From 033c2c5acd008f4db496a474be867e50fb20f288 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 24 Apr 2020 00:09:28 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- app/models/group.rb | 2 +- ...referencing-a-group-in-a-note-can-fail.yml | 5 ++ .../unreleased/dz-remove-legacy-routes.yml | 5 ++ .../update-gitlab-managed-helm-to-2-16-6.yml | 6 ++ config/routes/project.rb | 6 +- doc/ci/environments.md | 3 + doc/ci/parent_child_pipelines.md | 6 ++ doc/ci/yaml/README.md | 75 +++++++++++------- doc/development/sidekiq_style_guide.md | 28 ++++++- doc/topics/autodevops/index.md | 17 ++-- ...e_waf_ingress_disabled_settings_v12_10.png | Bin 0 -> 51416 bytes doc/user/clusters/applications.md | 26 ++++-- .../project/clusters/kubernetes_pod_logs.md | 20 +++-- doc/user/project/deploy_tokens/index.md | 3 + .../project/merge_requests/code_quality.md | 2 +- .../index.md | 2 +- lib/gitlab/kubernetes/helm.rb | 2 +- .../lib/gitlab/gfm/reference_rewriter_spec.rb | 12 +++ spec/lib/gitlab/kubernetes/helm/pod_spec.rb | 2 +- spec/routing/project_routing_spec.rb | 21 ----- 20 files changed, 163 insertions(+), 80 deletions(-) create mode 100644 changelogs/unreleased/215326-moving-an-issue-referencing-a-group-in-a-note-can-fail.yml create mode 100644 changelogs/unreleased/dz-remove-legacy-routes.yml create mode 100644 changelogs/unreleased/update-gitlab-managed-helm-to-2-16-6.yml create mode 100644 doc/topics/web_application_firewall/img/guide_waf_ingress_disabled_settings_v12_10.png diff --git a/app/models/group.rb b/app/models/group.rb index be101ff40df..c79d5a9a326 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -170,7 +170,7 @@ class Group < Namespace notification_settings.find { |n| n.notification_email.present? }&.notification_email end - def to_reference(_from = nil, full: nil) + def to_reference(_from = nil, target_project: nil, full: nil) "#{self.class.reference_prefix}#{full_path}" end diff --git a/changelogs/unreleased/215326-moving-an-issue-referencing-a-group-in-a-note-can-fail.yml b/changelogs/unreleased/215326-moving-an-issue-referencing-a-group-in-a-note-can-fail.yml new file mode 100644 index 00000000000..85faa2610c9 --- /dev/null +++ b/changelogs/unreleased/215326-moving-an-issue-referencing-a-group-in-a-note-can-fail.yml @@ -0,0 +1,5 @@ +--- +title: Fix moving an issue when there is a group reference +merge_request: 30185 +author: +type: fixed diff --git a/changelogs/unreleased/dz-remove-legacy-routes.yml b/changelogs/unreleased/dz-remove-legacy-routes.yml new file mode 100644 index 00000000000..9233df74853 --- /dev/null +++ b/changelogs/unreleased/dz-remove-legacy-routes.yml @@ -0,0 +1,5 @@ +--- +title: Remove project routes that were deprecated before 12.1 +merge_request: 26808 +author: +type: removed diff --git a/changelogs/unreleased/update-gitlab-managed-helm-to-2-16-6.yml b/changelogs/unreleased/update-gitlab-managed-helm-to-2-16-6.yml new file mode 100644 index 00000000000..09b06d54356 --- /dev/null +++ b/changelogs/unreleased/update-gitlab-managed-helm-to-2-16-6.yml @@ -0,0 +1,6 @@ +--- +title: Update GitLab-managed helm from 2.16.3 to 2.16.6, improving the reliability + of GitLab's Kubernetes integration +merge_request: 30067 +author: +type: changed diff --git a/config/routes/project.rb b/config/routes/project.rb index 7b96d9b316a..cdbdfa0a943 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -467,11 +467,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do # Legacy routes. # Introduced in 12.0. # Should be removed with https://gitlab.com/gitlab-org/gitlab/issues/28848. - Gitlab::Routing.redirect_legacy_paths(self, :settings, :branches, :tags, - :network, :graphs, :autocomplete_sources, - :project_members, :deploy_keys, :deploy_tokens, - :labels, :milestones, :services, :boards, :releases, - :forks, :group_links, :import, :avatar, :mirror, + Gitlab::Routing.redirect_legacy_paths(self, :mirror, :cycle_analytics, :mattermost, :variables, :triggers, :environments, :protected_environments, :error_tracking, :alert_management, :serverless, :clusters, :audit_events, :wikis, :merge_requests, diff --git a/doc/ci/environments.md b/doc/ci/environments.md index fdd2791aa1d..c3397494c6a 100644 --- a/doc/ci/environments.md +++ b/doc/ci/environments.md @@ -175,6 +175,9 @@ and expands the `environment:url` value with variables defined in the dotenv fil To use this feature, specify the [`artifacts:reports:dotenv`](yaml/README.md#artifactsreportsdotenv) keyword in `.gitlab-ci.yml`. + +For an overview, see [Set dynamic URLs after a job finished](https://youtu.be/70jDXtOf4Ig). + ##### Example of setting dynamic environment URLs The following example shows a Review App that creates a new environment diff --git a/doc/ci/parent_child_pipelines.md b/doc/ci/parent_child_pipelines.md index 2bc897901fa..e28adc2bc01 100644 --- a/doc/ci/parent_child_pipelines.md +++ b/doc/ci/parent_child_pipelines.md @@ -43,6 +43,9 @@ Child pipelines work well with other GitLab CI/CD features: All of this will work with the [`include:`](yaml/README.md#include) feature so you can compose the child pipeline configuration. + +For an overview, see [Parent-Child Pipelines feature demo](https://youtu.be/n8KpBSqZNbk). + ## Examples The simplest case is [triggering a child pipeline](yaml/README.md#trigger) using a @@ -136,6 +139,9 @@ your own script to generate a YAML file, which is then [used to trigger a child This technique can be very powerful in generating pipelines targeting content that changed or to build a matrix of targets and architectures. + +For an overview, see [Create child pipelines using dynamically generated configurations](https://youtu.be/nMdfus2JWHM). + In GitLab 12.9, the child pipeline could fail to be created in certain cases, causing the parent pipeline to fail. This is [resolved in GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/issues/209070). diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index f7d9430433e..16dda494ff1 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -311,10 +311,30 @@ workflow: > - Available for Starter, Premium and Ultimate since 10.6. > - [Moved](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/21603) to GitLab Core in 11.4. -Using the `include` keyword, you can allow the inclusion of external YAML files. +Using the `include` keyword allows the inclusion of external YAML files. This helps +to break down the CI/CD configuration into multiple files and increases readability for long configuration files. +It is also possible to have template files stored in a central repository and projects include their +configuration files. This helps avoid duplicated configuration, for example, global default variables for all projects. + `include` requires the external YAML file to have the extensions `.yml` or `.yaml`, otherwise the external file will not be included. +`include` supports the following inclusion methods: + +| Method | Description | +|:--------------------------------|:------------------------------------------------------------------| +| [`local`](#includelocal) | Include a file from the local project repository. | +| [`file`](#includefile) | Include a file from a different project repository. | +| [`remote`](#includeremote) | Include a file from a remote URL. Must be publicly accessible. | +| [`template`](#includetemplate) | Include templates which are provided by GitLab. | + +See [usage examples](#include-examples). + +NOTE: **Note:** +`.gitlab-ci.yml` configuration included by all methods is evaluated at pipeline creation. +The configuration is a snapshot in time and persisted in the database. Any changes to +referenced `.gitlab-ci.yml` configuration will not be reflected in GitLab until the next pipeline is created. + The files defined in `include` are: - Deep merged with those in `.gitlab-ci.yml`. @@ -330,20 +350,6 @@ Using YAML aliases across different YAML files sourced by `include` is not supported. You must only refer to aliases in the same file. Instead of using YAML anchors, you can use the [`extends` keyword](#extends). -`include` supports four include methods: - -- [`local`](#includelocal) -- [`file`](#includefile) -- [`template`](#includetemplate) -- [`remote`](#includeremote) - -See [usage examples](#include-examples). - -NOTE: **Note:** -`.gitlab-ci.yml` configuration included by all methods is evaluated at pipeline creation. -The configuration is a snapshot in time and persisted in the database. Any