtrAP4c6-`?2# zaF!tN^o$3cFN)vJMLi?4aVz-!eTL~8@s?n;L0EXLqtl6{S~t(ZxG3riqn$US*zec+ zy2F;ZiW**iw@qxVAYgNv<2xgE786;%6(u(*d^re53>5f>3`K(2&1dX4Tv;mY+q&rI zQmy(BtZy;4Mh(hn=et>+F-S+j6jxc2yO}^aR%TFmJv_U-r1F(@(S&Zc@p|>B!UY}S zHR?BbUyUrxOgE&ctXv_P67|5Ecy{m>s{+ZC;bKv*!{kPKQ)|x3^Tnd`$;iU@vNhzp zTdOM3R_^(r7B?Pca5z;XAn0Fi=RqW~dpDij{HNZrMlIJyr4_2|HPrCTBr&jCRkFX8 zDm$IZ5vHaHeTf?kCF4Gfb?p=WsEp;4j_Mdm=GGj2u*s=}NmPF2#?l9U@!;;i-r`To zz1_7m$6G0tzALqKjjkJUgUtCP>k79Zj=84u+|NVP@sc8z2(3#@uL=gE!k=hwgh23KDdDQAS-x zmbf1OI}@@kv`TN+ozfoXGXGckcU#T!XPk{YJB5WrO=4ac=W)5VlZW=K)82g5%!Iw+ zug`Z6I}rx=<&eM@Qq;az^C;3?P@+Dou(&?J~yo&$kIjgSqFx|yM`S|@2%7o_gv@> zvT=QRC*q<$$`}?2&wU87_JvxjWseCI6DhU0IPv=<97-_bClC4(#CViu6T{EnSH~5U zj6Gv^^iY2z*X`i4g@}uzw9S5bW%Yeq9LY^_KMoymY z*%KRrd$bcdQSsAiz9&=eGVskO@?>Rrp+1}45>fC4k5z_e9MjFMdzL;t;{7kMh|l72 z-yOBgdLH{;Z2aaIuHP$N8}90DoMmeQb*ZQt!TgMGgO9=nA>6w(ou9uW_VPtzLVF~G zD~^o^ceUJ3#_+d)13_{Bz(4GLq7KjyX%W&tbuzV`kejrXms2U;J;U;3s;~yTu;%zN zSpy;edH0HZ!{sl8B>P_seKay&^UnhCGq$CxZh47*w>ARCTwvE%+saH%TU7n7|KvUm zpxE#Vk$HE=kB5$Mr{d?KpDBRGcZ);o?*PGIb(n_GEc{aAd&Zd_j z4rSXZJ7CHzv8{)Ep8CSCDf~c}=Z`)l2_&0?!A$3QpMNi?3WULS1N4^qC;+H!l$Egl zwhEPtAr-xar4&*D^yT?*pYO|CK-}f(=%M=m7j~`dJT+mV0G8;uLAzs`w#-ayi@CKD zE!5pjCI*L_$N|m4E4jN7W?MPzxzz)fkD?y^Hm0BgwP5hbYr-T~G?)cQ;X3<%Tco_s z)<(uzU1yW>LG1TPl`5*dd$Ur%L@P0UQeg>eZeEHkoinzREW~X|alM_Qd^&bwdKOIV z05*Emb(!zO6RWxo%-zcC475}$ zfZ{NJMBLAAmfuQWx|FO*vWdSE+rDkN*DzWAH-#*c1wY}M@(Ibj!zAHLnHZ7be!~za zAUM;TX!NYORjs%tl4P`3g4d&m4%>tVe+e@dPh5k+^tWHzZ~(C7~D*bY#Qr%dIuVk$`z_2 z@%)SbDocDs`XpmgtM7%#SH*HJ+b=5jViqw^v6o2`3F-mBgsWS$8=@DwQ4|H6)vgcs zJ{b0#W=bVdm+#WFsTF_B@D)qol;~RA4mqZC!tz@&XJpWCkVH*wU4P!bEpP3|lb*5B{hw2B81QyI4Sz99_} zBj#+te}@1q3j}3AS~a#ATnbm4uKATGmFvM^UuR>(G)5En`(A5ts;leU*2Ta&ru4=; zI8v_a_z|N`!068;-$?;eBX^@?U=!Jol33zm*i!JnvBERgU+GmDK5Rffcp}6kBG3a} zH$S&_TT44${0`_%{KH;+>yjwz`-Wm2YdtsdAhtFk}QuXS5|HyGnHS(}jNwM&yLqni?m8rC!? zTh6`#)LMZHNd7*S66^D2WjXP3b(c$gv$8?mVE@tsXF2-0E6+A}s4$+>%bJYC$xY}v zO~={|ppXcQwXR!d4fM@b0E!|kBIT#Rpx(cPoWVjYfjtufuk*xe>)t#xmTZnPKkB~^ zW-(&dJvUb(rHTRo7VnjRbo&0iW3cJeH6JY*^75JKZSNxq$|NDP`%wphw<#2*CWaFt zsywl&T=;8=;ICEItO8Q$=SCE9|4g@(Hhr~7-5~F7$faz!^a3QS{L)`k^hx85!>gBK zh)27m^C@=gR?gv0&E6-5tkbpvTIj_w(hZZZ+x4M@&E@)SFQzfWOf{t?)cR`YQ~hc%282 zo?=+*$bZ5*CQW8faHV_#ALpf~gpYpn#*4ca^{vEJvRcO^rBd@;vf@UU=&Wl`0lNR0 zl7wl78eZm_!Ylo^V3L39oe+GIhwU@GySzIBa@zkI!2W;#{oe^?ZMcyMH5|}}YN+qk z@p3(%10xsoAbFWwDbeUS8&8>4@cXSo`q<l16yHSNE>8TLZk1g^K3Kp4e zeEZ!XsdOI$UC}?My!EGRNX7+{#_E3D9$vP}xQH9p#>1I<_{xYRU(tY}!z7Dnr;>JN z(!JC(b?<~y?xT6^;XKN2OgG8f39Ry^aPgpSmBSjrg>)=r0CuJb-q2536*oM7e5k@u zBMDKy4o%A4_W3Js;e7HhhY}Wqrz-l8iD1aNE0&MV+sW?G+s>`)o5S>rQrU)we3DVT zS%N_;KkiSqL>id=0d-sMEI(i6N4A>j`Ly;a-c=gUSJ_*YzhC)FOn*@51!uSW*Ytd4 zq6D3B9sQkPsiz871K0`mM5`k z1i=<*^-EuKdRaqzp+Zv-8~G67tZt=|oBYL`tL4m|PGPti&-IJ_^Az8>_t=qbnUA#h z){&!M?=EpVvjQ=#o^DfFwb2SrW$zo?7^aX3u{5Kvb+$tz8;0UwUsos*{Z+QeNQ)=4 z`fV((&Lf5-ItD+sg}WMhXKPM;|AJj^h45E`EdaiXJ4S)==CR+4spa(erp(6jco)CbRF zh+$ADIe;+V+$BO?c6Q@+6wE^Y{KC%G)ywyM$52LnK3A<)Mf0sD5@N3KPO@p3FHGj! zKa@mYasY`?&a5<2$YLS=vx2n{n=5iAQkN%eTQ!7AaGHvnamv$H(<^7>_wV>;YvWN7 zZ&1GYHISi9!o;9*+(!GHNm}E7!UmefrVp#i`oS8E1q1he-R#N0HKNNmXhPL8pXBGD z;ia5RWQslVBuV{5T$BX}VQPaU52GHh4}WIc98@)psS$jZJSbtgsa?N;nQ5pA!!CUN zX|&PcrZy@db1mwm8r3!NjxhH-*@HaG`ybzS<#9>PK2hx#)%khY#&>G|GO6tLm-%T0 zO>cRvSv(BRr`gVbnXWh7@`MwB&r;89*WcL(Mp=uvY}9hPK~=DE>vq*$de=e+b`{j< zx%y|yArL#2vh)|}+pK*5Mk?F{fnHc2&#T(*>f0YKFV}~*#Pd9X#5|oGb(yrL30&!< zwtYMy#_Jm7;NLG#YC0VS>FxaP=qmm%v_b}v(+b%AsN%JPO4FsSt^j74$xc3prLo%S zFSWM1SL$*Ws!_}$dh#u=!R_x_rh4dW4D}Ubftrw>41Aj}^{6_h`)q{a07Y_ z39)~V96fMpU%qA4HB!cD4K~E9l-kCd%GG`T&~}lj{jYWUHIAJxluQzg9Q~^Qfca2> ziGMH&>`pTFM0|Ko?m@Xvz}n6(uer=J+d;|QW2gf$cE$91&|3?JpA+CyZ&Zzs(9-Ji zT^luQg1G*Sbo~kgwLiKfI-L4xz*7G4I#GN37I*izu)W+1Ya;CS6x`ukZGP=r@vTbb zy|sQSnUP7BmI7pAc=*9tZ_eUqQ^|q2J=~V`L0*>7ZT_v(Iz+?dtZXO3{_yVmOvPBm z?x`COvbd#kG4h?rIQ=3AWqH+Oql3mJ)R@`SH(pfnpZ(zzS{kp*`CzA73SXI;em#wB zBTb6-IvL??-QE} z51QWHHOeda{g6CVORkx67Ta~JqN5Su1BXwZdk(_KL z>4tc_&jKBH7}U`#Ucd|0C#-!^3}ROMdNSeXi{{-rr4`lq5BUob|MsaQ!klVwu$~i8 z1v;PTpUOrHZJ-LPxD?doVX%YX5DdzCjBGHCUmW%Aa%-14S#H4f{hmwc3b|Lip zsO)%XtplBk_dwzAF?^eAmPRm`ksMoDu&Q;r^Js*o!CD!4_m6kHghapvx0)6woA{_j z9U$=Ys_ja!1_IG0WXkrfRVq2z@0mR#!dS%4vCx$R?U=~`=uD$1iE;BI?hJ>SZNE+7 z1VC3Sdp?Yo4AB(4x9n+qmGj11D}}q{L%_@K@eGytb+OA|VFHgwv1`ZgrAA~B9k()W zD2w?9ti7wqsxr8}UpqYlf6DzrR>1j+8;ebcagKDZgzoMmG#zCxW zTm13+ee))wY+6NxXRt}Hx|9#9qX}1?qa64tl`HM&4epa+`Y%y~$0|&KfEdmy@k|~& z9hTI$_(~coIp*(?aKZit(|%8`bz4j5jj(w7W{>h-W$8QoW`b}!86jAX_(BnkcZspu zvjP|VPHZX2vOybE#eBm2n^$njGltG7#v=1U(;_@kS*0HBw)R8=1p^nJte6DTxM>bA#5gMzEG_Cac==(b(-@h{7P*uqu zYOIWC6agCjs^8byrDyfu z4?|TxV@VF^aGXkn+Rg?Ne{|_QTWwypjg`fW zgoXWj_bt7udh`W|)%FGRNLh!(e!rB=<&ac*MPwJg+vv$tkX%0xuVi z+zfwLO8KuP_fks04Q}<@y&LXK0Q?v|Vb8Hin$MS}n3Ndfn_wdk{ZN;j4do;*b@8Rt zHIEq?k+xs~KFG$ESf3PLbwJ(=)qnG2BffyU<<>FVg{rnHmT9CwFzJ!!vm9Ctv>j#jjObuYH1gfB(LP zZ|8ksuM7+BQz^=t`R+kO-3PRH!oDf0R`FRqhbTKmN5Wvj9_|}I-w#Pn@V~w9;Zjx$S)ee4j#JFxX&gL!gh$H6>9JCoy=V2tX0k;2vzD&2s0=m{q+I*tKpF^1 zri$(e?|OT_pj`k%OXrKdjw!d*Jc$f%g=`t6bN918zD85`tmS5=DHjKin@fn|Lt}#% zVd_+*D+73@|D3RsAv5rhA)-c6lA8T0jSqfE!Jr?n_waST(t5W1yJe*EPHc_x->xte zzh;lahRs(&0%8AAh(S-pFPf%*`R5I8RU598qMg#gG|D0mgFND5M;G);iDk&n&l{uW zM;$Cuq!n{_>HD_w`P$#BFwjNGGRu0Wie_3wFw45dD)WbOo)P@F8K<8QF2}-Kv(fq|@G{o2bIyW~Y}hws3e%k& zZ<_JV>VMlOPR*m&T*ik@q-9Sog^(i#O1$Em6}7>EXDNLG>)#qdpgso77%nL?+5gb% z9XG7;*+Fvi-E%u$YvHt8N~^CK{!A)@`cx48C;tws5>ISRps$joB$p>>iE<;`bx@|^opQoTYBJO1!;D;l#s{s{!>||F>7J6*_dv@#ynYVjZQVX(uO4)61s5GR_cI*Ip z;j*=!(#8Ebyz5$%WM;d1X+hdr_=%Cd^ML_{f~J+F)~vn8p#Cz0?lDK5zr2N1@p(J~ zYoJh%w_6NP38UV$Y95?BM_nIdlHg*R)OAS9n$P%fJg{w@JFDYZC!fAvK}pC=rk7aE zJ#Fn#Lw^^NG>CbD-aa>oa|m1dx1kcg`DbNGlisqiF*ssKa)Uy8&Jf-e^YLQ0FpUcv z`90xv$kZ2?JAlskdZR`G31jdN5qIad0>YVMm)rtUem{(C7+6hABE)ngTQPUzbc?gQ z!-s-jy?IqtghQ)0bn8K(X+gP_hz-;(tVhjHd6@ct7Rc)H`0KoZ1EWw`PZVAz|&y3yWLbQePd|Vy8OI9MaXnd(Rzd3oj26cv|soz zaQD(C`QBT%$h0e0GegdKjr?6bQ$11G{O!B}FHW@MOF7f`I}@|=FANok#}kZ7_SC6X zrih38O?Kp+c6Af_eb4fV{0H>i);f&J$G6S47ZLAie8mphlyz_Uq%RdUUnsvMy+^TY zF!KtFrK3(h7{QXM7Ozht9MZ;CD8;+1NCrCtXo7|QtOlPZ@L`Fv=TO@PZB{J zH1^a5E>IDM?gg{XM6i#1*M9Zl7eAo$EMnWav{fZ+rx$7uCS1YO5HhS01gi^+RA9L$ z6O?gYt^0vgrB9J8CL)DiGiJrzGmhn{&`=-?a7lh&A|l!;7A z!(vpvZT?M5owK!vRh$y6ut7l=(Z}W^!q}QtX4g_sOLa@jNsO4IXL!HL2+$=8rsD$E zu9@V+2yCve4rUcLtW+>7JbDBi6PM~MEYy`gP_c>OW7QGU@H3w#ZW9Oge1qv!!Q*S0 z5~C?XTSj|h;6E9Twk70vd+jJq%ImSUiZ-( z=C_%ID~q4Z*tz7a%fF?5S{^^zgpa?(nRhEPgG`I}uu=Tq5Z!H4#s+y3p{B-?T6`bh z;gN_^O?67ne09uyUmMxP6j+D1TOVGFRvt|bc>Y_nN{h3&DZ0Zw@U9DOF#kQMI z&D04ednDMKJbImG#w?zjA1aZlJ8G9bxGwC;M*VZH30xc_u3`(JMa3pi-K&XAs*F>o zk@F0P8!yD{=F6LM^ON8x2qn$d z*#Ht}>XdodT2)4;l6-fz_b932ZzpON`fOpP>(%lq9y76PF3J`KSHAfCCGypo48MMD zyfecwp!D4R<$Pj}c;F`I>U-8$>0%1D<@eh~ZoYL7jVA^Tc|k2jsZc@8-%5PsY=138 zpT#E~l)S`3_|G>FblCQsPBLHjGV0Uat#%IxxFqmnf zW;B!Rp7!xdKB<{`A>X$*O_L`_#rG{LbUGDSnZ^VMv_}h2MYPl)sABCkgIq^j!<#k0 zQNO!sn598lqM>tEC)H*ONb&5Xa$smu$z7GE$$S(2;#dd~bAtMp>ow0nE%w1vY$^YS za&b`-{X6>Rm%6@2vEJhF=%=e;lLCGGwZ50K2CNr-kBaw%K0AcI;=#TXp{7}cdzimJ zqtkPoFp62M`|z~#GI21$us?ozfUM0R-k7n^cNGNQ0+Ow^)_QMX+|+23jOgytnpCbn9iNZEUVo_HCq1okoFh%of zZODyT)(>`x_E9k55z7LiFYoU9T7}$;_&&BQL0wrC-VUVKiWw{V_iPEq+(jOO8r?wE zKlkEPh`e}pnyFXnUG(MghtL-mTI00-uF;|Z z+8-4Mj2vXAFP|QckpoaUJsmI%5E$lro!9(H{Lq;waE}OIzFnA|;!Fofq|&LUWw^J^ z5c#a7`YUt#V`fm;gp-1Aip!zlTw3DuVnBZxc5;i7b=V;R6I;l=QxAV|W zp}9_xxxsO;MDt2QF24{dRW9jP5oPFbX}3@wv9ri+bfO2dDW0G_Bv1f7e^bfcs^jkN zl9&K9B@P!Z+-I_Pgcr#WH@!$>BU`0^ikTcrZ@sT<)fgheIZC2-549J6Qt<+1lr7$Yyo%Y7#C%7#W*> zhYe~!o`ie3eYo#)NRk04V=Kv>nZ@fou`=_J9|P*OF8hM=NN3f{ZD39ffcHFAA%|&6 z&pohwH0b;nC!UY1`{{dT!BB&TDWSyR2h7A*SNoI4guCs85HaigS(jX9?iL77%~SPq z3ggdkh?>*N$0!fnV$x@t!q28zjsp~V_lxf55un&C%#)RCCkO1_I))g<-P$B~bo41t z6X2cx;FLPbR1jBLk&?i|6e5o@5FW_B0jFDg|LeOE;=WQ$*?pq-1TlYtUt+F4sdl}n zhWeL_q4ujew&;Kx zqoJy1!L*J;=1FM5Tu7Cq&T!SCssotJ;0V+t7+sd>&4O*~>c7>7q;MSjoWNMWkD_S! zj+}N`e2H4lt%D+%WWSvx_496@;Hp!0I<@11aameqbPsqpF4n_kHzX$hm>54yx}qs8 zFmX|uxQn6nb#0IysTX_$2|hVG@a3mR9$PNUX)7l>1|83M+GbwZ9i4}mXS%YUUns5H zc$h<%R}G?Tg1iZBlQe6sN}LS0g+QRCZaBOFV~IMZAJ)cgpu!Rjs`kG{DuH#X91p^9 zF!WT-N$bYF{sSWXx4)G&tiE2orQe>kY9opHxd4uoJogTH`!O=zj&i9 zK(ZX$!CRNnQSa)c+kfYS(hQawJcF2+N+-Ns$HC$@bl^2Kc?J*bMQk(xf@JxZqAbbc z#p;}=9sz*{w+`!f5M7>rh~>``9128e%Y%#utwc&xLXXQh5a z_+#36vnm;!!D@UKf8u|=ji5MAxPZ$WU3A@$elJ|DBo+9O$;CdaOjyfiQfJVDI;agD zoAgRG(XlS6Ll|v4{aPKpGfq-#w7;VXsGvcz^%oxyfo6mPTXCq)&f zrq6oJ?Fbu;tGYkTI1UPEyXM!R<~JiO%)+Xu!xC0X}6w($F7vM;;u9jY$*SA^S*G|qB$;K%pd!7r= zd2jtJZdOu^C6%}NRU!ir_Rdtpbn_0!jB4^uax;4_DrU+a?`UUA~m#i*e2Wkwfgp{Tpj zbl-bA41OeuuO|PhE|0@j#4nQr)=$c2dAA!9k7gjND%jJx(EuJ$n&s(=Hrb3Ao6B#s zSGcHJsf&iLNhU07`I+Z137JGZ282Dko;{8IJwBw1*;vt=X)*W0wD5()jC-Eqg4v-RYl!g~!?jDl>3{%6y9 z-**q1_2q{!V1)1UO{^#wBP2~Ce=NFsvW7_aH z3>1KJ*_mocgVzcEy``)qCm*^48GWS$*f249A1^Y-an5Tt;}lYESlsaGj6ITnGTgU% zYmzHS{*+pI<6}c#;%U#dM?q#hb@_2;sLd+kOccH-qb1cKOb6BQ{mkrrALS&5vigZ| z-RwlWONv_VGRD)d?R}o>LOql*)+1F<`lAZAIrXgXpl~7W;`CJm&={ApH^U<^9&&p< zmE;g-XkPOQKVjzVcZUe3D_wA%(m8TL0Yp|==bR$j=GyT_6NI-8wHO!xkP(=L9UWBZ zRD4uBWUcz@P#m`g;RoQ&a2|d}e*<73R08fY4lEbAgrknQ|r!HYIKIrmO+hG50H1U`wdR zqa5u(NN;74oG;DFMuh; z50+L%9972cH$&126KB-Hv`*ccz!VzCt%p@Y8!H6(JJw^In4KD82QE-cS*10=K zK4}v{C1F;L>RIbI zFqrDzZv1nKn@U8f*)V9L_LGEku02@bVg(wW21Z0$Acs zel>f` zgic)&C?2Nl;`3Hp?E4%K`{A7?f(IKF&T{>#`T3c)+fMK8tg$SO$o`LWI@-n%TgrTu z%w3EId@@Av;g+9XtMuH9B)QQFm+mPdh0a)q(}zKhv0$CoUZl4YPRm^@S1Yh4ak}O3 z3V*Ft7sG@8^TGwXJ2Y_=rRFa?#icvzO^Qyt>0Eg)>hL4+DX?8B`kCK%I`^}>?RtGV z4>g0QR!-YLo1$mwTu*rlHEL*`-v+K5lx~k9RJ+oBAoWhK&l9JH$0ASU?#t*)d(;(Z zg7mOg9=5N~n?oC}wJK;;G<2v!`1hpW=$ z1SXs-A*Q0Wdu-8RpXPVTSVBf%uVO^&Ofg;40V;qXyCZ{P%B%hM@+c``ZF2YV2!OZi zK~?S8LEuq`+novQETXr{6lE$Dcd-eZKs=6`>#jM?Lnjmx#WPs`{-`@>5|=s z=m^IEi-Lf7M{rhyg)CCMF8QdnRY~BA_RNo`3$h3Gvsc(3+K=qmnsL}m#l_PvuDrs} z!snFkxSmsCTeofDNMK5pdy5R&%*Pi~}9bNjBsy^}H6`19i; z*5+bH!|8MNC%|G@Mk`grk^RSICdz(~5#2(wHLkW~v|VSXZT$I&Ck5w=*x@)uA{r9=>S$N$3&2M$Y1Z5>Y$D35?K~GN%b)y`V%)cuxBn~_M<4fw zSO$E2!N+roa7q(4iL#AZM!6H)C;GgHRW9`#RH2Xy?4c~qNSIX0FBSg*f;qW1{6iHe zzds`^c_PjKhe{2hJ~!f>9x^xk&dwu37n`^>tQqd{ZP)wX5|)PldNGnxBlT$U;&sL1 zpP1p?w?C`?M_aC7;juTu^^kHek7uASa-<}6Tt@}_I=E*-rGMV`iSaIktP$TJAmEu# zKl}&3Bl(*oVealp4dFfFkV|GL{kZ2pV}JiRJMDVoZ?LeD;~yu-4L|=a62C+A-yo2t z<|h|%Sp2*{hztUIT3L%88K9EUFG0dbLW4$XxUZ;wF8HDddDrVCDb>5)wKjx@^7rM($trbfo;8#^_kT+R1Kcnn&{@5jb_e>) z@vEJBN!WOBH>gme4%LLJ-P`BJ#NAVMyp*SQoD<0!6M_q*&1`l%nyjLgE+ovY&7sk^ ztp0v9ZuQy@t#_W(p=45jm)A}W9CucqnUmn>i4*24c#R3fyD zZqkKJAJ7*|@S~DBUZ!DY#uKYu3eUf%x)husRB`-RW68Vgug^zLk(?-U8uxCf{smXp z*3ak7s}d;}LUU8e)R}*#2SFpt+&s;k_h$K2T))tH?sX(~m?NZq^m{-p*Ai#*)~$xq zcEj9EF^SgC@Lq9o5X~INtp|or4~oa!2b{>H?;jp{jsq^^%5#3*%~y_m8ob=ccsGjS zvtn;scDFwJ0H@{|rG!m%oc5(-XSGSHfO4*VosG@X4 zo_cL{lqK+ZY;Mwwx#Q=zwk&G_&3!oQ=5Je7tt2;Ne3c;l3aa2HLVzzzkTWK{M{V>O zm;go2l$`4WoH{(2{9J$8G;E&Ys{*Ec^^^3#FUB{!e#50FC*3P#^l15qow>YgwyHlC z_p2~woaa5_$9QXdaRZUHJ1w~P7YA|wqqpx4Yx3FFMNzSUN(T{;(7Q+n0g)gG0@8ag zp%+8%qG0GEy<=!X=)Lz|rGySrL+`!cBm^0&)HB9JW-vS!>|-NnO1+tpkE$L$}m`J(@l@4=X#DeFhxX4 z=-6m{Zrraca{gvKP+`SGbT}$V4mi6){HP%f0EL|%VgY@ruJ5R>j+HG8S z=v66BGPQ-ToQ->NE4MP1DJspH$I-O_^C$o z=V}|F=Gr<+_lsb~#Wvh8p))P+L(@*V)tbP?$|ea*1-*MIm? zW1hW08rg}zzh*_%zh>LjE3D6{x3m{fbbZNNU&rij+tCmB68*eJ?Of}yQQnG8kOiO% zn$eAMxfqI*)45t3;U7KlP-~AhXPOI(r>I|b_Efod&p8`e6BxPR?(W%QjNHX}ZE3Z7 zKFZq~3=e=z5nZ?ZX$ye7b4rIup2*mx&LA&Q>tDG2<(_Mq9PaW+y{FyB#i|an`TTvM zvw?DiSH$K1I*z6#_|<_2xuap4tjpzk|FMV18^6bdrx&I58P;ZG0&Jc`9gU;i(a98_ z%$vW3r~n_2GhL7WWT3cmMQ^%G$M={8TXh|{pOID98<@WxO`N;f4tq40ZA||eJt(w> zWMc08?B`LU#3j9Op6RC$=J~V!%hPbtFxkD}JbVJX_8jYWpjI*oSZ+5j`dCS5M|1hW zqV5X3D{?i%al#v_OH2K(&z}nvM^=otqzOlIraZP#GQ+u&Hp`RB5^7S24U{^o~sWSN}2eU(-u zc3VP1mfx(jnCB>iQB34?8xw~;W?tnuvI5IDpLyfio}1#hF09z7;c!mhx4vp&4%a*k zM&apMbWvx%G)b9O%PN*f_S#LVLAxy%YRJ8$Z-?naBrHrY68pdpM*?MTboLY*BHFaXc>s*GGalOlT zcd!c}mM)0k#OupEtVgmZ`GvSxD~kplSW$B6b(| z!Ox@>bdJpICYuxnQJ6n?n@s2L!KFLPmH+uAPwhfSeh6ZAc3N5w~w%_PhE~Mp;_ba>- ztL&K8l1t;(Sb0_% ziA)n>EDw~zWhSpqiafUvrC$QugqtqV=f$;NuxsD;pksxLt1B)@h?6v>8f?cZDmhq+ zmoyh~JGGt23j_e>bJW9i3FGT)NA~1hqUr=h+7p}LPol*{a_E6^Qa(9g&Duxz54kvXJTaVo;^KX1) zEGir{wC$vCeSDhdO$Z}uiUi;p2aYF;0{_YfZ#E(YrHE`M~*@NwhQ+&JRANut}qh{EU{k}$0E}^a!=7^z$B1OVB`fL017G1 zF3R}Xh~SF`f2El*j0k|cX!edEGS=odB28!;rujg{l^NODRoU4ybc2H*HI4^Ss&QmP^2J5Gb!uLnHW~s$S{#m9>a+j!`;vM*n z_IGqr=}F@N$8q1Jc@Y=4dNz-+&d00|lCm_HsI}D~-ip1m^jk~4!r8^nxE9X;hVr=( zm7%C?QP_=lK}`5}Z$<4k`ZVlc?#9Zt;deD>bcaqv_3xoCy8kO^^{?HQOAqY9(7xl% zzP`S^kUna1ZSCo43eT?a&`@)44WTy+uz?euxy(aLJCv;(DnC|g&0I=PEW(((+-Oe*rY>RwWe2TpG5lJ1|#aH7$C&vt+Ba{5)Z>C z*gKRdmB8@1z7RGyi})+^M3n)pIL@25n-E5Mso>_Ha^0+IX#TCdD7o}iWz}kRT5>jA z`O{9q0b#1+?uI#H=QW$nKUj|s_J^2=)v!?Q+lJKeVmLWfAMsL-=;ngYHC5L|w9Zw2 z)xne)*>;sX2kv&W**R3EHIEYV&45~-@75#UJ~I_IdP3pKZSfNY#n6oNz3qPk8(Z3o_>26ogfO)ndN}6(Xcz9Yjz1p~rw$eeXH077! zf${V`yZWPw$&xoqqid-r+4mq)yQlN8kfP0_jLSr}=sUWw*w^w-%`byPrL^XUrp?y# z)ENqyWnubW=b>Z?*L8D|1704ppRWbQ$e83E>>ah|+7la4{k9!&S;e*mE#sEv=f~?- zRJH7eN$tvKDQDlxo~SxX@1MN5@W_~PS}Ms>y|>~XeOD{e`^d;?%4BT!d?Xjaou$kQIun94)=HpSvyyGuPW;bT~LG_R~cQvlE$z=WI{3 zQ5rDD><6T67}gQ^{B;M9S4KD{b=haLF27fYH|R&g@KySj!S#G^CrBZM3Ns%LK&b zF*yj1-zxt@;lfwEx(cdWBYiP1Fu1wywfXOUrsM86HMeH}zFfLWJfuTZa}-A`kIyz` znP>V^*U{YFW0tYtK*a$mY=pr1AOU|L**jG-U<5vt~0&O6Jqalez40$ zhcbXS2uVste!-DYP=`6S`DIC@YstBKvc0`sb*ql~O}c!RyH=hx()yvyoL1jq%}Z;x zl>*ul8WYtH_|uW)>gHFw4&NZg^@#M3`(4TUC4|gTi)x4dZB{U_JT}Z!ma_)%K zEe&T0HOlK9$gfs9&aao;TJfD?)2thrXIIw6|2^`%~3 z#@_WRl_~s2sFoWl_t!930FObSeSJ4QZ!cYopF(}(1LK1e6kL*-g3ttLCJqFGAi>xI`3CU)c9tj1j53dK&9Wv7VH^y?jED=SiY2ZkI@)>w zK1Dn)r^cwlzQNU?)U;vxSd`Hg8u0R~MC%M^=C8G}0Ml>A7F$8PsQ~O| zoHluX#>#Y@$6?ub3k{={_$|Qg&#=vwLhz+i5(QsTW5=c=itctgy(4X+hSFyc$8HFv z$1x|%NCyd56}V_SD0@Qn=U?qJTA42Fmv2v;H0<)_-dVGsw-;caCPwcR5vDt{io=A$ ze9ZMGYKV!wY+l{2;2GVQZYug;Adu73gBR3EUQYFoXT_Q4L|H{z27cQ2xt6h?;JntS*RSF(P7ns^CRmiP05X zJVchi6rc8G%Tog93khlEUe83kk~usNbPC~)p%}&%vZP1dFWKb1sXa3ezm%s7EmOv^ zjfbu4+2r$<1!}F|Bc6lqKX~{!FkboNUe}t^7YJUOB9K5l^U?58UOI%2T7j6>*G#;` zZ*kGIa3o$680Tn{7gZ5tJY;}PrC-RI98YX$Bc!S8sCYH?R$2*RxPaNuLx5g5M7Ju4 zEwpR3{iR+~B!_Uf0H2h>hc(3gW1qrcJ<^?8DmBF!S>m_Fpwwdapu7wcXmd!qK`z@H z+{__1gItU6da1i(g%e{B3NicC+H@jCm=ERp7-1u6zS=v4s5$p8-y4)EI5V&*6Wq*C zpT3yz4^5cIE}H<({}_!}9VO0VW_3OY<;T-|o?PcF?>eRK=%ym8ImTk(Bq07kAS^NR z%`~Y`iIqfOP>z*UmtS;J(9rRE9IERWZ!v@;*(5Vpf=_Ap4P?(g%GOD zQ~1`arLIxn?6MYq768p!zHFdQ9ONXNY92QzKjs+Li4>#;M+;{fd1$1?GoWcEpA*aH zEm}T-x1jQg)~7@x`wvGL1!{Ge9l@<^ip3C!>0ucDAXtGq!GU`uX`v5fgU}NzP?L!= z{5dLLTb$9n*^to-=G2id;z3tE#%RF2-%xA1V3JPCdUxDKQ)UEV0&@Y)^t|_HjAsEj z4y{#Yg(9rD)#KuFaWeLxy+qpfIikop#kEj2mJ$2XYsa>H|9wq610f9QN96X(z+1?@;J>1wz^I(tNE}wCBbxZO9VJBWF{v`sx66J2P zqUfcmcm~&ni1xit_Qiv1vSh}{%X3<)tn~NF!iAOIE!Uq9_U!98pe^?_vU_Q5)Go;; zJ^2iNWsE2&@7Qgp8!yiY?)yQT0nK_nk9L{ZD5Bozx{l0aNwiN1+Q2#ohmEo(PMk&4 zUs3Ug9iUH75fgGYM2jJXgZZV_$U~K73=i9buR(YDJKx=eBD9qL9(mAvz=ay|U$Kdw z^`W8$bLd(dvsk{QdZ_>Y2N`Z>Zcko@-c*CTNO}3Ugt&i*XZS?ln=LN__d{?HmE-yCungIb6?E)tKA2MwzV$0CxmFRg*^=!Un&h8e&UXw6Xmy7 zm6R~4mQY*J^fLb?wG=Y|ARuOG^xK6HmLy{0qW0cQ10pFs9ikm9y8E7ES+$XMa-^gs zN5F9H;yQsOhikMZrry4Mk8;v+iG&@=(U5;g6=v)9B_=Tm5gD=LLGBi-IFQl~q-7~$ z!422698_fa&Brk=cB|Co81XE&z_d49(H;Qc7zi-4*D$W+ZzoxeMRO5vr(I<13N)yo z9l_1*sq~fVHPcZNzqoR{3Q&+m6ATKXB-AIdeiIDKITc2#-@(Ei%_>>P+4YnHSBRsw!)Tiku61guVQ?_u+q<3(+r!7fkB*fyqc&}8 zt1X3vX8cJ-su7u5+4*P$_B6WRkogNKEvtC;7W9-ZDcjUVkk!`f9pyCL!^Pd-UsbP; zFoSh5&*Zaca*K^0IJF>3D3oEW|D`9%?1`UBi_$)>iRa+4@`K9hkN$JR9 zs5<&YxP^5IiFJJj9gK{BD)mJZ%sMZ$dBW<#bDLL93*)+o7Po(VjYuny-eW~swIMV# zn(gyeV5)(Ke4=o=(P;^ZIFJs(R;(1tuA`b5M>(xm7(gY&-}jUOAX@xT3Yuf^RNluv z00LdH|2#2MN`MOju0hjY=0Zq*gr|aw*Lzv<%>L9?YRo5T^RT|7H;6f%dOb9DU9fh( z)}eBtXDM3>VYBao4*D$4O7GC#bODdEp;m2uZBt6gXZOTDhl(Gk}|`^z1&;Pw!Bn=FL=1!Lcz3Q%# z8m_d^9Ko6Ywk>jH~^G5@wwF2r?!ETh0)U zD~B7InV0dzbOrKg+7A@o!<8ox&ry!##=$8ASBdh{>{6sEh&W{%Ek5X_HGoA6mBlO8YyL)5KaWpG8OKrQm=8er;pS z_d;QM_zM81YHlIBj{3`U+Q3|~fp2Xs>{{gvj30qPoP!2V%j`+|A-WYVSCt7(-^R>>*h~S7u2uNlF4Q2r%J6$ zfxi9R1I7A@`kv=UMEqA{H0L8F1L{RBN?eh)HyHdxI)z=xV)sj`;Z`Er0!2zz?lmb2 zvELIU(dSpa0|Q8ByMI;|+3xPmce%pA-okvYZ`*tljHqv<8#boDM~(~bpqIv9BF*nV z?Jo*<(8|rumnLlVxzxWv{NDo1m$g_i?JsVi;$zHBRqua{M>iq`2TgU{#%3IAUB-B; z%lyd#OZSr%aXPs&CcykJ9s5iw=MPEkk5Fd!K3>_TQxmb}AYJFBr}X$gp!v(y>pS5Q=%rCqTsINTA5tXwha|=57!@5ynCH3kuyP2zZsMb3 zH2gdBEk3tq5f2>YqwMGol4pY-qDJ2kiht{bz`^%PUspb9RApJsT5t5H)MMhFB;~Oe z00U29A&cl&R?04|=aI%R6NYLEIc*JUyGPw4Gr6jOPi3PqDzs*D!}3V5>y5j}9=q5q zjSB55K7gN&Gxs1*i9{CrONnB_pGa(ECvc$hO zwWV?G-lefgJsb)!#p&!EFv#UChj4AqXtCOnc4xGbylpZ73G=eI&8*eMBL=6ISsw&a zgbr0*--ObqkQ#d72z)Z~*PVsk2dZKp4)io-a+M=u9u!t})kO3dw+dRsY0$i+5qJf3 zLYN0o32dl2!q;vS*a>U`Myl>T;CU8G4hv3vD%dcMylFQuI@XXFL6fk=f`V{w@LYPl z-eK#ErPGA2boFT|J|%xEsb#5u3vE8*P(Hhss>aR=C77mxPuOD@dQg$VIjT6tqFpAK z2)&aiSt^y%C(~k;r52@W)ia)CAH|7k6Qd6Y$<4LD%MOt3OCwqn4t_#c4gdft$+u^N zNKAbkUs+V5x4Sn?e@G~<*e{r}7Lk-SOVLMEeR&|CQ8cZhX@Riv>%mWk%aUFxOchu2 zW;&nnOQRZ|#X(ZjI}#Er8;3|xJ$yYX`Mg&pQx>IxLnq9hQ{vM=;S#cv{e@9-YO02j zskg>lgqL65k*@4Ch?Y!*KvG>nGT#z-u%7eQmjD)8Ld$x=iev zhdeGrFX~rNfS*766v=(?%k_PNP&=m(ps4a13_sl(^i7t@F66FDy(uNo1K-s z9QtRUz;AVAa{#XqH{|uzzaY6Ewou+qLu)hkPCAIy)7HMH7OnrwL}dqu5-Ty`|G482GjtoR`m zXvp?U2zg-7Musf05~dn{hQ$M4Y}Y|nbw~c~yw!Q;ZTM=$MppQ&tdP%5-&bEp|6PO% z5NPkWFH`@Q&M-i4EM$TG@JKRLwp#mOfjCDtnC~hK&+uXZq-4HlY0>fp8MkQM5! zp!Mw@bH&l@~e zt6e?B767eIQ$_0rB09(j)N{i1z_kO$e%53n!}||8WP7xuNVRlp@+PSI?gc7izwfm3 z`<^meP@#U8Ha|y}8^RzeAP$tbuX1USem#Hau*BxOU0ENUyo)69+$=KkGk zJgjX`@rVTXD_uB_RGe!0Hjf^=!2^cZ;m51Jp&9p<*~CF;dtA%NBTbLc$ytu9&ZV_@lN@?{&OW^XyCB@Uvbu)pZ1=JnrJdv_uopY7U8p!{jZJC zjH%`^@`YeEmBW>q{sQGePfS^IZ}-IWGjbS*i?>*72=N{cAY+lzip8akN;)Ou(7+IG z2n5Ptkei)jW?GOqM4?ROe@v2Y;4q_7Tw0k`#pjl;{=k-##W`lUHtu{SVLsqlaV3(o zf)$eUN3SnL=o5~E(C?x*YPUTEQ25$4zjU`4pOt5TEa(C0I#>Y*@Cponc0M0@w^+Am zOn|_{^utAyL*S3w;w^mCtd34s^Q4Fq-}vR^Zbob~SQM`jdv_(T{6QOI=+e@PNjf}{ zM~W=IdhSV8I`bpSME%mh8NHzH6Gho~?z62GH=@RErs!^X{=(}&QX+@2%kCb1o3MpY znIaS{(Mo?1SA0;8T8_561$WK{i-|<|1Q0Vwxg{!tP8#0U{)j2^L8pJ3F6t{4zhZ9H zJ&$94M9j{fms2i)welsE-iW2+Jr5o_OJWuZ_&(gDf84xX zu<=k2`)48q(x0!7B*c9^HG33UG(K`&h11>kEmX&7Pc8W|c=f_e#Q!lb$vYGqoJj-5p{bX%uchvN-xuz+IAr}H!!7dCFT~^LvSs#i}vlz#Mi^W_~frC#fzcYqh5! zjaOdLGQiA)K}qS<){HyrITAw^b{`DPk@u!apKGI*K||;RfUQ(e4;G^~n& z@dGoIn}%K@uyke$Fj(RSE^RSpiARF|gTTbosTvYDSiFj58IhfeP<;ylC&=ObYE?Tl zjz{Rn56xa4HB?W2iy+?@ISz-8v`mf8?gArE@rA}z6fFp8P2T3@y<(>YtMB&3We`2U z_7B14?b5(;r64x=*x7v1B1Buhy6OGG3OT)gs5?^u|MCpr) z@qU4c(+F#!l9E0C@t)04YWqHoKxLYOWK}HGP-c)3n!x{#@>@-sK}nPWftwKX^HVU- z(L_>8-1*`PbsSwh3^;zI&hk zeIi)rCzb<&Y^M?X3et>V83?)FMCJKOn<^qeqnd4)#GPvNrl*0(p7L0$#0@BXM>*40 z)@5-{h~9*Vn4(UA0WY%9+nMQ%N_cwK_=Fx4`-J6yc>6OTP@bSrMR|maYpl=gTlV)B zw;+W=0UOx(#FUbDLhWGAoeHwd_?f(3VXcPBV6$#p;f;QMBs zwPx1znd+|UUDA8%1k1^YBEjRr0|0;|E+(V^08k$Q05TB{^6eW-l;D!LHwXs>Q9+=5 z6#oDKhyigS0VUVe;}x)$qUb97i)@U87$o`fx9wsfBvj}3G<1fV{Ix!H=t}V1)Jls1 zPE{H%b@V62GtKqNC2Nzk+H+(>r3{A_8d8SbVZ`Tu;@@KJuH&=oe zX-P{9Y~cGGh#0*><_P|3_1wtRun38fnre@;l{K5COD^WEz`s8l7>nGT*cyv`eZE3d z4-t(Fx1#7gXZWCd2sd>XhY!B!_DxmP4&}*^4E*>{&0P_{eQl}kzQ+-(zWi+f_>of) zfwRzR&mn7D2MA04w~S-A8m#x_n62pBd=I{Qwana@3?KVmW?#pMR$r_pRJ{wPc6rX8 zNdMhD3=IojnjCs{z3Q0lzLSf2d4&V`NfnMo{(J_24}q`evkzz)M8v4U4sm+_8JdHi zGv=uSFwZN_GFi~WHW|F1EKUxS%(N2n)kymUN=Y)4SP z8`iiU+oaCPv&nEr4v${Jxc{e3kb`68 z<3mP4(N^REA^As2=ZA{XXSbz%|M|kE5u$%n4TSm}Y!}WTD|>ip!p8us(X&Fp$PI z1A~Jb>6Q4;>2&|Z{~*azsQcv|AT%lb&L>f|N50no--a{3|0xlyee-)Dw%s7RdykXv zKb2~-W{`PQiZLR8GWPmNea&>u^Tbo6lRh)}NM75z zB;8#6x7M+65w2^sB0@sK^se?;p7e#xIC;WTx?j+Q&OYR?%H|#LOdr&u&0M1RDc|vf#mP}mx4@JjuNoo$7D^Xy_fqLwc*^UgHg~x zMU(R0{yIPLhcH5x&>){2pMUNhg_S&dt-2KRLLI+zAip;5dh2mI{_nML)pX+`w5l!n zHa0sgUvpQEuhH{AO{8DM%*eGSOl$WX5O7a_w8qom5)xuQf4RN5m3XL7Lmk}CX$uyD z90_?4a^r_U`v)6(<|O^jCuGjF)8qSPu52QR&im702eb1eF;}cjxm`%SO$U}MGCu_GqB468 z#1i`a1L7rjQm{>}hLy4ND8WSJs^r3;`1`l(O_js5AH)4pyPp`g+*~K2{z(@|r-(U# z7B?B&3rR`lSk)dp+7kPW8Z5L}$vXZc$vcq7pzr1W$5j+6?};BiZ0SQ-)2#Fe@F0C&md8>M6uZ5~(PTK$JFJl{KXiPRW{4rPv zKV<|8Zr4%bbQV^?;$?yLf`u_j#KmdH6;`CLEK+;4I=!-L<5%$<3JU;?uib&ax$irS zoP@1#;b6GkjhgbCR6W)FzOswxbG94`Ls`+`dB93)dDRdoUUC>B|GQ03afkkN4Th zNGN%Sc81Ql&o0K_OkmjeW+EeTLTtG)edpm2i9TZ%oPt04@1)A*TV#%Jh+Z{UsP61v zPjh^{O=C*Vws+>NS9jR#46Ih! zqyeB@@_E|Dyk+-G=s!JTeWS%{-KP5`ZpO!@I+#U?KkTZHdRdB}1*F740YEh#J?+tQ zw3sLWIGqGIz6_wNEjX8ZDbSp@^8PC1!R~vrQ4^hZ2E|FUlb5I#cEZl6M!UCTx#SEv z`>TM2)Q=35&^p&59W|xN@~O2ICe|$SvJtL0%m%7)@YlByGdZMpnxA8lpmy0os{3xp*KJPjWEzMIAC0o5_;|` zPtRXAjitRb@v^!?9*aTuGn0ehqO+gg_j}WY<2tlPO*Lw~%j1a+uc^wDoMthqf0s7F zb+IA9EBQ7bO-APrwubaC)=|P55#1=+yf?*7GLM+X}IZb{Jh~7^GC6VtTFJH z@i87s@=ALppHcR%I?j zYU$Nw!(UEJ<8mXA&zJ=<;)Q3PtX+|=UGZfmU;srnL+p|eFCgZ9M6UIHimpeZNu@N6 zB^tuL4oHmSWk)9-4^+*=!@|Qbc_wJrOI(Ywt9-UYOOzrKmykhk1qEbYkV0i`mPT); z%1Yi#8ZFJIrZu-@HP>b}GrvA*QoMj|<_Cy1=UkQy*t}|!%>iEXA5 z_FSODXI|T$8e*Lz_sUAL7%e0%zs;?R8<@U1x3k;T!^v9Mp4`few&vy7VvKJqTZD0* zXn46@hWfwQVu-!~NujyENU|~>CBsvQ^N5NU{TBY;V+Z@|eLfz{*thzPfX@Iy1COLf z&^`rZmX}%ksHG=?X1cF9fC$M?pCHv80dG;jZZ|&KH29Pt9UW`bPO0HN{OiR`II9!* z;j%H2Tj@Y`L$W&@9(ktGz4%M*~)}V8x4ZW(b=Q(r4ta> zyWfaBEQouZeQ6NQChO0$qdameH+0ez)}C#s1NkB8oQSD!4|?~fFi!nTf&+%w!9SvZ z7>0U-xvvCar8+O2KYjDVXj+vffO*cafs+ndBZShLBQ z>%W*JZHRLg0Ke=7EV&)wWYTfD)I>t8b>n4F&LP*k@@W1No0AGp^^`Gal*?&FX zN4^-$2q(X!TTmd>xw&&G6XnghUD9Kl84Sb|3FOWHX7yR|R;+90hG?YdO%n*ZRJ z>Q)6sKC^C`DnucBg$>a!91#fqVG~~3d%&Bq?zy`E@vy$04!BH@x7Nvi-3V7MPk)(+ zF;Bwfr%i}V?|xXTk?P~r2jv==d0`b=P(xQY9L(fB*kR4h8MyV0vd5PC;Z6f_!Zs%9 zexR0)FV=E}dX;4xBAPwno2fMbX6X+;Lf*uDqGCOv4Bm$RAef4Q5v7EjPXxN$y0|6kSJ3iMz;Nk* zrzutKeV+quVY9cAV*J@R{k&_{vHE2sWthkD#P@=TJS&P47?&tG+DqNGU+6fvkd7O_ zg9~~}wU(QUS9RftKib>U%H9g2H_VR}4NSvdyK7n3jk@?u`Dr7o?sbWx1FY#>p&>_& z4(E@AG}C~KZjOzffG>UMyE$YQ3IGGCjXC#rU`-ok1oMCf>-RP@v#hm9zRjBFf276F zl`p*bB%Y(=)-tT*pnwrBQYv!Bfu$LTXtq%8=-rMyd+u|Rsll9?ykspAwpj$VHR0Qw35OLVVUu2MW~*_S^kz0HYx7sA0D!A#uS3|G z)ySn|fW%iHt>tOq_h~QvJ4)t9!U83j&}AV|KomT$*y8yZ3`-#%eCSyoEiMwX5><1G zw||PakOw?4V3X#-bx(Hp!>2NX1|;Mh3*UCWc8{pt*2ZJ3{0#Yw z$MJ4!1aDQ0qljn^H{)7y%y4!%%G zyj`x@3;lFx4FK-C=D!EfaB#}Y0cpVYXnPf9hQ!)%Y(IBAsjU1WB0@9yC4tMFr4Ygg zAN#erLDJe{>Di>Fj3Sl`s_fQuB#^OtrQI;+_3mqn{xl3e!}kQVKN2 zwv*Je7(Ls^Lk*n8nWW9~VWka+glN43%EQXJHtBrIz1w4nWu-$do!_}>8odmLKIH9` z{`g`8H1UO|PL;uY@JPQUxko8cb5veR+bpFYokNxxPO-S=+Mp!THXnYZQhO_W3C04CBe{d8OZ%t^yTpUgjmTo zL58#k2k`HBc{qTW+R95!yK^31Uo@0|AlXmEOIN~k@z{WJuy;pJ+7gJ*>B8yt5eHEE zLzinkuW4PHP2lHjm?n8u02G?belF!>rsO6ClRrl&dllCr`8+*f-B4tIdCRn2SvQmg zr&9QaHS5p!24_!c>iWRt)8vPlk^Wr))~EWulkfaix4~4c(-i z&4WF*?sfEuS|`s2e$S0-d=M~15XEG>bRpW&q2#u_`~11#CaFm@Mvw<|@HW((qrrPc zG-4z~7H~*WV>-0eU4WO6?Vv!1?)}_b&IZ{AGBae18e~?rvA#az{oSF!@S;dN>y>gP zai7tKL9l%w(EtF9X?>Rn;ty9vo76fH&^U3zM`JqoyT9`1;=x?|8EyQ|ju*(DCuv(c zKlk#&xg~=)8#o%y--cajU^#IH9AVGK*Yfu;k9AHNSZrEB(7k)SV(_5DLsJ2AP4;TY zSYGM@50j#3NnyR-j4!mj4WB6WDTgL}5&84EDxU;nc)685jF>f&?fyGeln)=kpm2_R$ptvE~n$2rR{TUzce694&I4b4-`Y|3Mj;lH!s zdqG9}fml?X)u&r$gQG?W8np^#>Nx0;4j}-?*=uOl#VXs3e^)g&3hr=;oD~ zEzR~%kU3kEoAE6#U@u*mzsui6{U50$kpCUi^FMY?3JO~4A8|)K^?zK|0Q3JyJ2*z9 z|Iuo`|G(Wve6rTzeL7km4Ucg3>Q?15)?r_#ahKyipxd;t?vRj?foC>T)RV-bbjrwf z=)j=^p4bz8rL4btB#Y&C>xupraHw;Mslk)r@x*L~>%jNyOMe4*S^tS=E7wHvb*$y0 zb$q+KCL{d|czBmKf2btlWXwzx|JaIYs5Th^*~=Z{35q9wwj@b<;3~J(^JTn>hz9Bj zG;NUZs9q1TO<_(an&@t0Of*z9Ro#O&^-@d5!s)X(%;#BJ2!aB}!6#QBSbDZG(uoDa zJEjSb`}Oj%ikrjNOpY2)50BK0rIm!;L1PEC2qi#nb$Ge%kH^*(=hYa*sBX;ye*6j3 z{jc-uo7YynF@*5L0pps5^xCFT*h{VJ*|-_Mu_3MIjnG0QVxN(fBJfd(@Ony2>mmXy zV0)ptdjjA?w;o(>@Bd-1S&d21uJpcJr%S38GC!a%_%``&0=f>ukPeC*0OTm+fSi+d)QW!L|@%zf9mgr7=$3m%ex_v z2-_VEm-%s1HTA;*B@OfO#mr^c^l47h>Dcr=t==C^t>S-+m=1o7!w&D-3=|D|oZt8) zUX`=L_1iody>uJO=AQp?B=l)=iPn=Ulf$8Vw)arhyq2a-xgYsL6IlP9MWC9hvrt>~5>&Sz2W)vlx#x2Zc(0RxNjq8HK&2|`f7J{pEm zdf7)8%CAe&RLKhWzjuovU(_&r=EAkJE#6?Nl{sU78WWAMU*Ek&0AB^!?vhl-^cbmMlKf91M6FzWj z#H}s~V}&060{xxo=cx2k?T4u;1jZ9v z*jm`!*Yb_>MVI4Fd`Z2OJw-F#tZaBMg1yR7e(|QO0`xdHRJL0nY|;MLdim$fkq-!DE3{DR$KN_sWH^eWDEFA$b$<_(6ksMt`}!H{Wy^IGv^aEx zsuJ|jVwOVnw)>+UFJw@2wOG$5*E0~a#r|xh-aYk4MYJ@fI9j-si87GAk!!Cd?L|SD zt#n_VcNj&+Q1bHlH16rIY^zQxC@WN}{93KV06?Luml|ayXYTp;M%6h{ze9?pYH4sN z;?1A&)fNr4i5=YaEgx#HrxzV36vME}dH?;N9k%JBPZuR&uhhmOWMslYu#LAXt!j(I zPdD^9x~(*H2yRxQn;Z4fDyLj||J_8laNXlD~_OLsH>Qsk>m|r`^OANNzY9g;5 zF)O5{!r-r}tV$Zy7HZfBmI4i3+iQi!ZOWjGO;#WtVHHJ;s`bl=Sh=xxGg8IeQ zAHHk$D_4Xv#~97LIv37bUil6X)=dmn(*ftJdu02U-+dJk-jtsoDx|frcF%72!Cpo~ zpVFY%9Iu%H09n#R`;~l1Kk9XGBt|M(P6|z(WnnA*p*X3%D3M#}P5Nu`**L9s+6Szg zN#AxNI!xsd!{hmBBzgL(^--56&Sk!Fzhbj?k4qcAeXoybSPfLy3B%=w6_SJuZdx$N zD>p_?63+XKSRS>}vKk$vSjHw=mU^YGpGXdW>VWnClwUv>=h4&VL)GdS|3YZ}zg_?? zw`Qe!T_-KUZAlt)#fzV>6|zQk?Cj%y=EhUMxKdJ(7UQ3p5fFA!bba$iD5j-L42ou0E3$q;#T~Kp2FI>=u zv(He18TynvyaR`}LSeR)F;A8^Bj}})1fRpgo&tbng+%u1&?wJm)pFr~u$+8)x#7FVuL`5vjR zx#Th_Y{L7Gu?PtUnzX1l<<3>Hp+|Y?dh`}0)}h;7-0qK7RoxT)CW1VhN>tGO3}ME$ z1Yg>ZP;cf2$w;&u*Y!O^1KBQm60%EFg$?XD2%XvI7syV|C)Smg2ZX!OgQ_LU8yr+y z06>>eprnaT3E(_48Y7k0;b%_}fX=kpULgX!xVN``(09eNmoPHU&bQ-;JzEr?DIOAtdSGH|`F>Iv1C6)^5nu5=qM*U!Hw-fI4wcK6z<5>wSF>kN)Zk9&3z|ZtL$7)c9b|P7@f#SV!wi zWLerYnK$mX6wW|r%+fmA525bDT|LO^JR`>SftzgphJ}cBssU;$R^uBqsX9+T7C|m4Jh7SWvLG!Qrf)X>xk6D+g=fkPk&BvzJ0srBvY#c|k;JyY6Rl zM|@6@^4t(oz2Bg;q}ipjVR7JFhfbo2S|b(|Y$hx$SZgp~eMZ}v-3ONb2Pkf3IqMyk zW&TRN>|#Nl8>4Zht1Ml6>Q9gjR$Bb9!Mbq@k;eNwrmy{q_DTsxUu|eZA&hKl#MG1( z;+;0(st0XQR3QKGjZiY1=# zbTdasX>xfvt9qxppCbBr9v`NoSsh*r1?V)5Fi7g8L`PJ@r3FUe;4W!sQGd)Lq+)n}Fh9Sf0o`Dduc1F{fcEQ#qQS;Zh)6x>yz7^M_X2*~aH4)ve;5x73MkWz#>m7u&pqHL-e5^+k!D24nG7aL-LI*N>}pW5bnt&0@e zt6#-|9}(Szidd5u-X>9(qpuN;32^>Wpf#x5Q$xveuTImG=rr`d_zS>b_2h9HlXzu^ zvg@L9+(eBncF-8^5E+cmhLT4uF9V`(ZI?kYvfj!~ys?>%j*h5k5T-%mi5iTp+>dv2 zy|ithHqc}Qa=b0gbG-a?4BO(Ht3Py3IhHJtO%>SC8Q)=a37zP$P<2JhBPZ7qiL*lsp< znXTD~Wz3}M_uZ6Aqq>%jQ0$Qb^B>|OLjp#LpQhkC(q(+Kb%#!NAJqGorV^XxS1XlQ7Isa55K> zMyJf~z`rTRFx#{T9)T=wWlWIT3XzN@MbbDT4>pBHAILDOffaBnDtM6 z^-=(UKdKF%?UBYJO%had^c5 zdYg^O<%E-LpT$)?XBr4Jh~>*45@sP?FO`%GQSZ{+-P#GWz>r-XGl_$nSy+%?QlKXU zSB%#pKzBQn0X;oQlN6ZYd-bYH^m*)HDYi<%op)6NS`M0@(J5E_JWfQ$AUzexMy%1l zA^WVI_&L(7g3gYto2Db zW+AsGP%O4!y))`U&uPlwh-Kma#$AP$b zjr5Ol5Izz)-?P6h)13UYC`9B+F3!srdHYl$o zVjVA$Vxu!OI!fEN0t+a~U`I~K$AD}Vm+7pq)`myu4s_4EIi}jpwk!z~sOV^mRjb`{ z4B+VKMQv+mI5_64*(CE6s@6Sr4=lafsx*ysq*o6N7K9s8^4cbi_0-eQ4cM7%9gMOj z3Kv%~UxSaV9j=;(nhC%-}`S3MpzoMn(~NwvLv1!!ac0-#G>Pj9p>FKG`t z{6xVFY@jT&dyqPrKX~%q#iZq%qPn%RK}&6$e3a&ATyW4w%v9cVWn#jS&`;B!6Z=nG*V8lqzNncjSMN5Z~ z2&M2yH}Z+YOsC?9=^DP*?S%Osrxw;GJn<1RX<>?fs1D{mb{%MRO_STh>3O5;_gFh2 zkfx(FYrkq|6z7_f463_LRB6N3r&N2}8@_uQXklO(-%6?U9j7INXsfc++M# zJ9MiCQ8Jc@uzjYc*WSqBEgsir7FFT5Up&N#oS0||HpBH2Fgrb<)_CJYFbT3oSQ)LD zw;nRo)s6K6c}5YLR)kW)>$USPmww;UGfi;zP+wG9NgJ5=DpYIHMKNt|hDuYbaqwXP zrPJmH&P(|6RNi7h)5Y4=)#rM1!2ELp24#_Lv`+H#T&V654tg71<`+%wlYDX8$QiR7 zBxPu3(RdsCWG|$;VC`>gZ-j>iNOrLXyDRuTs7V-07U8R=$?2h~_S%49N$?|vTpQ|S z%p2VzoTThY6}CGJFDava;Xid}Z0;Ipyg1F%Xt{LMaI~m8w*B3waVTWlKfYr(b;NEh zzWMkdndq|n6Cw)Am=ocLcS*EvGgXnlvCSS|atIkIvGBQ+ev7UA>~yb=A`&nbbU(Qo zD_K!=`IUVeAm!ubfhFK2@kXV>BBxTJvPy!%c_VL-{#iFZ-!4Kf>^<7d`M@9>Q57xy z&dnWBn_ZNe2JQDA=cfS#m^Vs%KvvRbt1f%eTwXK-{!48zO3o_^305kn#@JHYZ{f&> zw?6B8f&X<%4ls|${ns@7{}m5C6&s6$&oR?%Dmm3kJ3^m!*g?WHpNm7&etn*o_Gizk zsbk+jybn~?#R|&de^^Y1y_!62IX#&7ayTFKvcLm$8Md|_dEGws->}{EpPF?~5#~-G z^^JOQRD9B1dUi8I@!&lfwkBZwIUb%G@0M}PhfO_NfU=v%5}s$tTk>3Xd2&Eou9>`R zW#L6xQy|EiBhBET*sE4w3>9&*oH6GF2_M5$Yy^Gs9Ex5uW|$ZRmtd2TKQ}wH3NS+re|;@T}m0Z zjMYD0)pMWU*D|%3<<={+5sfa9QnG6Bj;!ybvIf=WUj*vOg=`KRbC*$G7sNF+A9feH&CkpNkH_^ha5UE`yt+9}coH_TWD=;%rW;q&N?T7AG zQyoM;*UI+Q@l^fXgzz)5ch`^Xx;JGH?zK)>12~ zgAKJ%I_TDl(p9<~+l47;%Oz$mBxq}nlhBcjyYK*fR-5|@N{Gcr^&$VGB>LOa!+`tK%6nXB zPjCcJoTZDnj^Jg8V>3=BUI#Nz$cTC*&$96xG)zq-k4HsNHGL9}K8MmJNcML@THN!M zK`8_bVMpw0l4u=gqUD)IQJdC$N+NGuO%RSj8NHg%&c z$o=T!)C~Q;?Z_t#k5lybz_ky9jG43gNQpN0gO&-RfLF*ar|zMAYwSc1>}B9j)&u!Q z*tER3Y?Q}Hcq{w(XnrQ! z-Ca4u>?;{M7+_gQYj)N>SD}q58b0&)orW3O@UXg(I0V3kfakVkk?`PROVDZ@i(qB6 zV(VBuB+&4E?ob3OpRo5drRQtWu%8wxV5=yO!h3pGXiH48Fe$Z6iCRoaA~TosV~ z!j!5`dRE{*p&oQ@@$@bZ+>}!!=m8)0%^-MAz*Mjg9Ly;y3llJcg1Ag+l8`?9vLWHs zEEkhGX=j>DWrHv`nJpwytc#jyaET+dV#;fO4(D~80kK9&#yV<%b=n8O1^vE zGmJyyN{cCj03g?Tl^%(_9Hj|r;t?5KPbYI;jKYpCRM3I*++EW}ohI^%AKCuCNu!T7 z-)meg&5fl&^z`%AkWQ_G;JovcZ@7H#m7(S2HjmENP6G# zjJ7m_$|M;8P=H*ShCUG!E3-bIji2UOI_FRGBn;>Rugi9(01lPBcZ`5(5Cot>^z&MG zqP6PI2mN;rBXn^L;dymNlyXR&@HTwQn2N#;*@?~1lXl{*26N?j%nJ)EtT6ltE04JV zUnp!TkoY0d+(w)y{^Y$9US}Ge7*!f)zf`ZGYMA@!ji`|+^~0Obbc}lYkyYrM0-&QdQlOs z>s~&mpR%BSvk0MgBKlBx2m_}rX_`UH{uBspq=5xaWd#B}?}%qFdV?Tv$+;{h_U=%PdaV=x~~5se(88wY^tC zR(vx0^i|7PHdtnSjbPdS2|~bU6lkpKfpdSC$)!V(r;;Ss&>=_ zTf63nEOh*$^D4#LRH5Ljnp90Fl!mfq%`%9_k%`a}<91NJ2L=$_VeB=;wtxjH7joeec!M$&#jC^-oDvcnUV0>Z~0|z(h5R!_`J@lPC8XK5Or)V z`#V51fsC{A*IUTVzZyWlGMPryZl8XZ4{w%7mZJFG=h~l!uP$D$6)?o^<$ zaoV1)c54;QjUE1#WFR(W2*N~9Z;T@>zR8OaEznx)M60P_!O6tJQhU#0X>sgJ5v-zB z>bo|R{PL$n-Sc5Hv%pmQP0u+n5xdnd7zLRd7D!;d!Tj% z7mzc-KjIz_IeS}7%?gS3!mIYkKsF{kZyrSA(BZq{^nTGxB1z22>;frP=|w|U8vrP7 zX#=0?b8Qv0lFYbt*dIoR7`&c5js^@eOMDxnEOaxkmC!4%=1KU@>6OYXIwycr*6!TrE96{Ro=wX@!mzZ;*jC$oJbHY?S zXEALeiG<>8W!vKss-SJSYo(x>{wRTH5S{X1#Us^Ozvb%2t!r(* zI>+~36Yz3N1OutvlpAYW;~*|WEYUZp!y&h}gzwE=F4rLSlEqjy?B;m&n*M`WvTr#3 zgw`D;P^qRK*b4dciiN>i23YJ>Z7i#Eg^AdC?bNqh#&fiPusom62lnk5LRf;|e;e6S zEa8-oRVkZs`i+D(zH%p{qGweX83g5XSbqJ}0Dcg)#b(XrCF6!UrG-bnU?$dQ)&Y3h-unxShr-%FWl}v!@Z>pb`v`%oTN!hoUhCaC;jYOg^H|d?#JUS)2ID!7`-bgKmEm!0EbnW zhIWS=Kg}d##v+VcMDV$3v^6GBX%}n39c2mV>aLsa$ZbE|9}F=7=lTlO?ix_#gZ|V6 zZEqc)Trnq~MuuaSPxvPNiJn4Zy%c(e!bw`zoY#}>GbqHfAwqWiiF=YIfNzyRg z(k{-2C4MUr(98qEary?$jXD*>-vu}8INXP-%df{cMvle?g1RNYVlrP(ON)7phmxap z&gI0V(Ipisbz1yQ0_melT7GB=K5G$uj32ksEzSz5cnmqQGLP3|*g#UDP(&^v3yJf% z>|=@GItjvit4w8FxWybe277f$JaeXcJ}rRSi=3lxd%Ba;M_9gXixUkSMk2!niUcJv zHzg2Cwi1;0Pgw$;;i+53(MuB5U+0jjUcT!EXM$@|W>#-lEwxfq=Tk0=FnJR*bWyZP zuE$H-&Wwh}Dl!@X=H7(n2r;-!olfS=qdDYL4%*PL+7b0{haL1w4n<57qpgIpc~Zma zdVA2R?&tIfC^AK9eHPCNU5883w-2WWb-{PKk=r>IhlzDUv1E)ZA>^b&6-LKefe?Vp zvu$4G+XIEh1$fpEVXh8i9~jDVI1I@h5 z?+JKaC`k~Cvb2VP%!WWJcq)_#M~d6HC5q3ky?U-~!5@?2yho2$K53{ylr9==!2-fR_{F z!$2c%$vn)ctADpvHlMlJ=LrQ&jR^0?hJ63U9u9^Ou`cp{E2{8vqEGYd#AY+sQ-fL7 z2ATs|l49e=*@7d6PTZlaIwu)(YdMrniwSpT{lR~b;%)F24C!ou^UUhKACrs}=7-q* zx<*H~S1U4eDFzjYLq4C6Av%>vY3ua{)zW`_$459S*6Z)_s1tfft9I7ezxN7J!GE(v)|(IA|`%bDZ_gFTQhj z9|%0sU^$dIq1Hs-%9}z4i`N3V?~5dccNbhY^DR18r%4QYvyPWetL^wTRi|Djif%`z zCyX8wg|}m>JkRB9w3PEOA>PRpL7Sd{&&Vy8Wpo(aprU;tzKG*Ba2?DE!Mev#Ue?EL zias{7N~Kmil;nJ_p>XaHM0#^^H`_90k@Q)2589|x5k2pKyqSiF&W|wEWIf+4inczc zv>EyGB%TEV#67eKt4@f$Z%?+J#XS5Gi_lgk`=!{q%4t$UPS&!AwbTLuXKC|bLK0=4 zV2boW&NCcgXk7LS0^lyPH2u>wt%ENdj?+RSb=LLn2ZF2+8`SqPb3 zgqqYoj;1GsQZSK1C}Us!nb|yWBt06xDP|X3OrblLGfuWGXH#N25{)e;@gpwKY&80K+m2>0Xb9;#k47lQ{LJ9Y zHq9G_xPUD)X{LnJpKH=tybcPw&`jZ}2Vf3AM=`LjOch~5U=DunrfCTAuS|>FrUAE*RAgXNsNq%3kji3=!MCqx%ddBy1~|iYQ3_3p~c&^zN?Cx-cB3mg1K^HP|G;52s(fkjg zE`5rIz^_EZgjWJ@NfO2~2*XH)2uBQqIM;NeYgEhcZM*yrciV(+!64~Nf9zDjG;G== z6IQz|7Tw#ZXiKI+DPjj6N+~xB%Z;2it(2mVKJbAMfd#FIfS(E7mxrbZE}s7K$4YZY zSqd;}QV47WeN;armcFf3C63Q~;Pz^AEyG1FKN_(6&QkQc+p{v;I5+m)yF> z(zqE{&Y(5>v7t2ak|L5ItUWQ><@TqMMdRRaT@=pGJm09Og3aDzEWqQD8$kd85ww89 zy6Z4J0;UGdcyaO$@K9n>dzEZhyBavcL$3Ew!aBsXNMm>Rg61y#+!+pIWZiD~I2RAi zl@^AaZ2V z+#$FGC%6W8m%)R(yMLYE{qFnot^4kJXU#%p=A7y2uHLn4S9PBp>Pe-^x2w_!2{`&P z^gHBCW!>kGGpH6xoGk5|I4pvW8=tEQk4D=i3)4O#V<3F`qQkacvT~vkGk&_ILr*>t z&z5vza6#K^$4g~SZ``)fH%Ql^*N^{R!ai4|6D--srs^R5EP0$`6}sEKDe&(6WUs-W z?rnKu!p_4gk+HU?N@s41>+qU_cWj^Yc@}4uVk)*(f^<-d+bi&#hqKgSZ5fFa$#4(ab(jzTHE$vYVtBjarUyCH~8Rli_LQ`5l zl`{hhLfZ${W=#I!*BbfJPo)zr@s^Rl5CsQ>!I7SvQ8c_I5~8t@d5aOHl=piDsw3<_ zeEe$b#CP)j48|J91Q?GhlQwc z4P>8==#(h2Hf@H58*JO*T;gkM9iR|;4Ob(XVD0S0u72@fbFBVA`_B_A*b~pjtm=wn z)sugDalwOdwzTKHZESgrFxo|Gu7zc2@b^0g11cyr0Y_x@1{>5q1d3E7dmWap~ zBh-AQj_>rjy&;zq`Akb>7fzIO2~3fRzqp>64dw5~zYlm5I%3MjAHAu+U{6Ntl`?9; zVJWL$`ZQ}M^P1;*Vn7{{VMWKx)GU#$$Y1gB4MW1tCS2(~5yqCdqW28`3fI9tk(id!Gh>XbBs0{Jh)Jn0_6;5d5hS(L#!D^4{gu94SK0 zY685Evjj<8yt`*p0EB()hfVzF6di zV6yzVHy-D(2*1ZhR3jlb$tkPt#S4Lu!MMFCc-P!6U8ooP+S=KB=~oC2Hr4fR#62XO^;d8l-ipb zZn{Y~grNivp8Fskphb6wvUub=d{`H>^av*Csrr#~Nv&i^h8{E|fyg9St=G$O=|UlL z0e|Y@QgTwxjE`8ywi=a*`F9!t;crzNwfIPCjN~1I6X~2&erDOGAo=lMeH|`2&!=&T z0?9JO+?vmFPb&?`r_!h6U97gEW7S9#hk_Z<0n)ISj1Is=tQEtSS|l z$DS&zhi`rRMSWjSIBshVCZeT9yXhd28@dYRpu|4uKJubIk#tp%)Bol3p2{2j7Up#F zLiSyFqnZ$UFq1;}H10%c%T$IXQRhwf`zE&}&kG9imAq2&Ag~Vfy73nIQTmm$1P6tJV0Lu0{TId@m+B&J3p-{ut`m+_eE9XvLCNqe#K^#g5*^_qX4 zFth!KwkRFD#W8JJ9t^H$F4ru}<7+JuT(Oj29~}O8pzjsLB297}4rEtT;<(ide24ys z`kLq$Y)$dbl$>x{v56wXbHKH}j9}X2kQsZdTw%2Z)`x*d$tM>x%N~eA4(osoA!fS9 z?{4lF+pkj9*M$_<>toJZ4?LH!-#(2md~8-I|Ak9ScY5#|=kbz1*;@7IyUQ0RLs{u@ zlwXU(;H06mmM@wP@-G!4qrxTxhmu;bd&jXXZNL4LT;Xlhnb0O3_Qd@K_XvKOs$8Rn zW{4J;%f`+1l~O?GB+YLygy-b9s1^y$M}6J5i}C{qNG^Np$$=y=byYbJ;V|Y9Q zxWb2LEyI;Vzg{y^dK4cfAv*jD?Y@pw*ZGxt@h$LqaJXBPSJ&~`<#PT>=4PYi6Gzpq zX~MRs`Owq=68XD1|F`cPoOta{b7nvLzg{Qdp@OCr_jfj!Nf#L(_-r;+BZPXab*{!c z7d0%_Qv7ZvUe3<0rSX!suX^jN+23B-9kx1fed3CXN-J6N!neJ;@RGx`r#EBfIx>nx z#So1cYnAPajjf-zUH^@4A##&Wc}W^MRcBM5ywhZSw>U=AefBK#1T2k-dArpz$^)Gl z|B;(MM_4{z`tMp;4Y^y1lt=AVQ|m15bPsk^dGb-`N=mun`J!-Oqqjty^g*M_?d51! z6k200-_rG@5j=}F663LV^2`-~=P86}hlh6nRdhusAmNhAB0RFbTeC^1+_R07uLfgu zRMV-Sfb>8}sPX%Wr`8LJnnZEPQ=0g!!T6o07gO<+Uz_<3uh;dBw$8t4q*Og@Rf)?T zLZfi;dv-5<8S+-L-_Y!g~V(SF{tCNVM9 z)iu>6Zna4mitt%)nczEVcc3dKz9fNX^vteMWhItXW=DTL zDFlSp;eu7!iR$rmaVBju?(Yj32uJKj)@?8aUB$4?@<4Ca#ZI@UXzwy(-lA2FNcGJ+ z@zplH{&o-l!<`u$uiWr}9})fYT^B2kUo0q>cv(cgzg5zZnf8&L!!M^h{@KxL8LuG( zDI@Lzwszy^H0#u7nNy6)MEW(CAg?)~XPNb$lnDs;2nYl+B5w`agk|NGq5vv)H8o<1GMsHg)10)*wHv2k&2ZLDnU?Ymhqo-I4n9^$NX8?#`bv4VB% zVry6!7;mF{DT|A|eKt|o2ZC*pm7%VJIsScdh2T4W&Is=5C8uKI_`4#XZdRn%&|F`i zTT+6TK^{$Z9`@%0k0E)6Vf#C`eYlm4z}JQ2v(L83<3Ubr-$9s%fRMWEzyqZneS%}c zLQvVXk!@~L_4_v}L`N8nnYlC|(NeS{n0$gf5Q85(_cGlYuEY$^VTqyr6zXFed2$jG zIh8dxJBLU^!S#1}8JcqP0Rl-`_;QDM@NbtF1Ye^>%^6Bt-vS$C@`>45D?7{R{ z^-UV-1SAjQC&Ck++s)|22mPbv{9sQx1mUpk>>$!KJzLurm1>x!y}f%fFFh}Bz`_^r zV`tP}(AK9K*(+w?eYCvixOhLH!pQoV-vD znsMcLlg?65X!$rhgB2JN!TjjT)R1Mc>ra0R>t1!>Nh!)kB7MveroEK=C^^-AS(m=F z=_}5Y@-^)@ctk~hPxI$%@V_6rg4RLnf@9ZS3Otj@6Hy1&_W5!3QQ~b*mj8m{9a3>| z@srRvVj-8$O@^ooq|{GIhX*@psRtq$)#4`tA03O|XBBmaNm4sGNAQHw2ctr=ZPaw< z;BpybTP|*hU@rWX*pf$A_VnCHscSxe{aW}P#RWDF29NtiOk^ZEkugC%GInJ2TPmjS zO>(@+K2Q;e7yB=jq|k_Q+kPH;dAI6~x7RwV(;oxA@Pe<*ct&IRMzE{A>}Vey**t$_ zLZQX|5|8K^L8fw^BhqVZ+zve&36nH!(r!L&2vQZddy1|nB`?Kk(DN&i*Vx#1RQ9M~ zez722VjafEtC#VIknKA|p-N*STrXL0u&IgBXec^@2DJ<6N}4LR?H>E}W?X6tYpe4( zW7Y=sqIKpU?>9NUuG7AmyFLqxJX!g<^bWtY>hjSZJtjtwi5-&u7WSSu2!ANqeGk|4 zC$5Wl>#ErEYu~{<+JECE)g2zd$@SnS+@+N>Ft@)FbU$8a+0Qlhxtrm zVJFdSUIRlIisI8UOF9xOUiUj3!pz(Png37*vSsPng`OV}9X-Be|EH;edkJr?si#-K zZS7}${VaNZd;pF7_>9J_LZftewEyR(_d^eG(>U(5&-_ZwPrPJzfBJdqLZQZxk5-nO zwu?D_;Pp>zal3}Yjcra&6?aJF@1#$X;~#BSn_?oyV@+GQAbpiV^6zK;2I6>{?hT#R z;k51b_7sNf?&X8i2k}&BXisBbDz`jA_*>&9y!`|e@EANA5J!Ic-smtjF;QDy&Pqus zZIp1;5xm;{op4{kwyQrL>aWF#GCx1x+e^#EMLDB%`(xLT;_tC21rnlhveF=dq&;bV)>x2bCZtQKynTBSzjd|41>xvIdo}e zC42{7br6l020cB@m5*|I&xa=-h$r5b6HH6yHR~=Z`g3~am%f@}A8C-S9=lgyd_O}= zXY%m7cvgv>B>j0L-8zS~{_oJrXWWPK?`?JjwU{UnA0GJ=hs0p(O+DLpL;drcn-uUF zV=xc~3JVSHkBE1T2NgM?va(_6x#kJlv$bBHVO3-;hO7Dl0s@BJ5g16YKP64vgM)+U z(PZVnF396q$cZT)=Gs+aCXJcC?(`8k+pPVR>o}UtnV7!gFl!$T^)k0IGEHX3PIui3 zpV*YJGDZyuiH-`@m{z^@*z7Xy?V&I@-B=*nnECnro+v`lQXEM!Way!ZwouBrD`dfo ztH>$t{i{d*EAi4uY+fFRtw${CsKT53h8m|dQ^Qc+;fkn(1vSOnNm5DRPe0SrxQ~!6 ze|n1{AZRwSeby-*H$CkKb^25AjXi=iXT^a>H+30qW84zZ96?ImOz(Zqu|JwL`B8M` zG6~iub%RbAzBl@VC@O1wTXcw7@q9|rghlW4L$4MEv$-lOuahe}H{pd^+3Gc`d%Uqe z9*=3)b0#wX*Yi!^>weG(K!;ao`+$|^HNI43S|p3z$Y56!6-9D%IyruI`Z$NLdV98v zB6pt?=#4}^I7;1qARss3PGfoIDQfCCDjz9!ltfGU4T+p;>VdwmKK<7%Udu_(^a-sHgX%`Q6fwl=V;A0%-9mF8HhjDpuXAF+sT-YG!d$ zO@aRqkw#tj9#@!wi{;g;lg!M_QoWYzt7GNO%LT!vgi`LuD#!2$bzk2HtVHwLs>;N_D)di{09>;rY$CNw4ZtGX}sg+1`=F5*7(q!0fo_@bDWY#Z*DNU*5= zFdO!n$^d2rp~EKAWG@6?Ap)4b;ggD86D8?#Cp(r=w#D z;<4&6Atkl5FV!?*gVrZY*xEAU;~%Se7d71zh&;PDA9nU!I(Apko;xj86K?$>op8iM z40wddTMF2kYqlO$({8h@m$Zbcqb+!-*`$rLSwnRT+~tK`7C-1o6n3XNpS(i9W!om| zr7guMK|!te+zng3BPGQc3dY#kK4|Rg4u+BpT9h_O=W!>KnGH^o9#^GC;=p)JsqHn` zuOBzQpN5=OkVzrp1{u%!gMEAuP+zn`AYe}VYl-RVl0ZKF9zR^57Ow41smHlf|K#Y1 zOd8>rl=dZud4E6VRuX+;auW5Wuwh#iZ#97vGPeJh_bPADAq-g5hL%sVB((&-&YP8Z z{zmgub(}`4U&P8~5`70#be3R;B=v=OyOvglL>|P;-JlNji0Y?BPCWc2-OF zwJR_0OhrWm61ni>2LaN}6}HLIKg}f%()j9|k1gZdE;dHv2HjmTx-y?{@inN!FKYWm!2TMYY-a{~j#64~h4R_5p(ooEQ*3 zInwrBqszcWPcyC$E8?Z>62GoJO2UE|$cS^E+RTHjf!%1Al6?j^0X==jNCul@mc z@HZrMH(V9E^R~|S#Ax{Sex*NtyoGE{?ZfuWd1tk>T=)bjDNjxHNK@sw**Wp>u-ek# zCg$9)$j=1KM`*G`LqgEpaGMC71Z9xO>Gt~%bGLb|dMsYwp4CUyg~%CSN!pm{>S&2T z{B)R|%TOr%)kKY$c>_#c_Mg@aj&+mvul+WAwmHMDeqn>U`xi%XDy`Y<*hNGLC;*j5 zX~}h`drJ@MVbk_FzGsR(-X&9y?o^Tq+O%mxmq(J7ro-rZSmioZgsEr|f{m>8iP7qE z3r>?8i5md5GB@^KYX>l=h0j)26uv;F-wD@ib`5m1r}SDNYm0fjiA`-9chL2*8Ex%J z@b{;@mn;m3W!$9(*mV>g_2Y-frqOeHZUrlG4VCq<;k z+cO2rZ7i~%Aw<76pj_8%4;KkxX@-N?vC zM(DQ>SA|Zya6b!@dmjVJFW4;)4-i7x;6wcFA0rcEYSVDY;Xd*PpftX?MSkAy{Zk|~ za%nqTS0PKS1O#$&a!c3Fsi}GIY3W>C6!aUt2{9cnruLuPFkWapLBAwqV`H0~oSZf` zx;)??S$xp-MK4k(CMNbp@tH2t1cJi4Fg;LN$E#E<{` zG5ez&D;h4xn|ozd5}C`F2%ndp?80cb|FpNZnhpeuw&0R~{9`PEuBokEo^wH-%(BeG zd!)3YFK!hrZ!TtEKfX9Xm$8AlmQ?PVa*cX_NJ4w-Q&N~UX7Pg=%)Z0Vu5B<3B?YB+ zYRyMG9v&X4kdxc;<(~vj(ao%=Fa4#m)Te#w@LRjQI=W2!Tf66T!N^!g`dAGi?wkP;(kSDL__?uc z1gM-SVy-A+oYG>FlR_uQ>6l^SrSG^EEL{k`gI(X2B+>txeWb~OJL!F!CpXLTzS0Y&CJLtud6C4f5AotSnk4EA`3Z8Ji?KI!TVOE zjgXFmV*>l|;>g%SctHLKi=lHXvWEa7;+N2#k86M5Iyqq=iMX&hwpwuT<@ifwD9zET z(8a!N2So=*UOVz_F|o1xyk2t3%J%XIcaulQ$H17_N2ZO9QALh%Tb_lZ z(Oo$7>oX^|E@O}ei6D*so%t6xYP?}>>lqtc8A@%~Lt8^6G_`JDwAs$v{!fhVi+#Us z*p^?2Zf|W(wB`Vhh>x%NJBZ>Y!K!ljpTH2o+OhyWxTExb`7#|f@{@N`+`z$mjQ_;& zt;13fh``N>n6FT?ug$IU%I0bVrkARyC~V=&+y8{_pVJdEGXCV`pSG9?W7E)>ySPj^ z*fP2yp1k<43&_jJ%X8oNQj(_W?=17*-QCS3T8hwU8=1Gk+Lz&~VAod!7LM0@{fas| zjVzDrSB~M}J^mOI=$*sE!q71ocd1ig&nIH+xq~SB(vmzEg&C#)ItP=NH@hR?rH%mq zt>#Ff>-zdSh`N?IOUOQc`t(Un&1^Hg*v9YchX{BaOI5XEp%u}8pD6ha>Bzxv7nU7_ z9*s`M`@kXS@BhIfPoY`a!apE1G*l`_OC#a>mhpELVef&1XJ<9+U%V`5XC2Sn)RYt~_fs`JJw4gibtNTwq8e8snltY6kF7oZ{gYEu z$S5em!67?4J2C`^CbqVn2S0DRhW<+&`J0E}4qOvB{y(WB|G!8q|Fer+6))6c`fUyg zx=B1iAlQK?vWNi#2nuqCo_2*1@w*?GD2qNyN=u_4Ba=t>E~qzop3}X5|4k~#H$H?( zuaV%*n;TuX^V6F+aRbNP8%jPtJ_ZIG15-rR&DGgD=gs@uOHKP0!}h?RKYy;QtS}w= z-CeQ1e{V5asOnF+hw%Duqq>SpiC*O*yhABC+tA3W>S0*+nb0`_TjCyBnMYcwz8C+x z_Qf-VtM!lQ%EQ??IY0y&>h8W=xRjxe_W$~|udlC6OjUJqxjo3Zw8m!UA5P;WJ2 zVtwnTz?ss!c*vZNjjh7#)kE}~R@`sx%V|PBv+ILrXD-BOmrYr>Ld_SA++198j%mIR zknCF6)dX!c=m7b2UhaiKf5CAeL;;8a;rzfM z&s3TNqj~Y-g+KNN_x0?lFXe%m=1ljoT=*lg@K+3@|Hwo_9tkODe>1ZD??1OYr13#p zK?=Aff;^RFa(WuD7d#vsg#r~?LtBtCw6WW-^<*75n%jPi2F(~UtPA)yFTK{`gp_03K2{;h|g z+w0TK$jHdK8hZ(((e1O2jt(06wBNsfTUc4`Y;CzLR{Z?=_hNr8UDyvag@c3RcV#6d zR&di~RBEcv@roF1OYd{^zisE(r?_wYIR(_-%n% znVHJ(URYRIUt8-^k}96HQ1435&)<-fBc`M@HZzlW&6phZ?@-d$XC@~%w6zT*p~Qoq zZI3G}EBE*J`}_O5A1>M&8Lh0X!D6i}ERc|qkI&8~rl(5_3WCGJd@c`2XlU~4>u+iu zS4Bld%RZf*oeBBgX=rHhcwN|-(R{qjYM-ScCtn`VlLvw9&CLz)$D&5lkA22re|LB1 zv>Q}aRQ48|=BB6Bb#+srUxEGC`rhAUW>W0Q*e*3U<>tO5$HBo_+t@HOG8!A+eZCu5 z=X2}k<<$UMU0GRKTkBzEWu>DtpDUZ3&@18M;-aXisGy(_U%{Yd+3^h%xOQg!W^jeG zqoe%d;wEq|h_M?R?*4|k7>G19{(oA5AV_?mawUxO3cx7JZ3-zr zsoOF{1q!YEUi3Za_B+(sr|{P=*#U8*&UG9WysIJUTIZVIXMzxmlZoy6dcK+!W1N_Y z=PzF9Z`DKT~l(dkzl|N0X08 z1dT(4pzkjO(V)k06roSaTz$k=fVnh=V}mDSb6Um+nO zaw$9+85!js$42Jnn*##_DELfe`C{_&_PtS5NEu-AfDuip%lY}!z`=nf@)NP3r;CF_ z*|%@s5)(BoEiD1ntp0O*dHAcaFhL(C0}Oa@Xz1eTNTbRsHaB;pH=3rLITlPh?HW5? z9v%kGijJ|dlfGDbFiVZ%JdghV0k*7GsyEo)Zfs+d5*yoTz*45Fsi_G%4L~vISOAw@ z%MPGbXUE3{rKQ5&R}NlY{MDLPR)y8o7vM^&s;Y?%`@Sxnot-ptDGG{;nvEXizkcl| zbKA?M3oUFy4;Sr#`2urGOiUcGWn*XOBUf%qyeE{>Ful0s}lL>D{Di)m=IAO+eO7#O%aRXjd20(#?< ztZXW~`OwbfFGrsF_5S$s!z;gs>%5AJv4sVn(M&NTBctWz<$)Fb&<}670Pc{+O3TYn zkB%;{t##mOs!xxNMa9K!Y;P0d;B<6%yKf8-@}&-Ceo|H*kEE3NCYssO(vp{FuBD{~ zg+l$3a=3kb=}1WSuCK0)j90tlQ#`kh%ID|tQ&LjAy}bdUM#}ix0;#r}qotxE#P~}? zMN3#=dK*{F5A2uQ_70mKEY(d955JIp`mC%|GMbt}ho#huV7jE6T39MkuwO(?ZNpP$ zuX?|s?9%`1R7waBC0Mk+%u2c6JC1@+nJA`KdVjiCheG-N`&aJ!0uWG|AAUK-r)W4N zL^x6=8biiTlu=Vvjg5>Xg($VsxA)}*jZT}U0h<~;(&&kBIM%<7>};5u6>n*gTv9u2?gxx>dM2z zBjNVXvIFR*#>PhQ6C6Cma^P(m8VQLMCT3>9A@}w4xY%a`r(ckt|1BhhkC(Stw;?Vl zC`c-Ynul3ProH;mLLqWm7%xtO-2OS-~@(Gw%H_%jrJddd&P4Efe zSX^8rAtBM2%FoN|ws{2K696qHrML@ie|;>FMZf{|@UXG50p7c)xVW>U130*H8v=5W zvUv9FnU9apglQ^aI^wLBr29r2{<$!&p2FH?xgkynXT|Qm< zy`rkO->b@}yW|)k<-}bsZFtr0FH{}z97}Q=>U2SG=uCAsA49@%N z=n0X2tAU8ufJ{JV_UO)z6#xq;S8!n=-Kkd%7-{mDnsxk{IGem+fA6k|8Y$5@PfyPsjMhy4& z-ySWC$jT1p$){sLfH^XRhjRYMVV48iLaUq$3=H6Aety0IWvq`HxIICF^FaA&XqC6U z7--qr`g-{y$({jl?ziI%P20npVj?2<^E1jOY}bynztNSEMn7>4Kh4kx5%Vn7rEAto1nhsDS^C@m#j zPGMIv{(v^KvBlBb`eCW{!|>=IQlidh2zOE-k^pxIF*8S1*48Gf9B&&NQ_|MHo&2Q^ zngpO6%pJHpFFyWsg=s%uyb&57OHOunM`vdk0qa*$3NWf08yiM`yDcQ_`>hn^RaN_A z$8SO05fMUN+JSE{1t%pXx!D~(QR&V^N|ifwdd0_#*3}uEn5e1__F1)~ zqod<<{5sx&ET>(4z~i}>UVD`cJOc&UnU$4!~a*>hU(*%ckoi}teG_FF{rQ;ZN@6Lme5D4nwyzlbz^Wo4WG_HbE&@%wp z;9%d=F(rWOz;6TaLr0ImXVwFd*4x)-^mvYQuMXJ2WvaP}NkUQ*@Cr#_Qsn1zaC4(G z0D;&M4J~|#n-I{_xN9vrxf0-K2!Uu^`s-JFJ+@~%h4EH}6d=>Ox`N#Q4t0I~^cj>f zO)!tNwUYr!3JvWCe8bwxO0UJ2k%>v}9Tq?0)cpKF<`P6+KH|gMwav}VjSaT$Iulb< zYinzeuP+w_9Ny>QF7Z6WRromwT889b-rQX~i-`CGHnE#})-^D&2QpH?q(A_2ATTyz zyno*)SC-hXfleG(3cMs+kWjhGEg%#c>av#=&#b9(K@? zSQ3077)(I7%gc|s)w(mk#l)y+Y7(Z(b>nGkYbQDZ*!Va)2}u1_R93dv-^-^7K+kt3htq}QV`Bwx&S~Fc)+Sl`YoiGn2La5C@LQR{qyXlKRGR}Hnw`_O*s%RH9y2-zD7X_1zg5?bEwJh@d3nS@l3jWeh&f{wxf?(l{Ga0 zBHIrr27r>}by1X*^d=4i{qxtaU$e7KTwHzw&`;1nUu6KXCV)1e9|3Ok&oa^?0P6?j z032z&&VkX<(KDtNHa0q-Eh#BBfD{;mU53?++5+v!gnhxYni?A47L0o!0Ej_A0OVH< zn|APtpi6hBOMxk~A=bTABiW?@Xa!<25Gbbu-t_oz4~TyviN_M0q3QTMwZBtrzRGK9 zjduJg9wUkIA&$>Eh;iW@_~w?h1)6CGFJ1(U>n>dGqo1Q|G+Le4w@XAA6Q+Ir`ZQKb zw_0FpvFR3x{Dl}4HZr8^B`21$Z4L}6JCc&IpPp`Bun~ zp|fxDVe{@K=JKXYWBf$_$<$A|j#%CG)$NgoH?`s7wGh$V%Bq9RrDD0=GIJ(yRD2oFSCY9S> z4^T4;i>(6XJm5_6nRI$QCxSt8zq4~4oDVG17~IV-7@NlEa@Y^>0xt<|?FLZh^Xc71 zoQa30r%E0RY_Y2s!u}I=TofKeJfWrdrrdw~7@N!B@ zrakcW>G3hZ)madE4kmMZrQ}X&N=Qf;8ylxTYlcrQHpMnq^G$(SDvHOXqoJ+s1%kP6 z-;hK^L^cc#xVfb5QP0jZOGU#-tkqR?u<-pVo0}Iqp;CM27B+E8JxhPA)er&Q4ImYW zin}mb)JZ=zmp6P-6L^=CQ{X7L(G^zf0aN(gl3pBkews3G+}*N5e%KvOnj|!Mz2A^I z;vXdWZe6o-J~1^3pib?ui&sq4n+j7eMaScnR^f-)Gny&G894lkF?tLEK?Jen^gA)j z1W0=WlmG(+5V4X!ZVAWDy(uCBz2O;Qhy{n%=9g-~YKe%5B1rh-ia)-_dlROnb^#`T ze-mZDdP%d(cHj0lY~wxgN`4N6)(DpD!>HRq5L>UWt&Lc4c)a1!R#8>;xjG_eW*#0M zj#wy16$4}i^f>?l;EOokFbWDbRafIR$UC#_%~x@s{ayYz%WG|VxI_-qG50Vr6-?%B zSCy4L*Ht`@rB?@T2RP()9M6RLKnyPxlitoG~Ai2%Zm`AlxK)b!Eji|RKm`b;)?U4r+hy(}hl_>>BQ1Gxkq*U25Q znb~3Akne-;Mel5>3ltPeVs!lJs&AK1U97ca7Z!eeuT3OC8t?J=j~%E#Ts{wcqx_tv}6`Grqg*ltw{e=j!^Al%%GkWMpWE zhvycP9J-4*ffNrmkwv9*qn42fCze3cZE=%S7I{V_nJD0TQ@(2WgXO#nx?|!NbcD^q z%F4ycYG#iL5)??}Ah8aDrHA-Tr2=B&XV;&MUM!!0guWXaXGy^>S3A3)AhwsVprEqcN7MWC2*rO*=4= zP%me!-td9a1ZqK#Z?=+o;}OJyLSwUXs($$sg7Ey3m9l8;1^cvnDTHMR#wX~6MS4wMlj^=@}=sfdX%uDA_-$LnE zdR?vA6g3i^J>d057;WYt&T7Nx6NUWcFUe0ATfk)|A+h4v?hr z`zeABI!`)ZVEzoyAD3SJS0Oq#v0=6Iv>sh-pTKWU>qib2Hr45gRG!{zx3<(pri|{0 zbRHhLw*^+3bK!>Jn?_l#_9v&95TKA*Puq@+a*n;REA#1QdTHdsM2d%JXJ#m?Gm#_nepcbnJHoqFk#%OVtT1r>a5&?VM$tPAax6{Jlj+pl0F!iF@! zgv(wZ%-3;SR)iMbfE4uVXEAAEzlV8f(5QN8#P4c$*2*1UrZ^__SArfI685mbxJ9zi zxF5YHHpO3~l48%d0Kw$*qLi1Zzq%vV$t?)6LcU*B}`6p1C{6G=;$p>N_t7&(M?v$lgBP)^~`c;IBm0b@N8hn zw~K)Y*R`&$ptpPOS3w`{`ctiyd zNfm*sZq3XA3FcXi2v7$KJ>h6-%zQdGIcYtO2{|}mub*~0)6kgdmajCg!#?_F!sTy) zP+{gdAmskAlCM~Ox_QmP!8LSwE)TTwZs&5(K~F46Xm+frqhl}G6Y0J_A-9>g4#y{z zn@r!NzYV8s->~qm&sGs^6k^lJ-=AN`ZRDB(ft-VH|L{lgfa>9rU&78x+{Ib}(Bmzc zlmR=-lTDw2ZidE}uyBkdZ>;DjDcwl4M#-lOxt6#{8hkD(L4zPgblcBf<>lsz>)aIs z$i$0}8A@BXGd0D;_A)+EnXbR_G>Z&Nei)mcc21uWp*cd6*BO z12}n^nI|L5S=e0>M7GxBbv@q+OOP_)M8|L=t=aLNoutt$o1Ax4@l5Emm6xA0zqVDF zhMH#Q0LHse?kvAa5BS`8clR%lgW9f$jZ};`A94{xGMr(7csCFo0i^}ks@hKgs^e63HOSzAX$@W~ zEZiAlEqZj0E)t+!In%T`?j1h^?|tcC{@D6a6RLDoFb==f$Z1BoBSh^goZK~8m*jUl z=u*@D-uRAQo{f{N*MOx&HzG2YhF9J>Yt#buWmbN^hTKOnwKPzugot+xP%kQ$hVe`v zw$H+RsH*75nkr|`Lg2i?_#>7Ea2VrXYq+XGyKew#1)UAr_$wK)T2oQ6ydorb%He*h znu|fDKQap-KLM(^qhxTAK=1rm;2#5kCJYlGfAiA+cv)lyRG;qe@23)Frw@XyBu`KD z1ffZbb(mAdOFafGZih3>^zt_}48*@6YH1u(iv|4!-AV3+{qcby)vKbSrmi?{XKUN! zNT~<<&AYP@bP)Jl8}zI_;`+Tmwi^tZ(6QblB%4w9FD*p^+haNO1FEG*{`fs^9hFoQlQ)~HMRV^E}9^HD9$<+@Lm zA#m&0wCTDez-NO40k$1BH9Ci5HgL{*|EO+T1D200=)>s^MtJ7F#qE$Qqkg#*IC1M} z^Z;?}UT2FaX=0k2g#h(c0GnCSzv0{ORo*iKo!aDiA6O@NdIH#ug5o4-UanFBFdWm7 zH()&P2Is&KWoMrarFy|lm6ep}=;cAJb|hGW;O^S3=5u#7+CF}Jmgo%5m_17b-v(e7 z0csa$6Zrcz(c=y&Be?U`EPSS2^ex8Iha+jfBrGy_AJq{j$zH?FA$^@XD@MqB8XA0Z z4!e|R)j8ulh_I2i zFw)V9BgNi5`lu>X%df3alsr0*Yup~w`%kIFr~|dV3=PN~0ihSa1OI zpc0DwysgZzU9Zuj&IS78S8{ikY;rj{7iyFo;tvx+67);EUHX!6$tSkZ`axeo0fD@ux0lx`n+mcu znCxu>B$A(Tx#E`;AlL(eA7ylJL4hR*I&18xK)=sMREYq^SCWg1v-s9|ylBQbC9jTk zc=ps!*b$CPMM>%WpaYw>k%x^8B-$ZmB*1xK3NDBD0RYmhjpwrM*%DJy@4ewH$by2p zKL2?zmuiYr4uFj3#o`RRdvgQw$q>HAwQ(uA|f3 z%#3Ef4xi9n%?)nYXLa+=1{cPc48bxEL30^kv+ZM zK|PJ81(zPrpFhVsT&%}*Kkbdq)6^VZS+OHU5_I8S&aJH_*cI7JQCTjhzTq|yXx{Xu zzw0;#0h6$d@7W!6=s@uHl8ndYV1Rbd`s$ZA6SMmp;kt|r$FYuMH@7ShhXIUL6?TBjikhR66`X#nAOK4}I z-!Lv8bR_{+%X2CVsKevVeh$?Hnd=@{ z7m!g=JMw>(UZx5oHW)1kHUeH@Yg+`;NAo&)_vIG7kB4PJEP!v!mK~Q~CD-6FCB!Es znf)xCHjV>}hg!I*&sjh~e>-q~p2nWe8(dXb5h9)i_9Az5a@yJ6c?&zZ<9DW79ukE8 zXl~Yfyet*eK?!PCEKngyT^1J)1P}WY6f3J9I5BN5Se;o>XYGYSg6r2Yg7983Y^ zTeD(RY;c8zTY#LV>*KSt%CVO^SM!+MQ2fikbL49$5b>|r4sp%%1g?Gox*7GU&-MI# zfC#^={st;2?Df!CQSoZGppA*~_3LvXX-zFHP-8{4C|?h5N9?RN9)xa6NSGLhx3M`a z#-LrVQ8n&IT1HO?2BD~co{lcBq5cuu4U4>Ea8S^-FMDk45)@Zvj&GBavM1)~H4gxh zmq_6k2q5JHZ3SiCMOBRRbZggO+eq*yBqu7pkD2HOaqpo0vNtgr(4xJ7jM99MDD1}s zWa(xCXz+)(4Epu8kGJu0QAz9Dz8CWWAVvam7amSCaE^;$DO%Hg!cg);eXIkU00k>+ z@1pNOL*@$T8BR`BOiWCAdKB2mHA1m zqp_)}M#oj^SgF)ic90I4vz+I#EndZ^Wai}H08t4QHMOa*S2NF11SaM8X0A_AD6a(K zEsWniudaSBjP#smA35M;NrYr`I2rp+y{9eU2@{jDa7?T#>Cw6N*1tY4RJCSjuLMO8 z6qL-MXF&f$G$psKja#1=Yixj`urEtwCF6OZ7DuNEkCKs5&@0Z%uMZ1}cwEPPHiG2z z%+eFo?Se?0T{&7v8q}>!Z;xLb@MHMy{BBNTx>!RqG$glUD%s?%3qm8K#5fw@r%zN@ zvDz_C=WPZ(;OJN*B_*Ax>wmz$FqGEda5SQ*r?*HOO=D!ACg|n6e-j3L3ynN6kp{S} zWve_a)j0u;WS;D|QzDRb@3XVJE#<+U_%-$@n$<3>T&L6x-tuu98l(EcR>7ti zU!q_+@mct8s#Mz_V`YUxFNE)Ko0XlC-FoT4pVQ=IiZR(=jfw2T52TEdXI=vH=0F}4 z({Hj99JAU$Ro^JQKHadna%N;E(+70nxqzYbk@yCkscFvcG?RAN??zH=udAMNupBd! zVt8g&1D)aJo=|r*O?Yo_A1Ix;@f~XiW7?_L0t%<*(P?*HyOsyj+>G=4?KfYAw_2Lh{+Qt$E!5# zDAqoL3jm$r{(f)X5P?9c{ID>R%PlA8@Kk@3t;Nh28^jbs9$Q;rJrP(*11ISprV|t# zH@*4(U$ug52O1+d=F>$*HhUSTd*NWU68v+j{LO=;pl8g^!FEn=?#_xp?1xrkVVS^t znlu?|?YZzj%SV+0<{`nsdD+>(X{1kV3$M5Mcic*XTo_O(Lce_*NLwF`z%uy6Pe>XW z9i1E-YinwXJc9+6yuCmkR|kX4hv{|(KgRBk2&$^8D#$O~TdX3HP7oCnW0uf`H@QE? z(ocg$GM1JFVo!XfzSqOl20kwJSFN@pl z6oy+6SkY?pOvLG*c8cI*u$c`u6#Tai=js1K-fSI$(E^!QKp>^=YOOb#QMO_xC`4TMhiVjnt{|TcB@&mTR%j6Os~AATKk0>DyGE*qM z!ZrDj_2$9H~I$^(OrnpS_A9CLP9o@u703* zwk=Nm_#X)B0V^w_kZ!8hy%Y-A!^6W34YP3n;mf;Gtst&I>bP;;_?6fEDv(5UVqQ;h z9__IlBn)D-Bi{c-(VprO{BNEUN2c!dKLDwRh>?efXM@tl=f(58#VO+VNFKp;8`Aen zgo6s+J(&RR4Ksh8hMF3*I*ie!OPDk}kx6D|=4qyDAih>foVz{e|Gcpbfye!c19}X7 z2vT=QE9|Db^rW)-B_$+)hXuH*$Q6bRBsmdLQ4rZdJ_Bw78cawfAi;@ZQKBFxZ+b!e z%eVx1Cyo2U!gx@lkgn~~fS)BK=xA!Pu(4Ufb6Hpf)*0&Pcr14z54NVEOW4_YAB1+$ zV&6txE!NCJP8yi52b|;I1q~i$#3gr(M7Z+HS^)A?ifPj`z8UesM;nlJf z5;MPkeNW!n-YzFC4Xi_SM8rE+S5Wrq!^6WXDqNNkknY`JR09qSNW6swV>7dsxoj~!0G|3ffR9f2oI1+>$Qal35lHS>$}U!y1KE^aqz8N4- zN25KTK79`$BCr8P&my4h6R=^ZqdYXI9T^=J^Sv+&~$`!~#C^&S|^YUmZC^UeiHp3Tc6-&VVOVx)n4Il02oAV9o5?})bw*Zp^ z2rlUSngx39dn-4B^~otIQ=ZsMNJ*J&&o#mRgw67%i^Zroh?Rw988~0yf06xk@-Q4a zItf6FzIsKj*O3kJnUMi_3qX8uzajX>T7l$p^>-fgnKdKyeeG(ST4wXLwl|@1>8k`{EFiiv(HD z&L55@EAZE8{>8}nPpZKA)wUph8@z)WWE3#xaA{5O(NRzRimynbA zD{*Swv>o5_y(E3(?}DlKTL-(p4~<=2OuP1`lN?QHh57H^{RaL(Wnrw`O7nu5C4VCH zg>bw5o>4>!UA%nRb+yj~=vQDW$s}OlFMd=A5b%hQKaCbXn_?8Wz5b_h1_|2fNfyC?t&uz{{4IWCR!=?lAMBqsPo#uM-s8y zWMpKtv|jBTmA?M|r>FQWiBG`2!uKqCzCLScX!wJuO?!I+9rNZ*>O8NrkUkhOfEPIz zFVq=K=cuye9M}Tq`63PWd8GF$SZqKlp>3eTaxfPRph~lY9yxdv;%WK=bqSV0WlN{|4sHWn%<3eR^i55W{^z;F7*c z1#i}@bGGa)t^66r>(_Dn`*i%)TFT0iPUO=iCURb0C$Kf)582I|Yqi%vjNFSlBrpI1fS+nvUg z@)=JKRTk`dAb>dkW1k6kSXo<*xt&*f8pMJmQX{(b`}{Q?+#(jVM!xg@e6&Aocy_#A z2m}fk??J&DnCeeA?xoXt@2&KtJsm*~Qip&H&tBU1j9~xZ;d( zSX-rA^xx|T`Fig!Clwaj0WO0<;K6x;r%gm6IrL4zecZcycO&q5zQ#)_DZW}blG()t znD6L_`>@X|&+=bAaM_%Ia>On$s@&Xp8mLawD9fe{3f@2{?%P&V17GFMu8}9LsAvn| zvbA-d+IwhfLJb~Id2WsRXlQG*s?W$Rw@C(EmzkEUbb_W4!2ZIb6r`m`ir#!2IJpIt zOER)jFqyC~@3XM9{QNmG{JF5Ou+DZGe0+iqRvozeU~+a1FeZP)92G=$A%(Y~X$e*^ zMet%_{VBDOQ?{BLQjzlJ&ABJX34B%s=H=4ts>hOS-QWk}xD0I#X;dViV*US-@$fi) zfBwP-11y8d$w_#iyZ7!PuYKn9h7KSbSa~ol>q#ZD86~c82BbN6ye}yg6&2xlzx1qw zUIyui>E}{QNlJ=mDYLmUjA zeERUI8@v{@lK^T3wDNJMz%-OTLg<7wa+wmiO@ijRGEPN>kOiQ*hgFuUkUb4;t*{<- zfH8ZK_81a#Sa;CGBYt{lBqP%b{URCco#Z)o3NB!3=9@#I9}OHSMQ{dKF-_iMa+_eV zjDuA*PvSSoV;byxU^?fa^(86_rlhg4ky;Fa8eAJ`Im^Z44SOa2VNBq);08X{s3i>W z+&sN%2kcmRxcF%m?@GO%k*3F&fz|qlAJfhp%<#GtEd|=8rho@RsFa*X95IMsO*92KH`NZWhU*h5Prt#96>+@&>1XbpvY7KQ8dIp z{B7r;z}wntIayOKn;`^d2U`5F`j_ET!rtMa2;S?p<_FqNr)J5bTxYddIIxbz_nwcB z4^nY?1kWfas9nP);`aM1G`WF2cAF0sfZ%TsLx@qI7W`#do|%zRT~p(-K4jDJ<*`w7 zh#)k^Kn4gHuhYGC$4G*S8vGC79^6)ptO?j?*^J!BCa$gr0Dawi83u$ZVE-%o$M9d^ zPXRP-!*OKSv4t^+7xb@MY94yJyTcFA3OTLxq)I}_8F~EO-_H-&H>%JVExlNp##5qn zr_#+T{k8e!WiVNEaW#2)d2p6Z>jQY-utfptP>4iTsFJSTl(JIrU2HWOlx419_~e=@R%S zXxXXketvQ3p)rhMt~!Z;8|!K zI(sb3A?qY06lz61!K+gn?UwH^|STNg&Fp+R%qbJ`T5&>(X5kQeiiK2UHO(1Hhol@dX`aH0mSA&^bLbTChTv?w0~GXbNn zkZVw)lb?dXjVg%~_9`DTzay>@OIS!(1+y%Sc3wBF4?rc94S0Li96Kpl?;E6cijB<+040{vD^z zC@Lpn{3~LtkURp453m9cHa9nM9jUJ#Y}TKh@>vZ%)G33$6>eT$Cuk1B*^+{x(uU8h zX@~%(mCt&l$baCG3@e1C&ahs=#b5fE3cCuHlgkbs#!&Qd<|A;*(-k&}gvs-La60KP z#jJh^{%qmtpd3WQXQ?JB`z0dck>x-(cpYLI{zE)IoK|pWK3qJOuDw-J_s8-6y6eWs zW2>P&>QIF1G~xgpKVaA=&_wb5`}hCEy@u6&e9Sg&U`DOS%2vTWU%hsXmdCUMY?RfR zd|K~>%eW1E3?--m@ma-2{bL|SWh^)H8`=5#5%@V5=miHO1h_Z)Xep7VM2fm=a#B=G z>=b$j_v>cgLLY@(?8A6bPaI_0)ZQZo$eEcL;jLOnuuBl(!VBa*E`z6regSxy7*iXc zP>KJtPf-1U2#!{X8$#fs6k{0p)#Ff~$4%4YeP`W(<|e>vMzgBY;yvellstGe{;=B+ z;EkAA7*hl{8N6Yx+h2}+Nnczqx?axHQD$>%)+zY2;}=24EZ(QFL@P%vl52DiM*Btpx8s zrIuvTvw|G`@R8ATda4B_E-1`^LU&9$F5zqen>;F$jpnd%^90PynoXqoQYX7|w{(A)edj$S_1pdD|0;#rn zRKPv)59PrTRL+1aW-BkDibkzNxsAZptzT65BO-DW{W-Gu|KYC#p~85q5A9eLp*t_> zFOrW|aX9S*{$~1T6{u0OjO95+H0{xlPpul9=cT@ ztWLSSOHq{g6xiMUI6fCEzPrO)d$9A91aorK)5}A!wRS!D<=uBcBD#yIjGN7;WRd>p zOUjnfH{6oux$K)t5JE-ANi5WGc*f;T;C>MVj*i@Fcc%Wze?b^4+r~`MOMDtkbm7t^ zjQgSkGLh|5Mb6VJy2sZx2A@$|VVCOUG;PopuQe$t^LdX0d8iUA&a{n2@lzwX=B|Hm zOfeHZjGL*R{)1mUTlgR27^F>-ch}N{4`{VZ9CY12opofju*F2s?sE_vywN*<$erHbUploibQ-P-l{_`=nI5Nj`fcqvzx+o1uqx?@lU= z9k-_R_YXKc*c!z+>y`4Dg>Lz5t4f)~AbvXQ;!bN#14zHgp|$)Zij5a5I)zU^U#hOI z+1na5I3C{hAHpf~Z=J9cycCg5=5*6}M&q|pgB4z#Vci(r#q{r)mb>2!D+Ufr-~||e zo=UQ8Ow&H`QX%TivAK#DC{~_TiFDEl)kupy4YQ%2txE5!*C9!?P-v<*D?3i)LSn$iAwVO6gY^Gevm0AAHZstKC5}(XgT9`|c=_ zR0^#t|3#>yJSnpnTR>Zqc)ac)brq;Cf9ckrhHZwddV!d zA1iDa@`n=b9PEq4I22TsP5hYA(bMr3!g{@WuVh{{Jv-0ZXE#k%PPPo|o0)~8yl^7ScAE|3znG{^G@OwKmOwML*YZmkQodBj zMzp4E=TVhx=v&ESr<)SAVzG0FrH$YEt{D}OHqNZQJ>$O1`-*7$M|a@muq2fSx56iU z`g^>Q8PBAeOoBD7V@?U~hv|su^P=M^@`9CC)4j)SX)3JveQPdXX`y7DX}dXH-hckt zAqs)0Xh*g9g5|*9-l_*CQ`STzaC{?B`F>4 z`~A;f=iZM|b3Cf1*^~J6;hPFx;G!Rs1d*$NCSG7txExwaWQev$suJm12F(XtLsp#e zzmv_nP3+F*f5#$yat3p^(=K0Sl=$Ffi13E%RY$EW9#`&r&j0YEslckD)SM}Dva8gB z?(D~mT9#MHnbR}$FARtJT&o&s(j~fagPL?@3+csHSCT7qG%yOQg#C&r!p_>W``0P) zS>3(hL682gwrCuk{_(mCWqxLJkMN5FPHoIEU11 zrm7G=ChGg-B*z5SZ;mwO`KJJuSu|IQ!40;cY(bgT^9&Qk5R%i9m3KX=Z&>ILe} z&fYtk$20yhG%j_&n+2338JqKJlWM<>tbB6$r?a1%Gb4qOAY?}%%&aM((XNU`;=iZM zWO}+pWq78K3S_iqa-tpi6U}=?_DvUf#OYpgbxc}C-t(Y);+0#{wlLR| zwY<(Syry4f))yk^E``;7IXpZ+&iUZG+3T(ARsvhjCnb((3Kai_PW7oP)B2*G4@gY6M7 zJk8gaaP%?kW@oz%=^gKq)kRyXJ_1JgvWNTaFy<`nheM1AVNt=^3Tlp*Q_21`==%!` z87a581j(?9Qi_~~{b+{XF8p2VlxZh(D%?^7=@G6nZsuG0rIL$t1miT@;+AjZ;Uz#q2+#NyPddj@lDoA?~Os zql0X}g+*aLYmwl?q~c!=Tf?K?sw#EK($(00`4)29;-Gl;U3gu0(May!7v@v1^~ZEo zmbGQZyO|OsuU3zDp(?N^sScmM{JIBcRTbPslCzi+B-L0&x z+JlFGZx0YU9m@q2=8A(*y3MMigK)+dlW3SC~Z?i2gWwY9bl zUqWt~n_bShk=ZG3^(=UCX%TVKYQ`}?U*n8@dqzopb7yFLi{GV}dd(yMO;Cb2E>bL6 ziRAY!iS(uTG{YxoD;@I|=9+q|L- zTMqgCs?gu|#!Cv+ZE-GqTz#8=nFHadn|oERRQ(#hCtD?miR7}5&D?0pj_v746=C$1 zU*l-H*r?7)N8f}p^4e9}or0)ur&U=_6P2U={%+lL^F9kntMFc?DD0rFR}zWk>(OMr zBu{dyG=G^oQCrJ-(=#_rkH}hZUiP_A(z$t#CM7s!lK-cbIeTSYPE0o;T2sR$k^iS0 zQRHVU?}dN~ZGod}pN1=m22Ku|B2KEZ7TTwSD8+BxBL8ZSVLW}oQj&}B5EHoH;5=y5 zz!WpI9J?5L!t024OjUewgf(8w<|@(gvy@yLW1Jq>Qp2|ki+9U+3;1~3y)S%rv^3U; zDeb0eF{rT(ljlHaeaC zBE10xb(G5|ObJi(>s798&-BTz^T_Smo;`HzS7ns=M6gi5FeNO0zhQs4_J^|L@DtOlFLwX1)ZGeTR7vai7p>Rr6gtAr1R(O>Kea)gnEU z_ZZbss_b1$iJJ5e*Y_-&ttyY@Hx{=^Vvcg_sw=+6*B_7DpO^Jpq0J$a5INMxkr6~L zh^h%IX)+@PVEj1s?S-Xk{uYTTS=DO#Jyc-fzSLbo&gK2!cdU!8#HS;YzblY2rB3zog>HDDx!9=Dz==ern%_rN%mhLg_un+nCKJVv-rEnt#u zg_@4;mXgjj&~KjK)FgYe?pW~s=3*gLZ}YxgQf6KXF0Pzt;9(N!11VnQi^s-c+s`$e z{X(2`a%SG!_Fqao0(7XJ9P)#ynbR&h%<@$Zg{+K!7&AHB6KfvY z;pi~k4?D>uoDlPRzTwAv>o>wrA`-Q&H)&8l2!%J=G3B0)ae`@tZx?tah@!MRv?34Y zH~VV2<=RQHNxj}GLfYP6H~bclt}eAFAiL3+?o8ihbix#- z1Ez-sw-e22ofxhO=5%6DO*(u<&OR46;7iJ2!+C6MwLN;W#w?c5a_k}2hgXRnb*|~N zEOicbcpUH7vcN-uifArBd&;vNLXbB$G|riw8B*e24%gN@s-1eDb}A%Vc0O?dh_C6_s)gaImZOQl-+|2^=ixi4Ek8USl`d~TQ>=DUtO;++D*!7Z)_Zk5Tu9E4g<_WCBUENptbZRhQeHEnT` z1;kb)aY|G(8MSWX?w+1Me78y~?`wu^8k>{n5{z`R>%1j0ZsE|Y#4pRiV{n8BNqHD7{cu@l*!rQdoYce>=qm9 z3w(A7*;t&@D}h`5+`{p02&=Cc3xyvC8siSu0Z$ zOxs#bA+u9qs#@EcqmjFru*l1}=2>)u`*%A#PX^(+6l>hF)TZB5oje`&O{QN97S>vp z)*nJgQeJt@OKgQTWf)*nqgl(46)~9NX*NNqRBL2ZrKL3(gn$7Z^U;`Y@DytCYHw-I zy6iDJTszsEM$T2(A@0<*kfAx%+xvTsL#!|KTNIN+Nh%!zUAoX&ev!&=>F_nS#T74i zV5+#}R?xGv_jw}pCA&O@Zv7KNi_wW>of-!muZ$f@2sFdgbWd;d;_db!atgaG#w&87 zqOJ;Oc(kN=@xN(w6Q4#^3lpZRGVzaOJRR}OH3~|8@(gQ)*`;rVuD1f*azaY)>6ZtY zU3RB3dnq>2Z!}!?it%S*_~k9n?Z&Zb?{5xvvV)tesV`0a@KkCDvy?dME<@d@GcYGx zEtl_i2Hl?MbN=}<{^Ftr2f7y6o`)rfr=@=}3Yvc#7O)54T%83qT&zjIqYsP1;mFPU6roI>|+ zbw*+&h~_t>@h1Bax%|+nrca`p%JQ2M3w}y6xO{M2UtTctTToRy#-{N=Q1#eTC^JJS z3)ei>NX5PbJG|V}V}$2pZ6+baX~wvp^UT!k;`=y%2E&HW z=PxEy_vA>{t|eI;#Fq~XFRNWCK5dOiVY!H8=RHV96qL1T*p`@37@FHen-6}gu79zX zF^kRJnCbDruU5RJ4E+XC2;Lww+{)%q#i!%R#C56h zwh-ml<)}-1;tOcsI_6%laIy7~zv}rW`yfqxL3%znTEY;OG2`S?Zq$&joz(VNj-~%} z3whw8$|Od&Lpc22T|t5Ds_qd_!2EjHzNjeVxr#_Vo}NJT3O zVmv!#>M)t_nuAWLejrZ2PzdEzwxnMaRB5?~Qjq4m5=?(Z-b?6y)=zF9&A{wMGGM}^d z6pTv}t-reIcuvw95yL(_{G0BKi{ep2t*Ioc5n0E+l3Zor+>a#MtN#iny}O#kD)zh- z0?PJvswt&(CwGDh12fBIJE?NmMmdw~o0U;9Kg79lwyD!cUMrMFgkd^Xh9iqi-fRq$ zu&)sBby8s~ae<`eD)!4}@qPN)QG!zh6Ai^crtQ^;IxgRMjtWmq+f9j+$D-EK zAFP(8k@hYND~kSOJjVw)K({+DW0e%#8&B;TeYg7#LiKsg3ihcp?I$Mc(LOlR_J|hn1U(ImbJg zb9fTwz26aCcjjw6LlWZ%I|^c(oI&SY2aARZ(5ktd0}Z(tIKOW1OWBjAJEi>)>&~SjeK@B2k^ppvTVwLtwoBTLc1a* z@5DT$Ud_m<;Ct;!@60!c_EPaha&;{~(lj9|`Xk1J*Zw&+RTVfD=@Pkz;JG8Q#LA~@ z4}A8gC>urgWEp>MWwC?nzkjwY5!G-x?F5&uhQQ=k&1?BEKG%!D5tO?&`7t8~8}pfZ zd#@s1F!_>-i{HEj$u`&Jwo5Sue$~hQzO?fZLc^ro2Iv1lX%olLKYGX4oa&osluqEHL_+I!vT=Yr&hXr8wJ=~!8Sv_YTt!;g@Q#m*4dMGQGuMxC8Icb*n%kD-t zc2eRDzZ$e0x0n;t__o{~&4wUmTa7qyM&V5hF_KEDq=kj7RrQHzHIs2RHTAfY> zWOm*FPZWX}7OBeEStawZ?$R-{fk}ZY@e|hY`>?eqeYmapdpY&+^S*NWT5a+beq?`% z>P1U@${@KcrC9gwCaUfi1-7}dFNb<%JkC{U`p)ON>WsSx7oZJQL+0&fww*K&16+m^Jou%IUn)<5+^GPzeOFQ$$0C$ux=~np8`Zlh5K0Y&+aqM_$ zgrjXy-ge)Yp1x1ec=hMi#PM-;_iY`Qe9bo};;xXAJUEj(K);z<3;A$KRE&Zlul(Tr zKn^)Fq2?sU_NIi$Sj%o^b#p9FKfZYllIno+T=b|XghEEa-!qNKXJIVqGaHgAhZ0{f zMPGTdwYKn0LoJ?bVg?l*6kbU|*Yzl4A^spsBR;?JE!kSlCdmbnHEihi=>zc;7FCy| z+=+v?UkbV+>F%4U$El5ZJU0}|x@Nh0Jn*@eOnVR>bd)Lf!YXr%2e)T^#3pkF`K5?neTG*3#3SC!c_j=<{MVTmdULZ|~x<;xx zsjI+yari?j1GT2o^@_^(1A@O~Mtw=UPojsp6sNfgmilCbrx4S|;-~X|T{BHFLsw%c zsF+D8O&XiT9$)cWA)hbd+Arzg^+co=COYU<${k#@3*F1ltC-v??tM!R?zr0Mg#LuH zC98mi(JMus1M_A1?O%K{rHx2hk3L5O$URC6IT@eJhK&}p$B=TH6gbW)4!xIPbYwH9 z|2lg1R?DS$F)CjQY0!R%u>3NxN5+u1T~&pyK|iSB?U!LG9uu3?h}N}qw=HtTK4Z&h zG$ljPUybG7TWf8w=Ry)JUv7uInSyMMot`-1HzLgGaAKf&zq-Mop7wzwEn(1b_hp4^ zR1NQ-Sl!6M?(ucWm_BvLodY+c&|JKn0{i_=9vt(PsxhKz`nFbExJ@LcRD(huFKCFO z=)ShMGr*3}Q&$JsFs<&~_l*#09~Nk_Rp#vX_fXPKLeHAJhno{-VhhebdKV9e z74^J=YYAv-aC#L^Z;av=+4R@{U0oYd4gTr0Jx|=}lw}aET|`9OY-)>1BXMOLCrCn>;pAW^w7(H`LB#CZZb9)cKXM8? z&6qvfD8>AugMiN5IObtC1* z(vu-_(cgVsif3SC!=~L-hDttL3kPKmiHE_Q3Ni3nXNlTTE3%id35~{r7U9PH)lOZ zkDjvyVs}h(i=V;mmL5UwqO~X=Yk97S8?i*JSS+o#st4JN^VEMvecqFp<`3@Rw%(f_w zq09v3y}CVFF3m+Koag`G%wHG`Xd_8a#9+j~+q>-35joTQ(|cqXq^(dnvig+~53dab z4NR;h_i{>nYDI`LY_3Kszy4=mrP}XGd=yxNv1&VSu{wdOFjes*?!y=hCh0{O(Ao0GGm z_^Lxp!SI#u?YKi7$tWHamSa(hd`OfvrY~^D&D8l#wX+k;kC(1Tgnc-DENN{pz)Eb@ zkqs@x)IA}-sUk7vwik4vzYmddLu}2EfyBGEaJfgLfIL&q4DD}r9;Fb1=f`hy`d7X< zo;pyd7&uk`I6nZ^?!hB?T5Jave2H4#rPk!Tp^INi$%Zb%f2P? zsewbEa+9_CkkntRq;SBJ9KnU_g}BeZ<8cM?u(tqbPcco;d$-{}w(;DLaR%p$%#~JQ z!%KX^-KhC2n>ddS!%S*BbZBwtU*cz|FB_}8FYIa5IrI1MPb2c?Z&y)|nTBiU)iQX4 zE8f)9v8v-(YC@%A=l2VVS)}-Mo8BLU;+A)ONi8!ZJjNrUo^`e3=95*x`yiMk&wf!6 z?wOsI*38HkXrKLxPa%nxx@->Kq|B=nac?PFt4)F50w1e3hSSSSE*||^K^B*v zqneGOYP*CKZrzxW z$6d)$`&8;~YLg$N%VJVs_s6zJ?Z|5<2{We6R0^X-bJW#M z6ZdvLK}a}>cdk&(|FoltHorBlq>F3MFfl1co{@He6rl`Yt`Iy2)OBJqgC}KQxyYqWlyggk*t?6vTh9b0W zcsR>yn3JA!8jtruw!t@bI-lXx73IQ;ciaz$glNJ%z`FT=)2i zjd2bKzt(P(-4YCqPJqQhrdnM^&G+I32<9uuVtUUf2pML+Js7HKgecLEpO&8}F zI;M__=vu1NT@jx)@RH<-TY1_Uj+Tq+N=&CuxXhF5QSW$)9Y+LIICTCJC=}C6Ce0<6 z*fZbk;~6tq$cl&Xf_Pt}P*g<>vg2^FzqVF-z6v;sO!Uu}<~Oc6e^f8Yb5;SFt(Z3Ks9sdgjD#vLm2a zu{V^Ib;)gVM`o!kWw*uY@t?TL?qg|Xe%Pk5o1Nq=2Lp{EdT`j1yqlxlil!in-o^84 zKuglkZ@q@57?H-Tk}-ZObxdLEl;}?xq7eb*S_v0ee3cv%x1~$9oAzFTa*tFEycFh6QyJ7}M+pX7MgqsUr zmdRyFPu3ZlbkfalZ52T6TUog&!&XI*DHhWGdKZ*Z=+Y9T)m*2a3su?2eAg>z3*C%t z8lY-smH)m*P;k%S_L}H|q>*p9hwx_TuGIu~hHx8m9g zFXl^@-{TZZs>ewmfoRsfS*K=^KKuY`Cs2`5Fo+gjXHLNsd$0t|!f4e^i5>hRsXlOZ zRq7T{GWasi-kjkX9ZdRG`osEnk`RbeBk3j-O*EAVf@jswrc|=ND@NAbu+g(iusV4i zZJ1qo+>UKpk7^qhzp-&LlfT7UO&Q=p;&yf-$G)?*V*bR?+}%UQ7WPA>Dd!cxY`g!% zDwr^jf2wYt&DT$%o>4ccKvbuVOzSgoIAq7IRYsA^EGsY?SbCaG_&gRjoQ^X%4L5Rt z10-%rxVaAzyt?`3Jc#9CwIj^EUBGS3d7yj+$YNsJcX&A&aiD{wtW}mJ)80cAaKIE5k^<9tR^b{*-z8X)x z(m*519n29$xuh0vQ}=eS)E4LNcIrnxi77q~@bH*84lK5cmJ7XHO9w%#hl%J~|E~aYuED^~Bde?6kb#HO8r!|9#k0)4A zBiyS2v~@2Y=fo{f>Q985C8U=XAEthXC-2aU+{#qFW{1V$uoxAE*`SvnA;fHl}(|9BNo3LHMHCJ9TFe zSTsV2U?)Q$#};;&y6=1YupuLkRcURJQGKhM3cH-4DOUfmFuQS#Ri*Ncth8^q4%=FH z)CXWTXau;>>3w6I5>PIiQH&H~{0XI{T?QgI8|Q|kpN&v)KLEuvUVTfqh>xv!DR3q$ zZeeQQB-Uxv?clnh1s0qDzZm%rXz-Y=2t|l!-^m*JAi)jH55xIt}NLgPeBq zs8||BA;9Z6x+DLo?nRcW>Lg^nmMK3ie>ErhX5wSBjABOqA53 zF&(*i6}X^YA4i|}PUAD{nNZDLSj}(;G-SZy)}IoSXL?~>!u+7&RUi(=mUe_V@T*Ls z(-Q+q1Q6c)`q>n(|LBUWaaQv0(1{UWA?z0DEdIjT7EXH1J`MweCdY8y3({MqO7e^D z*(oc_M-yM=DBD4hN!pe>1$qWZ5}g1`AH+i~55It@kCi233EI~7UQt!)W+CmMSk%{Y zpAi(Kl06pb=<`&E4a$K*%i^qxha99C=r61uFT8R6Z=+LNB8@Djr2 zZxBS{oQNmpTKDScY{vs-bMhN{q2hw;N?AGBg9(ko+dI_*T2`BHmfovl5N2V)3;k7BbN&c2}}gZzr`$ ztf|pBsT1PwrE|+M?GN003U>pXUHCh*eJ{A*tlo81fgX~SqZa3Sg~Q_#>}bTL(-Mpn zrasX#h2r>+hba=-atf=SFy80M)(Nmmp*yV4_H^uLy(w|Jt##?#Q^cv?zk#L+KGI}{ z`;Zk8Den^E;UwC10^V~T(7Kbj|9J@h4}pqC$3;i;4*iE;`*SnX4K zPSnM0!Mq2Y8h+Y6&h%#6?Br~t~@Ex|TqfOb=gzO9a)>=#qGVR1@%P>?Q z$iMei!wjBhDu>U@_>w2m1}&-4kKkv9X`^z49_2=r!2PA`c0Rl=Z~nZUl&%jxt*lI* z)mLkKy}6kae*Js7bdU^`pL5Ft`4jVt+hKa%*&Nm5Hkt1SJqejV+;#1nly&Hp*KdmI z<#;d}y2FI^^SyIRn5mD6E&BR1{cm?xUOl^|@_Ilj`_o^NBz?j6qvH=RQGa%o8%D?s zPnPRXz7@(thjR6%jy*o~Ry=bzz3uJjdD#6Uq+lJ}EiCn1HMZmRgLJjFsXl$vEO>A& z$pXFl{_Ssa&sjS)?$=niNi)!_bc~jaZoGy^u=>z~H__cbef?Td?PMAK@6(mze6;Ch z_|#hL1(Vj-FD<{d$`}oLiyCkqL*Xu)c+zH?!Z#loDsA=rd(XMoZrUh7w$z4PJL#~i zt7~oDLqqGe03Ra^W4xF`6)pLo*tApaSCyNSpFg?P^_M#n_nHsndBGbmT?x3y*P@8` z;_*)?$k5^mrBtXE72E2V&23v){__r#+p5b3^{d(%y!`StpKj_ChlbRMVm`)XBxEv) z11(=?=Qky%#ly*5gk8%-F>x^#JojMYo~l%5io9H>!Cwl{ zOzJh_kuNFJ)uFXm!!o#N3|#X${F0aS=fm8lqH|Q!I3N!Dd9_*mYxW_#p#F1KBR*4p zQgio#HIl#Sgewaxbw1ywf!;bQ)02POH4_z+s~^!2QMdVHq$!pCw;pkj`^aPkKbSOa zuX4i_&pt=!=vZ=>z>}O9&Av;|sa^z@-22Sh%UnhSsjB1b&swbEPk6xejdEny5{0^s zWoPHI*BN~WGj^6LZH&PazPA@_X64gGscyy)hkwem4)reoQI^|;*5ZiWQ85cFtt#qC zPKk@M>+Y;v&a|8OJVLn#b??^J z?$(}jW?E*td!FtNmXQ)hgu{jd002=`L_iJzAU*;BcmfPK=pPH@;9}4hn7y1ZA5b=i zdk6r8fT+L^1(%eQRaXspl9i&4-a)xdkj6nJZXF`}t|OoVeRbP7@A zm~CU9Eu5>ok}sBDZi+R{M2B~hvF)4b1XpBP&X9}yN>~VONJGX;@~H~^oIsacR~~k0 z|LM>eI?8?A2@`*u?M?%HP>=mL8dwG@V4_g;_KdmL`nM%JyL6RF{^T^R($i>&glYOy zzTZbam@mxu_%(I2v#c|q_lr|`Q`2kzG0(nMYnehJ;0BQ#N%)6455fWbV-wHeL!&h% zq>q&QvTs>YM$M#onXiS0#XBoRR1%e(7IqI zl(#COEHvf%R!owS$yB?%drQjGW1hVR64>XLMDOHc`P~={kHD|D-1aMH z)KiJxc|!t(pG=ij)lmQdCe^x3)%7{LRe)$x1WM?gSVnM^;A=aRiB|V8p7>{Q-h<_F zW*sC{-80$C8h-!u zK6hq*N=~J#Q^#=aO}nEvFX63#I6~l}_bYnPB+9=*_EqMT-X2)O*P11q$%93zr?}Yf z*5VLlKV|mO5WL?pA)vz)kULwq|Lh`(N#;nS!PeW?^z0VM7Oi`-^{z!2Ntioz1Ke>a zn!8n zAR?j=0o3Z){{Im*0XVSJSPX`0QhCzBBQiRe; zvQWWvX_*6G^s$LPSm$tK(dH>I7`99y_?>m~K%wO_CG#47AwfuRU!mLtnE~YJNVU?+ ziaQcIL^YrPCQCz01>ge2vMmX`hR37=U*B;-tQ1&~W>>M1z6{ozV#K$pH z!-JFI-)9HCEI5eY*$zt%4-aPvIMS6fkuO-{=wn3nD2nEq477Zqcm3}Mzqz2$IEOwA zyTyvqVEH_qj(^gEl`Nffa`$bUvDBI;QAzgOlJMjE#3m~P_%&QbJ^{SI z9?A6NnV<)A;=kdz@Xf;JWNNM>#-(y{vy-el=tbuqtEHfBmd$QqI6h6=a|APlB0)_!NOK%FNi7a$;r= zl9|UNhpDNlUFt;0tn&#xLVrY{<8R4OU=f%e3x<6DM-qnX@&t~9gF}jhSmW0gC;;E8 zth}`;MFiIfVKjxI$#wlZNzgxyuYG(Gjez_gaR{TUbCYJZ1u0-@>51@ix> zp+I}NiUzF;9Gv9F@y7Barr~4(qEaoahm~rpyPmK>6y`6{!s^f-Vo2}GL|ye$+Wm|n zJrycK!Z>1*y>=YA6ZTH$^}S4CjBqTPrGzM#E||RJV_ke&`Yy)jC&|R21;Za8Mkc;z z{t@LLF~DXciWK=0VF(7EjWmefcK&o(U;Dz7Er%uH?(SUA))`6FjbStL|TE&*vKlt>e?d~ON2Jcpx& zEK=a}4fRETchX%{d>N_`Y4psmp<(k`fRKv4ouNo7&hD}HuxYelje{1BXqZ%i)j250 ztm-0%Qfzl!tJ(IkV|;ilFK)Ym2qZ#gJv7F_k(i~qJnZg+1gums{Arz(u^yO&6Mkph z_1)E{<|3iLH)*LsQ-VO0x%(Q|fv0Y>`@FKktpnYy&EZ!tA+DDfhK&X`@gXY1qGaPS z49k_x*|*^=rgcSdU}5}HZk0OfbK$RdU7!X?5HXNVs-qX(-bQjW3ln}MOAK$d7B%id z90UV^SzpX#nY;gP=G9ERGQN|}`cBQXb_A>;_IN(iq+Pv!Q{}v~Fz%^M@9?eV*;N7nCY=j^zGjz+bsk=;0f75D zo8MzvQ%#H}XPe{hR-?uk0#d*J*cN&vLCPp5@`{)v$J6oMTo5!TPw4i*ri%?kT&XAB zmu#aB!tyGmKi8Y;R6jkqj21cUzT?|twBO!dTwlh41%DM(g*`7<|Fm<=5X$6tjQ$y| z@%6q5soh1UIix-A*A9XpYInPFDjEt8@@R^E#-#WfbSHqna{Eg?otM&UY z+G=lJ9=99J!b#z+tLh|Y z1SCIbIv1p!lo|QdoCQbk;nGvAYWZ(*`^KPmnxvZj^RT9`W~xQhdA*PYr}8{U6?t@M zh@GHdqsMEKzkIVx6Pfwoo6hW#Kar#LQB~h%%3IvNL7M98;$nBGWAIn&d@Ijw&$a?< z`$5tyu^&Q5iHO?dr+-gP-#&b4d#8gnE{}nwZe9H?%YkhAZiBP z&_g{Y(#_~0)4w}&)qdqa0T$rQ`tyCuG+E{Vc~b>5$#H%Q0dQYll0Tv(jEMsHFClAz z5*t3SI&MBZ`yHcpfTFAyo50_|1qH>F7=(@_^cEMSAlQvj@Q=OLMM#DcR%G#f38jbCD06^kR zM_Yt|Il7S4eYq*Mu@>O1-J{XQ*&EF&8mf+#d)T#8og55H{(fkz#17QtoG)doHdoV0u!64tW-NVrdA61pK;Zse8xfFL zw|thboOblK?p6}I)bnFC6w5d}A;+x0RI2(B>$s&;N2_+Z>U676!hr~E)H+sn;_%OV z&%;!i_eX~)oxrFt;`y{oV!BqiW)A;M?8eZB+W7c!C|he-$(Ne^nT=t33;r|^ z%McJt^mpCc!*ZTN*QS6K63SZ(b|PVv4m^#{=i~`B-_d@yP|G?^a`8+O0$6Auy-j8% za@x5r7al!)8H}X_bRGy^$LFb<+@guJ)KAbKF4v(L9Up>;7bk7SM|2I)-<{=eBfSq2 z%&3&;yifq+EIo1zLsy-}-C0bS+iUy@tT?Cs78zC`;nU@Q~q* zhgaa4CX-X7`drhU)u7ttTIUOAW9u@tHS3rPRR*||Ou~84BAeNt-Sp7{%}@HsGRa{#|%4(__bLt)A85bI-3@~7#MPIt-ZgFVEa*@5>@EAHSVCak;93@c# zmREi+|M;=5gZ;9V$Ni2OGwf<9?$>=vbQbs1oPh?l0%&uUF4tw9Kgvxjx1s+{+~8mv zxSS4E5XX@D&ms(%kU4eaC^+|vN*vJ-!&Kx|KU#gEJV^?jPC(m@%W+0lv@C`6ajQ0m z`#v4EKg)w0<%cwWnKfcs&>5<&p%gwHh?xS0-;}^Gxf6p|XI=R31z1et` zL1u8eLY$|3>mMFnwnU2P-+g#wM>wg8o<-Zkj8l$_jhz?6Ha8R8-3?ofEW!qOZd_N+of1XrEgyX2Pmm8vgIem8pgXWt1>b|J?8F7I=z^BK!)r?dBpaboFYM}jHtn;YI<+ZX@e2WpbyoI<6^vuF;ph1!z1G}H_Z#}Xr0sX z+ae)IlrmrwdF5d|P#jKPaay#>zD;${YL*YR*E`VwSxT=rcLkl&yka*}sJL8f`+juj zPql9a*n$s@S>Jl%na<2K>yJp}mj? zhzV|LP6r_c03h_w@eQbuIdnL1kXM5asR>$b*%}MUqO&g-d3JZ&Y^86#B+QhEfLVgX zYC^Qc++{+Xbrw{KiiIaj<0l2d#Rn9nIxEgGT57pB0VA^7;^pAlXR1za?HAFhrY?T_ z^IGyY?PWU-Z5ajXk7)7n`et^TM4;XI#}?#v3iqzl{KbG(jr0szZsjrCdRDMV zY=znYA{WbFx_EOXhY}P~z(5GpZV~C4XI;tQ_gBr-R-F0OQA_qGUFg7qmH`>5OVLjQ z@YV8(4|V`hKY@PsSkJQmeVM-uhL@};W&%9WyD>%1kbBj6&|#f45&-l%pBReUXq0`6 zp7kD27Y|HtCQeR2Z4a*l?s(g$Q2( z4fr%we~?-~Ta~+f@zs1ne)ilh+C7#!cx-h0@S;GB_3e0=LoWaa;5}{RH#P?YT8Naf z5r7tcOdF8?1Z{(+pZW-^O7LE-?EQ%5t)KE_pk&;2`-kGe8&iyl!|zlnqE7cXTCE+( z$L=?3Cw%se8|ggT$F~wCSn2lLESIJ^49+@^PFdta#+*i_&yB`3Hw;0TR;)2{%Gp&o zr|KMe{*yHv5?H2{0w}@+k?`0iC9PUxJxE>N@yk(t8&dDH>AwxQo%oqcq89Vcx&-H$ z7GxIV-d-d05wCj@0$!%-!bBgQLT9R;`6I>41%;qpm*ovLLjf?6GT(U?3;_6MGkgoh zwp>k0IQ-_mFg#Dxy(f_`1~)DL@DK(7BW%a>j->+wb@d+#Abq+}o4I8kIAl`0^}vN# zn)_&|?dCSyR}~6D=6{BbN~?;srE$41w z_4!s+2#ZI#+_ze+%-D==3vhf!lKCaA6u@A(gI|0e_fU}JRo$7mHmh@p9N(%IgIduY zIN#c9fv6Ns-Qml5Vdx58xdg9Ai?*EO;6D6m+cyiaKVo&Eybja^%t-WJM8J)vi+>g=>R$UgvUZO_#V z)IM3BzQfYLfDYIG*b!g426W?=`lE5t-J{O0%XF{whYLe#yU=QI$YtKy=VI%t31bZX zQUnLCb?ti&J5!oJ)7D6f-Y$NY$0K4>w|EjU-*-r&`@9?vKDalLe+iZr9$O}r0R!kU z2}Z&r4#H~~*De=2;=yG89VO4PeWPPZd&)R$N}c}JnC_LV_4ccWgtu2ZwOjoz=P7D^ zdzH7P%997K2H^a9aETx36ToN_YGWDZt9=c(kx z83PRvqMm3so?Rusa4br=oWHD|p4>uy0vzYk#4+cO!vo|T_Eu{-9!suQlUeqWgQW3P z^NP<0D1U++0@koUP88^*Og&ZtH9UX96C3Hdc`lB>S7>*;1@Sh>*?c~$qiu|V3P>bS zbCmo1#p`bqkI-Ipwk5MaKQ*RH>pgEzI@!@ zur_tZpi2qVu@*aYqlQ6!kO$D!pW%u80*~YMn#ws+U(?5(sMEKN#xvx6#S9mkZM(JJ z{+{H{tSQ$fxLa~Y55BobCX`omO+x|&643p_JbSI<({!Gzs0JVxB++!edV%PzvSC!J z?(REOWeOom>ztpCLX+3%doozy1ZdqlBkfuSh@$0G&%ZH}5ND5Ou-mXqmarY@nk`a3l$B@k;mdT|-?uyJ)QzB)Pe zi|U`)LS@|(CggJu{2GT*&A4_0^z|xsI6OwL<2q<^W;}j!^QlF^ZUPil5Y|4 zbZ`#YUL~s23~C@JeC?3Pe6OCVUgj77FEN&WR=w751K<3Ei%l~b5N2L~l-!S~)8%@2F4|8VsLcWQemM&SoAvQ3Mticqo(TSk z6j7j3_Jy5ZTU#}kQZcaD0e|Yh`iTWPJq{$$>wu>B|A-AO_4p5g#fJV5wBhUS@cD=K zntc9D|Bgw(AVNTpy?MjP0;_J(f)r7GL^>V{yV-|NWWUHdZ{ANpW?*S(P*Bim z!>T9N7%lA?E(RWe#=7NvB3AUdJS80(tu8b)l%xML@;P*KbJ@E^It?~#%+40{GWy(% zYofu7X%Oq%??GFA9^`^VNQgssyjSJ%#idLgZ%YgesIcE!klTtD574WqX3{E5qjVVS zq8R(W*YAKBY>U_boW`iM^6PV1CH$oRzmfI&LqiyxzD#`ogo&xZw9>8d^fnDO4rVao z0}B8#c2K-`u7kJg?Y+pn^0@6xsxZJ!f1PG+O1tSkBY9ZE_po$DCDJ&vL2BWMj*7pF zPH4a%kQCGVkuDTrs{G}adHiK*Q_kD<*IN)sr_!y8Q6g1-4~i9vsp65^c^DfrT)oh? zUz_B|`dyG}-r(?$2w9>i$^itHARIJ|9bLggu_4ltO77wexiQsN=dcemtKY}RsY~N1 zeRYrVKjUW(D_CnLU4@_RD?@bTzAV!&(ymtama}^~!_l}||NhWx^I+&Id_|*)wfSXKLX@g3&Wr}n zlP`<7p=r;gOk~>_Bh(?^FH~E^pCAYcK>yl|lHBcNonYC}FDXkdvb`TWE55779=hGw zaGtsim+q}d5eLz|Nd9}?nVetyroB4gbfH7vDZRihLw%{~KEVH?No}x0F?-Vccw$<^ zt*j&@Ml*P{#iov;Is@CIiSC)(@R&XNhcm}_rNd^!VZPgsi7d)F7j)Vr2%}66>&|{qWw~gwK7P`u116}c zi;ZpKmXMxTI@kz{MS{iAs=8TA6D_~RF=251`29U7*vgcQw#j3cJhLIzL~n@RSgzT~ z>W@X*jpJd1YwMupsL=lI!-prxrP;L|NLkOWYN*_B58fn z=$^k|TgyVfZQl5^7sqWXToyxuh<4SMbvWtUPyzuyI?BdrM(N0|@$7QjU)eexd@(EMHYtVu54nAQ6pB(@sSq8J+9@!u}iNX zPKi^!^P@jOIX8@y_UmMQmHVr?(%yAk@xmI7dpiRgpZe(A+ucw$6n6q-^N@c-tyt=Q z5E2NWahr2OxtMDtenVOG@9Xi0dRP#*P8lz$a@}NOIVcZJeX(zo-xU<3x1Q!G|6r4V zWPt@&1ydq5-E~ZB}8M^vtN8davih zczL5#nIcXC7I0ZO!{h(88epiU1e?6o^Q>muCGteOQK+t<-#-`Q&np&c-lE(4!^SNeW|QX{M+cT303f5F{Z^Q?xxH@$ zrijTSPQl=A+ne;4w59N9s-^}mFrpq$(d)SXSh9|Djk!8JuxlhM`9>{bLb;oNzfq2= z{IZ45*i%4?i16XfKw z%!_DK?)PuPjpGG{XklH(greTke>bym(k6q48LE=P#rrHe#hgWZbUdT0+HOT&&7K4d zXY*-$bS8Q{!D(lte6xl|%{UthZWxIx{1PeKdG-Bz=vw?OnsU_We$+M#`9krHBiRp1 zHsyA_0k>9M#NZx9n>8@U$GbA&aRry0iC}jzvIchPpqfy`r|uU?QIa>lnG=BxL~L|4zP$HKLrl$fbKA^lG- z36sU@J{{tPeQg#HFqk1bV1S(}nhyaq1X?fW5;7&C0Xo$XjjsJ-0dgA^V1UmaKFaR= zs=FA-EfU0hK|Pdn{+5m4F;}W}0P^1)&9l_~jBGdnnqeY%rR6{!MH)Kbqlu3vr2r(X?zet!q3PBJ8XNXs)wa5QYiAz`<_9aFq9~|$Kz7dc`Od^I zar%0I-hy2Vi zAo?Q*dG!yD$`1<{KJI=12<^eMU8K+e8$`HE3XzYB!yRSXJqG=b^&^;Y$^0iJ23d@i z_8T6ST7@!u{rYpUAv@H_5niVvnbW3djEN%$_P8c#o0Co32AJq1EADM2YTd_g5p<0? zs)HLgtEnXvI)>=gqx}4t^4GX%RUY1aeY5OVAg2l}4zl{23xCkL+~dfH&E@`~!Gh;A zhUhR(QCt!Q9z@e-meI-Oum8P-aA>5&=?c4)AKS6Z0` zwS&^&WsLW;Lld}^bET(1a#gysN=gl?`gy!rv>vI@@Jvfd_zYu89bJD4@)jyY2xi&euyy0uJbp*pEq+ zQ!Kxz&iYQX+(K1RJkX&vG)y&yGUwM16G)c0GP|5oD?x?___Web?3#Hf)*_r7pet7& z(Y&k$ZypYz8IqQ=$K-M#BY5X>=(Ret2-@alERyOO`=7NK2$%j*@=PKxxK!UW*eGIf zI6g2>pbF*U(Zh;I%+8odFD&_9tTL?G+Gc(W#lc?W<*lJ5$}~R?2c4z{=T}e6Pcs6t z^c)|c8>_wo5ae&tW|`i}bdtM1Mhwx-n+LvtfK2toVUitlv9RGTV}*Bs^zeodlZ2{F;p3>4?Z zlXLY%TLsJu50Rh;9N6^@yz>J^azeA(w8WecHm`GpE3YObDGQ5=l-2As-9AK?Xsj$g zKT|T;qyj!8IyY!P`LZK_6i$N6EO57tC7Ocke((2_Qf-z^6Kkq zh}4`}4Io2@V!rrgj7u42b+H!%8cM?L!20dW(Nw$0i_~x=x?@50b!IsB=cMiLE3vck zVvIl{U%o^AheU)4&#vg$n_g1o;^H2;!kV@=Epa1cSKXT*V2v_1iVCaLrg6WHLD8&m zDF&~WcDaF#hFj=}(bmJXR>q4+%au{4{G6cc3mWUbjLprgrQ4?2aUl*%XWFoEaS&YiC`RAMDo*o}QsV%M)UKa*Jq^B}%|bjz ze0`35x)eBqCf)c{>v{JaB9~cF#mGY%n$F_=vS*0fn{D!E(r%||Vtbg<5J4Bc+wkkM z)Nm#yOmQ+gA450k^W@6M5~K3PJvnk}R5-z|k{xl6+o^?x0Huh%i~~y>+fJ3JDHGpK ztlFzOx($j&hm*n&(rOT3I){@k%SBYIZ{LXpIN)Gf&vAdHOaln@1i1`g4=B z8a?gFr-iY?!?FTyurCb710!pGD-~62Rpc0&KEuUR%%>%VZT=RNM%t#KB5eNDuHV1^ zbB~+A6b+kDegNVvkrovLrjv`4#b}Xl%>r3jJw%E7@z_Hkc*4?Bb?Jyvc6=R9QnNCn zK?Tup+rZ;5u#D0Z1yfl znz*fueU@^H~1?U@r$cZOR)If^;Q zq|p!Ag||!U%EtwJ@I!Z5?MG`t zld-vEtPEq7l1o9;@6K+my6grCe7$%t=2<91x&De#b0UmOBYVx%gUe5ts?^klc~1h? zztr~nx7}}_{rTg3p7%$rS=^FPz792+x-|X{AETE)1DD6@VeIpL4i&4Ipkh`Cjw$)}eJsM62QoV_ zfrapAKD4N3lo2u2vR6h46YW>e=vGrm%g)T!m$L&;=aajKUnrHy?F)EtW8_+2OHo3L z#mY&@@(kj{zN^Eu=pYd0K zp4UuHPw~jD5u?Tkg%rK84Sr_ytQRxwOl-&wHqBMsGO|^)RSHfRsWX%hEQ0s@G0&n5 zf7~TlKc~=S-bX@Xvm}=IJ)57uPZtU`z^GiTC-ZdvIkobd`inJ@lw_g_~>8PYf z-*(Uy-EnJ=UG_(sjFdiy+AR--qhhWyN;G_j=f$(EgBg~^Uxsh+0jQr%mQ%3ONeT*3 zLysvhqqeuBn5aIaNuvp43Kxus4Hg%m&MU&mP5ExRg0hm+=DCUL#Si52f+0cN zFB3h+JqPh;pK47VjntI5c^;zV#Pd{_njlNz)eDYSa_r*+V@Qp0IbwDj-JB&Bjw)uZ z5-)B7hT^jwAcKg&ux_)-H&McCA;V9=$N!Y8bo%t z4mk&Adz+A?H?*4VNDFh0wh6|JJQp%;`uE|8;cjx%({j4S$^Z}3!)I++W^wiSKR2JM z6JL;qNZIHu*wQ8|zxeGpBKGR|MU<*8cpdATnm(5>^^Xnv_Sx-}{X)diAS9z>S4$Zg z7kOq5J3GKfL!pQmKYrD#-FhbVTKUo#H=<+fq0}GvyCEWcFf4rbuRN3d7Om+Zb$mxf z?~(vlw-B+_TjZ=Ef{;ruqVBI@ftV^*sU0?(%|Egls*j6MrK(?~2PIywqvHCu{_^eF zM^y_|-~bbio90L3Ia(ncBp<|utz`a0+HH$TFWO zLx2RX*DS3-O0R-DK3mzuHUnLTo%gC9w6=$R8rypt8XlFClNv!qroLpy-{mq@)~N(> zN0rem)LSOCZJgJ;FB)qQNJDOOa}AX&G4se|Ecm*Kg;)bvjysoIKmzw=5{(jc|6!cdOYVvANBwYivKqIhJEo)I4$ zJ9~6v`Q+weq4lS^4ivi@o&3yzg?3N)=vKw7tRXr)f;lH1%d3B_{rlCKkL>x?A+(L%~e3SF>`yzxx)|_7eH~LXs_>oMj550$5sx%XB4dbF;45J;le=nKGCp&4$#?&~dNwBE4449?!tb+5pZnGXw`+Jsu zl%uVSrB8%9S6|_{TJGbh*;X%wfQB@-9P06AC7_W}G=Y(~G%40fY*}qJhd1o@Yc z_L^mp`IR;;QD2_WG7<;_WXNjYJ5P6_#8wnWvjjBh1oFW^W+VLo`*zPCcI8BTLryKtJbwpZTHp)>SjDMGtSkm83ZSu z1-mCq3)+975=2ghzxBS}KFPldSgGGN)_?;U+4t-1FPm9&OfjA}FUBYsk>X>_0vcy& zY&kL>vJz{pi)9Yg0aQM6b8Cd=%19~C*;2pF7gVI4ryq^sUc1)5Rlf{OuGhUTApsLa z+RiE-&=NdrX6hBLmy9N%+|*Lm5I(ml)9r$o4z!^uc8(F2M?`u;Tdk?>P6(9t`!}4b z!OgRc?F+B0F>c4E=B`l6a{b{TMKV!Rp9<@wpR;4EURmcuVDD00vlE2H7q9DRbMquwVfimL{;0 z-?)|4LNF^ez<`2fC21s9R{8A>fA7|}&GMZ3H?u2H3KdZPfND~td3XL{`AyI3 zZRiDF=XM=28iE4gbzJ4Wptf=b0|=o?YMNJtY8c2tC88>2O&Z>r5)e#<5L0PeOl-Q5 zScm}bLi143JUUhED_YVfZl>rmZ>GQNl%^yYSv4(zMSfxw(9snGpk)QH4Q5g4k|j$j zD~ay{-znZppSk$@;1iZ+x-g>lnHhbKMhqo8hLODO$iX^hM6Q^689_LbRP7gqS+gK& zlG9V2qfp~xF0b4N>Ff_SlJTP?U;s0P7#f~4s(A^jd)D+Tml*Z>r1`6VujyUFnvfK{dWrsyy zd#C86pL=}&TNY)7*a+I7F?-NEHQ<;!aR1zZ0f^p z$k)R2<+JKZkI3SBOi^OXxM-}n@A&_gh8k#TNPMN;TQaXb1!m~+*~nYj@^c}WkKo@T zHK*&eizg|P)y7x8Ks6)-KKUH8SxRje>!rPjMdsia+VD$?O#(}31o$sB%$211LZ0<` zHwtA(+|xaVj6Q{nb%HzBOo-}GmgtB_TU&Vt*@!sPvtnGkCgW`K#}~5tV?K#fOf+@l z7CfKV{|Y8nWeM4Cj7%0-lv1h@~+TGzcF?i{}9IccB{ z*kjK)o2#||vSy!VNrGlb+1B)RnH0W5!l0r`Qkb_|kv1i4SV#tdFwrWR0{bBaXLW~9 z2CW5ZriVKs^P~&Z-(CN14C0LHbMn3?caMyEMAv61Shoo5cAZ@@%ETA?lSy#y6jo>d z{M4?LLTr0GJ5)1AWYGC!-VCZr3^PxCtTNDVa(OlUncv*oHW8j;0E&Q9uP=;Fn~l}8 zc+8rR1(c1a{YRtyz5={EZI>g4M$==URFWiKM-JqD1znq-*fF;JasJ)cMlXF;GVhSu z%-7}zlV@x7Z~lcWHTA63_07?s`V=f!b=~vCCmiHqhhaDp>r`9|I3VvykGwvmji53g zHi2yTC(W9b87ET+G($r6an{$tsy<}tw>srH(PRr0T=v~u^_dEGC`#XLvVb1}U26Uj)H_aDv-gF-bf}5_<1G?U^Qd1lQCH!y?QN zN*td^m!!9Y@$FC^OG?6~p{6!BGsD+?)ZgCNuz729xHK?dHn#BaNV~hZ(E8la zu@HcrHn~QcFH=M+*C<={UMxUH7DwtQ<-U+`7&NS^?e#D#4elEo8~g05kt_F!JrflM zvWu8p?s5TCGHz@wWAcyGBcqEJbD0sh5BHqbCzl7hH9m!TnOMSG z?_RJC2J)w0*z9Mglamt<%h{!4Rxc}ab9aPYY@WQlycRaP6izH2U-lm0Hx|9(+nhm+ z$0yKJ!6O%mgW0ROnVV}K?Yy~SH!flZkPhrG`NfOWakZ83Q}F5kG?bvYqNiOyKC3}t@%ewTBSpP2t}kPcuxGzPWUSnq2tX4W{ zvb@Z}ZX1rt2lIjy<{@%+h!c$STkKn7nz!TSjx4e~w;d{%PSzh$HOuDQ#zhkOrER(y z$jc1Lud%gJzep_IoBzd;CeOb)b&|NdPY=W697aY){8`_OPvky3ZVu^w3I;WY>9F=j ziJTlsKWg`tJA0QEzph))zC9trK=$va*?OEM7OvHe)1;Z6baCrNOPJ;{quN&gUJyMv z=qP)y26?e?F|St3W^nr2=f{`1&~P~3AK_`Vq9?I}PlggHk}XH3E;048n=z7A`ZBv%cg{Pf#BwdUHDL5Tp}4^cxej*SqEU zdvA0!a&+fXNV#*EUB!2SEv~d^)w4prC2xnuD0Y2jFOai(i+%?btZNwq&=*PT2g zD4U~6H)35vDGIf_oVBuU?Gxkt6HVo1i{<{8jQVYU{g%M8iJvH1bjc~@5!3+IZmwKa zb?ET8?WLO%96Z=A<$cu!&u!QE+!vOvYH>U<@kcNeTs!y|B@K;xi7K+MQ1^;5Ke7+x!A+Jd;9`!aY8p8;#$Wv^5vK zhFTG9;zE1$*TbE7!}gf#mz-3?ciC!}j6 zp?*9ct$P~E!{)mBgK)Ya?)esfwXS8A+I9`4c^9=a<%=vGqe{KnayQ`XtUMl*!clST zVp=@->@0nXoD97e>g4%)y2;aYbZbe|ppoP1)V5EOP&qLCETv?%JK-wo&ECL4i|K-M zclOd>=J;x}J-urCPzq#}J@0iR%aPE^p1*EyYc6Z+Dtg^)rkx|it@ulj@wWR6x;~Cj zCB}<|c+I`2$z9veA+OsTaaxMYy~i!Gm+k#+{=~roAzE0olam*>>GgFr4y77@ZwBRE zU3pMo{EfL*9IM0h*FA{o_Nxx&M$Lb=+`U$f_Uy z%Dir;*B~yI)AL}I+*(XbO_9(-5(|5C&e|vrYg4o-(#~BH!FEjOe$y~vmo8j*C*SeVqt-chgVWk zGGwhZGdp|t@;rN>$i;L1vV2x+t^^y<*Yen@l z<0g1s8#86;+PJk*=xgmZO81h*=wv)=zQFm-n@2~F4L?WM2#;6YU_T_lY*{P#Oc!zX zn&EibT7b)j>WZ2gNWe6GqGxch()d?)VPm3HeyJAv z^vX($N3U3+f>>^n#v>gMg-Imle04!Xk4;yE52&qQw%C>)v@M8yGv-VVNl*cszZGA{ zQ4rUJX7eIfBE`-`y!Ya1R=4*5mV_OsNvc4KbfAZt*p14KIevP z+_+)D*9QE0HJ2If;x#pal{K7vzlgs7(^pwis94xR^d(7&v87h|B z78T27zlU(Pjhx`nnIbFE;8R$QIS^I!!ap(@gv;fVe9%~Qdq zQRL+rw>2_6@rpT)teCeTZFP1qr!6^I(VEA*tor5J^e=yD0%LEs`H!m)&SGaWdD09r zYPCx6em`@c3GA&ko=nf4fmPU21xgzcQ2TD0UR8fPxV)odm;$AvW1^|GwX(YU2cQy% z1vS|J@85Vo%nz&9heumSPv>{x;Yh1JdHtF!#JBX44WjFKsi|g;^FB$fL9ZK~i~XW=U2!C zjS3F+w_~L%<=ot|22B(x#;|~qQQU-_s#CGjN>N}lkAY(1s5<_hp0V}%P5M>Jt}fHJ z09B|!d>ebDump&o(#RSEm~*pm)+ro+FY>=a=>hats`x{XyTuU^+F#2{N{d@=Pv1OU zHm1FmvDA*`O6Q!e&$S*8&2GcYc^*DMbG?C|KVZ6e!E3doy=89*>(ly&yj$|Bni`k? zkG;2!s`BmDM)?^C(xMCd_|c?Na`Tv8Ysx|m zV+FsQHtAhOBCG5(zLe$XXJi=lVF?p0E!EshBx2D*jvig?YyN~e-f{zN z@}TfATZnkwP#{5>aHbO4X@yM}*|q zXk=%hHqyNuSEoB_8%JI-PCx*$sttZEPG$nOg${>n?BsvIIoRR zZ`e(`6X~#{wY;k5*5$ByQ2*)Z-sREei0a4O^PcLd!;8UjY&2PIy{Yp4g{ju4@XORp z9Hyicoaq|YpS=T}v%g=&`SElUqcb}r#*_{j$EN~h>Gb+9Kl8BaBk8XA1wX@L_0dr- znqOOKTF^{sHn!6FzUB{dpk9Uzk+G2?PcgbklUXGdd7B+LNIHz+9XGeZ_0n%_>T@Qor! zupIfQFhEI10n@Q`1QU_*j||oHT@^;0)^fgSy<63K_pPt5k3=vhUNDEmF*#e7ijER- zr@YcNFwuDO0GB*O3~n&oz%#C-#Br@LX=-M=P7XU03T8^+B1Pdinnms zgjBx>O30Okm4;^c*G&?7tZQeXWXwWrLRSYv44_)2JmQ?P`<>LDM2A=Nwwqd5oLIK8 zwzIT}d;j}<12Mw0I3q*$N#aHk1F-EvOovdN+y7SEdngvGkL8*+CciP^erKI371`6% zu$Wp|R>tY_9PMB7dnD%4-!`Ghh%@B_j@OT)Mn>+sR%*1fND==_i=RgS%dua`Q%EFS z9`TK6E}qj|(ZE-KL0qOCI}Xa@;(wRz*~RDfWfc_-v`jb}cLdFcGCN*rcnM4+*KH0)u(Dxx6#e&s8!rGu;Gr=NiKP z*_~)W)5Z6g^ax_XrN>*d`}6S@l#I85q7jX4KNu47tC#vM^Lsiq%%gah(vl zFHNTZ%tZi$hNkZe)(U^W<_i*gw6`~}UHvZ_)(yI=Z$uby<^UQR6Mo#)H}wZk;Tq7s zKhwWD5$V6>g%_hNIv+!Vs>dd>(B3NOn4)L@{{34l0Jq$2XDCZ1k=uGT^Uk?~sHo_x zSFco5RMuYLQ3+#XWB=K9qx$=dULj?=*r-EtVsv>;?8)=iXp8WHfr0bWLszS*#;7fK z>&dc}_E56)@yn$|+iTaa@9ykq3SOQa?>03x-D6Zei~g|j1y}oUXs9GQZ)|cx;BbL- zN?=dxbiW2y&*R&-Z%_1pEKFSN!cic?Z$!|x!UHI?U6s_-czAeXqodD}o`v7O-Nwdd zdh#S44+k5&r?+=yZVqwjZDqACDY7t^+cr@iX-8YfI?w35I+8m^aKJhdX-`V0T-6H`-{ zIFiS$-cqz@)@rM^W4^oWTwHPr3RD6vR^x>_D;$E9sKYq~4?FwMuC8OtkH^nv4{P*3 z20nS>Av`^NUg_Oo zU0w6rZW0m_y1Kd_KYsN41T0o(XXoDDUZw4vg{37P8Mmy0Lec(GS63JO3kxf2?B~xb zGqsg4c~Vv7rlT|CI_JH-yzIK%m;CPCH9o#-gBJgCpGA2&IU!g(*h5TeVB^M%^cr1J zvuoo;a*=cEl9CAgJNNJN+AoNEdY-ye5KiJa9`F2ZZ*SMF_Xs89kylaS z5*8MI_|R~s###0V0|y6I6-?KvxFAq-bvQ@i#fujb68`Vry(=n0b;q)@>NRL-hn=d9=L(KYQ>S6pFaZTWNC%2?-D{k!wzX@(#?aK)@!$P9FckhTwgeU8pn-frwWDj@0dj6c6Mu?A% zt;@1GQ-j0wF{7&hIr+}XzU85TjmX7Ta$TJub!J-e_9==-x9a}I!NwFrLu6J~Rwe3J zx$&+7A-(+9yu8!-4mo&tRh4>Wr8PG9h{K3BthUwx1m0Hoj&x&YIE8?!o*orG{&%Yh zcHvamVEdD^&oq)Lg6<28i>3NMu5odd*LxmTP+mVdKb-4N;xn?etTh{a$jVyO+S;1P zW6Lg+k)H04OHt#oZvpYA)U+RF=Yt+gC@YU_OjSyT+%JC9b%!OEjD)0%>1S`RklpXM z#l_nTZNVL(WU*0EP7AG=1d?D6nk8>Aso(S^@d4*eTbljuUGvHQ8Z9mDEgaG^pYs!& znHoNRepn=BW#xf;w_z{3yW`2I7a@o+FfcSUG%%{>KV@U%bK81QpR3*IBgD_|@$0*R zObnB~i;J-9<}?(7aRu-$f9L0m9sa&FH#Zj$sQvTjjqkH(#I*GEkfyZM)$4rDJq|Z# z$Z<_)>)d^Oe87QfT~RhxR+)Ki9UY1B@yvP+(@jlpC#=^>;Q|EUW*QnU;AZOU>q|>Y z!pQlWJ!Z7V6Jh7!L@hHkS2b9H>ls7`+uSGnI0+4nS6J1*YjKMP4C9- zQz{?DSFh9$H^!ZIo#%WuHa9EY3|>328~IAGyVPf+6M{wDVmlX<$UUm2q_k+LeiTlI z$nL*|UdT`GrL0k%ScJ;-^E^~Y5^S?7ao8WH?vURrF4t+?T+^+oX|$T~Icv=w^F)8! zKS@s!2dNNpE+;3a#~zZ+s2v-^kEoQ7&qXA?!ctGX(VI7!g@wW{>*{iHy|DfjzsB0z zO-8?|Tt~-#1=*5=gM*6;;*4=jO>HgN{ris}KgOmK)_(bNb!9lmIyx;kmqA!~wxy+I zY^=hxKZS*bB_<}OXUKBA5E2+DlJoNN664}zha3r}x$9O3 zt`kB3=ARu6GzYQB=ZoXnZ zoNW$qeRcKZ_;_@5)cDPtfzkDijnjh-$T2TPrj-i%H^GPCZCV2G)L;>~xRQmvJ>=!( zeS8{_YZrZai%4YL=g-e=Yn+{(`S|$Y__k&(X&D)gdylE92m4$^S+_@Wftt8_nD)eN zA8cqPkQU_U$DQ=|^mv^fSf>hmYg#eZ#Dx6ok(rgHqoV^WrK7D4t{fE=WkyQp7Z?=8 ztXbAMH#avh@JdX~sPhvw4h~LRTU+{C4)ZnNrXN4jzJ3kdOslCm>58Ps#l`Kpogc7! zaG(lT{Q5Nso1r)?9)#3DIe;vzbadR#tIF2a)-16Ckdz@ASLSF=HlKVO85+WFbhG)5 zHr~?{K!!MRKk6)IDHOAr3#0LiijJn@_wwr=#S*R)d7!VmHGi&MIP3d9V6M)5E0seD z0E4395TZ|3^44h(Aw4!3cNG4Di09HTHq`wPrB|Os99NHaiek{IW)(21-5F!>6}1%| z<_)VN(hZRlN^1=oWG?gh`8}7}vBsv$_@dWhS$7lJHXuv%r3whS^n4A|5l1_E<2@wi zAm)#a3GuD3Z^@yWj*d>7B^G~YeWG+}X^B~@;%OciCubSu-+4P;$l=n`(hQ7@dHMNX z2kRshdS8$Ol#$BfvZMuHzy98KYc7=rZ-_hHTe^tvWy7>ilHCCjs24hbO}C@If=gsOjko zo@#N}e_h>%uV1D1){|Vv5<^4f+}zweJoqUlqGDrt*w_fXkq2djqJhvr<=CX7rOnF7 z*gZRTBpp0hpHPA%pPs(+`^R%1_K~e^;9yowYIWzaHI-( zs%mH)FSKEac0%>>A}QAFX< zrl&sy}c!0iY{DTTenG3@QiP_sJG_zxKvR@T>}^jF=+m(FD%0{i~cFE2XY zLlUAOK79r!Dgy5A?e5MiDuR9I=H@OK9~>RkDK+WMkPP41*=YvUmytottSL@>^Tv(G z3=Eh>(_@uckaI-E#OmwnA|fNf***7=&r^9gIg_3myxU4>t~aC@p0~AUODiWc z^VihWu+7skzK0v;^bhT-wN+F`qoVH8)8`~5B~?2vH#nB#0AJNjPsg3jU@jYf_ z3@4xGbMRX}6gew1McER3e(h~#jY(}{l1+v<3g4ph_eZxzp=MfJX9vZP1%;`_6~CTi z1fbj+=$`P(R(S`V)V|!9(z)1 zYOxIz#CPvPOy?C4I0bt;Il0*Gpn@HSjK7zWvxA6^jjfzLet!!OR;#YQo`Qk`@~K|E z$7r!A+}ukkDGWpx65Oa~PE!-=-i9|XAJWmO>gdST5>7sR$X2Ef>EO+qH&H294;yRi z-o1AijEszyW@bpJLSkdbcm8(6->HN=GQrRQ`e=WL%?v_TelIDxLrmP?*C(%_VA@{I z$;GAD;FX)1DSr6n>sNJcZKjhE&D3|0u(nvQ-ye(C9k0FdA=D@sZXJuHR& z>g&%TL4p50VPxD`Ul-o8d&s>qQECe4#?g_(`)H|`%mjD%ma2>v?yZ2M-W?IQ$8o|| zHa6M2Nq6tv>+O-_BZo7XO20p?EZ?xUoDyIZ$SEoLn9YeBz{$hILFLTrCx$V zklZi#$FEE+5*~4JRhHu{qMg5gyf?4B{PF%4R5oz$kdB-#FT5ee!9z$$2rw%-c~WGg zlBOmp8JXwrrhn#-rIo`eg(yXQk`fcOR8?J|Vgck6b`NT}61_$rwL)!ad3k{OVBhjC zF5IO~$bmFS*KBNT0A!)|`SIgN&trA1KY#uJc80fM5_~1f@Z<@gT8MnR$B2e#0e=4M zoE%eQYAQB>fG!B1wk?xu6=RZ-v_S5!4c^b{1ouQ zqerdK>P26`9T*&Zt)zs7gTwXo>8sc79lXJ?*8rBKrMqB*Cnx01`XvF?JimJU7|f8Y zby{h5BAJ|+0FBB_gZC6P6qBVZjmlfUh*g45Gcz)Jo*l8Bhoxb_6GSf0cEM=G^J(bm zO>Jy^wijLy5)ztx$}5|4}YZ{L2p71^%}dCDg*L`Lqqy{qgWvlh5U#H3s7(7P#gYSuhFI0)r_ zcLR2v%LY2NxTIPle#y$R9_}qF>*cil{p#~mf!L^+lOy@La!(Yn2fB4fj+?Q5eytT7 z0*#st>~?Ld?*rZ;Cik$YTL%Yy@pn3?5NCVC3RHQvWN7?qKmq}pzH#FQ!1eaFHVS?x zB)BIaKbcsTEDjNHD#oQk}{mfbyFJ?6B9Rp!*Yzt+xr{}S=)({zhHy# zlc~*a$o67~rMWqUpqpKPicn~1sP)aTgZsi>N3i1%@GGsSViFT!yx@}VBkBG7Jt;y0 zu#g>L6ajct0EJR{Y*Uc0bKsKP+}&rY9ZlE93S^(AON5b2H;P=YPjH-s#K&vs=p;jk z(V{l`8O5-=x=Kw=4I$Ti4><@mh}mUmVq#)#?J1Pt6;=}tD??W?7Lat{<7nuhNJ|HW zhT?DxJfNqqgc8H|*>}X{1r%08bG%>X{A@2L?5n5w9G9TJc7uxoAON}LV0ZWQ)70dS62rY3FUooA*n=%MG)8+ zo`^^z_zZY}#ETd8jtL3hftnc`9WBN^8XB9eiJ3jLOXpbuK}wzbu5N=DcwZm9<7~Yr z$NOq3b!KZwtha?+J&*%Gs@;zvIY3pXyV&lhhn-a#_3on7XY^-NENh)JYs!$XIgp5avPbG4@9e%p&Fg1s}vjy$n> zJkHjuvkX7Gy8#2m#K-d?F3$Q` zx^upM`(^>SABr7l_x{;E1|S3pD06Q3jM3`Ey*n(q_A)&=SXKE5fUQs$58v@&S7aT) z@RX$`*kfHKr3^h0Q|4q>SsNNZax6YUySHm|y6R|0d0zrn2vvYZxO;b`K#PZ!l@;8$ zkEIXV56oI%VdxN_^qbzoCD5}~2D($VLf2}z3YqM;qFIXURp+$R$D=y4M>!lEJU zF4iT?VAWfh-tqbgxBy~S%7#c|adB>G_fA>`>Q`1)27>pcFE42_Z1p{JQgPNE%iH(grn}#8yL;hE-t;jVct@cognTZ!i z*Z>!yh<3Iiv9Pejq>hOpdin9=#@xq_MQJIgKeW<3|FMcopQaQ2dHnG0+3ZgS#wuLp z$EXa5`-TE0Cir|x&w81xLS&if1%GWMzkj2K9g>XN@i5Ed5?w>e_I}k&B1N zHlm*sc46FC%y#x;mL)e2&t;9N9wPP!y1z-`^?=Qp%1fZGn14RN$2i!WLb2;hu@)9* zmCp}$BX93xh7@i20)|PZ2EH#A~%8PNi}x5k|L0QzxfQYsl{_* z(>|zB)kw?9ZLD(5?QJf8wKd}(u|CQjHvJHMvQdMou%0uYnffvC%Wyv37@)Y*%3_DY znaOct!W42P5!;c9fPiEsU35~fzKxbvk410g_a8%jvn4h!C-oy*(awTjQ=0rIvxMI9 z6qEu!iZYUjzu(FW$euxgr`D}TdO!YfbFpe=nOTrBoUdFZud$-o`6+ubIiJP!Uq&`- zt~4+}97n1jTu+@zp8ApWXJt5ROicKF0x(~syBqo;t01?!w>{N|2;X;W>GY7wVSTNc z>*;>#>CI5y5P)eUK90~PV9Gz~iQ`+I&tRHQrl+M1-%o(MT!pn>TiACbDSNY`=JyH2 zY9m8~IgG8X+GJdl-A$d-Lz6Z?nzMiyXcoW*({Jq7_w4W~C~6yGz3#dW$E=KY{2Eye z{vZQBg;Y$|^*`4}rx3hrWiVvE%EYF5Eii;pQ;cu~$QA!FzeumWZJte}Dgi zDHrVfe@yhv#`=v1ShXskcT#Eg8Z4qkP$C7Z{u#!x{bE17R;yxD|7E%UydpEjd9cB} zwa#6%w}{L>Y*|PtK;VXu9**ur&(9M8Z_3Wj4(QD96L6Vqi*>fMA^Tf)sZV{TQMu-X z^a|3_$H@~1dn=_yt83>bvPFn}iRlqxv&h{SVF5dxJ^KLFgWsopvUfg5_DcOJ z7Fa|*sN8I#z4LYy;wbk8Nf?C)$=+OzC6ClrkbvAD?hEix#b!zDT`c!7>iGqBeQKQDii~dwr&7-#T z5B~%O;hFTMO#S**26SD`{MXksOTEd=+Wycnkrq}G3rl{=!IiwilTlG<*2|(PJ!POlo1_NKGo^{#j6% z>B%Op(y-7q7%kgqb^;ubKS*|2KkD+meyb;bLrqJKr$glT%brnJ-C*dLIaGU`pYkpL z{fj8pmwr9COT@^ed1l;MO!#d^g_k_Vq!KX>rGqj!k=H){=gH@*_DWY$A=+8SXQb^@AYdw zv)^x1EG%RivCoXVU34gtjk}2~zvkJ_R4nGmHDXjgR#GAqX55nkN0}t&?$4C!j-e$biF+G6;ArYp`w(S z7!{?hshOSI3!wtI*G)OG7HIluqhk+_EXBmCVZ<72jIVK)SO1U{MYebz63WPQLmv;& zH&=Oe04`Np|M2^hejI#^8;q)j@REx%a}FJ+oe>f_>%#X+2;XOR^M-NR+^*9{L0-ao z5AgpiU9}x8EgZ41QiC2Vh`%X=|I}>~t!V+muiD)m=mQXEFRfR@jr{p@w?;~9ylHw! z^#Q(LfTWp)V?F)J(5Qps?%tl9Y;VCFC+9#q{~^^8P@2BaKEvcO$tL|C*H4QR5+T;%@?PRqe!}sFZm6SB-I&le5m;?2G4pUN`k%A=xBBSVqsS zS5Li>B0SIF$E6-VlfjJqeCQ*>DrA-G0Pp$if!qFSbYy8B{3X#lomuH@G zrls!f2e{p$n4-HFH}b~4GIHVI&`m*RG30SD{QIb7gMo|B>Yhf;XnI>WT%u{ef5qe3 z>H#eHPn7JI<^I%D`FQ(3NH*VRPkox-$XVM+NMt{I!0XAa42#oSNv0V~1l(8whi4ox zcEnz6BHKRNZ(7^#`RaYk-RE^V`?GT|50e_oWj}npa04efg>VDEPa`9oCR4gK{Cju+ zkVU1SvRY|@P7r}8X=1`fXXgVyFq`-|4YKr=Za zz~3r?5zlFVEuaMxuTdO>4?&$@unGD8X(e@8IyMdt_TD};LvP={y^@nNEaf8$M(VpAhh*z zM3(()@f?k~Gka}UO8%B%2giCzV-Q?OP;NYX=!aZ$#H5Be|Bz)2I0I-Ue*5~hiQKX( z=N9!NF0OL~{ldu7U1u^f%bPddMWtd{bWRRk>HMHaGW-I5VK!ZR0ng{ySSsP^44}A# zh35f`4GyXSK|kYUpX(YNN;z)CU@8*j7;QnwMFiwciSLQ7Nm%534m-_#nqoAVefC&R5@E)f!10+*=tYJ zd@lwKuieJ_C+%=BROC$Z$Q&r}`GA81mtvkGosWUCFJD&QaoiYLDed!4?n@HBSQfs4 zp#0pi%$B%yp-X0h34QOd1R!lx6x{D#)hs4PhXg1Drp3|;l6_h7<3 zo}(jYlMiMO{6&r0xSZ4tmUbhTPo#3AlS{I@5LFj{6ZID3o2A9sa!)4nScmJ$`&-gb z9Ivli(R+kn8qP;tHnzClHTr|mZ`&|~PjXMlc60sc=mwc(o@+KIprs1=HG^-3h1-dL zMF1w7+_7}m;7jcXrOF1h5~H(jQa@U1d&qJ128G7MMcZt9E6jGN;VwSribCy~C_6D*Bgs9GH#qfF>9$wiCouF!oyqdBy zD`3`aPx0=E*0^l&L$3+|?e$xDfRIm5qH!eTvBQCd}%3B6N#g=9EG_0nNw;Q*yqZ`z-$ za%U&r^1DdsJ#R(m9`qm~h!&-Df3Yfl3q? ztML&tvs_~uUAmw`im(n8*U(f}%9i!n&7PmF7iVCQCbMJ|4Gb&frhYTr-xzX#o^RNe z-|>M0o~xrHTz@STopN#^EzLBfWQj3|a@jqF3(k7)T91uN&=B;k$3r}$mro(09Q9xY zCdBX4?s5xs%z)suKWjCg&!VJkfext4<|K{BQTCTFO&zW^@$p?*GOqE@b?FF3wv4d&tOON#61tD}d9u z;K^DQHX=?(f#uP(=YMf&Y1;}F6?4s3YF$v!YA|Zh=qmeqbX4oZaSkaFg5NII?YP3{ zz?4B1@vGW0JS3ziZjfdrlA5|ht>_%YTT|f70;*i6^C z^USBDrTu89dJlaXS<_iR9bN(bw=(K(twE7F1x(C+DZ&P(5ez-9+lNY-=|2reLNPDKinu8-IEi=<;^^FwJ9dV3mc(e_hP^zzY9@*xfLP`|Fo_vXD0{StNeR1N{p$wb+rez53GwEMhH1#htxe zBc+@pXpEyyH@<|F_4FtDU_;z+`tbE|orIET6{(K^jf0%Xt*Cg9|G?VQrEiEfn3I!BK9#RyahJ%84Y84+;)l<` z(8ZAxuCSea_JF~Cts*&EMMcExQs?&$tH3K@Im0#@k4|Ktu(ATLG?;~G1OhPr1z6G< z6mIM#B{}^`gv5lGHs_T+4~6P=fzH_&pF0N029R9`$iZ{C6UYPns^}*|9gv+Y%q^f_ z`KP`27h8tp2R%X1l#HZUCzEgF9LeM2g}d!=xEV zMqsg_3g}M}X!MyG@4@EIevx&#-QjyZ!1zsO;87UhDtfI zs;^&%1_!e~eoRigmv%Py`y@0G*q|#K0|@xx?2`&3tfNd|E0SVjQj(H}ic&d-?x3An zQa`QdA&&LAb%2_vMKv{ep8|&4!`b7xtow{kXKehpG)KW|wq#?v8VfdabybL%C9V;Q z&_0%(xz&ZXt*^*#y7uyV?pm48nSpOOGF z+GM^JGWh!V6bTTLszwA?G*0iu#{ic#PYf1PPk*1Ip0B0yZ;p7~FTzYYK3<^oq`ht@mG(`Z4BIk1C zlkfDs+mdhQI#|IcCa(Pc9XXme-Z5zafg5Bzjg6Pz4O)c9gfBs(sN(DE3pGWu&ZoxK zTe>zNmT+`*JUIlZDis;oRPi|o@SvY^nRgLzr^ytKVIO}CRgoXQq@?5tm9>Z@bnrIL zcy^va(;OZyE)1FrcDytaAxD7%`2__a^f(K|#1>A6+k>7xRo4A_k9|?Be~wzc@A#U7 z&J#LnexG0$1A~KYr>j0|j7(3H-@W_B))uw0BAp6iNSxcZ6WEPEmX|w&m7PEeTWAepo>heTcaRe} zIykrqrhNVku%39vQAtS&THK&|gEkPXM*t2P^gJbb0Nea$iR|=4Q;3Vny!M75Cixea z1`-t!ucIyK!$p1i^uTZZSFsp~a;K&e$Ck5XVnLZeMn)DI5(2IFc)yo<3xB&~K|s1T z*N6aBi{{8EbdxMCEkWnmDOd^u7uYc9W#Wt{{Bj58MK+FSB+P zG>>De$KYn6b4j#mke(+80xx0V2I#}qq8iq~(xG<@4}du!9RyjEI!YEg$j}UShia*; z49K_goE&;3nTJGd&?xSMrk(X9Cn&_^61gWPCU7VPL5#W&vR)7|f&oIU^h!yIOvI<| zYLe>_2gfeRY+;?jOySUgi3;n))YR1Y`1mbhg)7;xJ9J4!Mc?J*EJHi{1?ME-0Z{&d z((l%-0Jz!4UCv`KAJD(PeEAd9$fF}y66KC*vpEf;bOmZ=X3*qXLc|5#Fu>FTypE)1 zkda15MU55ebWeVq)$j+II!MSqeE0w_1&+S9x*C3l%Yo(*4mqz~)7yWjW`8LvDJdlL zx7GE)Zi6J(Y>H5)GCx+}{}S**J(HE_=kE`-H99)_P-OxLsL*fTBoKZ0uZL=pE(peY zPD<|4X}b~FvNwaw1OyIu@$tW;rwSe<7MZR<#2U zZf$s-SEACb-#>zh zSzTZj53J1ll$+xHuTs7Dm4W|;3PZe?a(+Op)mzNh2 zllqtJ>Zq2&8_eahJy=kAskqrX3+!L-W+p`WK! z@+PRXbQhYio72@ahH6kT-NGdw7#|1uL2+fJE0k0msj{sPB{VfBp(~yv8~>2p^(*ua z=pQ|jjc2C?*@3DmfQby?>Nu}c@Hw>h^jLL8&~9#SLPOc++?E7v1q8H3g@quGsfQ~k zCMF&XB0CN%o0i` z9UY2#a?tuiyecmK+(3ju4Pk3T|P6>p_eX5+WO%1sY8t;2}Pw;Q`V= z*;@f^SPFzoe2i>`)I!j9<>krHsKKm?0N&5VZJXJ;mHBxCTU%JtO(c@naY+{Hroaisji|D4SCVu zUjl%fNl)DK+8;Z+yQzZi?52I>pke@JKG-{i9KZ@tv~5gsd3t(6(1jA1kT4RHknRmk z38|@Jp_CwKH8nk8WDH)q4plEai{Fz6RNJ7gfIV=MyLa!No}L~^bwCRULePX_zr1vC zK?v2Lor3NO%-%Fhvaz#+X+nB6WbuO)gR25Pjl6sxh*n`X1Ej(dA@>bHi?Y8u>Y|I$ z-uamZWOk71!S!L+JHn}KEiI=?O%>?r>EU+(Sq?Oqg^3Bb*O47uu#(a+INLI)6PA~Q zb;W@SPU3g|+0h}%TaWpl^r<-Y!E<%)!*E(iOUqTxYHnUgt~3BOhz7MzjT6C)*;Q~3 zA;~B#WHHpQfd&?sDd@`}QN!H;X%5n@Y_(V7q2~Xih~hrEoWM0W@}^P=%gh0 zTnBJ607=6+c%_&DEoms7JyA#Aq=P!E7x?FNgaibi6B76l7hWLZbF~2tB)`STZ&8LwwjO1$wNa&66ZV=}rS5171($w`;Bu?<+8J?hwQVh2C*@*-dG(ec2eSO^Q?1mQ7z^boIsVOR^ds^z;gSiyA zSO|$w#5X%H{QmtZE)Kc5*|)q4SO!|S@>r~(Q%y^wu5*XE2Tv8O0@;&W%>Dl%mmNW; zz%Ubf`drBK07kDu-M_*X!^8?aGf$0`AQ;)p%FjPJJw5&N=W4Pi5izl8_QKE|ZZ0kY zQMg-wY?9{uc5%f)ah}No+24@F=YaX+v7UT$r3=-6R@*8*5*MiSn1zL?kYxUVH6c*- zQ95>yDK*Ic=M(e%{KSLJF4QkWVap0YEReeLli0EizQ`6YU z$i?+_kaWZ+CtJhRXL9n4$E$n4QFVf`=V)kY zx%8XR=EF;!Fut_eK$ZZo2DVXJS_(5&R&Ugr||771X^fNis~Mla5R-oonNMs0ar z9`ZAY210C1;IahH9i)21l$7v!?e#DQQ-i#2x$dn;huZTs#y{{4-N;D7ec$~Tyf-^D z6SS$YK46MkdnX%S6E00KsN@Mk?R)o(&CGuJ$|oPzKWmnOI{;1fGs$BB6u_^M-n*v) zSPTM$DvGH|qzk;J1Kj(iw)Pp|ImFraEe_{rGBRtBJH3Qcg(1d)duJUAf=Qp03w(^n zq|Wy|+=P(VTuKGgPbTolUC7?@@cO65u?)HbexK6kPv&=~Wbl zqTq#9dR7*#_5~CpfM+$)34$@GA^&rj_HlA^gBotj)0qgw;HBTce{z>H4Jp0@$2#Rg z@`FSUnnPGUSm+`U#qS|s-?9k7PY1^o9BT>js2u2P9WG`M9Pn)ilogL@fbtqeV1S7N z_6LP4RC4^ibvNffS}b>0T=(+!20#YYG9)XccG;L;054!4C}SXnc(Qy#R$hYu3xVP2 z$PJ1HfH|Ogf_;b8hA9r0gQS1F#)QM09#K;pz=2ty6on==yBIy_+-RXb^}7qvhlt4E z&ky6qHGbxirlv0-siC7=0#pYnp&&ztg9zYg!;zlT~3 zRQg6nMtJ1B&rm;LNJvgzJ`4&x;D%tv4j0$NV?^sI4^Mb#DCnBAQU#!}foJdU?P)4t z5$fE-gV_MDxC-=(ti#4=UTj+0{MB+P2O*Kjo*r3#Y6-}^GBS+( z{8xh;ut<>9towz;6crtyriYjc+Ya~&vO9pp!0>S5;vkULnwZeR;Yd(ZN=XI6-kn>d z1imOU4Q!c*`9&wd3%tBl=kspx2Jku_n`sb$!?Z;9Vp_g9=cG%`|D9@9^U4m`L4^iZ z0_trrEC?(>yVN^!0l)?8z6uv8pNcFaWBiSJQZkA)L4ZM^UWUP#H*fv~kk@bl@PI5@ zRmBVT;_5H;;zb)kpq(8D5Pe<1$IssZ?DF~Z_UK0;c#lclQ9x1 zD%ARV&vYBC6ETxIC<890Y#RqZmBDZxe{s{u$Vf{Ijj(V^Lj@!vA8?DYQ*wSMGXSbE zges3v)rTpeJ)b2cQe92Wb-wu~|L9-~bo>*82O1HVa0}2~gQ^Zw;Z{sU#BB_WDyNmJ z505+Y@`0cUGifrWWjzU8R~xvuG7M@Is6#<6UIYFqR0J`oqqTLq#yR++b2gBGX7<>} z+Q5K-f}(eiK0YB~Xo7Ep;i=NSz1miQFa-$Jw=kCh>ea6>xfsa@#4%{jAqj%w7o>my zw9n7a z*&8XISxUD)^pA=ff%7fE+bBs%`CEWf>vhhPhqYT;zVyvbfCmk zGfdEdIdEJ38Zi8B3z}F00s=taaPv^rCbAi!Z|J$tk!Hlgh8;q&43mVQkKToKsB?E* z8?A9#S@`?c8R{QM%(lP2KX1hqc!fT8r=qbKN=vy^;d2-cuXWh~%OT}3k@YN;I_>K2 zhCxC=ie>v)#K4S!q4g~FCPJ*4ye!$c59k=GV@d%R*(()gUtyafC~yIGKn*=8#vzh1 zkb?E-q@by}`5`^M}>pg8u+4qGy0NOIJ4I)2hg_X>#(6&~Nusz~HYW^`e z7{uhr%58yK-b)JzkKk`!!k0$pP20OR&_!!a^!b z+f*7(ZnUFJFLYl9n3sTM=jZ2#ns#%&l1do(E2-lp}BKvvZ`^4UiZJn=2hz zem>}KgJHH3X5h6h*Ht?J)~YEh-zOtOMAdtT4g5m;t+YFV-E}qP?-bL&s0E+Hi-wkr z@&C!u0RLsp=zrT`1po6J|4$t8@IR~iKdbux@~I;KV{-p(Cbx~)m~r(|8olh;jvURl z9;zpP@t9fZaZG&x)6Kg#ZoGc}&-1@)3yio8RrXtLLiWG^U;J!2K-1P4M)lST3jaZC za()6V3*-5>N76elI{++h3t4%D9hTKAhJn4{7a_;Yz=QYKf8IPo4X3h9~?ED37%z(bp_(89ys~oYY;MSih zm)e$kExS(!?T&bLT)P3@w-j7Z1BR_%HXTlX(a&OIa@QTK-*=CMvu#xaKA>0Fj%L~( zs*>)1z&~DF-Ebr>Ot!PV+!|;iHt|}_7;ZQlL4N=AjJkE$L)wC^Wh3^>Xv&y8Vq%t7;jC zi8fZhXP*}yZ^TkgS8X&+f3PGpq{$ZcsnjgEBieI>JiRU{FPF-1Gqu^0a?9tUQIE$; zXdpvra%-yQ-2T!D4eji`o1>rkk0H6zB_>9eVoq845wj5)Rcp`FVJg~O4@*%i@o;(b zUeZ~+9ofFbR4+aA@@l*@=lugJpNR*4W-|{}vJ`uDs$53>g?6&h5Z>_QoeZT!lT9&I z>uE>sDP>ENUeXymrCoHE*u6zoGT{@4LF3yM0^cqUhgV5M3$!wCQ@d;mtlCV}U&i4- ztatxdOIxn{PCKF~yiYPGIyGlZVXsc{c#yMvQ>E^`Xi_hC!EDtsy8x3`sZq<=bveaI ze;lNTiYXkWX`@SKz^?U#hZS1eko(^>;%%Ew0 z7iMY_-~Hqo&c#y6N5Y)a3>vXT!{$S(zNkZK%b27wCJl^YBh>5I;lG7jBNN*FjOP^T zG@?G*C21;}-`JW^3k4*S^8FfB+}uyB&VZY(AoLnwfRf(9}EchdrwY0;B zHP#ufa~fWaw=%)7p>8s^L~)B%C0rt7bCy94b zLRsj0ndhaw^hxhlM7mMD#%4nQ-w|PK7Y3b4p2`V|IaW>AZMxE|g~cL7%%c@OBb&qF zQ|(c6_~20bqR^)rKc9TSr~V<~8hkdbtxDafU2YKWnO{WafR z#}UPlasQiT;li8r{>0hqurw7sKUYzQS0;}rw=sXZ!t!#v&)Rl6(q0tf^K9LZEP03G zQjP3VjZwZ_T}3M|+16+(OYE(+*|fHja)H{i+TwO+Zw|zVv&?Tl-T%_Vsb|Eyn)>Xd zXMXr?S;m_&3wMI?oA3Wd*_fx!x-A}HQ@4s`pu17#4V$B?%6ETj@h5lv)T=bUTn+Us z)9ghW)PKM)9yDMT;#*zVd?Zck<9TR~>d~!m2~f?*EzeYRj38GuNTp3F{)_L!teSDFU#G-boyTOg(#@#vT325Uawd}b`m^7vcRW6OkIlK}huOsb-Y-(^Y#27(rA{+$SNbfjpF5O*QccO| zBJBC3?31Z?VZief;V;PJ!Hk1xi%h%qiv0P{>#5AeFgUtbfj>20*`R4C7FoT}(U)0| zxBc{}-qopCKr$}X)4s+piEk>u_@rSw+@;pNG?Q;~CtnwhQ1#I8-kwoou~x%0hC*Ua z<1$Jo8`ftQ&lA7ppIYXI#GG2GJ2aZ(jU!b*G=W`|S-^4w3l)(Ri+lGlJB*XHYS;R_ zH#*!328Rm}yO*52$`pM6IQw9sukKY*`H*kpPRDgR2xPYO!kfbRrLFR*}kWHF)k;$0VoGxl$BO86ddSxwvn%O zodARhzGMQHL4#Gy?L=`TJsaqhxQ~=TbYh}jybyV#i%bDkE43Dg%X|O+9zfuLz6g+Q z+prL_=P|sTwD_5*m8lv0$ub12>_b9X+6Oz6YkVleuAAe+`2c-7eL;N)(Rl30)8($d z4?2K1vWTNJ3Z%u0LWM;|*KiaNyU-;R6*o72wosNP-Jf;duPFBd5{R~toc@J2hcnYv zziyOwGntmY#ldg`?%?Jk*mXAWhlYEId3+Cy+hTuhqZb&aSKU@)VvQJpA^w{78@33`byn5(_aK%XHIi zln_*!@V>ip4sG7qA;}bO6+Baaw)2BzuM*R7i*y727*ReZvx^9^N z(@~#s3zsBy<-Wr)c2#i!(sG@+l=of2;sW*w^9i?Rnp4@id^*GU1myJWsA*1^W?-pL zr}Sxa3f;{8!gh6enJOxPK3{ZB zd$hPUnIoF&DJv}#s1i>P4z;Suf`^ms4!RR=es0&D{L|rraH@+Lg*-~N`v%$perh`; zTZ*(|$Yd<4Ipt_snbxtBah_0iHA63~JbydxRBH3%`SB{#`y`<~PqCRM zRn2{Ll`f;#zZriaiGFF~&(Q9U_!9#sABz5mm^?W-!hEoPFEDyOwm3Zf&r3v3tu3AY z_(7EjvEdGtZ{Yc*+_m>gLhpX?J}BMfu3yd-V0_*D;hw$r>kTaVmOzIVzT z6A1@{OU%+BnVrQZ$a;ws+app<#VSb&+DX+@F0%CQ-OlyNKB@}izY@h{{Y<++v>@y) z$Jii{@{Y`(*j`EGM)6I}I>a_j*z621biAHF7pl5Lpih#gz=4ms%_*if z=3c&?FHjS?Z`!3pgMZI=7UDF?5R^0sA3l?W?KI~-SVy2UJxY>whn8%(0qe%_5cWDn1U-(fT0 zcNQ|H=GQJt8Ew%zUXsFPDHvz@YJI0BMdEb#9S z@kS4(CI{KytTuyX>poPTA}{N=AcWSu+`H4!$x6_o;O9jAgpP0imD(#Sn)1N|4bMRr zWZ;!8M)O{M=1IJa@zRi8rqxFGpkWg-6xZDgj)wqAi- zylpaM#K97)nKL4}e)rZaD(4aj9_xO-cvH?}G?4+$$ZI%EKf+|HxI(i3`41 zY7k2uExYsL@p;sG#R%_cYQgm0-!x>(Or{dl&8qI_W8}Fb`^T(sBOi1)VLJ;1a)N@B zZr3XC@{ddDXY!3#-w?M?ozc#{!jjXls+cmGO^bi_lheQE`Z++?6B*Ke=^d$i{EUmy z3#R2fK?=1^>sWe+P7l-@3f|l%A!K+1dDPvow_lC;>(fk&TH}uCh^-3Ah$&(lea!ZF zV2m;?6Cr{3J_#x*W;InV<1UnQixfx0_AfCC>X6pLoo6{NvoI2DsL=AJurfP?h3vtf zfGowh^ESRsjTnkKIQ=M(dvoRx%x+oiSvNDU{Psm-wruGbGev%r93 z2Mv2~&)$F9C#*4aEpr&sSb=A<4nA!Db1TUT^ElIesrjQ`=3Au2w9g^3E+nzZ=E3%l;YGfa3d{8^muAl7luTj8#9m9{yy3e|<@f=Ks6R8j z(l$K5QhayjPG|`_M9Wa8WUBQe2Tsy2;=ykM^NM%dln0`cU0$kX5Bt-s2T-IL3r|-6_FSCRAV?_fMnEahe(Ct-OlO4*GK?;i2Mo zTq0NEvEg&Ln6OJ ze_4WZEUh2oKv*d@&m#@5tGNUCV^q2DFjVbL0eUrciKIMS=3shg!|RY?{8LS=ddkRI zyU+q%nArBaIRUBu#;7;Lgui3*PEQ6H126H9Kl#B;|x0pQ(*MDd}b^qNn zlGyyhNs1>QFsrgQoZpIonzf_x2dgmuVm6U ztGm&w2tSZwH#UlQ2U=;CyyMsO-)Z7J-R=EU;R6R;(;V>YS=A5TV(hY2&A+3yHr$}q7f1_6q{cp z0f9-gygGY@9&=?{``DucGC?M1s_mIzjBn~efY#b=4>h-Cc0j<3-Cg@PY_7j~ucoN2 z9}aA5$mNzdgmB(Iz&4$gGG8U4oXzrYEY6fDt+@}D+z~*Dt2d$f3oSEofM-70=_9kRS>jvn450fu2YJs zpg^O-wUwV<*Eg??^-9vvdW-(t{pE8K4!h2{D^gN{{z0-`mc_#3-}@le4lu>-d{pmn z)wDSyC|d055hm9--f#G`WhuXis-+;DGkk8ECJX*!?}v0t}5PJQ&_bQq3tN?H3AM{+utZ?bNZ z*NVZQya3{z6Oj1EtQz0j`-5ST%Qqhe!e2$?hHkW>R^Vn8Uu}wYzRMN$dRvR;gt1&) zpS-ky!^R{8$M2?{-%L`>#4kow-h57+p?rnG&MQ?Q`ZS~sqCqcv(zTi>{wnt>ZvR@w za?MoWt>ch^C8ih5`7>sH&_V(SwMkE1kVcMs?>E0@em&n#LVUMP9Q7uL$WSX*`qMfa zBf0W8m_q{eaEAoc?$aVOOA-f|7yyQ9mFI-|)r}A~ZfRNhY8!`pH5xD435bCg6^(Mt z{<)DzwfI9h>38D& zf9YO1OtsAcJt(wSE{ds~^U*x9EY$2?L@JcHvTYk5CSl^_m(F3n6_6^{>HFk!-pXuS z8#={uG_O(*w>IM=S;n?WeCHYAZ#3GvcKyR|OI!r$w-eA}x@IN@PQOw1qlhQ2Y1~8Y zttY0kQ*pN7qkg0IzMqu-S?SYu9sd|V%eehwsPO|P%UEi~1atW}eMg&MuZnLHsh%#36H)9M^2ATd4NlL6nWlm}I|lQdD{-vYS*(AJz#eb7(YJe2us z9OLYeYOJYUpg>dRG$7@9M8!4-b&X86LHd| zez|-{4oaI_nh&_2{F(lB*<(u55R zY*>xVs-kbliN)6r2?e058p}blQvbXDXTp%yd4_IP_$;~l&b}UACCCCX?E&J06GO!X zvXbwR(i;O`%0b*Q5+YXAqPC-}Fl-QidTw-&8uW9-QCUt+!E8eFtLt3ImUMM=xPsK< zZp-|I_PaN^+_Z#*Xe?cWE>v$cvzQ=!p~&I{q%|3#z17`Iqh{>;VQJZsx_A}Q-bx0MBi*v8v)Io8ndujUG zGpXv4Z1>Vf+^U5jG7G(Le|^3BQ#7BQ>HY{?18#3WS@i5+{)H17VYNLMJJ5H8enIxs zrlI>Iyw?G9;mRC;LlZvNEsF@My%Qom|NYQMesDTZ>mG=1#uMG#*|$ePUC9hvFl)|F zfQ3g4=F28-XNvttj78GnY*7w7XOQB@a^N}~G|c#W@r^2lsno0abK<#a^l26aX4z#S zaZ@wo5zDCpw`@WEyJ0?44JyK7*OTaM3C6(GRL>P0s?!xM*EBQBCC$}>dkL7#L5tL7?Vjl5FAr@-T88jf+CL`hhKs#^S>x+MX>^#8 zhgqeYF5#{6rdjdpRVkfHkpO9E{J$Hlonmjgiq|@DGO!4$#zIWZT=Kv$>&kfoJ+^=jDFi{uH3edzFsL3lmX>}3Xn z2;@tU36j53*#3uabO4>v&FQ~i5mX!qkfyK-D;e+?(HJUwH7`Fu!|*baej1c04>VnY zHtxUBOA%nJ0J;v%VjZN&?J5E?C!k7&6bGh=>r<8{9w_#Jd@dcYD9-63H43U7s+e!#aG2O@!Q-}1?){+#^+ zuqW@;{{h(<%5(W#?GEg(2}sH4S!!rFibMfW%6k>$vm4FNo%^*chMc4-;h*eG*UbPS z@Q+kV)=W~D$NXEAelY7YJ#{s-!480KUqJHS4iwwhI;YlN#bPcr*qsDBmD{}nZwwn) zX7)I{k05CQ3cv30QF*x<2s0E%^YMh+udUt(`$}&L*q&gG$s?-AcsY z>wFA}(w!A~Bq?oLG?cA@-w81Pb%(ct4xva|S#gw6(cfR`(c(uVPrj&y_C zCpb*0_SxzcW$RtTW^EdzT)t-ga*3aM=8Pl4lKu8ivE^ZIP_>3d4-0q*>KO;e&3O^C zM}anHwbKl5M(P>@rEUtA7nofyC5@{-74iQ4`_Y^`1BLVtXpPyqS;4f}J^I=%i3A|M zAO4Kjq4#IU-zW=1k0psm-M)p*4&|Mh72IAKzn;^-Pd5knTu}7nTH3}!GIDNTTs*}n zJ3&{wMlj4FXmzB@JPzX$aaKTh<;`B3f7%jcG1Vuq0dzLTr>^ zjq46pD!>wl4>hg(WPEkI*1liS*i`?@yEt&VD8q3Vx0U3V$R{Ov?b^baJ}wN#dhpnNR zt%skj2Ojd}ke4717!ijFpEhGxvKoA?)vVQmU3(uO$yL6SF`gEgcU}rR>2M$L7VNwd VKIZR?1kG?n|0euKsrJ3+{{?a`!6*O# diff --git a/playwright/snapshots/invite/invite-dialog.spec.ts/invite-dialog-dm-without-user-linux.png b/playwright/snapshots/invite/invite-dialog.spec.ts/invite-dialog-dm-without-user-linux.png index a634e876bc68e37aa3f9b2547183a2b422013f44..02cbff0e3fb5c61fc12e860ab24abb51ff6f7826 100644 GIT binary patch literal 47445 zcmcG#1y@{6(=~j6AVCw{EdhcP+%34f5ANf(3VXcPBV6$#p;f;QMBs zwPx1znd+|UUDA8%1k1^YBEjRr0|0;|E+(V^08k$Q05TB{^6eW-l;D!LHwXs>Q9+=5 z6#oDKhyigS0VUVe;}x)$qUb97i)@U87$o`fx9wsfBvj}3G<1fV{Ix!H=t}V1)Jls1 zPE{H%b@V62GtKqNC2Nzk+H+(>r3{A_8d8SbVZ`Tu;@@KJuH&=oe zX-P{9Y~cGGh#0*><_P|3_1wtRun38fnre@;l{K5COD^WEz`s8l7>nGT*cyv`eZE3d z4-t(Fx1#7gXZWCd2sd>XhY!B!_DxmP4&}*^4E*>{&0P_{eQl}kzQ+-(zWi+f_>of) zfwRzR&mn7D2MA04w~S-A8m#x_n62pBd=I{Qwana@3?KVmW?#pMR$r_pRJ{wPc6rX8 zNdMhD3=IojnjCs{z3Q0lzLSf2d4&V`NfnMo{(J_24}q`evkzz)M8v4U4sm+_8JdHi zGv=uSFwZN_GFi~WHW|F1EKUxS%(N2n)kymUN=Y)4SP z8`iiU+oaCPv&nEr4v${Jxc{e3kb`68 z<3mP4(N^REA^As2=ZA{XXSbz%|M|kE5u$%n4TSm}Y!}WTD|>ip!p8us(X&Fp$PI z1A~Jb>6Q4;>2&|Z{~*azsQcv|AT%lb&L>f|N50no--a{3|0xlyee-)Dw%s7RdykXv zKb2~-W{`PQiZLR8GWPmNea&>u^Tbo6lRh)}NM75z zB;8#6x7M+65w2^sB0@sK^se?;p7e#xIC;WTx?j+Q&OYR?