From c28d99ee98ea9ccaa44ab7548d49c2f12b257c56 Mon Sep 17 00:00:00 2001 From: bglynn Date: Fri, 19 Jan 2024 11:32:12 -0800 Subject: [PATCH 01/24] Initial restructuring to move towards a more linear user flow in the docs. --- .gitignore | 1 + .../AWS IAM/Examples}/_category_.json | 2 +- .../AWS IAM/Examples}/aws-iam-eks.mdx | 4 +- docs/access-types/AWS IAM/Overview.mdx | 8 +++ docs/access-types/AWS IAM/Reference.mdx | 4 ++ docs/access-types/AWS IAM/_category_.json | 5 ++ .../Istio/Examples/_category_.json | 5 ++ .../k8s-istio-authorization-policies.mdx | 14 ++-- .../Istio/Examples}/k8s-istio-watcher.mdx | 16 ++--- docs/access-types/Istio/Overview.mdx | 4 ++ docs/access-types/Istio/Reference.mdx | 4 ++ docs/access-types/Istio/_category_.json | 5 ++ .../Kafka/Examples/_category_.json | 5 ++ .../Kafka/Examples}/k8s-kafka-mapping.mdx | 10 +-- .../Examples}/k8s-kafka-mtls-cert-manager.mdx | 28 ++++---- .../Kafka/Examples}/k8s-kafka-mtls.mdx | 24 +++---- docs/access-types/Kafka/Overview.mdx | 4 ++ docs/access-types/Kafka/Reference.mdx | 4 ++ docs/access-types/Kafka/_category_.json | 5 ++ .../Networking/Examples/_category_.json | 5 ++ .../Networking/Examples}/aws-eks-cni-mini.mdx | 14 ++-- .../Examples}/k8s-network-mapper.mdx | 14 ++-- .../Examples}/k8s-network-policies.mdx | 22 +++--- .../protect-1-service-network-policies.mdx | 13 ++-- docs/access-types/Networking/Overview.mdx | 4 ++ .../Reference/Network-Policies-Deep-Dive.mdx} | 2 +- .../Networking/Reference/README.mdx | 4 ++ docs/access-types/Networking/_category_.json | 5 ++ .../Postgres/Examples/_category_.json | 5 ++ .../Postgres/Examples}/postgres.mdx | 0 docs/access-types/Postgres/Overview.mdx | 4 ++ docs/access-types/Postgres/Reference.mdx | 4 ++ .../Postgres}/_category_.json | 2 +- docs/access-types/README.mdx | 4 ++ docs/access-types/_category_.json | 5 ++ docs/getting-started/README.mdx | 4 +- docs/getting-started/_category_.json | 3 +- docs/guides/_category_.json | 5 -- docs/overview/README.mdx | 4 ++ docs/overview/_category_.json | 4 ++ docs/{ => overview}/installation/README.mdx | 12 ++-- .../intent-based-access-control.mdx} | 8 +-- docs/{ => overview}/otterize-cloud/README.mdx | 0 .../otterize-cloud/_category_.json | 0 .../_environments_and_namespaces.mdx | 0 .../otterize-cloud/object-model.mdx | 0 docs/{ => overview}/otterize-oss/README.mdx | 0 .../otterize-oss/_category_.json | 0 .../otterize-oss/error-telemetry.mdx | 0 .../otterize-oss/usage-telemetry.mdx | 0 docs/quickstart/_category_.json | 5 -- .../quickstart/access-control/_category_.json | 5 -- .../IBAC-Overview.mdx} | 0 docs/reference/_category_.json | 2 +- .../shadow-vs-active-enforcement/README.mdx | 0 .../troubleshooting/README.mdx | 0 docusaurus.config.js | 70 +++++++++++++------ src/css/custom.css | 11 ++- 58 files changed, 255 insertions(+), 137 deletions(-) rename docs/{quickstart/visualization => access-types/AWS IAM/Examples}/_category_.json (60%) rename docs/{quickstart/access-control => access-types/AWS IAM/Examples}/aws-iam-eks.mdx (98%) create mode 100644 docs/access-types/AWS IAM/Overview.mdx create mode 100644 docs/access-types/AWS IAM/Reference.mdx create mode 100644 docs/access-types/AWS IAM/_category_.json create mode 100644 docs/access-types/Istio/Examples/_category_.json rename docs/{quickstart/access-control => access-types/Istio/Examples}/k8s-istio-authorization-policies.mdx (95%) rename docs/{quickstart/visualization => access-types/Istio/Examples}/k8s-istio-watcher.mdx (92%) create mode 100644 docs/access-types/Istio/Overview.mdx create mode 100644 docs/access-types/Istio/Reference.mdx create mode 100644 docs/access-types/Istio/_category_.json create mode 100644 docs/access-types/Kafka/Examples/_category_.json rename docs/{quickstart/visualization => access-types/Kafka/Examples}/k8s-kafka-mapping.mdx (95%) rename docs/{quickstart/access-control => access-types/Kafka/Examples}/k8s-kafka-mtls-cert-manager.mdx (93%) rename docs/{quickstart/access-control => access-types/Kafka/Examples}/k8s-kafka-mtls.mdx (93%) create mode 100644 docs/access-types/Kafka/Overview.mdx create mode 100644 docs/access-types/Kafka/Reference.mdx create mode 100644 docs/access-types/Kafka/_category_.json create mode 100644 docs/access-types/Networking/Examples/_category_.json rename docs/{quickstart/access-control => access-types/Networking/Examples}/aws-eks-cni-mini.mdx (94%) rename docs/{quickstart/visualization => access-types/Networking/Examples}/k8s-network-mapper.mdx (93%) rename docs/{quickstart/access-control => access-types/Networking/Examples}/k8s-network-policies.mdx (92%) rename docs/{guides => access-types/Networking/Examples}/protect-1-service-network-policies.mdx (97%) create mode 100644 docs/access-types/Networking/Overview.mdx rename docs/{reference/access-controls/network-policies/README.mdx => access-types/Networking/Reference/Network-Policies-Deep-Dive.mdx} (99%) create mode 100644 docs/access-types/Networking/Reference/README.mdx create mode 100644 docs/access-types/Networking/_category_.json create mode 100644 docs/access-types/Postgres/Examples/_category_.json rename docs/{quickstart/access-control => access-types/Postgres/Examples}/postgres.mdx (100%) create mode 100644 docs/access-types/Postgres/Overview.mdx create mode 100644 docs/access-types/Postgres/Reference.mdx rename docs/{concepts => access-types/Postgres}/_category_.json (62%) create mode 100644 docs/access-types/README.mdx create mode 100644 docs/access-types/_category_.json delete mode 100644 docs/guides/_category_.json create mode 100644 docs/overview/README.mdx create mode 100644 docs/overview/_category_.json rename docs/{ => overview}/installation/README.mdx (90%) rename docs/{reference/intents-and-intents-files/README.mdx => overview/intent-based-access-control.mdx} (96%) rename docs/{ => overview}/otterize-cloud/README.mdx (100%) rename docs/{ => overview}/otterize-cloud/_category_.json (100%) rename docs/{ => overview}/otterize-cloud/_environments_and_namespaces.mdx (100%) rename docs/{ => overview}/otterize-cloud/object-model.mdx (100%) rename docs/{ => overview}/otterize-oss/README.mdx (100%) rename docs/{ => overview}/otterize-oss/_category_.json (100%) rename docs/{ => overview}/otterize-oss/error-telemetry.mdx (100%) rename docs/{ => overview}/otterize-oss/usage-telemetry.mdx (100%) delete mode 100644 docs/quickstart/_category_.json delete mode 100644 docs/quickstart/access-control/_category_.json rename docs/{intent-based-access-control/README.mdx => reference/IBAC-Overview.mdx} (100%) rename docs/{ => reference}/shadow-vs-active-enforcement/README.mdx (100%) rename docs/{ => reference}/troubleshooting/README.mdx (100%) diff --git a/.gitignore b/.gitignore index 26328349a..fc9af2b85 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ yarn-error.log* .idea package-lock.json +.vercel diff --git a/docs/quickstart/visualization/_category_.json b/docs/access-types/AWS IAM/Examples/_category_.json similarity index 60% rename from docs/quickstart/visualization/_category_.json rename to docs/access-types/AWS IAM/Examples/_category_.json index 4564c5be8..bbac434cd 100644 --- a/docs/quickstart/visualization/_category_.json +++ b/docs/access-types/AWS IAM/Examples/_category_.json @@ -1,5 +1,5 @@ { - "label": "Visualization", + "label": "Examples", "position": 2, "collapsed": false } diff --git a/docs/quickstart/access-control/aws-iam-eks.mdx b/docs/access-types/AWS IAM/Examples/aws-iam-eks.mdx similarity index 98% rename from docs/quickstart/access-control/aws-iam-eks.mdx rename to docs/access-types/AWS IAM/Examples/aws-iam-eks.mdx index 7bb03fa5a..94b8fd774 100644 --- a/docs/quickstart/access-control/aws-iam-eks.mdx +++ b/docs/access-types/AWS IAM/Examples/aws-iam-eks.mdx @@ -187,7 +187,7 @@ kubectl patch deployment -n otterize-tutorial-iam server --type='json' -p="[{\"o Expand to see the deployment YAML ```yaml -{@include: ../../../static/code-examples/aws-iam-eks/client-and-server.yaml} +{@include: ../../../../static/code-examples/aws-iam-eks/client-and-server.yaml} ``` @@ -287,7 +287,7 @@ By annotating the pod, we've created an IAM role. We now need to specify what we We will specify the following ClientIntents, granting the PutObject permission to the `otterize-tutorial-bucket` S3 bucket. ```yaml -{@include: ../../../static/code-examples/aws-iam-eks/clientintents.yaml} +{@include: ../../../../static/code-examples/aws-iam-eks/clientintents.yaml} ``` To apply these intents, run the following command: diff --git a/docs/access-types/AWS IAM/Overview.mdx b/docs/access-types/AWS IAM/Overview.mdx new file mode 100644 index 000000000..cf6694baa --- /dev/null +++ b/docs/access-types/AWS IAM/Overview.mdx @@ -0,0 +1,8 @@ +--- +sidebar_position: 1 +title: Overview +hide_table_of_contents: false +--- + + + diff --git a/docs/access-types/AWS IAM/Reference.mdx b/docs/access-types/AWS IAM/Reference.mdx new file mode 100644 index 000000000..626ea0452 --- /dev/null +++ b/docs/access-types/AWS IAM/Reference.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 3 +title: Reference +--- \ No newline at end of file diff --git a/docs/access-types/AWS IAM/_category_.json b/docs/access-types/AWS IAM/_category_.json new file mode 100644 index 000000000..aca2a23bb --- /dev/null +++ b/docs/access-types/AWS IAM/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "AWS IAM", + "position": 2, + "collapsed": true +} diff --git a/docs/access-types/Istio/Examples/_category_.json b/docs/access-types/Istio/Examples/_category_.json new file mode 100644 index 000000000..0e3676464 --- /dev/null +++ b/docs/access-types/Istio/Examples/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Examples", + "position": 2, + "collapsed": true +} diff --git a/docs/quickstart/access-control/k8s-istio-authorization-policies.mdx b/docs/access-types/Istio/Examples/k8s-istio-authorization-policies.mdx similarity index 95% rename from docs/quickstart/access-control/k8s-istio-authorization-policies.mdx rename to docs/access-types/Istio/Examples/k8s-istio-authorization-policies.mdx index 41582428c..4f26a65ef 100644 --- a/docs/quickstart/access-control/k8s-istio-authorization-policies.mdx +++ b/docs/access-types/Istio/Examples/k8s-istio-authorization-policies.mdx @@ -29,7 +29,7 @@ In this tutorial, we will: Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. -{@include: ../../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md} @@ -42,7 +42,7 @@ So either forego browser visualization and:
Install Otterize in your cluster, without Otterize Cloud -{@include: ../../_common/install-otterize-istio-enabled.md} +{@include: ../../../_common/install-otterize-istio-enabled.md}
@@ -53,11 +53,11 @@ Or choose to include browser visualization and: #### Create an Otterize Cloud account -{@include: ../../_common/create-account.md} +{@include: ../../../_common/create-account.md} #### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../_common/install-otterize-from-cloud-with-istio-enforcement.md} +{@include: ../../../_common/install-otterize-from-cloud-with-istio-enforcement.md} @@ -66,7 +66,7 @@ Or choose to include browser visualization and:
Install Istio in the cluster via Helm -{@include: ../../_common/install-istio.md} +{@include: ../../../_common/install-istio.md}
@@ -79,7 +79,7 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/network-mapper/istio-telemetry-en ``` ```yaml -{@include: ../../../static/code-examples/network-mapper/istio-telemetry-enablement.yaml} +{@include: ../../../../static/code-examples/network-mapper/istio-telemetry-enablement.yaml} ```
@@ -116,7 +116,7 @@ You can click on the services or the lines connecting them to see which ClientIn 1. Here is the `intents.yaml` declaration of the client, which we will apply below: ```yaml -{@include: ../../../static/code-examples/istio-authorization-policies/intents.yaml} +{@include: ../../../../static/code-examples/istio-authorization-policies/intents.yaml} ``` To apply it, use: diff --git a/docs/quickstart/visualization/k8s-istio-watcher.mdx b/docs/access-types/Istio/Examples/k8s-istio-watcher.mdx similarity index 92% rename from docs/quickstart/visualization/k8s-istio-watcher.mdx rename to docs/access-types/Istio/Examples/k8s-istio-watcher.mdx index 93f87c243..422daa522 100644 --- a/docs/quickstart/visualization/k8s-istio-watcher.mdx +++ b/docs/access-types/Istio/Examples/k8s-istio-watcher.mdx @@ -23,7 +23,7 @@ In this tutorial, we will: Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. -{@include: ../../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md} @@ -36,7 +36,7 @@ So either forego browser visualization and:
Install the Otterize network mapper in your cluster with the Istio watcher component enabled, and without Otterize Cloud -{@include: ../../_common/install-otterize-istio-watcher.md} +{@include: ../../../_common/install-otterize-istio-watcher.md}
@@ -47,11 +47,11 @@ Or choose to include browser visualization and: #### Create an Otterize Cloud account -{@include: ../../_common/create-account.md} +{@include: ../../../_common/create-account.md} #### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../_common/install-otterize-from-cloud-with-enforcement-with-istiowatcher.md} +{@include: ../../../_common/install-otterize-from-cloud-with-enforcement-with-istiowatcher.md} @@ -60,7 +60,7 @@ Finally, you'll need to install the Otterize CLI (if you haven't already) to int
Install the Otterize CLI -{@include: ../../_common/install-otterize-cli.md} +{@include: ../../../_common/install-otterize-cli.md}
@@ -69,7 +69,7 @@ Finally, you'll need to install the Otterize CLI (if you haven't already) to int
Install Istio in the cluster via Helm -{@include: ../../_common/install-istio.md} +{@include: ../../../_common/install-istio.md}
@@ -91,7 +91,7 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/network-mapper/istio-telemetry-en ``` ```yaml -{@include: ../../../static/code-examples/network-mapper/istio-telemetry-enablement.yaml} +{@include: ../../../../static/code-examples/network-mapper/istio-telemetry-enablement.yaml} ```
@@ -122,7 +122,7 @@ For a complete list of the CLI capabilities read the [CLI command reference](/re ### Extract and see the network map -{@include: ../../getting-started/_show_mapped_istio_traffic_cli.mdx} +{@include: ../../../getting-started/_show_mapped_istio_traffic_cli.mdx} ### Show the access graph in Otterize Cloud diff --git a/docs/access-types/Istio/Overview.mdx b/docs/access-types/Istio/Overview.mdx new file mode 100644 index 000000000..7e4dcc2d8 --- /dev/null +++ b/docs/access-types/Istio/Overview.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 1 +title: Overview +--- \ No newline at end of file diff --git a/docs/access-types/Istio/Reference.mdx b/docs/access-types/Istio/Reference.mdx new file mode 100644 index 000000000..626ea0452 --- /dev/null +++ b/docs/access-types/Istio/Reference.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 3 +title: Reference +--- \ No newline at end of file diff --git a/docs/access-types/Istio/_category_.json b/docs/access-types/Istio/_category_.json new file mode 100644 index 000000000..1654bce0e --- /dev/null +++ b/docs/access-types/Istio/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Istio", + "position": 4, + "collapsed": true +} diff --git a/docs/access-types/Kafka/Examples/_category_.json b/docs/access-types/Kafka/Examples/_category_.json new file mode 100644 index 000000000..bbac434cd --- /dev/null +++ b/docs/access-types/Kafka/Examples/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Examples", + "position": 2, + "collapsed": false +} diff --git a/docs/quickstart/visualization/k8s-kafka-mapping.mdx b/docs/access-types/Kafka/Examples/k8s-kafka-mapping.mdx similarity index 95% rename from docs/quickstart/visualization/k8s-kafka-mapping.mdx rename to docs/access-types/Kafka/Examples/k8s-kafka-mapping.mdx index c4bdc8a9d..56ad8433f 100644 --- a/docs/quickstart/visualization/k8s-kafka-mapping.mdx +++ b/docs/access-types/Kafka/Examples/k8s-kafka-mapping.mdx @@ -24,7 +24,7 @@ We will **not** be doing any access control in this demo, just purely mapping cl Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. -{@include: ../../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md} @@ -53,11 +53,11 @@ Or choose to include browser visualization and: #### Create an Otterize Cloud account -{@include: ../../_common/create-account.md} +{@include: ../../../_common/create-account.md} #### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher.md} +{@include: ../../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher.md} @@ -66,7 +66,7 @@ Finally, you'll need to install the Otterize CLI (if you haven't already) to int
Install the Otterize CLI -{@include: ../../_common/install-otterize-cli.md} +{@include: ../../../_common/install-otterize-cli.md}
@@ -82,7 +82,7 @@ In the chart we will configure Kafka to: Expand to see the Helm values.yaml used with the Bitnami chart ```yaml -{@include: ../../../static/code-examples/kafka-mapping/helm/values.yaml} +{@include: ../../../../static/code-examples/kafka-mapping/helm/values.yaml} ``` diff --git a/docs/quickstart/access-control/k8s-kafka-mtls-cert-manager.mdx b/docs/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx similarity index 93% rename from docs/quickstart/access-control/k8s-kafka-mtls-cert-manager.mdx rename to docs/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx index 4b8813a89..ec754ba6c 100644 --- a/docs/quickstart/access-control/k8s-kafka-mtls-cert-manager.mdx +++ b/docs/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 5 -title: Kafka access automation using cert-manager mTLS +title: Kafka Access Automation Using Cert-Manager mTLS image: /img/quick-tutorials/k8s-kafka-mtls-cert-mgr/social.png --- @@ -29,7 +29,7 @@ In this tutorial, we will: Before you start, you'll need a Kubernetes cluster. -{@include: ../../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md} @@ -50,7 +50,7 @@ This tutorial uses the built-in and easy-to-setup `CA` Issuer type so that the t ::: ```yaml -{@include: ../../../static/code-examples/kafka-mtls-cert-manager/clusterissuer.yaml} +{@include: ../../../../static/code-examples/kafka-mtls-cert-manager/clusterissuer.yaml} ``` Deploy this `ClusterIssuer`: @@ -72,7 +72,7 @@ You can now install Otterize in your cluster, and connect to Otterize Cloud. Con -{@include: ../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher-and-cert-manager.md} +{@include: ../../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher-and-cert-manager.md} #### Configure the access graph in Otterize Cloud to only show Kafka authorization status @@ -80,7 +80,7 @@ You want to make sure that under **Istio Policies** _Use in access graph_ is tur Keep _Use in access graph_ **on** under **Kafka ACLs** so that the access graph only shows the authorization status for Kafka ACLs. -![Make sure access graph is configured correctly](../../../static/img/quick-tutorials/k8s-kafka-mtls-cert-mgr//cloud-settings.png) +![Make sure access graph is configured correctly](/img/quick-tutorials/k8s-kafka-mtls-cert-mgr//cloud-settings.png) @@ -119,7 +119,7 @@ In the chart we will configure Kafka to: Expand to see the Helm values.yaml used with the Bitnami chart ```yaml -{@include: ../../../static/code-examples/kafka-mtls-cert-manager/helm/values.yaml} +{@include: ../../../../static/code-examples/kafka-mtls-cert-manager/helm/values.yaml} ``` @@ -145,7 +145,7 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls-cert-manager/kafkaserv ``` ```yaml -{@include: ../../../static/code-examples/kafka-mtls-cert-manager/kafkaserverconfig.yaml} +{@include: ../../../../static/code-examples/kafka-mtls-cert-manager/kafkaserverconfig.yaml} ``` ## Deploy clients @@ -203,7 +203,7 @@ spec: ```yaml -{@include: ../../../static/code-examples/kafka-mtls-cert-manager/client-deployment.yaml} +{@include: ../../../../static/code-examples/kafka-mtls-cert-manager/client-deployment.yaml} ``` @@ -211,7 +211,7 @@ spec: ```yaml -{@include: ../../../static/code-examples/kafka-mtls-cert-manager/client-other-deployment.yaml} +{@include: ../../../../static/code-examples/kafka-mtls-cert-manager/client-other-deployment.yaml} ``` @@ -348,7 +348,7 @@ You can click on the services or the lines connecting them to see which ClientIn 1. The client declares its intent to call the `kafka.kafka` server with this `intents.yaml` file: ```yaml -{@include: ../../../static/code-examples/kafka-mtls-cert-manager/client-intents.yaml} +{@include: ../../../../static/code-examples/kafka-mtls-cert-manager/client-intents.yaml} ``` We can apply intents for the `client` by applying the `client-intents.yaml` file: @@ -361,11 +361,11 @@ If you go back to your access graph, you'll now see that the `client` has a soli If you click on that solid line, you will see that the declared intents match the discovered intents, so access is assured. -![client intents applied](../../../static/img/quick-tutorials/k8s-kafka-mtls-cert-mgr/client-intents.png) +![client intents applied](/img/quick-tutorials/k8s-kafka-mtls-cert-mgr/client-intents.png) 2. At this point, since the Kafka server is not actually protected, the `client-other` can still access the topics. The line is orange, indicating that it has no declared intents. -![Declared Intent](../../../static/img/quick-tutorials/k8s-kafka-mtls-cert-mgr/declared-intent.png) +![Declared Intent](/img/quick-tutorials/k8s-kafka-mtls-cert-mgr/declared-intent.png) We can see what happened: @@ -382,7 +382,7 @@ Let's see that in action. Our clients that have not declared intents will be blo We need to turn protection on in for this Kafka broker by declaring it as a protected service: ```yaml -{@include: ../../../static/code-examples/kafka-mtls-cert-manager/protectedservice.yaml} +{@include: ../../../../static/code-examples/kafka-mtls-cert-manager/protectedservice.yaml} ``` Apply this `ProtectedService` resource: @@ -406,7 +406,7 @@ error="kafka server: The client is not authorized to access this topic And if you look back at your access graph, you'll see that the Kafka broker is now protected, and that the `client-other` and `client-authenticated` are blocked. -![Clients blocked](../../../static/img/quick-tutorials/k8s-kafka-mtls-cert-mgr//clients-blocked.png) +![Clients blocked](/img/quick-tutorials/k8s-kafka-mtls-cert-mgr//clients-blocked.png) ## What did we accomplish? diff --git a/docs/quickstart/access-control/k8s-kafka-mtls.mdx b/docs/access-types/Kafka/Examples/k8s-kafka-mtls.mdx similarity index 93% rename from docs/quickstart/access-control/k8s-kafka-mtls.mdx rename to docs/access-types/Kafka/Examples/k8s-kafka-mtls.mdx index 75c58068c..f06e2d51d 100644 --- a/docs/quickstart/access-control/k8s-kafka-mtls.mdx +++ b/docs/access-types/Kafka/Examples/k8s-kafka-mtls.mdx @@ -28,7 +28,7 @@ In this tutorial, we will: Before you start, you'll need a Kubernetes cluster. -{@include: ../../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md} @@ -40,7 +40,7 @@ You can now install Otterize in your cluster, and connect to Otterize Cloud. Con 2. Generate certificates using the Otterize Cloud hosted service. If you prefer to generate certificates in-cluster, you can [follow the tutorial for cert-manager](/quickstart/access-control/k8s-kafka-mtls-cert-manager). #### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher.md} +{@include: ../../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher.md} #### Configure the access graph in Otterize Cloud to only show Kafka authorization status @@ -48,7 +48,7 @@ You want to make sure that under **Istio Policies** _Use in access graph_ is tur Keep _Use in access graph_ **on** under **Kafka ACLs** so that the access graph only shows the authorization status for Kafka ACLs. -![Make sure access graph is configured correctly](../../../static/img/quick-tutorials/k8s-kafka-mtls//cloud-settings.png) +![Make sure access graph is configured correctly](/img/quick-tutorials/k8s-kafka-mtls//cloud-settings.png) ## Install Kafka @@ -65,7 +65,7 @@ In the chart we will configure Kafka to: Expand to see the Helm values.yaml used with the Bitnami chart ```yaml -{@include: ../../../static/code-examples/kafka-mtls/helm/values.yaml} +{@include: ../../../../static/code-examples/kafka-mtls/helm/values.yaml} ``` @@ -91,7 +91,7 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls/kafkaserverconfig.yaml ``` ```yaml -{@include: ../../../static/code-examples/kafka-mtls/kafkaserverconfig.yaml} +{@include: ../../../../static/code-examples/kafka-mtls/kafkaserverconfig.yaml} ``` ## Deploy clients @@ -149,7 +149,7 @@ spec: ```yaml -{@include: ../../../static/code-examples/kafka-mtls/client-deployment.yaml} +{@include: ../../../../static/code-examples/kafka-mtls/client-deployment.yaml} ``` @@ -157,7 +157,7 @@ spec: ```yaml -{@include: ../../../static/code-examples/kafka-mtls/client-other-deployment.yaml} +{@include: ../../../../static/code-examples/kafka-mtls/client-other-deployment.yaml} ``` @@ -259,7 +259,7 @@ You can click on the services or the lines connecting them to see which ClientIn 1. The client declares its intent to call the `kafka.kafka` server with this `intents.yaml` file: ```yaml -{@include: ../../../static/code-examples/kafka-mtls/client-intents.yaml} +{@include: ../../../../static/code-examples/kafka-mtls/client-intents.yaml} ``` We can apply intents for the `client` by applying the `client-intents.yaml` file: @@ -272,11 +272,11 @@ If you go back to your access graph, you'll now see that the `client` has a soli If you click on that solid line, you will see that the declared intents match the discovered intents, so access is assured. -![client intents applied](../../../static/img/quick-tutorials/k8s-kafka-mtls/client-intents.png) +![client intents applied](/img/quick-tutorials/k8s-kafka-mtls/client-intents.png) 2. At this point, since the Kafka server is not actually protected, the `client-other` can still access the topics. The line is orange, indicating that it has no declared intents. -![Declared Intent](../../../static/img/quick-tutorials/k8s-kafka-mtls/declared-intent.png) +![Declared Intent](/img/quick-tutorials/k8s-kafka-mtls/declared-intent.png) We can see what happened: @@ -295,7 +295,7 @@ Let's see that in action. Our clients that have not declared intents will be blo We need to turn protection on in for this Kafka broker by declaring it as a protected service: ```yaml -{@include: ../../../static/code-examples/kafka-mtls/protectedservice.yaml} +{@include: ../../../../static/code-examples/kafka-mtls/protectedservice.yaml} ``` Apply this `ProtectedService` resource: @@ -319,7 +319,7 @@ error="kafka server: The client is not authorized to access this topic And if you look back at your access graph, you'll see that the Kafka broker is now protected, and that the `client-other` and `client-authenticated` are blocked. -![Clients blocked](../../../static/img/quick-tutorials/k8s-kafka-mtls/clients-blocked.png) +![Clients blocked](/img/quick-tutorials/k8s-kafka-mtls/clients-blocked.png) ## What did we accomplish? diff --git a/docs/access-types/Kafka/Overview.mdx b/docs/access-types/Kafka/Overview.mdx new file mode 100644 index 000000000..7e4dcc2d8 --- /dev/null +++ b/docs/access-types/Kafka/Overview.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 1 +title: Overview +--- \ No newline at end of file diff --git a/docs/access-types/Kafka/Reference.mdx b/docs/access-types/Kafka/Reference.mdx new file mode 100644 index 000000000..626ea0452 --- /dev/null +++ b/docs/access-types/Kafka/Reference.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 3 +title: Reference +--- \ No newline at end of file diff --git a/docs/access-types/Kafka/_category_.json b/docs/access-types/Kafka/_category_.json new file mode 100644 index 000000000..4861435c0 --- /dev/null +++ b/docs/access-types/Kafka/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Kafka", + "position": 3, + "collapsed": true +} diff --git a/docs/access-types/Networking/Examples/_category_.json b/docs/access-types/Networking/Examples/_category_.json new file mode 100644 index 000000000..0e3676464 --- /dev/null +++ b/docs/access-types/Networking/Examples/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Examples", + "position": 2, + "collapsed": true +} diff --git a/docs/quickstart/access-control/aws-eks-cni-mini.mdx b/docs/access-types/Networking/Examples/aws-eks-cni-mini.mdx similarity index 94% rename from docs/quickstart/access-control/aws-eks-cni-mini.mdx rename to docs/access-types/Networking/Examples/aws-eks-cni-mini.mdx index fbf8809dc..f49bd7e7b 100644 --- a/docs/quickstart/access-control/aws-eks-cni-mini.mdx +++ b/docs/access-types/Networking/Examples/aws-eks-cni-mini.mdx @@ -1,6 +1,6 @@ --- -sidebar_position: 2 -title: Network policies on AWS EKS with the VPC CNI +sidebar_position: 4 +title: AWS EKS Network policies With The VPC CNI image: /img/quick-tutorials/aws-eks-mini/social.png --- @@ -86,7 +86,7 @@ So either forego browser visualization and:
Install Otterize in your cluster, without Otterize Cloud -{@include: ../../_common/install-otterize.md} +{@include: ../../../_common/install-otterize.md}
@@ -97,11 +97,11 @@ Or choose to include browser visualization and: #### Create an Otterize Cloud account -{@include: ../../_common/create-account.md} +{@include: ../../../_common/create-account.md} #### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../_common/install-otterize-from-cloud.md} +{@include: ../../../_common/install-otterize-from-cloud.md} @@ -110,7 +110,7 @@ Finally, you'll need to install the Otterize CLI (if you haven't already) to int
Install the Otterize CLI -{@include: ../../_common/install-otterize-cli.md} +{@include: ../../../_common/install-otterize-cli.md}