changes to -referenced `.gitlab-ci.yml` configuration will not be reflected in GitLab until the next pipeline is created. - #### `include:local` `include:local` includes a file from the same repository as `.gitlab-ci.yml`. @@ -366,6 +372,15 @@ include: - local: '/templates/.gitlab-ci-template.yml' ``` +TIP: **Tip:** +Local includes can be used as a replacement for symbolic links which are not followed. + +This can be defined as a short local include: + +```yaml +include: '.gitlab-ci-production.yml' +``` + #### `include:file` > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/53903) in GitLab 11.7. @@ -401,6 +416,21 @@ All [nested includes](#nested-includes) will be executed in the scope of the tar so it is possible to use local (relative to target project), project, remote or template includes. +#### `include:remote` + +`include:remote` can be used to include a file from a different location, +using HTTP/HTTPS, referenced by using the full URL. The remote file must be +publicly accessible through a simple GET request as authentication schemas +in the remote URL are not supported. For example: + +```yaml +include: + - remote: 'https://gitlab.com/awesome-project/raw/master/.gitlab-ci-template.yml' +``` + +All [nested includes](#nested-includes) will be executed without context as public user, so only another remote +or public project, or template, is allowed. + #### `include:template` > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/53445) in GitLab 11.7. @@ -427,21 +457,6 @@ include: All [nested includes](#nested-includes) will be executed only with the permission of the user, so it is possible to use project, remote or template includes. -#### `include:remote` - -`include:remote` can be used to include a file from a different location, -using HTTP/HTTPS, referenced by using the full URL. The remote file must be -publicly accessible through a simple GET request as authentication schemas -in the remote URL is not supported. For example: - -```yaml -include: - - remote: 'https://gitlab.com/awesome-project/raw/master/.gitlab-ci-template.yml' -``` - -All nested includes will be executed without context as public user, so only another remote, -or public project, or template is allowed. - #### Nested includes > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/56836) in GitLab 11.9. diff --git a/doc/development/sidekiq_style_guide.md b/doc/development/sidekiq_style_guide.md index 0ca25f43345..8c29ad8246f 100644 --- a/doc/development/sidekiq_style_guide.md +++ b/doc/development/sidekiq_style_guide.md @@ -118,8 +118,32 @@ It's encouraged to only have the `idempotent!` call in the top-most worker class the `perform` method is defined in another class or module. NOTE: **Note:** -Note that a cop will fail if the worker class is not marked as idempotent. -Consider skipping the cop if you're not confident your job can safely run multiple times. +If the worker class is not marked as idempotent, a cop will fail. +Consider skipping the cop if you're not confident your job can safely +run multiple times. + +### Deduplication + +When a job for an idempotent worker is enqueued while another +unstarted job is already in the queue, GitLab drops the second +job. The work is skipped because the same work would be +done by the job that was scheduled first; by the time the second +job executed, the first job would do nothing. + +For example, `AuthorizedProjectsWorker` takes a user ID. When the +worker runs, it recalculates a user's authorizations. GitLab schedules +this job each time an action potentially changes a user's +authorizations. If the same user is added to two projects at the +same time, the second job can be skipped if the first job hasn't +begun, because when the first job runs, it creates the +authorizations for both projects. + +GitLab doesn't skip jobs scheduled in the future, as we assume that +the state will have changed by the time the job is scheduled to +execute. + +More [deduplication strategies have been suggested](https://gitlab.com/gitlab-com/gl-infra/scalability/issues/195). If you are implementing a worker that +could benefit from a different strategy, please comment in the issue. ## Job urgency diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 7ed6625bea3..735934fcaff 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -9,11 +9,18 @@ to simplify the setup and execution of a mature & modern software development li ## Overview -With Auto DevOps, the software development process becomes easier to set up -as every project can have a complete workflow from verification to monitoring -with minimal configuration. Just push your code and GitLab takes -care of everything else. This makes it easier to start new projects and brings -consistency to how applications are set up throughout a company. +You can spend a lot of effort to set up the workflow and processes required to +build, deploy. and monitor your project. It gets worse when your company has +hundreds, if not thousands, of projects to maintain. With new projects +constantly starting up, the entire software development process becomes +impossibly complex to manage. + +Auto DevOps provides you a seamless software development process by +automatically detecting all dependencies and language technologies required to +test, build, package, deploy, and monitor every project with minimal +configuration. Automation enables consistency across your projects, seamless +management of processes, and faster creation of new projects: push your code, +and GitLab does the rest, improving your productivity and efficiency. For an introduction to Auto DevOps, watch [AutoDevOps in GitLab 11.0](https://youtu.be/0Tc0YYBxqi4). diff --git a/doc/topics/web_application_firewall/img/guide_waf_ingress_disabled_settings_v12_10.png b/doc/topics/web_application_firewall/img/guide_waf_ingress_disabled_settings_v12_10.png new file mode 100644 index 0000000000000000000000000000000000000000..2dd6df3d37b16df4ba26169b31e4d4f6d63b1338 GIT binary patch literal 51416 zcma&NWmp?;&^Jm;DHKYfG`M?kcPqtR6C8@WyO#n5f);lVF2x<%LXhI_P=Y(botOTf z=bTUHy3Tul$=uo5nc1=Z?Pe08sw{(vPK1txgoG(4E2)lzgbG1ILM}l=e*OmgD8l{u zgnl;#JXv7bF*yV$jQm+-F{ZU%q^ah=`cqJioem=FF!iLX?2IS83C^ zU4Pwj#u=R3+Qu$_PVYz6EW9+1uKly+Q#>gX{97}!U(|iaI^oDRXE?ZQ)-rhnE&s2S zloV~osKNI^g}`0Gk_A1;fq(u9Va)HC>eIaTbFCi>U@*9Ub~T`NF1mlyD85QAtFNYS zGPtBe=u083OS*-HMM}${Rp(aL>_!LorP98C7b*>vXOt3P`d zsJc-XX2tCi3a-Lq8|N<4{PUTW;*~j0rlcA+nr+qHgX5m7-3ku2Rgqc$&{>G!=3(|X6*Txu&=4;@)qgmFAcji#!iC*@YT7^^i?@%xqLRN z>JJCcYozv&__bY`-(2!+=_YFNFp<*zM-5O%096jtn-vPAFUVZy1t#tK5Gh*w$~BO= zPseSGZ5s34VnPv$;jmdUY;TMX!2{0C>Hk?v`qS-_`y z$RvMEf(K0qwnY=`hsxOvvms*}q@R?QCZobdU47@5sgX}HfDF!_(oNk2$t0etKLi==YR~1UK5;=k7*)D2G>RYS4GB$9>H$fB_-p`m*ePcOo{AUE z>}B(22TqAZNKPerb6%l=6Zpk*Zp&5l^oCp*h|hwo)dVm(p&=8yKLhjooCL^7?|LR< zSviW1NCjcggE==mchGL24K+ifUARkK6-tdCq$ zBUiZ0rV^c;C_!ZW(xN+4y8#kXm@LBfKBE%|OQyzB)@m!OHFg$U(TBTubEh=~Gxr*} z$1NDs@;qlipfkig!o6!R{NNNi(1>k`(QI*JV^h4hUr+FyCr{r1LREQpKAQt&yEhc~ zZjxku10O4kstVaS^(~*CAQZ4#+vnU2D5H9IUt)QYpuy-MfBV7 zj#2!`PkT{(1kc*4napWpek+w14LS=EDDnzt)(aK&>$V>Y+C1kt1&lbgYX4?hek#*J zSV}lr(ze!}$GvpV*Vo8M@i~19y(Gw|L5gb>E44O)4iQ^si#B`Ge@krBFNI$Gcl=tQ zukt2%qrI`l5tcn0Mr(8D}e=tiBJAClv`#6TQ+T%({QbYxzb9=}koTL{j1De{Aw%6x#n5-62N*LwY9L3))AHhi5XYRDT zu`mYiFM4N+E&k2IKq|b(Et-p`hjcgz-nIi$Wa^SnHg@6u-zKI3tNPn-I#N`Ie0^@4 z6%qd8(7D#E;wC3j=-mnnFNTDYtpRhRvcyX3bA*hHAPNq{)#<^N5(q19`v{BnizB^F zFNze0=}TRyj&wM*u?TaPtY1UFU%kSkvsugZOet5YY@j>VCRSGCgX`11C>z&vWV&hr z7_-w4>9W0gg2LH~sK3!6lia--w!+FGB{#Q*OieTDe$Iq$4t1z6LCbZ@UY*(SGmCZg z{+cU}v3iA@e$>O@%)rTE*&~-ygKdmo8%&N~`!Am}!=0h3Bu`tBugFW7I7BVcVif&r z3D2A#wlDXG--)IOGQL}F1%&zS$5hNZ`)PxgJ||ij{@#WoS4Kd?LH~KB&ta%AAZxir z;hPVTTd7~^f38^%61oremk9T&q4M!IWw}B0jJr(Xs+9|5FgyNgnBzD?Grpeo?}ax2 z%G>{J1PnETWQCX*j>>1x&3vj0JB2y3F#AI93^h6oHTo)5j;nN;b6+E=R}dVP%hw2N zRA6vr(t8M6jYvmEc-j9^)WENY%$o_P1BipYoNE%Wi#liL;nRSeGMQUOm?vZHLi?~c zqz)tQct)Ap$jYR1sr=;n*F?o2EWeVnyb^@%z(Uhj0>xHZq4ulX+6BE@%~nlhUq$IjvotW02Rm{@`no%JT*rJ z=Rog#PgFp6_!g4PKP{I!3c7n1AS&9kb1qt6qpilKY=UZ&g|L>aFN&{OLpJBv_v-|1Qm4sA=uHLqWwe@ZP?U=Oc0M5a?K3py z6gJ=4#pc-Er5JQQ1Y+gH(86N&Z+IvL2T^nq3O|Ivbkx9n#6k2hw?4NpH-H1wzws-L zHLAF6%a#vd5HRcKc*WAx2yJdjwH6araCWRYF3X)~V^*fO1(z2m>o<8Fzx?URiz}v5 zbB#D0S&-JND(h0psQ@qrA6B*CWMn ze-agl(p672`g?9^+Z@CgxHy#fh8|z#H79KSpj2|%N4+AcS=eC^PwOEeOQz)6Rpt$< z%`G}@Fqvc%_f4lY=C{?g#TzZ_lhO-@EraZBM2ur!+hF;2NI$Q5aJ8n?be^`!YbO&w z8B8PuCR+iWdYrvb_i|jF?lOEX^5trb_n0%)fDs?P%pn!