%H|#LOdr&u&0M1RDc|vf#mP}mx4@JjuNoo$7D^Xy_fqLwc*^UgHg~x zMU(R0{yIPLhcH5x&>){2pMUNhg_S&dt-2KRLLI+zAip;5dh2mI{_nML)pX+`w5l!n zHa0sgUvpQEuhH{AO{8DM%*eGSOl$WX5O7a_w8qom5)xuQf4RN5m3XL7Lmk}CX$uyD z90_?4a^r_U`v)6(<|O^jCuGjF)8qSPu52QR&im702eb1eF;}cjxm`%SO$U}MGCu_GqB468 z#1i`a1L7rjQm{>}hLy4ND8WSJs^r3;`1`l(O_js5AH)4pyPp`g+*~K2{z(@|r-(U# z7B?B&3rR`lSk)dp+7kPW8Z5L}$vXZc$vcq7pzr1W$5j+6?};BiZ0SQ-)2#Fe@F0C&md8>M6uZ5~(PTK$JFJl{KXiPRW{4rPv zKV<|8Zr4%bbQV^?;$?yLf`u_j#KmdH6;`CLEK+;4I=!-L<5%$<3JU;?uib&ax$irS zoP@1#;b6GkjhgbCR6W)FzOswxbG94`Ls`+`dB93)dDRdoUUC>B|GQ03afkkN4Th zNGN%Sc81Ql&o0K_OkmjeW+EeTLTtG)edpm2i9TZ%oPt04@1)A*TV#%Jh+Z{UsP61v zPjh^{O=C*Vws+>NS9jR#46Ih! zqyeB@@_E|Dyk+-G=s!JTeWS%{-KP5`ZpO!@I+#U?KkTZHdRdB}1*F740YEh#J?+tQ zw3sLWIGqGIz6_wNEjX8ZDbSp@^8PC1!R~vrQ4^hZ2E|FUlb5I#cEZl6M!UCTx#SEv z`>TM2)Q=35&^p&59W|xN@~O2ICe|$SvJtL0%m%7)@YlByGdZMpnxA8lpmy0os{3xp*KJPjWEzMIAC0o5_;|` zPtRXAjitRb@v^!?9*aTuGn0ehqO+gg_j}WY<2tlPO*Lw~%j1a+uc^wDoMthqf0s7F zb+IA9EBQ7bO-APrwubaC)=|P55#1=+yf?*7GLM+X}IZb{Jh~7^GC6VtTFJH z@i87s@=ALppHcR%I?j zYU$Nw!(UEJ<8mXA&zJ=<;)Q3PtX+|=UGZfmU;srnL+p|eFCgZ9M6UIHimpeZNu@N6 zB^tuL4oHmSWk)9-4^+*=!@|Qbc_wJrOI(Ywt9-UYOOzrKmykhk1qEbYkV0i`mPT); z%1Yi#8ZFJIrZu-@HP>b}GrvA*QoMj|<_Cy1=UkQy*t}|!%>iEXA5 z_FSODXI|T$8e*Lz_sUAL7%e0%zs;?R8<@U1x3k;T!^v9Mp4`few&vy7VvKJqTZD0* zXn46@hWfwQVu-!~NujyENU|~>CBsvQ^N5NU{TBY;V+Z@|eLfz{*thzPfX@Iy1COLf z&^`rZmX}%ksHG=?X1cF9fC$M?pCHv80dG;jZZ|&KH29Pt9UW`bPO0HN{OiR`II9!* z;j%H2Tj@Y`L$W&@9(ktGz4%M*~)}V8x4ZW(b=Q(r4ta> zyWfaBEQouZeQ6NQChO0$qdameH+0ez)}C#s1NkB8oQSD!4|?~fFi!nTf&+%w!9SvZ z7>0U-xvvCar8+O2KYjDVXj+vffO*cafs+ndBZShLBQ z>%W*JZHRLg0Ke=7EV&)wWYTfD)I>t8b>n4F&LP*k@@W1No0AGp^^`Gal*?&FX zN4^-$2q(X!TTmd>xw&&G6XnghUD9Kl84Sb|3FOWHX7yR|R;+90hG?YdO%n*ZRJ z>Q)6sKC^C`DnucBg$>a!91#fqVG~~3d%&Bq?zy`E@vy$04!BH@x7Nvi-3V7MPk)(+ zF;Bwfr%i}V?|xXTk?P~r2jv==d0`b=P(xQY9L(fB*kR4h8MyV0vd5PC;Z6f_!Zs%9 zexR0)FV=E}dX;4xBAPwno2fMbX6X+;Lf*uDqGCOv4Bm$RAef4Q5v7EjPXxN$y0|6kSJ3iMz;Nk* zrzutKeV+quVY9cAV*J@R{k&_{vHE2sWthkD#P@=TJS&P47?&tG+DqNGU+6fvkd7O_ zg9~~}wU(QUS9RftKib>U%H9g2H_VR}4NSvdyK7n3jk@?u`Dr7o?sbWx1FY#>p&>_& z4(E@AG}C~KZjOzffG>UMyE$YQ3IGGCjXC#rU`-ok1oMCf>-RP@v#hm9zRjBFf276F zl`p*bB%Y(=)-tT*pnwrBQYv!Bfu$LTXtq%8=-rMyd+u|Rsll9?ykspAwpj$VHR0Qw35OLVVUu2MW~*_S^kz0HYx7sA0D!A#uS3|G z)ySn|fW%iHt>tOq_h~QvJ4)t9!U83j&}AV|KomT$*y8yZ3`-#%eCSyoEiMwX5><1G zw||PakOw?4V3X#-bx(Hp!>2NX1|;Mh3*UCWc8{pt*2ZJ3{0#Yw z$MJ4!1aDQ0qljn^H{)7y%y4!%%G zyj`x@3;lFx4FK-C=D!EfaB#}Y0cpVYXnPf9hQ!)%Y(IBAsjU1WB0@9yC4tMFr4Ygg zAN#erLDJe{>Di>Fj3Sl`s_fQuB#^OtrQI;+_3mqn{xl3e!}kQVKN2 zwv*Je7(Ls^Lk*n8nWW9~VWka+glN43%EQXJHtBrIz1w4nWu-$do!_}>8odmLKIH9` z{`g`8H1UO|PL;uY@JPQUxko8cb5veR+bpFYokNxxPO-S=+Mp!THXnYZQhO_W3C04CBe{d8OZ%t^yTpUgjmTo zL58#k2k`HBc{qTW+R95!yK^31Uo@0|AlXmEOIN~k@z{WJuy;pJ+7gJ*>B8yt5eHEE zLzinkuW4PHP2lHjm?n8u02G?belF!>rsO6ClRrl&dllCr`8+*f-B4tIdCRn2SvQmg zr&9QaHS5p!24_!c>iWRt)8vPlk^Wr))~EWulkfaix4~4c(-i z&4WF*?sfEuS|`s2e$S0-d=M~15XEG>bRpW&q2#u_`~11#CaFm@Mvw<|@HW((qrrPc zG-4z~7H~*WV>-0eU4WO6?Vv!1?)}_b&IZ{AGBae18e~?rvA#az{oSF!@S;dN>y>gP zai7tKL9l%w(EtF9X?>Rn;ty9vo76fH&^U3zM`JqoyT9`1;=x?|8EyQ|ju*(DCuv(c zKlk#&xg~=)8#o%y--cajU^#IH9AVGK*Yfu;k9AHNSZrEB(7k)SV(_5DLsJ2AP4;TY zSYGM@50j#3NnyR-j4!mj4WB6WDTgL}5&84EDxU;nc)685jF>f&?fyGeln)=kpm2_R$ptvE~n$2rR{TUzce694&I4b4-`Y|3Mj;lH!s zdqG9}fml?X)u&r$gQG?W8np^#>Nx0;4j}-?*=uOl#VXs3e^)g&3hr=;oD~ zEzR~%kU3kEoAE6#U@u*mzsui6{U50$kpCUi^FMY?3JO~4A8|)K^?zK|0Q3JyJ2*z9 z|Iuo`|G(Wve6rTzeL7km4Ucg3>Q?15)?r_#ahKyipxd;t?vRj?foC>T)RV-bbjrwf z=)j=^p4bz8rL4btB#Y&C>xupraHw;Mslk)r@x*L~>%jNyOMe4*S^tS=E7wHvb*$y0 zb$q+KCL{d|czBmKf2btlWXwzx|JaIYs5Th^*~=Z{35q9wwj@b<;3~J(^JTn>hz9Bj zG;NUZs9q1TO<_(an&@t0Of*z9Ro#O&^-@d5!s)X(%;#BJ2!aB}!6#QBSbDZG(uoDa zJEjSb`}Oj%ikrjNOpY2)50BK0rIm!;L1PEC2qi#nb$Ge%kH^*(=hYa*sBX;ye*6j3 z{jc-uo7YynF@*5L0pps5^xCFT*h{VJ*|-_Mu_3MIjnG0QVxN(fBJfd(@Ony2>mmXy zV0)ptdjjA?w;o(>@Bd-1S&d21uJpcJr%S38GC!a%_%``&0=f>ukPeC*0OTm+fSi+d)QW!L|@%zf9mgr7=$3m%ex_v z2-_VEm-%s1HTA;*B@OfO#mr^c^l47h>Dcr=t==C^t>S-+m=1o7!w&D-3=|D|oZt8) zUX`=L_1iody>uJO=AQp?B=l)=iPn=Ulf$8Vw)arhyq2a-xgYsL6IlP9MWC9hvrt>~5>&Sz2W)vlx#x2Zc(0RxNjq8HK&2|`f7J{pEm zdf7)8%CAe&RLKhWzjuovU(_&r=EAkJE#6?Nl{sU78WWAMU*Ek&0AB^!?vhl-^cbmMlKf91M6FzWj z#H}s~V}&060{xxo=cx2k?T4u;1jZ9v z*jm`!*Yb_>MVI4Fd`Z2OJw-F#tZaBMg1yR7e(|QO0`xdHRJL0nY|;MLdim$fkq-!DE3{DR$KN_sWH^eWDEFA$b$<_(6ksMt`}!H{Wy^IGv^aEx zsuJ|jVwOVnw)>+UFJw@2wOG$5*E0~a#r|xh-aYk4MYJ@fI9j-si87GAk!!Cd?L|SD zt#n_VcNj&+Q1bHlH16rIY^zQxC@WN}{93KV06?Luml|ayXYTp;M%6h{ze9?pYH4sN z;?1A&)fNr4i5=YaEgx#HrxzV36vME}dH?;N9k%JBPZuR&uhhmOWMslYu#LAXt!j(I zPdD^9x~(*H2yRxQn;Z4fDyLj||J_8laNXlD~_OLsH>Qsk>m|r`^OANNzY9g;5 zF)O5{!r-r}tV$Zy7HZfBmI4i3+iQi!ZOWjGO;#WtVHHJ;s`bl=Sh=xxGg8IeQ zAHHk$D_4Xv#~97LIv37bUil6X)=dmn(*ftJdu02U-+dJk-jtsoDx|frcF%72!Cpo~ zpVFY%9Iu%H09n#R`;~l1Kk9XGBt|M(P6|z(WnnA*p*X3%D3M#}P5Nu`**L9s+6Szg zN#AxNI!xsd!{hmBBzgL(^--56&Sk!Fzhbj?k4qcAeXoybSPfLy3B%=w6_SJuZdx$N zD>p_?63+XKSRS>}vKk$vSjHw=mU^YGpGXdW>VWnClwUv>=h4&VL)GdS|3YZ}zg_?? zw`Qe!T_-KUZAlt)#fzV>6|zQk?Cj%y=EhUMxKdJ(7UQ3p5fFA!bba$iD5j-L42ou0E3$q;#T~Kp2FI>=u zv(He18TynvyaR`}LSeR)F;A8^Bj}})1fRpgo&tbng+%u1&?wJm)pFr~u$+8)x#7FVuL`5vjR zx#Th_Y{L7Gu?PtUnzX1l<<3>Hp+|Y?dh`}0)}h;7-0qK7RoxT)CW1VhN>tGO3}ME$ z1Yg>ZP;cf2$w;&u*Y!O^1KBQm60%EFg$?XD2%XvI7syV|C)Smg2ZX!OgQ_LU8yr+y z06>>eprnaT3E(_48Y7k0;b%_}fX=kpULgX!xVN``(09eNmoPHU&bQ-;JzEr?DIOAtdSGH|`F>Iv1C6)^5nu5=qM*U!Hw-fI4wcK6z<5>wSF>kN)Zk9&3z|ZtL$7)c9b|P7@f#SV!wi zWLerYnK$mX6wW|r%+fmA525bDT|LO^JR`>SftzgphJ}cBssU;$R^uBqsX9+T7C|m4Jh7SWvLG!Qrf)X>xk6D+g=fkPk&BvzJ0srBvY#c|k;JyY6Rl zM|@6@^4t(oz2Bg;q}ipjVR7JFhfbo2S|b(|Y$hx$SZgp~eMZ}v-3ONb2Pkf3IqMyk zW&TRN>|#Nl8>4Zht1Ml6>Q9gjR$Bb9!Mbq@k;eNwrmy{q_DTsxUu|eZA&hKl#MG1( z;+;0(st0XQR3QKGjZiY1=# zbTdasX>xfvt9qxppCbBr9v`NoSsh*r1?V)5Fi7g8L`PJ@r3FUe;4W!sQGd)Lq+)n}Fh9Sf0o`Dduc1F{fcEQ#qQS;Zh)6x>yz7^M_X2*~aH4)ve;5x73MkWz#>m7u&pqHL-e5^+k!D24nG7aL-LI*N>}pW5bnt&0@e zt6#-|9}(Szidd5u-X>9(qpuN;32^>Wpf#x5Q$xveuTImG=rr`d_zS>b_2h9HlXzu^ zvg@L9+(eBncF-8^5E+cmhLT4uF9V`(ZI?kYvfj!~ys?>%j*h5k5T-%mi5iTp+>dv2 zy|ithHqc}Qa=b0gbG-a?4BO(Ht3Py3IhHJtO%>SC8Q)=a37zP$P<2JhBPZ7qiL*lsp< znXTD~Wz3}M_uZ6Aqq>%jQ0$Qb^B>|OLjp#LpQhkC(q(+Kb%#!NAJqGorV^XxS1XlQ7Isa55K> zMyJf~z`rTRFx#{T9)T=wWlWIT3XzN@MbbDT4>pBHAILDOffaBnDtM6 z^-=(UKdKF%?UBYJO%had^c5 zdYg^O<%E-LpT$)?XBr4Jh~>*45@sP?FO`%GQSZ{+-P#GWz>r-XGl_$nSy+%?QlKXU zSB%#pKzBQn0X;oQlN6ZYd-bYH^m*)HDYi<%op)6NS`M0@(J5E_JWfQ$AUzexMy%1l zA^WVI_&L(7g3gYto2Db zW+AsGP%O4!y))`U&uPlwh-Kma#$AP$b zjr5Ol5Izz)-?P6h)13UYC`9B+F3!srdHYl$o zVjVA$Vxu!OI!fEN0t+a~U`I~K$AD}Vm+7pq)`myu4s_4EIi}jpwk!z~sOV^mRjb`{ z4B+VKMQv+mI5_64*(CE6s@6Sr4=lafsx*ysq*o6N7K9s8^4cbi_0-eQ4cM7%9gMOj z3Kv%~UxSaV9j=;(nhC%-}`S3MpzoMn(~NwvLv1!!ac0-#G>Pj9p>FKG`t z{6xVFY@jT&dyqPrKX~%q#iZq%qPn%RK}&6$e3a&ATyW4w%v9cVWn#jS&`;B!6Z=nG*V8lqzNncjSMN5Z~ z2&M2yH}Z+YOsC?9=^DP*?S%Osrxw;GJn<1RX<>?fs1D{mb{%MRO_STh>3O5;_gFh2 zkfx(FYrkq|6z7_f463_LRB6N3r&N2}8@_uQXklO(-%6?U9j7INXsfc++M# zJ9MiCQ8Jc@uzjYc*WSqBEgsir7FFT5Up&N#oS0||HpBH2Fgrb<)_CJYFbT3oSQ)LD zw;nRo)s6K6c}5YLR)kW)>$USPmww;UGfi;zP+wG9NgJ5=DpYIHMKNt|hDuYbaqwXP zrPJmH&P(|6RNi7h)5Y4=)#rM1!2ELp24#_Lv`+H#T&V654tg71<`+%wlYDX8$QiR7 zBxPu3(RdsCWG|$;VC`>gZ-j>iNOrLXyDRuTs7V-07U8R=$?2h~_S%49N$?|vTpQ|S z%p2VzoTThY6}CGJFDava;Xid}Z0;Ipyg1F%Xt{LMaI~m8w*B3waVTWlKfYr(b;NEh zzWMkdndq|n6Cw)Am=ocLcS*EvGgXnlvCSS|atIkIvGBQ+ev7UA>~yb=A`&nbbU(Qo zD_K!=`IUVeAm!ubfhFK2@kXV>BBxTJvPy!%c_VL-{#iFZ-!4Kf>^<7d`M@9>Q57xy z&dnWBn_ZNe2JQDA=cfS#m^Vs%KvvRbt1f%eTwXK-{!48zO3o_^305kn#@JHYZ{f&> zw?6B8f&X<%4ls|${ns@7{}m5C6&s6$&oR?%Dmm3kJ3^m!*g?WHpNm7&etn*o_Gizk zsbk+jybn~?#R|&de^^Y1y_!62IX#&7ayTFKvcLm$8Md|_dEGws->}{EpPF?~5#~-G z^^JOQRD9B1dUi8I@!&lfwkBZwIUb%G@0M}PhfO_NfU=v%5}s$tTk>3Xd2&Eou9>`R zW#L6xQy|EiBhBET*sE4w3>9&*oH6GF2_M5$Yy^Gs9Ex5uW|$ZRmtd2TKQ}wH3NS+re|;@T}m0Z zjMYD0)pMWU*D|%3<<={+5sfa9QnG6Bj;!ybvIf=WUj*vOg=`KRbC*$G7sNF+A9feH&CkpNkH_^ha5UE`yt+9}coH_TWD=;%rW;q&N?T7AG zQyoM;*UI+Q@l^fXgzz)5ch`^Xx;JGH?zK)>12~ zgAKJ%I_TDl(p9<~+l47;%Oz$mBxq}nlhBcjyYK*fR-5|@N{Gcr^&$VGB>LOa!+`tK%6nXB zPjCcJoTZDnj^Jg8V>3=BUI#Nz$cTC*&$96xG)zq-k4HsNHGL9}K8MmJNcML@THN!M zK`8_bVMpw0l4u=gqUD)IQJdC$N+NGuO%RSj8NHg%&c z$o=T!)C~Q;?Z_t#k5lybz_ky9jG43gNQpN0gO&-RfLF*ar|zMAYwSc1>}B9j)&u!Q z*tER3Y?Q}Hcq{w(XnrQ! z-Ca4u>?;{M7+_gQYj)N>SD}q58b0&)orW3O@UXg(I0V3kfakVkk?`PROVDZ@i(qB6 zV(VBuB+&4E?ob3OpRo5drRQtWu%8wxV5=yO!h3pGXiH48Fe$Z6iCRoaA~TosV~ z!j!5`dRE{*p&oQ@@$@bZ+>}!!=m8)0%^-MAz*Mjg9Ly;y3llJcg1Ag+l8`?9vLWHs zEEkhGX=j>DWrHv`nJpwytc#jyaET+dV#;fO4(D~80kK9&#yV<%b=n8O1^vE zGmJyyN{cCj03g?Tl^%(_9Hj|r;t?5KPbYI;jKYpCRM3I*++EW}ohI^%AKCuCNu!T7 z-)meg&5fl&^z`%AkWQ_G;JovcZ@7H#m7(S2HjmENP6G# zjJ7m_$|M;8P=H*ShCUG!E3-bIji2UOI_FRGBn;>Rugi9(01lPBcZ`5(5Cot>^z&MG zqP6PI2mN;rBXn^L;dymNlyXR&@HTwQn2N#;*@?~1lXl{*26N?j%nJ)EtT6ltE04JV zUnp!TkoY0d+(w)y{^Y$9US}Ge7*!f)zf`ZGYMA@!ji`|+^~0Obbc}lYkyYrM0-&QdQlOs z>s~&mpR%BSvk0MgBKlBx2m_}rX_`UH{uBspq=5xaWd#B}?}%qFdV?Tv$+;{h_U=%PdaV=x~~5se(88wY^tC zR(vx0^i|7PHdtnSjbPdS2|~bU6lkpKfpdSC$)!V(r;;Ss&>=_ zTf63nEOh*$^D4#LRH5Ljnp90Fl!mfq%`%9_k%`a}<91NJ2L=$_VeB=;wtxjH7joeec!M$&#jC^-oDvcnUV0>Z~0|z(h5R!_`J@lPC8XK5Or)V z`#V51fsC{A*IUTVzZyWlGMPryZl8XZ4{w%7mZJFG=h~l!uP$D$6)?o^<$ zaoV1)c54;QjUE1#WFR(W2*N~9Z;T@>zR8OaEznx)M60P_!O6tJQhU#0X>sgJ5v-zB z>bo|R{PL$n-Sc5Hv%pmQP0u+n5xdnd7zLRd7D!;d!Tj% z7mzc-KjIz_IeS}7%?gS3!mIYkKsF{kZyrSA(BZq{^nTGxB1z22>;frP=|w|U8vrP7 zX#=0?b8Qv0lFYbt*dIoR7`&c5js^@eOMDxnEOaxkmC!4%=1KU@>6OYXIwycr*6!TrE96{Ro=wX@!mzZ;*jC$oJbHY?S zXEALeiG<>8W!vKss-SJSYo(x>{wRTH5S{X1#Us^Ozvb%2t!r(* zI>+~36Yz3N1OutvlpAYW;~*|WEYUZp!y&h}gzwE=F4rLSlEqjy?B;m&n*M`WvTr#3 zgw`D;P^qRK*b4dciiN>i23YJ>Z7i#Eg^AdC?bNqh#&fiPusom62lnk5LRf;|e;e6S zEa8-oRVkZs`i+D(zH%p{qGweX83g5XSbqJ}0Dcg)#b(XrCF6!UrG-bnU?$dQ)&Y3h-unxShr-%FWl}v!@Z>pb`v`%oTN!hoUhCaC;jYOg^H|d?#JUS)2ID!7`-bgKmEm!0EbnW zhIWS=Kg}d##v+VcMDV$3v^6GBX%}n39c2mV>aLsa$ZbE|9}F=7=lTlO?ix_#gZ|V6 zZEqc)Trnq~MuuaSPxvPNiJn4Zy%c(e!bw`zoY#}>GbqHfAwqWiiF=YIfNzyRg z(k{-2C4MUr(98qEary?$jXD*>-vu}8INXP-%df{cMvle?g1RNYVlrP(ON)7phmxap z&gI0V(Ipisbz1yQ0_melT7GB=K5G$uj32ksEzSz5cnmqQGLP3|*g#UDP(&^v3yJf% z>|=@GItjvit4w8FxWybe277f$JaeXcJ}rRSi=3lxd%Ba;M_9gXixUkSMk2!niUcJv zHzg2Cwi1;0Pgw$;;i+53(MuB5U+0jjUcT!EXM$@|W>#-lEwxfq=Tk0=FnJR*bWyZP zuE$H-&Wwh}Dl!@X=H7(n2r;-!olfS=qdDYL4%*PL+7b0{haL1w4n<57qpgIpc~Zma zdVA2R?&tIfC^AK9eHPCNU5883w-2WWb-{PKk=r>IhlzDUv1E)ZA>^b&6-LKefe?Vp zvu$4G+XIEh1$fpEVXh8i9~jDVI1I@h5 z?+JKaC`k~Cvb2VP%!WWJcq)_#M~d6HC5q3ky?U-~!5@?2yho2$K53{ylr9==!2-fR_{F z!$2c%$vn)ctADpvHlMlJ=LrQ&jR^0?hJ63U9u9^Ou`cp{E2{8vqEGYd#AY+sQ-fL7 z2ATs|l49e=*@7d6PTZlaIwu)(YdMrniwSpT{lR~b;%)F24C!ou^UUhKACrs}=7-q* zx<*H~S1U4eDFzjYLq4C6Av%>vY3ua{)zW`_$459S*6Z)_s1tfft9I7ezxN7J!GE(v)|(IA|`%bDZ_gFTQhj z9|%0sU^$dIq1Hs-%9}z4i`N3V?~5dccNbhY^DR18r%4QYvyPWetL^wTRi|Djif%`z zCyX8wg|}m>JkRB9w3PEOA>PRpL7Sd{&&Vy8Wpo(aprU;tzKG*Ba2?DE!Mev#Ue?EL zias{7N~Kmil;nJ_p>XaHM0#^^H`_90k@Q)2589|x5k2pKyqSiF&W|wEWIf+4inczc zv>EyGB%TEV#67eKt4@f$Z%?+J#XS5Gi_lgk`=!{q%4t$UPS&!AwbTLuXKC|bLK0=4 zV2boW&NCcgXk7LS0^lyPH2u>wt%ENdj?+RSb=LLn2ZF2+8`SqPb3 zgqqYoj;1GsQZSK1C}Us!nb|yWBt06xDP|X3OrblLGfuWGXH#N25{)e;@gpwKY&80K+m2>0Xb9;#k47lQ{LJ9Y zHq9G_xPUD)X{LnJpKH=tybcPw&`jZ}2Vf3AM=`LjOch~5U=DunrfCTAuS|>FrUAE*RAgXNsNq%3kji3=!MCqx%ddBy1~|iYQ3_3p~c&^zN?Cx-cB3mg1K^HP|G;52s(fkjg zE`5rIz^_EZgjWJ@NfO2~2*XH)2uBQqIM;NeYgEhcZM*yrciV(+!64~Nf9zDjG;G== z6IQz|7Tw#ZXiKI+DPjj6N+~xB%Z;2it(2mVKJbAMfd#FIfS(E7mxrbZE}s7K$4YZY zSqd;}QV47WeN;armcFf3C63Q~;Pz^AEyG1FKN_(6&QkQc+p{v;I5+m)yF> z(zqE{&Y(5>v7t2ak|L5ItUWQ><@TqMMdRRaT@=pGJm09Og3aDzEWqQD8$kd85ww89 zy6Z4J0;UGdcyaO$@K9n>dzEZhyBavcL$3Ew!aBsXNMm>Rg61y#+!+pIWZiD~I2RAi zl@^AaZ2BfQW!}rAk*2kluTV2#9p) zors`_2q+MGQCjFl2%!h1_ZoVL^xhMC$eZl@-W&J5G0q+5jQ9S!=lteZ ze!uUVbFOT5v^M(woC-+-4MdfDm4&ag4Nn}u_BKiQanlmbV=0%#_myq-8GCI+FLf|W*LqbNZNh1&)MN5#%9B9`3KY4!_{owb?1?ybBe(EFrHQX@OAgATZ(h?M*6D`N6wcI2rM62@ zDXb$&aH@(hHG9HjmFp~&=>H<7y70rktNMw3{N-!Yx5!C;3?^WKA`vLRbal=|UoAR@ z@AeNe3pf2;l%k@wrXn%CC_vHUDAzp@UPZ!i3x7@L9SQr#2s-_wO$E#ki}^fyqxu(u zu-NXV>aIuAPn*(o=@H`}IvF4H!kfD1$F0u&*F4Mi5A9uJ1yuiESj0}VQQ*ZmVQy#77>GcbK3xHNtE3D>1Uk%m{O7d=(CoKhxVaQ8gQTPP8ZY!)A zicc_j3BS_V@8_>ODJ8U)UOZ!hraM*SK6-(P4l7Utx8{=CRul|0$Axrv* zhU8uOwXExyDv9Y)rYQrN#>Y|LFZHvFm$*EHi2BPO4CnG;nfF~;ClmO-Cl-j1zUj?f zi+}WyKD^&rL?UJhf^lZ%^h+6dC1k4xDfuUJJmcu;#l(-*3>Lqd$44d@9OeEhL@rv; zwbb8MS(oEQ#G~S{{nwwE2y>YxdZp9UjQm65FJ_g@)v~A(tKpq++_3(#=bN#NrO=Pl zWy4X*NKDwve6qL7Txf#(l}RQN2_D z+vZnw0Z8Im8>DV*c} z@l`C}dt*8AR22{B65<)uFRb=HQZ}y?8ki1Tx)q&Oyj7nxlR(43M`CEaLB0abE_JKT z#(ettVm#nzv##yNN=n_uD()h=OH#=icz;^qJ~;{R#ppUZQO3O|j{BD+zx2edkBqfW zu5pF?3C_>s9;sX*dFN1B<9V+=cC2|aq~Ald7@wwdt8qRnYo+j?#kI?#eC})?F#3=w z|$scojFe1;iSN0rbl-}MY6=4+?y`E+|i1ogV$K{uk7!% zkC3hk9!c3;UNj?yla3DBag;b)TP%61)J9wl>%j+*ZC;OQ3xDjL^X}P#l&yEz-FC#c z>;raf3uda&UPUrKsY>$>p#%2^a{FWdc)J(xmhs;qs}`7x&baw^l!W9j;t#t*e`>7K zDUU1Dq-$5>%7&R>YBh`R4Tafy=2s`o^VNOSheU$Km&kH)*(Eyuw0nG)1>M^TC- zKi6!{Ss|b9@l_8e{w#|q9YurOu~&SBMJ??6B~_e{k>8`anUckwG*$t0(h*U{?|^X> zhakF~hCEC71*5$3;r(aocU$#}W^Wlibl37LJ>NRp`)&N1%SRZPAUsBk?(>-R)qVOF@qHife;C@~70|%ik?f}4aFmgzjozG=s~{`@c>G5)4i-i=R;$_#keKq#ijE-V9Y@=Kp4 zk>AmtE2I=(Uf94M@aI7$e~pRwo!fj^*S#O*8|DkQ?Ou!3*XA6>4Qu@gEKDCLI-C?l z(i|b(m#wrm!;xQ|JC2Zu4UdO&XI(lp@`~0)Hx>&fldiCIPGq_kXMB0&7cPI(UK>(t zf8p2T`1zB=Id&EZl9}rXRsu>KBT35fHo*?{debYLR+Qn*}Y^^*o zGjo$QdR63qnY-TyH>ibl@f>MM|zb0(R)) zRR$(matr-F7oDxI6tzRiTRP|>#}loC=-`5nH)IVB1D@m^A}Eoe{z)DxcaQu`cv9#4 zJ6@1m=$1rvNv{>sX|42>D~BMI3KY;8$A$?66n}rboSt>~T4(X>_ zf11}ku{VDV<&X3AogMtC)BRa&GU@AA ztuA6!I=(u2FJ`#ujdTKO_vyXNR%=w{!W)#Fu|?6!@W@Jd@8a!xvHVa%{>%i07F|T; zszYiw`$5@8#e5X)#bhoOc%HN&6x3?P^5pYZnHHJV-25N&!XR$r-28jwu{u$qbNjZf zf|ZL6B1F%8O)-gN{JqUxE$SXZ-r^$U+GF!FaSw&0-ti9i^(s5&BdPp@{^l_hj+ZU` zi(`b|pWhYJgfyd=pgFVVRlhc^j?3eb15p0osMI}kAi)!XT1U<& zm2WJ7^})>_F9(5;7LaMS zEyI$pY$QKixoWC5=N3A8;OdShJ^k4vuS6@ zUUo+D3NV;!=mgz9Rhk$co+TqT3u+m7Jq~1o!Y+}d8TNkvn7&cQED-R6h+WxVXoR#i z1}TxVY|^fut?VPqj>_^Tn*GFe+z_Z>B@DYK1X=LTi-Lrtu^e~rBG|U_e#vCvj2EOz z-lIr@z`sBH(0CCLk>{_#(PiK6KL#a%mp2l?@nsLmRl%RP&VNEe@eeh)|Kh*5{~3Ef z*`8{H)bzZ}&m zUkL+ebqK+f7iJuYR$ZGi+m;Hx3R*4;PG28C5h>O$GENpLx@OiMe2q4tINOTO3M{~t z?2|OR$K>_B)@w^%!HIjsE?rIj@~cAqgH`m<)Kqu>$5SdSINIgMtu7#qsePofitOjt zMV|IAtUNs{e_lOeJ{K!Y&(*cFA%N^lI8onL=_lImU>%bl9c{NPyU7Y>Lz5Fz@3#d{ zzpl6cTxH=A7uWI5-`}UF{&II7oKKLhKD69LB`OOY_u_?vp!@Cf$$XaWzWnZM<@{0o z??D~iLNrt4(Rjb!`K0DL3=Rou>u3{Myq3UmR2`zxf`WpSCYQm)zE@rx+ksrUa+T7o z1p+V4T?R7yR1|dnIO}M4)}u{K?Wf||63>HP41;JirQx~myziX=+Bq!2#>T#%E+Eyf zo{OM0V%~~+&IUX7GjAj}AaoHS#n{u5nw%)Q7g1#+7| z;xX8=Z7LcaolZ#QLKjmqoJ{6jb#7&pe#do`c0<;230ouAWGDR-e@iElond)eL%yYj zlQXZFkMHuh_`joNny4Sb%jAFFkI-84UWU;Y?>@T+HEKQl5m`v7)=f@0H$U1Il z!JSGCgzdQzRbCu|oSUOV@q+1ugMEQ(quh$XWPS{`^LsC%s52@(e+`j;kBNR)jvEr~ z+rYSPo)LQ_lPa7Rtn+$QP=O1P6TLl6qFF@<-_hx+6dTh?Na=|+%lQo3($Gqtytx-) z%p3Bkn`rqS83seZ!j8{^GbF@(-c0{CkDE0g{JtzlaS);@A+$O%faNT$Tw7r6tE$~B z86yb%JF`MUIXQj)*JAVwZp*&qQHu?=JLoTtFe8$yib63BYmvc-8xzS&qp<4|8$}@% z5@#cE`)D5d-Ev1u0b#+hT(<@`uxBe<3%BmPT~wdwS*}UmWryB~ZChE2WR`NBU#_0_ zX9=l%!5tEvrYy`(&}(YEx=T62_CI9sSXeM%aq>}}3+GCt=H!v6?O!{-kg6EZ1v}ZC z(n=BP2ONTXk^751_gIEK&6(&~LT=bit`^71&fCDTJ|o$L+qIC(HQ*e+T%m5&9#^-$ zv>kTb1~7qE9k|MkvMvU$kJe*V502jDz~udp86>{352IoZKjL+ zK`HIW#3g>|lM_nA1QW?Mwb+mU+JY9s7+tu&9vvNRQ=9lFmfG*YYJ?(x!@Or=V8GZU z!Ao$ZGkedb*y{EbmKTA4z6VUy)%-R`=bz|PA8cls9dCdcckUcLf#0R06VvzbZe`$% zQHBrESv8Gnrx8-Y@qW1ul4hM<7e%9EppjzQ+v|z~QlUchYT=7Lrlu*BzdTz1o#U$N z8rrkHKpz7wQ&WfBiWld)6Yb*ZD&S7>X=Yxx=e-HX`F)9pWWxdi+H^HvP)TLRjCXIm zYW(M4J7;$)F4oI8WH|pq55{$QJ?dZYa3o}VFaODtC+@eQjMSEM>=AO5CZzu=c=9u~OTCP0YLxpYF4;HF{Yl}yd-o=g&L>C*8vy}< z)&8>j)S{xFSF5AWMbGxe*%=G>>O+ltpZ^rqP@kS&VbzX}u1!mF1cgJAZGY`NU8dfB zjmmWm8AfF_wSsk-l#C}&TwFYC2kH`kUiJC*`yU;<#f?81um49_h-qye8y{Ecwhs0|37cnW1p;ajEbDLU*<~lf~ym1 zUN6`c>D!M9xVpNIo|bN|5&6V@c84M5@_bYz-k#U)B~&WB*k4EYA@#qdLsO>%$kwM2 zlcjjczF+0#Z5j!ZcHLDUKFEUbXw#F7YQzjJomg|Hc~g>-p_VsS+=N+XW|T@$JNsV~ zx6V%Y20}Rkwzs0Dqyj`7r;oR@fd16_9oI<{ia7Z4D*O&MJ=UgAB1CQcPdjYj>ZyTT zYdl!&$}WiW-^wl^!Qn4m*nllkZtjASB4c{Gy!{QLOZS+;V&BOx=XCSSg{#%OgUj)m znFk6^n6V$v1N{6>N*0N2!{E}jT&_v8PY;wl>2|hB7NQV*Mfv23Vln$eU>B9%JFXz$U8E#wjB=hGm@X7Yh$cfGER>RdI0|)W z(i}(G*;G|^c#}VZ;#&UF62zvlk) zD>xUY33smb+CEvJWNx>Sw)QUeBUZ?Hpfbn#RoBSIoq+PH+}!0LdUtV5hBGblExNeI zt4Q2~pr?tbe7m)8%U*m_whTF+eNp9yxU9nmiWn8k`Qk*uPLpJ zpM2!Q_)@S)7MxtZB&thW9U!r^K}XETKJIQ4{SgpaY(MJw$ZWNCE8wx$w1LN3=<&#v zq^GuaPEN%F_`&QhR&#o4&02FxW@2P&jl3iFsPRJH;f$J+S}G93&j^!Y93@aXn-}vU zEX`45P}c+8ip+ge)E~V9=(_`)&t6d?6@&!9wvzg@H)^N}Jj17+qxG)Y+1G^Pdi=fw zo<8LGXmn*dv#%I4U~MKVL-en(ggXHN7+2WAxBB#a*Z5jnC|EY9>reK-LNB3hZ)ny| zbEF66P}dBG^P8WV8OG3pyIa2o$cH`kb#d8gQv7;7*Np#B)y($y%sxn!q3;5RIyke} z>wT2-vvB4`e|$#11^sM5m?;A-ha^yu^7l=hb{q6A!&0s0d_m)AI#(>lflB6&c2S)4=45GF7a z9tSuvS6qSsT)&`b^!_lo$w@rn|rQNjyb zWgC8Dc1}au?ErVQE3=2!Q%g9^2P!x6x&4>=6_Qh4p!@iZArta}BE|GkbEqKj)%zRw zu3o+B=H|xo;`J=TJm8r5>AO<5C3Sw>+TPmA*oELvDdPBoz;TZ?k*SU@h9~}p)2R|A z>Z#KE3lz^0q>$y&a|Py)N=}H6=Lku_pRGqpr_HUe3t9YmYQq5^XAaz*QB0TCY|2N= zbf0Zg1M5z7MvWKQFGVC*c6%???{-B-p@giKKbPC|d2EejKM(e`JbS4n`}y?4hv&hN zDdg6(;A6b+{_@!lM|umSrZC-DUutJ3UZGBieWf)*i5ik9TCE^1`wrdHQq+wHu9Kb%Gv8U;1O&^0 z{1(>dajO+85Pz}0t|7P8;SK=IiHQ=#Au&j7L&iVL0G8(y1Jnc9maCQl0%W;KLbjXC^pFlK$TSW zgORV$Y9DXt&Vrtm1e(V7G@S%Pp;?mmo_gmd zhaQAca|{g*VkGNKD(vEull}N*h`p&2yv7K(z3txib{?}P;LgEk^Gg5h-EF{?Y;9M> zQ=K;JN~R?1P$z-ayLG;c6xz~tJr_3zQ5LQz9U`jHDW?PFhj1yJW>hQ^5!hd?2 zYBf+7jEnT)LuS>kXv|O>=*I+NZDE)i5da7M=$hl;;+FK^Rn7OmZ09^#lKNVmt{ z_L=97S0_6d+@#m?ZeyOob?2>y11eqrQ??TNK&6@cHwr$a&OMsjPF zjLe2j@1M(oF2@HVRehemS@#yD+QP4iu5y@Fc|UowlLUGNT&IAbAZRO9!i!$iabW<~tIVn2{{$WcbX2;I6}aabyqpuZ7trC4 zA3ttPc)9FtO9Kz=`lQOoJ00~-O9pke3r@1$$)nSRJ7t3C1C;6*hXj&9ZjEIRtpH;J z$b>6iO;#54&nww86=yJfl|aTF<1|%u?oxJd7l2cjQFkr_JxrJKQ-=>Zj+J(RK0&q` zh~T{O?SnV%wCo6DsTr6{TNL9o69ONxGL({%Ut~;ZT63=B4fz})#Tv3aRh=nd6W`1D z@djL@Z8g4Vb0P1vt+iEwd}e*UP_m-DoLZKKhW5;JzwpK^@XTjH9`?tVL4>S!UC6)j zV1@`S$v5cR%*jbg+^QRGkQ*I^qhN7K0HYfOjsq2-mUUm7koOs@@#xZy>AlKQ?3Cp_gMYW zt)Hpj0VNs(?_y9gjjbhtLal{V!4p_nGpD8`7yec_WA_2!zZ^l2db*w+kt~v&oNO-? zb(fV#s?H8kV~nsv5j^+NwnHaW!#y?lF1LX=i>*)_uKS zT}-o~LD(KtgqM~$*v)l39Wlod!U3dU;37^F+T=g6C1gU^uj-vq-@SW3q`lS+j?>NF z;o%W#{{8zoxrK$rK*kY4xC*8=v ziSEW;e#jCM6@|Rtz2YUIsD-#GePft(P?(Z2H8L8nE_PPJpS^xcOXmr@w%kI4<`*jxtDbm9MU;DKyT7_a8FYa7UHQ%^eu z`qEZ+baj7ydS-c9^NcUu_)=b5vqOCapa<8qkU=WW3#P|337kg8Yuh3t% zU{Nz|(a}j0+4g-YDN{_C+DgaC8l!Udbm$X<#QDw5kvg9txzN|qF)=`|RMmt7PWI!9 zHKDFBv%6AuR((vEEET%EEsitAMHRw8|B%-knBYp38(SQokuG{bihlMG{j1;HkKETXwjJ!E^^tHga7vPq(F| z<@s|2gHSH^$8$os%Z`!Jc;{Wt`pmY-t+DF0?C-2#K)9~5rt8@KJg3_GPAz8|tb5TWIL@ z4M5;wU{-&%v`|e4KY9A}CHc+zr8BcD)YK)wQ;??WS)+>lhchAdFOZN7z+M0yEBAzkhGn0xT8pjLq)N08>=Jj^t z!v-9qJovU?S9xFp1@~4fDsXp>sX!3aW(i45G}8IE9Hx?a`1=W=6J1!y1HmQ%j{@M@P1!>8a{UgsrCvxszkvVPIWmiqA@HyXqr1C> z1YBzawWBu8WQeaf)1*$!6Q8!A^ou^XJ1#CRc8U&n<}K}Rq52YzoILnTSmZ8aYU81} zWfvVCHK56|4a*}%UF|oUa15)1)jAs!L7`Mc$=U2D7tRn59%O=?2n6bA zcZ59U6*agKcV?%hjub@Tc+W-ECh^j9Dd z1iRmVc59t)QB#wJQeC}6a zjWnEc(A{jMQ>-6F3nuc#byK};n(Zr8|kTaWUFD!ov zgQ;S*TWC>HL}K2`%9!BQ2Jp-R_uBy+T73JopQiO#a=luR1e7VpR zu~=~FDlZR@FMhpP5=8G+q)o$Qo@FR_dx6xr1=!Qv{LM0f)?e7`cuj|qk#V2->Gt0D zOb`fVj=cAQ;&QV(Kd5wgi_VvSVKtn@JaTE2VxrVZEmMJ#*`82Nlv*nig=6b{?9U8{ z=b7Eyc!fgqBLeAOo#0-PDArqwSBfyFvA8}~w)QbFAkeT}He37BNX|8k`xuGM9zL^5 zg-j!)C%T^{*wV7ke{Vzks#|#9qQ7L|)YvZ7=kRhjtLB{2{%>gek=~>AtAc{%)sVoE z%zvaHRQ3ZI<0s{3dKuhD2kTK#g0Sa^-dm_QtZ-2gFL$6X#bKYn%wJuN`+n z3|f0qcH(aQ8P+Wi#H_N+1P6+_?8>;IIy-yMmYb+@P|_O|Uua~z(+}hi{|3>~(ItyG zI}X&1{|F-BV-%w3k4n6zD@!X(k%5^LFA2X3z3?%1!?_I}U7z0cBs)cXK0QW-=j#>J zIBn$X^O{H+QFb2Oi{~?%-(1`$9CRHpKOHNuiE1xm0D|NGe#?Nh}`G{U;GMmcb;=0XYW(-C6a56-@J~Cv#v9Kp_8;q z06?Q5z_$Rc&`A};32nBqu>qMa^=tupajS2^!E-ZBPe5b7vB#OG>94S7q$m4~V--FH zsi~N7xhC$?i)r>MC=*%+zs30u9pLcTcrP5bJ$NitNz0qWYgG4cKvbpS=#5KYV1tHQ zdY{b63kuc!{e6a!qNCHUY6elKj?P|B7niiB7E=W}>~uBrsNs>K?-HJyyCr(|`|Age z4uzCv*UxAG&hJ60fCPzzrvtG=u^jv($=z#auIE+JPxo+?=O+OEFDs@0bB6Y@)hpvl zhjA}#037O#TOOd2IeoX-od{G3q&LF?4lrI_@%*Chw-?4MY=>rB!nq&ML9D%iTLuxcNQ&upM%4uBbp6-X^ILY3>hz# zYiepf4midEU%PALH(i_|v!ao<$sBlSadvv7QRhLp?LFWAeY_k9-zHwr?Gpc?qB(j& z0{p_nxgKvAPC|Uvr*c)t({mq0N_tTzNkC_S4%649aQqy2tE#FRODr*~t#qetW`#+= z?xR8&Gt$uL*8Ae&h(C-Ho>tb@5p;q%mTi$5_Nmb9_4W0YAvgyc8(qyen_1A2Bw_oJ zVl$H?VkmQ<_x9i4941lW;VK&w2%?sZIEAiwUzc;o!u&ir%b!1g3JVLbnRQVQz7FQ)&?>|BO)ROrx@w!lhV=x7rW^IY*mP$$1e}aWovUX z6FZ@}T0tQE3#6ANx8r18lks^lUClMnpt} z7Wgt5Y)eZvlz7&;GX=19M+^rjW}Kd$9v^I#XykVOtn%5*Nli7|TkJ^|w%>0oGcJ2A z4d%&67^rmpue_=9e0w!eczti&h^XEyVb7)A2`*J_a zg9o#~&=nLEiU2P_=cCh6W9sSB^`0BXgsxK{4xpO)#r3;UML2h$UoYh4>kp>=08;FH zkSyX@r%9QR-@JW(;rAz<0fAJ3RA$4#F;$|8gCdR-pf3M$XRb}+ z=~Kzad0ANxLCaupb_nsOPpcH8n82Yb3n@RyBzKEmf!Q7{HuJ-y4Pfb3X-_Oa#mA3U zxy;4(P65y5^|vvIl3wVMJy{ScXemS9sxy`o%$~um*4nKG6W{3FK$qQlB|_B2bV;AV zKYt!PdbA9r1%VO}>Tm|ZH{HtvnF!;J50|cjjJ(Ot#wHNOQg12{d8(w3E0{i{GxiKP zG|qqx_1qCV4rvk`oV-TsZ-LUsugy`}91_L#<+v%ap!qGIyW38f9 z##7(FC(+R80|tmLfe?ctij5Im{QS2@ma zVrso&qN8#3m*e>%y&WBN(*EAy0$TmzMKfvWEZP9#IF!>92~vz3lLw9Zz=Hui3szdd zLcu_~+S}hwRh4N2uX6hS0x7$C3NYe`mhd}}dS5-?Q;6RN;>VBsgeGR_X&J!q&J9O7 zd3kx-8USU&RTBq6c!*#SWfFJKP0=%}_w@iiUs_r^hC^c$iz0%j;O9Cz6SF|MsumD_ z7P(KckrH3P`V=NHSF84KEJJV&WJQH3Fl8mBu;`#TehAauyHBk^~cyhvTR)Yic za4dM(&Ztd&ErGXfpNZ7+TZ4hAE55OP<_7YBwB%h81bwjpO> zF>^k8fX#u9rUOg<{oztzU?2!W`h96q=Ss1S-W}$z{Bm#dS0pT&^tGiW%;!sZxTU3K z)1N;$6(bXqz9eCl%mMJsHzS2cfCb(58IQ{>6s4;N1_xva1hzR-@i63bSlAN*fuyG{ zvwwdFgFaWdE+{V?eW@$#^yMbMa;3&)P65=eT*WJlH_!zJz#Ybpez@`A{{0`b66CrH zee$maL`4n6w|K$D!^4z7PfP0w{4@yM+*E);43t{PA&dj&+iwCvIgCBl(9q!L=Vx{u z^YUx~n&LOF%bh26bKCp&?S?hZ39MlV3kyq6PZxj(2g?C9kDwP`9R`OwTdS~H!lY?> zdwYSG1RhijjLyZyWu@rw=xBUmBJHV*EcC$?2t8(I)VFTU&dmWmSl!y%T3ww0nl^#3 z-x@E6f8dZU0eu3_7^t0b(LOM7!ZF^y|3^@Hx!YW8gh{1?(b@JkaKaZaU-sOXK)1B8 z-M{~8tkeP=HAg`~v7n)yBIO6ZK!Ab^U+T2-8Wx2DLjzp}G298;P~`sw)V1zEehf-m zy+9bxpFfW}y$d2>B~MFpbJl72NJj@)_+SpcT5wkdP{^P_zo)IO4TN$PK)O+c%IfNB z*UMdEudO#^Q^h?%%*|bw1+&gveYH~sP(p266c3S$tKbtT$N_UVF)^vFuD*2f;#;Al zPm~Nv$;lufW2dLjW`epk2(Js;%Xrre6O)t4$jE?~)J~k4s&)g(3Q7i%Vg3y5yx0T2 zg%`l#e5rHj(mG34)zuvau&FJAVQG2!u)PJaJwM#?Pt$FX^#c~5qNMcQ{NV!XHUIz# ziHV$BTzB}*9f0rvQr}dWJL_h#eWxH=1k;%>e7~ zZr;2J;4+w~>?ozTZ9Sq+ZE1N639`5=WMtp=n z-EN`+S~S2+na%olCX%8Bzcwo2zWf8aJUgqMtqcPL128dOQ0ZuUvf9n&T$6%>nXBI* zjEk7R6zCcn8a@hnsjO@_TAUgv67Y~0a&*U0{_-{ujRQc9Zj0Rjb`}8(9DJzXdz0Jd zj<&Y8GIQeKDD!FI01&?4ced=wu{B9YmLBH zngZAsR8&;~U39h|&YjuXVy2;qjgLQ|LEV@JZnUwnac`-QIshI95`6~# z1n?od?NDaNo7gtN$r1wa$X7bS^9X}qMFWHkP?>s?kWwO!BWi4}L6vDmV?=Wzy>2Y6 zb933p&rd>J9Dufbm$_CT77%8+pl4Sa9MT&>RvzTYz1GKO*49ogMu z<28vj50sIS0m$^6#aLMZU|&!;V)S=wzIr)2=F0W!`UU7ae5QvRNGwi{Yzl(`fV&uN z2MYx`P!#d3b~h0|@HVyt!-->MQ7$k>2wLjYj>cq!uRS0_wO zwtfM#p&LlHg9WZ2PA132EiNtDI5};utoVT3O#HM01z&?az>6p!J$k96#93c;_F@_JPu^*n`Egxr%fNtE=0NQ98mNrW+`bJf z|6E(^w{onbtqqnF#nN{sJ`7m~F`)fBt35g&5156FzU9yI@;!w8D2@tt(^7lEwBmMb zT3T9qIs~v$Kw28kj@JPH0)q4Yz{(!-&clNjGn%=D4}5lsx-SN;8Oc#K2GZey&&F6G zc&GxfZ_vr!G%0&a%gk$n&}S>8dcWg0sL83Qm}LU%)Zr!wJD33NhDCPm(-QM~V^h=h z)m7u~)VgOT&!0Ve2E07rUmz#~@%RS>l$VzSumIQz_n7NtT{{@-V_;39Z~I>XI0lNN z$Hg)1YDwfQ`o*R`!2W>_7MWIS!-qJVWPu(hCMD4`GNz`a_ydj*8mh{*AqwKxG`J1a zhyjfOk-zM9%NMW|iRA@|!LgzrzJC1*@R;=PclQ_=l0lpXUs*pZHrLV`7|d1?b)HTE zp&~ZceSPc+_xV)-%+lM>kKd${2Ov3K-VFdwRN{EFq=NxKK6eev%gbP;6F>w!CY7q# zjI;NkkIa(Z{asxuN40|Y@BalqI0wewhK5I>v+pSf?xX#R;mFtzyg{CfH9C|4H(Q9|2H6h0rgXS@gn7^%L6GX zDG?D*05!o%!v&tfpK_rfnsP#vK@2jfcFis+DcMEWxw3Qe%7IibAoGBw06bsd{S@e_ zhl9g9$X5&v4b9EY#-3^Bx$;e1nW*tt`(@n)YNsHC2A=LHrm8Q29aI+;RmlfHk|F#K zKZxB@Y-|gFkjtDM&av8*|M~?A6gB4_1=IHnq|g@p3d7Y_)-9 zDPYy0s=_Gk|5Qi__nl?1wUr%oo0V0r0Ih#&eNqLchlhtp;p^S+-@a*%5Ja4(>*#LY z{2m?c3TP5wn@7jTH8nN*^A}-6{a1E&t8;U1+kc-gI6sb1nA_M00H3pc0E@C3$dCug zB!8}23dv9|#rTxn5jtw>p$c0a0=z0adm)5^`T;8|im-3O_E0V1@pC%E8#iwBgMKC? z++9F`h&2j=zGPi501e5Bi5rthjq0Ljfc3)q%E6=o;KXZE`ACitSm0@UOVFe`ya|5jIYvA1%-rk1*>%{RGy|%ZX1jg~D z;xQ*@+n+zLiDv|`K3`uSBt0t~fGUXX`T6-pfhZ5g2{_m=R^pkM@`CE1ps+AN$@5^0 zfGG&Q``h?M_bv_1`3I0tIdS_DmB1IcKD)0dk+Ng?;&A z3{vGF9DsE>=Qy~cL~`?{j=DAI8(=0>jNVtT1ZPb z;F4AS{p-%u*f}^te_{_Abfhq8XEq$b{P+4~(#1XOR(8@3*Eqde?S^vH!fAQ0nS}@0 z0(udg=sKEiVD2LiJt&m1UFd`Xivt>=VeJT`xx?^&Ns;ZX1s4yGD&TjKk@^i0&daXg zwRO?afHeW~Jyi4CWx)eP06>fYH}~`LSy)_DP*j{88w1c@vIq~LAktxc*S4rgVD>fX zwrSqQAWl9$ClG9bHwUOwz#Y7c4lH&BvMDVuX8<(xEUt}c2pleOY*R>Qh`xRt;0sYv zeIRYX)UYuU!^z3n(cN9BS1_VuWMbXia`~^1j_vtkZ<1@-uKp_5!OoQT|G`$1|2cvB zpV*o5zs2otLUI51I|BZ58*=`)81{b;_5Zca>c408KiYuy-;()n$^2J0E&jL8{I7M! z!XcLuo|8jwHw4a5jdu0)6lwR=6Ho2E&j8*^oXfL({(}1d%;wPlqMZMXl_nEcmJ_99 zQkA=^Y#ps{j@Ppm&=22Bl0s;GOmx8g(W5`7)hQf4^F46OOSKzQ#)BTcsbcg|GnokXV}I!$r~}R1Qz; zCo$liA=dW68{C-i${*b3W z?B>Mo5|r63*^uFaY-lUCO^&le*And4(m&gR43*>3xQMHVquyUxA2s9Wzmh(IcO|kM zw^4^irBd#eNaq?Pw;2n9ml6vaUe!_G#5fKpt~(S?`voK*U>_^9tj?l&QD#-X$5Yl4 z4BRXsCCKE#2fy5VdJ`bMgtUZPx&<}A){hP^vNR8u5mE}qvDL{a{{Z*E=RXBHS|@hD zZ#+`h+t7EMI@zE9O{GD9dpi3|cD25Vfb-5`j14I5`8FXxO|sg17TbC4c4zPHgarkf zA9L7yiyL^9R{P@>)Thntxx-WHYEc~Q5(ed7ZZ4-AvwGHPmwz`qulq>M|lP$0k@r%GF6K$ z{5rVeuG5MW79EltvAaO>%=WUqMQ2YfM@VUTQ3h1u2nuAgFmu)f$1^&5{9~tk@NT4U zyw**J#XU4Km0-7`kNB?jl3*-%f{JeJ+`Te$dL{rXna z$GMA}&rnL&_xxn2qNvuVHyUb@f(M)3>xL1B_2xxfFxk@s=Gx&>C*k>@dGd{O_d{@( zW8evnB8m=CB5P17|NUL5YuppcL!Z8LP&;FxyE$gz$5b)X4?;5Nbq^}OM+^L-p)>{QbqM0Uw zMLg8VR3vv9=NXOG*FuzFlw`>xn5Wwa^}1ZvuSz^geJj=aq9F}O^M4SbG*^6@{}z+~ z{QGQR)~HEk^LpD33qgX<1i93mT}vZSJ^Zbr#{a>k9h&l?6$eAOUC}BmGQFNo=V>zo z3k^G->f2$xe~d-tn0bQ|RqSEC!5}rJ<~O`7wUg-Ubsb*r6(1+MDJ}8tR3KP^x6<=f zNhMjN*>vRrZYnIj%ElY?oWz@7dM!Gr14%BiNnmH01~9-dJ0hyi+v2(!8V0asdqG_v6^4G?PW90=>A(x7uq{3n#kDoD?xl zE2?$JBrLiT0#hfR(h(bP%f>b(y;mAaZJS;e^aKLwm$&SL)pSG&+8F5{29tM6hTLF2 zn_ZJa1(Uorwq5Lq>6|y|ygOf+&imNeXTz)N&s1xmx|eC=)NNA9`#{n#u0T7t;yd~e z{YYL?oKY;neQgXki&y06#n_=MBG-b5ov?pOFzUvoyGYPgXYF6_?xAz(WeW#auhkO8 zHBNh93mkhot~3liub+_e-feX#6PRknoz|St#5`9~kKxpvP{8N=(C=*ATIOG$YS_u! z^P0LN;%GQGmdKz;UCbJiRA=)CCoa}?+iju0kyg#Fx}@IsWTjwUb@t#4V-jEUaYSv+ zyk_UAnA&1PsZ&oU`On`05|Tb?yGvo*lxw=M&xc#L@175jydg#Zhci+?oobcmuS;6J zs@u~POhzVq)GDNKsXeOC7E>50o9)3|BE?gwqgval5VJ5sSQ4qtbgOL*_C>Jj(|uiZ zi{GM_iFcOft5lSZ!XQlwUSDOFQE52YzWvD}pr-OGvCzQh!4|qY`+c7aE zEZ2R$coUH02bJlt7Y~>}1DE*TON^we$9M4Snm)^K>`C z@~7ckty^Ku1{Q}r7TS+!P#{kYQak~_yv}d)H;v;n6Mxfv7lIHxa=4}gO8lT6TCxw4 z79{VZR6rT`_3Mn1{mt?auwl#Kb=jDKA9$xBNn=|J7JFWdZ!E4g4UU$}z>2wP#ZS62x8mJ(>EUbiTDeHt_8H^#$*Z(5n5B)3zS}(e&SfgPU-Z zo3cI%9K6!wR!tbl>DIknnI)&B>^Z9O(=blhQWmdRVrVU6it5_k{Q^@-HoeE3*~Gt_cqawI;mdzfBg1rt)NZxF)-uk&&8^erv7$YTJJ-A-s9JM%} zx?rrAHfBCQmTMVf&)@Ei6%4+SqZ1TBgy_H)}K}1`QA3~``(aC-J!8TH?;O-<^L${E2H9i zf-hr8a1R8_;0*3C5D4z>?ryKaM!p| z3YA_jjKlmrmJO8i1X*BGoe&+GWcPn1ikFZ?Oo&_bvKz&9=_phhsuJ^L4jPjrbPToL zu3g2oy+@aS&dUv7DHz8NDa|*x9ufE)mXOS?8!@TlvNv5OIj!^tNd<;JusN(B5qfIe zF2CV0Fu?(g+?q_Co7#v@V@>Sobi1mL{Ox4v4OzZW0hi6PK(ojQINh(oGr7Kgru@8q zG(LEwZ>bv$G+g@8OAUb#^rx^=IXT`_KfGF$^l`1`gbpDQ@L6W6+{`MKX8SIQnN_C<++wVH7PZNUK617Bj zqWG2ie$tbVXl%b$sW)4%Nf=tD-{fGRdDOg;kPg;RhQW7y`epFN>B=hE@h^> zc%YSsM*&Q6M!q?^AwcZdkIchtUo`Z1)%r`t#3_^D$iM(?k%z23C<_Nh(Svo6b}Uja zp-$4WF+bV!2hNwCg@d>=*Ut`jCjivnv1@#=#3ph{GE8mMHg(zzd4g*x0~=e!+)?tZ zTVSBCrOh>QFWnf|_7dFLS^4r{f~qfmTU~PRq*(nvby#qc8(~5&M8I;FVtda=A!tfi zC*DwAN1uyTCG_sb3)!dqsn+udbES3S7wW6R8DaO@zG7)fS7EW0gGyg7%)!WLVt_(L zvK{T%A6J*5*ty;Mbh{%l(~ca?$f7Ybaaz1&Y?<0oPZ?Xe|vCP8<*2<v(1C)Nbr=) z&{N1^z+?nBbGOxiXadGGDEgq~+_PEeIFjlrRk#o45fbSYIbZbgf|&hLGLRRzD9)ce8rDj$htI4W(1RI219phl?w%CG;=|R7+{dPXB4a zxypla1*7f>E(`Xp^r+|g%rDt>0GkojHbCyM4RhWolHjmZ{qg>`+1l+1~_5WwPBO%poZ`^ub;K&JcM;9{P~8e(2MM3Cg3wAf0C^Y9 zQASO7Q`c6C;^@HND8O9#``Q`$@$PbK>B4bkaBPM{ix!EP`zU`f)IWrgReO5$>_C~b zJ|Em}!)z5#RQj2m?-HbqWj<>5tg;RKA{c0Vut5#mT1SQvj3qbxCRFImH~jlgy%@!X zSU)VA*{?3C?3NBgxw7mAf||9tW4Z-x0*kI|mTOOvTKP$)#5Z2N&)eHRchS$ase3Ir z-fCn{sYb>lV>5pOP1nnIaa0-KLnN%huAP61?7FQ+IqsGP@^reA?39r(49)R?4GH86 z3~PitTa87A`NbO!G_9wqln{C8XgUw9+<2+qA<+%j*}Xb8wS|K!oGKb4>A@(Kixbbp zg)4QJiqOI*I*W@PdPJNLN56DewGY2%eLM`nn8x@lnmbw(BBsL^U18|}?GwDSkC(wT z1(?mey{sGg%p}q83Uh<@+>pf+4EL969?Y) zp{8{3n=7e-nj0pA!xGC%pi(m-S2ndZ=B+8rpLp#=Yy~+9$=ytDzRjkMY4oi>*zXI@ zYwdmzkLIuKe9=mR7PdJQGiBQo(L6ynK(k$uOm{Idn5tOydwB2XyP0HryF5rsv+iSAOiGpoj1?T{`K=qCYo^a%eW+CyN7;eeRp zYIdv;Bj_#;^6eD-GpmS`m;N;f{hq!H^5T8z7%bQgD#8Bd*mBf9{{so%?#%3h;4tVj z@2PRn5J?nV(^^aMB>^s9zeQIbp#shE3Hco7coUHL(yICI$RvB=gFLz8w%0`Ex|}R- ziu^65G#A4rd$9Ew)x?@#pj4c8+2LGwP`*L-uoL(i>27ka2FZLD!Hd2>Ac9K=eb%Iza)x${br@{-#(AR!qWYgZng&w-GeUd};&Bus>9xe`se(_-~ z*3$z7XV;d?zC-u9(s#lz_FHviEkPO+T?(E_M% zs4TKf;mScoM_Ao-GIu>By<=#0T=UxmH$W`Vjfu`}c#=K$L^;jFs1kA>&XR~5Ad>yT zHmqza2tFCY`Vc=xdOCCLHFHPhxj$3oW?~{M52U_Ysy7|VmnH7bL~h`GaZ=c4km#OS z&PRJ$o?dTQd6`X}dv#U(Lj7$>$*;;}K9u&uLg6`sr3>4x2r6G6`KOha#`R-uPs7$2 zy#^NLM|<7;1paWXSV{X7I*x)>53092)K^jXuEtrT8@2QpV|yZBW*~inIhzU`WDXJQ zc@bA0s15!k5k2uTrd@hC>qX>JOEGNJr%p3Ajh(`_CpIPxFD1fQ0?7hFkRTnfOpu6RK|4U*e1?;VRE;fimn#RzR4sz(4?$HH^6d z>@3{o9kC^F@g;E9C}Qff+7#-Tr-$WsJli-he}JWk$GU?>?IOtS4*=WMsE3kjwH2*( zg<4P+3x8!M!YGmod)7}SrF@?q0AK(C4eWPD?)`n@uFKALXp4b{^U3Qa*f(*e>>8f} zhN7yoT+Hk*#%VaI?2TOVkf!9n(<6llqmEQn{n%m&c+bY}I&r7r8<<d}sGt{sgh* zjJ#W8q+YAP15nV)MG(NZ;5rkoSs#0N8(XVUL=JY=ccAO-rSa=Cpq50R_yj+!rl;j; zgVt;V*3qNI!J~9{o93KXElqsBG?~EFOM?Mmq%Bz=o4bzrIHH^cR4snh&Vwh< zyH?R=_NR=L7FArZ^mCyL&l1L&rIx(7_z@z#jc74kfFs~gre!r8C3Q@Z;30Ce#ZeNk zXHv0cjZsSvBK6E8GB8pbzn*rkW03geK1fw3YXWRkwY^cXdp}@F4OPvd(~npwpkuZ*Loq{9Hv8>pBTp3jy3RrYtS z#$+izH8%@o0$(SzEqjVyoT@iNCRl)usq3s%CM*t zM%YH|bib|7g0&CvE4{-Y$=n#Q0tD`~B8?;muXZvwV>)R$@%YLpu)hp5Z8hxW%33-D z$axqP!fwD2;ERH0*AELq4cP7j_rD!WJ?H5{(R^3uiBU+3z3r2H@ipH59T|&~DS6p|6J&B-j<$|5>|wJ8m&& zChxtQ3Dar!_rbXHE2qEj-eFIP3h*kRA`tjgmrGwPme0=)v$`Adt#+>RZ9*4G(U0iZ z(6Se%O$JG)1pAU~^|Nwq(kcyuC@=ASl70r>4c>&a&LouPFC(kwI%s%WYVip0Rbw0O zEWAB}Ma=Do+4CopQeZRcDMkU1B%C-4olzYv%o}-x4-HSS6o?MW5D=ko+Vwk6An_f) zsoRC8lcZ~-+Go6HkaFkjxtt=^j2R<=%}DxH4J1K5W%X<=Mz0ig6NZr+fCXLe)&F=a zCdAy!(g;5w)h(O4M@JP4ZHyA(N8O`0NU=b<7#WPtIXuP`w$!NCTkr z(_wfJQWbB0zAPzZf}#2_G*_GdmaXMEkW&XH9QrNgh|;KKL6wVMh*zggV}hYzzLf5x z35GAqA`AGNyJJ${i8E5HX1)6r=}Px^G2ijL5e~biwkcbgLoi(hYN|IC8goD&RP*p4c9$cwiG=gsCq~Kv+R#$0Q&*X z10_TZRAEU_25L$DRYbn|r}4!(9W5{OBnJ^e5GVlsPCrTjk5P78@OaYtmJ9Pc0>8NQ zuE#{QIP=16>}0Jw_@D+vF0PM!lNHEL!Vn;!@%BaAHFROBm&P%|xLusfH`~Iz>x|I` zj|Cy;gg}wmw@0VvE);H^K?FAAqyC33<1Y$&q{s^!0x`GXJo`<6IGm0Zpdi~l+sJFr zq&MmY`U-Vm;mJCw#NM1IkALHKF<}}7P(SxlT$66#r@o0y{lhvqT-o?WJP!l+Kc+91 zzFq@|Ii-J;6!|vjMYMu-_ZB7agaKINHmiSzkNr~vAJG;|D zrlbq}`vbG5`BXRvl-)Wz>aDt;2LN(9S3ALIhqva9uRu0#3D`r8qho7U;zgFhZtT%Tg&HsO z9QF?gR7l~lbAqlQtjEl+H8-E)+ux!4B1QosMiGrUPHyBRI4f?SM!&Q9!BL(POZePF z?S+X6ksvhqLl`I$dbED}NR#Q}(wU_jsL3nbx)oqGp>zBcpgegUPv5g)?oDE^_-Q*h z!?xR`9WXBLQI#Cuz}kXiEnku^bs(3_;?Q;oP<$;|$x)ZOX5ccxSE)~DyKPz;k;}s;r@{!YIr8PeI;&`U6-}>rm4_6*X|GLwgfd{E z84J{&S8pdmCCk}N#&3m@`w8speg0Pn-r_yR1*=O*=< zVr`Sej6WU*XLg>3gIMjNx0*&og~PshJ`3`IMgEze`l}<`NT;FBX&-xj`Ovzo|4a*U zmPeRV;f)?ULUa*LmCl#l-*G;|iE(5b_G-Er2-{I1h}3SzoN4?HG(qN_rZ^qWRCP3v zv^kH|Tn%E%%GMa|v*C`q0&GZkc2`Xigd!Wz!$)-lran)KKj#*SFbY6fa92y&^N z3=G)*i;Bj}k{;y7YO#M&D@420u~wMe38{c7xr%FuM1Hv!&4z#)@hl0VJ`shT*jCWg z;V)F zw}#~E@faoZC{GC`R@u417DuHDY@dlnWqL(g!nnpzRir(jXn^LwwLgFVjVOSdfgyjF z?VwF#X5?%`SyX`IQgJ%22nw|s(!0B zdU_&VGGF=fRSknQ&Qziz_tNNNshiW5C2NL{WbJJa{l-7IY`d9av8HYx1P-eHnxY8o zj|(g#_eEh)S^YODcJ1$yE2Uj_6DuTHjOG@Ly>vA!dQgdCD;J7)X%-0}<$ZG%?tg>R z=smENXZgypUKg6-UPdO%W28gpRul3FWkz`<8X@9fYMUZgvVnWewancVU#F+7!7Zc8 zoTJ5KfH-NIRXsB6P+j5^d&#@E|H?;zqS+-)7UHsLgRy;kk%%r3dKcU8(EFS*Z=-qE zEt`y~$^{*izf3hIm5$eyzSdPX4>FfP;=xLE4iA#*(AWZzSY=t+_)=`kU2@!=X7IFL zdqwI>iZE)qSOO%d#nwBpUUPT6!tIKGdF@6Ex!JyWVEMA3+at(ZRBx){9l=Ax@N9`x z2VW6>i|l-1_1^2o`{G+*IREtCgJ#7bHeqXI};(#)^ z$6WSY?u{9XiimUP)osR>z|#4AtfKw7Gsqb%g#u-)bT7+H`g0I!I>3zM?w9S4qc&FO zK;3wskYFk~e>R~vaNl+pbm(R}9ikJVJ+J749e>!iZ0!v-?o<#ZEve%u9OvmqV}2Ac z^I?(@8JOX)H!{{VrEJ)mQI!+kzzX7oqZ5qa@5}9l^>5+)K~i3wy(~YxI^@STjhbcJJh3lVAkX<3P4YNC-9*kM(Q?tL>Mw-ahvDHSu3YBRK~Pk zzkYOrLb2sdCUrJ1MVM5FTx@Oa3^r^=(8M!9hZ0?o3cQE^>any9d`r`T#gbvSFV0vR z5v>{wEm5{FuqIBw8Xj*P%z&&QOGWajoXtmq` zHebHE2uyFo7b1J}KZcw^+iNc40CN#{tZ5Vqu@3=PV#4hV2m^f@R0Q{|` z_KPbmCT>N)x$ETbN*hj;GuN!#fB?@$7A85jb_-6M<~*0r*8XIXlhi1(G4ltkgQ3|o z5(a#)ey!yE9VXG(9t_6MFRqHpJibZ|)eBT+(6UFLrUD5!JCNuE%WOzplL{$B(EKMA z9o2&T)#(`A7VG1g)=ASSpA_K3u|{%yK>{FsR^bl#w7q!^K`mp)Rd8{4FyOiV%fhkc z1P&a_nL4!amD%AijkyD(@=Zhy2OMB2i)XKf@(h-vjoiYV;v~@yFsq#ZL=|i&+QCT; zIK_QrrT+S(3aI|q=5L{#rlxkIM?~u;-4p4X;mDFOw~7%a){tseF>j-H8K@ed(B&CB zMXBQJ+xb^7UORberWSC_3(P-YJx8glHa+$pA6lL(IDa=)2=bhv@h4YRN}Qd@M_U;} zb$OT`?3yAtk+Nr6AkvEg{HC6S8*NuZ-aKcxfm#a3+Q}oGc>+YbAy^~M&2V=L4jdlE zG!k;}ca$n03~7sk6As6S8;bRCxB)Fai^`p5LlAa{#K>p*uv&^uY8SvC8}1tdDH)0MvlxCU$BcU17?;GIM-QGL%$gXMespASY*laY_+u|r~;=LY{%b4Yha#Jj4+ch1QWkreP8Ij6Q zg%RWEuZo##!2ZKioHo%DA=>j3FV)S;Ua}CQojBRTxi4w>Cn^*O!07-1>w>oq55c!B z(Mjsvmylhg3ZYCjV>HH>dtsKyWMya57$2+-XR}=z!ov;mN3C&r`Z^568k3ZD72yA# zw#KIau_P5T;U286)=q5E^UinERLWiS+zhG+|KpEhCLcRd`<2+yZuG8#sDN;1T7K)8 zzi=h%12ik`+%TU0;$^MIG~x@XlbZ4Su+S2YBEV<6aZ#6H0Wnl!~QyY1eYjB)8Bz_A{V5)#R${>s`? zrE};>8onh-#gt~G+IOaeU^2WwFR+~Zl^C1?Bqdu$Y-SWa>xOL*Xc7IPDRH5NpccNLD#$H`E(6v60nVye9#m?9D zO-q>Zk}63=xE|x$1)~+1TMthm=OabH7vu5~3#nT*{yl2Yy0x?hg>M0@$;LPEni&$! zpR67T^q-0RR4la;OwA^B|na6OXr)@FHZD{F3Kt^o2)H zMn{3YMcG5?46%}Mt6Pp|aCWHCmqfoa``ek{+?2enw$ojRYRtPv4+M*#2DjQSs6xTwEs;Iz4WdkvGMCNneS}=Pyc>9nfeK*$oQ3-FIpzDVM%d|E-7K zdJPB?%(QNO8U1cosX`44df#@v=LQapV9|Z#R$_iccJcAU37Yy1@EKNwC~EdXEk`h& zv7+H-I1gahiC2Rj=}f{3@HCl38lq}lmc1K1}^3FV|c;oasD0HSyIkGt`8 z`6fBX`Y@9t3sQt?cL83Cen&y=*sSTW+sWO@;Du4WFC@$;T(@(xL}HHGL2>I{*W_jz z2gG;V!p_MX5rELcnuY0ZDWo`Kg#B~^YiY6h)RPO^bb%6)p`?AYH4}&$iKPl3`VFg5 z<^N6dAggMW2B{oJcKQAR90ULk5P$kyhkQp4{r%JB01tAEMN_VIGy7D8;G>5xk4+I< zTOPggUf^1ej$FmP<8#JHJ)Lc_Ky8J!eS4+63w(I~f_<^^_uJt2M436~{mQ(6L9{(f zmX324!pPhK0lBsO=BtDUyMcIPF>$QYJ!r0kiuFULVnx$7WKRWBZPy}WYKen zT-`3HEQ}C3IIxNwGjdD{F%5_#zwp;aNMn?mL>RLGI4n}~ zR4JgQ{wD#czi97zxxtrk$H|*6(8mX`KYyeX=qNH`n!auOf^0~M^@$v z911_>qe%mijXeOa7FW{i37jWEZQ3tj&|`h*-LTJGU1t*gk_$7&mHlX7Ub?UgOtXd) zc(2V`-fl8dDfl$UA2V+JNU6a$=KWfzRJJU3)ZG7t%8Oo`EY(U6N%<|ysB@{$=!nvk zF60oB{imd*k+hs8RtzOsLxh4YyR|0E))~TYSrTA+KT$){>K>w5BZU*Eqj;*sC*pTX zquyU37a0>M0Ooy@UA?vC6G+L`jGX1kv5e2XMn!Ju+h*#yPUb#Is40ZJajSr@!!+^sSFds{it}Mgc?tZb zU&N9p9@b3U^Z`oI@#d@sh`--CUlK|r{7v2^loJ(Doz)JMxp-g#?%@5_{Pt?%4qO1d zMg9L#fc+<^Y|v=YIxA`cROav2w=(CB8Z=7($*L%US{ND55pQoe|J~>$VL$~v;(B&>Fw?YQdvCEBM_4R zkG>6)P=e~eZv4N=*nVZt9Ju5E*N=BUdU9qCL>d~zv;+R>7Ky?q9G-sT094TdUYMv+WKk%5eNv>G?59Wnw4(38 zSa^LADUc8pB7OS|ZXUuekrOqxD+h)D`9ieLfB!Wz1vuCpHJ4=` z;KlPl*Q7tW4_|kS&jr)iODFvFrT5jpBltcNOQjE~CW{$(^ZfI#C2rlC#a_w8HoG-l zUwv3Ai7*sf#7El4r5wR2|A4z^YBV@^)PEyyZxf3nCZs&5=TRX&o3^@@i=efx{oj}Ew|ZJ-Ck9+bRAQz!EdB3VZKFU~#|G*9B?ks^H$T#2s{?P%N#Pe^yV!1+TY6)VB<(SZ^tF;bON|Lw% zeo*2*AF?}sO|JhyO1`NhMEh@W?QcYDI>T{0Mn(gb1`P)X3v*U$P3||f3wpfyDoZjr ZugDsKi6-G0v;T}$R8UHwluzgP{{oDKky`)& literal 36886 zcmb@tWl&v9&^Ee&1WS+v3l<<~@Zj#wX5;R`-CdL5?(XjHnm}-O+dy!K;0||l&UxSZ ze%-2j>#L$_Q){j1?&<02ex|28SPm?Xf{cd@004@lgopwFz@Y;GY!V_Y^ob=}a4GZ$ z#z8?`2&fn(*aHA!KvG0d$u;e8*+Xl}XqDqHnx#Q%%jbRydzJwE4?V=7gikpzQXC)= zDJs@txx=hwm6QaR%c4C7I$3!^$#1+tYV_T{nCKQo5Z^Jn{>kVx3hSSS7|sE!L~sN< zKLWpbtyJz@Lagq+D-RsBSK){%4;EdF{Uqrbm5hNSK!7B6XVlI7N>P@JYjIH~{i_Z8 zjPrgR(ncRjGl3tv5Mp-V8d%yQy{QANrR#F8;#7YV8T!oW@{}W04&RhI|JEN@Kjw`9 zx3BsRxAwD@RtT;@Yx~i((HI?a^2y2b1qj*Sb2asa5XnVWvC_VSkJd1kW|a3QMJ=CF zmo7M z<8-7LyAsDlDC1BPhkXYn^R62^o6e`ffJ=srFnlN{zmL2j+;sP--mNEcG3#Jy-ON-$ z5AGzvlXnHJiuM&#L_-pflU6O~!bl%Tpd9*H2L0!{b9EkDOByOaa{|Ems7tG(XPe$f zRa*+UTJnE{IOEaMer3XBe1GfMp`S)q??MhT)~-Z(KB=E!F#PzO08af|wIK@Sjn4G? zU?72$(#Q4mcIVHrT+Eu!FyN~PuHJ`Cz6E}kJ=QDJpdQ`#Lm&_l7}6Ko$-p-OwfESL z2P)k@^v^gyhh5W(`|v1g3r*ZIZ^`{dx@@{%#N5r4D4pT!_Bf5~`ntg?4PC>jR-L6K zaC_V{bN6D&v(Sr@{XW`F1{5U2NSpVtbFVTopA06L)}8V{+rS!2zX*31XrQL~_+S8g zd2Gd1}HK>!BV2<4?z$mHG`YgGr{1CPnUAZQ9|-QIGV*(l(ilLM|^S zc^-JR|9Nd7m2Vy}_HgH3%nA50Aa_|Jz3?nTppNg-yaDyac64`t2N9zE!$xA)@eVs* zV~|J>k<8t6adA;2e&6GBwsP@oW4Iyt4GX1* z1Af6}`*iq=)-KTNAes$^j5TpX0cKWwM#vPPe`YkpqM@z1Bw@VnZfapMXX@0wY%z#w zQ5!Au>eCBrUY0ZN@@pFXFU)Xvesy%8?pdn~i?v!-rKqp3 z&o@eY@X;kWc2Fv6Clq7s_d~*XQM6b+Oa|DD*Ueu3bnC>2XCdfz46FH*g_$OpJ4WTbEZr=>6M7nk}qVBAK}ZggY!uhx2d9haQP*$G-pQi4i4g zb=R@w_vUnIm&M293L1kPm0l6IrV*-EY61=uJPx=6?tuUO_}!gulp`6rjFNiKm91v; zrx*cZbVR>I6%qHQ)&$ju%g2ce?>A&`xu1Xe{bSd;c)`=xcX?M=R{;SOqZo&YVJdDI zh<@=jpE6w`8wq*Yov?I4zt?(wS7U^s3o&l$QYgy$J&^Kp00K#4%V0WeKbBs8F$5tr z)MQYLuBg12()0)EB=Z_JI`7G4QpV#zrut$7!I!bZLZ9Bls|~O?Zf|dstxJ3q(3||+ zyk71t?Ok^C^f4KfyR=lxYwRyl@n^(9=I~1YHrqecB>@f?PxR94VE>aX#%(x<7U+N2 zvY0%sK74kY$1GE+>7J{ zFFYqwka@ijbxX?iQ1l4HYlm+3^fqgrnBVL09I-IImb^9@ech2qjjk>p;tB1fG!)u= zo9QgyFBDn5yzL*St7Gmz5WegKD$=CX$lREdd_Oy-v;G=#;KLR5DMEKj>--WUVs3)8 zg~--cJsuF1m=+XS5?e^{#kBl1)GqaM!&*|X5&;Q;wRLR@6&>!h?PT7yF4t(%5swN;fZoY*d56X) zR{5Y8R!Kr+=%yG&bW-&?{L>60P-i6bf&HwS{D(X{IRXF}B3NrpUbhN=0D%3NT#s8q zMZIQx&H%~keoWyI`5MwFqm%xc%#QUW5skE(&rDI>_J$)%E1YxrC0Kcu+8BIuOR+sE z$H#;puxmNj8V|f=iX^2Xj>1BQ zwjU9yU&-2Fy@k9zY1ZNbe0LMy3SO(L#{V%@p#yx|SIcw^WC>G-z=VrUpKi=hEx1Cr zIB8tnAc1@SF&Uc0l{;S7I+kibV~=UYv4>(Y&^zwh^A1x!#M>{7~s@_t%a-EZR`duCj0k^z+qtLmYZbEvhH8IZJ6FKVwps3)kkC~Y{l`(=T zj-mC%*MG*oK$`X#P7oVGRLms!#8!DrZ!@RNN_BR_Inovs3};nN&rQ(yxHM^997T5D zowx#`o^$M&l@L`u7g0TrAVRriT$2kEpQBQ$)pI$#t9<1W=*Ci?GpQl}`T1so6`}L~ zx{WW<5)CYqiM8&Ydbja z2b^`KLH{n|lmj~!u;;(@Q#@K3h&-IOv@(0x`xkAd6>Sn^c2e)%TWJX=vf_B(Oz!8s zA6cH zRdEXoIhOC*$M-y;q6mNWfuQ$uE{4*Mky%Oo#B9RaG#r=Rr*G=_TgvF{medQKaeIBt znbx^$$y@p$5-VCb_EvVYpS|^eXn3=lJ*FN`i3@*fq`0Gc6}Sqbh5`PnUDKk;$bM;IPpGjzVLhv0AAKXM243d1Jh}ZW+Mp>^?*RbHofM^ zxqj5lmfL6C2YdgvO^FA0mDy@6RA5AXi48yIZ40xFwpLyvp{V!e<{E>76y{kBDZcaT zt)q)vUyZ60Lg5Ax;}PxJV}Ah;cLyu*WC!VYjqu$Y?j_*|)WC6=!Pr^oG~b?>7#Mt4 zcZ|X|A@lYC=gr1>-foY&?Ks;F0Dw{JoRhJ%;k|lW4*^aTa*gcP(OpxS>V0Tq<#B() zhvR4q72BhM{ly0Z$<71`)~!DFayz^2%JZzZ^(0WYAtx*Hoikbw+~E4>cDM+fB`3y*93S1tbOku7u7D&^MB;|(hyaJ}^VnQye`?{z}srx<*k8a{Dkr@ecy z)ncdqNd$2`Ifn~k3z?>X3B1Als0?MP1bt2t??6^#56zsG- zetf1k=0Kn?BmJ#V2Hxf^u6j(>76~Rq7=&l|c_(^}38s+kDG6dSXKgDJdcf)&Um~# z2!Nj{jr#SW6T7csukmbD!3uOm()O=LXu1acA1u3VM&?DW)kZp6$qm*#T3zh1u09^~ zeJqP+6F?az&RFepyTyybDKMF%kE}*08j)gWN&-sp&iYY5nzhwJNs=J$K#(&9^pz%`O)XFLyxoshurl~j+ag&(g zfqL?q+XKy}p^6zjUS@ zdgOAsfGTQLPT>3HU(ZLu+=4+N?y?Bv*@vR6{uYC@nIrn--rCM z3g$1aW{9Me+Q|Dc4&S$DF1iT1n?fJg5v_GuQOO+m zn%?wkvm25ZEbndl$ki=G$LcQ5C*bnsgQIUNlA`JuDg>Ps_&JXE9g0?y2cce}VrM4~ z4gi*yY?9Ef3Sv=w+6L0nO(L%zyU8$_UIXU4j@@aoS}PB}A6G??)IM6KXDmWpcbm{> z(lJINlfKYH4-)2d$d|+4YFFiYfx4@r3S5)j!F;7?&kZfN?%7#+O2kxj3=FjNszrjN zgDV)M{$;Ut^ia^^yqR&)Z^hc<|2<}MeSLC0Cgw~7r3nAkYDM_B4fUn=&rtW*W}l~p z0srrk~kLF>5gNDt^KWg&W+!~CQ3_d=jR~|dwk0y4Kd9C3`&}K{3H1_QiQ+}=A ze^wYSpT;;tu$-ZUq^EX(!7_XjUps$=O+4w_(xCQ=0hO`5+twvpI2cnvhnh;2;o{3; z4aNO9gVWVVf`-7rH|IJO0sWAEMwR_{@2En~nRfl5Ihe?*t;3GSjDGuuK!;C2bCH4+ z(uaq>Ev5Zndha*d57=U`fW#|J1D(5SEtLH;MfJH2EiMd{_>kj27>9o_+B{K!{!p~a zhy`V81au>lIGbyVb6MO3dyg{S!BxwPpZ*^$`aWEt0$TuaCpEfYmK}z<)KCk*_muz0 zC!)?0_>s#R4P+Zc+>?J-kk>Q!{8#*bN}C_6{L))p9a4|Jo^$wTDGiqkHy(a2KtOnQ z?PM^F$lLX?wV#p`W{qa{Xt)9f2q9wli3dfClP-kq-Y(L6HmwaukW0x2>7iKywlIg~ z^b18aquJpk+28hP(AdA>F=+t&@9_yo zJ1Fe!SvBPl_ea=Q#O=UJDikhn{zN$$9`d1-MLz42b(N+UIWumK%I{IfedvM*fV;AJ zRzg`r!^I^yC0K#eH7lZ$9j>T!w=Xcln%Wz`LLFD{PfE>Mi(q_tEN;KvKe1m$_%H-L zOGRMfP0j^s>k?F_4dwi3OM2Fp@=nJSAa0C=2*T?z4%Cx>di`^zok4WEO#Mrw5z1Mq znhY5Bwjv3wC}~fLzYvuQF7U9tYI70{MD{6v9kp$<;g8cR2G1yYx0GY_6uXF z<^q?2t6xNg1X>f9P2aZHm#Zs3@b9%^EOT!Enb6i=J*woyYc@^IvTzLMxt5!7S!<_w zQ%QvSX2D4rMeo_(eC=vfR3aufy0#H%8UQZ-EV~82OHWq0;u@>>gW=V{9TH> z@Jd5_Eud^qW!^LTaqry%=eCi`N+M@Hu-T&my5@Dp zlED(U+VFc(&)U)|{ zKfgb0i_N5MOSFk+{^9bN7TdAmkIrubPYBTNzU4mg%}+&piivOPx>*BZc&$kCdwHHL z5?2JWroRUh)Z?`klf_>)V4dt{{^3tBR#urU?+|=+h+69c~-Cpsu9{)LQGq58ZQ^;}cD@^CA zyHckgN&&+&EiaP(@ozW7UD{Es;4-s965> z4|3qy>(sB`m(`&!fn@8Evkd(6wM6wo?%I43_J7aj}CZP<7pPcGlusN1_RTebY(Qb13Y2(w*0)G-w(o2E_ zgoHr>WsjIG_$SBa-+%PFUVcef5dY0=`N4ntH~BP9%%~524$UaO`Zo_J^yBBh2^~}P zfAdU;D6s!S?f(N2V$0QzWyg98^8CU{AD-x6JDGfnYVPGLX#@62B23ymk$9575?kMg z7NsSlP6sOJYHxS&@`seQWmb_~Kj>YLD(+J@MTYxO*@ek0hSbS+{*g|5;3-4AZr+W) zc<$zN6JvGTixFzP?Uk>8dGVa`tqG_cZ3bJf4H$6GDqUlNua_ z!|A)dn=fufy?*3D82?~2_^zNpdH_Lz;Xvz0&c=!c(a?Fm$|(k_;j9@9kTQC_)V5(b zgNRJH7ZDj$63fkY!o6hZDp>1ud2vzaW$L1vQd>%s+LHzAd#13yZS@%ot#n%)CU|du zf6!QcCDG>##N(O&FxEsVmq|-oTRYvXAOemTQ%1De=nrS0FuOO#7|bh?DdlA)6{=U2 ztTe*Q5&+-~rqxvVx{sCp>hKVRGehb>m_pR!9&|aeEMx%r_|+@&0}WW@ZQrz@quV^? zSdm!GhFDJ$7ve>fgj8sWnPrCNwNJ|*PG3+mBlP4UmHld$havf?8vg;NE_TsGq<9_8M__1 zcG{0vlj-`UL!W|UB#gM+UY`kZg1S}gOqpzapG&Q@p&pQjg!+F%0$!n_E6=_JCQSjf_NEDDwCeeb? z8TzL}rsd;k#^lp9m5TMsA57yZr?t6$jWsLKDZ-2-5H_)N$(dzZnNf38#pagdhr*viyG2I<)uxSTCYLc+s9+l>IaP? z95BFiI^^`$?du=S6Td|m--b_Hxn$~px91*%Un4kU&-YsC<5)_!l)?Ju$s~T(vEU2J zh5`Ehl7q!VL=?y;YH~x}ojPhth<~hNeI1`1C3U>c0^$c+JmjEyCNh+BeK$QhJZb(q zcwntuON55^7e50gP4L^fpG8HtgthpOjyHeNEX1>%VEH=#NY#VH^B1`8{m-^*cX=0c z=va?EyC)c`!k6B!IkMvw!BG-XETyL6hcS{9MHR@S*YF5_VUwQ)PY^jm4?}X%OleOig>+)4*L-x6%P9-GMUPr` z*BeEb7Fjey%ps%$BUn;#EGlvr_Oj|=4P&!;{R@+21LdxbiyK&27DFs-d22AZNErWD?~Ro%yrmwuav` zYe(^8&DpkU(gr%;VHj$wlK#z1dZy`(-x;+*CWtk2#an9g&qqa>AK8A_vPh^VIf#}K zFWk}T?o|%)Myr#>>=!j0W^KtsBJdy4=`{h<_X)vfWugtdt0y}IQL1_5WN(tC=PFao zSYw#6!$~N#x<%><7(R14T*+qV^+3K7Sba)|RNMd1J8#OgSegk9|7fuiuDPo(V_wSf z>lj#pj$6bv!J*KO0%4JbhzWOMI8FV)M#}9;nwqG#2{PHBp7y<#^KIbn3~bdvGC! zfZb6f{}464*^_iGDfX}-o6hh+Guw(uL2UZgQBE6Ed}(GM87$x{V!M7JBfc_8S*|JN z!;z$7#_1zzDB&9!dwiFyc&p%{D{B$6zDVSw(=jppHY{kJ&K2VP{kDGN{#n%!0~@3J z%~^e-HdnNw(fKq6Xt$Nl`AYUiMlmk#=i#MIJHgMK*sKnY#;_ZaKNujP=hMu#o=e=BklI z_UG!;{r%9LQnQXHhi0wSQ{^4ehM`p--tWxuAUUo3jj`t^a$J6HOGydhB`FPi3RQ{o zox0Iu-;Op}w5k@|$j>tXg^PA=wkWB;%?&5x^gOmu} zh6#h)TJ!6)(>Vw5gNhnA3Gv-lkw4!obl_QDSs`yZBJoLOcc70NVG$tn{r3;gWW~Re zM%hmv+321}HgTv6__x@Kmzt-Y8_!_?0d=p_G4qtl&OWjtu1nF$tE&bA1tIO;>$AVw&{V)u&dMJ)GpKJzQf|I0*qG&ZMdtJDD~tETZam4}VWysKvLA2I$lvwD*#$yb|Jv{(`w*x53F~O`zRxq@QKlQ6NO8h1Ka$o-OMRGJm=-)YcJ`Y3dSPl0 za56!o++>k`6CQ?~Jd&egoc_e0Z2sW*tPY-r;oJ8%aY!V-vw~%$=MrW}W0ki9SD3iyF zq87d1$Z=8qPb~novPvEy=!sz>5U1zORWi7OZ)~jD`slzwI6$W`p<;DOzLU4Cq9aLF zrMylDz1h+(EA@5@BaLS;DL;;oJvqaoOT!7ZxGBswh;ao!X(F zE+d1t)?`3ct>%C&ts*0gfO-OH)O>(-$hrm$FfaPWDTa4})970%hY|pkSWrb8h{I+% zB*5du7a*0^Yte95WFFm~`_J%DVk2c$6iHYP=l%k2gm$gjvExj@14VuaHN^y{%Nc;e&_( z-+tt?ou8a7-)V%J`4e?qMDz4q z-JK7_-^WXlybBgdnXt=pr3+^xplmH7UK6JrEUAYaKi?=wq$;ss2Ob%U!qSu`$z*7} zkDu-nB%yYuFv_glfCg3oJ^ew5(^(1Na*1##klV)pt*-!6lqTTptZoz!Rp!90Hy1>a z<9j!9PFk9|@f;Y`8b7$7p8PsTjQ&@l{T;g5r zE;J#myGeedMHL4Ofpt<8OB};Bh(@#FeAAby(+$N-igqf5kDp-{Cvzn>rtD3#QC)kM zhvW}@;tHR&0l@T7z$XCihfG-{#l1q7mzTG$SDPh^mFQ7O&u?JHB~~b|%YID9 z%Zfsks#X(od~4(sFJ5!bLQ7p-^1hUov%-Zkx=d>UVM^7&K~7Tv6_BEOdm&tGEtvlFkh?U`dfHnRWOErEWr-yYsp zX-f=o*|a^Oe>_t_;at|Wa!$OJs=G+Od{EZ-{_$upG)AWD61QH6tdE)})aKUGEKN;? zFYE~FR}%*3f31Fh7zBu9$+eDteUBb2lB=4f{7Zn4PoVL_M=kzqu#jqcvx!52ogJ~_ zl_|JWqTT;hJQnab$fqSC4DEWRJ7l0m0#${aOFoz}N4+_j-_KPNOit@Q%J{;nEd_BA8aDK(R<~?0B9?dkq|R|j9iS#r zDYBL^&Z(thEEX-dCq>s%X8ZQypv5-L4L?UK+#^$>9=7N}+1F&6n`pSW=@X`k3UiIGV~7{idROS5_mpGeCf8vq1#)bUwc|&n&!#Yz22xfx@W@uMc-ag#y3!zM*zZl zug%#}VVOWarI3;w#rs?0VDzIzzx=%Yd1rT zKh)HKy!|cWG*yShYMQT?*Ng6JtXqwb)UTaV(|atSBl+ugA5i!GjVq4erL|^X}ZQ?3QZ3B*(?yYpsdPHV7IPn2*1B7>@;SMHpc|Gfie1}#laje(M%v4ymJke>@i1DAe0 zEc|^DWkD>RJcZRKXV$QixPC{0{p*swo!N=fRxx{{=pd1Fh2mX^%;#7qv1QqO5G92? zg$jh1Rz%d~LU_&w4Q(Py)=8QIB_&Vh$HR|r66fJT;o+fI-*cu(VUZw#Q)uDd1=2~o z8QzxW1i4$j*jT-e;KOQT@|vTER(L3Ymez2x%gd0@xS zbex*QoAA{LkGV4TTlPgcX~RtUG>r~#e_4YWHC2;R+^?kKMLxYlQh1LMb8F6E z_a2qZM5j20MY2T7fk8S5q)B0x)i7?Vq^($A1)iKP_acp0ZTd_bQQJ`VCnRFa%;H0* ziwY(-q9iT2@+1~OH^a=4qAuHYBY@8;AC=)tiqepir!*_Uz`{br!Ys%&y8fY{>a=BP zZ~m_8$Ie>=xzbfsBKgKBwQt`VWH^IAe-Ggb{%5*hNLUMNc5X%N9i99JA$8E_lG^^n zbc*wrI0Y=EYkCS|X7PEF3QpvW5@oe@go80i06?=Uz_xdWB&@hkjjSO1=KgS%F1T{3GEfGCn0AOS=CI=l$hlyZnSgAv9M!sMv zO+Zs!&^#n-gNH-DY4Tn6rlPXgr8F~JeirIaq`CW(8#c{ZJ$0@wauOKB<3%`Yjj zubQCwgbuTtAy0$zrSw*uNo3H2?{R$Br0XzoAGhAy2yARk!hcyOC7!3Y*aBa^Hp2ea zT7ffEXh@+J?Rel)<5uvk4LQSx2zWgML!j0O0p7vLO!bbgekmeDZ0cN?+HW*C;s?n4 zD%g*JJlcG36AKGxU-C5&qqv)*hR4sm(=XVK6Y;~q?a7NLJ`3mlP^2);u=4HM@e}TG z5&5;q*9al;y1L7^;TyNtthPfJy13;W(QcneRI_u{7Hht%(5H{R(z{y4rlDt$OX_|0 zL>pnSeltcD7Ts$D!Bj;JbyeRy+>&6b8=gX<57p+@xtgD)OWKJalwDEWZE`%<=;M<* z$SriGNrdC4yd>6rjVY};H$ESfd|{2SRR?R@KwG)nG`?~GfuFPqj4abkdaAaI19=}; z|DePa(C4sE=sR^s5ZMtEmsYr47|1kHAY2g4{uc84`zV?UwQSlp<)Qp;5DWZ}i;>oD zRNwAy+AaqjKPe^MT3tlHEz0KWgP8jyHaz=hv~oI9#@{s70Gt*@PF>`C5glG40;VvU zQX6N%(gd1Gdj)>}@?1tW$T(-&G=$_39#9&cR9-j0EyTE@`Z*bmfw@V;IZ=%_VEvS$ z#_?-R^6BA~8rS`4!ksZiDEwm)LX4uR)=qE4-B2aEQ{6eIJvtb@|sYzm3+E{7MFmShOwgiP}`UnB618ufbp zjdbtN(}E`XP??<_FfCj^^9u=+aJJg$W*Zz9Ao6s|vEOX8B8HQnO_CCMT^Jcd_gOJ? zqir2lL(Ef3Rf%GABAJSzK+yP_wI+DH-N63Ge9I(6p}81NF!yZ)BMD0bi*nk?@Mp{r zBkHX27XGj&A|d)4ds$o;X<7s#n;+=zuK$~B1`oVc`u+b)E&m_+XKcID(bM0Pg-)|$7Zkw$S7NG5p7Ps^sf&NI+_*W#&?{x_z5MOUP^Cl* zr^Y$~l6PqzNf|P^Kbyk`f8FmFYhHq_e*7ZT+wqwMdeA^I+#%b+rnBEziCj$)hte3= zE&wOtVI5qtpM86n{4VLyEdh39j@R;N237M{AOCz?xnHm$T@R2rPW3Jyks^UP2;x^}1=58JVv!_+W&BVes=2WH0D zG-j;xWTCb6Gvw7yHEz9psp#(o9EOf_Ybu9WF7=MLdAyef2i9Uy&cj;XnBX<0DeG8U zXR<7Oa{V?F(L5~)lt{CeN2VOPj?x|}9T;)7n;zt8_F4Bn%W&3BaAk?x&z49%74Hc| zw+LCVjRc%cI>fH(yI5wIbe>OqS*Y%Gyd-m|?CWi>^|Wsa=LCFJ9L@@RmlJ2YdYuO` z&(8c+xSQhmdI#_{T~0bLFLf8)-+%czw=Z|$XZB;dhyjbG!>5F`vpQU;5fLr-WA%$Ra>YTVbDb5*ILkN+!-=^7RZW8$#6gQg54mKNx3`Bqhu0Et^MPk)#KA_r}DU z&b4#!DLo~~pfO`v?z%pvh17WxQ*dhT5-u_OmP@ck7tDE4@pxITs6*aRajT#L1B|QO zO^uky?zMF#?KFaAGz8i_%lOtoJA)+oX9o)F2$f6PZeB6?zETyHi3iHOIM1dr82cMT zBf8<~8W;2qOK%^a;Mm!p@(}=2m9hmIPWTPJB~#6dyG>iu@D-W?^Vfja(?sfo=+RoV z;;2pIh?-tTx~IjEu2uV2>rOS|&fx~Gr;4LW{k#%bvj@(jpR6T=cnSF>mR$vykCELc zH2qlok}LF9Xli@5bTJ?b1w}rmmJWL!02oLxdh=DDwZh=#LgttOBZ9FwLVFg$540Zj zr?>eosCJvEtO}{%;Jg-ZJ>Hl^14u<;;Oy^Um}=8!7Kmz@>~*H3r~Ca27SPeQ=p;al z1+wa$#yGwDLyA32-oyMH35c0i+wf>;c7*9h0esucwl<@J2}S*WbFp5~-&8IUJ&U?- zc%`Zm0sw@7HmllsMAl`+&1L8M|XsTbPD8!r72T%Hhj~A6vM!V`LHQE8OxF*gA zpEnQzMzb{Bs9{POGSEI%(x{<=@(i@D13dWR8?K}G-WRBZS0(?s{P0e|>oAN>FSxtZ z5*7f3rn#0Wp#s46l;v=Vxf2|`q#LQ<1E^*GoM8~sR|J!0x5kVJ0GES9gAMottg{2! znhmAj)bd}m1H>syVfbV%_^c`JT%5nN4^X}$roQ4Y_G8TM5EFMBwpW>ZAPgp8sy*l& zv7TGuOvrD66t&7%w%e92%Pg&wS~64KS6m(%vuz9utW>}joiz3a!{}h>a*>96cT(uV zbNceq&sz`_W>%RgAycKs{a`_TnM$`oi=X6zGydD)(5HY&$UwmO=~Gk1>3aY`o+yj- za?*Y_I&S!R%q5d>Eri$$XD?{uT5xq?PSvL;Iq7)le+xj< zNbL^9a8_qeEjJop;~1RiO(4>W!?h7BgCBMLAE!C&y4HLYSEwvT=oPm!EpB!{tc9~% zx(pLvtZ2UhM6@U)p}TF_q(HM72$$DxeCg%g#lyfZ7${7@`oJCZp@t@e+I0JP9x!u6v|NGKG`UgHb}h@ z_5uH5L3o4T%+*8JN$`g!QT@Rxq>Y(}X|iRB++*uB6puPf#15}Ocwvlqbx4t%U(L}-E#1yZelUDc^qZra!9A;lfwKfe4z0*wkw)cl!&sx!~|Vjle0A$2nJFV)eg!<;(dcA!3*Q z(v4I5BU(q$3S}Wmkb?Qy&@_7r3T~d7QhAM|eI6dN<$HpK_WS<)f_ESPX&7>1TFbGq zj|;r5-N9sUiiKb^p|MJBG^#F-zZc4=9Yt(@yqeIkD0lk_+sh5zGMEugz36Yeux@Kz!b?nOCg(x3$t|(WB+*!*Ml&$c&w~kjxvAua zguiSOeikH)XX9YSl%Pn7qVK>$Y$dulYIvH4g1^lyLx>Fh_9E!Zp3Q(v0cAV55Oe0< z+uhOyH*{b}>xwfDVl%aJ8cv~G!P%sR(!={O94JZ5)n@00ULGb1KWey{{x+>Zg zbE==029&-p8OGquosGj%KP3>nxNWf?@=^b^XCQ`KQ>6dX>VS^-=6`X||CKxT2|p*A z8N6np;)%V}9d)R1kFn6gaCLMfN4$8chNj4#+29@&6chzXVQGs}jrbDZ&I@wqgcYCklaP4{L&1Ri_sk;mJhKQRnnxa zC_-OpaS8=dSk&XScO3DFx;(!d9+AYxHm_go?d=`0>NOor10^udu(Mdyam6aVH2H*s zvB`46FMq!~p^uh$!=R;9I%8gc*U@{)sHUbSSFF^j&W!supx9vV$H4o7lsk&F;Fq3| zFz75e=heb3S8JQy6oQpX@t1zQBl{FRUg~7Y+cN( zl+SKEcQ5V`Frtyrk^KJJevFs;;zaDS*0}kyZePl>v%ftLk;c=(_<}2+Z^=4~iwCB^ zLHz%ze_&Aw?qMHG8<^SqSZp~UP&v2r;C;0{;;x7=3G+|YgDJ?|N;!jDm2nn_4n?4J zW_xR=REb&<0rubG2!k2Y2J2#3cdw;^*v=#_-qEi;VwTNN>^`9EM_6JVo)-zovDIU2kw?@ZtWk znQ=7*O-gGkD^@2=G))U>3+?oIKbU{(F~Z4JhbqnMHK2p4%<2|PRVz~%fgGfRmv*di z+vOOEk7BIY2~#{gkhG)(CFEV@vw+3UCr$VAUva^Ubivbp^&5yU%}XrC)4@Gt>pzGN ztMu;pFjxYQOlADB)qjADz>QAHmmtQumAFo2XurpAcAJzkXGP_(7yYi4lw$GUP%6K- z%)D@@B{MbbI&bdzN)DjYE^oi)9WdnWDQ;1xVw91$UcK>C^`_rsMZHy1lE|~El>X4zso#qM31r3bfjTZu0+&ssZei*TQ-+;k{01bV~ zy~_ZE=XT!WJ>#wa)b=+1?%OjM@f%;yB&>kAkf>z{!4zKjd(Eb~?&2uoKje_&+ic*C}@;r=z1;VR--q8mJlb{#YTdqXlH z@zs5y(4!?c28H@SWoJF80B+Z)o;3i8`|$|BQ3JBOQJ%CR_@LL9)Q=fk&edo0&zZ;| z;OZCuA5Df<@+lz91YFC~mJp{+i;0Ll^qU$OZ`^}+b5jA{k#pCi=yhMbGmb zlt2yj4k!3Z)_*wFy|kxmapfCoO2AnN!gJd^-q-xmC8Vj-P7Ap?EG_Dzg=&6D8Y=kwi{9)sUSn4nt| zEm&gnj@M}M!+%!w!NS5~o8OFlN@=M$mNND58!Y^PZeXkp@cHzO(GR7M=Y2HCoKHk? z?tjiBwX56BPn_4}6FQ=F!e0>K>;F`#tVB)DVfu@-EotDph(;4*5{PZ#qz||IU$ILm zWHTOyna_y^>?j-@&a?iQ&{E1UIS~{7CkZ1BP3ca;-;dRoAZ#*)-;?CIl$uOiHUl%$ z?8znOP@iw=$i&R-P*sh$(6KX$H9fbAcfgu?Z9z&yzKMwt8P0hab%5x1hwJ;+7QJYys3ZL%+nNX+wSsAYwq#siP zjnvr_!TOT93be=7=+!sIZf>_w2LyqDpna~g*}PODpR&u#(+3QzczHngv?t$^Y4u@& zd<{}nDpoGu(GjSL-cdrkp=ycW@3K(GdsZ&Qd^sISWu2*)siCOXD3`aO?cd~fIfnF| zi5qwMA>q|8ezz2)h%Kk3BP1jgcgUFTiTkhYE$P2L#Q)oMZ~sSf;syHuzh^k6)Xs(& zI*m=9t@o+KTG!WOPJAS04lWB&gy~fY9={xoulYSc6yB^&2NfbfJ775|z)9YG13UiW zAeYOuwX2(${2|%r1fxY)vD$)yg8EaNGBl7+*KcbihN<2s2l5648vGni?qD{#OJNHzZYBUe`am2ee+LV%N*7MO3npzQL*ZWE`vz?= zjrd%+8AlC`QNu_9iF|x3KFSZ*o3eWWi9&0-r8?d{-LcHwN2goz6F3amxGSBm)%{TI zJRb)8q@W!Sl+RWELz1-hK-I3GG6Q*T@<2IA` z9d}}-Ggm>`?d`m4r8W<6*dPaIFUZh!Im&a3*S+%zC#i6LWkmNSu%A6M%f zH{|$l{^pK#a{SqPoOVq+fLLQT$P)uZzoDNChv^=Yn^o_T&n zc671bq!L_sV7};)+Gy{Yk+OE>I={Z-Jv4ZHf_Zm7*7YaKBwZWw2#4)BvV&)QK)r03AdgeuX>&z(N=WUhThXuRxsyrX!~__s#JtHnK(mZk6pFKf%0l4`g5B|2xvS0`FVdDOuxUh|AVL`sDS+rg-S>)rL;T z>A`A?+j)WAH(W~Zj17LD?XrdT$R166_9K4V{_|i;?d43h#;1{j0*da!h^d0HD>TsE zRnQKGY{%2K*v6Crlu$dVw4Cd&s(hWwog1Dl4lDP^a!u-Z^VOYuIM^Rr1s=m!Xb+Yr zI966xyrWc!dmn$j>5edYcm;5~996p*9xXR^(v;j>+AMI_KsWcvNft4*w0Iy6X=-vO z0r*)Pn(1+`dvbPLn3B4+(HowtPz=Z^D-%9x8CqLEb@`JFeafKu+}`$Zy9@On6<$-5 zlbXj6_4>1XZaO*}tNDw4i_;9tNTYXS$|_Hf8jw4vdjx)7`S{cr>{#Qcem*_5V^b{f zJmYVDGU+Si{VE~(cpCe>z^dQncg@~;Z@JsGfy-~TaJTkT|M_yRem6;3wIa@+x3#}7 z@Lb9S`!zsae|L+c!{b0P*O%I@NzefG7XMFs?;X|D_Jxab^r$Ez*g!zwa4d9CdPk9> z^xh!?(o3X-PNGs30hQhbr1u(nl-_#?Eg&VdKqvu14R`tOeQ&&b-?-!6Kkk3;$H<^% z@0GRZn)93AEPHKKiP_e170R1@jGroqhvXL*`URZTV=$#n-a8}f!lec1BvD9|=tiyg zPGxCReTUfP2*um`a(y(MO42h}gHmHo0}gWaT2pDW`o`4n-1MWBYXhizl`R7U2P@I1 zsSOABI@t8(O93m0GH!O79`FAo={4St+QC3DzDU<0f?hsaB`v(K>yY#9?2PEFA%A@D zA_f(k94`ypY;m#kd~o zLv}2IP7{|ewUrn>GT^X;7$wK1j;@q@lbT4WsjSI@Cu^wl=5juA|I}1H3sWPxqk~mD z(pa!49U&udK68`~mzdnwvK;X`Cm$k=303l?-sW>T=ZDeEW~_P!7#^c~Q%!G+b}Fr# zD)FZEx_8Pqd=^{gyz$P^f!jA#(i>c}9L!FWEz2irM}WW(r>+_lPeet}w*!k^TuO4` z(r0cPj)=KD->1vLla+PsN2u*M`B@hi!W1r$=6n;k-$pe^8deb(N1ekTlln1>XExI9 zE9t)WxTKOhE91P~zg|FOnChQAd0n!@r=LM)GIUxHD9RnA?7?MTlU=lA;rB43ko}X`|h5B zL?PFO%wVb$seb`>cR7eMr>c8x55;R7yKUZ20k2e+v&iMD>I zCr*j*)1cHqcaOdTu$KT8J>R6b*p*-@$3r_{P~be-WAD&;>oKaQo;L;*6wd2lDwZq1 zH(1M_WoUBf6~x8Soxi&T-qN-YbiKX>JsTSMb@XzVCL|v4liB)5_E6~gY4}BOz#Kf@ z$$L(74Iqg#6pC2E@`8V+6Uc~=DER4|75GErsQ=I5Yb(*?M0=9y z=jW3RTeSs+ol%P`6(q$Pr@!Uzf2<{?;pmi%9FlBCD^B&NFmXl@-f0IyB4e#9ja$%T zu4`hn3V+>v)7?xWlMg30;Wx$Y0uXjhX*8_TgtN~?@$_G3ja%X?@TrA)oah_7n2HHp zZ+eWa6!X{7NvyI8N ziVA_Vi`u=dCPqey3EqU&^2OsT^P3D?AkME#?Aa{p``Bj zUNpMOJ(r+!|D69E`u6Qxe=^e7`>5%7is?~yHh3vtWtQ|R)ovM@&jRPs@tS8gGRsRLB=WwV zvNwF>4)`5oj?gJYH}4-vvY5m1h^f3Wi`I^G>BiGp-xFrDdB^b*gK=Nib?!g!VxW22 zP3a;|yW6|T`{XM<(>GG<*PwVbW_Ejf*JK+lN+NVMtz^26hMk^XDAqSIH=oURVQLbQ3^H#(*UlRBpo z(^o)D__6Fz!Y4+lH$ejU<9)o=gLLzHCm?-hA@5o+;AG`T<6_UVV`?zJtwu@w?9_#y zb0%grPZ$^()!`NkJ654cm!qQy`_lT_F_Ut)eLS@BQP9hmV!T1Cla&n>Z%Wg!!L+&R zk5qz_x=0# zv@IA+XXms@qTY*usVbMX`T1t+-kPwkn%fZXox{?d15Zz`*n$v=6y-lt9L`FvNGL7U zc>6Z+!-tl!u?9c-Tlb4ThwSVeh&*}1!Na3{Lmg9+S_(l87y0xKTcw@Zw<@~3yWfs> z=%7@gDb2{RX!6}3ND)8TEgTKG9^nhHHkMC>t*tC0P>)Mbwa%}g2yx$k}sfmdAdG!>i2iJn4l7hO;I&=4(~{BWw|v3qPs zWf$Ge$jC@JN-C;wPv@-zA8eibN=F2fXH8A9@hmgbY?hxW_EQgzw98$}4NEv4DFit- z$Py>@OF2peLY7V5LQ9L9z3|76rG<8tni`RM=Y0ZNhthR@Y)#hl2QDBqPt<;7qNBr@ z(!$AUrpDQkO3j( z1ne!+oEOWAKY8-(+*w|pc=5y&I$I$uLtYw~zyc$JVheEf)!bWg8BGoC%CKygSmkQt zIzLXR+Wv)5V>8a6Cr_V_t34e)d$UH~FR!VYt#mwD=ADjYk@j3@gPPPhC7-u{Fq1@z zi;Isph9772JQJ5k8BF~Ae%x5?J@3`vwI%&_dnjM$s=I8mD3tu+ZZBNdrIqI41Hnpz zE%K#H!Dq(@gqb?4WRc=!xQIp~Zf$M2#u@)2birk&_U7%%_OY=yzkjl4Us_i$si0a+ zW12=mSl5g%hj`saR3B-333+&=8VUCupP7DCphCes-A2@^Dk_ex8c5=eXziNpTZp1e z0ZqO97u1*Z^-o?J(Ji^14i7Nq~heNY2*!nlNbK0Nu z2o)Q*QtgHdxg!P&& zDJt@>wS_QCcpr`zr_krBCdqD9zPim0bQ?d&{M0Fr*7E3+-mC8JCcpj0IsSG_uT3pW zW#yh=m3Y47#6%xI40J3nW8}h*``JT7Um%MbGs#eg2V%AF-9CVi3!+s}Pzb%z$yr%c zR3s%Wy}L_Xgo|gYPL?l5l}|^s#7NxXhLx3R2sMjVFzd0DTIA1`iflp<|lkzQMHY+jBdW(092+zbOv9tJ!Lax&n>xx#6)TF?-1iDbZ|I)%uYy4s}<&$DxGX-Y<#S# zbcupR5H{Yjw6Zc?XdAUD>FK#T)@1!A9ISjTBr*@Z{&6r$CtvqAd*r#eFA=dEkofhh zy^T$cZ@a!Y9|alKIYfM0xiy%IDc;>n(0cmRMCN#D^mCu8 zpx|giLUFwjFr~DU$wsq=gT^Pg?BAEEGp$6DlaskonuQrM^!#SNejN=mv$GGBZt!z* zO8f5B=I6hP?wFSgJDxR{3lmR=kLPNXmJfa&cFr>xWT9pXVUaoQ6&#GDx#~j8T$x=| zbh?i*&p-Mqi@SRl+V5?UtsUX#QdC^rUx0Sp_p4?J10P0fx!7T+q}0hI>QZD{t&eaS zOv7$&Y&4s0tMy|=?d|P>i3NpRhR!w?S5&xd2xfsTT73667#Mf4>%#bJ*RBCp3IyP_ zi`3D9_|Jc2Pm;EK)YK^D=do2I=!yBx_CUgG{jm3I77mAy8grd-x3V2bIy)ssU%BDG zYwTMO58Y~8={&#RbQB>v`zcCxes#6hroaAkUtcVD+~M(|lpXV(QFA}*k){0GkDH&o z+5QexFCsY;J2Rsg#i*4Gqo$6yOwBM`>=4iCG>F z;kfk!>V7i;X9T=6*X?+I$kF&`uRqsiH;<(8GNkzZR6E`(fzDqXI)yJ46Bj37kz4T( zlrCPpC_}b8;O5uRQ=FBD8qa0CXjo0)Ez~cihTf@xZx$@~r+a_jwLSM+-V@EmHm8!> z;~}i#ZhLjM=|**@om{=AjvafVbKcVU<^Cv{v`Xjc$X|hJ#!U{1%GuYbucn=>brJ|J zek1~az57aK9pbc+uR@{CYYvWETs&L+W-aMSNRow?l<>C>47l{K9o#lTBJ3UdbppFG&A8v-j55;#!bOw85r+1%M#77JP=5Fx@a+Uv}S*B_$egd%(=;T zz!6ilI@FA9ML$1EUCa!g^Y!&UJzN}VI=OLub&h{|W#7}&v)Tx0{iY4f0az}ddHoDh zqZFq?&wUZ~Bjg6d50BHe1F)x_?_@0v5n01tsRI&)B`xk z&WkCX3v)u3xO!(5o51y1PIWX5SJxLZX9}lkwo>9eg^y0{vChk^3(?~4DAVnJph;?p zQspK1-C7B_6#VyZ3jpwk3e4h5*{2bZCy_R zO}m)xJ2Eu%?1(j*6S4p}-!yDBQ=8#4qxj75@Y?o#ZB+9;&6Qy==@#aN%u5;A!(Mp2zwAbIFc2E2c zcuY)^>q~Bs?-c8wU`gTEsHgxzIo=7a#MetuXxgrR16^ZZ@_L`of$B-rr3<$yDBk`3 z9@M#?efaq|NMJsH4cfH6`~z;irFco30FHS`32xM(xCLWKh~qJ;@ZPb+PG>1a!MA^1 z5wz*+8W<>PHI}Yw4+q#=Usd9$6-~_~a=P70Q*F3?-u;HE`w`+$!2wWIv6weD-$t9Gg(YF@V|#0(taf*Q zv#x5{TlDnzW6LaF^v3bBtEa4PY?xxuKKC9!ehi394_?@DeAV{3uF83sw8V94>eiMP ze}8{+!3CuAbX;__ApG=@fNeO}vnC_JFsUNW#=gG3W(G@$1&uVqyLazGsF}D*We38}pB-sMqP?P7fDg*rrIARCu{WC=F|5czADbulw7#cB46JfM3L}0Y6q= zUT#oou9vU-{Q2{<R@}GchqC1cq>58PIc6l#^>I&?~eVNU?Wu;R`z4>0}*Dl_U)-u`)0)TxDxM zT%ZyaMY6pJ;plV+69UW2!OabX$SCk8j4y*Lbm3rg8YEtvr)!+SHN{$0J55%6`0#;K zCucRMFHw;FpMPHe{`nq3_IA-x^9J5>r!Cr>h;=n*_6e{MeYOBZ4&m z+d4)ti4xF-@dOU^6P1;v?r1!wlvUc-!_ICsMcf@w@L3SC>Ex<|tLEh5asU^Cbium0 zx-tmaX#$zY>fO418`Ob(h|6lWwktOuDE1|bZYA2LU8SZ*^Ske_qvgUtYU#eX+Yhi* zsghnL^O?LH9B(~5q~NFC;dH#mq%Fv%O96U)a~hd0o7v zNJwyUcK`hO9dHO{36Db}{dB%g?s$<=)`{TY;9$D6Uya))+TSTVSCWs<1=!zK6DbY! zMO5?vv*Cj@OF2&o;j(O2hcbW()5(Fwu?7c0oA%=Z0|WO4_0!=v$HOnfNbu3bl|hXp zq3+?~@*be@x0#s(P7hrH<=o!hhMyfLCMAu({ZNp1ko6j*m4Orjj&Sj@=Z}cfP!vcc zNV_h`XA6?BUUSSMPKK2>{RCv-&$*uuhX36iQQ?<9+Z$DG@dj`2+j6GU10@+qO=Qk|-URzsxFpUNC1}X;9JW>F2z;94&{r>M? zfy%6HqI3RMj*gNb^}Lei#|I3qKS{X08XU5M$DedCL9gEzd&0*@INVw6*<(-lcl-J7 zuO32BP|#Q@1hL$gs0Jd%is8H5`giW$RZ9|Di#0IUDnxS|l<4LFl-*ls4}YNeIRPvt zFk0jsywKwVuyUXImSAc|p#%xox{ikQT~=0<1G<3A`tp@4g}MbXF?VnwzH1|oVwJOJ zzJ-T}kB*MQnl97xoAYpRcptCjW@ToMjErPvWfk846c2&d0gVJ^Fi7o)AP(n4$HsKmb`YD@n3k3n4=8DCZVpHY zh+-7Hk*@*r1Q6e~Y+(QAd!rhmH<$}D^2Wx-f~n|_Pfj#aC171&*Z^GA@4ON28+rBe zr6CG_2Jn4es(MeE6(3cURX-tg(oQ2=ItPPoJ)h<&Oej0y^tRv^5Dl3FumtS5jhs{1`Bio!P2~ zL1E$Hf=`|#2w3-o-F(1jT3hCSs7o}NzI^6Qty@!r~t zkn1}jR6ICvK^LHLz40()>tnSfd3pIipl(0%P)yA5s4TBSl8%lJBo4rrGE-DD*iif3 zI|?r^lJEZd|7DAU6S3R|Ai@^|xsmVRfwMva0~u*;T?ATrQ*L9nN%G%+GnJxPfV2Je z>sR0v8g*6GzTVzZexPMS|NQe0C+Dl~D*$$Z`|Mf8E-k&WvRVY=Sib@RTV5Uq1Tv=> z!B`EQGw(J$4sAiBtHIiXG~E;u3bD4%ChG$a0Tg^;aS_Je0#pf$J?n|(=H%qeQjEBE z2f1Y8#gFtf6(043NZ5@Q<< zn*&b%oP4kWG#W@wf75xQtE)>ps=VB_pS~CXz`MUL0wFrACj6m62Bm2z6e=+AMX7ny ztS_DyP*dFX@waURBvk~X@cL|1Lj{#tgJ-cPeT?iY6&022vx?=yRXA+OP6+(Fy1aa6 zdzTSlE)7WS7n&6NWsqM@OYbzKOmcxGv734Ho( z4XF$hg=}rkbhDn1`uV!mN0r6T`&k7*>P#F!W825usVON1X4vlTd_Wd@F3AFyxwN$O z`SbNP1#P0zdoX3-7Jfis+iU-&M>o1}czAejPF6-n z=E;-ob#x(coVqT8m=d!>2&$Ry>pcdBqmvU1+-|);SrlwF7!&k^l9F<$3CzY7I8z1& zkWyS*TVsp>Wo)kE1!bC~mYyEvqaHm!vwDw@k&)`^>IXz3)r}kaTyHn0gd-G*M=R-g zI&NNGJ;v?W!5*;a+@rCj9$**{<{Y<&1P8ZwbZ}ucKw25FqXy5-bxbJ)TqOqlG$0*g4*S4;`jQC6 zy0gG|u~;+2KAJq5X%)Z73jM zed&0Og#cpy{P`1DV)m<|kO%s$e1MCsvND|EQ8vP+3c_R0NoHL@&Ciz|-n`L$lyuI| zS7Ur5vT?5b)925p%gInTcXyEY1vvG`XA&tkjmeX<8q}-;%7HT=kB&zddZ7RTF6mk2 zc<>+#Fd)b3DMs}#nafch0Q&y;@ng9^IrqnpDi`cjTiZjBXB83>5*I(3RoDByweplw zRW1xn(rKbBqp|T6Xj5}@GwI|Njlrq-(qX&3&O_Nf@AE5DoNPfzBngm{0N`i9QYR!N z0H8n}E`;|K$@;Xh><#`fMpWE5CNH%g#BW4K0*H-{9tHjim{Vd(%IS>zAiB|?_uPrK z1)K*qWdhL(-MxE5gi!=kq&PUhLlznVtplu* zn~UpPByTNA^WmdMfaT3j|AyMy(%-q`0lW<`NZ^JI87|`2){OM^%NS4+!G6b7*8{Jgw8i@O>c8fVA0Z{FOwbB6<#XAwvH$BzK^>OA!QR}=`R zo<#(gl#~DhiEh$U{QL_2c6fXQpb3CUU?mc7fB(cl5Yp`IE2l?98rQZUS^|M^93Wk9 zzQyH`=*?1cL)bekT&-9ie>q6+#Ngbv%5Hc8%+q!-4b)NfLJ|!!5Z@h+Y)@!2Gc$o> z{DF2bC^F3Wtk4h-r?&+f1>6saKb+My`&losv9VcOTLa_*pD{i@4nPI~&(*6}!JpMm z;ul#Qqm*6?2naZg7fnVoOLB2>d6=;m8&}_w;~z}M07@$u0SuTce9sYl%0_@D1Df~Z87 z@C$gAKLp&#$;rlM8IXc_9-~Z0taX0mzkP6^-|Q6<6m(zg?N1DbG;3iY%=!s} zID>)J2b8ejfbG@SuU~UD($$rfM;;llvZe!=0^E$_#iJVNTv|dx-u1Aj!opxPvl-wh zK^8(sM<<@wL_gUt1O%U8kgTk%#l=Msr6zv)@+Z9jm^-8X8czz4BmhwW7nBisy43W}ydWJrs1nCh z=Y~_(*B>XJoq(o2;EZ3~f668gxGg9k*SKJlzJC4V-_K4+1`P?Zv9a&p|M~+ZbMV>0 zR&<69jYm0WKq?@JDnK(;RcGp9`1HxWCJ+;*#m2%wR0(9Q%k(eEH-cUmV8Unz*e0<0 z7@!Tn`v?w7x#N0bPo$wl5Lf{32!IP1G^D}P`St7X|Bohtb~-Yd3}mg@9GIApaCmgY zEcW)9z4?fp&>Z|^Q$zM_FMi|kHl?pr{ZdTS0FVz54xX?8_*pc&M&!qjN92>O*e^mp zyKk&tKY#i1CCD!Jq>0D;*Kvf#=u1e_e`5p2Pt1qTNMv(XNb z01~L2LOTut90Dy8N5mB`;IDQfG~?dXHWY@=km}FU~xfLKgR>(w19)jKh(*r zp(Zb{YjV;Dz&2nn+6VZ$m9+4P2rLSL+Wpcb6L741;=@cwR|6W*%>1-pz6=wP$Q8Le z&U_7rYy+IGo>YF})6mcmP;F2E!V82dXZtQE+Jbr1*z_ljjA+x)M1imlAM#vYL7^Bh z6A(cG=N@ppm#;<@{mqSshv$HR1$@lW+8Pbi3+TdlSz~(o9Izu#5R(7?`4_hGVoa89 zD-W}d&S<$+=RmqF0=N+HDpdQEO#*QP5KG#`gdvFC0W}QRM;nY(JJi}0PJpN%WDRWl zlk~DHp@3lna5rl9KLUQo)YLQ$er%r|fO{U5;Kl`_6wj^MfYl*3dir>PW8lQuh6KRW zfQ-eZrnNranje-0vE2~(@A_fK{508wF-oAAUa3sk7yTwinK!0G^fal;hH_Z$U?=dlf?qoa;w{H-O z02vfu59fN>(vh_j6jItOfj?tXQX1WGJ;2G(u*x)ogm09-u5Q)qUl#z=)XGv^WAQnS zx(nhbFd&F;049I|Pe4%mC+zBUk-i_H=nky(GBxArqyILl14}X=*kk=&{jT?^GPoV- z`;D9buUzThk3q)t>i>3X^*@LI&yvpnk<5Q2bL&4!@E;}kj}rV(3v>T}HjkFP5|I>e z!>Bm(IGaEq@|Q@XL9shYlhjM&&Lk~zY7TgTD14E_8$ z{3}N-ylmFY_#Wfw&40Z%PGDwz@9ERlww7KK$t&EdpCe?v@kUC1Ol)oA*iI2AX(9NV zttz~z6{(X3QK3V+p~2zkJa>XW?!R*E1qESUW>K1(cmU~FwBA9J`}AXHlc2Q&-QnGj zU#?~y>rVO-JD%5Hije^29C5>)tUuJO)F97aX(NC z3&N5&SS6>c11j@!CC*{FHz?jAzSKKee40J#{Z?I$Bwl-Q0nfz9=rrf&Pi|2&-o)0K z69&wtMX6|Z8vKP9W#`UywT*L3TsxZ~qArp=L19jeMcVn}?e{1A4r2s*M_P&;Pi%Tn z2fVGY!i@+?*ruXqHJXxU-*NWg%dBCSDbK^{>}1Ehw>}EEq;!&A;=M^BLrT{Lk54W= zP+LAqwttg^hSaVekhBZlI9NJaI{j$8aU-u3mD__-{MAhJ_V3_Y&j)^xnS4gNFf1$L zaALCTb^82832Du4P#@0)O>oz)g^PBwlq0KsxAvck=+ikwEQbdt52R>F$ATM^#+4~= zuC8QMh4C0yOA|0{D)tN()c!HB!EDo;a*YBOUmT@FCEK%AFzs=1vD}qT&OC+AO0KRo zkeyKiGAFXuYusI{sff29?a+V9Dv~A^FfX^h{|pl4fZtemLM-eByK~xSJfE%q*t~C+ z%IwUaW6saPRa0KU!NJuW1^sh?n|2n(Q=Ctjy5+GVwLw>1ke1u>@)g$_-iXg zd{MhwONmtVdiB*%PqzKzuZQlW!l;al=kW*qL9`!V84!@Fb{C;u2A#1?q&zg^+1gDt zM!RY+rZ~8yyH?>@>GGp|s(e8G)d%yM88+Y&HTK&2<~yUyfusR04j!`05gll67&&~u zZ1b2#mxqF4$iS9YHCW-19HpP6BlZps_FSuc*K=!Lr#`Yqk*!(Ayrlk7`o^R&=xRNL zja2U`eKNJ*Al^OKi5=~)JHQ*8Bzf6S3myFY7+K6@Fj;z+$&;I(iyK|d4<0u=Q#f!T zx;nOwcEJ<=)um^%QI0LBIy=}!IXNuE74`TUTh3?Z@2HaU^5HLV=F22!#Qt%Apwi$* zxTN))H-{VBX>yc6pp($ZCNFo;7Vq#nKC0P}+3%m(uA#CiE*$+G&YMec*tngLTI&V5 zz((YT#MCBm?xA~*C^+#~yQ62LG%N@X9tlf9^JAcX>BGf!P;G4O9Nc8IV!X@&&T zM#vFv=&sMybOYtCuW@`FB<8k&svjZm??i1On&q<4zJB%B3DfG?w+u>bULo(T;)e@- zRtbUZ5fKGfRlz8O^K(J8)PVsGe70lX`K+z)qR4SYvgHb+zjr_Nm|f9`iPMwPM9iey zTDVBmLQZ~A8C1Gp$J1x|Dzr)mc#TDAnmlkFC4TTM@EAXbQeefv@J?Wk47dH>bSQlB^xy_1`_kR1mYI$2wBmhHi7H6w+<++$FSqC@(`cm~+S6Syy4RjzQv3+m zkaWzGHezL#Jnq_j-6JvWw) zJ}JY1bGW{Vd7cQ%t@Qv7p$8SHq+u|bSsZ}_fC&QSr$^MKixG@3~pwrh8?D z5bKWa3RpW<%*K#(1#r<)w6SpwU@PTk5r>d05Ig^Ook#y?T=swE&`%1c`)zG)wpV}aZEg9DtL#8(8dd?LpxE|40$ot)2=YuP>Ujk)dn{Iaqy zt|}nC5LZ-OjNfLrl+p*%`CoKu{eR>ISQ0lljZBs~J{-Nxju=h1eEofWyt?<$b#UA) zo8{*NY|GeolVkcuS7Bi>qDp$p!6lopS+J;Zg+GQ|Dte6lbs>Gt-oTB^v3#R7tU78x%5IGQhB*KVJld_IW_CCb)|m>c>OlIR)a!ul>$@3i$Q@yDOx zk^vj|ZXz!Jr=75M=*xKVzp!&~Q@U&-(a6l8xP}Eo_xK!H+C0>KQ0-C!Zt@V1eJ@zT z;?tW|hg^f`krVN_E$Be%NVmREA^H<$9BV8wjvI_`+YX*yIovg4m~FBX7+uuEwTo#9);K2J71oBBnrK2Z<$j&4pX4`?gEOolx(1>2aj9JPxj_!?*v&{ zb^Ja>Em{u>21%w6bgXRn>tC7TqCC}UnXU~)6Ly?zQ+#%AV3I!;*0iExeky$_t(Sx3 zDOB-9>nhuTZOoO1q*Z=X>v*qpeunBNh1sY{cW0*-DOJ@7T?2P+t6K#5KK1k8oS`3? zoybbC%M_>7dAeL!1j4Y^8$*z0?8nMP{CbfUM5`g>cs#ym4>Rjel3IVyS@=wPHMtMF zq5{UrGBHL-wCyOSO_7R)*xL4}#YaV#`j{6EkB{%O$rnbIV7#8x?^&GD>(BP^Nd{$>pFFMuV0r((h@a7#e60h)D6?ltV}a#Tf7%=!@R|GvO1;n zewfR`m8YA=M`^@%$H%pCF^*|wzQlnGsGoAicb}G`7bWS%%EgYIs%&Ce#3jxAu>}eRf+VJJ(5-8!zfN zwdRljZ*ZH|70niX+tD#|SS3Jp8@(Dg&MJlbeg~ebdNSUTLe0K)C*CpXB%uj2*zEi+ zaYQoiD`aiuO`}-J?@196_sfz830@D%(so3%QVLBU##eAdAPD?x<$T&qtBaL&FH-yw z(7h>G$r~G0!WteI8Fx7_z04Q!F7Os@DYhhq!QBrm!Sjzf!KG_`!iG33PYabalr6jjkLREc@BUjF^rU=2w;>kEp*E5~oZli!XH4t9^T@;PNu zzY9xI%(7%7cBM{ZNM{quGpFLFwrJC8iF1UPbn2?vVU)Gy| zC;Iy(KY;pBveh)M(w&z!D4oAnUMtPF?wmaklkDy7?kOYAF!{7Ivb9~Ab~9k+Ha>7_ zYBSpR6RBDySubx|M$rCSY8d?$;*+bIRRn~_G7)co})HJ))q!}i->@efi4n;@u6 z?dj#ky++BTEU4c`K!1R(W%ta46r22daZgD)gj6OtwNo*@%;^GftCO#eGw9GiZ?rS; zelRVAdqDF&S5n70y7_}l1kbHm;`-Q6Q{+{8rq(S*Nkqls0l*rso~p%oYt#r@UzS(T zWJ+n8IQwxRpfVR*j+BOMS&+a&M%ApWZ7Hn0cDH(A@rGk$8 zKjo^-D@tPa7M1XFW1l`N_49CgEo0$xaP;|864G$kZXWVUgtL`&7P5)<-@zLV+q?i!{ zcu5#DNEk6tvZWMV52lUOzkERFMTBH4o?yY_J)~tnyB@#=osWiF=q0Dk2TGiNJIs{7 zuTy?RKKs$ijopaR>!>MbnO=_CIs;O=&r1y}R`Y33vdXuXl`_*n{yg*)VRPw_3oCba z>foyruS5k_Cl;htTcp1Y2gk@!LfEs2TNqM>sCIr3t)-k_@+sC@C6im<1G8qY@($e--_8Lys;`+t@z%U^EqJyYHpRDAzKhMu@SW z4et)fE-ZHA@O(@c#67cMW?9|-~~^e zx3_ZnC+HBTz1F<+Z3%$^?&g+UAJejjRP{!~#Y_F2VpME$rfOutjVLJ7$}FiKxwJ(? zXIEv3CGzDcakbN(B>qdJ=G2k^hye1+y_$?Z(!&q+WAI|3=7v z%XsBAQT^9)0Hcv^!|_0ygoF+Gg^k8 z?W4)3f@`>Z@mThf7(Is|WA4wo3+DSy1j)7&+18Z%=IYY^ttrnWq4@Hv9Bee}q)^t-rRgI56@!4Xyg&L_CBP>e7cRa-Flx}ysHlX;6;DA8 zQT3qQ^#urf@2y9^f)@E?Iu4#gFI$A#RCS$cAHiVed{=A(TcN&UhWcl-tjUI_TkPj{ z1CvK{XRg(*du~R9N1{`g6ZY-wo__ym?fKPrW@ICD;%kbem*4jo6PROtP>x0sfv6tB~ z{{+3QAwTH13w|O{^muTMG|G!8nT29{ydKlB)@$yXs}gbpnIRiag;mk1-kmxKUO}r@ zLPhnxB!r3c^ExjfXW2RzhaZgNEd|csjh;z|E?15gnry#E8un6Mry#$Fi~Ilc2q*XQ zcIS{r z`uWmdv`31X^9AtR?XtdYgVwq{vc^A#Kef`U@Xr*51++W+YBW6W=TR#N_oYF$pP0So zLI*lupdiEVGcy}kf2u0?F-7Q|)n0x~Bbj9tuM%C!#Wj|h7LoDw{Y1R38|Mi@t*>L| zbsLS55??%Xlc~sF0}s{hKtPs)Y57Z=gqNoKz|7Nn^A34LGz#x#xODWCF3HU`#eFg7 z3!3<9IMdRpi{W~^?CYcd-WVa~>HK#CL+)&WDPlq0O~3t9mIA9&Q!#`H+~)fjZL{6l zbPdm?N3$H~-d`5S_-by%U5+-uYUkiF`Y0iHD>Pnu1E8*%=a21;h}}o1JIzFQLKVxw zatBwj{)WuC(q*^ur#$&Xo>!k52q?SO)fgmXM`e8-K^j`ezrd;ioybRWr50VU4@p4P zvE|m9Cc{mdUPIuD&Bs79igUwxRdtmgZchC4U;EmE?hIcT?fC;7-dU!c580ZET60Co zm6EdJg_eUy-->NNwMwZ5(QaPoo4S%jef-!RQ}@lC;coh7&lb_TBV#=+E`L0%Bz-QS zD%0TwmbmF0Oxud+l7eS%7&=UrZB+^xKh0>0pk078ZHltb_=rl7`u2Ax+P+!LS-Tt; zcRhRb!Sr)5?c4^xSh^Nqzw!)G5IdbT56v8Hd zn?Ks(rhXu*n}-KowJSP(R?u+koxaq{?s7=V{G2UrMk};Fu?R7Xy9(8@o>8@VZtYs9 z@ALgx)H(e7JMzUu2YXYK&sm<WM za2FEyyu9(`NwRyqjL9InLzA-nFwyrbYfkC)%6km<*^p_j?EY0}sFlt3@PQQQJgH3g zNSW!*nOb@I$T}vp9?R_J!I#yDSd?X9*0+wwOWqUS5jdLH{1vJpekxWoduTmbQflT} zEqn^EA}-Xnu-oKLo805^t4RZ?ZMNAp{1?6NX;lK#Gls(Xfty_~@jv?9*yNcIl^~*# znS!4*t(vOn=*_+D6%S;NjcZx$cG;3&kwNa+fLODu-Fx%z`1kzVS8{wBo5}ivKB7Uisf-D%{;e+<%&{_EPQZ!mTi?LWn$ADq#u#MUgQ2c8eACW~y2f`%VR%xO!H382L>w&zlL70Sg#ZUfJz zb(S?hQpP-%96iiCb{fGFMN)G)7@r1qJpN^H58Ke&Fc5qFkjv_fSQ5~}(0-jFPw>29 zdmFKdg*fTxQFQLOLnmc3Mv9+&|NZb&#_==V5r!jnCjFPH*TcFqslHyxy0H-WvGI`o z>CRuTu7~73n+beKwzv5p7xSIZY=ELt+}-ebn#d)>H^F%AYz1YzBYBggW4W9Q=ozmDji;LrLRmQ_4N=?e ziq0$azV35|LawdKlZe$dX#Kau)aMiwHb^<_w+0mvY15o7h>VXUQl8;#dpWxu=n4FaKrXTd2TvK^?>uP9gg^hvJbeu5K;$B2V z1PlfPeP*}lCqZwDqfuNo-uK}xdpo=Bld}rTE*{WF3p#*6XBU|a9}ol&*UWD;hd#M? zJ+u|H2j8-K$@k|@KSHPDCGg|E=AVX^|Hb#btD`Zg;6i^k-O9;#FgEqP4$dKsRMj$$ za{d`h@Y9;Ba1KL-75Kf@KvhszE%%RH`d*GwS7$XC{MWs)+%-jY&ZpV2^1EzTIEV8XBi#TtS)M{@g*lgjCrrOD|$( z&!vh$FjVaam+Qr*P2B=YLEp}ZW}~Wvlf$x&*Wg5#oq6($IN@(~`clnz6ALrN(;$(E zI=I?P2NCe@(bV99)R}3(@o_|7@xqSu!?w1MTftOksl{`8yi_mMz~>>I%$sLPF3&i0W1CwX2Q^6TBWpe(ZIdKDGEH%<0LyFr!%5(&?Ubc zAp<^S%^bd295=d&yuM8L*o0DHLV56rDv5;#Q$+NZI?@2QZvNAL=i_s7`#+ ztU$jE>wYnJj@9t3I4-yPI(T+hhT%Q9%v~+z$FIl1R@N;!xw6CYjFMb#~>>qlQPeR2dv~SqxW4rFQp+Ek>_NHy0FD zJ&Y>tpBdoc3?pJvDP1haw?@-+k`AtqE>(Z4WXYzq;HTo5Y=-qNPwg{}>&I98 z1~;Z&)8v8`Zz2ilCezK*zLrmN)Oe-j!t&8}Id^mH)lQY|Uv-DT(2j)$26~s`_>8KA z%DnAg?=;qtW_FZ7iuX|V+k>n?tB{C&!r3Rf_KX8DeopjvC^u3xC98Bn`U T2W2dn9>psKb@>vx*B|~1_LC4` diff --git a/playwright/snapshots/invite/invite-dialog.spec.ts/invite-dialog-room-with-user-pill-linux.png b/playwright/snapshots/invite/invite-dialog.spec.ts/invite-dialog-room-with-user-pill-linux.png index d01aae804c9d41e428310d83e4c1bd759c103ec4..fa3cf904303a22a2a01a225cd54628d037e4aab9 100644 GIT binary patch literal 33955 zcmd3OWpG?O)8;Y995X{=ikTT>$4oIZGcz+M#@LRTneCXF*<)sAW@cFD-uL}>|Lp$W zDOF9?IW0}=QLEK0J({22WkeC-aNz&|Kol4ICJz7*9{~V7@dNn#6HDZuCGTHg4)UUc zK=~;C0RRvK;@`e1x~3klcxj@kv~j%3#^5mhB;|n=+?M+ZCDEXhjfK@%CSM~asa7bz zUf!TjUmAwd8umJkQBqeoQ|6tgMMO0hq-EFp1QCXbX%?*n*TDX#3Rhd@O9SGN0)pQ! z3Nl!I1Pr?ie=m0bD(eW`<#piZt>~&^p zYR0N9ta-_E?t!lEDv@~<=IckuuOGL~T<;4j6sV4V4{;GW*4B!@-QM{quG}}T>H^qE zmd5^q)jE*6(3uFW1}`3lbm%~J^U<@*Yzt1M{lle?hQ!Bf3T?9Yb|An0B1+b_DSTX7 z1C^`jv?x-=IYl750=k~2-;#1e%uIQif!^T_j<$9OP{o>-i9rB=TodsJ|M&9z$C2yh z=Nngo8&yGpD46lkcV8AJMO=}r1^TLQGHACF3!?_7^N%IhHE#kW*8f(yHzneGJl-ba z=Z?$qx;M?D>KoR}e%3hOwD94K+S<3~_(xaoP_YHgk!Z-RIQ_K{*ChU)vZKl{MdPI1aEm@XOK}FRasL3JuNtq+5fQOp2w$3B2TMZI zI(*A=5l{KlmL=Z5_CV=+?K%8=eIPYYZOGP*&z1DOBk&*daj*(4P~fuTaH>BXd$~)PO&m02N^7>QJXLP3jztR+ zOk$Y9Cj^iDAEojKZLBoj&MG}^DuVm+tM{&8p#OeG)5mP?%NN$hOkUdiW#Y||?uN2B zrT#UpITmCmg+OXjGoB2c`FpMEjIqzv3(L>4;=b)`k3La(6Xaes>~Ru$BL>682w!yn zor8_}v$xW%{)2{G9(-@jyFTCo@6z->7f5kjBiP9V7S2~~6Tk5PnF91Jl#j9LAJ7^8 zF~&>H6wA}Ppb1l+_lhzGQy{)D?OQd+g35#CpfCssg%>!uI4-4NG>RlE@c)dWS?GPA zDU0#muGieN>|26Y>?{Rone6%9mDzo{+hL;F;Rnl2reQX)e<$43w-iso$%U(jn0RHs zcAd#44%`TloC&tluq&U1`pSdTMtCfWkzZ^__b^cZMZnf`^FiFWy0M@@<=zJpPh|Kq zf5KG!X!CWf{oZBJgB&yt-EFJ^?U?XykH(rqqOKiWT_*zz6{#!;8IKfY4VV5Mc7A*= z0v~xb6o;WhQ6dJjZy|HE@UCtP^ie;i$C_yVkr{@KoXAfcWN}cW!sy?<1pH07NL`Lz zjBMUqV1Nc2n%4|3N$(%h1N1$uRkDTvkTMrJlOAR8_7Tsm>l-%~h2~*;XXvrZ>wF^4 zBf11jyir%T+6{%vs`lR9~B0MfbJcPv{*TZ%+o? z2qTbdE;9nc@O3^XT#!B})nhHD*MW_6?zJGJz2_a2t1bG0uT!=cFWc6^XCKpi_&JSxHvzu4yacQe;j*>Zn~}R%q?!?y?t6?di2GCe z*5fyu4Lc1!ss`3r90_K&Zl)vdZ+rai^n9Lb9iY?nc=8qJ;!-=?eW@CUN(!IBNOj5n z_+8M*tVjytWA+Vq&I17G{#rK2mxF#d@$W9Ovw?hi@0ZWPPOo0&AknkkX`)grX zAAdYGHzy?(!Jo||_r znQPnC)Lup;rlfDGwHX{Z*t{&>TzUb3>-C0=W{6>OmS`Q`KO6iGxKAP4cP^4`Ps*1o z^*Y)=IDR>qx4xAUEi%vvNsERR<_KRWbcLl4kxpi{4wC90hv0?ETx5*1mfaP^b_ah`)Bb#K%|>h^z^0tw*_m$ z;n=FFMqxOMC4BR?*DZ$UM*Sz$M3(zmK2ALkVNM!t$N0;hE(QDaZ)C+NM5FEJlG9s3 z#2+pVzSeghur=6qurTN{UB}L*%on1=1xa+8vLNK>Rr_S$8KzJ94vr_*?y)tzc^W)h zc)Ghte;timS^|1N1RPW%G# zqh$h_diIqHY5QFmgG*gg4$oe7b#|opU_vwB57pb=Di`LrkBf57hGPk7fPl_(*zjHa zgkSA|8+0DFIBnaE=|kAg@hCK4O25p6PFwlXy_Fq+HNkC-k$}E-%4n)ST9D`Nsnj5> zo7BU8gc-X{aAJ!r!}qZ{aOLIXp){<%HnWKLxx~p)oc(RD{dLE}^S@8vmL zhIKz!d3xo6#q<1SPIeV1*7=M-*ujz?%S4UV_KMxSdcl%y?Qy#{EAS0p^Wf<2dHHX> z7Bu+j+26(4I_<|BC%YRj_R9x8hrtfVRFAde-Ag0gOWbr77BTKpF&iS1!Pb&&yY+|_ z&tv>=f*kj+vlU9rX89UVLNrSE3#V^5wYq&qudjwZkevIkcJ2+_w^8lKQSgpiP#ersFtZmHY@rTjf z8bim5$UPXUlJq9*c#Ej*?iA0zkuSY?%d*CZDT!ij#l&u4=`Bei2MPdYEe^QX{y>b+ zq3hH>|BljFwwa6gl6!^ME{&K40hpS@wa1NB_U?xnkd#`Wh6z2t8-E8mDcAI3tYJNk z;~xmg9N{r8fp>qjyX%ISn3~p*( zf<~;nqPOFFm~8U*JpJ37SwEa_H+!_j8n}JS$;vUnM9VJ4;R>SJiqhUDsvCv{fSNT) zQnWm;O(W+h)%Gr?y4l2f&TSokp{+IPH{z1a()<^gAH@5kT{jf))pJ*1KvO$js@EuH z@O_lGYq03K{?WDVpr%H+G*NWXjVxE%t19y0Uxj}$rqB7p=C`lYKDr&FzU$dPgBnc; zaJA85;sHQQ&K9O@iYH5i-lM1t?sWA&a+UGGZsbv0rHBvigTW2MNXzi@e(6>JY;eO8 z0ARb5vMOP{xjH^opbGi>Z}BxO^4&4Hiaz)E-Lcttp7ATI8sOh$w7-32@nO)OK^S>9 zu0H7t{$m-HWjv0ZE)({5Mh)Qe7R0uh^pH?lFQCX7@jL$Zad_JLct-_t#rLwaY|*WA zt30suwFa8b&u`%E&_*4}_p1+TaECs!T-xbHh!`Lu5*CmcDjVg)Z$@f|FU@(Eh&XC^ z9>w3!o-9QWyy)(uyx3j2-&Y+6^j5dQd<2$NEFW~wIi)BihuDMEc8fN`OBRva+8@oj zU0jL}&bmrC&-gEFt>a*5^JUsk$;|JgcoGw~#)eB1rK8R}()u{d2iJX`i1}2zZxlaY zava9b8vbn7e)fibSJ5?|=yXPq?znG0gpkF!x8;vQ+0OrVAuP$W-tyUf;qMsN3}2SO zc;jF^R?x$*dg`#W;4b-8-X&I6Y=oLVn!H^FKW|^x#^;~igC?#J0YHEz45?O%|FGr0 z8Ga4fWbtL>tm<1l%==@nh^PNSPna+U!Z!_T6e1CKfvG~Dp3$KtKgNNq4Z z*_)vz^-)W2Im4h)09kVFMt!H;runPFmEHAHt=&Xt*#1iW5L_5-n#grR{j>8q#on>^ zJ?7t#?^mN+Cj@zBNKa7n-iu5B`iVp7+@`XWhd4&54?C$%h8RR}WN|8TiEmri!(JAn z^Q*?|`O_`pn_F9@4oT6_gO<|h57N^T{-KAH+-gs95W@~~yG=b$ebZC(=F}Pna)EA; zXZtp{Xa0}a&48dK)S~uBYj? zRU;Dko({8_=C`BSkm`#c-pr;YOw#Nal?eYk4x0=-TLd30=1tB|4q7o5n;n6z7OSl$@lwD&il(O(--!i zRNWBwKiMf{67>HsVm#fxKhaIjmXo{`*z2d$@-j}iUA0TyCi5P}f2m}w)}PfB-oXs0 zD|qRTWp&LiIP?MS09(6@`5PT;?Rz!(6!A~qUc`LHk3}8TqK&%+%?^*u>iL0kzx;p z1H4_6iVlojj{TGiYA_45PAU_KRx{Lc5MwE|#VtCKuYZ`VuynJcV%2OE(Hgu$Au2ly zXp;FHb$Aujc!VK2lIu(r1v_AW)QN4aI!d=v@4xs7f0yIWdjvj=0a}_<*;^k5fR&N= zRpi^G=+R5MQsjfo^>lxTQH^h{QbYwj6)w5_d8!e$nYax@HS@A2^w z)e{C^_cR*yQYu;+gMGVPPh2}^mEa=!#_$>^^xL8T_P zimSh2@jRMDZO142$UkS3#^{c%tNkUChNwbe*Mc&uTuo_$F4x(gsZ!hxs%en{-OS6b zfNzX-Rs{4Z29F*|`jW<2EoaF+NgAIXud0nSdVYT(YALeY=atWhUT}iWaIs8rAU5Mr z7=N1m>DPX``{9D}lJRH7;A-RY*=J%;j29sr897A*wQ`nQx;m=}hkR}&<$~pC5{0c( zPC;B?;9J$))xf$^WRM?6*0{0euXdqH>mKGGMR-=&NgiLHT(*{R4HI<&K_kSmosa5S zD=}9CAP5NGe2c0%dR!qAjv&9p*L34EqXmuR2OkZg_pMPy4Z6b*NXi7pT=&XkFro$d1uq;CB)ac=GZb?!7 z*(vQ?IWrSJ50u_SwB!o5?t$>wOu3As6d=^qHRMcZki)HaK-N?(?lz)fjsgrao z-5Yl;=4ncPmZzhmZBwV0J7mC2pht*8Lbk=fS}CZ$9vIxsyuOap1RdpHJ=xbzJh9Uo z0sHDD@L?q>c@iYM>$o4=oKNK0@x|0kw0o{mXtelYl?A6%%Pvd_zEZ-HOoBBzW99KT! z!4?ue?3{@c;wZ6i7=ERs%%%>1NWeD;54JW?dWK)tAvyj}^SeRO-w>BHJ7%RS;O zGZaWF&E<&fv%lA(&F$ulF2q3*7zq+bq$?u9CB!^@pL$}dMdY zbzP2zN4ltRqzl|NvOJrEpIj?@Df{kZfz}atuK0NTL`#U&ij_%PgO>FzdDy>r~{fgJi<$|U> zy%L|c2uL^-0R#=yttf)k-r~fzaC(rEDj}sCa=bFfSO~pz9F<>x5LI|gLrQ%Dt`8jO@6rpIS)zYK z@#uHsj?(!V`6MP=Q{Be%6dyC8(S^TU2u1YNj4X_h+m6?3fGmp9@viw&u`NDyRj#a0 zG}mia=x{{=-)l>l=?cS^BHZ((pK(K=0;u&;>Y7kEI(~FE7ljTP?s&1~L!>cX!?c+_ z`Ad^venfx+J^~8ti{lehF6Y^+>_bkq+0+J#uYHRaq2WhO?zIc)2G#CyTUi(g9zbG^ zNDgHUjBx(AYltqsfHa#$VW&TeXtM8t$5$n1Srw0sPB|!`BYuTegTZ*vq~*r}AG40* z*jTPj&b3G*i|&cd?U{Jgj>XaCrEsh7l@6lgced#oBt)5kUMDMrH6#BGhZ*`$2C_Bm zy8icGFwCgWw)+@qBUJHRbh1*CvXbG~ipqv27`2fE%fu;kJDM?ny4ds27GmpWtD9Ns z&m)ll$C$2C{ODP3cLQ~GbI%Vs5Aw4M8%2D5%5nihu0x|Q2bJYky%c<77Q6j#yX&24 zKf%4ESIH`o0D-yR8F3l~R}nJelCnRMyOQaRcGQj4Z$d|nwakqJN%QmatirEnmA6xA zej`X5FgVY}t=UD$jLgTTqeHsDjmB#jUz_&0sXZX74lGXB)ciKpG0@VU&C5?3^BP|s z2GN~3M@TI+nwUs51Z>M&Uo_Mu{@DQowr3X9^5jEyewww5hapcYX`)j0-#j%5=bwe$ z^>%Q(k97u!3qk|FavDB43yd_Bw6sQL6*4?aP1tez(Z7k(njB2BZI_Ma=GE%ooQUilRv%esY&CWnsv7jZggW#RTN><8X790@XAq` zbji2T9F0NW#*`Gp=IS90H-ar{7njtGoIwxU7V@wR6$V7S9Hav*TrWq{20twij%5yx zCeKbDx43`!DZ5rp!OQ21zJsxxy0zT3dbq3^J?mn%n9h5Em#}r?);PB#l$UXwOQ_}Q zdJFTjDo^QX{eV|#fTM+eCwn<{GRySmG0n(eTd^bJT4H>9a>KHmdTN{&Em1<@+p=(( zd69$6hcsfu2e-*gtvf7&U)E!>(D?gimw(27_EWdZ&&ssw)v`SVRt>IXZ3{(lYn)&$ zE43(O;(78{7hs#DEuOj?lo%j9d||6@wl^)0%G%lBTt0n%BJ|M`%3xW7jlILsU`6MT zLRlNLK#;QuT{r&`6?ZPXbYkl0HKC=BlfY_b63qn*gRq z8Bu=mMB#SrS|Rnx?g?@y7?8+9Xxv1PmmZa8Ggt3lq-0R-Q=#H<$b{X>BF5U z5iKu2uM_|vtPPlE;URTkmTPHIjM`X}2;r{?#y74u$W39M^!9^s9UbN(`PX`L_}&PH zF=InU>S2eC=mNiDE-%@vw?_j%iUL5nMojsMtywMUB*cK$(A{uIB_ELTk8Z=%uTS-k4KD4xGqWrf%B znI8ys-s{1B(&hl}gF;}Ycf=N1*8Aeu8WyE!WUI*~ScZ^y)*8@G*t;JD7f-c$!|2gn zIXBn$8@x?`pUi!-kx74c?8JqIQ@X3xN{N*9MBJ68}(KXlpDO=%3f*(Gk#Xm{gUseX%h&jyH zwK0T`)UiCKe45z|HKv4A4JIHmsGxO8Z9oTNDLMh*3JLyhYZEx$0kyV`hU`RpM{@Y8 z3^1)tE-M!yEn`Q56z(8#7cAdbKX!XJEotxS-v~HM9vooHHYcNAO`VJOje1>&u`bDR z9ed8oDmCk0i^QoPIDm#;@`LRVdP*=r_kD5$>o}P0OumSKfJ7(-cK|u3g;<_^7-tC7 zqul}!8BK|!*O9pOjUZ3a%n%9+x`7j%gHCo42XZQP+5nD!KZ%euSF^mQp*)t5lVlEk z#|YyNE=Jzq9sw9<{T=4+Wx%XYOT@n%=xTJdH%Bl4K zSXstk-{e;Ahx`D>Q1aIDKeYgn87pK_(%=g0{|38_BEiFQ#-#ptADr_=| zJ0idU`Jc-J5!ZyTH7-{>)l|9iwC4n10Ez0XFh{W7{r7lmXkADWK#WX2r;f~}-L+@e zk4(v5nQE@81$?>mjJd^2Dwxb_R$<5<9g=cK81Hy7 zW5mj~7~yf6UsOy~{oLbtfL9_)mm3NXfL&-qfvD9tH&ru>aU)WlG0bs)G1ya(I>+s1 z??VMf4q=ANn6IaN1Lmh7Ldw2U5z~4#Bk-;2hz=QKt_Y47t`*EoDoquxAJzSG>y48_ zxS^-z4;vJ(N3T_e050^wq9D2znfW6*eBu`#{Oj$)I{Bkv->DDSrtvsGgNAi2ww6$` z@HyD+_!KZ^nq+#o=H4QhYFB3nX`)+;Z5tW&AKB=CXw=(gO6K#cOg_2iR~mAQ{*YcV z?aKx?dJ*i$?`&vPX3}aMb>y#Kp`3e+UjS68IWsfbMDiC=mB<`c<31iq)QmgPaT2fD zWqZ*BX?`|8T%^A2&oF;sn9aGHY<|@}0om%UJ&zxVvJqT8z$TJ+V+Nl~!XG6&wS_mi zmzm606$wF2ekkn-tPvZFw$U%GeAzno4b*zlv1*!HUY?YX)sfSDG#{G9<_ot#8NSS7 zrB1iWCxa99*49VB+|TV}bQ`OAo8;!=?Q}7e2xok$pUYz6rdw&4s;_R$YE+xljJ|VX zyc?OGj$?+e8>ocpBYZPWQqamTXmofr)MnnLM!3W{Cul%g$x~A?N$C&tu%Z(;X493B z2;~EnGhPM>>VWb8Iw~#YP~+)_D7!PhHA%?T{F>=Y|B)k5ZzRD!g<@dwmq{9HQcrgnSR@gKn5nc439=77YKYlghnXXwvNeNL9cgj3QwICiN*$tWFJp{Y zV;BHeKEj|)DAwi!xm8aCs!VCOJm?P93o>Z1X0mgc4)R`Wc;J)_S-alU`)*=MuGcy4 zad(E(8Tm)#R}^nO!PVyXQ;--2L$Laos}7qkzxgj~k$l=>BmLS8f_pax|D;J_x8iKp zVMq%FMmv7;)4i{O?#L}wDju8VLXkj9_QW+}C;{Sp-AcR%Y}pv=A3~@5IxD&q4iW=g zIOLFQvyv=t*KaHzTlzjZZp(#Cp~di^ZVo(g!9@k2z|ByhMr}l7jCIeqFIg?wQZ4qN zPJ3;l?9Xk1shIwsGBaw`0sx1XWoRO%26~bi60*Lz5E8 zAsMW>7S{3lnr%nFm0X;hpz}1@QwdCW)VJmvpeSr}WXx!5^EEiHc|(p*ER{B`!9GzN z%-P7uy2VW>E0CnANvoER2G*51xk3w9=QX5-%O%{!X9JVDBqOP@}rO z(l@QGhPS6!v5;jM{9?8FXl?B(AtAVZnJ36kkGUWI&ThzWEXR2Vcdow_K@E3(FBA{P z0%Yst%uvTFR{HguO^Tsylys$ODdlLU_$aPCh0O_RqvyuuKwyN1OZm<8tO~m<1{)K@ za^al1$EWR;*+z|~)ma%@kR&!LPP5(7XpcbEL$E5}RIIzX>tx^bwrP3IwPltO7110BL&5n@f0mZP5zW%CgA&qA9s=JBO`U`x%&V{bN*+;3?Z(2svgE%_>gG<@RepjKEw;oz{qV{QsH+?3J7xCEUz2j z^3u3C*W@N+`96z8hLt7IsrEeVb4$dXJ zXy@RNQoc{YA8=wWC!y192EMInFk<>0G^eC&x8kDig#HY-#W_K#QP@kK)eL#;lx>E(bM`syY<6GRLWt?n>4MQi(8k%gRQ%bylV+&wl?1tAfYF?mEAiN*1;AaH{Q4 zjZJWQktxxnOZYKrVzPtD9{xh(yzasErMFjjQ@OE4NmE@njY6VMX*+#*sKom4_nouE zVR1?= z^J`Ykx$)cY3>|iH28JZ@yG1l=IkQ#*p94(?*wB^8}eL?pgb3@owS&gpx(`_009ch5x%52`WVOCA?_4&bM4>SwSiz_%f^6Qj{5WbTm`zb76o@U3W|39Wi4Eu z<@%^n6=0rmt9393i)fYNYlXMtAE^qJ*qisfazhV8Ch7tJXk0%zx64G^Da?^hVQ8J! z@u`3Jk!^e(2-voW>Zy9oZ(d|Zgb0LRf$y-%^FnyA^{UG*?X}gJO-P~jIC8YP2roF7 zO;5!{F(RUwDjidftKFv(Uik^dwJINihz|f>&7W^;ly^r~F+SYTHZ5XmS%tl}8Rc`1 zdHa0K`=SzWS1r4IdG1>G+z{MG9V!m^M!nEw_>nABF(W?aJ8MlCsp+RTNeO{^~> zYyDg)ps{3Kh;c`na3d>cto^H-T;?qj?Q$7f%PN5Dp`j|if6>g1rGu*Z`{hLZRA?2Z z(3IB6t)=u4dV)V?=%LI4M%KC;zM8&Xoq8Sv2F;Exwm~8l> zU-|hW&{9&Z-Fp#NttsKNhzq^nNNCV^XSG-DnViM=wro(9OL@}P-2590(c#rI@*o&6 zszYu#qqrZC4Ta`~wB=or1927V5H;&szEaI;=q5oWr>-eydl`fI!9-Ti)BL*OPhc|- zrJP66wY+lBtQbebWq0gs`8GJvP5+5CN$J_i&N*WC2d4+zT)qfh+VkxxEW`lyC*!0|QxcM;o<7xYOcl)`x;b1% zm^t5p>3uuqXuFF2+}bAp%ja0ufA*&3zlqX5{81_TR8HwwY`au`l-b=<%h6L z%fuPfp!n=`yQi+}1}!WKCwWEDRO%5VOmETr`>iqY$=Ka}++fy7X1R;K&*BPn#rL)- z#&IR|S!ZW2A|stIZtyNy#Bno6U*!3|-(Du&Py}BH6>aCC_kqG@pAqIPbHLWGMwLIn zF+L4f%e9E-X`f8D5w1%)9GA6kHhfWpx`HlV;FFrQXcK%oH7N8217W%YqtO zOk!^HwUgbfTp5Z1=T$(AJV|TErElPvaQWcVTvSr$*oPl0_r~6O!mE2T2r6rT_HDgy z^Rl2Qql0=eOk}kuHR@9F34CRha@Fp^kYgB+9^iPg6qifU;7k}2!U%r-LU(2=;b{KR z%o6N)j5A8--#}Z1Na`W)mY%jOSHqs5ov%z&5;2a{Zk770;8r9#Cf?Tnsi!C!J#o} zY#XW~M<4)hRZ<#x5Dg`fT>2+_Sv>{rJFrDS&5zs%Hz-~rt$nUyh>D=$;j-Dwc}t0%iT7>o z0q;L)xisr2DQpfd58uH$vK}dM~O@nc>hnJHVlisqIp~?@mWRLxy~eoTrBjfkU7fPf>m6oM4nE z`9zcre2H!^W&p!OM%;{7MU_z^iEWTl3TCbdZ{3Te(qw*v%c02m)+PbLgY}uu=r!vC zt-u@ii}BTcGaQN`c+7Kv+T|ZFjfAmFi5tP#ZKC1$kh2BcONHX=*sq~ur(+?3FL)-X z?9YY!r>XqE3nK7e&?_m#$WGygPIc0{p7e+M<=%Wxhp>$J@Eu&@BtKM;92D49pkFH7 z2wpRM8UtTYcV~KvbTD*Gq)*UOl%NXj z2M0tt4jE2OW-!t|F*2Vyq(XUQIf#4CaWAA*e6Xqynul)Q;vp|&F?0y~+H273`h1Q? zi^=tR1JTULn+>^zBW&~GvgVzakOX;(fk{+WjSzs%2=djwzEq2lZM$#ElYr4#%TUeB zK#-@KYl43MW*~h!blpwu)A3y7O}#q@OPKZ~;*g(d5u%?7600Ji?uUf!pTh79`?{@06EU;nK7Cr6ViZt%&oh5Qxdq2GIT$lVbx7CX__%)t;Ab6=`eu8 znUYEM`g*CUj_Lw_`}I}owQC69*IkGu7PW0(akHE8OuY5AIz!w1XC(5c$lA7x-G;ebkDfyoubir*8{QOTrWk0 z3l!ouQ2&RDr=DvskKp zcz5#8*e3-wXAR2?gMPL;UVuc`?YrIV44%E-cGP}|B6_h3lBr<52jOM9Ju5!^jR`8> ze5wr2Uz&P1GeY9P<`LJ&rtQ*XQNS0*PGa`?2>vG|AY8Yu z@*uD-bHzHLf7@(vMih?{wx~tw6C&W>3hSZevAGk{?7Vc*p{OzA;*+(dGdF)p)BAlt zpxojwA;6(fA>&jNqNj9=KwSa?IPXxpTXg>6SP)nTnfQO9I8>rUHV_x}97-Uz(V7!Z z6i~)b$hMy0Ppv9Vn?69L_*J1=p+#xcFHA~=zuyAeF_?*NE~WP@1jyenrCsTfxyrii z#F#mp$+26y$XsTD`|5-?+9y0~wleBLL3>5r#^aF8Hu_YeL-^|2;C**IEjv_zRlU`< zR076A=(Z;)K&oWQo}?s^v=q#zkvgUv+T$kmp#-icMc3UtR@z?$L-6$FOtz7)0!qeM zQxd-=B${Y_ct@0I`W;cz3Gs4j>~4ZjkTPI@UjGoh$LxEVVmfQ07gu@&8s^e@?TZW_ z@w+h9eXy674s0^i5|RxOhX@jg;s>Q5(cqD4o=DSALISi!*udJRLX1}&3p=1M36*Xa z$lh5Rgx%Dd!pZN^NK&8)9T{j>9Q z9bk#2En})VCE}IwE&Jt^wqzh&q(zv@&zDVMXGo+$<07Rt917V10(;Utz@Psf|0cwY zz+HiNwrnKE^drDI23hyH9waWH~uzFA(aP9nNoD zGChzhYP;@obJ0v%WnIG#CdcY~ErTg+BbbA)*&tq`8JuL64u?-{z1(N0*vz*QQB*)? zKW8lk*I)@l;4b;OQ=w^jLcr2DFR51Pyk4C-@og@W?oNe|m;{Z}@4L!rd7?5Bo;kdE z7*4e6-jkgXU^(8GS~J;;c5(`{)`}adf5u;@x$21cjA+R@^>5gTIJ7eH)rAJ>4@yj` zk5>2YZ{APasbqdUrHBoIBkND$7FhA+@F8Ba=f#s8o{6eQ+N-kjZ6NGsQ1Hr`n0}`8 z=Bw+ENfkVy2}nl{65Ig^?0Kb+^AD42cgi9@5;HCyYCztc~l%TiOOMVRelM}eg8J}TADQePq2q& zmbYkmabfp2+kL!QJ7n1Litf)JE=hU2Ii(Z{qt2`Gs07w>ww!V^I%bi94#ku^;yQC; z*9cI=N{cMy3r@m~JLn6t_$<{Icn*m7B?Myfj58v=JJ)94?d4ji)z`tO-a;HT%v7<( zTb&w$_}G*O+f+%F-OAjW5jQ-a4iWe+q%y2Ao;}*IPyzG3*5X#10zzos@BJ!r92Ozz zY?8sIrnTp~dPAr?Yd!T=IV@nvz9R?a{)8bzcGkQmrvFvTMgOOs<%?L3>a;^m5N^Bw zS3n@6Qc39I3j5+yV0#_njz5q?D8Mizdo*H!W3nZB~n|zOqIp z>LQV?Nj+qt4v8leXh_AywH}fKKk5kr`ez4d6p$T@`en=}*W%i}1*xy>TB??AD#U4? zM1&RNA7Af zFoe*hZjrvB#I->8%hgW{#sd_1Aag1W#o(#FX=TCu4Cck8%8+}pvW)WT$hrAggTr?F zJ|H|^&cjdjaI!M&g*o%Zyu{>ATZZACl7DI@yT41Ybm~qLv@@9{-jYecoF~3EekGHh zjNXV6Zq6rouFKVr=GU!%{qDRLN?IQ&Ri7#_m2`ZXog`)T?IUDT<=(cWs*knv z9p|4`)c147YhJF;xE~@iGI0DM0M~|(Rkw2`U_jp4v{Xk0KZGYY3yv1Xr&au}^ z;6tCa2S4!@i0~kxX}e4h^}Tv(?yIkqQ>A~c*(Z-!Pyk8eiXUYp3VwBiOl6+6FCRJ$ zD!9yOF-#>VfzJRKV0&Rl^Rvp4WI}MR(Q8d~M=hHxy*t=qG8-DzbH62z&WVpaod6o> z=&plRv{{)d@#VXgUQ~2!x=C|q2Apn|=#s#30pHPF7%BoHoGkg{q|7tsDA#`5(aBbp zgY(aXl`)m<1uh`g<9Rr)tckQiC1oVK>;>i#XO5tbA|7%?pl5D6uHhtZgC+9fvB$Qg>9j02=nJfqtVtoF3<9WoRt->v80{{?st zve+fv`DaexKS7hys&)|1hu?qjAha%h&Uf+1mwIb^Vw0TvCD>d)gr2cU3~7q1aqKr# z@!JUhsVNUTJgGRG8Of{Re0=_9@EH_k_$tG`sdoDgWs9Q0I7RW6i&_#NL=L9g_!W=k z<&xPg&{5fbImpvWVEs-Xt@g>gbuBNCuL;A!%U(E^wUb!~fKTC5SVR+XgT&JYp|pY} z`hctR1UMJ6ZfEj?%jb@CSU}N(9P07Qt<<8f59z3r6U(gF4xpV=Ux<=0d*F#SX%L72 z0QC{#izFEd36lP(_W*#@RSPTGPgFoL}3C1=dU?PKQU=jw=2j4@lE73b!Q~+I=Rn|iO97ErwImRb4*qoFTw}MYEjvpnELzGKoh{TU zobeDdHq1A#+6$s{h>RBd(sL9Vfe=7i_hPMoC&W5!ZP@FfTxG|nK?n%nA4+w8N{13S zJyN_ka9=+fvZaUk{-ha-w`vSAIdz7s4fh?m9uct&h`JFJMZ}z+S3-uygiP%0zmSO8 z>FOKUN(|tWBe2o+`LthQ&R)NIV&85yvQP@0tP0lg$=S*w-iTVCe;gM$)=UhU9p={7 ztuX+6#XTQ7HIzQKj~Y!04rh+1HI{}C1-75o-9Z4U*@v#G-}5U}u+KmPi*(gQoak$& z*Nt;dwQvR{;iYE`oq|_CGy)4zjx^ucho;?CJpO#UE$-S8`5fC(2$_hGYxb=oU2TS) z1KczVl{(5%cPYkF6j?94OJj(3VnE@4wfA0OO*e1XC_WYt5KsgJ1s+s-6RA=)3P|t0 z2}tj~1QHPtl%@jGK|p#hp_9;i@4fdDdJQDs_`dr)`HtRi@1uQP{~U0cnEW!onKkQP z_nMhIToU_L1bF2X?6ha5V(rw+P(u88Gbs}Wmn!M@aDvr_SKaelL7ge5BQ<3x`S|tj z7o#Cj(6Wp@JNIkIr~8jSg;!YBc5{)k;oX7`-&K%yo@~B`KzH)`Ei!xM_FM4(+?FP@!fb@nvcND;4k_UJW^jZ{8v40=)< z+$_I9d~L_4X{e^<{z#9aZS551|AXhv+@rPDii*4F&nKImIhB^=CEqAKb?=v-8E2D< zjld1d9n)-Y;1S%pA-sD|$CUHVenrZgl-cEfFK&Z%Y9aZbsrXQfh4hu>U4;1Y2YT}W zN5cTO3FjqUd9M}|^|^t$+W9$d-ctt&$9`ewT*3Gop=_UcZl;?$ZHy&#n5y~lZOeSR z&%nw(VBd^Dx76>ZiXSWAaB=%rO~_bW-pBIo&68azlho#Yzi;F`M6Bymn3GQmNCJGk z52^*2Zo2dd9VNz42wuZ;54ykS5qfz^WACsXee5*Z!tT~7)KQ0$zT~01c`V+t9~jn7 z(85>nt#L4b!lA!kM|dmV&Y`-{(U#X^noc$Hv)3ZdSL8RJwk+`zDkEvUZ2cdNQyOlq(rH4m%$G>9>$^Wa49M zs=45;qP4V9Lf;gQw!nwcg?`9%RY}gZyvN%}a`eB~^-BJGU9Z`je?vkGDBi5j+87SY zCXJ(QP2vtdrq5y1%a@_`3$?Dc++8E_h3rQMUgH8T95GKNNNegd#VS@7x%}#hf}|`K z8tKM-{cdx&EO^7W&*fO{$+zCTD*RUi@14Ji^vw#pN;A5lfsVd~jB;Gh?E=}2x^AeD z>WDveGT-$qS}Q{0R*KibKjxNX=nUn0!~KuWOg@R&)4R2$sYMkkF>sZNYj*QRu9&ap z(td*kLgEL=hPL|n#@n+@#%0o$P$M1x!d#W;D~+PP={j}?d7ku?#GPQ;%BOeKedp%u`A=O!xe54= zG&jtBQ>aILZ-;#^?&D`pj(lkHc*Af=Be@=LSzk4=B^5Ton^jq>MNyZ|QBBJ5d;JxBq9Io&~p#Rxwm2cNH-rR+T;gg??1sM0F3tafKUFOL&v zm03neKP1Fg6J%&XM7>FAbvR$2q)4vLEOSwg`?~bDv6^StY04^OfcUb<&j3p(N^;goWEl4OYFa1zlyb)d=tlX zVw2nD$s!JQbF{A`vrt^QTD2|nvPNtg*j@6!^q_3@IxCJy{mf69)xMt0HR5_$k|5q@ zhO@=Th3*7Wb?Lk6n*1s*v^Lm+jn|B-3vx+f%eFT!FW7a)3JWu`t}2_FhJWam#cP^+ zYZ@GwhjAK2wUb&T<$Snwo-grmcGnVFw=`|pMX{1Fd9mI;fT*msoIU4$hV!i3xBkfM zmOcE7RA0i0>xv;eG_pqag_Wk-b&;U8@m!ILa8Z1wJB8RSyoiMRXD=wE@mopfG?h_u zqsD82?axkdENt7g2~#@SiVl%u{4W+2LfE*+RoW7j63A0)uO;0zP~u}L-0!K&H3jp+ z+Bg`Y*oyoOVGY=!I$`RQsdkgapDSY?L3zmP8fth2!6l}KJaa8cVyl?I1o3JF- zs1uafJ4;A(b}Q4qXK>F6dD!E05ibwK?!&~xuAfod80~5+BG^Pcbvp877iDh8 zQUAHjP`5C7asUwOJu?f*CPdFGzuOl}Xl`QlMj9fx0ToU&e06ED0!CRQ*QnEu z$Q@LaWr$J~ki8!b-H4A%@o$@i1dp(54d)xo?#OY@wAI$0`BCWo1EZ+dtIjRuqMd*V zb=P~W*ZjQx?4@G$jA~_!eo3h8#}o(eSLm| zw{}pW;MgOpBHJzp0c4wQ3LHn;rN7DXt?%86)O2prUfqJ`WST#DEn2gWW_e#%{?1^cO`Tt2$LdR!iB+A7%zm^;Vd=343S zMD?YJGq32~*INnhA4!{FB#1rYxp4WHkMuI;3D!BcR;cyJVIArt_LlWkDCes!y?F$W ziwALHZhQ&9@73otSH#zp%4Q@(#bufFF3qdmgv3M54_m*lB{!`j&6CGOm|uAkF$9?R zJYT8UN>_0?`>=5vRK5Q0cpb6&4*(o56E6Hnu%byJBlg~fC2>n0A$x=nSc&1KW* z!C-Y$-<#PSQv`*teb%S4*~6=ha6s zesK<*@?qm_iAnM)kGEdtrRNy?2Zyl|2{P8Dq`J5ZB#3uf)nI#`BU(RiD)wy;iR;3i zA(b~*?UCmS?L7R^5CUF&UWcFu{;tY|E*iWZWm6D>)XQ;?n?wkAwm`=hCrGzjnp7z& zQNL@Bj`|CKEF)R19PAW)1+w2~kHQL`oZhQ)BUJwybUcsqAQ+JtDVdr&|3jU(Ou5Ep z4b_Fsv|shKL523Uur#BlZ6b{Ma!Dl%-gTObJ0AtSRY#R(Km#1$K{4q++u=U-F!*@7 zn1Wh=ic-1zonP;gYVr4@}^em&8t#teZhFOjRN{@mT! zDKe-%C5wT>t;h1?l9SgK7B;q)W^y&UH4AiIH?KlV@EI-2jgScmTHm97nMG;b#8ZBy zfv6M^gbtWbRpJ^-&De3oB!#LOvSYpZS64oPiW>otRL}S6J|BdWlnIg)8RYph$HvBT za&mU35eY9ATf6iXrHC@mS3*BS3RE<~4(8QADtU>tc6-p%<#wgIqq)$Pm8j!mJ_a@g z`p!*Ph_Qu@UV-jtzXaxwM&7SBIwk5*O8N06wO0@D@m|Xi2Bu}YL}OxAvWCNGu1z|= z7AGbqO1~&{T)x-3BD!fl!`M*M%>-!$ir+`DU>vdOG z(!5Wfy$}?{9d$J3YS4y>eTVOJzQV&x{*Y?SJni9=Yb`_YBOzhB#;$#TzpRa}Ln68O z!%G!5`KV|+?%C#4Z_!Ds zc{u>0l9wY_kjaJ6s}k5axkUd1oe9e^l$HAnw9<_5sBKgC;@~z>2;Mw?ftfy_=xxVs@|!;Zo1&@r#K2Wj#TI2R=eR6 zzZTUg4Nt_*c4y66Zm18bWl=!X^GwoluUP&)&Jw)IUdYJs4(7fXKkjksc7XV=8{(Ry zPi&LBxbOUfhi*n*!&};!A3+~R=;`}h`P~c(75dcmNFEH|+?XnSPE}QXYK`=4?z%2P zVkY5XwC32e+izT?&S=k@b|uoK>o3e2a*i>yrj3)5k(VS-uIK1+x{$^n-1sDVp7I1L zj^+m~2g@;rELHOqQ6JOPr>3>VleE4c`1t{E{Cc?JZRBxF!xKgzC0m>62FFW|xTE)X_yh6|CgrBGtUl1^Q9{ zpWUN1yYQc!JO`CI&6ymvuI<)bXbBDN`ik9*o2h1FaRXHX2R36hPNP95dRYY=Jyq|> z@m>=+iLSKxbAKG^SS-;h>bY8|$0W?o&A~Q3LNqz_atB58NrkIT+uzbn*U09D&i_=) zlRuVtmsAI9*O`+gZ}m9fJ&~ZIpq#IYt+Er6M2Ep3xOq0J$yEM=sjApbT zfGn*B^XDK&v3JU2<#IuIbk8l|b`}XOyX84bMMJA!~T? zMs9aM3wE;sK1GjD5}%Op_?oIMBO{|;cs1gx07e;8T4~_TOt+o10TU zbp2!6ej4G*xtik&jg^m*4U;Osy<#ih*=vzZ4mNn{-F)fcp^>L&w(=R7!OY^&CSn<& zYwCrOaz939xG;r17IU09KiK1%@nJIn1Gh5l7diHhg2@5C7lUu~cMX(vf!wVcV6 zJQCpCF*&8LHXJKWznK}DeA!(PL}-H37g(QFX_g{=^2%x}k>20rp7d5}KU(|zwB_Jt zP#8VGS>Jdq_dEx@Jd-B+a9$)1MyTzM-HH2omPjOVt@erMO#2@^x*T5&_Jud+rX9u& zQ#kJ-(Z_FYVL?wQd?hrlt(rl^lu8yq4UK);++}05b^$dOXWzj!} z=2y~hE+>s(b1A!n-C8IptJQd21X9Fd+@>or@Mw-^Ij-DmuBUaqlz(^r@?dy@sV~~+SZYa zFe73hd^+xPy!hqMW%JzSQg_@izIvGc#o!L@YPf#7Dr*bsbLVXHQAB-hUn1e~yr>J? zP6Kj&dki|oC373^g%CM*pL$5z-XH zjTNhr$WQ$u8ruBhENh7NCp#C{Shho0ZXK=UTzx(AD@@5WRq>mw0Zx(H=p~0kThp+d z(W9#4v3m%caaITSQTi&8v+bHA_kQ132qRjCfNYg@gC9aC+xHrqAA6KlR#I3aG6IuE zcYRf?+DVf%1fliS8Dvd)Wl9J!I2v{Q8G7xUqGG%7YdNiV#{+{HAz-ksMQ!UcKW_%% z#n*fm{f9D=Qqj_ZHGqtt2?e{}tGsz8eM-A)IOfb}tx>f~}Bj;lYaoL^pA z(#2e8=4tZt@W>Dx=+BEof=?a`P_K1$^dw%xT`b_|eq<)6xZZmbP|Xb00;9@It6`=D z0lTju5%3C+B8u*qaH!Q%vKWTW=R0do4k_|GMs4$R&Yvb9ySOtWQBSjLXl*_%XFJ!H zgjsX&E83VDClgOEUc&x$loujeia;fn9BPdzl`IqQNj}Pfp9Eyb+ScCT+^qLVNyRkcpxqbQfn{ft*}d=~Z`N^&-{PFs zqJjixhp4=I^)-ZvRR6fYfhf?%#Lp46t+t_Cxov50f8W(Hg)D8EcQzhj=~n6T4_@-? z%}weE%T9cfC*Ie+RscP*vE1S*;OZZdx6>5JsjA{Y)Ebsz}*8kqU}eNGy7S(sceD zAC}auUp3WKI8_jdlnfJgn9NX$JMAt+T^X@0|FdY#@J?sGPwvVEchO{9vJmLUi0%=8 zC{SqJ4ZTi#?MG%kzHW}h%%J+HD~q`;UfmAV4Q#TcqPdNye#gC{Vsdga!lZN2qJI-! z^?;f&pt!X30mOEu$_w1I*!bCGbe`tf=Cod_vMoyqG)KNSo}U6DDq-7k)coZUI$tg8 z^ey$D`uagwhBUaVB*ll8Aw7ZF|Hkg<=j$EYeXuuO6Z~VPV(g?kk|eUxMU*Krp@kry z44i~`jyjdeqaIN*#?MT3M)|&cE;VAMcR8TF^W(Q%lW9*@q%HuXmZLAGJtYtXsez%Q zo}m)gA~nSR>y3os zt=O6DJLT)j5ZwtSFPOyy*mR!-kOf+)G$sgM*{us!A<5F5iWb8@$8c(I@S&@j+yj5$ z!?5Tm$#IYA2_gm#&Rt2Vm5c6@)56hQ#$6FI(@FH~`j!@sIoz5U*2jCkelu0@dg_;s zJlglp1+DhwiRk#3XLt!DZSi+gS`iP2u{yv;?=r-F9F0l}s}yP#DI7lHHIR4B&7paW z5YE?M6ktek|2roRb2HHKJ!qFaWs;)BIo;W0*?J(^uV0kRN=cNE*tqy`I-4>vxWAoM zk1)igPxT>WVpvncZ8K3EYDFFvx#L$=7u`DDgrlc!G$b&Ot%bE;5CY>#^PZ}K3mftH zE4e)CvKGv;#A&U+k`obPh<;i|liNz0BXyeE^9<5)5aAP}R8Zjb_X6UMuWT7O1mn zbd;ontV^^YSF^zTWD8LnyPtZO_{t8QNSdVtmCI58F(BDDq_n+*=1%o%@qw* za*{H*70>5s&-m=OW~*{4eLyJ_=Ex$YJdno(2A=JUyr5IIw?~IJ%qP zGAr(&G3aQ`cc#e5C{=l99{ypY`2HSJqySo32x6!K%4xZtx@;_8M{h0k>|KT`!dhdi zRy!hOQ1K~}Mr)Aj83mzAeSAH3ymQyc+jh7|%%ggOf&OGeIOpUojj5T6y1LIZ)}-P3 z8w;r4ze3*Lj-V6rwCsu!9O9)L^;l)&)q9+fA&1-@NKH~1Gqm!TN!4UcqIF2RM_Vpz z+Z_ZwEMq6Mc6mH(oN{a{mOt4{mvhj{m|+w0ZG#c-oI6`6Hh>IaJ?60!VOwbA!b_ef%cYAue>v=UDxlSt`PzPn? z0p9B(g@ml#*IfqIHY3c2GG{L~SsxNce=Uvo5BqwkIl-teQ+;L8v$~KM<8SIJY)~&? zpKLd?g>Z8@{C<2MnVp?2#KW(qr{2>D4lwV1M;i+}?hl;DFi}1fMGnWZ-Q?vhi|&qb z-?1#0TUX!uFr-FcY+-6_XN3)xRnje3#rzVrIOPXcBea&HamWzO#QA~mNUBECVy>+ zVoQsUQUU`dTZ}CBOq!&(twf4JSqk{O{lT|1z4h3oGv-jK^jCEHr=u_Fc|YF;pi~{r z4c8L@Mv9de)v)-Fd=5?zTU_hh+}y;?`+uDfrQ)^TdO>?_j5^vvHE&d}!q#%6*slcN znFu%}4dnSir!cgWBqT^^P|cT=mI_nT=zCdr#y0*@W(h@DWAEa!iQDD|^-+KYN za&qet)sz0o-(5G92bT7b5_HZGGn1c2%KP8HoMy+y$6F(&1njPul;S6HOrfTvS^83d zPv60+Ws)8p@BaS%%n!9I49EJ&%36DSf2mKJ zMNCWtRb64!%FM&c%Uwl8^n%zl;`ywuZ1)Ulh0A$Qf3Jj6|8ZXp@*|1Vsn|2q%r z|9Cfc*nMZB+M-|FG~%DvW)?jk2nh(ZtDRSAJ_A$)_wjXl&Qo($Y}2$}>5+?jYpK$jFG*aAs>;+m?g3rzfBF z$a~yTJ3ZWIV<0sM+19=pZs8FlYaamBIE>as!F)Gw!6CElBFd@CPb6Sh;UaG#kcWh= z&2+QPPDMpffIHL;|M5b-J?+sFI0|`s>YfL`vf3Y5ynXxUnAJeX^lZA{;#yS<(^$5~ z*-EDxB$!PjmqYh_^h}N_A>Nv9AqUU%GAC5*lWea0?i9#OV8rZ)2M1onHaRPFAD@X< zXl?P-My!wie&fHtzmL7fB*evS?hRTavJ{gJkB>uxgFX40ef~YWtl1;D;uJXb-ZR8X z_~4SrAbe9Y5*7dj66}DyXzS~N%S@dI4Xx$3ixWq&s^vo;Jw~Ng|Ss5AESj--{ zF2Bu~5B6d`Pd(>pzb^W?YGAYnuAE^OH8Gmol8OI0&Id$Ycz5|f&&5qjNsS&!opKCGj&QS z;tUK7g@uK_nA3s}Wi!Luu=eBX>S_oQy9w%{uwjG)&${MMtsUQOq-(9^aSeUQV9!yO};!aR1b5SqK*0s;c- zP0bJp1fPUX0Nu)?kvmaDs2v#@xjdha$x7)dsi>fYtgNoXuMX-8rYoo@DZ?LO>#D0S z1c^`v`>hslgGlDIazV6mflS^&oL+;#g+>_v4;D=X!$n?pnGpA?gX5l+i(l$^TqaWBml z8vHAK`EKR>=g*&$eNQLH4WYfWv%Y{s zzXUyf_AG|m$PoAkU>cGCa?F+4mxot>SRcMA>cB`MrM8U4P zA)$V{H;=LzF9Z{~?sUq=Zn|O?NDF|TdoHx1p2ZgZ$$NE2;nme%d71@HO--(#d~s@V z@e3E1qqeZe>nkf9hIQJh%JPXqPCFAN)YQ}=RNQ_2{o_jR0H|N?Jw{%iPSerReQEs# zb5~JO>5kzp(yK%RatR`)J{&iK7Z}#-Ue?6S*()k4BCJOV@7?2nl-^F3&#n)h0#1=Z_;;JCK90<-CRZ0vax z5qI6?Rvrln3AWpZM|M`-)z^$vaC zWy3rQW20s`IKMM}Hu;r1f?F&U;2NJ+{H68E{?@2L<#o;Vuvg0VUW&l(ti}xq%^VX6 zpY!4c)AsS}y15tKB745YYgulbdgZa#i};Ay8KnMx@08oN95;0Xd4VdvnzeOqP*6}_ zo(&iZKux^HO}7}{xw;+$=jnP#j@!%IyQZq@7yt%PB^(e6?U6SWio&34lZ4%zot&&D zijDp6+ymgf7jcQfKs`MtCMJ&2v(qCZ$6e9vt6{0Xe=h*m1w3jym=;)8<`P6g3&f3y zr|Ue@S6o~ii^XzraTyvK`s0&|16Abh?d@fwlA{iy4}?HYPR_-}rP&!U2r!HT1ONU7 z4@m0%@o{-s8Sit5rKRNw=mrA=IfpdBO``>Rm9o)n_1-7mAZqmV_9Aq5LBzXrkLC}( z3!pO*_Z`obj{D8}zL&?K>8bwy{@`LqN8KGAFKqpai;KbHSzK)FEqwfhgoFqh{#^6k zczb($)AsP*t}bB@bRz5}J$(vbUm;=PEu2e{*5%~xY;C1+^B2Ic?w~scem8=<1tBjj zJ)Ipk+wJ29EbhJ}ku2N*xWc#KVDM$^uVMf>8sE%S&jrxlFk1TYOu7cVQe7QJ&6`Mizk4%l$faB$k84_4=TAllMc_j3fr2lw1Z`; zwI8i>_h5F80Jc3gCiq!4g2|rp@K~+pj-t_S|7db1h8`~mIz2HSP>Hg5(3aOi2gvE z9k){*9|xThXQ(#HqytXXEvQ(TeEyfz`ey;35ivA1H=hWe(60j-s*$HzpM{9ZRA%w< z^#!8w>iQapS;Z9bSwOx+k>G0ft=}lXP!@rK2?~;K{&Fvn?CaOB7Z(>2xT~YF0=;_) z?{R*)C@V8FGi{)#-vZWu`}Qr6IDqrWA3TtXpevZ~1D^o0ML=FhU*GmzO0|ez&Te;gRpTIcZ_W2#?t_A^x=x8&f+U+~h%x1X&6^a*0#_2r3((^5cvy)U?d6KS@LJYEoy z5={%?z9)LfIvsE~KqKYM*QUcu0rh*7>2$dW!i~1Z&#tU`bAeiy@Q=X1gC?G-w%Mt= z>o*Mt<~0@Mos^UpzpbY8<;I4kv~&=3>dU>lx?`o>ii8B!oSv>4)_^L<#Wb>}@%}7p z4QYk|sdTI93O85zP}r~3w|9K`&eU**zV-D9UQof4y+H%`L(+!f7LZ;JS`v$x5(E81 zEW$ZeVK-fD+zc|7chb^8`3(&ZtKoF)t*tNH9y>%Ob~_FEiNObhX!3R^*bP2B0Pe4|lqGumdP`Dkf^`@mgb#T}l8m_9YuE$|9 zRNRK4-@Z*DeKCawwVCp9X>iNKl}>kecSdHey=hf2D}lhH7IOTctqnA#9^mBTv++DF zhy8^{#w?C%tsU&lnP3GUjRH{YK%ZpSFP~fqTx2O12eB31U6M@@IrUjCv88_cK z62Hh^;W*jyibBTzE$j>Q#nSq^R;B&y&dv_z@t^ecblD8H3&wPysHgW`!f5!1 zhK7irsjx+FZf;)A-d)Z4{Rr*Z(bv~EJj^Tl_fe-)X8xuAUq(hIrnS{oeup_9Am!G^=~7|es8s1BBv3$b0JOEYwnmE%sjp4#9r~t8xagqp z73a6XwE6Nj<#I&)Z@|$~*!0?SV5fd3DapvptduBJA{WE;H$LnXc#(ks3c^NXV z;`jpt5(gyyj9SB|5tyNjV2?~xJ#04K4rMz8Pu;tb!ttrAEw*uGdwY9n>2TI#o>tsP z=;_m^&!4XVSxf-|+F24c4F}YSx;m882drkhbFkcAkpK6wHIlQ8M$?gzk=?)lO1t22xyESvIzs6Q$~u6eCa1 zbCBJ*wOU?!tm)X<}HCrcR?nZ33lD6knsF~OUt0L5Q;gqTPA;C_(=S6x>Zg( zjLu`Zt-uAP&Neze&*8nj>yfDdcWCYU)V~I24FF<_0+I-{B~UL=ZA`_DM=?D9G6kAI ziUT*F64(Gbz_Qvy;m~VqrvND1{Z}ve`IAJwoPn9}lTq#$hfdn4wGr&XELt{0ndR@D z0`|D~Sb#&jc%kJhdAf9jfKSh3Vj8||FpJqW^R-Jq%79GEtI2u zgaUx{L07{SAD-;*Kazm?ynENu6iB31pu4)X^wMdmdVCvtRq6K36)J7#1`70IIUY13z!T2z<9-xqL2DkpPf#ZJ3!EzheWh^VP%nRnN?he|}Vx@zMScHGP2y+m)9z-YZ z?22wbdYYb=sdzDu^F8;21(^Y-%Re#d&hJCzDA8y5(F#sZ2f!5(@j%a{zQs3@Z}{mIDKL}gvD^x%9Nngek7UW>B;8sXzkiMlFSA`^04cnzpiMdb%bDkA8_h+|CPm(Q8AIL@~c-o6O}I}_|| z^F`b(aec>?d0MEWAxpeu&Hvg0`7Q%FBnWDSn7#fV?t=V39O(adTPgo@k^k|o)BkkU zf4b`b!=~l`z~?{k`44>l6Q%yIPdohogE;hT>YwA`-Qtva_eT9c6a9Za(NlXmdiYKs zf&B_>MWH?NW)MheNf0<4qwK}_{5ktF`CV{e=96@oO@N>3^ZX=6aL^W*{)#mI%(^Yg_qZXPSmI8 zzh4X`p%ZsMGOti2IIvkTG$jRP`hUM1viPY=P+~d`16$&DK*dcwbuQr~^tb^ukc^3N zm`z8}f$d?J;_h{*7#nDZ>`Hn+a`pm44`F%8N zR^?87bR6fyO8AAn`C4y3QrCLN541|1@`#e7v#V98lJU<-_Ai?hoSQs=>bYnmC@6kMsK`@k$YOMUH?JgEK4cq+{rFfi)q zMm>Vcg2#~1PG7{AG=txC74-vlFDcH;zS6D~Tq278k2#B9s-SJ|N;F0s!zqMp|420H8hs0AxBmB>0UjYD6XY4}^<~lqgU$ zL3jiJq=1b0XEo34({&%cS@n0|V$$9gip$=fRMQL=9@8@2=*L$wS;R0%D!Np)^p&K$ zewF?)SwDvAPE4iGG7({jdmQpIXg^^i^$T8XS1w-n z-U%M~c5~ldW?u_Z#LLtC5Bb2P+%)4e!q4x`eI3lh5#E zp&#)PJalzztWT`LxBX^$MaApROiEQ$nyE8yZ`W^gQh3T)8NeD4J)qYY_NWa5@|&B8 zdv?QMAYA6Vo+H&v% z^P7LN1TdSApD;6XvgAh(caws@f)~_NDYt!p@80xbDd_Hom*^m((d``^_`6l(AAGCH_QD6v<~M3U!$ zO730m%A@GLt;~7~3tGGX;>+X-b5FASi!OD)XVH$tzs6_6ov_W1X#BO_wvilb>1D11 zpaD`etNk2ZbO3-qUesg~d{}lTPbe!5MEghjCQzJQuxILhBIk)-A^_@R`#t+@dcSx& ztKXltq;OhHUwo8*!h4sLExuaL-wW8?^~h@wC(RIAxb3LEeHhK?`8k+zQUm?3(jgj6 zl|wey^W*W#Y7X1sF{}mg?a!$OYk?b7arygk}edll)FLVLb7!q}R z7WnUo{o@}0LluKIox1KmNn0jIxyhEST%}WS+C(M`-V+MyKN^;5me$xV0{a}?GJ$}& zGF0GGPK&{iEyBODvZ!)|Yw#nSatJ=W>8wm@>P`)gK`&_bKfxR;(xvb!j$_O`CjEnJ-cPr0!=f0Sy@>S&XYZj5-r9TENkCOUita z7xKSh97N;{RHM_ZSb5r1sZRZa=^U0Q$(bK7BW5$v8_4F7iaNc=Ix+Q!0!$D-h9#v! z!C8|p-nLxMr=wk+PV+;FG+2WKB2ezQ#F*m#G0*WexuO}nT(4RK)o3+W2X=wBI3=X( zgHv$G*%adcsHETB-D#A+e73es`Lntb&W7O|9KtvqDR};QMe;v^LolMIGFl-s?$v*d zqtMa$+V`*Vf-edMYE3PuW|TGIckWH1<@mO=a-&Y61s|Zv|6>mKa(!V-Rtp~52%i9@ z8PmxVU+Nz|qeMc!%u_pu^y`@6{)dH$Eh3kGCO_}`{RLJ=_j30|^E zNTZa{!Z;z#@a8pcsKdDgTon{YI6BJwHHJWn^kZWxejoYYbe8`OyUpUOnkrjhusZVz0W%^No>ZIq4h5XoFpV1O zh*I9Me>3mHUF&opO#G*)Q|XIR0W&{)L;q8}!pxesReZXX`Nt}Q19}8z8^=w=kUj|h*iGG1gc_9#)>rnwnO(TPj=lU5 zTWKaznvyNrGK7hf!R|lZ5fo6PGi$B*@u9pzO2`=f+MVgvJ@2&3m%CPbv+f@>T1tO1 zRUu)|fQ^-=R2df24iu>sbAAMQ3BQ|g0!uZ!Z+QH-#vEik=ufT;N+@o@CZXVoQdcqFi(3#+QTUhSh! zA?S^9r=Rp^RVt;r!XwV`Si&HH-b{3sVhY_SyKz%ppV(?ai)Gf!pB!wbSjSO+msDZ} zhZb^o+P6+WMn;8k7H9PMx4FxR;NBg8#{l1)l6*Q|(Jvk!`Dm`dOb%c<)ZR9Uv6-8$ z;-#8b)79k1@Ec+isah_mRUWvi**v*cDoKlk=FKJPevPA2aS6A5+1=(A_jPKIxBblF_7hl;@RNf? z9o>%Olzx)oV5prIqfWpbyumK-thUQX9Y=$QHt8?8XS9m0Cu`H)Wb}?Uv6plZZi&VihMFWW23p0H7_fme6^ z1Cdn`dgLtdYm?_C(?z_u0vjQLOyPJuStzdF^nYKGbffKq&V-g13|yo)1w2a{O%9`R z*avdiZ_o4;hEg9Mj%z}=aOY%3zXtPwt&)R-H20{_%8srUu7@v2HE~Y1Bv}Fj4wn^n zo0s+@O>?Y)6boa1+U%}8pi!0O>ah?T?8&UH5ii?%kBh9!$4tqA$Ds{fEP?e~R+NJg z?E)M3cXxeVUGNMZB!vtzvXv$n?zaacwj#R`{wxWLF8;Wn{MU_%;;ioWmCFSBTIO;2 z_2eYotMPJumvriD(fyw@ZK8nxQ^di(a6nkAi&kAm3%~W*yXU=PnCLLGKtHp9 z%gb=R;N}_PA=giyVG8P=lqS0Yn(#-W9u1tAb~_2d+qCs6=Cm4KgW2iMpWi&L0y?w% zaz><5P2zCCmJMAQEM^6S#Qeg>!UB`#rw-z;6zK5KHCw%#x|)uVz{m zV2nB}&6WsJ)YDx!wiY4D0z3CF;0!~@BXVT3x_mcy>{SFs#_{Zb!Ks$IVs*N4Q5m8D zz1dwn`I^{91WyJpY6zgwcS=kEXk~hIQ~;7>-CSXSzeBZW4`t@|x7x;5FO@lYuT>+T<*=WAZh60zo6yuoe(rmw^Nv|B?;j<0 zM4tgnQm=(p%SKYmvb8HWJVz!|m-TXTFP6y+nt}s-cbWkZbC==9^Z4m8dj~gBEd+3! zoOai}r2sQXxd8k)tZ8HEQM<+nF&l*jT2tyv*mb|QKZV08s%Tym;EKKW#?OvXn0qa zz;_#ifEM}LnzGJ|;d|_2o}ltt;b|)Uy>;iUUzs_3+X7Bi@${?DDU8Y4*`2C=OW3HqoQPNyJR`I_B_t9{IzL=OCBmwiQ?q1u zGjpErig|zBqMD3dT+Fe@A2$B8d0e<0R=V+c-OUY4czp{6p<^9y@MwKo;iik~@6+B& zamp`c=sc&^`X+CPb}Qs$-K4Xk=eD=Ipp2Ro+vW4>nxs>mniFtOn-xpibB0~?_l6*+ zmYLt*B3`QM=(nswHkUo~`l^ceR!%I`-r?h5Mvd6&&1(C^_PfXX<-gSx);f9I_*nEd zHnNo)TGB=53Ncen|<(MLv9oYu}U?+H? zN1%LliGcs`mQ)u2ygok}5vSl7{@u46#L(C5!ZG&%#mJ0qAkB+2jcxA>4FApy8j?42 zCyajbJzv(%vC*0;kqp4=0flfI^Fj#`0Dxt`DlWqT zl5}({ciuN8PT{aat^;Ny^WDA?6$=o_PICUt@|!|3r=BO@Ms5X@L=y`9$pu2@`h1e< zwqQpglpMpaCKRxl^LjU@wRtHO<|A|7&zM| z4s7W8Pgz%C8M2D;bmNj{bt?)I|jAxV?q|* zPpun0p5NAQX!U3NAH@W}%3HU{cK8>ml%qB(!+|ZNxqdLi`R}NmGEvw{#gKqnp5Q&kE?tqd>`f0>$8IP%%eL(@z7w7=eW7OylZlD=yaR3Syy(6a;r{jBhy> z+yG)W&Z-u<*o6D|jyx%)&My6mrI z`%5(xiy(En7duTtr3N7Mew+6+f%oe_Bl}~_9vLris249|;ArVU3ji*6GaIAKx4q3x zFl9jC3$w{)+GKqpA1q_mxB+IvzT?CMWEjsu(iBWvLBX4tN@r@9Fru+4v}-sGWi*?}SZ?jnTfEyT@X`9xX4@-C04Icp`J)49JMTbs@9 z^&o}(&n(Sk&1Hd@rQg>b{RnLahb zSmfOFb+Q=KU;)SL#=iWJ zna?(#W;JwRc)^OWCbYT)Osp-}u@+G*+_4ak6NbvhM6gwv>g_v^Sf#Hm+@ zzl?D6PBGvhg^d9qr!!>HHi&T%@pw^pKjVvrlwE|xBHHoMHM-qsH#&oukA}YO`Fw#T zWVf4{=`U3x)_YweTy$cf1Ar8>9lqx_ZWO{EM-K1fE|^+9?tu68W~y0U1}HipWgt1~ zIRL$ue`W6Q!!<6D$=V9y*c7*5bK9w#9lEc%yLTcQDuPu0phY+tsJX%K{xs*e8O6r- zzabJ3UG%8^FET_{J?M}6pRYM3_U(U8t+Md{Jjsv8aMbc(75*st`hR`IGLrv!vhcT1 z7}VhR@CE+=^Vi7cQ03FX&t#!bLH|#PgcD;>n;HAc%fFZ%P0216`C)gwIu>}g7Cvcy zG!4Kac*d%|BvWIY*yyp6lHL3J2a|Y(_*q+LTnygg^h+ug==*v?pC;rdq#bTMKD{bJ zXZ_&oJi8Sq(UXzG9mbo#=R_OzyGsg&`l%c5G$$KTaq!FM_YMNDSzlW#?Iz_rtvWT= zpn>u6$*Sr#W!5!DKspL_Xpk5`LkWF(Z*|b-WCHm$mN?TsybjLntl$ zr@2o$ZtTQ_Js~y`P?WaAJwVJf>mhCe-@mfFzP_F*#E?QeiZW!6@4Sr!h*q7?yxYB|o@K4vY%i5?Q0J7-z!1 zvW5(?yCM4XogF^*C-Q>FN0Z@CGU?Vc?j(PGB)sQKO4H_KN05Cc^DhR@_htRBCV0As zbhA2Yb_Y*i^RmrC9Sn}rTLLVa-EPcVPM1Q-@c_!-n9~9pcKZ9G2@4mkYp2_E36T>& z-EUBkGe?c@tiNcx@TO!L=uss?^skIFo7UBa?C1H%m|3mOdie&aNpLrKTq7Z7n~T9I zFnj+nH3)U{(jhi1;&4II!!w;cAXZ>5Pe~jqt@XK+~ax}nXgGg7Aj8h2sB07;bNdFI;Ix&RZi#ED&& z4hAeUGtfB>rZWhA$4Qkv(nf-=z3Tw7=RC)~eM1F%&_RLh87?tuMh+VJ{r2Rb-fiPE z-+AW5HC-|gGH}`Mq0!jk(cS@h*oqJF+svxG^!kqtl?Z#oJt89Nc`LSC=p6rpWS1eO ztiMdy*ve$}0ojxu?sOK;=H_Kl)ktg{KmD~19?@8V4O1jo%m`ECRXKi8A-;s(9x@|z z$2k7;$AreOm8ebhto8LQj!tX_td&-m8~l~&Tr#u6K>a#sQ)tWNddL@S_*qUy*Lo}3 z8gvC&Ax^1H-`ufYX6RN>BYL%$9{nno$3X-Fs}$>BEoY}~z;8#EM;vX^y#is-@&(!J zj@w`*gNskaatVD0al+B=&TuGo(@Vwib#LKo&(H4)e-tjNxry93vaR5n6Wh+SCV$bK zxwxD3n4D`0A@gbv9~ok15&QrFWY%zYy*BV%r&gdy6Wb5!rs+VZTedl8)^b+yIp2%x z^W&=Y85o_Nt@-6J(qYl~*SxbR8BoL0%dOZLSH;*@jO$tpTLFRI8m@lIMPiYtBZK41 z427N20N2VnFHs&mr&R~)MNY`64f_=xW%lqH{W_=v)0M~oa6N}v^YA;^>Cz-B_9@Bw{$OM@85)OXM=)W>JgfIr zQ(Bj-)_AmhVeFeb{wyg^@7GCo*V*S-@md?wV3g|m-+2U_^NK%zRD1sVT1ZelIr=|g zo6lnMA7STK$;+Sw1a(>bI6eDaf-!%_fpi>Md`e_rNXa<;^#*yQ+?u&$u|2%A$!