@@ -173,7 +173,7 @@ At which point you should see that the `server` service is ready to be protected And you can then protect the `server` service by applying the following `yaml` file: ```yaml -{@include: ../../../static/code-examples/aws-eks-mini/protect-server.yaml} +{@include: ../../../../static/code-examples/aws-eks-mini/protect-server.yaml} ``` Protect the server by applying the resource: diff --git a/docs/quickstart/visualization/k8s-network-mapper.mdx b/docs/access-types/Networking/Examples/k8s-network-mapper.mdx similarity index 93% rename from docs/quickstart/visualization/k8s-network-mapper.mdx rename to docs/access-types/Networking/Examples/k8s-network-mapper.mdx index b703b3cf7..0db7cfd8b 100644 --- a/docs/quickstart/visualization/k8s-network-mapper.mdx +++ b/docs/access-types/Networking/Examples/k8s-network-mapper.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: Network mapping a Kubernetes cluster +title: Visualizing a Kubernetes Network image: /img/visualization/k8s-network-mapper/social.png --- @@ -22,7 +22,7 @@ In this tutorial, we will: Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. -{@include: ../../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md} @@ -36,7 +36,7 @@ So either forego browser visualization and:
Install Otterize in your cluster, without Otterize Cloud -{@include: ../../_common/install-otterize.md} +{@include: ../../../_common/install-otterize.md}
@@ -47,11 +47,11 @@ Or choose to include browser visualization and: #### Create an Otterize Cloud account -{@include: ../../_common/create-account.md} +{@include: ../../../_common/create-account.md} #### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../_common/install-otterize-from-cloud-with-enforcement.md} +{@include: ../../../_common/install-otterize-from-cloud-with-enforcement.md} @@ -60,7 +60,7 @@ Finally, you'll need to install the Otterize CLI (if you haven't already) to int
Install the Otterize CLI -{@include: ../../_common/install-otterize-cli.md} +{@include: ../../../_common/install-otterize-cli.md}
@@ -92,7 +92,7 @@ For a complete list of the CLI capabilities read the [CLI command reference](/re ### Extract and see the network map -{@include: ../../getting-started/_show_mapped_traffic_cli.mdx} +{@include: ../../../getting-started/_show_mapped_traffic_cli.mdx} ### Show the access graph in Otterize Cloud diff --git a/docs/quickstart/access-control/k8s-network-policies.mdx b/docs/access-types/Networking/Examples/k8s-network-policies.mdx similarity index 92% rename from docs/quickstart/access-control/k8s-network-policies.mdx rename to docs/access-types/Networking/Examples/k8s-network-policies.mdx index 2117d5210..781e43f1c 100644 --- a/docs/quickstart/access-control/k8s-network-policies.mdx +++ b/docs/access-types/Networking/Examples/k8s-network-policies.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: NetworkPolicy automation +title: Network Policy Automation image: /img/quick-tutorials/network-policies/social.png --- @@ -28,7 +28,7 @@ In this tutorial, we will: Before you start, you'll need a Kubernetes cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/). -{@include: ../../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md} @@ -42,7 +42,7 @@ So either forego browser visualization and:
Install Otterize in your cluster, without Otterize Cloud -{@include: ../../_common/install-otterize.md} +{@include: ../../../_common/install-otterize.md}
@@ -53,11 +53,11 @@ Or choose to include browser visualization and: #### Create an Otterize Cloud account -{@include: ../../_common/create-account.md} +{@include: ../../../_common/create-account.md} #### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../_common/install-otterize-from-cloud-with-enforcement.md} +{@include: ../../../_common/install-otterize-from-cloud-with-enforcement.md} @@ -72,7 +72,7 @@ Our simple example consists of three pods: an HTTP server and two clients that c ```yaml -{@include: ../../../static/code-examples/automate-network-policies/namespace.yaml} +{@include: ../../../../static/code-examples/automate-network-policies/namespace.yaml} ``` @@ -80,23 +80,23 @@ Our simple example consists of three pods: an HTTP server and two clients that c ```yaml -{@include: ../../../static/code-examples/automate-network-policies/server-deployment.yaml} +{@include: ../../../../static/code-examples/automate-network-policies/server-deployment.yaml} --- -{@include: ../../../static/code-examples/automate-network-policies/server-service.yaml} +{@include: ../../../../static/code-examples/automate-network-policies/server-service.yaml} ``` ```yaml -{@include: ../../../static/code-examples/automate-network-policies/client-deployment.yaml} +{@include: ../../../../static/code-examples/automate-network-policies/client-deployment.yaml} ``` ```yaml -{@include: ../../../static/code-examples/automate-network-policies/client-other-deployment.yaml} +{@include: ../../../../static/code-examples/automate-network-policies/client-other-deployment.yaml} ``` @@ -193,7 +193,7 @@ You can click on the services or the lines connecting them to see which ClientIn 1. Here is the `intents.yaml` declaration of the client, which we will apply below: ```yaml -{@include: ../../../static/code-examples/automate-network-policies/intents.yaml} +{@include: ../../../../static/code-examples/automate-network-policies/intents.yaml} ``` ### See it in action diff --git a/docs/guides/protect-1-service-network-policies.mdx b/docs/access-types/Networking/Examples/protect-1-service-network-policies.mdx similarity index 97% rename from docs/guides/protect-1-service-network-policies.mdx rename to docs/access-types/Networking/Examples/protect-1-service-network-policies.mdx index 13b485874..7bcaacd3e 100644 --- a/docs/guides/protect-1-service-network-policies.mdx +++ b/docs/access-types/Networking/Examples/protect-1-service-network-policies.mdx @@ -1,7 +1,6 @@ --- sidebar_position: 1 -title: "Protecting one service with network policies" -sidebar_label: "Protecting one service with network policies" +title: "Protecting A Service With Network Policies" --- import CodeBlock from "@theme/CodeBlock"; @@ -32,7 +31,7 @@ Note: all the capabilities of IBAC are within Otterize OSS, while the access gra Before you start, you'll need a Kubernetes cluster. -{@include: ../_common/cluster-setup.md} +{@include: ../../../_common/cluster-setup.md}
@@ -106,21 +105,21 @@ Go ahead and browse to the URL above to "shop" and get a feel for the demo's beh
Create an Otterize Cloud account -{@include: ../_common/create-account.md} +{@include: ../../../_common/create-account.md}
Install Otterize OSS -{@include: ../_common/install-otterize-from-cloud.md} +{@include: ../../../_common/install-otterize-from-cloud.md}
Install the Otterize CLI -{@include: ../_common/install-otterize-cli.md} +{@include: ../../../_common/install-otterize-cli.md}
@@ -305,7 +304,7 @@ Now that we've verified no intended clients would be blocked, we can safely prot To do so, recall that we configured Otterize OSS to be in the `defaultShadow` mode: by default, it's in shadow mode for all services, not actually managing network policies for them. To protect a service is a simple matter of applying a `ProtectedService` YAML for it, overriding the default for it: ```yaml -{@include: ../../static/code-examples/guides/protect-1-service-network-policies/protect-productcatalogservice.yaml} +{@include: ../../../../static/code-examples/guides/protect-1-service-network-policies/protect-productcatalogservice.yaml} ``` Let's apply this file to our cluster: diff --git a/docs/access-types/Networking/Overview.mdx b/docs/access-types/Networking/Overview.mdx new file mode 100644 index 000000000..7e4dcc2d8 --- /dev/null +++ b/docs/access-types/Networking/Overview.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 1 +title: Overview +--- \ No newline at end of file diff --git a/docs/reference/access-controls/network-policies/README.mdx b/docs/access-types/Networking/Reference/Network-Policies-Deep-Dive.mdx similarity index 99% rename from docs/reference/access-controls/network-policies/README.mdx rename to docs/access-types/Networking/Reference/Network-Policies-Deep-Dive.mdx index fb5e5ad53..10517004d 100644 --- a/docs/reference/access-controls/network-policies/README.mdx +++ b/docs/access-types/Networking/Reference/Network-Policies-Deep-Dive.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: Network policies deep dive +title: Network Policies Deep Dive --- import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; diff --git a/docs/access-types/Networking/Reference/README.mdx b/docs/access-types/Networking/Reference/README.mdx new file mode 100644 index 000000000..626ea0452 --- /dev/null +++ b/docs/access-types/Networking/Reference/README.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 3 +title: Reference +--- \ No newline at end of file diff --git a/docs/access-types/Networking/_category_.json b/docs/access-types/Networking/_category_.json new file mode 100644 index 000000000..cffc70f0d --- /dev/null +++ b/docs/access-types/Networking/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Networking", + "position": 1, + "collapsed": true +} diff --git a/docs/access-types/Postgres/Examples/_category_.json b/docs/access-types/Postgres/Examples/_category_.json new file mode 100644 index 000000000..0e3676464 --- /dev/null +++ b/docs/access-types/Postgres/Examples/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Examples", + "position": 2, + "collapsed": true +} diff --git a/docs/quickstart/access-control/postgres.mdx b/docs/access-types/Postgres/Examples/postgres.mdx similarity index 100% rename from docs/quickstart/access-control/postgres.mdx rename to docs/access-types/Postgres/Examples/postgres.mdx diff --git a/docs/access-types/Postgres/Overview.mdx b/docs/access-types/Postgres/Overview.mdx new file mode 100644 index 000000000..7e4dcc2d8 --- /dev/null +++ b/docs/access-types/Postgres/Overview.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 1 +title: Overview +--- \ No newline at end of file diff --git a/docs/access-types/Postgres/Reference.mdx b/docs/access-types/Postgres/Reference.mdx new file mode 100644 index 000000000..626ea0452 --- /dev/null +++ b/docs/access-types/Postgres/Reference.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 3 +title: Reference +--- \ No newline at end of file diff --git a/docs/concepts/_category_.json b/docs/access-types/Postgres/_category_.json similarity index 62% rename from docs/concepts/_category_.json rename to docs/access-types/Postgres/_category_.json index b8adac8f0..bc6190e1f 100644 --- a/docs/concepts/_category_.json +++ b/docs/access-types/Postgres/_category_.json @@ -1,5 +1,5 @@ { - "label": "Concepts", + "label": "PostgreSQL", "position": 5, "collapsed": true } diff --git a/docs/access-types/README.mdx b/docs/access-types/README.mdx new file mode 100644 index 000000000..ce1f892fc --- /dev/null +++ b/docs/access-types/README.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 1 +title: Access Types +--- \ No newline at end of file diff --git a/docs/access-types/_category_.json b/docs/access-types/_category_.json new file mode 100644 index 000000000..867232c84 --- /dev/null +++ b/docs/access-types/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Access Types", + "position": 3, + "collapsed": false +} diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index 2da7691cd..b8d8d040b 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -1,7 +1,7 @@ --- sidebar_position: 1 slug: / -title: Getting started +title: Getting Started --- export const LinkButton = (props) => ( @@ -24,7 +24,7 @@ Otterize is a platform for implementing intent-based access control ([IBAC](/int The platform is composed of **Otterize OSS**, which is tailored for a single Kubernetes cluster, and **Otterize Cloud**, which adds visibility and operationalization across Kubernetes clusters and non-Kubernetes infrastructures. Otterize enables platform engineers to easily implement, expand, and unify secured access for their Kubernetes workloads. -## Let's go! +## Let's go! 🚀 Dive right in with simple demos to manage access control: * [Create and manage network policies](/quickstart/access-control/k8s-network-policies). * [Network policies on AWS EKS with the VPC CNI](/quickstart/access-control/aws-eks-cni-mini). diff --git a/docs/getting-started/_category_.json b/docs/getting-started/_category_.json index 38eabb7ef..594203d97 100644 --- a/docs/getting-started/_category_.json +++ b/docs/getting-started/_category_.json @@ -1,3 +1,4 @@ { - "collapsed": false + "collapsed": true, + "label": "Getting Started" } \ No newline at end of file diff --git a/docs/guides/_category_.json b/docs/guides/_category_.json deleted file mode 100644 index 7cb5603b2..000000000 --- a/docs/guides/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Guides", - "position": 4, - "collapsed": false -} \ No newline at end of file diff --git a/docs/overview/README.mdx b/docs/overview/README.mdx new file mode 100644 index 000000000..7e4dcc2d8 --- /dev/null +++ b/docs/overview/README.mdx @@ -0,0 +1,4 @@ +--- +sidebar_position: 1 +title: Overview +--- \ No newline at end of file diff --git a/docs/overview/_category_.json b/docs/overview/_category_.json new file mode 100644 index 000000000..ef3474b29 --- /dev/null +++ b/docs/overview/_category_.json @@ -0,0 +1,4 @@ +{ + "collapsed": true, + "label": "Overview" +} \ No newline at end of file diff --git a/docs/installation/README.mdx b/docs/overview/installation/README.mdx similarity index 90% rename from docs/installation/README.mdx rename to docs/overview/installation/README.mdx index 102d628a5..503ea7a3b 100644 --- a/docs/installation/README.mdx +++ b/docs/overview/installation/README.mdx @@ -1,12 +1,12 @@ --- -sidebar_position: 5 +sidebar_position: 1 title: Installation --- import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; ## Install Otterize without Otterize Cloud (OSS only) -{@include: ../_common/install-otterize.md} +{@include: ../../_common/install-otterize.md}
@@ -17,11 +17,11 @@ import TabItem from '@theme/TabItem'; Before you start, you need to have a Kubernetes cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/). -{@include: ../_common/cluster-setup.md} +{@include: ../../_common/cluster-setup.md}
### Upgrade Otterize -{@include: ../_common/upgrade-otterize.md} +{@include: ../../_common/upgrade-otterize.md} ## Connect Otterize OSS to Otterize Cloud, or install Otterize with Otterize Cloud To connect Otterize OSS to Otterize Cloud you will need to [login](https://app.otterize.com), create a cluster, and follow the instructions. @@ -29,7 +29,7 @@ To connect Otterize OSS to Otterize Cloud you will need to [login](https://app.o In a nutshell, you need to `helm upgrade` the same Helm chart, but provide Otterize Cloud credentials. Upon creating a cluster, a guide will appear that walks you through doing this with the new credentials jut created. ## Install just the Otterize network mapper -{@include: ../_common/install-otterize-network-mapper.md} +{@include: ../../_common/install-otterize-network-mapper.md} ## Install the Otterize CLI @@ -37,7 +37,7 @@ The [Otterize CLI](/reference/cli) is a command-line utility used to control and To install the CLI: -{@include: ../_common/install-otterize-cli.md} +{@include: ../../_common/install-otterize-cli.md} ## Uninstall Otterize diff --git a/docs/reference/intents-and-intents-files/README.mdx b/docs/overview/intent-based-access-control.mdx similarity index 96% rename from docs/reference/intents-and-intents-files/README.mdx rename to docs/overview/intent-based-access-control.mdx index 9f7e76924..ade9e2477 100644 --- a/docs/reference/intents-and-intents-files/README.mdx +++ b/docs/overview/intent-based-access-control.mdx @@ -1,6 +1,6 @@ --- -sidebar_position: 4 -title: Intents and intents files +sidebar_position: 2 +title: Intent-Based Access Control (IBAC) --- Intent-based access control is, not surprisingly, centered around declaring intents — specifically, declaring **client** intents @@ -39,7 +39,7 @@ As an example, let's look at the core of a client intents file for a service cal It declares that it will call the `emailservice`, the `orderservice`, and the `ecomm-events` Kafka service. It also provides more granular information for some of the calls: ```yaml -{@include: ../../../static/resources/example-intents.yaml} +{@include: ../../static/resources/example-intents.yaml} ``` You can actually create and use such "plain" or "vanilla" intents files without any other metadata. Currently, Otterize only supports processing client intents via the Otterize OSS intents operator for Kubernetes, so you'll need to run the plain intents files through the Otterize CLI (`otterize intents convert`) to convert them into Kubernetes custom resource YAML files. @@ -55,7 +55,7 @@ Here is the same client intents file, now formatted as a Kubernetes custom resou so it can be applied directly via `kubectl apply`: ```yaml -{@include: ../../../static/resources/example-intents-resource-highlighted.yaml} +{@include: ../../static/resources/example-intents-resource-highlighted.yaml} ``` ## Intents file specification diff --git a/docs/otterize-cloud/README.mdx b/docs/overview/otterize-cloud/README.mdx similarity index 100% rename from docs/otterize-cloud/README.mdx rename to docs/overview/otterize-cloud/README.mdx diff --git a/docs/otterize-cloud/_category_.json b/docs/overview/otterize-cloud/_category_.json similarity index 100% rename from docs/otterize-cloud/_category_.json rename to docs/overview/otterize-cloud/_category_.json diff --git a/docs/otterize-cloud/_environments_and_namespaces.mdx b/docs/overview/otterize-cloud/_environments_and_namespaces.mdx similarity index 100% rename from docs/otterize-cloud/_environments_and_namespaces.mdx rename to docs/overview/otterize-cloud/_environments_and_namespaces.mdx diff --git a/docs/otterize-cloud/object-model.mdx b/docs/overview/otterize-cloud/object-model.mdx similarity index 100% rename from docs/otterize-cloud/object-model.mdx rename to docs/overview/otterize-cloud/object-model.mdx diff --git a/docs/otterize-oss/README.mdx b/docs/overview/otterize-oss/README.mdx similarity index 100% rename from docs/otterize-oss/README.mdx rename to docs/overview/otterize-oss/README.mdx diff --git a/docs/otterize-oss/_category_.json b/docs/overview/otterize-oss/_category_.json similarity index 100% rename from docs/otterize-oss/_category_.json rename to docs/overview/otterize-oss/_category_.json diff --git a/docs/otterize-oss/error-telemetry.mdx b/docs/overview/otterize-oss/error-telemetry.mdx similarity index 100% rename from docs/otterize-oss/error-telemetry.mdx rename to docs/overview/otterize-oss/error-telemetry.mdx diff --git a/docs/otterize-oss/usage-telemetry.mdx b/docs/overview/otterize-oss/usage-telemetry.mdx similarity index 100% rename from docs/otterize-oss/usage-telemetry.mdx rename to docs/overview/otterize-oss/usage-telemetry.mdx diff --git a/docs/quickstart/_category_.json b/docs/quickstart/_category_.json deleted file mode 100644 index 69cd49661..000000000 --- a/docs/quickstart/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Quickstart", - "position": 1, - "collapsed": false -} diff --git a/docs/quickstart/access-control/_category_.json b/docs/quickstart/access-control/_category_.json deleted file mode 100644 index 58976741d..000000000 --- a/docs/quickstart/access-control/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Access control", - "position": 1, - "collapsed": false -} diff --git a/docs/intent-based-access-control/README.mdx b/docs/reference/IBAC-Overview.mdx similarity index 100% rename from docs/intent-based-access-control/README.mdx rename to docs/reference/IBAC-Overview.mdx diff --git a/docs/reference/_category_.json b/docs/reference/_category_.json index 8c87aa627..323775976 100644 --- a/docs/reference/_category_.json +++ b/docs/reference/_category_.json @@ -1,5 +1,5 @@ { "label": "Reference", "position": 11, - "collapsed": false + "collapsed": true } diff --git a/docs/shadow-vs-active-enforcement/README.mdx b/docs/reference/shadow-vs-active-enforcement/README.mdx similarity index 100% rename from docs/shadow-vs-active-enforcement/README.mdx rename to docs/reference/shadow-vs-active-enforcement/README.mdx diff --git a/docs/troubleshooting/README.mdx b/docs/reference/troubleshooting/README.mdx similarity index 100% rename from docs/troubleshooting/README.mdx rename to docs/reference/troubleshooting/README.mdx diff --git a/docusaurus.config.js b/docusaurus.config.js index 1fdac1096..cc13b705f 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -137,6 +137,28 @@ const config = { { redirects: [ { + from: ['/getting-started/oss-installation', '/installation'], + to: '/overview/installation', + }, + { + from: ['/intent-based-access-control', '/reference/intents-and-intents-files'], + to: '/overview/intent-based-access-control' + }, + { + from: ['/otterize-oss'], + to: '/overview/otterize-oss' + }, + { + from: ['/reference/access-controls/network-policies'], + to: '/access-types/Networking/Reference/Network-Policies-Deep-Dive' + }, + { + from: ['/shadow-vs-active-enforcement'], + to: '/reference/shadow-vs-active-enforcement' + }, + { + from: ['/otterize-cloud'], + to: '/overview/otterize-cloud' from: '/quick-tutorials', to: '/', }, @@ -149,48 +171,52 @@ const config = { to: '/installation', }, { - from: '/quick-tutorials/k8s-network-policies', - to: '/quickstart/access-control/k8s-network-policies', + from: ['/otterize-oss/usage-telemetry'], + to: '/overview/otterize-oss/usage-telemetry' }, { - from: '/quick-tutorials/k8s-istio-authorization-policies', - to: '/quickstart/access-control/k8s-istio-authorization-policies', + from: ['/otterize-oss/error-telemetry'], + to: '/overview/otterize-oss/error-telemetry' }, { - from: '/quick-tutorials/k8s-kafka-mtls', - to: '/quickstart/access-control/k8s-kafka-mtls', + from: ['/otterize-cloud/object-model'], + to: '/overview/otterize-cloud/object-model' }, { - from: '/quick-tutorials/aws-eks-cni-mini', - to: '/quickstart/access-control/aws-eks-cni-mini', + from: ['/guides/protect-1-service-network-policies'], + to: '/access-types/Networking/Examples/protect-1-service-network-policies' }, { - from: '/quick-tutorials/k8s-kafka-mtls-cert-manager', - to: '/quickstart/access-control/k8s-kafka-mtls-cert-manager', + from: ['/quick-tutorials/k8s-kafka-mtls', '/quickstart/access-control/k8s-kafka-mtls'], + to: '/access-types/Kafka/Examples/k8s-kafka-mtls', + }, + { + from: ['/quick-tutorials/aws-eks-cni-mini','/quickstart/access-control/aws-eks-cni-mini'], + to: '/access-types/Networking/Examples/aws-eks-cni-mini', }, { - from: '/quick-tutorials/k8s-network-mapper', - to: '/quickstart/visualization/k8s-network-mapper', + from: ['/quick-tutorials/k8s-kafka-mtls-cert-manager', '/quickstart/access-control/k8s-kafka-mtls-cert-manager'], + to: '/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager', }, { - from: '/quick-tutorials/k8s-istio-watcher', - to: '/quickstart/visualization/k8s-istio-watcher', + from: ['/quick-tutorials/k8s-istio-watcher', '/quickstart/visualization/k8s-istio-watcher'], + to: '/access-types/Istio/Examples/k8s-istio-watcher', }, { - from: '/quick-visual-tutorials/visual-ibac-istio-authorization-policies', - to: '/quickstart/access-control/k8s-istio-authorization-policies', + from: ['/quick-visual-tutorials/visual-ibac-istio-authorization-policies','/quickstart/access-control/k8s-istio-authorization-policies', '/quickstart/k8s-istio-authorization-policies'], + to: '/access-types/Istio/Examples/k8s-istio-authorization-policies', }, { - from: '/quick-visual-tutorials/visual-ibac-kafka-k8s', - to: '/quickstart/access-control/k8s-kafka-mtls', + from: ['/quick-visual-tutorials/visual-ibac-kafka-k8s'], + to: '/access-types/Kafka/Examples/k8s-kafka-mapping', }, { - from: '/quick-visual-tutorials/visual-ibac-network-policies', - to: '/quickstart/access-control/k8s-network-policies', + from: ['/quick-visual-tutorials/visual-ibac-network-policies', '/quick-tutorials/k8s-network-policies', '/quickstart/access-control/k8s-network-policies'], + to: '/access-types/Networking/Examples/k8s-network-policies', }, { - from: '/quick-visual-tutorials/visual-k8s-cluster-mapping', - to: '/quickstart/visualization/k8s-network-mapper', + from: ['/quick-visual-tutorials/visual-k8s-cluster-mapping', '/quickstart/visualization/k8s-network-mapper', '/quick-tutorials/k8s-network-mapper'], + to: '/access-types/Networking/Examples/k8s-network-mapper', }, // Redirect from multiple old paths to the new path // { diff --git a/src/css/custom.css b/src/css/custom.css index 39fa32fb8..01d80d9cb 100644 --- a/src/css/custom.css +++ b/src/css/custom.css @@ -10,18 +10,22 @@ /* You can override the default Infima variables here. */ :root { - --ifm-color-primary: #306e96; + --ifm-color-primary: #4d3df7; --ifm-color-primary-dark: #2b6387; --ifm-color-primary-darker: #295e80; --ifm-color-primary-darkest: #224d69; --ifm-color-primary-light: #3579a5; --ifm-color-primary-lighter: #377fad; --ifm-color-primary-lightest: #408fc2; - --ifm-code-font-size: 95%; + --ifm-code-font-size: 85%; + --ifm-font-size-base: 0.9rem; + --ifm-font-weight-base: 400; + --ifm-h1-font-size: 2.5rem; --ifm-code-border-radius: 5px; --docusaurus-highlighted-code-line-bg: rgba(255, 255, 255, 0.2); --ifm-navbar-height: 5rem; + --ifm-menu-color: #333; --ifm-footer-background-color: white; --ifm-footer-color: white; @@ -31,11 +35,12 @@ } .navbar__title { - color: #2186e6; + color: #4d3df7; } .navbar__item { margin-left: 10px; + font-size: 12px; white-space: nowrap; } From 1af2efff93890c0afd4928c4f20ed02c5623b7a6 Mon Sep 17 00:00:00 2001 From: bglynn Date: Mon, 22 Jan 2024 10:08:14 -0800 Subject: [PATCH 02/24] * Added support to tailwind in the documents * Access Type / AWS IAM Draft content --- docs/access-types/AWS IAM/Overview.mdx | 8 -- docs/access-types/AWS IAM/Reference.mdx | 4 - .../Istio/Examples/_category_.json | 2 +- .../Networking/Examples/_category_.json | 2 +- .../Postgres/Examples/_category_.json | 2 +- docs/access-types/README.mdx | 82 ++++++++++++++++++- .../Examples/_category_.json | 0 .../Examples/aws-iam-eks.mdx | 0 docs/access-types/aws-iam/Overview.mdx | 46 +++++++++++ docs/access-types/aws-iam/Reference.mdx | 40 +++++++++ .../{AWS IAM => aws-iam}/_category_.json | 2 +- package.json | 1 + src/css/custom.css | 6 ++ tailwind.config.js | 2 +- yarn.lock | 5 ++ 15 files changed, 184 insertions(+), 18 deletions(-) delete mode 100644 docs/access-types/AWS IAM/Overview.mdx delete mode 100644 docs/access-types/AWS IAM/Reference.mdx rename docs/access-types/{AWS IAM => aws-iam}/Examples/_category_.json (100%) rename docs/access-types/{AWS IAM => aws-iam}/Examples/aws-iam-eks.mdx (100%) create mode 100644 docs/access-types/aws-iam/Overview.mdx create mode 100644 docs/access-types/aws-iam/Reference.mdx rename docs/access-types/{AWS IAM => aws-iam}/_category_.json (67%) diff --git a/docs/access-types/AWS IAM/Overview.mdx b/docs/access-types/AWS IAM/Overview.mdx deleted file mode 100644 index cf6694baa..000000000 --- a/docs/access-types/AWS IAM/Overview.mdx +++ /dev/null @@ -1,8 +0,0 @@ ---- -sidebar_position: 1 -title: Overview -hide_table_of_contents: false ---- - - - diff --git a/docs/access-types/AWS IAM/Reference.mdx b/docs/access-types/AWS IAM/Reference.mdx deleted file mode 100644 index 626ea0452..000000000 --- a/docs/access-types/AWS IAM/Reference.mdx +++ /dev/null @@ -1,4 +0,0 @@ ---- -sidebar_position: 3 -title: Reference ---- \ No newline at end of file diff --git a/docs/access-types/Istio/Examples/_category_.json b/docs/access-types/Istio/Examples/_category_.json index 0e3676464..bbac434cd 100644 --- a/docs/access-types/Istio/Examples/_category_.json +++ b/docs/access-types/Istio/Examples/_category_.json @@ -1,5 +1,5 @@ { "label": "Examples", "position": 2, - "collapsed": true + "collapsed": false } diff --git a/docs/access-types/Networking/Examples/_category_.json b/docs/access-types/Networking/Examples/_category_.json index 0e3676464..bbac434cd 100644 --- a/docs/access-types/Networking/Examples/_category_.json +++ b/docs/access-types/Networking/Examples/_category_.json @@ -1,5 +1,5 @@ { "label": "Examples", "position": 2, - "collapsed": true + "collapsed": false } diff --git a/docs/access-types/Postgres/Examples/_category_.json b/docs/access-types/Postgres/Examples/_category_.json index 0e3676464..bbac434cd 100644 --- a/docs/access-types/Postgres/Examples/_category_.json +++ b/docs/access-types/Postgres/Examples/_category_.json @@ -1,5 +1,5 @@ { "label": "Examples", "position": 2, - "collapsed": true + "collapsed": false } diff --git a/docs/access-types/README.mdx b/docs/access-types/README.mdx index ce1f892fc..176cb8bf0 100644 --- a/docs/access-types/README.mdx +++ b/docs/access-types/README.mdx @@ -1,4 +1,84 @@ --- sidebar_position: 1 title: Access Types ---- \ No newline at end of file +hide_title: true +--- + +export const types = [ + { + name: 'Networking', + role: 'Admin', + url: '/access-types/Networking/Overview', + imageUrl: '/img/icons/networking.png', + }, + { + name: 'AWS IAM', + role: 'Admin', + url: '/access-types/aws-iam/Overview', + imageUrl: '/img/icons/aws.png', + }, + { + name: 'Kafka', + role: 'Admin', + url: '/access-types/Kafka/Overview', + imageUrl: '/img/icons/kafka.png', + }, + { + name: 'Istio', + role: 'Admin', + url: '/access-types/Istio/Overview', + imageUrl: '/img/icons/istio.png', + }, + { + name: 'PostgreSQL', + role: 'Cloud', + url: '/access-types/Postgres/Overview', + imageUrl: '/img/icons/postgresql.png', + }, + // More types... +] + +export default function AccessTypesCards() { + return ( +
+