> zVq))P84dSRN884L8)pujPla7J+fbOE1_{e?)de$bcp7C&oc9rrwRW<*QW!ozc=svAs~NP^`u{TeZ@U=6P#m~yG?wVGeQM(< ze%yi7?OF_0@qgPW=J<)$Ky{LfLL*uuWth*3@vNhZPaBDn1wVE?LR8U=Zv#AM2jIgD zoe5%+9gqG`?FE&E*WLH#hX=@%%Ez@cjdkmD#r`}UsNHrnkC7d&`%3z=@Mh54w*+B$ z(jDw|mV6(p>l4(~3#rtl1?ks}_sz(*GAT%-l>w4d+W}9D2--Jt@@*|jX^s0&s_EGD zF^3y{wJ9l2$omw*A1TIs8zA!|Z7a$d{#zzM)+EuR^UL`@+)omhh)uWszw~@rz9JTs zS3Vt_f}h(wJzb3EFIS{h6{jmaar2W zUBmzhrN2l@wHQkE9cZ#~nQ-1|bl1D}{w<~l#aTgvoY@!%6(+iUsDX-LyzkE0dG+2z zIWwPtY{YA%e`{k>h<`YPqOx zlO1A1_Q95kF6a5e@7!&xl5i~L6mcGnew?m#QD$;KD|i9HuZ1+hwti^Z^r-sLVzq8F zI9z{pad-_uUI#d$!GwSI#Z8zw)@6*p=lhn0_(B!JoN$Hlff3INhlW+KG3GX*=f1dx z^1g8k?UX~0=6nH%=IA5FtDuh*9}%Cx9O#&T`60e8)$Cro!ETA7TIxX2$MrQsel*^I)W&BRSWd=L#=QO$##9MMeX;PD zU|vsz9&+(21bsrEbgH}JEm#Q(8de>;b9Vf+N0!WMf$It= zZf~SR8+XQzTG(dQ%Wq0oVJ-R=C28Qs^%hp}3exBIgFyA|%b<_BM$sk?{VVc#$2EbD zTlJ8%X}u5Nl6nX+bi(qohD9eP@ef@e1fyO^UJv#b7DJB*+`3{kQHy=;SJ5o?gZ}L= zE>+>$ykMf|O#I09#l!(Gzbk9C}8MI|eK)LM_4V@SjB0T4hfj5Rbw@`yETG7;o+6o8KQbqg%=@By({XbJh zTD&wKGXA=kx{*Hma{zK|Bt+0>)|#ufmCVNEzN_W$bIw4QXK#|B2|Gf|-{fZ8Yu3ICulV-~Q381k)6q`3^L5s?H=7jy&V1#Q0>q1?S)hc_ z1I9ZK?+hR%hb>j>uWTh`zXuVYo47jK3}!3(^_uzPjPQ(9SbmrM&si()ArXR8_1G|} z(JOktdrvbQoZjCXwh|O37cGQ#Q3b}voolTtRtI;+g;;C}v-NrCwv5jOjg6+-{t@Ts z({e;F#2^AR+o+0t*^RgbP%bf4|v5(hB3MpB8ZTbg|mf8)`(K$b%TlUf(^Dl5DWLu1eB4) zgG<(t;n);QAcgH1Jq^L)oyyZ6DP7B|&TH7ZXN!2&;)Gvj&TR-fSAKTfH0^TS8LCDB zE;P$C(&}{%GQv|$XD{T!4f>j}$7M$PXWmadxaD~C7GAWx^aCW~XL(nEPVl{U+jsG8 zkd4^RkX1`HN5EaT4$#{3>QTp}#nl3|SjMC*rEO!8>6-oqiw+_Ob_WOek(LAc{KMp<$Kh|U0^R~? zFYeE2J@5z93YPCxQHY~Gt)~#g1kj=Dpy0&reZYzv*^CBhq`vJ;d0sSvJfryzl<_Gq zDD52*?D-j27SvRqw<3p$udqJ5lNwI&s}^gCS^C>AIXil-ufW!V80D6ybCQQiwkSAR zZ(wKdYp+SG3h0|g;x@KrMdIiT%Zh$!-{Dze6Mdat31d@W47!yoP`RNBrrN$jhihS; z1$=A^lQDc&zGf#;v{|OK_G-OX=U6Fbs+}BwKh@eOb#b)A5os=4=|nNVhTQKLW-cb0 ztZo6A-H!0N`3;oTJp;YVBl(=E*XPatc=B6dROD{|9=UhF^Y0o$echK>!ddfUhJ!NxiHE zBo{p|Ds42FM*k2k{=U}5RL)?OIrrnhuQ#m1UNIJMdzq`|kOTbL?h}H55}n7=>_c+4 ziA;HfWtdkvFk@MD)p+4)=*KN_WlFRMQF+B3HWhD@i+OmghEr0d6KT<$Nv3~X zDnuO&-a{}N_MEo-dm^dk3oS@8``OUR-N8IH>iu;P#$uw@ig)=Jx+)L##<4+oww*Pv zfx54UNe2oiUFl9aJFK)X@?UA&qC-Ot^@@luUH%++%2RzP-asS}ZqoX^c-26Y(ZgPX zM>{*%tCo2PBQHJ2{1)r0omDJjd|39&RO$t+nh2H{i$|`03$&6MZwLlUqeU<10q9&? z1x>=#b+@TuZVrH_2x7PDuN=MG;u;<54T zZoW@v@r^R|+i^1ibPqO_<~9}YiPI0DmOJT_iP;znLM8y-|;j#hM8)_xre;$J;t z4~6$AA>ftEkp0J;4p$vz;@y`&Z|W(dzjIp!K7P$~8&?6uPBeCC+p@5gg((CiN==(EFfw&yr;u z^KNU$=okI&LK2@gffI(!J6T~Zc)v61MR?5G>oC7@&kcZc z1%^#^5Lp_8S&{&668T)$DS`)$fTw*@FR|p8nqm@3PAh7Ecb3Xq>o3wG@uFO!UwQ+9 zk6Hx;$9NJt_u~QJIp6#6)p*&ohik-cWHfxa532$wy2n6^UOcG&#}$W@jd{*-I5Usn zDb9!U(vo>>w}y&LsGn5S>O2GiWb<%#v{as(o${spf)|M)vmsodg9f6}rh-C%k@t^v#6-JC&nG4Ev@`-%-EgV>ia z2cB*ma**qgDv2#{rTV9KymVbssEL7tL%Xuv1-b!HbZh7bodkl#aVew~T*A`fkwIX$ zwDhBE#Qu&HAhkm;Hm+KM1u1Fjy93M%&Zyq!8cL+-&nF6;W zOP@}CBNA4}JIudR&7^|N^1nW6_qN&wz_<@2jiMDncrB;Go4_qrjs;)=?eNijb=FUw zk7P&p*qzu+K(a0+Kv%0L=v5a6OuQ?HrIy``d-WV~_>fY(e6)B)9w_{Mz3O(ja!9Xtp`NDX=YQqGA-6?C zHTg>v5LP%|sl|(L%Cpz70bQXWv)S*a65@|58wL zLHOl3yTMbFI6#~a*ANE@hk+0`ZNrZ-b>?`cGnE6X!eO9q#_Lp{f>A@r%FWFcCkz7i zc%4ZTtQ?n7#+Gz0g@EWg#ghiBMVeyw?5{)jqKT8tX^Ql+`LNM{pR(l8crv5CO`G;x zP2&c2n-SZG{R~+&aF8r9JJf{MEjwTMag;URaIK=Y1=-+Z2?O z(|Lap9kAK$&~$fu8g;z%6<>Xy4VjWAn{}j7rt?fam!GAsoulvcTfQSuEh=_3>^+m& z$biu&ieH$VH2IsVL{>}Z2iaEbl{e`Y=vbX@b3RPiyw09=TMD(_3}xP0QTVDO4wrfS zk@@+5k|~(}#M=#}p%Oa3(Gjz7)Fk-)_G%8T$tE>2i{7;g7*Cd;PILlen8d>4djLF{ zM)XdEDw@-;WKXjD<09k=Ge3LEv>bdV(r( zg?trwVQGqs_VCt{7mhU)oClt=i4-Ocbdy*)QG~&|Co&>jhi|~Q zHtntUxccneSgA}}$~-RwGosjz(ql>+!)Jbtd3!@&y-1a|@88rNYBQv18X9x6AR#Bt5-+HYeXl<9)t9HR;>LrfJe zd(Hq2tWN3=HZ@f15>W#*xY&-3ypS}JaWCo{Ds$GQQ)LBa4hgH_<>j~!PN9Oq``s=) zSxz$=&93d1LFwewjp5(=(Akz)q4WfMN+=;G#vu%i1GP%C(g^vV>*@vu(Q_ua5lc!x zanp`vYVu?V$CY^!)avlHqn}%6#Yg4zMpt^CLBgV?gSir&xx}mA1Be(Q!{To)ewQ>U111+IEK7_Go1O`0sGd2+tajZfCGzSC)G~l=&Kpm+XwOzs|+m%zN>-^1FZ}# zjCR0nKN(wsUj3^oeOGfHHvq8^bXUqA5L~JZ0`x6Sx(F4gqTcMM5v7$e^Fmxj`|*rm zXXCi3%uSzV`j7^DagRfN>sNRowvV<#C6cLuGC6`}g;$4oXsW3j(fX|8|P3r4cKt%=e9yk(Wb$X6HVg5s8 zlO9o~$h9;5OSed!-_w|xabt4Vq?t~%_*G$I;?8j;gqGjrnt=@tPJ5YUxF*fNkaWj! z_de}MnkT5vXehKKMXk74a0qBMu^&o2MrVUx-l7@TU^^cbV)^2))K;F${&z}>Q z;49hJwK4hWO{e)|Rl$OzUAcei$bEXYgMZGR2s zG*1RPoZR7?*PPiRF}+mhCw}(3Q%a{R*@29+%G*4XXbFwb2$MQQ&yt86L!uC9W_KW$ zI+GL#G z>gxDfa*{Ua>S1=f%IUEFwL|Oz;Sx|3toIU@Uw@cOe@YMLhb)>TD1@Lo5WU%9Er@iE zX4{I};&P9(P+?y2yG3Rb#q*cm>8o=18-k|c7ftAW!-OC5+6`RXJ;HAw& zWmkXM8Y;qLce^@AEW;=}9P52xz|)0J`{KF+0r*W%(?dbm`mYGM?25vq+7bf;s7b88UVdsHIQ-soZZ1EXNql>9)Jl~T?E{V4dP#!-AHn> z4V+=K$@iioi*?PP8)6WyH)ZH~iiK;klwZ9Y8*yQHJ(VHNQ5tD9?L5@6ZzRKE{=C_o zsoY*Z+RXBAKj@*lJc}JIq`M62>Fe5qMZlwh$VFg~pV$WKH!b(&?t1wGo;GXv(eF-| zCbj*DzQxSSc1(8k^!(B9ZN$QqLDL088s+f22M_{{)8BEP|JbIfM-aMXD^4SVZKD78 zFUA~;0C{x~*4Ty$h5N7Lch*4GNb|N15MrmlY;LST2e+I&1C%3)hzG$?0VVDB3Qb9B zxUnQ44n@UYj-p`*ZC!jU!1hnswPrcQ)p_q^%G#ub3SHM$=%7g}@mXts3FHYCAY{f{ zZgPXjEs{H~fM5orCh>}jy1FQW?1*H_em~0#0OP7iRcx;$Yg77PXLOV=Dv{{?4!6&^ zrda%I7LW8Mg5%YPFt2`rs8_n1P7R$IgCZ%^(Ic{Vk19Woj69nbU(+dmF1YomPk7sG zU@&c9^aQ%77pl3+H7O-#C(|JM3uc@#EK@_Ihw6aTYK}A@(J#1nmZK19cgRB!(i*Cc z(yGtDx?*Z^&uU7W*R&C(Cr);U-1~mWxP13xHt+{{;M3D+;Nds1uBTb|Zsmn~50P4s z91I4r(t^ST^v0*b%vDh8Qr36q>GFD7@^bB6=GVvJ7TIwsFzz83x0P-r3Ib^x=FWoO zTo9JwBj6=AIEF+zKoPE5GAY@ky9H>!y|HYM6u3??mE_FqSBO8Kz`tBOtZ zgn28fKG$g3MRvfa`-q}%{$ac>o8ODt?;}KOomBFx4 ziRL}cZASu)A+;Hw@A~JZvEf?0W3lS^6is;?iB%y0bZXs8N?SGF4AYcDvWKEbWO3b@ z+RTmA#7I1=F<5o26z_g#Bk8wP!95>mgVlHPnL-UimrrZoMer4-$9a7!a=K0)S62GP zsoEVyBVPFDoDalX*$L+Dsui0Yu4^ayNR$+j<|a9v?X#e7Pyrj`OXs-yhlwPTy_c-n z4j2amV##h(If1mH^40m&uljfNYXvptr|6cQ93q=B$R8|B}3xe>Z zDQN0D8K%;(k^v^>OC(fOZIfqdE^8}>`{LL0-P207%frgh#|s%5?epP5!29<(FWS~b z+^Koabs2j= z1HWl9dQe{`Nbp<3c*lj?^EkKs+vzvc#uachql75;@sROu!@}ygTsh!DaW~btqphwA zvOL&2;jgL@snZP}&O0wr>PJ^71^dG1i>h4*6YvZu>p$%+uW8Kir3mM`R4t+O-_gxr zA%0$44Ht;le*ue67AV6O`VPNXS9Yswp9pMI!<}K%=ytVUm@x3^41A7)Z=E27D$M(0 zFn*|3EWSdnlz(lvKif;61GA6JG=M!lwFj5pE}CcJP>TtDW>oP&4&NE33uP=xWs)s6 z0d3*n@_92eyt5dQ)klcfdZt2n25oUhuW7s`UXy6JPnD|GfU!Wh`Enr51xeV{?`^Xn z-+_@@+V_XA^%HS$@BGexehWDdKg*P)F2(#I32RrRjJ#A2g|Ka0AXDS+i%NNM62Y%q z9ICxWhCXsuO{sG{kj5Uy@1e_EQqEK~BsjlPMablv#1oRb?jLs@)=EAc_67c?i!fO@ zmdB>XO#u4T|J;oOG18IiF9~0OH&&espXv!csh1*ud>}ZNc}P$?M@#Bb6AC;;BRqj)sLeG~oW6kh1Iw(4i{xBF2h47{W8(NEKnkUNA|~qL zm&<80_6@TA_c4{vO0~x{(U&Nn#;3c_(k50TJJYt*9kR)t7)|3jRPZq^&(f;gMfRSn zJL*blw1_W-c@fV8P25q0Rv>*=4-jr?o0^ zb2%siZUxD(N^cxB@;Nc7Gz;N9)DQ4 z@>`l@^M|8pnnaG zp#rC?x=DA%`DcaS z)B#8d$_44d#>dc&g-|=!BnZ9VD?K@ z)oD`9XSoqLtf4e^NJ@`9Z!O2nBZ|$rA)9EOVm$e}g{o;!8@nB`J+Wbt0|~CG^N<6= z$mM3t1WLSht=yt9m|gI&m=q7FxrGxZd~GkwaZ!Yv7-X7E_Vd+oHHUBuHEQTwBOsB? zi^Q?swyeiXpS?jQ2)o2Tm4k{fT@h{&a|6lLUW$_Dkdd-W(8<9-aQIw8ql#ohh|)eN|S@g=F*XhfJ|_Ep7|udNSABZhmqjrOBd12PPa zYI6}B1K;#3T#M-9Rpl8==A>bSn{*K)Xs_K|$MoMSE5Zs z(N((hJzsrTU=~}X>l?E+{ar|?ws2ORu~gQ}?oqeX+y%(`eT)(ncgwujx8>Y=UNq=6 z^+0+QM5lQKQpx-69A2FgkQC9O-@)2K5Mkg0ov&6-^n=J7@}67n4J*n+(JunP$`P(8 zl{AcQKqU#*JHi$z1ZZ3@lOAYRvy~?gvl*8ME8q(sf z#>sgiND54*i=DKIef0FSs%lv=>`i`6(K>!m${!4y5vh$0cJxcH>IW%QwxY`mX`k0J z&$Kv1%RC}I=`%Vs2N1-hTi?!NWqP#UjygVY+sFJK6FbLEBU1`1rl{Mr70%*L+6kQM zS}ma2oh));t0+yaX(ozm=WR5#epqPG=>C1*zrtZumf%6+{=UucSK1)o;8KtBK4(W5 zsgQHI)Y%Qf7Ze-q!_y`w<^gS<_pl3VWBfs?TlEXvegw8k%$O}=TSaPu$mA4PP(T!l^HOP2}l@!O^*}-CRP+Y8rBdSH* z6}yb%6FJBLSI)Y4p^R1Pg4i5byWE~p&beU8SYLAzMM2VRM_o{swd}Pf(u>(|Ww|ew zdU6qA>dpB}=)6NRB)9I$bJo7yqCkW5lB9`-zC)Ai{$B9fE9h9$mtU1b6`@vgt*+4K zCrL6Q^x_NT%GSqlqz=49nMwTI;Lmkg*oLI#6bV{C=-uGAON^}dbEI0~_J_&E=;F+m zSa*hv-Hi4vA3x<-x4_Fr z_jC%;KvjvWeEU@XgmE-*LO+_KrLidRJ$@!(BMS)B&#@eHdx7N6>!cn=|86@A=_Aay zVEGh{lCFt9We_wm4Fg}lF|67{RW7^M4 z^?3^W-^zU+hkjmPo+nrTTe$xw_y1omq>|^s?&tNtT+bT++amoh7t;RSD{XZ9vi=Qz4*t#3O>gT)Ev=i&FW181D%)XJ+^m}ahX}iuS;j94!*x;R2kps1C z7~f~&H=b56By2cdjyUi+XJO>N=VS+>fBZAXYc7bnR;|Q<5`ocN(!Bn#x^vc;)st6W zEVG*C>fD+vt$~AMNe^nM&9bNGCWbOWEhfsG%HAD~D;5o&_?b`TH0qnz&M&_96|8UF zq_gI<-*FVAyH$r7Kl)jf$WFSUGjPO)<05H6k1fIu?8wvlp8UZTm`KonV{H19R`{4Dx0q5cWM-=T^h< zy67pXrBQHz&>dVf?d#e1xjL$qqX}0CYO#$lXp?TbPeMZS^TidzEt*$ooSAQf9{dWp zQoxh;sT?LK(1xk8*E440wK+u5u0mk*cOEPf#c*TiL~(4hBuGll9SI*R$_~D#NJ<8) z2rhnx1C3>Lql0xb0;HerzG)Pyd!P%ulDbRyY*>1o0#VvnsH|~6QZFsY93LLHKPQ-a zSG%i&OFptrocCM>ns(n`NV9p1jwmKMdKFK%*bX;n^BP$GYD*EXWwQB#C2xQ)ue33U zIAEz0IEysP9avjPuU|PzgERzrR0cKb;-Nf9>RErM8O|+jS{9{c)6LUKda>=o#BMbd z(}3DY46Py_-W`AYfe};zpJx7kt|_13UWZsTW@iks1Tl+?jZ_)BW3QLB_#D`}-f>tR z7D`aae&`q#mD9~P>G)+OoU`*mZYZW&e)y1Z*L0W`Gp8;1ZJ!ns=_bdi<^haP4)2yg zu6CpP71H0fa<2*zpxA7Uto>U2+)hd<1CFm^)(?BEi~dAyLa202EthTKt%R7>+}mkQ zW75$@5iJB(LZgL;orYTD#Ug|WEieNQg0w#8_F9H`ppQumYtwSJqC(S-G0D@yPD4S! zK-nKxVGLQv7do3foCRZL>~t5XCj6nlgtAi}&r&XgGikL{!+0bFEsqiCFK^*YyHPEj zi;S&h`RC=9$~VS(Zj!cFD}=tyFB&{AF<8=+@}|;wGn3}sy2w$l%+p)m2QC}pD3!ud z>#ofjb~KkJSL(35eba=$h-|Oyvi=|{H!~=mdugyunC*mJK_t&wu+ZOTvKW+XL(ZR%T3 zetf?;wAT&1=oEDhZER-p?