+#& zfKbLjg{>CtQ+5Wi`H#fxKNFt~KN}lhtuL>hZESu_yBN<3CJZ{o#_sTQX+?s;_X^)` zZQAcfvstW-fp5ey`#qFXcFJp6#UQ63y~qBdS+m(_W%s>{g^{&b3lUK9m(_z*+Qw~k zK3h3tA@TOIUMuiX^;1jfL}!05ORqk`(baUi56D%UK=847zDtMa)>c#jPa;4>CzUWQ zoyH9%Ql~?RZY)YK7eB2GkHle@C{m8G^jW-0zr)=uzmSq*O9ZjUg;b7eOpdu3C32(F z%C86qlSDANCS#g{Nj_4JiR?L4yjGt8Yq#o;9Qa#;hr_f7XBFSfDLxiDb5;4|9z0>r zgw+!*OTjAu2tIviZPa1k{NChH{oy*%yy!~2BG=3ga&hPzZ_+PT%h|iLgj`p!#Zq+m zwXMx?cctkI*~CoWuk$Ebwc*M=Xo;cU;+}U;OX}+8ddZ$rolTtXcJWQ5g*#>R^h&>J zE-3GU=og2o;t)+2ONeBd&iNWqT^C%BE5FOCB+}f#8+Lf9&dCqUJqa*DnM>Mj5EGm^ zXe4A7@e;-?M_gJp*@78kWwj9_r0V=#1ffW$np!+ag+-ea@?&AB%J69PFNwnLRmzlC z#O2Y(*0e))%mvkfqgU_*`@)beK&S1c7}4}zk)EzDWV`MWU(->-#wb({@7uTFu+k_r zravOb=k4{KT@=3o1H%jbAigP!tJ?5Lj#gGyfcY@mU{S#@;3EG$N?h#=Eo+0vDZN>z z2NO)^@6g5xTN&-7)QUtfBoeWJuOryS{1 zcWkB4Gq#uh+(V}ag9%OZ*@lOY%YdIn5Z8FUH^ntAX;=G%LF>TR_WiZ>_|r7}vt=Vc z)<|P*##kQmBi3RW4V4~B8S|zoHjqijW}3>VKX#{nnVIMPn~g{Uu4YR~@`KJl(o1!U zcF%X48;;f0prjuN`=Mb+<#z5~avz-IHtr%FaHCb*T~dJX!QD~4*qZjI2OZBcN@|$MYxYR zC3`YC{flrmLXUPDlCtgrxw#YfhzH65FxK_rM>q!2J3Gl(UG{r-H^Ui?#9oNP6or4ro~zA>?3hiygIS%fgh9-i$WIs%DV#mRoXWjBq1Oz%}#lM;y!7-14_hI|kxaTK73Vp)2+DNCuJ^*7@LEXF(czaEMM+$hLYol%{ z*fTOix_fB|bS(J6!K43j0XkR;JF(X|`(sfZ7ktN?q#*J;;PHUrSpPRBTSQ=XadFF) z?E$tuT@@ho?aY})r?)9K663y)+1M@k%60?*ry`r3*}GRd#Y&SKVvL`d$XM%UV!O;5 zUIiLZG1H;~`)fuf%JMxWq$c*1fnIZ`BDJ6F>d*k-*9ijvcmBpM>lpwbE2OzdRJ2p` zB~l!nZFI6fY#f>eHG1U~?uJZp4sAYC4Vf9$gTMuF*&N1YK0GKnNArd2GN6py(PT}EbW_d#b%KAU@Eu$O_zpUDlfS;1NuQvPH;_I%9BhCmlez`g2Cs`k+jQ)Y4hdN^F#@d&=(aD_0Cguz zHxD5H0V2@SS~^f8xSXuKFd(+CnM-qT4iPv9y`G$4fcMeH*eQK=;>i7o45m(vFzMGI z0n6M1wsZTV48C+bsm!jqeQ)~dKcVn|ky-P$-dO}X70(w4AP^s8d3n#h+SmieYzQtj z0UH3A+)wuj=2s`>TKMqY2tuhcGUJ2fS&EYsK0xFX0cF^OmtUxJ0V65FB~mxxc^&BJ z<#kbeYvuVbpFR`2;)nrA3vKIm9AfA<&YPT$)kpm{Mcge~UFM|-g8+Vo=BuyA4nMU* zyAmRx%!o^1FSGFiS)7$5^IlVxP4q3Dz4Nlq%kIE*NUDX2o)_% z_*|j}p}b_U5qo6SdG#@tznHC7dH5=N%00+EaSoBPqM}iWtJtjz9P1RJggNxTXI+2k ztWQb=_s59`WnzNZ{+!DdDBD9)I~5u72{^OM=8cYC(Lrz=g9wy2aqW^IOBzX@pc^p- zu*!h^RKvtYs5(|Xwo z$aswfMD@N?sI2-9&HC_S1 zA#0vq#~+6g_A5Ur?9Z=Lqzpxi!!i6}WQ|1{w2;p<^eIFmB-$FfTCQ~!Dx~NU);2ck zrtTIR52O|!T>VdvnED_|Jxt?>&VaTPu0jAtq!>CMDo|D}*Dt}4{v&53bW;;uic2ku z0MRGXt%E%?wfRVV2}t8=WwR1BNNJle^7^hUKh073*buz$z>}|>3ni}pP+1(m^pL)o z)7`B(iR`PX6mfX}7Eec8n-!h}KJIgdf9${-6#oNZY*#~JM;1-^hKKaca|mdO2s~@) z%GKuSi#F7LWdClhpvyEI+n#_B{%lq)Pc6IAP5Zc^0oW#>6Si-DbgOrc{G~x3xS#4r zwHrecjr0=$LWqz+{sC1caD?f0Dcc5q!t2YdCIUJdXB{ag;yLH0xPPrMjbH#fiI(Im z{tAml*>UKzuXziYc4A2GWU?A5U# zw;Zl~QQvRdAG20B3#oWX6|I?Ze;5{r8=c^f5UuB+Os1XpYnJ}t`EBb`J!CPpqamlP zK|dx~z%2(0KL=Jt21HyUB!mV8%5%?tDY)yeTt=!F({y$at)p!D!+}ESe{bW&3Z}0?191MW^l`);f#JOjMvw+czlSTEG0Y(B{QmJQASI zM2c8)!%I&@pvDxnfPv23uOO+GRO%~2nwnKsYL8N>YwsSN1xOxh=b~&f4;?g@W6v55>d1u<|J{7*GS%QV3X^Ce|D=jCRtW_CbzI2BeEpaYCTpXNEtjP633X}XIBccB#D(uGuc&A@WmG;L{>+_g?r|s=iS;kF8cJ@lp8A5-i zM3S2NM%L%);aYU7RmZ@HP2k?_Q?j}j75Q_%8$HhCZN~o5wn&;ZY})RzfK9*7u8?|| zglKbsnwn=mh(ien4pv$nDq34FR};maYTDG-^k{v;Jyck4LFSVvqj z3*q7PYh2n;qhVCTAImjwXLWvQv%`iMXMC1z(qKfF4*Yfe>fv9O2fu<^Yd>BsB}e94 z?k1WpQ51J+%O4-nL``V4CtYW)t}eQWKt6(x=_WGOewjas(OMoYVavRUe<-pKvwMH#%+L6JUaObZevK4HOX@#E9Nv(0K#*cb+k z)HDSA0a?VM$;ozB!8exLDoN5Z+EK;GI62wcL$7TKFR7h7ni4EcM0}W(FgyuJw$)4p zh?3GCnl8${sffNm_@5QD@3x9;BMS3KEdJVTr~5qmB+A7OmSR~~D9S`D$&Xk;=R3Z< z5K=A6gg1;@Lvz0LVO-KuxhlPH%w~d2*j;k7=xAtc?oJYCGIKtM>t89%;e{ixnCHEBZWtT7QarC&7=D3H>na}V33<_O(8WY z`L_*pe#hfu=4D$1ZQ3IzdR`nYIg0h!|-k4fZZdE5$ak)=KCH89`@Fk0bQ4O@oe3)ty?JW5v5aiHjPgFU^JkIQyk;<+ZY9M@3< zkLu*#n#4fDF=8*`Q*NGaY(+fmt1e!NV|)YSx{QWH+=TPs;OM?-^R!}<-)2s&oGJH- zX~w}h!!rHLu1@WiCf_vTN@R_U16LXBQn^bKjpu%khda)nKlrxXmA{N3j#=-SJSM-hb{3z%q{3>?kJCq>9w6ric|^>8NP=)IJ1`y12|2q0|dY-D&O z-V3J9>X~2ODFbIW;kUvI<&co+tToAInWYXs_s(IE8p4#;U9R!;=dKy_W(U(yN=`;j zCb1tsGPGS@D8%;bAp+0QiMt|y36951CX@{`_)Nwh_FA=*fEI$m1wS#esuj8&p-jd>C_}mnnLi#_*v$Q+lB;jr| zBjlanBast`6_kYH#mt?2gCPZNl3+5Sa4_*;*KUfS^zf#}s&b$Tv6To8MPLW09n~=z zQ+)W|To71JyTFxa6Px_1_#a@rG>fSN42BJU`gbitosY&ZJ=7v6QI^v9`RhoSIQc?a zI4625DS@KS8>sis-s9y^SMldvtlQ7Yp}wADppi-MQ0ln%N0$ec*L%Gd zoV`5@ho@cn9@y{ySQ=i3DtjU<-`N!>ijr=2S(nDPjRFAUR%@5TPc2Fa7Q{Aid|vHY z%e8VD8h}xs^pePuzgnYtPphI#x{=goo$;Ctwho2nzZe_Y{Zkp2F{N$bnN-%osa*|J zVtA7A3~ZDU1^}qGIQ7(GbiKOlxM*jZ!7wOx^=1P=!;*|!A7ezzy$k|IcC?UzG&5gC zSAYb64xyx-8r{<`pUzpM?7?OV9k`T9b=~tC#<3ckuuCe#@gd!jt zL^c0M;_VKW$~YM7Y~1ZM#-8%4m%c`jPwW=0X{pcqJ2gOIH(x(!sL`yoU;sPK4g*iCki_rt93ns!hi+ zyDg?+f`9)D-W&`tIP7$HaWwQ3fsaWb<1GRMLgVCD50d?qc@8cv#D}z`wlEbRrGo&? zZBlFw*=2hjY$1tP^m)YIjq%IPR7MD3-7lA{pZ%LH_BC1#iZv7&9^rY+f=c%0I|wIZjZX-$tF` z{QtyadhZVQ25fpz3$U177M$T_-=2K4n8Ugyx3PSD<952@l<*Q;CBpg@D&ySD25-3J zvThMN<@oD=Db{5qJe1(HS8xi_|D)aVn@7$Vl{Qg^1Ufal2S0c4cKq8oJajNb#&6T9 zBef9YsypAou$Px$xwI>5heb|~xvb30jdpdx=v&m7uAH1Q8B=4{i9zqqw8bO?1J&34 zu>}w1*V)xHkgOSEf%K2G67Xq@g6Rme!Tecb4vVMPwMU2Tp4aP1LKl~Y4iDX3=SLO^ z?iWjr%!Gsj>A9O5JiJq=cJ zVq%5Tl=us+lED!X2wCG#yFL7!ow;)!3_6F5#_j5h-zl8Hol*9HhWs`0#}^)E-um_m zi`lTE`WI%rdPe=iF0brh zpIubqiVWX?jZ!Rq_qv3P;#AxWS_@Gc`IqHjqP3ColF>k1Zi@hbLn!yr+5xY(E!|LU z7SUAll;lC;gmzu7{UIWUOZC`J8C zxQP@W;VIFBM9J}Rm63-jp%62~@lDDNdRA6euw+w2|DCi*sc3F?=bX3%3pJo12z5lz zo5HEedTzDb;nex=p|* zJvf|Ub6FI;$8M)5QaPfdqyN;t6@xzAv^$#hd>4ld68TxjL4nTyl=Q~ubGDz7S&RNh!)R76+)OCwnf)h;H;_gCR z1eJ2v@s)Q%fr~Kze%vlWutX9hi?!16ZTzcyXrJz4^5~gt41dfyWuDO+cC*+AFN=Lw zn>?04ZxaRQ=GK5jz~o{=gKk*#+mr9F=xe#61}M-I-dORX`-OeE-HtH@2U)x^sG$%? zth3Aa52A#3NumTP9FFKyO7Oq*3FW@Kh6=^)i#h8q6{&6Y5{kmV(j!wEU-?k~%?qfB zljbQ5i)xq!9hKhV_I}FYQvi&z*g1tQi2m?*ZmDf9qXWab$-o5u~&fOLnxW?Di*`4Av!(kD*(aZEm%<2p5zTYP9!iNtex2ULpW zV5yI4kkI5e@FPBr?_Iafw?9`5MnNp*%jNysp#&K{S58kY?7)B^+19f&Ao9ia;#R$K zTNX>qE}tJg!E%tpn?qAo1UzQaPEMQBluz$$3t>o5udjJ{b^DoF15WSH=D#yf>^P{w z(*1lbpWUwix}KSbRUMK(S7ND7tn(bDv&djoiX*&yf28>=^!jzOBSBI0yheY>;YPEN z^lbdXZ8Q1aa{ssuvUnUi=_*>_Y;(cH==H%B)xl%I(eI?Oj_gC4B^ZLBfwnXzVNa^j zG{)+h?V;`#E6aiLv9ay$wY&?3?4Vzcep9#1H1{*#o90(7ePv@ssjd856AWifQn?ev zAL^Mju3fU~yY4FfE-kPxzLlMJe|Vp%CV1qGHE7nc=Hh5-YGQ>2emX@Ps2lvey^rFQ zqh3Mg5|#LD9@}>tvsd+7KSMj%B4oLX+j!i2Z(KX1x<$#9O=jMGa}LxW-kou^t7;$T zir3 z7Bgen2%d!v=HtF))rV}y=+t1z8;MN6_);i6vpZp>RZgD1hm5cp)UO9DZ%F8tk{s6k zis`hjMo>kC6=7vLektDD2MPNIyv(?LMjEjFF%*1(C0CM8$8_%N1TvHjB*-$@uE+Mh z>cL_H07hOs3B-GK)zY7DT(7Td1DSv0H)t2f#ZH>{pU>8CzCrQxeWO*Go5vz^9ZrBwyd2y}B&q@O!fV#yUnZGBRdpFF(nqOK!#!LLl?` zq|?>RS*{nAE2_A*cm7?htX8Q1rmM40c0}hH_u~jOM>5$YuXB-1y@-~(al4g9Rf4o& zx7l)XCQY+-sb2>drHgFd{rWnQA7OMQf2t{b?l&!=+Drw~3%a_@ARfF}Vpo;7H#Jqi zSx-HjT-V*H@3k1eJIfoa$%IK0-o#Ivg#;oaNrZfbwGRp3?n-^Wa(DMuJlyr$(YQ(4 zi%?_y?f%k+$8MpNB}73_(e+6f^oPnoL-I*=L+M#Sup`g!Ul+}>UO8Xnc)Hu{72L1_ zoQALAP<;(Fbkx!Vj;i0QpaOXtEYvkGQ<)JIkI@#%mlrl8Xol+O)f zGF)3THIhc#uzWcpVnoF|rYmEJ_MxS$*};jtWk2B(C_Dg)Hw%Ua~Q$fNbseSARo69aE$frxW&5WeY4yJD@udMx^gH`)L!#m zFJ|QVNZYmDcp+>P!e}AeLa@a9C>jc!X1b(lDEyrnn;^NmE{nZ^$=~BJ9BY)~4RqF0 zW7zX%v*OU=uz8pJhM6^v4j&49Y_uc;UXp#QD%BdaI?qDln!DbK0o&)lg*|U?;3KB* zuDjthxt=deb;+x4Zj&%f(%<8JsE%(NECK>9ND1%>NIDY>@cabj*FWviRo5DJ^}Y`? zpC=u3!*Eu~#j>yzA^#-h>3SIGR_a*+Bb86H147H2&-=pt{drNE1~_+iaLVSZO>qQTehxPeX94J0nN{DEv>V-P#8xo-;a(S<9=`0>gf=Ey(lCC{vL2k zRcny&zp*Ds>pkd^0?{q?nOtWhm1cY372ZR$d|_eXAr$ocYlL3Sccq8(nc~hzh&LsH z%Lk>Ap^f#I4V-5b27PP<0A&BtV~n6eIrCOF50C36C@&8Axj=1N1{N?nuvgFg1?r0F zRHyAEL*MwQzm>|M1+uws#S*^Pxc_jvR^6zf$jV{nA^!xs8sPv=B8ZX^)W`l8* z2w3{?DP0`2p_?I{`q37xMloh+8aVkm|3pRn1bkZfTnB<(=eAgzl9v)hERGa8Y@4#2 zAkj{9dCz8b;Q~zcAM~k{6!W(Dhk5=jvUnxb)L=kBE!^*UV_JCWt!;$>1_uWL$D6}T z?!_*&#=|y;9yz_%Pw^t8lpZGrGk^Mb5CBhBft!JgsTv#_#cURa&zTuVXY_)S`h7(j zA)@n=aEBDeY($gk?UrmgGFik=;#u|jo`n{0IW?i>aO|nHjh}P@J!(E&PW>)tC}Pl| zsr5*Y8UlvJ4KaRYce*-C61j(@k4Nkjt#vEOJ2x0dwnvV1*oi2HA{fjh4cflyNYNy1 zn`=l`pN-+gHYZW{f#xA2i+zTI_dOgi*YoA;=g_J}i-Vsv)^JE6et%Jz0G(CW~xK= zM7*Exj;Qt%7ZLlUORmT3b?8(pyCRn@x7#QY6L#4eK67z=ofJ*!WZb&Ntjo8ksjkeg zZz_Kp9FHX6rni4_*?YOqqcP;p5$eYS)^HfyY_`wWJ=*`8-^K*gcduWY1#PjD37G>% zrlzptSXA$7NIIB~*Z0w~g{5iGysJwq?k@*Celqb%Y{C?vnpi<+y;e`Y3!zOn^3u+d z_Lr+meIFsE2@D`GVKFhRs;6h&<-*rW!c9TqJdPxw_2fE_-YsUB7PI2+xg+gQZR*6W zVg5)e(Cbo>w%Kr9n~Hhw=KF7@G&46Zp;+4nt1vut-}bIo`={SPzV*q&Mk5Vmb~R0dO)X;khP8vL zR73Nlfou*tSJMPji zsXmT2k>=V#F{_3*T#x`%+Fl*Me1N?C#&tlS28)~LnnQoAqozKEk07=&WMG=1U*Qn_ zxsqqQ@YeGELgR?f=UKsMD&dsL+L4a$L&hOSzlAyXPM4RG>t6iy2Z^R~LM1 zeLnCJ=6$qTIog~^PBqYfQsGG&VPNcfI%W4)Emd4@c{lR+{}lqqzF{pwA&uH^DWATw zx(aIk6aB$Tjp9#5Ydq1U|9Z*Xj8Yj^gs3m4zYNIgF96%n?7z7vn<$Bq8?*6b>k8sV zCWP9EMLK*K;CGV%F*4xzrMJTafO&V$N}a&((3IyM!)5ibvuMqhiK*tyqVmxn^ZYos z9lDM!>I)^+4VYl4@A;!T+xhl%;!y1TaWm*Lut?=-MAeGR#!+I_DeyZ2~-Wv8C?8a<6-F$yfo*NBxNSY8Zf<&oxVoq?&$7MScuimu1K|IU%`8h#~I>|vJ8P%vi{Og>; z(}Hs4d`0u!Q%S4^gt>%J8>dav>?}%qvxoP})~oP_CuKvicS2Eh7f}Nhm^FMMp|};1 zKfw6ZNo?E`R&mp(qNW#Em=t%$`#c z62b;suSoa<70uuyRbpV@EY9C2osG$~CemBK0JqIbz7Qft@|jD>eu1H@nv zJ#(8rrDSfInz;beYLk_P;*Qu@n!C9p3ZMw_Yjx?!NWGCq3`p{|Y<8U5`3%Cs-Dr2jyqD6Iuph+s&wyVvm;i3!>#QO0A1j zOz%Dgg~Q^oLHgHiAe{Cm@0qqK+Uo31$uIKEbMo6;9mBzI+w|ST?>9+RR3dMzOE&FY zK=3Df6?9@cGi?SUemQidbIwiBk3wTBn{VA9;eZ4bo1X`!zNj_u#>UfmV_7 z+Xu1(+4`mTp|A+87DXR*PwtzOr^TPzx^*krbiTmn>B;|I`2XV6-yilT-ueW+u=ff6dCiHaXv^Yas@n@E)+;}N!PPMBtY<|{sXNKHuvqia@D+!@~~u^XGSaJdoT`VgE_k zo_qSpDTOfOaKqeSw2!AL;b!g2moHzuc$1em)ZWW+312epKS5&$`pDs?0>m;&IA@7yGu#H z9SM%EyR|&oGDeA*J@!xZEz@xe6-@8o;NW^uPft%u%07an-f+SmAX?!01Bep9iu z(GQr6yxV`EQ2eR%;0G?;7c*3EN(9>sCyHT=Gy{`){~kb)-8`$Or+4bqDMf>zn3Q+B zKK>z`KQqP88gEVT zvwlrJ`-3q0@yxwEGC8&Fn-}G#4G3u?qx<*nrKF@t{q@_6wbcP{v0zr~m4hD|Z4f+O z_qUuH_XPG^E1|IP_>1#buU<9uX-(v>Fcbbz{rmSa%sQ8#;p&SnstP4}3p>dWZaz`(#O_^*|KBj&M1+i zSLlx-TD^(P<9w<-GUmwXqh;HF-uX-3rQLZ4e^Kq-GWzC(vw7f$E%^suo#^$->*IQn z#l!ut)i5o*gGujeg>%%L)$HU%AD>va8j!E8y_`{tLZ zgrwtc+BYUYb``oedKu4^Hnz64F+0)+;2rb3TZ`PQ7x+w)H#B5K>uhm78&eXwGKIny zf-b!;?{%T(`b2+``v~Y$8cxjlrGU1HcRu-q=Uy$ZjehswRTfa&vC*(<`fF z>yv$@CO~r%JHg(IEEp5q?Ynkk{7T-y$6nfPgubfL+ z>ao)5AeuygkCFTqyV@|8cF<@IC%sigyw=Rjj9z#zXLsP#f8I~Ts)*pJHOUN7-mg(o zccTZT<{8?dC$nF7y05_1-rgSkE6DlhpMSQ>>^~5*_%7Wbn7Yzw;+WT4da3cjPK7e~ zYr?Jz9jOXreei8h`BdpYP*6gxz1;jXl`^*aNz=2I1E)CO{i2cJ>J`ZyLeth4D7>)< z@3lI1E#qQ!&=|nZD0J#d62!SJz!toZC;PsCxLaB&>^zh-izoa0vMu5fF+^2V*^O_l zU%q?+5#b%hdId|17z-ar(sYmF&ZVlhj0Dq&UcSvwmHN)8W>3{SIXU&hfwRSwg}0k! zj~_ptaq4mtk0uuS7n6?=ED@r$uPojgLoDL?`1nX{@-5kW{GYRNP}I;aVvD{!N9O0d zvc+Z^2H@YjvSu}2^--)iz2KmgsSX`HVwz@Bnczddjm8B*3O7)!Wn){IWz1)8N0K@Q^iUd2v*QX}z6DLIe^--(v;svmT zD(ak&DMJ&icC6122+G>9rQWms1{=#w-lCbDBQ|LsVilxa308>PsKbfn&Uu8m3BLH{ z61C@g;v$rq920V>`oh&6ohrRmf$1%dIU+%md(S}p0X}`(eIEFYon_7-@|gxIQESiJ z)dxJ*SN@hY4ZF~lnO!XA8{7yL`*Vt9%{U*6c{?{ss$8Y%PzX&RYvkCZyA)lNQ8v9b z-TeZEKki;NSI--#04|Lq7BUhNLYoxO6_D+p7>uvA*8=dxEIZtAi8l=jRIw*TIjq|p z%0kQNFr=raN+$Y#J(H6Oc9O0d7>-6c6$5diHj_jUlPo+ayf?PIN8+WntTHlK^u~QxCxb+bRl{@SY1C#=8A(SIO zzrD>m#beQPgBjEknkdS*$k7e~&@R@zSOINv2s%amfRA&xAus?H02MTh4M9`$`OXe5 z11BCG9sTvp13+MVx`9^x1tOI6V!&>5Y0p~| z_v7|zUaSgm>*!i%nwh{H05mHa%f-p*_{ECXSy@?vi!jB9Y;uU5W1LEpZtP(dh+<)8(OaO!-^zK#}0e7APIXe5PasJu3 zy&Y+KRs+}Zs%~y>t{x#Dx?h|z0V)6v2XF>K&MR;!%8wM!*+Qscv7%Oj2Ax+5M?+@R zLL!mnr)$WN+Dz2ca$&68j2o?BaVTB>7ru2EFxp#Njl~-)JTOOHT^&?)9Gp*dnfpz( zjiP{o;`!bdy8~k->qNq&o&4e1t}OkeVC#3k&WpzLKAO&Swi7=)~~IjGekxSAvS5c*tzG@ zC8BDTJ+?J!D15Saq#g?IeE6`PP3CZ+9~~8sydk8C16m#94Mv&l++UA^_L zEN+o&5{p{Ylo4M!bn0Nj4|A2=nPX&$QJ^yJkU!Dh);8Po%F4^j3$Lo-QaDHsWln#} z)`<%os|_D;%XCt&1eOIaCJ_ilZsooo9_?ZA?^keoy>gtc8TwV!)x}8CRM!#K;G4@+ zm#HR=p~`S;u|u8{*uBuLT)<;{ySee9o)cr1TPP=PzTa)} zSkYhs2>wEEo+FF~^e;^n<>od72v^3gO+blPFOTa9e$9$|vR|)t^bDZOIBfbPx-$cU zu-JoKR#Cxe*r8?3W|ozeK{fG70)(KayZ(Z>Q6q-2;=*V9J7QY3H8lK18+@4g0x+Fe6>N%X3wM6R z|CWc|EC5q7LPuJ-fR)>oiHK%kcu-T$MCE9YdH`$HW~Stl7@SPTn7W2*@hDC#q+3Mv z$X3C~62zhHu->~&OIJ3_slg6E?vvDD+jMSw1v*pl#;0ySN0NuL175WSf7pr=hNuuM zOQ_FK*#~5Wtn5tBVPO{ad3rj5;B5cq7z!UT?)FR-g*9iF;Oc$wszXCVu`1)}q2+HZ z=T4*O&ssri;o@LYfBm|IK+od7Y-72Ze)dKMZgqt1=u>}MHvv`Ck=ERW+*pL%D5<3| zn<5e$0|kW6{U;RnO@GR2l>hI{^+LZF(lRbad1&)XwfbexWps)syF#YsMQ5 zg-|~$$eC!2l~guC17*EJf-)eRKxWQ6IVGm2kK{WSa8|*vkZsHJwcLcS2jy4pBi|5+ zM9lPy*iNEJHO$9q{By$SVDz$ao;gGUoClo42nYp82A)u#NtD6lAu9=E5OPN#nT$X+ z-n`2&3qs>^)8nC)-3#iNkBfb--iY}M`cx+|oka4+#Nuvu^p&>449JzAooH)ax0c#d z9V@WH2WFUM7z;adjA6E#7%X0PHF#3L&ZB2Wa!WH23978&)htEaYTQgg*i3H-kH_Pe zm6fr^PytFCxUqG%=cWc zN~6Qc>FMr5T_OiX+_Crg$BqsgacEr(e;H~DbFooYMfWPOs=Fe=01ZkQHE^Vgg+!#| zuC31WQO5amL**+gD?s<=?%cVvOUXEf^U1{k32aOH_4%66IBDQbeJ`RBc-YL3RnJ=)WGlMX)-fAqJWV*%Yo_Z>npuHDu zTnWM?+03bYw$?j9%jdXftt6WbmR@RBjt+nYXj}MGACK2Z2ZPLkng}ap^%V>xk9x=y z%z-?WL?>h!!53g{+RT%fma#Gup!U1SSEp;1?z7^cPFa(fy+Fu|8Ky@Gmh*#ezJ9(- z8!AV~L)6z%u766?^QRM%EDysc+c)wOEFHkRgZ5-*`a<`wS|~hF$)MqiV?tLtoHpG+ za{LfeqLDu7A<2U0u}5sN%S#+-0d?~37OsA!f;FGd2eB?8k{lLYUh|?ZEZJnC<`4>h zIUb>p8N@-W#LkRA3C40M_KJ+;QDER{iRD2KpHKrth~W7(d_za0UzZD z7Q6`J7%~d@E)%MB1SG6D8Eq4j^@oR^LaCPrX<}(n}N72M|VMQ zAOzqNt1M`F+*D0nEdsG*2D(HAI6tJ~wLvh(+UL8hh&Ti;OfBPj!v=qaPCDoT+VlP2 zazGjqcYV>yg3bjTm#ORL00qgtVl5*w3AjWOJQ5ROSw0dt9a51~v-Oam>029{CKg4l z&iL$7;Lh|F6c)}^4tQxCJ-Rm9Bm7VFu|tUP^(MvOL;^w6tIklU(6}F5I+f%el!}PH zDbog~nN9~mKG~8$31i_?Ck6jWFNh?VVFUqVwX4r9l=%>?NLaK)(1l8|trn8T6pT6l z2v*C3`5h_j470_uHeA@~Hby3AauV>k^T2iAPV71nH%^9PV>UY%+PuN7nn?EKC-@gr zLg&~$_XmJfDVf~#SpE7Ox7J9)tNM{BIJ~L>W7%77JDbsH6EXcPV)A)xa$-`Z$#jFs zLf!hE9a@6LM!Qa7K9JSm;CdmWnCd%eSFB_}UCc=rYoPFV?rf-{B>7}KjBX=#Y_7UJ z?4172sl=-uQZ#RFXa(9wDo8AJ5s;+x^!02N;Ze+#1ytEsSrsY>;WtoYVNviW*(=Hq z7zn7dv+|z3z;40uVVvnt;9%-v!w#L`6@|^xyMTO+LE&x!&H&kKY)f;dA%8LfT0zt3 z%*ZJy+w*{1>I#uYIywwv114{M`sZx**v%2RY3q#}H-O~1tQ0zeZjp#zjDQ2W>Po}W z`Cdmm8yprZAv^xHH|HnR@%K`FsuM{F|;K_PD0v3IAksUc=#>YkkKG=nB4 zi8#5RvMrE84ju4=fPen`oB`P=6pFVnrXwc<^aZ}uYb(glUm!CxLFFNYO42O51~xyt zt*uR>L!i|WGZI*h5KL!FE8qJ3?AJ5YcHYsPWaa?BQ0gS-xvfG~m% zG)8{!UeQ7X&C1Tlx6}C=ggG!T7!Voy`pDO~`B#r6qDMjd`bFTQ27G^q&<7~cu&35{geGXAA4?BbUMg`@#~E;%?Co; z?Jbm?M=tY`>Oz(PBup>&H1`~VKDM!qmszm61E+}=ySuTicfH_L)Ka4?@sdIt;L=*r7^ojVLEcX1!412){)$ z5ERGUr)(`Z0dz2c^iDlIw95{6c&gYRaWbUglTgs#bn7;5yG07u0eX2e2MZR-F+45YTI^I3M3m39Hl0}qh(WEdYLb>ZPl3j9)Kr#AVsc5rO;2ZHVToP|^*qYYjXx8fn-SLTiZqk@>!QJ} z!9H9}coVv~P}$lUg}2OiI2+uhp{aqKNI5jyo43*z|C3af3w&e2RqxV!{7M?cSiaryXW^XPaYQ6Cz%<& z@|!BGUXC|gDf$vY%@5fm)%&!XsX2{lSAb8h(>3zNvPbjmawqfgs)T%O;P8VdiaS&? zDzKN&vNOl_#}tWN4Fjb9Dru-)RRk&6Z&gwg)Y$asnyc&VKl!RC=XK>A@d6!HD|xQx z-_Kzl(psN5EPn+(u&&;;OKQ=s%BQX0y?L)_iW}Wu!dPUXtXi0vxg0X{qz~5C*+iLO ziO;_o2s>j!9K@I7XQF=>4IH?>NlGL?TpK>ZG4Q1==Ca~#qNW=0J)U==z3xfB8ex%Q zHlW5^t`w}UE2rXq7hReksrE~!*9N8whpUE4>>DwnW|g0$-X_0cWp}6)t9$aRopJ8Y v0{GstGsT%RJX>BBG?JuBGSdHfO>BktAn)FmMTMUzl0u!e{k{0NKkxh>1ou#9 diff --git a/playwright/snapshots/invite/invite-dialog.spec.ts/invite-dialog-room-without-user-linux.png b/playwright/snapshots/invite/invite-dialog.spec.ts/invite-dialog-room-without-user-linux.png index 6e8e2fbddff66bd4e8b1fad7b2611bcc703724ec..910040e20f40817a01a2c4f38fddfba64635cdd6 100644 GIT binary patch literal 25239 zcmd3OWpG?O)8;Y995X{=ikTT>$4oIZGcz+M#@LRTneCXF*<)sAW@cFD-uL}>|Lp$W zDOF9?IW0}=QLEK0J({22WkeC-aNz&|Kol4ICJz7*9{~V7@dNn#6HDZuCGTHg4)UUc zK=~;C0RRvK;@`e1x~3klcxj@kv~j%3#^5mhB;|n=+?M+ZCDEXhjfK@%CSM~asa7bz zUf!TjUmAwd8umJkQBqeoQ|6tgMMO0hq-EFp1QCXbX%?*n*TDX#3Rhd@O9SGN0)pQ! z3Nl!I1Pr?ie=m0bD(eW`<#piZt>~&^p zYR0N9ta-_E?t!lEDv@~<=IckuuOGL~T<;4j6sV4V4{;GW*4B!@-QM{quG}}T>H^qE zmd5^q)jE*6(3uFW1}`3lbm%~J^U<@*Yzt1M{lle?hQ!Bf3T?9Yb|An0B1+b_DSTX7 z1C^`jv?x-=IYl750=k~2-;#1e%uIQif!^T_j<$9OP{o>-i9rB=TodsJ|M&9z$C2yh z=Nngo8&yGpD46lkcV8AJMO=}r1^TLQGHACF3!?_7^N%IhHE#kW*8f(yHzneGJl-ba z=Z?$qx;M?D>KoR}e%3hOwD94K+S<3~_(xaoP_YHgk!Z-RIQ_K{*ChU)vZKl{MdPI1aEm@XOK}FRasL3JuNtq+5fQOp2w$3B2TMZI zI(*A=5l{KlmL=Z5_CV=+?K%8=eIPYYZOGP*&z1DOBk&*daj*(4P~fuTaH>BXd$~)PO&m02N^7>QJXLP3jztR+ zOk$Y9Cj^iDAEojKZLBoj&MG}^DuVm+tM{&8p#OeG)5mP?%NN$hOkUdiW#Y||?uN2B zrT#UpITmCmg+OXjGoB2c`FpMEjIqzv3(L>4;=b)`k3La(6Xaes>~Ru$BL>682w!yn zor8_}v$xW%{)2{G9(-@jyFTCo@6z->7f5kjBiP9V7S2~~6Tk5PnF91Jl#j9LAJ7^8 zF~&>H6wA}Ppb1l+_lhzGQy{)D?OQd+g35#CpfCssg%>!uI4-4NG>RlE@c)dWS?GPA zDU0#muGieN>|26Y>?{Rone6%9mDzo{+hL;F;Rnl2reQX)e<$43w-iso$%U(jn0RHs zcAd#44%`TloC&tluq&U1`pSdTMtCfWkzZ^__b^cZMZnf`^FiFWy0M@@<=zJpPh|Kq zf5KG!X!CWf{oZBJgB&yt-EFJ^?U?XykH(rqqOKiWT_*zz6{#!;8IKfY4VV5Mc7A*= z0v~xb6o;WhQ6dJjZy|HE@UCtP^ie;i$C_yVkr{@KoXAfcWN}cW!sy?<1pH07NL`Lz zjBMUqV1Nc2n%4|3N$(%h1N1$uRkDTvkTMrJlOAR8_7Tsm>l-%~h2~*;XXvrZ>wF^4 zBf11jyir%T+6{%vs`lR9~B0MfbJcPv{*TZ%+o? z2qTbdE;9nc@O3^XT#!B})nhHD*MW_6?zJGJz2_a2t1bG0uT!=cFWc6^XCKpi_&JSxHvzu4yacQe;j*>Zn~}R%q?!?y?t6?di2GCe z*5fyu4Lc1!ss`3r90_K&Zl)vdZ+rai^n9Lb9iY?nc=8qJ;!-=?eW@CUN(!IBNOj5n z_+8M*tVjytWA+Vq&I17G{#rK2mxF#d@$W9Ovw?hi@0ZWPPOo0&AknkkX`)grX zAAdYGHzy?(!Jo||_r znQPnC)Lup;rlfDGwHX{Z*t{&>TzUb3>-C0=W{6>OmS`Q`KO6iGxKAP4cP^4`Ps*1o z^*Y)=IDR>qx4xAUEi%vvNsERR<_KRWbcLl4kxpi{4wC90hv0?ETx5*1mfaP^b_ah`)Bb#K%|>h^z^0tw*_m$ z;n=FFMqxOMC4BR?*DZ$UM*Sz$M3(zmK2ALkVNM!t$N0;hE(QDaZ)C+NM5FEJlG9s3 z#2+pVzSeghur=6qurTN{UB}L*%on1=1xa+8vLNK>Rr_S$8KzJ94vr_*?y)tzc^W)h zc)Ghte;timS^|1N1RPW%G# zqh$h_diIqHY5QFmgG*gg4$oe7b#|opU_vwB57pb=Di`LrkBf57hGPk7fPl_(*zjHa zgkSA|8+0DFIBnaE=|kAg@hCK4O25p6PFwlXy_Fq+HNkC-k$}E-%4n)ST9D`Nsnj5> zo7BU8gc-X{aAJ!r!}qZ{aOLIXp){<%HnWKLxx~p)oc(RD{dLE}^S@8vmL zhIKz!d3xo6#q<1SPIeV1*7=M-*ujz?%S4UV_KMxSdcl%y?Qy#{EAS0p^Wf<2dHHX> z7Bu+j+26(4I_<|BC%YRj_R9x8hrtfVRFAde-Ag0gOWbr77BTKpF&iS1!Pb&&yY+|_ z&tv>=f*kj+vlU9rX89UVLNrSE3#V^5wYq&qudjwZkevIkcJ2+_w^8lKQSgpiP#ersFtZmHY@rTjf z8bim5$UPXUlJq9*c#Ej*?iA0zkuSY?%d*CZDT!ij#l&u4=`Bei2MPdYEe^QX{y>b+ zq3hH>|BljFwwa6gl6!^ME{&K40hpS@wa1NB_U?xnkd#`Wh6z2t8-E8mDcAI3tYJNk z;~xmg9N{r8fp>qjyX%ISn3~p*( zf<~;nqPOFFm~8U*JpJ37SwEa_H+!_j8n}JS$;vUnM9VJ4;R>SJiqhUDsvCv{fSNT) zQnWm;O(W+h)%Gr?y4l2f&TSokp{+IPH{z1a()<^gAH@5kT{jf))pJ*1KvO$js@EuH z@O_lGYq03K{?WDVpr%H+G*NWXjVxE%t19y0Uxj}$rqB7p=C`lYKDr&FzU$dPgBnc; zaJA85;sHQQ&K9O@iYH5i-lM1t?sWA&a+UGGZsbv0rHBvigTW2MNXzi@e(6>JY;eO8 z0ARb5vMOP{xjH^opbGi>Z}BxO^4&4Hiaz)E-Lcttp7ATI8sOh$w7-32@nO)OK^S>9 zu0H7t{$m-HWjv0ZE)({5Mh)Qe7R0uh^pH?lFQCX7@jL$Zad_JLct-_t#rLwaY|*WA zt30suwFa8b&u`%E&_*4}_p1+TaECs!T-xbHh!`Lu5*CmcDjVg)Z$@f|FU@(Eh&XC^ z9>w3!o-9QWyy)(uyx3j2-&Y+6^j5dQd<2$NEFW~wIi)BihuDMEc8fN`OBRva+8@oj zU0jL}&bmrC&-gEFt>a*5^JUsk$;|JgcoGw~#)eB1rK8R}()u{d2iJX`i1}2zZxlaY zava9b8vbn7e)fibSJ5?|=yXPq?znG0gpkF!x8;vQ+0OrVAuP$W-tyUf;qMsN3}2SO zc;jF^R?x$*dg`#W;4b-8-X&I6Y=oLVn!H^FKW|^x#^;~igC?#J0YHEz45?O%|FGr0 z8Ga4fWbtL>tm<1l%==@nh^PNSPna+U!Z!_T6e1CKfvG~Dp3$KtKgNNq4Z z*_)vz^-)W2Im4h)09kVFMt!H;runPFmEHAHt=&Xt*#1iW5L_5-n#grR{j>8q#on>^ zJ?7t#?^mN+Cj@zBNKa7n-iu5B`iVp7+@`XWhd4&54?C$%h8RR}WN|8TiEmri!(JAn z^Q*?|`O_`pn_F9@4oT6_gO<|h57N^T{-KAH+-gs95W@~~yG=b$ebZC(=F}Pna)EA; zXZtp{Xa0}a&48dK)S~uBYj? zRU;Dko({8_=C`BSkm`#c-pr;YOw#Nal?eYk4x0=-TLd30=1tB|4q7o5n;n6z7OSl$@lwD&il(O(--!i zRNWBwKiMf{67>HsVm#fxKhaIjmXo{`*z2d$@-j}iUA0TyCi5P}f2m}w)}PfB-oXs0 zD|qRTWp&LiIP?MS09(6@`5PT;?Rz!(6!A~qUc`LHk3}8TqK&%+%?^*u>iL0kzx;p z1H4_6iVlojj{TGiYA_45PAU_KRx{Lc5MwE|#VtCKuYZ`VuynJcV%2OE(Hgu$Au2ly zXp;FHb$Aujc!VK2lIu(r1v_AW)QN4aI!d=v@4xs7f0yIWdjvj=0a}_<*;^k5fR&N= zRpi^G=+R5MQsjfo^>lxTQH^h{QbYwj6)w5_d8!e$nYax@HS@A2^w z)e{C^_cR*yQYu;+gMGVPPh2}^mEa=!#_$>^^xL8T_P zimSh2@jRMDZO142$UkS3#^{c%tNkUChNwbe*Mc&uTuo_$F4x(gsZ!hxs%en{-OS6b zfNzX-Rs{4Z29F*|`jW<2EoaF+NgAIXud0nSdVYT(YALeY=atWhUT}iWaIs8rAU5Mr z7=N1m>DPX``{9D}lJRH7;A-RY*=J%;j29sr897A*wQ`nQx;m=}hkR}&<$~pC5{0c( zPC;B?;9J$))xf$^WRM?6*0{0euXdqH>mKGGMR-=&NgiLHT(*{R4HI<&K_kSmosa5S zD=}9CAP5NGe2c0%dR!qAjv&9p*L34EqXmuR2OkZg_pMPy4Z6b*NXi7pT=&XkFro$d1uq;CB)ac=GZb?!7 z*(vQ?IWrSJ50u_SwB!o5?t$>wOu3As6d=^qHRMcZki)HaK-N?(?lz)fjsgrao z-5Yl;=4ncPmZzhmZBwV0J7mC2pht*8Lbk=fS}CZ$9vIxsyuOap1RdpHJ=xbzJh9Uo z0sHDD@L?q>c@iYM>$o4=oKNK0@x|0kw0o{mXtelYl?A6%%Pvd_zEZ-HOoBBzW99KT! z!4?ue?3{@c;wZ6i7=ERs%%%>1NWeD;54JW?dWK)tAvyj}^SeRO-w>BHJ7%RS;O zGZaWF&E<&fv%lA(&F$ulF2q3*7zq+bq$?u9CB!^@pL$}dMdY zbzP2zN4ltRqzl|NvOJrEpIj?@Df{kZfz}atuK0NTL`#U&ij_%PgO>FzdDy>r~{fgJi<$|U> zy%L|c2uL^-0R#=yttf)k-r~fzaC(rEDj}sCa=bFfSO~pz9F<>x5LI|gLrQ%Dt`8jO@6rpIS)zYK z@#uHsj?(!V`6MP=Q{Be%6dyC8(S^TU2u1YNj4X_h+m6?3fGmp9@viw&u`NDyRj#a0 zG}mia=x{{=-)l>l=?cS^BHZ((pK(K=0;u&;>Y7kEI(~FE7ljTP?s&1~L!>cX!?c+_ z`Ad^venfx+J^~8ti{lehF6Y^+>_bkq+0+J#uYHRaq2WhO?zIc)2G#CyTUi(g9zbG^ zNDgHUjBx(AYltqsfHa#$VW&TeXtM8t$5$n1Srw0sPB|!`BYuTegTZ*vq~*r}AG40* z*jTPj&b3G*i|&cd?U{Jgj>XaCrEsh7l@6lgced#oBt)5kUMDMrH6#BGhZ*`$2C_Bm zy8icGFwCgWw)+@qBUJHRbh1*CvXbG~ipqv27`2fE%fu;kJDM?ny4ds27GmpWtD9Ns z&m)ll$C$2C{ODP3cLQ~GbI%Vs5Aw4M8%2D5%5nihu0x|Q2bJYky%c<77Q6j#yX&24 zKf%4ESIH`o0D-yR8F3l~R}nJelCnRMyOQaRcGQj4Z$d|nwakqJN%QmatirEnmA6xA zej`X5FgVY}t=UD$jLgTTqeHsDjmB#jUz_&0sXZX74lGXB)ciKpG0@VU&C5?3^BP|s z2GN~3M@TI+nwUs51Z>M&Uo_Mu{@DQowr3X9^5jEyewww5hapcYX`)j0-#j%5=bwe$ z^>%Q(k97u!3qk|FavDB43yd_Bw6sQL6*4?aP1tez(Z7k(njB2BZI_Ma=GE%ooQUilRv%esY&CWnsv7jZggW#RTN><8X790@XAq` zbji2T9F0NW#*`Gp=IS90H-ar{7njtGoIwxU7V@wR6$V7S9Hav*TrWq{20twij%5yx zCeKbDx43`!DZ5rp!OQ21zJsxxy0zT3dbq3^J?mn%n9h5Em#}r?);PB#l$UXwOQ_}Q zdJFTjDo^QX{eV|#fTM+eCwn<{GRySmG0n(eTd^bJT4H>9a>KHmdTN{&Em1<@+p=(( zd69$6hcsfu2e-*gtvf7&U)E!>(D?gimw(27_EWdZ&&ssw)v`SVRt>IXZ3{(lYn)&$ zE43(O;(78{7hs#DEuOj?lo%j9d||6@wl^)0%G%lBTt0n%BJ|M`%3xW7jlILsU`6MT zLRlNLK#;QuT{r&`6?ZPXbYkl0HKC=BlfY_b63qn*gRq z8Bu=mMB#SrS|Rnx?g?@y7?8+9Xxv1PmmZa8Ggt3lq-0R-Q=#H<$b{X>BF5U z5iKu2uM_|vtPPlE;URTkmTPHIjM`X}2;r{?#y74u$W39M^!9^s9UbN(`PX`L_}&PH zF=InU>S2eC=mNiDE-%@vw?_j%iUL5nMojsMtywMUB*cK$(A{uIB_ELTk8Z=%uTS-k4KD4xGqWrf%B znI8ys-s{1B(&hl}gF;}Ycf=N1*8Aeu8WyE!WUI*~ScZ^y)*8@G*t;JD7f-c$!|2gn zIXBn$8@x?`pUi!-kx74c?8JqIQ@X3xN{N*9MBJ68}(KXlpDO=%3f*(Gk#Xm{gUseX%h&jyH zwK0T`)UiCKe45z|HKv4A4JIHmsGxO8Z9oTNDLMh*3JLyhYZEx$0kyV`hU`RpM{@Y8 z3^1)tE-M!yEn`Q56z(8#7cAdbKX!XJEotxS-v~HM9vooHHYcNAO`VJOje1>&u`bDR z9ed8oDmCk0i^QoPIDm#;@`LRVdP*=r_kD5$>o}P0OumSKfJ7(-cK|u3g;<_^7-tC7 zqul}!8BK|!*O9pOjUZ3a%n%9+x`7j%gHCo42XZQP+5nD!KZ%euSF^mQp*)t5lVlEk z#|YyNE=Jzq9sw9<{T=4+Wx%XYOT@n%=xTJdH%Bl4K zSXstk-{e;Ahx`D>Q1aIDKeYgn87pK_(%=g0{|38_BEiFQ#-#ptADr_=| zJ0idU`Jc-J5!ZyTH7-{>)l|9iwC4n10Ez0XFh{W7{r7lmXkADWK#WX2r;f~}-L+@e zk4(v5nQE@81$?>mjJd^2Dwxb_R$<5<9g=cK81Hy7 zW5mj~7~yf6UsOy~{oLbtfL9_)mm3NXfL&-qfvD9tH&ru>aU)WlG0bs)G1ya(I>+s1 z??VMf4q=ANn6IaN1Lmh7Ldw2U5z~4#Bk-;2hz=QKt_Y47t`*EoDoquxAJzSG>y48_ zxS^-z4;vJ(N3T_e050^wq9D2znfW6*eBu`#{Oj$)I{Bkv->DDSrtvsGgNAi2ww6$` z@HyD+_!KZ^nq+#o=H4QhYFB3nX`)+;Z5tW&AKB=CXw=(gO6K#cOg_2iR~mAQ{*YcV z?aKx?dJ*i$?`&vPX3}aMb>y#Kp`3e+UjS68IWsfbMDiC=mB<`c<31iq)QmgPaT2fD zWqZ*BX?`|8T%^A2&oF;sn9aGHY<|@}0om%UJ&zxVvJqT8z$TJ+V+Nl~!XG6&wS_mi zmzm606$wF2ekkn-tPvZFw$U%GeAzno4b*zlv1*!HUY?YX)sfSDG#{G9<_ot#8NSS7 zrB1iWCxa99*49VB+|TV}bQ`OAo8;!=?Q}7e2xok$pUYz6rdw&4s;_R$YE+xljJ|VX zyc?OGj$?+e8>ocpBYZPWQqamTXmofr)MnnLM!3W{Cul%g$x~A?N$C&tu%Z(;X493B z2;~EnGhPM>>VWb8Iw~#YP~+)_D7!PhHA%?T{F>=Y|B)k5ZzRD!g<@dwmq{9HQcrgnSR@gKn5nc439=77YKYlghnXXwvNeNL9cgj3QwICiN*$tWFJp{Y zV;BHeKEj|)DAwi!xm8aCs!VCOJm?P93o>Z1X0mgc4)R`Wc;J)_S-alU`)*=MuGcy4 zad(E(8Tm)#R}^nO!PVyXQ;--2L$Laos}7qkzxgj~k$l=>BmLS8f_pax|D;J_x8iKp zVMq%FMmv7;)4i{O?#L}wDju8VLXkj9_QW+}C;{Sp-AcR%Y}pv=A3~@5IxD&q4iW=g zIOLFQvyv=t*KaHzTlzjZZp(#Cp~di^ZVo(g!9@k2z|ByhMr}l7jCIeqFIg?wQZ4qN zPJ3;l?9Xk1shIwsGBaw`0sx1XWoRO%26~bi60*Lz5E8 zAsMW>7S{3lnr%nFm0X;hpz}1@QwdCW)VJmvpeSr}WXx!5^EEiHc|(p*ER{B`!9GzN z%-P7uy2VW>E0CnANvoER2G*51xk3w9=QX5-%O%{!X9JVDBqOP@}rO z(l@QGhPS6!v5;jM{9?8FXl?B(AtAVZnJ36kkGUWI&ThzWEXR2Vcdow_K@E3(FBA{P z0%Yst%uvTFR{HguO^Tsylys$ODdlLU_$aPCh0O_RqvyuuKwyN1OZm<8tO~m<1{)K@ za^al1$EWR;*+z|~)ma%@kR&!LPP5(7XpcbEL$E5}RIIzX>tx^bwrP3IwPltO7110BL&5n@f0mZP5zW%CgA&qA9s=JBO`U`x%&V{bN*+;3?Z(2svgE%_>gG<@RepjKEw;oz{qV{QsH+?3J7xCEUz2j z^3u3C*W@N+`96z8hLt7IsrEeVb4$dXJ zXy@RNQoc{YA8=wWC!y192EMInFk<>0G^eC&x8kDig#HY-#W_K#QP@kK)eL#;lx>E(bM`syY<6GRLWt?n>4MQi(8k%gRQ%bylV+&wl?1tAfYF?mEAiN*1;AaH{Q4 zjZJWQktxxnOZYKrVzPtD9{xh(yzasErMFjjQ@OE4NmE@njY6VMX*+#*sKom4_nouE zVR1?= z^J`Ykx$)cY3>|iH28JZ@yG1l=IkQ#*p94(?*wB^8}eL?pgb3@owS&gpx(`_009ch5x%52`WVOCA?_4&bM4>SwSiz_%f^6Qj{5WbTm`zb76o@U3W|39Wi4Eu z<@%^n6=0rmt9393i)fYNYlXMtAE^qJ*qisfazhV8Ch7tJXk0%zx64G^Da?^hVQ8J! z@u`3Jk!^e(2-voW>Zy9oZ(d|Zgb0LRf$y-%^FnyA^{UG*?X}gJO-P~jIC8YP2roF7 zO;5!{F(RUwDjidftKFv(Uik^dwJINihz|f>&7W^;ly^r~F+SYTHZ5XmS%tl}8Rc`1 zdHa0K`=SzWS1r4IdG1>G+z{MG9V!m^M!nEw_>nABF(W?aJ8MlCsp+RTNeO{^~> zYyDg)ps{3Kh;c`na3d>cto^H-T;?qj?Q$7f%PN5Dp`j|if6>g1rGu*Z`{hLZRA?2Z z(3IB6t)=u4dV)V?=%LI4M%KC;zM8&Xoq8Sv2F;Exwm~8l> zU-|hW&{9&Z-Fp#NttsKNhzq^nNNCV^XSG-DnViM=wro(9OL@}P-2590(c#rI@*o&6 zszYu#qqrZC4Ta`~wB=or1927V5H;&szEaI;=q5oWr>-eydl`fI!9-Ti)BL*OPhc|- zrJP66wY+lBtQbebWq0gs`8GJvP5+5CN$J_i&N*WC2d4+zT)qfh+VkxxEW`lyC*!0|QxcM;o<7xYOcl)`x;b1% zm^t5p>3uuqXuFF2+}bAp%ja0ufA*&3zlqX5{81_TR8HwwY`au`l-b=<%h6L z%fuPfp!n=`yQi+}1}!WKCwWEDRO%5VOmETr`>iqY$=Ka}++fy7X1R;K&*BPn#rL)- z#&IR|S!ZW2A|stIZtyNy#Bno6U*!3|-(Du&Py}BH6>aCC_kqG@pAqIPbHLWGMwLIn zF+L4f%e9E-X`f8D5w1%)9GA6kHhfWpx`HlV;FFrQXcK%oH7N8217W%YqtO zOk!^HwUgbfTp5Z1=T$(AJV|TErElPvaQWcVTvSr$*oPl0_r~6O!mE2T2r6rT_HDgy z^Rl2Qql0=eOk}kuHR@9F34CRha@Fp^kYgB+9^iPg6qifU;7k}2!U%r-LU(2=;b{KR z%o6N)j5A8--#}Z1Na`W)mY%jOSHqs5ov%z&5;2a{Zk770;8r9#Cf?Tnsi!C!J#o} zY#XW~M<4)hRZ<#x5Dg`fT>2+_Sv>{rJFrDS&5zs%Hz-~rt$nUyh>D=$;j-Dwc}t0%iT7>o z0q;L)xisr2DQpfd58uH$vK}dM~O@nc>hnJHVlisqIp~?@mWRLxy~eoTrBjfkU7fPf>m6oM4nE z`9zcre2H!^W&p!OM%;{7MU_z^iEWTl3TCbdZ{3Te(qw*v%c02m)+PbLgY}uu=r!vC zt-u@ii}BTcGaQN`c+7Kv+T|ZFjfAmFi5tP#ZKC1$kh2BcONHX=*sq~ur(+?3FL)-X z?9YY!r>XqE3nK7e&?_m#$WGygPIc0{p7e+M<=%Wxhp>$J@Eu&@BtKM;92D49pkFH7 z2wpRM8UtTYcV~KvbTD*Gq)*UOl%NXj z2M0tt4jE2OW-!t|F*2Vyq(XUQIf#4CaWAA*e6Xqynul)Q;vp|&F?0y~+H273`h1Q? zi^=tR1JTULn+>^zBW&~GvgVzakOX;(fk{+WjSzs%2=djwzEq2lZM$#ElYr4#%TUeB zK#-@KYl43MW*~h!blpwu)A3y7O}#q@OPKZ~;*g(d5u%?7600Ji?uUf!pTh79`?{@06EU;nK7Cr6ViZt%&oh5Qxdq2GIT$lVbx7CX__%)t;Ab6=`eu8 znUYEM`g*CUj_Lw_`}I}owQC69*IkGu7PW0(akHE8OuY5AIz!w1XC(5c$lA7x-G;ebkDfyoubir*8{QOTrWk0 z3l!ouQ2&RDr=DvskKp zcz5#8*e3-wXAR2?gMPL;UVuc`?YrIV44%E-cGP}|B6_h3lBr<52jOM9Ju5!^jR`8> ze5wr2Uz&P1GeY9P<`LJ&rtQ*XQNS0*PGa`?2>vG|AY8Yu z@*uD-bHzHLf7@(vMih?{wx~tw6C&W>3hSZevAGk{?7Vc*p{OzA;*+(dGdF)p)BAlt zpxojwA;6(fA>&jNqNj9=KwSa?IPXxpTXg>6SP)nTnfQO9I8>rUHV_x}97-Uz(V7!Z z6i~)b$hMy0Ppv9Vn?69L_*J1=p+#xcFHA~=zuyAeF_?*NE~WP@1jyenrCsTfxyrii z#F#mp$+26y$XsTD`|5-?+9y0~wleBLL3>5r#^aF8Hu_YeL-^|2;C**IEjv_zRlU`< zR076A=(Z;)K&oWQo}?s^v=q#zkvgUv+T$kmp#-icMc3UtR@z?$L-6$FOtz7)0!qeM zQxd-=B${Y_ct@0I`W;cz3Gs4j>~4ZjkTPI@UjGoh$LxEVVmfQ07gu@&8s^e@?TZW_ z@w+h9eXy674s0^i5|RxOhX@jg;s>Q5(cqD4o=DSALISi!*udJRLX1}&3p=1M36*Xa z$lh5Rgx%Dd!pZN^NK&8)9T{j>9Q z9bk#2En})VCE}IwE&Jt^wqzh&q(zv@&zDVMXGo+$<07Rt917V10(;Utz@Psf|0cwY zz+HiNwrnKE^drDI23hyH9waWH~uzFA(aP9nNoD zGChzhYP;@obJ0v%WnIG#CdcY~ErTg+BbbA)*&tq`8JuL64u?-{z1(N0*vz*QQB*)? zKW8lk*I)@l;4b;OQ=w^jLcr2DFR51Pyk4C-@og@W?oNe|m;{Z}@4L!rd7?5Bo;kdE z7*4e6-jkgXU^(8GS~J;;c5(`{)`}adf5u;@x$21cjA+R@^>5gTIJ7eH)rAJ>4@yj` zk5>2YZ{APasbqdUrHBoIBkND$7FhA+@F8Ba=f#s8o{6eQ+N-kjZ6NGsQ1Hr`n0}`8 z=Bw+ENfkVy2}nl{65Ig^?0Kb+^AD42cgi9@5;HCyYCztc~l%TiOOMVRelM}eg8J}TADQePq2q& zmbYkmabfp2+kL!QJ7n1Litf)JE=hU2Ii(Z{qt2`Gs07w>ww!V^I%bi94#ku^;yQC; z*9cI=N{cMy3r@m~JLn6t_$<{Icn*m7B?Myfj58v=JJ)94?d4ji)z`tO-a;HT%v7<( zTb&w$_}G*O+f+%F-OAjW5jQ-a4iWe+q%y2Ao;}*IPyzG3*5X#10zzos@BJ!r92Ozz zY?8sIrnTp~dPAr?Yd!T=IV@nvz9R?a{)8bzcGkQmrvFvTMgOOs<%?L3>a;^m5N^Bw zS3n@6Qc39I3j5+yV0#_njz5q?D8Mizdo*H!W3nZB~n|zOqIp z>LQV?Nj+qt4v8leXh_AywH}fKKk5kr`ez4d6p$T@`en=}*W%i}1*xy>TB??AD#U4? zM1&RNA7Af zFoe*hZjrvB#I->8%hgW{#sd_1Aag1W#o(#FX=TCu4Cck8%8+}pvW)WT$hrAggTr?F zJ|H|^&cjdjaI!M&g*o%Zyu{>ATZZACl7DI@yT41Ybm~qLv@@9{-jYecoF~3EekGHh zjNXV6Zq6rouFKVr=GU!%{qDRLN?IQ&Ri7#_m2`ZXog`)T?IUDT<=(cWs*knv z9p|4`)c147YhJF;xE~@iGI0DM0M~|(Rkw2`U_jp4v{Xk0KZGYY3yv1Xr&au}^ z;6tCa2S4!@i0~kxX}e4h^}Tv(?yIkqQ>A~c*(Z-!Pyk8eiXUYp3VwBiOl6+6FCRJ$ zD!9yOF-#>VfzJRKV0&Rl^Rvp4WI}MR(Q8d~M=hHxy*t=qG8-DzbH62z&WVpaod6o> z=&plRv{{)d@#VXgUQ~2!x=C|q2Apn|=#s#30pHPF7%BoHoGkg{q|7tsDA#`5(aBbp zgY(aXl`)m<1uh`g<9Rr)tckQiC1oVK>;>i#XO5tbA|7%?pl5D6uHhtZgC+9fvB$Qg>9j02=nJfqtVtoF3<9WoRt->v80{{?st zve+fv`DaexKS7hys&)|1hu?qjAha%h&Uf+1mwIb^Vw0TvCD>d)gr2cU3~7q1aqKr# z@!JUhsVNUTJgGRG8Of{Re0=_9@EH_k_$tG`sdoDgWs9Q0I7RW6i&_#NL=L9g_!W=k z<&xPg&{5fbImpvWVEs-Xt@g>gbuBNCuL;A!%U(E^wUb!~fKTC5SVR+XgT&JYp|pY} z`hctR1UMJ6ZfEj?%jb@CSU}N(9P07Qt<<8f59z3r6U(gF4xpV=Ux<=0d*F#SX%L72 z0QC{#izFEd36lP(_W*#@RSPTGPgFoL}3C1=dU?PKQU=jw=2j4@lE73b!Q~+I=Rn|iO97ErwImRb4*qoFTw}MYEjvpnELzGKoh{TU zobeDdHq1A#+6$s{h>RBd(sL9Vfe=7i_hPMoC&W5!ZP@FfTxG|nK?n%nA4+w8N{13S zJyN_ka9=+fvZaUk{-ha-w`vSAIdz7s4fh?m9uct&h`JFJMZ}z+S3-uygiP%0zmSO8 z>FOKUN(|tWBe2o+`LthQ&R)NIV&85yvQP@0tP0lg$=S*w-iTVCe;gM$)=UhU9p={7 ztuX+6#XTQ7HIzQKj~Y!04rh+1HI{}C1-75o-9Z4U*@v#G-}5U}u+KmPi*(gQoak$& z*Nt;dwQvR{;iYE`oq|_CGy)4zjx^ucho;?CJpO#UE$-S8`5fC(2$_hGYxb=oU2TS) z1KczVl{(5%cPYkF6j?94OJj(3VnE@4wRiRLOzwYwjt+IIBJl*g0DJT5Upp2j?EW=WFAF&kz!@-R#5Y@Yi~*Hb|)X5FcK z=RaQVn_5ojL2yZ!2E0YyLf-{)QYNec$?}5=uf-fX8k5@Oh3(UlI|tYU8`)=R7D(w7 zUV|xRwEF0bU}C3Vv@E+VeMhzX-Le3<-HSy<7rUjpypzI0=Tr0Ryo_MIulOpPpq~B? zpPL8f!}=XNMoG;I9SJ9}FFP%!4+#Bq?Z7r5=uyWbUl`ozxYycO=|>q|O-=jOo^3Am zR5W`Yu1`D?=5VNy_vpQxF$oTCeDcm$3b0p3%5Zf{NwwnN{&P1Y=@6(6q*eN? zy2S12;%MPlH=9`9m0K}~PN@Tj{5#QWpK+_jCLAlNppcU`29HcEB0aB5Z?4{SE$&>8 zO+2i9DVqGohQz{v^zk4S68sOvUP^Dcy!hnw48<}(L$33pgqSZFb zwqwb17qyk7IVPXiU!-*J{j6J^*fIS4NC1IgZ@8T27tmVs#8)Sjs$`vU@vT-}Nrk`3 z*Sbz26Y#aYWbEs7SQ^mI1prXuxX?dpD8Em=R2Q^Iy0zP=IoM_2)#M}B7&7wSlovG; zxsoAH3WuB?JB?(!M*6zhO-I}V%`Da{e@b10$VMwAyOagrE2{K7sMGN)`+w?s_5WSh z>x|G_GzCd!yyZREob#TaY}qSz2fpg6K1-p_ZYSfWvBAE;UQ%9-2K#&X*rlNJIe(hU zVQ^)}O>^J0VsZNuZbGIzlt!ase+GV@j)1Rh-B$NMynOX?%}HCpzvEoZq?`Pj-Ia(# zUk9g=jpF{FtIZeN`d|juq_|^6xEUK;<0`$@BD5W%}Z`{uv(~3PoQ9*^`6nVw(K&S56^%7I0D@ zKg-6=D}4PuNkSJXs)X#EQ2nltdT_{hyq`L6Jfo6jw&nT-_08-|uJ?*Sc0qHRL*B1G z5SoA(FAZQ-=@Z++?gR2&l#pn*nC=ew2ck#P1Hb6RN}naYk~K`5)H?*-`pM`x!2W*q z0-q`){nu1XuR&$L?33eC9#M#6q^O@${;3<(Q!C2&-Bn>(N?ePBrPQF><*$gQU=Y^B znBV?Bd8+q@L+q!e*P}nplWvn83PzC+(x7EUD!|1+PettLVlt4k7<^@9kfamB7=Id` zUE)K|EomSbzVBLkz9C^%;wh{C-u|+`d8rHuWi$Rp4+HO^nHgQRMqhY**nj) z`5RZn!YfgQFnA=-ltcWBHq#>qtZHR8KE3TRKN36Qtq|(8)lgYodG%GzA zyx7Q1>A3G?XpC$`uYN-4(b$6^{g&vJzimTq*-x-Jd34R|(qp2>LD5}bb`l4iBOlk{ zTZ1}|qN6_CXx$LmFj5 zXaVu(lG3kVA(NsO^5|umqxf;QgVTI%v@UpK-W$6bsAf5UUr`9DV|7@n1eImmDXyuk5)1?G*rRRYtX*%-o6SR8G43CZkQu$zqZS$Uzsdx&odj=U@OLI#CuIa7iyD=}MJ58)88u|{Zh z^@kQXSZki$puyXLT8@o`%#X;*!m*V?dJ)dd-rNHO(Z>&m6TUFtB^s}cF)`52qDEfb z5a|s;aoov#h~d=QXQM$ zt`VckGi3Z7$s_vuSK2b2bn!z^Z3JiLm$tk3q&A5K+ALuLyR(R6AoN5WJ-?i(2`)RR z`;PMQ7C-le?49;dabaUve}SIU6y6w4^Ku{Q%(D^}cD${$a48Lc zVdxRpU~8IY3EE6}(lKLX->KZw>AX%Auf zDa7}A-t9c4W zw@s8nADCr_uyE6(#eU$Cz)=;-N{%f;UvH$oezvHrpIN&HWS1Z0LFW5FnSz^^ad;;( z*VLNt1j$z7R$O=5;#e7qpAZz~(1=E+EF_w%#RZ(Ozj2^UL{(a%rW3Q(9PWhAe2haj zi@%c-8P_*>m}C-_E4Hw~+`^VG5Od;z|6+03t+ zSC(nLw!^Y)7Y#P~1WeE~1C#!+Xz~9(z2OJbw|hF0h1RiK!|a|0S5avQ-}cI28HB=r zA=%R4?wIAZ)Z6|i)-(t}`z!p^sFe|$DGAI2`kW$G->f4B-5b2^sy*@E^Mm_Aa^=0B z(sg_!|4f#BD4`(iIDtxi)>a-w+n71u_%@SNSsVS1&k({B(uD8l@@xx1v`M;dW<`~z zF>6MB3}F{B4LnVwLfKIRW5LNJa+VYB9d{Y0k+E?^-^s}_lsAZP#}#{BFoJmSH9@22 z^Ybj#vutw)YE3-9F8iJXUiR{!BxhQm3m=0?%O+HsU#!3ci`sSSR4f%c2hOmBLXci9 zqh13FMx%sO!h!P0=wVQ$GS+44U+?3JCIlk!vMmf@=(piyX;g!2_|BmBC)>M42m153 zVWyv7;pOOV(Ugq|29{cj^MZ|7mDMyciAOS`4R!LZ^YEqHD9h?TI4X)u++G+|_nWFK zcAxBrUt0a`*nN`)tVVVkY*Am1CW;)h>M8YN;~Qoi_kY^|FngeqPezSa*{vGPw;NZq zJsxh`CkL-ZX(8pVoXQfvWsUPR9zt(8E%kDpCn;g>kjhF;To@%2p%pfDH!iV$%xOp{ zv`v9;{M{wgzaw(n2pY6UhlVtXHfbsP!Ks*kii-B{XjE@ikR~$48chVO)I|YfprAkR% zFmL5+osh!8!#0o-i6_JBno^O5mp|(7>|pRLpGF@VnwY?pAko-LGTT^Kfrg<>O>!pQ4 zq`SM@xpS(Pl@+=7gC0gj)h8q#S!G~xQPM_G=n?lZz!Tp*-A50@Dcyc$epCf8Y;}{t zU=WGKj*i%G-;B*XF)F~E0ml9pB9RD#!CVgVQ0$w(-{|7)y?XTMiF3U*Qq$x2zvht0 z$>OgFIuSL?M*}&$-H-BcYij(pVks4(T!v4>+23;|_nB9@ha}nZxlM_AcK`BlyXVpc8Ch9G z#P*Veuj(q7zUMF?*$#mUxt*YUrEQ@@7VgAUPj`_p+PpR!2nSi0p}@M}JqHiUnF=OZ ziN-G^M~2Ig?q)V_Bape}D=I1~2dN4Uj*dx2@w<&YR`&zBatD5gC6+*3o~%nc?e|cb zjy-^qo~G4<#>U27MKhi&OKTJfm|sfoRRtWi1V_!2J32aC@4l|hy&OvC>@(W{cO>Xt zFxXnIs#U7SDPFsEh<6YW`Cvd(QyH$}woriM%;nKj?i$yXeJ^Pn_V0h?Y#(Vou$~$F zrF-g%!-7n{BlHB)STS+;dfZ^wueX<$ZjFJL>01K%4ZTik(}B`VBT*)+z)+=ml_IbU z5S^|Kv`X*O)4eo$H+N&-+Ux}wuoo;9ljb65ik}&?Hdo)&!?(8c7uN!xc)qW%za?3F zh;3?8fv;@mW#FR*3$zacYyFEh=EKoht>4y0Q^a+Qc|YlqyG{|k-&;pF_SM95<|(;~1n?no0a#zQcw;-Jl0W&f72wchuDGz}oy zsUk0*fL`(meRLqp=Un;V`&$(-YQC%{Y}qf;ud`_|(|UOl^GF!4S=iayPbAT$&r#e`5p@#zZBSFZ)$4PRHm`#Z zb9MLUeL>&7B9Oy7^JYfw)&wYOk&3qXc`Dj-YP|V`0*PkCy%H;j?S0jcmVH>03M$ex znzVWrBuM?BKE4&n{@i-lqri&ayR944`#clsFD&l_2O8-YmtD*uj^~zx4cKoJy6>kF zkfUk1(`}6(n6v&fCI6Cu!23Y7tNfNpa6faBW4FQtk}Yx#zpY*qKG&Vx9?dU=_m4U_ z!Uk+jHLuYxlgpXve$wjzpNx-;1 zI6C+(v-cM-NYL#d$+ogSzP!(EWc|=ST!};vvh$F{&GmZC`!E=&@__Lg9aYay%2-+G zzvJby@XoC*kcpDkEE3=vT-zi3u~mTRL&%I=(HMzg;U z48Tdn6`fUQYqz!(_?{;o?YcN|?iPhPETqw}er|n#Nxap6s%7<`=Eq*t^^KJQ?8x&a zgz3|pA&=fZT|Hc-@4GU1$K=sq!C~({Otb$3;dq~>vN-wSrTpsL`@(vC_96G1H*Y4Q zW}6k#cCt=OB1`_I`6rfjxZ-c2gz6>nXS<7veZRc;R8b!3*PDrX$E5w|_EM{AmCuR_ zLzCP*J>Ne-pO%Cq$>3hC$=%y^&(Wy$B}`t@|9SoVPfXuSHca)@ru2vYYx3<@pQU!= zk7_r0EKMQw@tW?%#AHSNnwJZ+yI-3m;W2gp5acDnM9tY6wI$){8pZ9Rx~#0sV*}!K zW+Zc4olL%geftqC8F_9ZY7x=ix3oYK`|**tdc4YuteNV&hVCpN;NZ0px<%_l|0NtA*+(!**4nHy&FBi;1FTGpo6Y}@0y=~b{@&h7 ztNM4;=h!yO^f37*?UFDe=i z3#Cg0&pa%;K=PXBw~y@kwZgN5MAffzgMjWq4+6T&ZXN!Tm2<>|ar5}`nX{*msgb+nahetk3;=`jUk{cRBg`o z*rsX#fx;Gaa9#YDFVz77K2sF>)RgIvsnuCc8V<%gG$}IEfilNqMWSn7#f^=@Gtc*p zlvx^O8!g4S${YrKd_V0JDABx?MEc);lTgck?EL72AD-|71wT;m0|h@&@B;<^9~8v; znn57-5Q%IgG$a`6k)Q9FWGt!a*H^W+>QPC5N|qf=tZZ)kG*yI~)pzgyO2W|ndZ}45 zO^cBuO`=o;J4q{v|7o$pmmhOiy^}w+CCU4*wU2iK04IVZs?|QG%_pgpRzU?>GS@r` zh;bXXsX|QQutxdT5l_e^T}m>5=?9Ja87Ot6vzYPy_3PKJ1Zl|v!?9z>!q@fF$}$6U ziLacnp^%G|k-PTynH2y)>M6LeLCjqjNBxPkPz7!Bb<@vvr$udcnfa)V{SLbzImxxY z)Fz4=f=o7;mKv0-ooMd9BY;wPQ4r9+dod94yd>W~D!I`aQ(CYO2*jhO>9kf7Si-Z; z>4McbF`H!SXhos`0Ew(tJs^Cx?Y2xpJWr&ZQDvx&jM8XVv#bOQK8uT>kx};~Rr0fC z)l>!f$S5x#AAv~rB1IaVX+2S2BK&ka+Q7iz!3T+mZ(>z*GwT_v+S88~KIEp->Pz_? z=S(6^5;1NI&4kOdiv(GKRdAmqrwQL#TA;J1J34gJtyNPVgTdkiM)qg}!Qf0zpQ2Dg zI!|85q>iD1RDP%1p#|1`4yZ(H&fe!DqGye@#-pPftl!UO;ib#!_=9=Dkz=F5wt#%fZ9 zN!i3xW9o{52S;MlbYvCNdP{W!BZZm!bBY?~`fctCCO%!1Es)TR-`Cc{H(B7wxmRQ! zUHs&_4O5#+27wdgt|PM7#| zDvf4*FlB(+r0*Z#8!cFkUjT>kb0N-)E3CUq#@+EhiIq($pI#n@FeOh70JwGI&cAD} Hxjg$XdQ4dz literal 18888 zcmeHvhf|YH7cZ}k*Mf*B2nf7_iqbnmfT(~-m)=1@2sKCz9Th=3BE3dHIw4X*ClP7V zdrbn;OMp-VBqX`<{qFq-?!9wo?#%bh&XbwV?%A`yJ$v@-?m17?D{WPVE9_V3=;#>K zUMlO+(Vf3RM|Up$?{l;qSH`Gv+RtBJdaBRqDhKaw(9!)vr>6YOz%P3X8*E{)mP4g7 zinjNcNc3XgVKPKt{M{g62CHTeD^g*078{8)N3>Ofoo@~pk;W$P&yLp?xgfP>JMM#7 z&9xqol)|F!-;GIFf?_N@~8dBwg4fZ!y z;xGgLftFLUODhr%Er)4oFPkGBr81lGL;?g!hW+|A{JpAe!NyLh`%(hCZ2tTTjc?2~ zR$*yl!zlw=%7MX3N+=|tqHNGI_w{1^Wxekkj3Q96C6!r~7CGw;qSvuri}Gx{Qn%va zZ?e~pmgZTSlNoHa34W7~?nm6}+b4`vGB>?qFS=QzxT%P+`Gc3oSd|xU6_73moDyD~ z;JWdfdf3z*y1&$kL~dqP3)2{oNyYB?ouaHl7g9Knju=LFCfGhVsTOLq1a-w8-!JA0 zEPN4ncdurGigcJji7j5DqeF(cvI-*`wsl01)$P6uwmSGgwZLY-o(Tobw20+=e1n3( z5+WUt4^|KRi;gbhh1v}30gJ-Ey}!MVk|z((Tn^lK!;jQ_e1ADKUB!$xhSq^qBTEOs ze&S&4;~Wuh9gS_v_dVq}d@l90Cm}TbU=@0es4LUlO5;}Pp6Cw|2-P~|5YE_JSb2Yl z>K_%EP(O(}NV4MLvDyZj)}5rV$^-@mGV1=@`n!aLq4Qoz&Mr8h>}jYtmYce;v^|#-#tcI1M-Of5O&~JU(?$g}$D~I@2n!LS( zH#QNwoFuqQDiqPDAJQPkW}`S&B$?{YC-jFz!`G+OdMc=SXVk6<9o&MTe*7*$R+YC8Adv~->GkRS|%hnau3#A z7az=x3iE6OsT(>kHE4A$yJDr!&WeFdPHDb-dU0&rckiC4jC7yn(uVLU#JAb*XL6v6 z^Ja_6n>n)Dw+A$C1=hW1lS#;_y>EDbucU}31savG1>btBT7Vnt_L|!OE!ABmTphUn zX>4M4*4MK4xZ}PEDpF0#`tHHeidqUC-RtSMjppWN7CVaiiD_wRMg;`J^2);eRF;OZWFtA>zt9w1bEL%tz)@2OaXS49330WXsdpEwZU9w??CJSKk z`sNAWwmE3+cp(hdI6ev4gXVOCUL}HN0Er(#1;w{{BY|k zW8+Ro7`gWeMt77rVBFI!?h(th-hZD`4ITA)_8-pXR>6S{*qxka37wSWIa!;t9Of=4 z|Kng6zOqbgNm%+Ww0 z96;hI=SKjz{ePAX3V?pD^@0?gdiz_rYR)c(EB^a1idfwV1bM4%fZ(XA`l)llm$F0u z{&&oZjE?1jr8Gf6BE=}sC9WOmK6H0CpWEKgP)hN%nMSbtMPix3dAIYBobX{!bgN%o^7esw@eK9cahCzFa?-jsK*FH4~(WLy< zI6qX;LHr0>Utez~l}>--+Qw(hUNK017ns6x6DddvmCXkKTK1riH50;~34&qe{IZ90<>g$NN$R0obid^e_6S^gV-^~hdA&2+3Lh}B z?F#NKJoN3%Z9l$c?EKS?_XVSmIq|XM>d(+IlN`%XIFOCdNiF>MQ@d%0c57Nq*osFB7Rs>20$++C#_ek z%it_Jxa7i}uG}H2DC}E;7QL~wrg++q0fz$j`jm2iyh*P$>vI{8Y&#b6$Ji=) zf+%NU0L_KOhx(fwELAM{;DFQMF+03y#zSo=xxgn>c22BnEr`%N{ZilW+vA|gnr^sY z{=P^l=lM5RAqLUe)8c)%{=ljkuyXZrh%gPz+Ql4}Aypt{W_kCe{s~GxXC6^oARc-= z*0+XL@Xzn@?#@X94OlkWkgQSbK3`#|i$!y^{KseU06Xdfr-h}V9oac3n>u-NNE*O@ z00ELroJV7$AQ7qo(i_b1yN@>R$n{yv$c{>`fK(MY%_n8Jw`U#C=dq!@Eu+UXS8P9{+yBl?zf?`(ekf$wj(P_Xa8{{E;_ zFhha&RC+3Sh3laU#Vbaph2YfvV9M0m({VoHLqR8%yyK1+i_KM_=6=O&$uW8DP?k7~ zy`jQj+3eta6=h|K;04B?Dwl3*338w9FHom-M@LVOQ{@hdxwC-elL494Gf$F$h8_Lc za76i)TBF=SxO@&(dvZ>-zSuq8gY(j5(#-0?MO4s9H$dAvSTlQ)_(chya<>ztLX@KX%MMH^C6LY<6j$1`HCr^j4xIqe#qC!f}PH8BWYe;Xq^ zbT?#mVGWW6pqTkDwt~1Sr&?O2)+ag>P^J^Q!Ip*;05!$>)uF{I2Qa_;DjiZ-66qWV zpT*8j&d#p7diY>FR<~DHR<;ZG_jF5x49J(Y|G`u z=aeve7;RG~xb^TePgDR0sx{|pBsNvbuD^kvOeFVMUd=uI2iKran*v^K+2wjqPkt7U z6;JP5lM^`kl$C9{0|Zb+#?pV*sn{8Cc?JoC% zH1QPah2E?!qTu)Y9phLbUVM@!rmMpw4thz+q#kb%oeeM#ydwH`eZph$r<+qPgwu zQUDPXgD+|khcxuRIZt=^skhsFWeK*|y60aM{CDvF_+ezpcUt;50QIvfJsHF7>Dn;S zl9-qE<2p#laL6VwNzRHoSEp|*NE+u$Qn!6*aUZ3?tQRXJQmSw*P7WZPaL;PKmx;ve51 z_lXM#2cI0E&P0(*M-zA`Zpc9n`M9m-$~@(iYDIW~LZ5Zk$tonjrY<8?)8KQ5z0f(} z#K_jH0x)*}R>SI3YoVrqZbW@OddN6vf3PS#>8IS}4j&%s;_eO!I*f7u4$u|Da^Adp9uJDz5?S0vHEo}+ob_>*gZDl_B5bY>rVdIg{==R z875;?X_sr990e3V0zF6$YLk~!y+3i77IHM5fREwWS}Ns-6!|?&QpxX7t8|Zs$ zT3J~+bSTs3IF7~R)|=4Zr;nlE!%-#}SmLu|vaS7x7s?%GpO32SKbvbx__t+O>NxZ9 zbr7Q?Bi*0(_E+Y98MOzwL)X4mf%APCa}R^_B1Q+b_K7>=Xg{@B=+Z{X^);&nz#p#~S<0 zdlv%BS26?AiSrJ2y#y>O3wmQmfM>BnhV||osd#OQLi+Ntbc|K;pe>`V{+{z7N+@t^ z#6E$H##*xRozd$6lWaGCl}`?4%wK9>7vQb9m+vKEk|P6(`HN2UW&Qd$d`MJ!^V_b; zGbJIt4AK-cO8al%7F)uYrqyS5nc?bd>|rl+A|Fy36Xr~&moz~zhktU6axO+scp6qz znKkFPA-q3cD;daa2p_^*HthB9eK=!Q=}utf1bXCut5(TAIt>l*E^YDuozZh1N&iau zCqCpXBYsU3mR{{SScZ{fI>@3`q;w_7^V(kud&awXt7;MoiL@~KbfmfFAnFJnWI0dw z`ZIWjtBCS<=9rj%DP`$ApWsE#B@ca;LC%wbrJ{!TxwPIThY@Efg)^BS=Ze$i51cj+ zu2$ZG2*{fJ&X_FVb{9XY-HLOrX}5_?7YF#966cZoUG&sINfPT`ZV1N#z3GFg;p>cc zy-l}sLlkf$##U!v?J7jp2lsO2Dju9ZNP}F@kq!7+V*sAdyo^$j6TxCgA+n&oUB2CRP$|@eWPwc{$!vHK!%W1!+*Y9Ooy0<9Zq-H}915TY%udoS zz8L8@tD)p7;eeIQE^Tmqt|v{R_C!A|?B03PnOtq&ft&c5b83Mt{lMu*j~d8_Tr;xva0V$>@5o zWAN!hHkL$VgmnbqJp1j@)(Bd+z%68E^g`gLvoAX?^iAlDcD$ zit+TSyF)v#TbnpS3(&TV>m$2(8`_4sq3zEekM7FOI-lobJE zTAF_aw3;8qz3vHgTk4wH=Wu^IGTD+Q2bTzefm2o*=5+?R58G#J(aAm6RSA)6VY7juOT4=_S;S;@53uJL_)Nl)KT{P@MnmX z09LfG#2F@}pl03c>#{rqk7KmD!p3yCLzJ84o%askz+PhM@ ziqHv`6)TwWNHUjnWk7R13^wrg&VKxokB4Bl!6CgP%(=} z$Xt^WTGsiidXMpNv%w=VLQ~hghSLMB7M0~ObHvgpblz+Bs!IFctptw+Ki0mfjflS zfgx?9CwbrtmG8?dc9Rvv{l8FGM69Ra6`6}o4>nkx-DziHtrXnz@q3#DF9xAc38tY0 z=oNGvW7SX|Qw4d}97t*|NWl5;i$&5Hk1Ww?C~ln`M^EnufCG^%=!QTCl+Z zp~|}Q!^FMEF)W&gkPHbZ8k~DL#@8Ib+|`l>r9MTi_t@)(ivZJDoA!GeTH*lOa>{SI zo04YL`ecOSbkXJeH8ls?hLVjw#NiUQp2x?T*Ni9D%jD`r0LKO@NlJ%#9yO~XFYm6M z7F*jnX%k4{4l!8RK}>8`$`^SdO}<>KL(94ujpu!yR|d3%Q4P!Xj}uq76dF4xd{eBK z$4@m@JH5w84L_{ME-mgf0qxDwi<^H~`3UlnUhAqPnHS1rI$(fQt05kmFhcthEX2{l zqQxb%tCQhf^C(A(WC7@2THzx;QdrXJ!)A4N$xgn)`&x&n{Np@+5U#Ge)MXOma(LG2 zecWYPm#mebJr*_HcTin@&|8*;;YSTesU588T-A>$e-x}=N>aX)Gjb&0r zTT5*;_3_*Oyk1 z(*g|yo;J$c?OzL|v{e@kCo?2G^hWy>W^h1ezKrGf%>hk}+>9?~+|<)c0@MZ2AoB$$ z&eY_NMD<*~snvw5nF^RX_)llA=0KN)e<>Kc>3<}-?GwbmL3_&Px# zQeT%GZ&jtPZUv&gSIj;%L;Wg!9JA_kH>Oo`W3x-<`suSpaaO4B$HC}kPiDXCu_-#j z4J}JOhAC-C^7-y@dx5nK@7ypRIIXT6YIwb4Ir*c9F+@#Pduk{cCL5r(9(Xyk^7XBo zzd0mq#@iuK^WEp$o=PTNk|~jPIFX?poxe$>U?dOEsPCiJMUoM<7ZD-Gv!)Ft%~;{y zOYC?#PaK|z!3Cu|N>r5ZO4SVn4sM_J2WxLLE7)`t8Bk^an&WZ%Hc%jO`rNCDdD(h)fNF%hRvUJLiWW8@D1Q|UbN_q7I0;3_~C|}%Pq>%{1=eJm5=d%Rm zQ*UX64NeVYs?;oPk`w@?re1&u%}^1q`1wqd9?SA8@FBmh{tuUE8J92J`!=hrcJ;zIYjP_rP+W zP>ZvqD@tL4PuFY#?h&D9Y>B zn=OIrn8;}jiF!PLt!iyHcPHjs4+b{+&$>IHUWg8OPhbNN4lIh7}cMLH`Z3R~h+cS_N^VY`l~ZM%vH97z=Zxwm8^1 z*Q)31NxRNvv%r~|JkZ))j}M?Jb?_mwftrH@dv$WkMb6%5AriB{-Fr)Pkhl4fZV5(NR9M0gjqI>7D4QHS+p+Kbqk#4^Q0-?0&-fTFuO z#Z%v@VZIp^{R9!v?*^5UukD`OBVIk4aV876C?!#H#RI^?4um;@Wc-Z&IisINwiU0p`R#j zRU!Q#2CsT^)Xl^Qud7zh{0wZZOKS_oAzY$k&gRuiK?4(RzV%2-qC`Oao;#3{VrfCj zwM#o2`}G8s8KX8{O~TmI49_%vx<-7ly)Q z=H{A?3Tt$7k**?+#TSh$WrECuD8W8&u=;5*OCX*E!$->tvH6@^L$ToX~yPL>@3U4lHj7&(9W?lYOA5DP$W7 z1vYD=M?oqnRRa-VJ|Q^ zT+APve<75K$<8FRb+Iv9-fO=heMhynwZ~RJTszxQd{g<1wPH58Vsb;dLPa*5u&&~= z>R)+g(>LmB9tzEJ$!+@ejfH6snwcy*Xsx^m>RibdjMrBGTO#tM=HmG92l*P6#ctD> z>nx2+V@CG_%Or$N4agWmOH$mPM5d>g4i0qYZEBky`O;+iiqq_u4E^NV*|AUg;sa*M zqS`_{(jn?+|H~IZOihjXDkNQ?;-x$`TWcK}TNfmx1r zG0RYhuF5=0P}Yi%$L2u4S9@C&3QiWKhQMQ_h5dDHHAS!h;t46qE|$kOJvH0p?fz?1 zL`T;6(kg83iH5zXpEQwt*j}*0lrHJsnMR8N*xJn*!|f zHZK`(rge^f6OSMSEPGSmgme+Mx*BRz4m9PMs#w=nWnPH*dA?u6bvHahl%5^?pRPn5 z2;-8R9S7wL0`9wgG{TU^Tym=ug6w^MKS?`Ca34>bG1N}{TpE!P$bJk>-Oz2Fa`Q<= zx8if9#T9>;pBo3{vTeK~MZVlnT_fNQRk=8sMR@X~Oz+VQjlhjJxc&bfiu*}~CMZskw3(Q+-i45{O*axhI~C~9A=5e6 z(pd6tCd$rpN^R_(DoKgM6OTsx&JuBj2>K1Ggo%YmgD7@;X}D1o${Mn zzLy9;3Q^OccjPlibgowZ@()qcp3(r$`2~EPTGz&+ zULs}|r5~zV66+Xaq&FCijL{v-B0T&sBu)sSUZ@9QDb7n5pi#Nstm&Tp|oo;R%2o0qUL);1!2ftbkvio>1URxRr9&&#y znW0&<-q6s%^&*kTw_jmusc8jgx%k!@|DSyE!@MSrej{#r&dHvT<)uy*{8q!&-qoc=(RexG@~IGf=Z zPJ8d}%Q?$WZFf?p91+H#zpTuLbVJLVe9q~+U)#G}lwI*tJg~NM_Z#h^J{DQ`iANjqN+nNq8=keEl5f(zW^Y(>7RqwzJrzmMne)khUUsrkyuuLYT1LdoDBXP ztF4J0f!-aw+biA2E-We#YrR5!%9INzi(D*Z&T46BWMSkW3`pM#soSHZ2;jG^r#&ra zUQZyng~H5O?I-n{>+O?E^OuTWbZ4B!hWN;$fp;9)6m}48f}^Ov^wa#QF&h`b`awb7 z*-l@?N;ZDiZG~_-#&wTcV~pKmvu=T+V-B(k`O)>|6=~|k64WsyfM)h8x_HZtwMgka zOz-RM?d?~Y@t2kL&@d9pnTFphjj!{rY?Kq+8`1Ju>9p@$tO8JHkK@K|bEs%dJrYWj!yMNwB=x~!o>Ux7MRVs;u~XzJ-E&>emk#w0Nt(Vu^mvlxu-snU)t2Xq$+=REBJTZY;J;f zTBMC~*Uj&=^S#2yjD91GJ8kp*4D0p_I)aP0}0}30s!(DDswF4kYE1MeWeP)JWkMK^- zX2@LrZQ99^dxgL+ndbZBZww66a*&6oWwte1-0ZVdj=8v{*s>z$EM$2|%E0I{3u0YK z=}6jZrVzw1)7M*O_(I`a52IZmOpw_vNNB#t`t^V7rn0`@rZrkww6NhcW4_NiW9$68U1sy=vVSY z9}6Z+R7lYwd(eTydN94#wljaZ!)Z@!>ChH(Tr)6P{Zl+D3+1`d z63ASn6?@sR88B(Y%D%i-`A8ZP9@%xptD6hA1QR&&_}9MKO5NvA8@UBdZ*iR2^f};l z<2&djM#sse%x-`8@v$}8Y+41+aP*bC5oijN zp#Q!20~lwGo&{{JVy=K;j%UuyhjbcInehl_&ya)F7B(Jns+YDkm<@ggn2Z2nalw*9 zzIs6qRZ0r;Rha8 zSSlgK3RywBC~I@M2s4PaoPP8mLl_Pgz3+{#-uY3vQP5TAB}L##!}mMcO%}(IcQf9} zu8ANGM(swlShCi`Dk-_#TetJp2GGq11A*#qMiz%TOaF4ZT;T8`vVGR>_vg=#d|uWx zTQvE8PAJGLe9;ncw)^hMARuA#rDpa*)cEg;Vx{_z4HQ3>L<-Ln=7mxE6 zSuT%gZ@Ls;b8r7gG)hkHo)u_t;BlQQ-{B$ND8;JWb37%*j2$M7aGIlcJvrXzRHYuQJT2<6{vyztMd02=)ovNS)}Z+n{ZXwSkp=DgOXE zClM5rDb+Vl1udTFXhj>}#;XlI-oKTD5C}FldR7oQE9qjCEF@wFv2sc&?6s%`DwLbB zLcNb_SNlF4DO?!CiV2vba_q1dZuub7%*IqrXBdO&sqT?bmt zDrXlmEWCKJn3MQVfwi^PCMpZ^`QwZ5va*5O(F6LWDx9h5b&m#hKPM*6Kgy5EN?8XD z&ZYSDTi90_(f#T?v0kY z)?RqK^FYhrOuAYq%OgXZ_N4BuLMa061hI8oHf46teryy5N(=R?Dk&;Flt6RG&>Xfi zJ$S^9<1^NpzDu?){BT+`mKtatbwN_i?0ggSPb}lptV&J>E3X>&55_k_`sEu>PFxu1 zwE-Hm6NwE()09g6o>g3=oX^fLF+Psettw81B|&~g)R|PD{;BY%Uk!h!)OAt1dAg0I z1`E13Q&H%}yFWr`b7hk3J|2X(*I512V*Gh}S5<78S{rTlwq0^BMR5Ny1~RNMj+Kt1 zpW>T|@N z62BAjST}R2TV)HzIgrTO+_Qd)VOTRXN6vc197%#A%wz5rGSE00w4d}-`9$Iul(6Y1 zUWS>Exll~D9x2$(qlyW8Npp-toVQ1(v^VOz&T`D_cjSF}x#04C^%UB5afz11;?YHV zPJR8w03w%BcfWQi7FBv#Nx^T2>Vl<5E~#`CS86u$r`};6OPwaH zY@tJjS0{<#nO{a%=Ur|wS@!3r^c~IMLB*`on6j_GPEG}qijP79A&lN)F-AozZ`M}7 ztx3rm5MPZ|)JhKBNf+~&Q8(1~wd$&Kt?wOjR5wB1mwn+>6m~D9N4=*H zvS%92HjXw;`hI@^i6?Ju51}#q!JnO+XM2}D79017$ESI;tEX1mODOQ-2m51?184t9 zaIUaqfRXx_$HCTX90Ffzsu_1MbwdlK{{FqnKGs_7?>PKETkJKiH@xh5%wN-eEN5TD z(cYorR6|oi+Vk!f3PZ^)p5clBKFC_#!%ypBnn|NZ53PMjO210{|C*cvddnx4X_<2w zG?y<_O0jhRJwUAe&3awNm2zb4qI#lO{lu@xOu41FnBBT+3fPR>(r}*0ZayC(F@gAI zq^u0Mw>wZvgtnSPrskwaN{hNrTkEH9@bDBI0VV_7=Ee?B`X<@arremCgj~*ZUtX_T z*_K)}cQG`!EK|inDpF_{77CP~r|f$fk~I5f_MLx$igH)SMT(ox*wCEw8O3JE?&7(* z;NiDfkr=oBlF~rushPAbt9q?Fr&*0nNr3@7)*Gg9sj{(D`YGhd$@o=6DKPx=>+N=d zusUV`n3reS?^KZ$)|9NWb^7Pj5NJ_V!*qT^6R`Tz9mxiP=k8hcQxX;mwtcX_+|LudH!_i9a++%9Qr)t1Yiw;(g&3w7VD$8Pb*) z<#8#m0y3^dpMu{;ASg33gW$S4m-9hu{R|Xru=;zoAZ}B(eE;&jmBShr+Ra0_Bhu=&Gr(sr1g7ZPVuu6^Ze`8{sFX5jdZ2<-QOwBCK4d9cKv-flbl^G zvkhFkVXc>bk>G4?1+a0!r8C6&IQ5$O{)!G$bNt}#32iO+j8>lI2|upCL$_&HC=}$Q zfQh67;^z5t5j~&pMtm%nU+auBhpeR;Nl8na^>>Tc#B9-4wE2qPuMv{7aUKftC%2+A z%Y<&Su^wq@Xz=7`Jqb*$;=%upBl>iR?LEU6m0d434(4lBteM`MI5qlIjwovLSf4&6 zgNQA%*Nv;7awd*3+PNxbAH)OFhXsa`dSV1NUBM}n2bhHpcN1SxkXz4aAxwv|N_O}u z<&`trc>2|8U=t^?8D0K_T^LC*c3A}p*)zZpVED)-==zO$6)$+uj>J1$_>T*8bYI`y zlchNdT>RtH{=fTHI+cj?1;tD_xO>#^2l~=tHN-_kM66R1p25eQg5Y*lh7%JEM+__) z*v?gl;`W8|z1Fu2i#~#(Zx0Jz$mVFr838;yBENq9@sHiB_30`l>?3<6!cw!Zs)l8f z+sm>`biXHWEf-HY!KEY&jSN##Qzs_PB-!K8E1varR>hN+q5Rz3DQ4T=a!SuX;9DeC zjkL9uSkj$0hw2+JN_tYX@PUWc2>$zT55Kb3n`~Z*r?hW)%jFE>W-GJWrlyRG#|F|B zg&sX}EJ2Tk-Mgv@a%N|XI#2f%AR+>fyg_XfB8{{q-~@eyk9T)sUzHoYDDar9$WX$5 z7GN-aUG@YmdjIGg-CKc}yBwm!Dw$c^Gc$Nhuaf(Dn(J$ZjEG9{*mWNz;RRtD%n?;Y zB5@0XG;&f?#=v0i_#v>X>)p)=i|4fHfY%LWm5QW=PxROwxS`p;qnq0R8LbK$n!M(t zBzGg7=0cT9BmRkTjp0~LBlvBj1vj_c^4lj7P51s&o0vIZzNzctf~Ju1*L(y%(nj~k z_hiU29_HqzgpJN>!_EdQF2u-5fM1**wOoWA|+Uiw;b40&Ix!RJpFqtpo((1cc#N{-t|E7 zt#N}6x##$LvWbdv$BnFHaoJ(3++$y4!0J!7JlO3|6yF7Ck{wx@=BY=V;tuJP=ql#m zIEF<*Vvoj7YiC7r%Y}r9%LfrS@wdh@-UXhT#7lo7f1bDx<3FBU=+bV44R{g{XJQn2 z!|aMeN%4t7Dc0FlF*>hJKDHgODRsEL=V289;-$BHLh5Q8M)`Sc74(Cu8!)q*cG<+% zj-I7!!hLDbP%HbR>!QJ=+zhb@+-NUH9kKV1@6R<3p+OF*&ZY@Z@#EpDpP@n7q^Lr} zpfIKLL1se50wU2D=2*Ztn8Yw4SzTI}o2}Z6yvvr3aGBG7i76rJJM@|}NItw8X zsk6jM-M>N#z8y7PXw5Q$ z*O`=_TKtqmN!auCYG`*~z%U(&9G@B)Sbt7zOJoW`vMN${%V$G;w2s_9f;$kb;!h6$ z72ykPVJ)rhI|#Iu|LiCak1brza%M@VTJlz?o>Ablv#vPQQXSoVYKSQ5ep8UHcm}pFvl}#*u-DUnUuAG(BU;aKvV-dbOGa=0i}1tyPy9-< zL?u6j#VMHp{$wrOUmbL$X@op*=Rnc^UR3MB;5}Em|NJ8;X#htlq9ny*V@GkH-pa@S zQ8K$pqDyF`^U~h5xB7`Y&9%#Ew#v$moiQXZZV0HT@O8fAveqPDVz_ z{vO+=5$2k6%H~c-b41haKPyl~vHyWy5OOD@r@MRYJ-r?+`#;KUbfdN=2}zR5?O!f8 znupB0#yR{70agP3RXv7JpZ+*TLhw`7&>l1z;6yk+>xyODjPU+fWyPM7NWhb)y;H7= zNpQ2)*Oc@1+Ggy%^Irh^V^0hW&(pni+27xf{(FxbQ%%#Z6XWC8kGZw?49mMC;3@b=6(6;BJufRCN=;54H`{D!Z8bATSL%;}Z>97W!(dp) zYtb=roU5ix+dfvZZ~mF46FPXY;<97L!JI z>(4O!_x)c4{)@nW5%|A=!0w*JOFFvC&VRlO@L%2XUj+U?K;R5T*m=-VNqo0-LdCdn zDGuK=Dq!w;5!1XF#-_W(>sEjec0ePT6<4Q2bT?8NR?Ip zDZbs@Rc7cS!bZgpuJolzDbTj-zwgS5qliBfjo>n*xyfyc`{{0&1|#LlvN zg8UHySeLA4xSbcHZaFBAiyiWHvkKmUXL4Pl6TR`U7}<2P&jAXc*Fc=CG`G%e@g@Mr z4n^tSJ=@#0(;4c&Ytc|StHdf~Ap|HS!?i>#ye3{2py}u`>$lsnGUSE2Q+JfPpDE%~ zh-L2x^ZZ)27a?8<4sU(kFcMBjr$w~IpZq%FXu`r--3?%N2m|$uOd@d-Ej>6iB!gh2 z`)c~>`T%ynxVZ^S4nE%Wby+E+SZA(l`W6$Yl+_~*6s?E{1mi#7Or0YnWs%zq()3cA zW?R>i2Hzal1n7PNN7-*J>7+UH(LI$Q1ntlK zA~FCJXKVZls2s1#Iun*R^~%bqJ0CWz@TX~3fZ;5*#x0rRN{gzGHGk2i{-m65MN!C6 zD9phRZ}%d+uQlsLp+PY9(?&N7@LRb?>1JMD4Oa_wCoU8je7bM1QN>C3o7H!H7{jas zq^>6oaXt}k^>ZxE-pwApJS585TuIDTH7p!wy#@`%MP!9S+NGwf6q-iQ^U?jL4r4G2 zFzzklS}F{VBoL5MgL`fI>avP)+JuiAALA)0DFQ|o&EUh$k-n))PAf0Urd0bHj7VRurEr&NBBaJ00DxBjRkiIp1{T}xI^&Z!JQS7;O-8=-C^UK;O_43?hbE} zbIyJB-aV)4)%)YFT2%~d_nPU|Gt<-k>+ZEm#OVdZQX>&yzH{995kLS|iRKGscQ@?a zWNqt4U(Pe&6tRljt5}wsMFrR5U#|pCPsR1k1@*)C=r$P1-RW!R08~ zVP1@w;km$>kRDrJS#1E6%ioW-;+5GPJBOcNf^E6=>oOOOOa@~*is*k6l^iN(T)%b= z*2uo#BhLSjO7j}y=G(A^8xADBZfeQ|XW~9)|67fgsHmyVr;H452xjNWL8 zHAIxOCFV*)W2W_FBhLJEB@(l!)f~S|B1o&bt4m{n!I~oHIkpQ^*#P>av4ZiBC0i?j z3*(E(2nbs*)L#-p*+&L89`0}5Fi3RHTeF?SLXPZ7D{T5t$_a7qZ_YqFy}UN@jyOD@>?GKc36U z%d(U7eV5HTFEAfQ@Uu8uELk3=jIEj?C7lb|x%2-#Z#|9P+tJIoo)bkb=rdlMK*NQb z94tj+6jFXf#_Hg}(alFtWv1mwJ+sh zS=qnU9n;O*e30bN$vlhksiUn@=b>EQ>F$;o4-TiAeKsv_hL+dt`RYp*#cT-V{rED{O*69m@3F`19=!^ zYG)Z{4H9k!wK8#uqa)rr%JwN4B-Y8EpKh@Di_d#LXc;@(>zj==f4~&h4&?HjaK@lO zd-}XEAJ3wqqLJb>>~_^+BcshIAZEVC>5v4IDQ1c5ce3*7>jgigRKFh17 z6E0^nUG=@{-N?5(x*oee@fc6tAn?D_bmAmoA>!-$cJ$6v_1WKtOtLDt=ZH_u?~_46 z=o!!dHsR<_oPU4*2zmX#H-P{B(f`pW!2itJ|IEkR5yqwXg9V)RbvzU^Yb;Dn;rYI? zukRvh_S64%_q*PZ-GbsF+Hvnv(TRYN)KXr-)x2S{#)()|yo&KJ$yV{R=H}*+VjwL; zSnTn`&8>tC+PRb141AMshqz!lfnewS9L;28;Bt3zu+4Asl(E17P^%(?umrMI8nejx1CS#;D%Q(J|QeIZbYIw^hL!9UXJY!Q(Y665(A&Eu|L*Looamgu-O7mr(L zadX?mAG={)OKG#G&M@S6hlKj|50vC%vnbaZXSll)$*9}A0CGngeZ~;UsTzt;qb}F1 zqgU3j92@t?)yYazqrNBoe%~9jrwY?7pQ&){JRufo-MnWueUB+G?5S_Br2i@JbD!aM zT!<~&H#W=Lv(LKDRCmstZGp z{fqiP1Ias9ZSVAXJ$M|3QStVvZ?M-%7akOqyt@8SGJk2P5C0&@W3TP(@8{Qp#bp`X zjk#M7+{&aZZ{{jQmm8Q%!~OV;dz3CeLE9WsIoP_2T8m-{%QUMG2Mb4Gr%9MgW(D8K zm#f3V&U}2`kR;^srNsvE73cc#ak_6WVU6`2L0vMKcp{<)Y#Xx4%RR-?Gu7M|9j|nF zoDJByD%VmNWgi$;rxHfpHi+&+2jSy~mb%8kZ7*aLtzv4iUmvLMvTtRb)m3S#z84g@ zz3Ah1wdmh&x-ed&j0WEqufHJC$m!ViLWRF71{0FA#~lRC5M#k6H>AIjn3{gI*ar5v z%%$}4G37UCO*~r5$ZA71#z|9qCaaSi@3u)^@cbiF6+stz=Q@u4GmnHg4!`b8dE)(N zw$?O9ol#X{INc2pl`R;r3GMH^MjluI5qW_VsF z6d*)`uo@}7vFPohu{au1C~ltZ|!6r#JjQQr~l_GPfy7hH2UEGibL^h0ZMl&6`cr-^; zWE1TC)*B5+CE;48YnRQB36gt?yF`9|;;*rZR@hCtVcfQqot`>4cM{yh{CxAd+Nu5O zba#TU%*zsCUm6kX$t)*ts@RO>E&7OdB|Pu=&B-w~|2gjW_xpz$GKd09r+68p!kuhl zKPalcNIID(#%UNBb={BrnHK;}9{WwVUW;%ZykhOWe4M zRosJNq`)U%As`&lc4+}qVeDvlx~W0^n3F4)Ni4_dzCQz?I7rHE%&Un4bHDXFHWfZ? zkE4{kdHL#MMn}g4`11x`9{v3BBQG#^`==mV{MhF(EMjdPRZY5Fdc4jr-Lvxb}7{@$FHc zuO_N85MKSfq^!C1ZQ_bDyzbX-U}F6=O&f3)AfYoWO`>#Fgv zdXI;&X5!&^_(TPeYL%0v3JK39!VETEPr3RgrxEidBs|UO_j*T(oQNT#uBnWYEA7di zcI$VEjCEd`f-LXC*uoPTlz(TN+>4z0cs%PpL@QeKlYbEjsHXTO1^>h1zsr~z9e)1v zj{%2CKfMzU1i7|y>$~{HSk)&34u7I4qs|CU!wr-!uSooIVEfmQmBF5|pbP}!L`Umk z-8!&Uj*)FcVH^AmVJY~s1GI)^CO=-D3bwt0c51)9SW8hAOihdIosA=`HPaN$AX%IU z;DkbiC4k-`&h+p<9O~& zc-q@^l5!XTl;!u!IC4UZxGni?!x|62(aEv3SM%PgF&GJ@9Wj(Kj$2`>HBdJ{#MleBYZLq>GKs7>P{7jIV7sTF zFhJXgdAp6~W5LzVSOvpN;!B!t(R};$yl-S}KeiY+mN*SXxploqc1!(AMNKU|+vF)F zE1|BgE^nnH^{V7ynE8Fo3#oNII*5LEH@`dOB(A=ASfr*b!}_a57OklVemop(G7He; zg*JHU{S@!D3Ak)mmamnFM}@dRAlV`Qxa)5=HUj&6S^fQXPHpM@o7tR)J5_A{(^~`n zU+$XZ;QAQr6&tRnelG=tw$}BmHrbSL_dUhBPFKO{kOCzHOS|dYIcJ{wxB9z08v|tt z&!UFBENT~lbc)Puv3UXvAkpocmF-GrlpEmZg2t{eD^K@&0>3UU0z!?Q9!PTCD5@h|3D4;9ML!r_*F?<}+RMa|e@Q(^nNt`;^ z?QAA{`EA{u{D#_9|TlPqC%?)q~{mMOJvW2OjE_m1RVIDHqeaLbWfl>gG*f^F<=y30v~_dfKM zy_+peNXm3$8p8d6>~%r<4_36#4gB){xT`Q4{Q?SYc|~2WAzFc+_fX$CrRD_tKx_V$k-b{c4i5fTLe>B=3-3Fm-HQhpk#UE%SCo={>R< zhJg%VWhh;iG&^u)d2j-Sa>p-TezWD8O)3#n=MaiXlb_w*wObuP3FdhLx-H*TMSWU2 zw8Oui!sZzmoOZ3oA8W2BWoO6c^Q}#5>rHnLlzZXMwH2nW|J3PRksb83)}*n{Id$8Q z`%MLH9ob_lMw@SNFLs7^Qb6?4FaISX`*#rFt0NyY)+v>_yfOJ7{8@V~D%re%AOXBu zZV{c?DXRwa(}^wQ$N?9U)#RR#Oi|)KQqEy}AKUr?d;X09rJw*QaqeM^V~CMp(-)l0EOU1(L4R6uvw{fAws77koC~|4q`-3K%cTKfBYxrs zLw?H`sk4(RwvCrR`L1m_{OczUd-RcsgReD2aIxMYAT;>gRKeg|t;sqZWoiv>y1z=( zmTMW5mDCgw@7@MIYgEAdNILP^Zu3tpU?{RF0n~?4Pu*%t|LdqYu~l`X2|GpHTq;Cn zT2t#Gg5THtaj|Q-#@P7qrik=*p~RLhB0a|@m&dfXr~fv>7Kx#4MXgp^lZfbRmJnzL z(&wZ)%${IV+pc?6mg90RTHZvgj}lK=()sbaYjZMiUYpzL$xfA1lI7SUwQbb*$9MRv z0cQnw0hwKYki&n!Z?l`L<8%D;&{lPk+@~**)cLsPw3|BMb1e`6X&HSrPeq!q=TXVw zw5kRgyfEAAj;+FSTyEh_^;g6rn}zg=xNbYfG1z zrn!@Di=#gxhd=p1$F%I7_v?nRO#+b^09zuuobFd74WK=OAQ6^UdR*B<`>CB(K>0hIboKzICaz*4t3F^p!uN{x^z?>dg_Mm=k4N`jC4q&`jJhX zhoa`-MuE%u_{j4!Ff|=5rL98QyAOqbp?yCvx6Imd$a$Q)imiO*l091$JexxdxB_Jr zoBErc+6={~311l{dBUSfYIlDm-RF0U6M!~SN7#1h@=5W}Jb%5%hx@82f{|jR--E9g z8>{U$mR~hJlJ5(p9A2VH;9QR@3U{!r8{W7LOPNc&y0+D;3^U*`T9u1T;o=}dKv+5_ z8*R-+_??sRtN$_CzVt(*(v0^R@V%_{_ittZDF(H;{RzflLefJ7NozE!DVM$&eG0C8 zwar4Tc+ud8pscN~V*_@C;ED>8aMxb+0SG(0PJ|Qq&w4mtVGGp}UFRye(;2&qa8wj`_FfEda7|n2{{$ng85Lmi_ z`B}@p$<&E-#3@k#?KI5Aq%cPuu!AF%FF!tfB#k-06>O6A2cKcFFhRZx&KyNM(P8-m z3L|X2boq1z<_GK-%QT>t8+x^%pfoh0ziVpFGc(Kl7BN#>HuYEOvmw=S)p>N1+AN7H z*MVWrW9A!QGx-(f0XYvXP%*@T+H)dU-@FIgK*x){IaJ2G|nL5p5 z3DbpxL$uXI@%nT)vL52^k{KTEJAEwxUReN%^zEIlvNay#I?fy2)7znYWru$e z5Uit)$jgL-kTp?>LCE3eZQnG)R-`RffX-p&Cn(gP?6rI;? zb<)6DGk6jTiG1J{TD%Z(+1{_*b)!^iN-TeUS*oWq_K(yF>7mUT5c@ul!CGr-9D|Wu(G^m3#@`^x;y@?k44t8Bo_isXGXA1xnN`p%|7i77C0{g*=6wS zH71&o;`Ga;JIeEcqF7gpvETqR2aa)7RZLJD)v}K%_gX7S)Cc?>AXMUt<33p9v>1GE zaDP)L8}RMfA+VGQ{!eQA$|)S>l5U~8#-C*S&k=qj6YM5F-klry;y5gw<@INhE*=`M z-d<`Pa{3?4S-jCIpzANbqP~{YQRu#Ri}1*u-`?L|-3TGd{o`KNddSYXOj8Z607-C0 z{EQM@pFWXEV&Syf9&chx@ONs%$Vb2>%WLPx8pFk@bT%oxC4V+YXhimqj~Y&w_tGx- zydSuaVKI(r{B;8Y;s`IBnQ6bnDfX8{Ok;;IrKC(-B&$nSO}^siNgdF4yRlMCa)VUj z|F*pNm@4m@r(jGflx3cMEpn!0X&@mJoJ(8G(5OU{HURFkk3vt=6I2O2cF$P`Uqo@d z5yUt*LM3{a_F#0k4`N(@MxO|L+|u1P(RCvnaR$>2dOR<&312#RK6I^5sB{lNL6*L& zzQS&McH^^Rmj$XPx6`1<<7rh@GK(f7gbcyJqBg>252x~~e3F9EjHK+Tq=jn*xqOe9 z7tP6Z`0EW$A0oDZrwvWflzF4O zX!CetRn|E%=faiP(V(vCN_Dme%%NfZ5zXc1J+UGzAV$Gs+)^USe*KX37YH_g7l4A+ zLU2!hvfG2IW5!A?L#->%s9gH_s>}$LQe^@>Kh@DetUmov7${f0l>|HcEL>Ql~}YX6ZHo zO;x}n;EAlZxnGR*LDyFsG;&IG=-A%2T^p|a11X2SrG2v? z`^a06p0AObG23_mVzN`tnRmldFQh_Ec3BooYRp1aDT@1F&XPJU=l_=P_1IQroJ%1= zKN6ySW!}aRp}~6St-SV%XWnyDrQ+9sb51dk$CnepE3GMXUp;DTQMaBH=|tKPLD;p- zE2mRx7V_$ryHlC;h`1`4G^JrgJR{xH<-%B)?mKk0n-BiYT>{`sygBnrPh<5FpKnb;>7zdbUDt`mrRBzAzkc ze3=~PX8t8-)|#KY=x#ipp^>t7fH$l{*ZpoV(jR#L?VmdYgm(xM&`(M!(tHGUVY)D* zjxh$2Mn_w4jwihef1%;v;9{;nC|;d0j#n$My+H3XucqT_3iDe~*}l{JFqrwYVqC47rQnGh^91NjV>D;-~Gs*>{SgDL*$*;t;%j;7Ef{`RNhl6tyrNsq& zUg=7AS2szu80es;`up}dj-zA4sEs*42SP{DR0iB0o5G|!T>8}2A*)}}OKS<;i@wP? zuM-8WX3CdLRcJ?O-h%q3$B@#3IXWqvd>vjKGSQb8 zsbl6?lUtnaB`%}9+-&~IjJ|cE-P|XEHkO8#yTLMrLA6c}(hjkD6w z8e}GJqI%bjt=a$}beeCs;r3PDz;UfEc{=@*qs{}Lv9hd?eqZSNN|tWzw^WaXzsM@m z4mqF6RNlz=nctR2V*Dxm^kAb8H%z;nGbn&x&EaApbUm5}J%hGU$;He(0V>CkEHzBu zHP^UYGh~(*ONNOVEz%cPskHRwZd4CBgqhk__=p-C$iM6;wEudm_kHQAM^_uSFjT7< z%hP2Tl ziLjC!wC(NA>9i7v3qtfdQr>v=oyI{8TUD(!8qeqAdlw=LuY#~}?`3W_+*8oQ z-`|P@a~wYFIc&4&mBht#8pIID}Mh&02JFc?=-fx%(KT`e2(6>|rA{Vir zke%l0tB#L|6PNEwE8O`uI1XSA${RYa7ZZWMqc{RC+b=0Kl&y6FVj^`l2muM`m=FWK z&QgNqf~8{B2+WeNH^tHZ)X)wB$;e7m+NflvFb-*@kb$Jv@BL90ygl*v3*!9s?@5QZ z1ut=_UZr~p4mzkj=nUUmh-(RVY#8BV=yutOUcIR0PjE{6UHouF1&Aq28u zfp6MHVdD4x540sJ?DD7Hiz)+mMfV$oLgjk=)0?Lnw1Q^chBP!-{%!hL%5Rh~TZ61` zzP*k@S!_?0gDTzZE!2cKQf=yEaXy9_{I=Hr!$xYwa@L)Y7K&Bn=k}O+N{(1ReFDFF z&~;-ADSoJsn1U>)1Fq)^UDHeg@D7;}KXJ8$GxMYLm!sakt`wo&s2|=4B`DX@ zx~gO>h?{Bg@u|Xj92OvV;~f~>ZhuY?Y$6FB)rn$0Ek12{=LSa|a!wnp@zVOGXZH4Q zQdy!uL80tZbYFXpE(CoI^ZD-cw4qRo9Chr@-0J!uR3x-?paaip`cn>vKt0!p?VY}N z_qtRqw+rQUyiND94bkN9tcAL`s^LkFaj6}>a;Cgb->8=-&raoIQ*_L=grNP6arJ5z zA>n$n_OHk@EEC497V6OrUocuHCLN#YL$p1@DNt z)Akf4{~r#(wQfeGwSShY-sw>1K+qf1mAZ!Vf-xa9i&2+z#zc&<;qvO^nQ2*z7x;}- zm->0>@D4?^s^Do93Cb2KW#S^(Ef(4}{$%&}oKq|YQiGkiukx~bR`4$O_h7t8fQyq> zZgjfU=XP&_pg{7(d|hT=%V(xGY|Hg(C+t^WkOE*mzu9CSX1P+&THPf|=wig3h;fy` zR~2Ny%?(_1L?*P2)O3&fv>Szgo)T(XPb@>)Hsv_>YcIODjXyUn!DPlKL-&d7nhog-ODz!=GDeI zpxWYbe`UQPpoi9@c%gvF+i2M+_DoT7EmRs$l}%Y*S=8RbDx>Vsslt+nPtM15W2X=g z3$Kj7vbkL$*sKCOW8h_tz-dg~`=LOXg_vDt=h3fZd^b+EIbxT9mLFGFL6RIMs_n(D z1$@}G91?~rdn_H&5?U#qpTtp&ZyHM<0DN%*gC&INK0;}i7fx}UPH`7q5;3Z*Jx&9B z^xMcLENiaE^)a76Cq>eULB}BUA=6ij*Bi>-*0wc_%ci&rtVNyG zX`ai;A#Y-^z@51dRT@7-^nSjPzW=$ACnA>9=9|qP$(m@gNw_x3V*2`jNK{BhJJ|8; zbyV`XWsEN-z)Zv>PGQu~x9y+Xysi0GzZd-9;V)@d`HZOI0ETb~S)yJ>V>74gB1PZa zP4^?pXfbF`(^A(2sUU3N=d8SsZ)dSPnt20jQ%~{pW4mrbUh{nL+-#!y=hgZL z71_~CtAy2~uj`~CmjN!7yHblKNNt? zddoGDn3Ce3_9sGd+z8E%%_cz~G+evwmI=%Vnw+LpbSd*pMDat3Dz~O`_<7dq(a07V z(IY;CF|VWSW`K?#Lg&P3Usa{FsM6iw>;m+LG=jWf4`z;!EwHn!;ON#)z~jX!B=6`L zcsEmHwZ|}i%gGydOEFrUiAR=ZNxZK)4qZAcw(}Bn3Ay^J=KG?DARzK_^?uPGnL-Jn z0PpbWy!s;*5nbAB$hy&=QfDyO92jfMq|;+LtM*yxWRz(()#?rfOw`y?RMU_Il-m`w zxa+Z<2u0i;9F$r=MqkQy)(#452iy0vTdyfgtu!=p2R)_6=tQ7;=)_*7dm?zmz`{lK zcB-t{_mnRWt2*vCr9V$~${m)UF-L!%`eF*F^tXC)aj-zWUn#HXL8$)xH=?BhzIJli zmAh%qEcZqP!MYzWA=s%0AP$(~As`G+ZYx=+9~DxzMzd2mJbp4}LIQu~LjxT)jL(}r zThtcXijFz6nyD;UC+m7YK7hTG{s4V)JYYLdfPbD3$5-6_8K`L?1C?8%++m8b%u@837gXmCTLejv%k{w{_rc(x3?vhY_J>Jl`UG z0nBdERNVf-!Va!Zz$p4ardDf@~kFPQmSdLXPy| z0`%G_#+up#Wv4)VLsjLajsrKC|8hi?Ux@Y9+~Hx$Y3t2~1;QEroZgIv&yI3?)d*u| zhEGDrDDPmqwM_l&`-mYL)WUP6$|&7EHGa$fnL5`DRc$QL&G$01n%Lg{3bOdu&1Z7y zH2KOThYif!yA`Dy5AV;2Hdob+NJU?p6mO(3!kOTUqn=Yg$59Ib2j5zP-2_uJRM$j5 zv*P)>a8(Z)_>q}$?UJPSZ3h#dPkL+e2HY0eqw|Jdugk4#(RdNP6_LP^?C`1x$>`1i>6M13xg3m)=;HTk)mpq*1q zOW-H&MS0n}4tRsc5R-d{R4r2Nb^F6AzfPSah;!Hx2iBMKeHK71gEqlg8&M!F;J9E+3JbQ5eR~dp)5FWK`l78mgkVb z!sGC`aKA&xrEWnff^!|qv}CKZJS>Q{;5M03l$M{--mwY=*Q+^N^`Vl=OEas506EFi zV|(Ed=V$*CB6tjfK(_2%1O$X~jF&X~me@X-B@N&aA97qC%-`->bOZKz~E z7D+wUMoV-ByCD*O8SY%h;=O1FCBQwK5q zDbC+%gXCMpPrXMJ0fR$i13$C0MXJA|y3Ve%%|0Ne0EsIt?R%lr9=5j^mXLs8Ud*d* z6VMlT%MyLs6aPN#39}PXCZw1oa5mtB!uKzjk@>3CMMbkq7Bf3KI>a;;6clpYIkj8H zK@ITzA22?5rVOGyK>0PIsp>J&Ub9((&mif?=y(S}PybJjj0~}f#pAhZ&mv$VUdZz_ z2>lbf)wgp`cG!JUPROT;uK2($WvEpXcYoa0tzYImctD(?oiuwG5gW_QRK(ke49GQuSd2Hom4#WtVfcP1G;kT@O<}&|3_OBfCNL zncvzy;y|GwRAZy+O83a;?^z#aD%Q~WCpD;q*KT)PFTF3#b(sQh{={Z>~ghB>kJ3q)H z0g@)UiIa|siFLOqc1X*mrUoidX``_8<|%{m`=n3dui$`uGe`or!w9cRYwGOPVd36> z8gfq$T^%te&(|6vn1`GWTc?Zh=fTJq-z`R1^Z-o$_1MtMSH)uz^)a1h#fvLPRXi3J zQUs_}rvQL_StUn6DwjkLcfybWcfwK?nVlV{m68(9o9Nf_^F=pzEfLup8{iE#KvM~- z^jXO^BYkIm;2kYDoOewtx$eB}8v6`KS9u1=MRn=s|1%d1S`<#P-x_7t~`LQp5$P$kbBRQmaI8lt|IC;F5|%K&>~(yiRv zB`S&4^UU0uUk$s_GN>^z@S=j8(Egvd)aTwNEulGhN|PKB4KOc}S${w1rW5_5&3MOP z5e+x&x9FhVKA+phIGdg?wq1`kcHrh7`RE`gQhbYk)49l5lx3<9UZz&0BLfub(ydz9 z*gq>6wsW$cl*ncM;Px=52ekUYEG1-kd9Nb}4;Gu64y)&7WkW{jaGy2+od0s%}w(h)=DrS z)_z*3jY!;1X@V6=4to`Ux;dMNHSafHcQ0OBo)wrAn^HqT$pU78Ngk(PJN78W)R>xU z6~zR{rsnV{Q;2o$Pth8Cuq{+F__1pR$!_wxUE7Y^zbU{1=7^j`Ku~V>r_`iks93C{ z)-LK&{2S%9O))@L;KrjRFO1!EQV7YUI3S_jHXziO?!ke|+mC3Ely8ZQ`?@b`(0Hy1 z01i{MpKyMJ5`0iD>p0QM;~Z3?4T%obC$9o$Sw%hdSbnm6JhzMn*D37k7?NOn`KY2Q z1x3Tj5?bN!LRG>dO(kDJ>U(HYPxkAY_zu@3#!Cfs_(%F%rau^q>2w%{=ix*WoU$@< zbz=~>tCHnYL$C^_WKs@`B%tI)4yNZ9Yg24ljyf~b{x*|eO9%Vj;VDDPiHqe5gt7Fo zrS=+}ljL>XjYe_{3(~})*)v>B#eR(4wG!DFFDiGPWm4DjWufVJrEIEg7MIg(9v`5F z2Ijz@D@OyAl^6Dlpmp?;ZoW^;In6GF^WOvUGOXt4x`5|iUhAvT9~BfvUZB4HqQ}BV zb6q0%;CHL*Oo6%oa^5QwRJ=zw;kBj5PR1ABQne`u1_32nf&Nl&d$=gm<7)mva&c*G z{+VvDs_Xt%Sy8)jA=gFcO&J@d`yhU#NC*!Ag`!a!IZzbOHraMRI9lT5@A$DZh#ljc zpp29!7Fx974dD1iGk_s|K8tiS);qmDJzEB}wMaIktYGMWWEo}Oe2ax=g)6kw1}Kmn zt4ULFyvc-$#ZHb-pwRXrLGvNQ8H)L4f?a~uQUz9#3AL1)dZaI?s8DD|9`QMVGmg7q zpJtOE=p}s7u1i1O^iEw!T;-qI#oMAnu>7H>CWEYR5iKml7HaKs_9Z5o_NS-ymcKpe z4*o8!sjxL>+Turxk~I480IBYos~X}QXQ_GncnT_r0*QbTYnPmkN7=Go0#^J#j=ohDT z=&$3Q7}_Q(nuv7$O{w<(E?g)Z`dheAzwaU-ol?QU%e}sG-M4{N7809bRe!L9@?XUi zXD#E#3I=vK60>SzWHgsTI?28@RN5af$LmzFCTysQI4LbRw_FwCORe+`21=HYR&|QmHGJi zxT=WqBo+jdCGst>3zZHO&DNZ81C`UeRRUALJ%I|<%K=JFSvwrzXTM%F!vSKPM#U48A^ zOqX59^JGGJn*8z-lI}uP4KClwLvw}XqFJRPLQLMr(QriPh^3mpQ#dH(%gzfVr)Fc+ zGk;$@4Z_uC`XSioxtzwj{8a#nw9QDzRO?*Ry(-0muQb6a0xJyT$QTKt zf6phot}PQaj}WV)$yWpfBytu;G<1zuV@Elr+yh75+Bo6mm@ z6xD%Y;Yxj#AC)8|cBI^fGhk7-jhWOa?F5R~LykB{Xb}2~l7nsBe&P5S#a@XLfaveI z_9f@N#fc5GHT3mU(`aBxb-kI&#R?DUZKF{RAKrv;<#d@7&IUVKE)d)YwNHLvJT*~t z9*fV+6<1j0z73iTnTfsYS>S7^1*2&Ec)V_mjAM{&3yFKCo zDu1KSrXUocnWc?b#sAA}9hiAM+X_33WwJ`_BGZ$}(^NgI?Mc17&rDOZAktxSSZ}Go z#2XYfRK*#G=LwZ6$9O)u%5H7XhnYuwEv# zw9MYVG}>MQrxste$1Xj?E`Hz?p7?tl6IGr_z%U_ggXl8FJ}ace9;64?khC&))5 zH8EouXzS8x(ygZiqb>+bGE~BP!WUW?80ZqOX>EMm`u;5)ZVvsr+&|=gdk_rdgAV%Q zmDp!>wb9RRIkjn75>vMIFnJx*-}#JE%5oygvF9*GsiJ)+{ulx=k%J~M+K8qDR9N#7}zK&SKeGUw}cw3MQ^o3VAN z0BaU}qg%Xrjg@^1L;J8^clJ1S-$bu|fI|D*Z3L~SY*`Cxq~CXz*}ilidWi#O(&)T* z>gV*WMB|MN0K6?WvmUh%6=0^@gDmmw3>I{QS%Myi16hncPhT+^hw2^7e@m`7%2qc$ zWg4aZ`_cKO>OVuiYgX|rywI&m`+j|MN13_7f|!A;i2F@Wr|6izs>tU~uZj@iTDyO+ zvWch4t<1ihd#y?p`T1!CkOKni{Fc|E=!11di7_ic@-F)Ai=r8hBEFSP<@yJXR6;lB zy6~g3$;fQ6-eAq6bs>29yW`2FXhoz#MLjqX1X7oXdqQW@yprl6by1{6%GVm%>X=Yr zILh9<988D7c$Z+^XdOYtUxDh9r}MPo!rp@+-01NiV`r#FMwA#_c*QAJo_aRYT0dfa z3jlx265-yF6G9;AijA9czO`ROTc&E(y8ySNM1I~&$o-_@o ztgcp)09q%AJ9>2^UE<3!#kUyl$9D1VW*B+XQefZ_Bx*m z{70>Hd)I~@Qm${5buC6|{4$%cOss_49U?w3=O+U-WQuj%s=)TI?T079a{pXtz(!)_ z)-2Q?&_XHcr8b^?3z6aKUQsL7OIroj5DU7Zq^F3Q zSGU5rN~Ef)Gp#AY8QF=f7wIw9C9utW^ZjRI*3X}_HDyGQ^tp<7A*?-g=9&58GA)<* z?|uG$YDDO}-615_;U*P;I+Ov-k%gYvD!H3Usj0}SyO`Qo6^G@nAFLX%lM+Fwsl_Nd z^`A0d#h?t@F`u+vYCr9>FahuzoJ1fH1rN=v`;Li;30cB|yha&lzh$ad-MXl)zC`3q z?sZ_pOnKn$`-O{fF~-a{>?aIQ5HayX`8lF^Tv8HI_-9~hMEdMX<$I~d)fWs*^Rt;a z_QgzWlgQDLh-&(oikSO{n2f}Ef4?rh_Oz;jePM5+M5+15OJSvkLF<+gt(d^roZb&6 zx*^Oby1jB|cl`DmPpYk<1JudladB`b|IUQ$w&SXuC!`XL$K04odD z{oXkQ8&pc)IqfviXVNZt6A({Nd@4`!V8s{hi&&{v44*4FmJmq~w~Iw0xICcr67aFK z$`Uh?+vii?SeoZl{IN4CB)5ijOU^3{0nBjM42`P3b;zO<@N)a@gvvQwP3Cn~2sydY z+12Kzr{fN=x5B~{5^xnMOuExjeg%)Lt*WElA^EocKm{|3F?`P{@?K-&3sj(j-|ZaS zNTw$Yti88VuovyRF_Qw%&E;%iG$meQ4&_w%Vdp&(d)GjxaH_fk3(uWvf2%w|5$t(%zvr%X9*>4}TqXt-VlnBi<&HY8jbGgh*-@t+2PkvD^p{BF3XFAMZ#UpH+Fyi| zCz>9ttQ%1{{#NoOJ=4SJxJ2%@f+_sUSJs&YNl_(*ERZyA5sJslp%*C-pG z+yK^|{YNf=b6uj{PGCeRAeIwbmdwfcEruGRchdp%%NaB^**E_~UYk%;N}raL#*r$L zkYe{-2=Q_-m7WVo2o#mF8H;hq`DY+ec5knH(;Y_QD-z$ywa=FH1-foi56e1dx8SQs zm7e}DdHk%gVv8+kCza@{c@3N$I_tl;W0-Ha(>_am3ljmjuw-%AX=eKpxjey$m4);h z&LY3!caZd*%qfes?9-EJ5-kYim7VDPh+ovNf)KA4mYpZ=8#gnwSmD80GZ$Hy+r!hv zrUvG=hL|_HjjiS$P&qAJ1qF7 zA)Om)ZVZ4<{g<6B7<=J%t&K0U^E@p0@kU#`hluVri#Mj91pO;LXAV+B8ciQ^*s7aEv? z9xN6XjLf03xw)QAl_C*1qeF#yGf+S8N(}k54an%DZVKL9l^Ap=TE8Mp5BNa~u^GvC zk=W-gD#DT1oEl=|0zPC)w)a63C231gxKxvVFZ=HHuxa0V&yz{m)6 zf8x0_ z5PSG5S`I91#918DU+gRrwQl%)(eR(_8~;L+S8ObeSIeiBhKR^05`s5&^dVQLk#Usk zZaEL9r=y@~O7FeQj4o@o?WA5B&qGd_pDj}4viqrCHu^y8s3))M^7_Kx%HEHQ=klO6K+ zelZ?B9uOZ|F6tsX(7IrLf(7>-+6e}HS9wj8-WE9Zp-W|LlaZm+>tX#3*6zwAYr(tnP0)#&qc;V%SXfeRW{wA~ zIDSgwI9o!F`VC&eoa5Rba8j8LDg~an_&ym1;$>cl$XN2it;rXJx97W)rUq$8oS5Bc zL{s|*(ST)6pI%!>htWo-n2{g;$ zVC5(%H+ed4w)Y4CScR3n#+d=m*;|Ab2UvAJ*q0Ci>?}%v=Gss=C^hioxd$+UL zywo8nrV=Gqechz2``Fn%iW5C<{oZNsP3V*_| z5x(nC)5&E#|Gt@DT>Nl4DEJBmg@Aw{QyUEL{2_#@t53JJwT+J}3kwU+RGqQB6-652 zQc_m-_VKy7zBc{(wN#B55B`)W*o}$e{oLyvAD{cp*>*xg!U$sy)2AtfEyRDGHxDH9 z#xiQt{;eQg_zIX$6vlJgQ5{&@lRkwRp1pkek`%Zrt1JM!aUQ+CzNVz05dY7x3dZ~Q z@Bd)PgTG|TDk`!G3hK@%pHV&m=^urKf0mb*|L0p}YV>^BSz=(|>*@M$>#qOnC*c1J z(f^_W3!ndX`J1ayyPAxgt>8We^mS@$L*iNP*|u@c6Izqe5W?8?WY@|+I`P8G;u~)> zk@VEhL!GMLhzt<&j)fWUovWSxlsV`2Rh4$EATR@rKa6#o>wVQYZ-t%vA_k*z--H7A zH^jLIYxYq8)2n?R_w12KI;whg{6uvIzGU^qz(;%~!!bS`#wrJj zssLCkc`#AT7}Z{s%rnu^H#7ytmTaIQr4^iD%K83>8{<#Z8YI>QgEQ6NepCdJQ6u_(5*RIYEsbJ75-ohl;daHr+(nY5JN_A*G zufA@qrLVLd{#3o$zc+7EBth?%UYX*7lX9}=uq$M@-OVvNzcN4 z(g9XjR{vRwOTRcQ;O2rjM}SPHm90;87lhzc*^iw1tNRFVCLfrt4=Q{7nVbSlMW`_4 zXB2o_yM1?40n`R6Gc)t*UlweeiNW@zZf8<*s+Yd!f)e$WlNxjgT@6g|tMpmR0w&Vg z8|5LWT&&YRk?4nDH^DE>PRn^&GFU|=Qr@>z3HZTR7E<C`hd}WXc)svw0JRvk(S>5 zYS-0cGl!3Va!=lOaO`gL`Ky#(JTW#~l!Ao%uTFI5uc$LHpJ~b(Y7KOMxR@845T2Vb zkQ%bFT-JMUsif+KVr=Q?IHK6ocYkkm%j5{r#z-g%0l_zUNoD8cyJU{=ROAmwNfY+RB%1Yiszc{bYsZ_{ zqpxrAkru+T3Vt64Hbd~jJ#E#4HymZK-b$N;_t@H(%n=xcbr>5OCoS9`+6ecN-~b+v zVjIGIu|)qDZ*LhDSJSPF<_#fv6C8qD@C0|41RA&C4him!JFF1F-5PCzyK7?|+}+*X z-QhI(_Sxf%eb0|O?vLApAB03GoO-aOm@6JJD6q`+xxB{SlGzvmH2DA z7ABxzra!=Yyl8QFQYaE$v@_+ZGPfys3Ii?*4{UR19wUeA7fmY>vd?BFY(^1u+8sYj zg3Xu&Yz~ZQj1o$9oR26AF&}zt;~3C>lJDo~1=P=SQ=xY`s6~I(m@B+QFZ{tW`PX{w zpoS#1>DxGUwOD<4GG6^@a5xF$93IH^zFXRGq{(54uj=-lCN5ih-_7ZiPEk<}djG}4 ziuqSZM0>(pI@XyEbv(e0cUxN_;JuKANAT=s^QeKQu!v}7)t2Pw{ieB%Zq5>p;L3CpI;fj8LFPA+fh4=Hj0&TY9 z8$a|Ws7yPBX4FW@c-t7aKq`~MA%tE~&T$Zk5dVo4#+jOuV?DUP^2N%v@33 zcki(yFtOJzCEqbVPmg_mb1x_yzGiy}yQH;KTsU1|s05eAt(^uwhn#;XnxwxPSX^-J z9B5y`>+Tp&X=)iJw_*{)&A}6xeo4+`h3@8@?n2f6D!bmzCuUCReM2 z@%@EdoN`HtPV1-Y~NPFquvG<2ui*pH}^~kGe&~eVdsr~XL%nf zLrg^EayU&)z-c72bQbr>ZL=^FyZ>(5jq!cPb2oKW+9DrEle*OjmE(E@tl19xq_5A- zt86zDW+2fn?uJ*4Hf{GwrF|&d;WxL3i(`?f)<_slQ*kS?74b@vl?o9Gzzu38(WUFx zoL7CJ>}eSpdpdHI8|!1VS4ewE@5Y;7o-Uf;8=aG(Kl*}0!xaj1LcB@?#!37(IyZjDjzn8!bB;$;GJo4P z#>2t|6+Q-XfbZXa?G5xeunKFlh5oS^PgIr$Wo{D3#Sw9rxvK|P@k7N)q4nh`IgY#s zzGO31pwYX1W9b~737=R{(JaN~JOQKI*0&m7N~Qs<*p%Rbr5k_1&3q7BWNqk|frz8k zW1%w{5_rS6FB7eJMvbe#l#DGnAO?9j)v{-SgpNfhVzf@!KWmo#C_6Rl*Dq&54akNg zg_HeiYz{RyS;)-yDfv?`J^$Ij-#E@G$?)DpHfV(U;9wWrkf>^rU>z5!<)z; zJ##<=Ioz@?Lk!UKq~QLwPRi>$%jqlNF1hoIw8<}A7-i=2N6Kme6G|PwfUQYjy(nFM zu-`Oa*m26NE@o_WJhk(iWQvJu>W6o;eiegw46FPcTUE9oUlQ{z?X||uV+$_b6C>DRZ>m==R z3)q&G?b*b~Ze-|vmQ}^Z;fw55fVVP9@{1eMb`$P$oAF73xA`Ra3{=c(o zKAQ@P{uhOx%KteEiTLS_*PeLazwz2M6rj>0>AV`4Z{Tio@AwC{>c7aual2j7C3*Kc zhRn@VsdmmAIE@_rU`AzHZm7{fs`L?*8S}IM-|K9tN-qtkxis*Gwp4W=6o1-@jatBa zDP}xKC%9fo z%RqAGndIWJ)5TbybqHE<-CUl)Xo)chStnK;z&u&zQ|OxLs*oNwP)v(ANxS6~=yE_g zUe}wdx>o(lq-4@u)*s229zmGiu|J7>poia`Na{k(eX~0~hhinRAgq3}g`j5;Dz%5q zf%k#AYX6W{d>sp%d~Ipa6>?Y(d{wMdf;mvTe)ajJ$k2J3*p#Wd|E2zxDZ$!H3cDxuDg&GM?af7?qn^g|Y;8n5(GU39(d zoTCvjFZr7IP26)bkjY5JM%@`@!>3AXhJYS$Q0_kW%s{?i75iGFX4Yd)q5ZDq0vq<&XO zI=K3bpN&snRCpFuJ&>|@z&qFMe3DK&!$zEvf}BNdEzuRHTQH=jWZ&5$ij1sd`g4zI z@2++{yAUmzJT1AFo1K~4Vf3x~NY9^3!`^`0>i3Ni?W;ZLh4CxPd+!`BZ23&Z2K!|C zCbJ{Uqa(}MCBcduh?()W2d4fK;Pb@4ZrpiCbTH!3=claC9Np6sW8-JX=}$`P%E&k- zT5cjCrKw<(<2iQhUw59(0{Y3&$a5fq*Ju{0H2@do=}>oBFf`c<;;F$45DpOZq_BTv zU-(t!SYwO{boid$in^`U-q3X)Vo}`r&-&`;R9ADG&y3;rLM$HpQ$-{Jj>a4@&y6#u zNg1=T^Yf9UnoJ(>_~hiJ6XP?XJQShos6ip(U521=1=l0pS`paqE6bk9^^$*omh8i3 zG_^Un8rGJ3{%P;llCOI6pi=d8)VVhrHp2O9zMh3~;7Bv{{w4iP!Wl)e#$LP?|=cI-Q+~5r~^|*ymyjH2EB=gzIA10Eb z)_N0Gy}6dMvPoi=-U0NZE-!eGkny|_H7{Y7m*km)PUbV1+>H z_|VXh9g9zzn9;HKbYz@~DpM@fV{&wYhBMpwgQtydZV{qk6eOf13#Kumo)!GUuH6Na zHH;Wm=H}*qH`Ib{>j~NtpLS+D1ABy%+M1_sqKbxw*3Ne5F=L4y@N3Fyyu_qGCklMH zv~g~Gl~=h3oK?J9IL6}%&F*?=soy5B^v@HdM?^UN{6;cHkrC}(oDe$8DJXKSZPcQ< zMY16kRkYxFY9kUHMzXa~Lhc?+Y=r5?e5WNKOzo5Q<0!WM)rc%E+GP+99L2p|;eDwN zbjq!b)@N9E#`SQ_Fefg{w%(ZhZkblVK$ZTO!i17Be&ceVKtQb*SxzQMrft`aA?#FC?>Wzn2en5nUtO)c zhoaLeCKhhCjIr8CjUH$Q>=5fLvl2TNg^N`t2lFEZM`_ybQdJL^qk%oF)v<%E@N0ci z9y^L;4#XDU)KKeI@(gG&Gsw)^7$&Q2yenj8g>uhlAYr#e!_oUu}Yg#qHuYjw;H z6(tl{kwyfH!prA+%O5IgYPrZEQMuxdHBv%w;c8GJUkM{X8CB76d7!nKEeQ%UlvKH1 z{O-EfpU|+87RC_TQvLN*Z(h8|X!{puApcB;g78?;abYDQFhQbBZzTX$+N(EiNy7!# z<#^We!ra|F+~6|`5au&wL6qQskk0hx=fcHF54JU-RE?a|pT{O1u2d?EnH{yiv0&W` zJnSv!Mu!1Z?R9m1P;|848p`zRZEUNUk%gdv_2We5AANE<`ZZ-U>Zdi$*nT83$6Zo# zGV;=VjW!QvNqRLBzZ92ouw+?XfwsOl_cy_<`<4IZCqT#7`pcpxdu5E<)*a7#D4(x4 z1gfVe&0-+qoEe_TuiPtiZ)LILBSnlMX@9kA#ipf!Ryx+!m6WVWT&WI?rJskZ5Fd?8qTl z$2C*#TEdZUe5W{}sKj_CH7mxef;lJ~VKr4H>&T9I@me{yY_bGpeptR0vGdq^x0|5# zx*w2w@8YyFXXklnkP}z0z`f_D-nps3yrv|l@QLX-DKP?1CUCQ5a#Yn_yo=7OzAaE3 zq$-<9y>Fu3tY{!nkq!FA;y_7BnKl(k<(Po)VjZ|?Ej;5WMJT5Dy%O(iN;~*-bt1yTO_hA-`RQJQ%X@oQ&?T$8)v4P2jP8lZ3>F80R7ge`KpDNHr#uODs zDZwXUqqb3*Z76vk0_)YSuT^VrhJ0b^%n$rO$sl(+%03Tj0s^y8^fkT_*-mTSdS84Q_I8KPy99#A2%y+l9^q#7Zl7R9rfv)>wXE%^{lsSt~KOw!J%l@`*zdCK|7>yW3apm)2Ph$B4eYHLif zZGY`mOs3SVh@ew37`(7bG&v?V{rOYRT#2=pGH!!igA8se)2kKxD?xeX4GbhGNm0Oh z{N05mhA@yX)KepYC?)f35pdc{;;P8GRKWRfN#$858)(Ew=8*;}CD}9Ub>jx|rVRA(UCTz6AC|FA#qxg7L_dbA-HpQsi&cWz>>u}kitCU+B=ox`MP$mvknBT9 zV?U(&HMq`LyMx>U)PfE0Nq7{o)^*M8f3uIE?7FqYZM#}w_ut5+=BiBb9)w z!<5#6%G>GaBeCCe1}LYHq=INc;6uYvY0-x;@>+Yq_;?YN86A>DRbcXTA^~IC#ER@1 z^{rqrl#icJd@X3A&=&SSA!;umfS$$L(^0Fg(@aNH&#kAWEmw|jvOP#PbF-1!3G&z> zzH6~ACs|y6bhd#3XFTS0v#hYfr^JE5hBugc)hpB$Dhy-wt|m8FVL-iDcVIxRAw?Eg z7pVR@(SM3*7c&ymXmAiaQ}nMBHDwu&{_s+vZCnRAaQt zmatowAaB6!$|}nVR_t5bI5ak)6G^UsRB&5X)x;8Fb+2gj=|{J{zVq-);H1)%Nn{x= z`l&0#AOJn9Km%9A^qTS7OG9z$ZF(&Reu9Pi19(XX)6oZ0pmrT^;9{r3x|Px}z=>TE zT7Fs4s0=~#)IARfIK1s2WbS99AGATgQHI^+py9X)Ql4B^@e`DJA-jqPprq2UNZNdZkM?RSr9q;b|O6!IBu1lqNf+?YG%_+Xvl~Wy&a)6vmY( z#?vjH#q85;kVh$hlDOa_Y(W56cyQ`A)y6WH{FUSS)1m~ai1sD_-c+sa>qn&idIq7B z-Y(HkU9^&vaTz%&cm0YGJ57e?Ou4Ks-*EUZ{x_IlHqIz{NbJEB!HkvHODj=~>K$G~ zF@`V(v-S{SD!+Q#gP}fuY}5Xzg2fFR&4d1&mNu~PZ1O6m@K@k_En@33lMm+S8(R@) z5JViqGzL_8q!BAJ2hKH71me_oP8Ob4{6KaFWB46O66*e?cShp+{Mfxj9^lb4VYP>=I3~mW3rBGKdf=5`TWTFAtHbcgbuw34lPEnu;e|!ai07;- zgS=wb9N1Rw;by1-?=q9Bb>gcT$xJ1U*jtaj(a)#oVApW|htIC!olFzi05Or1cCE*5 z&}(%@iydET!d{s+D$12ad#OYyeZogU;gX6ObL*@Rc@DBrBR7zhiyuhfwD8#G;d1^esH-yXv8;HSfndJ!U_ZuP(K;7JQw zRofcw2#-@t`fSHlc*Y)9oYKBi{&?P;f34#aTNNKeR_5~{@OYUzi$E_flq~iGX1(DA z$rp^kPK##cOy&8^as!S1Zccr$4f2Y{28k43y-{3!bkWBbS0WuMo>$i3yxE)6Ppa5fElW@9 z)&rM4LA_=P^GsPeLs4Qj%ZA>nP!@tvoRpZRe zz#6OFB#lrJ-ZL5+jTuk>iAx3Uzx(r>2XbMLU0D`Cg7$tK-h@y5yg%@bKfJSPBqk3W z^7wYu7;`9U;E09tVnrjn_+fkVyo3|uQ2lM2jrP{A1qi} zNyFq)%znFdn>f0*M0jND)+4s+qq9r>5)l71m;FnHIJ{wUZ2dM$ww|>h?P8}JA%z)~ zpVjC%i+oWRqbnPm;;N?P_qpx$yZ86qGq-Oz-#*^7lkC?QI8Ox?PddFG0d$zxL*y*lyvW_O@H6i%prj5a^LV$Ksod+5nC)GKanwYi4daFer_-Jhao zySR~J-CUzbQZm2Ub|{K8_jh(IIEn;X-KeQ}IHUzn?VeW7`1>?gzVTFZoFY9`k|f^= zORX4Qu_a8Y%oY0l+*hR_`~qmKOlgK*e9sOQV{xT8U#SLH1C9HS+7Gh4qgizIU%p)# z4I?7^Tiaeaq;NCi{V?9jFBc&YQc2;vlh>-*2Re?WQmi)Px2vcD0lD-RxA?D0UT*;0 zW--D_^7bRgR~)eR8eG(Y-)R{QUP#IP@u1j10d=wxGPt2y1PxYR4^V*})?u<9tDZL{ z;Uxfh_h|oIUbs-}UdA3KGdN_p^&Tt&kCd>vB~x{;pOlbdL=tiDy;HtA$l&oCxG^7y zci}%)on8c*gyy$G!xL|WRHNptFz#$O>bD#1voq@|&E}!sBW2<7Y{>ztxRCS=LuR~1 z_3dK`4`j_uoA5j`;ITRX9h7^f62UHGNPN8C@$yCOn=>8I?a+WIxY}X8hXsCjf`t-G znzVbG=Vb}HBI+c&QQn6PeGSf-9a9R%g9bf*oEv^hOYxS6JiHf+*4LIeA0rI2BO4eP zRDh_4IdV}`!q!H(xMl~m3Kc;-t1bt^_N{-KM<)kG^_&3V<35b9HRFd&j%?sA*w*G&C+sdt((W0m`4_4E%l^72IesOM^T8%5_g# z<21R!bQ;)J+sG!9%YA296Tt0nv5CFJ6{8iKig|gek+tJ|7|L-tGa#C3%xyADHXT)C zCf9eA!s8m0(-qXa9-&L$-yIXt%Q@IdGI&ER$lZ2dp5D)icgbRoAY6Iok+TqMooO)8 zqnC!PbE`8a&ul6+ypJ+*=3@kDY$qS?IDHWw|RRdLX>nBv&dn2@^T67nAr1AtY(w|6!x(#ZSIUB}e&J6Gv z0vF1pY!522NV5pUf?S(nLLN7LD7A0KU`ne0kQ3MKm%lZ20FKUo8Gf;}$eW4{RET_? zdd}j$mw2?IbjXNee%j8W!rIZjrK>zZlZOF(_L2F-WE5Y~+B*L(tHu`Rc)u{ouYp)I zoHOUUrA=j~!i|%Kaxd4xoYH*L@bbVLJ0m}{AJFjvM-fkFTSfmTnA6Z~6dKCuClGa` zeX!Zr1vv0%Fi5kzT{gCJ)Ak5tvl869<84d^$p!@QwB5bt9w6D+`x4>&K~{OYt*;?_ zgO`uT6kQKqW>Zf^tcqYJH{kSckPiOQ{iP<~LwTJ}HzxAv+=Qao?@#E6V)1kwn* zahH!6ovI!6&mbwmlkzSmCfpOc(E#V$KGWVCu>NT+gfC-6XSFj$x?718Rd{X9pd%c*>RQALG}m+B$tH`Xyg)=D(`Pj<>Cb#OAy@NLT)G=ou9d=qCNW;^gl=WA`D z$4Tpu!7h$vi$$=R91-0RWRs3MbDsO+XoN011>!HRc{eUGKtjKU-6%cO^lPaXd=I*v%M zL=z$vV-UN>OVEm9?0)o7tnV{s_lw6Ep-4IFoxTMw$YD{@JZ_k->UQs^ka+&0Jz^r}JT`&!Y^~*8Gglkt#u}aQszO~HZCSM9$_xYow!HplegVmhWKuNK@T|;i zse@8|B3!}2$%RsYP5`BGdV4g7PA-0ER0)Cqd-m+%y$E#SDj7}OW*>e*+IPJ;&OIs_ zWV1O4Z5|olPpd^RUfOOW(1JsU-3M>=7=#fM#mVXWb1&pL zF<3UOp5_zCAF%=aT8OtckGGfatEDv?OgYRM9b7l*grYwI1fM-4Q#_RC=3D@@c^5x5CHMQ~4C+MHx;hF=?*Y}g6smiS;0X~(MEm8IU%JdSIj!5W5l`F@ z>+9=g1IgXJy{%UWiF|`c`TF`Iu9Sg5AZ2Ctik%~!h&DZazS;V+{YMT%Oo$&oeLmKF zEPqmn&z{Xc@BU8)k`sVJ{r{rW|JOoa&YYg5o(>U2-%xd z+%%jqsnWi`Xwjl-uNESGvV9P&6w)m6+zYo`991%n7e8EUvuQ!p4Di!w$m5t<1rJzr zd^GKE-#0Of}WS>YG*$K1#3rhj%@= z^9v3Q7~-&pQ|fU6ca7l6(Zji-cj;D>S(eWCpBExJ=XUxX1I6F0mh~>2;$UJ$PHHwE z3@RE!2TQP~MYJTPCkew)bvaHHZPM0u`oyN5_L5Wcc zP6gwW_G+9>9FF@%lJn0B$D9ATlW0r#P=?!QuxqCN5s>os7Q)KXl~aVpFPQosVn|>O zr}I%Lptq8nwOT6UDA~xPMbg#`)fgPX8eOXM&rXh4Uqg!3$5_!`>I8W`rwt{_gb8ZI zn$eJi_VzFoDVK#_xiEivSbaf4X))KS6HVY#Abi11NtvD=5blz5lzpgaJs8vB-M|&N zirWQ`10qy^6P*rd!-@aPEui&=-}mWJ_RKVK26K2cYpgPtOvm+{Y2O3_MhB`1b>RMH z%A^`$?TtQL!uu~|5N13ReU!hd|CXu7 zjivr&aM2s*?5M?+aOw@n+*3Oujr(ru1+|uio@Gy1p_P+N#WZW`ND0zelFrD@o(GrVwhOE=IXa2Hba}gHsTN-+47mH=AeXl?vi(zN);K?WBV_rry!u$&5#x9;v(KmJrU2qf8N)pd zo-r$R_Y?AQeI>)^un;stD^54eVYGhEgDb6ygigwpl2baS6MI&+oKHxS30WOEIk?vt zSeRI9CfRs-)9J@lv-*&vunPy-5Z(%#RYJ;WtP=kljD79n=#_zaZAuPr?k8CUFzS)L z$=pIVV9%L!@S+6*zs1P|h_7f>b$>5`@7dgZRJFJBlE z9FaEMe;4#8!p5bcmQww`)DHHD$HWRP&r}o+SCnERUX_=&*8&`nHnU_G2?nSsJzp(H zToLO^bRyAKo~7s;;2CE~zosY7VUuSn=(Buzp(JIWE~PQB>}~A)bFTHYO;=Nq`=|}e$nugl3PsN^#AO5 zh5%cCinnNrcWyQ#3lAONaZSu>eb&j4;vHI0CT?aiZ>{}#GoEaPEQ6FK$dHZKP`m1gPCbE z5BMmxNe$y*_p_^eJWYw<$IlGqS2n4gR;_M``-Z-l?a$}(2lb3~PxIewUbK9PSW!PI zI~8|jIGBr#oqK0kpa!C5`k;gZ{QPavYfY>uLX0r44tvO+wD6zP!+)H!7pQl8@=cVM|sZSQx> z_o|@vDK?6;+|-@UFgq}CDJh$*H5rJX07Hp)h>F_%(xKc@Nl2mH3~_P zqZM0>@8#LnzQ^udXl2&Nk&p&%n9AeV2B;|2l+G?nu<7OY_el3ZVI8LHf%S@W<}htf zFqC=kDdX;$Af3l*5ja)YU3;p7Mfl;tA=D)(KVSJ%+ZWcZfI(uZpdg~^|CrLI8!xMB zvT)nJV2{puVCI!;q`1dJ04C|inj=o=%q z5F*t`Z{b}92s-s>M22Kglw%-7E$+FbEE1(*kS<9GFd7w}s!>sdA8x)$@neH|fQ6=m z&I<_GXW~|!>tj$uFy5U_W$qZ($U-QIH~4$r?T#FSki}RRrE&a*zZkvLlNEYMYJP8Y zz8@TDCX+<8#(N7(e!RI0ETLp**h95^!`zn2@-?gqW5{|($@9h2I1UDGW|;jzmFU+l zpOOXIU`Y@=!3*=b^;x;*s~S;ACECi=OEQTv z52*h~ra(RiUiP#A3m%K?&^460&t!=2&HO3yYf_c@j{E$w6d$oM1 zh|lGWf=YVWrdBYXjK$nK>%G?bZqP*58;~rMT?r=%3+cW2VR7Hluzk=`qwrJGq$_m+ z%kYh0a>&~t?F%V<{|;7E!S6ZYHL7N0BBl5KS8_;-A_7ADBix@*7EUWn@u(#p>?mn9 zn2r+f^&?!YJ2Ec*Yk>I?=cfn{q(bkOa+IUO6}&jo&5nq+y0{RO*(n?u00bJB^dk5B z{%lpN8ijAl_qIPnqs+kJPl8%{eOAn#@56r|kh}h)bv7#_<5WX@tWj0DJIhMEJFtd; z+XWEEr3r}Kl;His$Clr9;q)vNJGV|%2*q-0 z7V1g+Qdz{)bL`bPJ&>E8e4r7%BAmCATO39n~jpR72lH3V=x(;%7%wws@oG&&x>= z9LJd=r8ybfDu^~Ud@t6c>HTUvaJX%b=pK|y3PEI7eygS$A)Ac9B~EefsbI@IiAE;) z+e#x(Mxhmy86KvBs5IwgH-dkhre2&UNP167ZXSxhp71+AV~=wM4$A)F$^RBn#_UBD zf<$Xu{WYN0-K{-0YA@(`Qr>-pOw_l#jUd;121R~)*>4>hCwSsd7a`J4j{J9!mjn@f zCr?Jd2#WZ^Gw;wnJhkpf3n!{H((Xg0>wRb#qD#LA#mfH~%9$%kCvMM$?znKb=B;7m z!xl&F5w)J#Jk=WWodjFp!U=QmRT&O0uy*G3bYFls@l%6VP1)>2><;tb0nEWK9k$e^ z6+02?ddPoyxaFC5=lOGoW3O_xf|bD-p9?j;;VSOY=>c?>b`l?=W}#sHwfFkzMvD5Qe4YgOf3-@*;g>1w;D7!2E$#I^cPJs3=yn zWs2}!o?fMqW`^`T{C&Oj1QpcHrm8SG0L0^%YAF{=uXuNRuz*wryXNQTXDkcdPM>}$ zya1xU-8=|7#28;J;MBRdb*;SBVC76N;Nvtl|4)5%PxY~Uo>2A{+Q!)0=AE&31+RtD z95S4uyz~eoz5;e?XZGfzV6qJ1?U<3i|P-5o2tv7w5Lm}I5J5hNHE|RG71Bj^#vIn zI7;%C+K7K=cZDI|IB`6N*2S@-h~A3i=KItZ<*S%Ix-q?<>|q1fCUKs5pZ9lc0tb4j z+yZ6+DJOsi7faQ?I$1DtBIZZXCC=a`YFUAB$`y5I`%t{)%BlASR(#m}l+}>h)P$ZiZ^~xk(|o>tYFXjP z=Mz0OfKGE7SFQE?1hjYW*xdnuAAVST)puW6%u1@R()vi|nQwd%RcF;MLGcNxqpk;d zaE*LCyYY-oY3ryawRc<+`>fSLgSFHmPn^HZCA zdfN~D$jv|J$w8RMQ1RfdS5y6$6VR&A6Rh-5J^5rSmkoz-u82I6k}f}jsy|GYDK_{q6o;OEO<>BYZuQz;~) z5r^=bhYOcJg2i36Cj_^5#!k+8#l^Eah=#b~rG>m%;yYgg9;l$D!w0#6+&hQrh`C(Y zAN3jT<8jd{4`ISi7B0@{jY+*z6idlJPd^7`X7r9VjJWfl;2OQZpaH(Jn8bTE%j?G!RZm`8V*DvQoD$VWcCf1x}XZkU3}(Esl1_QGOeW|)_Na&7Fx-7(jMQwdG7)_|15^^FweQ8K6U0;W^E;QU>apqUjq`S zMi%@PmC%~gkq8UT%|vcIuYyOzM>oZ(=^%VJKPhXbDjsiR3=YU^Z|tAzgor-ZY6S|( zYV`6|9*~htpHz!9BCBQ#(i|o=CV0yX=y0I=kYr`x0x9ncF!J0T2J@YUyn}=$#N?;_$E`hfT-&dX1m!D za-tw54TBHj)Qs>sCln$U7u**qK+1V_V_a$Ve9s?cCA}^WmXm!1Z~|Z6p>>EYJ&!?T zZU2Xv;QmR^=zv)=W||n%5zMOv8b2?b-aQlQiI<(W0BEPT-VCh4T^BnJ5yXiP;jqH5 z>V7JB&Nr9!mnxiCgz~8)-b}(=xa(~dd)x02Ro!IjYe>)_PJ))2k@jW9!h9(@Ki-x< zG$UzU&y&4D1AcFop5+3M!uKS*{~Q=yc|J}bA`hhK-S#v+DEN01oSd6UfFCk)Ry|^N z=ndHevnKzulS(%hgyd&S93Sk24xm%v4ZNO^Q<@k*Kb#D2HsAA|hFyN_FzLQ1B0fJO zvuZHan!}$}c;8XHutc}DLNrnvUPH@vr|!LHa|YCU{xig68ygWefP;U!CQw_@YmA|2 z2H!hUK3f(covYY2Wy2bdNE0GO99w=&9jo`?K0BXArvkYni(6JD2H4Is%QhX|0?{lB z%&`{O;RVP5?=%L`Cx^6@@MR!J7zFK7Jl@RueP`CDH;R8^JPt zfXCEmL1)zJ?VFcBB7OKg2QU41cXtB=nz!IzTuNL29j;UBefg!7SFncBf4HiE+AS)Q z*bm%bdevbyk2%V*f1~DMuc`RzY3uesuQL|YfaDeQ_VqJNRq;4{Yx4Q_NKMJ_!p>|x z_;9(906u+j*>#wlzo+bEJr}z&>%bKa7%`LW;;b>Tjt!{I$%V}Ug7@lZ(F}GcZ_rD5 zCIug^!q&Qmf68iryQK%)T0HJzcp4b%FaP=XS?2a!R~;yy-*AP{ab8hNc6^+=bpNmI zbW^&ZCXuD2ku!7J`jzr#XK6v4348DsVe+jdT3Q3jX^e94jR1)E_SVK97R3&fRO%mqYm?erfu!{}e~% z0TJtgSVApzpOIn(y}u14!}}*(HVR<|3Xvk*jE{>GIv(5yb49#wouje}1k5%n=Nbye z$1gkUnyiJV5k%bMiQCHhbF4=Unw}FkkPuX#MF z6NP4!fgi^VK#Q)mjz&Ili1t=N7QY09Mm1jChk?N3NdM5zZw9>i3k&0WvPH=Fx{`WA!6+tziK zY*mjS9HeqLFJn9tP*JxL-pk?Q=s)LL!1=k;J-wPnbP7_(UzH$^fQr9Mhv=_u-W^){ zG?OPn;>1#qn!EeoikpSualtuHHF-wp%%T1_QZvU#jO>Vr%q5{3ZtRF5T9fNiycJt# zIQ2Md=nEsHA4qL}pf-CbTocQE&#SMQ5qUcS6{zE3d|1vY;@~CHuDGFk(D#TXzPVF73fe(Y*TFt(ov-{@v zk8sah1){~#Pyd`5@&xDY;pM3rTg#9b8L~@5#OvzD;Fmr*M;ZkhDte^jAEb-YJzewC zljG%95?2YA5%tbzUh4ls1uDwNG6@qQ6D<%Ae#&nPHeH{I*kfX?6`k?7=8a4sczJ;!!WeH6d4L#5fm|j;(_&2& z{SnR>;uD^xLHAz)7T5C*oyEVAjXxaE{{M-;{6FJ8|1**U{9mI&|FhKpwNNl3RQ47! z_nsLx{5LR$5QUKuBH*)M>#FE;A_8CAz@00q%}Fsgw5Bd6yqL*^6B0KLWeg+s3WR=y zY$4!NXHEcWQKp&cVX&aGMoxJJR$aI=A@7%GSZa%K;K0k$R{tMa4c7&o$5L{Noo&{? zzg)ud&?t{|r=dgaDfp;-y`r0%@ffxoH6V}E$Ce9qwMB#SC8pbDm+*?^@>-Val+Pi0 zjm?Tff=ZDM-m90B63h>VepD5!YFYN=V0lB}s_15FHg|VFFB6{Q#~jod)fJrh9|OU69(RI6W}oQ%8Q+Y>69j=jR{#Kiau{ zYkKH0LE%b}I0F=bTKnDnaGuVNR0>LAa993%nsv4Q6^4I7{^6xl1E~rw`RhkM6@cal z1wGkVDdnVf`R9lNK0Gl_tNlyGwu`!@v}=dj_3Qz%ES%S&NMQEqWzWnhU)n7Nd8{%^_yzo{U6Cc2)cU-+Q0P=2I+Ht6y!UK1{mZTDB6 zc695iZ#yGUXU}53L5vYuerOz^(O-rcis9C3Mo_;W$E%COE$slDGDs#F@IzhvnT{&< zYJ+5AQ=@cx@q#2nb7h3dJU>*u|D!zQU@@N38`)_XRWivQ+E3cB@Gl_`h(klo-UWLyq9LI7VtQJY{eN*$9Y?_Da%Yw|Ri-e6f%4~};9=Ayap8EOC z|2z&FioM;x1Ke^cT(nlHF#4b9JClonFo?(y^OE)Ea&o|dfFi%R30R%j@3hXWme5z5 zUNMk&1b+NQu!Q4BrcCZF{gG~cFJihl*%>su9iCf9La0Y^k@T=2Xu!6fJOvXtSjPVF z1dcL@C9ZNfzsTST>44+%`i*{-kRn9lcLz> zRomYo6tro~GRsib7Y89Sc&bzu64}&FTZ;;z4N^piS}lYtfz>MelT z$?U3>T)t-~g{uft$OylIocarPWJMR~_+KtK%e z4>Gi6I}eJ->MF=la{77gFhWlqJ$o607n>_>?{gV-%A}E7O9hxySvO4q=^t=d3F%q0 zMPy83jYpHIE%>FQ{u`b2Kfp;#RSSuNbl3TbjD-dWJ}fjgf34H^(hkA~G}t^-&)__U(A}t8g86>@4n}p{p@G&vv-*{wwAEhU`!lL{E>ne8V62h)d>s1AT~oeJn~6GwNN25z zFI!ud`eS>>a=z8_{b9atEphl^xb9kBm@5llx+uddW|5zi^L2#bQAyT{5=~<$zbfL+ zfWeA8l1>sGewEuqRX{=_}JP}pSY zz)0dXoWFJTxhuS*P|k$^O2w%%;DUXS%@~)IZ+_1#OQ3D>;Hhb)%;O9ne=`BBPCHiA z8ZNhovy_A4ib_;!Mz<7GN2AOK%CVvzDkdtPI4L-(O}qY_;FSI%8@}65nt+P4S1Jgz z;@GNft1|(vha9L(^d)rFa=8Tiq{tczDyY8W?XbOv7nVbFpuzIg?(AHGY4$~pP9!7k z$Bf)1c}1P4#R-3Bz?pa=UfW0(Q0e0<%B|h7gIU9y1vo~)>r83j*gm(Sz6xXnpzpZsHXAo5ZQobWJ0KfupBNHI@U~t`aFG5 z!ow-noL-?C!NDPw?^Q003zruDXEc4IcX+=3brN=mbI716MA_xu)8)J3wvX|`L=KWI zzX+lt3Ui-2>fG*SF-vkL?^qXIP1h-~x1pt?s*fFRp37+s`IQ~yDI?^h*5^9OCxYj4 z<53}{Xi!*QW`@4Sq40arKjswS@K;zr*u=}g*hdh<)kbP$4%}Y^52y}ANc3dO&}l8#~Un8sZ=R}I^@jSGa!N@va_?CfRj~*ql9J>RoP{DflFbqxh}WA z@17G}YT^A7b$*|Lmy+u8g<(qfPukrp7hGdv_=nAJkg4}nAp0DJ9E)Dith!L<)^luq zTwI-^af8=#sxN=y78~2bWLq&;l^-)gcyBfuj>AAJev)zg9TtLpi z39<)#%|6I@Qh&{c_6z=F)L}Oa(t-`hj~Q_QTTbX~hk*QoPWjKV{RFORPgP`?qRusJ zI(#r6!iNi!dY|XsAj?1dow4hA{}Y`fl20@f3?hbZ;-3;}0V{a(`KI~b!8?Zk;>Vi1 z;lNq|pEbh&@j+f_tDW9Ovre?ASL2R_B$JV8x)DvFayYU$*h8v>7TX}^EiqK`bG#CH zU&;|NNY~~2sADkkC9O=HnMT=J1>?+=Ed-HnYw3Nh8rpXgrVu9YJ&W%H->b_78{L!m zzSWx>yLb0L*^K{JKcN5P`Ty6`q5sug{|~R~XJY3B-fsH62MvmE-taXKrg&T&>rN=U zxU@hCwN7@n`)O%3z)yF+d2%7)0oVf*Igs*ABUrokgnW;0H0uoxY4 z=s7AX%rs-RTx&DlQ+RbbH81ZG3E4I7$TfCV$@Df6)u+HfVaMSs^8#m<=O#zQnVp@| z2&dimN}?2fg{HvS^DU~$K>1d_CI}|!g1o(}s!n?}D?&-Rc|@+o>`t=EJ9~PJd2DTg z%1y}ZOJu9Gdmru(!qn>OE~|<~-BU$?4O7NZReHPsoNs5Al9smR!`SF3;p4|M59$wg z7gC#=s9>8EuPp!0$eUpQug7WaNb?3|R zutKZV!gx}u!NEbpa16X+^}IqW!kad3p3TB{B>vrEYY1gZ|CCc_XJ>4!AQ~DO8O00p zu5-6@0uugq28z;@kr6=jA=D{=b^#B{EAWWeb+t`g=KP3vJ2^Su>iy+n3N5dtzx%0k zU;mC|c9yB-R6}kw|LjEteOE8{+;QLAw-_oXNKi8aD*>kmo5@}8p_u=)C`9S`sEt{+&yPS+_O}N@ zO8Pv!3=JZ*sdRA!H z$g3fI{3Y(9;R+LEfIOuI^5NjnIn}Kyn`?17KQz_lLFoFnEs_b@j~gYy8bOkm#qVO3 zn_@putmhtQ58lf?0UgRq^`?N?R+e++s99SG)VHR-dYD_7B#L*mnagWF3esVxL!h_n zilQ-b$^CtO3#_e$T$)l91wW4Y?CzoevFxTpFxM}N?^BRRhsDju>14=q9BaH5FKUL+a*Z7=m)MF z&}<{PG`Ut2Rj4~9m^ZvW($x#~N@S`Pf)R?wLdhozC@CtMHtH`Y^pm8dSfRTFR+mf1 zmU*edqr%=5y-y4a`v?YW1bttKGbsxz>$_4*pXB6^HLjsn+(oz)BA@Chc#ZbcTn_S- zBctqW?PjJ!rm?UTj=r2fbq|g@Gp9(-c?_u#Ak1*q~E4&dl8G93B^0 zFqdoalHV%B7j)WER2_MvI>G>hp-ueA1QTK&uyJt4gd^J-G7J|p^1)Pf84Lb^PRbsz zJzd|%#!JEz&Ny9SA(`3=^0dUfV!hD1+XY6sVG#L7_=#*o;&jt_rgT6Z7&s-49Lef-y7evo5W!q8Ge=kFPVUS2r{yuKW0_-bnPvE4#cE zSgx76Y|=>96(o3L;ac3(5-Y=-n1HSp*2UrV4v=g1iStG3b%&BM^0iv!$%-7w-(zt7 zV)dyC%ZeqRkOs0GSa_wg}Cxz#yV3N_mpdhU1@u>+8lFJxMWB*~lNn8U1YAV;u(+;A~6R7a$Xr1y-u_E6d1Y6}*43dx3QeS`2So1WN z9RNU+`WppNIXO95SLd#vP}rfA$$1c^R-pBR6r@hY!NQ_XsRqk6;Bevu21Z7Hn2zToWQ|Ab1x%Hj z^O|SS;)zSPMMg*SY=nOlLrWYjFD*TKv=o??mIg1XYxEQqt{0)GU}L3|hojvZmkUAj z&lo8Ovfk9LI(19zU65U5(S_azh&9)rpX644Xo1e6)slM!PgiS*%SFQmh=2Zo$S99Y zGjw%r4Ty@#UWkf{qNOeTT1#rxCFpM0>1>st!wu6`%0Oz#2*B*taR%o zc&U&KwA@h>&)J`z4#^YlYa}kIiBOMw&e?Fs zWgLA=3oV?6k#aBFDE86Z3=Jcb=T74HM%R;>RA0E26*LFttmWm$=wD?SXB(CK-2aY4 zZczSg)cB&J=kh26E-wD)(IaIQ<>6sv5*72qq9M_&1?z@14HRnv+xdmRpQKi`Eei*e z055N7^Mb#hxUZjhJpaK3e;=oS|i2Fbrk-%@yVV6*>(wXE}m@~5i zolvK=hDIz9u+D4)=sxBerA-GEpKsn5mM^GacrMGC#6&%`S2|MT=;Bt|)ORxden@O? zX^@%FeEdzR-m4zu+Hw~v43r50?Ajs)4W008mFbiouNqy%KZk-TuaZdH)xB#E#dFY3B7f{JIgR=d(Z99{6i=E52i_Jjgy*z4nFG37lzNr zK*41yBsrd?P#m}hn|~ZLH#ZM_U2Ck6@$xtQEHgP7Su^umT5|HN? zF>maJj-uj(FOQ$x_#f@Yaii_ukqOv8C*k;tboaPA+gT#CKhaT#)Yai~ay_WB=&-$C z-4miANqi$&@h$o>*jxxzCy<(-Iz`L}13(D;f$Sk;(GQt5HIr>)Nl1)`9B0FyccE6< zc0}pK%*Ze?853I}G9=LAWn2^8??2rq=BE3UhzAk=qli!)opjhVpVR%u$jxoBhabmp zx7ruWxg!I`3S88#w#sQb3D(lkH=aBQ%E`$wA1mNwJJ_Cn_YnzRK2diiT}pe_TJyH# zUD(*z7`nvvC|9izX|k6>5qF#ngk^+Co33%tEQ)VlD9|cjQ3_J!X4CsK=(>EtptG1L zN=B3-G|tb@bgP{CDcMc^)BQ3sB#f3feId{ZDMVROU5HXO!RvimIhL=%}cx4JLT%E-Wg>;j`D zvi|!W+4R;rA%lX@3+qvdiN)q8IzL{8d9$oR+g88z(Tg1ENl|Q z@leX$PoF;N&JL$Z5u6`wy8T*O-$k~A8Cd7lt5wznOdPI6PV03V3hPIa)b z_m2+xUiUGuz_v#7<8&yr&CPQQb&1W}{~6Mx91|9TLguir*qE6CKpr03sXWc}Yi^`i zsdAlB<6#y0_r?g3e%v#EsP7j~o`c$`Hy_`>ZpsP&Km36HzZ&`gt2jGk=~5Y$z)7)qVpepg;f5sf#Jzul-h3RbBh<1`9bcJ@(q7d;gI^ zLvd4zzN4(xOFO4Kw=`(I1oCg)!fBL(iz##A1Z=LaKXzY4`~m&9G$KGnGRNI~H!VvG zyOY0fi5Ng*+x1Llu@qOELt}5UP$Iu`Y-jsqG9UxVANY8Rc*#08qp~s{R}CCwf*jeY zw2QXYpoyNDo5Hr=yv!-B=AL>6`Nqa)C!m9Ui_93DAe4boH7%O^hN)sybiaRocc+0A}a z@;c!JbQSJyjO6A|ImJFC%T7*D%^w<@)<=Ag$_*Cy$4%7oM^no=Mk}#~0HRq!V8g6tzQ#sZzv>ojy4)glW}JWv2Fg9fm%o|=?r#U+ zK6e0ij4XR4GYn?n*xU?J8~0R<4y@CT;{-G(h#1Jf9W+3kxJY+4iOaBLDqO6Is}(vt zzztp6iH<^PYV>*@3;9jtFIWTA?Xgh;U)0dxNaUNz-d5^D;Ac7q@*2}UO^g~L)Z5&0Qx|0eZS!XsHRRx zSs57U^ov1uth_tqnOJ*{qF$rVU@$>p;a9tbb#*U`no3t0=WsdQV&knv>8AVpy^yMf zHaW|q&}=P1cyxGOlP5pH%gZY^`~gsz($h}(HQYxQ!#}_eQU4mqv=HzmRJD-G%WQu_OZLmBvrphGAmi5P6;%@qYo5r^cGrcm!_*SfwFS6Mzz zsP*1*CKYa_3BJGB=I{Tv-yBu~_t4;2AB0XN3Jwmoo2{q*y`A42pcQCxuwv1dnE6^p zhC+v522v_9B7BU%sU`r;$Qp!KgY zG36E)@>FIfCe{->(l+-3M!OxbK zT8FKgKBLh1crB1Svqc8NS2Q(cwA0_26-Y@*fpZzO9%dnH8T-PqvCj#>uBUd!5()|^ zBn{2a$`2DyD2N^tkx(*Hiotb68o*?tUF*p2JkJYiUa_+mhfxP`ifwDWf8*f59ncKI zAn8)bg=?ICLkx0oS67dhmKYf#P~B-JMcnh77~g!q11s{VD3$IC20XkVWc%V0|ACZ2 zw=5=?)#|Nzm_v9(L}a94MS6OA%tNEcMhKr4eE@PmEee||Ezdw;k+*dySc)i|!RUE~ zseSI>i6@pH5_kqoglqzOu0#3OAR>PLYP>KjdPv5akJNMNSqi&>=X??sjM_k7-+gn` z0#TWfK?f6zLrR1^>Gi$c3Ya$_AjrApV=IJii~4$4RZtLuoSq5YCt1S8rW1SmWJ%H~?ImCzR>gnzVi*AL-?cW$GmsN)9?nh+$$YCDs6k3^?d7o_ps;EL- zLUfnUC1h3{Tak(oFBECExnay)6jbjaB`2O;EqMP{Qe@;mW7$fXR^#*K-@oNgIX1YT zg-=99ep%~JzJsnrLz|!uN-pUb#$9OcgNey|Y2tjn7HBPZ;APGJUlcicb(a=oekU95 z8$PAtk>4vd zQxmjoY@+j>z}Hk29zIw=rYRXrOz9lurnf+GoS9M*j-1A&n67d$f72hF2Bo!iQ|p1* zO^Hrny4V9|R|s&`x8RNrH&gb$jEay(CTy8VDdNw+excu~PrzsPi3kYH3t0d94l%N? z7YFBifWjZ^&mvq7RyK}D6~X)0TC`tiO3&an*(uss>CxPpEH5p8Ctz5V{V(7a^9k64 zwYS%4S5_{Kz&VB!{H-X$VJ{dSlr9M8{9Prr*Nm%!n&5!s=TBpezFS))DOt#^ZgncE^`VLA6e zRc(io9u_CX<$Bo8nHd6Y;6He0b&^sYIOY}TG3`5E2z)%ej%jZ`kBxD_aSe~SAwPXu zSzYF>{^54gglu=+j(>dI1=t}&Bcp@;Idi$pu_-@SA0Mk-EEyS@n6U^>prqXFcjV!f zFRjL)(b4^`Ld=~L4^me<~+FJpR>i1O@OsxP+U2>dBC3bD2 zQZx%)Cfpgswy+T_^Qr)1<)~JPG zOz839dMU7Ts6ex$OABBjv&lz*eAACN`*d+=$T=_ecIqh4Et8HM@iBvtYvWIo(&+op zhy1K_QWY`h*taNn4Kh?x@qxKm7P*vB&SN<}F6?%KibAnLI{MTw>gEMozzJdy<09)R z#>y~OyAvJSdxTk8b=3M^$jeuxEscDk%n082Jz3o|tuFyM1%OMBw?tpSwQKCjc^zfH ze6PpRj7tYxy^zN_^RBD){L%XrvS*{CssO{zyqVc;+w z{2RehBhR*#uL&Nb>}WK9%6q7vmgeV)zz(1dF|Lj>V-%|G`RC(Np{UBj$jCq>dw*eu2psFHJ_JnYzV`FcPK3_n)R$>>zjG1 zfUujV6Zib!&%i~%)X~t=_~Vf6uhK#;XD4)EvXRy~Jb72=oD38yVBpy-Ad4Nl#yITD zl;wQ^hYkC!PFesECMSi{fk%p#_UQ2Z!^Gw0j*GVEZVjpi0Why8sE9d3rn$I;{dEJ&^b#tn%C7ahZ`r&SlKA1IV zyX>zn_0GyN0q`+XKE@r|+DJkmd}1D8YMpG&R_8Z*Hac!ij*N~n!C*a!+=~*sDp!S1 zbO81tq-8&w@LEtZSR|Nxd{5+63#iS8%p=@Gs^>}csj>fT`S}6WtJ&BoAz!fw4I2R^ z4tnW?bQe>+c4&=D{PL)${r=q`XCZxdy+vwgD=Vj6q`J^M=v|Di+SKHwAq#7WO3t5? zuFu*!z9LiEV<2_bT=S$!{Ckc8r>;<42Iz~on-F-b^r zvKbj+(vB*s8yR`S`L8Y<=Ps%L*tg%I9S0SM>#nBhI+P0=7Wy0}x_|9cguLJ;#ZgRk c!%y0Sm?J-X?TO{I-&{~iTpnKV^1b(e0aWG>Jpcdz delta 38453 zcmce-bx>T**Dgwg@FrM*5FC;rxCM7e!r&0xEx1E)XD7iW5Q2MfAKWdtGq}6^;0|*) z@Atds);(XQ_Eu_%xnAgXbIe1gnn$9jWN zim{8aQqu9KO!V9DFF#tj|FnODG7hZQMBR@u(g}WwNr)le4&1vfz7w#Z@aiUL~zzuHfOy42I?iUJw@{QqgkS`yi9wv31lJZF>7l9_~&a(^~=Yup$$8~%bdBjI3W;8bN3PR zva|E0lbRjn*%4U2>D1YW%sYdRk^$d2$t}N?DaOCl@PwrTh?+`+R*}JNzxHJG?MaJ2 zdIBqn_qhNC3d+)RTB)fw=?a5k+_nq1Zi_7{i&pN2W4lcYt6YV;3J!TTf4@EI^nVts z1>0L7K$@OQKJ#H+z57BVKAW>uchw(6PuDiX{&!ev|KKC+Cg`>;tJYLAStl?sa5$mf zHqxj9PfgPe5D=`F?O^NPKd@Dd|G6D8JKOnl%u?7zVBLylwxvxnAkIq8Wi>Zy%6izE z+<9h9JB}Ps>_%6Axshi4XW$Qd?NJwJQbpDo&FCm`pt~Ni$KBdBUhO3YQjYV|GSu{~+08H1D@&{H@Ex&0 zK)BUtq#f=LkR3?3m9pSC?I{blh&l7UHhTVP)9+>laYzVMg z=~gT6dPiBW8YL(@zeOmQhv4Bv_$z&*$)f2ra%8K-)I&c+cdF;UmM}eq!u#@$ZrEqy zHE)68?@EuYID!JrUmYGMOoQc?XvbCl51=)DCqbIqX6_B-nNJHlmwgGDP`@&DTb0%* zH_OjvKAR)cmTc^#0?GS}It>3sQ{;JTKia?TW<2qm?;Tp4=l6O;k^l%f!D~C4m z`rqPTbg_>C3jY?rm9<4;{`>gXbKn1|0Q~n`|3~it|4pL*weI~J&|PzPC#k5iHhl-c zshd$?Xl*PM*AwNU@b8x%X1?OE%0$NB^%Zx)DytU-(_unJ>5IPH+Iq2;I{&Hi%r5{4 z=&Scn!6LoiKP(nMb97oDTtCge*_zxF-`U=&sH!4^3vqt=ivk+ssLOQR?Lhun={9QU z@_~uS0eR6Ja@=(G1tAvm>m9kd$V@hqf$Y=}4$`F1u|SCtSA#`ZuHf_1Jc6mgjaIMS zNirC#tC#O`xv+$V379$L)$&Y z;@Dbs22fF{vv0XLlCV~@=AYA4cy?Jejovg3r0qrre-DcZtCCVnFdGmgbtwDn$=*)B~BVYx5KZ{>P+i)fCmD@}5n=dO@Uc?Q+XMyZr|udOyAA4WxoxUA zh=fGR%-zk;O+%q|_vHX`elvx_jS|IGm2r0{`YjeCE;>V5_`43qBWd^oZnb^`IZi3> zhKWhLeos9V0?EJPWHcCwz&uDeW_}8;k<)bAQ?v}iaAJX}&Y9yDB}yw@V@z^wyR`gp z9ZP<9`w+!rC6_GpR)JG;9wu{onV+)EjMiom?<-v=GM+r1D+H!aFJOn=x1S+Wvn7nO zaIX&gf-#mVV}~b5ys=U`$hH8ELSM>y-?E6<)EI*$+>V28`p%Rv1i&|gd!!|%DG z((7$FCKY}L&HyYX?Kzpz+J%TOC1cC4EJ_@&O7}+GOg-N_};`nzKyK ztZ;9&B0EFKFS&3w-)Vvk<1K;A37co2X)RQO7AU~r2at%3FD#^G6rGinYZjYvy-2*7 zs*KX#+%(Lf7fgK_d;RxI{&{OnB|n=KQH*y>q==v!nV)1L1doBL{lX2H*d>MdXDyym zr7=HqVfixa?=3JtoAj}r=%nS8s$2l$U{_Aj{p+mDkuk1P_z)dl<3Ltc(6Hr&np9ve zwby7&CIHC`av2)a_-K=WsWDsqE?SCbHCy(ATnZ|H;4R;DJ99m?r*rG861-x1HrQ02 z?aG&@D|JIhPhY)1sG%?BNj^H@GQnX>BBryEl3L$XcivDVTWb1lW1(CqMW`=QDYcZJ z?Mjhikj11XV|%M6*(sk zOvh_X)uIhdC+Uhnqndl?+pRp6kLFd2o{yqZJG0}G@9CH9Hf*04&eXuw=DFi`4*af$ zL$cj#F{-&p4)(Ym##z>NZ0mW9n>bzej`eV30>UcU%fDh_2+vGumKff@a}l@vo`Gmc zMs?xeWt7tt9Gx_-sr+jvQ%w#UfYB#lImHTtkY{Pw)ONmMybDI97! zt=3wZ*w;1`vrm&~vupVg)D{mlvTQrRn2k(~L(~q%+nVQpq{$LMXJAl*Sk!uZ6%!)bh?Gvi1CcyVUd=33GI`NW<>6N2d)p z2gwE1Qap~bPd6wvb?fKs_U(Z#pDr}EXPPx}p@(IJ+tyiKlQG7n@Sxz3f^RFq==8Li zvp%2goT1&fPppu}iIAs-J2l0v!U>;~3@vqn0wv;Jk#m~dmld68L^oS$L?nKFnM|nh5j}az1%(2wlyK^05L#@DCuI50*F0UqJYQL90%6E&9i8NI%_ zvL`;4bZ)z|*h0IgC@6p{`736t?gW_lmk+u|Rw_HN)fjI_Q~8KYSmAfViN^)}XdFeT z0`vt<^5TPD>bJqU*>##y4LG;_6t9$v1a1p$kjXunRb_?k?K3eOCi-4Qza*p~ZcsgC zAPwfj<2>P#{&=)~P+M@{NT)K;F))zB(NWnpRllGBM>10pvI5ldYNg0Xh1_O$kF}3P z*|Lu~*L>D%dgc1PaxAzE>B4vMciR8BN$7pUYWAtg_7Qqk7YnJno6Mqi7nND2^sl0r zQV8}_gYsz~$uVc-$rA-PQ9QfOr=N)s`JZ60b67}Vn;}jRI1!Wnjz_Rt2X=Ri%V-~M zs3p2=_`>XJU4Y79uc`YCr65aK7bLxOZ-o-E*US8JkemAiyK?sMs&wiW9|sFM-nC*6 zOO$<1R4^i~VZh4EsD&TLN@W5M=De4*M4cauhX+ZLQ?9&lrH8KBFw02kdGOWyliHw> z-&_@Jx?1AamX+bBk7sJs2v!u7hEv_Tl8>32L_1zPiJ4{XQKOUx!Y8+z?5D@)RRmo{GYOM6j9<$( z!ikp)-QOBZi)|X#xf#83qxGtmQ`Nlps;bG&EaMQSV(0YRZPKBIV@;a~SOtm2|l)g!AqeB7QIHwcEOwR-P1mGnGKH!-#y zPUkgE`peG1KlU_g3m=iA=WWgL96@$STHK%G(HJjE$7 zgx=D^qBlgk-N1WyUSHlyr)ncv720l6deC6t|g+L_jkL$hnYI&Z^zz!oBO@i=)Oakk&%gMs!*A; zp7K+m6OKlyjd&V7I4jIvC)98;7RP}|_7m?OT!i;g4oxPp#d=jBJ~!)rKOh!o!+Py# ze~kAzvJW&YwBly*QKya>y4vp^SgH$lF#u`Jcv!^7@lV?Q=xVzM{->iFOsv~xq0Lo6)E z^3kV*j~W$(C`X;w_JfUF>yO5vqIr47xQ)Z!SozS*PF1z65YaA&&y|T&|B%lgky(ig zZx$lTu)Ih{SImosbyFgL11bZg)+8S?4GTrDqKTfnSf%JJLBuXxuPTV~UkZ3A#s#L=3rR6c2c^esTgiP$=gcziSkTT<|5 ztoNT{o*+%HPrcxGz#`8Z#+(C6EW^Z2uUT=1lkca=({$%D;+sjAUg2Xq>+JVsh#S^3 zYvCsx>G!8J?(vrb**wg7Kh`S^k*c=%ko5H1;uL#(?k=$}GN`hUs(81_eXS5Bd+3JX z69N>JzYZB6^jGVkxV2~ErI+q~(G#|mz*ePfU$koJ<#jfbFii8lr+i)(PBV6L%1yV4 zXvZ9g_}*t?(LudQbpVfkK)p@qPv$OVAdn4-)S*eg8{h=nmc>r{<-w)V9edFaQU~iUOHn7heClIw5yYNs6TmR4re=6N@z&GB5TRll&$Gns-yEvhbDMCD`&vxb_4?% z>$F9TSoL72r%+1K>(t*dPGbyZui8R@twr-ijO%LIqfD8ouz zP9I^i%KiG2H!8l#!SaPhxrM!9dYBV%@MndX?K?n1QO>2=e?G&Sa&q~DbG}U#Ewhln+q1d4@yU+l6z)9b>(v8w1+7^_EengX9J%KP@1LDX>!3H!Wg$N>xz zj1hp#+Y7trRmraoveIU4m#abN>|hzSTCZe^So?dQ?-1(A9cuL^PgF4pas#_Cnkb09 zW-P9h7h>-sRw^%J1#9dI&00=7Pk8q^-j#|ewo;Z*wDD)p2D|7|>wd1%Bq_+IjIR<=sdqZo6W+VOx^t!ap;0{I!Zd+=*$9Md0 z`fzw(jJ3Gl{&e9dBwhHmhpgaGySIzHJ$ zTy}xL;=J2#7cLHdA?cY-=og*)Fv$d{GTHvchFZmz*@^%=WQS3>#>DzGBI!k1TnA7| z!R|D?U;G#a<-_Y&v{nMSO&_P|Ehr(fvY1Z*i+;CydW7P|qwpE+P1IqH6uZnf+%}u$F@5=Y5@1t@ zBl24%%SZkN(OJ`fzdt$StviOHelV9PUYugRS=!b^M!38Uzu3JFtsCjwR=|sA^t;zM z?Qfq}NM-)~%5Fc$`jUCgPN@x~VRT7f2!_5uNl^{RJ!yV>LvLTOuG6hl0(>RoW1&`$ zF8bzS2LkfH><^;a{lijWl~PvRR4BRNC%`GfF!*DNPE#znVU_2>Yvc6A{6+vBkC%@4 z=mFC?_~r7}>ohp6b1u~_ZXwfo=}`3y%V&vI61cPaY1 zi^cna1?qjQ|KtO(?WBuu>&~5>w-XGiMOBtS6Y|86uUKfkX$q|KC-)^6N>pN|5;5mG z;FR^rjo{c*`&zulc*k2ZM|r^ytn%04Tgjt8a|X>kiq7d$3n~I~AVh2Twu3IH{MXax zE1<fb&?|O)b;&;fuy&@^0XnQN8uR3!<{K zs)Ty}OSd!UYb!|&QI#S71$co7sJy&A;i%jEj`y?6#l7_}seE`zP^9u`i*7qU6GI)T zvns%1t)q&%a&RU%zHo?ZI$U^j5UFGTdBKmC2qfCpDRHFre$$PW_JvEd!|T|hp%6*F zgzx{>rUh#+FOJv%b2V=fpQ4_(KKphoIUO}FKg@`rzZMa3bC{V(GTmEqwYjfh9fapW z9_0B+vT85Dt+${;iw8DOHM%h4c6!6;rZx^mm(WaVQJBm6PVO0|+1^<91r(4IT zSs6>brsKy3nw318x$s((vd2PYwex+`{#yB|{NfZ~^e5-$mi{ryx7gS;p&ZyU>a;{P z@O}-X$OQb(Ck7V**9m=5!O*L}tZTE?DJ4e(B-Jn%37C!zfoi2P!NgspThqIY;|paN^|#wos*(;W5<1K!On$&UJ~vuQL(!xAR-Cu zeL^ku)$*C!4x^U?+4MY>gIdZS-vcj7^w16QxalswGY&naWuqK!4vBiVg#}bZ)ZuK} zoyZBKu29&1fELS9hRpdI4sh0u4yoLzIleJGd_#0ryrd@tRuK3HoEp4yzvg({4htI! zTrt2YNP^(+%{@^HxNmZju3{eshkWU(^{E}oy1ZT4wS|KRuy6zt3R*kR`EU#a3?qlJ ztKyS|xSc=7{Re0HtfQpJsUsPNaUq$+!|9AVjl+xvXY-$qXt%n`xMH=Jo zj|Sh7Ew)hR3FRsuvg7nl;U_^-dqnyWAId z(Sd-*FQ0fcZSI0b4gx`&U4{&g&o#f;Atsis5tEznGCbxc!5Uxi>iI%)lI%(SEOg9$ zhb$;D#Na$Lsp*Z?w)bwdH???UhoNk@0WGF)#CI_~8|lq) z_x1GcSe*&z+Mq~6KPnr19N5qp<&M3W9eCJKo(AJ`ad1vUm2cs-XmaL_={>{(HJP({ zDTb2A$7OpqGsU$b1FY=a?A+Y!)ppM{%jth<9rq0f-`Del7Iv%@ zrLQdZ?0QDCcrEqnX7_ASn8#E^Tx(a+t1Y;=3BSQY!>uVlzfM(Lt8eH-GvdPV24{Z%8U?U$!z77@y_vqK}(G*cnPF&C@1sl9=L zw1(?HF#OxbWJj&y_6gWmltu=1t$yd45hwDvU0wYgGr+ABn#x&IVEUgKQ^UziW=SP| z3oCnlbCE=-N{Hz`=^mmJA*GI8%c3B@ev}E^<%y2R@=Hb=p4DBv0!Zd_$Qho!$hk5= z-ti%yHyY$F^GzSLtZJ~LvNhV?@$zoKS}v$F9A9_Abebtyb3V1N%!EJJtT1S@tj1Ao z%_zw6#*d_Y7xtw!bbXn9k8@q=J*cWAI;p8IY(y0B_$sf-ru>~5@TWV=!NJAJ0dV0& zM5NvCZNG(c@N18ZjEQ9yWx3x}9zxmLdfIGbs$PfF(;E(Oc<7n4b zGGU&|eW8~P3c5|@%37b_Wf~n^X#fHBL*l73=&KV4v{4vN=ja>kB*7yikxfO>{$3j` z9+zITCo5bXG20CX{CyfB%xj(02Vq9cmm|pMrd8io6f5+Vlk_zm0Be}#~mWD>g+{D?RMK1Q^zhH6ain$NtP$R z&vArZ88r#2e>2es>Js7LN=XK>_pixwfy!$DmG=f>DB^QiBFZ*rDl#(7yklniD^pfI zD#@|Vr^V?dA#Nou4y!+!C(pb>bf833HG_06ulqSoizhV>?+Zu1rUm=s%fyHBuWy*y_P#?GT3n`&EE?ZL{6mYSkRhY`+lxbxJ(;|m z?O6d^WhiGrI6L4q@=vw}08b@%%4*FWLe57mM47AHU8x3!d+&TXqQi-ZYq#>=+9|r% zQK~Gfw&`B(=ON`C_YdqAU`(*+WDJu^KoF;kLmiXx>MRWZd<*RM^olAm`ZP8noLxv! zFkq{uX8H%y(HYqB(; znGSlu8HliRPfq1<%7Gp4%in>d(-#+4H8I34T5Quh7Es*0sCQ1rnC&I6)#r(xX3-t~ z^ZF%@if{vWN@DqXPi958ZLo|iqwEzIrFFof9y={vkopXgTZfR~+Ly^z%J%-sVPUx# zK)ehx)>dwA!e<0xvz`|;szagaJE0Vv-&Yq_$5!d|W;)$41q9Z`hix#59 zMMOe06%JHvFYI;xBRu~BTENr1js3io6_W=`Hr2T7SAG2XC@+ zw=VA0^CaoR0|a!Y1h|5r29T7$36%W<%#eUt;Z*4Kc8Af1$7YU-lD9i+?SglWLQ14o zTNT%8Z-E84p}Q$YJ%Ep8`#yZM`eg^920{DP5SB?Do7$DlRo*Xuz3NfrPEQsZ_H)<) zAa-n=JMJ(v6`-@y65b3&l&v%wySr*yN)jLAMuyBXJ#J3goiY?8%C5|*w^NqdtJ>ni z=C`(BmI)W8TSI01=R`iMscKKmHVWQdLFQHuAzHBUT^w5OnPf*{LAc?w(4G)1g9sMLS_|I&8AKCi0rOG%;7yi-wWz?8uX0KW{hh}m!nSJ%=oGFh+EHV3@E^3^P< zgs=m#+UEE@@2r01s~k3<&IAQ%iXSOW!qYa{O#e-~EoY*4@xJg%z5qU_T4W){; zNd33zH1bBw1NY;Yd9yGKZ7wASE?yQp0Op(5QGTvVxYXidWb28XcGw^=c3c|qDpc)&dC>V1~m|f@}^yc z6|AygF+0xq0E{`z2D?0$2#@!*u*s3F`lCMVtjg1jOqA#Uu=Ihj+DXP; zg8){PcgGN3RD@Zk$=+))Hbm9zd8i!gSu3=&D81Q}3x>K}rr)q@Glq)?M#4bR> zb(>-x>U9J2iR>LpRLu9Xhfj)sdRI(`ZU zB0tQkg_jzR=-?Y=e?I7Egj7v1bmO835~|Z~9facNoJ?ksj`X9BJ4A~pEkMxF?UQYWdBtzJ$ zhGl1CvR0US9;P)|a^;igw)5#fGI2Gcj5ZCaLTo^JK8QUy^*#fMCe1MT7My=@cC;^{ zN)95NR&%uyy{UtRX@Es~V0<)J4~D!@rd!_AqpZL0A6ECt0G?{eROoFBlpNwng zWaqd1M|Mh3_FjE3#p*L2m?IM0^~+JB+KX^fk>R)KrZaM~i&a@Z~tvl3alYP1uxx4Vx^G~YVbqOPQu zVLM4ovc*|lksyrt4Gt3(m=e`7B`^0MQo#6F^Y5W|3ibV;L~a{NJ}R}uSw9sf&>xl# z*Q349SOG(yqvvfz+15K>I9f+ry8%r(mn{b9n6lHlqU7rIm;=GFrQfDj9rwWrAw9(2 z!S0sYzP{WLQE&=QWr5nU&?J`ENNKRM$Vb&SJr)^yD6R)Eoo)4_nT!3R5*tF{_I6sVqB zSPoqdw3hx#2C_aez$(g7>Vb(f%x7zoNG$4_Jm54u-P!n=_;Zt`oOj0}fgY~=cadrn z3mJ31LBdR`!zAK`6@&K(<(s%=y?YVJFF9UGS%^7*D<=3YM)5H8sUmvWWLH98BHBtK~k~G1D{9|9_Qq{gU&E7uKXae4xW_=>x_; zJLnJO(WsjW>2j5**sMmk1a#2Ti#?gf+$}ACXRN1r!HfF~XqaWi53|PT9~{gNSGl?6 zkMH;C5cDaZmef{xvuET+*o2$^&UOLAzvWDkmQ7GdfuAEdRsH}EGE(JyTQ07{j&uR= z<)EMekW=tslAd06y~=^VY9ctkA1_b~qUBwe*t($z?wGvE5(7K>H!;hY)5#~5K9LGR zPma(V{^%3uLq5yM!Xo^hHnXwu?jWMD5N}i{iEecVeBp!t!>o)B>tR5MH!*>4_^``p z!S{}yA^`F0Vv=~pbW*h(6sI3^j-p+Y(5 z{WSv%t!po6e+JIt9_~#Jy_&6fUt=dZFR;s&!}I;=ZhhL z@+sss1ER4<2@Q+5g4<-$vY6MIOu#GqJ*{i7I^(@v7xn`WjnW(T7V+4opi!Bk961zO zjm#-*ZMBN~PQKZbz)cO5FUxmr883U^&WdY(wwi7zfLai7*rp{e7>Y#+|KapH8M!Q2 zeGR;}x{gviS1>*$m@TV~ataRB8OmmcwazBs2%A6%9uvURMXyKd0_I_N>Gg z1PO8ZFeSlVZOJc;lgymq0`WczjeVg70p2?vw=L{KS<$N01^dM+*hCd z29fe#bdlu^EA4zsT883x=`jpNS)26yeEi@~8mxaiofQpFPT2`eN8J~o@vkGA2fQUlyjdxQsEXDMywH4# zY**H{NtRr1t|WJBS8wp_`-rt>Bs>0&RqcvFe=E(ZSv4;au8l{;Yfl*M)th`rKWROR z^Vt@yR0|q#!IlSOfgjUKctwOHld8^q?m!~%80Ht4`|hN{r&;y_HShkue(QL>4{5vH zMJa}X;IoGS{H8lM6blV*4i|F5VMMFc%?99fSmITxDLFdVTJ3TRrH0U;&87*!(!P`9 zFkQJ;k&6ce3TeF8^6LI2edgs^Gpy@rHkrZ}v9M*#u7iOfw;l|cd8wBF_7MGiEGtH- zOR?JarBu`9*QoMx~Q8335mjk+DW3nB6;TdjG>9{mjxAu zfWkDWqTVn)FjlW&apBK!?I9bj?<`~?^g}19bUMTQ zDI2qK+sC9P1y^x24jpm8$LM@hq{aans&hwp(-!T*iIOxsPUW~tNFcz^E^lmM5#cLr zd~kEX2ZeslK3$)r%d7pF(O@+XF#WEIUAto{Ei+a0kX%?Kqi+*O=Lpga3d~FxR3fJW9tC%{rw7mJo2CzZ7Z!mq%`BlwrwJ9-3jsR$c%yUx|WU z0|W9~;@vbaFF2~=ISP|7on6hI>l__^cPr9|O^W3iXa;4ZVjbuyyWB}k!>760kqKpY zgu?xOfs%?4$j^w;4R@^FCg$k;*Ep<2I!PQa!%6Qn# z0r^F4`<;(zEbnu12J;CNtBf3l^o6kz_)7}@W(7^nJ;3R!oB0sj-M)l1#kT0WD#JuM znM>ExHyeK@R3p?q=clI3)&g;`u$;rNuqds?b4%P810TGQsN_~ZOiB?i2yRGmYA^pN z-Rsztf-OE>6`j@P4GZ%@nsgz5Olv%VJTWj%0NLZc3Bji7qSAz;FIgP@KSvh6r2Ttj z;p3#ckW5qk6B_p2{=C~ksl2q*M1|@D&E6L*5qUT`5t-MgexFA+4#&Fxw#sv6TslgI zgg3p$iCA0NMhEpC)0N#DDLR1BQrLmuXAKIZXCd{LNZS$ca>@tt1ym@P9pa(yYUMr2 zeR7wG;u;5UTso5swaS1yt`qlq(saw#1V=RC@8A7kFxcmhy37F?vq(4*1@jV~xuT8nPe z#j6mnzCQ7h1>&LY4i0N3ne8+$X-=5@`8 z|D9OtX@64n!BEF?DvO0>J$GqzQQE>q-ZD0r--IvUK+k3A(J&C(!i+9#av&!ojMK~_ z+B!76DVM}P+;uwWO6Mi+axx~kj*&QAm2lyd#%dAl;&Gf77y3E7YT5FUcbW~D$RtCV z8V;BibmU|jlg%){tr7y}(3&2FX+n**Slu*5v{!m+x*74Gpl=4HBx~VPlwA=|8ZK+k zPyhmyLSYqG2aoVDS6obms#(Z&b&2aNnxyBwV(UyhUahsK@Wy&6WLM*ba(Z};e2rad zDpq-jI7?aoEz+u9(|O{=^a;OoLs-tK2T)^(ah6^CRT_q;)wJOBv1F;>*YcDVsV*Z^ zWqQ&SJ8!8U=K27|tF4mSo8!>xJ0 zF8!S(+n>`;Hquelv0J#BNpEjA$iDf(LPI3jf)B=T^LC`%KC8IdIJpgWTswFH@!~Mk zY(e`U(fd!O9S9;H%~u_Q)8|`kJjg3{IM@NM$_Wz5{3E6luf#=egJ0`nC94(dUFRHu z-clCe3x;uK5{jLwg7~2;U`7G`j!$LilxAmwrr4fZ=+ul3lEcK(fm1`|SzrBEPyzBh z4~c5v^#%|0y&npo|J@J=V$X-`1NHy;0`R}lYt*NKuIC1|a)s&uJ_y^}oKLhS zcKcoZ+UMiSXk0ir&&yq4GcO}GltrxAzgsT-C?R5YhyG-J3&Tkt8gJs{ug;zfoxXL+ z6p;zE^ffy==l!X$yYj-fy%JlyirL_CY+!CV#CY|3KpdUk0?G($6yMtaoa;G%$(`X= zP+ezIycnVIcBLlZ&LvqK7|1U9DS3r&5Y}ir<)Y_yvV~&|e!^dLneVNgFhM&S`x7we z9XC9f)`DlOjq?qcZb87(Cdy1^Y9|XTDLd+CL92;Z@0C|Ubv6$mE3p+037|`b*%^nF zUD)XI3s%_Keu@*siKv0ttg<4B7`VP(Vd=~VGB_6s67txN4-x^Dr6g+mw`Olyu9jpR zhAC15`elq{)lat#zWcww3pfni{&Zd%_kkG)M+Y8u{k`67yYp}FJkD;b>6JaN;Reer zhluM}k@lvJRCH43fURMXKKY2j*KQWY6qY$R}{tSncY_W>I z)OxHRwdHkx3c>h0q=$~b#a~l>^6;AfxD(%z@w>U_%6ja79mX``^*&m;EXo5evJkcJ zCo-%7Ig(=u6>f4=F1;!9%gpppj+PJx`xN&#e1JzpBPI?`pP}*T%yS*=54jP6f$Mc< zqnmhBP$M{VH&&P&%gaHI%}^b$!)}3?pS%Hq-G0$tOKp_f9m(J4V7Y&fw8(L2-`H~( z@H(%ZyqH9&KCLYa-0RquWM{VzriCJwjYCCeKz+E{Jut9VRuG7-oQoVbH^ideJvtBw z#W*Wsboa+(K)(n5MC{vREgi4b$bg@9tHYLt4Dljl^LLojxcUmJ3u#5;XAZAr2y)q` zHJ{DU^W|fMo&;4o8}+G<_jQV#PS=5xQ>lZ~S;G4iX{d5iBnxCYT&W+}n}}1Rv!0^CX;-!QXJw_{+w?