Access Types

+

+ Otterize makes it easy to create authorization for your Kubernetes clusters across a variety of + different types of access. Explore each below. +

+ +
+ ) +} + + + + + + diff --git a/docs/access-types/AWS IAM/Examples/_category_.json b/docs/access-types/aws-iam/Examples/_category_.json similarity index 100% rename from docs/access-types/AWS IAM/Examples/_category_.json rename to docs/access-types/aws-iam/Examples/_category_.json diff --git a/docs/access-types/AWS IAM/Examples/aws-iam-eks.mdx b/docs/access-types/aws-iam/Examples/aws-iam-eks.mdx similarity index 100% rename from docs/access-types/AWS IAM/Examples/aws-iam-eks.mdx rename to docs/access-types/aws-iam/Examples/aws-iam-eks.mdx diff --git a/docs/access-types/aws-iam/Overview.mdx b/docs/access-types/aws-iam/Overview.mdx new file mode 100644 index 000000000..13fcffd3c --- /dev/null +++ b/docs/access-types/aws-iam/Overview.mdx @@ -0,0 +1,46 @@ +--- +sidebar_position: 1 +title: Overview +hide_table_of_contents: true +hide_title: true +--- + +# AWS IAM + +Otterize can provide least-privilege access from your EKS Kubernetes clusters to AWS Resources with [IBAC](/overview/intent-based-access-control/) support for AWS's IAM policies. + +### About + +In many workloads, EKS clusters must access external cloud resources such as databases, object storage, or additional services. Otterize provides unique credentials and policies for each pod for exactly the authorization they require. + +### How does it work + +To follow along with a full example, take a look at [Automate AWS IAM for EKS](/access-types/aws-iam/Examples/aws-iam-eks) + +1. First, the EKS cluster must have [Otterize installed](/overview/installation). +2. We must label the pod with `credentials-operator.otterize.com/create-aws-role: "true"` +3. Once that is complete, Otterize’s credential operator will create a role and an `AssumeRolePolicy` bound to ServiceAccount. +4. At this point, the role does not have the ability to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an S3 bucket. View the [reference](/access-types/aws-iam/Reference) to learn more about the AWS IAM Client Intent syntax. +5. Once the intent is applied, a new policy will be attached to the service’s role with the appropriate access. + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: server +spec: + service: + name: server + calls: + - name: arn:aws:s3:::example-bucket-*/* + type: aws + awsActions: + - "s3:PutObject" + - "s3:GetObject" +``` + +### Coming Soon + +Building least-privilege access can be difficult. Many actions have dependent actions, or services can require a lot of access to perform their functions. To help reduce this burden, Otterize will provide automated ClientIntents based on the actions your service actually requires by detecting the calls being made and converting them into the necessary YAML syntax. + + diff --git a/docs/access-types/aws-iam/Reference.mdx b/docs/access-types/aws-iam/Reference.mdx new file mode 100644 index 000000000..bfc777d18 --- /dev/null +++ b/docs/access-types/aws-iam/Reference.mdx @@ -0,0 +1,40 @@ +--- +sidebar_position: 3 +title: Reference +--- +**Metadata/Labels** + +| label | type | Description | +|---------------------------------------------------|---------|--------------------------------------------------------------| +| credentials-operator.otterize.com/create-aws-role | boolean | By setting to **true** the credential operator will create an unique AWS Role for the associated pod | +**ClientIntents** (YAML) + +| key | sub-ley | type | type | Description | +|-------------|------------|-------|--------|--------------------------------------------------------------| +| **service** | name | value | string | The name of the pod that will be granted access | +| **calls** | name | list | ARN | The AWS ARN or ARN wildcard that references the resource(s) for the authorization. See [ARN Formats - Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/APIReference/qs-arn-format.html) for more information | +| **calls** | type | value | string | a value of “aws” to indicate the type of calls being authorized and specified. | +| **calls** | awsActions | list | Action | The [AWS Actions](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) or action wildcards that will be provided to the specified resources. | +Multiple call definitions can be defined for a single service. + +**Example YAML** + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: server +spec: + service: + name: server + calls: + - name: arn:aws:s3:::example-bucket-*/* + type: aws + awsActions: + - "s3:PutObject" + - "s3:GetObject" + - name: arn:aws:s3:::read-only-bucket-*/* + type: aws + awsActions: + - "s3:GetObject" +``` diff --git a/docs/access-types/AWS IAM/_category_.json b/docs/access-types/aws-iam/_category_.json similarity index 67% rename from docs/access-types/AWS IAM/_category_.json rename to docs/access-types/aws-iam/_category_.json index aca2a23bb..31268af38 100644 --- a/docs/access-types/AWS IAM/_category_.json +++ b/docs/access-types/aws-iam/_category_.json @@ -1,5 +1,5 @@ { "label": "AWS IAM", "position": 2, - "collapsed": true + "collapsed": false } diff --git a/package.json b/package.json index 70dbf3159..d1c852a70 100644 --- a/package.json +++ b/package.json @@ -24,6 +24,7 @@ "clsx": "^1.2.1", "docusaurus-plugin-hotjar": "^0.0.2", "docusaurus-plugin-includes": "^1.1.4", + "heroicons": "^2.1.1", "prism-react-renderer": "^1.3.5", "react": "^17.0.2", "react-dom": "^17.0.2" diff --git a/src/css/custom.css b/src/css/custom.css index 01d80d9cb..7232bddbf 100644 --- a/src/css/custom.css +++ b/src/css/custom.css @@ -34,6 +34,12 @@ --ifm-footer-padding-horizontal: 20px; } +article { + max-width: 800px; + margin-left: 2rem; + margin-right: auto; +} + .navbar__title { color: #4d3df7; } diff --git a/tailwind.config.js b/tailwind.config.js index 066cdd952..a1768b0f8 100644 --- a/tailwind.config.js +++ b/tailwind.config.js @@ -1,6 +1,6 @@ /** @type {import('tailwindcss').Config} */ module.exports = { - content: ['./src/**/*.{js,jsx,ts,tsx}', './docusaurus.config.js'], + content: ['./src/**/*.{js,jsx,ts,tsx}', './docusaurus.config.js', './docs/**/*.mdx'], prefix: 'tw-', // This is important to avoid conflicts with Docusaurus styles. theme: { screens: { diff --git a/yarn.lock b/yarn.lock index 2aab033f1..199721d77 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4416,6 +4416,11 @@ he@^1.2.0: resolved "https://registry.npmjs.org/he/-/he-1.2.0.tgz" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== +heroicons@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/heroicons/-/heroicons-2.1.1.tgz#b574c2d87bc504bf7f4fefacc20960c5672b0202" + integrity sha512-54kHbrxsTyAJJU7z07XN1OrVBX8ogN/tbclP8Doxk0X4IQmR6LEhLzJBkFK9Yc814NoXG6ZJBh9Bi/qvauzjfA== + history@^4.9.0: version "4.10.1" resolved "https://registry.npmjs.org/history/-/history-4.10.1.tgz" From 784d60db2d7bc4b344151c383f98c21783b072c0 Mon Sep 17 00:00:00 2001 From: bglynn Date: Wed, 24 Jan 2024 12:21:46 -0800 Subject: [PATCH 03/24] * "Features" * Draft content for new getting started page --- docs/access-types/Istio/_category_.json | 5 - docs/access-types/Kafka/_category_.json | 5 - docs/access-types/Networking/_category_.json | 5 - docs/access-types/Postgres/_category_.json | 5 - docs/access-types/README.mdx | 84 ------- docs/access-types/_category_.json | 5 - docs/access-types/aws-iam/_category_.json | 5 - .../Istio/Examples/_category_.json | 0 .../k8s-istio-authorization-policies.mdx | 0 .../Istio/Examples/k8s-istio-watcher.mdx | 0 .../Istio/Overview.mdx | 0 .../Istio/Reference.mdx | 0 docs/features/Istio/_category_.json | 8 + .../Kafka/Examples/_category_.json | 0 .../Kafka/Examples/k8s-kafka-mapping.mdx | 0 .../Examples/k8s-kafka-mtls-cert-manager.mdx | 2 +- .../Kafka/Examples/k8s-kafka-mtls.mdx | 0 .../Kafka/Overview.mdx | 0 .../Kafka/Reference.mdx | 0 docs/features/Kafka/_category_.json | 9 + .../Networking/Examples/_category_.json | 0 .../Networking/Examples/aws-eks-cni-mini.mdx | 2 +- .../Examples/k8s-network-mapper.mdx | 2 +- .../Examples/k8s-network-policies.mdx | 2 +- .../protect-1-service-network-policies.mdx | 2 +- .../Networking/Overview.mdx | 0 .../Reference/Network-Policies-Deep-Dive.mdx | 0 .../Networking/Reference/README.mdx | 0 docs/features/Networking/_category_.json | 8 + .../Postgres/Examples/_category_.json | 0 .../Postgres/Examples/postgres.mdx | 0 .../Postgres/Overview.mdx | 0 .../Postgres/Reference.mdx | 0 docs/features/Postgres/_category_.json | 8 + docs/features/README.mdx | 55 +++++ docs/features/_category_.json | 8 + .../aws-iam/Examples/_category_.json | 0 .../aws-iam/Examples/aws-iam-eks.mdx | 0 .../aws-iam/Overview.mdx | 4 +- .../aws-iam/Reference.mdx | 0 docs/features/aws-iam/_category_.json | 8 + docs/getting-started/README.mdx | 224 ++++++++++++++---- docusaurus.config.js | 20 +- src/components/CardList/index.js | 29 +++ src/components/LinkCard/index.js | 35 +++ static/img/icons/aws.png | Bin 0 -> 46809 bytes static/img/icons/istio.png | Bin 0 -> 20852 bytes static/img/icons/kafka.png | Bin 0 -> 13675 bytes static/img/icons/networking.png | Bin 0 -> 21015 bytes static/img/icons/postgresql.png | Bin 0 -> 35042 bytes 50 files changed, 365 insertions(+), 175 deletions(-) delete mode 100644 docs/access-types/Istio/_category_.json delete mode 100644 docs/access-types/Kafka/_category_.json delete mode 100644 docs/access-types/Networking/_category_.json delete mode 100644 docs/access-types/Postgres/_category_.json delete mode 100644 docs/access-types/README.mdx delete mode 100644 docs/access-types/_category_.json delete mode 100644 docs/access-types/aws-iam/_category_.json rename docs/{access-types => features}/Istio/Examples/_category_.json (100%) rename docs/{access-types => features}/Istio/Examples/k8s-istio-authorization-policies.mdx (100%) rename docs/{access-types => features}/Istio/Examples/k8s-istio-watcher.mdx (100%) rename docs/{access-types => features}/Istio/Overview.mdx (100%) rename docs/{access-types => features}/Istio/Reference.mdx (100%) create mode 100644 docs/features/Istio/_category_.json rename docs/{access-types => features}/Kafka/Examples/_category_.json (100%) rename docs/{access-types => features}/Kafka/Examples/k8s-kafka-mapping.mdx (100%) rename docs/{access-types => features}/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx (99%) rename docs/{access-types => features}/Kafka/Examples/k8s-kafka-mtls.mdx (100%) rename docs/{access-types => features}/Kafka/Overview.mdx (100%) rename docs/{access-types => features}/Kafka/Reference.mdx (100%) create mode 100644 docs/features/Kafka/_category_.json rename docs/{access-types => features}/Networking/Examples/_category_.json (100%) rename docs/{access-types => features}/Networking/Examples/aws-eks-cni-mini.mdx (99%) rename docs/{access-types => features}/Networking/Examples/k8s-network-mapper.mdx (99%) rename docs/{access-types => features}/Networking/Examples/k8s-network-policies.mdx (99%) rename docs/{access-types => features}/Networking/Examples/protect-1-service-network-policies.mdx (99%) rename docs/{access-types => features}/Networking/Overview.mdx (100%) rename docs/{access-types => features}/Networking/Reference/Network-Policies-Deep-Dive.mdx (100%) rename docs/{access-types => features}/Networking/Reference/README.mdx (100%) create mode 100644 docs/features/Networking/_category_.json rename docs/{access-types => features}/Postgres/Examples/_category_.json (100%) rename docs/{access-types => features}/Postgres/Examples/postgres.mdx (100%) rename docs/{access-types => features}/Postgres/Overview.mdx (100%) rename docs/{access-types => features}/Postgres/Reference.mdx (100%) create mode 100644 docs/features/Postgres/_category_.json create mode 100644 docs/features/README.mdx create mode 100644 docs/features/_category_.json rename docs/{access-types => features}/aws-iam/Examples/_category_.json (100%) rename docs/{access-types => features}/aws-iam/Examples/aws-iam-eks.mdx (100%) rename docs/{access-types => features}/aws-iam/Overview.mdx (91%) rename docs/{access-types => features}/aws-iam/Reference.mdx (100%) create mode 100644 docs/features/aws-iam/_category_.json create mode 100644 src/components/CardList/index.js create mode 100644 src/components/LinkCard/index.js create mode 100644 static/img/icons/aws.png create mode 100644 static/img/icons/istio.png create mode 100644 static/img/icons/kafka.png create mode 100644 static/img/icons/networking.png create mode 100644 static/img/icons/postgresql.png diff --git a/docs/access-types/Istio/_category_.json b/docs/access-types/Istio/_category_.json deleted file mode 100644 index 1654bce0e..000000000 --- a/docs/access-types/Istio/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Istio", - "position": 4, - "collapsed": true -} diff --git a/docs/access-types/Kafka/_category_.json b/docs/access-types/Kafka/_category_.json deleted file mode 100644 index 4861435c0..000000000 --- a/docs/access-types/Kafka/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Kafka", - "position": 3, - "collapsed": true -} diff --git a/docs/access-types/Networking/_category_.json b/docs/access-types/Networking/_category_.json deleted file mode 100644 index cffc70f0d..000000000 --- a/docs/access-types/Networking/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Networking", - "position": 1, - "collapsed": true -} diff --git a/docs/access-types/Postgres/_category_.json b/docs/access-types/Postgres/_category_.json deleted file mode 100644 index bc6190e1f..000000000 --- a/docs/access-types/Postgres/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "PostgreSQL", - "position": 5, - "collapsed": true -} diff --git a/docs/access-types/README.mdx b/docs/access-types/README.mdx deleted file mode 100644 index 176cb8bf0..000000000 --- a/docs/access-types/README.mdx +++ /dev/null @@ -1,84 +0,0 @@ ---- -sidebar_position: 1 -title: Access Types -hide_title: true ---- - -export const types = [ - { - name: 'Networking', - role: 'Admin', - url: '/access-types/Networking/Overview', - imageUrl: '/img/icons/networking.png', - }, - { - name: 'AWS IAM', - role: 'Admin', - url: '/access-types/aws-iam/Overview', - imageUrl: '/img/icons/aws.png', - }, - { - name: 'Kafka', - role: 'Admin', - url: '/access-types/Kafka/Overview', - imageUrl: '/img/icons/kafka.png', - }, - { - name: 'Istio', - role: 'Admin', - url: '/access-types/Istio/Overview', - imageUrl: '/img/icons/istio.png', - }, - { - name: 'PostgreSQL', - role: 'Cloud', - url: '/access-types/Postgres/Overview', - imageUrl: '/img/icons/postgresql.png', - }, - // More types... -] - -export default function AccessTypesCards() { - return ( -
-

Access Types

-

- Otterize makes it easy to create authorization for your Kubernetes clusters across a variety of - different types of access. Explore each below. -

- -
- ) -} - - - - - - diff --git a/docs/access-types/_category_.json b/docs/access-types/_category_.json deleted file mode 100644 index 867232c84..000000000 --- a/docs/access-types/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Access Types", - "position": 3, - "collapsed": false -} diff --git a/docs/access-types/aws-iam/_category_.json b/docs/access-types/aws-iam/_category_.json deleted file mode 100644 index 31268af38..000000000 --- a/docs/access-types/aws-iam/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "AWS IAM", - "position": 2, - "collapsed": false -} diff --git a/docs/access-types/Istio/Examples/_category_.json b/docs/features/Istio/Examples/_category_.json similarity index 100% rename from docs/access-types/Istio/Examples/_category_.json rename to docs/features/Istio/Examples/_category_.json diff --git a/docs/access-types/Istio/Examples/k8s-istio-authorization-policies.mdx b/docs/features/Istio/Examples/k8s-istio-authorization-policies.mdx similarity index 100% rename from docs/access-types/Istio/Examples/k8s-istio-authorization-policies.mdx rename to docs/features/Istio/Examples/k8s-istio-authorization-policies.mdx diff --git a/docs/access-types/Istio/Examples/k8s-istio-watcher.mdx b/docs/features/Istio/Examples/k8s-istio-watcher.mdx similarity index 100% rename from docs/access-types/Istio/Examples/k8s-istio-watcher.mdx rename to docs/features/Istio/Examples/k8s-istio-watcher.mdx diff --git a/docs/access-types/Istio/Overview.mdx b/docs/features/Istio/Overview.mdx similarity index 100% rename from docs/access-types/Istio/Overview.mdx rename to docs/features/Istio/Overview.mdx diff --git a/docs/access-types/Istio/Reference.mdx b/docs/features/Istio/Reference.mdx similarity index 100% rename from docs/access-types/Istio/Reference.mdx rename to docs/features/Istio/Reference.mdx diff --git a/docs/features/Istio/_category_.json b/docs/features/Istio/_category_.json new file mode 100644 index 000000000..1768d992d --- /dev/null +++ b/docs/features/Istio/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Istio", + "position": 4, + "collapsed": true, + "customProps": { + "image": "/img/icons/istio.png" + } +} diff --git a/docs/access-types/Kafka/Examples/_category_.json b/docs/features/Kafka/Examples/_category_.json similarity index 100% rename from docs/access-types/Kafka/Examples/_category_.json rename to docs/features/Kafka/Examples/_category_.json diff --git a/docs/access-types/Kafka/Examples/k8s-kafka-mapping.mdx b/docs/features/Kafka/Examples/k8s-kafka-mapping.mdx similarity index 100% rename from docs/access-types/Kafka/Examples/k8s-kafka-mapping.mdx rename to docs/features/Kafka/Examples/k8s-kafka-mapping.mdx diff --git a/docs/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx b/docs/features/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx similarity index 99% rename from docs/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx rename to docs/features/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx index ec754ba6c..8bd74c7dd 100644 --- a/docs/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx +++ b/docs/features/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 5 -title: Kafka Access Automation Using Cert-Manager mTLS +title: Kafka access automation using cert-manager mTLS image: /img/quick-tutorials/k8s-kafka-mtls-cert-mgr/social.png --- diff --git a/docs/access-types/Kafka/Examples/k8s-kafka-mtls.mdx b/docs/features/Kafka/Examples/k8s-kafka-mtls.mdx similarity index 100% rename from docs/access-types/Kafka/Examples/k8s-kafka-mtls.mdx rename to docs/features/Kafka/Examples/k8s-kafka-mtls.mdx diff --git a/docs/access-types/Kafka/Overview.mdx b/docs/features/Kafka/Overview.mdx similarity index 100% rename from docs/access-types/Kafka/Overview.mdx rename to docs/features/Kafka/Overview.mdx diff --git a/docs/access-types/Kafka/Reference.mdx b/docs/features/Kafka/Reference.mdx similarity index 100% rename from docs/access-types/Kafka/Reference.mdx rename to docs/features/Kafka/Reference.mdx diff --git a/docs/features/Kafka/_category_.json b/docs/features/Kafka/_category_.json new file mode 100644 index 000000000..671f785b5 --- /dev/null +++ b/docs/features/Kafka/_category_.json @@ -0,0 +1,9 @@ +{ + "label": "Kafka", + "position": 3, + "collapsed": true, + "customProps": { + "image": "/img/icons/kafka.png", + "cloud-only": "true" + } +} diff --git a/docs/access-types/Networking/Examples/_category_.json b/docs/features/Networking/Examples/_category_.json similarity index 100% rename from docs/access-types/Networking/Examples/_category_.json rename to docs/features/Networking/Examples/_category_.json diff --git a/docs/access-types/Networking/Examples/aws-eks-cni-mini.mdx b/docs/features/Networking/Examples/aws-eks-cni-mini.mdx similarity index 99% rename from docs/access-types/Networking/Examples/aws-eks-cni-mini.mdx rename to docs/features/Networking/Examples/aws-eks-cni-mini.mdx index f49bd7e7b..9e6ea6e55 100644 --- a/docs/access-types/Networking/Examples/aws-eks-cni-mini.mdx +++ b/docs/features/Networking/Examples/aws-eks-cni-mini.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 4 -title: AWS EKS Network policies With The VPC CNI +title: AWS EKS network policies with the VPC CNI image: /img/quick-tutorials/aws-eks-mini/social.png --- diff --git a/docs/access-types/Networking/Examples/k8s-network-mapper.mdx b/docs/features/Networking/Examples/k8s-network-mapper.mdx similarity index 99% rename from docs/access-types/Networking/Examples/k8s-network-mapper.mdx rename to docs/features/Networking/Examples/k8s-network-mapper.mdx index 0db7cfd8b..7c3db3339 100644 --- a/docs/access-types/Networking/Examples/k8s-network-mapper.mdx +++ b/docs/features/Networking/Examples/k8s-network-mapper.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: Visualizing a Kubernetes Network +title: Visualizing a Kubernetes network image: /img/visualization/k8s-network-mapper/social.png --- diff --git a/docs/access-types/Networking/Examples/k8s-network-policies.mdx b/docs/features/Networking/Examples/k8s-network-policies.mdx similarity index 99% rename from docs/access-types/Networking/Examples/k8s-network-policies.mdx rename to docs/features/Networking/Examples/k8s-network-policies.mdx index 781e43f1c..3686dc23f 100644 --- a/docs/access-types/Networking/Examples/k8s-network-policies.mdx +++ b/docs/features/Networking/Examples/k8s-network-policies.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: Network Policy Automation +title: NetworkPolicy Automation image: /img/quick-tutorials/network-policies/social.png --- diff --git a/docs/access-types/Networking/Examples/protect-1-service-network-policies.mdx b/docs/features/Networking/Examples/protect-1-service-network-policies.mdx similarity index 99% rename from docs/access-types/Networking/Examples/protect-1-service-network-policies.mdx rename to docs/features/Networking/Examples/protect-1-service-network-policies.mdx index 7bcaacd3e..d43d3b445 100644 --- a/docs/access-types/Networking/Examples/protect-1-service-network-policies.mdx +++ b/docs/features/Networking/Examples/protect-1-service-network-policies.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: "Protecting A Service With Network Policies" +title: "Protecting a service with network policies" --- import CodeBlock from "@theme/CodeBlock"; diff --git a/docs/access-types/Networking/Overview.mdx b/docs/features/Networking/Overview.mdx similarity index 100% rename from docs/access-types/Networking/Overview.mdx rename to docs/features/Networking/Overview.mdx diff --git a/docs/access-types/Networking/Reference/Network-Policies-Deep-Dive.mdx b/docs/features/Networking/Reference/Network-Policies-Deep-Dive.mdx similarity index 100% rename from docs/access-types/Networking/Reference/Network-Policies-Deep-Dive.mdx rename to docs/features/Networking/Reference/Network-Policies-Deep-Dive.mdx diff --git a/docs/access-types/Networking/Reference/README.mdx b/docs/features/Networking/Reference/README.mdx similarity index 100% rename from docs/access-types/Networking/Reference/README.mdx rename to docs/features/Networking/Reference/README.mdx diff --git a/docs/features/Networking/_category_.json b/docs/features/Networking/_category_.json new file mode 100644 index 000000000..d8135a87a --- /dev/null +++ b/docs/features/Networking/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Networking", + "position": 1, + "collapsed": true, + "customProps": { + "image": "/img/icons/networking.png" + } +} diff --git a/docs/access-types/Postgres/Examples/_category_.json b/docs/features/Postgres/Examples/_category_.json similarity index 100% rename from docs/access-types/Postgres/Examples/_category_.json rename to docs/features/Postgres/Examples/_category_.json diff --git a/docs/access-types/Postgres/Examples/postgres.mdx b/docs/features/Postgres/Examples/postgres.mdx similarity index 100% rename from docs/access-types/Postgres/Examples/postgres.mdx rename to docs/features/Postgres/Examples/postgres.mdx diff --git a/docs/access-types/Postgres/Overview.mdx b/docs/features/Postgres/Overview.mdx similarity index 100% rename from docs/access-types/Postgres/Overview.mdx rename to docs/features/Postgres/Overview.mdx diff --git a/docs/access-types/Postgres/Reference.mdx b/docs/features/Postgres/Reference.mdx similarity index 100% rename from docs/access-types/Postgres/Reference.mdx rename to docs/features/Postgres/Reference.mdx diff --git a/docs/features/Postgres/_category_.json b/docs/features/Postgres/_category_.json new file mode 100644 index 000000000..02b31b4a4 --- /dev/null +++ b/docs/features/Postgres/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "PostgreSQL", + "position": 5, + "collapsed": true, + "customProps": { + "image": "/img/icons/postgresql.png" + } +} diff --git a/docs/features/README.mdx b/docs/features/README.mdx new file mode 100644 index 000000000..1513e9df8 --- /dev/null +++ b/docs/features/README.mdx @@ -0,0 +1,55 @@ +--- +sidebar_position: 1 +title: Features +hide_title: true +--- + + +import { + useCurrentSidebarCategory +} from '@docusaurus/theme-common'; + + + +export default function FeatureCards() { + const category = useCurrentSidebarCategory(); + const features = category.items; + return ( +
+

Features

+

+ Otterize makes it easy to create and visualize authorization for your Kubernetes clusters across a + variety of + services. Explore each below. +

+
+ {features.map((feature) => ( +
+ {feature.items && feature.items[0] && feature.items[0].href && + +
+
+ {feature.customProps && feature.customProps.image && + + } +
+