@XqzXz&;XWhV6*YBB~?(d`i!rZRB0vIvIq(C-p=p^t*v z&-{D}rfSbUO5q?%4ev~$M~cga!4?H0Uq+86v{>F$EogQnq|KbZTe)f|(pEsDOsjM* z7VEip=9(y2K{9GHS~SJQ`qvdB9}^)WnGgBea?cT>tCudNF3-!2S8mvUPOlb-fwV73 z1EHV9CAXS9gELdUPRC`g8IeP^zy1(lJ)@Zku!tU>G@E^~e4#1KII0Q)jcwOd8$8u= zT%|!GjS3I*X6(NOdAd>tkltu*0r_4*ArII88X%*G8<~BL(>>sM%IY>-ga$J+JT4Zh ze*C9?68o;Lb87J+9)h0~xSb8nSDUtj!ar{_R?Bo?X_9E2srxc^o)xs;QCzxvUt@uo z)9ir{lUE*3_DNOb4@{=nl?DIm>0aQlyMr+Qj7A4xp*wK_T1q*#tnzK@hhSY)G%vWT zJ6;`Iz^V{FTNv`j|{{H`{|OEnPO?nS<-b6})~kjrdycHeX^eaKpptSDQ=Is*{?3lUsJ zcG>o@ThXnSr8wAOE1?x~u`TSe*(Y5Zp-#-T4Q5|<=*teA5RM&LcwoYfv}@B{X!P3C zELGYotAiWnq8IrJhDt?F4l>TXT*(N7btrXwU5Hjb+VGwoY=4+zEAa}fGD$l!)$tNx z6%CPT`7&y5?`?8#E~?H_ilWv#!CdRN>_sdACOSwKu+o5UF3!7yaq zi@WG(K2kBM)0R`_wT52uO*xxW3Cx2h;3|=6_+SZ(4ZVv|m+?@8(Z4wcyuuQ*S%+{H z&yURP8;M0eWI-bJkd0u-t|AkkV3&B(sDw?!;!)-qHO}|uxO_t&>01J>y72;;kdRij zU<<*B{2CH7X-m#UaHCK5;M;*wcice&Jv}ykV8i>t1MOgwMi%Q`d%=z-mg&U@O&Dt0 zZ<{#OUFp(cn;-Ey&1J?gKA+9Qvm?(+JKNI4R!61mz*Gq%&6>1z346DUG_ghSpkl~{ zUt9ICfKKeQZ5O?Fu)Hd`hdypV+I*u!FGgCl!hPoqQw*DH3#aFr4CB#Gbl`}dMUN)l zY2Qnv6MN7Si-iqXX5eIDGas$K2rka^Jck>6Tb60z16K#ls$Utj<&-vOwFs2Z!~CXd zu6&B0Ti|6yvoN^vQ5FW<7}ue`+|JE5OrK~ayA#4a{v%MrgqwjcsEC2<7&+M>Gy>Ub zJp4H>tN~{d^17}x zu(kFpHE`@whehmL7#g;vQKd)-^_O@grOVtk7KtA=^wxFwGbHj4l{KT!l(MESJqfQc zFE~_;uUsUm9A?L6DQNxbSz!Ym$QO1aR!Xjmt4&D#IX)DN7MzdAEHVD((xMCCYN9mN zP z`Ixh(q(+(TpiXh3n)Xrtp`wz%LAT?oiRNN%beCszm06f&E6;-uUod;gmg2DKbf?-O zc%sOge?%ej1yW}lZ4J<63=&;wC!i`$oNe?DNVgR;gJE$=Pa<3 z+E`OrGx}f0<Zns0O1S&EX$?$7KaH}5vp@vvH!p1~i% z%6LXcR26=um>R%6b@MIC>;HkC|H0J%(A$5A^gk^7A4L5Rkp4rX{~^>8f`9w}VTt;O zZ2vojQTiWx{r_P9zm)oa$#${|b|z>L>M&%R-XYKO0G#Tf{A-4e*3HX2@9;2-Va4^c z_64T@OnrKOmE)%}EZ1pwez))5wW__9ur;tlK>W{*j|GyX97hr>+BuVs8(60X^zd1X zf3R33qPg5)QU6k^WAHvN?NU%}Y8N^j=4b8JZnuZo+W(B#RS`K9iBVouH%?+=4Fy~a z#rlBdR9Oo}J|3i>Pjfv(8GLW_8jY-T>=YIlW+F6Qig+iAwOKfMl6649h!N@3Bm))(~k_#{a9 zExF?n($K<}@#fLb6>FYRpYl}y@j%XhzQ1xLa6={K^6?!!yJzbz2<+_e-oi%mpG37> z>IU+lhknY#hOOF0p(x%Y@+iP4zrhsQwN=TPl z6Ly9L#XGt%>f#fHH!%HO1p6Cq^mUnV^;P)Q|LVQkabVB&@^7aNd0Tk^E#!m{Mt8r9 zR9~%~2>wMHFb@1D3J@6FDuS1JB*xX1VTpTMRGjNUGk8oGmE#@PdgZAvXHW3dqx{;) zI{MYM7T!P2Puvkg1p%>fp z&?CRj>#oDXih~7Z<(b2V$6auNv+o(^*@v9VEKZSJVsf?@&sM1UMf(J2jFh;_9Aye? zkOZ6!-65O*FxSb(e;&I&?vV4%ENtPT*oX<(u^4OX-BJ6#@Yv@1s!oYk)Oe?cc;Co~ zk=NKgK#`?#C$p$^xib1o`O?4{<%u|NPIdSnB9Gd!sN@`;96v(yhW^xmh1*-UiFEM# zg!QZC0|d^Oe}326iSdT#NoNn6o^ob&Do!##c^{`vz0qLGq?1cm3p+>~=}1wS^o#QQ zR8M&Zi#~&etU*c3{W~5g9nt?N&Df7UmcQmUY49S))2lW4_M7C(pVFAz7m%9_`!iht z-+@^kE{j-a6)qI~^HHA)q6P%yU#skbq$ zaU(OT3SI-MrynmR0Qgn>=}b;T!`0C#IzL+|ThH!VO)eX|eSZnBf9tB9`!&D=+>-2i z>6*_uKR{QU7#noKe9sKgBNhNla{LSN(+lh1Urtk9vet^DrStQ3KUNw3P1Rr273>!FWiud8`9E4F0nh_mqZ8p&^HT&j#*p2P0 zWKym81u$9Rf6v79A?yAlj3B%vJYCEc8e>9jxU+iF76O#cQw@i!cuNN0YsC7%xsA{L zqwV@O*~Hm)G3tJOlJjvpuo@W8+_XEy>nbiKM1BQnGMTmE^MnZtc1$Dt>+#GOjiUmO zs?08@8E*wTH=I@_YBD7xXY;T1dQSqF?g*`J?7I}hO`a1N_!#9A95%l5?H)-blX*BM z35pV~B7jd|A-%zkaZH+`A@s2M!G()Rgj>IrR+X6)-Wp|s(=s^!TV0y{2cF(w^5^)L zA%_&BtwpEpVVWg}#;Q*O9M-rFJ>?XJBz^6gAC0^U%_pPhIrCv)zMa82G!jG49e#1i zD-_20KC@80-7kFh)^YwxzgU`B1b6%NX3N`*910?FLGP+pPnM+65TAFnX5Zqors}E@ zy2ayB9>&;aM+3phC32BC!ye-dGOR0aur_>`L5yRw`0Gf8s+i^7K)H<0J^!8< zABGwRpu4uXYK1kApD40}WeU)p&GfUd{Im0*rD%-7b#U}`|7+~^enz~)13V>de^};W zHd|}0UG{M_$ZKW+*m~wZ2%aCCNJi^P^@K`HH|D*OMUO3Toh8Dp3nL^4oV($p^>s8E zgKH-+0E?UqhsT>P4M^YEJo;h;71~D?2JZGsLvGi`R-RZOFm#(nj`_K*29A-QH&&(A zu++fsW@_h1YR_E?85MW_k&0sp z(zOyNNp^kxGD;__VK`&XP|>We%rkSd=2K0GwXgZd$o(Y!I9>sX8UyZzS|*msDuYkX zhnnEMRUUCf%vB+;w1Om>S5q&i=;tP0DO=Y6jR171f^jQ7=xMgYXwA5`)wuUWzM_yE~MP#g{rC`-6ZN)#4-H; zhqJE?iYwT{j6wng2n-f9KnU*cKDfJv!GgPMAlTsU7Tnz}$l&fSgFAy0Y$tiIwrcms z*6vpIk1O4$&pmyl@44Og+osa4ky30BmZMY=V_HZItTU@?e4l=L_tgFqs`0DQo4VwR z=Ys-DW<|K&tF3KiWPY(=&KQHIn!rfB{~F8B{%_-WeCTxYxUN1c#O!|EXR)p6lb4s+ zX)&y01qX~XC0xTzUZbb)+;E*fl`TUluisqbl7U{nIVscePjYy-eeQX-$U5w_5FxDN z{GLi)Hw$6iNaRP}+T_i$^D_dZMT5gCD{beZZ1+Az3#Y7(M!p$cH2Z<@FpX(>Rov9- zHQ3aBeZ-=k^F^YrXyHppf`H~bkN1ySGM=s*a|*-VuMZ`MR=XIJI#!&;bml1|g|gsJ z_lS4<`F$9h!*v`H$TSpM9iUB9{}SNv?N}pt$$|!l z%T)fna`zRax4qJtm+-Jy@CLlJ9{=w4)z{-8N_AE^|mn&7b1j3ZhP0MqR!8h5y!v;E9+z=9wrGqd-4b|%R~5H^q_wZmR2csf(l z;dwTE(GJb73k3+hhd8u3Z9G`Ntfp~Gyo^w{7(cAYuL8cSZGb3#`59lTxhtlhNw zwLK&>csKop{IkD}sNwasGE&Vt$vW!J(dXc1jMznhPMqlkC8Fg6UNw*6^(z?l3{oU6 z1yYbg%B&Q-}cN)RFldT+zUN%LkjY7%3Gi*c0_3FhN#UBG~`cA5@(j|>U2}#Ii;k(`z zsslf)9~RqMa1>EcT75yNi-f+l4=U2VWHc&FCN-cBs!QW_sEQI6~DZ{|4_w@l`^$FO3OBhyJ_ zS^JOKv@7W*PcOgJfI+nUc0D)GauSn|IL3EP6 z$Bt{~$Z}bl?`~H?KR~*?S6vqIx>e=F^Q8bQ)UgactS;3|-Ak8*X`cn2hE?`>dK8}c z>axKUin%7Frs_Ck`btZ3{LeT?f@VLr{kL*St64FSQ03~=9(=qUdITqT#w!X|ZtS!$ z{PBKU5mgwBq?|Oe%Ze0Kx;G5EjVZQ*D4G`*=y%njznm{!LAh2h;fa=p38znVp4K8eBX#UB(H|9&6_rt`Kx>I`J5`PhmY7kgW}6vC2>)-*VgRdmn~k#H}*@q zx*3Kp>tZi_PPEdB%nxfuZ4x-f7*2>qvL-`I!wF1Cx>0n~r!G_{S z?}+Lzu%_Qs++}o+1HXk4+2F5g-k7qR^StDUPviB+rCz!mRq45C?`30VyqcxLzc!|`9T>%ku2&vC$QV$5 z)X6-m(r4&UrSaTXopmM}!E%EiYW`&xmUBqsLD6&PNspAEcl_B3{$`BjgNE44GezP( zdf5`T*@KO8<;RSPR>U{V9Ud6J$cmT0Uwl^U?iktFX(l6zdgZ_oij2jh<^D&#d8Q=A zvXsT)>Kg@g#u#V<8B_Pn%+ZYitg%f@-v4O>l_?l#0eM=aY;bn|cmxcYTU|U}dg@j- z?d9JL@`UA;iXvS7QmNAUTRshlIwJv5Xc?8Snsh%1HkFwGOfYucC2+as1Y-pfh8OKdC?Wth3&p@L+q&SRn&TDNjb! z_+4I#6HGWRA|)b2t*SDVhlhc5<4!M{Mh#T&u~3+nt81oR*tijjZdcv1z{_x2NoG@v zL>wW;aISMCO@Ol>>TOanRaoq*U~c|7H3G+eC_`>;a+h%`zf5ni7|cLT?OaTqF(@{{ zq|nmd9I2}-m^`%|9Gel+FchoE3{T7Wg7s0Du1DD2i0$(J?Btq2x4gxagKo_ZB7ldy z4!vlT5V5o2j)ZbXH^;$U(?yQ{8-j?bW39a0q6lME<-&OuZvf9WySTNb(a7NB-J@4;MhlU~5?@|aS674EQ)ok{NTiUYG_B31j4u!gd zvo6n=Zcu_u*R@jAr-r{d-G&KPxnV>5VL}d^rx<&nv1H8Z9Q%dg zM91;@hRj!n)VkYy;XC45ZQ$j{F>QfAw*u;Y?-O&>;3*`Zbgp#x4qEfn$!(E#@cWyHqJAm zAy`-!Zw@F;4_37FvJI}YN?0XlscksrwKsJ}ktXa}+RY0rm*D#z+SNsaVSa#vHEqaL z=J;f3In+#14sIsD^$VdQ7q15>9S-XGijtE|CVSFp^*OX^bWqE_oJ{JK#gI~<9xqJ9 zF(iTA+R6k}A^wHWekct8zM($j=v`M!R!7-+F>fGiKUBrefb(BBDY|gse}wKXNTe)` zP`OksCs}zo9AE4u72WbNc!e|&!kel*fD4n*Xt1eIPULHYyBQ_bo%s_QWVKni9dL(q z!r@UiKN~eW8GIM|i-K4K>Z+w#W}w{&sc)a?7BIucXX~iBm3N@iv)T?= zEDS7InE$eQDi4E&x8t7r`&m0E$svj62~dQAJ^SM_KAW~-U8`NT$k4n{t2`(=;WV6; zEGS3Ot*^{zvZUK$0ysq7Q?QEKVdm4Ww9jwbG$;NkGg&!tWSpP|pmH8mfa|Ykfpc%6 zLW{sM(ga51GgITyTrd}8GCWd#Y~xAA*~VT8qbLz=|F(2OgY`V%pA4@r29aeStljPD!wSf{|e9d$T`KjGR`F=$=@V)#B=yFNBYJH}D@n3qf@D__TT=^nN z#{p{%qS%l9nZ>e^R%ZDqaA;oXlB&*;i5fbo5CECV(Z0SRREEKbb#5{K%bX`DBP!Mk z9U=R4?W{0~f^|8*xiY~Zgd{i=&sE%_9CX)}R;KOzp6iinN(kQM#WNw+kR*nHn4`j+cw@I3e9>fea)mk_mM(;W-}JdHAgb*Evx(cuaa-zjh@)C8sP5AGKO-U zo{ht^Q-y#Y`P^;J9!aMn@pRS>3mH+~)v}ezH6W5DC*Z%MZtse8g_pegR>*eq-t!}c zB$GM_cR0sBPC8AKfp$kRmu9e`gJ0`hZ1}5*@GE#Ih5JM&Pe!>BWqZdV<7THO<<~rt z7}Uh9t<@3%-`lkxsj3!APD)487<$T}%A2oOo#0IrU^L%9_3eCSVqfm8xn|RU^K1A^ z-9jdVBTbbUh!G%e?6(z-Y&}^ggkHaP2(TZ7e9 zPs7MI;b|rjy1m~kVmR$AsQMJ^^@z*Xx|S$pWHZ$#K3D)8#Pr{iGY|_C zu}O@bmb!h30R4P)8TiclkEc3Z(ja$R2ZxrX_El2@SYPB1?>8@vg(@pz3W17eA%Q{) zT4R9LyS|RLrUe`DgW0A0e@tb_V^j1eM5bqH=@@oxZMqmaJa}EO-i3kx6xrr*Dyb9l z%9ZKIWK(V&vvGxGD}n{0JY^7>#^oR z8PlENw4#f{WT4ob{{=A)L2%?)U(Rn^#{HWhKG8I2+Rd!AJTI&VQ=S*VKpSkid`?D= zhPY{%lldt;lCHD1?bgmyHYi{%C3n+`+uttMk+maGBNBLja}j*FVq+ddWKA=yX7 zjv|gYG7MhhVb8*RHybNQvh@#g`&naUW0+`=XPoFlZO=DE<;bBOp7+<=P^kXHV_GBy zImIPEQC+ff>nH0iR#}g`1{PxEUUetG;!w7sQw;^GPhkh4TP20&k7U*_zThHPki$H1 z9W(PNiW2|;+Cmma;JTa(vizvBnl>Q?tmR|mYNamQ!y7^-c z&~xDCF@5QxnqQvx?uZh*#}bF9j*^F!GW6ansnmIVzSAJ)d!aH0em8+|O8bP@QZfj@ z`XwJA-4O<*Z_;`aQAndG(<9N&U@fow^HlMXuSu2M8_kfu^g)@~nbiedu7bg|2F1N5*so55^V@%RVg+pIbUEk9>?P~hYlQ##qe$!h z&dQW8Xx{WoY{)#x3O>GMecW(HUAijGY}~n?sP{{VmN}w$kqXlL5#j8t_rgTadq{b| zl*qi=v0dOSJzPG;iNs?BYvkpt|^Z8^H5KJ)?R5t($<e7MOiZ_)x8I{nYRvJxem!|yl;R`q(nSkxD=VeO*Q}-JN1T{dja>_? z@ArA6tfp99ijqF-vW0`nahACyHI@c?EH;$-AM0b3Jhol)zd!jUo=d*P+3^(oAQqz` zGL^D#TV=d5}~@GV58cqr9p(c3}M6Y?;0$_t*j8hG3u*}!|#zPhqbV zI~EEW1Rden+yH&oV6Kdx#Q$_}d}n0r?RDj4MdD`-8|Ir7;Z&jHmei@OcLm2B zI1tB8wZe@}1y8Tv!t$gSi9Yp`XA0<_(2kVG==URrMQR-N&1N%A{WO1#xr9i%5AX}r zjwByqYDiiOmgms8Qa75E4Dr99Yi2^`%;g?_F%{G_l0ob__H!1vHFYB2%)fHo4;|PQ zt0FOdv@mMZIEmaNXS?@7S6QnqAQ+~M3V1rvb3 z;KrZ5GiD%+MP5iEw5IoiVuzNd8b!wT*wNT6y5j}A6~7DQIsYtk!;WJ$@=_cPLU4TS&6=RxPEQDa}AqGPCgWqC}9;VZs_cR*nh4UyJ?FB5zP1YZkJue{Xr&AX7?jNrj&9 zjR;Z$HKkAZ6ja4z?q2`ax%eGYS2r&~5*0Ex;rh36W$8GgdcZB4c)8yfAT=A0Zt^rM z7|&v_uw?2&gTk29no_Ot^59zK&JGc5N>0(5;qwXd$w5XHnS!0o6~IHJV;&KVqgZ+o z-pAjP&wbt`N?T}aeR^b@i-zC^;PEiXj}?ATkDJ+6CUH0|^P%f`d^m*Lm(ASmkXl_- zG0D&ngHA3dDfzG4P#&sH$@YI|AR_Y(Nc0uB=l=0F68qtG^X6b=xR=!epnU1 z_cvp&XB<;8spu%?VP1g5aP~ZLUKCw*_B)f0hL@LC3u!OomKA94JKqo7F`2so<{n-i zl&Umeis%VarxsbCv%c*$HZw^|is({)F;J7ogjP7LP#Rd{KEz}$uNsAV4f9h#}NMf)7D&`T99Yq`Z6I0Ba403rp$lG4~;CjUkmXFysN(#5tKuL7`mX`FbA!O9t(jxwjGH^?h zD^AI5`*(22v^(2KKM!VAmhjx_0&FNAZdVBzA4($R(hmam<@}OU9VN%V?PzASmp$w# z3BOV@oxeofVm1xSdS%>!9{eh6#VQRon47hg{7?3Mw|7VXKku#JImmAPkz|z#;LqV+ z9eVvToiK2Ix25-KPGo1ci}maWKDeUXWh~2A#L-!N{mId}9$AI|`#aN{uoD18el8ro zx}ssNHlD(_MWTmf3m1U$hLPiA`CHNe3Jl3T5n%96M@`@)EpPz?z(-#&} z!