&g{Da(@qKUh4!1P$fntSRWWw*AiX8QltmZ@2FX?7*^_Rw$45RdZ2Wg${zN1PXJat$_zv6f4uhS^(YoMT-9l(dwFu(BxSh6^f%htvN(sChg?PAbGiJ3w6^CzAO`R zbeOtMn$kl@siWDpJo5nN-M?5a^u@qA*pNzCnDl5UVvB>*^C>y1rm~MAcSW z%AK8L$R9RQbL}z^^=D#li?XBLZE`v^kk3yP71iM2GVcWFluH%|4_oL6^SzFxJa#Uv z*6)ao4XI`CulpqB`8l zvyRU20)Iz+r&VJTJTGUTZ3ly>SVv7)VxF>$2=Bc@Q5r3iASIh(-5$HJPtYdNp<@qBCxm` zv$|4%{Vi*?zsRxe|D8+V&u-ENalwZGxa&5TX8K&4MJ1w<{Ti}#tf-Kfc%N^w?oB5- z(0~ICp6JT2{sFKWi1*2i;in5(ac6;nP0ujaSlO%RiOz|#Y&kPg$y(*9Tvh@N7%~sM zvg`N8cltiAy5(wSIpk7s{$%&dVr2uf!@Y*vAA&LmBvqoZBVo}_W<1R5@9hAd$Ussi z749OLLP|(_XXx6eh?JY)S|I@lM2kdBTHQ)@2DMs#6lQt#hysl-4<{lc`Mj!RYOehg z+%GKuTxp~DQ2+3hGcb@bmjk%i{w=?e~3OK@Le(=7aowkuNX$I$_);>cJFQ@gkKiEA8<+@+jkzNVa5kxA}E($bZ5?xFJ-|80_3ZkstdWgHa5Q zd0cLQ8zFlr7ze7w{I9_i zX`1{~<2 z%1yaOm9JLNeU}@0NIFG9SrY+K6A1C|1?-Nc3bsm_^oEU^S$EC?Fw6cm2NY2-EcIY# z;6!=H(lt{3fPYa?h7hleIq6Yc3p+bI7Xf5rVPRoWk?g-m6dRx%92|^HOoD=fPEJni zIw8OR4c-h54ZS2IBYX8Kv!I~Q|2DJlfG!%f3U8hk|QM0nLdg@;o zKO_o1?d|P7lzs(1sU001Wnf~8cERs`3ewciD=I6^&CI&%UpzPrWQhZvY)o>f|M@;6 zFuN9f1!T1UKMTPBf2AKF^ZRd0*KG-vyC=u!psUOC^;_&_jRw1Ll%4_$&qFv*qX)}@ zE785=%*|!i%_wa85EXcdgKv9Ybv~X=G3?ZIx)I$#wGhqn1nwue`mkPFYONPqb@DU zrrlf`q-x^VZknlWiKRh21`*8~Uco3j;=qDxE3)I@- z?w#4&FIs;$sLS3XXr|-5`DEScb(g;!1;WhQM1PaK;)_Go;X?dQMuF*d9eDcEfpnGI zK}D+aaxf@3iqqk?bLKf?;eKOIaVUd#i5et*XKuiS85>jBy?8BPK|%XfwSZ$`a=c&s zm$6JyR@5Tsw7xSJg)tE9ccdiS|1^X>W&H*mq+mp%(;}D|;zS{5Oj)u(T3MM_tFe&P zX!fAhm!b-K9i`c}+U&Xr=l5T$DAxH62ae^te$7K};K+J;#9uYm@$iETlM8VN=fKXw zX@K$OVk@sOvx7o377r&VB>mGTZq*mBtz{(^>h1jPhG(_`cEf}IsF&okUhP&#=Z4#} zBK?wcbgy3cwSKmPrx=?0`L3JE+#M`MtQCdqTe>s|n;TaJ2IjJw+a0z(J;p@xZg-!r zFF0CxAC3rX21z85;jjrS>@_m-Enj3NvvZ6HrIry(a)`z>~-o+4qM_xf9wdN zw;5QFdvy&0d+Y2%@b&%>q2JLs)gv&^{iH+3h~3`)z41ZDs>zM!7iDVo!l|~;!Ca>N z!NI|$KQ06;nywe{LJbOMvRD^$7GghgF{jmyfop#;2;0~s3D3*gf0l590bb2jKHEA> z1*f?rBL3+RHN@G{Kjj%hn0Tdv?a+;;@8`QKVH5p8Qj3=>4W}sQWNlhx=gilj8YQGh zf9g~MbS%Eq&Gcv2PJiHYD+n96UbDg$zy9Vz`VhVew7o19IiFOTQ2l=q_trsmG+n0aIIx3nAHH;`0bw}w^zZ~U`JxymkH-*nx(ghAh+Cni2lNqtc=8zd!-+e zDW>C<2Hv5g+sX_Nic@p4uIo)^+YUBB+4{ezl8~M`1&^g-=cgYcZ4~j`hbbx28YN4= zx3w)1XVDi<=@Z0~WTwokRtR$1AH=pNw{^box3cY*2<&L0KLF!M*#2 zmD>&bWk!L9B#lMwKhOLNNcBz2_bU1eORPvi?~Mvhgg}qLfPnV33MkYvfDoN+-*nIc zCFIyi_VICl!A(s`nF#)v=;L#wUSjS)q$tT>|M~tp=*`Qx7&!y6piLWw!rVj+a}AZl zCUu57#$^$MKnjYt8DGVSGX#E;wm0`8-60)6e3E!=_Em~``ReSNhtc7%ZtLOjz{{~Y z#RE8W!eO7aOW9jj?Jf@ts4!IQy}mi()S%%xoSq&RyPbcuU`AC#7+9dq>T zDJuSUuxlYccVsj+KKjGTcLXX@Q>>%P;@z{C&e7W7a3Rs38gu{set-POIHh6yAT!?S zEv2>P(u_vZo0z3(F{R6KvO(M}rlGCrT`Yi6mT+sGW6&uI+DEIB`syXz*KeY_vbMv- z6!~`13@_879qAd-sFCq5kde25MpDM1loj6C0B?kwHLc~L?Be3}jl?JhWC0phw$p&( zPRcAM23bYjbXbA5q)+j&EaOWB*IBr%1Io&wuG)Eo@PN?3x@MP?>e5u_SA?lH0ubO$ zif_Jbzj?ai+vy};&t~NiIyo7trS#?lLfB zd&iF)o*bo-$LZd?pR0M54m-G;!XuNp@1htbvd)!@)6Ub=%V4~1-`vQqK^-%Jb{;hr})setQJ0+KzYYT7cx0r*YPu7wnq z|17+lTH6uL@f+R$@lzz)4j99>o_E^clEe!gyMJ!$1Q@}=ZMTe1Omu}h7*(Di<~@eR z_=V2abCHgYOuqFR$14(oOz?OgiHyBBW=9DJ1CcY&@H&<>#x7xK(>~1ji3&@FaAFZioCw`?V zEvYT7jDX2A{OwJ*8b3cttf_vf;Xg+lH z`q_%3lxbIDQVLq`mEL?^c)mfhiJHr1X0OZcc!P@5I%@Q9-vW805e=nDV|!@h_WW(N zZ)ajP)#vwPj)iF7-2v7dlN*(pX{Rhjc9N@(7bGxS)@W1jt-8uyoRe)n*3Ndj zTs$l(RMyTQsG`79=xwcxr66ytkl7gNDJhdRXKzfv*pT;fECA^JXM3|+j8i%LK&ROp z6yR5Y6zORGJTzueWTJcAx(m3%nVSj9xo38$c6UG@a?A)9LX<&4>aDC_ZQ zZLHDq!Olv7l)GD`i{VlHYq17HGr5ZD8iU*itYoFb-J+8M=`V~V*=ddh_*DUa<}G_R z`HEh@de_IU#R8b#>8`pDu&cXnTONwy=~NF;NlzhjhvVLt8SjxpMF#BpTuRDFNfjIy zocAlk+3?kNoxWP{RGhD&Qg(VuK_E1xR-6^)eV4ZJ9&eA|vV@4rE_%3+Nd`f3^s4S5 z#2#ByOLP~#ThV!)978@2L>$!4c0@{s&yP;V3epm;hk^7nn7XfRHG!Ay?Yp$^58L9w zGC+f%<5twlB3X zHh&`aXEucSW5$3ygQ(nARDi+sr1~X_1jNY={WFQaxm)K2QgwBv&z+L32R)^{)AfVX zXI2}_$va$hFvyVee6?!*9HaSbu7%#p_8u$njVy>EYvE`!7V)j}IT8V-hr0&UIRyRt zd3$=A*r(GQ&k~#Yk#=lEq%E%sJx}at*Y6%wE%WgiTnEt;gtJ+GF<`kHNy}YTODeMn z;=@0AWa^Vp=YCvq$oHaJ+Hb8jXF)H6ZYK{H-B0emTh8-o96^^t6~qIRpy*;bRRZiNxtnKpV>i~w;4g6C4k?0Y7cJTbmW>oHzGJQAC1V@| z6N~#uMY1sx-0w2TBLkT+VC2 z1)*ZsuWNS{Toxp;+sk8~1X*%{dYfzsvHJK#rzMyAE#})4AB6`W`qGe#jo1bu zpFYv^MQ*LPD0eNk?j5Mo4pgD&S~VRFeyfZqeR6 zbL}9IYugvWR^GUc^I5&N zXCQcB`(DaC*_lC1LwW63u!G^UI1ws(hObg`d3ZegoYJ&0)xrp3q1EjF%~?cB<$3$~ zV)Yq|n7I6>$Zx)hquE2fCX@9s%3~_@2xQG_SR>xyLBN~OcCCuCaX#?ONJv3ljP&!D zqk`h`Ps(OuYkeVE)#QLv#GvyF$Bp&%hma5zB_*^s$?disAK%;Gy4TmaX_1Z+70m^= zCgxpM_x9NJP)|7bcW9B!4L-=*Z$J20H)zce6O#^zOPbaf)-)s_O=7z6A}|Ts#z*!f zLru90fny}|qr_nN=Wdk3SpO&!R5AFib7<^=j>eL-7wZ(cQ_TI{8kd{zJfjPfJqKnV z;Z10m_Z&Pv{na-J*osXhA!}OFf-YH_YA-awU_Bh$*S-VTJ|(ZT>n7*tndYWEA~5!@ z%EVsz=$mp^uxB%Kt`);0Iw*o(38TI~#rObc)_#UzQD0U?$FFYLWUO_H&B=(QlFxTb z=gdw6zr+&~lO8w{mGX7C?Wpy0swf#YjR!Dr~fo#dp| z6Z^)B1G~{eHu2?j_|~xnh_{#38Zqf9xbYE+Lri$Kt-D3xB`D}uHeK1uA39{k0R{`` zq(EpucfKfvxw)LOw{Jwx{$kHxf&cvFPST8=K5at-m;Vou7dj7}cgU!w-Jg6rDL|(T zE{&vO2sWcGjGOGPs+(Q?0)K3NM1+@y?L)#3i%W*Q@Kw06Hm4w+-3{7q)MG7z^B0`* znfkdwD&CkJkcr2ADC=T7*FIo&-{TcRjmaU=7&1J3ZNQ4{LSdj$+ptaWy3Y0b#nOaI zC{0wmk4-#|Yw7GZXeIv08T}KUit+_f?QfS)`Z1;($1fldiT-?Ps9C7PI5GlCi`?w* zin1fFh_ZwHXGxjY7iO7$1WeN0(CxC-;}!p^Ua$hj(R?G!#k=_D;QR2JeP27EBj;0pN=WPmmvRvg#Fde> zN~*x@uIpEMlJ%VC8_Wl(f^p{*9*N+DdKEH93&e+Jk1Z2>86dQJ&#JpVA?8)s*^fvo z1$+zh{HdsP`y&%6D=7)zwlDB4!iv^P>uGi%e=5;!dFZ7r6{`moPH?~ZdwI!1k7f#N z&8}Bm1$LJb31*9nMd;G_B|q!v2s%9zLn7P(t?tAW$Km$jVpG;iq;$faSMiK=^w2*& z0}b!rN-;4t1B;5BB7RA@y9?9*TBdWpv-lyS(@Q(iOJDGlW*ZqB5p;*dIdVRY3*0dC zC>|R`rI}k-My8%H@#Wti7f25Dh1`yb#pD0}3)l2b{P|aJ0d@7np)JX$SN)1j5Z!~$boLl=A7{2!40dMo9~Qdi<*x@^dl#3M7IyLUg^v`*#vABlBDD<-(85A-pgzv~)qgZ~9sgMV#}H5V zKMnE!$1gzp`+v3ZK8j&kJt;XEF<8QA!>Edt^*vG{!;}9%92{4~qV2Iulww$V^YHXI z1Og7FTcwwXrlxrPhrb2384@QaRm7);eYtz6;ltDPnQ$(vCo3wLYSyBE2(EY>4OUj; zlI)EBEu5j5!(#OlW|S-k5Z|9?$AaSzQBu(cL8ZZ{!N+g~cFr%H2L7;Lk#$!*yR@pgfLK99vWJhaEmF%kVO%u|fx>Pg=?o1*7=x5&`zZ_ewxaT5yan!^FNi7PXWEjSX6v-62 zv%jq0#gM;z>Dy(jGVv+aDTI!j8YO zI>w(-0Z~`Q5+>o=6&`}4T}|auSIX%gyuC6L<=yPB))R(cMpe8}uM4i*Bu8$lPc=HJ zF034i1&943+mq^+b|J46KP$Td6p_p3%Eec?eW|@1jh`~Utj}Nc9RzwXuM4`qs)=IM zE3~IedBW)7Z8-eAJRBc*eEKk%X6iQw551!YlkDXF53 z=gA&QJ3{HET0GF7{)m5Mg@%p~=$RH4r#AUi-H4G*0Nzu&=zyLrpjTg!n_t@SO1V=T zmA9fs>bU3oiB*v#%Dgv=Iv64{7T-=Mj)2%w-yl$H*92{CAz-B9iNQ}b<%aH>VPXZ$ zvMg*4nCft$pZ?bCRY28r(jFz;&%nZqLQ7v`jS+%$$c7A{SI{l|kt^Oc2-)~5?Y{sKl;=>6u(0`{5G{=BKjj)Jl0 zacp{XvFd|+c`OFPC?mllX6saqLn^OC9oK=0*m2-NtR&x+)8Xd-qc zN!^|U0{JP9i6r=4A=`nMQv`w~KB6w@WJ+}=BQE&6)a_R-WWer(hswuP7+Ie;T^Hy! zc>TlEMo{caQiQR-Z6D<-Z!rxi?(Hw81k6nMsfV4tNVnSa|7Kx$aG*hF3fn zPluXf98RHPYFK4XLIMqoKci?cSOB9KwDz`&gNBMH;B8!k(lt4`JBV$C%uQ8E`z?^& z!84R&0^#IJ+#!fLe=V#r=lR_~iU}r)^VAG1mw#UNAy-ymTzTPjBvpHqOXp|D`0m4) za*9Lr2ZLezb7>+MzlvD)_XkSu$CYuAiWq~M-^MDcE6b~Q(GwdWyoAII0UK|6^xkfr z{GoGDm309147-E>8Nij!*LdG=Ep(ojD=Q~JBs4ZJ!PA6h?$VdM!=Z^14V_wZNOO~~ z5f*O{Mbo>HZOfi71c~BR zbb$GCz21r1BrKo+DKpO}TVM4#4X#>3_^uS{#Qu%lwt&-_l=;dj1&71m`nx4B1nu~{eJbK zcLm2}F3(%0<5%>G``*Rmc2MRXV-4`6I0iZ{EDT_Hzu|ICVxRHm@JYuY#JCZdu}1Em z60>adcbXo#j=p=ZNcknk6(=+Eq|<`oPy&ER;5)Fs2}b7m{l#v$q#ip~Yor*lM@gSn zftQ_$M_jK1$2vy}A|)xRS#`ag@qwhzYNmiehpAxCjGu>x{Cr(~(ug+pw(UI1os`s% zH2B3rit~<&ah?ncD2;tyxj-5;;FiZJ;<7;M4Mnam+|Qt-YbGF6IlcaBiW-XyfWMD`>}rd`fg0YX`KO z-M`bIN7j$+#`3LA^ksqcg!Eb*-9C?Ad)2bzZBvLrJ1KV9M~dq<&c|W=yv~@3J|3ii z0Hh}DCQcE}2tvCH!4ImPhDCsnM$PWBt5h`JO$_@cfrZ3;Qg-f+QX>YkwGY zZ!!<+-9f*=ckJt6U6wspi6&$322yfV9B<5)33QgUNhrHJWvZH+zZoBx-4!4iW49#Q zh_rQNFyG1elG8M}Yka7_V7t<;m>dg9#5x3a?ZKsHjSnccotq5-0B*9Uv333Q=U<%{ zfX{W99^ra)+D&%41Ich~fASbq}NTbZ^NUe}1{zq^UGAM{A@_>Kqvl99V~eVbqB>u3+SINXsk$Dn{m54TLT^D~mE01trPL<~$my=cAP|_5-s3JGZ z%A>R}k8_k(5K;+S-w33Z{rQ>2>|>!t1nD9NXd@#Q8Fj+LLO-#z05N3Rh<-sy_385G zM}1*97^L+%4SiOeiNZt%iA9GVhGN?KhPVt+@10L9J|JjeLHZdJ;pKT*R8gTU2?#yS#HjI@K5_4Q2gv!trRc>GF!RB__5$&C#u5!})_0x?TtHgN zO+227_;u2@4i63z6*7VNljq1s0WeDKTvk|X_3Tf-#HbSz$Ig|Q@#~#!$$Aj&fBgmr zRzXCws$h+rs3uk)_Kb!$^c8h9!|78P(OH}HA{0bKD-Oi28#^Z^;HRJTWh0y+}Ku-d6-EUI1@#Q?rc1|S5= zCH!yB0*Zr7WnrT0SY{uSgKDEn!0yQ)YKQthyA6j|U*Dc>(7qwjrr0I`#BmmzWhGoJAcN;h=$b>hs*W_!w0Wnffn9OJ8Rq(or?=>{V z9c3~yGJ5;7pEYh!^)f*UV!T99!sS+dqhB@YchzY(|M)$K#yD?OPDp$TgiFJW`XuZVJ_1fQ|8o!hB{ugLi7>D%CAjdSv-4}He9P^r`tTWuJ4XQ7^t z=%l#b8!2tC6-kT2WgEfF&a1@Qe)ixt$T+>0o&+8S{K@9nuN0dC2ssbKD;#nnZ zFK*LbO>>dS8AcD*d1+|^i^!d25r|XyNudyZ5WAQ9<-oUd`9bq8=a;m6Rx4AE0N=aE z8vetU!(G3BjYm3HNVllE4c z>KJG&l%|9~f$w`<3W|%jKJ~a!Sa&=*mvI*mrQ3xA{d|Gqd z8y7%(a0dGqJS+i#*o@Ter5zE(tB0qKMCi@Zl3Mj%!#nTL%gylmN+5o4G8Bp6pm*&7 zbqJo9hX{h?w>!5ut2x<6LtS;G;&v_t704*x)gCc8@!w*=DuMm-f>$>-&i)zr@*EutMZw*bub}sFmHBWyihZSk(L0~(IRA6WphfW3 z<+1y(&@2Jz(5888Q2t-;^aGa-A{N$2PokE-qldlb3zw+$>Z;XY1YdL$A(O_Nqvt(6 z=8ZLKhBs|~4TY>L?9lt?(0fL>H)uWVySM<$Kj9waC5V;z_@!-@xCIR7kPR7 z-J%c{&u-;dXOZQz*;@n-HF6I%IW5$TS;6o^Veo<&$Bpu6OII`bg{-qRB`Jmp63J`|gWV zRXy4D3r{OXHjT-mCRO31V(tuJnVk*n7wM=-(39AGxwadN-(@IkAlj*_%!=i&KheepRRK#Es8 zDjFIrOZQ;auxmy1QgJPfFg^+Q(dQ*I*lo`-Y_k8^MvZwDXd{F{3r>;o`Jb>E(FG}7 z(pz|EORrx+nI$@Bq7dtI>z9g#3#ppi;Th{3B9DJ+PDR>j!tc(6+RiTzGOEq}5A{9V z-s3;&=m2ILc8^K?Hf2kmsSX=JO3E%8sY3Ey^=uYrhu*PwQ_06RDZ|dT>ZWzj6uD5R zY!e^>K2Se>eModjB>1d6rheqf*Mcj`+}ip;ggvmZu#f^LvDN38k+*R=sCHaVw0*#X zS728Tk+gzN%0q-`ai}FK1Zl1>drH)eP2W86XH?Yw@@EM7hY$UZUjW5lI6ZamKIFAu zB<{DE59^J#O2WYE-KA!2vu9nlfBgKp@5kClq5b+Rq|kh{>3RzRZ=uzDjr9as2M-6f zeBk>guZw1^$!Oh(=)u)DK*>}FdkOtcN||#9PrM!k9ACY~cWtt1XiLpNAGf=LHWd|p z+8Qq_8*^&f(ik~&04^#!L(JYDcFQ~ILmA4>ahbZ0=G>XNmg~_Rug~OnIFolfI2Tp2 zw={kn*hBtO_&@AJ9MmT|Ib9stPFvV=?=HOb&Wh{GqvTXqf3-G()Zc1odI-i|&DAN( zmy7PPN|qi>d(?unnr=#DS zAH+4}zVEHuVz61J=_ez_wfOKa_ojH#hbtJ&gjGll^`gJ=g(xX$;d2>h z^NCIu7f7$jNOl$@qqjiqTVOzIgeKF{kaNsN-USq1znr77EJTW$J({CQy)KjKz$w=4J#Qs7UZz<4Xhhc7k zfzRm_7Qp8Y>~x$MQiTyU9Ku`zx3>$=+P2(~zhLhky};+gP|h>hssmg{q-+uOC5}(X z*rBs*st|3ILiV%sixd3LWs%f5%m@Whh|+tI1 zrRa8aN_E~njunj9NBK#p+b=y%{YgdZL1RTVlsA!PXbb zBQN{}hP)08sIW*ukL1E7yN@J1vtzxf+FixueuYiRO?7V~>(INUIn=PPoLd1Qb2J>J z{BsW@K84X-B(t3!BeU-=H{ihYP?;m(F)=X}(}$-81GyO)#P#V#UhtIBpCLhS!sGm| zX2^aeAbs{$kaN|sGnRG}*Z1a)l$)-W@6I}iqlv4lB3T&dqb5;ccc@g9ZXu|3>!S~g z%mh9A4nFXdzj+YCM!eK)&3&hL=(OZiu06KiwUUeA*v{ocwmQTi}f>v2P;TXkv4&-{v?ldHIy z5%Kx8YW;0a$!8aXf2vHkCK9cP)r)LQ$sBL6yelD~GRSGFXbFVYe)< z?@uOi!JBq2LD_{ghGZyy+v%NLB)sJ6FX~8k6C7n3ZXYXH=FiU*lIV?zgY?p{^#532 zC)bv1nV6SCWh%_`qq8cPc@E-_3{-J*aGR}_b|i(z!Tvw>jJIY+(|y=fkJ)@w`v!yj zL{(aB>K@k&_UJkRs9Z@>y{}Mo2vP2TCpde&m%7AB$HR9d$qFm%wYxkyt5zT(t%j`{ zUp&NTeSaRcCoZp@%xqkkf90SGKa3~g^T&h^%Z{2M3Mo`vIQA8_WPKjso$Dt%q1-W$ zr=REglrL2vJ=)y*pt5SxYtKS#I##!I=PB6McG3e(a6&yesuKq!SYFx%gPhMc(bifp&W}DEuK{GDhg%|{+b|mRD-5yNG9Kp z=EcH{!>|(smoq0P1mIeTg(54d%S>P?>558+j*mm=z3!Zo9;BY+OL3iVYCdKlQ(`B5 zTKT~ZcRoglAN9XNH#S*%_eizffWK8Vk1e&-qHsnid(O!sf#sXB_GVSZZ2-SHC;-U?k^@HK9VvG6V*TX zY|zE6f`zVGtD;J-c3!w)hdso6Sa!X=ks5&payl{mT2EYHUcrWWha_u5XES{hZG#pG?kTO$4dUQu1=l!tq#~GV+-svL?dbU z%;biJjSWWlj(W#EJuJSvnA`^;jWCRjkT7mn$+-n`e7^YIqlS4`J#LW@U&P#kCF*bW zNN*K>3Gi@TmS)z^PO1Q85TYaU{DQJr7tiMM^75VNA(t)+@}`H~J_yTfmxQ7aFU@7? zj;-tY&dJTrO6%tp9IZ4tap|f4k#-j*(TzZq@3myfVe7Mum&zfpgN6#;R$S06H0HY{ zRB(lLOe&emOK6B(s4diHT)%nOJ+{5$B9FjiFp8^2se+PyJ@Oe)T{CcK4COfRK%|Mf zXM8EjZ>CqYGg~j4%&T8u2F)O+{_uf?p)yD`h)YDpW>Hb=TwQzKGZwHu8+;vi0ow*Ai(b%hmZuw49eEb7e;c--_n6(ogpDCzayy({+ZH zrxU3QHD`9w89Di2f!U{P-vwzy=1uRU?c_>=KnDW>zzPdpUiki7(^lJQEJ35!JC8Z2 zY8U)I@56p_6$jxF9U)Y_Av#z_>-&vhenKE4S5Pk~$0lt9NvSs1@dD5<;jp;Zu z2g*A-(m0>g!;R&b?S6Jqjp|S;CA*Z$S;^plt~umfMpRLqh90N$w?F*y#x3i;Se8`N z#f{eVdT;OhB9<+87|#0BoyjSz!xAF_riFL72}#L@oo+z1suIZ#21umK=t9~~;_<__ zVv^Hn<~BAv!>1l4=wLH#0lF;sMIo3+=drz9YZ^e-YMuIps zVY>0U!o6WAx8WY<$)V$K5PF8FsT^__wQwVxuO*+@z%3aFv}ml1Noi=0uJ`6Zg{Rd< zD|2IhwJjY3HCYykP@1;`pb(!>gfDq^8Q#3%JDP30`44H*& zq{g;a3i=!`$-aA<^a7(f6jtxIQ3-g&c4QQK@k(1pn_;=)Yg|KsAvyU19*?Ws&|#)K zo7eN_BA#~QO@7sxW)&GctbtIYf|0uXk5r!&KWaE8D|$kks4?Y z=&)5898E;bb>OmgRvUURQ*~`3h&znV7gmR3C!S$=bGdPo-P$zyWET|Dkkv(m_+g+U z)CSfe=j54ZCj#2G2#2t<9vej8v+sDgeqQlv$+)HGCW8c(?c z;I5Cv!O+62lQ2W?N3v5Lja#u`;2q(yrNxF(x>{#iglp-~MuVURNnOHZ>$RQtj8s1Vo#$^^NfKW;q3w#YtBx z>J1rtiMj68(TcGxhVr*q`Lzv~JFV)Q&3&qF_8;iaJ4TovR*ZMU_=p&GQ&aekT%I@C(g`FrH zK~IHFmEq(coAbXxeXgzIBi2d~Bj#TFo$oWP%@UgBKCEwI=bD;q zZEieCWST6Z7*9Dyz{4F7sR!fvW@f@zaPuC=CYCTUjuwYDs;l~#69;7s7hMlx3Hg73 zK0M$-{uvZ5Eo6z&HaG1wHNapW6_u`W*V-J~zuppG2_qKEKycHznvz%fOJh!t6Di@p*_- z$%*x7==cjm&DTx^;8#rzp0(weC@VOM=Tu;N5?Gh2?h((IV}F!T&@iQulyv**R#EpV zfzN9e4GRlFnW~A+>VBMmIVEjzcsc=ZX!~+(NOe*3<{A1zJ=R@&CTz%|1KOgcc{L)! zm(F;*z0dQ|R>wTVObjl={JwJqaJMy}i$>P!YHe)`-yCr2n|v43@(>j7C=65f_Ridf zxAAU03yDs;yz-!3!lno%5%Md5LOrD1a>Fe^0c6|sW975qN2^D7yx>j@7#-Sc2}wzz z_6I4kT15qgU3SxlizV+*EG!X@p|GKpnaZf>=-^< zR8k9TYv7=P38dOva6^r+58V#Cdo(orm-JATlGhv_-Y`E|3rouy?}v@@Y=3f9Z6G(R zjqkqw+ZGX3cpn8RCZ?hMC^0DxPU033$YwJ5+pLw~p8r_-S;L#xC;`z2?r)A)gv8^| zRx#fEfaGMBFzg6|G)<1G|6Ff5fosAi;D;cfZ!x<>z~<`<;{;YPl1B_fIX0`E4YwGz zPUnuMxR(~0dnUA(hOf^Un=Nc?_&nDW=8RCo0)2}YrmIo@`L;Z6{#fH_5>|o3Jn#Br z;eEbKd`T^qM?;@GsL1m10TOpWr^mGyn2LP}n7TUkp2qtJwS&CuR`*Iv!_#AZ$pJt` zrNg9mt#?XgaCu>;T7KXj-)zF&^5^)qd|2wk301PLy~jjHf3H=?hxm9(pw>occ4>#V z#U295%{9LD>jF<~#)s*Z@17SIGNkox%(tm^hzDI9i3u9@&G)^BypPc0V(Yyfc8@f( ztAIav5J%d}>h0|2%#%<&`KDURr}_UJF7)CaBvhQqr(F&}h3|U~zuny+?+>)JmX=^B zA|C&uJ`(B4#gi7sj~&&=_&cPlWqVW!U1YI{9Q}eXzC7ZI%b8#`n!pcIpZU=ilXkxmR(tWs(%FdPc~G!&yhIX zU#0k?LL2tW4*CwVP&luSf;DVJgo8EMtQTiTM@J_sL9$#B#S>0`KngdrOy6Fmw3t7= zsYdZJH8BZfJD7z@-(A+%*T*m9Z{vIc2_I-Kw!2Du4CDf?V6B&_zJe=JF7d%^+AV~W zlg-}kR9Ri@O{SojS-oW3H^~S|CMC12#^T>#W#oMx21~H>_4PgA-kNXW2WMZ}Gt;{; zZGu-sdn_x7sx?(PIZBQhh}i#d>qc1X+So4DffB6J^KPRT=|i?H=5b3}yw3;Efttm` zkKVGSpw#~x?kg)E-180}c(?qa7if{WodGK%;ogP7`7{D4NKyBoL~@WGNDlVh&E&xB ztOkU97RoCv9V*LKay0zG{SOAZbi&7GFYe$@F7I>ymenkmqge(EP)|-JlSY|!vX-)_ zS^mq*l#{d0_VQ3cQIRZ*tQ(MVe$k(pk|~FMd^LAJHENGR@%o2OeI54tiR=cxm(p>2La z#&G7ye81AU5HJ(%>r^=Pq}s~RZBKe)0v1Z$w(Hg^bh=y{6QW1Z!2vH~4f6p7rT*UD z!+G^zEGa`<@$sqwCY*#-sD}nUwYig(4hGVmx5!=s~7sj18+Azqpd+cm&lDri88jaLOj4xQ?%%E~_Sl129o z3=J{XdK{%~kH`vs%jg?y$}U+H*0-=I$|3@L@6qXpj_y+@dxIVedSBmjj_x*L_08&# zi$Ze4)5R|ylAMMXuU6Xq58AuN@NZUrk8T_-G{aO)OeRYfmiDu3-@aWZAn10N^>CO4 zl69=3slbT~$tlP<{?*O0!UyUAAx=ZWo2b>mDx_z9iCGOck~_+W%p`%9KIxIfbgRd z@=W)R3d-6R1O}EjHEI8zIa4jsI#?)MJtKM|GdSuWpc(VgRn|jM*cVp1@T-bYT1AWF z=!nN#D;-}$M5N1j6cR6v8CXzI@PUS=>v8`Egc`CE%?;*fTT8%I=m#JgO5oDq zlB*b)(H)nPkaF#VYuvAeOF zvXTSB2zj^HIjY-dT>!%HrQlDU((_LgD8L0~GDcGKfk#c_XiW?lOh>iypmOn80k?>W zWXHqBt!LJ7b{-6j&POHUoXpe)Kd;B`=k`vCvNCF***r%#2$j%A%Gap4!xdFkT@F2o z(L?dJ&VOO83{h%C(9_a#_Yaq~=j~eP^cPR-gizb8Hvi?nqX-}w5o^|dAw*vo8qjW8 zF>H-SHS7KJN2}53=I4yVQrd-#iyxQUZhzi@X3Jvp-eMD#j=sF6rpLu@X;!=&xK%3} zx=(8Yy9)}suyD6$%cI=g;K0BD(NA?%dHK(fVC=!81#x6N6Jm`>4BT7MyUVVwJXTA7 z_gNt*KrZ>8PuCxK^;=+*$$S-@(OZl!9$a_q4HQn1(s#PL@cCLOKYiNSuR{d68Mxr= z@!e-|3k@W5Q!Ve`9)9RUWb;~7=FZ2Pn^k@xdVB;00gApTI<-eqS(Gt-+M3s zpxmpw1dlyCulX=DGjnib6F!AE9Y{?Tf{ZPm+q(dDE>su2Mps}b@_1f>WwSDPOmK5k#h=Evuotu}{=5`h_w1-RP%)cz$xa8tbZ%kPmu zwC?>dd2SA}jCpY>nhzghqNACIr(En3Yt2@8w6zxwQ8#vO>O(^>BD1?~=R?2}R@UYt z&MM9m?KA`gsq$pSoBbyq52A)3XW=`) zErmxV3=3$KS5W9Rpq`zbrPKMfOraW&I%VxT*xD)j^Dhy<=~+%Z1m`B`jfSH3pR_Rs zpu54}pZ?bi5dZzJKmA|*1^EBgJc;JOnt1(RQ5){PS&R002ptduLC6^y zOTk^b8FnTd3>N(tk{fXe$H^~dl!eJy-lVl)ZHng-X zZZip1@Mi(1eN=pWyyH`Vionw|+sLb}Q*EFV423o-oMYc>2WDE@zDqzPAvu_hUb9>R z6l3Vq6L)rSY=@EzIY%dLLdKebqf1PAVd2hM)T!_a976*W*7m8R#ip1`!^NN`UQi^m z)PxTU?Bp)rYkK0cM>*=8*8CT?*-nN=jkW%bAJeo!85MS|hWmcyxevP$UB7 zDiBHT-`N0$hKid0K|w*qx}KbNQFz@QZS!sJvyMyYr7v7Q5MMgaH@*zEKIpQSqNA*@ zwO%R@?p~`oI=(vsGMQnE<+!Y~0fu~&=Br)d>{#(Jj$61-(zqokQt<0G$Us6SRcPoK zZVbAwlG%U8I4Z*p!xurJTm9N14RBuTPKG2K85`Hldor-|uh;B-=1(JHwJ;hA2L_Yby!<{u!L9{S?t-{feRM)h zL`3c5-DBXbk?B_Br-3aHNo0ky+d!Il9m0G&11{IVl1;3JD)y(^Bi$`yW7u?_Q(N>$ z45;-sur56ItXV$3pCy+kiHVmk_1lI*hHL37=zyQ7XZ22WXE1gEZakf~9nAebIyDUq z6Ohm!64DO}6kYQ{$Q%wJtgJ37vM7pYk586`JlY-&W+!n?!hHqU^~HY(sA;_pBIc9- z)=L^t8;n>Wj8UDhK=Vj(G2$D(SXX9FN*XO?<(F`SX-&%;Ylv`4G_kFEU+U)jR0S0kZI`4%2-vK) ziJHn^ll&Mq?b!MyVC_3P3*4A{h#cj(Vz;_24gljG(2ow9i7jUGccGA)9CT} zm!Y0sv4C(KP79;k)P|^oA1PeYA^>hMw)&!sbZ>uc(=HTiszkK0a%^7fGSdhCa6uZ8 zYX=_g?$S+FN#)b~5axWqT|u!`-*j$P?fKX6qtEtla?1)5LRgw-D(Wg4YbzSBJIdSP zBGPr$l>SEmR0^y0R15%N*TTt2I>; zFn}A25JCujE`ELS((kA900a;~A&c7DIu84t8tj1~gg(sLX8G*73nX80uP^VBk&*HC z+N+?zV6j+kuFhoPHa8b-?J;yZ-P6Nee@;#g0G>Rl1pqpoUch;faVPcc*$^#FO$vo# zYC73uvN1WCFo5B0adNCED@sXDSh2#6Mx!wpjP>j7$$ybk4ULVBS=l)NV7JW1ecRSi zqedD``r_h+GxGBClI=uB#sGkZ#;D++03DriT3VWi5BZvyOnzsl2YmLgTf2J9e;6%o z?J+GaE#$ZP9oxTMWVKL6MrOqD;m3|1R#H+D3WZV8HvoXgg$u-QVJa$`nVF`grIV-K-Q9J+`~mV}zkhHQ zmptt4?FE3~;8WrT#Q_ExK^YktDk&-Pcs%!ic}7RyFflPUGBh+bolFn}S=qv3PROY< zB9UnBJgd2LW*Zq9m`pa7e_T|SpI-<7O-;XU{CcyvkZfEa5Y*Pz>FQ3LWk zdTCktH1ny3h6d*5W|+T@5JKqhEh{HK6Lf#^k|Kdtic{6 zLg>9pirC7^%70;l35iKw-oA~EjpQj!R#skKUi{ntAJx&(;o-S6ei;6zF&G(9wnlZfsmUnHtVwv3@+@HE-Tr$zC$v44Nw?rbfAsZqsZ=TeWZut`EKf^IudVId zy0^W(JvWaX7ni_dv6k5`^*!K~o|a6ZPyitNK`yyID*evg?3@P^CyaNnUmFzY7aSZw zZkWsAlIx?ebkwNtxtKM&ENb`iTGlM8xS!VJ_e96$pCXY5^fM_$sTa%gV|n zU*ar?0Z`~q>L9FuWM90MX z2L#sFKPxVIxXJMwGM!q?)^;fX)Ym_A-RfRde^p&uSGVi?y#)n@9~^*+ipruzmH^=A z9~c`KFAxaY+uKhD25;EtIAfMYcz7fL{QL4%yXC8#UAJAk9w8J8MIzDNj7&1<8m%!3 z06aW*I;{WNX^Sh_V>h2KeoTkPXbk{Zz4|LEmCEDszHxDT`m|ms6qc5jZQSIvV&$57 ze+w3gM55BNa?3^5-+J!!^7bV!t-QRVp@9nkqct=Je0vc>2%%4qK+xmlwmUo~5kzG6 zuwJk&+U#x%uVv>E>_L`O(+g z)^25MYumBo{>P5{1HiChL#-?qCP~b7xHvoAN=Yp*uSmR^oOm;td}u#WI-O329CC7UyLRmu*u6yvA%s3bjn98wZts%IDT4k`qW_Nw zfS^d6Lw_j%Ku%tf>1^AglJbu|e_n*pN2IE%5*>AY-n_XC2BY`4-@ee-3k&`Cq)A^4 zxIs@3_wRS_)Y8(VQmJ%0-D&ftzyQBD>WmxrkNDW=B}*15DJjupWoOQuej_?UMdh{R zZyJpj6%pp>xKT|_O8EDJv@{#6^30xa;VQqtod$e;Q3+UvK}u zAAY`cj$C0SFE1Y(6Y1)*W$ajO3WcChC^|ah+_!CwkBuVJMfCJ^lM-W>FJGpnrqysVlw&Yk%Pg3{^DLXthbK{54BvlVCYa)DJiL8!-m={wN8k?F=NIwvVynhX)1$7=TD@xJf34(rgFkV55kd%|PfBrVg~=S7TuyO+f#e!00ssgqb1aAe z2;zfr;XRrcF6BkV8|sw&pVSZ2oQ;YAcKu} z5cN%WhyVx?ld1T_b{FSO_A)ZKOBF&0A%qY@|G&Drx&uNk9Sc0$f6~$lBBFndl<4)< zQhmr^L-K#(W68M=0zfp9rDkVixp3}`nbS;ZG}(`GEeIim5JCu{!Pni*&&+1uO3w_B zO5{FodOKJEfVabn_swj)Q(r4IS=pJ>O{bX}YiO|4)rPCHMyRt!$jc4+%P$Ebgb+dq zA@uQebiU#?Ha%--D{N?Ndis=`m6w0-eqJ}95AepE#0UHr{W57w1qzKP00000NkvXX Hu0mjfzr>nL diff --git a/playwright/snapshots/settings/account-user-settings-tab.spec.ts/account-smallscreen-linux.png b/playwright/snapshots/settings/account-user-settings-tab.spec.ts/account-smallscreen-linux.png index b9d81c5d5a8226a0536df24f5454bfe9457369d5..e2bd16fb5afd99d2cda902aaa4063cf31b99e22f 100644 GIT binary patch delta 17295 zcmchA;T2>}76L6Ghg5Rj7Y5Tpg9q#HzXqY~03UDDmsDM)uqTy%H$1>fd( z-}iAm&-c7vy#Kr&{Il2E`&uf@yP%C<_u z8;v6&;C3MZEWFJK+b4RO@#Gu-dXrahs{0bJGwSG`#8^15-MQ|O({1hcMjEIeRd$(R zmZL2n)}3Tb$kyx)zaDI{0~tAda%7&0ec}kQ!@ZL`JV4Y3d^RMaWQf}(A;aezUBaA z{=jz3k`kNse|_#5NaA(%RNdXUpz?~O^4;C)y_@q3&gB+CY#oZ5QBIvq9QZM6Lbuk8=(d(wv;Gn4MQ)9tvpIR_sDGcWFS^_(6KM71Hme!Vr}#Smg^Gu*&C^YUT4 zDll%}D6LP)R%Uo@KFPEC#`wXm1#!=@9`*7cZw%0WL{s=~c1!nz`7Y-yY+|Jptl( zpKb?pjh%#t2A;j>5xECja!Lxh1!^mGNbAP;KgJe8@f{|cep^vv z$y2?Tf16JMp~Z+r;t;4W=q0jqImfRoOnQ8J8j)MOoUbG~|-1p%KTAbGpBu$#qNus^czTR&v8-M++D(LsBBOeQ$sOxtC_<1iVR5;>H z_ypPnesZ&V5Q%7AtNHDy`BMP+LsuMOCM8o-+KY)p=*!v4MO7;Jb^o%SlPL4lWAdZF z`UWz`W*9Q1?{ND^cFl7$mklf)vi$1|@9$~iiqg*4C(hEZANkYRm=aZHYG~L1z<~c^ zezIGKI{;KxzvN>3Oc1`(fr}!Qt8Os>0PhrEhVxi~il%$7Eq-Em^+`W(Zj=$l8ZA%f z6ya|JW1*%l5hl(SQEcF+)`mz7?)#tBRWH>$j&iU6Xu@XN8Dv$HBlzfboA!r4XkO4s z%F0J>AuTr(JllF6t9Vc1<_)s*+awxCFtUx#TZoRng{b#Im4I2BKQwxoc zEL!j7t~ztABRB+BJ4hX4Y1;0#P2M`=-A9AZwf&d^*#UrKvNuuoV;=YAq}2u6hYr(@ zacSFo7B1d*KUNMVYgE-3^vd22fz&QzBm^!Q+;+yt&w8Ei-6JsoV6*VV3RkVNM&gxc z{MATMnN%!=qiM-6`L~U1^vsbxcD+$JAM#}M%j5<tW+wxMz_o!$G>Hu<2b{|ID=iyEBpNMa>nRPu002S632?)&kYGK-%J#DG z@^+}?mY!><3g&1kVk6Lc?}`W@g2dZ1nj(?Rp*`=F;>XQSwyzyKW>}v3l;}^+bp!@t zITO>c1R=hisqgNLAJwyRYAbNM^4hKq%)Wuk5G;%#1GjaZ+x~OLjzZt-MeNa{D{(jK z5oFM=nu&f>G!fO}&BU6thB z{8DI?&f%NN=P2T&K!3`L2>qfYuvzO#4CE-JUjCYbZr3luoAuBn52hB#Mt>;nNu}vw z`%rt{;EeL|J2%5UZ0MOjAKlZNW7_4qJJHl?ITU58%`4cLW;deWx$o0IUQ=gvI6n)S z88!2&uAN?2>0m4>y#*FQ;^$-$4FwvL$!yO^cbM?-1k{-tZOqx0Pj{zQF@%}*nkYS` zTRuJ#?RB;3)=U}MIU_lH9AuPa-F_JI7_%l-18AlAo~r44CjN*>ecS0xio91?^vp#( zj}D-4jz(!h2rWr(ssy1GcjbCbI=JJd`3im7b5!7CuYRuYzYQ zzj#t@`@y_O^SGuM#5slgwzVpR~!SN0|h;w+$0T{c;)Y?8t8T#N{rmk!L!g15)MX71@_y06uc%cjO|n zoXDQoD%FvgSX1>L(e*hAt5~SGbx}V(|d5QQE@X+ySd>zG=J^5+1dVFJ$g5K_<8-wW@oFxaBvA9 z6-6IWON&L-BAX7iFOK`^Vho()<0SValdefe7ur$1R{tp)rLQegH2hGq2SX!!pIW<3 zGKp7m!NP)E3@u%nkj{hTsndz_+{)?amH{MQu*RJCJ`v%;N02#PAO*+s-U7oT4%v3; z(a~c+LuHR&0yvpcLPeX9?~ra7e#d+hxQ`3`JhHDW+##AOHy$!DNA@`()aeQ%=K5*c z&@=wIcG?{jO8hDbO~e1iwdM-ao1?IbSi2b4>CdqTA(EVt*nCuwC(`ZkSF)l;3uG}M zyV7jf8g#WF+vtoJvRdCmxq5I=oS7SBpbHGG(SFn5XTZbos6ltg?pTX6RaODIcpGd) zY$P)!@At93ovjP>uW%t>G%=iStq2>nv_RE&>i-PD0m(Z4^Jpu1q+~_&_ z5HhaB{qHzpo00Zcy%S(?ac3G^6*$d+opdwGb(^~x*6nRraW5GLzxl(s2WIN0$h%TN z0wu$Iv*B%5x}cP{uINhf34LStU;+AR$h{QnCTF>X_lYFm9bE>FIinioa!fDeLe94O z6pvAkG#aHq`Qiop0erbNl$3W9>kqkMMT@dQ4TJZ_hP*3?2d&W^KB#=_68v?aVfQKB z&5iS2hQot}Awz~1t&iI&;;`?@414>RTH*X+DgG{><{LE1ajRpAbw3U2|8(`n z6kf6l_~KMBLtv&eDFqWfS_s<7)kO}-kHitf!unr4g8%Q`|MZF|yfZ}%=ZP7EL+(oe z{W|YlM+(`K2I{8UmxoJO(ERsw^6*DR&L&D%8PRYG4n_)kAppHje)-CU#Fep`nVA=`YTTlBsb`LDOW zdzzK?f{^Eg627vw@}f%6U>@{c(2675>AF}xGLy{0V^-w$4T9W1t%@$@oA!Z)SWp9I z@d~MRg^g|GZRxe}hPbN=w$F6l-{$flyquv*{mGraIEh?R_)A`O8Lcciu$t4!(AQAf zCDs=K06Ghb!jV*8b-yIas-U4})s@nP;#1 z`C9wg9u_d%@uQ?Kcojqf?0E@@lzs8=$b+VdHpO;+Q~2VLVC~ux-HY5$sOjl_@vdBd z)W}D_*x@t1T$qw_Ke4qHwxcQjT~lMPv=C;X>0v)Kh!=JX`|hjC3T%$khbSz(`BF?t zP2q!WnO%Le_9!yKu5cyDOMCV4o*v68B#^$l`@MI)6NLbW1xPh^J!;%b18_u=Id`4y z7; zeH6NzfKbbMqVr>^odZk)<(GEy7Kts88_4`=$Ck>@Yoy}4Lez)H@MoW_W%u=iuz{ko zkTsP?CdaC$@yR|}ZT&QNd#+z0b#hh_XHt3z?q6CAgkw;xKN#=1E*LKhwfCwuIb=ifZ7aFXh2U`pRrUpicfGc z3}fIQeOPYX8Q&e|U%E=Kl$s-;3S9v6`0_YrkMJH`gg4+mVxRFb1oW|a$Q&F%$`XT? zk;9m|X*U|E864aOe0WS>!k}ORj#zt0)BEWgL1z0;pGt&=yY0zH$?&1jM(FWSfk@#D zxYDV(^>wN<#Jh3-O>|{tWw#m0fBCL~^Zmx7MwJuO%-yuK7J|EDjOL+~mcOr!{(P6+ zSHO64B~l3TWrJ|=_m@dgZ)h|$n2?9;Ie_!B%iyZ1;BHuR;f2W4(@|@LgM26o;mvxV zbGN8j+*vJ)n?Tuek}Dwfu&&GUOcRlhr<)T8tT&%;*v_zX<@@fYYqqt&TtwBH8;vtu zXF%KK>(4A8cRp!0*A$Is$8qPpE@IXvGK;FDgaPVfnBEV)TlYP34)BNO@I>=GX191Q zVFi}30(slyOWbW2{FJaI=u(KaCkfGc6xPIbhCa7oHz0sCpszpsjpBKUan~>z;)A9` zI~*nc2kyr29*o6vX0jX9$+`ZcVO`!gzx;$bA7+a4&}DM*m{50iGYpXu^i?T^OaQbd zXKBOm2gS`8JqOm0EB))UD!6BlafQHtG_2%N2s>%`zZJ8=t5-t=Lq7%3J$!rag!u)+ zF_Ugor$sKt$Q~dC;G-;Zb6Yk1^C>k)=@UfdUbu(<{f`>Ln-}-DU-#cY_UG-zmRTC8 zyyEt_vF^cYB(o4;z&J7Ox|EaWZ#urjeGE>(O^p|f48#z9Dz>=Wba=*1Pl?%roCG4(A^_bo=xN zEf*w%?_Zzo^u@BdYb+|dnm@c+X5!j&2g9B;X!+zdP*9VA+lk~;zL$GOdjI>PtkWdXhPJ?f4$ZMA9XA8Xk_gg05TCX}lB=FIB zL5vslFFbPsyc{5@5o?bpV;yeryy}H+A;MyA8heVMSEt6^*iam>2mUh zx9>{-BTn;zMo;gPSRRD=|FMmpxnFnlIeLTRq*1O9n>_zGWvT@wJ%M03L+JWvzmMJM zD;wALIjp5yj6HUFgWr!=JdQ5EjDW;d*Zac#Gl|K6+`cq>vZr#C)!+_Wqowu+v)i!9 zVc{#U93kPl7Rc!Bz216n&>R;Ijwh0kVUnRh^F{sEbNBo02D@9~n}Lu4HWpa@t z8^3Iuo*^uwJP}2`rdhxh9SIU>r1H3lORR2BsdQw2Fps-`;mMn}3&o%DskT7Q_N|_o z7H7k!k3o6>1&|^fFftbn82}{SNXgowwa)|~06q~}*4kuk06;0uXmF_gZ8W~s z6y>AlINei3HeBG1LiYtriH%AUwKf|7v?kZkF-Ku94vkDrl}yULDh`dp0mKT@U#FK( z?g?E200kf`A^J`md1Su^n|j!I@!Xuzh&3fL&h&(AMZ^xd12P-M&V zQ#*vKT4B%1!zG^KJ?lpVRCt+XIBdh0Y$1Kdm&*$U6MTLfabCNQ>n^vMyaX765CMD2 zH@ayC1@E?owtiXiJbvSHX1g-q^jH)Jc=S#5w2=z%A$f^;==sL%5hUb7yR_3Mjdi^T z>PdIkHIy@8$a8+xR*!8;6dvxc6o5?BOQchM^k|fd1{9yC@oKE$)4OwX>|JXJ$M^{6*U#4ZZpS z8gMAK|I|&&{!VNM#|8=~Y`*@~FOF$xuJC0T2~6Ax-ad`uh^^|TVb51ba%yHr1^T68 zRAtM*8b?Eat?%&ZwKdqS=r)4<5SO_^{f#=Die5Z(KDKOrl=y>8Qg(L zz=r~crZ{DE07#zo{{mr*-+$#RPyq<0?0-fTYM=@-z}3Ep-GvRiRi!&2vqb0QTY?6` zsarMt9Sg`nckDo)Mt4GKR<4A7V0EG@t*pI-CrWJqUDpp8*W&NA8h=m~e*Q{Z+n6MU z*NhXuF_)DP&}`}M#_aEtkBSJD_(fdeLLwr|Bf!qQd&6w zUizs*toeLz@{ig#J2JH%o9i|vA3@utbQLH>xh7OR9(Zk6Ks9-Nq)m? zpB{n^YX%t%mjnGUSJ(GnxoS$XD&!nvy|5J0%6{NScB*Gz5WsEzz0+&?u8{JuOcEG7p0RaJnTJy`LA1J_QWe>%~?yUNHB`a?{#Wa5?0q2WTuL*sEK(T~v z_kM5J`O_y2Pgl=b`n3642P7alMY@@oaODIO+`D1!3?Wu@4S^(p{73R!s5E|WGcC0g zAM(HzEXudz6nTwe*L=_$LNA?loJz^#cm#3vI1=FQPH9K;-ArDW6u$MW!||{4KnL4Q za*vRGA~KZxsN%@Mvo(*S2V)`^lQYjGN3BaP7}|auRLJd0nD7ptxLmZ&LU53~#Vw!K zQCwM9&2K!oJ#pryJ#fZ`$ix+R(s$+cx{*~+Ps%!CIGA3cn6!d5yAXyWG8K2wu`-0N z2r`-PPUpV{+3fVoKb0x^=WTaU1g|Ksp^YVZ1ovNyBL|**JmS+AUOrrtbTm#|hg$kJ zkfD(F=e9ZrVs)JpJ@qG|2GO{Lg5SE1j*r51v`eT^t;EUY&P)~8XeU&gOzGAJ$I#odh&-Bz5-OqE~jc6b4zQR-B|Pu09d(|v}LXpgGkpA{00H=ZPIVhud~ zI}#%VIJ@Z0o?j>2~~97#P4Fd91vRbcmOCAX~^qiWja3s`ImL#;QNNb9EAEN4Rh~$of1XM;6+dOTTXx`Y zN?!&9vJ&K%^D4GYzVK{G(SzKT%WBmoN5uY}*jx*tbi`+F2qBb({%?B6GNX62j))sh z__8uS*j%^am(|epRvJ)O8p(eon{J`r8>DsMH&I!ibfNNpt6%oY%aF9Zg<}pj-a%|VtYKo-(V;e3LrN(yIz9auc>LHQm1Xt?p83sIE~jzlFbNp3mb@p>*HB+?L~wft392)y zx2yAnh5Y3BSH73t78>XQ9YAlMCXXgw3#kr`zCk1Z_zBzfWfc!0{x1%~gC6B)^?;8I z1H}xYqexL8V=@LSSf!Je+_WS9i}_I~Of$5g9{q`#B@v{w<1EehI| z{1kspzZX!Rmlk%#=9vTWl+SWv)+cMx&Xsp3wyzd*Gc0cym9}kyAete}H@M&$UIr%U8tX6#; zQy7=c73B_wxUsk6znoRv=M5!NW;-eGew2iOn5Rn~SKl|Ja?db3lB{s~xnc=>GzOD8 zR(uI9Z9{wQrL3Iskx%te8-n3{CQjc-T3MZ)raSFzTht@IW?7n=X8f%2DN|1h*^tQz zxLM@Sblnu-OD|jKuF=+wj^<+@4zMFzh|M3E6i;PRve_Ly2r^V$>t~*vSts$;e|}d4 z4qqm});r+i8-d$p3s4{e?%#4wW44|yLs|{9rTY|JePQH;vH*Ca7F8Y)8S(V@p6=#y zoW4d1u608M9U7uf1^~Pl!w9R!^F7r#o8CTGx1YTj9DZN=@lx`7wt89G?Aj)y412QZo!2Q<$>TO> zPi8afYCiSEx6&{)Y1lDySjD&(h?mkMpv6%-`DjnYr|BBvN%`6%0H-9>t$`VTDUP_w z&7@S)JQWyUt~^5z$@mpj00$e!XuB#-65Vs+7~M3SkA*F5bz~=gZ!dqI@}CIgNAIOA zQaL)PS2$u=zYWK`*XT9k^Dj^zolwNw@*n*cs-8skVIe4MZxV@yW>iJP$xx|y67$38 zyVV~BSEHM$BR*_4M>DEaB|nSmE!Cb^x`jGx`|S^^13woM)MW;BaYewxADn{7&u39d zDhsmm5}xAFHLlG?Fij`ke*CDFbs4M1_j9}YAVohLHMZ=4<8g31BD`*1nLlScSr?$$SyyT;U{kJzX{vf~CHXqI!;!{@PPaa{ z$*ga%SJL|TEGjEOu;g8{FIi&gRz63Ss}7j&CC?2nCW*E&%RK=N3{h_n9D=heKQboW zNNL}&E}g!7A)7Qn&{Tf*y=2VDR;Yfb7_fUaC6LotQ!|*DZM~n-l;ZX3HGG4DZMHpn z0K?7hemb?H7kggL-OkFieIzsJo4^7FewmjV$qXxj{7rMm*L~xIdE-v&@Odo7;=PZv z+A}1}Fee}Xm-#iIo&Q|5x|Nlk3|u*K%lyttIMo_kxjKM;R=OVkIk%Yim4KsW;oh4t z@5QbZcZ$VwmA&)^yuuX4QELV7HLvRScIKxQT8Q5}YQVOW>3Y z8Whlg-8BhBy^3aqO_ZKcA6(fJo;4<|Q(IKJMa~ZCun>Uqd%B1RHJ1HNtV8=A^sTe* zVuFvH=0!|4y_kh^Z)DaR)!uoW)-Ep&)_i+3FFGBh1nuzckf_kcaC@}SB_;J~+2*M` zG-IXG8Z8#`RO`CNt4~$p4Z$LV;Z)ZfyQuM<9*GBg6Stwu8}d*b;m3NH#ci&eGPdIv z%L4`aU!Xfd+R&q64g5k{3&rwhC_on%Yq{luEri?MD~MjFko&mY==(mFZI0AVzk71` zEWMP5fqJ-WN-}6)oWpOayb^uOJO19Lz zVE${*?`wWJ>mh#3mc$O(Nn$rORERGNNTXy@DvX@;o#RWg3S5J{$_i#%T=yR#&`eys zkMF^HhUQMVQGUTShncLzO!fBM{+SORZ$6E3 zFCu`0R)<3tapNGay7XSj=;$}v>^@p24tS6C)O}HloZPrGgh2k5$s}!*EEuVx!2}y< zfrsW^2aG{vE**orq4A|F-tQSQA8NUP);#J27L6f^qMJujX+?6F$pd6Qi*l}g@R%o| ztd4H*b=n=LKcps-Pg8+6Wh<^f{+tW(KKkYshg;5;e3-m_h?zNvrl6b?oK6#E0{Yqe zhxsn`tRcm*M|_S)+}Ma?${a<-GHp2V;xE(9Y%%q(f8pgOCQ+Y=|BC(Hv*nE*!{<6= zQyf|XiVhN5C2zS!xFw#Ev>Bi}!{-X0^tsm z8*dzJg81h4&edzc0~t1q^L(CmrMbZ_vFW~;^HD5R0MHNM{S_uOKesNT zqB4;TgjyESeK9lb#6%?>-z3wIeUmKnZJSSVJ9c9!khFWW_)@S=925Z3!GP`VsZa=C zt{*jSVf{fE5itV`BdMhkTQlOjp=2SzVdN`>;%4T%_cC;=hkN@>2#kMX)46XT`z_Ms z^GlBz5}SpP$sHTq?JTA2S14z-O_lCFuWwx}sT5cd@S~anf>D5ba zl{UnRjZ+menh84|5*$pzpLzS&Y{kd%Hgxkv)~YHB!fBi)G4&PTK4vzYdzWzshWIBx zRIgJnxK4j$4Hi8+b8PCsFV%8Owu5wom5?X5Y#bMNq3a?FsNnIKOzbTPxR$?2vyS39 zf1a9<&m-+O*1BnHwyf0dL^cba03JuqxE15-tIv+y7koc z?6%fe@}(-#t!uu%n5txnr6y$W%D%~>& zK~0;mOE#(%d76mm2C7gk;top8ffpNi5r*H`)}Rm%dhO3{ok&b8+}mkPId=AWt)h)= zDRhK46h?U(rE+wWG{M?Gs*Rj9gg6f}Ig|l3xzwSce#QO|MS*Kv&I2!OZFB0?o-X}1 z{KVbOw8{dC5MK5{0HXoVN+g}E6_O~JKe5#sDLAAs`K14Zt<1+t*^~Zn@0c;5>rS> z$TitL`ju}VqDRSw%G;Sp*am%?V#aqb3;XO;t3U{1g=ZV2)rI_2&5%@}n3za%+9Cd} zi#UfsR8#tOw%L_!ZgbqN0at_mqgr3Pc2?tOukv|br=-8gfS~xv`Sp3H49^AL51(pxA}ev1c$IFU+Qy>BOm1*4$2$~on12VWPkZ!24QX9>jqhINqO zoQz=3Ix@lTLU?Z<&0GK8?GRW)Jt4dbY@Gf&&3Sb^k8dU^|4jnw=^xJ8lV)02cVQo{ z{PhBMrnGAPf-Q+Po|p#y;lN@xk)?ekJO}~Go%R{+|u}Aw4 zJ?Ys4EuO>GQ{A7gpF9|9T=A360?3ZvUPO&d`r9ztT|(RO-Y(5&>N@2MWr6L<{Daq$ zYYTQ}P(;?Cy4KsRdI-2Hp8-f9;bzqf*j=-8SZQn0K*~O8#b)?gfiSAsYyG>_Gn?bb zpZ8Lz+;$eds7%-sb?>V9584%z?nf^+`jA|&+dq~sA~wxBRA~8+5l-!O^~Nys+Rl9r zkn#_@jGKx)kq;X6(OR+SOt%}3r$OM(Ai&liV_K6lD9P-J$7Z=Ae<|L0$35$5P58|&K_}P3bk|W zA#so{J#l!eLHdyK0QX7gJfQqW_iw|Bhs^Zz=l?$+!HE9r#D0~#cUbfVSsRAASq08l zjoQM=7EdKf03bSpMmVA?aXXsoMG-0#lq#&TjOhIDk)Smu$1?qE@U6*pc~Q9R-rbR6 zG?GsQqf`yfwWJ8b;&62h>$~O;@@jP3_hr~yFgr?{ zkbH+T5e|M{v=WhkT(LzAw0@LEUd6>Knvt;+tFaZ?y=m>sss*EeE?H=~wE9Pw55{3X zL#qVh{;WlaCg@HD5=puJo;mfi`E%EHm~I;(PaGm8b@*C4v2^cf1CszKYpb{j?4CDU zkGGtnw?^GpsTpYrZ@Mrn=BYow^|kWutlQkoZKl;XdD-do$heB)eO8p;bHK z&ootKOhVG9eJ&IeP5J;1;0?uJv4U^MroAR#?DGmJvD9->H6mnMiI*w%kuA7Y6&xgL zzu)hiLOddD46GFqj^(q8TXWHaOweXx`pfgl!nE!D*wYQZB8xt31o?UwSB+Mmt|gVk z0+%BvuPc2)!^`6o%h~MnpP>jo6yJqgE@GpZrb(cLSUO>V2s5{EuF{myzV$fqZ`cXe z)!%mw*)jvNGU(O*cIFHU=ob&Ew#u(r3HSx`l)JNgWUWPPLm?OtK|HWYzjxeZh9I|{_RD9wq7bR85H?USl@Xu zVW--fRUi|5jOz}KMm1XSYtk#eaG6i71M(}b^*D0qrOCj6|-_R{@d|RQCEmr#u2~!f`~8! zG+NKyS7)kj>ZI{}iOr-Qz>9(i*3L!MD^@XQA84o%-`OtA5dE*A zHBo_vtR^pK7O5QeD-D|J++?Thf_J8mugkywIp@k2*OLZFq! z0Jkn{m_c8?zD6gOY`|QfT2D2d)bRkg29Ie+wgyVdlb9^~(A7F@Br!6%tfdjJQ?&h7 z8+nfA5N=FAqx07)VS>G$RW6-7MB%o_)n1uivH%S8; zJhunhBnOH~5&dZL>_!AM;TV2NBB|zn4=7>3WVm^ZO$j09b!W{G=eAbZeh-d)t z-yTP1E}-Ccl6Kjv=5b0FcKh8cP6w!%u`95=yw0*MwEb%k)hiNNX`(nladN+5(xEt) zB{n@Dr2rOKx)_zCqkL*GhJo)NsL>Uj!|?fzQd>j1m~nF3AEuY)j<{T;GO|+9g0pcS z9<70eKg@0x>PeyeYQ@i+<9Uw*m}wui1=sWgh&Ff*Z;gXO2Uhn4#SQCDxh+nAjLJ7Z zNx0w8OjKWt|C(YsJNl&ooB8`-oXswpa2NNMdd?3`JkZt~L9lyR&Cu3{=PX#XJ{M+G z{;RKsj@66VcJzZgYKz_yyqsLLB`6436 zYqROaRcoBUhH{t9Y<$?%u7LaGoQFzAwuf$mz=doyw&SFZ)xzV$bH$k{cS7})Vieua zDLnGiUu!O)URj!tS=izD`X0Y}wP}7(fCrU% z&8(Px_DQkVr`Kr$C*jgJuCw)4!c!g&rb8Yx(}!W*9^jqQH`55)wFCLTqE{rr9iuvT zD7wF#!J+9b>x22mCda3`r}Mu>!yly^?(g68i9lhb`4V${9UKXC8{>OhF%g6j&)N0= zC-@7X00^C($3m>=1N=?;g{swGA~Jwh#pGo6{b_xMXBCR2;2<-Ttx|V6zNM+#8BXKd z8L#Q$*h0}C>$3u6ON>|-jqUR;+qhCWb{`J5`TZ$qe%)yP3%KXI=ecsr(ra*sE_3&$88G#-XuzV>c*8*Is~WvMZ^kFtxIBN@k; z;QT2%`B_BCUyx9MR+Dmfx|i?c6;R9>p82Re+0`JTdQPjB%z@MegUtI;&}!UQ8Y2T) z9|IroFoK!nsTdYSN94$vt}GAw4o2Y920=-6W}KHH&5x1sdk`Gn{SRFI&3migk9{ee zX)=uqL2Ilo-%vg>F(!g+`<2#714QUY;Ov(A!DLsANoB(66^E+&(Py3?y|Uh1)`(F8 zZ%>Psgu{tbD@MDV&3efeN7@(lQeJFXF!Y6V2{|{Y?=RC9@VW`X2LXTx;e8rs1D=n5 zI|qn9+lAMi{k2P(J}@niA0y9M0ssuw2Qq=1izHIJ2unY^#Ix<5*OgZjZ3g5>$cxM5 z$+}}v6s30N=CN@lu;eqt+iF-LZAimk63SJT2dS}_c&@_p>u-*gVlUmq9xjf>Pk_h^ zJPE=O1uSSpb#=2pc3LwIXycO-lQ0+}OmlITG6ja~=udkT7pNCD5EVTZN->9o&QZPYV~*O&qpJG?cRE>ALnCbxkUz^gt@Oi5xcUk zyGzEomKKb~vIqBZUauW!z2G}s>0DF?w+q}^&D0%6u1zfd%mI|R?#;sHwu50o-R5P* zGC#+eSj)8b0R?CP!CchX+}yJO*{v!m06>Xr&-kGzr~C2MFK+V&+Zz7*O-6ut@!rgM=V2Pzj0_4y!=! zh}d=Ka&M6HV4&*s9x6mAg&3<%dWL=-s83yXqMQowNs2S7IjY_WNmzMnF-RLkMd_$! zsuaE(;6Y{{J&(xfMnmA>XAxUyY*0;~u=v4)ToYgQ|n zG>3jJQ1*b}Rm3Ae#BjEG240=ECo4vAJN0f4hO>+XbS941o=QoX$o*>2&sSl5=ocN2HN^reUycdJa<0EL$V5` z#u7Qc^+@&`rD$J*ewq3OyweFSC^6SIa@4Ov0JK;L@=QHQcwRS2=|@)AOL(x0W5Vmz z$MIQpX}|p(zj_XU!w1?=>pn<&7wcq>F%_UQS7q`cLXk|UxZ~LOeaQr|chzr9DBGXu zG16*(_JLp%0#YYiz1T)#IhA$u!jyJ#WUvzg*F0qRJ?WYj_LLRoL#RCU#-HWdxURs1 zQ=`GtYLvMd@s%!zhxbfs6LIBqWJA5{>`WQY7QVq3UR{twNak8}+F|y!Fsxd}F6~m- z>d5*=@N`7iu+r_lU8;$aLTBnqit9{6hmnP5jA`Rjn&XE7{F<81zAwe<+iCv;0OMdy zbEO*)0vy>&FZ>6A*1OWc7vO7lH}-M+HBx``XVaP(WR?fk-T#?ec21?iXPCM$94wp( zKX4autj3NTh;BUh&i0hfy09VGOu)(+SVwMjErX5P(ZYO;!*^YGQ*tlhjPvftX8xV` z2Y36D!Ruo&FZ!{|nz!U@$Y+}41y119vAP7C1JxxnmC)7)Z!06rr%NXOu7^7**G#Gh z!2)_PKJOKKx($g4!RCKxde&Nlsm?9W@wueaThiT{Tru*{B z!kl4~|Ed}235#l4{(H2SZK|g?^;y}88oclQ%V`WnCu5iu13=y8sQVoQ>2TWHrL(P} z#T2;*_MnF`d(Yk9mI=RE`K~(7(FMixc)@(T3CuJzsLBpxWEfniroI{wQAq2|WLJ2g z^<9<+Ph674mEytSW1N}NrSHqfjgM)9J5T~p(PtF0q&VqAP<^~^T8c{e?N>TOt)@yfz23I8G$Q~I zGnG(MTJ@bK>j6hc$9ju8i*l`G z=}+Ly1MZkT3X^#4uo$k6ho|V3EFTEveXjn+_P$_r)1#0FUJBvq z#-M{OCcse*=l=Qrswrsc^((5|wPrs;-B950PpyD()C1u~3?>zCJtUqP*!4pesxr{< z&LvSH-=x>Z;j~-rp7&UTQYsy;U0q>hT&AOc0?6s0@wr(NWE>@|tVo+gLx?zyVh@}) z*sIA!94hSGy4FBQuHNtIX51>7THkC*9yuu~DParse|fK`C-D0914GwWg*^&lI_hnO zweA0^t`4m=|H(g%^rrhc2+;-h1bTHsn|?F2s4=!2G|jb`bL?OKT6Q3et8+p$N3TrF zP4liV4!u)@a9?-l2M$5_=@`WGb%iQNq?(^!7x-L&cufvafs30$>gU?4S*U;@#L4Nz zL=nM9yP1oIOL7tg%CWNkt!`I%8+fD|+hyXOS(V6bF}iSncQIXQ_7BxJ-4+=cxwPf( zdL>*0s(e4sUfV2>^hOYE9=aMPd#sSyeHt$)dj%1w%E1>R4x{F`bz|0(DFO?(p^kPg zpv}tEz##QQ#`e5C33VxiTbAGxLg%+3TTA!spXc~c zibtMg6c_KcenFyFPW^KQ#auFi3kwUunwpDbey3E=W7&G+a%s*ZMkQq>e0@IHOUrR% zXVkHsnW~+8{=x>gF+>0&6T#1UQwIl67j97>$WNc@>q`_@1rHRW$etMRpxzILt*5^5 z=${Tg(fv1ps>#1J5n@@rLbN^=E>AOV6%VMUDIkAU4-5J;m2A1ZtJiJ+T$B`E}i zI8&wW)_P9&Soq!tH#BUKd>05h(^F-4WCr zM4-ESXEN6DOTIHfv;Z1`yW6<%EiB9jacv2kYitV(>ziCikqTSU0X_QNO!U?Urz=x) zd0s*NAR1gXU`=|%x8r?-cl-6I#VQ}W&;Ep)!un+_QkvpfvY3@GGzd;T_!{oFfn;D~ zbyJtyYT?T|hU7DH>Ez431#OUX$3OK+1{sxOw>R;Bs;lL_dReHYYfl^M7CSV=b!Uf4 zeIE(mUP7y(JjH+;Zh4@RU}H1vChf9%-ub5=kp7GgLT zYbX5pfn%kq-1eXk$+c5b)>&V89fKgNrJdbDLRNt2#u{o$Wet3P-0XSlJiqbwI3sy9y}Lr{>Jq2JZainpHRZ!$hgbAzmL!WT6o`OFbAFSRWJ=N(kx2Lvl{m7IC##)oG1eYxm{tq7+NY_8M z8^0U%o%9DA%D$%jwtG;u?n8HIt;7%WpBsZkMIML$NCC|of%zoS8sDfT3SpJ7!rK)% zI(P+a%2jXFO*r5+cRB9CBwX^N6EwG$c@>*-z@~O*j?yT@~Vr`{&wgx9|ir z;n@f1F*o>bExil$Itq7ehWij$tMmSE}s{qmk}utG?R%4S^}w+*YZaKuv(wY z^}|V*ao1W~!I|~4Rdz#bSQ^*pD*MRTK@#)>&96PWXg^+uf{1U}XIC5jR`013$tcV% z-Y1I~DFTPF3nAb5ri275&A+eT@<^952j zlA+IKTV@l-2M0?QZz>y>w%b%yAiqDiocdZcZCsR&AHWX_riPUSk?p~xgoEDLMmFML z`m`o?z-Q`D_lDS0#*^JsN*mi6W}&U&3aN*xBtDj@T$sy|qD>?JV_@WZ(;<`)t>=Dq zJ{cbFFdNU;l%H>VAw@w=&9NIp3^}y602(WI4D0sV{PyeoR-#M?YtGh_=rE*BT4*}|% zjeQ`W&3G12e0(^-jNr9Ta@KE>ivNEdN%Od$_KfDhqAai`{%9AHKz! zyJyW%A|j$y8KSL@+4b2(NEn-{i)s@hCFPoFe4%%-Z7P(H&!8cQNrb#Iy`X_ErHt}* z`6_KZ^&5wE{mC$*kPzJxaJ>}{Un)v=1TqL9Ri>tVBS3EUjmki}cK1*Nz%=l}&oiek z!Ye2RH<2~r;81)97b47jiJ`jjvDf!m5XG)Px7B3Z7C?i8UC-((U9nw54cQy{9Itci zb;6zqwskn=VeaNueJME);i$raH2eZ4F`H!b!hC(pIA>*H^kg4?+FqW?x~&h4n)8fi zHjN}b?RE1J+e7C15v2gf3D3|WTs4b`Kes>34h5Co{~+~de8_!1z#mr~kIe7)NRqu> z<3yhAN|ALicTfL^=3QpYD%uQUP_ZR?9RC&Nej4F0%G}+l*hA zb}24&?UcdBpX99Ma3r5}->G2{Z_sZI-FfSTgQw7a82e_xT5-twdXS>KF=RdOfDm?N z9+8wWEPT)I76fwm$)I;j^iP~`!B$rr8hQE|^yk)Zu`t*i*8 zAuJ2S(`tNf&^=;S9HRSJ@zXDQ0VvdZe?djWBs#n80FX^u^56x{WVpLvpfS)|D#& z!hEe$`=llOq0`aD4_+iERJf>{yfFxOZGI)AHbzTOD7|4M15YMYFi;+P@HKwAsA=9Y zL-rJaZyN%T9rPz&0&H( zODQCEx9uYcR@F>pBBd@Z0XSeyn*+zvBA0Bdvj2se9>3%jy?S({R?~_1KsiO z#pcDMHdDxov(b^byMC#!pJTVfe6GLft*}S+Sa_ZDAF`PxE%i4v302nx=IE(s(oQyS zp0iTqJ@1^>HON&-Db6iWgFX-lMLzKnuMdx2wv1`7?c&A}Se`y*NG+-gv3MQ?D0nDv zS^{H%Ze>+BHaz}=FWigda{040^7C2p`QQ7fVvIe;LMyiQgOFPO>%Ogr^{8hG63d^=5Mzy+W86=-1Y8u6r5_83&PJJr%)9p<^hqnrBS!S6H+h(8jUZk-)sNwPyE7~g?;QDVPf8#P*^hO5Hflc#5jDh@x}gu65zMUd)Q~rZyN1V-@O){VlzgCM5BKQoXws%A ztG+xQ-H#vDhtH7L^$4`3_m!^<*y&(H$(@?cvm$MV`Z@22SX>An9~~7IaWfg(la(`N zuRdui%6TU@Qs+CyG9sn+&eC)J0|5DO}X)y8YA-{F%vk>up22gkr~)YctH?j!@$=#54wuk?_1cgT04iaA{&4H5Lt9e zOz}vd0fu-L(Zb*yf0>cPAH{8QCd4J7mXx6SQ@gs$yYAcIO7TCIu-h}_>hCx1M=cRk z(Uv`VcN`7#z7<7mp7E5CNm4&LN{8QZ*8Vxc9?|xIZ1<8@iYs9F)8T&QQLutX;acC7 zOkd_)_6aSJnLD)x>Rl1Kx8b0Q z48M1HwHA_^10BU(DlWIz^PQ$NC1xF&XYI8mKe>BuWX1ByJUc>ZKN;Gcy?=+a&L2m> zoIxG6;_oq2zNlMzq!V@OB{R|3o*WSFnGkNP!GP7HtOOcq8@j$!;?GO)&k z5w8#hS{d`?=zOW^V|8@Dl@|o!YwTQCwiwo1)vZbcSnPNS2`^EM=kkfxA9UXf1)+mb zd!uQw?r8R;Bq~1mO|geUYic-2Kca*e0ulCmS;l8nyRqP7uI=9bK(dnYkpck(QuVQv zPcISXHW~g|2feA=MJ499IV22$c=)7ldA9b-=hk)%FE)AABAnx1oV~qw8v;phy=mBE zV`T-9IW;wIbKg;@E;h|E8(k!_C|nIb3Si_clX=wg2U#>NNMJ<*uGrMs+OBs}B$N7v;uwKEJ9wU|m~ zj+vRcIw}DStm||6u?1P7ahJJ&- zOP%xSU){$v#LpD(LUy&RtQ&MRi)%d2y2;uCKg4k;pcUtY(AQ#8lPAXhN`T;P;| z>kR)k*mvrnD^(`6$=hq6zVY+g^TaZmdQk4*Ap~-6)K6o0Hop~y(M(zvLMDq%5~z54 zdmFsv{ClI7de0VFQvCcf%E}_J&(8lb7nR0DMm25C_ah!cAZsV30b2>B&W);Tbdguj z^mB%TpKvB(i6M~Rz`*;Z-2<|XGsV=fcgLUA#((qcSatk6h|ePOd!<1O;-T-CQksmh zvHa7>r;rZ@C6$zc2}#q0|B3Wc|0*u{$^WoH!?5!vBf={2^c)CFkFaxBlO5Ebo-8re z{FdHf<5L5k$)i9pfT9)(wzGEsL?8!G%o4V>pT2Yyj3lF*7a|2?N{+}Yx{imfge7cH zv{ra^R@&jw9h^LJR4i5t0x>E-JbdYAsX2c3r}m)2OZ!i)XR<72z|Z%Kq3XBCE3|H|;fe%$iK%uAv@byU^uCFcG;CMy*z0;*!KY9WV`~b+ z%ljvmdZ+kDkJq@Dr^Z%o^i3^~^I_GbK54g<(0~;B1 zB$OFY`rg^+AWGbt^Hq259SUDxTVp-f zF@FD^v6SXun1csSPbuV&%>b8oPtwrhm|ZogudnYQjJS+?5NI@$sRg4{K4! ze&HuA6r)(*25qIt5u$xJ*5z$iI62BO3>m{hl)$Fw8X*04<-GyokvDm zN3JL|8yCTO$a#HPFQ~DNMDH!KH~<>ZnLu9Zo$DU+j%oNv{cYTf6$B>&v(~F;+S+*b z)(zeN`or<*AshRzQzg^4yZyek|FgZZL3O4GdcUiU4W4wV2dDq>pxo}|y9>)KKH1br^2B7Nn$jqTld#-Cd)Yj!}gLu_&fJi);mwLqr?Eu522vA-oC!u7LDbr5#m1g zL6NYunF~?xK1|05af3Uqhw?p#K-XXN9eXsuz5wPeh(d_E6M%QJYtS?N3-*~;cSc=Z z0``&r_C;P92m(u)WahW)=1nCZIMOnMDdphw5C}ll^{&f7CT+IYudU97-b{)@l9G}P zV*o!yYGrDr!SMf$Zy;_-g%Kj#|1tcg&@y--^j}$fJqft%m(I-IpoZuIO2M@Ff7r0> zM|{xT+}f&tr|V#2At-BP`MxNd765nq=+o=toPD*n%5CrJN?w@Puc7_I-_Jld=o9dF zPBpI+34YLwZe%f>X2>({nB1%^#+&OMGbyQ#Pl(z04Pg}43S8Aa8Ep4;!;Qhz;B1NW zWZmsLG(5w)zS{ljLOjI-#<}C*BlXvQq|e(gmf7@DHU#*kzK=tcg&p=Yr zcae-kpD``PPXpoV8cGzh%tQA#A{mTvImWzDGPlDFPfmKSj;5`At*w#wQ%eQK1b=Mo z-Re>D0Wg!3XR~z<7~>>7EO0u5y7~SWQFl;{k-nM;GN^*YexK^z=eD$UzDJ;zb|097ahTE4yW_vz@Xc>tjuO+u&wCh!{)2Qo%;U%G zznNc=-t(-JeyVTAB~EG?$@>@zD2r<#Ck6pGcb!&wvc09R0p3z7f%_Wwy``TfWz5p% zAB>JyrK&zv431ykW_NRSKH9v~QH^_b!;u^H>BpDyg6;hJ9D4Wb(iR1HYZR0J7se<6y;|DJW@~De zA^ng*L2bh;xizOUAPjktwTZFq5SqzQSEoRA-d>i_2S4c>qB}g=lMssOYCv?Evpd&>r4%EPIi=-#a`E;q3{&?C zdJ{EmJL8Z@64ZpDLk`fY^2`XuAF8qhiGe^!_GI91)#zZQX42}h;h6>RQi_$;HEdAT zmDj8P6pMZ}2FPLl=5e!9kDyM7;J5e$>m;D{`K`%K3Mqs$E2-Og+_VT4m|9q@Y;n&+ z{cE}WjgjR#ic%w@BxAf*#T>LI4MYdTZ`;l?86HZ=bbHeV);!vp}|NUysUUYRWLZAq@-c@wZxeVyJ{lG$QXDR zN=zjuwRA;(y+bfMx>sZm{W`o|A^c{9Yb2wyx0wFt=8g$$$ofU3tl| zZ-f@xwb@#D^I+J6UoO|Y^}R~;mupTJE^!3=LsL=-k4dMztLHLbDF+nJ)=!4YZhJ%J zmTMB+k#`teuN@`h7Yur?k2xK|n7O$VSW}*)qE5xOi(E{r@L}0H<=E%QKX%%W4Yjt- z&x%O>`g+}^Tj3;Q-G%#lI6S0NowUx)JopPz%X7MjHGro}doy~=j`62QRn4YK%mr?- zVJHH@>bqFUy1c+eMCK!TJLW@M&?oMm(jB%ddsEOWp$B6e8o+DtA>eLG8OXo?Pu=)` zx&CVX9baoJtJD1+j)6ph;pypK1S#Z0M`TDy-nVUpY;ZfXh7x>RXV*z<12TzUSPS z|KKWEcCfdzJN*}?wW8aWhpN8(@6ZMOzkn>e$s98@^k>K`>ThZUxu*p5__^q;L=(JT z5W)d9_H#JBbe!8@Yhz=>+p6c!MCnzE{pQxj5Vyg?^S>d-t>GAsUo~Dwe}Eh8xi!1$ zY#d*eCH;P(Xk6TJ6WQ5Im+XDBwiUO%=;%iPCusGL!WtuitKX?g)$-`%qSs*U2#nf5 z-fOod&IaZjzsBzs`N7s!NcSpzYB=I=4hT7sHSA7C!fr0J^T&(g5)xukF8wy8>V$-Z zP@U7$Tid%e?5Y|0*Oi^!Hq01`TOa{1Bd>F#U*kN7%*{m&1jnpO^)GTnqJO8m9D_NA z|70nko}EAZs+5(2aVuo}*Q`gM2~uKXY#Xc``4f~?kiYtZ4Zf!Y-DJn_vG)3%FuE*- zV&b?AMCQCQ&l)axH2Qh=4urg>J%~(IWjHZYad>&hSM=Dl4fJW&gUisZ5}1HUUcy+5Mqk=N^KD(X~8czz^67;Ri%sld(rL7~{X`5tJgsLM!?7%smAY{AvJr)nL13GhTV9HE9NaH@X@(SlYQGxi z=-XVOTYAPr!U4Eg*KF2awpg=#0)%JiVX5zy=2#ObN?u>Q%Zjlvx6;cEU0X@ttexJS zO<#cHwLRy&2Dx_=DKg9to&ekP$|AM_9m=I`n42rQ?~!(L=9XtIyQr+Ny|LHvkoIs= zYuRufN|pYe*S%uZwfBM9`O{QnJ3@Uje@XxPmlCP#hALpjyZ#rtlYtdZ7U#Zs$|A(a z4M&p^RtK`&^oY&g-OYTuoVsHp>xY^Ca5GiR9DsPVFXLj@i5S00D$e?R#&Zg#ReO4RpljPc##qCbR z4QZ`=%Ess|BGp`OS820PH@f(x?C6x3qxYjKw4t78MEp!Xf)y!i`77ciL!d1F@-&A5 z7ao3Ro^auXinth8?DtV?l!``ruRM|awE(uwHmJlRU z5bw~P6pH#)Nqq0ItsJ~|A@Wg$rkG4UjU1e?>pX-KXbRRRNzHGCw^p~?A@_Gg2IrIX zR6Gy-NvyjvKOvR)0tASlGA3Ly+a>fo9Fo*&GcnOh*V?*iOVM!pXgjDJE;pe+lHAh- zNKHdQ|Ga|3@s)p4d<>8qU1DrBp87OCPA}!5Lx?t;35T69NHDpk!g{8#=#f>Pf{B4~ zbrZRzsu#MIokP(KuxN8+iSgHhkBMcsAiq_;#=l1-G0HLtL{oD#xt_g(Cgol`mAa-4 z!yjO3cJx)FWZA-Hao~B=!Ln!j;V%UMIeK?3>L_nVGAQ)H6S$p1Nc;K`)UHQXLIJzb+4-Zb7tJ)~ZDwU;kJaONlGHR&L zh|Ew!1L8G-PWo$q5ai7&TTg!*uIiW@6p3l4zAn~KkJhY2iPR)i+S7&~>U#s74{;vl z3WQ3#Oo{k+ieMggYY`uWhk+%Ill|TOL$^ljbcoS3{P5L2pcGOkPPV}rI!wr7hLToICqcp+?x%fq-}=xp`)KBj_iZq}Ys@cI zZ8g2Dcf^bXh6&8NF-g>GZ{R@hDRMi`_>Li!Kgsms(G?%|BDAA(#GCGpDT~Cdvdd*Z zYJ8L9e3E&IlggHca+p=G-Ps}*~9zcNx7o|wn% z=3C@{7jg4x8t@Any&%Og{~<@HaV|qq`0C(8x7d?sj4=NS(+c&6Uu9vW0{=K=n|i3pBY&IetN<`)i`Jf9 z;1|vwp53?cQJ#p_?`^MG$GyE+9^5%f=X{YBn@qPVcC)k{nHWhbWEtVFmD?+7KJdyx z7Z%?39?(zMFL}NYrB3g-9~2s>#v$TJz|m=c!i-Xsvjz>ECboc9lKv>LKRDH3hYm8+3AL7{)(FYLnF9ffp1>6hD>*{Rh<^VPwBl{4ltw-T9h$>oNM}2@* zzt;8Y{HUo!MO?9!#kRcIGOMF@!OI!)L29lDxL&+08AYUM>=N4%y zuaz9mSd6DsBasmB4jMu1fehh?`)_Cn7O9AIt8xlBd>jA7#YL68XizB}tK=+5(t6>B zPfqiun(sAOrFqDF5ikIHo{}-4Pgru09jN{VzOwo6h@1a!@jnec6;;B@ibbO;1oB3- zP{Y>L^#7_0poo}wd3pE$CAE0Cx#bi2(OBYt3lJPlm-{<2b^qbWUSFS@($LWSjn;iq zuI9j=8QIzQ@81V-zluehpM~Cm?8Xk+RN&#^(EyiwLfCq`$N!v$rh_$!lgyHmJ@7VW zE2Xrbf$US`#KeSrJhydwFa@1t@SIQ(SPB928FGO{FrE4Dvzh-;Pit${?{t;mrX9h& ze0+;S`2R-iKyhi4vxN8D!Kb|8(HM5ab*d)^?D=LH(B0Yq$@9oVc;B1A33{pLLike)cq-elzas9bUqbW$okdym9zaYBFm7l5g zjb*E2_Da5r9pqyzR5m=dw2^d?v+bP%{JctulmIYFhdc^5i1Yf}rlk8p zH90fmyZf6gvm*-R={OXDos-7dtgI}M^1Q*)U=eO^3| zy51gIKbqguL%|1I60`Gk;Nb12Pis=hs9&(cV5vq+y0mYfjB7Y%e8JX(2H_8UxhchN zYzS%`Z%=ThX9+58P$(zo{V=x=Ux;BUx~8%<^{u}&8>sG4%WZzYG+63zG;amIXZVmh z*R(ZYm}6_*uyK62)QHY*M}dWfgxFYDH-sAkk&vK&vzCNHp?Zj|<>WTM)_Ps<|Erd3 zQ7=TMj2v9-qdulHMce?u#_eUBoAFeY-|N5j#iR|UyPp4!{Qe zF8!O)srZVgTkGE$Fjs>6aS2o42H8)YjM$#HFe_;=D;+7FY*KPhAy$Qrtp!~C$&|n$ z0OXO9ena~f$&Dz#kis0_eN$s&QHznmA&0PNY8ngM&1aNyaB#z2DK4AZ^H%Fsxw=)G z{Om7aYG$JTm~wEP_cFHXh*pk{C>u>5Lq$X+D0w(sr$R+Quws9$Bd84X+mKO~l9CFk zJwDVPRcgus7u5v!Kbr9XZwq7xko0Y6uRlEPLZqMKi^1XV*&|ZCR1U2T-kzauE>Bez zFx73}Xa{6J#<^G&uD7&d%#yPg-bP+)KK6T^%qF6ESpL6(RvU z3%|6zZd@*FF(d>@GrWj*d?l5<>K(X}54Lv}YQX>Bv6S3oOp4w$+EcQO4TfLRM|p3q zQfPLcJ_7X*p$^UnvF__D6lqET2OnPYwoVt!HHVUAi}u)pC2vTzp%e+G@1NMI*}=(! z->r7Bbc09v2X{ZA&83dRT*!ND#lTMF_3;N41726DC3`B^4=8KHVIs7o%k!7qwG9oQ zi~sswN6{kv;VVx1ypp~B4<$R-;L}iX>=z&)gZ>7au4vinI=<#iS5f)9Lc_)(y^?oh zV@W7t_9YJ;E-t0XTO}=Y6c1h%T@TY~|6S0U#a6DyXO;Gmen?&f%7>w6_HI7g^^tuqQ>kBo?; zc+ehx#oril3ql@SS$T}OsrAA#r6^ZDh&vn;RL0D7 z`D(bfYU9<7whI`3XWKYT9yvxjWRR88KcpJU-To2F4LX<9%A)zBAF-tlO4H>Tbtf*z zd?Da7xvq%CEf@EUYWb+wc{zY&YDHXLKJuxgl5FQlB$oSLetwXjpj@AhbL7xFmd0VQ zdR-BL(QKe3R@NM!@P0ZQ;^M)j+5;6S#0U*FRp-iF4E86o{8_P_$pWv{ne=BWW(Bq@ zHHH2nZWaDHhOge1CSonyRv91i6n}rCWGwpt|QYq;78WCZLFKFr@rngtce zH?ZY>*!X;n@zpvtuiZp<=HMXOm_G<$s^A$Z$b8W6v-(mnyNPMam|Le60iuV9^LG6E z;ilK;9T&RAde$2vGC+`kZ&<>> zA4(g0S`-mRAXv=}Akm)uO@1f>5#DhX+}SkkIB2@`a_F}t+t_emw}sW#j5+X?HDzw< zmY9);ktKUy*H|yMhg8sTb^G;Nd0!}xX@u>e)D_tD8@~u#wYZ&oQ(8;8r=RuTg6yu9 zmm4&^(=C2&=-pU(9b?G;$fVtG|aDwyob^$Fn_lGwK$4mW7mlHwzgvdxJ!i&U= GKK(C~JL}Q_ diff --git a/playwright/snapshots/share-dialog/share-dialog.spec.ts/share-dialog-user-linux.png b/playwright/snapshots/share-dialog/share-dialog.spec.ts/share-dialog-user-linux.png index 2fb39b9f5f02e644737f74227476ca148e9d3aa8..28483d5815ce87372a7e909d3174fa81fbe4c7f3 100644 GIT binary patch literal 21426 zcmeEu^;6ry*Dh6xH&CQ#8{CTom$n4A;tnnD?oKHZ+=4?|v`C=123p)5g1fs12y*$p zbMK#U?|pxGXEu|W?0(MfK6}pDXZG`KAYYWE@vzCUF)%RjWM#mr7#L4}K7Q(7J$?Ko zYBcZa@#~3;s`O`!vLVVH42*XevfxkZo|*d#Rv*`0@s5ws%w%O53Z#9?63O)I z-52an$$w+Ytpk2lY)DV!8G6)uUPKogcFSdK~At>+}M(v8T5T?_s z`uK94oAwxSHh;HtlmG!HBWa4$JDJzRA229*xMSK@dqk;+V=@QEiIwyzwW zogPc-?Kh<(9$&I)!S>K7MnkHocTa=308XJzxSn)wh5T%WJ_2=mrdDq*#s;b$3nuES z`~h7?FP5`XO7Jz6>@9ivE6-Q;fKt%bS?Us1vUPa4jOh{8@(v64R8K!QH_it6SWhJ% zho6?OHL_%?-GJ$@y z{ygRTkTckTImP+v{KE0=-pbwBe4WRmk6VB2A9J%BUXdkf<@6h zDc@A*zur!IQ!Ux5^PVnA9tNL!0Y&{pZ;Q~zd0M?>>6Y~)!KqHO{f@x67Y+`Bx+C(S zSS7WD#_}rN|KLpY%*deHemJeqN6Y#H{f7T(LS%4aWc&0B>D_ff%!k+4V_;Iol%LTJ zvAOo1^B=xbG=R-T?r8e@RNua6a1Dr}Iag8raujK`zJ-*$Tls1skkHJ_xiU^%sK%cu zP}!p)UZim|I3}q#whJ?zKxWU<J)D zz5GM``=fMe=0tOPnJU5-@kW1C8GqR6z)umc!Fm4H^4;R(H+^ICXZa0V%9-H{XA9`W zL-511xCWItXs_8#>ODKxx$%!hCtw z9f@rPUJ;=DGz+zSIiRYke+$?9^RIcSGKm#d*Im`#z*WI3X^w1)^>-6J!!+|w0uoZE z1F?(u84qdM-OcG^9l@%EK1w*)ap4gCPB2s&=_&=OkYAn;Sy?nzUC&(fI97m4W!ISP zG;tKVhv1H;{o5QrDn}M($Pl(Td*#)M8mU~h$Jk-IKqKbw90G(y-Q+P~)Xj8?i~j_G z72N}G?>T@#nv;qnddEEvuT(1vO=+FTd(>{Vs1jr2V6&< zBa)eD6AH4}bdGjr5t4X<;3I`;?lmPbOYW%ve_bVTSGEJC-1Ih_bA7U>;r*Tj?OL&n zzxy6)EDkE+V*VvPzJw;xt8Bi;B;TKm;sf(XpstVh;fGO1nR%VD7);Jy9=??(l;6#C z)Cb@)<-AN6%FuazAEFHWt}jG@3p%Zg%4^s2M@fy~5VcS3_wOA1NRgkW5gLyUzvAGE zd?p+_xXvvIh@WP3zAk__;ZyI(@jpfmL?}gtX&qJFlX1D(_|`*O9G)gUG(iM_JViDi zEU?pn6G=FaHvs@>_E53!`6QCRZ;#C=*_$_akMft!GEM8uMO}11>C1*=no7EFS93?e z1u3DZWhtQwyo`tmtNS zsrBhS6M`OA=YM(ivD|O+dTyoHanO_^2t>0e!}S&V`STlr#om)JX4!p~%?lyMsCTaf z+?RElUN-NNA6w%BnB|m?W-E7S3eEDE@3wA~B^d3pPCh=1pGwH3K>DY~mF#DGid4ig zYFT?5VjLW33N6%AM~ickDXJJhmu<-%2t_qC3sZ)z1D#x*oPOov1YD?eeKihaBs>Y{1!q?<#y?ZX=; z`hPN^ffPl$F5(0M2QX})Geq?62!-$#>njvSKm0Yx&*oOnP6hx@p7K2=o$bT-dc8mA zoQ@rdRmw7DG&PG>M5nFTFdeiO?^W^QfoES6MCeYlZBkB&FnKPz(?v*!sl(FYS5cIVKz@bILf43bje_lPFXs`IdmNWOxdqgtXNT$sHSm=68z?)#qWpQgh3*j!2QP&2If-Oi#U zPyR2Q_Ggq}a-FWxXG>eXyx_D3LsoPnT;WaS;aytVQFbyBb07Xa2ivzqL}6rVd3=gY z$zkamh(&X&m_F>#*e08;PF+^L{-UM<8cF)RK|4O@gWE92okzj3{%4CuF=N>e-`_7w zabyqQ_{|YVPIW+;&-ueMnfI>i{jOjhc39qjhjHsUw9hgmv%S13 zYPESwKg!d%ba49^8L!L&VR+9mYTG1VVti%)54|FJijSd<^8^#4G~|(EO?`f(VK(m{ z8CcD0M~uI^uLS;|HGAY?7@8l*4xa`>UE2-*_JjfcJB{xD3nc&3>3;{u{GV0$zrP9s z?FJaE+m9IlV;fKE|6<~qa(u2YvAd~3;jzwh^PsNdqg8e-q{xLEB2xWnN`z1gFHlin zBCgR(t&-1ka`Tu=lv+hYUxE2cgA(558$uO7|J`e6msTAj%7)mRq`{C*5M|+4Ek6kb z75|Vah93FzW4ueX43>uxOs7erl+uW|!j22UhTYkq{sggUU9JOVhnISbQA_o?Y}<&7 zPi=3qmXm}_V_m(2-QsjT{fF`VJBj%%R~rR)^a~8rVYc3!JuxyG z*>3}Y?B&g}gCMu#RB~d#ItOsq$6G770o^*CHa<3q4^YeUJMAg@p3_J|7_o3Ck=woi zmswKZJq#v|*wwWQ*7A2$j-4Eit3jchh&kDo>IbT}o++puLL|`RER%GQJJ%W0#IhY? zOz}CVmKd;_<~^uSRva$&pgs@T|Bunx=raNcz6bxFg%4Ao5`DIik@mu0N45jR=bX>a zsGftt6G=X++Nzpq3bH_-x)j>Y0rHX~vfWA?#x*r;7K$2u9O3exe^TEuCi+mY3tttM z59L#p;Fq0$H7QR*_h(4uhr_VVx*{d@L&HEV- zbM7PHr*OirSPyn3>U{?G&GI#Bg2WJAxR)?;NHpE=3q=Vzp(e> z{CKYF!yr7E{jpy({I?qIm|$l``-@Va}|S+`Lrv_tVu%}69&e}pMhgp=D^j&o+-WlyO1e zvXkG+OkdVfTjpogrFUPDorS~Y!s(!zFp9e0!OvaJ()LHWnTh+n7FLP|xZ_P{0D>o9 zLD;>o`Bi|l+et;150M!z0AxY6=)PXuwkXab#5+>3A-B3nMVdrV$>C=uhu++)msiXo zl`zizj(ASo+jQBL!h|@eELe~<|gx_%EEO$0)09O?qEt9?C`+Z-^Um|+ibR7+T!S%7r1|%i6k8s zB$a5xp|D5r9_diE2a$1dLrt}BnchOGHamVO{wW&h{Ox@|>SQ#UBVbA#VG+imj5*K`t4fG8bF?$fgi+^fc?QU>|{s#K5#ki0Jojo7RYh$QPd);IjA+)2d`pu1}+unJ? zhHEVZys)UumdP-bPPOJ>SpBfZc{FutDAQZZd6s2}Kem~#sV&u9m!OxarTx$9XK#cF zjW1MEE!i$6!O=#o&Nq4fga68=cDb-a#J~mh!R<~~QD)_Y$w^TsG+Nglg({;4rBL0D zBe$Snuu)mxq3uoyUIg-?dRA-1j?cJH`5=mQv!&kBMWL=DuyAYr>qB0a(Ghwx>A1EmJF&*7_ry?qJ8cPc?$r&p`(^< z@ywN_|B&MOTvGB{$T@8fEq>T?bEH5#hM4d`_P6zN+PWu|gHlp&ZrAIHw1lM<#NLm( zAWFl-i<&Y$MVJe7vaf1~h}wjfwldP8bjQbd*}IEX-zxnU1Dr=Pd-1{RHmXfl9>2~R z8U7ZR@7%zPn8IU+E%XZ&R0}QUt%}kBN|}U0g2u%^H@lE;`TNo-BIMIh%34CtZ!+@CCS8@( z3`L*|Ussyk74w8s!hP>5ajfepL&N9x3e;+xv-~8!2LpWvAw7{S_l|k1-o)24>x^a~ zCw+_ZXuJ=!*zOy?$6mU+a!%T%deI7Y*HHoL`)nQ@@v%QQ5$#AE*3=?Hed|8abjNj7 zNuIRWjEyB8NDT-{$Oo%uQ9FZOV8uYNw>RENsJJ$OS&!2Y-etlmmX)y$tB7Y-7Ll~c z*he}Z1s_0gxxLrTmTvVRfMT`f&9aQUs?uw<`h)&VO<+#j`dv*QsyibE+AsS-3~0S8 zz;P|eR34CdJB}w9?O|=NZY?Xq#q@5Z(gJT_FcQL;=)z(>LD_FH|9Nu=%atT);|(Zo zt(hL@J3FKY8D0F4nc&?r#b0{4>jvs(y@@6ZcoKhPN^u};WCrWMt`IPLXpjQttX8i< z!qPjP$107zJ=GGVU^@{TDzc5rfwdJ9g;w==!mk8lGGB6_9-bTHf(e<5a_dKr0fM! z!x^he(5@?xQ_Ex3^B138wn8v9k)0@aoPKhg9XrR3h%=rJC&d zieD9K0~BMi^u6h0t7`s)o>G#YZWO0W<1v5k+k)&Msv(GgfxTaeO$d*R(wW1J=@8C2 zB2l9HUAP%*!8D+o%k;X^lHk+u%!HRkl{MR~N$$L&X_`?$t308zUzLm-^9q41zbhho58vwUNE@Edf(GhwN z`Pj@fSIjQ<(*ms#+3614AU5;lA40-~YK{}?y`qJmQY)|OOE)dPlMXsJQjjW0ernMC z%2@`PyBtb)>z}fXIUsHKu!Pn}iy$J9`h^w}Q%$h*V&o^6(y4afwXR z$Hexnfir-np->BLOKHj>@I&33ghr9Q9EBoP5H#NcY9*_uq3N>Jh@AheKEB{L(%0Uf zTn**lrK?)hCf=6;55MHpr4XJ>er~@;CAixcdF{rcp*9*)0x~_^{3Z>K2qno$?stO0 z^=s^B(ueQ8tAD1Q7m{BdDwh)>$QpTtdQ_OB=hEUzfbtYBIlKKuk{2v)E_VMK+8A;Q zWTJ4ObcuM5`DAce}D&L z$%i@Rg&i#f#F?@dBK81{yz^P|_sP*TM+5O%+-)DV7y%oJHKv(Wg7FO*^y1eRzj8}D zMt`V-!IZL&>ug5vd|9!0x!|p0DyipoSNc$7P}2T$yD)rTGG9%$cD@th?O8gTG>D zQE8#*oV#Yk!)m|ONgqh?sXesat7vTVq{Up+nnYU=hYYke^Ap3vV!V=)zFW+4R-2L4 zepthV#aUk0&gdNK$hz7pXlM(lKWFz)^0L-X&;)n59iLXpurehjD$;NQa;FHnqSEU( z4OblOGvvV?>qhnSJptc(Z*|rh!1fH4m7LC%*y{G*vr7VCjs2oi{k`xnR%Q}(*xGkG z7=T<=UeIs2;us4>UxuacLc=YI`~x!i#p7wVutxKlox84AYRBTlXm|8`;Z~iX3qwR28miQQzyUT$De%~8&_y@j%O#$u))+kN^JtB`YLKHo-*u7(b#KaG|` zM}@DLYiB7}2Yq)1q23b!WT9Jb|4o_`0!k_g2FFxwb}JAQM%UTS-$;7jOU{%sh54jw zkE%Rgvs<#iO&+$Y$y2u3WS3-;6j4<|7$(cq`u zDMqk0MxYejJY3>J#SC?wz-sMjpjB50=y(vXKwQO zWWj6jSuQY`D*Toztr*^2W=6u5;FPE7wn3@&waqOyJX`h5&U=1qOkh>p`^smA)Z%vy zO8S@F;A<>NgJ7SaksrUM;2X074Z=8r9b7KS^};TY9u6k%&90WrJ|{iNmFKlQZi%p`Zuu#MRZG081#Jpt-7t)Z;1pLs`TILbAbd+1A;<45@~ zI|~ocCgkyd?bBnyUo-|RYt~;k^Okx`tDcf(BtR4vo+7gIOXb+p1e<(jQW+iwQlg+T zV0980`*?(eG3kKwyVDc_@1!Ez0iT0;#4fG?(XYTq7Xhs}hLerq{~-f(kL9@F=**@P z_GS>9ZqmHf^B36}TTvblf4*ri_Nzh#h0BmpM%wpc=>1I{rz$b2x)U8Bp^26mzmR9I ze&L=0X#7Zh2E{x-&>w9vNPV@ZHx2jpIyo;-h5W4RWjOpNwi@+DQ0FT2YB6Ac%0OO` zHohhc-tv^FBL9UIu^Tq9${vJ-EnIfzSp#!Ah8GnkI6Y5e^=dK}aVqy(talkg(%Gm6 ziug)ozM)Pdbo}|iCfDL-Py!E5x9_+?B? zcyDAVdQk#_a83EVQmsT2@sg!}@92}uNr#1qqq+cYJ>6I8H+W^1s+L9X{kr=~ zn}$b6eiu|60xAqJ3lD2|Bg7d<^jiReN&%`y>rIx?YAzC;*Lg_`dXwjiHdzjIDCNQu zCx~hnh_@{`omeg;Ib4P1jWuih&nltV5jO`ANZpJvOW=MdW!BB6aMsNT+R{f0T%B`w zS1N=1S!^|j$rXzWM4uBeWk9V%!&Ue}CHn&c`WyhAE6xZkN4lJfO%Q)A1F0dLu6&W- zfUzkhr8M(*+*W?3P@PSf^>wl2Q~VT}e0%z_Rx&s?C_XR%H7n({TbtEu_W1$IYA#z3 z&a>5Yw=trtCH{g6blJyMbJ4@W*QjA3YxG~Q8lsg0#tgUFRT!FQf7=tsDN6xy0V}e8 z-z;~z5~eN%TnvH#(pzgVLC%l9TjxiFvo1ScG|d?F^*6OH8ZmjkH~#ihwD7$+y_ngN zk=4e{F_-&&JnNmX1v!7RQI(UCl>4Wu64hVyJT?{nR1JKG{#hVBOb$PX%A7K(!6#`= zL;pt$P*eTEqOwIy**88;q64a6bctl{+m!+#+h*m`8U>>Vp0{OVE-6Tu;EbjUmvAOU z!9Egv=Lz@np43%Cg0nZl3W^#;@qZN_-5Qk+TH*{H=2bUR5~57Wj@w?TEk)N5OR9Wg zmv*-3=t_D6wd#CNeP^La>SnlF5hWyh4x4&D>zKBGq#3~K_a}j(l4yJb=p$U*r_}uV zd}zXd5mUjAJ)FG6hOBaxuxK4Gy2GiKXVBSKV)nt;m7+eEeAeNW38%b51o@AInb)eJL4e^3Iu z|3Kya8rz~wjAhN9*?u3ou-?`$&uBoV59lv|kqI&D)h&P45t3_z4G{zE6fwxx@jd$B ziCf?G#_%Ru+cKGtHCk(G{kC@!&$2G0b##IFPDR&Jmm4ezS66bGAu&UQdS;&tjZZo$ zqB59Tkvl{UTIH;=B_h`=p@|;p$`8iDBA4UWF(EUO)+ZfBhlKGprlmiy^P6zWNtg;| z-IjFFES%Cyg3xv5{ZT=m;sIvsckKCocVX4SiO%>BzuuoG))4C9u#D7l;{sB`b>G78 z5w$2q#$T1yHqJy^M&g)^tj^A)3v5>+qMU`_+vsC5Z!2$eHh*I9027Gc@Fx6~HkJp2 z2gma4mh$+g6?E=2Q++Hpu?BxEG-iG_%sn)8P%~q{7JRKTu3V!_cr2-(FyL)+@a7bf16Z`uV9Iukr*xrK+)ymP8W&b9{>Hw&J zfu>VSHY%vi{!oSrE)t6{n*h~7&G6i;m^%$}2kdL24}89DbkfScSSM*RZh3bSnI(&5 zMcx0Dz36oR(ynMePNV<3U1Qza4!>lA>$>&4zf)@LABH>i?5XpRcgj4*5si}rHIyc- zBix@MOP-97RfhP64y1vx%Th7c58#vD;`Mb_C(`^(ap(c{rc4NP%3igChFgAh>Bsly zqBzo`fl3ey}GMEWN&Tq5OAIPlQZVYDhVIy8@9lABi?+JB|8>sL7Nyehi*Ux|t z7J`Z?%K2|1zaz^|k9;mJN-y?mj9Lv-l;}yv^6C~NmtV*0s_1Fy7;3rm!BtyrBAcJW zlot(B(_N$2EPmZFi_*iVIIIV45?`n%Cc1GL8S?lwv#TY$7pI$0k!>r?Q%Lqgt`#&# zO#>L^B`-G4{c1*a?$wk93rFR`o1ajib%98u7|mU@t|Lx zv2}WhcTh(!E?uL&0td@|jS#d&bK@G|{|sVu3_z}%PCdqdufuJs?7cg)?2OY=YUov} zmU%w(LLkCgE>iimB6K7ghuMwJdlZ=^uTQ~P@bOSh9#9)Sl6$EK+O9+NTHD9XAG1XN< z@IU+c1RTf?)cjvbGu4j;)coeH1guNL2hqaarS>-oHd`q?XFHWqQkagSaLmE__U{_4 zHjWCIt6t4THV2y{9BFstj6aK3ol-r%Zts4f_(fl4)<`;e_=+aIE^O?}sM!(%M_$?}BJ_4$m#gt^C`pJVrY zjILrXwSBF3|Jmr4g*jF*^V=PHMsGdIl1!y&h#*=c&ew28eg0K7*765SX4i>c+_(n!NZo;|Z z{6bUhs4NBYUr4B!H0W>r@e09`Exhzg2WAV{H2ZwheG7;m;dD=9xi>v6`oU^Vs3XrH z{o@)EZrL_gH*o^7B2}i;N-PSN?&t4~ zPE|7LT0m$FHmicY*4H-#yP|q*5BoH7^7792^K9UBA3V;nAknWH%VFn+)DmFRU4EPI zz#5CK{oW2K?lM-YH;TPUaOdMwcRog7NfD0LcyGtV{?(OcS&zLj*i=2P#{cFnBc{h= zM=vQgH9f_fTcV#-M_4fuA96}eI9mVPjP-eU%tjtf@B4U!UQe?i0AC+iz$QQYlOA{t z&0Ette=!|aA5CMze^-+qjV0|ow$?YuID~y}BeLkGlO|yQO>JitV!{nt`e$*O!-O() z=ySw1s!bq_F*T!NUDuvPOG$?;`ar9yXrdt6HD6xCd=JNZpN2Z@iI_>c$~dqKNy4@1 zPG63NdM z9hJj4uQB$|Mo8Z-2RTv&C)>Fr(lZm>L_y5(3XT4iS72jE7+CT=^=XWapcMDjSq6sf z`3G77j6lE>qm<|WpF{(lUg2iCp!9)((*BgHlH%fG8|#vi5*ur44VFn0CISq9h=PK` z{=Ti9o!x=0-TuMB-L3Dlr?=N4i@~)fKgV}o3hoVN@GIY+sawxpmzK(tE6xQYaWRhL zJVn+p0v>+;wfgm~e0pXU-?`}13w;xlwFg@?Iw&}dEYxdV=m`cjHLTlbEqZ#1L(kUA zN^p7L+4K2>xjK)-*}IEFQGur~0t>r;tK=rL8{E#BMJg&PqSN55fvn8T2F zMXxcIJ$bMCjqcYdt^WcV>WtrzN52+66PcE+GB=G&sn_>|$1 zhGcVNW2XW(&oDgIA5E&9nY28JRUoB(uutZ?e6}6M@jC!q6q~6t1fxGh(gI4_!iJZ>X|Dc-g%)i{Sh|pqTrz~iDl<tuou?dySKQ)%xbR>PItb5$wdUN0NizfeC%Y`$bE@1e_$uNP3B!S%aUB*%w?%8WR z52|C=#?<(ksVVcT@_@osy+wbkWH!UuUZqPA_jD-9Sx9>c=Sc5J9T5pm{ z*GUT<%c|(SW2di(lwWRRfAUGJq#cOmrJv) z?+;|$9cQN@Azcd3G zD@$%7-8}?IOtD@SRX?eDBX?g|m~U{4dY@@%rQGv*&i;MDv(15MYfDRCyKm>(T3UA< zmzSUX5#Rkh6@I?8;=aE;jF}&zU<8e|Q;3VE$E)|J`E51&{65~xMWn`y0*_^gIQ z?@XcG?Lyay!o`8#-hhtyDnix=d6Yv;~S@*X<_F^R+Udimu!*3x=hGt8sg%f-g0Un-L2*b?KJ z*j5+`3EvXs90}5OiKX<7Bal8bTVjhgtlG)t&(&m9CltKFY;g6N_;z@?aCCDl7kg{} zD1Y;{+#>zNQQl1;UbU3OoOpja!|3MbRz(YRSZKVsE~FWT(bPCRcpR0X6XEc|(I4%a zn#ndxUJi~%H9yrY!>@o&Mo11xYQq??n@*uH!B^k}-fjpjJ?{Avws!yv> zyT9rcuZ?ORLndWk6(gJ+=!~mJyv7}#7DU`(%qn4XLevn16^aELrrFy~cRhVLZ>4cP zG%DJga=7}swmF(B-PBnBhU9*Gd7XROl@?emRKW;O19Kwou8oI>s;)$auPKm&epU&Q zQkrrRZQtd9HV`{_UqeLLwHWk zYEF(ZD{DXP1BC^D*HF7lTQDD!@{Q%4!Z3U#C?jE*lbH#cINjO*FNzn6b>tvxL)&*_ zF0Ff&{5Pa2Hez_48GO%UA@pS-?ZD^skZ+|@WaX-3LiH3obEUJe??*u9NSM)1FKt7K zI9@uMMP(x!v!VIJhY2KJ>B*{Ok=EvEpiJqWy$>|e!Fe!rGs8u9Ak zVZj4(YKmc{=lx?)H@P49|Gq3%y5-Jlx_sbk#;Ve3lfXc{#Wki{@DY z*gc>h91XFtSDhQK1Xv;s23tv}h?-2$wKL_RfOuWF;RU(|0_hHGD$5q3<>SCV$4<3Z zJf(4`lx+M*`}h#&!!CV{3|*!O^SguFfY2stAXhweQu*h*QBIL8wlV<4iajMu9l zy%%1>i@cWGd7UMBh)&I zoa)*4>?Q68ZRE1#_g?PxSwdj-qMhSI^yOgRO_?F zQnQy!s`Vp@@pN~0?|nc8=jWRtlchwX~>jQAK*sc<7-G5buUD3Q-~TYm^nZk=y)TK|Sv(IX9^rcUXAaUeUIEe4?i1Z!i zD*=Sw;NV=XU(Lf@@RcS#2AQERwL@=$WPb`Lg`GLy@<1@Q03w6m;r#!pfP28P;NzDM-jYxyoOFa7;no;F zxMoNGe*G&cBqX#;k+Bh7w@cyBAS66J7Xg#W_lO=y-^kzKu7Ea78&^X^(*C`(p4xFe z?b5@G9(2P~oE{41CA6U?*(a#i^)iud80a&uj;s>x?%95?J7PU2-)9zG_l9HWl223F zIEf2rQ|7?NTwck|@8ahEf!jOPrRm_{fPO;*PjRqp2!Bd*Gxk@PPjt_L$Wt3?DK>(7 zn~?mMp)Vh+e6vqz`SR^2lajUKpG3Q);HtPGC?Fss&YRvqR}Kjkmy!Z_p1%3V^^gN! zSiJVxv9aA>tGPMO4Y_WyJ*HYp(I10TAYN#)7GnFr%2eQ-^ry7(;K2cvPQ!~s4kZa6 z{HB(Zsc4w#{i0!L=rbB$(ckg)S&vPWpSi!xlw0r?EI*cXP<{eK36QrYv0k7~$Y;AA zt9Lb{TV|wbzMRi`YASsSJgWa?=Sye5^*8{v?;%eLRqIHgnx3&PKBdD6K8Pzpq(x}4 za#Tn9Bs@JQ0mdk{nSO?CFS2zr@WpIiW`2maVzUr)t}B1`^0MD6B({nFbv#O-t~B%e zWlW5;gEigM{Nkb$v(`=h<5eIA@94pSmc>!7=ML?(PQtMr=`a>soO=0&F;avmY{2Dl zo?eelw+|k>t8&J<^=l5z$qBkfdzx*Kh;H&+Q#EzUnm;d4-qW1{qKR|`A9j|oJu`=7R)$95iVnERW`n} zyPH96e*(~P@ymTON_0OTJKa{Ao10sHC+LU>!DLrV20N7y)eH_EtnR}(fC91FL7YK${1O#&t05M(A59t85vQ3KpJ~t!&U`cjVU7PWYbs{pr8^m_;+xrc44_7{3_`rs*MoLe0CiBchG}eNyg7huk1oHs6;CgJ#g3^{oeo!ca)gFB;H`ked zIp>$GP*!r}p1w*g3kt7<29hr0{X`+BU!s zN8D0l$S30apG}nJu9?l^rSR5yzkPPG$|pf;EmV5-(vT$dE&v1l-iD96`t9~|K0?By zSjJE_z^60MA_^BbucoiXLlg)Mk@6|4UYttecZ&M`kdB9kr>DLfgP*m-^zYe(Nce$* zZm9pX68c`I&H=A@VQS9xK;%R!zKP}n9W>I7E&|e zq52y2@ERmuGwq09*0PcueSv}aR5(s=RC?=kd%;&Q{3HYmMs#U3JdnD-ZE7+LwQNQ2 zf7i{;IvcCHv&e+zr#0Uv!>65@Y#4;p=WBQ5^z9Hx`en_N#RjN^$e^H4f#chAcC)nClM@ckMQJgUvSXSBcW~yRJDQRRb}1x?7w;X=pz5%pzn+BXoQ2jph}38U9HZ-+ zvniI_YR?Px!jyxN~&w)n=?ZF+uxOz}cioNm2;x22-r( zJoGK7nHJ7d@n`)Nd4}3XmI_+`bv{ni(dIA3t4gy$Jym(sfS(~ujX^)Rf+U#yMYXkX zZC)~BS-|_0=Pvs7qb>Q!0Pnzb%!;fXYZj`dDT_wHX!TMY^3CdLk2CILnrY7$A1-La zwYJ!vPFd%I_!gp!&f-wfdvXW%X}XhehgY~(wII&6bk0@s-?MIZLRm%eK@~wknLE>3 zlQ-p|Lp(2b-511JG={OGvPm!Nj>IhomEnMZ3>gWvs_X41_;%F?ja6w-5S|}Q`#m}R zvcg&INgrwYFylJvur=J_Eh{RPhccWi&3{Ah_UhAD7U0%)cpDL~3q6fx`XK zc)i~(zIO6|Sc$uTttUQG>M%)v-|-tQW`TMQ(o2oJp)stn5?(zk39wh~HiEY-6in{8 zJ|<&Ue#}WRz+|oEW4ZBkv&s<{6C-JbT;?bZx*LGSigYRLDB{qKel+w zS?wF(lkkA4b>a#qtw?7nRKSHD{LWus{dGEf0|o|>`hWfxAjsN3J^BiuUv+vJm{Lt) zUt_+GycCb+>OM~6%38|u%gwoN%F9WY0s$6En-syMXEqkC=cOGjt(?eO51_$lDo?LXu#FU83d550Uo(A(uCm!a6xmcv&&#$UgFZQJuj zltX#-nUidqq8~Eeq_e7eJv`~=;4q)l^;4{x@)UqS1vLj^4f(E4ar1EosIQ9%KH#mh#(x zYXZkC=ZKsg67J1k(@JoE_!)yg=Airx7y}sYc{e>dX8%UHVB)r^`jd+VuL^u3FKGfr z;}{zHvd)2E#=W4wP-bRi33td)T~F!pN{LESa#_KmaByY3^Uyhsqr@D48B_JCJt>K~ z-r0Tsyr)gW?q{NQuAi^v*R%lv#ZX@+Tvt6U&$Yg z);FaY%+H4mS$cl%kGqz{2nmI^(?_SfdMsLVFpl4fU!KuDBF4eXWq@jm-Xt5S-JG-( z8Uj_neLLbn^?cOiiv2*yt;wDjIU@V@>kwD-$OMDUfv410(?OonQP=JA2D3$Df0OYg zk1*Vp&BB=;0s$$T0jjU;*!}3{O9xZSuNTl1#9$T)<;bhsBvPaa)z_Q7#e%I1$g@p>|`cE69%yuPn*lb}yiq z$qFDNAI)>bjsijxqN14IB@Hw#>3Wi2wkY$+qqL->TJoMPvjvYIlQ(CrX@O8QbqY+I^%bb{Og+d z*X0`JsgBHNU12i013!U{+s*uXINbN2=YPd5z&L)nL_c0qgPPC3{~;byNYO#G8}4pY z?0a~oe)MoXZ1KSHZC3bP%acwsOS&|;8OU{xi`x@EcP$;3d|#35FPx3dBTU0SkhgR_ zT1!0f>!5TboJT+3{fHtr3b+2Ht9%JXJ3sFlxut94>D2!UP7Sg0b{&x!$H10nB-6CF z>4;}Q&U_Y=8p zDkwJvLSjQ~#{?V4$@j1Qd!@q5zeG0atai{QS9laIErdAGOZ@&ldDVy z8q;}|0Gyxv8ho;l~lmdqiLP-yD>m9J;V z^G74|vnriV!dkhqIA^6?X-Vs?^^VaPq3$Nh%H&M8a2ifYd0C!+D($Kx2r)?-${ll@ ziFU^7E*yIX02CR6FC!U;#Q}>0pZzTYZ(#Fm2k-Xx!e~KF6D$rC0^ISJke`i2P3ucD zsjP3bnVIofw+u;2Mpidjxr4z>R8qWV<`WGjNl|4L1Ic`wiG8ruyw1uFrR3j@pOdIr zZ6e(J+BsJ<^dI0jR?3y^X9c=C+|Tu#zmqc(%Y6NpuL5w{gh#%4O<}C?h2F`B{ysQQ zCVNvGLByhrUug}TH+z|Xjh^!!Nx_egNmh>9UC)}&ox++(D!&=X#k2FDnKpU|0Zuz- zK||(iSBv}Lv5C@8K8lLWTu^)4TPfhmWo;<7!ZKcuq0vBSYVEf)LW29tR)r|$I#2ZP!BhZA3I zwzznzZzlh}ld1Jq_M`R2b~F35nEQ1goj7+SrrS=q_uoCiRRt_2V_qiIgSM^nx$TB% zoX`qa0uHONeSJ;o_sEK3F_E9qG;-eC!2POUDzw6>Dx3mb2HI<&hNqSFX=OE6j9iMU z9u3Ri@0AXR<$2M~XQcKt5WZjSoUIn4q7u^5*SCA?9fnh+mctTQVHK`xBdGMqielC_ z1g^!-*nSiK^k7jODU-m%U&H4ghR2V&4idW;6ops_P;vDK06?6;FF%J&qId7V8)6qFgBnaaHw%hABwg&KT3z0FPt zUfMZVGjyMWvsukV0aBOE(7n!gA)nIS>8wwTS6p#>z;W>I4iZtkpI zbmE-?_ICIhU4%B*U`VuCGzB;S5E|^sSWEA}5bXv@-`)h3{ws~&f+xoM|`g4R{i}_$^>iyTXc6AUEa1k+9mVCYz z&O27H_pRsW*coqS7Kk+*jr%qTJ5~_B-10d)!eXqnXn1$M{lLza|DDpN zs&*C(EOX%M)$eH}jp&Loud9r85L)bv&AYMxGv~-9#lv{)JNV0Y;cbA~22e=E5FLYj zZgz~}u>aF%3K0unDSTstg}KLX{K06dAeWR=@$h)&iKw*3%+v~ufkswQgOWO!%+HH% z0!@9$Z`@!Z9N)_2T(wvp0nQN-W2GH}qHz6=235t+A1@=uF*J4e`#Sbr)kILF0K#I- zQ_db1O`L)ExAFk>jl&sISLPXTG``p++|foBE-#m}*X@XkapG2lyDwYWTRlZt@Bg@ZFQixwhZ2tTL8WfCXzo zJdKal8~6Fh>lw=BT(!`B4i3NypF1qZ@_9mPmSgD~uUPfreQTUnO>J>DGxwo=YxeJK zCT^d}=|y4F{QI-pk0G;V8Uzp};PF=$F{IR)w~TMT#2PT*ITbFJ4EicZO-6gbDw zJDXh_YpsWlhac$~pGZgmUOF9r=y2en!+}5cP9$dAO(zo4qpwZ;V<6P#HtlZla3s$8 zyd0T|6D5VuhDJMsH{j+^;r0WtYBPx0f!hz@wl6~bU#NT;S`!(JE!hcHR#K@^SpU0{#^IbM)it6$*T^@#I5K5^Ft!3~TsT&%(&u!x0 z+r(+vEV6jcVbMc+NTexhv){gBm6K!W@##$Bd}|pfpw24Xy0PwCd)jZ=u!6Xd0l49lYc3f);EB)W_F{EWhq2*YH9&( zR4-5Oa`PW=Fzs{^fA|*9xjL~-wrT-*@zrBp>)J|pqRt_cmB%B=R|mp9gOL-b;_*b* zWi$NY{+$BP07#~DG)>Ku_FV|6bmp~zq06_dTWZefJWeH)Cjmb zlsgm=X_{WNH|UYG&*P+lh*)-=^gB~Ygm455gL}z=`g+?hw_U1s)+6Vt!t%+%%^{u14i1fW zt!rD-PwDA9v8J_AW3HVDJ#x-urNN=mO`WY3x!OYL?SHeQW!0r@XFYPR9xS&L8~~$1 z=xAB>^ovKA=xm=%rJs7?NM*f2kDLtxU*Nn%&#I|(=BXEsR4}^f)XsY3Ts>HZC%6J+ zMR}!Xprz68t!TzH7!gNKO>}pyCC)Z10(#`EDC)~S{jE*)#OAoN5RS%%N5{5xttHMj zECPD8vmQBD1D0)oE1>UC^5E^&v19y#})7*Q0prO|)k zoYR@?(8&Np(`zrRsz8Ju?W{-6?<|&ifGhNE4V?_Q9JbYsevVzt>}@WW9~uqB;)&Ib z{)Chtz;QZy}R>}&&xw615@#tmd2Hf?g%Lhy0o(nIlqHg{sFFl zvB~i8$uYOn?s3~aE(cRWKW7%QtVG0EM2tma(=Dr3*3}XOMJf(GavquTP$GZ}j1{EpyK32+5WhNF>aJR-*IHjB^WWEqC% zIf3U2(#(>S%St&(%E_`4jEM1>gvaIZxE!@!f{6CJoZrS-jEJ#FH0H2dYrHO+rUafB zc&@N`Fe~MxTrMj~vZ4k<(fCZ#>#}>?&a$THmw>Y#?W{k}7a5mUfSZFDn~u*Uld1Ha z6BPD+6r96iGT5w^YE%2uDd*`#GMP+g-^N+sIkVYhvzV%ovmWiNJI)se{|AqLC-6!J RoSgsw002ovPDHLkV1n<9$K(J2 literal 17787 zcmeIag;QHk+&)STS}0K5p}0$t;!sKo1&X`36u00m1xj&(yA;o@?SkSLS2Q+9CQ@H__)WAj(=k;qS&B*6F=L`$Yr+i`2}U+@-={ zeQ0RsOe9B9I?|ob(A2Mek}tFI9MC!mvmz9{nQ@+Bpq1mjzOJWvhpHo&s00&){BrhF zJUfQASFMydR!N8a{yk(Wz0NFAvolU{mAqrGw--`C|GC?g_DA)rmKk5IQo|c|{QtR( zsbWWp8hDDe>$sDw;ufRJ04)z0aVhgm(HkvR{$CO|{_tW<6 z_Bw;FF3l$z$5kf;;Q7l8g6U0v{_V}mO)omSxR(P=09kp1i{a{wMY@8l^YGSMlBI+r z-KPY9V-m~>l4~)Nml;Sk3*e%yf}mVCa9XgHY}@mJyY6n;%T2C%@zd}Nn~%fUdepu& zWmEfK-?xG)-Tik$=e*S=F-U`)jS6m@Uf|({#S?Qk#o7ZlBtIO2cdI7xCMWTp*X8bB z7JVeLHI!g?+;}(tm$nL|-ODW_VNq2OWmnjXF?(K5E-}-9id^XM9qNp zCVq&ilG`fo_-nePrz|bqtU0;9p%)>%^N~V7`RNXJRG=dGpCx^kJ4ij`t#&`7~4cz0|;m=F zkfi^Q$I>1)-#c}}M5iwWVppGJ`oqt;w+9v%Qdtqrwh#RecG#Pm@UQdv@9R z_DC7p@sXHqGoKpgn?D!a7h8jWosOq=xqa2=jW|mL3SP;|V?`e<2msfUfuJVp2XPKL z<3=~tg+jiE>(IAzsDLu6&hHIX-Z1mZ4a7AsNaD~Hv*=DCEkTHvbl0(0Urc=%TF))G zomzY`?}Uw4;w&jYk`kB2#yGXzTElYqFFf=m?P&>CA#-r(#W4M@O~;sO4DS^J_DJ3F zwB>8$Yh~V?kw3W}hfkLeh*irC&s2ct_G%^x`P$2uC(PX3eJnbzoMA_5wVf2&j^7To z@$=5r9v^PjyTk+XIgAp>DL6Dpd>hxxS4vMy8jsmsv55hxNmUsT!mOE34OR zL;AK1W@xBOLAInQBPZ;W>EL`aEJ36%ekQO{7wge`j*)Is{KZ9Sa<+n(2jFZ9a+8VeF%-9KsUS#)KfJ~9)fO(O z&XxcGOf}AYIrgcR@Rjv$#>0yROkGme>3NQjzgjo)vRR8-0&%$y_z~g7GC1zqR8gHt z@tSv)>pa6#-ED6TZ}GpYPsCgp);2vJwW6Uv|90QAz5kR|Z)qR*%_D>{Ox?(vV0Y_a zBFNcos!`ZqF&k-bCnu$J6q|9-nz6`NU`^LnxRUO!j)e)eeL7FdlzJMBiSEEG@WZDQ zz}p4tm6tFG7X2-*RWZudU?nVIJR8<`K9qUmmqQiwNms*!qEU^;!!M}|kac|MTK%!NcLF6No+h9uLb>r{e#)*AlKW0Wb`hq~E$S4oz5VFemAE5sgHz)_Jh%JrJdeoE37xVd~L@*%Ku7_By zwOIb9{SHs=Cv$%OH&XhD*NH=>wa!OBkGF*IMW2TOKIJoqXEp4@1x2Z>2rye-;|8qU zM*l0VuW7On*}RB0y^8~6IU-?4nadh+>FN$l%-fL$S?S!cogtOxr%LC9+T)flvF_^l zLVPbXYNm*M63z~;tm)z)@T(s92f-)JuQ17{%R70&5k#A^6oBEYPL<8TJw=NxBTgl= z>DT<|0`Ybq2~_H%GpV5p>6e3=ZZ(gDd5~C&TRc8ss~?*blelz;#VF5_7up z06^f*+#nZpf;H1=lo=%NM7kRZ9Js@oD&M8kyE_s^z z1!$Jw_GmEfSVGVT0OSw(SwQt$HUzVl7@q8J?rVGM=iS!iSP8_!LJ5~SvlH)kUeEvA zwUM_k@0S#zt^OHuU@!mN0+o%Y&$6psE^jkj&AfOCZM{CQveR*CF%iWW>82U06xw3Z zcO>*pd-Er8Cq#u3Q?g9Ndp!+rYwwbL3x8KSa>fU(9Ab0!(D-(?W1|pv*^vomx+%Pg z-%#HwWcdB{JUk;)ze6~0f?$)lm*dDzp0;)iCMN$*EtoYm&D_rII67 z+sI#?A@ln3j8MN>;o((ypc=O7B=fjZr4A3f+?MQK?m^VP9qb$4VBxp$){(f*Fxr)j z4|4LnYXVE4zbDJ5M`9&VT!xSIC!FwCh?A$lG1A|3Z!PWrjLd zYU|!7gT1lHbA&h6MgeA`p7QfBApkK|JdfE?#_rG0$KO{B&UQ)>WR7L9e40USu*QDh z)Xr}?EF)bB)hd^1;sMy2@YZ4ZlhS;ZqjUdiYqwfrnnA%-Ov-OZR%c@IpU35BKQ_+m zy!*wo>pb@>=x@%{f~WqHG|EexeyCbk+Zye-*v+cqJ{00%`uVU;CVRGt8NBd5CREzA z>L(M#$M3Q?x+e3#z*M7L{P+${CphRWS|`U#N;DoU6u%n%j3Qn&|M9E;kE$YIuva_* z)38@)@#VgTzmU?nIA|%szh0o3)2^WX(tRz2_MQ0o|Ec;vNc^9e`2XvpaC+N}#-wxC zjE1)J*6aVlOmm^%kEK6F?3ZFVd$~V*Xa#I*f3T(@ndQTQ9z+7MGhRF&llq?)?Pr^E z>vsMs8IZ+9Lls#70IUrr7-;R<>`Ui8oDkuRyUC%09$wRH%N7PZJ|F0&3`ElEF4sZEPY>b2mE}5T10Zd? zK@p=RcE!D4%?BN=XVA0EwuE{?sGFw^mpwr+o#o< zL}D(DZ$9LT`itl}nmxrFePLm4d576nVo7j-<50x5*hW&r?yOxOz{UDO-vWIA-GHr_ zA-BhdWNU!i8@Q2LTNlzBRwF%Jea5EuMM|3aTV^uhmduP^R(de{h-)R#VsURCgh|Jn2`d>CW&alIR0Y}b_pf@KmY8#Zr*#q49NB>N)03UNLf ziDor<10QGiE@7A?2sP*F$?>H*RT)6S%~JO_c(_|fEcC=p&&e{RFO;9T!Pm3cuai$< z8-!~GI_s)(JOyQsTwh0UPxmBqQgT^C;OBewWw_k(`lN~g81M3f3pZnX+gg~4>wMOs zZb*3P48u7#NG|L2d=5<_wtj8r=sYNx$olMUC~2aYt6uHgC6}d(iKW?++=aBll0vEe zm2RQe^;&^4z~vt3egR#eft~r#gr)=C%6OrTJ{EqTi+Z8^2Z1APp z4ac<|7Sn+OmZak?+D{^$-E$fD>9~4b)tA?pU5MagU@OXJi3cRO`>F^ z+f7;KFsQe5A_P6BNo_i~$)C_)N?Wspda94srmjo7khuBQ`|RptCHq}BxRxcC4;GV3 zxGwNamxy~B9s?+_csuUhV_D7nyUoUxsdfB6I>VZn=rosL{&3Z=(o7vZ+@1+LdrRYj zhb30tfpo?d(Ug)F{ez$A@>Fg3)9k7JcJ{!o9zJer#WL-7hB8v@by*_|afbb%^xNTM zb0wT&$b7wkf}?&^qAac!y7(jD{(IKhXmn(dfMJI`qzc=3Llc9c?W83bx$cpS^XLt1 zT3$yM_J)S~{29MPj5wjIVCL)U~6v7@3 zJh43AK5q|7npidp#{LN%+|Chp#-|HqS=4ByTkj5AgT^k&(BoxCGMrN--439sQ2c~u5Rg^AHrYrYTTtz86#3^?2I`3HkHVsiHcVLffEt*h5z z2v-4Yz*3L}hrVdgV6o~fQrg#}NZz_kajka{ZbKpLzeJD&08stO@F6fS$}md3xyTL= z4J06u{IF7J|Js;x!BKo~QThv{m6nf0*?%y~^0zYb%s)dS!#G{2tK%oc$JpxcpebQU z6gf3{4w&(bREWdN;q_BeLm?Y$+13{ZTmr#OyM-7q*$2Bvo$Rf6-6yV(@?n4vJv|=q zkqXjyljiH?lt?CCJUqG2GF;yj-qYnSh|l*etPCN|8D8S`{juQ&&t=BDABM?>h5{Vb ziIstO=yE=coTo{%CF5?7(6teJFEO#5Z&54>%Jw}L4~GPFydP&-hm5~{8QvqO4_!lB@+~6#GZ$H4_P|Us`szK=27nU^- zWYV1%p@We6J4XDoutCe}r?*uaCU;#BeLA{$y=i&+B1n2UL@cf8ahj?({-vy9R;-tA zLq$|o>q(qknuqu#+gM^rpXvueFEugh@yo6aJiP1yo2S%B0HD-aSD#mz1eOjk0qPeW z*GtpaFSLHi6sP1Dp{1+Iodc+X?&)gpq$FK~764g~YWnYxzJWerd)8@T_rMujj(gia zsJb3qu5xmwz4zL!d+qp>=c$9=K!cX{^rtu;W5J*EO}ym1&STu@$S}Iv;DH7_ywkqV z?Ilf`a81^G)oJsj)Jy8+N8RW!kF^O^))MEn^s-q%TARO-SBxyclou~-PoN&^KoHjK z?QGaqr%#PbD#rFJbWq1xMEqeTHJdz=4k%d_J2)ek9?@n;@xqv4!}W=cAZ|<1W-iOu z7Qq}6_B%j&Ej#t0S4FPj32W!=^CRlA%F>T_*q19%aR*s3(D;VhVPj>9?aE>DGcTP zuht2~OXqZw5)DV=an7w+BpR>O4E9#+am2s2G6Kx%hPB97WK7E|OX=fYdMs-2Nz&c) z-DJT9X^0h#;_xTEZkP9?!?Hci&O*QY6#=7^0rz7c6~JSI$e2)DfBw{389IsB3QYym z5i7ag^%~<;+7Bhe5m$v4l=F{=D?gOI!$Ys>jeQ(_EbrKEsC|BFGVi;efaj?zJ03k0 zSLK3PtUV?YNBy^FWKh%MR4-cl>3On3dyMGJoZ-j6Ec{%aL-aM*3kwRKEe)nrOZCj= zvu}O$yx;zGaF62Nh*gTs)>o;Zl>jNvX!u<=-s{10xFGXX`j?brqG|0vfK_rrE-nfB z`}4EMtqu1yWCPsn>9tIGu^#wU6smmz0+mmvH9-OZm&4Ibb2(ED_}A3t>u-$QCORoS z7%Dft^zmA{s-729yXB)u2#ls3Tt7xSa%C@E_|}Kv;=*%XdZwtsG_ejpw)v!{wpOyh z*t*S3JT9g8$7gj_=pVx(;k?bxL46MuJmu2A?NK6g8P8F{f(OP<00Lh^_~LKAN%G zAG-@u8eJXj)0ii^9=Nz(Ky5+U<9aRo=R?!;6j0wbvw=x=Jv!=GReeKsRi<%8Nu7gF z%k3@NABOpoDm{Rk^?4-Le_#i39aMjwf+;1aG7L7mGM-?vB>$*6@bL$0%5t8bY=nm>gLQ<&B@_ zi&BI6P0!-y>BU80lBFis0hoBxBAKS`_VGYz4Gv56kFx`h zZ9lx-f`x8VNw%48m$aPAs`WVEzQrT3Dz$OR>az1TZQvm0XX%D%xSeG{`6OJIEFXus zB_5_F-C$AQGDY$|kBhR+pkE-VAE)9&KgVq`%HCLw;2a5S;l-SL{5zaq3PYMpP*;ey z+aU+^FOBf9vme%Ga(vDdypArcRPW>3D4;+@R%H~aq?w+J1*a81SyaQpp!*|=NL7kn z9%I98K}FGVp)&d3e1-n5o@{4>muRmdBiuZI)ky7CS!G=@yT<(cm1ck2rHrDmuNf^K zfs(OLbIfZPXTz6%r-wOCvc@YG(I{W*t{Gj+5Rp}X8RId0H{v&$N4r{>m(4kzFMP~J zxi16g59B-sm&tiOUCE8{RUCYWG;l*5uBSl_vw%@QGkcRx!_n&(jX2NTj~9P*K9rYW z3HslE2#{%nE7bHT6&hrBY-#E{&$#Ds*Ts6t5kj*?Q$dS>wVZ;zZ$6Vn$C+$#ligJFuEIbok7Q%!M7Z(>#Ew|bF(;d9zQSOG!Xq}k^m@mi0 z1&h7Yyf=I_qj{%k?`}Yp^M*Ffh>`LRwnxx=D!d-BzFD;)3jn_qkT&<>g6Q z{}tEP9xQ3RMsv_c#|~etw(5C-``fkdQ?jh8|NZG)LW0#-LA0F)E@Q6LINrnFFm*%D z3C~VDM6=!Hq9+6bxvKt%_N!%fVuI)ARtB(r=-|9E^W`EG3{QGGRVI$uT!NvaIW$Dd ztd}V)&o#Tk5B-~6-yUrYsh9AXr++KF)1gM|M68{9h&}@0JCnHXJ|~60THFp7Hkh+Z zD=Uv9&d|_~!a<<%r6(W3@14IcW$h1gt@+bD$2kGb&wjBwYJj7BwyPE%_ z=;WzNLxhetfrW{+X#;&Mdw|s&&MfGet>qE$lPhLJ|LYC|zT;RGeO6W+g?OWY4U8Uv z_UoB-ojGLTqCQ(#tE{eGOL!~RQOKVfZSFnc>u4$n&g+wH{K4qIdp!Vk2y+bTV zQ>Cw*VD?sZ=$+nV^#u1heQ}g}%u*~f2gNK+hr?fTU)O6mUYwNbXk(^cj4=ZrSJ#PH z-S8`V)K|89E%~WMvwGNByDmQa8O0Ud^B#_~hjS;7W?a}RDq`b3tY_P}9}nLvEM)g9 z`%DE8T`S&tY^Tk;79KzqOkpCL4A6I?w>rA5c8Aaci<_Kfe?TeO~t3$@F zp^feARV@}mUqkdoZJKgDT>~HCi`3M57y4X<sL7??8(ea<3@387I0&jpELRmx?zb5OJg|Z%f<1LY4z+>5nmZY z!-pDY3*7L?T5-#dq8^^XD+$73S^48Pcj-1*3rtFTo5n@H|M-}TG~VHV1^_B1JM@}d zmF<5xS`FPS`Wjb!jjelSe2@(exx@dz_X1q8S0tIY3jH`uzQc-8P#8NN_jpR?eHQCt zF5_5|>!EIa7j1tKeo$5r{*!&c#WfwTs}|f>5RNQkepB&uzf8p1acc=<6 zu3CdX8!(>^RBEsjE-7uum`f zA9I5w(!K&>dFSJmze)Hl2K-bE+-bCY7VC5TI2?_e?1wbpi=5}SW2euJncwG=NWHKO z6_K>ru6XYHb?Uwju3hwJQAg;qE^&MZIVI?unD>^9Z+rUuYCtZbrGZ*2o`=>fmj(~7 zslQMul!0yZmQD8fMD%THR=rRo!+zQE*=$@2E6qI;qTj9h?hYRHltCnSCcw?Tz%tOv zayiSEXi%Uw3p48!7j)i=1U+5m$ZKlrmoema_+3A?E{{I!l|9|r_VkB_1}vNUaN>te zJ)Tv(u)$Y&2@t8PE)$oQx>txG5SOdE2;Oy0ZfiQ9-{m%A8T4OMz>=xu&gIq--wtlj z_C2{=w2&O0RJA;7B`h&F?vK^OkCaP&&qybAz!yfF&psEs6d#`#96oNG(srKdZk$%d zkQd0pFChnAt)xZS86JE}D$VPgH)T$aQ)AXelg>}+lC zcY?0W$1SEI|}kl8Agyq|5y#P3&1Wnh%*K9|eMA3-#g$@VZS znibS|Zc`f&r{)bvx^b_iqn?zti+bdVg`w({OVB%)2&D|eaz1uMI=DGtZmZ!z)@jgM1z zya8`+LseKP3CU9H?j-B)FsN>Um--{x_pFE9Mn*=lyt=BBeK9<#dAl+IjV7D*Ri-$x z+XY#yT)52Xt4Y4;rL@N#(o`c=`Mun3OuDCQIXmQ7?@y+v69%?elDeWq+o_kjaDpO+ zp-`9bZnYP9L(}eC`!B2Flk%CqmRx?ieKcB()i^f%$mIz(*iQX-pAGE2ynftSNw_ai z%bKBiHoyz-dum*)uL?z_4{k%YOC%C;>JJY@e~BIDS6sxdVcyo_qjt{B8g_gje&+L| zBrd-?<(=}BwrOkI-oF5rV`N>3x)$RY;-7l+Q=}fgq?Ow1*(2kc)6po+L1Hr>QM#4{ z6MW|W*Cll8#x1t1+RfgwU2(W^g_2)1s;ZbnNDkE5iS_~?fED2ndzl|1pzYa$R`YnH z+&{8rjKirZ@02pcE;b0_F>s@+AIM2bW2)B6ii@T8VZg?`3(X@hPx-wmh&R?OzOHS? zw_I+qR@a+yIhe&wlD&RH^LZH!A!>I;jT$~f_yHusf@5fhCrzu_u5a6VK7S*OH-L`$ zAxhZaay)I=kSruUG<2hdckJA}eSRn6BbRuC{is9Uuy@v4-VCuiZ`U zyJq~x5NdLX1Jq=JKiRNsW>vSa!P;?t;_$RQ`*aT<@b4H;?0xj~hd$SREPcbeFCytL z!{g{Wwyn-^!ycct6nK;BkPN*?`g?+y7*B6}GNOn7)ohQAXYm0K(`J<=6TboUz?X^I z$!6w$aF{EC!%J@=us7xRo5%cn`$MICibY0=?5FFWpfd*i)430CLO}O(u!~M{m+L{$ zhn}_D=J2CId~=9gRKdbjTiKG)QhErc^M<^D6Y9f7i?yOG7F znkE4MkG1P|E_AfNf{JPURfpm20neUQw%y7b!(O0Gh#Glc5c&J>M#0fbXVV(2q-k^TOz-x~B^M2G&trf5E+8V!4a#*7>qpuwghcOD7KG&pfOTAW9X3M+fO z!#MaE+M+NDsmYMzqWo`756Xg3U9K*BGrK4@V{2>MdbNpaK#Lj}ikC-3L>!)18lqF; zX=<=!8DE?H$hkL4!a#Ef$qf-}ycmHzd-jN;Vuqb~v0dNiS~o|OpQ;K=-oP+k{(9`5 zRzE|Hm&?OGtIWpT{Z}o4!^bE^#WL-upCcr@jivZ#=bSm8PVSLN5>CCH&0Q<^A0f}j zwifDami;>f?@nSDTgBR_8xmjsx|4nH5Cx*iOc3G{zDbq}2*8mj!*~W$DuQiqZDopi zHdj|ymo^tRH#e7-Hlxz*w!jNCmu?7zlZWR$3##zE7ZUQADUN;f=Jc}^2uR|>jPhVt z2p!ff{$I2?QGU#?c2(F!KD3sdJdZBG|Ahk(IrDo0ww z;-TeM_ICD@dr>k$U2|3D&$5qKY4K6y*-PQJc{E+fN>tPkay2l%-#@Nd=UUnw@k_?t=JG{_jIOa-#R>8>E*Jx8U~u#un<>62-#~S_I4Kwd z;~D`n`lAjlFXd*fJV#zezQuKPY>KZkteH1ZGtz}k5Ry@^9dG;MTDK;u*Vhn07eh#K z8UVSNPrG~Z@kNDZnW$%>rHgItSC&Q+c1hLuAW+0EB2n}w zL@#rxexc=9#ijYI^}hRethBfL=GffWn2xh#*Z0mkYu9A?%6^=v=Aue9hn(xKK@2aO zbcg=5I+2HhxNMol^|Wz9BR`(AfTdv}3tJ0|@}{TnU}J0Ebmc78W|;m9ygr<$;Sp|r zeGc~yHjDCk+xiTanB{#G5ytxvVE1)n%2M%QJL-hGXfX!y)z_c^s^qDQ@Om_{is`7#Rt83QyD96!RPwAF z)7MqTbdbRcW>SysSI*|G)$Ju(v+oFq{03|s{udMqH!lZ)VK1BzXUPV1y0}{}eK1r{ zvnNv=!D^#5>l}K7^psSiQI6+S-V|&mxhe`Kh(yU3NMSz+vZDWrUEdhhxDfB zy+-QHBWC5hOpbVH>@#LIhj`j&qUaqCu=bCvD=39+{{>-Dd`sFhe+U>UedsG~4ew`* zT9Su8Gg&QGsXUEsSALs>?(zDi7zSLpapiMW$FVrjV#=oEk}Y#lTDWEB%*tAm0Ix~z zE3v{Gbr#yx{2T@s=kl$)T02rss7T&s?ZW-fyi=!$5_w=fKK8rD!9@eVRR|5|>di@0 zMYLjLQ+nDRt&E#0k!BqyxVfvEr$s>ztaX#v|DuUVc-vYds#z)d^nx&&dQZ~NL*AzIWrr`C>Bl%r}?Z{tVAPkK%5PvcvnQP3|>@SI9z~jVSCj;cD7tE68w? z7MNauVDdDZynajjC=RA!b>2V%p~b|<%JP};w>LO>`t2?1qz3DY%VwZHdhy)bjjdq) z@Ea3-CZzBoeRoD;YR0`iaxPg$OeTIyb@AoeDOJf$mOTY=S>3X)R43ALkdPJR9cmOsBcVSqHXD;8#{J( zLc^8-nf|EZrH0-pG=g)BKvBk>`b+ctc;kO#Gof86wcc+uQ2Nzoqng4Aeab2}c(}MJ zG?&&MaSbH_d>z@~ifMsgZ4OnxI~5BQgV2dc$NhA-yU>2OjX;T$%d|21d#)i>93 z{JcCTM^j9|DI=n1cS_)7;?s!8{^c7Y(Bkmo;II{SbMfQ^#?mB`0kM_t)j=D6L;v&8 z&>64k95v0qA>Vt^O!PBsdyjTZ^}a=rM@?+We+vZ-*lT#aI8CwDDupiXoY%J|JwNgQM~ z(8RX)v8h&OB#xtL%<>UIzlu06llN`4-Y2K*_!mcixCnK>TeIVJJ%wx&eWF#>(3FW1 z;6EqnbuPGnVahv^L}WTMS()tKQRxM$kMec>gFB+{A_$~VldvdGAz@f)b`*w~+axZj z&Dp9MDu2qHzr8908{jbBVR^a3cN$V&H{SNAU>s7;B^g`YTPr&XqLv`*>(X0FVfb(C ztqJlb?=P0(q<&=eV7Ok5Um{Q0*tm`nY05JxFe9Ez7KCjiv7WP$_CWZf@J)8 zlyj!tNus$7DvEmZ+Eo$y0{al?D0}}fu_)h&Vbccv%Jmyzd$H<66SznkTc!XqTorzi zf}ol?Sm)er_cr6vtTM_Pd92V$0kU|=mCbH0xs@Ggr1Z%*~>${~%l*(zD zRKX`1JH}|{e2qs`mqJWjT9j#(=BSk!w|uVU=o~TB?DH2MuLipmV2gr26~Aq^SH{^@ zg*>EAU#+C^bGqSL!36f4#%5hQBH2NAoxkdBER5S1&ds0&dtRJ)hGllNx$E23S$;0x z0S@jYu*>9Iek(nn)&t{T@Yu9OJrNB@`fLuZeQuhSCl#x`f12@w!A3N+9%8?l*CwqB zZgdjogQZioBOx+$xza?1+tjshFZYf_M^DpcA>hZ$3Mwr``Lf?pTH;Q`bT~Sgc6j{3 zwBWYWO!Mll=&&5nvLVnxK|xKmG6^wxrbgrHTv^9AYg90O*P{PxTmHwShM^KbLtW|k zDb1ro!{faFdC_HTZVI~OB18lg+r@l(ezuL1%Y;t57Xi5}f=kBo`qBKPVW9)GK>(b3g}jhQbu|0>KnyK<*-Xlt>{P)kps z!r>4*!jy;gK_5vyDbo)2ZxcE?)5jUtjXT=nASq1#LYEl?V3jm9hf+ zQ8EE-X;&m=wvfyHxs^(betgxRWv9E`N>q;}tH;VXo&s_*0Bs6A<3XVYw_Bdn%9cZ2 z*i17S{0#IkW64;J|Dd9GHB67ljAL|goxL&=RUfOMkaTX`U}K0#6{0*#P&@D-f0QH? z2wxQ2y-?IhkuJJY{mH4z(YqdRqyXJF7GS=b8kKZG(xLF8wBxBCcSo){W?hnK>~n_f zz2&03wF|YpMEg-QUn-#AcD=}hH;_IczVKaThXXg%;QrO3bz7g?C}+dub=j|@3aYjL zKtp0=Ol}M}Ai2VaTf{DpyEi>h(%lAQ`{Xp<8&AKi&k?9~xgLc8dQG1^pieu!*`FwY zeR&c$>xDozxWno^YJAm}{ey()oU0nCBx{QHU;bnp4ryQD1G zAUHlJXKV`#P3c4HYPemuyFD1UOG0NnpXhvmQ!8Y~L>ht=p*t>{zIGPPKFx<16-V8Mp2LQ6yH_NRs_|SG|t5e ziqP%CT)@O>L@XJ6pFDEr&p~BiZ9PsJ8PCY`4P)yM`eB4#HKUNe_<<6rvHvo-t={h3 zVvNQC)xW*wCCQ5`Jl~TR4|p{0(`}P3NL=juMvxz1X2#Y7_|s3ZEh#iD?ZOb;Tj<_V zP${rX=wM#vs`h&PJ1=HO;fR4Jrc!qt<$dlmUmj5Fb$iZL0%*JQSXb z4m7F-dawy=%C+Mk>5J*_w!}Yi{Cj0k*Ou6L=3SEsAM2%~b5~9~^(GffvwefuWzeq@ zRJ>M%$K*b}a5;ThLI?opMP;UWyTXeF7Uw<&1{(;Hj0s0grVrc{%*=kz@rUh@@F93yo-v@nb&OC2gPy2(2sN~hI^hwmRIJCY`WA?m93aN`K4-A&cn+b`8A3v4c{7n&th z4cP7^IN8!sO#5iGu=w#weekA8P2ynuz#GCwmUHu<#FvzqB+Zr(=t8tbB9CKqp`j9u zL$uHMwfxbENCCFB@7;{BGOp-y8O{YsC}p{@j?Z+*pProAZEV@H(SEMzqXts&vf&5B zSpb$x4f4%_E<{FD0QVhS7*h&how>Wu2TO}0CYYSeCa0*(=GkVog{Qtg|L1&a&{UcK$?RE&j1f zh>y=-3jSe=B(8qvSqItOIuXtYpi7pr=Te|{AaIhit9A;-_caI#UJPYk&P##%U&fAN|b0m$?Fws?~?3z&5 z@yCXcczR4$E9N%>9AOqGO!+Z`LC?|SLP+MHSFj|1gT-5}{5xXbMcB~~BQ_T33pltlW$09jIvt^0Gr&VKShl~#w?ak)9(1T zafKwtzaO|su&bh$l9I$O67lM@#dpXKCA?S=Am;ICy?z=Klv%QLjp)Ix-jCH!qUzlV^}pzIOW8Htqn=a0=Snuk zRdrx^Q$h3g^dwhRdGWd~=TE6fhRW$l{*iIMdqY%}(fz?~y{7|-{1~Im9f|Cez%&VPn!-57n5S<1{b>Szh;&pPK+DU8 z7*Exg=waV=N}vHOb)b-!RjcpJZBOwg%g0~4;!veWGjkKJhX6_=wlJ^+*=om$N)3fg zTX=g`(brF9=#zIYu>`JLoYut;e5}q04zeS*_}T(}yE3y`tA`O;7fCJmv)Heg zTfts)H%}r)H6bnDu688JUt733rFl4+PNFfEgaOJDJ2Xc>Ez)ch?b>>Ka(+4IXUdVw zSAmwVFGl@$A5vX5pW{sqh7o?q1!t3e2wY>r$1`mDL?fYaL#5zUraZQ*ZN$v%ys(t%VV4~kFTRP+0PF~*6+L1mv_x9`#nxEULTwvQB^icI^R-f zR5olk<*G&WO+or<3~m-r^MaI#p$p>KIqLZCkJs1lV*j<&^QLnurkP`m+c@T%KTAfb z1yt?krB-!LLiqyIX~6uCjz(T{Ga(y zQ!akl>;h!B_&K%vR_ID5NokATUvIyo3g`7e#5KbAgo8L@eH&MJYK*}pFATY}h-Y0+ zs}H>C2AyyH>*mfVG+t2=BIy6%iEQdfzzjzC zU0oFa4{MDMz4sB*yii1BcU`F@EFUmqfDx*ewS2HOEiQwxN@m<}--$7_jMDZh+2nEe z{H-dfR_#Ac^~PLbJ*)ibJ0Zgq`eh0vx;@)d>^-l31|8fxdmGgxSGQN)Mf?HbTo|0{ zn2u=b0}8p@cAexDWm(q#t>uK6G8C@|=n9k}bGR;jthUqw7Vs+S!)$;q($Ix4#V8{_FkFsiK3 zZNx2^fIsMP*QeOa2|i1%d9TC2*rRj>E)uxXw|$wBj2glnc3@8qbN?S*a4lCJ2HAG^ z=BWQ(SBczG?Hs7(#}tk}S581}+rQh-hFEx3QRbQo`q6~2I*z;cuN!-G z8%<(2f1iGTm24s5sw@MZ?GM?JQCeB7om%a&0|5G3wVA2ke^#j|!jj)QtxiWauv}oH zT6U1Y(UYZz)SiXx05>@gr~TM3lH}Whi${J+RT$_|vZd_-pDy2ugPWF}Za)aoVV+%~ zMC7z@Zhy>g#Eue-#ZJ0sXqQYv3j5?1Z?Fn+QXh4GBU;8uqY7_jT>tvxR^aSdLJZP` zL$5+&KTGCFOY1K^AES}M+%}Ya(cx}`lW;o&6-YV64nP_1%+m02EiApcb(t48x2K1*w!EpD*oto4tc$Thhu{20xOmEeoJbdX!)`vW2H%=F0gb1>6MfV2(uEgIAzn@-ekugLLNA$@;2ikl-x2&Gc_3?p8l57+PUJvckP~ z&ztdd`x=%I;3Ip);j}HlzW;D=$lxTL(fED53fBXL0cyRlHD*83NlX5oc+|tP(>or$ z2nV;?TN<5?jjQZ6W~27uH!dzh@uXa8rkb$5(&kpqpt%tI!im;I{#C&Z>!dZ_L7GdFWNs)%ubUD0%U zWr?2BP~s~RO%%~b@mvY~RcIpUje%ik@fVv7C*cNzg$8!89zxf1C?!_<*cGBjU}#rQ zsg`nhqA;r!9xo64D6hCc`WDI3iKBKq3K1;B>2&2X#ipn~aa!u&E^9_ihfP4JM_$|Y zY1aLF?TW!z+m;rT!t3_DLPoPvLjb4F+jnott-YAPb9sC02(}w304pW8-oIVh+TP|) zLTP6O?e4s1hmnT|D33&%BeHA$<@L?GkRzmGla1zu0oPS@13F6FUmj0a$S*xUb)0I+ zDMumH*izkx~1`ewrqvBb#tC0dE#Ku)R<*}<>?#4A*Mck~~jSfwd?(Q00T>opm06$PW)O+ePZer4K zhjECdjJL!)1EXZrhm^zn3(a*sP9B5a}lws$zyLBrJON9`l{5@1|uTZ7B z`84?JlPC${t}DuNsk7FUYwCs#sPCB0RNXiA#Y!Q5`}N0 zq9`m|p>tk?eP6>>vGi6(IV_|jTX4LuZ#I$JVH3^;vE?DXKsl1%`O`TCN^hAIYqCKo zdr$lC%-EM&RivE&tZa`$(>2N{YYnXgH+clFu^H3grk(qvRnwVxe00Qg>aZUoAo}xvJplb9lRnqTih%}4MZOuQ>fBv)_D?_#GG!_&aFq#mkosrxtJ{&LPr+0}U<)n(&n+ zEe$1FKOqrVxnw@8&TY)W!sHQekdV+J-xzVpI#z%9>QBmJ{7A5iIbtOK$#}uSmRk^; zPf903w$6)y0r{<{s`{IRz`AZG?tvBFydgTv$uaKDr?|qR68EUs{INy^Ux+9onJ_sv z78a>b!tB98`&3r6Y$nRhhX6(3W0;AE!MrJq<4tR4>XC(%Y zDXFgEKiQO2D?5k}zIs`dlpVsRe^BuJdZf)9FcS;Yb0!v*o{jLc@AeIvaV8FuRjLju z(q=dAKTG5NnjhVjV_<`sNWmzvfAj-xM`kU99Snwr*^i)rKs!ekI6G=<7Ij@)%=(l` zMAug*ahRCd9PI27vu3DnbI%_(eO|mwm^HI;jC zygFkO-C^r!5OQ+zOws!2=;%;82dL+u@dzm$BK(bhgY)po+GZhm$rsA8ruxbWMWvT7 zUNCC5$g8T-P*d;o>L#RneZG!GfYC0#^J{8y^9fJ)g7sndtJefulkgi}4ICAtJeYfQ zzP7WIDoSjO%c=1yX*oq+=Eld5M@$b4d_#rZmC@Oc2KkV08Lfz?JXIq>8*Do5jSlIC zm!ZvPuDL(Hd%5}S=l&V<3j}|uKOZkQ`&G{PT@c^A5nX6JKG=iZp5xLgwY7apogQra z)GAA|sm##qa(S?K2Dh?1$IKi*U{A{bahOhV$G})aU)8z4 zIuJ&T|8o(B__opR)J@oF<_}9IIs|EJH~{f&BCGR{xL5=aE|j92Gg<>3V>#-srGvn_c2B2lg(byW?lKW(2>N>Z2zlFnv z7MSeW2K7nOneG!1B+kA=jSC|4(fJKs<>av4BOs8ZGqDY#1+S^syowvIrXJC5(WCIu zYH`cXYB!o4(qlC>F`=TOYOvd136s<4E+{b{PyOhp!(opy;1ZklQTm(WpW_%iPUO>5 z*)U?>^bv(;f-AQv#tPK6Cb!p)ZGV@Mpk{|l zcm<{=x+H=TkcvnY@_x@qz=nxl|2E=qSp;x0uRU6S0X=#K` zPf@u;dxRGnHE!5~fe4JSs8x)oAV!p4WVgsxnc7(xIQBZ)r1px zbEwed{k=Uf^)xk;&>(ATYc~Qqr(@U#INq-k)GV*&)s-~Ob##Vu@BWhHgOd!dI(WR} z^w&`T3JnWH^VE`_t96`?>_k#hjAlWOij5^+KXRbBq4oIVgGR7_=nOmfFzy9kP*6Ze zODiRHm&$8vQDr33hJ&xTT7D zaMwu|CjZbU8P%K26CWBVdjJcw@@|z-GJgzW#KdN<(GihM)7@Q2XnmK> zu)p{6W{DQhPib6uS_n4_Qj_(*rPXyy4P4vo-L>AD|(3sg- zVbQR1@X++GCGvS@C-`RbNqY@9&0{^or05k6Yh-4EB3$vJ;$6m}owYObKlwzZ! zu`n^AxtJ+k?u&oN<_Mr=6VZC&A3kUebD}OepuIZTm+M)6bS2zkewX@1!fmtFp6z-W z6OJ~f!MNW6UTD41(LzaCIT&wu?BBnorT(&Y=&hFeWBAq5Ukfx#Wlf>+J{RWXAw2dD z(U75@!9i$@1GEvWP?Cgmeb)dt^Z_RFDoLJ{mQQC6Y9|MNgcAtO>;3HPlGZRWF`3s|O+G>FMrYhhaEYDb6bmKZemE9; z;+6AMvxI{!zF_-a^Gc@Gn8JU^+W)B}+4qWaqS4 zldLZms>m+mkMHg6muR85z#cliU03;CdUWs{E>zowG+nE!+57wYoC~e$7e0);X*W6T z9xivSg^j)0)s@4d+hw3h8W+ z>ErZTyf=T`@GdwtFFpU#JEGI*;YPwvZ-FkD1Y+UG!fq!$SnPN-hiQH6@$F%Jz7{%N zyqr~Rs>jj8xqoihV&=>AUM6K~xTC153OUvN`lvaupsQr@o*7wETwF;p$8x^q{5*~+ zuq+>=*oO?JK|E!NV~C<6Pt{7cq8NS4N`Gv*@tE>Z`&T9R!6 z3gAs0S<`|HVZC~L_!s9V7dn-*PW_?Djo2}}O~sCBu+Kt%4fU>^TwLdzqqVKOb*E9h z+UBn1+zSW4SX-7qzO$f43JP}ZOoe9scD>$aQaxas+P5Ca#O{yd;hE7;|HI22GP738 z0uzt^)zp-`T?d+c(|NCgVT>Z)jY_t4qrz$)1L}OqsNsw{}-8%=CWis5(1y`~BdguWOyPAMTN>^4 z>^@p-eDLI%o3B0YlKt}|t+dv7+~s|g^TkX67|4YtYZNj?Ik}ZJ9#LUor@M;}iUn<# zX)7$mOI()UxY#K@Qg1|iq{+zAU!HGYfM$%4Sm!`hwn<-D&cehs>@g$f6W+ihq}hD= zLEYBY_Q%@(>-Fx##p~gKs9ex!H#YQCioYElZhE1eomd@Dmmar^NTNfY-p$a_Ne0i1>trA|jm=)6?TdRho_00Jr}> zVaCVD_ZjJUy>52+&f##$k>!NGh0!01f>O^&MKxJ+_m+rfZf1hLZ}Qfa$j0{k};KqKLC| z$lM+WXdZ~6Ix}DbR#&lG`Yxj3U_cN<9Bl3F&wsl=bWC>E*VU|u*{nYg@E}{o>Y8g}>XSINgvArSBgx?Zm{rz7~3Z(=N5HfXt3=T-S zUhes#oh5Tqvz%VS+#BCMR+eTok+ZQO9j|{E#Palb+%>AGV10*5{r>8;fT;nG)!-gB zJ3&bQrr&b&_IE+#r_nXAWH}pWUBV~VsjZt-><`TRtGHf|vXuLyl3XUUNUNx9ySf9& zhz7A-YC%G&7w}v%d;9h}%`^@f`Qp*>U=4QAYP+N<>oEJ z_U7hr0yn(ubC0}p*rBNkuAvWFl$yUFdKD!({ea$-JHLm<-uCXe*yc?+biVf1*d*_M zD1p#n-$A3`@C_ELnwD}#lnzCd_*q4y8~3O7Q=Q@P*emO*L?oE!yC?QlWh1Lr4|jA3 zD(Y3&&rsgapB(&1m z?}f`$tL}Tf?sn)txc7KpHEWBbs`{r`tNH<9@q~JJ6-wkJM*8d5uc-H-+BI&I{$aZf zJadAoj%{#J&)~xWWTm4EdX1T@)#Rk#6`T*47b2NE|6(k^bE*s`Cgva$jS+_od=S<9 zDVN;2t~=)}N~&a0R58Sm^HXB}F4w~bX$n8yng_)Nu0r$v9wO3D*))BUamo|y4m+9C z?Z2MejIFszJ@;&vQ&OU$qw`0Tkh~{lWDKQ#Mn*|V`9(!x)1D%#$DErC6BoCY$bsVO zG^(d(C-?R6FK;1w1_nlLK7S^A0&cgY;Th$^5hHRU8eS$Q&xei=eG-Ax@S$fz^sV9& z@)%@Ub7I;0y2B}NZrm-`x6J&ImF2=^onQ~So?2&TXJ1FlzcJQsLSv$mDVUg+%kNr6 z)8+X17gS2r6H{Q~$DVAnOD4SDQtvSj8p2DF(mqcyhV;|sdN0*z3ibU8C~KePD;Zk{uk-=*o= zdTLiUbx&X4h*6bRv#XkhMomNYU5BNHqOvk*w3MWzRxBq;pumUm7Ut0e1qB)EyIaiu z*4EEZ8Mb^ff<i0tOHYz^{$u zuOD7}2M60ZJL5yXXlut!&fHub@-{Vt#YVvv1l3t@{RE)z<)uA3L_#7EF};Uojc8@(QbGE~|yp<&J#BPCUfW$gl_; z3ahFH78a1n^z@9jFORAKFGIxM(@<4)akg35*C*lqN{!4%x%eB- z{Y~#lL`e#)lQsmwycTV%m;gm+wUHh}N&&oGSzpQ@z$N&n!;}Wf89KFlQ zNkrWB4U4X5P*8xck5853yp z;vYPmo_QS@*qlnu_cw~!dW;=23YJbbJ%3Mf%7ISy89n{zz6`Rx>?PnRASa@fnO24d zE$b^NP_x}K-Nhroi%;USe-B#StUkM@=Dbdw?VSJHCZ(ljSzG(_v_jKF4b&DFhMk#H z%s%%CXGwS_E#e=hr4rL)TnB=du#ATXx224vqy^`5TztIvJeDdVu{u7FcikEQ&sOPV zl2`&nyIpGO6k&q=4~7;deqDaXaI7dJW6|$ubs8IAxxKrCZ)`&7rZxviD$b%!AsLFrfOLrEOC zse?T|?CiuNXAw_AB3;dEP_a4yfushDK&uTU;T>oVcTg^*gRBflA-qD++zqv9I}Q~j zS;fJ|Uaan4cHBzR?^iKjs)FTO7CsUzOXU<5NjXkDhatP&+YA?LIK~#MGEh=(u-nv? zmq!Fw+1X1E0!&9vkx6mn=YCx10{8I#=5~`97nd4zj<%pUAi~rWTDLYds4GV2vkJzu6roxfli15R~5PY7&J^%muz$S}UP+js%fqUrwiVmS|)@y7;hHFq0 zox=Sn_53HC4&49iqb-$L^=*xUyv_=jQiHOD#NPgNZ-Je()_NM55HIt=#4a1PbPCM= z{+F+0QqrPFlf_K&yq$eAs##SbzY7-7zrJ&DI(%OQX!B8O;7D}g_*Vm5#+iQfaB3^P zTGPnF02bNC>Sk12YM2gQ;^6BB2Yj;VlY`loM}*r7vZU;6--ZSr5`+f@8XB69A7|Kh zOcphJJTX1nf1-^|C~|Reb>^}lLz$7ud}^a(;!aKJJ~9onJP@78rl*k}w+@yz7Tyfs zQ4He)P|0QSpywkeE}joK_g`-@;uL{Bf`*)}sp%2~&&5`tDrSw-0Hi~YQ>cF*rt%b- z%*#eJC|1B~uE(}e*(g6zUj}ro8TwzK2{_3vxFl)RN7?+;GGG&cztB?0r zB<%R#|Bj5r3+Os1+1vML=ME=TR@5j>j}RFMK40cZ96U1oQKP$Up_Q7k_G43E&+%xX z6G=wGC8V}nz+>%zRb5lavF%g;poa!1MJHExcX!qMoCMc|dD*%9xgx8GUW5HSYLu67)Yu7DRtC7VZK~$I+}5NYR$qpB-0;T+Sk)#R$o<8 zV)4+C-`?K7J(L3KkHz|4OiYYLCjSS$zDYVSLs}?cm&-+yZ?CtFl)2Xdb@%(1zP>uOpo=SimSftfV{veZ=zuR^Q<8=-~CFZHHonGn; z!u45xoy>0B-lt?Ln=BxiEzjRow~Y82dR>B;9v&|D;ll^l`zP*W7uedSPk;gg{Qv;e zC(A9HU-d4MoRLmN#@!9O1*JbaeP137-%m&&NLgB!mtQ_PK7}0z2D|#&tN-{hHl91| zR6D0`AZ>2mADfjmO@!yr$G#j8mE*qHVl%0pY8}OlOvlLhRWWC|#TM5R+@84xQC!Av z9nAFX2eAY~jV&!p?!mQ%i3m}>4=zb0MX=$&6hdZ)i3tfOA{-nXv;_p8|B^{dOM|xo zu|XHF#&sCx8x*UqisF2-g6^jSiu~yX@v;f#<>e)^eKKJ4=ju~Mi)ndMmfy<>ROuOr zpoC=UO(Gh#hs?F_f^}xLnY6KDcCD>Xof<=uq3>IZn|@(pf~!2gif7hOV6t2c4jw>w zOKe@g5XYpQpJ%eMwRMUUVnp3g!d1VR&pTBQ0%L?#mZ1g++`3p19!_ zy30lO3C|J5O*y_gn#4>cjp}7(9kai@yfITy7{7U~kkaZDf3X*zmuJ+dEGsVlc<})` z;sjSp=nw7f?ZrkzE33xGz{cEPT_q;GcN*(BC1+QcI#}0%9{l)0GJIkFIH#gKWvHyX z4i^P$!a+hhKgVSx_o-m5{3Epmmi|=9{BNd$;^NNXI>q}77A`iF2J7*$F>;PeX_vcP zz#HiJs% zN<$e0c23TrluA-2YTM%_cuI`jn{pwySvl8$fB_IS~@y~c>=2rrJAEpV z&R7PgWZiC;V)f=B&qVE$ki^IP>+zeZ%Ga;m?}-Bf0|n|FbM=G3q@6#y&<+vwKQrUJ z2Up_E9S@#23KdC3N%i%{koNPyzQ8LO_8F2dgxm9IqMnVKm@oKY`}@A(6v_DX^kDzs z@nm6cMMY#qg*<@g$Kzu!UgRN?Y0Q&Jy+2>L{lw3|NX)-cR77uMV{_!QJUKqDqVUdzg4JFr}*xU3q zIv&R{YH&L)Wt^S8akJFbvB0rft4c0Lf&3QDj88!2Bev=rT_tRMiH;s29`*iU)|K?* z#|^-Wsb!Nx0s=M}68QTa*S8oxf97IkWj$V~=ha!8sN9A>&2EQ4EHb}cAMwid>j4Gu z#$`hUX`A2a#%TJe*_cG2t3%)_nFD~Qdp*`!yA?QFwsGTe!!7}j$Q0PFQ(NyTW)7bx zEaUL{v9z=H8h>n@4MQ(weH_f9t7NMOX5+0QXUFzq+Wdu1M}ou4wN5(!)uAS}|AAh- zJ*t+&wU)~as&yC2s%15?${NZMQBf$(_*M4%q1Nlv92}gN$IHjcMr9Qh7%dZ{I;scj z)D8}uH$}jli7%vZL8joyXoq{7nW`5bhUANg@FkK5A+e z8D)pAiw~8Cw`a;1r>6koStW&Wg^1p}sDgi}4axB8VAgZ3!x+>{!)(BQ{5#;Myv+7rtLc=8GRW-dsLw|Gg6-{Oa(-xYV z)GD{PH}!Hn`)HWxwws?Jv>kt-6^Ibjfm@Nq#ZJ8uYk^1kr1Fy)?$iIxV<(dNTZ7x> z*k++73oD$a|FF*Y%2}Xj3)=1MtU|j(iIKinawp@PgMkE2v^UJ63n^rpBQgRhp$ zd6@(SxtJ^)pBT9uhe5NIL2dl8325EiRY|o`@0oa1?)vzfH*bI-f!shKz-zeF4v6PM zowa#grVu#sY+%~YpPAmx0phKpC@&j`1fgX%lL=gw%hhJik37!nTgA!v)`0!sA03Z}uNlDC923lGNYhq(PBhn8aMoqpNhWBn%n<@iA*3pAz zgy9C~6=$OR{m^3RyyX(IZsjZyv9g-DH7L??rQcl7C}D|2KS%_v9q@}w(&vXe%+_-l z{>e4jPTt-^jE(P5yE;0)G zo<;%9_7eGSD5Wv2EN^GOnAGPL3ckxtkF{G2)9kE5&h6d~{{9ZWY@z@iH8rlKcC}0L z@c{QTYMD!t?U6%{saUv<8Y7R{c6lbt%a(XGU-YT&i#8QRt_l+LTs;~Zm* z61Dx{C{b+@{`}cvHV{B1`{Gyu&r=(q9OK|@)mr!-ENzlt6S0|h(fi2VB+Kz?B(`*k z=JzsbYHB(?a#^aUCOlw}ZL|(DaolF7r~j=LLuy=Yb??vY+2KCNA@>1Al)tI#@?iG7 zZxhLDdw64OgHgTd0YT$4B5;I49j@1G>f;zw8l6_9Y;Di;Mu`Cyx*6N~)7{xgl}`3~ zx>VEU2?ovabWE|`Vx*^|d)wl1tJPtSn#kt3)Q&1>kp`dlK=8Z&Rusc3$0 zy1Kfj8U}^j;e{Ia?JIK+hB)Gz?U9l6nnD!@F~r?HqwBrN{w1A_LY08`?;o@Ev(O=+ z<}us{f%HaTU}UeJF@C&qka}27VP;NFLd+#Tlo{9{)a4P)uGi!dUl7w@V|EpPtHyyc ze-Q7rw0KE|<#hTcuAkrfAul|f6tdG1kckuP4H%vpvnML#i<+7-^p4}ER|~$taN(|Z&d;};G2`@yrpve9?__6X5fBot zihn|Ujr2M`F&=nBe+^wP4|?}M(9vnAh&6SUeTOZe5IzD(kr74X0hm2-mF}yxyIm#5n#=((EVb$F#sz1ypvcmy#o0e9&;j-5;!(!{xcacuV z%rViiv9bA@JNMop)He-(P1%{5onUKJmYj#s?zJ@xA^6A8?2JjH|J^u`isx4WJBMdV zis!ViNKQs6ERUGpcGX~EpOBT2F*Y%2HzXuX#7N<1W1o2XJ2h+OAU|emY`iOu*-gSz z_tcXPzv_6rxs6+Ot@RUiT^4U^NaIiV$%Ct8YDXuNYE{;`20nNDsPV>0wC7t+G)NH6 zkn73GXvw1MxPV)5Xh1TDYf5!Bl}GSIVQzbFaBvvOcws@|{6~-eQ80`^U3I-)a%YV% zDgpLoZ?iiu9~&FpP1hj&)4R3ev*uzcykl>)1P(*k{zi1xbT5FYn>O|9-64;Erw9oN zsihJcTn6u|-jXQDFMn%t6Hx{anVQEi%pFo#65BhTIwlH=eFUNj4m`Knk(%Pf^;CgE z*frDe!T|e8dpy7ERq97;^>2`cS>ug@nEn&PeUMq8eoqx)J`?5rKF`LuzT!_EuQaoa^m8uMEG;j>Ov)_`X$fyEuImAJaFeU`a_c} zJY;Qb0;Bqkd`6Nr$hx{j-QMBjqsj~^9p1r zDk}ue9o^s>Pz9kswKKv>atMg*1>fI!RYb03eHc$nOyp%V=xDxYEI9%;Fd!`J)KcOy z;+xvd%bovE^Fzk4K5mKcByDI2_0JuSJ27 zoJ15z!hlvirk#&MpZHvyu01*qt4&q>d>2z%SLRhjCr3wXYDs7r7$%2Y;pYNVw~;}X z29ZonZ7m@dltu_5HWtp6kUKBu%B-zd3h|NYbWw*Ppp-zEASSt1R1r(`RPqFLdCR;? zcWg`mn9#jZ)Nhbp0}Yy($L#?O`ih;gJSOU zmg{Y6l{P_UhZ5rh`I-k{UF+Slp?F6lU5!PBh2Cg=L%n}ZXR2L~JH*F9D(9MnZ)4K) z$cjJ@ijR13)^^=fr3 zn-0unYMG?2{~_#&T#(P7y)sz&Sy)~}%VG+r3RtS9EoUAC4u#az@cneAybn={1iF53 zywA;|r5(@A(4{RbU`C!lYVFti`O+Wy7lGSta63nB zale=O8lRFB*=OpEg`b@#HQdwFVLCF!!Q;95LwRa@Zcbh6QAueM5PiwG(zU`e)sTj} zt{eAnEkEpm!>prIE9iFPbT_~)qJMY3&2(y^+bs=1CoVqr8OzNUki=G}i%%^|4pf`0vc_=dny0Yn$A!$g(nv zvkT_Lq@)gV=jBxlZ_F(ogJ~!!X($*%v^T!}vy0drinf8bk}BYCps(+R2B0qf`q6tD zni&%jWnJB`Us(j2O>YDyzxlnov#F>6-$AGK{w1VLul;M82p-Sj{ zm`SR@mO;+vzg%b#kWc{l>$J5;8HYhV0f>$Pt0ex+SSxQv&6`63hJZRf9<+il|6NBZ0 zi-omPDovG}6&Mgu{XpkvZ7nY^PZ`y#l|sw~vG{>EH8W$kKXquil-&B_Y1wZ74c42^ z0lT#L-8MjGlX*#YfTK&MXKr3^+Iiezkl2%qd zZC>y9_JWm({?TY3v2P7dLvwRy5A_N%j21wD0`>N83F$M)QLwYKriFjt-*8>IPfcaz zVpCF3K&i*)(P@&E8dz^TH$1rlOp)IeW>Zv~o0$pk{aL%-xEOk+?G&S?JLn+9Q_;-NN z0zeZaFDK{9qT}&UgR4}l+N~`2?sUcDMOrMtcAG}%;EGzjP;#C$zG ze0*y%H=2gq5g?~%Ub-r{b&cW;VEsHz99Y2DBp>mBNexa2Dl}#ae=3hYImD>_#=3f7 zuKpYcEN;+DAIJ3RwudwnwY13S>G=$6j*s~7y?~syNosS8)2_s$}no`nJ zR@vPa0Ac(sG2dK`yP-y3cvMujd_KswI9nzG2wfjyvsiD+6g0WB!M?VyR8_?uf{Zd% zJb!a=8+2_R5_=>U`MN>L8+HHzz#00YNm$nijZ zlS*d(1?6b2*>Q5u{+~uT24+(Gv8b?Ecj$dkScJzuGpSFF<+%p4 zr-jkXA@IZ*HESwbT2}XBK1oUiMTu>_w!f)VXB3A1NwvpLBbu-XfZqe zDzi7iL=Gh%OF->Y|m0Nin#RBf+jc7q6^r6dZFqJhnp%xB+aT_>ra zfVs4@zWxY=r%{WNWnQ)xD_B)d>=sBHgXZDuw=`Gj+70kR&hQ^4RmF}{gj}(=_2~{Z z0H>eCy*a5BE75vQPsd6qrr7hzpH{PhzrCJqb%=;V49wgvn z%=~%Iw32Setv|kt^1`t-7;aDHfXRG44S3-8s;Q__ZP5GrFz#c?Sk26JKTMh4(jvfc z2n9w40|Nt$Q2dLyyY2SSB1q<2zCFKQ>rb@s4C7rzH$greJ<{Ulu3ywdB8iTT&1b19 zel;uLjIq2}ZCClj)fj(aE?2MRhI{k}SM3g@;xWR!Rk1RSWaeiT8q4%%<%p6@lv(xl^2M|~-7H)bG z(<3A0sjx-m$M$6`HoI}?zpZT?Ol2p+Ed~kdd@oncT;QXp_g7V)KbWaUumn`vKf5|4 zJ0_$sQA}4?*B?Pv+Wj1)#x;o!!^4?d6z}1Ig#*&&Yvc9x&Oj52p5VGE0=7}}V_69! zoE-(shYT>H%RvofXho&1dX1ss_IJG4gu5-t`I1jCX)-P-Fb5mz>z5Ggd&7S4_JE%D z>(;iR9ByRt2J;orWVM=I*2bZJb41(^!x7M@nHl6Rjp&%@Dp)hAwX5~Vq>(a>(9kRJ zoSo$^)uO6#U(CtL`Pc5_|A2c*qx0)8r^WO^ML0XT_&Pnp!BN{K)|Q>?d3F__R+2yM`SW&gL_ALXG4Ns5X&bhP7!!|}^DqglP< zr&qv@SEW}*coh~H3QQ4PESw*B2FE*9z$;nG0BGtiIMGK()!I7XKL{&-vVqs}@Nj;a zosm(1m)8(rO+YJRl$7xN9&Jy`{9-+TR8At`hTP;-AC|BM;O@tFGS1HR4LM6ShrIp$ z{rmfbkqYu4mk2@yH|oWlTr&o$AT9~2Iv-!Efc^^Z@C5Ln^%IT(HT5wZUR>Zu2|+Ns zn)lP0iK0FQ14O4%3Id%=Ekq>}(}6+v^Gs#88UY}?=+6(m3-QpXxmzFiMtEyd-!tWa zD6m?qfA1IKL4?OgNolw8DN2jqmE31Rw0@xlb7^K~qRZaa#%2;9841Z2Xexk;Qgw8H z5tpbSAOwN?a;RtF{mxf)^#s6-lUdyNKq2kbs|f!0sQS+{`1kL!;3{^=7g14B3Hh`A zzi|wjX2v=tX{4<#lQtmh<>OZqm9_#puIwdI*orr-S!lvb~Jea3Z&~bNvMteUqemJWUy<1 zL`1aO`Z8bPeT!!*r%}(yq$$_J>o7DN^v{U;`UWiV122){c6RXBYjwM2S8(kuRLq;7 z_~`+{_^A;c9q=xLt)Y=_HHg4h+-n0OE}7$=UYsuO-}L9)f!XV72Fje zyqY`ng)$Em0V2%%tj&y`9wWCO>weW9iCk5V8;$7Kz>)lCZ)FsuXB6m|7=-Ak&dX-r zU+yQKusiHV`cnFE-kTE|2>!a}BeHuu^LBMS(SW#_LEPvAgiS1+wb!k<6=|#Wkv5mr zK77bWxIO~rJ}pqF1vu`ws{Y&)pEc!^6XmgN^?~?0lC){;*D7UnQRaB^~4& z`Q5Mr(Duf~^t&$dArQzR5%-1x=_~qW_B>De;_o!hhu~0SzV1Q4nY#xJUl#AW&qZgRaU=7MK$h6 z6hkE%nVL%Ac1>AFjO)q!6Ga_LKtMq16HBjEX0{807h!L0@#<$S=Yw|@9yp7;Rc6a9 zE^~vWK$cxWULF*@TFdi)((t-fTuu&Way1>u@He`!w5GM`N8eZNvVqMZ6Zm#+qe-(Z zYz9(`6`ji#GbhdWr~|27u5(qrhwf6JruQBs3+oc*=E8PUnUQ&IE z;a`McVrBZhhbL$qP_c%g1a939EB~CW9MH>b&d(0~Q4Wt9J|%|#*Ht+_VukS%3k37o z(3A4>H|OW8$;vwRuD$d|P;+$ry0V?IhIw0K2v-L@Q$Li-{Uh2>Vr_A*|JRzew6=}S z`vH1hx5&#Q`2RL*CggXhbeEcoORd_AR;-E>&;9Bvt$JA{OdGKt6@Y0QcD*)x5S4@|X72oLBGRRvpwE_y*% z@xFd(okiA!S-7usY}uFy!VFUJ)~^xCBA&UsnrqAAU~Z~B!aYn;k5Ime(UkXNK3H~+ z?CXS6TkgG)p^%;oH|j2{@TMM;#)lN7|m3{2G&rbRNyuqEdmWkIcs;3o=~t28I`n9VJJH&nL}Z(rqDnhtt2~f_sRqWQ*=dSsB7qOBHeS)! zMr7tFA5vM~6ynAa2?UfAw5s5Ve+eh22tmu}`=XFV$?MGZ*D?d?8hK%^VdyP+QEsu5 zmH$=ai^*`L=gqDL_XBy&xU&^P3RAci?)>H}Puk5YX5r5LsLz|RoW>Qo)gDgrv%3a{ zzZnn>PHa4hm6dO??k7~V*tK|^AnX<}BNi0U5YP42uF_zEyPf^>aSgQwdz-QL+b`>n zV56wHHHx-`f62BadG#Nd2iMYTH&7q<-VuK@$D(rUiOGshF>P`Uw%DD z5&zH>d$(OWS4~FNK&uw5{KOYA-5wlD0XDl%-i3>ZphE^ls5++h_rVPorXG8X0T27q zdMq;9yY?f}LPkWxp^}c)IOqMs-d@3ey8UaW`)~Y@f{Pu(+0;%k2OmF0M59ejmUu>} z5)mwwphO7!Y;MUg&0fA$gM90dDRLW5vQ zAaosUwtkiq$*28TbnqQc{L7b)FWQ%PY6+cf%8OW>MWo|KBKx(r1%)ET3|PucL)v8p znuL)W?1}X6m9K_Rw;rB9qY}BDl+?=!h2nl7npG$>b02cj_F8Jjnqn|#e1C;OiN3l7 zBb0C;qJP}3o0@+Snf3|ci1eoTe`+Fdnp0P;RF4I${@5p-1vbS8y^MC@+QydC)2DoQ zD2$-?8>O5)DCks&ZrO{2;~e&`&~jl&yGiug)}|W+@xSDWS1Lo!2jvnCGI;B|c2z?T ze;0^SfyOzqIe)XPQe|N(Bwx_pp#NN=nQ)vbdn;&q5bcp z=eeSZu78U&e4D4Jt^!+(1X&Ow5^L)nDK(rYwt;4I-fuKDuwsi$cmA_8xO%`vhwO6& zX^edTzkPLuEc=AQJ}-LOA^fxsQnK`4#E1KKk6hq(h)F7KghhPv z6hVlVTs$y9ae7KgdD_8I3GTrJTZu!;pgA}TFF=@l$xtpF-8Cw9cG36QNn!JCc>aPU zPU`#3?QIGlW@KI4`qcA2WP3bTd5nLXqBTo03bqFQrHC3Z;-&uigJkj`gYBo|L=1qq zxPEfopFAA+mTp8?zkq?k^kgL#cGd?y)`%Av0buvZPwHn+xX`k>J5goKM2YOcps|il zqaPXUWS~agK*8=qw*5WR_{(bh%Xge&(eEj#WGEuOG*P0tzG~u1d9fBAFsQ>(&W&ec z_G6l>EFocb(OnyE2kY}QT4`ZbVO64FYj(9k6 M5gFkU$oF6W3&$?o_y7O^ literal 15540 zcmc(`Wmr^S7%vK<($WosfPhGMgAM}HNOwqgcPR`lAl)F{A>BxKcMC{&kK|qdbMAef z^YPsK;ar@pJ}|S{v*%s!`>PeIC@+bLMv8`jfPg9W>7xNMd17CQ2``tuN7_q0iqxs!Ths`?W-9N*p*kumA7RpTG9lriA&S^g zl;~3}+)x;H_6Fkb@Y7IfQ;NjC0wrSGoLGt*U;`x@M} zs@%2I_+j7iF{v=dkb(@~;D)LwDt^V@xcG-c1)*eoTNV?aFg>eybl8D3{!PThSe-*N z46O>Eqs`$p73|ZC7cb!DI8jkPBaGaWGe6>^_Ybq4jjz8ePC8NIQ1QAK&-#G_F6-03 zfB#UjUb66({9NuWRX2;m{+ju2zejrpqFaQ|0S)T>L+j_Y)A52{DhST6Y%t?rvLp^|MK2t_ zd>22tu!;DS^K((0r#w<}*Ot_TMY=FCf