{feature.label}

+
+
+ } +
+ ))} +
+
+ ) +} + + + + + + diff --git a/docs/features/_category_.json b/docs/features/_category_.json new file mode 100644 index 000000000..5299b8d4f --- /dev/null +++ b/docs/features/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Features", + "position": 3, + "collapsed": false, + "customProps": { + "image": "/img/icons/aws.png" + } +} diff --git a/docs/access-types/aws-iam/Examples/_category_.json b/docs/features/aws-iam/Examples/_category_.json similarity index 100% rename from docs/access-types/aws-iam/Examples/_category_.json rename to docs/features/aws-iam/Examples/_category_.json diff --git a/docs/access-types/aws-iam/Examples/aws-iam-eks.mdx b/docs/features/aws-iam/Examples/aws-iam-eks.mdx similarity index 100% rename from docs/access-types/aws-iam/Examples/aws-iam-eks.mdx rename to docs/features/aws-iam/Examples/aws-iam-eks.mdx diff --git a/docs/access-types/aws-iam/Overview.mdx b/docs/features/aws-iam/Overview.mdx similarity index 91% rename from docs/access-types/aws-iam/Overview.mdx rename to docs/features/aws-iam/Overview.mdx index 13fcffd3c..c55d04df4 100644 --- a/docs/access-types/aws-iam/Overview.mdx +++ b/docs/features/aws-iam/Overview.mdx @@ -15,12 +15,12 @@ In many workloads, EKS clusters must access external cloud resources such as dat ### How does it work -To follow along with a full example, take a look at [Automate AWS IAM for EKS](/access-types/aws-iam/Examples/aws-iam-eks) +To follow along with a full example, take a look at [Automate AWS IAM for EKS](/features/aws-iam/Examples/aws-iam-eks) 1. First, the EKS cluster must have [Otterize installed](/overview/installation). 2. We must label the pod with `credentials-operator.otterize.com/create-aws-role: "true"` 3. Once that is complete, Otterize’s credential operator will create a role and an `AssumeRolePolicy` bound to ServiceAccount. -4. At this point, the role does not have the ability to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an S3 bucket. View the [reference](/access-types/aws-iam/Reference) to learn more about the AWS IAM Client Intent syntax. +4. At this point, the role does not have the ability to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an S3 bucket. View the [reference](/features/aws-iam/Reference) to learn more about the AWS IAM Client Intent syntax. 5. Once the intent is applied, a new policy will be attached to the service’s role with the appropriate access. ```yaml diff --git a/docs/access-types/aws-iam/Reference.mdx b/docs/features/aws-iam/Reference.mdx similarity index 100% rename from docs/access-types/aws-iam/Reference.mdx rename to docs/features/aws-iam/Reference.mdx diff --git a/docs/features/aws-iam/_category_.json b/docs/features/aws-iam/_category_.json new file mode 100644 index 000000000..793b7a8c4 --- /dev/null +++ b/docs/features/aws-iam/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "AWS IAM", + "position": 2, + "collapsed": true, + "customProps": { + "image": "/img/icons/aws.png" + } +} diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index b8d8d040b..480851c46 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -2,63 +2,199 @@ sidebar_position: 1 slug: / title: Getting Started +hide_title: true --- -export const LinkButton = (props) => ( - -); - -Otterize is a platform for implementing intent-based access control ([IBAC](/intent-based-access-control)) for workloads. +export const introduction = [ + { + title: 'What is Otterize', + description: 'Learn how Otterize helps visualize and manages your authorization', + }, + { + title: 'Intent-Based Access Control', + description: 'Dive into declarative access.', + url: '/overview/intent-based-access-control' + }, +]; + +export const features = [ + { + title: 'Network Policies', + icon: '/img/icons/networking.png', + url: '/features/Networking/Overview' + }, + { + title: 'AWS IAM', + icon: '/img/icons/aws.png', + url: '/features/aws-iam/Overview' + }, + { + title: 'Kafka', + icon: '/img/icons/kafka.png', + url: '/features/kafka/Overview' + }, + { + title: 'PostgreSQL', + icon: '/img/icons/postgresql.png', + url: '/features/postgresql/Overview' + }, + { + title: 'Istio', + icon: '/img/icons/istio.png', + url: '/features/istio/Overview' + }, +]; + +export const tutorials_access = [ + { + title: 'Create and manage network policies', + description: 'Create Kubernetes network policies using IBAC', + url: '/features/Networking/Examples/k8s-network-policies' + }, + { + title: 'Network policies on AWS EKS', + description: 'Jump start network policies using AWS EKS and VPC CNI', + url: '/features/Networking/Examples/aws-eks-cni-mini' + }, + { + title: 'Create and manage Istio authorization policies', + description: 'Using Istio and IBAC to secure your K8s cluster', + url: '/features/Istio/Examples/k8s-istio-authorization-policies' + }, + { + title: 'Configure secure access for Kafka using Otterize Cloud mTLS', + description: 'Declaring and applying intents to easily secure access to Kafka', + url: '/features/Kafka/Examples/k8s-kafka-mtls-cert-manager' + } +]; + +export const tutorials_visualization = [ + { + title: 'Network mapping a Kubernetes cluster', + description: 'Map pod-to-pod traffic within your K8s cluster', + url: '/features/Networking/Examples/k8s-network-mapper' + }, + { + title: 'Istio HTTP-level access mapping', + description: 'The network mapper allows you to map pod-to-pod Istio traffic', + url: '/features/Istio/Examples/k8s-istio-watcher' + }, + { + title: 'Kafka topic-level access mapping', + description: 'View topic-level access to Kafka servers within your Kubernetes cluster', + url: 'features/Kafka/Examples/k8s-kafka-mapping' + } +]; + +export const editions = [ + { + title: 'Community Edition', + description: 'Our open source edition focuses on a single Kubernetes cluster. ', + url: '/overview/otterize-oss' + }, + { + title: 'Cloud', + description: 'Visualize all your clusters, automate policies, and more', + url: '/overview/otterize-cloud' + } +]; + + +import DocsLinkCard from "@site/src/components/LinkCard"; + + + +Otterize is a platform that allows you to visualize, and build secure access for Kubernetes workloads. +Secure access is managed through declarative intent-based access control ([IBAC](/intent-based-access-control)) providing an easy understood and centralized approach to auth. + The platform is composed of **Otterize OSS**, which is tailored for a single Kubernetes cluster, and **Otterize Cloud**, which adds visibility and operationalization across Kubernetes clusters and non-Kubernetes infrastructures. -Otterize enables platform engineers to easily implement, expand, and unify secured access for their Kubernetes workloads. -## Let's go! 🚀 -Dive right in with simple demos to manage access control: -* [Create and manage network policies](/quickstart/access-control/k8s-network-policies). -* [Network policies on AWS EKS with the VPC CNI](/quickstart/access-control/aws-eks-cni-mini). -* [Create and manage Istio authorization policies](/quickstart/access-control/k8s-istio-authorization-policies). -* [Configure secure access for Kafka using Otterize Cloud mTLS](/quickstart/access-control/k8s-kafka-mtls), or [using cert-manager mTLS](/quickstart/access-control/k8s-kafka-mtls-cert-manager). +### Introduction + + + +### Features + +Otterize makes it easy to create and visualize authorization for your Kubernetes clusters across a variety of services. Explore each below. + + + +### Tutorials + +#### Learn more about access control + + + +#### See how to visualize access + + + +### Editions + + + + +[//]: # () +[//]: # (## Let's go! 🚀) + +[//]: # (Dive right in with simple demos to manage access control:) + +[//]: # (* [Create and manage network policies](/quickstart/access-control/k8s-network-policies).) + +[//]: # (* [Network policies on AWS EKS with the VPC CNI](/quickstart/access-control/aws-eks-cni-mini).) + +[//]: # (* [Create and manage Istio authorization policies](/quickstart/access-control/k8s-istio-authorization-policies).) + +[//]: # (* [Configure secure access for Kafka using Otterize Cloud mTLS](/quickstart/access-control/k8s-kafka-mtls), or [using cert-manager mTLS](/quickstart/access-control/k8s-kafka-mtls-cert-manager).) + +[//]: # () +[//]: # (Or visualize communication in your cluster:) + +[//]: # (* [Network mapping a Kubernetes cluster](/quickstart/visualization/k8s-network-mapper).) + +[//]: # (* [Istio HTTP-level access mapping](/quickstart/visualization/k8s-istio-watcher).) + +[//]: # (* [Kafka topic-level access mapping](/quickstart/visualization/k8s-network-mapper).) + +[//]: # () +[//]: # (## Components) + +[//]: # () +[//]: # (### Otterize OSS) + +[//]: # (The Otterize OSS components are standalone open-source projects that implement intent-based access control (IBAC) for a single Kubernetes cluster. This same set of components is used to integrate with Otterize Cloud.) + +[//]: # (- The [Otterize intents operator](/reference/configuration/intents-operator) translates ClientIntents resources to access controls: currently, network policies for pod-to-pod access, and ACLs for in-cluster Kafka client access. [See it in GitHub](https://github.com/otterize/intents-operator)) -Or visualize communication in your cluster: -* [Network mapping a Kubernetes cluster](/quickstart/visualization/k8s-network-mapper). -* [Istio HTTP-level access mapping](/quickstart/visualization/k8s-istio-watcher). -* [Kafka topic-level access mapping](/quickstart/visualization/k8s-network-mapper). +[//]: # (- The [Otterize credentials operator](/reference/configuration/credentials-operator) integrates with SPIFFE/SPIRE to handle pod identities and manage certificates. [See it in GitHub](https://github.com/otterize/credentials-operator)) -## Components +[//]: # (- The [Otterize network mapper](/reference/configuration/network-mapper) sniffs pod-to-pod traffic and builds a network map, which is useful on its own and may also be exported as client intents files for bootstrapping IBAC. [See it in GitHub](https://github.com/otterize/network-mapper)) -### Otterize OSS -The Otterize OSS components are standalone open-source projects that implement intent-based access control (IBAC) for a single Kubernetes cluster. This same set of components is used to integrate with Otterize Cloud. -- The [Otterize intents operator](/reference/configuration/intents-operator) translates ClientIntents resources to access controls: currently, network policies for pod-to-pod access, and ACLs for in-cluster Kafka client access. [See it in GitHub](https://github.com/otterize/intents-operator) -- The [Otterize credentials operator](/reference/configuration/credentials-operator) integrates with SPIFFE/SPIRE to handle pod identities and manage certificates. [See it in GitHub](https://github.com/otterize/credentials-operator) -- The [Otterize network mapper](/reference/configuration/network-mapper) sniffs pod-to-pod traffic and builds a network map, which is useful on its own and may also be exported as client intents files for bootstrapping IBAC. [See it in GitHub](https://github.com/otterize/network-mapper) +[//]: # () +[//]: # () +[//]: # (### Otterize CLI) +[//]: # () +[//]: # (The [Otterize CLI](/reference/cli) is used to control the network mapper or output its data, convert non-Kubernetes client) -### Otterize CLI +[//]: # (intents files (if needed) to Kubernetes custom resource YAMLs, interface with the Otterize Cloud.) -The [Otterize CLI](/reference/cli) is used to control the network mapper or output its data, convert non-Kubernetes client -intents files (if needed) to Kubernetes custom resource YAMLs, interface with the Otterize Cloud. +[//]: # () +[//]: # (## Open source and Cloud) -## Open source and Cloud +[//]: # () +[//]: # (### Otterize OSS) -### Otterize OSS +[//]: # () +[//]: # (Otterize OSS is a standalone open-source implementation of intent-based access control (IBAC) for a single Kubernetes cluster. As well as being open source, Otterize OSS is completely free, licensed under the Apache 2.0 license and does not require Otterize Cloud.) -Otterize OSS is a standalone open-source implementation of intent-based access control (IBAC) for a single Kubernetes cluster. As well as being open source, Otterize OSS is completely free, licensed under the Apache 2.0 license and does not require Otterize Cloud. +[//]: # () +[//]: # (### Otterize Cloud) -### Otterize Cloud +[//]: # () +[//]: # (Otterize Cloud adds unified visibility and operationalization,) -Otterize Cloud adds unified visibility and operationalization, -and spans multiple Kubernetes clusters as well as (coming soon) non-Kubernetes infrastructures. +[//]: # (and spans multiple Kubernetes clusters as well as (coming soon) non-Kubernetes infrastructures.) -Read more in our [product page](https://otterize.com/product). \ No newline at end of file +[//]: # () +[//]: # (Read more in our [product page](https://otterize.com/product).) \ No newline at end of file diff --git a/docusaurus.config.js b/docusaurus.config.js index cc13b705f..e5dfddc06 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -150,7 +150,7 @@ const config = { }, { from: ['/reference/access-controls/network-policies'], - to: '/access-types/Networking/Reference/Network-Policies-Deep-Dive' + to: '/features/Networking/Reference/Network-Policies-Deep-Dive' }, { from: ['/shadow-vs-active-enforcement'], @@ -184,39 +184,39 @@ const config = { }, { from: ['/guides/protect-1-service-network-policies'], - to: '/access-types/Networking/Examples/protect-1-service-network-policies' + to: '/features/Networking/Examples/protect-1-service-network-policies' }, { from: ['/quick-tutorials/k8s-kafka-mtls', '/quickstart/access-control/k8s-kafka-mtls'], - to: '/access-types/Kafka/Examples/k8s-kafka-mtls', + to: '/features/Kafka/Examples/k8s-kafka-mtls', }, { from: ['/quick-tutorials/aws-eks-cni-mini','/quickstart/access-control/aws-eks-cni-mini'], - to: '/access-types/Networking/Examples/aws-eks-cni-mini', + to: '/features/Networking/Examples/aws-eks-cni-mini', }, { from: ['/quick-tutorials/k8s-kafka-mtls-cert-manager', '/quickstart/access-control/k8s-kafka-mtls-cert-manager'], - to: '/access-types/Kafka/Examples/k8s-kafka-mtls-cert-manager', + to: '/features/Kafka/Examples/k8s-kafka-mtls-cert-manager', }, { from: ['/quick-tutorials/k8s-istio-watcher', '/quickstart/visualization/k8s-istio-watcher'], - to: '/access-types/Istio/Examples/k8s-istio-watcher', + to: '/features/Istio/Examples/k8s-istio-watcher', }, { from: ['/quick-visual-tutorials/visual-ibac-istio-authorization-policies','/quickstart/access-control/k8s-istio-authorization-policies', '/quickstart/k8s-istio-authorization-policies'], - to: '/access-types/Istio/Examples/k8s-istio-authorization-policies', + to: '/features/Istio/Examples/k8s-istio-authorization-policies', }, { from: ['/quick-visual-tutorials/visual-ibac-kafka-k8s'], - to: '/access-types/Kafka/Examples/k8s-kafka-mapping', + to: '/features/Kafka/Examples/k8s-kafka-mapping', }, { from: ['/quick-visual-tutorials/visual-ibac-network-policies', '/quick-tutorials/k8s-network-policies', '/quickstart/access-control/k8s-network-policies'], - to: '/access-types/Networking/Examples/k8s-network-policies', + to: '/features/Networking/Examples/k8s-network-policies', }, { from: ['/quick-visual-tutorials/visual-k8s-cluster-mapping', '/quickstart/visualization/k8s-network-mapper', '/quick-tutorials/k8s-network-mapper'], - to: '/access-types/Networking/Examples/k8s-network-mapper', + to: '/features/Networking/Examples/k8s-network-mapper', }, // Redirect from multiple old paths to the new path // { diff --git a/src/components/CardList/index.js b/src/components/CardList/index.js new file mode 100644 index 000000000..c7f8a5e8e --- /dev/null +++ b/src/components/CardList/index.js @@ -0,0 +1,29 @@ +import React from 'react'; + +export default function CardList(props) { + console.log(JSON.stringify(props)); + return ( + + ); +} \ No newline at end of file diff --git a/src/components/LinkCard/index.js b/src/components/LinkCard/index.js new file mode 100644 index 000000000..414c2df27 --- /dev/null +++ b/src/components/LinkCard/index.js @@ -0,0 +1,35 @@ +import React from 'react'; + +export default function DocsLinkCard({items, colSize}) { + let colClasses = "lg:tw-grid-cols-2 tw-gap-4 xs:tw-grid-cols-1 "; + if (colSize === "lg") { + colClasses = "lg:tw-grid-cols-4 tw-gap-2 xs:tw-grid-cols-2" + }else if (colSize === "md") { + colClasses = "lg:tw-grid-cols-3 tw-gap-2 xs:tw-grid-cols-1 md:tw-grid-cols-2" + } + return ( +
+ {items.map((item) => ( + + ))} +
+ ) +} diff --git a/static/img/icons/aws.png b/static/img/icons/aws.png new file mode 100644 index 0000000000000000000000000000000000000000..3b53d8f20f9a6fb407c82e7e219369729669ff47 GIT binary patch literal 46809 zcmeEuWmweR+pQu<2?#1EsZ!F9!YCnv(kb1gfWQph9Ri}_fOL1q&_kz6m(E$f8Gka>45)Wo4l5LeeGItFyYxdoNL#FuSto%R&l<*F^TJ}qB_>N6BT*eb-V76 zEcCaG_lVoiPhTgIheMMNn;yEI1)kMw)oWvHj-+?Pg(ZE2SLzNG!h{Jt55EcAe`wrM zx11=j*U-z|%fNk@xR*Fx#juc|oO=eP`QdX73-6)#fBfQ|f~86X4=lPZeC;~+fBy0Z z|9j({`2X}b|7dw*NA^vMSpVNY@fsFGQ6=tw{wT~3`9}WG$JqYxHueATIj-TeZ~fmN z0Q{>o97%%*lY-a*|M9^we-y?Fbo(DZws52AbutZcCz7T||M|M$Ux8Pm{r8pr-KGCN z3jY?~)gk%!Ed7PDf8pUTI{ypee;dxf@bE7@{2wIeUwHTz9{x{K`7b>D3lIOF!9y+; z4b5NWGs0>;)A)L{+M>pMs(R9O>d|=l_V1O?x)K?|?NK%y99)LNt#`EG!}K*HaSnRP&gI5E4UBRgd1MPoFB)sKx(kZaz+2A1q)bqC!R8M6b)xuUFap z{M26}rfk+%8-t#ZT^m9e!s4FX!sxh0_v`3WlgUr;60^PMqm?d!=2IndwoaRo2~{;7 zy)MVcB|=>KyZI9D6hpS1f=}x9)(ab?;cG(~T4<!@+dKiQ{NaK&x%+7Fsd*c z2Jc!Mstf#exJ{3L}+9hy8eurKP<6~`!X@3-FAjOdm8m%tvpyHDqNB9?g>%4GInPgL%5 z@1(EZ0``C>xsZW)jqA(KdAdl=b3H4v9eVI)q|CxtY;)D&Hy?Qmr{iZky!nvc6B1L( z%>d!xet$r`O}Rt0 zn)kh|3}r#h&#U)IyTMAFSY{Wonk^Blb>${>+I|L;qb_=Z!N{wRC z3NTF@YL?&0o`QVm>33tS4_NvUGFkM~-@LbXcL^5;xa#-hS``DS>Gi`z)E?X!EA<$h3Bj#eEta1NvVsT9DIN(`xb*Lkga(+Nt@7=m*XF$YabLJ z{fz0cW4sdKAAR>BjuM*z@`P{o{`*$dj-lV^xOHH4dimz3K|05$Li!Pf4VQftu-Jm< z_DJ%i`rXjI#f^ctgQ^+J>&FKHtGhosFGDgq)uAvM3bxs!9$2p?y(6V*-oVyZ$BnLt zim6kTsmlc!MSVMJmgG!|+-bh71fE1AR0xkd#-!n86~^jR)FY4pr?7)UAr1N=t2ctH zK8AH#F7A;VqK}F?g)m#pg)51-=>@CI=Bve_`F@zyp&W$++eIE{jqq0eqE z{E(#LToX38W*Yv^7q`8$SCG{P0;4@ApN=APUTLRT5ZZQES-a<QhgV zgCKMp6fe*%HT9&)vq21HEDZC3t9^*lc&DXy+mrTIDGyk#09a6PTI|5`#+POofx=Ig z^;u+7?_>^Zi0G}4eLU{8!M;bWcS|=}HSmM&fJ4|qzVh2Y6QA=Zbln(Oj>~>iSq(%4 zPkL3vyR}F?k09r3#vqKm&?PH9dH$<*EyAs1=Ivl=ojC2?gVUt;^WgKzC8Zl&oX?rW zmwL{$YC~nGYaMFN<`-Wqr1dt0gocJTQgy@x;Ji09MC5GF8}~OaYo?X(Q+pHyz@NzWtCiY7Tt&v8>5LI9gE&2*=oybdki*~!vnIL5(|XvjdH zvLrQd(2Q3MX_*v7u%vlitaG@`Z<74ftKk@_rboLYKTYn;i??%lRlcd#fZejavQb8u z6^80lpWtJVf5!AW zf$?Op!6B1yY*-mePmVko%eliDm6hZrMofFlN*VX`aT)^#d{4pF)=meMff~GZSF$sj zS$*0*I6dC8xb}F9Ih72HdJE6}VDZqlpD(ICSg6;Q+4~{XVk%$iwuyk-nj4+h>>B^u zo^sBk{%P0kuo*7fqpxBzk%5%R)}0#fG5p=1z4aI8I1~-Ju+4q5xnkpS$Ew{Hp$^31 zO9p5eWdJvpm{{|!mzwRLvb{p17w=3yv)sFmovPrCt#;RuUrzkm^<`|8(1lu=!l=N4 zTFuOENu))fy29<=FjW<<7wiY)K$?%tvd%=bERF{+mJ zyV-y;JpJfwokhH5QB5Jq<2V5_x0tLwL|0Jpp1_7G3jZU}H?LO!f3<4z#$YhO@<-q}CkXCn>4!3~#gUR`I<5)O zd2&+7Rx6fUj=wYdJd~>%HYHe1d1u^2-@{6l-SXx$!w<2=%K4s0s}wKHzU7_TvAs6@ z(U+l&s|b4(W1EdE*gD%wvmLJ^dHQ(7U!Ko;CV9es_`H6SMmIZ=71OpqlRosh_f%I( z1Z*17b%?GQqBtF;)uC530>7QjE$QPzNZ$T{LXU$Gv8v8Qi@$UJ4PS=QaA*Z-D)b@K zm{KM=w3tl|0eSu^!6zqSe`z^-$Bwrz*{c12xGT#mN7UDO0W%yu#Zo8HC)*kz|>52 zC+x&`eRKuvEc_Owe}6n$?bKTqs@|zy@bqz_ zDaji|AUX>-sf7H9>x(177yPWtmTpTG8ta5ry9a$KMM}%jPn8PP zbmDJGQQx<|-pcUmoYp&v%6qEd(u_6A7s&d` z#|cx<*d2EPO<*GA!aRPFu;|?R__>}(R`QIuj@@1zV54gEvHy7PThq_|!F@NU_3mOM z-t(a2W2fGift-t2)Xrn5~Z z#G@$v7gdeF%R5BDwNc+!a%ja*k6;lQ48eH(o&ualYo~OJvsoAKBoxC_q#ibSlWN3f z=iI!G{a6w}6t)8sm`z<5#Hw+OEAIK4h!WT5Nb)>Ra6dbKQSf3S-OLZjh`UHTwKAGa z1~Dufb(q28*4Ul498#yATAaZARgL3E64om>)a$uGvT`M z6#K=#O5(^UGL78AC8OA4LjBcK@z&u?S-Nj@za?UMEYs841J)IklM3t5Z*6B9n|>DV z;9wg4HLMW8N!XO!A{`%jd(#7OHkaDM%YWyen?rN>>L`3&5e_kZ>ZBZsUCp0SSt+`t zO|M;R@60j#A<8265n*K(LvUH1)b)roah*xmUXc=q@gVP>WlWy|AH0?m?9aNO zWL0k#O06ngg!$6Otz)Czih>q{ex4tuRFm97CdJe*R}hLEeU;y9C|$zq42ttE<E27Dy^WX4Dbf;HMi&gOlx0RPC^8B%#<66_U7EhplE~Q=IMBW4)gEC6eAjK9W>! zh|i;_ZEacL@+>?1;$XM0Ov-R|tjf2{a`cTB(wqsQ#S@i@s`esU8wxu?uSwRqI%ELw z%br$M&7(bzsi7p&H9|;fnx1>Iva^Q*Y-``DJ2mP}oc0vjoGO)gZZ*jn_rfXyjxrpG zM5I1XGq{V4+P?oD!&F5j4Qwbdr9#S@{3=I{9*e)+iY^UgEO22nwOBJ%_s=(d2s~)9^|#!);i; zzv%V(_e=P(xREAZSvHAwdbwoUCv=7fV@8gghFYQKcByvxdnCGc?C=x{T0(?Q`}kF% zXM*wOvkd0XH^6SSSH;t_d;&!+hWey`s$#>zahiH}9k!vPJy4jU^YvHagdNt5{Rjs$sk7cjN6{meVKI!xG zn~Co-*MHyNekvUW6GLa`gu3PTQR}@-HKWNtKixB$oii?QQf6EC^?4;&WA?>xFVZ3v zRlobAuRxBC&-2Wb&vW9*^mb;NgyO2DZ|uixGLtpMlaZL3&chnkPHC+?iJnwraakD- z8hZV!Dm`NY11f>*;I;lFd&i!<;IT=*Rg99PH1f!u%usfd2vcn$8_Ls`5GR(~7qqOm z47FOD-H$Qbog^7BUfWmcl@oH`p66N^>*NZ}l%vFvAw4*TQ$GLhbMAV2QAAKv^bete zRDzg{y5u&k?oamijm|n=kKbImx=muiyQzN*5y2+HD32cP6uOkb*4)?IwH?Xf;EhQJlzxBi)pPDs4B zgU=2j>dlkzeC@*yNXUWo?n7!5!%PyU^_W-LsvGgGS`7 zXoyh~6lij*i3i`GbIV>s<&Qs{ew*+}-(5hJTpQoLhB#tl9)o?z;J|;%Srw3PC@I$&ULkZOn|Z;* zy^@pP5ws9dJSl5{_t2oIF~qH(lKM#sMk6xe{rWXnB=~JhSD@2kSf52m_M*^z=K^Ls zd5=OuY&VxDU7En-wB0KosoWCjIa*mLbhZH-eoraj8Vz%ZD$szx>3V7~yV3u2^cWeH zMRG#(Y}v($AiaSoLNIUDmr3@qr9VYC?n&gm>1vidRIqSp^yIJo^Wz3y!L-I?YS5M! z8~;25b)t|c+4*za$juzns10a$MCa%0Xa0 zmLl%%ei0$yCCSus80Ly{6=0%fVjzjPRT$WQJp0)%#ONN{7yoeP^CNsR_0kVw@5Xkg z!p#~!OTUk?&Q_G@eR;C{StsnNjy_U;F(!+aE2;L}Yxms5svSP8!?bgLN_`K|fJhYFO2S}ir zd!6VWB5rSanz3W@a`nLRJd#(An^Q2jMjqpuFFP?<@6Hlpkv#l zNk*Z*leKlxrv{B}F5{Yx03MO|g6j9f&hNi`b}J+<7@$#XVL`yJs(t~t{`O!1kC1>^ z(y`}pSaoxxhDv{{pF_lksciZ;2DZ+}4)Px~xnLd$z<-`OhVNa{?(Gu(@;k^)`WZa! z6*Y*^mdLYXP|4h&gyg^7WhLVedk$=(b)XY%g#W zel&WzvZj$^772(PQUii_eE-yb0}VulAsKc3_;{Secy(8`9x0`TH09*b=E++jn<7*c zw$OYvFjnC1*)w-rrs%TdL5|t8)j7LOuF6odq11LM--eH_kJqj>d0 zS|}e|42DX#B}6|HPfJeB{g73Y)F>^5Dh-_I&9U20R#OO!tS&_!i&rF*^n)>1_>UiNaNYE* z`uxSjO00LD)kW~@Xftpw)Z3!9M$0|2e%eM*6s}LtP8<`mk+jTm4@zphO18NlGk2x( zu*iUKaQhDPRl=*1<#!#7xoV|$VDi@N=V}j_Fo(4XQMOImCmPZ~?dj}hv?>{!Qjp6Y zMSByTbX$&R`{!hqkc(4uRD9J1m#*6u@CVCa106djB(&_|#%yW=dT)*IiLQOP7J-aA zyn0?2#)12*$R2tNKfr=kYauEtpH0~;XYj?07N|^As}inGAxqgD=yc5(5WX4Y*26X{ zIzP?7AZNX`uwRA}-y!E2hIm-_^)I3;h8H3>(> zY0AqS8b+JhD_b6!p)J7RD^26O9uZOldn>%m=c2T!wX|`zW+cEug;~c&DvYh#_f{0c zTOTS&8!Qz4Qkt$hTwFtLZIWe@xqu#1Iec_Ev_bVC3^I-8eM4k$-qMW`%nDp2N7X>H zNe}nXcr3RL<+FIWIglKUS->g(!Aw_kA#B{I4~HULYd4C#oU zk504h(0VpCaRCD3m2y5H;2R^q(>u@bE?Uf_0;EF^#VaqD6` z!Cei;g3#HVvLCh{cLa0ScD*9riT6LMJ<}t2h6O2eDl2*Oqc|wAL1^`?tU;JG|@b>{Zn*1p}iH-|J3m zj{_{LGf6chf-5O`l7m$cx!Voz^z?9Lnzs(@tHX`z25^Uj%15H3Z7;i5T@8I9&5;;I z2;N8;d;h$*J)Hc`)d)mb6mNfPbm+6A`E>oj5U=bAT!C@7|JhR2+HL8@8pmx?n)T?M zRg*ebYL|xG$w^oHb!zF6N4jaStmf|@^A=JyS2ZKzXE(;7vj;}7va~IF&Yp90mRf;k zR?X-jW*7t(v@RloLw@#5=-#W_JaU`Yz-2Qsgp@1~>w6I$p9piQ zq%A$jW9STH_*G8y=WCtK>a&x;BUuk9X8z{X6VU z2M7GEBh~Ax6JftP*o5Z?JQ7`a8f=-kA4pDhLxqT%1S32g;bFRE*6T_r#i@1U1gb3< zw4&L9Gno8V2GMDLP7Waj7vZAPc!87@?K^GFrn@RxjtB#Jrv)A4Yu_=m@c&xFJJ^y2 zF~13aU4iHAGU4^e?hMxlX<8pSpL7upVvSnTG0D>F)Y~E#w#Me4iz%Q@y5i^tk5dwL zrX=%r^+=G39R&kO0}o>x>^)Dd59RCl;X8&CQU*x#KKA>p5I zLXoxp2UL)JE`A9z*QY*<2W|Dhyq98Q)7)xFany#)IxqihXYzY}>u)9E;j>#}{XJ>~ zV9Gg&9@*R7)eV01v_5GtPkk88J7`Z|NWDkS9-5l^zV+wkcwWt5zUIaIi7&n4t2T|!F1dc1*va1O@?9}N<1Vi+lJR`6^2dIJIJAL*-d<$nAwSG_!(mM$axjZ z=#6vzvV(LVcM|GZ1pNlX<=rXAGqh)&8?T;3^1bZ(qoX}5EWw1mtKN3oS`<8)KL763 zlaob~Uwa&8b>F)uAVkD*TLyxaCk|ipiCMdGC87Lz4E>^9uF?FuT$G#twXM@p1JC#gI#-dmu`ig~P13?oG}0+$!9Nl5Wu z2*-SPf-3`2IQbc3r%*1dGb) z69A`*EpYYouzk>v-TpUQmT#pT?9SOPiTWGfzP*ep5X$Sz#LUmk$Lj~s8hC$ek{@`t zVkQj(P*5@tA7evXo2#aR=E%T)6a4Tq^Rr~8!K!++FGrW}e9q>TA0fxRpJdXycjhni zD_qg{9@1oB2~lGCGxMvw&3+vKI7#=*S3xLJ$ypIH+?%$s<#s5m3HB%*ySR;!Rd~*i zF@tQpt4L9^f2YVtTMUP8Vyne_GBPQO@$t3)}`QJb7==V}d|UotTVQ+|++q7E`_ z&V|^bnun|F8!u+PkFYS0eF(*#xa_8e4D#H?{ISu}XJq7lP2jESmoF${Uh$7SM`%@6 zuapVV4rBppyL=?#uCcx3RAP(;jrXuR)%f5g7CoB~Z!J;&?oMPd@Eiw7BV?H(M~2MUkVl zy(dx9frWOURwNPYVl;8v4fHxJ8mD<&e+(O?thX?e%LNT?ue^J4p}3ECTP4| zMJ?-=AGJ>+v+|XliT<_&ZLo`@9a8VE4kkZNt}3&SL)l^F)2+AkJTBOg1!7%y=5A!dMc%?LG(I=@F=&i54nN9n|EG7HxG)>?nn!t#|Y>X`zy|?0<~67{;FbA>Po+^Ruc&^n`j#vnb7mDNo`rD^a#H@ zbE1Bs;Ski=F^SYx%hy^j9IIR&EMr$Ul$N4hg`P{OPgNPZJ>V(Y?&G3DpC{IxF7%QJ zaWE$dNM*_=nW>m#`(kS2HXmp^kF&VU@G)z84eOPUP1>aX(deL}Mm5Tdz!5uAYdQO! z@5$Jffi8XD8?)c+6j{k?g?hT75=2Cd<`RW5)=Mlwkyh%nooe}!Fw1)No)~AEFYGl6 zEV!7Zn<=`6pa1i&``=47!bW)iz>79KCyKe%2Prk=>Ez;g$dNbIiX`5DA0YPSXxKl_ zWGWiGTUNGTl_4^8f(E{hQlTXc!r`XUs8lN>#&O5u8~SXw#G$buW0c^0kg?moV3ko+ z^!sxq-c<=Uj$^pjq?hPlp3?Xf>nAR=WOr;apa^^ZqntshEQJXV>?pzyBN2rG)rk>3 zW`5P|AN_SJjjFO&O)Y6M<>>YWvb}nv-p0>dqPTm(kTRrZ%T4wZom0@unC^|V)DM7gDQo!VCiyY%|!%$8b#;NYUdv@{mGtnyHn3k(7H8;ZETmG z5}|Kj>2p>sJwHCnV*vx3*J*}KykKpwUEjlW*kNW-zrPe>1dHkHk>wb_#skgKcQrSa zgtO_3Tpich9o7el(+RYDV#4@(BW*X>LFj0pXYM0wp4B#Oe~HULazUSq?WUFuM)5kR znYrmgzh1^kMd0|;|RY^(dy_@dczv93JQ#OTf&A{XhQ#PS5Z9l8z z%x!VPnHY<92?>nacU6O?A2=Y;VPKSTUrA6kPc7o;`iWy4w*^f;utwVBqwa(z&`^L; zTT$A5iO$L&vEn1SV%!qzzg3SeYTb`lN(+tq9h};J@0hgf(;mllm59%TboCG27{t`A zGe~en9-e&reAOFoXR9Pj&5HvV?v?Jf+x08Ebx1z{s#;fbk6hZuW~Yy9{KDf$WBofu zViB6Ud(tBIayhqn$~WT0LZg!CR#wZCoF+yT%cIPke4rfpLQ@C0HGvLwwG+BEi<2bG zoxk#|BAN_)zt>!zR089%V{W_P@YZ$ATYtb;dBH}Vdc{etm4xM{M;e6Q?&kMBaY1EG zA0Oi=si?3wqxOl=IZjgTk1%e~CG8Mmc}?l3>tKOy=L=*`5LySJ1z{FRH>biGw$7<1;$tT0g}=88AGI)w#&;!->3B*PCnDEKLC^`US{siQT?Yu;_JKvf2q)awsr-9`@|MNOhb^j2*nnj zQZb*mgLPZ+6FQAlJXFoVGjmIWdeuTI02C@mqu1h{ls~!b@9K z5jpyAnb>M?+)W89PX%(UwzukO7#!HG5uW5m-P#Y+K9L-#Z?BcczFIu8My~6ZG=LO@1s1 z5Evj=pwEdc)Zri`=ZuJNmNA~4TP*n@t+P2)bY6S%Q%kUXd&CT0z|uhR9y<74jU!Gb z4#gn`w_F)4PO#tlEzhqR97$U8N#+>wVm<+rdDQOoszc7lYX?Xh=-M`oTB>g6slz$D zdNenjZxt68gVE7p(V8MXE$+cO!onUND{lG*Ykj8aP0Wkwy1tJr?NibQIZ0_w)3ymO z{~VRRo3zraJ_73PjMp%7J4GBTZ?zmcX3{Z2+MgOz6}auz9<6~X>jAJkF;gPHF#6!^ z?L(8DXEDZ`Q{j;@95Hswov&c5$?cd}C`eQ_9Ue808RzbkQm79^b*))$R-=H=v)YF& z-7l)Q94vahI&d_0)5pe8yp8Je{P(BOH*AkN3=^~c^5O_P^1K8n zE!8hZ%M(M_MCzc_XO{ttIds5v~Aj2(OSIoMGT5xk$Z7@klw5Q zlWMjEr<#-*+DcTA)_sm|bvP@4+KRDsQ03jd!4#j89Nv6#pK?fKWZt03zm`rDxyjV3nDnH0De1V2R;J>@E zQM53XnbZunbf@5g0@79Keui7OtWJ{YB$wZ85t4I+Jcil0L3TU44b`gM25?)oYe=eN z42W9Kzu<0#C^PF=%8^df$UjZ2S7U4|rC>i0OmyEeo(?yTXj39VH{tyid<%G$rwtKp zHtCE2-@G}n)`aG`O-wp~zuOj0=k?q(Jc0wxsoDm{8qeq*g0^S9s(_1DZ>9UbdLU z13}B!J3AOO(gU{9VzVAS2W%V#cU1XO;)}!t@P7Qt1LD5RNw7fhoXXL-lir>R!%L%-ok#0lXOiezYegR% zrGHsC95<(Nw&t69>G>ySTd_e;_kqc|j!HW_@{7;7vMCLW=gLAN1+!JQAN=7<;M2Xp zCf9~x37*caKXW*dwZfJSPXwq_G>Dh-9)_TQ5d_Sn5`#Xa)#=tmQt76$*TX03Qffci zdqm_U&V=OJKUeKhj6HDuZJg81GQqF(@}anr>WZ^0I!?3jJxzjZ4!7=wF z*$dQRwh3dYd=Z&uRw79JG7#@?xSC2pLaYEv_tlAqvYW^FZvO@$Skh{jZ2yT#-hK%COo3xj z;P!MYYAFX9;|iU4%^~8etSMYo&Z9w2QBfOZ#zk z9{lqO!0**@Bs$%Wsr@+2GMuaaxT!+MM3g5;9CHpx!F^{oEdCHCuuY>_10T{mc1+~& zBA-hEupDh7)BQ#8jb_slONJv|Pbc3gfgZWk4agYH_5cRzf8In}6f*b4if6A|v-w1< zE$ufI(>v@y3zvf{beRvQ?eeVFiViyH)8C-2=1^|5p`@(|9B;MhgmZLl`7o3Wd*U8A zh6O@MdVq3-*^uX!$Me3nXt~3-NW?gOWd=_-A(n-9MYyFde-%0Ob<_3s9?f*5Crw(R zif?>uVhoR|_j4{90Z8Ofw5Hv}gP1JwZnzy^j&@`~LZL2ZS~j1Ng$bQFl2bVtZ+1;? zY6n~HOD%Wa2o_?Ct1u7bzd?x^c0@l0epz_pLoh7*{KSV3RRGJ1cdN=1Xb`*m1YRuG zcy8wBI^5LJ)=}P!D0wsZab2Doc&Sir1=smZjuPXz3(*>FFndiA29ctKmFH<4DuJP1 zCp~QaBJ=htY1hneEzLCf?xNh1I!2VazPoLCDLvP?{J?v)0{aBt8~fMgEP%Se!NR~5 z2Ea;O*pm9iUpu+wele6Fv4iMM5>~BKs`9i+^YGbZn|;w0aI#KadDhw07OTIsE?-v( z5@?E4+LboxqJQ?A(gcTAWFmf5yY~AlA^F^GcmDgk09Y^4LSxJ$+ks!dE`qda=zMSV ziuSk?!lwO7aU@H4PrrAK&%pt)Qeok9=7VbOONQRMeJeiu6@|NH(M+y#2Ex;NfXmPi z|LEz^d*bi!ueCM}0y{EMg|@Yv5!9xA`8kGYh86+t>b!h!2gb8Ahpe9VeXpEzK45bn z@K5F!iKEwShr5T{Y6^w8Hpj|rxx+u_oF=17Wf2y9TZ4oiHTO&SWPaIm5CNj-3!3_a z2|mA1*RZBYN6Zm64qJ@F?VzRX$p03ljKDIKAaX!VLJ5MT->>qPEOGn}m2`AXamdPK zjvT^Wjg>IS$gC>8P+bn%%uo(+G$s{2gMkrJ1ecJzE@zT+;$XI-;M{m#nh(_G5JZZV zdWtVdioleYMpX&Z*KQ*LZBH#^8(}PRUxe!Kb|4Tln^4?E(SSyvXSaa8PnlBC zCn_KO-M0Fy->L3Iv)s!|Z#9bgoS#EvJJ$4~MRa_H&8z0T7mPR;rp61S3WZ!nFd+!9 znB{+PN+{SPL6c>O4li1W3r|&bpQ;n)38CNnz49-AB1|^eQw~=AnLO#HNb6@Ia8Y4 zKN#;Nz|n%buyxh!YX(&^+s-m-|8>M|6@lBfXPp0hSh#(>H2-3uig`N<9PRUqoBICj z-}#(;;%#PCQym$WFwk(j2qRlOBEtb?Rb(i#Znv%47#la9u0K~CgvL^`U|Gu3s|Yyr z3D#M??jcj8e-!^J^d^yYHG%%I6lvx6(|mg;R0ELrIT^jRYElubstXJAp$Ieo%gCri z7Y*0Ll_ez8eTr=$AZ*(q746#F9#9=~Yz#kkRs|1McMGZ{6>fz1ps8M9^0SPmJO%gW zwG4B3AL9(Z*;*q}s|Xq;X6Aaf)HB@Aqf4I_O196?ad+&an2Z?Qz;0Jz{YFMc4f5h1 zetyS^nq2YOS)EtAK%pR47PU}h^Ay{SyqWX&>(l)hC?a{aql06zLynP$U_u9G1rc*E zF_sY7h@l)sypbH0N)55i!x>c{CODN87-i`YPOmx?^*b;Y-8>k0Ka#0RXf|3K6Ingj zhCD{?n=+F?KB}Ix4|!nN)J^6!nVV~tNt5Utntzf!<_dQ^o#@&vUg)qOv{tHcH!TD3 z7wbTPy*`0Jb7InO>fucghbjS%7}p_fF}=69+I3{(j-1mZ7x0LFYjH(9n(=F_?AzKD z&lW#kSft?XW7m(-+_R--8`rl^7(=FmpxK2LjTZ_sCIk7k%9055I=6@QH{`q?xQRux zohO->4A|dp02_11zSXPm6?(@tvb^hebMy->(;)*p2bgOtw#)jo_t0MW|24hGKH{K_ zrBVk}_%6ZAmO>x_!vaq8Mz9D50)3T>DdlC3UuAli?W|QMm)|?oNv7qWpc5T z%ht_Oyp>=NvoS31|>{q9|ZaMcT zm`N^HpTE570&i}E$ukyZ6xjcL{I2L2ro#H;#APa43U%cZ^wuN6YRAYRnlY)?1B-kK zZ8I}DqGC5WhKMeVodq;!D2H~%DQ#SZ<({C`M6DPKG0gzxEIYM1>Qu>&RIq{S4D%wC zz1_UR0A7Nm0iU32n^na9LX(r3*^`^AdA;qV=FMtYI_h-Cn}c>hGkz-o z(7v^uBBb!;#D@Q~#Vq}NKNMF<%ZX->O@3pV*J)On)v#8m1hL?OoZgjL@kAW}VHHm; zrbnJJSx?jVIUWz^fi zZ8=enll;U(5H zQYrDXP8GZwGmN|L2n;ih)f&f{m(a@7-8eb88}S6?aZCPpTx0d0i2)0%Id%$iYjs!z zoJz3kpj^RV5lfdJ8O52vbVBYkU2PE%(RN~Cq^8v}kxgfu=edP*a$Lfgy*2=`C`wW_YP%)D&LuZ%zngxftBL{Jx6lT3~?ALJ&@L%V;Oz8vgr z9G*H6E~qtn!}C1pIi_L%Z*u=o3tP|Y^u{Q--C5kNnikGk^M|@>c1^}T&GZ}5U{hnR z8hpbq!Ph<@kk;f%qB-#1rmDAoysD(8QB7fe*!ugY)=&B2&wS|8w{TNss+S`U+1P1R zHDQ^U=s143VVH0NKXP&KPU|V{T4J;Xyz6vIi(6*Xv=Rg#;-EX?PrWJ}eFb}B5A^$7 zL#9me6*0FLdI(p>FGr8d6>flTV-P32RUo+A(J)<%cv(XT9V)4+-5ayB1$oHNV+#?J znSEM`V=;(oWLh*;fYuY8bM4ag-yw}kU*@l$yN=(pRane669-iIrh^6m?2c6fhJRFd6T5{)2#G!E#q`B#r;aN24?htNaXY%!vi|>#=pXd!zg~03@ zNU9{qNK%8K|I8=VCzFvy3I-Ir1G;#jmA3ds34T3l?CgD@)VDZ zL2|^y`t>E4QOB}Xr&Cfr3ka4YLGFVsb@+=C%=i2y+hl&wLrP5h6$UohO-F)9AmCqv zwMH^~S$~;R^EzDl)UQ-Ngd)l1v!eRq(H~n=ED+x$*?dD)pag3ivB~ax!|%u|Lp{