+&^kPbzj3?E_F&bxk-fmXgy6*W|}0GCdto%lOjQL%;IsTzPg!dzv%QXLW=Il-1o> zb*@a`5J2>?r)W;F*5Y;VEEI>YLsP@bMtrL<&y|1)K6*p-o17zW(m;y`pV57xo*iop zcgx?091zoI*402c6W^M@giw6R=4{&%6L8MSY7~v4n+$#FT_u@cTS>xK$RfEz?`Xb{ z?9ehc&6Z`5LcqS;#;^p;`*NZ(da zeR52>Y1R|cVW*Dj6(6Y*aOE{BcjL7;Di75RS(TlBH$A{iS@)}9DmPcx8Y(XVBzqn! z&=a-f=QdiXps>X}lKy;kXW>NAL=s}pYw4NKK2?HMOh`K<;lXw6B^0J|C8bGJ<%f%B z_~({7elF$B;)RTJF0a&hCzws}$5fpxc6`}Y6dpd`L9%Y4c&{5W<^_U5oHLjHWoZ=? z#3=n9KkqZC$lbHWwM)Jmo$Ml`>U5 zsP{KvQ|%Et7Wu{k4eL-Eh6n|ulC3x!)B?WB>U-z0y zQ=@Ngh%}YlCzr<(IOgi@>1*s+HDazJGfu;io{R_q0emF9?I`(iw12PB8Eu$;BI1Rk6(cQ5mI zL&y||NevSJteS8rl#$_GVTf0CU_b~bZ@G&8Sa9E|x)}ZN(l}(6UHq5<%9F_gH}xz> z&tFY(&&T!&L@F9fr3|Cze*$OY9W%YD@vAt|O`$A*S50it(Gw~AQ(>4CY^lXztJ{A4 zgbub4zACVji91?A!m~40e#1PwB~?J=4`tU(bj^;68)EoYg4JB<QMdcc}~E``{c_4QPtGD zuwBt_7%fXCKW!Oz*iI)_j~R{M%zn3HTY|5+r_3k_BO#%c9ryp?J;F2xDnZCP&JF7) z+2989N%4$`BgO}@`+f{V{q}{qtTd<5kaA3>^Bozp;?aAQvx9n3*y6niWd<_OqHw4( z2!w?fuic6Za3P11_%?kl<7J#E8xOF;5Bo&;79xcxP7MxMWJDa8!i@WwA5XV&^d;U< znt5t}Tw?wsnW4ZSbq4Z&$$6+4ljQ*OZJP$%;|16u&mM)ost@J(bt{vLaTms$$Iz4Q znk}je%)S-YI{jwBlSs;Tg$ijor&k!x`0zvT;K+6$Oux@ryUnsmXBD~M;&tHhHe+b} zzLhLUI?!qZwWQmnLtK^mJ&t9p)Q2%eDF7OEYgoMylX62wVQbEhA3rDuMsat~*AL%d zs(CgvZ#f5j!xdmRa<2S3lFnZ|*DT06m-Y#4`U*8+t3jWWC{Zm-!TpSg0h}?ZqHgq2Yn_mJ8pu_9!XU#Fco4jl%r6B(SJn{Ay$>3*3x( z=Y=LJkm_;%J!yWsY>*mcL|}$BmX|6Pt z{I`!BQ+S6Xl;YjL2CZI+iEUH9e^LTgsR_PZz|U%=;oz#X4=#{pvUQ5!c9U03^CNQ7 zwye(2;hD!QVr5>&(!nv+Xv9$xfr(~$a1lkeNJs&zCeKxfflMNSi60M^R!jgju||SoJ{>XeR-;ogK4!jU#O4ThXn@B&c=iEA~g; zsyZrgM@YdZz3hRuAF90Dy=MoNWju-lEI-YT{|W*PlCXV*m?nE&{d;+}vd;2k>Dt?2 z;nTJ6_ySxkT~DdiSjd3arUz!MawH4>4xFFD-E}!t2UJaI!2;I4(2z5i1pmR7Uw*GM zDkZj@kyN+{7&wNT+&}v>lz4Zj4VHW))CIT+OUScZFcg zEVgUP3Tf&J4Gb@LZNjx7L-pC`bL4QJvxYIdXXR!eZKE?yM5V7e3sPPYLE^p(1GoF@YMcGSpX%^#OKPh^M`hpI)3R z;JDV)>d-YZF{_n9MF=6E@7@D$P+Nx3!5x!#1`(j$Fw$7!kKRc0xXPKD8Z{1AXJ@ue zRN%1z-?l9-G4@KZJmtY3Q6~j`s^gVOj&fKmA=qV`@7H`afe9W5z6eQ$9!599J?&#} zA40za#H+kOkOgaSgjt!h9XYDh*u!511q>@Z;!M;F0-e$37nd1)&Ev}+$8IWcXEwv4 z+}-RsFC=~csTDW!fC?gD=8R5rc5k?B^&mk7U(MM*7GLCDj+-)|zT^dXOHg3VaYkSj z;&{#50Ho~wU9Z@3Xt!V$0+$>nI8P;;0isjTGZt6|WFqR3-KJsQ6pvVlL;%B76xvg| zkEl`Q>(m(TY7aj(SGxJr0D)pm?7YyNFAA0seoPV{WQv&Z)hm~JYX@Q9Y7h`sUXR9l z`uI&+)hRZ!RHlWhg@rY#qCEfUYs#kfR`&i0qF}!hlof_uMs%e&ntt-j${4Ho(es0; z#P>ti&F003X<%nds;pwG;NqH(8`R_~Ukx_254j@zoYdCn(b%4K{X5qCdi&`Bm8V?< zR^BQPVBtGqhSJ9l14gUcHfUL*Vx^sD>R4<7TLocJG0O3^g>*bvg!Osxjw;Y02>@|n zbot=>@6$cQ5x>8RR>ecA%Xb|ntF7Fm)1mI)qEL_;!YtLECPk}ehbKQJEo7pOSZeFm zd7D}QD%vs?X!Dv2o_u@7DHGm*^^y~pm%i^eUZ-}W+EAY0inPf{!C|+t-QFvtg#SjB znvxyZiA#Qbu{mB_ZMUJYyHM3T$TOy9CcoVej%I2An?0FnU*$i%gLvV&m1p6O--9Fp z@?-qp&8Sr?+eEi(v_e62ALnXnqE$=T-couqVd_&SGikE$08R&6#Hx&qkGy_Ysp+^p z9}~Nkx?KEC zyZ=ILtspgrlPu%tY-7J`5x&?EFMmvr6D%(aSd-9NlXIb5jduwL-SRjb)gCsFtaoJP zT7A9nQQPa6z;^ueHldhL@G1rftxs0FM4NJY_uGy%bMc@SIh$bG0O0SvGr-uEf^TmZ z`SWB4jnjPEGc1=d25-vjns0%P=9horQD;&50n00psr$I4StRu*62l!SmQ?~;D;HF} ztU*;_kwf$vjoLTjCJz(B{L362Sg>kb!ySsnqv)8fp$bEL>C3OZH_7g(HldoY1b`59LJZ*x@WHwl5^oIEojW zpyQN#{(vY<$&_7#+umC9^&+E=pB=?umPPy`QH0BznGPX9L2Qt8FuO# zzu*e?NyI+U20!aV*0gyR@Y21!Ypc~aR4$cfyxQ6M)2B;TdCbjBeV&hds@f3MV==dy zY#0e$tfpOJY$zpHa^mIjr}TEHpOIqM*0!2%Oa449uDU!BsoWjbxH!2P`}mmdqcU8% z-!4rI+z#G8oGS7}-q^IWaj1PsEc0gY=sbA-W63*D<^Fq1-T)e;qFtKF`#s^=;_4a} zkwc=?1k#(A&!A(S4}G z!g&dkL&MyeB4eZWrtYTXnUfTvQpIBT-rRcHE%G6*Jl&jt!VuQIyye!EW279m2&(pd z=>0Ls(4TqRa;d+k84aRJfOeGKCcGU(b6(5+y5Ul@l55iLVKW+$5mxqnjJWW@?}ZXA zCOCuhCJK6Qe!8(Gb2N5$D0LFvuu#2G<7lUmr@2|i zT4ZxAjjG})^nz-q{l4}O)Y8R6Ky$Lq$6m?m^H^`t@s%mCgho0KvAB%{4iEJgAqtMn z121rFslTP_-!)%=^nXt|-u^|Uf)_Z(6ubz6U&6~@Y$3?5CCe8>w4yP}gDwBSw2z24da4&Vo00FH$Yy^NfEP?JyblbzNR zQUNShtK}{HI=(iK*IX5Bzg9h1d-+BV&ZL+>)Vc0Wkg`Au)8n#JGn`lY399guTfo&c z(Tz!)RIBqL;&IDW?#v>wfc?BV;mGZ;8a0a{G<-quuA{8771cEeSLpDtGvB(c<>Cs0Pg9*0-MW|3 zsmrTLN+uZiwRtn3hExb}rN|esN>|hP(yu&c=!8Qr2OK%Y$-lj$>oER%wxU5_*Rx?a2Qq@q?mjGVw;ZL;UUt{x z*O#MTF{fcyLv0IGPZ)0w@%v!Oo0sP~@&agManu!G$VvP_*Xx<335 zo-Uf;m$|O|y6V!_=bEl1;q?^P8T@nvf;f4%N1VF7PPl|zcyx!{5=svT4(?l;{1C*2 z*Bmat#&Bwa(mUcnFQ_tru;v}J?)Azp*pSqha$W55C2A=<^jbY4?+}FAvd%r{Cbrx4 z?Y^1FR3Y>uG-U$a8%JAopGr0*H@i0D8Gnp#VUQIG!1BOLHYw~@^$#vQQqMA`nd7nPNIr1M2+UN?V;DhS75}*Aj zX4pX*GA-Q1#yJYm zyrKw+rD`9{PfiptrHUy320lXNxW~=Eef$o1xP5qV%DJXpLCUSKqJo5_dP0A#7?@txV8xdU#fr#6%{ckWdfBr6WuEmLelvOGAwHb+>x3SVNmYJeUiLJ#RTWC@Y_#8FA)Uoh*ap&~hl@-5?0#S_~jBvo6%Mu-nWu$RO#EaUe$sV__eic?b?zmBxARN4T8hVIkTNy zm)|1`2tGH@%^3VI;TZlT|3WlX!oRTnKTrR!gZ6XZsux{B@!J=;Cd}4Dob!f4VunJ1 z`!JjVF_X2sCmTl%iVNzAI|unc09*pPJ(rD{?}0U4hA-i?Tuhtru8(Pn(BQO+ zIP3|40>q^){=mduo@Ne8pYOb0Mlv;dHwnAvVKnzLJ>ESm?_T6`IvtnM?<{rq-qU>b zW9RFbQ9+qwkl9&iTjeEwIG=U>(@atB?q&m{ADzcF1@$6~QNDLL*X+ z6O}B}kUY(q>EOU~X%y+>NZUFchTtm;btE%v3vXg#qlCJ~o=5Xfr z4a8k)6HXGLh)m1077z>Nw90Sx0x%iOXTtCvA2#XL4;kw4YG&E&XAwMVK&yPc6$XeC z(}OF7xjh}Upewx^(soe2f%Y2Ci=%4-O*C_y>H<`_(N#WZ&f3Kqt4oaFD#fH?J^aa$ z5kLIcC@BfLc~nFbXYsl^FBHo z+og7=ruvnZd176|OLFj=gZ zWUK;J0k(zHl(9TIeS0K_iMhk+>JFZID zS?~3~t`6)@6NuE^ktGoM0DnTlUZJ`S7w~?8MtO;IkE(r6Z5jBMmYXuQX?8GYqHs&z z7+<TV-x>}5Nmj^$b7qeS*RB+R0I+)YI`pdxnLtQM z^}(Ug)Rgyj`f@Mr-e^AmLXnM-m=Z6l^`z35M;a3+^wuhW_;ZSYU-|-`NzVazkRAYs zztvoIII^lJkH)qWvYrMn;(lmeWA13%=V2Ae9PQZq4FIqJE|~?vzkFY98EAu8s%ICh z8`#`LtJPbt_Ya$>qpO3rzlpgJ@RR?cg^ZeEH5W^LdRz$X$o`K|xh#?4GwuVYE+F~t z^r}IH>&3SKx58OlVX}FHY~C;&gSYurTk;kLRPWYSOO(w<9d`UG2jai z)~<_dWr9q(foIa1MO{K^yIYquP6#60J}zT<%=+Yo>@2thAm?+Rp0L^I8k7-j2S{f{ z)3!g)w1q!={EYwkVfug_bXc|Rm29>_tW-v*RW`d72d&u;j*AF=3Ov*Rla;iDd~LUM zfJ(y+ld4*A7xsN**sGT&y@OB#yK(7ofTsEB25eDQww#q#g?xTi*gRG8B~K$gI%mS{ zw%|5OAdNMHfFnOqPXJ;%70pw56WX*G;3-u_VXfd%m-cP{j_ciD$IuW?Ap51A{iuKw z|C1g*WUPJ$hT7r1SxHwmADL-ofyHNjSX;r#pYCKdtN_k5G+jCuuj>+s;oQ76`^y&# zvd>$IwAU=0+=JZlu0=)gPt{ZM{MajM9=r7fr2qoJV>1=$z}@zcBgzxYj$*MS%w=5@}k35X{6t3@Sa`8oTtO;mpvm8kR( zF#GEvSZ!0h;NJb*`GN{jRad3IeGE-iH)yDEyq}9>pV}As%w1Ypv!CF^2^5H!}Ud1-Rex?vtl{P+cq}GjIEd=f#raetcB8 z@jLd}1!fZ1#9i*V1SK+rbK2XS#TUn|z!`Jim_ zoi|>SEe>Gb$xv^f`(uW&iS$(@XR@_<9nYc_OS4g;{-x#Y%)4E|+wI#X;F;XmfA~N0IbUY-#RPtnCh;%c~xZj3*;l2$7Dxw|#7K)fDb&=E) z2+*yFD7h*FZOC0j9U3|DHDPb@qfHX%EAeI;mJum}wwbIQhb#4SG$3>3vl5Dur}E+Y zX4RTgjCEzOPhsuK%TOOih~7)$aGHDoFM@hGmH>hSfAB}@bI@AbB{jpycA7pzexv=} z+Q-f*$9mDzu-jz7oWO0-_l``E*LwS_4kwXAK4sdBnX3=VwE7t0P!`)%cvsolNUO5& zL4Vd-Izu!PFaw(Rwf%~|eY)*aqVt)4$G;O9R6#>Y6Pj^=Zs z1g;CRIu$PVE7@gh8dVGL!o;yPHB1)}a3rHn?bkPVrx~s3$F>z?iy3pPlFm^Z4-@M$ z``ZhcC6kpQ1;?vTfjZSkpjFnn`qp9+oR*~Hq?ww&-^gp3#Z3nv*1S=+1l-(H7PXGb zNK!jbIAQ1l84Hz%y6*>kY)iLi zjz4AAb<@qbNf((l5?ETp=$4XR&$((#>plWPKK4?k@#VFK=Ju2^gl{8fXk|?eYbd^P zCRr$l<(}oIg=!zxH5Ww$$gLaN7T5MXl;wk&(kxL z{gCXc6meE&Ssl%|dJYn>Ouv=eC$dCiKW?s>7`B~HXi`)6n323eV5L%+ouIUiLS3_D zxiQksWJh9?R#DJsmwZAs3CERq|XtD{Th?4wvkt59%+QqST6n z*mjHQ|l6Y8c8gH|1r4&=g8L~-)Zhv_K$_H=v$YMq8 zDinNZotgW|PgfLl&K-0+P_CJGNeUJ)Uc_Qxy!&zGppb@t^d~DxnVcuWUL=W^jua8! zQN*suh9_B}bUUF!M{y+x`eDGWEPFml@)#ZGV90fMUTkwdo1KR(tui(BB=LYS$1E^h zm{&042ZSVv&@(_G>|1_T zb-S>6#c@ zM&nS9GUB(C9DWkTV&y>z%ivqmL&x>t1Af4vdncM7$bn)o+ca#jrwX}-@@T#E#YFGD zQlH%`!$dIc5Q@X%x=GfzP$4Vlw=8&mpuTD0DJdZ8KZ&gVfToj41c4Hg&ncw_WoWUG zt9UpoP!d~I;{ZCcZWC)| z=;Cj15oaf-NZhaxOB9Z1&KYxaS{Q%!nB$5wpAk4WB%?&D=@Y3{-}T8`3p3Hah8o%~ z^#`!Oi3hcE>lu^8YU;|AeehIhMe}G}Tw6U83Baqr8T$T$K2sXIqHiWixFK3y8IEfNy=t9vF!KHF!Y9t@o`~XymaCh)H%6*;xgqY`gOw1fT5OJzb<5pb ze<5V2=tYZ(Ixi!ODpqYs_1R=p2-Vp;m2potIt7)ooIGLW=QxAnyMee0H5C#|J6hY$ znOL%7IPRAGFTF5Rat!cDvgwy3WGVh{PYF^nKI5zaD}teYVEe)e9g70&n)ix+~>-i&@v-O=fc{ zxS0YKwM_W9i&B0ud{Us*2(xVPlXk1{8CG=Q1hqAjl&JnBRzuS?StYO4uNAs08F&6J zQpKl3npjymue+eGukhdp)t~&7@IJNOOg*k5kCVSND`O&`_WDvaxe6j{6&Wv|PRV=| zKtmshtCEFa0Y2?)q)U{J=0#&N+Yz=C_xK;Zy#-X%Py08FA|hS8AW|YBEG;Q1AfR;Y z(jna}i*za>xFAS(cXvsNu!NL!*CHUz(#^a0yYKt|f6sZ|bKWP;!`Z{0o$q&MuDRx# zxh6jInXwpgyJ03{Td+wOizAdRTXjN)`Qg<^Gj79;O!}VRg5~%h^6XxV#8%iko^R)T zUo;^2{&j?yA6H1diFU;}ua*eT_ROKYOOUPLrA$?}Y6tk0L%FsXr2DbR1WQs1CHr`B}82K z>Z$2l@OTc$JE76S8o4eFdhNMPG`oFR=+S}DXz)21yDija+HjaUkq*AIY{U9lY~S3- z=WoBJpl7c=cNq5ep$r13>v`6DSaPX1bSJIedGFT}8_C4*#hb zrp@yQBepMfPN)HLox6FMaJ0f0G>w`E2$fs!|4Kl?prY{u=LOqY(#|y5P{?HcZ$>+r|HQRcpEx0`#4qtJVbA{@AK> z&l6ZgeK4Kg1m>t6JXOrJ#UFG-I}DZbr`2v((Lb3l6&wbwMq ziTXuFVbE=Bi@|sT#JAsUR8+52pUjb;E;8=CLcO&&0sv-tS@qe@-{cwa75zEiepRV? z#n(e%LMG5){K+zgku%orVf*&r6SxK;BD|2GhSkR=d!5g@aP;>+3E;h?FklN(QOd%} z`zF*IgL_DkMR^=!u5^ji)AnBOg-xgUbS2{jPai&v>ur1ZjF0NJ70IZAf{$x^d27ZQ z7NV_K21xrPcw*L{h$z!NCv$42_#IH?y6Yiei$?f zx^1_&Uz=?jpp;k00G)&`Q=a$;gMbxdgD+V^y%Cf_Qe+ky$Ul89d`brp(JlE<^#rHxUj;4uNTK+2zWO%j=1y#?