OdhgcRz!iD<8{O<`WTf|IF)_I_y!QRI zho18sUq#d2q^qg-Q8_gV!L86wgYobPEdDqSqzhvp_!3~hL_qo9J*Gz?2pebaSd_v8 z{r!je^D{Fu;nvLG2v#n`-4tz z5x>sdqKOH16e?8IP#hYa@Nk)+=7vo-CsMYbqAjjPz==)e zyz$q|eNncuZVJI;sh*Q}nQ2mP^ zw}qduMWBwKpq8LowZG3#vEtPiM8&aB65g{vH|BhpG=V~e7RX_ifCb&%n|j;fbBg%K zNW;X%M&3|U>P2;adE2+4&9i^RP~sqWA(4V_>dNZ+N~6OJOckZ&TW<681x8pu+kHo% zD6PH^5}NT74QV}JRMk06jB^ER+)lL(W-CjQm~TUjh}CqJ`-)A5K27BAZa^ueyt=T- z?(XN$l*3l=&nPmsWm5$jr3Th+5Rv^@FuKBqlCRQ&)XIALD#P|kc?z<^OW!LHf1VgKHZdMwGb}7F?ydMq1@kN}ehriLB(Ynq(Id`z@kF7+Qqhn$uywXr=Sh*O ztf)1kDlZ+vD`|65Vdmqb3sW>vouPeVBo6X{pPrq?+QWW)`z8W4AODHSMas<1!2kLW zVcY#4=MHAXEt7VeG;siOJEI6CBTI#?6R!P#=Wa!GgId#(OE%hi zh6a7~Cu!ZS{=cpivXb4sZjYJv0itNJsyCZ&@CgVr1f4ke`PsL+kYPXCva){t8n{fZ zZg&1x(g-f5#CUdaXncvEhp!#g7a|g*I#=me`J3P=ypCs^K9a&0a#5O{ts|+`0y?^vt1ZzR!$GdhzUW`t zbw|sUwlmmEkBO|higN~~Yc+YrRp;FkT_d&QkDMylFHbMHZajL}nC=H?ytU+XjgEpw z@X;J}lZUo$ZMD=j6#r~&%jZncWCroh@kOnzq7(g(m(-gS7QQw6r2(%Am{P=v_7jpW z&KU8tG&*ik+Pu zrYI)ng%y{IWC*U^$*-7+hK7cLAylDHIO?A(q7@k#MpsNMu8Fb93z@pgvxERPaEG9_ z*B3n94sS)Gv7dVF4on}{kP%egxlAP-N%Yd)h@GgY#9@&gF9!8$qsW)}XBM;+2dUmY zgxeM|P*NNrqnL8n*4!;&OphC25F3}2ck~YoxVn*OscGTjP!yDRz-`fwL~GIfA`yKd zsO-_(oj*$o+THiU9=t;DvU2_8WuDR!;`PI@J#mNx{UQ~l93~Qunp0$+K||VaOc=QT3PMgeB!)*9OiSVQOqd$B)$};+5$_g@l<1Vni z#tS094uku)4LsZ%NZkianM9ThRdr=N zHT^#~v^3&YwhE|o1r-*VZTZbN6qc&hRZ2CkSaP4VgDR1+c33qIg=ZNB&IiJ_WYWng zO3Rqi(}Qi!R*3JIpueoNv++lrq!N=>SAjju2JbT)_mrS3N$;xoPtWV9l?9<7?0FVFeJ5kW%+jDvz! zE9|y?1;;k^+}$H*X1VugmaHc>OajHlBdn^colM7c4W@@w*2cTN?sH+VdjH~-l$5e1 zR}5mVq^vwM&fkyy6L>A#?QKahw-&j8CwN=WM$iM1zjN*7WtMzbk@j{Lm=sXjO885?YHt=!UYSfdqbN3c= zA9Qv?z7X>`{tW>iS~<(8Od^v`gTZR?%mI&$j%2~p&_G3V*3Ccf$1AHxE>cV?<1dqp z)YMgVbqNwVM~kgd(s{5I^ytJyNffy>w$ag5hq+^)#D}rXgLC)$KR;8!G=i5#M^mNC z&rMBPOuh&*1juW8VxkStQAS4=gNn;?8l@ns9QhTbqy1N_)71Sj1d> zyRM(wee>5`*1zxGnzj#`_=7AyJZvxkLm6emAvm8LocE ze#KV${CU>c{Lc;XlP!^QzU)0%c3TJPupce{-fC*sJ7at9M{oxtdO7m7s;7uGq(Ir@ z;@2yq&5-DU+;TJy=)#9iRKuYkG3OS!&5Vy!;XV*IdcI19%vBUBNlD~b5mPt^_-H35 zl>!3;pB5MA*>eKKj&Fz4rg9{)7#Y!nsRAe{UMjzho1Cm_Y7%%FQh#98x2X#Iv+WI+ zUu+*79E75fknZxbaB*;;c%4?ZWhetoqO5FWZa&^nca|9mK*-DItG;I&TRWGR08GCM z7PH-6EckvY>gzE@OUsXmiIN4*ZP(1k!Sx=+#Kfeeq=;F&%KW~Yq3$~J*0V`XEuoyH z>#Y8=9q_cz`|s41^mNzqMOz7p2==JyX}jN`&|}2M$D^U?VnabQ22jfXiHDv2Gv?J( z<_GH7{t+K@(%6`oCNf9Hcek4E@TnaK)@MiorDbL1dTn3l1h6OtM!l?KRn56VuiMdJ zpHQeU9){GBWu&Dgzh5#jGdnpzcudYe%DvpQFrH4X-U%G{$2zpy^0@BQCoTZq$i;iLq~UchH`<%6)$b`$DR!X z@4g+aoXvo^x40-eI{E`jXjs^5n5C7~bFWr{c-4rdEXB93bpeOg$W$=-bdiH*6EAD) zwAxzQ2#JH$oaTrK7s0-TYBL4c_#GByZS9jE+Cf(^R#=#BPfzzp{J(q7w|6&`q!ple zsOaf~v74NDxfmJm&T{TNo4T_;bx#$PQGD&ZX>xyBr-2q0>_54s2?ctU;n?ok29ThZWY?B7I%cYgW0;#>GxT^~X zBdmIdW%ppOxTJ)ei|ad?=)duGBmY29t8j0T;Hj^6c77x1_eUS7qmA>-->u+3#>8gJ zgoG+G;BzFyutPuMW+`>|e0*cEfmRhW7}#*5>Jva>TWDUNv-r^KYC_t(25L!}1v za)eXJ<^hvTyss$LYV=-R){GdEdNX-#)25t%+tAQ}MJZC#l;W{z`hKolmxwhbinY>l ztE#`yd=3W!UfkW&0~R_y5rIOw5DpcWdr11)=*lL&{24JfE)~=3*C7&CLmsVky0GQO z)Wk%;hhkA*Z)!%yX0ww=fB$DM#b~&%rbfPMmzR%%-T`OefQ>g@k=*W4+5Ut|&5#+(%)V!16Tw%8)VHy~E~tjTXR>P;bRl%tnlFqQ^ZnyUjvQC86b z-!v^Pw`%2Ja1?{>aRzBhQ^G7##Tp8q??#-og4~C)r>&Cz5CxYrM#SA{YWrJORt3fQ z^mIGzv5orR>VIy)M?dHT|oj6K}Y+Auo)nVI6y?EyK@s;(sWc^uD~Mi?8*#U!Lm3m z@kF>6fVo-%xunt0j}dh0ob1dMEH4dJRq=u;z%GzAZ@BE5AIXhcZ!_`;74#Y+b zDp+D%LOfatQQDk2);bToSyAP1zkZ~?TJkLON*lsis?}<{3?D$r+StGaa!`(>f{>(_ zmE~Tl_Tq8_3H<0>md>f+0;Pg|bHUnm^PIBck(<#9fLj2rJ+FAQEA6FhZ6Q$ekwr|g z;O2Go(|_K835-pw!kNN*l%~c}nT0Uo<-%UaP(Lz3 zIpzndS6!#8jXJjAK2Qj{p(ijfy;IsNA|dspq_l^2YPSfzyG;&1_ynHmYdV|iQ$IU1 zv%XbZTMIxR*Pc;+j@co%>3xa1-Qtb!69WwIB}cN5)wTEiDFW5UJVgd$G$;ydvalIq z^76N$r8c9vZ1D>tBWhjUv_xk8_>7E+hPwQG)BEnCjg1YW(M&=jBD?i{0s?|#8cF5; zxP!U-u}oo24UNAdgC+U-y#o{LE6q2ww0S65^>%mwF;uK|&rMIihGq10e<3zC<1Mtf z^KF*TdT>Q6enlbD1b}EyIMFgXW(Jo<=b)<9Semdxo|3Sz#0nZ( zM}0X;*3X{?nwpx(!G7d!t=?Cjo!vzMaJWHj|Jkgazq#K_^FTi<-V>=d%Iu>Ms625U zm$R`cn=tC7rESMsy?aZL7$WqcdM$9&HE!Gk$ zbZTe4mfrxeDl9Bsh3hzIwQtBnC<8Pcz!r^&3CSHL)3da-wFL)_zNa?RhxgpprBjyr zo{mp^aD7Go3b~@Vyj)Fn3JnEg!=4Y+fbA+qH=FfM#sfMLbM3z9?nDkfaZs5?qv>VR znOsw0S(%CXe!8IFXT>VhqnES<5du8Tkt4GcoNWa7OofY0Ho@G-{!jP2Q%_;1w3$1gG{EdAd5_Ew8IN-(&g=D_NAl-GDQo>QZMnCdN$%gZB?cx`4wyO6W(+nI;~d*=AR3I~{6f<_K&@XW|yuhkWoh{<@tYzaoFl%zRYu zw@TRb=#+QL9>+-cJ1p@9FFjU`*ydC-tbP zK2HP_dzX?}P_o33(9qgL@uvw`HRITpqXM~TT55W9YWlY)>ErD2p2#o^=Nyo2_S+G262x_jM0L?m&&<4e^XA;~ z;*)mn5^kTPNH>meA?ACD0BpR>T|L;Jh%{ctHs0z@|1CqfB^g!RX@B0yWH> zE2Xhg~YQ z=895J$~E(vSc;OBClB6&=~c7_kDWo@(+|bfj!^f->or@XVJy?w?npG zX);=dOQm_rueJFcKSwSue7jjIA1MaF;=M)kF89RNckM>J)ctx#E6>$^zZ_;^)7 zDtPR4L|txWTPz1QUN|~dNk*pkkB;tT|70_|ja#Vpe$MFW71d}z;g@zpOd4@*Q=LG# z{g^mWR>>;TB{MoW)Rwr zNOxHyWco)l%TuSRxc~>u2eXmlM{KH~)%E@I;rE)cJ(D~We{_3<`xNRgn}K*Q5q#Z% zBHO-2V2&X042FpC|K|Y>hOH0I9H^J;orEMH?(#ujAteq8dmeVLclAY*^ZOpcrC1W@ zGG_DTGmAbGm{`Xh5c<)6wZoES`M5n#}^Q#3nWoI5%?)!!XCQgS!d)zzhslxs953>eqBmWj(G zD5MBcWU8sCI6FHVm=|tVJ8d%`E>!Q7Y4ZjN@beT|DzIi#Q_Dxb%Fp*%oW$(Ct8k(-`>}+Q3hsCLo>@Vu=Hf;g|i*Rd0!|0NsQ@vgZ4vtB= z;>7@2x(eOu$$^Qi2f1(ZR5fh&jmw}^+nL*a1Ytv4b&Z+?CV5hLefq7gn+w(RCoI?m z55qk!x%mmc08Rk)7PN)+s0~aE474csVqkrFa8@=neAJAO{&DKMaIQL7i~)(_^*Vmm z@=$riJ;L<8xYYd)#b7Lb~!di=kkK=|F?8h3<+TZTE-d>3{JLbO$YuC&QotdM_ z_1IK#>FJw$+~wN!wsYlr=k4w+^nzv+8(X5gFQ`;Le`a@#Bg!0Wcl_76C9^|HN-FXF zvb3=9w-sobK>9&OezDx*u(jDYE$3$^v@@)$p`}IWez6}=*(}6j2YQ{2@7jAZ#lRWt z%$xK#f85v5rO?mZg%}tZ+HJH!IX2qdjUFv|lg&Z++}%$NnrBK9XkeFD&OjeK{=;`a zlIpHJ)#iBah(hJz@vnDiYR_39U7jv>>+e>o3b&1%zJjhUGv@_*kYRE0yRqy}ughI| z>S$~z9^H5CMoZ=(!zvDrwWAkQfBpWEW{!!vY$PQmy@l>h7a6I|A^~woo6YYP^pm)_ zN7pSky!+B3Hi|+tv;qtg;Zd*B|J<|P%OWEi->LUY;6tGp>@Yk<;hlRm#Mq30K>p>w zEP%|TdRlrgH;aO_v|f#Un}M3XLcP^odrZt)a!TD6`-z;E5gQjV2Bvq4ELCQ^JpQvd_|%w5H@`b1AjsVY>8RR|S@3bbw+^zgrb-Qdi zrK)OYNm(@jjTH$Q)8m#)T3x-*>~?yDY_7JDL8%0p$6^ECFyH@~MiL(%Up9loXuGtr zj6~3!bsd&fTIxO4hBPvByyjQf(y~xk^CK;7xvs1Yl;*Q%wy0U_W;NP&<0j2kOH1|*O6|HMf-<_?2bwhZ0OS1hSTfW090_Q9sBZyh)HYm zQ7;I~$q^#LwRe(^2^-H2ynqP%R$1Mw#!V|I(BznoWSAKlMV!#MoaDp#g&(F0Y6gpo z3G3DxYX8>($jwc{zrgQyvO3h?kI~|C_q(IZUp3{xq|@CFHeSkqu|`Kn+aj07@5Pci zMk#80h~-&PQIW}JvA@rKpsXYcaCNiyRf@mAKa?nNwq4<81k7pJ9zNc7c{xnU^s}f3 zTUv6d&NkBLF?;_+AtNua@hQ*A>-tdCWxq78CNBKqRFyGty}hhJE}cB{2jB35%~^IJ zQ1oka&w9%S1_zrOFti)LkU-7TZju0at3BX#;3Jojx!4*?VAB6Zs-Ne;da*r<%SFq| z>L<9nZMtS-)Jjhc1J+DHz_T{tQQPnG1<1=SbtVU{SYzy%n9IKTJ{9^GL_~O2Yh*9A zzTrbIdPkd>gHuPOWMv&)DMGQ)TJeC?E)&9xH16=8IOg36}22J-(8^Y$cRnwmjvo?Z@Q=h<7fY;5%bp@EO-^k$YF$blHw~Cs{AJKQh z+;_>Eb_@G`rq%7umF-XQU_gK}J|ZE2BN_%#0oR?8(Q7C2NDGL17`=pRa{6uFJ~zic zsbm<9PHx+!9)SM=<04boCr!S-?J0rn$bbIta5hYPoP?+m5tV~O@ zX4J;#z)De>GMKp1<_YxPWJ)@XRc%d1eivEW2x{c@hO=F<9zf>p2SJ5kVb zV@XyKy+;1epYQ+2m?osEvAk+xnDXYaSuM^nYq7XcgN=Xv5D-N!?7;YTe$w+b)Ep=j zPBLUHiA#OcU;0K@{3X!B!&E#ifxl?S;Rs9~+)#YNYc{~SLh%ZMFvhsCH3cLMplA_(f9e$X3rf&);a0Ak1%?&4EF7pcj~CEg)E9y&W2^E!qg|0fMxJYas5$7c&T_ zhN8T@JmR1Qj2cnzzkI2>nMrY_fMlO>Rb^MEm`6((*e3F$Wj1xkQ`tQFAW54@;maH8BOBJlgB-wm}djRDz zh3i7p`uD=-^g5ZC_kY+P0~v+?16?(*c5#65re!nuC8a>XWM>F{gx_T|V4l zfnNqRO5fC^OD+y+DRCMw>f2uM>OLhz9$l}7Q zCQ4H8{Y%X?=B469P9XHQS`TC+BHhx!?pgI?>cCX#zlU#r1N+h(1Hq zZ=$`O0Q&YdTfb3Ub77%*EWyIn)qf(xWqGW427;vBVysoKX!$N5Z#P&>0ip$9O=0}~XQDbhg98NS>uA`)` zoXY8jm^pUS?(O2j*-Y7$E?HP?QB-WPuqZeT~UgY`rLWV7F#>O>IJx=cb0EpLX@fLO+ zHm9eTd?{wMRb2bDI8DqN^?>}U)%{;_X=z%Q1@Zd!WDMdx{X>)XOS;&iBAeHI_dUNf zm{Ohto7=oFGc|Uu)r*&az=VKc%XS4{G(R^aL=o^+;F1lgSG*_@iufKD>Jf>ZJ+({z zssOnDtWW1xcRP=%a31ylJ(k{Tx3>{r$14`Mf@GwmYP~U@*xPN1b8~Z- zB^zuP_UoU1XU*?80E#J}yp4CWu{F(rhXcjyjWViAa@t|`2Fn`|)x06K(e(Pl(o!8A z9q&==%oVR|WT0+5Tr#}=1L7hVN=l+26L)h=%R*P@{I3|m#^lpxWg?&i5kFi!IZ}YmoVlTFhxOLn&0>g}6HmwPWJYY=&mAI^| z>~zfh^aueGC2D*BrXB|(F5ctjkEE&+hXX|?8rBBEf~>B-Ai*d;&-=ekwI!yqnf};H zii&(58|I##y&=&#QRIT_%@#f~y{}nV+I&(^K$b5psL7F!yk&gJYdEn&U$Uv0+s)W} zZ$s0D;)q1V37ib&Ra>>$P2@leH!`jAH7k@lM0 z=>?a+X^rSdM>Z}lHD~XDYo^`QR2hUF-KVtzfEapl>@1lmUUO zlXUeYa~9{F_{?E^QEw`$UJ%}h$=sNf9x)lQItHBworY# zM(URzGVi`l{{E)EPOHiI^WjCq$*h*9*1cJbqPBJ_u)u*IU}aVEB!LUKR3I4B=6}%Y z*!))i; z#8V#DPegd~YYYVJ|33~GWl+rI z9X)eqS%-ZaF^#gnsi}e(+ZZ()?Lb=Wm#!&*lr{Tcv$8A<^x&msccAmI>bLD5?7e&u zh+UuD+T)j8S|Pfj2qq<`Ww?C_HF@H zj5vsvzWr{oivEY6`uGtxx)Z0HTfO#&`at%1o^#TpUj~n9^5h7+=AEbk-@f_Y9Iu@2 zQ3V`DLHOM-`#)$eeRB^DtEw7Z!+K-O42dElckCM&=olEF0$x9uY6%rX>-KflR|iIx zS)=1FeO8Ch0VFspwwkkhRYQ@TpJilf z=(M$eRo6=O6RGyeA`_%py9cHKRsxUeonbp2Zi{p0mixa&oYp+em=Tgf5h_X({j6_) zvki9)c!2)yUknC`XH+W8P~-FGUol}4-rmqy7q{cZrRE9`pksp63&>fyTzRRgsC^-J zJsrnkrs(>uT@OIdKmE2vW!<~WWG5j=MQN$5@{+;Qbvg)@)YiHH&m3F>`HJ7-io|=2_8}G1ch;Vs>047>tZEs;cqvj0rtG5`%;Nz|jCwNo|+iL18qF zvvW;f6q%sW?KEhlF$2aP|9$cQkB0{;s)GkVKS%(zw3L1yu8&~VZkk^lRQmkuU|)5J zmX>yNL+>@LT(233I#HCu){{f?oy&*ti7tTW;OCkP3tXfl9&kl44$XE9QSCNB5@zu< z=xZbm48&3BlD040pUl&j%df4htSE)Ng*rzFGF_aUipotzP@~M(_mvA|@8Rqwzkha= z%-N!}649|xeZw9c?l=CWflkOW!O7O)7n#WyC_3G!YIJaRV@vh_xIf}3pwxNyOql5C z!qgewxz5Z^b{7O=IVmaa8_uk`uHN@NCRTv3nVJi-?=vcxVaZ7^=E2;bsp!vRr0Rje zqCNCHwi*Y`9%5G7ZIsuQ<>j`(00q7jcx)5$5C_%Xvo(QSlfzg}0*mG+sCo5C9dJ3H zw-+GU>iJy0#(xS8j|dBoppO1jMzLD&?hOG+93ALCFEvn569MC0!Pg87R}G#=5}@am z2|OZ-e#7p3O-HxQX`~eeS;2vVp(K~Q@5Fnlr>J-eN*W@HDv5G+SR`O{tHRFyYqpNu zSx`e;`(R-6E(#K~AFvT4+A8)pB|Hecy5$2wgy!>!J+yc}ThXD+Oz6N`b*X z>e*(5g>gJ8tLf>fs|Qz1^5NQq1eZs;f?)}Qk7H_Ts(E=ny#?W6VN)UnSmXxPo-^l_ zUR3-0mg*I2);4!P#ZY&wm87LDeSHx{9^g{&LwunXeL zmyEIVr~z|Fjf@OgaQqdKqe3d>ps*JA>*|} zMQH$rEe@%tAFxJuSZ_B=oDXK1fx!t(EHN>$L>4racicSJ9IPw6j8rlf7E|Rq<+hh^b+;HP-y5 zLz|9b|MAA@=K9bSt+ClU5^~32={x~`ejb*%=;*roYM?1wN})?)QI5~dB=dV^OtHf&iGd_oPft(1 z-G#8vcG{Gp`l|wQ$)mwRY2I@E(V;On3U4r9&bHD2G^%}?epj9{a36O~(p8z$C;z8FISQ1$;e3IDg)E)STituY{euIt zF|C_=5ExY4!9=c60Ta{`{d|&I3Cvcl6qGEm5ySUB$sapK$l@9FleV^uhVK0>@Dqby zxutSD^;Tv@ro9}EAVcJDYi_WZ0dDxmdt@|& zt@^Ux;yPF*i}w|fkMxM$glR1ptz{gJ^lO*Du-m9iZ0LrkfKuc& zKEI}6M0+i%RIzG$9IGvD4$0SeDE>UYvrddI@A;8ZX+c`>p@ zCP6>(*&$tr6^;~fQBObgEoJ0gwe8X*KG=_s?W-&G74$Nbf!w|bzI#aKxPgPrEaJr1 zH$qZZ=Ta{+2jCJk;v-3K`zj~J3MOT3l&8N}(~p{pe234AMd>StV@ubQXt^F*KW=ar zE#_xlGNbX{a@TjM`SyygEHa3X@Bw4z{6hT{YU?o22k~?{3-#|2(H4kXzOmvGA=gNUyct@V#qEo zNYOAMQ001V#r19y3dfP&-wM3LNUK=?vdD2Q);KlO#JSOn=f)#f(ASrl?k3=T*>Gx%#`siHkJsbqtcF> z9KRhVMSp41s#=AFl@KLD_#=KDq>>R!$;MH$24iOr4t+K@S^US*!J3U!kKt`9cSnZ9 zJFY5FBX%Q}rZr9*4OyvbF=L~I@#=kz{THvVEyH>DH04E$tihxAKDRmBAZ1Y;am~lF zR0PEBRmC`YANG-}PKJm97vm<2=NE=?3!*?Vz$Bd&ba3f?s&UnRq z6yL{i$6!;Z<#k*;>fp{LmCNh+2<_1_croWUj!L-q+T8|L~3m`2EDK=;?R z$%;Eg=c>5e@6Ar@2`kIzXeo^h?Zw6CruK5n2N`o?k4EfLP0PyB8%vv0|;9{(%3umy^_>ez=HfOh^sybm)im%Q(s$E&E zO5vi(mCD4R>3RB5Os_4ZN@;FJ=5Ik{S4mvd@qm7vh*wM0r>Ntwg9ILY9BowaF0k4$ zdzxRxlM7{Ch(x}5HyK2P;>(Z=fSBv7k9OtX_Vu%QN+pj{Qaw$N7K@EX1ri$eq<@kS?A)Z#Z z%8V%Pm48);1;P?G*x~2!@1C_Wuh$d9LvwEwLWMw4-cog|YZ;Ug#E~ou5EcrRlCQ5w zkfA%oT}aPCJRY3k;Puu8ikj5<`cK zoEn5MW}F&oU99Di>Z|q95ss+eLGz?Sz^>jfB?jD$Y-*LkCtegkg?p?zoQ Date: Fri, 3 Jan 2025 18:48:25 +0000 Subject: [PATCH 04/41] Switch to TestContainers for manging services in Playwright Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- package.json | 2 + .../app-loading/guest-registration.spec.ts | 6 +- playwright/e2e/crypto/backups.spec.ts | 8 +- playwright/e2e/crypto/dehydration.spec.ts | 10 +- playwright/e2e/crypto/utils.ts | 2 +- .../forgot-password/forgot-password.spec.ts | 18 +- playwright/e2e/login/consent.spec.ts | 3 +- playwright/e2e/login/login.spec.ts | 35 +- playwright/e2e/login/overwrite_login.spec.ts | 2 +- playwright/e2e/login/soft_logout.spec.ts | 10 +- playwright/e2e/login/utils.ts | 5 +- playwright/e2e/oidc/index.ts | 178 +++++- playwright/e2e/oidc/oidc-native.spec.ts | 10 +- playwright/e2e/register/email.spec.ts | 17 +- playwright/e2e/register/register.spec.ts | 9 +- .../e2e/sliding-sync/sliding-sync.spec.ts | 24 +- playwright/element-web-test.ts | 70 +-- playwright/pages/bot.ts | 6 +- playwright/pages/crypto.ts | 2 +- playwright/plugins/docker/index.ts | 151 ----- .../plugins/homeserver/dendrite/index.ts | 169 ++---- .../dendrite/templates/default/dendrite.yaml | 378 ------------ playwright/plugins/homeserver/index.ts | 31 +- .../homeserver/synapse/consentHomeserver.ts | 56 ++ .../homeserver/synapse/emailHomeserver.ts | 28 + .../plugins/homeserver/synapse/index.ts | 239 -------- .../synapse/legacyOAuthHomeserver.ts | 48 ++ .../res/templates/privacy/en/1.0.html | 0 .../res/templates/privacy/en/success.html | 0 .../synapse/templates/COPYME/README.md | 3 - .../synapse/templates/COPYME/homeserver.yaml | 72 --- .../synapse/templates/COPYME/log.config | 50 -- .../synapse/templates/consent/README.md | 1 - .../synapse/templates/consent/homeserver.yaml | 84 --- .../synapse/templates/consent/log.config | 50 -- .../synapse/templates/default/README.md | 1 - .../synapse/templates/default/homeserver.yaml | 106 ---- .../synapse/templates/default/log.config | 50 -- .../synapse/templates/dehydration/README.md | 1 - .../templates/dehydration/homeserver.yaml | 102 ---- .../synapse/templates/dehydration/log.config | 50 -- .../synapse/templates/email/README.md | 1 - .../synapse/templates/email/homeserver.yaml | 44 -- .../synapse/templates/email/log.config | 50 -- .../synapse/templates/guest-enabled/README.md | 1 - .../templates/guest-enabled/homeserver.yaml | 105 ---- .../templates/guest-enabled/log.config | 50 -- .../synapse/templates/mas-oidc/README.md | 1 - .../templates/mas-oidc/homeserver.yaml | 194 ------ .../synapse/templates/mas-oidc/log.config | 50 -- playwright/plugins/mailhog/index.ts | 47 -- .../matrix-authentication-service/config.yaml | 153 ----- .../matrix-authentication-service/index.ts | 151 ----- playwright/plugins/postgres/index.ts | 66 --- .../plugins/sliding-sync-proxy/index.ts | 77 --- playwright/services.ts | 113 ++++ playwright/testcontainers/dendrite.ts | 280 +++++++++ playwright/testcontainers/mas.ts | 206 +++++++ playwright/testcontainers/synapse.ts | 323 ++++++++++ yarn.lock | 550 +++++++++++++++++- 60 files changed, 1857 insertions(+), 2692 deletions(-) delete mode 100644 playwright/plugins/docker/index.ts delete mode 100644 playwright/plugins/homeserver/dendrite/templates/default/dendrite.yaml create mode 100644 playwright/plugins/homeserver/synapse/consentHomeserver.ts create mode 100644 playwright/plugins/homeserver/synapse/emailHomeserver.ts delete mode 100644 playwright/plugins/homeserver/synapse/index.ts create mode 100644 playwright/plugins/homeserver/synapse/legacyOAuthHomeserver.ts rename playwright/plugins/homeserver/synapse/{templates/consent => }/res/templates/privacy/en/1.0.html (100%) rename playwright/plugins/homeserver/synapse/{templates/consent => }/res/templates/privacy/en/success.html (100%) delete mode 100644 playwright/plugins/homeserver/synapse/templates/COPYME/README.md delete mode 100644 playwright/plugins/homeserver/synapse/templates/COPYME/homeserver.yaml delete mode 100644 playwright/plugins/homeserver/synapse/templates/COPYME/log.config delete mode 100644 playwright/plugins/homeserver/synapse/templates/consent/README.md delete mode 100644 playwright/plugins/homeserver/synapse/templates/consent/homeserver.yaml delete mode 100644 playwright/plugins/homeserver/synapse/templates/consent/log.config delete mode 100644 playwright/plugins/homeserver/synapse/templates/default/README.md delete mode 100644 playwright/plugins/homeserver/synapse/templates/default/homeserver.yaml delete mode 100644 playwright/plugins/homeserver/synapse/templates/default/log.config delete mode 100644 playwright/plugins/homeserver/synapse/templates/dehydration/README.md delete mode 100644 playwright/plugins/homeserver/synapse/templates/dehydration/homeserver.yaml delete mode 100644 playwright/plugins/homeserver/synapse/templates/dehydration/log.config delete mode 100644 playwright/plugins/homeserver/synapse/templates/email/README.md delete mode 100644 playwright/plugins/homeserver/synapse/templates/email/homeserver.yaml delete mode 100644 playwright/plugins/homeserver/synapse/templates/email/log.config delete mode 100644 playwright/plugins/homeserver/synapse/templates/guest-enabled/README.md delete mode 100644 playwright/plugins/homeserver/synapse/templates/guest-enabled/homeserver.yaml delete mode 100644 playwright/plugins/homeserver/synapse/templates/guest-enabled/log.config delete mode 100644 playwright/plugins/homeserver/synapse/templates/mas-oidc/README.md delete mode 100644 playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml delete mode 100644 playwright/plugins/homeserver/synapse/templates/mas-oidc/log.config delete mode 100644 playwright/plugins/mailhog/index.ts delete mode 100644 playwright/plugins/matrix-authentication-service/config.yaml delete mode 100644 playwright/plugins/matrix-authentication-service/index.ts delete mode 100644 playwright/plugins/postgres/index.ts delete mode 100644 playwright/plugins/sliding-sync-proxy/index.ts create mode 100644 playwright/services.ts create mode 100644 playwright/testcontainers/dendrite.ts create mode 100644 playwright/testcontainers/mas.ts create mode 100644 playwright/testcontainers/synapse.ts diff --git a/package.json b/package.json index b36807f7c3f..846a8ca6d9b 100644 --- a/package.json +++ b/package.json @@ -178,6 +178,7 @@ "@sentry/webpack-plugin": "^2.7.1", "@stylistic/eslint-plugin": "^2.9.0", "@svgr/webpack": "^8.0.0", + "@testcontainers/postgresql": "^10.16.0", "@testing-library/dom": "^10.4.0", "@testing-library/jest-dom": "^6.4.8", "@testing-library/react": "^16.0.0", @@ -281,6 +282,7 @@ "stylelint-scss": "^6.0.0", "stylelint-value-no-unknown-custom-properties": "^6.0.1", "terser-webpack-plugin": "^5.3.9", + "testcontainers": "^10.16.0", "ts-node": "^10.9.1", "ts-prune": "^0.10.3", "typescript": "5.7.2", diff --git a/playwright/e2e/app-loading/guest-registration.spec.ts b/playwright/e2e/app-loading/guest-registration.spec.ts index 4455baed230..8e96a937f0f 100644 --- a/playwright/e2e/app-loading/guest-registration.spec.ts +++ b/playwright/e2e/app-loading/guest-registration.spec.ts @@ -13,11 +13,13 @@ Please see LICENSE files in the repository root for full details. import { expect, test } from "../../element-web-test"; test.use({ - startHomeserverOpts: "guest-enabled", + synapseConfigOptions: { + allow_guest_access: true, + }, config: async ({ homeserver }, use) => { await use({ default_server_config: { - "m.homeserver": { base_url: homeserver.config.baseUrl }, + "m.homeserver": { base_url: homeserver.baseUrl }, }, }); }, diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index 40c7dc0ac6c..8826cb4595c 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -23,19 +23,19 @@ async function expectBackupVersionToBe(page: Page, version: string) { masTest.describe("Encryption state after registration", () => { masTest.skip(isDendrite, "does not yet support MAS"); - masTest("Key backup is enabled by default", async ({ page, mailhog, app }) => { + masTest("Key backup is enabled by default", async ({ page, mailhogClient, app }) => { await page.goto("/#/login"); await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!"); + await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); await app.settings.openUserSettings("Security & Privacy"); expect(page.getByText("This session is backing up your keys.")).toBeVisible(); }); - masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => { + masTest("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { await page.goto("/#/login"); await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!"); + await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); await page.getByRole("button", { name: "Add room" }).click(); await page.getByRole("menuitem", { name: "New room" }).click(); diff --git a/playwright/e2e/crypto/dehydration.spec.ts b/playwright/e2e/crypto/dehydration.spec.ts index 39629c82622..58bd5847b44 100644 --- a/playwright/e2e/crypto/dehydration.spec.ts +++ b/playwright/e2e/crypto/dehydration.spec.ts @@ -13,14 +13,16 @@ import { viewRoomSummaryByName } from "../right-panel/utils"; import { isDendrite } from "../../plugins/homeserver/dendrite"; const test = base.extend({ - // eslint-disable-next-line no-empty-pattern - startHomeserverOpts: async ({}, use) => { - await use("dehydration"); + synapseConfigOptions: { + experimental_features: { + msc2697_enabled: false, + msc3814_enabled: true, + }, }, config: async ({ homeserver, context }, use) => { const wellKnown = { "m.homeserver": { - base_url: homeserver.config.baseUrl, + base_url: homeserver.baseUrl, }, "org.matrix.msc3814": true, }; diff --git a/playwright/e2e/crypto/utils.ts b/playwright/e2e/crypto/utils.ts index 337ff3d6344..3771fd73a78 100644 --- a/playwright/e2e/crypto/utils.ts +++ b/playwright/e2e/crypto/utils.ts @@ -148,7 +148,7 @@ export async function logIntoElement( // select homeserver await page.getByRole("button", { name: "Edit" }).click(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue", exact: true }).click(); // wait for the dialog to go away diff --git a/playwright/e2e/forgot-password/forgot-password.spec.ts b/playwright/e2e/forgot-password/forgot-password.spec.ts index 0a12514d9ec..b307637acd1 100644 --- a/playwright/e2e/forgot-password/forgot-password.spec.ts +++ b/playwright/e2e/forgot-password/forgot-password.spec.ts @@ -8,6 +8,8 @@ Please see LICENSE files in the repository root for full details. import { expect, test } from "../../element-web-test"; import { selectHomeserver } from "../utils"; +import { emailHomeserver } from "../../plugins/homeserver/synapse/emailHomeserver.ts"; +import { isDendrite } from "../../plugins/homeserver/dendrite"; const username = "user1234"; // this has to be password-like enough to please zxcvbn. Needless to say it's just from pwgen. @@ -15,16 +17,8 @@ const password = "oETo7MPf0o"; const email = "user@nowhere.dummy"; test.describe("Forgot Password", () => { - test.use({ - startHomeserverOpts: ({ mailhog }, use) => - use({ - template: "email", - variables: { - SMTP_HOST: "host.containers.internal", - SMTP_PORT: mailhog.instance.smtpPort, - }, - }), - }); + test.skip(isDendrite, "not yet wired up"); + test.use(emailHomeserver); test("renders properly", { tag: "@screenshot" }, async ({ page, homeserver }) => { await page.goto("/"); @@ -32,7 +26,7 @@ test.describe("Forgot Password", () => { await page.getByRole("link", { name: "Sign in" }).click(); // need to select a homeserver at this stage, before entering the forgot password flow - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("button", { name: "Forgot password?" }).click(); @@ -47,7 +41,7 @@ test.describe("Forgot Password", () => { await page.goto("/"); await page.getByRole("link", { name: "Sign in" }).click(); - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("button", { name: "Forgot password?" }).click(); diff --git a/playwright/e2e/login/consent.spec.ts b/playwright/e2e/login/consent.spec.ts index 4d8dd821e0c..8fd58379570 100644 --- a/playwright/e2e/login/consent.spec.ts +++ b/playwright/e2e/login/consent.spec.ts @@ -7,10 +7,11 @@ Please see LICENSE files in the repository root for full details. */ import { test, expect } from "../../element-web-test"; +import { consentHomeserver } from "../../plugins/homeserver/synapse/consentHomeserver.ts"; test.describe("Consent", () => { + test.use(consentHomeserver); test.use({ - startHomeserverOpts: "consent", displayName: "Bob", }); diff --git a/playwright/e2e/login/login.spec.ts b/playwright/e2e/login/login.spec.ts index e1307f7402d..ed0ad6c1b54 100644 --- a/playwright/e2e/login/login.spec.ts +++ b/playwright/e2e/login/login.spec.ts @@ -13,6 +13,8 @@ import { doTokenRegistration } from "./utils"; import { isDendrite } from "../../plugins/homeserver/dendrite"; import { selectHomeserver } from "../utils"; import { Credentials, HomeserverInstance } from "../../plugins/homeserver"; +import { consentHomeserver } from "../../plugins/homeserver/synapse/consentHomeserver.ts"; +import { legacyOAuthHomeserver } from "../../plugins/homeserver/synapse/legacyOAuthHomeserver.ts"; const username = "user1234"; const password = "p4s5W0rD"; @@ -70,7 +72,7 @@ const DEVICE_SIGNING_KEYS_BODY = { async function login(page: Page, homeserver: HomeserverInstance) { await page.getByRole("link", { name: "Sign in" }).click(); - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("textbox", { name: "Username" }).fill(username); await page.getByPlaceholder("Password").fill(password); @@ -79,7 +81,7 @@ async function login(page: Page, homeserver: HomeserverInstance) { test.describe("Login", () => { test.describe("Password login", () => { - test.use({ startHomeserverOpts: "consent" }); + test.use(consentHomeserver); let creds: Credentials; @@ -101,7 +103,7 @@ test.describe("Login", () => { await page.getByRole("link", { name: "Sign in" }).click(); // first pick the homeserver, as otherwise the user picker won't be visible - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("button", { name: "Edit" }).click(); @@ -114,7 +116,7 @@ test.describe("Login", () => { await expect(page.locator(".mx_ServerPicker_server")).toHaveText("server.invalid"); // switch back to the custom homeserver - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await expect(page.getByRole("textbox", { name: "Username" })).toBeVisible(); // Disabled because flaky - see https://github.com/vector-im/element-web/issues/24688 @@ -142,10 +144,10 @@ test.describe("Login", () => { homeserver, request, }) => { - const res = await request.post( - `${homeserver.config.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, - { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, - ); + const res = await request.post(`${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { + headers: { Authorization: `Bearer ${creds.accessToken}` }, + data: DEVICE_SIGNING_KEYS_BODY, + }); if (res.status() / 100 !== 2) { console.log("Uploading dummy keys failed", await res.json()); } @@ -172,7 +174,7 @@ test.describe("Login", () => { request, }) => { const res = await request.post( - `${homeserver.config.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, + `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, ); if (res.status() / 100 !== 2) { @@ -203,7 +205,7 @@ test.describe("Login", () => { }) => { console.log(`uid ${creds.userId} body`, DEVICE_SIGNING_KEYS_BODY); const res = await request.post( - `${homeserver.config.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, + `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, ); if (res.status() / 100 !== 2) { @@ -226,14 +228,7 @@ test.describe("Login", () => { // tests for old-style SSO login, in which we exchange tokens with Synapse, and Synapse talks to an auth server test.describe("SSO login", () => { test.skip(isDendrite, "does not yet support SSO"); - - test.use({ - startHomeserverOpts: ({ oAuthServer }, use) => - use({ - template: "default", - oAuthServerPort: oAuthServer.port, - }), - }); + test.use(legacyOAuthHomeserver); test("logs in with SSO and lands on the home screen", async ({ page, homeserver }) => { // If this test fails with a screen showing "Timeout connecting to remote server", it is most likely due to @@ -247,7 +242,7 @@ test.describe("Login", () => { }); test.describe("logout", () => { - test.use({ startHomeserverOpts: "consent" }); + test.use(consentHomeserver); test("should go to login page on logout", async ({ page, user }) => { await page.getByRole("button", { name: "User menu" }).click(); @@ -262,8 +257,8 @@ test.describe("Login", () => { }); test.describe("logout with logout_redirect_url", () => { + test.use(consentHomeserver); test.use({ - startHomeserverOpts: "consent", config: { // We redirect to decoder-ring because it's a predictable page that isn't Element itself. // We could use example.org, matrix.org, or something else, however this puts dependency of external diff --git a/playwright/e2e/login/overwrite_login.spec.ts b/playwright/e2e/login/overwrite_login.spec.ts index 6d06bbc4290..6f82c30331c 100644 --- a/playwright/e2e/login/overwrite_login.spec.ts +++ b/playwright/e2e/login/overwrite_login.spec.ts @@ -24,7 +24,7 @@ test.describe("Overwrite login action", () => { expect(credentials.userId).not.toBe(bobRegister.userId); const clientCredentials /* IMatrixClientCreds */ = { - homeserverUrl: homeserver.config.baseUrl, + homeserverUrl: homeserver.baseUrl, ...bobRegister, }; diff --git a/playwright/e2e/login/soft_logout.spec.ts b/playwright/e2e/login/soft_logout.spec.ts index ca0c11132a3..777fbbd0aea 100644 --- a/playwright/e2e/login/soft_logout.spec.ts +++ b/playwright/e2e/login/soft_logout.spec.ts @@ -11,16 +11,11 @@ import { Page } from "@playwright/test"; import { test, expect } from "../../element-web-test"; import { doTokenRegistration } from "./utils"; import { Credentials } from "../../plugins/homeserver"; -import { isDendrite } from "../../plugins/homeserver/dendrite"; +import { legacyOAuthHomeserver } from "../../plugins/homeserver/synapse/legacyOAuthHomeserver.ts"; test.describe("Soft logout", () => { test.use({ displayName: "Alice", - startHomeserverOpts: ({ oAuthServer }, use) => - use({ - template: "default", - oAuthServerPort: oAuthServer.port, - }), }); test.describe("with password user", () => { @@ -47,8 +42,7 @@ test.describe("Soft logout", () => { }); test.describe("with SSO user", () => { - test.skip(isDendrite, "does not yet support SSO"); - + test.use(legacyOAuthHomeserver); test.use({ user: async ({ page, homeserver }, use) => { const user = await doTokenRegistration(page, homeserver); diff --git a/playwright/e2e/login/utils.ts b/playwright/e2e/login/utils.ts index dc856d586fe..ae794bd9119 100644 --- a/playwright/e2e/login/utils.ts +++ b/playwright/e2e/login/utils.ts @@ -6,9 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -import { Page, expect } from "@playwright/test"; +import { Page, expect, Fixtures } from "@playwright/test"; import { Credentials, HomeserverInstance } from "../../plugins/homeserver"; +import { Services } from "../../services.ts"; /** Visit the login page, choose to log in with "OAuth test", register a new account, and redirect back to Element */ @@ -19,7 +20,7 @@ export async function doTokenRegistration( await page.goto("/#/login"); await page.getByRole("button", { name: "Edit" }).click(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue" }).click(); // wait for the dialog to go away await expect(page.locator(".mx_ServerPickerDialog")).toHaveCount(0); diff --git a/playwright/e2e/oidc/index.ts b/playwright/e2e/oidc/index.ts index 9403406d80c..0ed405df143 100644 --- a/playwright/e2e/oidc/index.ts +++ b/playwright/e2e/oidc/index.ts @@ -10,41 +10,163 @@ import { API, Messages } from "mailhog"; import { Page } from "@playwright/test"; import { test as base, expect } from "../../element-web-test"; -import { MatrixAuthenticationService } from "../../plugins/matrix-authentication-service"; -import { StartHomeserverOpts } from "../../plugins/homeserver"; -export const test = base.extend<{ - masPrepare: MatrixAuthenticationService; - mas: MatrixAuthenticationService; -}>({ - // There's a bit of a chicken and egg problem between MAS & Synapse where they each need to know how to reach each other - // so spinning up a MAS is split into the prepare & start stage: prepare mas -> homeserver -> start mas to disentangle this. - masPrepare: async ({ context }, use) => { - const mas = new MatrixAuthenticationService(context); - await mas.prepare(); - await use(mas); - }, - mas: [ - async ({ masPrepare: mas, homeserver, mailhog }, use, testInfo) => { - await mas.start(homeserver, mailhog.instance); - await use(mas); - await mas.stop(testInfo); - }, - { auto: true }, - ], - startHomeserverOpts: async ({ masPrepare }, use) => { +export const test = base.extend<{}>({ + synapseConfigOptions: async ({ mas }, use) => { await use({ - template: "mas-oidc", - variables: { - MAS_PORT: masPrepare.port, + enable_registration: undefined, + enable_registration_without_verification: undefined, + disable_msisdn_registration: undefined, + experimental_features: { + msc3861: { + enabled: true, + issuer: "http://mas:8080/", + issuer_metadata: { + "issuer": `http://localhost:${mas.getMappedPort(8080)}/`, + "authorization_endpoint": "http://mas:8080/authorize", + "token_endpoint": "http://mas:8080/oauth2/token", + "jwks_uri": "http://mas:8080/oauth2/keys.json", + "registration_endpoint": "http://mas:8080/oauth2/registration", + "scopes_supported": ["openid", "email"], + "response_types_supported": ["code", "id_token", "code id_token"], + "response_modes_supported": ["form_post", "query", "fragment"], + "grant_types_supported": [ + "authorization_code", + "refresh_token", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + ], + "token_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "token_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "revocation_endpoint": "http://mas:8080/oauth2/revoke", + "revocation_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "revocation_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "introspection_endpoint": "http://mas:8080/oauth2/introspect", + "introspection_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "introspection_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "code_challenge_methods_supported": ["plain", "S256"], + "userinfo_endpoint": "http://mas:8080/oauth2/userinfo", + "subject_types_supported": ["public"], + "id_token_signing_alg_values_supported": [ + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "PS256", + "PS384", + "PS512", + "ES256K", + ], + "userinfo_signing_alg_values_supported": [ + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "PS256", + "PS384", + "PS512", + "ES256K", + ], + "display_values_supported": ["page"], + "claim_types_supported": ["normal"], + "claims_supported": [ + "iss", + "sub", + "aud", + "iat", + "exp", + "nonce", + "auth_time", + "at_hash", + "c_hash", + ], + "claims_parameter_supported": false, + "request_parameter_supported": false, + "request_uri_parameter_supported": false, + "prompt_values_supported": ["none", "login", "create"], + "device_authorization_endpoint": "http://mas:8080/oauth2/device", + "org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql", + "account_management_uri": "http://mas:8080/account/", + "account_management_actions_supported": [ + "org.matrix.profile", + "org.matrix.sessions_list", + "org.matrix.session_view", + "org.matrix.session_end", + ], + }, + client_id: "0000000000000000000SYNAPSE", + client_auth_method: "client_secret_basic", + client_secret: "SomeRandomSecret", + admin_token: "AnotherRandomSecret", + account_management_url: `http://localhost:${mas.getMappedPort(8080)}/account`, + }, }, }); }, - config: async ({ homeserver, startHomeserverOpts, context }, use) => { - const issuer = `http://localhost:${(startHomeserverOpts as StartHomeserverOpts).variables["MAS_PORT"]}/`; + config: async ({ homeserver, mas, context }, use) => { + const issuer = `http://localhost:${mas.getMappedPort(8080)}/`; const wellKnown = { "m.homeserver": { - base_url: homeserver.config.baseUrl, + base_url: homeserver.baseUrl, }, "org.matrix.msc2965.authentication": { issuer, diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index b523f37f3ba..78696d75ef3 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -7,22 +7,22 @@ Please see LICENSE files in the repository root for full details. */ import { test, expect, registerAccountMas } from "."; -import { isDendrite } from "../../plugins/homeserver/dendrite"; import { ElementAppPage } from "../../pages/ElementAppPage.ts"; +import { isDendrite } from "../../plugins/homeserver/dendrite"; test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { test.skip(isDendrite, "does not yet support MAS"); test.slow(); // trace recording takes a while here - test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhog, mas }) => { - const tokenUri = `http://localhost:${mas.port}/oauth2/token`; + test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhogClient, mas }) => { + const tokenUri = `http://localhost:${mas.getMappedPort(8080)}/oauth2/token`; const tokenApiPromise = page.waitForRequest( (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code", ); await page.goto("/#/login"); await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!"); + await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); // Eventually, we should end up at the home screen. await expect(page).toHaveURL(/\/#\/home$/, { timeout: 10000 }); @@ -49,7 +49,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { await newPage.close(); // Assert logging out revokes both tokens - const revokeUri = `http://localhost:${mas.port}/oauth2/revoke`; + const revokeUri = `http://localhost:${mas.getMappedPort(8080)}/oauth2/revoke`; const revokeAccessTokenPromise = page.waitForRequest( (request) => request.url() === revokeUri && request.postDataJSON()["token_type_hint"] === "access_token", ); diff --git a/playwright/e2e/register/email.spec.ts b/playwright/e2e/register/email.spec.ts index 665e20ef01f..0c42b7062d9 100644 --- a/playwright/e2e/register/email.spec.ts +++ b/playwright/e2e/register/email.spec.ts @@ -7,25 +7,18 @@ Please see LICENSE files in the repository root for full details. */ import { test, expect } from "../../element-web-test"; +import { emailHomeserver } from "../../plugins/homeserver/synapse/emailHomeserver.ts"; import { isDendrite } from "../../plugins/homeserver/dendrite"; test.describe("Email Registration", async () => { test.skip(isDendrite, "not yet wired up"); - + test.use(emailHomeserver); test.use({ - startHomeserverOpts: ({ mailhog }, use) => - use({ - template: "email", - variables: { - SMTP_HOST: "host.containers.internal", - SMTP_PORT: mailhog.instance.smtpPort, - }, - }), config: ({ homeserver }, use) => use({ default_server_config: { "m.homeserver": { - base_url: homeserver.config.baseUrl, + base_url: homeserver.baseUrl, }, "m.identity_server": { base_url: "https://server.invalid", @@ -41,7 +34,7 @@ test.describe("Email Registration", async () => { test( "registers an account and lands on the use case selection screen", { tag: "@screenshot" }, - async ({ page, mailhog, request, checkA11y }) => { + async ({ page, mailhogClient, request, checkA11y }) => { await expect(page.getByRole("textbox", { name: "Username" })).toBeVisible(); // Hide the server text as it contains the randomly allocated Homeserver port const screenshotOptions = { mask: [page.locator(".mx_ServerPicker_server")] }; @@ -58,7 +51,7 @@ test.describe("Email Registration", async () => { await expect(page.getByText("An error was encountered when sending the email")).not.toBeVisible(); - const messages = await mailhog.api.messages(); + const messages = await mailhogClient.messages(); expect(messages.items).toHaveLength(1); expect(messages.items[0].to).toEqual("alice@email.com"); const [emailLink] = messages.items[0].text.match(/http.+/); diff --git a/playwright/e2e/register/register.spec.ts b/playwright/e2e/register/register.spec.ts index c1274362668..63fe24dffd0 100644 --- a/playwright/e2e/register/register.spec.ts +++ b/playwright/e2e/register/register.spec.ts @@ -7,11 +7,10 @@ Please see LICENSE files in the repository root for full details. */ import { test, expect } from "../../element-web-test"; +import { consentHomeserver } from "../../plugins/homeserver/synapse/consentHomeserver.ts"; test.describe("Registration", () => { - test.use({ - startHomeserverOpts: "consent", - }); + test.use(consentHomeserver); test.beforeEach(async ({ page }) => { await page.goto("/#/register"); @@ -27,7 +26,7 @@ test.describe("Registration", () => { await expect(page.locator(".mx_Dialog")).toMatchScreenshot("server-picker.png"); await checkA11y(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue", exact: true }).click(); // wait for the dialog to go away await expect(page.getByRole("dialog")).not.toBeVisible(); @@ -88,7 +87,7 @@ test.describe("Registration", () => { test("should require username to fulfil requirements and be available", async ({ homeserver, page }) => { await page.getByRole("button", { name: "Edit", exact: true }).click(); await expect(page.getByRole("button", { name: "Continue", exact: true })).toBeVisible(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue", exact: true }).click(); // wait for the dialog to go away await expect(page.getByRole("dialog")).not.toBeVisible(); diff --git a/playwright/e2e/sliding-sync/sliding-sync.spec.ts b/playwright/e2e/sliding-sync/sliding-sync.spec.ts index f812fe7aecc..d105904a483 100644 --- a/playwright/e2e/sliding-sync/sliding-sync.spec.ts +++ b/playwright/e2e/sliding-sync/sliding-sync.spec.ts @@ -7,21 +7,29 @@ Please see LICENSE files in the repository root for full details. */ import { Page, Request } from "@playwright/test"; +import { GenericContainer, StartedTestContainer } from "testcontainers"; import { test as base, expect } from "../../element-web-test"; import type { ElementAppPage } from "../../pages/ElementAppPage"; import type { Bot } from "../../pages/bot"; -import { ProxyInstance, SlidingSyncProxy } from "../../plugins/sliding-sync-proxy"; const test = base.extend<{ - slidingSyncProxy: ProxyInstance; + slidingSyncProxy: StartedTestContainer; testRoom: { roomId: string; name: string }; joinedBot: Bot; }>({ - slidingSyncProxy: async ({ context, page, homeserver }, use) => { - const proxy = new SlidingSyncProxy(homeserver.config.dockerUrl, context); - const proxyInstance = await proxy.start(); - const proxyAddress = `http://localhost:${proxyInstance.port}`; + slidingSyncProxy: async ({ network, postgres, page, homeserver }, use, testInfo) => { + const container = await new GenericContainer("ghcr.io/matrix-org/sliding-sync:v0.99.3") + .withNetwork(network) + .withExposedPorts(8008) + .withEnvironment({ + SYNCV3_SECRET: "bwahahaha", + SYNCV3_DB: `user=postgres dbname=postgres password=${postgres.getPassword()} host=${postgres.getHost()} sslmode=disable`, + SYNCV3_SERVER: `http://${homeserver.getNetworkNames()[0]}:8008`, + }) + .start(); + + const proxyAddress = `http://localhost:${container.getMappedPort(8008)}`; await page.addInitScript((proxyAddress) => { window.localStorage.setItem( "mx_local_settings", @@ -31,8 +39,8 @@ const test = base.extend<{ ); window.localStorage.setItem("mx_labs_feature_feature_sliding_sync", "true"); }, proxyAddress); - await use(proxyInstance); - await proxy.stop(); + await use(container); + await container.stop(); }, // Ensure slidingSyncProxy is set up before the user fixture as it relies on an init script credentials: async ({ slidingSyncProxy, credentials }, use) => { diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index 8206d766098..e53ebc0818c 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -6,24 +6,20 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -import { test as base, expect as baseExpect, Locator, Page, ExpectMatcherState, ElementHandle } from "@playwright/test"; +import { expect as baseExpect, Locator, Page, ExpectMatcherState, ElementHandle } from "@playwright/test"; import { sanitizeForFilePath } from "playwright-core/lib/utils"; import AxeBuilder from "@axe-core/playwright"; import _ from "lodash"; -import { basename, extname } from "node:path"; +import { extname } from "node:path"; -import type mailhog from "mailhog"; import type { IConfigOptions } from "../src/IConfigOptions"; -import { Credentials, Homeserver, HomeserverInstance, StartHomeserverOpts } from "./plugins/homeserver"; -import { Synapse } from "./plugins/homeserver/synapse"; -import { Dendrite, Pinecone } from "./plugins/homeserver/dendrite"; -import { Instance, MailHogServer } from "./plugins/mailhog"; +import { Credentials } from "./plugins/homeserver"; import { ElementAppPage } from "./pages/ElementAppPage"; -import { OAuthServer } from "./plugins/oauth_server"; import { Crypto } from "./pages/crypto"; import { Toasts } from "./pages/toasts"; import { Bot, CreateBotOpts } from "./pages/bot"; import { Webserver } from "./plugins/webserver"; +import { test as base } from "./services.ts"; // Enable experimental service worker support // See https://playwright.dev/docs/service-workers-experimental#how-to-enable @@ -68,14 +64,6 @@ export interface Fixtures { */ config: typeof CONFIG_JSON; - /** - * The options with which to run the {@link #homeserver} fixture. - */ - startHomeserverOpts: StartHomeserverOpts | string; - - homeserver: HomeserverInstance; - oAuthServer: { port: number }; - /** * The displayname to use for the user registered in {@link #credentials}. * @@ -113,7 +101,6 @@ export interface Fixtures { */ app: ElementAppPage; - mailhog: { api: mailhog.API; instance: Instance }; crypto: Crypto; room?: { roomId: string }; toasts: Toasts; @@ -150,45 +137,6 @@ export const test = base.extend({ await use(page); }, - startHomeserverOpts: "default", - homeserver: async ({ request, startHomeserverOpts: opts }, use, testInfo) => { - if (typeof opts === "string") { - opts = { template: opts }; - } - - let server: Homeserver; - const homeserverName = process.env["PLAYWRIGHT_HOMESERVER"]; - switch (homeserverName) { - case "dendrite": - server = new Dendrite(request); - break; - case "pinecone": - server = new Pinecone(request); - break; - default: - server = new Synapse(request); - } - - await use(await server.start(opts)); - const logs = await server.stop(); - - if (testInfo.status !== "passed") { - for (const path of logs) { - await testInfo.attach(`homeserver-${basename(path)}`, { - path, - contentType: "text/plain", - }); - } - } - }, - // eslint-disable-next-line no-empty-pattern - oAuthServer: async ({}, use) => { - const server = new OAuthServer(); - const port = server.start(); - await use({ port }); - server.stop(); - }, - displayName: undefined, credentials: async ({ homeserver, displayName: testDisplayName }, use) => { const names = ["Alice", "Bob", "Charlie", "Daniel", "Eve", "Frank", "Grace", "Hannah", "Isaac", "Judy"]; @@ -220,7 +168,7 @@ export const test = base.extend({ // Ensure the language is set to a consistent value window.localStorage.setItem("mx_local_settings", '{"language":"en"}'); }, - { baseUrl: homeserver.config.baseUrl, credentials }, + { baseUrl: homeserver.baseUrl, credentials }, ); await use(page); }, @@ -265,14 +213,6 @@ export const test = base.extend({ await use(bot); }, - // eslint-disable-next-line no-empty-pattern - mailhog: async ({}, use) => { - const mailhog = new MailHogServer(); - const instance = await mailhog.start(); - await use(instance); - await mailhog.stop(); - }, - // eslint-disable-next-line no-empty-pattern webserver: async ({}, use) => { const webserver = new Webserver(); diff --git a/playwright/pages/bot.ts b/playwright/pages/bot.ts index d50a0e84ee1..6b5b2a326c9 100644 --- a/playwright/pages/bot.ts +++ b/playwright/pages/bot.ts @@ -97,7 +97,7 @@ export class Bot extends Client { private async buildClient(): Promise> { const credentials = await this.getCredentials(); const clientHandle = await this.page.evaluateHandle( - async ({ homeserver, credentials, opts }) => { + async ({ baseUrl, credentials, opts }) => { function getLogger(loggerName: string): Logger { const logger = { getChild: (namespace: string) => getLogger(`${loggerName}:${namespace}`), @@ -157,7 +157,7 @@ export class Bot extends Client { }; const cli = new window.matrixcs.MatrixClient({ - baseUrl: homeserver.baseUrl, + baseUrl, userId: credentials.userId, deviceId: credentials.deviceId, accessToken: credentials.accessToken, @@ -179,7 +179,7 @@ export class Bot extends Client { return cli; }, { - homeserver: this.homeserver.config, + baseUrl: this.homeserver.baseUrl, credentials, opts: this.opts, }, diff --git a/playwright/pages/crypto.ts b/playwright/pages/crypto.ts index f221412a7ce..138dfa1c007 100644 --- a/playwright/pages/crypto.ts +++ b/playwright/pages/crypto.ts @@ -27,7 +27,7 @@ export class Crypto { accessToken: window.mxMatrixClientPeg.get().getAccessToken(), })); - const res = await this.request.post(`${this.homeserver.config.baseUrl}/_matrix/client/v3/keys/query`, { + const res = await this.request.post(`${this.homeserver.baseUrl}/_matrix/client/v3/keys/query`, { headers: { Authorization: `Bearer ${accessToken}` }, data: { device_keys: { [userId]: [] } }, }); diff --git a/playwright/plugins/docker/index.ts b/playwright/plugins/docker/index.ts deleted file mode 100644 index 6cc13860be3..00000000000 --- a/playwright/plugins/docker/index.ts +++ /dev/null @@ -1,151 +0,0 @@ -/* -Copyright 2024 New Vector Ltd. -Copyright 2023 The Matrix.org Foundation C.I.C. - -SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only -Please see LICENSE files in the repository root for full details. -*/ - -import * as os from "os"; -import * as crypto from "crypto"; -import * as childProcess from "child_process"; -import * as fse from "fs-extra"; - -/** - * @param cmd - command to execute - * @param args - arguments to pass to executed command - * @param suppressOutput - whether to suppress the stdout and stderr resulting from this command. - * @return Promise which resolves to an object containing the string value of what was - * written to stdout and stderr by the executed command. - */ -const exec = (cmd: string, args: string[], suppressOutput = false): Promise<{ stdout: string; stderr: string }> => { - return new Promise((resolve, reject) => { - if (!suppressOutput) { - const log = ["Running command:", cmd, ...args, "\n"].join(" "); - // When in CI mode we combine reports from multiple runners into a single HTML report - // which has separate files for stdout and stderr, so we print the executed command to both - process.stdout.write(log); - if (process.env.CI) process.stderr.write(log); - } - const { stdout, stderr } = childProcess.execFile(cmd, args, { encoding: "utf8" }, (err, stdout, stderr) => { - if (err) reject(err); - resolve({ stdout, stderr }); - if (!suppressOutput) { - process.stdout.write("\n"); - if (process.env.CI) process.stderr.write("\n"); - } - }); - if (!suppressOutput) { - stdout.pipe(process.stdout); - stderr.pipe(process.stderr); - } - }); -}; - -export class Docker { - public id: string; - - async run(opts: { image: string; containerName: string; params?: string[]; cmd?: string[] }): Promise { - const userInfo = os.userInfo(); - const params = opts.params ?? []; - - const isPodman = await Docker.isPodman(); - if (params.includes("-v") && userInfo.uid >= 0) { - // Run the docker container as our uid:gid to prevent problems with permissions. - if (isPodman) { - // Note: this setup is for podman rootless containers. - - // In podman, run as root in the container, which maps to the current - // user on the host. This is probably the default since Synapse's - // Dockerfile doesn't specify, but we're being explicit here - // because it's important for the permissions to work. - params.push("-u", "0:0"); - - // Tell Synapse not to switch UID - params.push("-e", "UID=0"); - params.push("-e", "GID=0"); - } else { - params.push("-u", `${userInfo.uid}:${userInfo.gid}`); - } - } - - // Make host.containers.internal work to allow the container to talk to other services via host ports. - if (isPodman) { - params.push("--network"); - params.push("slirp4netns:allow_host_loopback=true"); - } else { - // Docker for Desktop includes a host-gateway mapping on host.docker.internal but to simplify the config - // we use the Podman variant host.containers.internal in all environments. - params.push("--add-host"); - params.push("host.containers.internal:host-gateway"); - } - - // Provided we are not running in CI, add a `--rm` parameter. - // There is no need to remove containers in CI (since they are automatically removed anyway), and - // `--rm` means that if a container crashes this means its logs are wiped out. - if (!process.env.CI) params.unshift("--rm"); - - const args = [ - "run", - "--name", - `${opts.containerName}-${crypto.randomBytes(4).toString("hex")}`, - "-d", - ...params, - opts.image, - ]; - - if (opts.cmd) args.push(...opts.cmd); - - const { stdout } = await exec("docker", args); - this.id = stdout.trim(); - return this.id; - } - - async stop(): Promise { - try { - await exec("docker", ["stop", this.id]); - } catch (err) { - console.error(`Failed to stop docker container`, this.id, err); - } - } - - /** - * @param params - list of parameters to pass to `docker exec` - * @param suppressOutput - whether to suppress the stdout and stderr resulting from this command. - */ - async exec(params: string[], suppressOutput = true): Promise { - await exec("docker", ["exec", this.id, ...params], suppressOutput); - } - - async getContainerIp(): Promise { - const { stdout } = await exec("docker", ["inspect", "-f", "{{ .NetworkSettings.IPAddress }}", this.id]); - return stdout.trim(); - } - - async persistLogsToFile(args: { stdoutFile?: string; stderrFile?: string }): Promise { - const stdoutFile = args.stdoutFile ? await fse.open(args.stdoutFile, "w") : "ignore"; - const stderrFile = args.stderrFile ? await fse.open(args.stderrFile, "w") : "ignore"; - await new Promise((resolve) => { - childProcess - .spawn("docker", ["logs", this.id], { - stdio: ["ignore", stdoutFile, stderrFile], - }) - .once("close", resolve); - }); - if (args.stdoutFile) await fse.close(stdoutFile); - if (args.stderrFile) await fse.close(stderrFile); - } - - /** - * Detects whether the docker command is actually podman. - * To do this, it looks for "podman" in the output of "docker --help". - */ - static _isPodman?: boolean; - static async isPodman(): Promise { - if (Docker._isPodman === undefined) { - const { stdout } = await exec("docker", ["--help"], true); - Docker._isPodman = stdout.toLowerCase().includes("podman"); - } - return Docker._isPodman; - } -} diff --git a/playwright/plugins/homeserver/dendrite/index.ts b/playwright/plugins/homeserver/dendrite/index.ts index 0886dc1586d..9bb16746496 100644 --- a/playwright/plugins/homeserver/dendrite/index.ts +++ b/playwright/plugins/homeserver/dendrite/index.ts @@ -6,142 +6,39 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -import * as path from "node:path"; -import * as os from "node:os"; -import * as fse from "fs-extra"; - -import { getFreePort } from "../../utils/port"; -import { Homeserver, HomeserverConfig, HomeserverInstance, StartHomeserverOpts } from "../"; -import { randB64Bytes } from "../../utils/rand"; -import { Synapse } from "../synapse"; -import { Docker } from "../../docker"; - -const dockerConfigDir = "/etc/dendrite/"; -const dendriteConfigFile = "dendrite.yaml"; - -// Surprisingly, Dendrite implements the same register user Admin API Synapse, so we can just extend it -export class Dendrite extends Synapse implements Homeserver, HomeserverInstance { - protected image = "matrixdotorg/dendrite-monolith:main"; - protected entrypoint = "/usr/bin/dendrite"; - - /** - * Start a dendrite instance: the template must be the name of one of the templates - * in the playwright/plugins/dendritedocker/templates directory - * @param opts - */ - public async start(opts: StartHomeserverOpts): Promise { - const denCfg = await cfgDirFromTemplate(this.image, opts); - - console.log(`Starting dendrite with config dir ${denCfg.configDir}...`); - - const dendriteId = await this.docker.run({ - image: this.image, - params: [ - "-v", - `${denCfg.configDir}:` + dockerConfigDir, - "-p", - `${denCfg.port}:8008/tcp`, - "--entrypoint", - this.entrypoint, - ], - containerName: `react-sdk-playwright-dendrite`, - cmd: ["--config", dockerConfigDir + dendriteConfigFile, "--really-enable-open-registration", "true", "run"], - }); - - console.log(`Started dendrite with id ${dendriteId} on port ${denCfg.port}.`); - - // Await Dendrite healthcheck - await this.docker.exec([ - "curl", - "--connect-timeout", - "30", - "--retry", - "30", - "--retry-delay", - "1", - "--retry-all-errors", - "--silent", - "http://localhost:8008/_matrix/client/versions", - ]); - - const dockerUrl = `http://${await this.docker.getContainerIp()}:8008`; - this.config = { - ...denCfg, - serverId: dendriteId, - dockerUrl, - }; - return this; - } - - public async stop(): Promise { - if (!this.config) throw new Error("Missing existing dendrite instance, did you call stop() before start()?"); - - const dendriteLogsPath = path.join("playwright", "dendritelogs", this.config.serverId); - await fse.ensureDir(dendriteLogsPath); - - await this.docker.persistLogsToFile({ - stdoutFile: path.join(dendriteLogsPath, "stdout.log"), - stderrFile: path.join(dendriteLogsPath, "stderr.log"), - }); - - await this.docker.stop(); - - await fse.remove(this.config.configDir); - - console.log(`Stopped dendrite id ${this.config.serverId}.`); - - return [path.join(dendriteLogsPath, "stdout.log"), path.join(dendriteLogsPath, "stderr.log")]; - } -} - -export class Pinecone extends Dendrite { - protected image = "matrixdotorg/dendrite-demo-pinecone:main"; - protected entrypoint = "/usr/bin/dendrite-demo-pinecone"; -} - -async function cfgDirFromTemplate( - dendriteImage: string, - opts: StartHomeserverOpts, -): Promise> { - const template = "default"; // XXX: for now we only have one template - const templateDir = path.join(__dirname, "templates", template); - - const stats = await fse.stat(templateDir); - if (!stats?.isDirectory) { - throw new Error(`No such template: ${template}`); - } - const tempDir = await fse.mkdtemp(path.join(os.tmpdir(), "react-sdk-dendritedocker-")); - - // copy the contents of the template dir, omitting homeserver.yaml as we'll template that - console.log(`Copy ${templateDir} -> ${tempDir}`); - await fse.copy(templateDir, tempDir, { filter: (f) => path.basename(f) !== dendriteConfigFile }); - - const registrationSecret = randB64Bytes(16); - - const port = await getFreePort(); - const baseUrl = `http://localhost:${port}`; - - // now copy homeserver.yaml, applying substitutions - console.log(`Gen ${path.join(templateDir, dendriteConfigFile)}`); - let hsYaml = await fse.readFile(path.join(templateDir, dendriteConfigFile), "utf8"); - hsYaml = hsYaml.replace(/{{REGISTRATION_SECRET}}/g, registrationSecret); - await fse.writeFile(path.join(tempDir, dendriteConfigFile), hsYaml); - - const docker = new Docker(); - await docker.run({ - image: dendriteImage, - params: ["--entrypoint=", "-v", `${tempDir}:/mnt`], - containerName: `react-sdk-playwright-dendrite-keygen`, - cmd: ["/usr/bin/generate-keys", "-private-key", "/mnt/matrix_key.pem"], - }); - - return { - port, - baseUrl, - configDir: tempDir, - registrationSecret, - }; -} +// export const dendriteHomeserver: Fixtures & Fixtures = { +// _homeserver: async ({ request }, use) => { +// const container = new SynapseContainer(request); +// await use(container); +// +// container.withConfig({ +// oidc_providers: [ +// { +// idp_id: "test", +// idp_name: "OAuth test", +// issuer: `http://localhost:${port}/oauth`, +// authorization_endpoint: `http://localhost:${port}/oauth/auth.html`, +// // the token endpoint receives requests from synapse, +// // rather than the webapp, so needs to escape the docker container. +// token_endpoint: `http://host.testcontainers.internal:${port}/oauth/token`, +// userinfo_endpoint: `http://host.testcontainers.internal:${port}/oauth/userinfo`, +// client_id: "synapse", +// discover: false, +// scopes: ["profile"], +// skip_verification: true, +// client_auth_method: "none", +// user_mapping_provider: { +// config: { +// display_name_template: "{{ user.name }}", +// }, +// }, +// }, +// ], +// }); +// await use(container); +// server.stop(); +// }, +// }; export function isDendrite(): boolean { return process.env["PLAYWRIGHT_HOMESERVER"] === "dendrite" || process.env["PLAYWRIGHT_HOMESERVER"] === "pinecone"; diff --git a/playwright/plugins/homeserver/dendrite/templates/default/dendrite.yaml b/playwright/plugins/homeserver/dendrite/templates/default/dendrite.yaml deleted file mode 100644 index 634cebbc876..00000000000 --- a/playwright/plugins/homeserver/dendrite/templates/default/dendrite.yaml +++ /dev/null @@ -1,378 +0,0 @@ -# This is the Dendrite configuration file. -# -# The configuration is split up into sections - each Dendrite component has a -# configuration section, in addition to the "global" section which applies to -# all components. - -# The version of the configuration file. -version: 2 - -# Global Matrix configuration. This configuration applies to all components. -global: - # The domain name of this homeserver. - server_name: localhost - - # The path to the signing private key file, used to sign requests and events. - # Note that this is NOT the same private key as used for TLS! To generate a - # signing key, use "./bin/generate-keys --private-key matrix_key.pem". - private_key: matrix_key.pem - - # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision) - # to old signing keys that were formerly in use on this domain name. These - # keys will not be used for federation request or event signing, but will be - # provided to any other homeserver that asks when trying to verify old events. - old_private_keys: - # If the old private key file is available: - # - private_key: old_matrix_key.pem - # expired_at: 1601024554498 - # If only the public key (in base64 format) and key ID are known: - # - public_key: mn59Kxfdq9VziYHSBzI7+EDPDcBS2Xl7jeUdiiQcOnM= - # key_id: ed25519:mykeyid - # expired_at: 1601024554498 - - # How long a remote server can cache our server signing key before requesting it - # again. Increasing this number will reduce the number of requests made by other - # servers for our key but increases the period that a compromised key will be - # considered valid by other homeservers. - key_validity_period: 168h0m0s - - # Global database connection pool, for PostgreSQL monolith deployments only. If - # this section is populated then you can omit the "database" blocks in all other - # sections. For polylith deployments, or monolith deployments using SQLite databases, - # you must configure the "database" block for each component instead. - # database: - # connection_string: postgresql://username:password@hostname/dendrite?sslmode=disable - # max_open_conns: 90 - # max_idle_conns: 5 - # conn_max_lifetime: -1 - - # Configuration for in-memory caches. Caches can often improve performance by - # keeping frequently accessed items (like events, identifiers etc.) in memory - # rather than having to read them from the database. - cache: - # The estimated maximum size for the global cache in bytes, or in terabytes, - # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or - # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a - # memory limit for the entire process. A cache that is too small may ultimately - # provide little or no benefit. - max_size_estimated: 1gb - - # The maximum amount of time that a cache entry can live for in memory before - # it will be evicted and/or refreshed from the database. Lower values result in - # easier admission of new cache entries but may also increase database load in - # comparison to higher values, so adjust conservatively. Higher values may make - # it harder for new items to make it into the cache, e.g. if new rooms suddenly - # become popular. - max_age: 1h - - # The server name to delegate server-server communications to, with optional port - # e.g. localhost:443 - well_known_server_name: "" - - # The server name to delegate client-server communications to, with optional port - # e.g. localhost:443 - well_known_client_name: "" - - # Lists of domains that the server will trust as identity servers to verify third - # party identifiers such as phone numbers and email addresses. - trusted_third_party_id_servers: - - matrix.org - - vector.im - - # Disables federation. Dendrite will not be able to communicate with other servers - # in the Matrix federation and the federation API will not be exposed. - disable_federation: false - - # Configures the handling of presence events. Inbound controls whether we receive - # presence events from other servers, outbound controls whether we send presence - # events for our local users to other servers. - presence: - enable_inbound: false - enable_outbound: false - - # Configures phone-home statistics reporting. These statistics contain the server - # name, number of active users and some information on your deployment config. - # We use this information to understand how Dendrite is being used in the wild. - report_stats: - enabled: false - endpoint: https://matrix.org/report-usage-stats/push - - # Server notices allows server admins to send messages to all users on the server. - server_notices: - enabled: false - # The local part, display name and avatar URL (as a mxc:// URL) for the user that - # will send the server notices. These are visible to all users on the deployment. - local_part: "_server" - display_name: "Server Alerts" - avatar_url: "" - # The room name to be used when sending server notices. This room name will - # appear in user clients. - room_name: "Server Alerts" - - # Configuration for NATS JetStream - jetstream: - # A list of NATS Server addresses to connect to. If none are specified, an - # internal NATS server will be started automatically when running Dendrite in - # monolith mode. For polylith deployments, it is required to specify the address - # of at least one NATS Server node. - addresses: - # - localhost:4222 - - # Disable the validation of TLS certificates of NATS. This is - # not recommended in production since it may allow NATS traffic - # to be sent to an insecure endpoint. - disable_tls_validation: false - - # Persistent directory to store JetStream streams in. This directory should be - # preserved across Dendrite restarts. - storage_path: ./ - - # The prefix to use for stream names for this homeserver - really only useful - # if you are running more than one Dendrite server on the same NATS deployment. - topic_prefix: Dendrite - - # Configuration for Prometheus metric collection. - metrics: - enabled: false - basic_auth: - username: metrics - password: metrics - - # Optional DNS cache. The DNS cache may reduce the load on DNS servers if there - # is no local caching resolver available for use. - dns_cache: - enabled: false - cache_size: 256 - cache_lifetime: "5m" # 5 minutes; https://pkg.go.dev/time@master#ParseDuration - -# Configuration for the Appservice API. -app_service_api: - # Disable the validation of TLS certificates of appservices. This is - # not recommended in production since it may allow appservice traffic - # to be sent to an insecure endpoint. - disable_tls_validation: false - - # Appservice configuration files to load into this homeserver. - config_files: - # - /path/to/appservice_registration.yaml - -# Configuration for the Client API. -client_api: - # Prevents new users from being able to register on this homeserver, except when - # using the registration shared secret below. - registration_disabled: false - - # Prevents new guest accounts from being created. Guest registration is also - # disabled implicitly by setting 'registration_disabled' above. - guests_disabled: true - - # If set, allows registration by anyone who knows the shared secret, regardless - # of whether registration is otherwise disabled. - registration_shared_secret: "{{REGISTRATION_SECRET}}" - - # Whether to require reCAPTCHA for registration. If you have enabled registration - # then this is HIGHLY RECOMMENDED to reduce the risk of your homeserver being used - # for coordinated spam attacks. - enable_registration_captcha: false - - # Settings for ReCAPTCHA. - recaptcha_public_key: "" - recaptcha_private_key: "" - recaptcha_bypass_secret: "" - - # To use hcaptcha.com instead of ReCAPTCHA, set the following parameters, otherwise just keep them empty. - # recaptcha_siteverify_api: "https://hcaptcha.com/siteverify" - # recaptcha_api_js_url: "https://js.hcaptcha.com/1/api.js" - # recaptcha_form_field: "h-captcha-response" - # recaptcha_sitekey_class: "h-captcha" - - # TURN server information that this homeserver should send to clients. - turn: - turn_user_lifetime: "5m" - turn_uris: - # - turn:turn.server.org?transport=udp - # - turn:turn.server.org?transport=tcp - turn_shared_secret: "" - # If your TURN server requires static credentials, then you will need to enter - # them here instead of supplying a shared secret. Note that these credentials - # will be visible to clients! - # turn_username: "" - # turn_password: "" - - # Settings for rate-limited endpoints. Rate limiting kicks in after the threshold - # number of "slots" have been taken by requests from a specific host. Each "slot" - # will be released after the cooloff time in milliseconds. Server administrators - # and appservice users are exempt from rate limiting by default. - rate_limiting: - enabled: true - threshold: 20 - cooloff_ms: 500 - exempt_user_ids: - # - "@user:domain.com" - -# Configuration for the Federation API. -federation_api: - # How many times we will try to resend a failed transaction to a specific server. The - # backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc. Once - # the max retries are exceeded, Dendrite will no longer try to send transactions to - # that server until it comes back to life and connects to us again. - send_max_retries: 16 - - # Disable the validation of TLS certificates of remote federated homeservers. Do not - # enable this option in production as it presents a security risk! - disable_tls_validation: false - - # Disable HTTP keepalives, which also prevents connection reuse. Dendrite will typically - # keep HTTP connections open to remote hosts for 5 minutes as they can be reused much - # more quickly than opening new connections each time. Disabling keepalives will close - # HTTP connections immediately after a successful request but may result in more CPU and - # memory being used on TLS handshakes for each new connection instead. - disable_http_keepalives: false - - # Perspective keyservers to use as a backup when direct key fetches fail. This may - # be required to satisfy key requests for servers that are no longer online when - # joining some rooms. - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - # This option will control whether Dendrite will prefer to look up keys directly - # or whether it should try perspective servers first, using direct fetches as a - # last resort. - prefer_direct_fetch: false - - database: - connection_string: file:dendrite-federationapi.db - -# Configuration for the Media API. -media_api: - # Storage path for uploaded media. May be relative or absolute. - base_path: ./media_store - - # The maximum allowed file size (in bytes) for media uploads to this homeserver - # (0 = unlimited). If using a reverse proxy, ensure it allows requests at least - #this large (e.g. the client_max_body_size setting in nginx). - max_file_size_bytes: 10485760 - - # Whether to dynamically generate thumbnails if needed. - dynamic_thumbnails: false - - # The maximum number of simultaneous thumbnail generators to run. - max_thumbnail_generators: 10 - - # A list of thumbnail sizes to be generated for media content. - thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale - - database: - connection_string: file:dendrite-mediaapi.db - -# Configuration for enabling experimental MSCs on this homeserver. -mscs: - mscs: - # - msc2836 # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836) - # - msc2946 # (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946) - - database: - connection_string: file:dendrite-msc.db - -# Configuration for the Sync API. -sync_api: - # This option controls which HTTP header to inspect to find the real remote IP - # address of the client. This is likely required if Dendrite is running behind - # a reverse proxy server. - # real_ip_header: X-Real-IP - - # Configuration for the full-text search engine. - search: - # Whether or not search is enabled. - enabled: false - - # The path where the search index will be created in. - index_path: "./searchindex" - - # The language most likely to be used on the server - used when indexing, to - # ensure the returned results match expectations. A full list of possible languages - # can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang - language: "en" - - database: - connection_string: file:dendrite-syncapi.db - -# Configuration for the User API. -user_api: - # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31 - # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information. - # Setting this lower makes registration/login consume less CPU resources at the cost - # of security should the database be compromised. Setting this higher makes registration/login - # consume more CPU resources but makes it harder to brute force password hashes. This value - # can be lowered if performing tests or on embedded Dendrite instances (e.g WASM builds). - bcrypt_cost: 10 - - # The length of time that a token issued for a relying party from - # /_matrix/client/r0/user/{userId}/openid/request_token endpoint - # is considered to be valid in milliseconds. - # The default lifetime is 3600000ms (60 minutes). - # openid_token_lifetime_ms: 3600000 - - # Users who register on this homeserver will automatically be joined to the rooms listed under "auto_join_rooms" option. - # By default, any room aliases included in this list will be created as a publicly joinable room - # when the first user registers for the homeserver. If the room already exists, - # make certain it is a publicly joinable room, i.e. the join rule of the room must be set to 'public'. - # As Spaces are just rooms under the hood, Space aliases may also be used. - auto_join_rooms: - # - "#main:matrix.org" - - account_database: - connection_string: file:dendrite-userapi.db - -room_server: - database: - connection_string: file:dendrite-roomserverapi.db - -key_server: - database: - connection_string: file:dendrite-keyserverapi.db - -relay_api: - database: - connection_string: file:dendrite-relayapi.db - -# Configuration for Opentracing. -# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on -# how this works and how to set it up. -tracing: - enabled: false - jaeger: - serviceName: "" - disabled: false - rpc_metrics: false - tags: [] - sampler: null - reporter: null - headers: null - baggage_restrictions: null - throttler: null - -# Logging configuration. The "std" logging type controls the logs being sent to -# stdout. The "file" logging type controls logs being written to a log folder on -# the disk. Supported log levels are "debug", "info", "warn", "error". -logging: - - type: std - level: debug - - type: file - level: debug - params: - path: ./logs diff --git a/playwright/plugins/homeserver/index.ts b/playwright/plugins/homeserver/index.ts index c17ea15f554..b6b4b5ee995 100644 --- a/playwright/plugins/homeserver/index.ts +++ b/playwright/plugins/homeserver/index.ts @@ -6,16 +6,8 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -export interface HomeserverConfig { - readonly configDir: string; - readonly baseUrl: string; - readonly port: number; - readonly registrationSecret: string; - readonly dockerUrl: string; -} - export interface HomeserverInstance { - readonly config: HomeserverConfig; + readonly baseUrl: string; /** * Register a user on the given Homeserver using the shared registration secret. @@ -42,27 +34,6 @@ export interface HomeserverInstance { setThreepid(userId: string, medium: string, address: string): Promise; } -export interface StartHomeserverOpts { - /** path to template within playwright/plugins/{homeserver}docker/template/ directory. */ - template: string; - - /** Port of an OAuth server to configure the homeserver to use */ - oAuthServerPort?: number; - - /** Additional variables to inject into the configuration template **/ - variables?: Record; -} - -export interface Homeserver { - start(opts: StartHomeserverOpts): Promise; - /** - * Stop this test homeserver instance. - * - * @returns A list of paths relative to the cwd for logfiles generated during this test run. - */ - stop(): Promise; -} - export interface Credentials { accessToken: string; userId: string; diff --git a/playwright/plugins/homeserver/synapse/consentHomeserver.ts b/playwright/plugins/homeserver/synapse/consentHomeserver.ts new file mode 100644 index 00000000000..46c4c9f23dd --- /dev/null +++ b/playwright/plugins/homeserver/synapse/consentHomeserver.ts @@ -0,0 +1,56 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { Fixtures } from "@playwright/test"; + +import { Services } from "../../../services.ts"; + +export const consentHomeserver: Fixtures = { + _homeserver: async ({ _homeserver: container, mailhog }, use) => { + container + .withCopyDirectoriesToContainer([ + { source: "playwright/plugins/homeserver/synapse/res", target: "/data/res" }, + ]) + .withConfig({ + email: { + enable_notifs: false, + smtp_host: "mailhog", + smtp_port: 1025, + smtp_user: "username", + smtp_pass: "password", + require_transport_security: false, + notif_from: "Your Friendly %(app)s homeserver ", + app_name: "Matrix", + notif_template_html: "notif_mail.html", + notif_template_text: "notif_mail.txt", + notif_for_new_users: true, + client_base_url: "http://localhost/element", + }, + user_consent: { + template_dir: "/data/res/templates/privacy", + version: "1.0", + server_notice_content: { + msgtype: "m.text", + body: "To continue using this homeserver you must review and agree to the terms and conditions at %(consent_uri)s", + }, + send_server_notice_to_guests: true, + block_events_error: + "To continue using this homeserver you must review and agree to the terms and conditions at %(consent_uri)s", + require_at_registration: true, + }, + server_notices: { + system_mxid_localpart: "notices", + system_mxid_display_name: "Server Notices", + system_mxid_avatar_url: "mxc://localhost/oumMVlgDnLYFaPVkExemNVVZ", + room_name: "Server Notices", + }, + }) + .withConfigField("listeners[0].resources[0].names", ["client", "consent"]); + await use(container); + }, +}; diff --git a/playwright/plugins/homeserver/synapse/emailHomeserver.ts b/playwright/plugins/homeserver/synapse/emailHomeserver.ts new file mode 100644 index 00000000000..07dfe69264c --- /dev/null +++ b/playwright/plugins/homeserver/synapse/emailHomeserver.ts @@ -0,0 +1,28 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { Fixtures } from "@playwright/test"; + +import { Services } from "../../../services.ts"; + +export const emailHomeserver: Fixtures = { + _homeserver: async ({ _homeserver: container, mailhog }, use) => { + container.withConfig({ + enable_registration_without_verification: undefined, + disable_msisdn_registration: undefined, + registrations_require_3pid: ["email"], + email: { + smtp_host: "mailhog", + smtp_port: 25, + notif_from: "Your Friendly %(app)s homeserver ", + app_name: "my_branded_matrix_server", + }, + }); + await use(container); + }, +}; diff --git a/playwright/plugins/homeserver/synapse/index.ts b/playwright/plugins/homeserver/synapse/index.ts deleted file mode 100644 index c98a1f59bc5..00000000000 --- a/playwright/plugins/homeserver/synapse/index.ts +++ /dev/null @@ -1,239 +0,0 @@ -/* -Copyright 2024 New Vector Ltd. -Copyright 2023 The Matrix.org Foundation C.I.C. - -SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only -Please see LICENSE files in the repository root for full details. -*/ - -import * as path from "node:path"; -import * as os from "node:os"; -import * as crypto from "node:crypto"; -import * as fse from "fs-extra"; -import { APIRequestContext } from "@playwright/test"; - -import { getFreePort } from "../../utils/port"; -import { Docker } from "../../docker"; -import { HomeserverConfig, HomeserverInstance, Homeserver, StartHomeserverOpts, Credentials } from ".."; -import { randB64Bytes } from "../../utils/rand"; - -// Docker tag to use for synapse docker image. -// We target a specific digest as every now and then a Synapse update will break our CI. -// This digest is updated by the playwright-image-updates.yaml workflow periodically. -const DOCKER_TAG = "develop@sha256:39f94b005e87cd3042c2535c37d8d9f915a88072fe79f6283ac18977fe134321"; - -async function cfgDirFromTemplate(opts: StartHomeserverOpts): Promise> { - const templateDir = path.join(__dirname, "templates", opts.template); - - const stats = await fse.stat(templateDir); - if (!stats?.isDirectory) { - throw new Error(`No such template: ${opts.template}`); - } - const tempDir = await fse.mkdtemp(path.join(os.tmpdir(), "react-sdk-synapsedocker-")); - - // copy the contents of the template dir, omitting homeserver.yaml as we'll template that - console.log(`Copy ${templateDir} -> ${tempDir}`); - await fse.copy(templateDir, tempDir, { filter: (f) => path.basename(f) !== "homeserver.yaml" }); - - const registrationSecret = randB64Bytes(16); - const macaroonSecret = randB64Bytes(16); - const formSecret = randB64Bytes(16); - - const port = await getFreePort(); - const baseUrl = `http://localhost:${port}`; - - // now copy homeserver.yaml, applying substitutions - const templateHomeserver = path.join(templateDir, "homeserver.yaml"); - const outputHomeserver = path.join(tempDir, "homeserver.yaml"); - console.log(`Gen ${templateHomeserver} -> ${outputHomeserver}`); - let hsYaml = await fse.readFile(templateHomeserver, "utf8"); - hsYaml = hsYaml.replace(/{{REGISTRATION_SECRET}}/g, registrationSecret); - hsYaml = hsYaml.replace(/{{MACAROON_SECRET_KEY}}/g, macaroonSecret); - hsYaml = hsYaml.replace(/{{FORM_SECRET}}/g, formSecret); - hsYaml = hsYaml.replace(/{{PUBLIC_BASEURL}}/g, baseUrl); - if (opts.oAuthServerPort) { - hsYaml = hsYaml.replace(/{{OAUTH_SERVER_PORT}}/g, opts.oAuthServerPort.toString()); - } - if (opts.variables) { - for (const key in opts.variables) { - hsYaml = hsYaml.replace(new RegExp("%" + key + "%", "g"), String(opts.variables[key])); - } - } - - await fse.writeFile(outputHomeserver, hsYaml); - - // now generate a signing key (we could use synapse's config generation for - // this, or we could just do this...) - // NB. This assumes the homeserver.yaml specifies the key in this location - const signingKey = randB64Bytes(32); - const outputSigningKey = path.join(tempDir, "localhost.signing.key"); - console.log(`Gen -> ${outputSigningKey}`); - await fse.writeFile(outputSigningKey, `ed25519 x ${signingKey}`); - - // Allow anyone to read, write and execute in the /temp/react-sdk-synapsedocker-xxx directory - // so that the DIND setup that we use to update the playwright screenshots work without any issues. - await fse.chmod(tempDir, 0o757); - - return { - port, - baseUrl, - configDir: tempDir, - registrationSecret, - }; -} - -export class Synapse implements Homeserver, HomeserverInstance { - protected docker: Docker = new Docker(); - public config: HomeserverConfig & { serverId: string }; - - private adminToken?: string; - - public constructor(private readonly request: APIRequestContext) {} - - /** - * Start a synapse instance: the template must be the name of - * one of the templates in the playwright/plugins/synapsedocker/templates - * directory. - */ - public async start(opts: StartHomeserverOpts): Promise { - if (this.config) await this.stop(); - - const synCfg = await cfgDirFromTemplate(opts); - console.log(`Starting synapse with config dir ${synCfg.configDir}...`); - const dockerSynapseParams = ["-v", `${synCfg.configDir}:/data`, "-p", `${synCfg.port}:8008/tcp`]; - const synapseId = await this.docker.run({ - image: `ghcr.io/element-hq/synapse:${DOCKER_TAG}`, - containerName: `react-sdk-playwright-synapse`, - params: dockerSynapseParams, - cmd: ["run"], - }); - console.log(`Started synapse with id ${synapseId} on port ${synCfg.port}.`); - // Await Synapse healthcheck - await this.docker.exec([ - "curl", - "--connect-timeout", - "30", - "--retry", - "30", - "--retry-delay", - "1", - "--retry-all-errors", - "--silent", - "http://localhost:8008/health", - ]); - const dockerUrl = `http://${await this.docker.getContainerIp()}:8008`; - this.config = { - ...synCfg, - serverId: synapseId, - dockerUrl, - }; - return this; - } - - public async stop(): Promise { - if (!this.config) throw new Error("Missing existing synapse instance, did you call stop() before start()?"); - const id = this.config.serverId; - const synapseLogsPath = path.join("playwright", "logs", "synapse", id); - await fse.ensureDir(synapseLogsPath); - await this.docker.persistLogsToFile({ - stdoutFile: path.join(synapseLogsPath, "stdout.log"), - stderrFile: path.join(synapseLogsPath, "stderr.log"), - }); - await this.docker.stop(); - await fse.remove(this.config.configDir); - console.log(`Stopped synapse id ${id}.`); - - return [path.join(synapseLogsPath, "stdout.log"), path.join(synapseLogsPath, "stderr.log")]; - } - - private async registerUserInternal( - username: string, - password: string, - displayName?: string, - admin = false, - ): Promise { - const url = `${this.config.baseUrl}/_synapse/admin/v1/register`; - const { nonce } = await this.request.get(url).then((r) => r.json()); - const mac = crypto - .createHmac("sha1", this.config.registrationSecret) - .update(`${nonce}\0${username}\0${password}\0${admin ? "" : "not"}admin`) - .digest("hex"); - const res = await this.request.post(url, { - data: { - nonce, - username, - password, - mac, - admin, - displayname: displayName, - }, - }); - - if (!res.ok()) { - throw await res.json(); - } - - const data = await res.json(); - return { - homeServer: data.home_server, - accessToken: data.access_token, - userId: data.user_id, - deviceId: data.device_id, - password, - displayName, - }; - } - - public registerUser(username: string, password: string, displayName?: string): Promise { - return this.registerUserInternal(username, password, displayName, false); - } - - public async loginUser(userId: string, password: string): Promise { - const url = `${this.config.baseUrl}/_matrix/client/v3/login`; - const res = await this.request.post(url, { - data: { - type: "m.login.password", - identifier: { - type: "m.id.user", - user: userId, - }, - password: password, - }, - }); - const json = await res.json(); - - return { - password, - accessToken: json.access_token, - userId: json.user_id, - deviceId: json.device_id, - homeServer: json.home_server, - }; - } - - public async setThreepid(userId: string, medium: string, address: string): Promise { - if (this.adminToken === undefined) { - const result = await this.registerUserInternal("admin", "totalyinsecureadminpassword", undefined, true); - this.adminToken = result.accessToken; - } - - const url = `${this.config.baseUrl}/_synapse/admin/v2/users/${userId}`; - const res = await this.request.put(url, { - data: { - threepids: [ - { - medium, - address, - }, - ], - }, - headers: { - Authorization: `Bearer ${this.adminToken}`, - }, - }); - - if (!res.ok()) { - throw await res.json(); - } - } -} diff --git a/playwright/plugins/homeserver/synapse/legacyOAuthHomeserver.ts b/playwright/plugins/homeserver/synapse/legacyOAuthHomeserver.ts new file mode 100644 index 00000000000..3561c1e6868 --- /dev/null +++ b/playwright/plugins/homeserver/synapse/legacyOAuthHomeserver.ts @@ -0,0 +1,48 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { Fixtures } from "@playwright/test"; +import { TestContainers } from "testcontainers"; + +import { Services } from "../../../services.ts"; +import { OAuthServer } from "../../oauth_server"; + +export const legacyOAuthHomeserver: Fixtures = { + _homeserver: async ({ _homeserver: container }, use) => { + const server = new OAuthServer(); + const port = server.start(); + + await TestContainers.exposeHostPorts(port); + container.withConfig({ + oidc_providers: [ + { + idp_id: "test", + idp_name: "OAuth test", + issuer: `http://localhost:${port}/oauth`, + authorization_endpoint: `http://localhost:${port}/oauth/auth.html`, + // the token endpoint receives requests from synapse, + // rather than the webapp, so needs to escape the docker container. + token_endpoint: `http://host.testcontainers.internal:${port}/oauth/token`, + userinfo_endpoint: `http://host.testcontainers.internal:${port}/oauth/userinfo`, + client_id: "synapse", + discover: false, + scopes: ["profile"], + skip_verification: true, + client_auth_method: "none", + user_mapping_provider: { + config: { + display_name_template: "{{ user.name }}", + }, + }, + }, + ], + }); + await use(container); + server.stop(); + }, +}; diff --git a/playwright/plugins/homeserver/synapse/templates/consent/res/templates/privacy/en/1.0.html b/playwright/plugins/homeserver/synapse/res/templates/privacy/en/1.0.html similarity index 100% rename from playwright/plugins/homeserver/synapse/templates/consent/res/templates/privacy/en/1.0.html rename to playwright/plugins/homeserver/synapse/res/templates/privacy/en/1.0.html diff --git a/playwright/plugins/homeserver/synapse/templates/consent/res/templates/privacy/en/success.html b/playwright/plugins/homeserver/synapse/res/templates/privacy/en/success.html similarity index 100% rename from playwright/plugins/homeserver/synapse/templates/consent/res/templates/privacy/en/success.html rename to playwright/plugins/homeserver/synapse/res/templates/privacy/en/success.html diff --git a/playwright/plugins/homeserver/synapse/templates/COPYME/README.md b/playwright/plugins/homeserver/synapse/templates/COPYME/README.md deleted file mode 100644 index df1ed89e6e4..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/COPYME/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Meta-template for synapse templates - -To make another template, you can copy this directory diff --git a/playwright/plugins/homeserver/synapse/templates/COPYME/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/COPYME/homeserver.yaml deleted file mode 100644 index cb58dc86615..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/COPYME/homeserver.yaml +++ /dev/null @@ -1,72 +0,0 @@ -server_name: "localhost" -pid_file: /data/homeserver.pid -# XXX: This won't actually be right: it lets docker allocate an ephemeral port, -# so we have a chicken-and-egg problem -public_baseurl: http://localhost:8008/ -# Listener is always port 8008 (configured in the container) -listeners: - - port: 8008 - tls: false - bind_addresses: ["::"] - type: http - x_forwarded: true - - resources: - - names: [client, federation, consent] - compress: false - -# An sqlite in-memory database is fast & automatically wipes each time -database: - name: "sqlite3" - args: - database: ":memory:" - -# Needs to be configured to log to the console like a good docker process -log_config: "/data/log.config" - -rc_messages_per_second: 10000 -rc_message_burst_count: 10000 -rc_registration: - per_second: 10000 - burst_count: 10000 - -rc_login: - address: - per_second: 10000 - burst_count: 10000 - account: - per_second: 10000 - burst_count: 10000 - failed_attempts: - per_second: 10000 - burst_count: 10000 - -media_store_path: "/data/media_store" -uploads_path: "/data/uploads" -enable_registration: true -enable_registration_without_verification: true -disable_msisdn_registration: false -# These placeholders will be be replaced with values generated at start -registration_shared_secret: "{{REGISTRATION_SECRET}}" -report_stats: false -macaroon_secret_key: "{{MACAROON_SECRET_KEY}}" -form_secret: "{{FORM_SECRET}}" -# Signing key must be here: it will be generated to this file -signing_key_path: "/data/localhost.signing.key" -email: - enable_notifs: false - smtp_host: "localhost" - smtp_port: 25 - smtp_user: "exampleusername" - smtp_pass: "examplepassword" - require_transport_security: False - notif_from: "Your Friendly %(app)s homeserver " - app_name: Matrix - notif_template_html: notif_mail.html - notif_template_text: notif_mail.txt - notif_for_new_users: True - client_base_url: "http://localhost/element" - -trusted_key_servers: - - server_name: "matrix.org" -suppress_key_server_warning: true diff --git a/playwright/plugins/homeserver/synapse/templates/COPYME/log.config b/playwright/plugins/homeserver/synapse/templates/COPYME/log.config deleted file mode 100644 index ac232762da3..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/COPYME/log.config +++ /dev/null @@ -1,50 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: INFO - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [console] - propagate: false - -root: - level: INFO - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [console] - -disable_existing_loggers: false diff --git a/playwright/plugins/homeserver/synapse/templates/consent/README.md b/playwright/plugins/homeserver/synapse/templates/consent/README.md deleted file mode 100644 index 713e55f9d51..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/consent/README.md +++ /dev/null @@ -1 +0,0 @@ -A synapse configured with user privacy consent enabled diff --git a/playwright/plugins/homeserver/synapse/templates/consent/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/consent/homeserver.yaml deleted file mode 100644 index d3a4fa520ca..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/consent/homeserver.yaml +++ /dev/null @@ -1,84 +0,0 @@ -server_name: "localhost" -pid_file: /data/homeserver.pid -public_baseurl: "{{PUBLIC_BASEURL}}" -listeners: - - port: 8008 - tls: false - bind_addresses: ["::"] - type: http - x_forwarded: true - - resources: - - names: [client, federation, consent] - compress: false - -database: - name: "sqlite3" - args: - database: ":memory:" - -log_config: "/data/log.config" - -rc_messages_per_second: 10000 -rc_message_burst_count: 10000 -rc_registration: - per_second: 10000 - burst_count: 10000 - -rc_login: - address: - per_second: 10000 - burst_count: 10000 - account: - per_second: 10000 - burst_count: 10000 - failed_attempts: - per_second: 10000 - burst_count: 10000 - -media_store_path: "/data/media_store" -uploads_path: "/data/uploads" -enable_registration: true -enable_registration_without_verification: true -disable_msisdn_registration: false -registration_shared_secret: "{{REGISTRATION_SECRET}}" -report_stats: false -macaroon_secret_key: "{{MACAROON_SECRET_KEY}}" -form_secret: "{{FORM_SECRET}}" -signing_key_path: "/data/localhost.signing.key" -email: - enable_notifs: false - smtp_host: "localhost" - smtp_port: 25 - smtp_user: "exampleusername" - smtp_pass: "examplepassword" - require_transport_security: False - notif_from: "Your Friendly %(app)s homeserver " - app_name: Matrix - notif_template_html: notif_mail.html - notif_template_text: notif_mail.txt - notif_for_new_users: True - client_base_url: "http://localhost/element" - -user_consent: - template_dir: /data/res/templates/privacy - version: 1.0 - server_notice_content: - msgtype: m.text - body: >- - To continue using this homeserver you must review and agree to the - terms and conditions at %(consent_uri)s - send_server_notice_to_guests: True - block_events_error: >- - To continue using this homeserver you must review and agree to the - terms and conditions at %(consent_uri)s - require_at_registration: true - -server_notices: - system_mxid_localpart: notices - system_mxid_display_name: "Server Notices" - system_mxid_avatar_url: "mxc://localhost:5005/oumMVlgDnLYFaPVkExemNVVZ" - room_name: "Server Notices" -trusted_key_servers: - - server_name: "matrix.org" -suppress_key_server_warning: true diff --git a/playwright/plugins/homeserver/synapse/templates/consent/log.config b/playwright/plugins/homeserver/synapse/templates/consent/log.config deleted file mode 100644 index b9123d0f5b9..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/consent/log.config +++ /dev/null @@ -1,50 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: DEBUG - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [console] - propagate: false - -root: - level: DEBUG - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [console] - -disable_existing_loggers: false diff --git a/playwright/plugins/homeserver/synapse/templates/default/README.md b/playwright/plugins/homeserver/synapse/templates/default/README.md deleted file mode 100644 index 8f6b11f999b..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/default/README.md +++ /dev/null @@ -1 +0,0 @@ -A synapse configured with user privacy consent disabled diff --git a/playwright/plugins/homeserver/synapse/templates/default/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/default/homeserver.yaml deleted file mode 100644 index 539a917b200..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/default/homeserver.yaml +++ /dev/null @@ -1,106 +0,0 @@ -server_name: "localhost" -pid_file: /data/homeserver.pid -public_baseurl: "{{PUBLIC_BASEURL}}" -listeners: - - port: 8008 - tls: false - bind_addresses: ["::"] - type: http - x_forwarded: true - - resources: - - names: [client] - compress: false - -database: - name: "sqlite3" - args: - database: ":memory:" - -log_config: "/data/log.config" - -rc_messages_per_second: 10000 -rc_message_burst_count: 10000 -rc_registration: - per_second: 10000 - burst_count: 10000 -rc_joins: - local: - per_second: 9999 - burst_count: 9999 - remote: - per_second: 9999 - burst_count: 9999 -rc_joins_per_room: - per_second: 9999 - burst_count: 9999 -rc_3pid_validation: - per_second: 1000 - burst_count: 1000 - -rc_invites: - per_room: - per_second: 1000 - burst_count: 1000 - per_user: - per_second: 1000 - burst_count: 1000 - -rc_login: - address: - per_second: 10000 - burst_count: 10000 - account: - per_second: 10000 - burst_count: 10000 - failed_attempts: - per_second: 10000 - burst_count: 10000 - -media_store_path: "/data/media_store" -uploads_path: "/data/uploads" -enable_registration: true -enable_registration_without_verification: true -disable_msisdn_registration: false -registration_shared_secret: "{{REGISTRATION_SECRET}}" -report_stats: false -macaroon_secret_key: "{{MACAROON_SECRET_KEY}}" -form_secret: "{{FORM_SECRET}}" -signing_key_path: "/data/localhost.signing.key" - -trusted_key_servers: - - server_name: "matrix.org" -suppress_key_server_warning: true - -ui_auth: - session_timeout: "300s" - -oidc_providers: - - idp_id: test - idp_name: "OAuth test" - issuer: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth" - authorization_endpoint: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth/auth.html" - # the token endpoint receives requests from synapse, rather than the webapp, so needs to escape the docker container. - token_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/token" - userinfo_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/userinfo" - client_id: "synapse" - discover: false - scopes: ["profile"] - skip_verification: true - client_auth_method: none - user_mapping_provider: - config: - display_name_template: "{{ user.name }}" - -# Inhibit background updates as this Synapse isn't long-lived -background_updates: - min_batch_size: 100000 - sleep_duration_ms: 100000 - -experimental_features: - # Needed for e2e/crypto/crypto.spec.ts > Cryptography > decryption failure - # messages > non-joined historical messages. - # Can be removed after Synapse enables it by default - msc4115_membership_on_events: true - -enable_authenticated_media: true diff --git a/playwright/plugins/homeserver/synapse/templates/default/log.config b/playwright/plugins/homeserver/synapse/templates/default/log.config deleted file mode 100644 index b9123d0f5b9..