S`$NArdE?=lB|(eRJ=llv?8PQ8R+WJp|8>Q@~i2y_SsY}{##XnTBlKEq8<5ni`eLbwoex^)+sMvjZ+ zNC0H~1pkJN!Dy6uPTS*0Q7bKZXBp^c_a0~}UrFK`nQ%_iJEO0T# z$*?2JEm>0+kjQ0G<0posa@ZvbereJ)i{XFsDm5swJ5CB9Xs|Qf>amEh#Ru!H2h8np zTtf3yG3Zw9!Z48WbE&uCsym5X9v8lW`8>>^=kVpojDooxpHGr!jKxHcuM{dgMdHFW zYndH?L>p^Mp8l4V&Gs7@=>iU66hHA4(hk>bB)NVbt)k|05|g}M1SmWexR3FTCMEET ztIl0hVAJZjtR7#bAy2K&M0$7^d3)ubc4^jrLl)`OMrDIL6kQY`x#dYm`Unfp^zPBh zo)r&D%|&%Bc#$H}RTx@XCZn@RTJ6?SxSLmVT~uLHFHt-?p;VM0@GJE;Tog{2tv(o? z{`v;1>p1FgW8{mq$rh(3h~6V?aFp(^>*J)})m+Z*mP_D9|#x;Pd^@wr}jI87U!ZaelgQzo|#)M3cXtZ_W{ExruVNpTD`knPcH66$B~am{^#}=bMEW2~?l^xa)(F zRUe-c$M&LmwLK!+ZF6feepMSuoVW~=-F zXleF;7F&}RlOgxo!|7cH75LD=gl+4!VV-u&DNNdq|2(^D-^jU&IZ zYUC6P0&D45q)1{G@<1m}*bEFQfgAYqRH|T*5Y~|R-aQ^0Gk&SWMB#}X)+8O zX=ik$%Cp%6s)A=sw8}SF`v0-$8Y~wejiSgR&Gm07EwPKA;Z5y&j(T&*5%)rH4)UU* zkFWa4ghP>%u0~_Rs;}i#!qN~Tw0>C6GX!%9makRoY;u1dc!9CBk9RPG$pSEIwe?Ss z2J(UDI`VXetCag2KAZ7|B<9NS)17F_&nM}zKVSKPYb*@UpQGxre4nrkiq%K4YqOjl zEaNCDn`SW)Z%~Z+6YEB-g!oUqupE25{=(8xGG*iakl;(Gv(l*5E>wk(2dbe@+i+>= zvL4Y8C@mf5+NED9>bUuVG9~9+LJGZ<(X|jz4b#mHUzFnfeo zhFyo=Lp&s`SqglK!VNyihMkJ7(4a21^1wdVOyVMui!~&&= z&_A&uu^(V=ESPVL_>2wEJLGp@8Mxo^gZy{#C;8;piJrF7$yws(E&@)QL9RDyt^*|p zC3^lMNJ0FavFUxEp-ROYt0VOYDu#O~KIh-w1k)9J-3kdNS?h8JstB#2v2O;I336Ha zcodZbS`+67RNdNkwtzH{a=yicG=Q5YX@FzZau1jXK3KC`CC1F{?X8UCnmVFU&6JN0 zoU8_z;5t;-@0(-EAP{9hoS%{gu|DnlK8YJlAVY?`8i$HbymzM3jiJEhn*zba<9*w> zL@R921bSlZkEE4bUjrBW346f3zt&#Wn$oS|qWYwHq7+QRrcoTc?(_FbcY%IYHrTE| zFEL(sr2l9&mH!10+Lq56wYNn%>5HgWGk4M^A2g9|m?kJl;NS#CnvQ_k_|ctw|3wFQ zB%yKcQa+!nggy&JCdtV*aiZ_Nqk)7MZOJ|!zI9#2dqdTBgi-8H|CI`c`9=k$5dOo(CB(QWLYcg4wgqd8rJddvKg5odmpwT%>EgVvK@y~5e->7qH}@~H zO%nT@U=Sw_xZe+kXfT6$OT2s?nj^X{`Bn<6-&qav6_APDAx=4}=N7~j_Y1g0k}-Fm zs#OC)u=XOu0OW+bbZ4A}9iYRZiIe;wm79H!;Q>Fm;6f`UlSBnAeN$Z!F!UDKj<;5| zINu0grLzklrizE~xQ{ZF1OJP?xBiQ=Yu|+xK|quc=~56-y1Nt!K|rJ%K|or%!4Z|A zJEWy+2+@_Ac)u6?V(FVQDeft($G>U>D4NznHN#NLe-CM zJ0N9<nFM^z4X>I9PW?bPVsK>p}RA!eS5qx&eKvB)bvnONZR0e z1-j%!-}>4hLlgH!j~oIk=Pv1-I4fB zL{iP|QVIG;^A;luT%5r5<$j@Rp57zy6P0TI={3VOUxLhBVV*!2$zuZk^35%#XUYn0 zJ7e{h7-oCKXb_x4x6OS>%J#w!VFwpMO(7{1m!3zJq}Gekfnv>KEyDro`Vrl3oW>W| zHSg-(%Ma#PkJHgt`wd)2nLRDDKi81R;L%u_h2M@P>Jrjyeq)AHwV19L6zm@knms9x z^W5MJ=H&EQ&x6JxX$<_|9YyVtiR6roSHPBXsQy)-_ZbKa=v_izar%mh~QA%-4qJm%e7; z4ojd$ql%$kOEOt$+emP?e9?lOz>nmMX03O699MZ-#&Q@**UJDq&`CU=)3o_SkD^}+ zHBTk@o7wM=rlbew_+<`w}Ph3ziXqtmpfV6O+`?>%q432JTX}OmlpXqk{bXi$4c>ejX zmn`!<>Zx8cV8&g(#gdMksX#9>jz7UwE^Cb&hq1%8N-Csw42_VY_-{ZyI#X4>BHlTmiA5ts!+k9ERsNc86E7Wy~C7W@NL#9sA+RJ*O$j)y*?Zdl%_FR zKDjRIwSxWDvK-UV*Vf-%1C&CdzQXVt+%n8tyJ$8-FF6A ztAd-kc`&X=)GEjLA~o;Lnrv2UaOoc$-gj&-R1OqiQkCyVVp^3Ey>s+J$OXh)dID&N zy83kO3HdyScIZGnqxWHO#c6wxZ{4yAl@@@0K=HcS+A>gWi1zT~eA#P>wG9FD`7hsu z^7d7!Y#Wh3Ji#=iAB`CW3c*)547bcd^k!tTUOae`B zCz`K52j#|=I0Z*vE=pHFnCEM#MRCP!_-Z$&7yJ?(FKnuLxVkc=4%1e1cihpPpQ#H0 zZpEuiZ~{5o&g8+j&@wT!%X!v9)p*rxhTciPKfg5Fz4~_0HNt+@$a~_p@ypod12^9! z2bzO1`Fr(~m(N*P9`UxA1()BA8S&F5o$Zl%SJ#g|ju^ozXDp78aj#B*&V7Q=_#}hQ zVERJoscK{4TrCx3j)n$>!U~Fg&;wOxy1fX(u24@1?oJk>D50FU*B9%&4h$tsHHQa4%a{g z-~8)FW(57uD1vofeHsX$*1Y~SgTjNW-<^`Di5yRp>wgVt<5<>rP^oIwi5A!_Ey|&* zwup>O-yYjBmR*#nlte`!B$@=kGCG{FZ-W4h4TKM-4Tz$^+*phb95lg}U6<(F;IlQ9 z`1mBhsoBNVDzOL-R7N*&((XV624nh^yA+c0yT_dvs-fi{xyvhJ4CcJQvoTvzuhMSG ztTFNI7pg;v3pR(PqJ@;xfxinsL>oZD8KI*FTUe*HN%j zQK6x`UI%_?PSS-VwFMOq6%G?4?$HU_?v0qT5B#g2Cf9!X1nuVr7lv7o4UST z^H^DKdvW2s=P>*f43^k{YYdEBc^Hc_#WIwD1T-?L)l%5hynT zodu}S>|IoloIcf|TOoD9LbVk$#hYk-BUuyyX1qn>6jf<$(KIW*&lP7$|MSV1{O3p^ z%6HJ8>x-A8R7`N9UsC<0H}P|viIVf_3k|2jvGj;%ghdT%t2+MI!=0$|%s<%%%Y~QJ zkw2IEqb_MY)JNm}DZwbfaBG*VbAsRcpE6urGrxN~DQ&HV#lP(On~VQc0N}+~!4;K@ ze~U_(jr))alTRG@rFf!-4jSs}I-^I$8a#HnIajVeWDo5I_j>2q@G%$QVC6Tdx;yTa zikM+h9Dn(_Bd>N3&17SxDvVqZ$to8R8Z`7F)AoyUYvfbuk4y z{whoMXG!O%P6=<|M9K}q_<;QFyiT%*9!y0ORDut*Q&}}Jox}LPVy(Tcb@o1=3tBQcobD| zvV!>vx6u2=cG_Rh2 z678DRxZ0-M-zu!#fN2*}UW53#e&pAepup!M!o|mX-Q3cvcuty+m#r{s)^q16oiQD% z-mK{V0gdL%Lv^l64(CLUN zDtR1j!c6PK*w8)b;kdlwZucJUqT`)8NwI50PqIIMqC_R4EBfcs!2N7!Y7tBw7JpPJ{e(e#gl8?&vF`yDX5iSr zDisND(k?emn*G%2HJmS_Q4Nan?Yps!rFIN6ww|%DL;(u@gOgjq`@*fFd~eTPPt7AO z8JLppGP2x<=7CAE9jM9`&|dcfG-jw=m?(Mam0PI6X||K^2|*1b7cV`;Akh)M>-mps zMAlWtKF$|xQ^H$)>_AnI*Y5&|I#+&nbP!_t963{q_o+6(;&u~r{Y$1N;3rI6@H1Yk z-6p_EGeXph)QaJ3mY#kYIKgiYpdz|W!~*?%G>`q{XXMwXUq|^PC9%TX5uzptL8K@A zroTRWTXZWWa@J$whgPZieKIcBjaJa=$M55b zZS3wQ<83r_AtuAS>N4kgiMJq3_m=&0{lqWn%jLU*C^ z>&3?utHs#ruQsdJBftr_T+7NCsr?M55YCFw=|mLIjqh*Kc-7u}#k$qHHvDi1so>PV zIb8ua%|Gi?YEYTjEvkT`eQC^Ainm zwIfWb=sOcn(9kVd!H!^lN^98oAHPX7dS5Rd7kS#%ozkV)v~TD*_t$xh*?Rk&M9?8i zN;Wzu*nT9Hd&U2ZMhhyYKF!W0ffwo~KY-*OuXc3d+y#Rx3!debez|w8F7eNwht?In1y_VcYD6sHXfEMb#`oo z&hj^&m_*APn)tGNEqU0THD8K9c|VDp;H+mnkyIIKXDp*pA#kusxtYA6rRVA9Y^0B? zK7s7Pl}9?)waXBXU1$kwmBCflj4rM#%e zIxmS`M)HdvmYm8Y*JlCod~S-zku`)>N1Hu-JZOUEm*xKM5>aawE2S6u$>GcXVal0= z$j)p3$jbUZ(b4x8Ea5lJ5n6Ynw{;1HoYo;q)-77oJ^^)+X8K>W-Fv>xZcTQCQY1tS z&y1C9UA!@jMzeLB>oIQhI?-Hl5Rv_S>o!^scpaWqsdHr)aYR+^+@s}lu9ICm^lJ+d`>@{W%4PULY0*LI zgwtL18~mRk@|)TxczynX_yQc(Wd|`6^#xE(^cO(1&fsUk0sFSSNi)P;3ce)2C%66bo()zhvvIG~Oyg5HaF;;_crkhepN%W~_!C<SW1O)qHK9B{l2kvA zst{N2q}LUF5ntS2HTk|4=5Y`aB35aGoz!5oQ?65Qn&7l_(41*pcNlVSg1!9NA3g+6 zoX>ab>T?GAuXJ~TnmDRTpyj7uu_=C*NJ2kR=+T-#4dEZn?I}lC7QQ$+r19i-hG(vQ zn}T1DPpIb=pM}eaz)qG*YHryN?bMXnJYQ&V6ycly_-^^BG1YYHi#toHJa_VSboe{< zr{h8?gc%gC`(uq~V3p5UdG_&vMCpJ;souLNqoHpy?FA4f)3AFC9d1rvYae^0)H??n zB%d^vw3||#=E1j$DsAe7#@O>;&U{#Uu=I5)1ol!xd)iMDw?GBWaxF$%b${6@*Ef1= z(#aty)r`{nZ4hZ8u{sg*!EuI?oBzRp;!Vx6n$n<1EVvl?1Yu3u55oMg@gMJffZ)|% z_SyA@`-z_0!1AOoYo2|LI zw`g54En>e|ylLILu3WDeq%K;ac3i~P!+_^8eUpDL{jBpl9tAPGcrzxw6ZLwM%PgOw z_)10>Hw`ZkH2%kAK-LaflKgK$*a*7Xo5fG}@!G;=C}-&jD%pGM4ktCl4#UqTG3SS( z+>OuinnS%8c6M+UUTbu>$N3!97iCQ|CWvi>+c%0nC2}Zo->O*gmG3kzn#&j8VnHI^ z*I!(+?$}SvH*D~-2kW^^H&`weIV{MCFAbjAUHJGU?Hg}Ves4f2bp$wqXiDNFT8Y$6 zwCl^$Q1+VvzeT|TclWVc?Sz{Zw1vj&jnnvK(%zowWbbu|wTr-F*qtSQ@pBui`V~{_ zMrTHLO}{B_H-ByZibPo|erLx_Nw}MzwWUgaesq`{e+$C9pT*`aU8OKx}8R0TlL~<8xszVZP=?8_4sK91oBxT z6#Z$jd)vxya7vo`3tk9M$*TdGc|x}}7MK}YwdpXs;pLjHS6s-<^69; z-p>wttJN#aGQ=AOu2%3CyIOnTcArc_?qK3V)04gTx~X^1t^tIZTMf56nTH6ReGUn2 z?iLCYf8?sJ?VZU=ND9WMM<8n(t~T&AyiaC->AMVQxc%OeH#kcaSXzUJiUexXNdS}` zzgKp`e?ERPHwCo!Eg57fMAZJb`V`@WUN)Ckp1sWX2NdK8&yoD43GoX>tH!<<>kW(f zu|3uz4=wq^=vWi49S0g6`(-lCxq1DgD`O`4y~Oldk150p%x#q^GJ8MDqtS}KsDf<@ zM|vvZ%?-b{sYXFo{hP(LPW+w`^|aCX+R90*NCDQqu**FUIC1NDTx&$TUNE>-dQ6WY zW0`l@thVV10-tn_ku_5>x8o!`s4mCLYhPjlc^&tW9Ki7TBdE!_DH|vxd zPMhsGfqh>@5FKvrZbX3?#$+c6-1QJ%!%iF5?os1lQ(|) znYKR}aJLiLTR7@|6-L-&pisV4#!FJQHh;OaOp`<{ez`)%>DAH8>+{p>MDB4cw!lrb zOlN|@<*%|thc`w2f296e0DfQr8qVE#0ijlB`h@VpYcp%`e0Q~aY9_<)qh8z-GSjZ3 zvbga19#Lp=_`^VU&lR1e?+G?q8)vXhNcwO=erO$XCt5F{Jg=ehuq3j<#lrKCCER?C zUc()>GyHCB#K$#4i#haOl3Tyq{;G?YYo`8=r(uiGQcSOD$yJ5R=HY5zAb0!)(7J{8;2r5HE*NANWz*d>Pwh`@mfKP)wgr< zypU&X_hGC5mH+f)&f~O9atS9bPq<;u1$k#bO{1RGrrP>|JhbP`&UmCC-=*yj5!=`L zj^?rr|CF=YiKXQc@A<5J*csQ1O}&&SVkVB@t&_SJIielEKw-Rb~hmZjQ>F(?$_ zv*b{69FriL>(a0j+_V#!-Nrs}rjoedDc-r`GCP%^;@X#vCLc@L$aGDqqvR!zzyW%p z`VttshpnlE!0!1r!TTFI8ctx5bc|(k)^42zX4y)41}AB2(uKaN$1!F`_4`RQ0X_zv zQ%tq-F7ZOEU9In~e^j=u1Fn5gO|7fH@FkEf7%!jeS<_p55_T1DfW`lz- z6%#r-`ak1Om$jeq^d_SLMUXHo2k4zoe}E3Q!=v#SNr1ej zx#8&-JWYwt!yAo#<^ouqz)23>VwY;CDNOZal_D!U;%bAvA8PBl78U1wDyp=8@%i>0 zfas^eAo}`s(%jEFc`we^osGk3dd}_-eQb7SLS;u;?XLe+=~`Q>!x|rbE-%jx8lU}H zF)6p{XvFdc?u?CfuRF&pJjE0O5(9fFU6-XkyUr+cPRo<+IMKB~npL0P!IPs&>$RO&(FJCd@yv+=#xwJ~q!||eIs>Hc>yAd_rOFi(>uHzI;6&~U*=xa{ z4qXtX;JW+;>B#XSl~axBiJrnb2AgW9gNTf7cS6QC>e}5$Zfoo)+{(o2O%NAntKQB# z>uhAx=DIw}vn;aR+OEwL2q6H535lu_O|prUj5v zi+*qrqN{p7+h~BVq3flmVk*j0i&*LiQN&J4Qc=jSUtG9z6719wYJEbV7z*BqKFtzl zX1tQQLvpirP_^BizjTma$ZU@}cXNH&i92IWb(#HP?B;U!hpF}s{<#=xk?5Orz(%H& z46C4_*Ss<`onE{F3inzHUZnjieUx`%jx;nwFKc@0E*|-)=4NDo0it3Aw`6TsxP3Lj zX11TLiWoct%Tab=d2zdK*pj+c z*Gi)RX9WxNesagqK9NY3$1v@Sr*az~m)zhZY41N)SY_A5$01>P(?fUB4*JgMkYB_< zE~Jw3S$zy5t9PD$Z5xHwt#{!~zy|~q&-w{@2d_hKLo(W9x3BXWggGupf?z*5jaPf) z#Fl>2%RfBKx`ij67*h7Z4%BD8e{u1N0hy>>^--BcPG+8mj^@q?r|VuSX)>P)X~{Av zwPiN#*3vL0+qq6hFDQb4dj73 z=YReI`Tn{4+dTIF_v71W(Zpd*c}IKel>hrr|ML%!eL4L<5BSfg5}CkDViFY*lKHQv z|MQ=qs6_O?-}%p{Z_RnyYkRXipBk@(Vz6rwDa7~K$?jyZ-Q$~nftOb4O9XwMuXa+)O2*;gMvwg z*ygf~Cxr-FC*(UX27J`$B;4E~e_c?{7p&T!&3w z{ROOxi1Lvht;B*I+UfP09lW49mfKc=yCRuz->-F;>#ODX0!H%7e;!vRWjIs^Wp0dm zsF5J0dj=^>U+}fAE(k1uG+oCQHAjkk1CmQ30+K6e%qM(YECgu}R6h+O5*J%ZgpQ~v z`1#a}8YQz7>SR3p zlR)YGW!t2q{$Dx@B3Ok$EYgXm-Ox)m%U!o5m=l_0$E&(+$aoU`2e=)B=(o9x<3F!I z0v`BV!-YMlr1vAvkFO5dBDRdLjV7Rt^+IERs`A~|oEZM9#^4xQAVq1RcX{lx+T1** zo0%-?MMNYVck&nSWO#rWHWSA&JAsc7gV9aFYQ%kVvXVm&T4y;a6HGqN*WLN6q0TbsBhi*Wc2AEp!~+{YC*X6OGtJViTYRpsU%gNz(^MnF zz6PGu7}^#MrQMMM-FH~&=GyVmP$GWqS!?d#B{9K-xBSo3UZ zZ8twj1eY0TY#c;w|Msvb8hY|m4(=VpBR{%#3I#eTM-q_@RP}0Y$+_#>Sp$~C*h$~P zme8>tv3)Yrjz?a$-oyK~w|Doxzw6j+i|-@q+h|Ux?e5a$Akk|S40l-RLIlN)X8U3O zo)-@Y%*4ePCp=`{2v_n>d{X}_v$qjVD=Dnc<9CBh7K(R+bVfleT(0SUf%b#g{)dnE z;+n301jlQt40vr9#(0(tanqh$lu_a6eA&uC-R!qtn@&|8{I0Y76s_HOBzT=#PJ1`h z{YcYeYUguQ!S95&F*dP-jvj`&R7Ieky;n2oJe7l|v z*pB^;iSywS-O1U}XbYJBkXMwmrxDNrP2=a6E+xY9TSI zCED*9bnsQ#$Ak`ej$Jhr`_> z;P8O2tYGV&%|mnlM6#L$0}c#`mo4v)_0(e!me-X=MLC{PYsAU z0U8M3;M+}zkGz2$3BOUBZo8&UK0eJmk`@O-FMbIuG10H8$Xk$UY~7PwXrS0+viaqm zyE0aX@ld^y;{*0d^1q6o}ZZYEz#ARuk=t~7%oWvFsLi`1;CXx_-)BwN@iBM63rhTwyUc#z#MuN2l zk+D2kd7POc`<YHR^_=>I5>^yw=2} zT4q?%SyT2XIWn;UAM2mX>HZ|l$Ro7A0TxYsA}-vixptUMaztndXX5EUz`gmjxG#TtW~Q$87yZ{A zUKfx@aHmg&dK698K~c&y>uAvi*C#A7v{|bWdrUuC;Vm^?zBfl8wy`}cP{sAna()3w zAP|>LXkpQwOx6#X6I*oCC|}bq1Tut(VZ}klFh$tuB~qo)bP~g29wk$7dK#?>)pJ-! zd-YY)ddJ@@zu`Szd(p_^Y{Q|8GGf60Q#Bl%&W-b+;7=#3x0ZV17zjRA0tCZ7%?|+% zP|L7oo?xI_z$j@>n8M`d)p5rNts?xn^$)K%ZKB9sD<9pYe?=A3v<{n@Na36*M`#zm z`nw>YRksJ^fmZ!&+IxVyMbJKj!SjB0eM-9-TRQLSC@42>NY&wX|LJSIe{E$y&V7R- zFE7$k$;-kOIdBB)zQ8!r?A1lxg2dmuPfBdpr9^uoP{OUFRs^-)G@$eLacyIF_U}5b zA?`C6DxLk;QwA}?1?8PU`>Vp8+8AaOoxlUv$gAn_9Y8U*;u#+q%9B9o3%WeQF2JF$ zR_F=Dr&tyP24t3B7XEXA9}nuGU61sC-udV|A$MHCXWJRA>kIbk1$_8T?w^DJfh{2l zA;AKxSDV)de3o);80M8NBYZ(;E;UI>|J(Sp5onGk3v_1wfDaXkPS_IxnI9&o{LX>wFnujx!p z9o*$dEzyD&+>J=cumT#oHVcQVW8268bn?1&EI07@EX+ZnfWkY@;=>N{e(fEV{Zj*J z7R6e!zo|)Z72E)gD`U*UHm4&)nQ2~v^-6*A_#-tGFCL_Z{C*yO97{+$ecWSgo33rS z1l@r@Ea}UqwMSD#Wii0J$8{h3;PV`20YWLo;`uZUnF<}!kqMe+@`~gA)Hg5^V3vHm zee{0JR@-isG5PSTYT9GOU;*kF?t)|BC4H**R3h~b+BwN|={v6i%)-s4b`RIzx?jEX zW2LtD#*gG(F4}eeeV00Im{@J&;Q+ye54+I;&9I*u^CXMOdKFM6{1S(}7lQVY(TUmZ zE=Zxipqe!}tiG!&m{#A>!?NhlHc+6CX+VJpIgdqd7<^66|YUW=k_#Re2B z3eom;yF28q9S4n?<+p8desX_}+8`@QS81NDfZ$@hZ5EjZf5FtsU0j7s46&GpS_rMu zHU2}b>_QUGwL;TmyK@KY;|Qp)qSlS~DT;5Wp=c`==^RMOy+qUS65PRx^LFcV%Gn$q zpXV`}nUJzdiXp+JGKkgRLe<**rDAt9fE^1ydOvDTa5#dgQg4oO43M^`tI_oyeJ!d@ z*O#p-upS1U(bdlaf4!FvFskhp1jZtEODs4;SLGdbsVVU)uD3Shffl2NchVx&zrqOL;; zaZDK6$Z530>V9p{4!}#I7Qo#!>#jRsCmM$Hz9{>1{qAbUy@SKMvaF7S{uiIm`?jW| z--Z9UMsg41xOo?+kqR>LtYh0NF6V2j`?+GPdu3%sV>>Y^Qi+jbJeDRZ$h_#9eg%|Y z^hnm6pa3{PZ&RBVI0^i+sUXP*=N*btPB{Aw^0fW(y!DFmwGWa~oY{L*_Wse})Lk^- zXJV(U$y|M0f+7Os_#bV7myjU6; z(u&-o+WT7n4puOcrKQ!Gt)*qoFZmBK9(`drecCp)1^C?OkGqe(^f)KexvQ< z>E1@=W3l6ed+F8&_}~t2A`1Ex0329w<%|$K9+W~06#=l@z_NJ4y-9PlP);t7YgN{0Yx2Y0L7RhEhdZ+bJ9iMPhDbd+^QooEJlkD>1mpXIa0#6qIc<8u9-`t_q zkMB=0i}~xbh6DW#zALW*a5PQg!sH@=U0U}D0{wQFH`$zgYJOEnFq1(QTOnKi>u%`o z`BwcG)CI-jQ8DaKBA7@?3_%9QxjAqT%$7Plpd{Y!E{iITW*yk>mw%!&H9jN0xZYTP za1WfsEl3QA$CiH`dyS31E(Fmv*kor9i1YRm{E0_NUb4?=9=N0N>WvUf`&eV*^Mqa57ei57MkEQEg+rIg3zhwp<)jtEq5Z@_y4=A zJVuV|8lDj*dYFv>J!^Vxw)V9S;`8|F+OALe4LJqP+=XQo8rZ$|V^Hpe^A@}U!bVcH z6HDMDFTb}c_LiZo<`Rr7v`(%#qb_s)!5I*MlGQY0v7z%)YeZsI&DPb4US+n1&_Mz8 z!9mb6afJbb%5LBrthQvVv{y|9+Y?7n!P`+|`4!ZK+%6#M$%^mt-otC36C|soATjwmkcUu!r&kio*Dn zzgXjl?ChBe8a}?*D*QEr30U>3t$su=3Lky~1;DXOibwg>nvd+J%xKweWG_q{y{AYe zJEg3gb?JVT?>3lpG6|vJWWBzr-rQMPQG4zxa+8%nS4*|p^|B-vZtSc%#U1Z}jN)nC z!js`y(`6R!Ib;hYtv&3fb`l3-U}6RKWaH0}AgGYRuR2ZRpZ6LCeF;S7^Qm<>thlrrFG zTZLQ}J*r=CzW>LuGy)8o_>QnBcw-C}%NvX#_6v!&XoC>Vx+;&i<5QwWhf5TtrP4N| zqIQ8%C>3Gj;3qO1pn%M}T3A{Nl@AND2a9uztxR)8qkojSRETe$?WWz0!K*NSr007J zLJYWUIsQa0D)W)pRCY+)@8#AeS;>0(cF1K}shClOp1yRLaWX+v-018=%8yw9$jmWQ zf~~`QrikKozVLv#HEXu|9lR7$yN_~B3RbQCzJf7sc+!c#6uIQfo3+P6YWa+g_+Ub{ zhahH?x&l;zmC+e&2213%;f*8#(%r1h3GOv~NAJK|(Ntl!F}xT2Bn(08_)bLAH(*;J zXc+c?_J8|8t5%L2FE61O4x2Q~-_4C9vacT-t$#gfx9=IC?Kl6!)sF3vMSGMR5{q(D z$w772nCqTn5@10%%LYftlX&2+Sy0Q;)WCs%?2gF?wEAE>s#h+>6$KiP-&#Y?x#?_> zdUWQzE4@)=@j5#6@Vv9&fLYnCD2*L34^j7B4CJR#u;j;|M5P)6bb`oY7> z8E*NzDSn8Q?>zy@B!LWKeELoJ70re`@~-?_XiO@0>)&7ACi0F()6geY;Ghe3Ll z8c^}`Sk)AB?@%S>KoTo&-L@Ne2&qUO_ng;40CdE~X0F^}=eOht_(e|eEnbk`&O5)g z3E}`4*u4q!Il*Jy^yp42SH%3aV|^rXk*2rjl1;T&;?+m` zt*w>!S5F(v%qZ*B+r$h)CWTnxTOVq9Sas^wC1G35;pQE)cl|1MulnDBra|(O@AyeC8Q%$_NF2RZg&w^3jppJ!P-OBk-6(H+U>9TH#$ z^&7xb8e6fw^@s5BTV+Tc(fKzTXw}8m2A;nZ(ar~q8s1MI+b;YvrnJmW$EBa=@_Jt1 zbCe@NX^I`>8y-NWwT!Q0WY6uQL)6Fg^JpatG0Qvs34|Mkj|+X)JOtMIp(A`&dc&U( zO4*w5nR9_-)JZ6SAeaSOnhFZvOwe3XXzb?mX|oI_e#t*_SoGc)S<&UUY&FaJFwRZ> z&Gj-<5BG2Nl&tW4)~nycU&oSs6ooOfo~l=tmk7V2^t5Q3Bpy%L%-!IHzv1P8kB(@- zrVcT2<=bZvP*N_NzGQ?JN>QqSqO@bmo`SXG2M#ML#b#WP#`-YqT=3v^0T+Raf^%ap zYEbTX!Gn}!X9GETJk(1agC+FI&r&*mH6>Pc%ipOjU(vI1@sw%P-!L;rJ{fy=)=FTm z(OIfJl5MR|W!L1Q?OAMMR#-a9h&R2GuBgkAr;!!-~GG5 z@y(=g^c_y&{Cqg!7sj_~O^N2gnGnGz5nIput83eyc@V42qc1lhvXQ4L!=)4DOH&|* z3gBeR*~N2y#k^ulaR=JQ3wHD0VgC4MpO*0G*jzQ*T2FcQGxVJE>eMbSl;pX~a4olc zc`WkT?