^dMw3?ki#q2}+E2xKk>53qU_Be;C`opz0h?LyD-JV?s{^_7nMfQTHtW zi*!lYuQq+tYXE7<_igVN0m$f?d+owS`E}Omiih`MCJ6g$u2+@((K8K()8B@xLcLVy zG~WJs@aZj}Qo=ParJs1WOdMul#p_N1r_rFY(GdP4Mw8!OuAJP__R%ERq?T`=4Q|H# z;+MJfhpktYJDPs=Y^_68Cd(hp7xJZD{j}_?U{3>GnvhxDtr!2e_BiEyjl}yc87o4; zK87sf=NUr#bO7a5jUO-03oe+>rXDnUJP_o(*c@}<&U0H@ym<(p1ogaX-G8BKy>KIy z4)hx2g-plYBt8^v+5LcwrZ^KOQkeAQl^vp@!90}H)oAMyCuelJCh=mSijzq!M`LPfgYa5am32aa_&l^?HT7&qi1}^CrbbCKLOUY zl+AdEvO?<=mAgv4+N^o$Od>-^IE`-LniK03+K2A7U*;N;SW!ARoBxc%1{9zxkj%yCOK zd&E0oLs9S3nt{Yy%tk2|!7r6bbt*6CEHfK216~z`*h||gLP~N2r6dw3;jKXuEn}1$zj&hm&nub5j`fJsI=EM`Yv?vh3DBb$zsP@iAZOhPapn(OMjq zm;JicG;3#ebXH+3BVnZ=!*ju@$s+5C^2r31K)Sz)7c&87Iw;d&79qyM`9%FnTgwvL zMS-1zo0>OJUs8YRjX;1~<`jP|fq4PjId`;DfKjSIZ~@$c&bD~1Q)dM~&7`LsjFy(}pyDIujd zzJDr{luF@j1Dl(Ms8x-+Qq~CwOi-v4X~QAD5k{xj`*Lw+q5>W#2MB>na2zmG>~$48 z7X-_#ig^g7MXU;k)!p=3CB?~A5zS{5A%C{YKs6Y%r|?jj7D6qYahRoPt!ZMHNd=sd zVO@e-B@+_ICE5dX4SV7dN1*2(B8rA?(xYspLl(nqaVwa;!e31IaSCM-b@(8p2yCCK z`q^=*ySVorLF>=%-e{ttDb3MB!^-9+{$o-yjpPyH0E2H45MO7K*5U{^ADW?M8Mz>Q z((zDDTbSE?9B6wZTR(%zRZvE)w3wv6Osz6K>bE4;qP&|^<8Y~;L5fD@8;hn$T8FQ} zlsVnXzb$f{C}+Ndy)+~SaniJ4tLhrAdov8WL47+XHTY3P# z@*4rEynh2t$)Nj24^k=!Y0sDfHsX|^1E|6I5Fx-q(#M?pmiTaL?NY#c;5 zSC~b#`qba%LxVuFO!-+?s_22P$mWySEc-^Jh}y%8-8ioFy6h2+(P{4Y2}WSLV`DAf$Nv zO{mzU9yGyUT~`#Jd84OvJN`R$$pfgxRhvm?-`6MY<8onXHT%iuXc&am%3e4%RB3wp z4PIqF;hev%1=$uXF7`sit4!DB)i#LQ7w3^%B1AN=ph~vxtXv%El20dyoWfrZ;#rf+ zrmUKbsA1y)>7t`SC#NnzhEA*H7D8lgLg`TfRIsm=4D(lDPc$BNnPz2U^qR-!bokhq^`MO14qf2vi-MxF*OY%~qgu-e`so>x3pT>{B=Su3l=8vbV@Ej+yQy=o zsn7UEznNqF9P=r4X?ApQXLGxMma$F_S@bJ|tyY^zF!39zDq;*Sx-S_}Sb|d$Y?l{A z`g;mh_FnL%B@1Croje#SZtyIu{gQHQ!Yo1byl7NJ+IGZ*{KrKO{F-`kELF}R@r&Z0 zDP7>@e_GFm5G-pvT^&|SKHf09otGD`WE*nj0sR1%plbT~`ANwo_p+|f$mE1=n~FRS zHI$a2R-nxiGFKbz+~V_P)uLlrQ4Zb!J5hja(Us_}Y3_^0yZN=;K2v!auKPI!;iPAy zd<=?HaC}nqvWrW&!C1v}d7qo#Pj1qpS`{_0qdre|F?7N+ZQ3}dND1)ptf0@_?E4-l zRpHl7)L*e!F*cr9V5(fMURgae0oGuWb47ox+U{?PcZ@fFkvqXDW&h!JzG3*O{wMZL zm;7`u`Xq$|h4lON@klxBYS+Sok%j}pneSgDEHt7XCKkC!B-_Y$Vfy4tHE(6Tao#j6 z5NjNcji0h@a!zRX+PMC>+V>0pU5QfNJef1Zo8|YpNi(={Ou%VP5=}ebTKan#>=HM` zJrv}sHvUp$UZKMxr&oydfD`wNo8Jp(zII(3MMvNAH2*}{ zrF#auxhx(;TSJ}Jd8Wbz7rY>XUrhXEimT6iE+_VcXLo+~9yTwpZs-d@n7d||mVf-Y zk^8xHDh_=#lk4qVZ9gd&E-3V;E*hzC$2{~$ zOUl*{Sd*h?`DWTY8@@sP9nb=6mQ8NqmHNK=IH;e1-VSgPdW4Rv=m%Xd(U*^QiIM6(1dT zCka}4cN8jUeczEIqu;-i^nWR0x^e3rsnG|x-&@4t$`u8GBJ>)1xDI;jdY1w4_7J4} z`T&M#!6msB0J;T++*JfR)Act&kF);f>8FG+uCV$ie?JvO8`)oJ+X~@YvoenC0)n&7 zvDbT3c9V93hqnv-hv^b|l05fHUK%!=FZL%7rc_uQa^8;5rlxR^=OkCZt)m9kFOK8` z|LS2;8ZrO5=cTC4=Pw7P?Z|=_?FGZn-Vcw}Lk61Wc5(}Iym|zY22EVDL4-l>%7;cw zp^mLXeqWt!qrFGpJ_gojG2Xtby0f8zGpd3HHa@axg?UEL_xa6#?Dc?q{e~X#rw%#w zyU)#md#1)S`c9zkN0WN=w{JFM_8kdb;9Hn~~nxBKT??GS`Q7(foy3D(v9i znlE#Yl}PMnSkbH|;#qi_XC$#n(H!N_$gaXob`-qYNP^?CO1hake_G;Vobi1GQPvo9 zB%PSf>Bv#eq>uH7b9XCuY+juc|{YP3*) zmTyp?`+O}c3%Tyy{8Gblq=$~e^7A|-s(+w~Cv}<^ZHz zI(VO++1Q;caE5KKSa#gL7)fz#ow64bp;a8PEe2HiEm5^+nHjgEXAq^wuT{(y9TM}M zmwDXrnOLR)yAr$S-^%xc0p+CFch-@Q3Af{IH)Q-~i`;GO5`FxLvoZy`)8Mfm)4%9X zHcnkL;w=|3zF6Pd&`)d>Cbv;M|$(`xd0gp}W=vFYfh@C(zPMz~y(i(I(JM zsodRoI`BFAy|TY%jR^|h4r4oBs^fY+D_$_r{0BN&g3AjznWz|z-VK;7OBXL?y+kW{D5r%<=AH#&|Ay#SLRzK~XlrpYP`pUe}| z)7tW`Lrl8mxVywJ!&jj@TfxyLwWYt-PL5r)LoVq2RHN^JPQl8kITj^9fS>rZLOl5g z@t0nWPo2dL(~%~Sjq(8K-W${=XGf8q8r!0I+u6-9_zpnXq(M!-c}7AccWbjAoiSQ{ zGOTtfobp`UN6a@BxozjRcl77CbxnL(&RJ#xWvT())z|X*+N!=0nCMY!8;k2X@rw7t zL9Zf)dh-`n-%@okFEI(5Dkrr)vmKdMwmg{9=B;o1s7-Cv)sF6-UB&t#I?uD}9QShu zvWV~ltc>b$cCBt(H0sgU!p{cret`~+*?EKdl;NJMQYuD1(*0?jJi1@>uL~~cT+{@NhhUSogTdh{>m8Z8W3 zH1r3pojXtydRrO&xdUPI{BJ(^FZlMq(A@u@iTgR#$};$LTa2C@eraRJsC$O^BAb2k z+_h@IkE8tO>axi0euF;eo|pf<3If(N{+&&gZL{Ue@;bX#E=0%lwWz!Qy{Cvg34DQ&v0)OYY)K)+<`IwHz8<|hqbe1^cVvw;_%o(3>( ze3>bgM5P*Tt?x`bj5M{iEh=qRm&aF^OEeirY59z_h_p1a)Y*aMc6KGrcdQKdxGdc2 z;>UcCRGxbw?8nvGARzS=`(Fv7&O~cei~(wGK6(RmvvvVB?yBPsx6ITwdvWs1V!zc3 z!KZVW??%-{ZKqb8AFDh~@4Of%T6w46lI&B;G&((bV@3Y+pro>XU>p2iq$$+FckR3Y z4=>BaAsgD2<`fPE(EAfhKRYhDafyne#R{so+nwE_`_5nP zhp*FOP$eKy4Ix$y*FtoBL+h-*;ez0(e2;?*dPZ0#-I=;iJ^|%{pNzU5J zCXfJ-h@xtFgEGFU%J61DtH&MQLBDRQR;A{u=pCEOp#T$wbEuS?^6m{L>yTq-PF_!F zJT@#3^NmDKTMVHVh%5!E&As}Hgj0gu9t&EzM&(en9VfIrX5q*enxi(7)*sKG4*iUB z*GHkXK&C;RT(qzNc5!FK|3g$I_{e=UVYA6uak61ac^Bpj-8yV z1g{A@f^S(eUV!ajj9tX}pNTD;YQ))p<64@MNC-y^3De za7%wVl-QDE*(s>ia!ywsmNHzMj)3LSMR-TRR~9{6TANCK5sf`fnaEh+YbZ2I1TFO5kZ1=d%2H45U9XXEFlDYE6kIJZ*`hN0ha3t z(#3m4lG>Ild}VcN3)ZX9p;qeaX9zbGl}NROlIbW>l*yh4e5ji4OXY6N`lL{h#-H(A zK*UPv{1t5uIz?re=8T~tOhN)jj5jU+%+Z&O$1VO%tB z01KIgD>&fKoFm@2mCNnDMH!=%9p?rd&+%QonSS9#e{W?zOiw`f5VL7WN2QTL@2h8s z~d%hwu6{^tmQR3JA0`s0AK( zkBe|Zp-}XV7TDO9JZ;McXmt2#o;ztPorP5XN^WQ(66b)MZi^?;=oN51nt!WJ9@e=2 z8TrWda8*-!-Ey?5CfDcJS;w5jE2UwWTS z?}caFaOgTBR_Qo)*h@py2z6oAoKOeRCkJx9mq%}n^{sGEUX%ii1WF|dzJJO;d!YhT zZxZvqnQ2w50vNI93Q?MM7idi%%Qn^P)OJTtX1lPKvFDz#7;zRaK)Y0oiy~ICXkY=? z+Q;2jrX*B4Ny*(Xmr~d59YitUdG1Ocdi*T_Lin+z6fPLFpiH=@RVX@YjUxaZ*6yqD9ymx6R%uqa=j6^d_euzjxW;{d8 zrXZDTXOg=n^)Rj++Ex~?FAQ_Rn{QDkc@63`iq~Zr-b;X?Z5R1iux33U;?{W2E=^tQ z00YkYR%)6U2n;ID(Bgjbz@<#XrI50(sE|^i+UuCS9ON}|db`-HENt}31mhTYIpqtp zbN*XD$20!aoV=}s#~APCA^KH(15(9U5LE0gw>k#KgdrlgYC;knP^qMfk5PdGs^h~h zB?lv~{E>`;~GZf^3giJ#pEI5wHvhrbgQPj?&Gj6SJUGUL#>d94GX3#BUSd)JK65R9q0q}g zg7NM>m|C{8$;aL;vga`nnhNh$F|2pj%(UYB=oA$x7127u)bGCGH`~2q#WkmYd?0ML9F5uWNk0zAY4jtKgPr7_ z%NxTffzPYmnSFO&4joKoZP5JSg=It2d*4mgs#pJxe}qvX2_ioPk)stMH-|^h9P#nw z=zH8k%t84Wfat)_sBt8$lpFD8cTTBDC=n5NyLjO>6m-UUi~l=3lI}vD!YIeQmkV7Q zG6=PbDtaQG@@jK`N|>PL6x3NbBSw;y9%n+TOy>2ewBSM9+_ab?I+ayT9HE}Mqu3{p z&OjvO&#QmOp{0lfDf`3KV0KFN>qGRxGu7j}6!eDb>Tf)h{pW)tOIB^WyK3NMI)*F1 z>X|y#Sj-}RmY!ip6MI zAtACA>*Kdro}^dclC1sg7`QGKpKvZc-0J{lV3` zi7rQCqFVw&9W^5VaYqeROI*Ip8Obl{!^>|l7YnmrwFh2uY6{M(S1-h-FNe2Fk&Ou| zs$!zAv)VzkqTXnFCpOx#HNPla_h=Fzk($@JAOKPg-6-X_Z7oZ(5!^C6stnc#Uh;xP z^`2pTXD$}<6(7|*&6Gvxl^~tA7kB&397Th!0oy1pjwn~>bnhH}I=?gv50|+y+Z%(% z9~BcDUKHHvk6`K9$mu(k>mVEsMvyq@7JY~t21N~ra7q6BdYnmYaC`o?*CBQlt)sIS zCPD1bg#SbconONQLaX6J9aKh|%)B!SEd=HRe;Vnf9!)Cg5&A5BYuYr)t0b0+&aBv? zmEj#Mi~J`lTH`v1j(r$0flKW0q4A27Fd~sSx^jJUe;Gga!#>)tv-1l+s%XiVa6cUN zJQE7Z+mh?8jqhlu0;RE`O}ZMA(iVfhDXkjb!fJNfKQS~eO-e&Dz!J>b?4lc;#ybO) z66%$H08;Kfcoyj1ytSwjNZj$X@N%Z2KB0H?a#m=QR|?r#<)@g=kQHF;C#<(+Um>dG7ZmftREycA6b8=5KyNAY~H? zqdB_3_($=hw8V4Nb7|&W=E?(A5)FRJR}s6h~1W{EH1|Pi{hyf>Ka{DpwR{)0~W@+ zYl!}YuvKjasB9w;o%~k0iNYxR-ShaL7sM2p7$uEx4m~z1tJ(q(=k&MTFr6kWjEXu? znXb9gdwj6IKCrI=?H|N(b^=(?>s&n`&hfHs`VMr$1`s?Y6J?=!8*7(lGQ0OsM@JFMIZ#;*sGv(}~$=&2im<4Cq1!Dk8E~24<>WC|D zXkval^>mWaH=V>5z2sqqi+_jm7T+yJs9-*I53Ktd6sJ z)79<>x={kuid^hXC_H|73g2qpAg}rAUD7(8_RJe{K6afv50ToYmJ#fbEA|38s+N7x zaFsI5dm>H@H^>ECWi#)rky@4h{}VM2pmwYDFkF# zz*RtgV+RZ#s3ZUx=E!z9pwedIeKK4|%h^R6=*H@QCFV^j18?<;&Tc>N`1R~a5I+SO zDkIhfqk^OHDfS{pm~}@aVkk1aeRM9^f$8`U1FC1^ET`915vULi5Um&NJ=A@?ZC}6n zjB@?~>c{ruGW}aaraz5pXX}OTm90zl`(OB9z|add?xD5fvu560q{ygf)sNxF z-bc-Hh_+-d2+HyZ3w%WqH6pR(M*8xFrnM@Vy68+|c_zu-(j z!&BwgUyQS-@fULa)Nkl(5=CiKEf#UMeo4$Pzu}UTVJ-siR5iIg*V$QBd;jeTez8N6 zTby}+u1axVShnWoKm(k>K1Xl4J9L>}d3<;4bB|3Kmm-~6E7uuENm6mqY5AJ4ewGu2 zW{N?ig>9@!*QFJepVYB9L&v{9Nziv{zo%p`tO0#CJPe=>E2O7cU5 zAa9S}^GJA`mleY<9ujJ-C%6|tWm&5epWg(5fErn(VUGQ_wVX#SG+WM+8A3c>P5nGT zrxFr^%!`>!ctB9Y+ET~XgBfgW@kfaqq^Pid{bq3^p9TM6Y@l9NtL&%4npmLCeCwOYXk*pzR?>fUJ~XYN}i z6mLx-W4jsp=Gd2CP|iV}rdS-mapA7Xyo!MqGdy}IRZy7vJ1kI~w2{&2UPq6vx>#J| zw2g75KYfqtj-T(1!qBDlKgzI)5s<Y{^NFsE4F#~|cZoUjDb z%AO(J(aQw} zI8^6USB8cMQK_WAU%xKu%M)Jlp-_#4vv6|yuGtO963E!|yaVX18tD8CotRM*!+HZO z!sZAw6~xIN@s%mfqx&@ze4RkZ#yRyy@^TR8~lu-L=eK4=ei=VlNGgx(VI`)yPMSOS=bkFli*&K9adjUBcO?2N^!UJ<^$``e z2!nhp#jU~~+eW$kWaI0DG{{s6JKla4DZuCz0X3qTD-fCkRQ`Wyi4)1xz|40cfaHd`Z4wzT%KJ*tAl2v}SuET}?4@zIiSJ8hJW( zaPH>TIn$d*9HVoIaD;{~i<_xs(S6d;U5LzW7Ofrpv}MSdHTdX(_{^&_Y(U3pc5Dy$ z`mRw-`OESMem+jap${){{~Uncr^;Su0)kd(x_mM_e&M z^sQdCdG*;0ktL;7WH9x-8)?@+{<0Otp~4p9a=Cb+>Ph`LsI~0DN0V&a0F&*f zjC@l_88U;iYhUJX3Ny#f9kuLFfT9bUw#TnjHe#hJ?ZsYK=jd#rn@75K(xv3wwN9Zo zkj2+z`e1QrNW#_R`MFlm;_dOObSM1kYGt_(da}4e8Dj~UW!e2E)KTUv z@ksupH(Vx;Dc@IeAJvhsTneO!KqkHOn zK;va@+5$TZ!WHPjJ;z%v>PW+a{^AdMv@wV(agqSxbm^ZOI!UZJrNAyeEQpb%I$vmi z#^b=p@Iepzk6>iV!7z)1j8mLzalYN_2C~@cGezTqDH{4!4Hs^4gxtAg-gE60cFbiN zDLQ+;Fb;m+thmHLNJQUs@nrb+Oyp@ycuxS5V7IBi+k*Om|&*gAZDZIsnH#q{^AlmMgm#ujo`7 zkAVfZ6i()pxBCcI4@ZhHHPGwM)dq^F?L`mo3OdVaR#-Hjq>87wjI ziJoJP)4J@g5!7&NH+!c3%ve~d%4Kj;OSzaYV?Cy?26HaiuG3~WWXteD1-O3pOU0+! zzASyG>N4I7d26H(Xv+;$2j~%+1b>R#``zT>V%i}h|BtOd2Q@6j;kva24dVdFwkr7) zl3ctIGO+#X1DY9krE(?$T2l`)o?+2i10s${_cA-l-!SE}gu7Vn(uYzbsGHo+nYTe zIN9x96um`e--3-;UWQiXBj;>aQ!$7Ti?0GsE=wJCCm}(cI|&?Gdm>n4P)|kMm!;Oe zVo$Xl|G}i&GsFUhwo`Z2t9T6in&M`CJOD3J{Lg)fdx*u1aQRgk@pJX*R7nrn%CM&w zM_s_}eOG)*&xeT27tV`WW~!+*qmK!#08{6m+JT|FcsEBFK=*hFlRIWaCwW>ha zh7sAO*Pw?drs&~`dvmG7ku!kBwFKKXj&JJ>j*W;|WV@|MPp1by1hj!cPGQ(zGibVMD@5SjuG@5#Rs7>dLP#@K(!*U;63P%_w z6x6S=q)qI*NXjHFL+e>Sk?