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/default/log.config +++ /dev/null @@ -1,50 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: DEBUG - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [console] - propagate: false - -root: - level: DEBUG - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [console] - -disable_existing_loggers: false diff --git a/playwright/plugins/homeserver/synapse/templates/dehydration/README.md b/playwright/plugins/homeserver/synapse/templates/dehydration/README.md deleted file mode 100644 index 18f7923e6d2..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/dehydration/README.md +++ /dev/null @@ -1 +0,0 @@ -A synapse configured with device dehydration v2 enabled diff --git a/playwright/plugins/homeserver/synapse/templates/dehydration/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/dehydration/homeserver.yaml deleted file mode 100644 index c3ac5d6536c..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/dehydration/homeserver.yaml +++ /dev/null @@ -1,102 +0,0 @@ -server_name: "localhost" -pid_file: /data/homeserver.pid -public_baseurl: "{{PUBLIC_BASEURL}}" -listeners: - - port: 8008 - tls: false - bind_addresses: ["::"] - type: http - x_forwarded: true - - resources: - - names: [client] - compress: false - -database: - name: "sqlite3" - args: - database: ":memory:" - -log_config: "/data/log.config" - -rc_messages_per_second: 10000 -rc_message_burst_count: 10000 -rc_registration: - per_second: 10000 - burst_count: 10000 -rc_joins: - local: - per_second: 9999 - burst_count: 9999 - remote: - per_second: 9999 - burst_count: 9999 -rc_joins_per_room: - per_second: 9999 - burst_count: 9999 -rc_3pid_validation: - per_second: 1000 - burst_count: 1000 - -rc_invites: - per_room: - per_second: 1000 - burst_count: 1000 - per_user: - per_second: 1000 - burst_count: 1000 - -rc_login: - address: - per_second: 10000 - burst_count: 10000 - account: - per_second: 10000 - burst_count: 10000 - failed_attempts: - per_second: 10000 - burst_count: 10000 - -media_store_path: "/data/media_store" -uploads_path: "/data/uploads" -enable_registration: true -enable_registration_without_verification: true -disable_msisdn_registration: false -registration_shared_secret: "{{REGISTRATION_SECRET}}" -report_stats: false -macaroon_secret_key: "{{MACAROON_SECRET_KEY}}" -form_secret: "{{FORM_SECRET}}" -signing_key_path: "/data/localhost.signing.key" - -trusted_key_servers: - - server_name: "matrix.org" -suppress_key_server_warning: true - -ui_auth: - session_timeout: "300s" - -oidc_providers: - - idp_id: test - idp_name: "OAuth test" - issuer: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth" - authorization_endpoint: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth/auth.html" - # the token endpoint receives requests from synapse, rather than the webapp, so needs to escape the docker container. - token_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/token" - userinfo_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/userinfo" - client_id: "synapse" - discover: false - scopes: ["profile"] - skip_verification: true - client_auth_method: none - user_mapping_provider: - config: - display_name_template: "{{ user.name }}" - -# Inhibit background updates as this Synapse isn't long-lived -background_updates: - min_batch_size: 100000 - sleep_duration_ms: 100000 - -experimental_features: - msc2697_enabled: false - msc3814_enabled: true diff --git a/playwright/plugins/homeserver/synapse/templates/dehydration/log.config b/playwright/plugins/homeserver/synapse/templates/dehydration/log.config deleted file mode 100644 index b9123d0f5b9..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/dehydration/log.config +++ /dev/null @@ -1,50 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: DEBUG - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [console] - propagate: false - -root: - level: DEBUG - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [console] - -disable_existing_loggers: false diff --git a/playwright/plugins/homeserver/synapse/templates/email/README.md b/playwright/plugins/homeserver/synapse/templates/email/README.md deleted file mode 100644 index 40c23ba0be4..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/email/README.md +++ /dev/null @@ -1 +0,0 @@ -A synapse configured to require an email for registration diff --git a/playwright/plugins/homeserver/synapse/templates/email/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/email/homeserver.yaml deleted file mode 100644 index fc20641ab40..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/email/homeserver.yaml +++ /dev/null @@ -1,44 +0,0 @@ -server_name: "localhost" -pid_file: /data/homeserver.pid -public_baseurl: "{{PUBLIC_BASEURL}}" -listeners: - - port: 8008 - tls: false - bind_addresses: ["::"] - type: http - x_forwarded: true - - resources: - - names: [client] - compress: false - -database: - name: "sqlite3" - args: - database: ":memory:" - -log_config: "/data/log.config" - -media_store_path: "/data/media_store" -uploads_path: "/data/uploads" -enable_registration: true -registrations_require_3pid: - - email -registration_shared_secret: "{{REGISTRATION_SECRET}}" -report_stats: false -macaroon_secret_key: "{{MACAROON_SECRET_KEY}}" -form_secret: "{{FORM_SECRET}}" -signing_key_path: "/data/localhost.signing.key" - -trusted_key_servers: - - server_name: "matrix.org" -suppress_key_server_warning: true - -ui_auth: - session_timeout: "300s" - -email: - smtp_host: "%SMTP_HOST%" - smtp_port: %SMTP_PORT% - notif_from: "Your Friendly %(app)s homeserver " - app_name: my_branded_matrix_server diff --git a/playwright/plugins/homeserver/synapse/templates/email/log.config b/playwright/plugins/homeserver/synapse/templates/email/log.config deleted file mode 100644 index ac232762da3..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/email/log.config +++ /dev/null @@ -1,50 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: INFO - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [console] - propagate: false - -root: - level: INFO - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [console] - -disable_existing_loggers: false diff --git a/playwright/plugins/homeserver/synapse/templates/guest-enabled/README.md b/playwright/plugins/homeserver/synapse/templates/guest-enabled/README.md deleted file mode 100644 index e1fef0b9d41..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/guest-enabled/README.md +++ /dev/null @@ -1 +0,0 @@ -A synapse configured with guest registration enabled. diff --git a/playwright/plugins/homeserver/synapse/templates/guest-enabled/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/guest-enabled/homeserver.yaml deleted file mode 100644 index 1faa39c3a74..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/guest-enabled/homeserver.yaml +++ /dev/null @@ -1,105 +0,0 @@ -server_name: "localhost" -pid_file: /data/homeserver.pid -public_baseurl: "{{PUBLIC_BASEURL}}" -listeners: - - port: 8008 - tls: false - bind_addresses: ["::"] - type: http - x_forwarded: true - - resources: - - names: [client] - compress: false - -database: - name: "sqlite3" - args: - database: ":memory:" - -log_config: "/data/log.config" - -rc_messages_per_second: 10000 -rc_message_burst_count: 10000 -rc_registration: - per_second: 10000 - burst_count: 10000 -rc_joins: - local: - per_second: 9999 - burst_count: 9999 - remote: - per_second: 9999 - burst_count: 9999 -rc_joins_per_room: - per_second: 9999 - burst_count: 9999 -rc_3pid_validation: - per_second: 1000 - burst_count: 1000 - -rc_invites: - per_room: - per_second: 1000 - burst_count: 1000 - per_user: - per_second: 1000 - burst_count: 1000 - -rc_login: - address: - per_second: 10000 - burst_count: 10000 - account: - per_second: 10000 - burst_count: 10000 - failed_attempts: - per_second: 10000 - burst_count: 10000 - -media_store_path: "/data/media_store" -uploads_path: "/data/uploads" -allow_guest_access: true -enable_registration: true -enable_registration_without_verification: true -disable_msisdn_registration: false -registration_shared_secret: "{{REGISTRATION_SECRET}}" -report_stats: false -macaroon_secret_key: "{{MACAROON_SECRET_KEY}}" -form_secret: "{{FORM_SECRET}}" -signing_key_path: "/data/localhost.signing.key" - -trusted_key_servers: - - server_name: "matrix.org" -suppress_key_server_warning: true - -ui_auth: - session_timeout: "300s" - -oidc_providers: - - idp_id: test - idp_name: "OAuth test" - issuer: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth" - authorization_endpoint: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth/auth.html" - # the token endpoint receives requests from synapse, rather than the webapp, so needs to escape the docker container. - token_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/token" - userinfo_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/userinfo" - client_id: "synapse" - discover: false - scopes: ["profile"] - skip_verification: true - client_auth_method: none - user_mapping_provider: - config: - display_name_template: "{{ user.name }}" - -# Inhibit background updates as this Synapse isn't long-lived -background_updates: - min_batch_size: 100000 - sleep_duration_ms: 100000 - -experimental_features: - # Needed for e2e/crypto/crypto.spec.ts > Cryptography > decryption failure - # messages > non-joined historical messages. - # Can be removed after Synapse enables it by default - msc4115_membership_on_events: true diff --git a/playwright/plugins/homeserver/synapse/templates/guest-enabled/log.config b/playwright/plugins/homeserver/synapse/templates/guest-enabled/log.config deleted file mode 100644 index ac232762da3..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/guest-enabled/log.config +++ /dev/null @@ -1,50 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: INFO - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [console] - propagate: false - -root: - level: INFO - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [console] - -disable_existing_loggers: false diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/README.md b/playwright/plugins/homeserver/synapse/templates/mas-oidc/README.md deleted file mode 100644 index 223ff436a8d..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/README.md +++ /dev/null @@ -1 +0,0 @@ -A synapse configured with auth delegated to via matrix authentication service diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml deleted file mode 100644 index 802d97acade..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ /dev/null @@ -1,194 +0,0 @@ -server_name: "localhost" -pid_file: /data/homeserver.pid -public_baseurl: "{{PUBLIC_BASEURL}}" -listeners: - - port: 8008 - tls: false - bind_addresses: ["::"] - type: http - x_forwarded: true - - resources: - - names: [client] - compress: false - -database: - name: "sqlite3" - args: - database: ":memory:" - -log_config: "/data/log.config" - -rc_messages_per_second: 10000 -rc_message_burst_count: 10000 -rc_registration: - per_second: 10000 - burst_count: 10000 -rc_joins: - local: - per_second: 9999 - burst_count: 9999 - remote: - per_second: 9999 - burst_count: 9999 -rc_joins_per_room: - per_second: 9999 - burst_count: 9999 -rc_3pid_validation: - per_second: 1000 - burst_count: 1000 - -rc_invites: - per_room: - per_second: 1000 - burst_count: 1000 - per_user: - per_second: 1000 - burst_count: 1000 - -rc_login: - address: - per_second: 10000 - burst_count: 10000 - account: - per_second: 10000 - burst_count: 10000 - failed_attempts: - per_second: 10000 - burst_count: 10000 - -media_store_path: "/data/media_store" -uploads_path: "/data/uploads" -registration_shared_secret: "{{REGISTRATION_SECRET}}" -report_stats: false -macaroon_secret_key: "{{MACAROON_SECRET_KEY}}" -form_secret: "{{FORM_SECRET}}" -signing_key_path: "/data/localhost.signing.key" - -trusted_key_servers: - - server_name: "matrix.org" -suppress_key_server_warning: true - -ui_auth: - session_timeout: "300s" - -# Inhibit background updates as this Synapse isn't long-lived -background_updates: - min_batch_size: 100000 - sleep_duration_ms: 100000 - -serve_server_wellknown: true -experimental_features: - msc3861: - enabled: true - - issuer: http://localhost:%MAS_PORT%/ - # We have to bake in the metadata here as we need to override `introspection_endpoint` - issuer_metadata: { - "issuer": "http://localhost:%MAS_PORT%/", - "authorization_endpoint": "http://localhost:%MAS_PORT%/authorize", - "token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token", - "jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json", - "registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration", - "scopes_supported": ["openid", "email"], - "response_types_supported": ["code", "id_token", "code id_token"], - "response_modes_supported": ["form_post", "query", "fragment"], - "grant_types_supported": - [ - "authorization_code", - "refresh_token", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - ], - "token_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "token_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke", - "revocation_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "revocation_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - # This is the only changed value - "introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect", - "introspection_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "introspection_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "code_challenge_methods_supported": ["plain", "S256"], - "userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo", - "subject_types_supported": ["public"], - "id_token_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "userinfo_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "display_values_supported": ["page"], - "claim_types_supported": ["normal"], - "claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"], - "claims_parameter_supported": false, - "request_parameter_supported": false, - "request_uri_parameter_supported": false, - "prompt_values_supported": ["none", "login", "create"], - "device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device", - "org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql", - "account_management_uri": "http://localhost:%MAS_PORT%/account/", - "account_management_actions_supported": - [ - "org.matrix.profile", - "org.matrix.sessions_list", - "org.matrix.session_view", - "org.matrix.session_end", - ], - } - - # Matches the `client_id` in the auth service config - client_id: 0000000000000000000SYNAPSE - # Matches the `client_auth_method` in the auth service config - client_auth_method: client_secret_basic - # Matches the `client_secret` in the auth service config - client_secret: "SomeRandomSecret" - - # Matches the `matrix.secret` in the auth service config - admin_token: "AnotherRandomSecret" - - # URL to advertise to clients where users can self-manage their account - account_management_url: "http://localhost:%MAS_PORT%/account" diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/log.config b/playwright/plugins/homeserver/synapse/templates/mas-oidc/log.config deleted file mode 100644 index b9123d0f5b9..00000000000 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/log.config +++ /dev/null @@ -1,50 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: DEBUG - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [console] - propagate: false - -root: - level: DEBUG - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [console] - -disable_existing_loggers: false diff --git a/playwright/plugins/mailhog/index.ts b/playwright/plugins/mailhog/index.ts deleted file mode 100644 index e9e5f08b717..00000000000 --- a/playwright/plugins/mailhog/index.ts +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2024 New Vector Ltd. -Copyright 2023 The Matrix.org Foundation C.I.C. - -SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only -Please see LICENSE files in the repository root for full details. -*/ - -import mailhog from "mailhog"; - -import { getFreePort } from "../utils/port"; -import { Docker } from "../docker"; - -export interface Instance { - host: string; - smtpPort: number; - httpPort: number; - containerId: string; -} - -export class MailHogServer { - private readonly docker: Docker = new Docker(); - private instance?: Instance; - - async start(): Promise<{ api: mailhog.API; instance: Instance }> { - if (this.instance) throw new Error("Mailhog server is already running!"); - const smtpPort = await getFreePort(); - const httpPort = await getFreePort(); - console.log(`Starting mailhog...`); - const containerId = await this.docker.run({ - image: "mailhog/mailhog:latest", - containerName: `react-sdk-playwright-mailhog`, - params: ["-p", `${smtpPort}:1025/tcp`, "-p", `${httpPort}:8025/tcp`], - }); - console.log(`Started mailhog on ports smtp=${smtpPort} http=${httpPort}.`); - const host = await this.docker.getContainerIp(); - this.instance = { smtpPort, httpPort, containerId, host }; - return { api: mailhog({ host: "localhost", port: httpPort }), instance: this.instance }; - } - - async stop(): Promise { - if (!this.instance) throw new Error("Missing existing mailhog instance, did you call stop() before start()?"); - await this.docker.stop(); - console.log(`Stopped mailhog id ${this.instance.containerId}.`); - this.instance = undefined; - } -} diff --git a/playwright/plugins/matrix-authentication-service/config.yaml b/playwright/plugins/matrix-authentication-service/config.yaml deleted file mode 100644 index e7ab83e736e..00000000000 --- a/playwright/plugins/matrix-authentication-service/config.yaml +++ /dev/null @@ -1,153 +0,0 @@ -clients: - - client_id: 0000000000000000000SYNAPSE - client_auth_method: client_secret_basic - client_secret: "SomeRandomSecret" -http: - listeners: - - name: web - resources: - - name: discovery - - name: human - - name: oauth - - name: compat - - name: graphql - playground: true - - name: assets - path: /usr/local/share/mas-cli/assets/ - binds: - - address: "[::]:8080" - proxy_protocol: false - - name: internal - resources: - - name: health - binds: - - host: localhost - port: 8081 - proxy_protocol: false - trusted_proxies: - - 192.128.0.0/16 - - 172.16.0.0/12 - - 10.0.0.0/10 - - 127.0.0.1/8 - - fd00::/8 - - ::1/128 - public_base: "http://localhost:{{MAS_PORT}}/" - issuer: http://localhost:{{MAS_PORT}}/ -database: - host: "{{POSTGRES_HOST}}" - port: 5432 - database: postgres - username: postgres - password: "{{POSTGRES_PASSWORD}}" - max_connections: 10 - min_connections: 0 - connect_timeout: 30 - idle_timeout: 600 - max_lifetime: 1800 -telemetry: - tracing: - exporter: none - propagators: [] - metrics: - exporter: none - sentry: - dsn: null -templates: - path: /usr/local/share/mas-cli/templates/ - assets_manifest: /usr/local/share/mas-cli/manifest.json - translations_path: /usr/local/share/mas-cli/translations/ -email: - from: '"Authentication Service" ' - reply_to: '"Authentication Service" ' - transport: smtp - mode: plain - hostname: "host.containers.internal" - port: %{{SMTP_PORT}} - username: username - password: password - -secrets: - encryption: 984b18e207c55ad5fbb2a49b217481a722917ee87b2308d4cf314c83fed8e3b5 - keys: - - kid: YEAhzrKipJ - key: | - -----BEGIN RSA PRIVATE KEY----- - MIIEowIBAAKCAQEAuIV+AW5vx52I4CuumgSxp6yvKfIAnRdALeZZCoFkIGxUli1B - S79NJ3ls46oLh1pSD9RrhaMp6HTNoi4K3hnP9Q9v77pD7KwdFKG3UdG1zksIB0s/ - +/Ey/DmX4LPluwBBS7r/LkQ1jk745lENA++oiDqZf2D/uP8jCHlvaSNyVKTqi1ki - OXPd4T4xBUjzuas9ze5jQVSYtfOidgnv1EzUipbIxgvH1jNt4raRlmP8mOq7xEnW - R+cF5x6n/g17PdSEfrwO4kz6aKGZuMP5lVlDEEnMHKabFSQDBl7+Mpok6jXutbtA - uiBnsKEahF9eoj4na4fpbRNPdIVyoaN5eGvm5wIDAQABAoIBAApyFCYEmHNWaa83 - CdVSOrRhRDE9r+c0r79pcNT1ajOjrk4qFa4yEC4R46YntCtfY5Hd1pBkIjU0l4d8 - z8Su9WTMEOwjQUEepS7L0NLi6kXZXYT8L40VpGs+32grBvBFHW0qEtQNrHJ36gMv - x2rXoFTF7HaXiSJx3wvVxAbRqOE9tBXLsmNHaWaAdWQG5o77V9+zvMri3cAeEg2w - VkKokb0dza7es7xG3tqS26k69SrwGeeuKo7qCHPH2cfyWmY5Yhv8iOoA59JzzbiK - UdxyzCHskrPSpRKVkVVwmY3RBt282TmSRG7td7e5ESSj50P2e5BI5uu1Hp/dvU4F - vYjV7kECgYEA6WqYoUpVsgQiqhvJwJIc/8gRm0mUy8TenI36z4Iim01Nt7fibWH7 - XnsFqLGjXtYNVWvBcCrUl9doEnRbJeG2eRGbGKYAWVrOeFvwM4fYvw9GoOiJdDj4 - cgWDe7eHbHE+UTqR7Nnr/UBfipoNWDh6X68HRBuXowh0Q6tOfxsrRFECgYEAyl/V - 4b8bFp3pKZZCb+KPSYsQf793cRmrBexPcLWcDPYbMZQADEZ/VLjbrNrpTOWxUWJT - hr8MrWswnHO+l5AFu5CNO+QgV2dHLk+2w8qpdpFRPJCfXfo2D3wZ0c4cv3VCwv1V - 5y7f6XWVjDWZYV4wj6c3shxZJjZ+9Hbhf3/twbcCgYA6fuRRR3fCbRbi2qPtBrEN - yO3gpMgNaQEA6vP4HPzfPrhDWmn8T5nXS61XYW03zxz4U1De81zj0K/cMBzHmZFJ - NghQXQmpWwBzWVcREvJWr1Vb7erEnaJlsMwKrSvbGWYspSj82oAxr3hCG+lMOpsw - b4S6pM+TpAK/EqdRY1WsgQKBgQCGoMaaTRXqL9bC0bEU2XVVCWxKb8c3uEmrwQ7/ - /fD4NmjUzI5TnDps1CVfkqoNe+hAKddDFqmKXHqUOfOaxDbsFje+lf5l5tDVoDYH - fjTKKdYPIm7CiAeauYY7qpA5Vfq52Opixy4yEwUPp0CII67OggFtPaqY3zwJyWQt - +57hdQKBgGCXM/KKt7ceUDcNJxSGjvu0zD9D5Sv2ihYlEBT/JLaTCCJdvzREevaJ - 1d+mpUAt0Lq6A8NWOMq8HPaxAik3rMQ0WtM5iG+XgsUqvTSb7NcshArDLuWGnW3m - MC4rM0UBYAS4QweduUSH1imrwH/1Gu5+PxbiecceRMMggWpzu0Bq - -----END RSA PRIVATE KEY----- - - kid: 8J1AxrlNZT - key: | - -----BEGIN EC PRIVATE KEY----- - MHcCAQEEIF1cjfIOEdy3BXJ72x6fKpEB8WP1ddZAUJAaqqr/6CpToAoGCCqGSM49 - AwEHoUQDQgAEfHdNuI1Yeh3/uOq2PlnW2vymloOVpwBYebbw4VVsna9xhnutIdQW - dE8hkX8Yb0pIDasrDiwllVLzSvsWJAI0Kw== - -----END EC PRIVATE KEY----- - - kid: 3BW6un1EBi - key: | - -----BEGIN EC PRIVATE KEY----- - MIGkAgEBBDA+3ZV17r8TsiMdw1cpbTSNbyEd5SMy3VS1Mk/kz6O2Ev/3QZut8GE2 - q3eGtLBoVQigBwYFK4EEACKhZANiAASs8Wxjk/uRimRKXnPr2/wDaXkN9wMDjYQK - mZULb+0ZP1/cXmuXuri8hUGhQvIU8KWY9PkpV+LMPEdpE54mHPKSLjq5CDXoSZ/P - 9f7cdRaOZ000KQPZfIFR9ujJTtDN7Vs= - -----END EC PRIVATE KEY----- - - kid: pkZ0pTKK0X - key: | - -----BEGIN EC PRIVATE KEY----- - MHQCAQEEIHenfsXYPc5yzjZKUfvmydDR1YRwdsfZYvwHf/2wsYxooAcGBSuBBAAK - oUQDQgAEON1x7Vlu+nA0KvC5vYSOHhDUkfLYNZwYSLPFVT02h9E13yFFMIJegIBl - Aer+6PMZpPc8ycyeH9N+U9NAyliBhQ== - -----END EC PRIVATE KEY----- -passwords: - enabled: true - schemes: - - version: 1 - algorithm: argon2id -matrix: - homeserver: localhost - secret: AnotherRandomSecret - endpoint: "{{SYNAPSE_URL}}" -policy: - wasm_module: /usr/local/share/mas-cli/policy.wasm - client_registration_entrypoint: client_registration/violation - register_entrypoint: register/violation - authorization_grant_entrypoint: authorization_grant/violation - password_entrypoint: password/violation - email_entrypoint: email/violation - data: - client_registration: - allow_insecure_uris: true # allow non-SSL and localhost URIs - allow_missing_contacts: true # EW doesn't have contacts at this time -upstream_oauth2: - providers: [] -branding: - service_name: null - policy_uri: null - tos_uri: null - imprint: null - logo_uri: null -experimental: - access_token_ttl: 300 - compat_token_ttl: 300 diff --git a/playwright/plugins/matrix-authentication-service/index.ts b/playwright/plugins/matrix-authentication-service/index.ts deleted file mode 100644 index eaad350b829..00000000000 --- a/playwright/plugins/matrix-authentication-service/index.ts +++ /dev/null @@ -1,151 +0,0 @@ -/* -Copyright 2024 New Vector Ltd. -Copyright 2023 The Matrix.org Foundation C.I.C. - -SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only -Please see LICENSE files in the repository root for full details. -*/ - -import path, { basename } from "node:path"; -import os from "node:os"; -import * as fse from "fs-extra"; -import { BrowserContext, TestInfo } from "@playwright/test"; - -import { getFreePort } from "../utils/port"; -import { Docker } from "../docker"; -import { PG_PASSWORD, PostgresDocker } from "../postgres"; -import { HomeserverInstance } from "../homeserver"; -import { Instance as MailhogInstance } from "../mailhog"; - -// Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image. -// We use a debug tag so that we have a shell and can run all 3 necessary commands in one run. -const TAG = "0.8.0-debug"; - -export interface ProxyInstance { - containerId: string; - postgresId: string; - configDir: string; - port: number; -} - -async function cfgDirFromTemplate(opts: { - postgresHost: string; - synapseUrl: string; - masPort: string; - smtpPort: string; -}): Promise<{ - configDir: string; -}> { - const configPath = path.join(__dirname, "config.yaml"); - const tempDir = await fse.mkdtemp(path.join(os.tmpdir(), "react-sdk-mas-")); - - const outputHomeserver = path.join(tempDir, "config.yaml"); - console.log(`Gen ${configPath} -> ${outputHomeserver}`); - let config = await fse.readFile(configPath, "utf8"); - config = config.replace(/{{MAS_PORT}}/g, opts.masPort); - config = config.replace(/{{POSTGRES_HOST}}/g, opts.postgresHost); - config = config.replace(/{{POSTGRES_PASSWORD}}/g, PG_PASSWORD); - config = config.replace(/%{{SMTP_PORT}}/g, opts.smtpPort); - config = config.replace(/{{SYNAPSE_URL}}/g, opts.synapseUrl); - - await fse.writeFile(outputHomeserver, config); - - // Allow anyone to read, write and execute in the temp directory - // so that the DIND setup that we use to update the playwright screenshots work without any issues. - await fse.chmod(tempDir, 0o757); - - return { - configDir: tempDir, - }; -} - -export class MatrixAuthenticationService { - private readonly masDocker = new Docker(); - private readonly postgresDocker = new PostgresDocker("mas"); - private instance: ProxyInstance; - public port: number; - - constructor(private context: BrowserContext) {} - - async prepare(): Promise<{ port: number }> { - this.port = await getFreePort(); - return { port: this.port }; - } - - async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise { - console.log(new Date(), "Starting mas..."); - - if (!this.port) await this.prepare(); - const port = this.port; - const { containerId: postgresId, ipAddress: postgresIp } = await this.postgresDocker.start(); - const { configDir } = await cfgDirFromTemplate({ - masPort: port.toString(), - postgresHost: postgresIp, - synapseUrl: homeserver.config.dockerUrl, - smtpPort: mailhog.smtpPort.toString(), - }); - - console.log(new Date(), "starting mas container...", TAG); - const containerId = await this.masDocker.run({ - image: "ghcr.io/matrix-org/matrix-authentication-service:" + TAG, - containerName: "react-sdk-playwright-mas", - params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`, "--entrypoint", "sh"], - cmd: [ - "-c", - "mas-cli database migrate --config /config/config.yaml && " + - "mas-cli config sync --config /config/config.yaml && " + - "mas-cli server --config /config/config.yaml", - ], - }); - console.log(new Date(), "started!"); - - // Set up redirects - const baseUrl = `http://localhost:${port}`; - for (const path of [ - "**/_matrix/client/*/login", - "**/_matrix/client/*/login/**", - "**/_matrix/client/*/logout", - "**/_matrix/client/*/refresh", - ]) { - await this.context.route(path, async (route) => { - await route.continue({ - url: new URL(route.request().url().split("/").slice(3).join("/"), baseUrl).href, - }); - }); - } - - this.instance = { containerId, postgresId, port, configDir }; - return this.instance; - } - - async stop(testInfo: TestInfo): Promise { - if (!this.instance) return; // nothing to stop - const id = this.instance.containerId; - const logPath = path.join("playwright", "logs", "matrix-authentication-service", id); - await fse.ensureDir(logPath); - await this.masDocker.persistLogsToFile({ - stdoutFile: path.join(logPath, "stdout.log"), - stderrFile: path.join(logPath, "stderr.log"), - }); - - await this.masDocker.stop(); - await this.postgresDocker.stop(); - - if (testInfo.status !== "passed") { - const logs = [path.join(logPath, "stdout.log"), path.join(logPath, "stderr.log")]; - for (const path of logs) { - await testInfo.attach(`mas-${basename(path)}`, { - path, - contentType: "text/plain", - }); - } - await testInfo.attach("mas-config.yaml", { - path: path.join(this.instance.configDir, "config.yaml"), - contentType: "text/plain", - }); - } - - await fse.remove(this.instance.configDir); - console.log(new Date(), "Stopped mas."); - } -} diff --git a/playwright/plugins/postgres/index.ts b/playwright/plugins/postgres/index.ts deleted file mode 100644 index 23d37ffef67..00000000000 --- a/playwright/plugins/postgres/index.ts +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2024 New Vector Ltd. -Copyright 2023 The Matrix.org Foundation C.I.C. - -SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only -Please see LICENSE files in the repository root for full details. -*/ - -import { Docker } from "../docker"; - -export const PG_PASSWORD = "p4S5w0rD"; - -/** - * Class to manage a postgres database in docker - */ -export class PostgresDocker extends Docker { - /** - * @param key an opaque string to use when naming the docker containers instantiated by this class - */ - public constructor(private key: string) { - super(); - } - - private async waitForPostgresReady(ipAddress: string): Promise { - const waitTimeMillis = 30000; - const startTime = new Date().getTime(); - let lastErr: Error | null = null; - while (new Date().getTime() - startTime < waitTimeMillis) { - try { - // Note that we specify the IP address rather than letting it connect to the local - // socket: that's the listener we care about and empirically it matters. - await this.exec(["pg_isready", "-h", ipAddress, "-U", "postgres"], true); - lastErr = null; - break; - } catch (err) { - console.log("pg_isready: failed"); - lastErr = err; - } - } - if (lastErr) { - console.log("rethrowing"); - throw lastErr; - } - } - - public async start(): Promise<{ - ipAddress: string; - containerId: string; - }> { - console.log(new Date(), "starting postgres container"); - const containerId = await this.run({ - image: "postgres", - containerName: `react-sdk-playwright-postgres-${this.key}`, - params: ["--tmpfs=/pgtmpfs", "-e", "PGDATA=/pgtmpfs", "-e", `POSTGRES_PASSWORD=${PG_PASSWORD}`], - // Optimise for testing - https://www.postgresql.org/docs/current/non-durability.html - cmd: ["-c", `fsync=off`, "-c", `synchronous_commit=off`, "-c", `full_page_writes=off`], - }); - - const ipAddress = await this.getContainerIp(); - console.log(new Date(), "postgres container up"); - - await this.waitForPostgresReady(ipAddress); - console.log(new Date(), "postgres container ready"); - return { ipAddress, containerId }; - } -} diff --git a/playwright/plugins/sliding-sync-proxy/index.ts b/playwright/plugins/sliding-sync-proxy/index.ts deleted file mode 100644 index 81bfe79fc10..00000000000 --- a/playwright/plugins/sliding-sync-proxy/index.ts +++ /dev/null @@ -1,77 +0,0 @@ -/* -Copyright 2024 New Vector Ltd. -Copyright 2023 The Matrix.org Foundation C.I.C. - -SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only -Please see LICENSE files in the repository root for full details. -*/ - -import type { BrowserContext, Route } from "@playwright/test"; -import { getFreePort } from "../utils/port"; -import { Docker } from "../docker"; -import { PG_PASSWORD, PostgresDocker } from "../postgres"; - -// Docker tag to use for `ghcr.io/matrix-org/sliding-sync` image. -const SLIDING_SYNC_PROXY_TAG = "v0.99.3"; - -export interface ProxyInstance { - containerId: string; - postgresId: string; - port: number; -} - -export class SlidingSyncProxy { - private readonly proxyDocker = new Docker(); - private readonly postgresDocker = new PostgresDocker("sliding-sync"); - private instance: ProxyInstance; - - constructor( - private synapseIp: string, - private context: BrowserContext, - ) {} - - private syncHandler = async (route: Route) => { - if (!this.instance) return route.abort("blockedbyclient"); - - const baseUrl = `http://localhost:${this.instance.port}`; - await route.continue({ - url: new URL(route.request().url().split("/").slice(3).join("/"), baseUrl).href, - }); - }; - - async start(): Promise { - console.log(new Date(), "Starting sliding sync proxy..."); - - const { ipAddress: postgresIp, containerId: postgresId } = await this.postgresDocker.start(); - - const port = await getFreePort(); - console.log(new Date(), "starting proxy container...", SLIDING_SYNC_PROXY_TAG); - const containerId = await this.proxyDocker.run({ - image: "ghcr.io/matrix-org/sliding-sync:" + SLIDING_SYNC_PROXY_TAG, - containerName: "react-sdk-playwright-sliding-sync-proxy", - params: [ - "-p", - `${port}:8008/tcp`, - "-e", - "SYNCV3_SECRET=bwahahaha", - "-e", - `SYNCV3_SERVER=${this.synapseIp}`, - "-e", - `SYNCV3_DB=user=postgres dbname=postgres password=${PG_PASSWORD} host=${postgresIp} sslmode=disable`, - ], - }); - console.log(new Date(), "started!"); - - this.instance = { containerId, postgresId, port }; - await this.context.route("**/_matrix/client/unstable/org.matrix.msc3575/sync*", this.syncHandler); - return this.instance; - } - - async stop(): Promise { - await this.context.unroute("**/_matrix/client/unstable/org.matrix.msc3575/sync*", this.syncHandler); - - await this.postgresDocker.stop(); - await this.proxyDocker.stop(); - console.log(new Date(), "Stopped sliding sync proxy."); - } -} diff --git a/playwright/services.ts b/playwright/services.ts new file mode 100644 index 00000000000..bf4bad18fcc --- /dev/null +++ b/playwright/services.ts @@ -0,0 +1,113 @@ +/* +Copyright 2024 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { test as base } from "@playwright/test"; +import mailhog from "mailhog"; +import { GenericContainer, Network, StartedNetwork, StartedTestContainer, Wait } from "testcontainers"; +import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers/postgresql"; + +import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; +import { MatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts"; + +export interface Services { + network: StartedNetwork; + postgres: StartedPostgreSqlContainer; + + mailhog: StartedTestContainer; + mailhogClient: mailhog.API; + + synapseConfigOptions: SynapseConfigOptions; + _homeserver: SynapseContainer; + homeserver: StartedSynapseContainer; + mas: StartedTestContainer; +} + +// TODO logs +export const test = base.extend({ + // eslint-disable-next-line no-empty-pattern + network: async ({}, use) => { + const network = await new Network().start(); + await use(network); + await network.stop(); + }, + postgres: async ({ network }, use) => { + const container = await new PostgreSqlContainer() + .withNetwork(network) + .withNetworkAliases("postgres") + .withTmpFs({ + "/dev/shm/pgdata/data": "", + }) + .withEnvironment({ + PG_DATA: "/dev/shm/pgdata/data", + }) + .withCommand([ + "-c", + "shared_buffers=128MB", + "-c", + `fsync=off`, + "-c", + `synchronous_commit=off`, + "-c", + "full_page_writes=off", + ]) + .start(); + await use(container); + await container.stop(); + }, + + mailhog: async ({ network }, use) => { + const container = await new GenericContainer("mailhog/mailhog:latest") + .withNetwork(network) + .withNetworkAliases("mailhog") + .withExposedPorts(8025) + .withWaitStrategy(Wait.forListeningPorts()) + .start(); + await use(container); + await container.stop(); + }, + mailhogClient: async ({ mailhog: container }, use) => { + await use(mailhog({ host: container.getHost(), port: container.getMappedPort(8025) })); + }, + + synapseConfigOptions: [{}, { option: true }], + _homeserver: async ({ request }, use) => { + const container = new SynapseContainer(request); + await use(container); + }, + homeserver: async ({ network, _homeserver: homeserver, synapseConfigOptions }, use) => { + const container = await homeserver + .withNetwork(network) + .withNetworkAliases("homeserver") + .withConfig(synapseConfigOptions) + .start(); + + await use(container); + await container.stop(); + }, + mas: async ({ network, homeserver }, use) => { + const container = await new MatrixAuthenticationServiceContainer() + .withNetwork(network) + .withNetworkAliases("mas") + .withConfig({ + clients: [ + { + client_id: "0000000000000000000SYNAPSE", + client_auth_method: "client_secret_basic", + client_secret: "SomeRandomSecret", + }, + ], + matrix: { + homeserver: "localhost", + secret: "AnotherRandomSecret", + endpoint: "http://synapse:8008", + }, + }) + .start(); + await use(container); + await container.stop(); + }, +}); diff --git a/playwright/testcontainers/dendrite.ts b/playwright/testcontainers/dendrite.ts new file mode 100644 index 00000000000..e073fbcada9 --- /dev/null +++ b/playwright/testcontainers/dendrite.ts @@ -0,0 +1,280 @@ +/* +Copyright 2024 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { GenericContainer, Wait } from "testcontainers"; +import { APIRequestContext } from "@playwright/test"; +import * as YAML from "yaml"; +import { deepCopy } from "matrix-js-sdk/src/utils"; +import { set } from "lodash"; + +import { getFreePort } from "../plugins/utils/port.ts"; +import { randB64Bytes } from "../plugins/utils/rand.ts"; +import { StartedSynapseContainer } from "./synapse.ts"; + +const DEFAULT_CONFIG = { + version: 2, + global: { + server_name: "localhost", + private_key: "matrix_key.pem", + old_private_keys: null, + key_validity_period: "168h0m0s", + cache: { + max_size_estimated: "1gb", + max_age: "1h", + }, + well_known_server_name: "", + well_known_client_name: "", + trusted_third_party_id_servers: ["matrix.org", "vector.im"], + disable_federation: false, + presence: { + enable_inbound: false, + enable_outbound: false, + }, + report_stats: { + enabled: false, + endpoint: "https://matrix.org/report-usage-stats/push", + }, + server_notices: { + enabled: false, + local_part: "_server", + display_name: "Server Alerts", + avatar_url: "", + room_name: "Server Alerts", + }, + jetstream: { + addresses: null, + disable_tls_validation: false, + storage_path: "./", + topic_prefix: "Dendrite", + }, + metrics: { + enabled: false, + basic_auth: { + username: "metrics", + password: "metrics", + }, + }, + dns_cache: { + enabled: false, + cache_size: 256, + cache_lifetime: "5m", + }, + }, + app_service_api: { + disable_tls_validation: false, + config_files: null, + }, + client_api: { + registration_disabled: false, + guests_disabled: true, + registration_shared_secret: "secret", + enable_registration_captcha: false, + recaptcha_public_key: "", + recaptcha_private_key: "", + recaptcha_bypass_secret: "", + turn: { + turn_user_lifetime: "5m", + turn_uris: null, + turn_shared_secret: "", + }, + rate_limiting: { + enabled: true, + threshold: 20, + cooloff_ms: 500, + exempt_user_ids: null, + }, + }, + federation_api: { + send_max_retries: 16, + disable_tls_validation: false, + disable_http_keepalives: false, + key_perspectives: [ + { + server_name: "matrix.org", + keys: [ + { + key_id: "ed25519:auto", + public_key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw", + }, + { + key_id: "ed25519:a_RXGa", + public_key: "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ", + }, + ], + }, + ], + prefer_direct_fetch: false, + database: { + connection_string: "file:dendrite-federationapi.db", + }, + }, + media_api: { + base_path: "./media_store", + max_file_size_bytes: 10485760, + dynamic_thumbnails: false, + max_thumbnail_generators: 10, + thumbnail_sizes: [ + { + width: 32, + height: 32, + method: "crop", + }, + { + width: 96, + height: 96, + method: "crop", + }, + { + width: 640, + height: 480, + method: "scale", + }, + ], + database: { + connection_string: "file:dendrite-mediaapi.db", + }, + }, + mscs: { + mscs: null, + database: { + connection_string: "file:dendrite-msc.db", + }, + }, + sync_api: { + search: { + enabled: false, + index_path: "./searchindex", + language: "en", + }, + database: { + connection_string: "file:dendrite-syncapi.db", + }, + }, + user_api: { + bcrypt_cost: 10, + auto_join_rooms: null, + account_database: { + connection_string: "file:dendrite-userapi.db", + }, + }, + room_server: { + database: { + connection_string: "file:dendrite-roomserverapi.db", + }, + }, + key_server: { + database: { + connection_string: "file:dendrite-keyserverapi.db", + }, + }, + relay_api: { + database: { + connection_string: "file:dendrite-relayapi.db", + }, + }, + tracing: { + enabled: false, + jaeger: { + serviceName: "", + disabled: false, + rpc_metrics: false, + tags: [], + sampler: null, + reporter: null, + headers: null, + baggage_restrictions: null, + throttler: null, + }, + }, + logging: [ + { + type: "std", + level: "debug", + }, + { + type: "file", + level: "debug", + params: { + path: "./logs", + }, + }, + ], +}; + +export class DendriteContainer extends GenericContainer { + private config: typeof DEFAULT_CONFIG; + + constructor( + private request: APIRequestContext, + image = "matrixdotorg/dendrite-monolith:main", + entrypoint = "/usr/bin/dendrite", + ) { + super(image); + + this.config = deepCopy(DEFAULT_CONFIG); + this.config.client_api.registration_shared_secret = randB64Bytes(16); + + this.withEntrypoint([entrypoint]) + .withCommand([ + "--config", + "/etc/dendrite/dendrite.yaml", + "--really-enable-open-registration", + "true", + "run", + ]) + .withWaitStrategy(Wait.forHttp("/_matrix/client/versions", 8008)); + + // const docker = new Docker(); + // await docker.run({ + // image: dendriteImage, + // params: ["--entrypoint=", "-v", `${tempDir}:/mnt`], + // containerName: `react-sdk-playwright-dendrite-keygen`, + // cmd: ["/usr/bin/generate-keys", "-private-key", "/mnt/matrix_key.pem"], + // }); + } + + public withConfigField(key: string, value: any): this { + set(this.config, key, value); + return this; + } + + public withConfig(config: Partial): this { + this.config = { + ...this.config, + ...config, + }; + return this; + } + + public override async start(): Promise { + const port = await getFreePort(); + + this.withExposedPorts({ + container: 8008, + host: port, + }).withCopyContentToContainer([ + { + target: "/etc/dendrite/dendrite.yaml", + content: YAML.stringify(this.config), + }, + ]); + + // Surprisingly, Dendrite implements the same register user Admin API Synapse, so we can just extend it + return new StartedSynapseContainer( + await super.start(), + `http://localhost:${port}`, + this.config.client_api.registration_shared_secret, + this.request, + ); + } +} + +export class PineconeContainer extends DendriteContainer { + constructor(request: APIRequestContext) { + super(request, "matrixdotorg/dendrite-demo-pinecone:main", "/usr/bin/dendrite-demo-pinecone"); + } +} diff --git a/playwright/testcontainers/mas.ts b/playwright/testcontainers/mas.ts new file mode 100644 index 00000000000..b4e5bf75377 --- /dev/null +++ b/playwright/testcontainers/mas.ts @@ -0,0 +1,206 @@ +/* +Copyright 2024 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { AbstractStartedContainer, GenericContainer, StartedTestContainer, Wait } from "testcontainers"; +import crypto from "node:crypto"; +import * as YAML from "yaml"; + +import { getFreePort } from "../plugins/utils/port.ts"; +import { Credentials } from "../plugins/homeserver"; +import { deepCopy } from "matrix-js-sdk/src/utils.ts"; + +const DEFAULT_CONFIG = { + http: { + listeners: [ + { + name: "web", + resources: [ + { + name: "discovery", + }, + { + name: "human", + }, + { + name: "oauth", + }, + { + name: "compat", + }, + { + name: "graphql", + playground: true, + }, + { + name: "assets", + path: "/usr/local/share/mas-cli/assets/", + }, + ], + binds: [ + { + address: "[::]:8080", + }, + ], + proxy_protocol: false, + }, + { + name: "internal", + resources: [ + { + name: "health", + }, + ], + binds: [ + { + host: "localhost", + port: 8081, + }, + ], + proxy_protocol: false, + }, + ], + trusted_proxies: ["192.128.0.0/16", "172.16.0.0/12", "10.0.0.0/10", "127.0.0.1/8", "fd00::/8", "::1/128"], + public_base: "", // Needs to be set + issuer: "", // Needs to be set + }, + database: { + host: "postgres", + port: 5432, + database: "postgres", + username: "postgres", + password: "p4S5w0rD", + max_connections: 10, + min_connections: 0, + connect_timeout: 30, + idle_timeout: 600, + max_lifetime: 1800, + }, + telemetry: { + tracing: { + exporter: "none", + propagators: [], + }, + metrics: { + exporter: "none", + }, + sentry: { + dsn: null, + }, + }, + templates: { + path: "/usr/local/share/mas-cli/templates/", + assets_manifest: "/usr/local/share/mas-cli/manifest.json", + translations_path: "/usr/local/share/mas-cli/translations/", + }, + email: { + from: '"Authentication Service" ', + reply_to: '"Authentication Service" ', + transport: "smtp", + mode: "plain", + hostname: "mailhog", + port: 1025, + username: "username", + password: "password", + }, + secrets: { + encryption: "984b18e207c55ad5fbb2a49b217481a722917ee87b2308d4cf314c83fed8e3b5", + keys: [ + { + kid: "YEAhzrKipJ", + key: "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAuIV+AW5vx52I4CuumgSxp6yvKfIAnRdALeZZCoFkIGxUli1B\nS79NJ3ls46oLh1pSD9RrhaMp6HTNoi4K3hnP9Q9v77pD7KwdFKG3UdG1zksIB0s/\n+/Ey/DmX4LPluwBBS7r/LkQ1jk745lENA++oiDqZf2D/uP8jCHlvaSNyVKTqi1ki\nOXPd4T4xBUjzuas9ze5jQVSYtfOidgnv1EzUipbIxgvH1jNt4raRlmP8mOq7xEnW\nR+cF5x6n/g17PdSEfrwO4kz6aKGZuMP5lVlDEEnMHKabFSQDBl7+Mpok6jXutbtA\nuiBnsKEahF9eoj4na4fpbRNPdIVyoaN5eGvm5wIDAQABAoIBAApyFCYEmHNWaa83\nCdVSOrRhRDE9r+c0r79pcNT1ajOjrk4qFa4yEC4R46YntCtfY5Hd1pBkIjU0l4d8\nz8Su9WTMEOwjQUEepS7L0NLi6kXZXYT8L40VpGs+32grBvBFHW0qEtQNrHJ36gMv\nx2rXoFTF7HaXiSJx3wvVxAbRqOE9tBXLsmNHaWaAdWQG5o77V9+zvMri3cAeEg2w\nVkKokb0dza7es7xG3tqS26k69SrwGeeuKo7qCHPH2cfyWmY5Yhv8iOoA59JzzbiK\nUdxyzCHskrPSpRKVkVVwmY3RBt282TmSRG7td7e5ESSj50P2e5BI5uu1Hp/dvU4F\nvYjV7kECgYEA6WqYoUpVsgQiqhvJwJIc/8gRm0mUy8TenI36z4Iim01Nt7fibWH7\nXnsFqLGjXtYNVWvBcCrUl9doEnRbJeG2eRGbGKYAWVrOeFvwM4fYvw9GoOiJdDj4\ncgWDe7eHbHE+UTqR7Nnr/UBfipoNWDh6X68HRBuXowh0Q6tOfxsrRFECgYEAyl/V\n4b8bFp3pKZZCb+KPSYsQf793cRmrBexPcLWcDPYbMZQADEZ/VLjbrNrpTOWxUWJT\nhr8MrWswnHO+l5AFu5CNO+QgV2dHLk+2w8qpdpFRPJCfXfo2D3wZ0c4cv3VCwv1V\n5y7f6XWVjDWZYV4wj6c3shxZJjZ+9Hbhf3/twbcCgYA6fuRRR3fCbRbi2qPtBrEN\nyO3gpMgNaQEA6vP4HPzfPrhDWmn8T5nXS61XYW03zxz4U1De81zj0K/cMBzHmZFJ\nNghQXQmpWwBzWVcREvJWr1Vb7erEnaJlsMwKrSvbGWYspSj82oAxr3hCG+lMOpsw\nb4S6pM+TpAK/EqdRY1WsgQKBgQCGoMaaTRXqL9bC0bEU2XVVCWxKb8c3uEmrwQ7/\n/fD4NmjUzI5TnDps1CVfkqoNe+hAKddDFqmKXHqUOfOaxDbsFje+lf5l5tDVoDYH\nfjTKKdYPIm7CiAeauYY7qpA5Vfq52Opixy4yEwUPp0CII67OggFtPaqY3zwJyWQt\n+57hdQKBgGCXM/KKt7ceUDcNJxSGjvu0zD9D5Sv2ihYlEBT/JLaTCCJdvzREevaJ\n1d+mpUAt0Lq6A8NWOMq8HPaxAik3rMQ0WtM5iG+XgsUqvTSb7NcshArDLuWGnW3m\nMC4rM0UBYAS4QweduUSH1imrwH/1Gu5+PxbiecceRMMggWpzu0Bq\n-----END RSA PRIVATE KEY-----\n", + }, + { + kid: "8J1AxrlNZT", + key: "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIF1cjfIOEdy3BXJ72x6fKpEB8WP1ddZAUJAaqqr/6CpToAoGCCqGSM49\nAwEHoUQDQgAEfHdNuI1Yeh3/uOq2PlnW2vymloOVpwBYebbw4VVsna9xhnutIdQW\ndE8hkX8Yb0pIDasrDiwllVLzSvsWJAI0Kw==\n-----END EC PRIVATE KEY-----\n", + }, + { + kid: "3BW6un1EBi", + key: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDA+3ZV17r8TsiMdw1cpbTSNbyEd5SMy3VS1Mk/kz6O2Ev/3QZut8GE2\nq3eGtLBoVQigBwYFK4EEACKhZANiAASs8Wxjk/uRimRKXnPr2/wDaXkN9wMDjYQK\nmZULb+0ZP1/cXmuXuri8hUGhQvIU8KWY9PkpV+LMPEdpE54mHPKSLjq5CDXoSZ/P\n9f7cdRaOZ000KQPZfIFR9ujJTtDN7Vs=\n-----END EC PRIVATE KEY-----\n", + }, + { + kid: "pkZ0pTKK0X", + key: "-----BEGIN EC PRIVATE KEY-----\nMHQCAQEEIHenfsXYPc5yzjZKUfvmydDR1YRwdsfZYvwHf/2wsYxooAcGBSuBBAAK\noUQDQgAEON1x7Vlu+nA0KvC5vYSOHhDUkfLYNZwYSLPFVT02h9E13yFFMIJegIBl\nAer+6PMZpPc8ycyeH9N+U9NAyliBhQ==\n-----END EC PRIVATE KEY-----\n", + }, + ], + }, + passwords: { + enabled: true, + schemes: [ + { + version: 1, + algorithm: "argon2id", + }, + ], + }, + policy: { + wasm_module: "/usr/local/share/mas-cli/policy.wasm", + client_registration_entrypoint: "client_registration/violation", + register_entrypoint: "register/violation", + authorization_grant_entrypoint: "authorization_grant/violation", + password_entrypoint: "password/violation", + email_entrypoint: "email/violation", + data: { + client_registration: { + allow_insecure_uris: true, + allow_missing_contacts: true, + }, + }, + }, + upstream_oauth2: { + providers: [], + }, + branding: { + service_name: null, + policy_uri: null, + tos_uri: null, + imprint: null, + logo_uri: null, + }, + experimental: { + access_token_ttl: 300, + compat_token_ttl: 300, + }, +}; + +export class MatrixAuthenticationServiceContainer extends GenericContainer { + private config: typeof DEFAULT_CONFIG; + + constructor() { + super("ghcr.io/matrix-org/matrix-authentication-service:0.8.0"); + + this.config = deepCopy(DEFAULT_CONFIG); + + this.withWaitStrategy(Wait.forHttp("/health", 8081)).withCommand(["server", "--config", "/config/config.yaml"]); + } + + public withConfig(config: object): this { + this.config = { + ...this.config, + ...config, + }; + return this; + } + + public override async start(): Promise { + const port = await getFreePort(); + + this.config.http.public_base = `http://localhost:${port}/`; + this.config.http.issuer = `http://localhost:${port}/`; + + this.withExposedPorts({ + container: 8080, + host: port, + }).withCopyContentToContainer([ + { + target: "/config/config.yaml", + content: YAML.stringify(this.config), + }, + ]); + + return super.start(); + } +} diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts new file mode 100644 index 00000000000..c3cb0ab69fa --- /dev/null +++ b/playwright/testcontainers/synapse.ts @@ -0,0 +1,323 @@ +/* +Copyright 2024 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { AbstractStartedContainer, GenericContainer, StartedTestContainer, Wait } from "testcontainers"; +import { APIRequestContext } from "@playwright/test"; +import crypto from "node:crypto"; +import * as YAML from "yaml"; +import { deepCopy } from "matrix-js-sdk/src/utils"; +import { set } from "lodash"; + +import { getFreePort } from "../plugins/utils/port.ts"; +import { randB64Bytes } from "../plugins/utils/rand.ts"; +import { Credentials, HomeserverInstance } from "../plugins/homeserver"; + +const TAG = "develop@sha256:17cc0a301447430624afb860276e5c13270ddeb99a3f6d1c6d519a20b1a8f650"; + +const DEFAULT_CONFIG = { + server_name: "localhost", + public_baseurl: "", + pid_file: "/homeserver.pid", + web_client: false, + soft_file_limit: 0, + log_config: "/data/log.config", + listeners: [ + { + port: 8008, + tls: false, + bind_addresses: ["::"], + type: "http", + x_forwarded: true, + resources: [ + { + names: ["client"], + compress: false, + }, + ], + }, + ], + database: { + name: "sqlite3", + args: { + database: ":memory:", + }, + }, + rc_messages_per_second: 10000, + rc_message_burst_count: 10000, + rc_registration: { + per_second: 10000, + burst_count: 10000, + }, + rc_joins: { + local: { + per_second: 9999, + burst_count: 9999, + }, + remote: { + per_second: 9999, + burst_count: 9999, + }, + }, + rc_joins_per_room: { + per_second: 9999, + burst_count: 9999, + }, + rc_3pid_validation: { + per_second: 1000, + burst_count: 1000, + }, + rc_invites: { + per_room: { + per_second: 1000, + burst_count: 1000, + }, + per_user: { + per_second: 1000, + burst_count: 1000, + }, + }, + rc_login: { + address: { + per_second: 10000, + burst_count: 10000, + }, + account: { + per_second: 10000, + burst_count: 10000, + }, + failed_attempts: { + per_second: 10000, + burst_count: 10000, + }, + }, + media_store_path: "/media", + max_upload_size: "50M", + max_image_pixels: "32M", + dynamic_thumbnails: false, + enable_registration: true, + enable_registration_without_verification: true, + disable_msisdn_registration: false, + registrations_require_3pid: [], + registration_shared_secret: "secret", + enable_metrics: false, + report_stats: false, + macaroon_secret_key: "secret", + form_secret: "secret", + signing_key_path: "/data/localhost.signing.key", + trusted_key_servers: [], + password_config: { + enabled: true, + }, + ui_auth: { + session_timeout: "300s", + }, + background_updates: { + min_batch_size: 100000, + sleep_duration_ms: 100000, + }, + enable_authenticated_media: true, + email: undefined, + user_consent: undefined, + server_notices: undefined, + allow_guest_access: false, + experimental_features: {}, + oidc_providers: [], + serve_server_wellknown: true, +}; + +export type SynapseConfigOptions = Partial; + +export class SynapseContainer extends GenericContainer { + private config: typeof DEFAULT_CONFIG; + + constructor(private readonly request: APIRequestContext) { + super(`ghcr.io/element-hq/synapse:${TAG}`); + + this.config = deepCopy(DEFAULT_CONFIG); + this.config.registration_shared_secret = randB64Bytes(16); + this.config.macaroon_secret_key = randB64Bytes(16); + this.config.form_secret = randB64Bytes(16); + + const signingKey = randB64Bytes(32); + this.withWaitStrategy(Wait.forHttp("/health", 8008)).withCopyContentToContainer([ + { target: "/data/localhost.signing.key", content: `ed25519 x ${signingKey}` }, + { + target: "/data/log.config", + content: YAML.stringify({ + version: 1, + formatters: { + precise: { + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s", + }, + }, + handlers: { + console: { + class: "logging.StreamHandler", + formatter: "precise", + }, + }, + loggers: { + "synapse.storage.SQL": { + level: "DEBUG", + }, + "twisted": { + handlers: ["console"], + propagate: false, + }, + }, + root: { + level: "DEBUG", + handlers: ["console"], + }, + disable_existing_loggers: false, + }), + }, + ]); + } + + public withConfigField(key: string, value: any): this { + set(this.config, key, value); + return this; + } + + public withConfig(config: Partial): this { + this.config = { + ...this.config, + ...config, + }; + return this; + } + + public override async start(): Promise { + const port = await getFreePort(); + + this.withExposedPorts({ + container: 8008, + host: port, + }) + .withConfig({ + public_baseurl: `http://localhost:${port}`, + }) + .withCopyContentToContainer([ + { + target: "/data/homeserver.yaml", + content: YAML.stringify(this.config), + }, + ]); + + return new StartedSynapseContainer( + await super.start(), + `http://localhost:${port}`, + this.config.registration_shared_secret, + this.request, + ); + } +} + +export class StartedSynapseContainer extends AbstractStartedContainer implements HomeserverInstance { + private adminToken?: string; + + constructor( + container: StartedTestContainer, + public readonly baseUrl: string, + private readonly registrationSharedSecret: string, + private readonly request: APIRequestContext, + ) { + super(container); + } + + private async registerUserInternal( + username: string, + password: string, + displayName?: string, + admin = false, + ): Promise { + const url = `${this.baseUrl}/_synapse/admin/v1/register`; + const { nonce } = await this.request.get(url).then((r) => r.json()); + const mac = crypto + .createHmac("sha1", this.registrationSharedSecret) + .update(`${nonce}\0${username}\0${password}\0${admin ? "" : "not"}admin`) + .digest("hex"); + const res = await this.request.post(url, { + data: { + nonce, + username, + password, + mac, + admin, + displayname: displayName, + }, + }); + + if (!res.ok()) { + throw await res.json(); + } + + const data = await res.json(); + return { + homeServer: data.home_server, + accessToken: data.access_token, + userId: data.user_id, + deviceId: data.device_id, + password, + displayName, + }; + } + + public registerUser(username: string, password: string, displayName?: string): Promise { + return this.registerUserInternal(username, password, displayName, false); + } + + public async loginUser(userId: string, password: string): Promise { + const url = `${this.baseUrl}/_matrix/client/v3/login`; + const res = await this.request.post(url, { + data: { + type: "m.login.password", + identifier: { + type: "m.id.user", + user: userId, + }, + password: password, + }, + }); + const json = await res.json(); + + return { + password, + accessToken: json.access_token, + userId: json.user_id, + deviceId: json.device_id, + homeServer: json.home_server, + }; + } + + public async setThreepid(userId: string, medium: string, address: string): Promise { + if (this.adminToken === undefined) { + const result = await this.registerUserInternal("admin", "totalyinsecureadminpassword", undefined, true); + this.adminToken = result.accessToken; + } + + const url = `${this.baseUrl}/_synapse/admin/v2/users/${userId}`; + const res = await this.request.put(url, { + data: { + threepids: [ + { + medium, + address, + }, + ], + }, + headers: { + Authorization: `Bearer ${this.adminToken}`, + }, + }); + + if (!res.ok()) { + throw await res.json(); + } + } +} diff --git a/yarn.lock b/yarn.lock index e72b11a5ede..a68b8cf97ae 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1158,6 +1158,11 @@ "@babel/helper-string-parser" "^7.25.9" "@babel/helper-validator-identifier" "^7.25.9" +"@balena/dockerignore@^1.0.2": + version "1.0.2" + resolved "https://registry.yarnpkg.com/@balena/dockerignore/-/dockerignore-1.0.2.tgz#9ffe4726915251e8eb69f44ef3547e0da2c03e0d" + integrity sha512-wMue2Sy4GAVTk6Ic4tJVcnfdau+gx2EnG7S+uAEe+TWJFqE4YoWN4/H8MSLj4eYJKxGg26lZwboEniNiNwZQ6Q== + "@bcoe/v8-coverage@^0.2.3": version "0.2.3" resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" @@ -1542,6 +1547,11 @@ resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.57.1.tgz#de633db3ec2ef6a3c89e2f19038063e8a122e2c2" integrity sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q== +"@fastify/busboy@^2.0.0": + version "2.1.1" + resolved "https://registry.yarnpkg.com/@fastify/busboy/-/busboy-2.1.1.tgz#b9da6a878a371829a0502c9b6c1c143ef6663f4d" + integrity sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA== + "@floating-ui/core@^1.6.0": version "1.6.8" resolved "https://registry.yarnpkg.com/@floating-ui/core/-/core-1.6.8.tgz#aa43561be075815879305965020f492cdb43da12" @@ -2076,6 +2086,11 @@ tslib "^2.6.2" webcrypto-core "^1.8.0" +"@pkgjs/parseargs@^0.11.0": + version "0.11.0" + resolved "https://registry.yarnpkg.com/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33" + integrity sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg== + "@playwright/test@^1.40.1": version "1.49.1" resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.49.1.tgz#55fa360658b3187bfb6371e2f8a64f50ef80c827" @@ -2657,6 +2672,13 @@ "@svgr/plugin-jsx" "8.1.0" "@svgr/plugin-svgo" "8.1.0" +"@testcontainers/postgresql@^10.16.0": + version "10.16.0" + resolved "https://registry.yarnpkg.com/@testcontainers/postgresql/-/postgresql-10.16.0.tgz#0437a9b426d64ea958e745a0e2ae19462b786f81" + integrity sha512-zWFQI+3QxlEELRvVv27i6zlVEPNUz9zKaSh7iWmFlCdfhcyr78daS0FG8FIfdQ79VK7YXA4jv+dTYXa2SwXu/w== + dependencies: + testcontainers "^10.16.0" + "@testing-library/dom@^10.4.0": version "10.4.0" resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-10.4.0.tgz#82a9d9462f11d240ecadbf406607c6ceeeff43a8" @@ -2824,6 +2846,23 @@ resolved "https://registry.yarnpkg.com/@types/diff-match-patch/-/diff-match-patch-1.0.36.tgz#dcef10a69d357fe9d43ac4ff2eca6b85dbf466af" integrity sha512-xFdR6tkm0MWvBfO8xXCSsinYxHcqkQUlcHeSpMC2ukzOb6lwQAfDmW+Qt0AvlGd8HpsS28qKsB+oPeJn9I39jg== +"@types/docker-modem@*": + version "3.0.6" + resolved "https://registry.yarnpkg.com/@types/docker-modem/-/docker-modem-3.0.6.tgz#1f9262fcf85425b158ca725699a03eb23cddbf87" + integrity sha512-yKpAGEuKRSS8wwx0joknWxsmLha78wNMe9R2S3UNsVOkZded8UqOrV8KoeDXoXsjndxwyF3eIhyClGbO1SEhEg== + dependencies: + "@types/node" "*" + "@types/ssh2" "*" + +"@types/dockerode@^3.3.29": + version "3.3.33" + resolved "https://registry.yarnpkg.com/@types/dockerode/-/dockerode-3.3.33.tgz#67d9b4223caf41a0735695abe89c292e05d305c9" + integrity sha512-7av8lVOhkW7Xd11aZTSq5zhdpyNraldXwQR0pxUCiSNTvIzsP86KrFrmrZgxtrXD2Zrtzwt4H6OYLbATONWzWg== + dependencies: + "@types/docker-modem" "*" + "@types/node" "*" + "@types/ssh2" "*" + "@types/escape-html@^1.0.1": version "1.0.4" resolved "https://registry.yarnpkg.com/@types/escape-html/-/escape-html-1.0.4.tgz#dc7c166b76c7b03b27e32f80edf01d91eb5d9af2" @@ -3088,6 +3127,13 @@ dependencies: undici-types "~5.26.4" +"@types/node@^18.11.18": + version "18.19.69" + resolved "https://registry.yarnpkg.com/@types/node/-/node-18.19.69.tgz#748d301818ba4b238854c53d290257a70aae7d01" + integrity sha512-ECPdY1nlaiO/Y6GUnwgtAAhLNaQ53AyIVz+eILxpEo5OvuqE6yWkqWBIb5dU0DqhKQtMeny+FBD3PK6lm7L5xQ== + dependencies: + undici-types "~5.26.4" + "@types/normalize-package-data@^2.4.0": version "2.4.4" resolved "https://registry.yarnpkg.com/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz#56e2cc26c397c038fab0e3a917a12d5c5909e901" @@ -3232,6 +3278,28 @@ dependencies: "@types/node" "*" +"@types/ssh2-streams@*": + version "0.1.12" + resolved "https://registry.yarnpkg.com/@types/ssh2-streams/-/ssh2-streams-0.1.12.tgz#e68795ba2bf01c76b93f9c9809e1f42f0eaaec5f" + integrity sha512-Sy8tpEmCce4Tq0oSOYdfqaBpA3hDM8SoxoFh5vzFsu2oL+znzGz8oVWW7xb4K920yYMUY+PIG31qZnFMfPWNCg== + dependencies: + "@types/node" "*" + +"@types/ssh2@*": + version "1.15.1" + resolved "https://registry.yarnpkg.com/@types/ssh2/-/ssh2-1.15.1.tgz#4db4b6864abca09eb299fe5354fa591add412223" + integrity sha512-ZIbEqKAsi5gj35y4P4vkJYly642wIbY6PqoN0xiyQGshKUGXR9WQjF/iF9mXBQ8uBKy3ezfsCkcoHKhd0BzuDA== + dependencies: + "@types/node" "^18.11.18" + +"@types/ssh2@^0.5.48": + version "0.5.52" + resolved "https://registry.yarnpkg.com/@types/ssh2/-/ssh2-0.5.52.tgz#9dbd8084e2a976e551d5e5e70b978ed8b5965741" + integrity sha512-lbLLlXxdCZOSJMCInKH2+9V/77ET2J6NPQHpFI0kda61Dd1KglJs+fPQBchizmzYSOJBgdTajhPqBO1xxLywvg== + dependencies: + "@types/node" "*" + "@types/ssh2-streams" "*" + "@types/stack-utils@^2.0.0": version "2.0.3" resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.3.tgz#6209321eb2c1712a7e7466422b8cb1fc0d9dd5d8" @@ -3390,7 +3458,7 @@ ts-xor "^1.3.0" vaul "^1.0.0" -"@vector-im/matrix-wysiwyg-wasm@link:../../bindings/wysiwyg-wasm": +"@vector-im/matrix-wysiwyg-wasm@link:../../Library/Caches/Yarn/v6/npm-@vector-im-matrix-wysiwyg-2.38.0-af862ffd231dc0a6b8d6f2cb3601e68456c0ff24-integrity/node_modules/bindings/wysiwyg-wasm": version "0.0.0" uid "" @@ -3569,6 +3637,13 @@ abab@^2.0.6: resolved "https://registry.yarnpkg.com/abab/-/abab-2.0.6.tgz#41b80f2c871d19686216b82309231cfd3cb3d291" integrity sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA== +abort-controller@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/abort-controller/-/abort-controller-3.0.0.tgz#eaf54d53b62bae4138e809ca225c8439a6efb392" + integrity sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg== + dependencies: + event-target-shim "^5.0.0" + accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8: version "1.3.8" resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.8.tgz#0bf0be125b67014adcb0b0921e62db7bffe16b2e" @@ -3727,6 +3802,32 @@ anymatch@^3.0.3, anymatch@~3.1.2: normalize-path "^3.0.0" picomatch "^2.0.4" +archiver-utils@^5.0.0, archiver-utils@^5.0.2: + version "5.0.2" + resolved "https://registry.yarnpkg.com/archiver-utils/-/archiver-utils-5.0.2.tgz#63bc719d951803efc72cf961a56ef810760dd14d" + integrity sha512-wuLJMmIBQYCsGZgYLTy5FIB2pF6Lfb6cXMSF8Qywwk3t20zWnAi7zLcQFdKQmIB8wyZpY5ER38x08GbwtR2cLA== + dependencies: + glob "^10.0.0" + graceful-fs "^4.2.0" + is-stream "^2.0.1" + lazystream "^1.0.0" + lodash "^4.17.15" + normalize-path "^3.0.0" + readable-stream "^4.0.0" + +archiver@^7.0.1: + version "7.0.1" + resolved "https://registry.yarnpkg.com/archiver/-/archiver-7.0.1.tgz#c9d91c350362040b8927379c7aa69c0655122f61" + integrity sha512-ZcbTaIqJOfCc03QwD468Unz/5Ir8ATtvAHsK+FdXbDIbGfihqh9mrvdcYunQzqn4HrvWWaFyaxJhGZagaJJpPQ== + dependencies: + archiver-utils "^5.0.2" + async "^3.2.4" + buffer-crc32 "^1.0.0" + readable-stream "^4.0.0" + readdir-glob "^1.1.2" + tar-stream "^3.0.0" + zip-stream "^6.0.1" + arg@^4.1.0: version "4.1.3" resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089" @@ -3862,6 +3963,13 @@ arraybuffer.prototype.slice@^1.0.3: is-array-buffer "^3.0.4" is-shared-array-buffer "^1.0.2" +asn1@^0.2.6: + version "0.2.6" + resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.6.tgz#0d3a7bb6e64e02a90c0303b31f292868ea09a08d" + integrity sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ== + dependencies: + safer-buffer "~2.1.0" + asn1js@^3.0.5: version "3.0.5" resolved "https://registry.yarnpkg.com/asn1js/-/asn1js-3.0.5.tgz#5ea36820443dbefb51cc7f88a2ebb5b462114f38" @@ -3881,7 +3989,12 @@ astral-regex@^2.0.0: resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-2.0.0.tgz#483143c567aeed4785759c0865786dc77d7d2e31" integrity sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ== -async@^3.2.3: +async-lock@^1.4.1: + version "1.4.1" + resolved "https://registry.yarnpkg.com/async-lock/-/async-lock-1.4.1.tgz#56b8718915a9b68b10fce2f2a9a3dddf765ef53f" + integrity sha512-Az2ZTpuytrtqENulXwO3GGv1Bztugx6TT37NIo7imr/Qo0gsYiGtSdBa2B6fsXhTpVZDNfu1Qn3pk531e3q+nQ== + +async@^3.2.3, async@^3.2.4: version "3.2.6" resolved "https://registry.yarnpkg.com/async/-/async-3.2.6.tgz#1b0728e14929d51b85b449b7f06e27c1145e38ce" integrity sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA== @@ -3925,6 +4038,11 @@ axobject-query@^4.1.0: resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-4.1.0.tgz#28768c76d0e3cff21bc62a9e2d0b6ac30042a1ee" integrity sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ== +b4a@^1.6.4: + version "1.6.7" + resolved "https://registry.yarnpkg.com/b4a/-/b4a-1.6.7.tgz#a99587d4ebbfbd5a6e3b21bdb5d5fa385767abe4" + integrity sha512-OnAYlL5b7LEkALw87fUVafQw5rVR9RjwGd4KUwNQ6DrrNmaVaUCgLipfVlzrPQ4tWOR9P0IXGNOx50jYCCdSJg== + babel-jest@^29.0.0, babel-jest@^29.7.0: version "29.7.0" resolved "https://registry.yarnpkg.com/babel-jest/-/babel-jest-29.7.0.tgz#f4369919225b684c56085998ac63dbd05be020d5" @@ -4035,6 +4153,39 @@ balanced-match@^2.0.0: resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-2.0.0.tgz#dc70f920d78db8b858535795867bf48f820633d9" integrity sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA== +bare-events@^2.0.0, bare-events@^2.2.0: + version "2.5.0" + resolved "https://registry.yarnpkg.com/bare-events/-/bare-events-2.5.0.tgz#305b511e262ffd8b9d5616b056464f8e1b3329cc" + integrity sha512-/E8dDe9dsbLyh2qrZ64PEPadOQ0F4gbl1sUJOrmph7xOiIxfY8vwab/4bFLh4Y88/Hk/ujKcrQKc+ps0mv873A== + +bare-fs@^2.1.1: + version "2.3.5" + resolved "https://registry.yarnpkg.com/bare-fs/-/bare-fs-2.3.5.tgz#05daa8e8206aeb46d13c2fe25a2cd3797b0d284a" + integrity sha512-SlE9eTxifPDJrT6YgemQ1WGFleevzwY+XAP1Xqgl56HtcrisC2CHCZ2tq6dBpcH2TnNxwUEUGhweo+lrQtYuiw== + dependencies: + bare-events "^2.0.0" + bare-path "^2.0.0" + bare-stream "^2.0.0" + +bare-os@^2.1.0: + version "2.4.4" + resolved "https://registry.yarnpkg.com/bare-os/-/bare-os-2.4.4.tgz#01243392eb0a6e947177bb7c8a45123d45c9b1a9" + integrity sha512-z3UiI2yi1mK0sXeRdc4O1Kk8aOa/e+FNWZcTiPB/dfTWyLypuE99LibgRaQki914Jq//yAWylcAt+mknKdixRQ== + +bare-path@^2.0.0, bare-path@^2.1.0: + version "2.1.3" + resolved "https://registry.yarnpkg.com/bare-path/-/bare-path-2.1.3.tgz#594104c829ef660e43b5589ec8daef7df6cedb3e" + integrity sha512-lh/eITfU8hrj9Ru5quUp0Io1kJWIk1bTjzo7JH1P5dWmQ2EL4hFUlfI8FonAhSlgIfhn63p84CDY/x+PisgcXA== + dependencies: + bare-os "^2.1.0" + +bare-stream@^2.0.0: + version "2.6.1" + resolved "https://registry.yarnpkg.com/bare-stream/-/bare-stream-2.6.1.tgz#b3b9874fab05b662c9aea2706a12fb0698c46836" + integrity sha512-eVZbtKM+4uehzrsj49KtCy3Pbg7kO1pJ3SKZ1SFrIH/0pnj9scuGGgUlNDf/7qS8WKtGdiJY5Kyhs/ivYPTB/g== + dependencies: + streamx "^2.21.0" + base-x@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/base-x/-/base-x-5.0.0.tgz#6d835ceae379130e1a4cb846a70ac4746f28ea9b" @@ -4045,11 +4196,23 @@ base64-arraybuffer@^1.0.2: resolved "https://registry.yarnpkg.com/base64-arraybuffer/-/base64-arraybuffer-1.0.2.tgz#1c37589a7c4b0746e34bd1feb951da2df01c1bdc" integrity sha512-I3yl4r9QB5ZRY3XuJVEPfc2XhZO6YweFPI+UovAzn+8/hb3oJ6lnysaFcjVpkCPfVWFUDvoZ8kmVDP7WyRtYtQ== +base64-js@^1.3.1: + version "1.5.1" + resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" + integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== + batch@0.6.1: version "0.6.1" resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16" integrity sha512-x+VAiMRL6UPkx+kudNvxTl6hB2XNNCG2r+7wixVfIYwu/2HKRXimwQyaumLjMveWvT2Hkd/cAJw+QBMfJ/EKVw== +bcrypt-pbkdf@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" + integrity sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w== + dependencies: + tweetnacl "^0.14.3" + big.js@^5.2.2: version "5.2.2" resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328" @@ -4060,6 +4223,15 @@ binary-extensions@^2.0.0: resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.3.0.tgz#f6e14a97858d327252200242d4ccfe522c445522" integrity sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw== +bl@^4.0.3: + version "4.1.0" + resolved "https://registry.yarnpkg.com/bl/-/bl-4.1.0.tgz#451535264182bec2fbbc83a62ab98cf11d9f7b3a" + integrity sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w== + dependencies: + buffer "^5.5.0" + inherits "^2.0.4" + readable-stream "^3.4.0" + blob-polyfill@^9.0.0: version "9.0.20240710" resolved "https://registry.yarnpkg.com/blob-polyfill/-/blob-polyfill-9.0.20240710.tgz#2ef075a207311ea327704f04dc4a98cbefe4143b" @@ -4161,11 +4333,37 @@ bser@2.1.1: dependencies: node-int64 "^0.4.0" +buffer-crc32@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/buffer-crc32/-/buffer-crc32-1.0.0.tgz#a10993b9055081d55304bd9feb4a072de179f405" + integrity sha512-Db1SbgBS/fg/392AblrMJk97KggmvYhr4pB5ZIMTWtaivCPMWLkmb7m21cJvpvgK+J3nsU2CmmixNBZx4vFj/w== + buffer-from@^1.0.0: version "1.1.2" resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== +buffer@^5.5.0: + version "5.7.1" + resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0" + integrity sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ== + dependencies: + base64-js "^1.3.1" + ieee754 "^1.1.13" + +buffer@^6.0.3: + version "6.0.3" + resolved "https://registry.yarnpkg.com/buffer/-/buffer-6.0.3.tgz#2ace578459cc8fbe2a70aaa8f52ee63b6a74c6c6" + integrity sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA== + dependencies: + base64-js "^1.3.1" + ieee754 "^1.2.1" + +buildcheck@~0.0.6: + version "0.0.6" + resolved "https://registry.yarnpkg.com/buildcheck/-/buildcheck-0.0.6.tgz#89aa6e417cfd1e2196e3f8fe915eb709d2fe4238" + integrity sha512-8f9ZJCUXyT1M35Jx7MkBgmBMo3oHTTBIPLiY9xyL0pl3T5RwcPEY8cUHr5LBNfu/fk6c2T4DJZuVM/8ZZT2D2A== + builtin-modules@^3.3.0: version "3.3.0" resolved "https://registry.yarnpkg.com/builtin-modules/-/builtin-modules-3.3.0.tgz#cae62812b89801e9656336e46223e030386be7b6" @@ -4178,6 +4376,11 @@ bundle-name@^4.1.0: dependencies: run-applescript "^7.0.0" +byline@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/byline/-/byline-5.0.0.tgz#741c5216468eadc457b03410118ad77de8c1ddb1" + integrity sha512-s6webAy+R4SR8XVuJWt2V2rGvhnrhxN+9S15GNuTK3wKPOXFF6RNc+8ug2XhH+2s4f+uudG4kUVYmYOQWL2g0Q== + bytes@3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048" @@ -4322,6 +4525,11 @@ chokidar@^4.0.0: dependencies: readdirp "^4.0.1" +chownr@^1.1.1: + version "1.1.4" + resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.1.4.tgz#6fc9d7b42d32a583596337666e7d08084da2cc6b" + integrity sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg== + chrome-trace-event@^1.0.2: version "1.0.4" resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz#05bffd7ff928465093314708c93bdfa9bd1f0f5b" @@ -4518,6 +4726,17 @@ commonmark@^0.31.0: mdurl "~1.0.1" minimist "~1.2.8" +compress-commons@^6.0.2: + version "6.0.2" + resolved "https://registry.yarnpkg.com/compress-commons/-/compress-commons-6.0.2.tgz#26d31251a66b9d6ba23a84064ecd3a6a71d2609e" + integrity sha512-6FqVXeETqWPoGcfzrXb37E50NP0LXT8kAMu5ooZayhWWdgEY4lBEEcbQNXtkuKQsGduxiIcI4gOTsxTmuq/bSg== + dependencies: + crc-32 "^1.2.0" + crc32-stream "^6.0.0" + is-stream "^2.0.1" + normalize-path "^3.0.0" + readable-stream "^4.0.0" + compressible@~2.0.16: version "2.0.18" resolved "https://registry.yarnpkg.com/compressible/-/compressible-2.0.18.tgz#af53cca6b070d4c3c0750fbd77286a6d7cc46fba" @@ -4659,11 +4878,32 @@ counterpart@^0.18.6: pluralizers "^0.1.7" sprintf-js "^1.0.3" +cpu-features@~0.0.10: + version "0.0.10" + resolved "https://registry.yarnpkg.com/cpu-features/-/cpu-features-0.0.10.tgz#9aae536db2710c7254d7ed67cb3cbc7d29ad79c5" + integrity sha512-9IkYqtX3YHPCzoVg1Py+o9057a3i0fp7S530UWokCSaFVTc7CwXPRiOjRjBQQ18ZCNafx78YfnG+HALxtVmOGA== + dependencies: + buildcheck "~0.0.6" + nan "^2.19.0" + crc-32@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/crc-32/-/crc-32-0.3.0.tgz#6a3d3687f5baec41f7e9b99fe1953a2e5d19775e" integrity sha512-kucVIjOmMc1f0tv53BJ/5WIX+MGLcKuoBhnGqQrgKJNqLByb/sVMWfW/Aw6hw0jgcqjJ2pi9E5y32zOIpaUlsA== +crc-32@^1.2.0: + version "1.2.2" + resolved "https://registry.yarnpkg.com/crc-32/-/crc-32-1.2.2.tgz#3cad35a934b8bf71f25ca524b6da51fb7eace2ff" + integrity sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ== + +crc32-stream@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/crc32-stream/-/crc32-stream-6.0.0.tgz#8529a3868f8b27abb915f6c3617c0fadedbf9430" + integrity sha512-piICUB6ei4IlTv1+653yq5+KoqfBYmj9bw6LqXoOneTMDXk5nM1qt12mFW1caG3LlJXEKW1Bp0WggEmIfQB34g== + dependencies: + crc-32 "^1.2.0" + readable-stream "^4.0.0" + create-jest@^29.7.0: version "29.7.0" resolved "https://registry.yarnpkg.com/create-jest/-/create-jest-29.7.0.tgz#a355c5b3cb1e1af02ba177fe7afd7feee49a5320" @@ -4972,7 +5212,7 @@ debug@2.6.9: dependencies: ms "2.0.0" -debug@4, debug@^4.1.0, debug@^4.3.1: +debug@4, debug@^4.1.0, debug@^4.3.1, debug@^4.3.5: version "4.4.0" resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.0.tgz#2b3f2aea2ffeb776477460267377dc8710faba8a" integrity sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA== @@ -5140,6 +5380,32 @@ dns-packet@^5.2.2: dependencies: "@leichtgewicht/ip-codec" "^2.0.1" +docker-compose@^0.24.8: + version "0.24.8" + resolved "https://registry.yarnpkg.com/docker-compose/-/docker-compose-0.24.8.tgz#6c125e6b9e04cf68ced47e2596ef2bb93ee9694e" + integrity sha512-plizRs/Vf15H+GCVxq2EUvyPK7ei9b/cVesHvjnX4xaXjM9spHe2Ytq0BitndFgvTJ3E3NljPNUEl7BAN43iZw== + dependencies: + yaml "^2.2.2" + +docker-modem@^3.0.0: + version "3.0.8" + resolved "https://registry.yarnpkg.com/docker-modem/-/docker-modem-3.0.8.tgz#ef62c8bdff6e8a7d12f0160988c295ea8705e77a" + integrity sha512-f0ReSURdM3pcKPNS30mxOHSbaFLcknGmQjwSfmbcdOw1XWKXVhukM3NJHhr7NpY9BIyyWQb0EBo3KQvvuU5egQ== + dependencies: + debug "^4.1.1" + readable-stream "^3.5.0" + split-ca "^1.0.1" + ssh2 "^1.11.0" + +dockerode@^3.3.5: + version "3.3.5" + resolved "https://registry.yarnpkg.com/dockerode/-/dockerode-3.3.5.tgz#7ae3f40f2bec53ae5e9a741ce655fff459745629" + integrity sha512-/0YNa3ZDNeLr/tSckmD69+Gq+qVNhvKfAHNeZJBnp7EOP6RGKV8ORrJHkUn20So5wU+xxT7+1n5u8PjHbfjbSA== + dependencies: + "@balena/dockerignore" "^1.0.2" + docker-modem "^3.0.0" + tar-fs "~2.0.1" + doctrine@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-2.1.0.tgz#5cd01fc101621b42c4cd7f5d1a66243716d3f39d" @@ -5354,6 +5620,13 @@ encodeurl@~2.0.0: resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-2.0.0.tgz#7b8ea898077d7e409d3ac45474ea38eaf0857a58" integrity sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg== +end-of-stream@^1.1.0, end-of-stream@^1.4.1: + version "1.4.4" + resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.4.tgz#5ae64a5f45057baf3626ec14da0ca5e4b2431eb0" + integrity sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q== + dependencies: + once "^1.4.0" + enhanced-resolve@^5.17.1: version "5.17.1" resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz#67bfbbcc2f81d511be77d686a90267ef7f898a15" @@ -5832,6 +6105,11 @@ etag@~1.8.1: resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887" integrity sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg== +event-target-shim@^5.0.0: + version "5.0.1" + resolved "https://registry.yarnpkg.com/event-target-shim/-/event-target-shim-5.0.1.tgz#5d4d3ebdf9583d63a5333ce2deb7480ab2b05789" + integrity sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ== + eventemitter3@^4.0.0: version "4.0.7" resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f" @@ -5842,7 +6120,7 @@ eventemitter3@^5.0.1: resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-5.0.1.tgz#53f5ffd0a492ac800721bb42c66b841de96423c4" integrity sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA== -events@^3.2.0: +events@^3.2.0, events@^3.3.0: version "3.3.0" resolved "https://registry.yarnpkg.com/events/-/events-3.3.0.tgz#31a95ad0a924e2d2c419a813aeb2c4e878ea7400" integrity sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q== @@ -5952,6 +6230,11 @@ fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3: resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525" integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== +fast-fifo@^1.2.0, fast-fifo@^1.3.2: + version "1.3.2" + resolved "https://registry.yarnpkg.com/fast-fifo/-/fast-fifo-1.3.2.tgz#286e31de96eb96d38a97899815740ba2a4f3640c" + integrity sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ== + fast-glob@^3.2.7, fast-glob@^3.2.9, fast-glob@^3.3.2: version "3.3.2" resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.3.2.tgz#a904501e57cfdd2ffcded45e99a54fef55e46129" @@ -6216,6 +6499,11 @@ fresh@0.5.2: resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7" integrity sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q== +fs-constants@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs-constants/-/fs-constants-1.0.0.tgz#6be0de9be998ce16af8afc24497b9ee9b7ccd9ad" + integrity sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow== + fs-extra@^11.0.0: version "11.2.0" resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b" @@ -6320,6 +6608,11 @@ get-package-type@^0.1.0: resolved "https://registry.yarnpkg.com/get-package-type/-/get-package-type-0.1.0.tgz#8de2d803cff44df3bc6c456e6668b36c3926e11a" integrity sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q== +get-port@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/get-port/-/get-port-5.1.1.tgz#0469ed07563479de6efb986baf053dcd7d4e3193" + integrity sha512-g/Q1aTSDOxFpchXC4i8ZWvxA1lnPqx/JHqcpIw0/LX9T8x/GBbi6YnlN5nhaKIFkT8oFsscUKgDJYxfwfS6QsQ== + get-stream@^6.0.0, get-stream@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.1.tgz#a262d8eef67aced57c2852ad6167526a43cbf7b7" @@ -6368,6 +6661,18 @@ glob-to-regexp@^0.4.0, glob-to-regexp@^0.4.1: resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz#c75297087c851b9a578bd217dd59a92f59fe546e" integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== +glob@^10.0.0: + version "10.4.5" + resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.5.tgz#f4d9f0b90ffdbab09c9d77f5f29b4262517b0956" + integrity sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg== + dependencies: + foreground-child "^3.1.0" + jackspeak "^3.1.2" + minimatch "^9.0.4" + minipass "^7.1.2" + package-json-from-dist "^1.0.0" + path-scurry "^1.11.1" + glob@^11.0.0: version "11.0.0" resolved "https://registry.yarnpkg.com/glob/-/glob-11.0.0.tgz#6031df0d7b65eaa1ccb9b29b5ced16cea658e77e" @@ -6780,7 +7085,7 @@ icss-utils@^5.0.0, icss-utils@^5.1.0: resolved "https://registry.yarnpkg.com/icss-utils/-/icss-utils-5.1.0.tgz#c6be6858abd013d768e98366ae47e25d5887b1ae" integrity sha512-soFhflCVWLfRNOPU3iv5Z9VUdT44xFRbzjLsEzSr5AQmgqPMTHdU3PMT1Cf1ssx8fLNJDA1juftYl+PUcv3MqA== -ieee754@^1.1.12: +ieee754@^1.1.12, ieee754@^1.1.13, ieee754@^1.2.1: version "1.2.1" resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== @@ -6839,7 +7144,7 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.3: +inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.3: version "2.0.4" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== @@ -7127,7 +7432,7 @@ is-shared-array-buffer@^1.0.2, is-shared-array-buffer@^1.0.3: dependencies: call-bind "^1.0.7" -is-stream@^2.0.0: +is-stream@^2.0.0, is-stream@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-2.0.1.tgz#fac1e3d53b97ad5a9d0ae9cef2389f5810a5c077" integrity sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg== @@ -7280,6 +7585,15 @@ iterator.prototype@^1.1.3: reflect.getprototypeof "^1.0.4" set-function-name "^2.0.1" +jackspeak@^3.1.2: + version "3.4.3" + resolved "https://registry.yarnpkg.com/jackspeak/-/jackspeak-3.4.3.tgz#8833a9d89ab4acde6188942bd1c53b6390ed5a8a" + integrity sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw== + dependencies: + "@isaacs/cliui" "^8.0.2" + optionalDependencies: + "@pkgjs/parseargs" "^0.11.0" + jackspeak@^4.0.1: version "4.0.2" resolved "https://registry.yarnpkg.com/jackspeak/-/jackspeak-4.0.2.tgz#11f9468a3730c6ff6f56823a820d7e3be9bef015" @@ -7940,6 +8254,13 @@ launch-editor@^2.6.1: picocolors "^1.0.0" shell-quote "^1.8.1" +lazystream@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/lazystream/-/lazystream-1.0.1.tgz#494c831062f1f9408251ec44db1cba29242a2638" + integrity sha512-b94GiNHQNy6JNTrt5w6zNyffMrNkXZb3KTkCZJb2V1xaEGCk093vkZ2jk3tpaeP33/OiXC+WvK9AxUebnf5nbw== + dependencies: + readable-stream "^2.0.5" + leven@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/leven/-/leven-3.1.0.tgz#77891de834064cccba82ae7842bb6b14a13ed7f2" @@ -8095,7 +8416,7 @@ lodash.uniq@^4.5.0: resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773" integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== -lodash@^4.17.20, lodash@^4.17.21: +lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21: version "4.17.21" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== @@ -8439,7 +8760,7 @@ minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2: dependencies: brace-expansion "^1.1.7" -minimatch@^5.0.1: +minimatch@^5.0.1, minimatch@^5.1.0: version "5.1.6" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.1.6.tgz#1cfcb8cf5522ea69952cd2af95ae09477f122a96" integrity sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g== @@ -8475,6 +8796,11 @@ minipass@^4.2.4: resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.2.tgz#93a9626ce5e5e66bd4db86849e7515e92340a707" integrity sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw== +mkdirp-classic@^0.5.2: + version "0.5.3" + resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113" + integrity sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A== + mkdirp@0.5.6: version "0.5.6" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.6.tgz#7def03d2432dcae4ba1d611445c48396062255f6" @@ -8535,6 +8861,11 @@ murmurhash-js@^1.0.0: resolved "https://registry.yarnpkg.com/murmurhash-js/-/murmurhash-js-1.0.0.tgz#b06278e21fc6c37fa5313732b0412bcb6ae15f51" integrity sha512-TvmkNhkv8yct0SVBSy+o8wYzXjE4Zz3PCesbfs8HiCXXdcTuocApFv11UWlNFWKYsP2okqrhb7JNlSm9InBhIw== +nan@^2.19.0, nan@^2.20.0: + version "2.22.0" + resolved "https://registry.yarnpkg.com/nan/-/nan-2.22.0.tgz#31bc433fc33213c97bad36404bb68063de604de3" + integrity sha512-nbajikzWTMwsW+eSsNm3QwlOs7het9gGJU5dDZzRTQGk03vyBOauxgI4VakDzE0PtsGTmXPsXTbbjVhRwR5mpw== + nanoid@^3.3.7: version "3.3.8" resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf" @@ -8717,7 +9048,7 @@ on-headers@~1.0.2: resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f" integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA== -once@^1.3.0: +once@^1.3.0, once@^1.3.1, once@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== @@ -8953,7 +9284,7 @@ path-parse@^1.0.7: resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== -path-scurry@^1.6.1: +path-scurry@^1.11.1, path-scurry@^1.6.1: version "1.11.1" resolved "https://registry.yarnpkg.com/path-scurry/-/path-scurry-1.11.1.tgz#7960a668888594a0720b12a911d1a742ab9f11d2" integrity sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA== @@ -9780,6 +10111,22 @@ prop-types@^15.6.2, prop-types@^15.7.2, prop-types@^15.8.1: object-assign "^4.1.1" react-is "^16.13.1" +proper-lockfile@^4.1.2: + version "4.1.2" + resolved "https://registry.yarnpkg.com/proper-lockfile/-/proper-lockfile-4.1.2.tgz#c8b9de2af6b2f1601067f98e01ac66baa223141f" + integrity sha512-TjNPblN4BwAWMXU8s9AEz4JmQxnD1NNL7bNOY/AKUzyamc379FWASUhc/K1pL2noVb+XmZKLL68cjzLsiOAMaA== + dependencies: + graceful-fs "^4.2.4" + retry "^0.12.0" + signal-exit "^3.0.2" + +properties-reader@^2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/properties-reader/-/properties-reader-2.3.0.tgz#f3ab84224c9535a7a36e011ae489a79a13b472b2" + integrity sha512-z597WicA7nDZxK12kZqHr2TcvwNU1GCfA5UwfDY/HDp3hXPoPlb5rlEx9bwGTiJnc0OqbBTkU975jDToth8Gxw== + dependencies: + mkdirp "^1.0.4" + protocol-buffers-schema@^3.3.1: version "3.6.0" resolved "https://registry.yarnpkg.com/protocol-buffers-schema/-/protocol-buffers-schema-3.6.0.tgz#77bc75a48b2ff142c1ad5b5b90c94cd0fa2efd03" @@ -9803,6 +10150,14 @@ psl@^1.1.33: resolved "https://registry.yarnpkg.com/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7" integrity sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag== +pump@^3.0.0: + version "3.0.2" + resolved "https://registry.yarnpkg.com/pump/-/pump-3.0.2.tgz#836f3edd6bc2ee599256c924ffe0d88573ddcbf8" + integrity sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw== + dependencies: + end-of-stream "^1.1.0" + once "^1.3.1" + punycode@^2.1.0, punycode@^2.1.1: version "2.3.