%=b5$T`-sw))7;cw93#J$(Un)h}pq{KHpBNU)Gbtxtw~X<^J=*H%1$f#<`B zc#qoVCj>HCLS`uM;oifrCZ>-Z-(G%}Ai?hS;8=ts0;||qAFO|$OVbuDqvHnxENge2 zALBp{i}QHVqQVQQ_Gso>3)iu%@|ttUp=D(vtlSgH&p6ongoO5x6e-tp&miR{wK@&Q*H*d9t@=-u>Vk`J z)SxyZ)p47K^WzS&UavU{!O0=Io}vSV+P_#h`f}XP=Ev$%18H`}pBYu+NpBxOc($0l z^j7$6-P`actQD+#>VE!qcz4Z>y6)e=6(r(IZ2`$;91LQ1Xw^Xv0rFh4?Mh1zYj82_ z5>FNzrZ*DN>ie`z`^^q0LwyR-iX8dXbVw~ae9%P3Z=^*Cxq9Dv0}mjr2PMX}hXdv- z2hEZ`CL4m0e_OI)_Z2mKfkeI{+CkA@!BY1 zyVG$TW=T`!XTHw&vqAJ})tvIWbxzfblaw4YN4#jf5J+_Upe=Uhw|eSw#7EGnm(-u& ztUrpnoN++e-``=P1S;G%2k7o0>s-BwyDq_IxtNN@)P|h86OoNGhJ9Ro||!-_NY@W2)BI=L3*aNmMnD_U$b%$$~%Bkxb#*rt1%lop9Fu%>u=&-)K= z=bMh8Qs`pDF@EcbXHX`RSVAbDC3-t~6vincZe&^w2F99_VtY5P9G91^@_+Cqo9 z4%-70D5P%4?5*6z$8&Kt9WWAu0Ru&43ckD`rUkpCCXDlxP9MDV&Al6_&I-A?Ls4GV zkuCo6ARI|bR;was@c^bSe*9g6|K9SPK204%U(UtAudix1hK55eHlrVHdzXfhzDn2H zdF-wd9z`>G`Fb}~M-FH8ed3qOKDmg9?o~?xI-vZ31Q7`pw}2!au;0Yl;#Gy0ipJ(Y zwON==^4jhQ=0;n_vnYHFhO^R_JBN@8)IFRV!A6t1$Kok42CGRcA?Ua^$2Qczd)5>k zgI3{D>=)!edALL{)6h^r{-seC>9=;O!962A5afD+NN|&0L)FpHqe>M7S%joe_7AJq z=h@;fB^llGOen?%9v_Sv?HcnHhz}U)UeG-o80?lw{>fp~>V9Ovj;;C{c$LpzIBCf} z)18*pT=_5-wAELzxlFp!c3n{vIJsm@Alc#ci?Ofq(N7nwTV-1rXHSb$HYS*DOiio)xQvK~YKoiE6Ms>Q&*U@O1MSKF6k ztH~o%sC%glu6_V+kPYhPJ7}kR!#SaugB~-Wm!#SIn%2JLEU}9`Da5mOdCQvaZm7kS zNm86dC%Qc>k4#WGIzm-GM75F$uGsjbFHi0@3oIVZ&Fx6c0IG>dwKypvtM5kijl8>k zA?U)tWEJdiUx#rKW20Ww)$y=@;| zpi5hYMQA+_2Wp%?646%2VmBHS{8i(~7EI~=F2RmLEE-{|I#*{Ut;SZ&raUI!i`!uJ zLHnX^jghWGNwy(+kOwWeGf0>uQ5nRtGpH>a!0;p z(oZyH|2Rj-VJO=+oxm>tkyXKJWqEw>I70G|&j;rLSq<@F-8Z6)xu&zDnm3ipd|pYm zW=gN+lS$OX?~3Y{G!2#z2xljq9UN5NZdJcZ9NxV?#G$ph(K<}ic1eL6-~8xbLoToW z6e7HhriNm17g!sp0vsWxup5cq@{*gwp(D&?7}bt{poWCu!XS^NWn|RCG>;LiZ#dj0 z)-$P5$kx6402Ldy&fk53voM+?bmy z4-&K`-fKO&-PFS4P)ugsw4hogYAq0EHi)9C>$E@$Y~)ryQ4YWaTHvab?r9QKUM&13 zr!IdYd%vXx<9mh>i(q(kEXIl+fy^5V&+Exk^C=_bkzedM71}v6SVYA_efpWv_;N=$ zf3W6-Q$td$v*cJeNf&mkwE;!RmLKhRn2vXyQpjGs?W?OL&?!}U3P;!(wb>x&E+;%d zR{^>Os{CjKGGdKlH?Itv6QTKy$MI&UrJYLeY0w2LB>Cp~zMb5Rhv@AHA1B?)+3)4*>pL^0jo=dugM|27#~T? zh6ES=IQgEVEJ?t_F8{(Oxzhc^AJpf~E!WRXI>YRG8uZqY2uTgN#b)S7~cK@4EbeJxC9oBHTo6 zK=ZKE-UvBG@@iR+;xE-h`O74@HDRb=CJ#h}j+yaSA*h-&wRtdKhAX5zfpwoUIYQr< z+{x+ST}N{|Id3(!Pwmmo3p%>HAs;EL83vXbX#`lpGtsqKwd3c?7XCP9`1plVJ+H1i z+R`;(V$6(rnw7L^i)24S5CU$?ecEX;{1sa(wacS%jx{m!(l)_C17&JtKKbh z0!5CofX2{%SH?$aPqD;2>vp_tCYe@>8eM*?> zNz$qJ(9T6|I>rv@N}dr}i}Q}%^vK&>PLB&e29chu(q*I>4@zOOfs9;2YI9IBB8Mb) z)tt-(zZ&1pMVVbxErJ9u$ZP~nUY(VxauAsz{#Scf9tdUr#_cTCIBKVoqsW?6OksYK zaepaTk(JKBT8md)xz+xY2bkB_8YcdA^Gj<- zV-%3a?wJC)AbBXNp?!7T@nE)*Rp)wzS2VV77O(PgENv$%8K#H}=Q(fB>&mN?f9kq5 z)6g)B`^XRfdMvuC#h~nsP#|n!0YT_IzfBhmg^g44!}S2u9?CKSAiHfuI(cseD;_Zx zK?Zk2Sl39k?0)tCgrxWmwFT}xZk3(IoaiMNCm+4 zAioDt-bXDM>Pbttvpa)CVMswhI2HWQhaflv1!3y!UI=ba!cVGKlWjUJ5$%)hhZmSo zH~mh_^-y&<>Hajwpur_`gF|qo_9;6^dHZA zcKhrBJK{-gTwxr)kU%0xr%%QwQpv4me+;_sh<}K6kR+96=-P-owXvzK# z*%aB9q=AXvsvjMyJuV?VI))j*pZS=EBOs)V364Sfg!ekZaWe|LzSJ4!t*3^(yNMC& z>iTwnVQANUiK{s~RCUB#gdH%ZB>U0``y{P&udTS}^t}f7>K9nr!0eiqkay)))Vo*DRdrApKW&pHei%=)aSRtDX--@# z?#`GQkw}HpEiI7%HuW7CbwEx+U@<~NM>%sD0Qu-EPO^)CW7eYkLTJwo_k^$q9xDo@ z?#~4ehg<;stu-z)sOuFgTy!f94ya}H>o==?qBgzKgf8|uq?AOKO@H;=eCOj`(Wz}{!c7IQ9uW$z_PjW{UA<^?%&j0YLhHcW=Gkw zeWhbrH4VYH6d^*7&Z=FU22(S+R`cX4-b*A7Y7}4F=0jK|!NbbneL`xwq-0A218Ng@ z-R&Wd`I4R`h|KCbsE}b!r6bb7#%T2fJg+@^I z34&Y4wL6D52?O%6N7>2XsNzx;mmpg|^{Va%QK6NOy*iryO}QHFbd%ce`gL_1lJb`V zq@keaV~8RQxR|<|sG6f{?m)Z$TAbxqG2)^hPG~4`Q}S`xcIz3HN6)w7Y_zySB?myuDp?L<<>5#F@_nhTvA> z%9WSC4eiiRNz|_Xf*Z@~`(8~87LwvtMCBTL@UAyRs$uo>6;KUBT7$dpNyEqb^m<5! z=GVE7+=e>T4=XH*i}g$HT^Oz>dLQceJR*A)uB|ZVfFeY!QEMTdgT+ZO3zcDq9Dfq1Ad$Enl zOP%{P+{iya#)fF$#yFNDgw8<=rKSgx*AoT*>Idr}DA$w8JE;7?&KJvJI%7()V~ooY+&Br{_h6Ru>4Y}@kV0eR_LnfM{8Q? z14O{ZT-G76%ILLA#%|jNeT_N|*z5k9_5)0-pteID*aEPPm6Sh6F*QtASee*-%XoGg zKOZA&ov>tgj$_Hb)2hK`%;4{ny{Nl*v>tv60q{(m@ zf?VjQ9kOJhFNcZ(CVm^9=0gODN`&}qD?^W+z|D|@dom#xxTOA+Q%9Bj?+Njg4c5}YBeD6ub?T(Rn)Q+5Y{y*llAsJ{vqw@Xapo(g8$mJ1 zb^H}%P@daW+qbCVxtMU%J{ENJIdqbqvsU2yLYMw-?moVr9m;19<1JOsWqYSY&9Jj> zkbAR3%>?tyT=}hel(;qoRM~$dGXuTFbVE!ur~1N4x4`78U$71-Ytn082yc^)Okck0XsuV%@E|MKK(uX}m^S8=MSICLR z8aEs%JJ$Fx&*S6#=qUDm-`8XAu~B>R9l@>nHhg(%wt=WA@C(AhVg)Ce5I7DGV=Bns zw>QGaCd6Cn$5Enpmdj`yup=o2#}JDJKcfwUV%C}+M_-}0 z`)%do_?MD4M_BM)@r37@%5!Abco>j)OZAV>ck6-fbKY%+Nc`{7(lud{+4@sQ|NSdE1`35; zh(clM;bXy-zkwmD@Sih}74;oaC_*yif2UB1$rn&4dX$o!w3b`)^0<|ow#EL=j}&ah zoKp)l_wPzcp%eZ5u9}icYe|{h5Ac8X>>0a1BYOyuB`#i!9Y@&!#qIqC|c7I+=b3?A!6y!?z zbpi%c3)YwJc2d>LoEwY;Cm_xFK3FX#yA_Wp|yrG2^w9CN1TRV9OYhN*7 zMqQ&KmywG4k2H_`W$^LOr)ZJJMzNiIk4L~j9}#boyo?Wz*VDnOZZuF`|LUlGq6I#( z4A@QA5;{Fk>z@bVN^!sqXa(69VamBDD{vBl0rV_l*Vh)9G3SFyfnA1_@zUoj+r7XX z2yCPACzUSl)9jNI2Ekse{yWoYIfB@&=`IY39lCIH-nT0bbN>zu(E8(d&mZtGs3=gw z)^oJ6H1P)Pm=!Nm2a!fu+M!fr;M-Q%|LZgODpmhVaT&BH>We8q4Zd>J$zY&Atxo?V zM8r+dYbqri=~)+HPP$MNL{ubxWY0>LjX4@DxIy32R)4MeEM`Zhk+4Fqs)&}>2$&M( z33JYdsd0uVx4y(o;Swx^&+Z>jcXF`&1Ptl;*-ZZtp`SPC>oag$ySPQnU}}D7n2saj zDKk~9&WY}c!lA`v7PY(m(#kwp5fj`Zy@U5fcR>}SSoOvrGn_Ww{Ih4(Pn3KI4w5~r z%r|+2TNJV1<%*{H>4va=uNikrPw~VH3vccE%Snzf7TF!F$fDC3&>E19! z=nifnW=UOOAS?v`BSwBW0`}+zYZ1~IdW_UD7X}(MLx0BNo(y0C17sk&DDx7dDt>V= z$j|RHbXI)!%HlAmO%RNs`#*9_*M~>?TxcSrX%JtKcoP=LBl2!4e(%Jx(^cX7h3dn5 z7Kr8h3Bq`92qQXg^>Cc*nHmHi(`_TTO7#3h@W=(NDQiWC+xKHJg6pLQ;bX;Wf04~T zf3m1S5S;Tc-3603LMOsjh0|D!GBLb(A(iuFXRyqir~j2Ce<1u@{;tREy??A)N)(Pi z(e1!q5!qGVQ~0{=kBQ^72I0vR@-Rj0$fbIQZTPwnf>Ao(DYN@S1nnnZQzBnqyPzr| zeFk%uQiL$v{$-I^J>&Z)D*9f50ec|(^(|j+etnFm$)SbQdIK6Mf1;7;I`9am#atYY zg5`-Hbp~(zpmbD7-UT`QoJ(+j?yuMWCexc3tMq#YvZL7Ch>XQZniCwA7WWOl>*Cp3 zClgS>1J{a2s)gv){(GS;E2Hh^8|{--#=?}9+Bz3WQj}vbTK*mpww!$vqN`9i_9v0$i}4zA@rrk3U&}G<^Hnl>ZMl%ZU)afn!N@`1N1^m;*-8 z8}owiZ(o%8iINh7Mm^lYZn~(NtU&@gB?@vgco}<#@^Zq7f7J4m!MEX374sZOnx*SvIl`E~1n9rQw+xc8(!BBBc|TOaLdd+?wilBP&!BiEV3ew5AG0 z4jukX*H1J~1JwMW=wFRw$ANIl+oy!1`>#ea!uM4({|b`)39KPyDlB0^_|3_b5-_0a z{|J(v4n|N=kbOz0^8RE7a|nL4h(@NVov6zTP;${y-mA6$1{yx(f;RfUwrvh#+UXdT z?6!%cL7>3~vdGw1#^kiIJQy8*jYz613=^-HFTjis|5uK}h!{pcW2C(E3|3rKUs#fS z=zuwCdIT}J;%2q6v7ewFMR2(3qF$UItG}N3OgYe<-q@I>$fwLFr`E?Fh;kB1u~nB! z?rY*e+{F%@g;aL`0!UKrU)zSmNBPVwTw=ngTp(;=Pt{4IA@(0HNlzR^T2EK~_wI?8 zyg@F5^2M)xmGDBF5wj(1*wS9Wh|PpAqcKL`@Zs#%sK8DCN0Ru+Gq*t{y+lq_G6a_X zIO~5@vQU_S!S50Uxh`(tn-iT%g3XklQJ=g}tnY$Ag<+6Z?}C%a_22Ua8b!(gb57jd zBRB&iGo^2Dh7CtJ$XiZCTLO0TtJ>>c2j|%$P4@1fT;Y%Jf-vV^|CBwj&^3rf8&3_a zIs@%_ID^4`enj7*X;4v}9YUXyx2JfL@zs+=7bfDm7CVTsV*8f1k5`ZXO6vD74SuNd zK5)_RKSkmGGgh~#xLN$l#K(Ir&P#)5F5#so!r%|{@a%dpUZXQx(tNhlfXd z;>z?i<3s-RE5RgmYKo-0!KP^v-ho|MXzwvTf~qebYZ1h$x28_1z+OLOk~aE$q|J*c zBKX|bd*WJ50j>@64hDQH5u)$5o=%pB`-tE^HMp-fZ>*?4`r^q3_hAj1d3X<-`v39P zdZ5`mA={>^H`yo*BRWoEn~pp~p!i*J>r-};#P9G>C?t|C6E8`31RA#AYU7N?c)&q9 zhQM(%aqElVxsT;ez-{4Mk)qQm8JIQvUPjyXanB0D_iUp0D82CPY%8zo@?0aMN~Z(~ z@5(}Z)MEu$Gu2=~DRTBsoa-ZJ#4Yenp>juxEINLC4h{;xBxHLzh}19haR>V{{!+vD zQD4UY7}uaQLm z_Hqvf+;!Xk(vAUtgfN(D9$rwW+LiLl@mv^-;|9qHexxOD8;!&`60J}fe4@MJ?0T(l zI%D$AW4s0W9;}~qNxA`C+!5J2Mm5sEEVdG(^e!$*b3_EO_BgHn{GOA#Opo$g^jL4E z+T7R(41YLYSz4%%dLJo+|6#;Cc{?5Z1l**h^lG}0qNJQ_{_czxF`=R&@5pCxz$pZ) zv9zn1W$&bg6nss>_)RGyG=2t09v%xPd;VE`l@oOnfD>>jq>btB7y4o&i1AK-iC4SrKnP9UWZM-M3+ZEJ%@guDkHG~~U#uI-zb}@+beTxVB32~}2d+t;cIOudI za+#b*Cjy}!4&XX5);fP;fW9P{Df z;o;>im^vO?WD~Rs^WqCM5HaJz>bHcGlyt})b(U+q4DglF5=ytln ztFB6L?geVAT%!2tthfO`8iNQK7#QNO7y%svpZ1Q9;^y=*%x81H=lGAE;KRW@-{Ygd z``b&SWvc-s62n!lc7haA;p7w)LBYYnK|%2U3UYEyEiFsi9)z`O_Lz^da{J^luYy9$ z6{E_nmGOfoc(fO8Jf5n5a(cAnzUI;tl56FVEJ-^H`>?tXHW}xKFM?>;6O9W<@bU4_ zo;^!UEaAFhsIQ-p$NcBdpHrC6knb=!sAwjI2x@@`139;2WT$l6+uPNWZ`l9c?G7TO zI`TTs=6QANEyxN!r}2mlk442jcdCyLoH}1!`*5f1(}I)r*&x!z&mL$aB_YgL%*@P5-@VT3J^Z#~!~O+iq@<)|WSSjU z1^BGGlRdWioxQIL2@SQhSb=O?BI)AYXcV&hZz>=kPdB$4A|k}p{MH+@ZIO~k}XiFP@|NF4}Xz+24uI^Eb zLdb3S)cJVp_Zt}+!qHl&7SuY+D`}(zC{^&YYQT5r!0{d7YwiGcP(TCFVqY31X>Br&X0!x^AvJa;~w zh3)mGOW*lqbNk+(eh-R79K?`R%8hKp6`08dbp?vxai~oYwp)j+EhzHmo7`$to~N*RNlqXOL`&-haeqXKn2QoZLIjY;&vVnbv3~P=ucWtXl2; z{rz2CzjF&}HMWT|zu9jue&c|HOyuWaV32m9RFq{16e*+~cuF?k@3^7;m=-ccI2Q1% z2C(5V*|ygmZEXpB7VZ8xgj)6l_>YY=G`^PG&%9MldYeD=W#DT=0N%mY!e%p-$%SzF z5q$)Sb3z2Vepdcv&zXE_nU1@6@8Xisdj0BU7?F-?{QUXe^6Axa zV`=34i;9X^RN|gf3vgbEz&rX4z#17w1&K#I^XFWwHNn4yoMXy2uHh67DZ<9XBe^8V zEf^>ICBv|}xw$`EJx$#6Q%YK@!{Wd@kdfU;(M=ap{F@AcUxDtT6>C#d5^d)^dqR-p z@rsFgZT;%g*Viu!V84CqR%fBvXBk;p0ARM$?Xg^-A>V5}%a-Y%p*1x4Tvx{C(|l8t zYJTGdkt)wGT)Ly*O!GUjh>d>2`fF=P)srRUFntd9{Qa?Di(G7MR)>4*KYsiu3PAaO z1gmC{eR{aRQ~*VItUzz%jL%={DzMal$F&~=}p$M_LFtM}qmaFUT*q9-V zlb@4g-57YrYvZZI;k@Lr`~E_@9gZnoh5JY z^L!4B*YHnsES`Hsjyxtr-%G*baXbFI+mkHJBpQ^+%)+Aj>S{(wi5ASs8_;mob7vU> zZ5weW7Pwq>@$G?~-=h|IPl%9#^6*NLJTAjWT3UK(s31N?#v5@V)_sg49H!Y@9)Cg8 zeGb%sXbxeyEoJsSP=!Kg~dh2R^2n?w=k2e)oLU#34v7la_w(Dm{^pGrHL zWo&dsOvM>PxX9hSDSmvoS>?JKM}v)I zEJcO1C9)75W`dm@0HD!e=fvge7J%p08r*^az-?Im7!Dhe)k4psft)@-I(t(AB*w>P zckfR3NFIX^$+*`Nv9Rs&knO`0-rBvp;Jb+~3C6rSWndwg1eTWa;sv8<$e^2thwb;0 zg`e>zFtbkmBLg($V1Ns|KfvVDF^7@p7uDRc%WnpPcb90|OcUM4|qtjt!4~JG@TY8^tMryqe zV0))I%3k>V-5!G7WbRc=3yX>hS@+ggn)LTYFC7R`UAk0dGr~8*Vfzlm;=RAMFjnCR z@b{9S%`lv%uI^A{V`AS0-?TKFSx#s(PZY8PEl60V z_szLewzBr)Guy3KYjBp}B+5i0j~1OOx3;!mu@ECyM$35l_`VJ@JY*IVI|P8|4u@fm zC;j2E(i!CjkKXRz>ob0KIrYFKV5?u|Gj9d&9#qrSGcxigD^dddv?~OW=39s3`9@XP z>VcoU0R^-RUn_vv4*>@3V|#bk_uzM#LL{wGmtao+!uQgL^D8U04nNyr0k2-Y0!Z1^ z)z$U({zG#Jj(vT7MVbi7izWb_S!w#Sg&~>zMAx>rDTMRE@ua4vPEUT?n0=`Z)P;z! zaOmYli2L=L*U~lI-Q5W)^h-cVM?XEP^4MNXva20=ubpe)Q@S!nZBPp3bcuv3_f0jpz8QBmN1JH|+?Z|ezDb&PkJ*YLb zt*xy(9cyso=wQ{P%0<-{myInOVkcs6yJL=n-tFBD4Q3Dm0ObmMY*`l=*W~TR@;J`6 zM*lt7h5W1od^CQQK8Z}Ws2gWSiQ!z;>XXs1u&|Dv9xB0nrI)M#P$>jgRw1$CzuSZ# zO@_m3nxPFi_AA{0ENZ^(C7a~I^7SO!z2o&rU$9y;aEzcgrQ~^rzinP z)gETH%jV%_^v7ynfUFv(9{UO@f?UKUVF&Y>FX1=Us-FY|eAYGbX4xQ$^YQU%w3Pll z;d|_zb$d>G4zQ6ij15MQWm!>Po@ZRM584mDkmBl!4xozK<0H?|Q|L?NGOcB!@!Rx1 z#YjY+W?*F3vdQb!r6an?CpTN3v^ZY1`&#K`V7RE`+}X%;nQ>q#JIflgRv8j;@s;yB|Qg8m5PwOxs$-h&kHtn+F3g1Dd zF#{m)^(}Qp#kH-i7(VJ!@ZY!c@a#2>fql4n{*dw@FONHV##Xko>RNtSWF(a!A@$4D z)Y^M3#2i^B-rL`VCfsD(f7Lmii?26CIBmM^i)*xEQ5vCQ8 zyf-K)G%XAfCN&6?qFBF-H;N<(o!s8896f`Dg@vu#duL&!IJ;24S_?Ps+J&=|UYp^2 z74SIN=Sz(m+X7eUlnu>>viqa+;>S;iEdJQkD&zdhmPHkXmo8XV( zHwcWDU5TLyu`w}CDjcRyz%t*wc@vs;@FSQGT$}FU*rFRab6_!Hu@N+)kY_dZ1T`bn zl4!FBX_@XjAzHD7wPV^E1sBpOAr0G`cWOMgi+dzSD;%xXv+UNs>6%bbQa(#~Gqkic z@MH7L1Nrv;08n|O66@%_if^-1Q)>&^X%bt#vi|dNadF@~?FRGo{pTC+9^z4*FQk=o z-os`Q6aS=8Q#sa(y7}0}#l^{qyqX!1LK2_Fvw{M<&AG0d-G8eV`m;NTP-F7?`XhiP zn|uBqZuU^P75_?u*s>hTmI@R@!BmB)%W^vDd;GK#`cq5NS_;zkZze0qM>zZ@Z``<{ zD16~6Bjeq%a{G~yk!gj~5A65Weti9^(I6Xq_9CD2qE>?}Poc;50|kXXy1l=LhuCTT z0mw=54+i8&@Yd<+vnikQWm|f^M@V($?1igR!n`y%F_w^uPX}MoFOoY%6P8z0R8&}Dru3^2g{`xvJukZf-`&shg230PPv?+M+U>!A@ z^U;X9+*<2}kf4?-roV;`Qxay1mdOFm3?I%x;Aa=ZHu^c7m`XB)sS2BsA_yvgReH|f zLn%9g-L3CxA!!|$f`71q4Gp^-t?2 zPS*((0+BMkEYj^k8h689LR_@Y(1k!sI%usjIXRiP?$7~zConFlf{zk`AoB32Tt@q$ z<+E-d9>iI8zG85@`@7V3+yfFJ|KLB$LWCP4Av+mUP^u!5115uL}c zjIs%jhu}AWl_<(OB?tt_#Rjs2?WG|guNq`O+=WB&XN!x8IfN|PKe!Q#TqdO6gS1pj z$Lt1WA~dw5drpV4nJeVv13fi0H3jiWHASQpU=$?tNx+bN3BSZ^SY9vSX)P}&7dRD4 zBEA(h6*~A81V&6Ff=|nNbO{?dXe>DBiBvzgtWeoShJ>mrBu-dl7s`2g9l{p(+PMlq zd(#1>BP#gGCLuCX9Z0KXYrmh2OiVcHT6PRTtpG(rE(Qun0QCB0IPjY;#v||WjbEK= zOXR=5(MZVKs&@MhxDqzCWIZ^00P=TAAAHMFhy=U=DNs94Ks@4NVw{|u=6D|yhcO@6`+`#?phpB& zgX^LZary<~P7-*?DoXQMMM+5sQaMJp%F0UMFK^GvEuBApKMM$*AQhjmkRk99%t7%V z`gSKD2!>d&7)OM<%F&wLqo z9x?)2Vq1&H9&1lE;U|Q&ro3mztWJ&!oEbi0^`w zoxweyN2Kfp2L~ksy_Au>QL0uto~TuDlCOjv-!79o0Py;IFnR3a>gww3Oe5j7m!0NA zO-pMlxOv_*Bo0y%x4V$J;;5I1tk(r@IT_<;1GPR(up~VkvYHUn_<|Fv662tb5ZJgx zgKhyOytUA;5`V=Tr1-teuI}-VM!?DK#5kgiwf93LTY46Ocw0BfOw(dYji8 zc4BUPK<7&hLFf*^Bl+}j2nd3kt*x!YkVH;31dNZ3NgON}L$DnQP4}KA%y@5d%_C*c z1S<&r2MR}L1_KH?($WK!#p5s0o3upGczbyP$;&Jn;txBl0q~k4;tWE*efMtW@{Qgi zASAm4D5gMu>X{hx5XHl#o7Lal30~mT|JbyvS{O?6r-s zpDdJU4D})6tb986bnf*FXYZ8R{_e|a0d~s4!NI)c$=liadBRk;AtTo_sn&$k1;!K< z6lYRH5}_KnuSX)|H<0(jvCbUS;qXgW7Y{po4iM`I2c)eX8ywsMdRb-BL76{OZ_u=w zQew~Kw`b7t6eAr#YouS2KtGwme-NHIlOX9^yG&0Io0KF91QF z9!Vb-WCFc=A`+cXOM3iE(jn*0dGiPcEk&S7si@*1uU;Mgm<8-@Q89Z=TAB$I56W!E zIiW17UNA(M`U`5JZkap-xw<_K4bro64Ury*m($bqx&8A;zY;JZ5pD;?%z@M331=3+ zhPTk5BNJI7c*_ZTBrM!!7}|&9+Vhcy#zu|Fepw)a_g$oPcV-}7n-oStEdoi zr+*^HlsvEuqt))kb#=$5NyO+y!(`mu+-@b`_*h=9=R%qj+h9s6_R)5{(x2^n2#}nu z_T)0iKo3B$VwhqQ6uGD7D+C(2NB zE2cP3kpafoOdt=Bp*ce{^vzF0??4&h8#ivHh-^b%4Nj0+#3^U_#xt_>=lN{MZmiGa zNu6$@JCl=;RF6}zj6In_0N&Y*2A)^Z5Bgz^-(oD=2VoD0Ny^KYf$k8w_vP%P>cmEa z?i5iWV5tEUj!38TP1{Wk++rX<+PWl9Jl~nY*#gW` zod4PJhYXzto~e54s|rvDT^${SgoFo>aKd^Xmi3HQAFNa%{Gz6m0AiqScW>X0o(la$ ze-v$`tE<~Ub{i@?1C&eB?9xsS4VdCTicnZsnCSA2wG`J0VOW`^QiKzKsT{UZj+(%YcRz*dH7dS>J-z8kPs;sEEKhqUl$Hl=hQgR=fNYSSt zM}~YhB>7cB0>@rG?j1!XrE_8*0b2XBWxfUP2T_?l9C63z)vgD8`35|?>*@roakA2R zDV9r@kB@I>b+QhSVlbW0@W_b1iwM`=s_*d~V`E4PwbCKBGPYa{|1xX-jm|SEF_F`a z@x-el|R)`Pn%p`JCPEuglBJa04`X zP>>qpJBt{3RWGi}n#qRLftATXB7F-Q*9^1$#^0ON9sTOdf+_}P`??g%xIAta!B zNhJm&34T}Zfrog3~Hb)EiJw~BUVs!jG5v* zx=mw{3$hrwaDYP_H|0&B`xIIS(ZS#s0r_w+h4>e%v5AsQUVB zb_uc6KIdm+Qy8?)X$GR_nWht78?KYfayQtJ(!ZPRt3C zPJgyWJ_H0mfMrlar=IxH+PHIa`5q48o7b<+tq4U1i-6JMF(@Iuo+}TdQc+VQGz>xN z9YaHIH^u>LsAB_dO)0$I6iNo^1_17J!X+}A68f$cPa#Q?WpB*tJJEv=Btc(EQ^eF|Xnu#~ZG%0zF zx!tTWk(^wrV7|eU>k^;2A~WZvOF}|bE%$A~X=P;vL~@s0W(?X{atv-k z4A9fAJx8qE3t`BtI0kVoDSMyK29yXH68`m7>yN{AN87yXvdzAl z2>Z42e4BotJBfvXo5f)>eeK>ZAi!&;^{8mFl$4a45oB3;dAD4!i99yi*qTXDFC5e^-mKadI2#Be01 zJ1xg0KwvlJC}qIfXlbuF7^;@qjA+c>SSNXU28~A3i~8dNvo5*bL^eGSl_>gOSs zT4&@9`L3kw`mzpa9jV*-{&0F; zL_|dSk9@iyI8PQ>^eZGp6hn8JlsAM~Hit2YhH??P(O^$!l7Q{xinj6z0d&MD>Mz)p za6Q}S@BZ}s{{Fu0aG~_!*l6$4HVBBDlk>df_wjL~+;|6mP=us=;`pi?8%kgzF0Jzkm=>Y41u9vfxXA zZV0l=m$@zWp$p-4=gmiGe0xWTk4gwJl+V6jdW22~e-kFgFm8JFa5L>#Ysyo>XMce$ zdIoY4c86p|DqiEWL`1PEGD(PG?R`@ix_I^}s2j)Z=swhH36IA2tIR$>4Zkd`(QZ9} z8$>DuSq=5v&mM;DoCI7VYUrI%oNY=^PlrCeXUT2~9yLeMzd$Cu4qY~+!fJ)!)=gZn zA1w}kNXk1+qO79ArkcpSJ9`1T1)+NY+=hmZ9~6Ui2md=bHIa;gN*0C4>6K_|>s?uz4gjb6%W!YfHPf61m!DfTfh&juP@E?