|BHD4@I2&2$ADEO=IB5!o0&fL6h784ReO`|uX6v?U&_ z_qBa$qWo8-Sq`sx51m7T=|y;I$Pgw&mRY0=@2=%*a#?VCIAr^@b%ZbP>R)3`AZ)A`WmXKDl725yB@_B zj^~Cp(J=c4dK5pNz4sa_W^hGAhn#Ey1 z<{R&VTes#P>+1fZAv_0d?}X2;%{r)8xl(6JlD_bow$g~Rtq&}9g37({b#6aRmNgiM zMBWjUvZQ2OIvST<37b4WD*>w`3k&V;R^PK%Bc033*;F*`T3h6JQbO*TBN{|wb8$Lv zbRn9}IXbA8!MqVty)!qK)~)Lo5%%gB^w_2MA+b>tgC`!MPC$)Z|7%G@h7QlxNR!hZOCOv;oAw|(0leIY z9+&-i%i?-BDidL&-Oqd5WIkWPUc7997@O@<*4);ODAk!OSz!|g`2F5v_ql^2YhGzb z0oz2kw!8x`!c2(ZO%pdufA|3PkP0fD%wUhjr)#?-ALumOx4aPVx0VZUT4Ds?D${J@ zaEX&Vwf^9d`v5LD@^;%`R{5C%VCNYLV~z~N7Z%|HwcjC+K8N5GiDv9)JjhBYAiBA= zOewRSEFJC_dj7tvmNq6Y^xJleZFyN)k-_sBg;IiGctmt!XVUJKc#g@1=MH$0J?fW& zLO*a))a;pzE{_oo3!Ou#WHOsW!d27@t?hx>>H=t4L-_#k(teo&jZ1cn#TU)XATrY^ z)K1=+op@BwJY6RpZJ!9_8|c>z-F^rh5K?S;K_&F~5V=i`KCoJBP6yPR8Pjx`SAAAr zUfPJX^W1Y>gU^BtScBj@?9`x}H#q58CT+IdoeGT{!#8;b4mSMGeFy!(*_P5=5mB!) zZS9CcotCMge&FamRF25+j=7pflP?MPR8jXqgWYSrmR(joMJ>)C&ctXjg(zpf$?Co= z?M_;zZgFZ|u)fydA>Eo^wN0#Pn|k3XQ$+Xx#n{mmoarrvFKF=jM=o=3rIR$Z5_-bu zN)5SuWR!a|`Ic>cn842quR5i=gO%4vKuw4UhM zK=!%y=81g6$!wOx+TyvYt#~Bh=FBH+3aTL zUi5!7aM0z)?{jMQpPlXWDAcjXsx=kMvp6}>?txC!c#ehp*Zz>FIDM5x@cX#%Tq|jY@e)ju5xw@7XpHG44YzI?5D{PV z!OvYAd(Cl(gSUFDio$3$sQYGlk}W@$G@q?WX5?c;u_36g=51m8ju=+7Tk3jr5!R)-N>;u0hyPYiChZ@sM-4%v93h_V6qYq5>`NL{)% z7LIclOr795K*`|CjVRr36Q(wrTob!&%O2<7Gm&3q8oj|_#q~fPzJA(tQcbWoYloc@ zj->+z*iHi$*_HiLT!<5%%+&gz0! z>g&f_bv8&U9j+WuX1;S2&K@o7{(hBRUd&}qlQvCTb`}Jkw0@nhob+FnG57kR>+$Ti z=XF6R7Y!(GGvgpa*LL09^dQn{Z^N^NJ&#dmu6p36GNjHtDKR&WO1O8bKV`26AyH;1 z11@=Q6bc7_uvJ`GXf)ACW=}8Zc%Zn#Gcze$Q_4@iTj<+is+5DSlcoWa4?JSDSk~_m zn&ddZ;<5^D9DjH$s2Ob6_)xl87+9T$Q>eR|2kxk0?`9Kf;cysZ9o1k0*E*NTO_u1C z%xhirU8s{vBAg#9G8@Psoc+i=JiWb>h@B{{!20e_&BV9o2hH$_|JFmqt)oU;dzSCFIo6zw*y!%5$!D?&+eN=~(Q36Pf1hm1=2$-P zcq|`O=FBWObax3=QqXCx2tSFoZR>wteCoKldt0ty6T&%1e;K1zE4yet&5I>-hK zJo)I62`B ziF&I-b2V7SpsTSRA5k<7E)HU%Nbulseclau2|a~V30#bNxbo#nwyv}KvhnJ`n+Hm? z^rxyGNeq;|5t=7CokJHqgJ1BgN}bN-(#Zz`80uW3OvCjf4|r{hTu@z_xFY~*)g0`H z;O(O__VJP;L9OohI#Ry9uDB~9$#p}BtzkecD&Ah0<>H|Ya%)F=7hl!d&cjJb>0kQ zRU{7tiqq?uOzGkJY|!X%4npSUCzF24sWj<*nJb_EfvhoH_AF|fRE{mk40mj6`Lqj*^rE#ko>vW`neEqHeN73 zNMV3!6ttsTdTnGwjy`?hN9=l;FClD8P%?0qtSUP9L>l)OJH{P41O0c0%ecc|-2F%I zVgLR5pL_%i_kva0fm??+OZGWve}YfOS$oOBMDLo^#HcIXNJapf6_XIMXRYqUWA^(}YHgYA5=m=zr*dyE5Uuh9*a8#So5DGLbzM&x zF@)?26b;eq@QU=0+L_nSO9zUAMWfw}UILAJxGcEut_xlAQin;Z!4xA#d4*ejaAgDT z(GLZ*KgBnClt|=NuY%g4%{K8AYZ<6iAsU^fQ2xLR_1?0^{0g|YSbg>EeFV-G>BL>dcps{v zQv6U|79mV%7BOx*t}xhhn~2fCd<9<*+h5l4UxUrCYFW$+CNvhSwMMv*wSog?4{h&i zy7j!^?6c9(S(Aw}!kCnCE3$I+^^3X-=jXEB&N;<9dYj7H57!FL41z|QEs}E$e|v3^ zpf9~d|D8=_o3v+3r@~Fsd?;|R!#G~HJAr(o!J?yu4VPyZqPO)eUXx1Hk1)A^0@!M# zJf1MLWsf^f9y3&gryX5p67g8i&+7jI)))lE&QbhEb*ALN3d>JGY1 zrh(dC9)pIIS)u{-LS`3@N|VWxma5PnJBg#}_-F)jG}1sG1~gP>jNeF)^PQ|l0lLkX zg*M3TA7#!AGy&q9L<4Q%qpM%{IFsAc{uckFVzBCf<}`l#;)IKcV)bOa!#>WQqV)+{ zwr&zM0q4I-u>ZrR`EPPfG(q71HZAtQ6aRlD^}kHt`Tt*>9PPidqY?IhX}<4%F4<~a zVPc%|p+SL*90-YfA5_qo [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/14707) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. @@ -487,7 +497,11 @@ and you will have access to more advanced querying capabilities. Log data is automatically deleted after 30 days using [Curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/5.5/about.html). -To enable log shipping, install Elastic Stack into the cluster with the **Install** button. +To enable log shipping: + +1. Navigate to **{cloud-gear}** **Operations > Kubernetes**. +1. In **Kubernetes Cluster**, select a cluster. +1. In the **Applications** section, find **Elastic Stack** and click **Install**. NOTE: **Note:** The [`stable/elastic-stack`](https://github.com/helm/charts/tree/master/stable/elastic-stack) @@ -790,10 +804,12 @@ available configuration options. > [Introduced](https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/-/merge_requests/22) in GitLab 12.8. -[Cilium](https://cilium.io/) is a networking plugin for Kubernetes -that you can use to implement support for -[NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) -resources. For more information on [Network Policies](../../topics/autodevops/stages.md#network-policy), see the documentation. +[Cilium](https://cilium.io/) is a networking plugin for Kubernetes that you can use to implement +support for [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) +resources. For more information, see [Network Policies](../../topics/autodevops/stages.md#network-policy). + + +For an overview, see the [Container Network Security Demo for GitLab 12.8](https://www.youtube.com/watch?v=pgUEdhdhoUI). Enable Cilium in the `.gitlab/managed-apps/config.yaml` file to install it: diff --git a/doc/user/project/clusters/kubernetes_pod_logs.md b/doc/user/project/clusters/kubernetes_pod_logs.md index 5543187b6de..2ccbf4146e5 100644 --- a/doc/user/project/clusters/kubernetes_pod_logs.md +++ b/doc/user/project/clusters/kubernetes_pod_logs.md @@ -4,7 +4,7 @@ > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25455) to [GitLab Core](https://about.gitlab.com/pricing/) 12.9. GitLab makes it easy to view the logs of running pods in [connected Kubernetes clusters](index.md). -By displaying the logs directly in GitLab, developers can avoid having to manage console tools or jump to a different interface. +By displaying the logs directly in GitLab in the **Log Explorer**, developers can avoid having to manage console tools or jump to a different interface. NOTE: **Kubernetes + GitLab** Everything you need to build, test, deploy, and run your app at scale. @@ -12,10 +12,14 @@ Everything you need to build, test, deploy, and run your app at scale. ## Overview -[Kubernetes](https://kubernetes.io) logs can be viewed directly within GitLab. +[Kubernetes](https://kubernetes.io) logs can be viewed directly within GitLab with +the **Log Explorer**. ![Pod logs](img/kubernetes_pod_logs_v12_10.png) + +To learn more, see [APM - Log Explorer](https://www.youtube.com/watch?v=hWclZHA7Dgw). + ## Requirements [Deploying to a Kubernetes environment](../deploy_boards.md#enabling-deploy-boards) is required in order to be able to use Logs. @@ -30,7 +34,8 @@ You can access them in two ways. > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22011) in GitLab 12.5. -Go to **{cloud-gear}** **Operations > Logs** on the sidebar menu. +Go to **{cloud-gear}** **Operations > Pod logs** on the sidebar menu to display +the **Log Explorer**. ![Sidebar menu](img/sidebar_menu_pod_logs_v12_10.png) @@ -42,11 +47,11 @@ Logs can be displayed by clicking on a specific pod from [Deploy Boards](../depl 1. On the **Environments** page, you should see the status of the environment's pods with [Deploy Boards](../deploy_boards.md). 1. When mousing over the list of pods, a tooltip will appear with the exact pod name and status. ![Deploy Boards pod list](img/pod_logs_deploy_board.png) -1. Click on the desired pod to bring up the logs view. +1. Click on the desired pod to display the **Log Explorer**. ### Logs view -The logs view lets you filter the logs by: +The **Log Explorer** lets you filter the logs by: - Pods. - [From GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/issues/5769), environments. @@ -63,9 +68,10 @@ Support for historical data is coming [in a future release](https://gitlab.com/g > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/197879) in GitLab 12.8. -When you enable [Elastic Stack](../../clusters/applications.md#elastic-stack) on your cluster, you can filter by date. +When you enable [Elastic Stack](../../clusters/applications.md#elastic-stack) on your cluster, +you can filter logs displayed in the **Log Explorer** by date. -Click on **Show last** to see the available options. +Click **Show last** in the **Log Explorer** to see the available options. ### Full text search diff --git a/doc/user/project/deploy_tokens/index.md b/doc/user/project/deploy_tokens/index.md index fbfd89bbdf0..3d3e8c97742 100644 --- a/doc/user/project/deploy_tokens/index.md +++ b/doc/user/project/deploy_tokens/index.md @@ -107,6 +107,9 @@ push images to your Container Registry. A deploy token created at the group level can be used across all projects that belong either to the specific group or to one of its subgroups. + +For an overview, see [Group Deploy Tokens](https://youtu.be/8kxTJvaD9ks). + To use a group deploy token: 1. [Create](#creating-a-deploy-token) a deploy token for a group. diff --git a/doc/user/project/merge_requests/code_quality.md b/doc/user/project/merge_requests/code_quality.md index 887ed3e0cb9..721bf31b824 100644 --- a/doc/user/project/merge_requests/code_quality.md +++ b/doc/user/project/merge_requests/code_quality.md @@ -49,7 +49,7 @@ For instance, consider the following workflow: feature in your app faster. 