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" @@ -9856,6 +10211,11 @@ queue-microtask@^1.2.2: resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" integrity sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== +queue-tick@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/queue-tick/-/queue-tick-1.0.1.tgz#f6f07ac82c1fd60f82e098b417a80e52f1f4c142" + integrity sha512-kJt5qhMxoszgU/62PLP1CJytzd2NKetjSRnyuj31fDd3Rlcz3fzlFdFLD1SItunPwyqEOkca6GbV612BWfaBag== + quickselect@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/quickselect/-/quickselect-2.0.0.tgz#f19680a486a5eefb581303e023e98faaf25dd018" @@ -10049,7 +10409,7 @@ read-pkg@^5.2.0: parse-json "^5.0.0" type-fest "^0.6.0" -readable-stream@^2.0.1, readable-stream@~2.3.6: +readable-stream@^2.0.1, readable-stream@^2.0.5, readable-stream@~2.3.6: version "2.3.8" resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.8.tgz#91125e8042bba1b9887f49345f6277027ce8be9b" integrity sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA== @@ -10062,7 +10422,7 @@ readable-stream@^2.0.1, readable-stream@~2.3.6: string_decoder "~1.1.1" util-deprecate "~1.0.1" -readable-stream@^3.0.6: +readable-stream@^3.0.6, readable-stream@^3.1.1, readable-stream@^3.4.0, readable-stream@^3.5.0: version "3.6.2" resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== @@ -10071,6 +10431,24 @@ readable-stream@^3.0.6: string_decoder "^1.1.1" util-deprecate "^1.0.1" +readable-stream@^4.0.0: + version "4.6.0" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-4.6.0.tgz#ce412dfb19c04efde1c5936d99c27f37a1ff94c9" + integrity sha512-cbAdYt0VcnpN2Bekq7PU+k363ZRsPwJoEEJOEtSJQlJXzwaxt3FIo/uL+KeDSGIjJqtkwyge4KQgD2S2kd+CQw== + dependencies: + abort-controller "^3.0.0" + buffer "^6.0.3" + events "^3.3.0" + process "^0.11.10" + string_decoder "^1.3.0" + +readdir-glob@^1.1.2: + version "1.1.3" + resolved "https://registry.yarnpkg.com/readdir-glob/-/readdir-glob-1.1.3.tgz#c3d831f51f5e7bfa62fa2ffbe4b508c640f09584" + integrity sha512-v05I2k7xN8zXvPD9N+z/uhXPaj0sUFCe2rcWZIpBsqxfP7xXFQ0tipAd/wjj1YxWyWtUS5IDJpOG82JKt2EAVA== + dependencies: + minimatch "^5.1.0" + readdirp@^4.0.1: version "4.0.2" resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-4.0.2.tgz#388fccb8b75665da3abffe2d8f8ed59fe74c230a" @@ -10289,6 +10667,11 @@ restore-cursor@^5.0.0: onetime "^7.0.0" signal-exit "^4.1.0" +retry@^0.12.0: + version "0.12.0" + resolved "https://registry.yarnpkg.com/retry/-/retry-0.12.0.tgz#1b42a6266a21f07421d1b0b54b7dc167b01c013b" + integrity sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow== + retry@^0.13.1: version "0.13.1" resolved "https://registry.yarnpkg.com/retry/-/retry-0.13.1.tgz#185b1587acf67919d63b357349e03537b2484658" @@ -10377,7 +10760,7 @@ safe-regex-test@^1.0.3: es-errors "^1.3.0" is-regex "^1.1.4" -"safer-buffer@>= 2.1.2 < 3", "safer-buffer@>= 2.1.2 < 3.0.0": +"safer-buffer@>= 2.1.2 < 3", "safer-buffer@>= 2.1.2 < 3.0.0", safer-buffer@~2.1.0: version "2.1.2" resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== @@ -10597,7 +10980,7 @@ side-channel@^1.0.4, side-channel@^1.0.6: get-intrinsic "^1.2.4" object-inspect "^1.13.1" -signal-exit@^3.0.3, signal-exit@^3.0.7: +signal-exit@^3.0.2, signal-exit@^3.0.3, signal-exit@^3.0.7: version "3.0.7" resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9" integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== @@ -10761,6 +11144,11 @@ spdy@^4.0.2: select-hose "^2.0.0" spdy-transport "^3.0.0" +split-ca@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/split-ca/-/split-ca-1.0.1.tgz#6c83aff3692fa61256e0cd197e05e9de157691a6" + integrity sha512-Q5thBSxp5t8WPTTJQS59LrGqOZqOsrhDGDVm8azCqIBjSBd7nd9o2PM+mDulQQkh8h//4U6hFZnc/mul8t5pWQ== + sprintf-js@^1.0.3: version "1.1.3" resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.3.tgz#4914b903a2f8b685d17fdf78a70e917e872e444a" @@ -10771,6 +11159,25 @@ sprintf-js@~1.0.2: resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g== +ssh-remote-port-forward@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/ssh-remote-port-forward/-/ssh-remote-port-forward-1.0.4.tgz#72b0c5df8ec27ca300c75805cc6b266dee07e298" + integrity sha512-x0LV1eVDwjf1gmG7TTnfqIzf+3VPRz7vrNIjX6oYLbeCrf/PeVY6hkT68Mg+q02qXxQhrLjB0jfgvhevoCRmLQ== + dependencies: + "@types/ssh2" "^0.5.48" + ssh2 "^1.4.0" + +ssh2@^1.11.0, ssh2@^1.4.0: + version "1.16.0" + resolved "https://registry.yarnpkg.com/ssh2/-/ssh2-1.16.0.tgz#79221d40cbf4d03d07fe881149de0a9de928c9f0" + integrity sha512-r1X4KsBGedJqo7h8F5c4Ybpcr5RjyP+aWIG007uBPRjmdQWfEiVLzSK71Zji1B9sKxwaCvD8y8cwSkYrlLiRRg== + dependencies: + asn1 "^0.2.6" + bcrypt-pbkdf "^1.0.2" + optionalDependencies: + cpu-features "~0.0.10" + nan "^2.20.0" + stack-utils@^2.0.3: version "2.0.6" resolved "https://registry.yarnpkg.com/stack-utils/-/stack-utils-2.0.6.tgz#aaf0748169c02fc33c8232abccf933f54a1cc34f" @@ -10788,6 +11195,17 @@ statuses@2.0.1: resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== +streamx@^2.15.0, streamx@^2.21.0: + version "2.21.1" + resolved "https://registry.yarnpkg.com/streamx/-/streamx-2.21.1.tgz#f02979d8395b6b637d08a589fb514498bed55845" + integrity sha512-PhP9wUnFLa+91CPy3N6tiQsK+gnYyUNuk15S3YG/zjYE7RuPeCjJngqnzpC31ow0lzBHQ+QGO4cNJnd0djYUsw== + dependencies: + fast-fifo "^1.3.2" + queue-tick "^1.0.1" + text-decoder "^1.1.0" + optionalDependencies: + bare-events "^2.2.0" + string-argv@~0.3.2: version "0.3.2" resolved "https://registry.yarnpkg.com/string-argv/-/string-argv-0.3.2.tgz#2b6d0ef24b656274d957d54e0a4bbf6153dc02b6" @@ -10900,7 +11318,7 @@ string.prototype.trimstart@^1.0.8: define-properties "^1.2.1" es-object-atoms "^1.0.0" -string_decoder@^1.1.1: +string_decoder@^1.1.1, string_decoder@^1.3.0: version "1.3.0" resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e" integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== @@ -11158,11 +11576,52 @@ tapable@^2.0.0, tapable@^2.1.1, tapable@^2.2.0, tapable@^2.2.1: resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== +tar-fs@^3.0.6: + version "3.0.6" + resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-3.0.6.tgz#eaccd3a67d5672f09ca8e8f9c3d2b89fa173f217" + integrity sha512-iokBDQQkUyeXhgPYaZxmczGPhnhXZ0CmrqI+MOb/WFGS9DW5wnfrLgtjUJBvz50vQ3qfRwJ62QVoCFu8mPVu5w== + dependencies: + pump "^3.0.0" + tar-stream "^3.1.5" + optionalDependencies: + bare-fs "^2.1.1" + bare-path "^2.1.0" + +tar-fs@~2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.0.1.tgz#e44086c1c60d31a4f0cf893b1c4e155dabfae9e2" + integrity sha512-6tzWDMeroL87uF/+lin46k+Q+46rAJ0SyPGz7OW7wTgblI273hsBqk2C1j0/xNadNLKDTUL9BukSjB7cwgmlPA== + dependencies: + chownr "^1.1.1" + mkdirp-classic "^0.5.2" + pump "^3.0.0" + tar-stream "^2.0.0" + tar-js@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/tar-js/-/tar-js-0.3.0.tgz#6949aabfb0ba18bb1562ae51a439fd0f30183a17" integrity sha512-9uqP2hJUZNKRkwPDe5nXxXdzo6w+BFBPq9x/tyi5/U/DneuSesO/HMb0y5TeWpfcv49YDJTs7SrrZeeu8ZHWDA== +tar-stream@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/tar-stream/-/tar-stream-2.2.0.tgz#acad84c284136b060dc3faa64474aa9aebd77287" + integrity sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ== + dependencies: + bl "^4.0.3" + end-of-stream "^1.4.1" + fs-constants "^1.0.0" + inherits "^2.0.3" + readable-stream "^3.1.1" + +tar-stream@^3.0.0, tar-stream@^3.1.5: + version "3.1.7" + resolved "https://registry.yarnpkg.com/tar-stream/-/tar-stream-3.1.7.tgz#24b3fb5eabada19fe7338ed6d26e5f7c482e792b" + integrity sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ== + dependencies: + b4a "^1.6.4" + fast-fifo "^1.2.0" + streamx "^2.15.0" + temporal-polyfill@^0.2.5: version "0.2.5" resolved "https://registry.yarnpkg.com/temporal-polyfill/-/temporal-polyfill-0.2.5.tgz#0796c40a50754c69ec0f9a2db3f6c582b9721aaf" @@ -11215,6 +11674,34 @@ test-exclude@^6.0.0: glob "^7.1.4" minimatch "^3.0.4" +testcontainers@^10.16.0: + version "10.16.0" + resolved "https://registry.yarnpkg.com/testcontainers/-/testcontainers-10.16.0.tgz#8a7e69ada5cd2c6cce1c6db72b3a3e8e412fcaf6" + integrity sha512-oxPLuOtrRWS11A+Yn0+zXB7GkmNarflWqmy6CQJk8KJ75LZs2/zlUXDpizTbPpCGtk4kE2EQYwFZjrE967F8Wg== + dependencies: + "@balena/dockerignore" "^1.0.2" + "@types/dockerode" "^3.3.29" + archiver "^7.0.1" + async-lock "^1.4.1" + byline "^5.0.0" + debug "^4.3.5" + docker-compose "^0.24.8" + dockerode "^3.3.5" + get-port "^5.1.1" + proper-lockfile "^4.1.2" + properties-reader "^2.3.0" + ssh-remote-port-forward "^1.0.4" + tar-fs "^3.0.6" + tmp "^0.2.3" + undici "^5.28.4" + +text-decoder@^1.1.0: + version "1.2.3" + resolved "https://registry.yarnpkg.com/text-decoder/-/text-decoder-1.2.3.tgz#b19da364d981b2326d5f43099c310cc80d770c65" + integrity sha512-3/o9z3X0X0fTupwsYvR03pJ/DjWuqqrfwBgTQzdWDiQSm9KitAyz/9WqsT2JQW7KV2m+bC2ol/zqpW37NHxLaA== + dependencies: + b4a "^1.6.4" + text-table@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" @@ -11248,6 +11735,11 @@ tinyqueue@^3.0.0: resolved "https://registry.yarnpkg.com/tinyqueue/-/tinyqueue-3.0.0.tgz#101ea761ccc81f979e29200929e78f1556e3661e" integrity sha512-gRa9gwYU3ECmQYv3lslts5hxuIa90veaEcxDYuu3QGOIAEM2mOZkVHp48ANJuu1CURtRdHKUBY5Lm1tHV+sD4g== +tmp@^0.2.3: + version "0.2.3" + resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.2.3.tgz#eb783cc22bc1e8bebd0671476d46ea4eb32a79ae" + integrity sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w== + tmpl@1.0.5: version "1.0.5" resolved "https://registry.yarnpkg.com/tmpl/-/tmpl-1.0.5.tgz#8683e0b902bb9c20c4f726e3c0b69f36518c07cc" @@ -11395,6 +11887,11 @@ tslib@^2.0.0, tslib@^2.4.0, tslib@^2.6.1, tslib@^2.6.2, tslib@^2.7.0: resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.8.0.tgz#d124c86c3c05a40a91e6fdea4021bd31d377971b" integrity sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA== +tweetnacl@^0.14.3: + version "0.14.5" + resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64" + integrity sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA== + type-check@^0.4.0, type-check@~0.4.0: version "0.4.0" resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.4.0.tgz#07b8203bfa7056c0657050e3ccd2c37730bab8f1" @@ -11520,6 +12017,13 @@ undici-types@~6.20.0: resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.20.0.tgz#8171bf22c1f588d1554d55bf204bc624af388433" integrity sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg== +undici@^5.28.4: + version "5.28.4" + resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068" + integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g== + dependencies: + "@fastify/busboy" "^2.0.0" + unhomoglyph@^1.0.6: version "1.0.6" resolved "https://registry.yarnpkg.com/unhomoglyph/-/unhomoglyph-1.0.6.tgz#ea41f926d0fcf598e3b8bb2980c2ddac66b081d3" @@ -12174,6 +12678,11 @@ yaml@^1.10.0: resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b" integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg== +yaml@^2.2.2: + version "2.7.0" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.7.0.tgz#aef9bb617a64c937a9a748803786ad8d3ffe1e98" + integrity sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA== + yaml@^2.3.3: version "2.6.1" resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.6.1.tgz#42f2b1ba89203f374609572d5349fb8686500773" @@ -12242,6 +12751,15 @@ yocto-queue@^1.0.0: resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-1.1.1.tgz#fef65ce3ac9f8a32ceac5a634f74e17e5b232110" integrity sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g== +zip-stream@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/zip-stream/-/zip-stream-6.0.1.tgz#e141b930ed60ccaf5d7fa9c8260e0d1748a2bbfb" + integrity sha512-zK7YHHz4ZXpW89AHXUPbQVGKI7uvkd3hzusTdotCg1UxyaVtg0zFJSTfW/Dq5f7OBBVnq6cZIaC8Ti4hb6dtCA== + dependencies: + archiver-utils "^5.0.0" + compress-commons "^6.0.2" + readable-stream "^4.0.0" + zod-validation-error@^3.0.3: version "3.4.0" resolved "https://registry.yarnpkg.com/zod-validation-error/-/zod-validation-error-3.4.0.tgz#3a8a1f55c65579822d7faa190b51336c61bee2a6" From 87a0acb53aa6ba1f9ccb203b2fc62b9df949a5dc Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Fri, 3 Jan 2025 18:54:31 +0000 Subject: [PATCH 05/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- package.json | 2 -- playwright/e2e/login/utils.ts | 3 +- playwright/plugins/utils/object.ts | 16 +++++++++++ playwright/testcontainers/dendrite.ts | 2 +- playwright/testcontainers/mas.ts | 6 ++-- playwright/testcontainers/synapse.ts | 2 +- yarn.lock | 40 +-------------------------- 7 files changed, 22 insertions(+), 49 deletions(-) create mode 100644 playwright/plugins/utils/object.ts diff --git a/package.json b/package.json index 846a8ca6d9b..b629e8e08e6 100644 --- a/package.json +++ b/package.json @@ -190,7 +190,6 @@ "@types/escape-html": "^1.0.1", "@types/express": "^5.0.0", "@types/file-saver": "^2.0.3", - "@types/fs-extra": "^11.0.0", "@types/glob-to-regexp": "^0.4.1", "@types/jest": "29.5.12", "@types/jitsi-meet": "^2.0.2", @@ -242,7 +241,6 @@ "fetch-mock": "9.11.0", "fetch-mock-jest": "^1.5.1", "file-loader": "^6.0.0", - "fs-extra": "^11.0.0", "glob": "^11.0.0", "html-webpack-plugin": "^5.5.3", "husky": "^9.0.0", diff --git a/playwright/e2e/login/utils.ts b/playwright/e2e/login/utils.ts index ae794bd9119..dffa6ad7be0 100644 --- a/playwright/e2e/login/utils.ts +++ b/playwright/e2e/login/utils.ts @@ -6,10 +6,9 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -import { Page, expect, Fixtures } from "@playwright/test"; +import { Page, expect } from "@playwright/test"; import { Credentials, HomeserverInstance } from "../../plugins/homeserver"; -import { Services } from "../../services.ts"; /** Visit the login page, choose to log in with "OAuth test", register a new account, and redirect back to Element */ diff --git a/playwright/plugins/utils/object.ts b/playwright/plugins/utils/object.ts new file mode 100644 index 00000000000..bfb92fecec2 --- /dev/null +++ b/playwright/plugins/utils/object.ts @@ -0,0 +1,16 @@ +/* +Copyright 2024 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +/** + * Deep copy the given object. The object MUST NOT have circular references and + * MUST NOT have functions. + * @param obj - The object to deep copy. + * @returns A copy of the object without any references to the original. + */ +export function deepCopy(obj: T): T { + return JSON.parse(JSON.stringify(obj)); +} diff --git a/playwright/testcontainers/dendrite.ts b/playwright/testcontainers/dendrite.ts index e073fbcada9..006e7d6b946 100644 --- a/playwright/testcontainers/dendrite.ts +++ b/playwright/testcontainers/dendrite.ts @@ -8,12 +8,12 @@ Please see LICENSE files in the repository root for full details. import { GenericContainer, Wait } from "testcontainers"; import { APIRequestContext } from "@playwright/test"; import * as YAML from "yaml"; -import { deepCopy } from "matrix-js-sdk/src/utils"; import { set } from "lodash"; import { getFreePort } from "../plugins/utils/port.ts"; import { randB64Bytes } from "../plugins/utils/rand.ts"; import { StartedSynapseContainer } from "./synapse.ts"; +import { deepCopy } from "../plugins/utils/object.ts"; const DEFAULT_CONFIG = { version: 2, diff --git a/playwright/testcontainers/mas.ts b/playwright/testcontainers/mas.ts index b4e5bf75377..f2cdef6794b 100644 --- a/playwright/testcontainers/mas.ts +++ b/playwright/testcontainers/mas.ts @@ -5,13 +5,11 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -import { AbstractStartedContainer, GenericContainer, StartedTestContainer, Wait } from "testcontainers"; -import crypto from "node:crypto"; +import { GenericContainer, StartedTestContainer, Wait } from "testcontainers"; import * as YAML from "yaml"; import { getFreePort } from "../plugins/utils/port.ts"; -import { Credentials } from "../plugins/homeserver"; -import { deepCopy } from "matrix-js-sdk/src/utils.ts"; +import { deepCopy } from "../plugins/utils/object.ts"; const DEFAULT_CONFIG = { http: { diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index c3cb0ab69fa..33a42c1a68e 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -9,12 +9,12 @@ import { AbstractStartedContainer, GenericContainer, StartedTestContainer, Wait import { APIRequestContext } from "@playwright/test"; import crypto from "node:crypto"; import * as YAML from "yaml"; -import { deepCopy } from "matrix-js-sdk/src/utils"; import { set } from "lodash"; import { getFreePort } from "../plugins/utils/port.ts"; import { randB64Bytes } from "../plugins/utils/rand.ts"; import { Credentials, HomeserverInstance } from "../plugins/homeserver"; +import { deepCopy } from "../plugins/utils/object.ts"; const TAG = "develop@sha256:17cc0a301447430624afb860276e5c13270ddeb99a3f6d1c6d519a20b1a8f650"; diff --git a/yarn.lock b/yarn.lock index a68b8cf97ae..6697ad9d331 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2939,14 +2939,6 @@ resolved "https://registry.yarnpkg.com/@types/file-saver/-/file-saver-2.0.7.tgz#8dbb2f24bdc7486c54aa854eb414940bbd056f7d" integrity sha512-dNKVfHd/jk0SkR/exKGj2ggkB45MAkzvWCaqLUUgkyjITkGNzH8H+yUwr+BLJUBjZOe9w8X3wgmXhZDRg1ED6A== -"@types/fs-extra@^11.0.0": - version "11.0.4" - resolved "https://registry.yarnpkg.com/@types/fs-extra/-/fs-extra-11.0.4.tgz#e16a863bb8843fba8c5004362b5a73e17becca45" - integrity sha512-yTbItCNreRooED33qjunPthRcSjERP1r4MqCZc7wv0u2sUkzTFp45tgUfS5+r7FrZPdmCCNflLhVSP/o+SemsQ== - dependencies: - "@types/jsonfile" "*" - "@types/node" "*" - "@types/geojson-vt@3.2.5": version "3.2.5" resolved "https://registry.yarnpkg.com/@types/geojson-vt/-/geojson-vt-3.2.5.tgz#b6c356874991d9ab4207533476dfbcdb21e38408" @@ -3047,13 +3039,6 @@ resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.29.tgz#ee28707ae94e11d2b827bcbe5270bcea7f3e71ee" integrity sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ== -"@types/jsonfile@*": - version "6.1.4" - resolved "https://registry.yarnpkg.com/@types/jsonfile/-/jsonfile-6.1.4.tgz#614afec1a1164e7d670b4a7ad64df3e7beb7b702" - integrity sha512-D5qGUYwjvnNNextdU59/+fI+spnwtTFmyQP0h+PfIOSkNfpU6AOICUOkm4i0OnSk+NyjdPJrxCDro0sJsWlRpQ== - dependencies: - "@types/node" "*" - "@types/jsrsasign@^10.5.4": version "10.5.15" resolved "https://registry.yarnpkg.com/@types/jsrsasign/-/jsrsasign-10.5.15.tgz#5cf1ee506b2fa2435b6e1786a873285c7110eb82" @@ -6504,15 +6489,6 @@ fs-constants@^1.0.0: resolved "https://registry.yarnpkg.com/fs-constants/-/fs-constants-1.0.0.tgz#6be0de9be998ce16af8afc24497b9ee9b7ccd9ad" integrity sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow== -fs-extra@^11.0.0: - version "11.2.0" - resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b" - integrity sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw== - dependencies: - graceful-fs "^4.2.0" - jsonfile "^6.0.1" - universalify "^2.0.0" - fs.realpath@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" @@ -6798,7 +6774,7 @@ gopd@^1.1.0: dependencies: get-intrinsic "^1.2.4" -graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.11, graceful-fs@^4.2.4, graceful-fs@^4.2.6, graceful-fs@^4.2.9: +graceful-fs@^4.1.2, graceful-fs@^4.2.0, graceful-fs@^4.2.11, graceful-fs@^4.2.4, graceful-fs@^4.2.6, graceful-fs@^4.2.9: version "4.2.11" resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== @@ -8129,15 +8105,6 @@ json5@^2.1.2, json5@^2.1.3, json5@^2.2.3: resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283" integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg== -jsonfile@^6.0.1: - version "6.1.0" - resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae" - integrity sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ== - dependencies: - universalify "^2.0.0" - optionalDependencies: - graceful-fs "^4.1.6" - jsqr@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/jsqr/-/jsqr-1.4.0.tgz#8efb8d0a7cc6863cb6d95116b9069123ce9eb2d1" @@ -12062,11 +12029,6 @@ universalify@^0.2.0: resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.2.0.tgz#6451760566fa857534745ab1dde952d1b1761be0" integrity sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg== -universalify@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.1.tgz#168efc2180964e6386d061e094df61afe239b18d" - integrity sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw== - unpipe@1.0.0, unpipe@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec" From 7ba1d3e14ca59e3f735808cdde1f802f29cf0368 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Fri, 3 Jan 2025 21:10:36 +0000 Subject: [PATCH 06/41] Flip fixture dependency order Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/services.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playwright/services.ts b/playwright/services.ts index bf4bad18fcc..2ebade221e1 100644 --- a/playwright/services.ts +++ b/playwright/services.ts @@ -78,7 +78,7 @@ export const test = base.extend({ const container = new SynapseContainer(request); await use(container); }, - homeserver: async ({ network, _homeserver: homeserver, synapseConfigOptions }, use) => { + homeserver: async ({ mas, network, _homeserver: homeserver, synapseConfigOptions }, use) => { const container = await homeserver .withNetwork(network) .withNetworkAliases("homeserver") @@ -88,7 +88,7 @@ export const test = base.extend({ await use(container); await container.stop(); }, - mas: async ({ network, homeserver }, use) => { + mas: async ({ network }, use) => { const container = await new MatrixAuthenticationServiceContainer() .withNetwork(network) .withNetworkAliases("mas") From c0337f141bc4c44d83e92025ef2f8e0da3f973d1 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 08:34:19 +0000 Subject: [PATCH 07/41] Remove mas dep Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/services.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playwright/services.ts b/playwright/services.ts index 2ebade221e1..e85fd45ccfd 100644 --- a/playwright/services.ts +++ b/playwright/services.ts @@ -78,7 +78,7 @@ export const test = base.extend({ const container = new SynapseContainer(request); await use(container); }, - homeserver: async ({ mas, network, _homeserver: homeserver, synapseConfigOptions }, use) => { + homeserver: async ({ network, _homeserver: homeserver, synapseConfigOptions }, use) => { const container = await homeserver .withNetwork(network) .withNetworkAliases("homeserver") From a4ba79ae695849d279f7b75c02f0e4e3905f3b0d Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 08:58:11 +0000 Subject: [PATCH 08/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../e2e/sliding-sync/sliding-sync.spec.ts | 3 +- playwright/services.ts | 22 +++++++++--- playwright/testcontainers/synapse.ts | 2 +- playwright/testcontainers/utils.ts | 36 +++++++++++++++++++ 4 files changed, 56 insertions(+), 7 deletions(-) create mode 100644 playwright/testcontainers/utils.ts diff --git a/playwright/e2e/sliding-sync/sliding-sync.spec.ts b/playwright/e2e/sliding-sync/sliding-sync.spec.ts index d105904a483..0ddfabc549f 100644 --- a/playwright/e2e/sliding-sync/sliding-sync.spec.ts +++ b/playwright/e2e/sliding-sync/sliding-sync.spec.ts @@ -18,10 +18,11 @@ const test = base.extend<{ testRoom: { roomId: string; name: string }; joinedBot: Bot; }>({ - slidingSyncProxy: async ({ network, postgres, page, homeserver }, use, testInfo) => { + slidingSyncProxy: async ({ logger, network, postgres, page, homeserver }, use, testInfo) => { const container = await new GenericContainer("ghcr.io/matrix-org/sliding-sync:v0.99.3") .withNetwork(network) .withExposedPorts(8008) + .withLogConsumer(logger.getConsumer("sliding-sync-proxy")) .withEnvironment({ SYNCV3_SECRET: "bwahahaha", SYNCV3_DB: `user=postgres dbname=postgres password=${postgres.getPassword()} host=${postgres.getHost()} sslmode=disable`, diff --git a/playwright/services.ts b/playwright/services.ts index e85fd45ccfd..b1ab5c6a98b 100644 --- a/playwright/services.ts +++ b/playwright/services.ts @@ -12,8 +12,11 @@ import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; import { MatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts"; +import { ContainerLogger } from "./testcontainers/utils.ts"; export interface Services { + logger: ContainerLogger; + network: StartedNetwork; postgres: StartedPostgreSqlContainer; @@ -26,18 +29,24 @@ export interface Services { mas: StartedTestContainer; } -// TODO logs export const test = base.extend({ + // eslint-disable-next-line no-empty-pattern + logger: async ({}, use, testInfo) => { + const logger = new ContainerLogger(); + await use(logger); + await logger.testFinished(testInfo); + }, // eslint-disable-next-line no-empty-pattern network: async ({}, use) => { const network = await new Network().start(); await use(network); await network.stop(); }, - postgres: async ({ network }, use) => { + postgres: async ({ logger, network }, use) => { const container = await new PostgreSqlContainer() .withNetwork(network) .withNetworkAliases("postgres") + .withLogConsumer(logger.getConsumer("postgres")) .withTmpFs({ "/dev/shm/pgdata/data": "", }) @@ -59,11 +68,12 @@ export const test = base.extend({ await container.stop(); }, - mailhog: async ({ network }, use) => { + mailhog: async ({ logger, network }, use) => { const container = await new GenericContainer("mailhog/mailhog:latest") .withNetwork(network) .withNetworkAliases("mailhog") .withExposedPorts(8025) + .withLogConsumer(logger.getConsumer("mailhog")) .withWaitStrategy(Wait.forListeningPorts()) .start(); await use(container); @@ -78,20 +88,22 @@ export const test = base.extend({ const container = new SynapseContainer(request); await use(container); }, - homeserver: async ({ network, _homeserver: homeserver, synapseConfigOptions }, use) => { + homeserver: async ({ logger, network, _homeserver: homeserver, synapseConfigOptions }, use) => { const container = await homeserver .withNetwork(network) .withNetworkAliases("homeserver") + .withLogConsumer(logger.getConsumer("synapse")) .withConfig(synapseConfigOptions) .start(); await use(container); await container.stop(); }, - mas: async ({ network }, use) => { + mas: async ({ logger, network }, use) => { const container = await new MatrixAuthenticationServiceContainer() .withNetwork(network) .withNetworkAliases("mas") + .withLogConsumer(logger.getConsumer("mas")) .withConfig({ clients: [ { diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index 33a42c1a68e..0e70e0d960c 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -94,7 +94,7 @@ const DEFAULT_CONFIG = { burst_count: 10000, }, }, - media_store_path: "/media", + media_store_path: "/data/media_store", max_upload_size: "50M", max_image_pixels: "32M", dynamic_thumbnails: false, diff --git a/playwright/testcontainers/utils.ts b/playwright/testcontainers/utils.ts new file mode 100644 index 00000000000..58afcce138a --- /dev/null +++ b/playwright/testcontainers/utils.ts @@ -0,0 +1,36 @@ +/* +Copyright 2024 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { TestInfo } from "@playwright/test"; +import { Readable } from "stream"; + +export class ContainerLogger { + private logs: Record = {}; + + public getConsumer(container: string) { + this.logs[container] = ""; + return (stream: Readable) => { + stream.on("data", (chunk) => { + this.logs[container] += chunk.toString(); + }); + stream.on("err", (chunk) => { + this.logs[container] += "ERR " + chunk.toString(); + }); + }; + } + + public async testFinished(testInfo: TestInfo) { + if (testInfo.status !== "passed") { + for (const container in this.logs) { + await testInfo.attach(container, { + body: this.logs[container], + contentType: "text/plain", + }); + } + } + } +} From 94697fe755f24903056038f2fc6e2b4ced3613b4 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 09:34:31 +0000 Subject: [PATCH 09/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/testcontainers/dendrite.ts | 19 ++++--------------- playwright/testcontainers/synapse.ts | 2 ++ 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/playwright/testcontainers/dendrite.ts b/playwright/testcontainers/dendrite.ts index 006e7d6b946..25535ae475b 100644 --- a/playwright/testcontainers/dendrite.ts +++ b/playwright/testcontainers/dendrite.ts @@ -211,30 +211,19 @@ export class DendriteContainer extends GenericContainer { constructor( private request: APIRequestContext, image = "matrixdotorg/dendrite-monolith:main", - entrypoint = "/usr/bin/dendrite", + binary = "/usr/bin/dendrite", ) { super(image); this.config = deepCopy(DEFAULT_CONFIG); this.config.client_api.registration_shared_secret = randB64Bytes(16); - this.withEntrypoint([entrypoint]) + this.withEntrypoint(["/bin/sh"]) .withCommand([ - "--config", - "/etc/dendrite/dendrite.yaml", - "--really-enable-open-registration", - "true", - "run", + "-c", + `/usr/bin/generate-keys -private-key /etc/dendrite/matrix_key.pem && ${binary} --config /etc/dendrite/dendrite.yaml --really-enable-open-registration true run`, ]) .withWaitStrategy(Wait.forHttp("/_matrix/client/versions", 8008)); - - // const docker = new Docker(); - // await docker.run({ - // image: dendriteImage, - // params: ["--entrypoint=", "-v", `${tempDir}:/mnt`], - // containerName: `react-sdk-playwright-dendrite-keygen`, - // cmd: ["/usr/bin/generate-keys", "-private-key", "/mnt/matrix_key.pem"], - // }); } public withConfigField(key: string, value: any): this { diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index 0e70e0d960c..a79166c358f 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -144,6 +144,8 @@ export class SynapseContainer extends GenericContainer { const signingKey = randB64Bytes(32); this.withWaitStrategy(Wait.forHttp("/health", 8008)).withCopyContentToContainer([ + // Create an empty file with permissive permissions to allow the container to write to it + { target: "/data/media_store/.gitkeep", content: "", mode: 0o777 }, { target: "/data/localhost.signing.key", content: `ed25519 x ${signingKey}` }, { target: "/data/log.config", From 9c52986d76babeb1188f28bf5281004bf910c867 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 10:07:34 +0000 Subject: [PATCH 10/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/sliding-sync/sliding-sync.spec.ts | 4 ++-- playwright/testcontainers/synapse.ts | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/playwright/e2e/sliding-sync/sliding-sync.spec.ts b/playwright/e2e/sliding-sync/sliding-sync.spec.ts index 0ddfabc549f..08fed9b3bf5 100644 --- a/playwright/e2e/sliding-sync/sliding-sync.spec.ts +++ b/playwright/e2e/sliding-sync/sliding-sync.spec.ts @@ -25,8 +25,8 @@ const test = base.extend<{ .withLogConsumer(logger.getConsumer("sliding-sync-proxy")) .withEnvironment({ SYNCV3_SECRET: "bwahahaha", - SYNCV3_DB: `user=postgres dbname=postgres password=${postgres.getPassword()} host=${postgres.getHost()} sslmode=disable`, - SYNCV3_SERVER: `http://${homeserver.getNetworkNames()[0]}:8008`, + SYNCV3_DB: `user=postgres dbname=postgres password=${postgres.getPassword()} host=postgres sslmode=disable`, + SYNCV3_SERVER: `http://homeserver:8008`, }) .start(); diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index a79166c358f..45d544ef27c 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -94,7 +94,7 @@ const DEFAULT_CONFIG = { burst_count: 10000, }, }, - media_store_path: "/data/media_store", + media_store_path: "/tmp/media_store", max_upload_size: "50M", max_image_pixels: "32M", dynamic_thumbnails: false, @@ -144,8 +144,6 @@ export class SynapseContainer extends GenericContainer { const signingKey = randB64Bytes(32); this.withWaitStrategy(Wait.forHttp("/health", 8008)).withCopyContentToContainer([ - // Create an empty file with permissive permissions to allow the container to write to it - { target: "/data/media_store/.gitkeep", content: "", mode: 0o777 }, { target: "/data/localhost.signing.key", content: `ed25519 x ${signingKey}` }, { target: "/data/log.config", From f1764732121dfa46c3d5f285adf9d7f8b7a18fbe Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 10:45:52 +0000 Subject: [PATCH 11/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/oidc/index.ts | 150 --------------- .../e2e/sliding-sync/sliding-sync.spec.ts | 5 +- playwright/services.ts | 182 ++++++++++++++++-- playwright/testcontainers/mas.ts | 12 +- 4 files changed, 178 insertions(+), 171 deletions(-) diff --git a/playwright/e2e/oidc/index.ts b/playwright/e2e/oidc/index.ts index 0ed405df143..bc83f8fb632 100644 --- a/playwright/e2e/oidc/index.ts +++ b/playwright/e2e/oidc/index.ts @@ -12,156 +12,6 @@ import { Page } from "@playwright/test"; import { test as base, expect } from "../../element-web-test"; export const test = base.extend<{}>({ - synapseConfigOptions: async ({ mas }, use) => { - await use({ - enable_registration: undefined, - enable_registration_without_verification: undefined, - disable_msisdn_registration: undefined, - experimental_features: { - msc3861: { - enabled: true, - issuer: "http://mas:8080/", - issuer_metadata: { - "issuer": `http://localhost:${mas.getMappedPort(8080)}/`, - "authorization_endpoint": "http://mas:8080/authorize", - "token_endpoint": "http://mas:8080/oauth2/token", - "jwks_uri": "http://mas:8080/oauth2/keys.json", - "registration_endpoint": "http://mas:8080/oauth2/registration", - "scopes_supported": ["openid", "email"], - "response_types_supported": ["code", "id_token", "code id_token"], - "response_modes_supported": ["form_post", "query", "fragment"], - "grant_types_supported": [ - "authorization_code", - "refresh_token", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - ], - "token_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "token_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "revocation_endpoint": "http://mas:8080/oauth2/revoke", - "revocation_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "revocation_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "introspection_endpoint": "http://mas:8080/oauth2/introspect", - "introspection_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "introspection_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "code_challenge_methods_supported": ["plain", "S256"], - "userinfo_endpoint": "http://mas:8080/oauth2/userinfo", - "subject_types_supported": ["public"], - "id_token_signing_alg_values_supported": [ - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "PS256", - "PS384", - "PS512", - "ES256K", - ], - "userinfo_signing_alg_values_supported": [ - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "PS256", - "PS384", - "PS512", - "ES256K", - ], - "display_values_supported": ["page"], - "claim_types_supported": ["normal"], - "claims_supported": [ - "iss", - "sub", - "aud", - "iat", - "exp", - "nonce", - "auth_time", - "at_hash", - "c_hash", - ], - "claims_parameter_supported": false, - "request_parameter_supported": false, - "request_uri_parameter_supported": false, - "prompt_values_supported": ["none", "login", "create"], - "device_authorization_endpoint": "http://mas:8080/oauth2/device", - "org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql", - "account_management_uri": "http://mas:8080/account/", - "account_management_actions_supported": [ - "org.matrix.profile", - "org.matrix.sessions_list", - "org.matrix.session_view", - "org.matrix.session_end", - ], - }, - client_id: "0000000000000000000SYNAPSE", - client_auth_method: "client_secret_basic", - client_secret: "SomeRandomSecret", - admin_token: "AnotherRandomSecret", - account_management_url: `http://localhost:${mas.getMappedPort(8080)}/account`, - }, - }, - }); - }, config: async ({ homeserver, mas, context }, use) => { const issuer = `http://localhost:${mas.getMappedPort(8080)}/`; const wellKnown = { diff --git a/playwright/e2e/sliding-sync/sliding-sync.spec.ts b/playwright/e2e/sliding-sync/sliding-sync.spec.ts index 08fed9b3bf5..f0b717b9724 100644 --- a/playwright/e2e/sliding-sync/sliding-sync.spec.ts +++ b/playwright/e2e/sliding-sync/sliding-sync.spec.ts @@ -7,7 +7,7 @@ Please see LICENSE files in the repository root for full details. */ import { Page, Request } from "@playwright/test"; -import { GenericContainer, StartedTestContainer } from "testcontainers"; +import { GenericContainer, StartedTestContainer, Wait } from "testcontainers"; import { test as base, expect } from "../../element-web-test"; import type { ElementAppPage } from "../../pages/ElementAppPage"; @@ -23,9 +23,10 @@ const test = base.extend<{ .withNetwork(network) .withExposedPorts(8008) .withLogConsumer(logger.getConsumer("sliding-sync-proxy")) + .withWaitStrategy(Wait.forHttp("/client/server.json", 8008)) .withEnvironment({ SYNCV3_SECRET: "bwahahaha", - SYNCV3_DB: `user=postgres dbname=postgres password=${postgres.getPassword()} host=postgres sslmode=disable`, + SYNCV3_DB: `user=${postgres.getUsername()} dbname=postgres password=${postgres.getPassword()} host=postgres sslmode=disable`, SYNCV3_SERVER: `http://homeserver:8008`, }) .start(); diff --git a/playwright/services.ts b/playwright/services.ts index b1ab5c6a98b..e9b735c3ab1 100644 --- a/playwright/services.ts +++ b/playwright/services.ts @@ -99,26 +99,178 @@ export const test = base.extend({ await use(container); await container.stop(); }, - mas: async ({ logger, network }, use) => { - const container = await new MatrixAuthenticationServiceContainer() + mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => { + const config = { + clients: [ + { + client_id: "0000000000000000000SYNAPSE", + client_auth_method: "client_secret_basic", + client_secret: "SomeRandomSecret", + }, + ], + matrix: { + homeserver: "localhost", + secret: "AnotherRandomSecret", + endpoint: "http://synapse:8008", + }, + }; + + const container = await new MatrixAuthenticationServiceContainer(postgres) .withNetwork(network) .withNetworkAliases("mas") .withLogConsumer(logger.getConsumer("mas")) - .withConfig({ - clients: [ - { - client_id: "0000000000000000000SYNAPSE", - client_auth_method: "client_secret_basic", - client_secret: "SomeRandomSecret", + .withConfig(config) + .start(); + + homeserver.withConfig({ + enable_registration: undefined, + enable_registration_without_verification: undefined, + disable_msisdn_registration: undefined, + experimental_features: { + msc3861: { + enabled: true, + issuer: "http://mas:8080/", + issuer_metadata: { + "issuer": `http://${container.getHost()}:${container.getMappedPort(8080)}/`, + "authorization_endpoint": "http://mas:8080/authorize", + "token_endpoint": "http://mas:8080/oauth2/token", + "jwks_uri": "http://mas:8080/oauth2/keys.json", + "registration_endpoint": "http://mas:8080/oauth2/registration", + "scopes_supported": ["openid", "email"], + "response_types_supported": ["code", "id_token", "code id_token"], + "response_modes_supported": ["form_post", "query", "fragment"], + "grant_types_supported": [ + "authorization_code", + "refresh_token", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + ], + "token_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "token_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "revocation_endpoint": "http://mas:8080/oauth2/revoke", + "revocation_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "revocation_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "introspection_endpoint": "http://mas:8080/oauth2/introspect", + "introspection_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "introspection_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "code_challenge_methods_supported": ["plain", "S256"], + "userinfo_endpoint": "http://mas:8080/oauth2/userinfo", + "subject_types_supported": ["public"], + "id_token_signing_alg_values_supported": [ + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "PS256", + "PS384", + "PS512", + "ES256K", + ], + "userinfo_signing_alg_values_supported": [ + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "PS256", + "PS384", + "PS512", + "ES256K", + ], + "display_values_supported": ["page"], + "claim_types_supported": ["normal"], + "claims_supported": [ + "iss", + "sub", + "aud", + "iat", + "exp", + "nonce", + "auth_time", + "at_hash", + "c_hash", + ], + "claims_parameter_supported": false, + "request_parameter_supported": false, + "request_uri_parameter_supported": false, + "prompt_values_supported": ["none", "login", "create"], + "device_authorization_endpoint": "http://mas:8080/oauth2/device", + "org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql", + "account_management_uri": "http://mas:8080/account/", + "account_management_actions_supported": [ + "org.matrix.profile", + "org.matrix.sessions_list", + "org.matrix.session_view", + "org.matrix.session_end", + ], }, - ], - matrix: { - homeserver: "localhost", - secret: "AnotherRandomSecret", - endpoint: "http://synapse:8008", + client_id: config.clients[0].client_id, + client_auth_method: config.clients[0].client_auth_method, + client_secret: config.clients[0].client_secret, + admin_token: config.matrix.secret, + account_management_url: `http://${container.getHost()}:${container.getMappedPort(8080)}/account`, }, - }) - .start(); + }, + }); + await use(container); await container.stop(); }, diff --git a/playwright/testcontainers/mas.ts b/playwright/testcontainers/mas.ts index f2cdef6794b..833167b141e 100644 --- a/playwright/testcontainers/mas.ts +++ b/playwright/testcontainers/mas.ts @@ -6,6 +6,7 @@ Please see LICENSE files in the repository root for full details. */ import { GenericContainer, StartedTestContainer, Wait } from "testcontainers"; +import { StartedPostgreSqlContainer } from "@testcontainers/postgresql"; import * as YAML from "yaml"; import { getFreePort } from "../plugins/utils/port.ts"; @@ -54,8 +55,7 @@ const DEFAULT_CONFIG = { ], binds: [ { - host: "localhost", - port: 8081, + address: "[::]:8081", }, ], proxy_protocol: false, @@ -167,12 +167,16 @@ const DEFAULT_CONFIG = { export class MatrixAuthenticationServiceContainer extends GenericContainer { private config: typeof DEFAULT_CONFIG; - constructor() { + constructor(db: StartedPostgreSqlContainer) { super("ghcr.io/matrix-org/matrix-authentication-service:0.8.0"); this.config = deepCopy(DEFAULT_CONFIG); + this.config.database.username = db.getUsername(); + this.config.database.password = db.getPassword(); - this.withWaitStrategy(Wait.forHttp("/health", 8081)).withCommand(["server", "--config", "/config/config.yaml"]); + this.withExposedPorts(8080, 8081) + .withWaitStrategy(Wait.forHttp("/health", 8081)) + .withCommand(["server", "--config", "/config/config.yaml"]); } public withConfig(config: object): this { From 75ba4f2b2ad72694c32d29e3a0f39d2df64c7bff Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 11:51:37 +0000 Subject: [PATCH 12/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/backups.spec.ts | 12 +- playwright/e2e/oidc/index.ts | 28 +-- playwright/e2e/oidc/oidc-native.spec.ts | 9 +- .../e2e/sliding-sync/sliding-sync.spec.ts | 2 +- playwright/element-web-test.ts | 10 +- .../homeserver/synapse/masHomeserver.ts | 191 ++++++++++++++++++ playwright/services.ts | 184 +---------------- 7 files changed, 221 insertions(+), 215 deletions(-) create mode 100644 playwright/plugins/homeserver/synapse/masHomeserver.ts diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index 8826cb4595c..feeaf961df8 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -9,8 +9,9 @@ Please see LICENSE files in the repository root for full details. import { type Page } from "@playwright/test"; import { test, expect } from "../../element-web-test"; -import { test as masTest, registerAccountMas } from "../oidc"; +import { registerAccountMas } from "../oidc"; import { isDendrite } from "../../plugins/homeserver/dendrite"; +import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts"; async function expectBackupVersionToBe(page: Page, version: string) { await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(5) td")).toHaveText( @@ -20,10 +21,11 @@ async function expectBackupVersionToBe(page: Page, version: string) { await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(6) td")).toHaveText(version); } -masTest.describe("Encryption state after registration", () => { - masTest.skip(isDendrite, "does not yet support MAS"); +test.describe("Encryption state after registration", () => { + test.use(masHomeserver); + test.skip(isDendrite, "does not yet support MAS"); - masTest("Key backup is enabled by default", async ({ page, mailhogClient, app }) => { + test("Key backup is enabled by default", async ({ page, mailhogClient, app }) => { await page.goto("/#/login"); await page.getByRole("button", { name: "Continue" }).click(); await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); @@ -32,7 +34,7 @@ masTest.describe("Encryption state after registration", () => { expect(page.getByText("This session is backing up your keys.")).toBeVisible(); }); - masTest("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { + test("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { await page.goto("/#/login"); await page.getByRole("button", { name: "Continue" }).click(); await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); diff --git a/playwright/e2e/oidc/index.ts b/playwright/e2e/oidc/index.ts index bc83f8fb632..8ea03ff37a7 100644 --- a/playwright/e2e/oidc/index.ts +++ b/playwright/e2e/oidc/index.ts @@ -9,33 +9,7 @@ Please see LICENSE files in the repository root for full details. import { API, Messages } from "mailhog"; import { Page } from "@playwright/test"; -import { test as base, expect } from "../../element-web-test"; - -export const test = base.extend<{}>({ - config: async ({ homeserver, mas, context }, use) => { - const issuer = `http://localhost:${mas.getMappedPort(8080)}/`; - const wellKnown = { - "m.homeserver": { - base_url: homeserver.baseUrl, - }, - "org.matrix.msc2965.authentication": { - issuer, - account: `${issuer}account`, - }, - }; - - // Ensure org.matrix.msc2965.authentication is in well-known - await context.route("https://localhost/.well-known/matrix/client", async (route) => { - await route.fulfill({ json: wellKnown }); - }); - - await use({ - default_server_config: wellKnown, - }); - }, -}); - -export { expect }; +import { expect } from "../../element-web-test"; export async function registerAccountMas( page: Page, diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index 78696d75ef3..e5bb7e2ce64 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -6,16 +6,19 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -import { test, expect, registerAccountMas } from "."; +import { test, expect } from "../../element-web-test.ts"; +import { registerAccountMas } from "."; import { ElementAppPage } from "../../pages/ElementAppPage.ts"; import { isDendrite } from "../../plugins/homeserver/dendrite"; +import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts"; test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { + test.use(masHomeserver); test.skip(isDendrite, "does not yet support MAS"); test.slow(); // trace recording takes a while here test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhogClient, mas }) => { - const tokenUri = `http://localhost:${mas.getMappedPort(8080)}/oauth2/token`; + const tokenUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/token`; const tokenApiPromise = page.waitForRequest( (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code", ); @@ -49,7 +52,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { await newPage.close(); // Assert logging out revokes both tokens - const revokeUri = `http://localhost:${mas.getMappedPort(8080)}/oauth2/revoke`; + const revokeUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/revoke`; const revokeAccessTokenPromise = page.waitForRequest( (request) => request.url() === revokeUri && request.postDataJSON()["token_type_hint"] === "access_token", ); diff --git a/playwright/e2e/sliding-sync/sliding-sync.spec.ts b/playwright/e2e/sliding-sync/sliding-sync.spec.ts index f0b717b9724..dec588c5b2f 100644 --- a/playwright/e2e/sliding-sync/sliding-sync.spec.ts +++ b/playwright/e2e/sliding-sync/sliding-sync.spec.ts @@ -31,7 +31,7 @@ const test = base.extend<{ }) .start(); - const proxyAddress = `http://localhost:${container.getMappedPort(8008)}`; + const proxyAddress = `http://${container.getHost()}:${container.getMappedPort(8008)}`; await page.addInitScript((proxyAddress) => { window.localStorage.setItem( "mx_local_settings", diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index e53ebc0818c..ed1bdb2b6ca 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -165,8 +165,14 @@ export const test = base.extend({ window.localStorage.setItem("mx_has_pickle_key", "false"); window.localStorage.setItem("mx_has_access_token", "true"); - // Ensure the language is set to a consistent value - window.localStorage.setItem("mx_local_settings", '{"language":"en"}'); + window.localStorage.setItem( + "mx_local_settings", + JSON.stringify({ + ...JSON.parse(window.localStorage.getItem("mx_local_settings") || "{}"), + // Ensure the language is set to a consistent value + language: "en", + }), + ); }, { baseUrl: homeserver.baseUrl, credentials }, ); diff --git a/playwright/plugins/homeserver/synapse/masHomeserver.ts b/playwright/plugins/homeserver/synapse/masHomeserver.ts new file mode 100644 index 00000000000..a9670eb60e6 --- /dev/null +++ b/playwright/plugins/homeserver/synapse/masHomeserver.ts @@ -0,0 +1,191 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only +Please see LICENSE files in the repository root for full details. +*/ + +import { Fixtures } from "@playwright/test"; + +import { Services } from "../../../services.ts"; +import { MatrixAuthenticationServiceContainer } from "../../../testcontainers/mas.ts"; + +export const masHomeserver: Fixtures = { + mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => { + const config = { + clients: [ + { + client_id: "0000000000000000000SYNAPSE", + client_auth_method: "client_secret_basic", + client_secret: "SomeRandomSecret", + }, + ], + matrix: { + homeserver: "localhost", + secret: "AnotherRandomSecret", + endpoint: "http://synapse:8008", + }, + }; + + const container = await new MatrixAuthenticationServiceContainer(postgres) + .withNetwork(network) + .withNetworkAliases("mas") + .withLogConsumer(logger.getConsumer("mas")) + .withConfig(config) + .start(); + + homeserver.withConfig({ + enable_registration: undefined, + enable_registration_without_verification: undefined, + disable_msisdn_registration: undefined, + password_config: undefined, + experimental_features: { + msc3861: { + enabled: true, + issuer: "http://mas:8080/", + issuer_metadata: { + "issuer": `http://${container.getHost()}:${container.getMappedPort(8080)}/`, + "authorization_endpoint": "http://mas:8080/authorize", + "token_endpoint": "http://mas:8080/oauth2/token", + "jwks_uri": "http://mas:8080/oauth2/keys.json", + "registration_endpoint": "http://mas:8080/oauth2/registration", + "scopes_supported": ["openid", "email"], + "response_types_supported": ["code", "id_token", "code id_token"], + "response_modes_supported": ["form_post", "query", "fragment"], + "grant_types_supported": [ + "authorization_code", + "refresh_token", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + ], + "token_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "token_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "revocation_endpoint": "http://mas:8080/oauth2/revoke", + "revocation_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "revocation_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "introspection_endpoint": "http://mas:8080/oauth2/introspect", + "introspection_endpoint_auth_methods_supported": [ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt", + "none", + ], + "introspection_endpoint_auth_signing_alg_values_supported": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES256K", + ], + "code_challenge_methods_supported": ["plain", "S256"], + "userinfo_endpoint": "http://mas:8080/oauth2/userinfo", + "subject_types_supported": ["public"], + "id_token_signing_alg_values_supported": [ + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "PS256", + "PS384", + "PS512", + "ES256K", + ], + "userinfo_signing_alg_values_supported": [ + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "PS256", + "PS384", + "PS512", + "ES256K", + ], + "display_values_supported": ["page"], + "claim_types_supported": ["normal"], + "claims_supported": [ + "iss", + "sub", + "aud", + "iat", + "exp", + "nonce", + "auth_time", + "at_hash", + "c_hash", + ], + "claims_parameter_supported": false, + "request_parameter_supported": false, + "request_uri_parameter_supported": false, + "prompt_values_supported": ["none", "login", "create"], + "device_authorization_endpoint": "http://mas:8080/oauth2/device", + "org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql", + "account_management_uri": "http://mas:8080/account/", + "account_management_actions_supported": [ + "org.matrix.profile", + "org.matrix.sessions_list", + "org.matrix.session_view", + "org.matrix.session_end", + ], + }, + client_id: config.clients[0].client_id, + client_auth_method: config.clients[0].client_auth_method, + client_secret: config.clients[0].client_secret, + admin_token: config.matrix.secret, + account_management_url: `http://${container.getHost()}:${container.getMappedPort(8080)}/account`, + }, + }, + }); + + await use(container); + await container.stop(); + }, +}; diff --git a/playwright/services.ts b/playwright/services.ts index e9b735c3ab1..770b30b8fca 100644 --- a/playwright/services.ts +++ b/playwright/services.ts @@ -11,7 +11,6 @@ import { GenericContainer, Network, StartedNetwork, StartedTestContainer, Wait } import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers/postgresql"; import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; -import { MatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts"; import { ContainerLogger } from "./testcontainers/utils.ts"; export interface Services { @@ -26,7 +25,7 @@ export interface Services { synapseConfigOptions: SynapseConfigOptions; _homeserver: SynapseContainer; homeserver: StartedSynapseContainer; - mas: StartedTestContainer; + mas?: StartedTestContainer; } export const test = base.extend({ @@ -88,7 +87,7 @@ export const test = base.extend({ const container = new SynapseContainer(request); await use(container); }, - homeserver: async ({ logger, network, _homeserver: homeserver, synapseConfigOptions }, use) => { + homeserver: async ({ logger, network, _homeserver: homeserver, synapseConfigOptions, mas }, use) => { const container = await homeserver .withNetwork(network) .withNetworkAliases("homeserver") @@ -99,179 +98,10 @@ export const test = base.extend({ await use(container); await container.stop(); }, - mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => { - const config = { - clients: [ - { - client_id: "0000000000000000000SYNAPSE", - client_auth_method: "client_secret_basic", - client_secret: "SomeRandomSecret", - }, - ], - matrix: { - homeserver: "localhost", - secret: "AnotherRandomSecret", - endpoint: "http://synapse:8008", - }, - }; - - const container = await new MatrixAuthenticationServiceContainer(postgres) - .withNetwork(network) - .withNetworkAliases("mas") - .withLogConsumer(logger.getConsumer("mas")) - .withConfig(config) - .start(); - - homeserver.withConfig({ - enable_registration: undefined, - enable_registration_without_verification: undefined, - disable_msisdn_registration: undefined, - experimental_features: { - msc3861: { - enabled: true, - issuer: "http://mas:8080/", - issuer_metadata: { - "issuer": `http://${container.getHost()}:${container.getMappedPort(8080)}/`, - "authorization_endpoint": "http://mas:8080/authorize", - "token_endpoint": "http://mas:8080/oauth2/token", - "jwks_uri": "http://mas:8080/oauth2/keys.json", - "registration_endpoint": "http://mas:8080/oauth2/registration", - "scopes_supported": ["openid", "email"], - "response_types_supported": ["code", "id_token", "code id_token"], - "response_modes_supported": ["form_post", "query", "fragment"], - "grant_types_supported": [ - "authorization_code", - "refresh_token", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - ], - "token_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "token_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "revocation_endpoint": "http://mas:8080/oauth2/revoke", - "revocation_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "revocation_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "introspection_endpoint": "http://mas:8080/oauth2/introspect", - "introspection_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "introspection_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "code_challenge_methods_supported": ["plain", "S256"], - "userinfo_endpoint": "http://mas:8080/oauth2/userinfo", - "subject_types_supported": ["public"], - "id_token_signing_alg_values_supported": [ - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "PS256", - "PS384", - "PS512", - "ES256K", - ], - "userinfo_signing_alg_values_supported": [ - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "PS256", - "PS384", - "PS512", - "ES256K", - ], - "display_values_supported": ["page"], - "claim_types_supported": ["normal"], - "claims_supported": [ - "iss", - "sub", - "aud", - "iat", - "exp", - "nonce", - "auth_time", - "at_hash", - "c_hash", - ], - "claims_parameter_supported": false, - "request_parameter_supported": false, - "request_uri_parameter_supported": false, - "prompt_values_supported": ["none", "login", "create"], - "device_authorization_endpoint": "http://mas:8080/oauth2/device", - "org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql", - "account_management_uri": "http://mas:8080/account/", - "account_management_actions_supported": [ - "org.matrix.profile", - "org.matrix.sessions_list", - "org.matrix.session_view", - "org.matrix.session_end", - ], - }, - client_id: config.clients[0].client_id, - client_auth_method: config.clients[0].client_auth_method, - client_secret: config.clients[0].client_secret, - admin_token: config.matrix.secret, - account_management_url: `http://${container.getHost()}:${container.getMappedPort(8080)}/account`, - }, - }, - }); - - await use(container); - await container.stop(); + // eslint-disable-next-line no-empty-pattern + mas: async ({}, use) => { + // we stub the mas fixture to allow `homeserver` to depend on it to ensure + // when it is specified by `masHomeserver` it is started before the homeserver + await use(undefined); }, }); From 4fce0013c87452e847eb6dc99787a8343a023288 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:06:03 +0000 Subject: [PATCH 13/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/backups.spec.ts | 2 +- playwright/e2e/oidc/oidc-native.spec.ts | 8 +- .../homeserver/synapse/masHomeserver.ts | 166 +++--------------- playwright/services.ts | 3 +- playwright/testcontainers/mas.ts | 21 ++- 5 files changed, 53 insertions(+), 147 deletions(-) diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index baff4cd61ca..91c103702b5 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -31,7 +31,7 @@ test.describe("Encryption state after registration", () => { await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); await app.settings.openUserSettings("Security & Privacy"); - expect(page.getByText("This session is backing up your keys.")).toBeVisible(); + await expect(page.getByText("This session is backing up your keys.")).toBeVisible(); }); test("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index f40c445fabf..60c5bbf025a 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -18,7 +18,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { test.slow(); // trace recording takes a while here test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhogClient, mas }) => { - const tokenUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/token`; + const tokenUri = `${mas.baseUrl}/oauth2/token`; const tokenApiPromise = page.waitForRequest( (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code", ); @@ -44,15 +44,15 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { // Assert MAS sees the session as OIDC Native const newPage = await newPagePromise; - await newPage.getByText("Sessions").click(); + await newPage.getByText("Devices").click(); await newPage.getByText(deviceId).click(); await expect(newPage.getByText("Element")).toBeVisible(); - await expect(newPage.getByText("oauth2_session:")).toBeVisible(); await expect(newPage.getByText("http://localhost:8080/")).toBeVisible(); + await expect(newPage).toHaveURL(/\/oauth2_session/); await newPage.close(); // Assert logging out revokes both tokens - const revokeUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/revoke`; + const revokeUri = `${mas.baseUrl}/oauth2/revoke`; const revokeAccessTokenPromise = page.waitForRequest( (request) => request.url() === revokeUri && request.postDataJSON()["token_type_hint"] === "access_token", ); diff --git a/playwright/plugins/homeserver/synapse/masHomeserver.ts b/playwright/plugins/homeserver/synapse/masHomeserver.ts index 446a0577f8d..cb144fcaeeb 100644 --- a/playwright/plugins/homeserver/synapse/masHomeserver.ts +++ b/playwright/plugins/homeserver/synapse/masHomeserver.ts @@ -6,12 +6,14 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com Please see LICENSE files in the repository root for full details. */ -import { Fixtures } from "@playwright/test"; +import { Fixtures, PlaywrightTestArgs } from "@playwright/test"; import { Services } from "../../../services.ts"; +import { Fixtures as BaseFixtures } from "../../../element-web-test.ts"; import { MatrixAuthenticationServiceContainer } from "../../../testcontainers/mas.ts"; -export const masHomeserver: Fixtures = { +type Fixture = PlaywrightTestArgs & Services & BaseFixtures; +export const masHomeserver: Fixtures = { mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => { const config = { clients: [ @@ -24,7 +26,7 @@ export const masHomeserver: Fixtures = { matrix: { homeserver: "localhost", secret: "AnotherRandomSecret", - endpoint: "http://synapse:8008", + endpoint: "http://homeserver:8008", }, }; @@ -43,144 +45,12 @@ export const masHomeserver: Fixtures = { experimental_features: { msc3861: { enabled: true, - issuer: "http://mas:8080/", - issuer_metadata: { - "issuer": `http://${container.getHost()}:${container.getMappedPort(8080)}/`, - "authorization_endpoint": "http://mas:8080/authorize", - "token_endpoint": "http://mas:8080/oauth2/token", - "jwks_uri": "http://mas:8080/oauth2/keys.json", - "registration_endpoint": "http://mas:8080/oauth2/registration", - "scopes_supported": ["openid", "email"], - "response_types_supported": ["code", "id_token", "code id_token"], - "response_modes_supported": ["form_post", "query", "fragment"], - "grant_types_supported": [ - "authorization_code", - "refresh_token", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - ], - "token_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "token_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "revocation_endpoint": "http://mas:8080/oauth2/revoke", - "revocation_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "revocation_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "introspection_endpoint": "http://mas:8080/oauth2/introspect", - "introspection_endpoint_auth_methods_supported": [ - "client_secret_basic", - "client_secret_post", - "client_secret_jwt", - "private_key_jwt", - "none", - ], - "introspection_endpoint_auth_signing_alg_values_supported": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "code_challenge_methods_supported": ["plain", "S256"], - "userinfo_endpoint": "http://mas:8080/oauth2/userinfo", - "subject_types_supported": ["public"], - "id_token_signing_alg_values_supported": [ - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "PS256", - "PS384", - "PS512", - "ES256K", - ], - "userinfo_signing_alg_values_supported": [ - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "PS256", - "PS384", - "PS512", - "ES256K", - ], - "display_values_supported": ["page"], - "claim_types_supported": ["normal"], - "claims_supported": [ - "iss", - "sub", - "aud", - "iat", - "exp", - "nonce", - "auth_time", - "at_hash", - "c_hash", - ], - "claims_parameter_supported": false, - "request_parameter_supported": false, - "request_uri_parameter_supported": false, - "prompt_values_supported": ["none", "login", "create"], - "device_authorization_endpoint": "http://mas:8080/oauth2/device", - "org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql", - "account_management_uri": "http://mas:8080/account/", - "account_management_actions_supported": [ - "org.matrix.profile", - "org.matrix.sessions_list", - "org.matrix.session_view", - "org.matrix.session_end", - ], - }, + issuer: `http://mas:8080/`, + introspection_endpoint: "http://mas:8080/oauth2/introspect", client_id: config.clients[0].client_id, client_auth_method: config.clients[0].client_auth_method, client_secret: config.clients[0].client_secret, admin_token: config.matrix.secret, - account_management_url: `http://${container.getHost()}:${container.getMappedPort(8080)}/account`, }, }, }); @@ -188,4 +58,26 @@ export const masHomeserver: Fixtures = { await use(container); await container.stop(); }, + + config: async ({ homeserver, context, mas }, use) => { + const issuer = `${mas.baseUrl}/`; + const wellKnown = { + "m.homeserver": { + base_url: homeserver.baseUrl, + }, + "org.matrix.msc2965.authentication": { + issuer, + account: `${issuer}account`, + }, + }; + + // Ensure org.matrix.msc2965.authentication is in well-known + await context.route("https://localhost/.well-known/matrix/client", async (route) => { + await route.fulfill({ json: wellKnown }); + }); + + await use({ + default_server_config: wellKnown, + }); + }, }; diff --git a/playwright/services.ts b/playwright/services.ts index 0e95e91fbe1..c05cb2d29dc 100644 --- a/playwright/services.ts +++ b/playwright/services.ts @@ -12,6 +12,7 @@ import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; import { ContainerLogger } from "./testcontainers/utils.ts"; +import { StartedMatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts"; export interface Services { logger: ContainerLogger; @@ -25,7 +26,7 @@ export interface Services { synapseConfigOptions: SynapseConfigOptions; _homeserver: SynapseContainer; homeserver: StartedSynapseContainer; - mas?: StartedTestContainer; + mas?: StartedMatrixAuthenticationServiceContainer; } export const test = base.extend({ diff --git a/playwright/testcontainers/mas.ts b/playwright/testcontainers/mas.ts index 79c354da4dc..2eadaafac66 100644 --- a/playwright/testcontainers/mas.ts +++ b/playwright/testcontainers/mas.ts @@ -5,7 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com Please see LICENSE files in the repository root for full details. */ -import { GenericContainer, StartedTestContainer, Wait } from "testcontainers"; +import { AbstractStartedContainer, GenericContainer, StartedTestContainer, Wait } from "testcontainers"; import { StartedPostgreSqlContainer } from "@testcontainers/postgresql"; import * as YAML from "yaml"; @@ -133,6 +133,7 @@ const DEFAULT_CONFIG = { algorithm: "argon2id", }, ], + minimum_complexity: 0, }, policy: { wasm_module: "/usr/local/share/mas-cli/policy.wasm", @@ -158,6 +159,9 @@ const DEFAULT_CONFIG = { imprint: null, logo_uri: null, }, + account: { + password_registration_enabled: true, + }, experimental: { access_token_ttl: 300, compat_token_ttl: 300, @@ -168,7 +172,7 @@ export class MatrixAuthenticationServiceContainer extends GenericContainer { private config: typeof DEFAULT_CONFIG; constructor(db: StartedPostgreSqlContainer) { - super("ghcr.io/matrix-org/matrix-authentication-service:0.8.0"); + super("ghcr.io/element-hq/matrix-authentication-service:0.12.0"); this.config = deepCopy(DEFAULT_CONFIG); this.config.database.username = db.getUsername(); @@ -187,7 +191,7 @@ export class MatrixAuthenticationServiceContainer extends GenericContainer { return this; } - public override async start(): Promise { + public override async start(): Promise { const port = await getFreePort(); this.config.http.public_base = `http://localhost:${port}/`; @@ -203,6 +207,15 @@ export class MatrixAuthenticationServiceContainer extends GenericContainer { }, ]); - return super.start(); + return new StartedMatrixAuthenticationServiceContainer(await super.start(), `http://localhost:${port}`); + } +} + +export class StartedMatrixAuthenticationServiceContainer extends AbstractStartedContainer { + constructor( + container: StartedTestContainer, + public readonly baseUrl: string, + ) { + super(container); } } From 4eefa275ab14f6eb0f7472e9e8d89683274776af Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:10:05 +0000 Subject: [PATCH 14/41] Update matrix-authentication-service in Playwright tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/backups.spec.ts | 2 +- playwright/e2e/oidc/oidc-native.spec.ts | 4 +- .../templates/mas-oidc/homeserver.yaml | 100 +----------------- .../matrix-authentication-service/config.yaml | 3 + 4 files changed, 7 insertions(+), 102 deletions(-) diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index 5936c2ede5f..9d98534a47c 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -29,7 +29,7 @@ masTest.describe("Encryption state after registration", () => { await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!"); await app.settings.openUserSettings("Security & Privacy"); - expect(page.getByText("This session is backing up your keys.")).toBeVisible(); + await expect(page.getByText("This session is backing up your keys.")).toBeVisible(); }); masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => { diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index f8dd24daa65..e2e7a816dd2 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -41,11 +41,11 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { // Assert MAS sees the session as OIDC Native const newPage = await newPagePromise; - await newPage.getByText("Sessions").click(); + await newPage.getByText("Devices").click(); await newPage.getByText(deviceId).click(); await expect(newPage.getByText("Element")).toBeVisible(); - await expect(newPage.getByText("oauth2_session:")).toBeVisible(); await expect(newPage.getByText("http://localhost:8080/")).toBeVisible(); + await expect(newPage).toHaveURL(/\/oauth2_session/); await newPage.close(); // Assert logging out revokes both tokens diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml index 802d97acade..147944b89f8 100644 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml @@ -83,102 +83,7 @@ experimental_features: enabled: true issuer: http://localhost:%MAS_PORT%/ - # We have to bake in the metadata here as we need to override `introspection_endpoint` - issuer_metadata: { - "issuer": "http://localhost:%MAS_PORT%/", - "authorization_endpoint": "http://localhost:%MAS_PORT%/authorize", - "token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token", - "jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json", - "registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration", - "scopes_supported": ["openid", "email"], - "response_types_supported": ["code", "id_token", "code id_token"], - "response_modes_supported": ["form_post", "query", "fragment"], - "grant_types_supported": - [ - "authorization_code", - "refresh_token", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - ], - "token_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "token_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke", - "revocation_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "revocation_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - # This is the only changed value - "introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect", - "introspection_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "introspection_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "code_challenge_methods_supported": ["plain", "S256"], - "userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo", - "subject_types_supported": ["public"], - "id_token_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "userinfo_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "display_values_supported": ["page"], - "claim_types_supported": ["normal"], - "claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"], - "claims_parameter_supported": false, - "request_parameter_supported": false, - "request_uri_parameter_supported": false, - "prompt_values_supported": ["none", "login", "create"], - "device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device", - "org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql", - "account_management_uri": "http://localhost:%MAS_PORT%/account/", - "account_management_actions_supported": - [ - "org.matrix.profile", - "org.matrix.sessions_list", - "org.matrix.session_view", - "org.matrix.session_end", - ], - } + introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect", # Matches the `client_id` in the auth service config client_id: 0000000000000000000SYNAPSE @@ -189,6 +94,3 @@ experimental_features: # Matches the `matrix.secret` in the auth service config admin_token: "AnotherRandomSecret" - - # URL to advertise to clients where users can self-manage their account - account_management_url: "http://localhost:%MAS_PORT%/account" diff --git a/playwright/plugins/matrix-authentication-service/config.yaml b/playwright/plugins/matrix-authentication-service/config.yaml index e7ab83e736e..5ee69bdec5a 100644 --- a/playwright/plugins/matrix-authentication-service/config.yaml +++ b/playwright/plugins/matrix-authentication-service/config.yaml @@ -125,6 +125,7 @@ passwords: schemes: - version: 1 algorithm: argon2id + minimum_complexity: 0 matrix: homeserver: localhost secret: AnotherRandomSecret @@ -148,6 +149,8 @@ branding: tos_uri: null imprint: null logo_uri: null +account: + password_registration_enabled: true experimental: access_token_ttl: 300 compat_token_ttl: 300 From 1cd1dcd65240827d8fe53b4eeeb70e4254346e77 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:12:59 +0000 Subject: [PATCH 15/41] delint Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../homeserver/synapse/templates/mas-oidc/homeserver.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml index 147944b89f8..c2badec759b 100644 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml @@ -83,7 +83,7 @@ experimental_features: enabled: true issuer: http://localhost:%MAS_PORT%/ - introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect", + introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect" # Matches the `client_id` in the auth service config client_id: 0000000000000000000SYNAPSE From f1c392dd085c11fca801463026d70e1e1de091c2 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:22:44 +0000 Subject: [PATCH 16/41] Fix SMTP port Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/plugins/homeserver/synapse/emailHomeserver.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playwright/plugins/homeserver/synapse/emailHomeserver.ts b/playwright/plugins/homeserver/synapse/emailHomeserver.ts index a8b4cbf0264..ab7affdee52 100644 --- a/playwright/plugins/homeserver/synapse/emailHomeserver.ts +++ b/playwright/plugins/homeserver/synapse/emailHomeserver.ts @@ -18,7 +18,7 @@ export const emailHomeserver: Fixtures = { registrations_require_3pid: ["email"], email: { smtp_host: "mailhog", - smtp_port: 25, + smtp_port: 1025, notif_from: "Your Friendly %(app)s homeserver ", app_name: "my_branded_matrix_server", }, From 84126e8ed0b864c9f06ee38237511bfed99974c4 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:31:15 +0000 Subject: [PATCH 17/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../homeserver/synapse/templates/mas-oidc/homeserver.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml index c2badec759b..64fea9a5a97 100644 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml @@ -82,8 +82,8 @@ experimental_features: msc3861: enabled: true - issuer: http://localhost:%MAS_PORT%/ - introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect" + issuer: http://host.containers.internal:%MAS_PORT%/ + introspection_endpoint: http://host.containers.internal:%MAS_PORT%/oauth2/introspect # Matches the `client_id` in the auth service config client_id: 0000000000000000000SYNAPSE From eaca3f83d6b3f0d06bfb1349ebdfd98b86003170 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 14:45:15 +0000 Subject: [PATCH 18/41] Comments Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- docs/playwright.md | 6 +++++- playwright/testcontainers/mas.ts | 2 ++ playwright/testcontainers/synapse.ts | 14 ++++++++++---- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/docs/playwright.md b/docs/playwright.md index 73ee77228b7..fe44a06ff17 100644 --- a/docs/playwright.md +++ b/docs/playwright.md @@ -227,7 +227,11 @@ has to be disabled in Playwright on Firefox & Webkit to retain routing functiona Anything testing VoIP/microphone will need to have `@no-webkit` as fake microphone functionality is not available there at this time. -## Colima +## Supporter container runtimes + +We use testcontainers to spin up various instances of Synapse, Matrix Authentication Service, and more. +It supports Docker out of the box but also has support for Podman, Colima, Rancher, you just need to follow some instructions to achieve it: +https://node.testcontainers.org/supported-container-runtimes/ If you are running under Colima, you may need to set the environment variable `TMPDIR` to `/tmp/colima` or a path within `$HOME` to allow bind mounting temporary directories into the Docker containers. diff --git a/playwright/testcontainers/mas.ts b/playwright/testcontainers/mas.ts index 2eadaafac66..0c5dae89d0c 100644 --- a/playwright/testcontainers/mas.ts +++ b/playwright/testcontainers/mas.ts @@ -144,7 +144,9 @@ const DEFAULT_CONFIG = { email_entrypoint: "email/violation", data: { client_registration: { + // allow non-SSL and localhost URIs allow_insecure_uris: true, + // EW doesn't have contacts at this time allow_missing_contacts: true, }, }, diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index 96104d6272d..4cc5c3e7d8e 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -20,13 +20,15 @@ const TAG = "develop@sha256:17cc0a301447430624afb860276e5c13270ddeb99a3f6d1c6d51 const DEFAULT_CONFIG = { server_name: "localhost", - public_baseurl: "", + public_baseurl: "", // set by start method pid_file: "/homeserver.pid", web_client: false, soft_file_limit: 0, + // Needs to be configured to log to the console like a good docker process log_config: "/data/log.config", listeners: [ { + // Listener is always port 8008 (configured in the container) port: 8008, tls: false, bind_addresses: ["::"], @@ -41,6 +43,7 @@ const DEFAULT_CONFIG = { }, ], database: { + // An sqlite in-memory database is fast & automatically wipes each time name: "sqlite3", args: { database: ":memory:", @@ -102,11 +105,13 @@ const DEFAULT_CONFIG = { enable_registration_without_verification: true, disable_msisdn_registration: false, registrations_require_3pid: [], - registration_shared_secret: "secret", enable_metrics: false, report_stats: false, + // These placeholders will be replaced with values generated at start + registration_shared_secret: "secret", macaroon_secret_key: "secret", form_secret: "secret", + // Signing key must be here: it will be generated to this file signing_key_path: "/data/localhost.signing.key", trusted_key_servers: [], password_config: { @@ -116,6 +121,7 @@ const DEFAULT_CONFIG = { session_timeout: "300s", }, background_updates: { + // Inhibit background updates as this Synapse isn't long-lived min_batch_size: 100000, sleep_duration_ms: 100000, }, @@ -144,9 +150,9 @@ export class SynapseContainer extends GenericContainer { const signingKey = randB64Bytes(32); this.withWaitStrategy(Wait.forHttp("/health", 8008)).withCopyContentToContainer([ - { target: "/data/localhost.signing.key", content: `ed25519 x ${signingKey}` }, + { target: this.config.signing_key_path, content: `ed25519 x ${signingKey}` }, { - target: "/data/log.config", + target: this.config.log_config, content: YAML.stringify({ version: 1, formatters: { From edefe021747b9cf8c6717d238955d2e24824e998 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 14:53:20 +0000 Subject: [PATCH 19/41] Strip ansi from playwright logs to make them more readable Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- package.json | 1 + playwright/testcontainers/utils.ts | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 4e00cb47f4a..c77d6ce7880 100644 --- a/package.json +++ b/package.json @@ -275,6 +275,7 @@ "rimraf": "^6.0.0", "semver": "^7.5.2", "source-map-loader": "^5.0.0", + "strip-ansi": "^7.1.0", "stylelint": "^16.1.0", "stylelint-config-standard": "^36.0.0", "stylelint-scss": "^6.0.0", diff --git a/playwright/testcontainers/utils.ts b/playwright/testcontainers/utils.ts index d4fe32b4d82..36b8d8aabf7 100644 --- a/playwright/testcontainers/utils.ts +++ b/playwright/testcontainers/utils.ts @@ -7,6 +7,7 @@ Please see LICENSE files in the repository root for full details. import { TestInfo } from "@playwright/test"; import { Readable } from "stream"; +import stripAnsi from "strip-ansi"; export class ContainerLogger { private logs: Record = {}; @@ -27,7 +28,7 @@ export class ContainerLogger { if (testInfo.status !== "passed") { for (const container in this.logs) { await testInfo.attach(container, { - body: this.logs[container], + body: stripAnsi(this.logs[container]), contentType: "text/plain", }); } From d506dec51a3f950f4262f4415bc27e7808eccd45 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:09:39 +0000 Subject: [PATCH 20/41] Actually do the update Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../plugins/matrix-authentication-service/index.ts | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/playwright/plugins/matrix-authentication-service/index.ts b/playwright/plugins/matrix-authentication-service/index.ts index eeccd4f4950..d752b92e524 100644 --- a/playwright/plugins/matrix-authentication-service/index.ts +++ b/playwright/plugins/matrix-authentication-service/index.ts @@ -18,8 +18,7 @@ import { HomeserverInstance } from "../homeserver"; import { Instance as MailhogInstance } from "../mailhog"; // Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image. -// We use a debug tag so that we have a shell and can run all 3 necessary commands in one run. -const TAG = "0.8.0-debug"; +const TAG = "0.12.0"; export interface ProxyInstance { containerId: string; @@ -87,15 +86,10 @@ export class MatrixAuthenticationService { console.log(new Date(), "starting mas container...", TAG); const containerId = await this.masDocker.run({ - image: "ghcr.io/matrix-org/matrix-authentication-service:" + TAG, + image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG, containerName: "react-sdk-playwright-mas", - params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`, "--entrypoint", "sh"], - cmd: [ - "-c", - "mas-cli database migrate --config /config/config.yaml && " + - "mas-cli config sync --config /config/config.yaml && " + - "mas-cli server --config /config/config.yaml", - ], + params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`], + cmd: ["mas-cli", "server", "--config", "/config/config.yaml"], }); console.log(new Date(), "started!"); From 63e855e0c4f8f092848377e77c4a207f640f38a6 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:25:40 +0000 Subject: [PATCH 21/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/dehydration.spec.ts | 49 +++++++++++------------ playwright/e2e/crypto/migration.spec.ts | 32 +++++++-------- playwright/testcontainers/dendrite.ts | 14 +++---- playwright/testcontainers/mas.ts | 1 + playwright/testcontainers/synapse.ts | 1 + 5 files changed, 46 insertions(+), 51 deletions(-) diff --git a/playwright/e2e/crypto/dehydration.spec.ts b/playwright/e2e/crypto/dehydration.spec.ts index 64d0c4888cd..fe0aad51b98 100644 --- a/playwright/e2e/crypto/dehydration.spec.ts +++ b/playwright/e2e/crypto/dehydration.spec.ts @@ -8,35 +8,10 @@ Please see LICENSE files in the repository root for full details. import { Locator, type Page } from "@playwright/test"; -import { test as base, expect, Fixtures } from "../../element-web-test"; +import { test, expect } from "../../element-web-test"; import { viewRoomSummaryByName } from "../right-panel/utils"; import { isDendrite } from "../../plugins/homeserver/dendrite"; -const test = base.extend({ - synapseConfigOptions: { - experimental_features: { - msc2697_enabled: false, - msc3814_enabled: true, - }, - }, - config: async ({ homeserver, context }, use) => { - const wellKnown = { - "m.homeserver": { - base_url: homeserver.baseUrl, - }, - "org.matrix.msc3814": true, - }; - - await context.route("https://localhost/.well-known/matrix/client", async (route) => { - await route.fulfill({ json: wellKnown }); - }); - - await use({ - default_server_config: wellKnown, - }); - }, -}); - const ROOM_NAME = "Test room"; const NAME = "Alice"; @@ -49,6 +24,28 @@ test.describe("Dehydration", () => { test.use({ displayName: NAME, + synapseConfigOptions: { + experimental_features: { + msc2697_enabled: false, + msc3814_enabled: true, + }, + }, + config: async ({ homeserver, context }, use) => { + const wellKnown = { + "m.homeserver": { + base_url: homeserver.baseUrl, + }, + "org.matrix.msc3814": true, + }; + + await context.route("https://localhost/.well-known/matrix/client", async (route) => { + await route.fulfill({ json: wellKnown }); + }); + + await use({ + default_server_config: wellKnown, + }); + }, }); test("Create dehydrated device", async ({ page, user, app }, workerInfo) => { diff --git a/playwright/e2e/crypto/migration.spec.ts b/playwright/e2e/crypto/migration.spec.ts index c36cf2997ee..86072fccc07 100644 --- a/playwright/e2e/crypto/migration.spec.ts +++ b/playwright/e2e/crypto/migration.spec.ts @@ -9,24 +9,24 @@ Please see LICENSE files in the repository root for full details. import path from "path"; import { readFile } from "node:fs/promises"; -import { expect, Fixtures, test as base } from "../../element-web-test"; - -const test = base.extend({ - // Replace the `user` fixture with one which populates the indexeddb data before starting the app. - user: async ({ context, pageWithCredentials: page, credentials }, use) => { - await page.route(`/test_indexeddb_cryptostore_dump/*`, async (route, request) => { - const resourcePath = path.join(__dirname, new URL(request.url()).pathname); - const body = await readFile(resourcePath, { encoding: "utf-8" }); - await route.fulfill({ body }); - }); - await page.goto("/test_indexeddb_cryptostore_dump/index.html"); - - await use(credentials); - }, -}); +import { expect, test } from "../../element-web-test"; test.describe("migration", { tag: "@no-webkit" }, function () { - test.use({ displayName: "Alice" }); + test.use({ + displayName: "Alice", + + // Replace the `user` fixture with one which populates the indexeddb data before starting the app. + user: async ({ context, pageWithCredentials: page, credentials }, use) => { + await page.route(`/test_indexeddb_cryptostore_dump/*`, async (route, request) => { + const resourcePath = path.join(__dirname, new URL(request.url()).pathname); + const body = await readFile(resourcePath, { encoding: "utf-8" }); + await route.fulfill({ body }); + }); + await page.goto("/test_indexeddb_cryptostore_dump/index.html"); + + await use(credentials); + }, + }); test("Should support migration from legacy crypto", async ({ context, user, page }, workerInfo) => { test.slow(); diff --git a/playwright/testcontainers/dendrite.ts b/playwright/testcontainers/dendrite.ts index f066791e2b4..141d96156b6 100644 --- a/playwright/testcontainers/dendrite.ts +++ b/playwright/testcontainers/dendrite.ts @@ -10,7 +10,6 @@ import { APIRequestContext } from "@playwright/test"; import * as YAML from "yaml"; import { set } from "lodash"; -import { getFreePort } from "../plugins/utils/port.ts"; import { randB64Bytes } from "../plugins/utils/rand.ts"; import { StartedSynapseContainer } from "./synapse.ts"; import { deepCopy } from "../plugins/utils/object.ts"; @@ -223,6 +222,7 @@ export class DendriteContainer extends GenericContainer { "-c", `/usr/bin/generate-keys -private-key /etc/dendrite/matrix_key.pem && ${binary} --config /etc/dendrite/dendrite.yaml --really-enable-open-registration true run`, ]) + .withExposedPorts(8008) .withWaitStrategy(Wait.forHttp("/_matrix/client/versions", 8008)); } @@ -240,22 +240,18 @@ export class DendriteContainer extends GenericContainer { } public override async start(): Promise { - const port = await getFreePort(); - - this.withExposedPorts({ - container: 8008, - host: port, - }).withCopyContentToContainer([ + this.withCopyContentToContainer([ { target: "/etc/dendrite/dendrite.yaml", content: YAML.stringify(this.config), }, ]); + const container = await super.start(); // Surprisingly, Dendrite implements the same register user Admin API Synapse, so we can just extend it return new StartedSynapseContainer( - await super.start(), - `http://localhost:${port}`, + container, + `http://${container.getHost()}:${container.getMappedPort(8008)}`, this.config.client_api.registration_shared_secret, this.request, ); diff --git a/playwright/testcontainers/mas.ts b/playwright/testcontainers/mas.ts index 0c5dae89d0c..d15f619dbc6 100644 --- a/playwright/testcontainers/mas.ts +++ b/playwright/testcontainers/mas.ts @@ -194,6 +194,7 @@ export class MatrixAuthenticationServiceContainer extends GenericContainer { } public override async start(): Promise { + // MAS config issuer needs to know what URL it'll be accessed from, so we have to map the port manually const port = await getFreePort(); this.config.http.public_base = `http://localhost:${port}/`; diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index 4cc5c3e7d8e..a04041437f3 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -199,6 +199,7 @@ export class SynapseContainer extends GenericContainer { } public override async start(): Promise { + // Synapse config public_baseurl needs to know what URL it'll be accessed from, so we have to map the port manually const port = await getFreePort(); this.withExposedPorts({ From 8e1372b0b468742521f472692aeefaaa6f1ccb57 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:29:52 +0000 Subject: [PATCH 22/41] Remove access to homeserver.config.baseUrl field in favour of homeserver.baseUrl Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../e2e/app-loading/guest-registration.spec.ts | 2 +- playwright/e2e/crypto/dehydration.spec.ts | 2 +- playwright/e2e/crypto/utils.ts | 2 +- .../forgot-password/forgot-password.spec.ts | 4 ++-- playwright/e2e/login/login.spec.ts | 18 +++++++++--------- playwright/e2e/login/overwrite_login.spec.ts | 2 +- playwright/e2e/login/utils.ts | 2 +- playwright/e2e/oidc/index.ts | 2 +- playwright/e2e/register/email.spec.ts | 2 +- playwright/e2e/register/register.spec.ts | 4 ++-- playwright/element-web-test.ts | 2 +- playwright/pages/bot.ts | 6 +++--- playwright/pages/crypto.ts | 2 +- playwright/plugins/homeserver/index.ts | 1 + playwright/plugins/homeserver/synapse/index.ts | 4 ++++ 15 files changed, 30 insertions(+), 25 deletions(-) diff --git a/playwright/e2e/app-loading/guest-registration.spec.ts b/playwright/e2e/app-loading/guest-registration.spec.ts index 78ba57ad6bf..fe4215452b0 100644 --- a/playwright/e2e/app-loading/guest-registration.spec.ts +++ b/playwright/e2e/app-loading/guest-registration.spec.ts @@ -17,7 +17,7 @@ test.use({ config: async ({ homeserver }, use) => { await use({ default_server_config: { - "m.homeserver": { base_url: homeserver.config.baseUrl }, + "m.homeserver": { base_url: homeserver.baseUrl }, }, }); }, diff --git a/playwright/e2e/crypto/dehydration.spec.ts b/playwright/e2e/crypto/dehydration.spec.ts index b2aa65b1a25..4f87433f295 100644 --- a/playwright/e2e/crypto/dehydration.spec.ts +++ b/playwright/e2e/crypto/dehydration.spec.ts @@ -20,7 +20,7 @@ const test = base.extend({ config: async ({ homeserver, context }, use) => { const wellKnown = { "m.homeserver": { - base_url: homeserver.config.baseUrl, + base_url: homeserver.baseUrl, }, "org.matrix.msc3814": true, }; diff --git a/playwright/e2e/crypto/utils.ts b/playwright/e2e/crypto/utils.ts index b170b24d669..f7f00ef387a 100644 --- a/playwright/e2e/crypto/utils.ts +++ b/playwright/e2e/crypto/utils.ts @@ -148,7 +148,7 @@ export async function logIntoElement( // select homeserver await page.getByRole("button", { name: "Edit" }).click(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue", exact: true }).click(); // wait for the dialog to go away diff --git a/playwright/e2e/forgot-password/forgot-password.spec.ts b/playwright/e2e/forgot-password/forgot-password.spec.ts index 9ffacc8efc9..e53cb52dd45 100644 --- a/playwright/e2e/forgot-password/forgot-password.spec.ts +++ b/playwright/e2e/forgot-password/forgot-password.spec.ts @@ -32,7 +32,7 @@ test.describe("Forgot Password", () => { await page.getByRole("link", { name: "Sign in" }).click(); // need to select a homeserver at this stage, before entering the forgot password flow - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("button", { name: "Forgot password?" }).click(); @@ -47,7 +47,7 @@ test.describe("Forgot Password", () => { await page.goto("/"); await page.getByRole("link", { name: "Sign in" }).click(); - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("button", { name: "Forgot password?" }).click(); diff --git a/playwright/e2e/login/login.spec.ts b/playwright/e2e/login/login.spec.ts index 864f41922a9..40c2860f957 100644 --- a/playwright/e2e/login/login.spec.ts +++ b/playwright/e2e/login/login.spec.ts @@ -70,7 +70,7 @@ const DEVICE_SIGNING_KEYS_BODY = { async function login(page: Page, homeserver: HomeserverInstance) { await page.getByRole("link", { name: "Sign in" }).click(); - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("textbox", { name: "Username" }).fill(username); await page.getByPlaceholder("Password").fill(password); @@ -101,7 +101,7 @@ test.describe("Login", () => { await page.getByRole("link", { name: "Sign in" }).click(); // first pick the homeserver, as otherwise the user picker won't be visible - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await page.getByRole("button", { name: "Edit" }).click(); @@ -114,7 +114,7 @@ test.describe("Login", () => { await expect(page.locator(".mx_ServerPicker_server")).toHaveText("server.invalid"); // switch back to the custom homeserver - await selectHomeserver(page, homeserver.config.baseUrl); + await selectHomeserver(page, homeserver.baseUrl); await expect(page.getByRole("textbox", { name: "Username" })).toBeVisible(); // Disabled because flaky - see https://github.com/vector-im/element-web/issues/24688 @@ -142,10 +142,10 @@ test.describe("Login", () => { homeserver, request, }) => { - const res = await request.post( - `${homeserver.config.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, - { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, - ); + const res = await request.post(`${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { + headers: { Authorization: `Bearer ${creds.accessToken}` }, + data: DEVICE_SIGNING_KEYS_BODY, + }); if (res.status() / 100 !== 2) { console.log("Uploading dummy keys failed", await res.json()); } @@ -172,7 +172,7 @@ test.describe("Login", () => { request, }) => { const res = await request.post( - `${homeserver.config.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, + `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, ); if (res.status() / 100 !== 2) { @@ -203,7 +203,7 @@ test.describe("Login", () => { }) => { console.log(`uid ${creds.userId} body`, DEVICE_SIGNING_KEYS_BODY); const res = await request.post( - `${homeserver.config.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, + `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, ); if (res.status() / 100 !