&IoKR=-b zjYCkgkW*V8DlmZ(N^|FX2xYINh4g@g{JK;BeQIuQ2bwtA5{(TEAfXt5ICaLySX@}x z9ZC$w#>R}n6Q)o%gIxdo>3YNsg>2LFugbX@xcF266np8pQi13+nHax-z&73So`TD# z*=*yEj*c|9>CnSNuV`5yf^M4?BiPnvFbxhy*Vx?x+6I6fi8?R!8A36~`em_~ZCitP z?80e81tlbmJIf(^90!Rytm>oyD9pK?#f&Qjda+KGhi69eoOSa^>YT5dtjb(>3YX6> z081^;FEZJy>)pP64YHcsRodtygTR3*;Xz`zijuea5CI3Z6|5kN#cb7`644^5La-diPD%xl{t_+EW@A1Lpr0;OfZ6=75kOe@3xrDa_ zWU`L7HU<16Hdb3lXJV}%3UT!O`PAGdwO){pynDyjlL~EY-ZSAsNDCW4QDBDe>{>KK zw--|3hDvYjkbE?o+4twKe$-r39T9+LOQppC)e(Mxh(7;cji$c@KC@) z0tPFUVQ8WQ&L@9)J@Wbm3fF;4F*a>4Sc;4jpm(qu$R2n`PG0`IhYnP85C3c`Jiibf z!~EmC8I+;`gt|wQfke0*E(az6VY)XYJ+3S-{{@a&;%-w2WNzT1b^+3yAtt`UUcSjy zz{SZ4N4p04z++rp4tk8VM_;-9y%7#H*BIZkNdP7_6*_1iPR4r! z^*coYQUV^kE8-UIF*TmM?F6J3E+Cy2ut{e){7*OD@=8h`LzBkQR=+y9=nqHDxeK6f zKrT@TucvyhoD(Ky^oBA6l=VA1I$qMul0XQDE-s{Xc$*Fyw~!7qh#n5k&X0f}hsqu_ z46w7aL(jmKE8VTFii(OkKQ;Q^f+;MmtU&tmAWS9%StHHHM%WwDOnHRGgR{GE7FYjN zr)4pw|8Cds)M@a;313nGVs^@gLXHQ2*2W;?$Ljv#Aqp|XJ(bZ}uH*08P!%+{s z3Mgu%+&(KWsV0{RG>nG_-rOUE#;-pn$NTZifI7%9Q?Tfm0!x7%kzG@5b;$&v1yl`rbx&|Ou$gMv{l9NecES8@ zqr5w{E6{rCm*@pBZDL{q(--s$w6M*b;0*HVTX2Hb2socbDB}Z{2jnc|Gp+*nzshCz zLv0dTNy*^@ToV-)8!M}EwcE98*KRv()h!Hu7=?Ba7N7ipfPkc=(UD@S=E$cPpniV? z8fcoss4VdMVgw!zLd8VRg+LD)j4B~_%4(>#J?Fx?Kn)4-`CnKX6-g^JJuW$WewJzQntBEO6Oom~g5bVR#-5n`@-X`4!D#hVe5%Xq?h-SA-*u6vbLgT4+tz{=M*Vaw#yeW1s{{wkk^qq<7VG*AtL z*o~FL3k}~Mj(++L#T5&lO*5vG0dl@35vL(9GI939BB1xKvb?;NI1`eFZ%7>tniA=S zJ_CixjO%xSw|cD+P#VCYX9ADDZ-G07)FuX+I^-Ej;AMg*OVBt|&gY*9O^b!#PnOBw zBi`3_xX`Rf^B3h6Lv~RtIixKRx@$Q_gE--+mLYut3n>byhnE3d!nf%k8$ns?cti^U zW&l(>doLW~_rro3R#6;meMq22?do_$gC3Mu zBB>^r(>g2)8V`0L4_dRrAQ^GXlE)T(^0Gcii=v{UPMyYWCB_=fB>m2T3n3K z4L{)4UD#d@nJYgusDLy6R$yY{5|wn}+TEtkgzF%*8;*0G!a(&v__BcZHRu_^#lr*A zR3Fp6)=T@57Teas4i!A`*#UYjM@t`4u{n)@0S8@%^q{76#+&#ci~-Oh_Fp3De4z^k zU?y~)(L=le>OlgA1`iHhk?<~!XOjnMd2IUT{gFRE0kt-#0_p?ue51C#E>|IRzC;N8k!~t|F zIyxHGpZvn4@ID1ZJ&&aiWys9l+uB5jcfnKt{Q0vKI&z?=qP-g{0}(Nx93WOet@KYH zvmP5kgA6o;I6`+7z~t6$tTu2A<}J4e1EieY|G=B3d7WKd!0$bRz8gBPwI{5+U%+_x zp^Xa)QTtFd#uU&Z1iD^bV`5QUK99@D|VW@NnIXF%cgFLaAS&<8+};NjW~C>%Dwy}n)n zJ==Nu#mkGVE@QMoy~dy$586j1fo-zZ0f~dWz7-Z0LO&F=eIZ@PMP&M!&@;6P5diql z?lehBcntx(TAP}=BgFPU(_y?CnwqZ5!`FbFSDjD_xdRCY(x#}Pp#fMVGk=sD0z@t7 zWll~G@c-(G{Gnv_k5A_lAukyD;dC2z-|FUG8F>3~nZCCO*l3_{y`Yf@lGF}hgfEkm zJ3%WiQmm@51d5r2UiNigW!RnHL8Dne4I9asQxaoCA>$6J3RJfoXXq( zym>adM4J$oq@t(MHH`N!-(KUl%S&@lWNuxa_*r`KFMLfG&`=0C72bFocvlR(n127m z9&Mo#v?@A0~N*R0;~?uJdkOUy#r1^F|BB*%Su zAB&;))a2&Po9E7*gA5a?F9H&Q^!r&@*dvjTph6IoSD>XDV%}=is)UeG8H9(A#)Z$@ z%-f;r2ZdsFb#)aLE~wr^6DlA}PEIHwu)cg(Sh%(?Ig&1Y8gh^nHQhQNZ^%3(kAuR( zRDj5(p`n4&KGM4gKo$H7oNuUQK0j^%12p~tsRMWx#HXUJP9<0gM!rZ6gV5XHfM9UIat|hJ#qE+%4|uO%--KX;ynq8BFCwBAnpV^zC?t5m)470< zfuw=sSOT+v<`ggopYWO?D*ts8uke`#>GU{E>+aBaMgHK5y}t+WPO!PSGLP(=P`+$4 z|GMA=g7&=a$$xPD&;pv?){MU^X{f<3~BlwPQ2`f0oUX>o9c_vm|>2{Pg!2yq^z&Lt+&95HnzTCjPlUK+`kRgaXX^Z^62l6T^ z0J8yB82lSfih4))$s1?&iR^*Y5SI&avf8S7qgddVCVI&UGI0MQ*TVmee(79^H*YCF7C}k0u57LGrUg-@B0ft@!RwvyyCBJ zj5N{14`;wzkcki~Nb662`~$hE6pDQG^1y_`;xX_0>75Ef!wYs;jhG)@_%6jT5R!bj z!PEddmOk-Jm>1sCKf%&JF1bCQfZh_)CIHVwQy6K$E08?EXNI^!$GDIE8_au>kbe$f z!QS0G0v3APfaya`9hbTCO6sIJUv5dcbo%pU+n^uMn-f0bWbnmuUbvd~;1N~%gGz_K zCR@<2FE~HcA1}%Dzw(O?Uue{L7y62{FNcApkDdXoam8_-&+4t=7o4uw8uJd_$&RU$ zn+LVVTv%;us(Ll<64&ueRk6)>#7JZ~>kj(A{RxiLG&zOpy&?TdyeA;4z4Py%Vk!wG zZyc1=47S+>+-8v7W2~>Ir-)n%_~(+)%2?gw1(!uG6pDHvWgkU7@BTRala_}9E|=`L z_Eue?-!voN*M{5=f)65SFI-N`4_EC8SN--S`{7J~X%8*IHoK4KPWz9(2bd8U@UPFg z7hd`6E&lmi``XmojE44BQ;Twgkx%a4nzb88RG)tPnvGtsbNAi((bPFMJ6@4AL&9n~ z$7(f~c68UKQYXoCAf_(fzue9JaB}GF4zbXYFZ|TaJEy&s_**dTgzyobba~9+&&lui zn>XCId-Kzd_Dqqf7g_Ngw>LGZCM8`3wkdAjo;}R%c=6$ec5c_h=IO=7<-MQlLwKKT z6}|CMQr_5RasHAdajeISnG}R8ABJ4&4(5&qbm8Sy1yW0nflbrS!`v_(ZhxYsDqrvE z@bF6>8gy9jUZwP_GzUqN_PV*R&wg*MBppn8JaWZMPLIE-`F39VPkfY)P37-9f`^NH zB$ZWOwOptuB0ACNgpcpOOvnDfoS?xa^%-69*6!BCCK{yVddaPP+Te zU!JQEb^o2|*CqL_3`?zlaHg>{S?pz(70H#k$$k=FI@-Lmwv(^+*>!Gm2`+Cb=wdUV zqRvUbddY~ai=NuLS@dPGW16^{!=nSES_$v_Vr zM&|-iQdh9e1kX#5v`Y@MYjGX@oVhb(H-7284zk@sK1mDyOOFnIWNt+Ix0X>v($M^A zizI$si-j_^@V`p(;b2+%k3s~5{nl+_fsdk^0TZG)9_UA@>PTU_f|=quYZMf^u$ zhoDy4d+%4$ z{p+~7r*;y+z$eX9sKuW_g}+jfohe%Uac%D5T3;FKS|15bsAx;5xIIpj z=d29i75dj5KV0rPK6El;*rt&Z7ZDXTrXJZJ|0^oATcF}ih^l`fLit+$hf$UL>OgS( z@m|>__0+uEj2LZdTL=9N-d1u88e@ zl~OO`kN|y^esxhF9|y$v@!(++34Fz8Fn+y+Wm_193MUQJe-RY*>^3_J&FX*kUJ>c{ zFYM$fb{6SZHA`hHDPl~78GoM3obvlh7RbUtn4ypSeFNLZR5nlqSP48lTj%aYX&2AJ$oxe_igUSh`KdVfsK`oyFul|z-X0*v{SisPQF8-wYifS-9Dp8Si zLs(xCGe}7Y{j6`R%rj(^^l#V<$HCmp49G;E&INKSQGOLfhEc+o(V-{2PlH@9!Dh&1 zB)pGVj6Z4Mz>m4TfJv{tw8^wOR>F7jupy~aXJi&x3H58Xmnw-bz(UDm>0e71MOko1 z$dGtDrdM?!bERW5JY*!)M|K@WBdtg#*40STZQ{vIICBj)(Hc+x`o6gt`?vZ1+Iz?? z!qSQ_+Zr(&WWOk_sM6ZVhup``C9O!<)|iLLBPNyp^-o*X&QuXceM-v)n1r5OS~01$ zkr5F~h!W{nouWcCA^?A~KxTSEGCsI$8col9QGZws*``+lJ@YmFVGZPO5UvJ(QDG=@ zyB>?Q;*-|K(yMTPy0L#$V|0)+GI_e0f0X}=pbpG+4s3=XR>HbgnAUIZe4shK8znU? zs+Z9}$|kVAvAa8h$`x5LUe-YtWHAoh_dYJ zo!zJ_tGr)%p66V@>w4e!ob!jV*X%tr_sm`9-uZlDp6IB7$(YDMAP`tXT}2NBx`F_K z2)sy$fS%OR(iq?$si(TBHwZ*dbNNRAdjEj|1R~RQQC5EP#2MlP@pguIvTG};xEr=d13A>(BT*%F&yS%qasWqc-=T6f;?YREv z5h3%pkI`2X5<*_nKINx~C7U8%zMYrw>Qi)VKYk(blk2aR*u{PV31pPFcq9bZgi(n(*FSdV0evLFN7H{rd%XVw943dbq|e zo-LyJ@mJ;1;-D|j za)Ck|HIltRAS)G4L4*Dpg+3AxNabTF@0W+n2OSLj?L@aauFZCkpV~--D{*#rDp4zu zJqx+@!iJ|TOzB?a;1?EN8=;?yEMo0Xog?3RQVMn&Hc-lWQvIkP!A-EP8yygh=ho>} zK8-4(5%Ya7HTa57L#v=XFLj*Bncn%>rE=Y;>H1tMt4{ie@z}tI+Isr>)dMI6IFj~N zU$oOb#!Loc1}8=+LuH2cXU6e3#y$gKNs+CLwRcqSAciKqb-Y2eN&RH0nyGhFnR$f_ zic3D1pi0OM_YDUO5{s?$VHK)|qWVk4q(9S24NJ0~Z0R%WI~B_mMU^-eK@1e~;ihLX zM5bNZUAoHoPd`>!FSYctliM@a`0?L%1(!zphKhIJts0yTddb_IamLadCs$IOE2S)| zDQaA!x1ZvuK)jUUh5O*6L%MdaFnu2$i@J&7S>$2PTrHK)X(Ygudh)B1CTWQBB(<)jZQ1WQ~Cm~)#|plu$7 zyBXOCtB`DMNFmCz#O}oXF(;wam55$xL*;jhUYre_c^sgM&u(ve{?T-MSW!2s0_u0uw_s z%No`4ta7ej&E?I7*9#kU-s+TQ|8na3^1JSPU2#3*mz60ZWJR5O9n99rj^3%hr=n~3 zZR=ZD6DW4(1%?GSkFP)hLDrVF!k`1=u#cc08h6| zmVV~AniIWKqxY-*=(rfIumQnzdBIHP-nnnB%bGriUX}|1V~1IpHJP0|MaarsiCvf7 zsM(w!VmUn7rlQ^>UEh@FpRSB5kmsZdyQ0hBy2`qtPPJI-H z`6KxkIZN_OvXZF#C{ybnlI`{1>IZbYAlcRtXysszi)R-B7o(uU5H13zt1+PuL(Q+? zaREWM+Y%I{kq$@I(>o7ee{6h6`!F%AJZz<-{I>JA?KkDOkJmDWl7?I;Bc8z5e~l2^ zuG+?R!6~>Sq9TkV6%st7O_)YS(#4^pv&!CRl|L$JDyU2+5nZWD0ZnmU`4YkBvNMuR zVoeIYf{vy?CQPzSG~BdqNeS{+NO-s*(5E~5QHxoN52t! z@JpvDYDeolNWng&<}IRo&9z4Z;yZB9uHduQuQ#zaO{Y!TD`*PB)BCnE@-gqgM+6c0?&E^~2`BBr4d?Wb* zlXJ0iqw~f>a$P~Bmazbf$!crabE#@sFMlN2674mXIc}_?1hUO3(@N4;(^1o8RU=nuj2n#KS4vyEZ~AP?p1&Q}?Q8zf{Jx^m!nJWX zptUy8@pywdTXJabpw<63-NmnoY$>_9*8Kp;anJD~nr;sMg8OV}pm`d~y<6U*+hTp7 zxbtvYc`j-~!Tfx73Nsu0ydC;+e{@#um?+}a@OjcJR!><98vQi}>N z&Nfa9m4}}V-_52!&pRKepr;dp<0iHyhek6-bJO?I-?q626`XChZ!uOPdpmns5#Rkp zMXU~t@H-vQSttwU6PikQIfy;@-i7l?)uH}KA^t7n+qV~lS2Olc?L`HUK)uOsudeqP z1Pb5+fkIw^KqnW#{|ykxR~Q7^v;l#nGe97ENV0X0DhR}zrlIoCz;9-IZpRnd+Z4Ib zXLZ7sAJ$IGP@(wb+Gjpt!-qv=Du(QhSH@_gD-?aMh4BgNhgR{8oP;i1=h%9cf*o3e zmG`8!4o`=IsM}@tUkLB79vvA0S}5+KUR;*Nir8yFO9E8IAW#QA(6HmK04>qRfceDLN>>o@2UyJ^~#r~<`U)}y^v29G^&zHEtOv&QxEmghR zeYE86Rgln&z`y|wP{@Z@kmctZ<@mKEyi;pm+him4Y1i3WZGQGRDF`H-Em>?xaimN!wCSjL*`}D00G1BLVJ!4m97EL%Oeiq7EZ)0J=d5_ z7Q6#)E#Bq;taP&oC+~L0CCMaXTg)I>M$q*mg+UO(ys$w~uw=SV!2xekeB>r3ypkFO znui($UAX4@S=j`}(}4Fcu6$#lwFW()phcf5K|J~Z>ndWo?%jX`RwY3Ys&oQ|ZBH2M z!wrdPUrVd88mr3KA^1jVf2nJ8rBN3@3D=bRANDjUB0#k#U-Y7+4VWScQt|}1{r=7{ z)EUu{tljMgILwnTH=?A!@;XI#!CLd7cHgePxfUr6YPZ!a!=;_R4K6sfUcGwhV9zsp zas^Lia$ZmZy2NNQZ(_BSC&r_!#x%#EVEq_hs#A!WMtnX8*xnOn`rPCfgJLJcCg79k zKJ68!j4su&M)LHiA~A#fi{Ceg(2cNbm$nasICdNtx&<#{EazK;R$lUII0+J(o5hw0 z{p;J89rdX@+LT%3NpsQ256(qTj3XarF|uAd_RUWz=}39zD62TGP-Bl~qmHl1Xs;f? z-wCa$%C1;(BMU-gmazCFbD%3FFFco$M#Gq>xmtv>wV6pn(x@;62~wv~W&zC$a~T9B zzOD%?M=sG-jTy{<#tX98+zrGAB62v=aiaLL$brb#)gxW0d zdlYaD#4npnt%%GkZpFV#5#V~@eA#iID(T7=coT ziBCCpmH!P*7rgiKj_>tb`h5<-{EFDtN=E-cG>24$@A4Yp!y)r=_Y6P$wSG^9FDJfg zp%fU#j!XNvcoXcIAQ zIgw3@Iw{g1Z8mUSHxT!iqdrLs<>G|CQR<0;G}*h$&hPudD$-ctYlx z+h=St<3N2+HJXH{cA*}CM<`+kUp@Nbx)NN5dFQr@vGisJ1aGu7wzfWYjY79b9ay_? z&M|Cj3T>FcBgwQK^c{A&&U)NI`8>62lAv%SrJnk?gIXS`9pHYW*tcqk4fs5LYvO_wE*#02gf3);`W09A~dBm(|~v@@tWn23-29mdVNayII$h z#M+DjhM2rXa^UO=PgBr6+|u-Ah~_tqUOB4DzSU_yVs;tGNxdnD3D;qPxg^}C`QH>4b8 zgQILw5U0>6zPj5Lzr{WQIKuS3@H}(fi?N74D>K4VqmPbdpJtRxTMvyQ)VuZopyMa~TEI+fka+336qrepQHHEZ_V5 zg7WDDUIbv&Ipdv9h++HjtP8^;bzE_zCM0$ZUT#~JoZUwZ1VeTQQ@C&De=_Nd_Y>6J_OAJyxc8oUM5 zlieQ`T!t7*v+-W0F+%jstR~Qhw=_MXPQUqUMgkR1jb@cDy;h$*R;r~6?dq2#kjAcH z$lAqB(stQj^P(8H+9cPl+LeJ4Og?kDPt{t$!VLmx@cB#Etc7Vm*ZNg)hkPfspZRKF z-f83yb~|k+B2ZNBBL0g`muKhz;Zg0RunI?Aqr zDHAtfluX(&F3p`W&#PU0FUiRG39vUXL$mc8f9?&7-v$Pff)*@l3;_kzea&^rcV{I) zpzf$xj4dx%-y3F>LFUQ55x2;yCOz@ww$OAhuz)_0`9tQnMCV~CFyG2a?Ba}ZkEjqv zA0DuK({0xOBp2;eQ#7}xuFUm|+sfza--~FP5IyH9K22&o5pBDhiFeBRHYu9g_8g<9 zeAtZK54LVR!}sY6qoYfN0LuXJ$d5xob8R1VYr)2zEIdw1e2&rV;-||rCOROW7LtBA zK@a4LXcD3Ncua8R=`mgUNfk$ytm9{Y(IkYD_a%XTCIq@ z+LTbw;htr@j7@7oVG)YfwDGz@z$w*tT7bSVp(_!new*gj(=zq?lsOZN$bXGjO?X|m zdo^HWle`HpM}A|+!NGpA%<&4{VL+595}wcBoKNL_HQz`Xq>UEa6?;aT zPRh^uC7Ekix-B)*zjZ6?0)J-vB&(BR|B4lVEiET0!mqrlud;&U!QD8RGl!G}=;(I6 z?{Kf#>Ec!Dpiu5p<_>u`9MjQDxy3pi2hoCCHsuq-PEfv!QgI#e-JpfOpe&#=Ixpjx zNldG>uOtfQr!Az3d8a9@KUMJEHQVrSJv2axzT-K64SVGWaQU^vdFlNsNm~`)7Xbwt zw#95L)z1_ROu`{4DDu(k>KD9h1KrX{=rWMOs{GkHU1#O&g~y2>S(tjx}jQTw@TKd<(BKp=1bFdSopHJS$Jy*b*1Iv!Ib zIxN^;Fn3|#NqCND-MRxbj7c|dlw~_j5>1{2EyD<_hmt6K8!|u07LxWe)5F(Thvqu7 zWcc)#uv6b&KKcxqwNun9leQ^jf_IpC$A)@pQX!Bb556DZhA5QhEY5osAzhfMzEP$q zRD5KPC_(;&ph-ANOGiKv3wGI5f@Ga|)d_x-;DBJX;e5+TOeu@4d1_>FY(;$H0$(Bn zyObIS1oC(tIJ{hel#8hW{6mP$F-B`b@SYX%HvjgnGQM+P7}^0_wGB>}wF}|QNw=3? zOSy8L2fI=ivF8`MQ;?(F1u4jtW?HIpGp=#XAswKZE3aE~MQd)D{C>gQ@Hq#rYML3B zj#NyT#p}=bIFk3s2~}2lv+o$kfB1g!CQ|vQ2bZW^+J_;d)U)Ahn2 z1q*AxBP&lYx-d!kZ`IB($|E(OznwpxRsF)2UTxaX7;+~1O#9-6W@tmo{odo)5qxGb zyb?aSYcZ2%bmGFCGAwJyC7p zQ^Lw&7vMdUR{Xej(|4uTOUC!y_{&hGmD*53@D9 z7S&9=k#Zx5&8NVxa9## zT34;2d;~VgcZSFv8bW%s9fY1-U%Ep>1Lo_iVpoq$q%NordE^iz_lMO^d_tHeZg}fF zU1sP{JB-C!VU3{Duypv49C6V&X3?IPG?%B;whSe)Ua9UI2JLL+x<8RQ@|J15_0AMq zz6|xPP?nc$GWR%^UOcYm+Usz88#lQ8|$kzU} z1z*C14HaoSA^Jxcgn!^Vx*_Umv)ZeXhS>E-obgj8w3WPy1@R+VSn$bfEN#Hr^_L$o zP#;nRA^J&M1I|yP?}i^+KkKlZ8YzPD8ro3GI_u|R$bSJ7Zj~XeCZt=9c>VI zyX!&YhTjp3&EWK^nT98Dhf}CLF$Lndd~OYK6yvSZF3{Ea zWwe^2RbRs?B1nxk-Q@@kiOn@;f+soS$Vd?)nSMCtHPZ0Usd$s@#9p~?f1-!G-Xj}v zBQoMMM=`eR?%mWN>Hy^^)H{=;8U~)k-*Wd+@It?m55rP}`JV{7e>rEZdt}5L+En7m zk~G$VpD}aI_z~WNu@ipnepsJrT%}p< z-uqve!R(#>!|33B6NghK2XXC>>1T1XB0r{n%3a?!51rpy2yM~8+8*{iz)8#sMhhR9 zi33yA8)bO4x@w>;l$$Z46~4z8YD~7WH*OWiM53s(hON4=-I%7pg+EfM&BqC1r+>`6 zr(2cs_HjDP!SN>stcq!C*Kj-6^MvQ8+Ind48u6pA90@FQ}vE&Xwh2Btt@F8wJVr{ zLd>(Ja}-ay6QZMD1Yx6p)a8i`_8wsOT(507p4_XK{^alq+1v|ZoX2m78DvQdPHZb< zYDeo}5h%^N2~_R2b${TGf<7Ig4oO80XaCX9KVDq8dN2~&iCgM%2bYTes%GArBzAMN zpCO(C-UN=0f7(a6J2vbTxY5r{_3?(m*l~BCz3mY3tm2R~8t3xOW{wUfBl!@HmNl$4 zcXQxri+coV=cxr&QBd$cX{+9QE#5Y<)9h#+Kb_pk=NY4V=aG!x zS(M#VSnNuxE97#_!zzDAkh2HtPoMHL<|V!V_Sx)Z@j~GsgUq~GlYc`$=Yi(S36zOU zz<_!V6(O4bK%QWkEkFQu3q!lQlF0E1#I|o>$Hz3cEbvTJP)=oi?xmuDbk0_En=%~s z9jF$+ncFi2D90<*I(zCnk2w2`Q?}~A+IbnO1o`wkO6njsn03oa+dC}?Yq?)bU<&Mh zBUvdDHS@8IDhsHiM&^C zjR+9=CCNqC^;#(k<=z*dU3`{Yb<+@?4`jE&@w?|)X1l?C0w8XPk& z)lTLrLkfOJF$>U~3a*FTy%i*I)#NP>8t|-P=fZ1%{Wc;^@$gJrqw4pjN^Q(Y=CEAG z=HY3o*8RD8SN{%}_Nk0JjT}ZX0Z1kF$yqN#EWAwV7z3I~jtW?Tr;{6JI)CT95T{Hq z%v*Cv_Kdp9FyOC}3*AmwmtMfE$fV!Rm3%v&xd&?yJX;JJpr_|lG&}hLe%0xlyvoRi zKJIQ~PFWD!$H=VIVbNnkI=wjgZT=2#J!ayUOal2IW6GAy;#*oDccKR)2WlATW4F@B zMbI#fRsoB2xYuXd(pM|WU(*Jc=Xj!g!-VvzMsN!5h`Z6=Y-8(bpObx3H>wVUfUDht z?IVvN3`XeNyB4ZS-;OX_k=l+P;_i@S*kU(wHK`N1M$dZQ8@u-4#+YA|P|)UySyG1R zO8xtL;{kVf6T^>TT$!|vyXdccJ#rH6ckm+dmdo)T<%PjBR^FxbF00bt8hvJ@5qg~K znq$P$9_%=T6^2P{V8nQ5_G=XpA|k4dW;}ng9Nz*>4gV7o4Be3yK|{|)7rjb;mwqK* z5rsN*ab2Mr65oB&<}Py>qt6^sazKNX0B#SF7@s8`3xrq-z9HH;G|_uA;m~NTHt?RV z4~|^B9QjLWO!v5v{fWva?}f=l`P`1!!kUDJLGklSa+(5BAFNdHcqovVz9#47=zflM zeFI;)^0AWKk7=I4oZbZ9_)%KqdAL)uhXqOYC^O}*-V)Vgmn*0?=1w5)ALdZZ{IZCp zD7NnEsrM=-Mq8biBsnF8TcdNKf!hizPVk?_c=O3U88+7))*nb-VS)#hs>j-O1O9k2 z1P^gknwAVBGk5@=I5=6Ea_l?%YI-~PcZYE@!jCfKc9h&t0wv5Y8gc&=Umn@-x-MnH z2Tn!jRD4nfQI6*h7LOK;HU&nqv+%{Y9Y9%%z%1T(BYA(jo)jIB%S6p1zhlht`t&0~ z);OADsIp{GGlB1G>Zgpvo0Hq=!s8$p^sjI$uJ2p&4y<^KeZOPyQhGvmvko9 zpGbp0Z5v#EFeG=;+8fc+fb1-k+6uDojT^tbs znIkY~LlX`h5hcQCf>yq=6s~)pqBY#Qtz+^|3eK&imvW~qWk~p5sU2a*WH2@r{|K^; z*(;3NnqE9f(wvwqnaO;H9dvn(`Bl&2c$$-R{FzIEW5tZX2QvvT0E*g9i;d%T7G@Hs%B_55QI*n8cb=x7Uu( z9KQ^@0CB8UD6G}$=4k%z8@vSryu8{Ey6CRGoyTu7@6%Wd$sQHGTa(;LaOXpM)$o1V z>77|OB5UsFa`UZz=ibv4Z8J(xP78TdYxrLD-t{2s(HfZ*K2-CkkV%D8=k+u3Cc1HY zvmp$UIRXvTiJy>?Zze5DOq)|4Uz@0owwWNv;zd|X+QB5KgXCs2v=FP@S?U3Wp8M=; z&+e>h9QZ@b#q84Jca1;o)Ft^g(ajR~;PQWybJuS37PZ>mjoyGIYMzpvG*CGC`fZ0j zi;P%v;w&=kHE{hk-jI6mh4h3dh%1vPfFJ#{?n9|eBz9}xR7P@BMYyzUf#p2K@rO(5 zv9?0$=}=yG8D&zn-|f3mvD0VS7}c>VyxW6ELh$tuUQ8|P4*SWE`I>(ttii)TrIQ-P zsMG&7dC-l|XbCpi>(9On8)--g>~c6UX#D&-77}gsr z4o<-DEH-{%%>5e*J!B<=d_OvsK3dDCrA4PVi8Q4NNWak6-69m+JhJ@9iV%aDWXpa?mVFq+0w{Kx z=*qGS6jllu>@CmA9cuDrIwU{Mo4>$iA@){d9ZoTe5wzv~S+8>PHZ#q!Lbb7?!wZg(%$2Dp1t_;Q*?&S$D)4-fU#w1q6hIpq13#Qh{W z#5oZqQ{F2=pWoQ{>JC#3A+>F#U%xdDpQmp70N?^-i2Eh-3Dc1~dzL>=HfFNZt>|k5 zhk6cf1ia`t9{grIHk&C4>7BJ$@)-NT=j}SJEhUeklbewfvFN8WNOri%y$w7nP9cXz)M?{uNK_9f|{5bwmiPz&{-hMULBl=d-9 z9>@*EcXl*CeJgV4__otq}Qmv;U?_<{mHt8iX zfwOm5vuhg9qYlE9iJkJp-eE-!m?EzRVS_j(BdLaIsPJgU$m29~KJ~ugJ5O}P&i$;J zESLMAp9jUAz;sh|7s!F4?phyI)3taBC4P__hEEz5$?}tptbJ-y((`Qb_74Zqy0N^` z+S48alJAS@KQ)(zlaP&dY=me#cZ>B{IS_^j<=@_01H6qko>sC#T@ED8J&M`ON*>s^ zQBTv~fCoOE6RZ-bB}s|j3Quq;z8}fzuGw~v6oDt6-;Wl|@NjBVB0}w4ExP{zlTILW z!