1. With Code Quality reports, they analyze how their implementation is impacting the code quality. -1. The metrics show that their code degrade the quality in 10 points. +1. The metrics show that their code degrades the quality by 10 points. 1. You ask a co-worker to help them with this modification. 1. They both work on the changes until Code Quality report displays no degradations, only improvements. diff --git a/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md b/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md index d424ec2f94c..513070d0bc3 100644 --- a/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md +++ b/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md @@ -61,7 +61,7 @@ according to the type of domain you want to use with your Pages site: - [For both](#for-both-root-and-subdomains). NOTE: **Note:** -You can [configure IPv6 on self-managed instances].(../../../../administration/pages/index.md#advanced-configuration), +You can [configure IPv6 on self-managed instances](../../../../administration/pages/index.md#advanced-configuration), but IPv6 is not currently configured for Pages on GitLab.com. Follow [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/214718) for details. diff --git a/lib/gitlab/kubernetes/helm.rb b/lib/gitlab/kubernetes/helm.rb index 3e201d68297..00ab7109267 100644 --- a/lib/gitlab/kubernetes/helm.rb +++ b/lib/gitlab/kubernetes/helm.rb @@ -3,7 +3,7 @@ module Gitlab module Kubernetes module Helm - HELM_VERSION = '2.16.3' + HELM_VERSION = '2.16.6' KUBECTL_VERSION = '1.13.12' NAMESPACE = 'gitlab-managed-apps' NAMESPACE_LABELS = { 'app.gitlab.com/managed_by' => :gitlab }.freeze diff --git a/spec/lib/gitlab/gfm/reference_rewriter_spec.rb b/spec/lib/gitlab/gfm/reference_rewriter_spec.rb index 084dde1f93f..335135696ef 100644 --- a/spec/lib/gitlab/gfm/reference_rewriter_spec.rb +++ b/spec/lib/gitlab/gfm/reference_rewriter_spec.rb @@ -147,6 +147,18 @@ describe Gitlab::Gfm::ReferenceRewriter do it { is_expected.to eq text } end + context 'when referring to a group' do + let(:text) { "group @#{group.full_path}" } + + it { is_expected.to eq text } + end + + context 'when referring to a user' do + let(:text) { "user @#{user.full_path}" } + + it { is_expected.to eq text } + end + context 'when referable has a nil reference' do before do create(:milestone, title: '9.0', project: old_project) diff --git a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb index 3c62219a9a5..ea32ac96213 100644 --- a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb +++ b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb @@ -32,7 +32,7 @@ describe Gitlab::Kubernetes::Helm::Pod do it 'generates the appropriate specifications for the container' do container = subject.generate.spec.containers.first expect(container.name).to eq('helm') - expect(container.image).to eq('registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/2.16.3-kube-1.13.12') + expect(container.image).to eq('registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/2.16.6-kube-1.13.12') expect(container.env.count).to eq(3) expect(container.env.map(&:name)).to match_array([:HELM_VERSION, :TILLER_NAMESPACE, :COMMAND_SCRIPT]) expect(container.command).to match_array(["/bin/sh"]) diff --git a/spec/routing/project_routing_spec.rb b/spec/routing/project_routing_spec.rb index f8b98c5b7e1..0b2c0f38059 100644 --- a/spec/routing/project_routing_spec.rb +++ b/spec/routing/project_routing_spec.rb @@ -143,8 +143,6 @@ describe 'project routing' do expect(get("/gitlab/gitlabhq/-/autocomplete_sources/#{action}")).to route_to("projects/autocomplete_sources##{action}", namespace_id: 'gitlab', project_id: 'gitlabhq') end end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/autocomplete_sources/labels", "/gitlab/gitlabhq/-/autocomplete_sources/labels" end # pages_project_wikis GET /:project_id/wikis/pages(.:format) projects/wikis#pages @@ -220,8 +218,6 @@ describe 'project routing' do expect(delete('/gitlab/gitlabhq/-/branches/feature%2B45/foo/bar/baz')).to route_to('projects/branches#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'feature+45/foo/bar/baz') expect(delete('/gitlab/gitlabhq/-/branches/feature@45/foo/bar/baz')).to route_to('projects/branches#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'feature@45/foo/bar/baz') end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/branches", "/gitlab/gitlabhq/-/branches" end describe Projects::TagsController, 'routing' do @@ -249,8 +245,6 @@ describe 'project routing' do let(:controller) { 'deploy_keys' } let(:controller_path) { '/-/deploy_keys' } end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/deploy_keys", "/gitlab/gitlabhq/-/deploy_keys" end # project_protected_branches GET /:project_id/protected_branches(.:format) protected_branches#index @@ -487,7 +481,6 @@ describe 'project routing' do let(:controller_path) { '/-/project_members' } end - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/project_members", "/gitlab/gitlabhq/-/project_members" it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/-/settings/members", "/gitlab/gitlabhq/-/project_members" end @@ -509,8 +502,6 @@ describe 'project routing' do it 'to #promote' do expect(post('/gitlab/gitlabhq/-/milestones/1/promote')).to route_to('projects/milestones#promote', namespace_id: 'gitlab', project_id: 'gitlabhq', id: "1") end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/milestones", "/gitlab/gitlabhq/-/milestones" end # project_labels GET /:project_id/labels(.:format) labels#index @@ -518,8 +509,6 @@ describe 'project routing' do it 'to #index' do expect(get('/gitlab/gitlabhq/-/labels')).to route_to('projects/labels#index', namespace_id: 'gitlab', project_id: 'gitlabhq') end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/labels", "/gitlab/gitlabhq/-/labels" end # sort_project_issues POST /:project_id/issues/sort(.:format) issues#sort @@ -723,8 +712,6 @@ describe 'project routing' do expect(get('/gitlab/gitlabhq/-/network/ends-with.json')).to route_to('projects/network#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'ends-with.json') expect(get('/gitlab/gitlabhq/-/network/master?format=json')).to route_to('projects/network#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'master', format: 'json') end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/network/master", "/gitlab/gitlabhq/-/network/master" end describe Projects::GraphsController, 'routing' do @@ -733,8 +720,6 @@ describe 'project routing' do expect(get('/gitlab/gitlabhq/-/graphs/ends-with.json')).to route_to('projects/graphs#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'ends-with.json') expect(get('/gitlab/gitlabhq/-/graphs/master?format=json')).to route_to('projects/graphs#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'master', format: 'json') end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/graphs/master", "/gitlab/gitlabhq/-/graphs/master" end describe Projects::ForksController, 'routing' do @@ -745,8 +730,6 @@ describe 'project routing' do it 'to #create' do expect(post('/gitlab/gitlabhq/-/forks')).to route_to('projects/forks#create', namespace_id: 'gitlab', project_id: 'gitlabhq') end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/forks", "/gitlab/gitlabhq/-/forks" end # project_avatar DELETE /project/avatar(.:format) projects/avatars#destroy @@ -755,8 +738,6 @@ describe 'project routing' do expect(delete('/gitlab/gitlabhq/-/avatar')).to route_to( 'projects/avatars#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq') end - - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/avatar", "/gitlab/gitlabhq/-/avatar" end describe Projects::PagesDomainsController, 'routing' do @@ -802,8 +783,6 @@ describe 'project routing' do expect(get('/gitlab/gitlabhq/-/settings/repository')).to route_to('projects/settings/repository#show', namespace_id: 'gitlab', project_id: 'gitlabhq') end - it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/settings/repository", "/gitlab/gitlabhq/-/settings/repository" - it 'to repository#create_deploy_token' do expect(post('gitlab/gitlabhq/-/settings/ci_cd/deploy_token/create')).to route_to('projects/settings/repository#create_deploy_token', namespace_id: 'gitlab', project_id: 'gitlabhq') end