== 2) { diff --git a/playwright/e2e/login/overwrite_login.spec.ts b/playwright/e2e/login/overwrite_login.spec.ts index 7d5ec6a649d..7fa1ccc7ece 100644 --- a/playwright/e2e/login/overwrite_login.spec.ts +++ b/playwright/e2e/login/overwrite_login.spec.ts @@ -24,7 +24,7 @@ test.describe("Overwrite login action", () => { expect(credentials.userId).not.toBe(bobRegister.userId); const clientCredentials /* IMatrixClientCreds */ = { - homeserverUrl: homeserver.config.baseUrl, + homeserverUrl: homeserver.baseUrl, ...bobRegister, }; diff --git a/playwright/e2e/login/utils.ts b/playwright/e2e/login/utils.ts index 2c576dbea74..0a728faecc1 100644 --- a/playwright/e2e/login/utils.ts +++ b/playwright/e2e/login/utils.ts @@ -19,7 +19,7 @@ export async function doTokenRegistration( await page.goto("/#/login"); await page.getByRole("button", { name: "Edit" }).click(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue" }).click(); // wait for the dialog to go away await expect(page.locator(".mx_ServerPickerDialog")).toHaveCount(0); diff --git a/playwright/e2e/oidc/index.ts b/playwright/e2e/oidc/index.ts index 7a99677968b..2f962e6b6d0 100644 --- a/playwright/e2e/oidc/index.ts +++ b/playwright/e2e/oidc/index.ts @@ -44,7 +44,7 @@ export const test = base.extend<{ const issuer = `http://localhost:${(startHomeserverOpts as StartHomeserverOpts).variables["MAS_PORT"]}/`; const wellKnown = { "m.homeserver": { - base_url: homeserver.config.baseUrl, + base_url: homeserver.baseUrl, }, "org.matrix.msc2965.authentication": { issuer, diff --git a/playwright/e2e/register/email.spec.ts b/playwright/e2e/register/email.spec.ts index 12d706ab3c8..20fa6802298 100644 --- a/playwright/e2e/register/email.spec.ts +++ b/playwright/e2e/register/email.spec.ts @@ -25,7 +25,7 @@ test.describe("Email Registration", async () => { use({ default_server_config: { "m.homeserver": { - base_url: homeserver.config.baseUrl, + base_url: homeserver.baseUrl, }, "m.identity_server": { base_url: "https://server.invalid", diff --git a/playwright/e2e/register/register.spec.ts b/playwright/e2e/register/register.spec.ts index 553972d6cfb..c1b70de6947 100644 --- a/playwright/e2e/register/register.spec.ts +++ b/playwright/e2e/register/register.spec.ts @@ -27,7 +27,7 @@ test.describe("Registration", () => { await expect(page.locator(".mx_Dialog")).toMatchScreenshot("server-picker.png"); await checkA11y(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue", exact: true }).click(); // wait for the dialog to go away await expect(page.getByRole("dialog")).not.toBeVisible(); @@ -88,7 +88,7 @@ test.describe("Registration", () => { test("should require username to fulfil requirements and be available", async ({ homeserver, page }) => { await page.getByRole("button", { name: "Edit", exact: true }).click(); await expect(page.getByRole("button", { name: "Continue", exact: true })).toBeVisible(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.config.baseUrl); + await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); await page.getByRole("button", { name: "Continue", exact: true }).click(); // wait for the dialog to go away await expect(page.getByRole("dialog")).not.toBeVisible(); diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index 6803da9e16b..4f85fd61ee1 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -220,7 +220,7 @@ export const test = base.extend({ // Ensure the language is set to a consistent value window.localStorage.setItem("mx_local_settings", '{"language":"en"}'); }, - { baseUrl: homeserver.config.baseUrl, credentials }, + { baseUrl: homeserver.baseUrl, credentials }, ); await use(page); }, diff --git a/playwright/pages/bot.ts b/playwright/pages/bot.ts index fbb7fd90101..1d414c7bf6a 100644 --- a/playwright/pages/bot.ts +++ b/playwright/pages/bot.ts @@ -97,7 +97,7 @@ export class Bot extends Client { private async buildClient(): Promise> { const credentials = await this.getCredentials(); const clientHandle = await this.page.evaluateHandle( - async ({ homeserver, credentials, opts }) => { + async ({ baseUrl, credentials, opts }) => { function getLogger(loggerName: string): Logger { const logger = { getChild: (namespace: string) => getLogger(`${loggerName}:${namespace}`), @@ -157,7 +157,7 @@ export class Bot extends Client { }; const cli = new window.matrixcs.MatrixClient({ - baseUrl: homeserver.baseUrl, + baseUrl, userId: credentials.userId, deviceId: credentials.deviceId, accessToken: credentials.accessToken, @@ -179,7 +179,7 @@ export class Bot extends Client { return cli; }, { - homeserver: this.homeserver.config, + baseUrl: this.homeserver.baseUrl, credentials, opts: this.opts, }, diff --git a/playwright/pages/crypto.ts b/playwright/pages/crypto.ts index 934c81d7f6a..c31e7fbedb3 100644 --- a/playwright/pages/crypto.ts +++ b/playwright/pages/crypto.ts @@ -27,7 +27,7 @@ export class Crypto { accessToken: window.mxMatrixClientPeg.get().getAccessToken(), })); - const res = await this.request.post(`${this.homeserver.config.baseUrl}/_matrix/client/v3/keys/query`, { + const res = await this.request.post(`${this.homeserver.baseUrl}/_matrix/client/v3/keys/query`, { headers: { Authorization: `Bearer ${accessToken}` }, data: { device_keys: { [userId]: [] } }, }); diff --git a/playwright/plugins/homeserver/index.ts b/playwright/plugins/homeserver/index.ts index c6a09ceab7f..c0f07a7bcde 100644 --- a/playwright/plugins/homeserver/index.ts +++ b/playwright/plugins/homeserver/index.ts @@ -16,6 +16,7 @@ export interface HomeserverConfig { export interface HomeserverInstance { readonly config: HomeserverConfig; + readonly baseUrl: string; /** * Register a user on the given Homeserver using the shared registration secret. diff --git a/playwright/plugins/homeserver/synapse/index.ts b/playwright/plugins/homeserver/synapse/index.ts index 574797ae750..ea9d8e3c2e3 100644 --- a/playwright/plugins/homeserver/synapse/index.ts +++ b/playwright/plugins/homeserver/synapse/index.ts @@ -146,6 +146,10 @@ export class Synapse implements Homeserver, HomeserverInstance { return [path.join(synapseLogsPath, "stdout.log"), path.join(synapseLogsPath, "stderr.log")]; } + public get baseUrl(): string { + return this.config.baseUrl; + } + private async registerUserInternal( username: string, password: string, From d80ad9d358aff27bb0224cb210888560296ae62c Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:40:19 +0000 Subject: [PATCH 23/41] Use sane default_server_config and specify server.invalid in the specific tests which demand it Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../app-loading/guest-registration.spec.ts | 7 ----- .../e2e/crypto/complete-security.spec.ts | 11 +++++++- .../decryption-failure-messages.spec.ts | 4 +-- playwright/e2e/crypto/dehydration.spec.ts | 10 +++---- .../e2e/crypto/device-verification.spec.ts | 10 +++---- playwright/e2e/crypto/event-shields.spec.ts | 2 +- playwright/e2e/crypto/logout.spec.ts | 2 +- playwright/e2e/crypto/utils.ts | 15 +---------- .../forgot-password/forgot-password.spec.ts | 9 +++++++ playwright/e2e/login/login.spec.ts | 12 +++++++++ playwright/e2e/login/overwrite_login.spec.ts | 2 +- playwright/e2e/login/soft_logout.spec.ts | 9 +++++++ playwright/e2e/oidc/index.ts | 10 +++---- playwright/e2e/register/email.spec.ts | 7 +++-- playwright/element-web-test.ts | 26 +++++++++---------- 15 files changed, 72 insertions(+), 64 deletions(-) diff --git a/playwright/e2e/app-loading/guest-registration.spec.ts b/playwright/e2e/app-loading/guest-registration.spec.ts index fe4215452b0..ea732e59ece 100644 --- a/playwright/e2e/app-loading/guest-registration.spec.ts +++ b/playwright/e2e/app-loading/guest-registration.spec.ts @@ -14,13 +14,6 @@ import { expect, test } from "../../element-web-test"; test.use({ startHomeserverOpts: "guest-enabled", - config: async ({ homeserver }, use) => { - await use({ - default_server_config: { - "m.homeserver": { base_url: homeserver.baseUrl }, - }, - }); - }, }); test("Shows the welcome page by default", async ({ page }) => { diff --git a/playwright/e2e/crypto/complete-security.spec.ts b/playwright/e2e/crypto/complete-security.spec.ts index 44eb70355c8..9d85f85356e 100644 --- a/playwright/e2e/crypto/complete-security.spec.ts +++ b/playwright/e2e/crypto/complete-security.spec.ts @@ -12,6 +12,15 @@ import { logIntoElement } from "./utils"; test.describe("Complete security", () => { test.use({ displayName: "Jeff", + config: { + // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. + // We point that to a guaranteed-invalid domain. + default_server_config: { + "m.homeserver": { + base_url: "https://server.invalid", + }, + }, + }, }); test("should go straight to the welcome screen if we have no signed device", async ({ @@ -19,7 +28,7 @@ test.describe("Complete security", () => { homeserver, credentials, }) => { - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); await expect(page.getByText("Welcome Jeff", { exact: true })).toBeVisible(); }); diff --git a/playwright/e2e/crypto/decryption-failure-messages.spec.ts b/playwright/e2e/crypto/decryption-failure-messages.spec.ts index b9199ef9fd8..e1952bfec60 100644 --- a/playwright/e2e/crypto/decryption-failure-messages.spec.ts +++ b/playwright/e2e/crypto/decryption-failure-messages.spec.ts @@ -45,7 +45,7 @@ test.describe("Cryptography", function () { await logOutOfElement(page, true); // Log in again, and see how the message looks. - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); await app.viewRoomByName("Test room"); const lastTile = page.locator(".mx_EventTile").last(); await expect(lastTile).toContainText("Historical messages are not available on this device"); @@ -62,7 +62,7 @@ test.describe("Cryptography", function () { // Finally, log out again, and back in, skipping verification for now, and see what we see. await logOutOfElement(page); - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); await page.locator(".mx_AuthPage").getByRole("button", { name: "Skip verification for now" }).click(); await page.locator(".mx_AuthPage").getByRole("button", { name: "I'll verify later" }).click(); await app.viewRoomByName("Test room"); diff --git a/playwright/e2e/crypto/dehydration.spec.ts b/playwright/e2e/crypto/dehydration.spec.ts index 4f87433f295..aa4df542a56 100644 --- a/playwright/e2e/crypto/dehydration.spec.ts +++ b/playwright/e2e/crypto/dehydration.spec.ts @@ -17,11 +17,9 @@ const test = base.extend({ startHomeserverOpts: async ({}, use) => { await use("dehydration"); }, - config: async ({ homeserver, context }, use) => { + context: async ({ config, context }, use) => { const wellKnown = { - "m.homeserver": { - base_url: homeserver.baseUrl, - }, + ...config.default_server_config, "org.matrix.msc3814": true, }; @@ -29,9 +27,7 @@ const test = base.extend({ await route.fulfill({ json: wellKnown }); }); - await use({ - default_server_config: wellKnown, - }); + await use(context); }, }); diff --git a/playwright/e2e/crypto/device-verification.spec.ts b/playwright/e2e/crypto/device-verification.spec.ts index ddd564139f0..a028bfb70c2 100644 --- a/playwright/e2e/crypto/device-verification.spec.ts +++ b/playwright/e2e/crypto/device-verification.spec.ts @@ -66,7 +66,7 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => { } test("Verify device with SAS during login", async ({ page, app, credentials, homeserver }) => { - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); // Launch the verification request between alice and the bot const verificationRequest = await initiateAliceVerificationRequest(page); @@ -93,7 +93,7 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => { test("Verify device with QR code during login", async ({ page, app, credentials, homeserver }) => { // A mode 0x02 verification: "self-verifying in which the current device does not yet trust the master key" - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); // Launch the verification request between alice and the bot const verificationRequest = await initiateAliceVerificationRequest(page); @@ -137,7 +137,7 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => { }); test("Verify device with Security Phrase during login", async ({ page, app, credentials, homeserver }) => { - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); // Select the security phrase await page.locator(".mx_AuthPage").getByRole("button", { name: "Verify with Security Key or Phrase" }).click(); @@ -158,7 +158,7 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => { }); test("Verify device with Security Key during login", async ({ page, app, credentials, homeserver }) => { - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); // Select the security phrase await page.locator(".mx_AuthPage").getByRole("button", { name: "Verify with Security Key or Phrase" }).click(); @@ -181,7 +181,7 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => { }); test("Handle incoming verification request with SAS", async ({ page, credentials, homeserver, toasts }) => { - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); /* Dismiss "Verify this device" */ const authPage = page.locator(".mx_AuthPage"); diff --git a/playwright/e2e/crypto/event-shields.spec.ts b/playwright/e2e/crypto/event-shields.spec.ts index f680f340c3d..3811c2819e5 100644 --- a/playwright/e2e/crypto/event-shields.spec.ts +++ b/playwright/e2e/crypto/event-shields.spec.ts @@ -207,7 +207,7 @@ test.describe("Cryptography", function () { window.localStorage.clear(); }); await page.reload(); - await logIntoElement(page, homeserver, aliceCredentials, securityKey); + await logIntoElement(page, aliceCredentials, securityKey); /* go back to the test room and find Bob's message again */ await app.viewRoomById(testRoomId); diff --git a/playwright/e2e/crypto/logout.spec.ts b/playwright/e2e/crypto/logout.spec.ts index 8e408dc6344..2bafe0ece88 100644 --- a/playwright/e2e/crypto/logout.spec.ts +++ b/playwright/e2e/crypto/logout.spec.ts @@ -11,7 +11,7 @@ import { createRoom, enableKeyBackup, logIntoElement, sendMessageInCurrentRoom } test.describe("Logout tests", () => { test.beforeEach(async ({ page, homeserver, credentials }) => { - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); }); test("Ask to set up recovery on logout if not setup", async ({ page, app }) => { diff --git a/playwright/e2e/crypto/utils.ts b/playwright/e2e/crypto/utils.ts index f7f00ef387a..48da798f1a7 100644 --- a/playwright/e2e/crypto/utils.ts +++ b/playwright/e2e/crypto/utils.ts @@ -138,22 +138,9 @@ export async function checkDeviceIsConnectedKeyBackup( * * If a `securityKey` is given, verifies the new device using the key. */ -export async function logIntoElement( - page: Page, - homeserver: HomeserverInstance, - credentials: Credentials, - securityKey?: string, -) { +export async function logIntoElement(page: Page, credentials: Credentials, securityKey?: string) { await page.goto("/#/login"); - // select homeserver - await page.getByRole("button", { name: "Edit" }).click(); - await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); - await page.getByRole("button", { name: "Continue", exact: true }).click(); - - // wait for the dialog to go away - await expect(page.locator(".mx_ServerPickerDialog")).not.toBeVisible(); - await page.getByRole("textbox", { name: "Username" }).fill(credentials.userId); await page.getByPlaceholder("Password").fill(credentials.password); await page.getByRole("button", { name: "Sign in" }).click(); diff --git a/playwright/e2e/forgot-password/forgot-password.spec.ts b/playwright/e2e/forgot-password/forgot-password.spec.ts index e53cb52dd45..8033f0a1236 100644 --- a/playwright/e2e/forgot-password/forgot-password.spec.ts +++ b/playwright/e2e/forgot-password/forgot-password.spec.ts @@ -16,6 +16,15 @@ const email = "user@nowhere.dummy"; test.describe("Forgot Password", () => { test.use({ + config: { + // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. + // We point that to a guaranteed-invalid domain. + default_server_config: { + "m.homeserver": { + base_url: "https://server.invalid", + }, + }, + }, startHomeserverOpts: ({ mailhog }, use) => use({ template: "email", diff --git a/playwright/e2e/login/login.spec.ts b/playwright/e2e/login/login.spec.ts index 40c2860f957..7bab38e015d 100644 --- a/playwright/e2e/login/login.spec.ts +++ b/playwright/e2e/login/login.spec.ts @@ -78,6 +78,18 @@ async function login(page: Page, homeserver: HomeserverInstance) { } test.describe("Login", () => { + test.use({ + config: { + // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. + // We point that to a guaranteed-invalid domain. + default_server_config: { + "m.homeserver": { + base_url: "https://server.invalid", + }, + }, + }, + }); + test.describe("Password login", () => { test.use({ startHomeserverOpts: "consent" }); diff --git a/playwright/e2e/login/overwrite_login.spec.ts b/playwright/e2e/login/overwrite_login.spec.ts index 7fa1ccc7ece..4beed00d120 100644 --- a/playwright/e2e/login/overwrite_login.spec.ts +++ b/playwright/e2e/login/overwrite_login.spec.ts @@ -13,7 +13,7 @@ test.describe("Overwrite login action", () => { // This seems terminally flakey: https://github.com/element-hq/element-web/issues/27363 // I tried verious things to try & deflake it, to no avail: https://github.com/matrix-org/matrix-react-sdk/pull/12506 test.skip("Try replace existing login with new one", async ({ page, app, credentials, homeserver }) => { - await logIntoElement(page, homeserver, credentials); + await logIntoElement(page, credentials); const userMenu = await app.openUserMenu(); await expect(userMenu.getByText(credentials.userId)).toBeVisible(); diff --git a/playwright/e2e/login/soft_logout.spec.ts b/playwright/e2e/login/soft_logout.spec.ts index cb8f832f9dd..dec6b409c05 100644 --- a/playwright/e2e/login/soft_logout.spec.ts +++ b/playwright/e2e/login/soft_logout.spec.ts @@ -16,6 +16,15 @@ import { isDendrite } from "../../plugins/homeserver/dendrite"; test.describe("Soft logout", () => { test.use({ displayName: "Alice", + config: { + // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. + // We point that to a guaranteed-invalid domain. + default_server_config: { + "m.homeserver": { + base_url: "https://server.invalid", + }, + }, + }, startHomeserverOpts: ({ oAuthServer }, use) => use({ template: "default", diff --git a/playwright/e2e/oidc/index.ts b/playwright/e2e/oidc/index.ts index 2f962e6b6d0..cb6b71b455c 100644 --- a/playwright/e2e/oidc/index.ts +++ b/playwright/e2e/oidc/index.ts @@ -40,12 +40,10 @@ export const test = base.extend<{ }, }); }, - config: async ({ homeserver, startHomeserverOpts, context }, use) => { + context: async ({ config, startHomeserverOpts, context }, use) => { const issuer = `http://localhost:${(startHomeserverOpts as StartHomeserverOpts).variables["MAS_PORT"]}/`; const wellKnown = { - "m.homeserver": { - base_url: homeserver.baseUrl, - }, + ...config.default_server_config, "org.matrix.msc2965.authentication": { issuer, account: `${issuer}account`, @@ -57,9 +55,7 @@ export const test = base.extend<{ await route.fulfill({ json: wellKnown }); }); - await use({ - default_server_config: wellKnown, - }); + await use(context); }, }); diff --git a/playwright/e2e/register/email.spec.ts b/playwright/e2e/register/email.spec.ts index 20fa6802298..7a779247213 100644 --- a/playwright/e2e/register/email.spec.ts +++ b/playwright/e2e/register/email.spec.ts @@ -21,12 +21,11 @@ test.describe("Email Registration", async () => { SMTP_PORT: mailhog.instance.smtpPort, }, }), - config: ({ homeserver }, use) => + config: ({ config }, use) => use({ + ...config, default_server_config: { - "m.homeserver": { - base_url: homeserver.baseUrl, - }, + ...config.default_server_config, "m.identity_server": { base_url: "https://server.invalid", }, diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index 4f85fd61ee1..39dc538861c 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -29,18 +29,8 @@ import { Webserver } from "./plugins/webserver"; // See https://playwright.dev/docs/service-workers-experimental#how-to-enable process.env["PW_EXPERIMENTAL_SERVICE_WORKER_NETWORK_EVENTS"] = "1"; +// This is deliberately quite a minimal config.json, so that we can test that the default settings actually work. const CONFIG_JSON: Partial = { - // This is deliberately quite a minimal config.json, so that we can test that the default settings - // actually work. - // - // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. - // We point that to a guaranteed-invalid domain. - default_server_config: { - "m.homeserver": { - base_url: "https://server.invalid", - }, - }, - // The default language is set here for test consistency setting_defaults: { language: "en-GB", @@ -133,10 +123,18 @@ export const test = base.extend({ ); await use(context); }, - config: CONFIG_JSON, - page: async ({ context, page, config, labsFlags }, use) => { + config: {}, // We merge this atop the default CONFIG_JSON in the page fixture to make extending it easier + page: async ({ homeserver, context, page, config, labsFlags }, use) => { await context.route(`http://localhost:8080/config.json*`, async (route) => { - const json = { ...CONFIG_JSON, ...config }; + const json = { + ...CONFIG_JSON, + default_server_config: { + "m.homeserver": { + base_url: homeserver.baseUrl, + }, + }, + ...config, + }; json["features"] = { ...json["features"], // Enable the lab features From 4cacb832b07c44d682eed8d54289a8a189031a5d Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:45:44 +0000 Subject: [PATCH 24/41] Fix mas run Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/plugins/matrix-authentication-service/index.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/playwright/plugins/matrix-authentication-service/index.ts b/playwright/plugins/matrix-authentication-service/index.ts index d752b92e524..775497ed968 100644 --- a/playwright/plugins/matrix-authentication-service/index.ts +++ b/playwright/plugins/matrix-authentication-service/index.ts @@ -20,7 +20,7 @@ import { Instance as MailhogInstance } from "../mailhog"; // Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image. const TAG = "0.12.0"; -export interface ProxyInstance { +interface Instance { containerId: string; postgresId: string; configDir: string; @@ -61,7 +61,7 @@ async function cfgDirFromTemplate(opts: { export class MatrixAuthenticationService { private readonly masDocker = new Docker(); private readonly postgresDocker = new PostgresDocker("mas"); - private instance: ProxyInstance; + private instance: Instance; public port: number; constructor(private context: BrowserContext) {} @@ -71,7 +71,7 @@ export class MatrixAuthenticationService { return { port: this.port }; } - async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise { + async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise { console.log(new Date(), "Starting mas..."); if (!this.port) await this.prepare(); @@ -89,7 +89,7 @@ export class MatrixAuthenticationService { image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG, containerName: "react-sdk-playwright-mas", params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`], - cmd: ["mas-cli", "server", "--config", "/config/config.yaml"], + cmd: ["server", "--config", "/config/config.yaml"], }); console.log(new Date(), "started!"); From 08bb07e68081261ce0a90d452db77c925a731bb2 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:47:23 +0000 Subject: [PATCH 25/41] break cycle Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/dehydration.spec.ts | 4 ++-- playwright/e2e/oidc/index.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/playwright/e2e/crypto/dehydration.spec.ts b/playwright/e2e/crypto/dehydration.spec.ts index aa4df542a56..158e85a476e 100644 --- a/playwright/e2e/crypto/dehydration.spec.ts +++ b/playwright/e2e/crypto/dehydration.spec.ts @@ -17,7 +17,7 @@ const test = base.extend({ startHomeserverOpts: async ({}, use) => { await use("dehydration"); }, - context: async ({ config, context }, use) => { + config: async ({ config, context }, use) => { const wellKnown = { ...config.default_server_config, "org.matrix.msc3814": true, @@ -27,7 +27,7 @@ const test = base.extend({ await route.fulfill({ json: wellKnown }); }); - await use(context); + await use(config); }, }); diff --git a/playwright/e2e/oidc/index.ts b/playwright/e2e/oidc/index.ts index cb6b71b455c..79e87a3741a 100644 --- a/playwright/e2e/oidc/index.ts +++ b/playwright/e2e/oidc/index.ts @@ -40,7 +40,7 @@ export const test = base.extend<{ }, }); }, - context: async ({ config, startHomeserverOpts, context }, use) => { + config: async ({ config, startHomeserverOpts, context }, use) => { const issuer = `http://localhost:${(startHomeserverOpts as StartHomeserverOpts).variables["MAS_PORT"]}/`; const wellKnown = { ...config.default_server_config, @@ -55,7 +55,7 @@ export const test = base.extend<{ await route.fulfill({ json: wellKnown }); }); - await use(context); + await use(config); }, }); From f6ea850027c316e8692dbd3414058981ce67d1a8 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 16:05:47 +0000 Subject: [PATCH 26/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/complete-security.spec.ts | 9 --------- playwright/e2e/register/email.spec.ts | 2 +- playwright/e2e/register/register.spec.ts | 9 +++++++++ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/playwright/e2e/crypto/complete-security.spec.ts b/playwright/e2e/crypto/complete-security.spec.ts index 9d85f85356e..0f60e172309 100644 --- a/playwright/e2e/crypto/complete-security.spec.ts +++ b/playwright/e2e/crypto/complete-security.spec.ts @@ -12,15 +12,6 @@ import { logIntoElement } from "./utils"; test.describe("Complete security", () => { test.use({ displayName: "Jeff", - config: { - // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. - // We point that to a guaranteed-invalid domain. - default_server_config: { - "m.homeserver": { - base_url: "https://server.invalid", - }, - }, - }, }); test("should go straight to the welcome screen if we have no signed device", async ({ diff --git a/playwright/e2e/register/email.spec.ts b/playwright/e2e/register/email.spec.ts index 7a779247213..58e68c958e2 100644 --- a/playwright/e2e/register/email.spec.ts +++ b/playwright/e2e/register/email.spec.ts @@ -33,7 +33,7 @@ test.describe("Email Registration", async () => { }), }); - test.beforeEach(async ({ page }) => { + test.beforeEach(async ({ homeserver, page }) => { await page.goto("/#/register"); }); diff --git a/playwright/e2e/register/register.spec.ts b/playwright/e2e/register/register.spec.ts index c1b70de6947..3aea1b2d5c1 100644 --- a/playwright/e2e/register/register.spec.ts +++ b/playwright/e2e/register/register.spec.ts @@ -11,6 +11,15 @@ import { test, expect } from "../../element-web-test"; test.describe("Registration", () => { test.use({ startHomeserverOpts: "consent", + config: { + // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. + // We point that to a guaranteed-invalid domain. + default_server_config: { + "m.homeserver": { + base_url: "https://server.invalid", + }, + }, + }, }); test.beforeEach(async ({ page }) => { From b2fb036f6288f2a8a39d6b6032a0f744684965ac Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 16:06:02 +0000 Subject: [PATCH 27/41] typo Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/complete-security.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playwright/e2e/crypto/complete-security.spec.ts b/playwright/e2e/crypto/complete-security.spec.ts index 0f60e172309..da6974459c9 100644 --- a/playwright/e2e/crypto/complete-security.spec.ts +++ b/playwright/e2e/crypto/complete-security.spec.ts @@ -23,5 +23,5 @@ test.describe("Complete security", () => { await expect(page.getByText("Welcome Jeff", { exact: true })).toBeVisible(); }); - // see also "Verify device during login with SAS" in `verifiction.spec.ts`. + // see also "Verify device during login with SAS" in `verification.spec.ts`. }); From 1368dc05642cd997b2a0e8c94009d8262f3c7f2b Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 16:51:26 +0000 Subject: [PATCH 28/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/element-web-test.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index 39dc538861c..e0d489f3851 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -128,12 +128,13 @@ export const test = base.extend({ await context.route(`http://localhost:8080/config.json*`, async (route) => { const json = { ...CONFIG_JSON, + ...config, default_server_config: { + ...config.default_server_config, "m.homeserver": { base_url: homeserver.baseUrl, }, }, - ...config, }; json["features"] = { ...json["features"], From 27652d0620ff4c16443aef58297354698f720577 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 17:23:35 +0000 Subject: [PATCH 29/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/element-web-test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index e0d489f3851..be84fbe1451 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -130,10 +130,10 @@ export const test = base.extend({ ...CONFIG_JSON, ...config, default_server_config: { - ...config.default_server_config, "m.homeserver": { base_url: homeserver.baseUrl, }, + ...config.default_server_config, }, }; json["features"] = { From 9ba9f1cd80ecc22e155be1330ad978c8d26eac6b Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 17:30:06 +0000 Subject: [PATCH 30/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/register/email.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playwright/e2e/register/email.spec.ts b/playwright/e2e/register/email.spec.ts index 3ed17b69d09..50cfb4297ae 100644 --- a/playwright/e2e/register/email.spec.ts +++ b/playwright/e2e/register/email.spec.ts @@ -14,7 +14,7 @@ test.describe("Email Registration", async () => { test.skip(isDendrite, "not yet wired up"); test.use(emailHomeserver); test.use({ - config: ({ homeserver }, use) => + config: ({ config }, use) => use({ ...config, default_server_config: { From ea6132084e6f295d077b789fee6e7a70cdc9cf61 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 17:32:40 +0000 Subject: [PATCH 31/41] prettier Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/backups.spec.ts | 67 +++++++++++++-------------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index 508908584e4..6e6c3e04917 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -56,54 +56,49 @@ test.describe("Key backup reset from elsewhere", () => { test.use(masHomeserver); test.skip(isDendrite, "does not yet support MAS"); - test( - "Key backup is disabled when reset from elsewhere", - async ({ page, mailhogClient, request, homeserver }) => { - const testUsername = "alice"; - const testPassword = "Pa$sW0rD!"; + test("Key backup is disabled when reset from elsewhere", async ({ page, mailhogClient, request, homeserver }) => { + const testUsername = "alice"; + const testPassword = "Pa$sW0rD!"; - // there's a delay before keys are uploaded so the error doesn't appear immediately: use a fake - // clock so we can skip the delay - await page.clock.install(); + // there's a delay before keys are uploaded so the error doesn't appear immediately: use a fake + // clock so we can skip the delay + await page.clock.install(); - await page.goto("/#/login"); - await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhogClient, testUsername, "alice@email.com", testPassword); + await page.goto("/#/login"); + await page.getByRole("button", { name: "Continue" }).click(); + await registerAccountMas(page, mailhogClient, testUsername, "alice@email.com", testPassword); - await page.getByRole("button", { name: "Add room" }).click(); - await page.getByRole("menuitem", { name: "New room" }).click(); - await page.getByRole("textbox", { name: "Name" }).fill("test room"); - await page.getByRole("button", { name: "Create room" }).click(); + await page.getByRole("button", { name: "Add room" }).click(); + await page.getByRole("menuitem", { name: "New room" }).click(); + await page.getByRole("textbox", { name: "Name" }).fill("test room"); + await page.getByRole("button", { name: "Create room" }).click(); - // @ts-ignore - this runs in the browser scope where mxMatrixClientPeg is a thing. Here, it is not. - const accessToken = await page.evaluate(() => mxMatrixClientPeg.get().getAccessToken()); + // @ts-ignore - this runs in the browser scope where mxMatrixClientPeg is a thing. Here, it is not. + const accessToken = await page.evaluate(() => mxMatrixClientPeg.get().getAccessToken()); - const csAPI = new TestClientServerAPI(request, homeserver, accessToken); + const csAPI = new TestClientServerAPI(request, homeserver, accessToken); - const backupInfo = await csAPI.getCurrentBackupInfo(); + const backupInfo = await csAPI.getCurrentBackupInfo(); - await csAPI.deleteBackupVersion(backupInfo.version); + await csAPI.deleteBackupVersion(backupInfo.version); - await page.getByRole("textbox", { name: "Send an encrypted message…" }).fill("/discardsession"); - await page.getByRole("button", { name: "Send message" }).click(); + await page.getByRole("textbox", { name: "Send an encrypted message…" }).fill("/discardsession"); + await page.getByRole("button", { name: "Send message" }).click(); - await page - .getByRole("textbox", { name: "Send an encrypted message…" }) - .fill("Message with broken key backup"); - await page.getByRole("button", { name: "Send message" }).click(); + await page.getByRole("textbox", { name: "Send an encrypted message…" }).fill("Message with broken key backup"); + await page.getByRole("button", { name: "Send message" }).click(); - // Should be the message we sent plus the room creation event - await expect(page.locator(".mx_EventTile")).toHaveCount(2); - await expect( - page.locator(".mx_RoomView_MessageList > .mx_EventTile_last .mx_EventTile_receiptSent"), - ).toBeVisible(); + // Should be the message we sent plus the room creation event + await expect(page.locator(".mx_EventTile")).toHaveCount(2); + await expect( + page.locator(".mx_RoomView_MessageList > .mx_EventTile_last .mx_EventTile_receiptSent"), + ).toBeVisible(); - // Wait for it to try uploading the key - await page.clock.fastForward(20000); + // Wait for it to try uploading the key + await page.clock.fastForward(20000); - await expect(page.getByRole("heading", { level: 1, name: "New Recovery Method" })).toBeVisible(); - }, - ); + await expect(page.getByRole("heading", { level: 1, name: "New Recovery Method" })).toBeVisible(); + }); }); test.describe("Backups", () => { From 0410574b206bf9aacc851af7375ac78cd9500342 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 18:18:13 +0000 Subject: [PATCH 32/41] Wire up basics of dendriteHomeserver Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../plugins/homeserver/dendrite/index.ts | 59 ++++++++----------- playwright/services.ts | 7 ++- .../testcontainers/HomeserverContainer.ts | 19 ++++++ playwright/testcontainers/dendrite.ts | 3 +- playwright/testcontainers/synapse.ts | 7 ++- 5 files changed, 55 insertions(+), 40 deletions(-) create mode 100644 playwright/testcontainers/HomeserverContainer.ts diff --git a/playwright/plugins/homeserver/dendrite/index.ts b/playwright/plugins/homeserver/dendrite/index.ts index acdb45cffff..c9cb3332eb2 100644 --- a/playwright/plugins/homeserver/dendrite/index.ts +++ b/playwright/plugins/homeserver/dendrite/index.ts @@ -6,39 +6,32 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com Please see LICENSE files in the repository root for full details. */ -// export const dendriteHomeserver: Fixtures & Fixtures = { -// _homeserver: async ({ request }, use) => { -// const container = new SynapseContainer(request); -// await use(container); -// -// container.withConfig({ -// oidc_providers: [ -// { -// idp_id: "test", -// idp_name: "OAuth test", -// issuer: `http://localhost:${port}/oauth`, -// authorization_endpoint: `http://localhost:${port}/oauth/auth.html`, -// // the token endpoint receives requests from synapse, -// // rather than the webapp, so needs to escape the docker container. -// token_endpoint: `http://host.testcontainers.internal:${port}/oauth/token`, -// userinfo_endpoint: `http://host.testcontainers.internal:${port}/oauth/userinfo`, -// client_id: "synapse", -// discover: false, -// scopes: ["profile"], -// skip_verification: true, -// client_auth_method: "none", -// user_mapping_provider: { -// config: { -// display_name_template: "{{ user.name }}", -// }, -// }, -// }, -// ], -// }); -// await use(container); -// server.stop(); -// }, -// }; +import { Fixtures, PlaywrightTestArgs } from "@playwright/test"; + +import { Fixtures as BaseFixtures } from "../../../element-web-test.ts"; +import { DendriteContainer, PineconeContainer } from "../../../testcontainers/dendrite.ts"; +import { Services } from "../../../services.ts"; + +type Fixture = PlaywrightTestArgs & Services & BaseFixtures; +export const dendriteHomeserver: Fixtures = { + _homeserver: async ({ request }, use) => { + const container = + process.env["PLAYWRIGHT_HOMESERVER"] === "dendrite" + ? new DendriteContainer(request) + : new PineconeContainer(request); + await use(container); + }, + homeserver: async ({ logger, network, _homeserver: homeserver }, use) => { + const container = await homeserver + .withNetwork(network) + .withNetworkAliases("homeserver") + .withLogConsumer(logger.getConsumer("dendrite")) + .start(); + + await use(container); + await container.stop(); + }, +}; export function isDendrite(): boolean { return process.env["PLAYWRIGHT_HOMESERVER"] === "dendrite" || process.env["PLAYWRIGHT_HOMESERVER"] === "pinecone"; diff --git a/playwright/services.ts b/playwright/services.ts index c05cb2d29dc..58fc21775ea 100644 --- a/playwright/services.ts +++ b/playwright/services.ts @@ -10,9 +10,10 @@ import mailhog from "mailhog"; import { GenericContainer, Network, StartedNetwork, StartedTestContainer, Wait } from "testcontainers"; import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers/postgresql"; -import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; +import { SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; import { ContainerLogger } from "./testcontainers/utils.ts"; import { StartedMatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts"; +import { HomeserverContainer, StartedHomeserverContainer } from "./testcontainers/HomeserverContainer.ts"; export interface Services { logger: ContainerLogger; @@ -24,8 +25,8 @@ export interface Services { mailhogClient: mailhog.API; synapseConfigOptions: SynapseConfigOptions; - _homeserver: SynapseContainer; - homeserver: StartedSynapseContainer; + _homeserver: HomeserverContainer; + homeserver: StartedHomeserverContainer; mas?: StartedMatrixAuthenticationServiceContainer; } diff --git a/playwright/testcontainers/HomeserverContainer.ts b/playwright/testcontainers/HomeserverContainer.ts new file mode 100644 index 00000000000..bbe075f2c95 --- /dev/null +++ b/playwright/testcontainers/HomeserverContainer.ts @@ -0,0 +1,19 @@ +/* +Copyright 2024 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE files in the repository root for full details. +*/ + +import { AbstractStartedContainer, GenericContainer } from "testcontainers"; + +import { StartedSynapseContainer } from "./synapse.ts"; +import { HomeserverInstance } from "../plugins/homeserver"; + +export interface HomeserverContainer extends GenericContainer { + withConfigField(key: string, value: any): this; + withConfig(config: Partial): this; + start(): Promise; +} + +export interface StartedHomeserverContainer extends AbstractStartedContainer, HomeserverInstance {} diff --git a/playwright/testcontainers/dendrite.ts b/playwright/testcontainers/dendrite.ts index 141d96156b6..484b828b524 100644 --- a/playwright/testcontainers/dendrite.ts +++ b/playwright/testcontainers/dendrite.ts @@ -13,6 +13,7 @@ import { set } from "lodash"; import { randB64Bytes } from "../plugins/utils/rand.ts"; import { StartedSynapseContainer } from "./synapse.ts"; import { deepCopy } from "../plugins/utils/object.ts"; +import { HomeserverContainer } from "./HomeserverContainer.ts"; const DEFAULT_CONFIG = { version: 2, @@ -204,7 +205,7 @@ const DEFAULT_CONFIG = { ], }; -export class DendriteContainer extends GenericContainer { +export class DendriteContainer extends GenericContainer implements HomeserverContainer { private config: typeof DEFAULT_CONFIG; constructor( diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index a04041437f3..46a4bcb415c 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -13,8 +13,9 @@ import { set } from "lodash"; import { getFreePort } from "../plugins/utils/port.ts"; import { randB64Bytes } from "../plugins/utils/rand.ts"; -import { Credentials, HomeserverInstance } from "../plugins/homeserver"; +import { Credentials } from "../plugins/homeserver"; import { deepCopy } from "../plugins/utils/object.ts"; +import { HomeserverContainer, StartedHomeserverContainer } from "./HomeserverContainer.ts"; const TAG = "develop@sha256:17cc0a301447430624afb860276e5c13270ddeb99a3f6d1c6d519a20b1a8f650"; @@ -137,7 +138,7 @@ const DEFAULT_CONFIG = { export type SynapseConfigOptions = Partial; -export class SynapseContainer extends GenericContainer { +export class SynapseContainer extends GenericContainer implements HomeserverContainer { private config: typeof DEFAULT_CONFIG; constructor(private readonly request: APIRequestContext) { @@ -225,7 +226,7 @@ export class SynapseContainer extends GenericContainer { } } -export class StartedSynapseContainer extends AbstractStartedContainer implements HomeserverInstance { +export class StartedSynapseContainer extends AbstractStartedContainer implements StartedHomeserverContainer { private adminToken?: string; constructor( From 90a05cdae7627d739bf09fe39106d94848759488 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Jan 2025 10:30:04 +0000 Subject: [PATCH 33/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/backups.spec.ts | 3 +- playwright/e2e/crypto/dehydration.spec.ts | 44 +++---- playwright/e2e/login/soft_logout.spec.ts | 114 +++--------------- .../e2e/login/soft_logout_oauth.spec.ts | 59 +++++++++ playwright/e2e/login/utils.ts | 38 ++++++ playwright/e2e/oidc/oidc-native.spec.ts | 2 +- 6 files changed, 136 insertions(+), 124 deletions(-) create mode 100644 playwright/e2e/login/soft_logout_oauth.spec.ts diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index 6e6c3e04917..a3859d42744 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -25,8 +25,8 @@ async function expectBackupVersionToBe(page: Page, version: string) { // These tests register an account with MAS because then we go through the "normal" registration flow // and crypto gets set up. Using the 'user' fixture create a a user an synthesizes an existing login, // which is faster but leaves us without crypto set up. +test.use(masHomeserver); test.describe("Encryption state after registration", () => { - test.use(masHomeserver); test.skip(isDendrite, "does not yet support MAS"); test("Key backup is enabled by default", async ({ page, mailhogClient, app }) => { @@ -53,7 +53,6 @@ test.describe("Encryption state after registration", () => { }); test.describe("Key backup reset from elsewhere", () => { - test.use(masHomeserver); test.skip(isDendrite, "does not yet support MAS"); test("Key backup is disabled when reset from elsewhere", async ({ page, mailhogClient, request, homeserver }) => { diff --git a/playwright/e2e/crypto/dehydration.spec.ts b/playwright/e2e/crypto/dehydration.spec.ts index 7d05d71ae15..7c1bbd7ac48 100644 --- a/playwright/e2e/crypto/dehydration.spec.ts +++ b/playwright/e2e/crypto/dehydration.spec.ts @@ -19,30 +19,30 @@ function getMemberTileByName(page: Page, name: string): Locator { return page.locator(`.mx_EntityTile, [title="${name}"]`); } -test.describe("Dehydration", () => { - test.skip(isDendrite, "does not yet support dehydration v2"); - - test.use({ - displayName: NAME, - synapseConfigOptions: { - experimental_features: { - msc2697_enabled: false, - msc3814_enabled: true, - }, +test.use({ + displayName: NAME, + synapseConfigOptions: { + experimental_features: { + msc2697_enabled: false, + msc3814_enabled: true, }, - config: async ({ config, context }, use) => { - const wellKnown = { - ...config.default_server_config, - "org.matrix.msc3814": true, - }; - - await context.route("https://localhost/.well-known/matrix/client", async (route) => { - await route.fulfill({ json: wellKnown }); - }); + }, + config: async ({ config, context }, use) => { + const wellKnown = { + ...config.default_server_config, + "org.matrix.msc3814": true, + }; + + await context.route("https://localhost/.well-known/matrix/client", async (route) => { + await route.fulfill({ json: wellKnown }); + }); + + await use(config); + }, +}); - await use(config); - }, - }); +test.describe("Dehydration", () => { + test.skip(isDendrite, "does not yet support dehydration v2"); test("Create dehydrated device", async ({ page, user, app }, workerInfo) => { // Create a backup (which will create SSSS, and dehydrated device) diff --git a/playwright/e2e/login/soft_logout.spec.ts b/playwright/e2e/login/soft_logout.spec.ts index c52057d4ba7..2c9325e7571 100644 --- a/playwright/e2e/login/soft_logout.spec.ts +++ b/playwright/e2e/login/soft_logout.spec.ts @@ -6,12 +6,8 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com Please see LICENSE files in the repository root for full details. */ -import { Page } from "@playwright/test"; - import { test, expect } from "../../element-web-test"; -import { doTokenRegistration } from "./utils"; -import { Credentials } from "../../plugins/homeserver"; -import { legacyOAuthHomeserver } from "../../plugins/homeserver/synapse/legacyOAuthHomeserver.ts"; +import { interceptRequestsWithSoftLogout } from "./utils"; test.use({ displayName: "Alice", @@ -26,102 +22,22 @@ test.use({ }, }); -test.describe("Soft logout", () => { - test.describe("with password user", () => { - test("shows the soft-logout page when a request fails, and allows a re-login", async ({ page, user }) => { - await interceptRequestsWithSoftLogout(page, user); - await expect(page.getByText("You're signed out")).toBeVisible(); - await page.getByPlaceholder("Password").fill(user.password); - await page.getByPlaceholder("Password").press("Enter"); - - // back to the welcome page - await expect(page).toHaveURL(/\/#\/home/); - await expect( - page.getByRole("heading", { name: "Now, let's help you get started", exact: true }), - ).toBeVisible(); - }); +test.describe("Soft logout with password user", () => { + test("shows the soft-logout page when a request fails, and allows a re-login", async ({ page, user }) => { + await interceptRequestsWithSoftLogout(page, user); + await expect(page.getByText("You're signed out")).toBeVisible(); + await page.getByPlaceholder("Password").fill(user.password); + await page.getByPlaceholder("Password").press("Enter"); - test("still shows the soft-logout page when the page is reloaded after a soft-logout", async ({ - page, - user, - }) => { - await interceptRequestsWithSoftLogout(page, user); - await expect(page.getByText("You're signed out")).toBeVisible(); - await page.reload(); - await expect(page.getByText("You're signed out")).toBeVisible(); - }); + // back to the welcome page + await expect(page).toHaveURL(/\/#\/home/); + await expect(page.getByRole("heading", { name: "Now, let's help you get started", exact: true })).toBeVisible(); }); - test.describe("with SSO user", () => { - test.use(legacyOAuthHomeserver); - test.use({ - user: async ({ page, homeserver }, use) => { - const user = await doTokenRegistration(page, homeserver); - - // Eventually, we should end up at the home screen. - await expect(page).toHaveURL(/\/#\/home$/); - await expect(page.getByRole("heading", { name: "Welcome Alice", exact: true })).toBeVisible(); - - await use(user); - }, - }); - - test("shows the soft-logout page when a request fails, and allows a re-login", async ({ page, user }) => { - await expect(page.getByRole("heading", { name: "Welcome Alice", exact: true })).toBeVisible(); - - await interceptRequestsWithSoftLogout(page, user); - - await expect(page.getByText("You're signed out")).toBeVisible(); - await page.getByRole("button", { name: "Continue with OAuth test" }).click(); - - // click the submit button - await page.getByRole("button", { name: "Submit" }).click(); - - // Synapse prompts us to grant permission to Element - await expect(page.getByRole("heading", { name: "Continue to your account" })).toBeVisible(); - await page.getByRole("link", { name: "Continue" }).click(); - - // back to the welcome page - await expect(page).toHaveURL(/\/#\/home$/); - await expect(page.getByRole("heading", { name: "Welcome Alice", exact: true })).toBeVisible(); - }); + test("still shows the soft-logout page when the page is reloaded after a soft-logout", async ({ page, user }) => { + await interceptRequestsWithSoftLogout(page, user); + await expect(page.getByText("You're signed out")).toBeVisible(); + await page.reload(); + await expect(page.getByText("You're signed out")).toBeVisible(); }); }); - -/** - * Intercept calls to /sync and have them fail with a soft-logout - * - * Any further requests to /sync with the same access token are blocked. - */ -async function interceptRequestsWithSoftLogout(page: Page, user: Credentials): Promise { - await page.route("**/_matrix/client/*/sync*", async (route, req) => { - const accessToken = await req.headerValue("Authorization"); - - // now, if the access token on this request matches the expired one, block it - if (accessToken === `Bearer ${user.accessToken}`) { - console.log("Intercepting request with soft-logged-out access token"); - await route.fulfill({ - status: 401, - json: { - errcode: "M_UNKNOWN_TOKEN", - error: "Soft logout", - soft_logout: true, - }, - }); - return; - } - - // otherwise, pass through as normal - await route.continue(); - }); - - const promise = page.waitForResponse((resp) => resp.url().includes("/sync") && resp.status() === 401); - - // do something to make the active /sync return: create a new room - await page.evaluate(() => { - // don't wait for this to complete: it probably won't, because of the broken sync - window.mxMatrixClientPeg.get().createRoom({}); - }); - - await promise; -} diff --git a/playwright/e2e/login/soft_logout_oauth.spec.ts b/playwright/e2e/login/soft_logout_oauth.spec.ts new file mode 100644 index 00000000000..19b1fc0124c --- /dev/null +++ b/playwright/e2e/login/soft_logout_oauth.spec.ts @@ -0,0 +1,59 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE files in the repository root for full details. +*/ + +import { test, expect } from "../../element-web-test"; +import { doTokenRegistration, interceptRequestsWithSoftLogout } from "./utils"; +import { legacyOAuthHomeserver } from "../../plugins/homeserver/synapse/legacyOAuthHomeserver.ts"; + +test.use({ + displayName: "Alice", + config: { + // The only thing that we really *need* (otherwise Element refuses to load) is a default homeserver. + // We point that to a guaranteed-invalid domain. + default_server_config: { + "m.homeserver": { + base_url: "https://server.invalid", + }, + }, + }, +}); + +test.use(legacyOAuthHomeserver); +test.describe("Soft logout with SSO user", () => { + test.use({ + user: async ({ page, homeserver }, use) => { + const user = await doTokenRegistration(page, homeserver); + + // Eventually, we should end up at the home screen. + await expect(page).toHaveURL(/\/#\/home$/); + await expect(page.getByRole("heading", { name: "Welcome Alice", exact: true })).toBeVisible(); + + await use(user); + }, + }); + + test("shows the soft-logout page when a request fails, and allows a re-login", async ({ page, user }) => { + await expect(page.getByRole("heading", { name: "Welcome Alice", exact: true })).toBeVisible(); + + await interceptRequestsWithSoftLogout(page, user); + + await expect(page.getByText("You're signed out")).toBeVisible(); + await page.getByRole("button", { name: "Continue with OAuth test" }).click(); + + // click the submit button + await page.getByRole("button", { name: "Submit" }).click(); + + // Synapse prompts us to grant permission to Element + await expect(page.getByRole("heading", { name: "Continue to your account" })).toBeVisible(); + await page.getByRole("link", { name: "Continue" }).click(); + + // back to the welcome page + await expect(page).toHaveURL(/\/#\/home$/); + await expect(page.getByRole("heading", { name: "Welcome Alice", exact: true })).toBeVisible(); + }); +}); diff --git a/playwright/e2e/login/utils.ts b/playwright/e2e/login/utils.ts index 0a728faecc1..66999fad94c 100644 --- a/playwright/e2e/login/utils.ts +++ b/playwright/e2e/login/utils.ts @@ -58,3 +58,41 @@ export async function doTokenRegistration( displayName: "Alice", })); } + +/** + * Intercept calls to /sync and have them fail with a soft-logout + * + * Any further requests to /sync with the same access token are blocked. + */ +export async function interceptRequestsWithSoftLogout(page: Page, user: Credentials): Promise { + await page.route("**/_matrix/client/*/sync*", async (route, req) => { + const accessToken = await req.headerValue("Authorization"); + + // now, if the access token on this request matches the expired one, block it + if (accessToken === `Bearer ${user.accessToken}`) { + console.log("Intercepting request with soft-logged-out access token"); + await route.fulfill({ + status: 401, + json: { + errcode: "M_UNKNOWN_TOKEN", + error: "Soft logout", + soft_logout: true, + }, + }); + return; + } + + // otherwise, pass through as normal + await route.continue(); + }); + + const promise = page.waitForResponse((resp) => resp.url().includes("/sync") && resp.status() === 401); + + // do something to make the active /sync return: create a new room + await page.evaluate(() => { + // don't wait for this to complete: it probably won't, because of the broken sync + window.mxMatrixClientPeg.get().createRoom({}); + }); + + await promise; +} diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index 60c5bbf025a..63cf0a5b59f 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -12,8 +12,8 @@ import { ElementAppPage } from "../../pages/ElementAppPage.ts"; import { isDendrite } from "../../plugins/homeserver/dendrite"; import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts"; +test.use(masHomeserver); test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { - test.use(masHomeserver); test.skip(isDendrite, "does not yet support MAS"); test.slow(); // trace recording takes a while here From 0785dec30235994744193cfb2902e61ca983fd4c Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Jan 2025 10:54:08 +0000 Subject: [PATCH 34/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/login/utils.ts | 2 +- playwright/element-web-test.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/playwright/e2e/login/utils.ts b/playwright/e2e/login/utils.ts index 66999fad94c..baec59d7aad 100644 --- a/playwright/e2e/login/utils.ts +++ b/playwright/e2e/login/utils.ts @@ -20,7 +20,7 @@ export async function doTokenRegistration( await page.getByRole("button", { name: "Edit" }).click(); await page.getByRole("textbox", { name: "Other homeserver" }).fill(homeserver.baseUrl); - await page.getByRole("button", { name: "Continue" }).click(); + await page.getByRole("button", { name: "Continue", exact: true }).click(); // wait for the dialog to go away await expect(page.locator(".mx_ServerPickerDialog")).toHaveCount(0); diff --git a/playwright/element-web-test.ts b/playwright/element-web-test.ts index fe92aaacab5..952ec0c0264 100644 --- a/playwright/element-web-test.ts +++ b/playwright/element-web-test.ts @@ -137,7 +137,7 @@ export const test = base.extend({ }, displayName: undefined, - credentials: async ({ homeserver, displayName: testDisplayName }, use, testInfo) => { + credentials: async ({ context, homeserver, displayName: testDisplayName }, use, testInfo) => { const names = ["Alice", "Bob", "Charlie", "Daniel", "Eve", "Frank", "Grace", "Hannah", "Isaac", "Judy"]; const password = _.uniqueId("password_"); const displayName = testDisplayName ?? _.sample(names)!; From 36b8d3c983ae3f65929eecb25859a0632fe0f0cb Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Jan 2025 11:15:33 +0000 Subject: [PATCH 35/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/backups-mas.spec.ts | 91 ++++++++++++++ playwright/e2e/crypto/backups.spec.ts | 82 ------------- playwright/e2e/login/login-consent.spec.ts | 135 +++++++++++---------- playwright/plugins/homeserver/index.ts | 1 + playwright/testcontainers/synapse.ts | 2 + 5 files changed, 163 insertions(+), 148 deletions(-) create mode 100644 playwright/e2e/crypto/backups-mas.spec.ts diff --git a/playwright/e2e/crypto/backups-mas.spec.ts b/playwright/e2e/crypto/backups-mas.spec.ts new file mode 100644 index 00000000000..614bde50646 --- /dev/null +++ b/playwright/e2e/crypto/backups-mas.spec.ts @@ -0,0 +1,91 @@ +/* +Copyright 2024 New Vector Ltd. +Copyright 2023 The Matrix.org Foundation C.I.C. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE files in the repository root for full details. +*/ + +import { test, expect } from "../../element-web-test"; +import { registerAccountMas } from "../oidc"; +import { isDendrite } from "../../plugins/homeserver/dendrite"; +import { TestClientServerAPI } from "../csAPI"; +import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts"; + +// These tests register an account with MAS because then we go through the "normal" registration flow +// and crypto gets set up. Using the 'user' fixture create a a user an synthesizes an existing login, +// which is faster but leaves us without crypto set up. +test.use(masHomeserver); +test.describe("Encryption state after registration", () => { + test.skip(isDendrite, "does not yet support MAS"); + + test("Key backup is enabled by default", async ({ page, mailhogClient, app }) => { + await page.goto("/#/login"); + await page.getByRole("button", { name: "Continue" }).click(); + await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); + + await app.settings.openUserSettings("Security & Privacy"); + await expect(page.getByText("This session is backing up your keys.")).toBeVisible(); + }); + + test("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { + await page.goto("/#/login"); + await page.getByRole("button", { name: "Continue" }).click(); + await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); + + await page.getByRole("button", { name: "Add room" }).click(); + await page.getByRole("menuitem", { name: "New room" }).click(); + await page.getByRole("textbox", { name: "Name" }).fill("test room"); + await page.getByRole("button", { name: "Create room" }).click(); + + await expect(page.getByRole("heading", { name: "Set up recovery" })).toBeVisible(); + }); +}); + +test.describe("Key backup reset from elsewhere", () => { + test.skip(isDendrite, "does not yet support MAS"); + + test("Key backup is disabled when reset from elsewhere", async ({ page, mailhogClient, request, homeserver }) => { + const testUsername = "alice"; + const testPassword = "Pa$sW0rD!"; + + // there's a delay before keys are uploaded so the error doesn't appear immediately: use a fake + // clock so we can skip the delay + await page.clock.install(); + + await page.goto("/#/login"); + await page.getByRole("button", { name: "Continue" }).click(); + await registerAccountMas(page, mailhogClient, testUsername, "alice@email.com", testPassword); + + await page.getByRole("button", { name: "Add room" }).click(); + await page.getByRole("menuitem", { name: "New room" }).click(); + await page.getByRole("textbox", { name: "Name" }).fill("test room"); + await page.getByRole("button", { name: "Create room" }).click(); + + // @ts-ignore - this runs in the browser scope where mxMatrixClientPeg is a thing. Here, it is not. + const accessToken = await page.evaluate(() => mxMatrixClientPeg.get().getAccessToken()); + + const csAPI = new TestClientServerAPI(request, homeserver, accessToken); + + const backupInfo = await csAPI.getCurrentBackupInfo(); + + await csAPI.deleteBackupVersion(backupInfo.version); + + await page.getByRole("textbox", { name: "Send an encrypted message…" }).fill("/discardsession"); + await page.getByRole("button", { name: "Send message" }).click(); + + await page.getByRole("textbox", { name: "Send an encrypted message…" }).fill("Message with broken key backup"); + await page.getByRole("button", { name: "Send message" }).click(); + + // Should be the message we sent plus the room creation event + await expect(page.locator(".mx_EventTile")).toHaveCount(2); + await expect( + page.locator(".mx_RoomView_MessageList > .mx_EventTile_last .mx_EventTile_receiptSent"), + ).toBeVisible(); + + // Wait for it to try uploading the key + await page.clock.fastForward(20000); + + await expect(page.getByRole("heading", { level: 1, name: "New Recovery Method" })).toBeVisible(); + }); +}); diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index a3859d42744..a49495edfab 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -9,10 +9,6 @@ Please see LICENSE files in the repository root for full details. import { type Page } from "@playwright/test"; import { test, expect } from "../../element-web-test"; -import { registerAccountMas } from "../oidc"; -import { isDendrite } from "../../plugins/homeserver/dendrite"; -import { TestClientServerAPI } from "../csAPI"; -import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts"; async function expectBackupVersionToBe(page: Page, version: string) { await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(5) td")).toHaveText( @@ -22,84 +18,6 @@ async function expectBackupVersionToBe(page: Page, version: string) { await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(6) td")).toHaveText(version); } -// These tests register an account with MAS because then we go through the "normal" registration flow -// and crypto gets set up. Using the 'user' fixture create a a user an synthesizes an existing login, -// which is faster but leaves us without crypto set up. -test.use(masHomeserver); -test.describe("Encryption state after registration", () => { - test.skip(isDendrite, "does not yet support MAS"); - - test("Key backup is enabled by default", async ({ page, mailhogClient, app }) => { - await page.goto("/#/login"); - await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); - - await app.settings.openUserSettings("Security & Privacy"); - await expect(page.getByText("This session is backing up your keys.")).toBeVisible(); - }); - - test("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { - await page.goto("/#/login"); - await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); - - await page.getByRole("button", { name: "Add room" }).click(); - await page.getByRole("menuitem", { name: "New room" }).click(); - await page.getByRole("textbox", { name: "Name" }).fill("test room"); - await page.getByRole("button", { name: "Create room" }).click(); - - await expect(page.getByRole("heading", { name: "Set up recovery" })).toBeVisible(); - }); -}); - -test.describe("Key backup reset from elsewhere", () => { - test.skip(isDendrite, "does not yet support MAS"); - - test("Key backup is disabled when reset from elsewhere", async ({ page, mailhogClient, request, homeserver }) => { - const testUsername = "alice"; - const testPassword = "Pa$sW0rD!"; - - // there's a delay before keys are uploaded so the error doesn't appear immediately: use a fake - // clock so we can skip the delay - await page.clock.install(); - - await page.goto("/#/login"); - await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhogClient, testUsername, "alice@email.com", testPassword); - - await page.getByRole("button", { name: "Add room" }).click(); - await page.getByRole("menuitem", { name: "New room" }).click(); - await page.getByRole("textbox", { name: "Name" }).fill("test room"); - await page.getByRole("button", { name: "Create room" }).click(); - - // @ts-ignore - this runs in the browser scope where mxMatrixClientPeg is a thing. Here, it is not. - const accessToken = await page.evaluate(() => mxMatrixClientPeg.get().getAccessToken()); - - const csAPI = new TestClientServerAPI(request, homeserver, accessToken); - - const backupInfo = await csAPI.getCurrentBackupInfo(); - - await csAPI.deleteBackupVersion(backupInfo.version); - - await page.getByRole("textbox", { name: "Send an encrypted message…" }).fill("/discardsession"); - await page.getByRole("button", { name: "Send message" }).click(); - - await page.getByRole("textbox", { name: "Send an encrypted message…" }).fill("Message with broken key backup"); - await page.getByRole("button", { name: "Send message" }).click(); - - // Should be the message we sent plus the room creation event - await expect(page.locator(".mx_EventTile")).toHaveCount(2); - await expect( - page.locator(".mx_RoomView_MessageList > .mx_EventTile_last .mx_EventTile_receiptSent"), - ).toBeVisible(); - - // Wait for it to try uploading the key - await page.clock.fastForward(20000); - - await expect(page.getByRole("heading", { level: 1, name: "New Recovery Method" })).toBeVisible(); - }); -}); - test.describe("Backups", () => { test.use({ displayName: "Hanako", diff --git a/playwright/e2e/login/login-consent.spec.ts b/playwright/e2e/login/login-consent.spec.ts index 6c2c123c77b..4bbb887d4c5 100644 --- a/playwright/e2e/login/login-consent.spec.ts +++ b/playwright/e2e/login/login-consent.spec.ts @@ -13,66 +13,65 @@ import { selectHomeserver } from "../utils"; import { Credentials, HomeserverInstance } from "../../plugins/homeserver"; import { consentHomeserver } from "../../plugins/homeserver/synapse/consentHomeserver.ts"; -const username = "user1234"; -const password = "p4s5W0rD"; - // Pre-generated dummy signing keys to create an account that has signing keys set. // Note the signatures are specific to the username and must be valid or the HS will reject the keys. -const DEVICE_SIGNING_KEYS_BODY = { - master_key: { - keys: { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg", - }, - signatures: { - "@user1234:localhost": { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": - "mvwqsYiGa2gPH6ueJsiJnceHMrZhf1pqIMGxkvKisN3ucz8sU7LwyzndbYaLkUKEDx1JuOKFfZ9Mb3mqc7PMBQ", - "ed25519:SRHVWTNVBH": - "HVGmVIzsJe3d+Un/6S9tXPsU7YA8HjZPdxogVzdjEFIU8OjLyElccvjupow0rVWgkEqU8sO21LIHw9cWRZEmDw", +function getDeviceSigningKeysBody(credentials: Credentials) { + return { + master_key: { + keys: { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg", }, - }, - usage: ["master"], - user_id: "@user1234:localhost", - }, - self_signing_key: { - keys: { - "ed25519:eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8": "eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8", - }, - signatures: { - "@user1234:localhost": { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": - "M2rt5xs+23egbVUwUcZuU7pMpn0chBNC5rpdyZGayfU3FDlx1DbopbakIcl5v4uOSGMbqUotyzkE6CchB+dgDw", + signatures: { + "@user1234:localhost": { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": + "mvwqsYiGa2gPH6ueJsiJnceHMrZhf1pqIMGxkvKisN3ucz8sU7LwyzndbYaLkUKEDx1JuOKFfZ9Mb3mqc7PMBQ", + "ed25519:SRHVWTNVBH": + "HVGmVIzsJe3d+Un/6S9tXPsU7YA8HjZPdxogVzdjEFIU8OjLyElccvjupow0rVWgkEqU8sO21LIHw9cWRZEmDw", + }, }, + usage: ["master"], + user_id: "@user1234:localhost", }, - usage: ["self_signing"], - user_id: "@user1234:localhost", - }, - user_signing_key: { - keys: { - "ed25519:h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4": "h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4", + self_signing_key: { + keys: { + "ed25519:eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8": "eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8", + }, + signatures: { + "@user1234:localhost": { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": + "M2rt5xs+23egbVUwUcZuU7pMpn0chBNC5rpdyZGayfU3FDlx1DbopbakIcl5v4uOSGMbqUotyzkE6CchB+dgDw", + }, + }, + usage: ["self_signing"], + user_id: "@user1234:localhost", }, - signatures: { - "@user1234:localhost": { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": - "5ZMJ7SG2qr76vU2nITKap88AxLZ/RZQmF/mBcAcVZ9Bknvos3WQp8qN9jKuiqOHCq/XpPORA6XBmiDIyPqTFAA", + user_signing_key: { + keys: { + "ed25519:h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4": "h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4", }, + signatures: { + "@user1234:localhost": { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": + "5ZMJ7SG2qr76vU2nITKap88AxLZ/RZQmF/mBcAcVZ9Bknvos3WQp8qN9jKuiqOHCq/XpPORA6XBmiDIyPqTFAA", + }, + }, + usage: ["user_signing"], + user_id: "@user1234:localhost", }, - usage: ["user_signing"], - user_id: "@user1234:localhost", - }, - auth: { - type: "m.login.password", - identifier: { type: "m.id.user", user: "@user1234:localhost" }, - password: password, - }, -}; + auth: { + type: "m.login.password", + identifier: { type: "m.id.user", user: credentials.userId }, + password: credentials.password, + }, + }; +} -async function login(page: Page, homeserver: HomeserverInstance) { +async function login(page: Page, homeserver: HomeserverInstance, credentials: Credentials) { await page.getByRole("link", { name: "Sign in" }).click(); await selectHomeserver(page, homeserver.baseUrl); - await page.getByRole("textbox", { name: "Username" }).fill(username); - await page.getByPlaceholder("Password").fill(password); + await page.getByRole("textbox", { name: "Username" }).fill(credentials.username); + await page.getByPlaceholder("Password").fill(credentials.password); await page.getByRole("button", { name: "Sign in" }).click(); } @@ -91,13 +90,8 @@ test.use({ test.describe("Login", () => { test.describe("Password login", () => { - let creds: Credentials; - - test.beforeEach(async ({ homeserver }) => { - creds = await homeserver.registerUser(username, password); - }); - test("Loads the welcome page by default; then logs in with an existing account and lands on the home screen", async ({ + credentials, page, homeserver, checkA11y, @@ -131,16 +125,16 @@ test.describe("Login", () => { // cy.percySnapshot("Login"); await checkA11y(); - await page.getByRole("textbox", { name: "Username" }).fill(username); - await page.getByPlaceholder("Password").fill(password); + await page.getByRole("textbox", { name: "Username" }).fill(credentials.username); + await page.getByPlaceholder("Password").fill(credentials.password); await page.getByRole("button", { name: "Sign in" }).click(); await expect(page).toHaveURL(/\/#\/home$/); }); - test("Follows the original link after login", async ({ page, homeserver }) => { + test("Follows the original link after login", async ({ page, homeserver, credentials }) => { await page.goto("/#/room/!room:id"); // should redirect to the welcome page - await login(page, homeserver); + await login(page, homeserver, credentials); await expect(page).toHaveURL(/\/#\/room\/!room:id$/); await expect(page.getByRole("button", { name: "Join the discussion" })).toBeVisible(); @@ -151,10 +145,11 @@ test.describe("Login", () => { page, homeserver, request, + credentials, }) => { const res = await request.post(`${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { - headers: { Authorization: `Bearer ${creds.accessToken}` }, - data: DEVICE_SIGNING_KEYS_BODY, + headers: { Authorization: `Bearer ${credentials.accessToken}` }, + data: getDeviceSigningKeysBody(credentials), }); if (res.status() / 100 !== 2) { console.log("Uploading dummy keys failed", await res.json()); @@ -162,7 +157,7 @@ test.describe("Login", () => { expect(res.status() / 100).toEqual(2); await page.goto("/"); - await login(page, homeserver); + await login(page, homeserver, credentials); await expect(page.getByRole("heading", { name: "Verify this device", level: 1 })).toBeVisible(); @@ -180,10 +175,14 @@ test.describe("Login", () => { page, homeserver, request, + credentials, }) => { const res = await request.post( `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, - { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, + { + headers: { Authorization: `Bearer ${credentials.accessToken}` }, + data: getDeviceSigningKeysBody(credentials), + }, ); if (res.status() / 100 !== 2) { console.log("Uploading dummy keys failed", await res.json()); @@ -191,7 +190,7 @@ test.describe("Login", () => { expect(res.status() / 100).toEqual(2); await page.goto("/"); - await login(page, homeserver); + await login(page, homeserver, credentials); await expect(page.getByRole("heading", { name: "Verify this device", level: 1 })).toBeVisible(); @@ -210,11 +209,15 @@ test.describe("Login", () => { page, homeserver, request, + credentials, }) => { - console.log(`uid ${creds.userId} body`, DEVICE_SIGNING_KEYS_BODY); + console.log(`uid ${credentials.userId} body`, getDeviceSigningKeysBody(credentials)); const res = await request.post( `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, - { headers: { Authorization: `Bearer ${creds.accessToken}` }, data: DEVICE_SIGNING_KEYS_BODY }, + { + headers: { Authorization: `Bearer ${credentials.accessToken}` }, + data: getDeviceSigningKeysBody(credentials), + }, ); if (res.status() / 100 !== 2) { console.log("Uploading dummy keys failed", await res.json()); @@ -222,7 +225,7 @@ test.describe("Login", () => { expect(res.status() / 100).toEqual(2); await page.goto("/"); - await login(page, homeserver); + await login(page, homeserver, credentials); const h1 = await page.getByRole("heading", { name: "Verify this device", level: 1 }); await expect(h1).toBeVisible(); diff --git a/playwright/plugins/homeserver/index.ts b/playwright/plugins/homeserver/index.ts index c05a5c345e8..50dea472f78 100644 --- a/playwright/plugins/homeserver/index.ts +++ b/playwright/plugins/homeserver/index.ts @@ -41,4 +41,5 @@ export interface Credentials { homeServer: string; password: string | null; // null for password-less users displayName?: string; + username: string; // the localpart of the userId } diff --git a/playwright/testcontainers/synapse.ts b/playwright/testcontainers/synapse.ts index 77996c1c31e..3b06db2325e 100644 --- a/playwright/testcontainers/synapse.ts +++ b/playwright/testcontainers/synapse.ts @@ -276,6 +276,7 @@ export class StartedSynapseContainer extends AbstractStartedContainer implements deviceId: data.device_id, password, displayName, + username, }; } @@ -303,6 +304,7 @@ export class StartedSynapseContainer extends AbstractStartedContainer implements userId: json.user_id, deviceId: json.device_id, homeServer: json.home_server, + username: userId.slice(1).split(":")[0], }; } From dd494dcbfecb0d6d96d9611dcb7cf5283cb754da Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Jan 2025 11:39:56 +0000 Subject: [PATCH 36/41] Fix types Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/login/utils.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/playwright/e2e/login/utils.ts b/playwright/e2e/login/utils.ts index baec59d7aad..cc98d8819a2 100644 --- a/playwright/e2e/login/utils.ts +++ b/playwright/e2e/login/utils.ts @@ -56,6 +56,7 @@ export async function doTokenRegistration( homeServer: window.mxMatrixClientPeg.get().getHomeserverUrl(), password: null, displayName: "Alice", + username: window.mxMatrixClientPeg.get().getUserIdLocalpart(), })); } From a29956e5dfed8d4b9c01f5713c4faac0b2631c36 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Jan 2025 15:00:26 +0000 Subject: [PATCH 37/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/login/login-consent.spec.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/playwright/e2e/login/login-consent.spec.ts b/playwright/e2e/login/login-consent.spec.ts index 4bbb887d4c5..10b1dcff4c6 100644 --- a/playwright/e2e/login/login-consent.spec.ts +++ b/playwright/e2e/login/login-consent.spec.ts @@ -22,7 +22,7 @@ function getDeviceSigningKeysBody(credentials: Credentials) { "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg", }, signatures: { - "@user1234:localhost": { + [credentials.userId]: { "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "mvwqsYiGa2gPH6ueJsiJnceHMrZhf1pqIMGxkvKisN3ucz8sU7LwyzndbYaLkUKEDx1JuOKFfZ9Mb3mqc7PMBQ", "ed25519:SRHVWTNVBH": @@ -30,33 +30,33 @@ function getDeviceSigningKeysBody(credentials: Credentials) { }, }, usage: ["master"], - user_id: "@user1234:localhost", + user_id: credentials.userId, }, self_signing_key: { keys: { "ed25519:eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8": "eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8", }, signatures: { - "@user1234:localhost": { + [credentials.userId]: { "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "M2rt5xs+23egbVUwUcZuU7pMpn0chBNC5rpdyZGayfU3FDlx1DbopbakIcl5v4uOSGMbqUotyzkE6CchB+dgDw", }, }, usage: ["self_signing"], - user_id: "@user1234:localhost", + user_id: credentials.userId, }, user_signing_key: { keys: { "ed25519:h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4": "h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4", }, signatures: { - "@user1234:localhost": { + [credentials.userId]: { "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "5ZMJ7SG2qr76vU2nITKap88AxLZ/RZQmF/mBcAcVZ9Bknvos3WQp8qN9jKuiqOHCq/XpPORA6XBmiDIyPqTFAA", }, }, usage: ["user_signing"], - user_id: "@user1234:localhost", + user_id: credentials.userId, }, auth: { type: "m.login.password", From f770ba619214310ffd0605ac0b860cd6ead9b907 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Jan 2025 18:10:56 +0000 Subject: [PATCH 38/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/login/login-consent.spec.ts | 110 ++++++++++-------- .../e2e/settings/device-management.spec.ts | 1 + 2 files changed, 62 insertions(+), 49 deletions(-) diff --git a/playwright/e2e/login/login-consent.spec.ts b/playwright/e2e/login/login-consent.spec.ts index 10b1dcff4c6..ab70e1d1869 100644 --- a/playwright/e2e/login/login-consent.spec.ts +++ b/playwright/e2e/login/login-consent.spec.ts @@ -13,58 +13,60 @@ import { selectHomeserver } from "../utils"; import { Credentials, HomeserverInstance } from "../../plugins/homeserver"; import { consentHomeserver } from "../../plugins/homeserver/synapse/consentHomeserver.ts"; +// This test requires fixed credentials for the device signing keys below to work +const username = "user1234"; +const password = "p4s5W0rD"; + // Pre-generated dummy signing keys to create an account that has signing keys set. // Note the signatures are specific to the username and must be valid or the HS will reject the keys. -function getDeviceSigningKeysBody(credentials: Credentials) { - return { - master_key: { - keys: { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg", - }, - signatures: { - [credentials.userId]: { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": - "mvwqsYiGa2gPH6ueJsiJnceHMrZhf1pqIMGxkvKisN3ucz8sU7LwyzndbYaLkUKEDx1JuOKFfZ9Mb3mqc7PMBQ", - "ed25519:SRHVWTNVBH": - "HVGmVIzsJe3d+Un/6S9tXPsU7YA8HjZPdxogVzdjEFIU8OjLyElccvjupow0rVWgkEqU8sO21LIHw9cWRZEmDw", - }, - }, - usage: ["master"], - user_id: credentials.userId, +const DEVICE_SIGNING_KEYS_BODY = { + master_key: { + keys: { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": "6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg", }, - self_signing_key: { - keys: { - "ed25519:eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8": "eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8", - }, - signatures: { - [credentials.userId]: { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": - "M2rt5xs+23egbVUwUcZuU7pMpn0chBNC5rpdyZGayfU3FDlx1DbopbakIcl5v4uOSGMbqUotyzkE6CchB+dgDw", - }, + signatures: { + "@user1234:localhost": { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": + "mvwqsYiGa2gPH6ueJsiJnceHMrZhf1pqIMGxkvKisN3ucz8sU7LwyzndbYaLkUKEDx1JuOKFfZ9Mb3mqc7PMBQ", + "ed25519:SRHVWTNVBH": + "HVGmVIzsJe3d+Un/6S9tXPsU7YA8HjZPdxogVzdjEFIU8OjLyElccvjupow0rVWgkEqU8sO21LIHw9cWRZEmDw", }, - usage: ["self_signing"], - user_id: credentials.userId, }, - user_signing_key: { - keys: { - "ed25519:h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4": "h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4", - }, - signatures: { - [credentials.userId]: { - "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": - "5ZMJ7SG2qr76vU2nITKap88AxLZ/RZQmF/mBcAcVZ9Bknvos3WQp8qN9jKuiqOHCq/XpPORA6XBmiDIyPqTFAA", - }, + usage: ["master"], + user_id: "@user1234:localhost", + }, + self_signing_key: { + keys: { + "ed25519:eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8": "eqzRly4S1GvTA36v48hOKokHMtYBLm02zXRgPHue5/8", + }, + signatures: { + "@user1234:localhost": { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": + "M2rt5xs+23egbVUwUcZuU7pMpn0chBNC5rpdyZGayfU3FDlx1DbopbakIcl5v4uOSGMbqUotyzkE6CchB+dgDw", }, - usage: ["user_signing"], - user_id: credentials.userId, }, - auth: { - type: "m.login.password", - identifier: { type: "m.id.user", user: credentials.userId }, - password: credentials.password, + usage: ["self_signing"], + user_id: "@user1234:localhost", + }, + user_signing_key: { + keys: { + "ed25519:h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4": "h6C7sonjKSSa/VMvmpmFnwMA02H2rKIMSYZ2ddwgJn4", }, - }; -} + signatures: { + "@user1234:localhost": { + "ed25519:6qCouJsi2j7DzOmpxPTBALpvDTqa8p2mjrQR2P8wEbg": + "5ZMJ7SG2qr76vU2nITKap88AxLZ/RZQmF/mBcAcVZ9Bknvos3WQp8qN9jKuiqOHCq/XpPORA6XBmiDIyPqTFAA", + }, + }, + usage: ["user_signing"], + user_id: "@user1234:localhost", + }, + auth: { + type: "m.login.password", + identifier: { type: "m.id.user", user: "@user1234:localhost" }, + password: password, + }, +}; async function login(page: Page, homeserver: HomeserverInstance, credentials: Credentials) { await page.getByRole("link", { name: "Sign in" }).click(); @@ -86,6 +88,16 @@ test.use({ }, }, }, + credentials: async ({ context, homeserver }, use) => { + const displayName = "Dave"; + const credentials = await homeserver.registerUser(username, password, displayName); + console.log(`Registered test user @user:localhost with displayname ${displayName}`); + + await use({ + ...credentials, + displayName, + }); + }, }); test.describe("Login", () => { @@ -149,7 +161,7 @@ test.describe("Login", () => { }) => { const res = await request.post(`${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { headers: { Authorization: `Bearer ${credentials.accessToken}` }, - data: getDeviceSigningKeysBody(credentials), + data: DEVICE_SIGNING_KEYS_BODY, }); if (res.status() / 100 !== 2) { console.log("Uploading dummy keys failed", await res.json()); @@ -181,7 +193,7 @@ test.describe("Login", () => { `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { headers: { Authorization: `Bearer ${credentials.accessToken}` }, - data: getDeviceSigningKeysBody(credentials), + data: DEVICE_SIGNING_KEYS_BODY, }, ); if (res.status() / 100 !== 2) { @@ -211,12 +223,12 @@ test.describe("Login", () => { request, credentials, }) => { - console.log(`uid ${credentials.userId} body`, getDeviceSigningKeysBody(credentials)); + console.log(`uid ${credentials.userId} body`, DEVICE_SIGNING_KEYS_BODY); const res = await request.post( `${homeserver.baseUrl}/_matrix/client/v3/keys/device_signing/upload`, { headers: { Authorization: `Bearer ${credentials.accessToken}` }, - data: getDeviceSigningKeysBody(credentials), + data: DEVICE_SIGNING_KEYS_BODY, }, ); if (res.status() / 100 !== 2) { @@ -227,7 +239,7 @@ test.describe("Login", () => { await page.goto("/"); await login(page, homeserver, credentials); - const h1 = await page.getByRole("heading", { name: "Verify this device", level: 1 }); + const h1 = page.getByRole("heading", { name: "Verify this device", level: 1 }); await expect(h1).toBeVisible(); await expect(h1.locator(".mx_CompleteSecurity_skip")).toHaveCount(0); diff --git a/playwright/e2e/settings/device-management.spec.ts b/playwright/e2e/settings/device-management.spec.ts index 4c1169ad094..29151112a84 100644 --- a/playwright/e2e/settings/device-management.spec.ts +++ b/playwright/e2e/settings/device-management.spec.ts @@ -20,6 +20,7 @@ test.describe("Device manager", () => { } }); + // How does this test not require auth on Synapse? test("should display sessions", async ({ page, app }) => { await app.settings.openUserSettings("Sessions"); const tab = page.locator(".mx_SettingsTab"); From da0b0c927a9d15bc851c915f3f4c41ff8a4712c7 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Jan 2025 18:20:07 +0000 Subject: [PATCH 39/41] Discard changes to playwright/e2e/settings/device-management.spec.ts --- playwright/e2e/settings/device-management.spec.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/playwright/e2e/settings/device-management.spec.ts b/playwright/e2e/settings/device-management.spec.ts index 29151112a84..4c1169ad094 100644 --- a/playwright/e2e/settings/device-management.spec.ts +++ b/playwright/e2e/settings/device-management.spec.ts @@ -20,7 +20,6 @@ test.describe("Device manager", () => { } }); - // How does this test not require auth on Synapse? test("should display sessions", async ({ page, app }) => { await app.settings.openUserSettings("Sessions"); const tab = page.locator(".mx_SettingsTab"); From ca7c303e53ace5a28ab7ae36dcbcaefa9e6b3c80 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Wed, 8 Jan 2025 09:07:05 +0000 Subject: [PATCH 40/41] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../spaces/threads-activity-centre/index.ts | 7 ++- .../threadsActivityCentre.spec.ts | 55 +++++++++++-------- 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/playwright/e2e/spaces/threads-activity-centre/index.ts b/playwright/e2e/spaces/threads-activity-centre/index.ts index 2555e5a8353..d3d3cb352b4 100644 --- a/playwright/e2e/spaces/threads-activity-centre/index.ts +++ b/playwright/e2e/spaces/threads-activity-centre/index.ts @@ -13,6 +13,7 @@ import { test as base, expect } from "../../../element-web-test"; import { Bot } from "../../../pages/bot"; import { Client } from "../../../pages/client"; import { ElementAppPage } from "../../../pages/ElementAppPage"; +import { Credentials } from "../../../plugins/homeserver"; type RoomRef = { name: string; roomId: string }; @@ -336,12 +337,14 @@ export class Helpers { * @param room1 * @param room2 * @param msg - MessageBuilder + * @param user - the user to mention in the first message * @param hasMention - whether to include a mention in the first message */ async populateThreads( room1: { name: string; roomId: string }, room2: { name: string; roomId: string }, msg: MessageBuilder, + user: Credentials, hasMention = true, ) { if (hasMention) { @@ -350,9 +353,9 @@ export class Helpers { msg.threadedOff("Msg1", { "body": "User", "format": "org.matrix.custom.html", - "formatted_body": "User", + "formatted_body": `User`, "m.mentions": { - user_ids: ["@user:localhost"], + user_ids: [user.userId], }, }), ]); diff --git a/playwright/e2e/spaces/threads-activity-centre/threadsActivityCentre.spec.ts b/playwright/e2e/spaces/threads-activity-centre/threadsActivityCentre.spec.ts index 16276c5b9db..c45222d035f 100644 --- a/playwright/e2e/spaces/threads-activity-centre/threadsActivityCentre.spec.ts +++ b/playwright/e2e/spaces/threads-activity-centre/threadsActivityCentre.spec.ts @@ -46,16 +46,21 @@ test.describe("Threads Activity Centre", { tag: "@no-firefox" }, () => { await util.assertNotificationTac(); }); - test("should show a highlight indicator when there is a mention in a thread", async ({ room1, util, msg }) => { + test("should show a highlight indicator when there is a mention in a thread", async ({ + room1, + util, + msg, + user, + }) => { await util.goTo(room1); await util.receiveMessages(room1, [ "Msg1", msg.threadedOff("Msg1", { "body": "User", "format": "org.matrix.custom.html", - "formatted_body": "User", + "formatted_body": `User`, "m.mentions": { - user_ids: ["@user:localhost"], + user_ids: [user.userId], }, }), ]); @@ -64,26 +69,30 @@ test.describe("Threads Activity Centre", { tag: "@no-firefox" }, () => { await util.assertHighlightIndicator(); }); - test("should show the rooms with unread threads", { tag: "@screenshot" }, async ({ room1, room2, util, msg }) => { - await util.goTo(room2); - await util.populateThreads(room1, room2, msg); - // The indicator should be shown - await util.assertHighlightIndicator(); - - // Verify that we have the expected rooms in the TAC - await util.openTac(); - await util.assertRoomsInTac([ - { room: room2.name, notificationLevel: "highlight" }, - { room: room1.name, notificationLevel: "notification" }, - ]); - - // Verify that we don't have a visual regression - await expect(util.getTacPanel()).toMatchScreenshot("tac-panel-mix-unread.png"); - }); + test( + "should show the rooms with unread threads", + { tag: "@screenshot" }, + async ({ room1, room2, util, msg, user }) => { + await util.goTo(room2); + await util.populateThreads(room1, room2, msg, user); + // The indicator should be shown + await util.assertHighlightIndicator(); + + // Verify that we have the expected rooms in the TAC + await util.openTac(); + await util.assertRoomsInTac([ + { room: room2.name, notificationLevel: "highlight" }, + { room: room1.name, notificationLevel: "notification" }, + ]); + + // Verify that we don't have a visual regression + await expect(util.getTacPanel()).toMatchScreenshot("tac-panel-mix-unread.png"); + }, + ); - test("should update with a thread is read", { tag: "@screenshot" }, async ({ room1, room2, util, msg }) => { + test("should update with a thread is read", { tag: "@screenshot" }, async ({ room1, room2, util, msg, user }) => { await util.goTo(room2); - await util.populateThreads(room1, room2, msg); + await util.populateThreads(room1, room2, msg, user); // Click on the first room in TAC await util.openTac(); @@ -104,9 +113,9 @@ test.describe("Threads Activity Centre", { tag: "@no-firefox" }, () => { await expect(util.getTacPanel()).toMatchScreenshot("tac-panel-notification-unread.png"); }); - test("should order by recency after notification level", async ({ room1, room2, util, msg }) => { + test("should order by recency after notification level", async ({ room1, room2, util, msg, user }) => { await util.goTo(room2); - await util.populateThreads(room1, room2, msg, false); + await util.populateThreads(room1, room2, msg, user, false); await util.openTac(); await util.assertRoomsInTac([ From 70aa6e12057c31e19914c43732fa2ef3c0d1bee4 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Wed, 8 Jan 2025 09:28:33 +0000 Subject: [PATCH 41/41] Fix bad merge Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/oidc/oidc-native.spec.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index 96f055f1047..63cf0a5b59f 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -14,7 +14,6 @@ import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts test.use(masHomeserver); test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { - test.use(masHomeserver); test.skip(isDendrite, "does not yet support MAS"); test.slow(); // trace recording takes a while here