#;4h{N}+qi@8ANZ$zW<2b@%+wiZ~Kv`->+&=2jfnl-%0ha^OwF^@Eozt5SCU%(Tf z8ijE>T?{B{Jl2GS0XZ4cS9AYCCAj{{2xdI*cBb>`Z-mwf3+k;h?xA#6c6`Un@?N~4 z=s9aFCg?_x^{+SC>VF2Vjd+9YN&65P5;EWgiS2A&L=F$XlI6E39mt3xO;A^L6NH~> z?p7CsyF|NSE52e&b1Ct7Q2f+t?1U4SaHyE$%8+xM-pfc6)KpWxGgu#kyLIaBsiVw> zk^Dp~)+yd(RP)k=Kcw1+WlsLB_wYdAn{6w055OE~cif=E4@@#pKTYPF{362g7u=)Yl_w8%M?EQU~oGdKW0j+7t&xJ-Hr~6v37x zHpPsH-L_!zeSViIxCK+k0V@+*qr-@uKA-TKUSKWl$)l_GUwgK(+jX~Gnf2Oni4{Z;?<0pX7Nd^RX zKa0NpK6WjPHl67N{`)mS9aY&04Z+Nx?6r2@Tk-DZpmJms*iw#s5?zm_ zCWM>2)lN)5!wYOT2OS6|aSeZ;WjSpGH;!m?B&xL5|D^T>UerX-XKW@V^7LS6U7)OM z9H`7TvDenw-x0Ay%O79d#wm>rsvj@tPRi@pZ{5pJ<0!^0)*=#bZQ7AU)8W6Y>V>Y6 z{q#_)Ks8oe!0)slHD&5~mgklr_-Z%{8s`Cx4^}0A)j|mR`WcxV8O8HSOjdF~t zGPZ|75|>d2_WAY^C$i^Fs6K{h3v=({%MxODi!xZeHZt$m2(Fx9bldlCUn&+qXYOE0 z2OwBNYw94j`-Tlw;Z89hE>V4Kgj4I&FU=&L{I%qB_V^(O0F~>Y_cvj7^S*=B_{LVP z{%>UC%9j#n0O*pRYjkt;Uhf_Nz*Xv?r1;dQ4W$;i^4G_~yqQ(4W5S~fmx%728mw#X zsPOe*cZL9Z(rkd#0e~>C@nhd_h#M>dkI3Nw#iA_9ht><=XSl)jWCxavD#k}{ z`Y6C|kQ=pg0Fb69123X2lXsUFV{g_YURO6MOz}x*xykfK00AhPnHGKV-h~16rW&A7 z9Oa;Y&8R3J$~tA`Q_1SgGyj``ArnWTR4GOwg0146Mi?>iwn;^y>^;~(phdMFsAn$D ziki8rYSHxIPM`OzYtey+UkW?nzZX_^@JZXKvgFAYX)Ek^{Tzkz|~qL&W!+nAOMf&kE5_eszs9yACJ|unHV=AEdDz z(eBv?ctMz1o4bdW{1JD;5e`tQ4OyECJvqPt{`JQ|z%N-w-3eG?;dRrf2^K zN^eXCY-ptfz_g42?kr=-DD+jX!1&aAScfZ%=STIZ7T6F4P9*M5h!p~SJ7;g)J7bd* z=6$j4Tc4o;j{7s$8-Q40HOj0a09Hfn|@+N{V!sH zC&`cIn61XKtb&hYPedSGXT@ty>+1lt|FDf?{Sqi7L<1}#4&=LA0pR`S3bol)?K+{w z!{l>-ZE(qriPdxT#kn=?=ybg%+)Ansc zzZn413b0?t&O1|CL=O^B>ljuqfHMIY?++6ob<<-Zs-U;>kHmjyB|zP8eU)we#qy5f zf4X{YGE3Y04hC&91?qvU!;Z6?d=CSrV8``3Z`0Q!)LvN3eM7o7&;orO^dg%8rK5)j zpo$S%Z<{$WT~fkG5Yaa-8Dk;yt|jr$6rLk4>11I-l#||!(e?m>@f<^ zUOyt!uwxMd{kQhSaW+sofH`yiU;L4-OQDmTaj0OX=KgymFn`MY;LeV_nat_xVD3e~ z%2;Ygg&QaAP0sJC@_g4){r-Q_N1zTjbzJFH`IgQgufy<1v%qiwkRWd}%Kdr&)C_XL zTo3fH<5pKn7wYO4zB2kZ(=3f3;{Z>+w1SgBrW6blg`OrsmT+1+GoYR@?(S>;Km#ls zGQG|LcXNFWa;oNrBp*Q+|M@oKX4t9P(NZMWMwXWoC`7~xV8Da{;C(-Ok)}1WWD^SZ zCWT%ypuiK094D4!{yZDu18l%u3>+zXUM4lC1hQRpbOmtudqc?11gOURIM>?cev7`w zRz7QHP}vRuPoT23*woqn!{G2Q&)qc5qq&T|dxkNz)-D<13##W}-Dt z1;G zk~YgP34D)i{2f8N?Ipjh*cOE}P+Bg?2MV0a>5jQ11W&VhQBt0gg4o`cM4*oltzyvx zYI*IP6QHr?(e^9o5zsko{~BZaT*HZ}7ZgR-Vr{{IX$%Uj7U{iY;32MH4aS^~bIN@M zu@xjOmw^hvg${Q%zMXmhpq|zEv)bv=S3vf!+b82^vY7^kOMJHtLlX%QxJu4EFZ=~~ zoBuWHvB9T{A@UY4Hela?H7?1L48(x)mmvV04zOk5BM<>Vb4fY7j1Zvtm*C}y%isZ; z|E1VJ=KSww`-j*+m;S5WKNkJ}i2XyuzqkU0mng2ufl4I7=cj*%<=tfC>Dj-Y2xp@vY`3gM zWY_pOOLwndY~�o{usSBR|TKal)yzKy!3ncJ0 zc!D33qnU=xGg(%4_r~%{;LPm~qH*g_)2NXUM!zfMkUz#PA3DqGXVVi9@36de?M?QW z6eVjfdU;L)-*$O0f2}gwxL#;HrGDICGl43wuPjg>^HeIl##P_3_oq<+86hMx0KX1j z{Et!j-xl5ms4@dH^Yg9=LkTFYk09a}#ElK;xcMRdN=ei3vt?K^GZYqD-6PZB2E#GZ z*p%94v_P8WU(66dB#KIZo&HYrRL59ml$Ce7Wun~{Pqwceek8jBA^*}$2yyA^{BXEF zY4Pio$~hP@%1By8Iik^4Il6O+p2RZY9Y|5TOk$WqcR~a85SUbFonRHOICGKHkdUnRUP?%zm!VfcF^LbUD>(1Ce}nm4TJXS*U)}=lV4_Ps$Wbj z@{^!gS0~OR?+C|42KEtrKHa*-1DSCR=q?MaNgh#oXNu%ZLX24yAzok^Ahkr`*eoi# zHNR>0dti1^dp&3!Xir=UA8ksIJvn~gHzcGG*_hvgB^Rz=>Ng|&moBb#>QE7)?|7CG zKqRZ3&0@3Cz?=l!&`>a@HNzOvA)`G*@VOhs6RF?ZAH36Oo_vxUOSCyIfw&1dR`MhA zedy{XE-sIGoZ*C!9E_#!otyp`LBMkPM~)C;uvW-E<>6}NSXXT;%s0N^uI*g9H;8@$ zS)k$Bf}mSBR$zvlT^`Bq1{aAL@{kTu{8q5=Ft>X(oHaU_GI{gPq%3%^xo4)xGgIs>$WAcuP=gM7?_@W!{EGVby4V~4`>kCKV=b54A+?*)HM7JS0M6lq zU&Qo5dmjTkjusrz4=FvO_YdP0*^B2u)^Rt4C-%nV&u8uaeUSgg+UoNYGiHP`G#Pi_ zhGgOIf`Q4x^K?#2B$mOzWP8Q0DDWd00gDlS-KS=0pLpYiWDpT{w}nyDZV+W^V82@B z49md4KD5`_H}pS{1(Lr%Y4v`PH^)LbD$)NN6jbwKW;`-d-1jB8E1y%o(J}nI;3S`_ za>XC;1Ag0g?f(dAkfJi_ZBtSXd(gCy1-y6ED(qzCJ&h5ImGqUnr%MGT^ga9BOekAr zaq#daV}>3w_6j+R6!2c`?Int9(zmo?Bc*(QiFAbcZHBM?|YhHDF}$^&=*?h5m& zs530UEwsj*XfiaiS=MANnw`k@BQ%*G^q(cF7^Uewr_1bNjmz=)c~2`08YpIiwzG+}2&khWh&TxFN%FCz_ha(;NG!Lp0W#2`W#M zyzZsC-G{#S*9mIMYE$bKygDyC_L%aFBkWd%kLyDA7kmOvV=3hWpLh!|Rsl;p>sOWN z7>A=D|2OBc7*?uR3T+8W%-ykU@Khqty8FS@XR$2RF#J`@^h_%q%P7h3;=!v?JvorRF!9wjocpJMqMDwYil2ZQ7-;uFjN>oGS%`IcUm|RK=MHLb= zUPbk@7LlVeLiH)25Z|+m=FIt<@#cnHBf2WBXq~abk%=Zl9cd>7mIZ6m&@kS}9c)ZG z-pqPwhP?^d3A_>+Ay6+V{>NmMjqe7EJ?c2brcgl4Lm7ey`%0BfEZ;Ukyyi;sdA!&y~}9hR3bc$*U*NnpOT2qFOpfi z_s0_Q=CbB=lNMS65?YezTD@ln7xurGrWwIy#SdG$nP^TPd)5K=k7X2*{I(c`=0+#w zQ*N7bcu6B7`sR%@EAEp|5L(a!HMLJ7?>doJ)2Nf62vF8e_oVeoH~sqto_Oc{oLEJ^ zrG@p2SFX(Ma)a`1>n-$zu0qHL2<_7+fVNSz_@MW#8T$#}LUccQA~| zM5?#>00aAOfJfNhNo}X^pda`~ zfqie5jb_KV9SJb{kD45OLf?xbAJRQjPxKN(MBF^Wyvz_2khXLBA5=3@9Ne2g)9(B# zLMmf#c0_*HJ+rH6c%>_*(kFMlNSJ)=#*o+fic6)}teXa3+ft<2Y5 zJyifI-Fl8+RHdI7bx)&bZw*ZwrIA@NcUaYDE2Ua`c@vfGU;M2oyajJ!AZv3AFd6&l zN3tl+zIIB!y&~(w6WfYAO+5y=u&%*iUT2j}Bh65Fm|@k-6#6Y>Ci?kIG=*Kvosa6# zf?mMVHyE!RYX^N_&h_MRNn5q6ZOp$Q-=`MfVwZkq}kRIbAh`Qs2i zSeA~Goa6#|bLAhGwWp)Tv0jOI@GS9x+RfzOeH)#-z+}j>j&^Fk#bQwKF*jGNjvaA*0ba6S=(rhIWbfT%GSso&ZOs`9S5C+!vL`^$0tbKF zay#1e9c`13s@LYc?$X`B&$zJYH+#^!>MRpqsEj?*rtk~Xi1Z#rOl;aK4kRc` z^9kn?H-x7fI<|h9{@6!?AS9M7Z8_8KB>RVvRp~+$0a<{{_uhkTA02+3F^)m};27t? zRWe>aNg*ZY=*Of+SSK@^Vw~8d;27@*%2uj&4=qnGckMWwroRV2z)TD)$2*>j#@I!# z-iciEcv$B+sj$8DX7g5*7TyneYKKZ2(ksh8ZQNueI5stt=O#P+0BeW2=7=%5U^+6S zOByx2Dw0TH&^~%^Uz3oNE_YMPUvS~gp#BG`5Pgd1P}p|k8pY!f-LDFQoGvRt?P+q;~MEtYPAcu zj$0NNGOz72CnMyrk`nEa&rRrg2nCl>l5W#e8G{fVML(q+H;vg+5SD%g6vI%ncNV-J@+}UC|;_FAtOVXk~4nou)^cG{`kRHzJar$SCWi# z_yKU6ZTvZ4W8v>{hwVHjyRza(?;q*dm}q$~Ltu!~q(-(peneW_UiE6K+T!SCA@6p5 zy@u=qaQw8ys2l++raCJF{7@$Y%&5?uYJ?<24_U$VmiqcX4Me^)k~a+Gz4g zuPJJPtLV}}VJQq_gWrO+y7le^l3n=-G|ur#^uS9GLk(VZRD=7O@Wf(bMndsd7CFe1 zu-|)D`SZ?60C!R8e1CvD##0M}Rh^BUk7KbeK<5chPfpRa&|u+pLa=SqgsoWXtapux zF;0RzV&s*gV*R6WiBtQSguuSr0gS^IZS-#6s3*g~X~(`N_s|YV{K)QB;xz8_R)Q4* zA(>UWH5p>SX=NQX&gVD0Rj~|DY9cBd7yd;*_I(acDI|I-sG@>ppdGOgq1(I(QUJB( zRIuvy!7JCw{b7f2Njr+{U>1R-!Vk{(2`AQnqQwQ41`86@E?;18$<~2ufzbjXUvN*NGv^>D+)XJg-mYdFN?f78C_&u(n;563!V;?~| z3I7T9t}*2{Qb3Oqsp8}mF}N+)ByVu61R zbSKQM>Vr2$*xL8l7)7u7eA9hGdCn)^sr9_boU9Lnbo~>GgLDOYH}~zO^f3kU%h+25 z05yNW3ktBDQl4FD(iCz$fPIny3Oo4o*8ksP#s~fNj}W&PTJ(QQa`$d0w{1t)b^Ufr zXCpyn8h@H%hF(FF0Z5+;D}KF4U!yLBTh1smLBER)hhH}{WP;v+rY9At+ddj;P#RJl z$rUlAxoeolz&qFt;2j$W>iOT71%qq>!0*xdvDxX0r1Wun^MG3V%2riEmbl6sl^QRx zmJm(p$*;0l-nJVw4tI@Ly0F`ZHmnl68)0wA7Ho$TFs@>(=a|Qb+Z;RXfbl-`WH%M< zaT+m-x4|-6KJWJQ4Z~Ge)T||UImXRhespCwDr1-f`v#&Xv`ZLLkyhBdvOGY50mTx% z_nQ;LbD{ckX6;Jv+>w}AeTS~nymL9FC*}^>)n1Cp;Ur$3;T!)>O)Z$loPaYtf02;^ z41eT#EtO}UTfm!u0tO;$wOO=!*w?5NORQ2Yc<3$781r71`<#rlGFgL&a2 z*CzJHz^zN_Gz4h~txDy#@H1I>_%4bIMPGyB8fnPbH3^4lI7b#U(J5>D_x-yD+fa{) zF1NQL6shrYhQB;nB~qpXFT$4d*?iMMA1dfo^aHR+*I4I~lA>2zRidiyH%*;GJ%{a(0>CTrV;`iP7(CSl-6#L`D2UC5!|37=S~FrgT2X8B zAiMko5ZsEK>%P&mG+jT@GI}s1JxACuQS2eYSO3xce9#0yN>%w4n4xX^c~*8AJ&Zxd zu4IUWDO3yd)Hdy~r|u+Xzu}Bc+TfOt3{RNo6;w28^za3xzbzGoolK*XT#lF%`$Bx^ne|az=S~1$Y8N-fEUXj1 z!Tb|VUBbxpEN!S*Jle}&InORVIC-M6mPec1MoIy50kW!skx=Y=L1D*Wz=M2y`=J*P zkRGN5r>}41s=DN571>5Swl2N2=u$5no?8wdQl%-b>2xu9RHB}6F}28_C^XpijL4&< z$$)z#(sn+z<6F+@bE^+E8&dB|_a=Y0tzLn8_T`Afj|w!%Z;N3S0KF&S^;IDMEm zJg4QpWP3^o!d+}5yCp0%C)MHj>oao^FPCi#J|-P_Xj8>`TK2T4_UbA5)7~d4u2o$9 ztfO#@Y0LTk;J6s4fCb=IOt{m$f36qQ{aBAeQ#i6)F)@HkM~tVdGW79~Oc|6(_|D`G!)Lbv#7ohJOZw z6xr=ZM%Q;I_WD6ek7BiMJ$znUtM%5<%im-dLl+5d+lSRRed#I`GPmyK9*Gc0hJf@r z)zhe#&V5KoJf**2=AqIkTg*uQ^r_aJj%98h*pdoHP)|Wus!^xF}G_max*b@)u53L5y5agZB>ML4g&WW z*OqKf4JkR>GRV*({io-OEde7&T3uc8O%~rltY$l8J5+Xmrz&4uGOSvlMOR?`^7@KQ z;wm?=xw2+ayebH5md50gQI<=Yl-W*`&b4DF=psgKF6>yw&P`4+MDVD`iV{!5&O^$o zl8rkfKY?~Rn8bf;jo-O$0*W43h;eMT&*Ni<81KV>Cr+X zTlk_1bva?p)Et>ZcGeEQ)7 zQ7pkewJ(L?I>!nX^TFzvHv{#e4dj15~0T_ z(qQ#gu*S*_w--AO<<~79`1aD?XkX4rsCT>e>C0(r5diS46rHpHRb`pkOvq@_OK1Jk z+RNvyoqe3pNM*2rlC|ON$*dpWIy9ZhHhN>d09L#)9yjJ@VA9FKKIWZ%RZ~dRUK)fB zP(*?L!J2sbC5!M{I@K*9aCsX8L-K^3`7XV|!?cDQBaz>P0|G2=%DpS){tap%io%!bW;IZ3ZqIVkAp(Jw3TP_6JMFx98>UK=*KJWYE) z$q1F}lVqW78j{_3KI6ymTGa6Dt%k8(9&DuCVeDTM=90Y;8Q0<4o3``y$}hUwl{m_> z8!uHI>NkvQc@Q5{j~%cOSspMmwR$1hzsZI-C{l1RaUA*`7w)>xz6w8_Zqm?OZe@~y zGj+xG-~G=~r6a#h(++Bu$A|9i~Gd#A!#5s$~c+1k+z*I#%!_aF`8%U#Dzu`l8;P6%S8WEv=Hyo5;swjMLNWP~cIPe{7hPV>tJ zLUjFT;4I6EqJ2#Tuer!n8!L+_>;5ko`CPR7j&n4M4Q4Hr+noDusPx2dBW>z?+GNjJ zKAOT;JENJ<;0@s4`19h`g-6@RB+5`iV$iaTrj54EZ3hs1bs_iI0twdpat+V`A%*4`q;r!-pu5 zzF?*A@BI7uhhvRkAzE}hBtyD5Qtt2}XKlU$=DXB;*J9NHGEl1gD-SR&Uvx;#g8Do8ScY!4vA=g^{*iPJ`$Ts>wn-E#F;4xG=1 z15V11QeVIGd@Xggdq0znPu*J5&S(-j4xe1LW;fune1VlbUSyVm4_Bsq^}B_ag`T;p z=DY56ddfKcP#=kj{{OlAO69id9hJLFqgAt=-3*Knun&LBLUKgIc7i}|fzJ<Pfc=oB> z#)Xj>Rc_MG^#bz8h@Kv;!uE$zmf+F&Y)QXRoj>-ASo3 z7~_2pr|vq*jf>#IpqyUJSMJY~Y>X!H%Ac#W_GnG)+(zjaQIF(^8ZPGp9zFJKK4zT} z3KJE;d1Y2$0_Bz=W1!ynCKq2QuqcJa&(Y3Fye+7i5`yZSyrW;9u*E-W3g7i>x*9#e zS*Y+wm49m;ym)3e{c2&_dBhdgdUPV3IKGKudrAA%$FR6eGg&Z+uT^91fFv~_(f*h) z@(T%D5g965FKMrc)q49upO;b<2qu3l|8_Cp@>LV&R5&90O_(K0wLLY44YS~&^Pzuf zbl$`}<{5u9Ko8Gi=wce@bM~if>|TqGx_)4L)z#V0e*Q$&sStn#0|VVaP%IGM)hJzI zio(%2NxS|E82f4DA91A|#OdaTw6uHI_7%^k$1bDNO2SF9M?Ol=AG5bhZhb`hBMW+M z{w#8;>fRFQpLd+(DYIsm5pTG+u4Y_uqEcB>JH8yh;s5%N^M1$K#|lcX5kOIX z1m*c}-F@*&DP3jE(Pxb7sUtmhLc)O~>U-yfs9jY%`SZ^2W>6R=FD7IiC8On8JVS(- zzorf%w57ml)G~1)Xy7b#(A>D`!;W^hZ zyYf7c?3Jo%im|1)Hw79ppf66A(NFNqHRPbQ8=lXzULl3 z1!(avOC$yG{!2UT-69t&WcOTAX}{@=9Ea%PZm3lDq2$;uGhl%TTn)Z#$(WR5L}JyM zi{c-G5?99+u*XY0HId#CV$H@l-G@{=sp|DV>H&QuF0NsC7Nwv2#Cp1MPTj!=;R?6j z*20|laTf$!Unvn8$)#$%b@|J{JWMU2jd_z4zR%f@dt6exmnyPgRb}Z!Pm2m`qJ`eT zgD^;*xOMR1l$6ZzvykQR%|dGrIwwved>_e1ml0qb(w_E?R#l%)tLpy#VuOrX9f!k7 z)i;eS6w+hYvYKB^O!RAmGs5hIRern_ z`;iCNB`QzOVzXo@rU_kxQ>4so?l(#yB7{Je@hmkQ@vNo2cIg&v)r<%j}n1Gq;j=yA%5dij0+ZBr1kO2k<68ee|Q4#O9^!|_x?`X;pZNau3rq#*6 zO=38bznT+qm!%uHs_tLJ+wi*jWpO4zcB{Mi3QTz9_{7ZTLtYy;A3mJdO4$8aXPREy z@afW7=r{wkW1|CIv!Rxlo<5v^nyDl8=yamv`~&R~UyJe9Wo1X7_tE1d2ovo!CfROM zGWYs#(Vj0bJmcaeutcR{&qNPIT9)ycxa(9BB1JS)tAIWfG;Ngf1au3QydTYFmwNm@ zju{4JU4M1hE`V6;c|2TBt^%zzaN78|sX8zXx87CU^{%Ce;s90^aVUt3C0B;RJvTc; zEtAp*{?W5i*Ac0h*3UTf>@=biQ`OqpH3LenbR0VWev{lr{AbDly{UWr*lAeThsqky z4?IvG1HKDw-($as_E0Y0N;lG%DF>ohaf&+=rpyBSIa6CzIRahqOSilh1M^ z)#Es>EJv}Cf=X7e#laAVPf}K?t`E^qSN7Ac)JiXBdE40%T}hfKYvA6tu9}xUm>f{Y zIv__~%d6qKu=Q+9PO-7ZvXDbfM}K>V%WWbX8$Jj8jypCto5!5W71he5ML#i$5~^h4 zw=WhN4ApnfIXFW`ODxoCMi<*Cg!3RDQ7e-J<=(=BQ32*fh64r%1M2o|ZtI6tL~=@b zH+$;!0dz^H5>w65o^&0a`P?3wEZ85f6j;0ZJn10OCZqdMU~tOH$}h>*;jlNvQ&%k| zW=|{0?$w~Z<=C*^h}wpi5%!Rakbx($ zAxS=lm^qie(;FM#l+E9>-Tw=HJ3fN?Lr&H%`#z}k3mqM%G&+A{9Ou$b$W8k_FO?pR zTP#Xjbr707AJpb=D5>oo} zWiGdhK>f;>@T~+1u_G=vk-gtWL7HRmUPjrQ{u%_*_=#jW;5c%`H&!lA4}-tV1ujB) zdL3K|Jthgt8No@G{uc%>@8PO}PlWKlvd$jK7XGu<+>Dn%CSmx_sk(tMnV&!?JJ3B9WeHTJ zH+jxnv7Fe&QkYYRk`$qZyDsySC&msvY?7Tlto=X1ln@kTTfv3PWT;o|vvDg={byi^5S51oGA^hJYd(4Sj7d`d_v15R#Y z)U~>Plaxw6u7}e}fx4i>f)h4i&b~e!U=g|KQlk#Y91gG>L`72ryfnTE)<1Vkn&94K z>|2DnSN@iHfGdhT5YZW5m8Ng^L5`YMvcJCrIbsC8TP9QQk!CgB#dl6;c7LjA(-yU^ zGF=eG@2sh4?m7|Iuh?O1W74H{SI6%PfbKhdXnv;m{pT{xYUd%Flmy~V*2+dsKhw#K zT2WywVRN4`390Who<6oquFU#n^jt^CB^z!Z|58>QjGvwz4X*PZb z>}B?|(oujjhbk@c4m`7NsA;)dnz zr~qMKSbLHHL8gv?M5&Y=_M|;UDv{JYqv=VQYr)q-NkQM4fVuPK`Kf|-y&8s6-u%hK z^Vb+!Dpv?9gc^9Eak6U!*QTlEAb8FPM0Xmpir8#;U1CuAdPQrC{x|KmUaqIU)jIq3^(>1ed;~l|4na zr=3pbODrzh?Be&j|{M!oIXY0L>WDtnN znFLObXshA4Ukuyt3MY z192Vl7aW2|@Sj)G(#4~ooeW=y!`GXP;X~};zW%obv82lo0)&pgAa8w{%5CjIlLX=l zq=OiL2&ch@48hNXfBNM){}cJfYy_GB{T4KAF%m#PU67pRDp(;{)ESN!0uK~zX`Z^6 zV{c-4@8Aybmg4z)u-AU=#g8Ms??MS7cnVT>oZ9ErSzeYRmH~U$Y5Y!4oiJz){cle_ zr&!zgGtjq!erz}X?MJmgHN*v2;l@wX5n!0U8O$MGf4n$wR#{g8oJ7pjEhtfGzsbnQ zKHupoE1mP^e@B_S_H0C_Wdx+27IStFah6HD@^{s9kKU=tp&mVVOcxpTa-1BCn;u@X zoGA77{2`SwP4jsW?`9M_2!p|t4CBwNLLvd`=)dkWV$-B#D3ZsEd!!P|mdKXGcF1UN z6SE+3Vd;KEe-t4jsN%2q1U$$I676CT&QznXqzxusgC=!bk7Zvn6F_HU)j>muGAN_P zmOnz=F&W!?d2h-bbc4$g;Y11&hRAspTw;1OVuU^)@SXIko>XRa6JIm%#JS=6M0!aO zH-RDE1a$3R3gAA1+h*x1L>I0#VpKNMhJI4}BZOL7Mm;96X7w3ptlqUaz3tPhZ!}iP zcM(ZCGP;EJ^X0|s4&O+(GLOCde=u1sn$#C$;`nVwFnT~67I zDGmQ^%qIK@T=!Pb%Ebb0^l_y8vTS=sPi_`yf(xSSJ%pVYtAIMrT2=ten)r^_`*nqF zBG3(f53j>l+#^0*I5aTecdp&K+21<}t>cnVr5wTEHAK4ACf1XC#ovRE4$yCXU4RSU zu==Wh`B`O?6h&Ago8-e_&bK{P2itFo8zsW?&z$UKG19mDTbT`=iiYF^3GjRf%hwEJ z^N8;p%bu*xu3erl)%3JbVWO%_k(cnDBF!nsti1Pr-Jk%3xi8~TCc~T(Gy+P=<#fR9 z-q^)EI@V>G2dMu$v9c0>3~E4|fCHKSv}fnsPP%rPpLE2R${r~Rc;g#()%rdqFy@;m zLW7KguCoZDR{n%?Aw+`6X}a=2$C&Q64+#0XcyX#JqGrmX zb8iIBKFx_pkXLK^iUko4Pe^xsob_9v|64uA>elEcmBg9%C9E085NDKqT-r#N zv?|?8T<%KFD1%tyq0q;!9h2<)%d>(ePlytcRT+-wS{$ckXcd80X9rKCvlC&_(P8up zUm>7*lb;Zp1wCFb8K`T<0b`v?8L18&HcEWCD^rcI)7g=c8cGrs z^RoMF>&*_Y{Sk*s=z*jze0*hR=XKGh1YS&h_=*L@jCfZj7OL_B%WLs?u%N+G%S`${ zj%~3iZeu_sg>k&cDkhC4iT>Q=~F-)Dxi0(k>-kW8-35L15 za}H8?sO;ixHqkoh+k*c8k~M&?*k#u9d!`qMq~yPeCWIdvHffm`3o3HLjDSP_q4gw$ z06co$sbhC>41$7mY?DX%@ZkUosn>P(f%(INq6$%9c!FNjMpD&!)Zdo?c%|aM3W-93 zKHwKMub3|R1|C0~P79gaIjZhmUol!A7O=-q>d*aYx#NiY`CS)Rh!+3f44!T+jg=Su zhwSUjP!i4Wt-TRv`uLFKSH32rk^j6HAnj{oK9X1z}oZL8uCf) zY459Mzjs#CL5a33{;rk(19wgm{xd!%jUGzkGT!T?H=il0Z=NzP&OL7PjlNN~i> zLw@a_F3*uVo+%mWH=slXs5D6`Fe2wKm7MaW;Ft3@s@Hitrt_%W$+Q>!0`pTOWy8dd zM~QRZ9$bOHgU$XMtOV~uC}Vm5uwK$_GN&gkzk+pn(l{9Cqj(#jh?_GRcvtna6+C`} zS&k@dweKA4I-P%;qPB7FqQd8`De9%pdJ2a8JO8yK_0g%a^L=j(?A?3c1=8WY>_cN` z^m4fnCVVdV{hz1q>2rhVuJdi2E(T>#)C#&Z*kG@d`YCo@wK-2N?tu-T;BhNB>Dw-o z5(eAc;peHxBBTe?}(XAuUPanqq(|a{`H!k_{y(WoG|X zs|00zS$uZ*+`H(NxzLobmL<|Nq}F(cW?rs@|Q)Rm|#E(8QJIUi@Lb?VQx86yOSW6hM5Pt@s``q%~QzUu@TDkJT~0lQ|B zOpGFo{2AW87)6UmJ%9Tt0P<&9JbwZjT-HO)=e$*Xcq}VP#dq#U;~G*j=SYUbX?*TN zpY=&eAs~{(na!*c?s7zsC?EX&O5RQ5F>yDf&++)RbMcvxJOd>t6s2#nkskG{^LC`| zm)V1W{feVXkn;UtMBl4~Q}jW5f*`P(u9YcrMMbJh5$W?4q*WJ{fbAi7Jgiw5rA^f}|Wor~w0l-t;s z_oRPk9jctDg_b(ss?%87Ox3%^tchAXb?x#PU#EmZn5a3g-V;1hWAshHe%!fu-_q@s zp?BUZ;8B;wnH^Uo|Ho^|d&+6-i*1wGz|k}nhlbbFHn6PY_+HVaCFx8)5G}qL!~muY#I{16;4n9 zVq?tp^y;7B!jXWksRGb>{gLd$x{TPJ)lLMK!3`m`TPd|2!*l2R5ZMp>L+W>`UAual{7!K2 z<2N2RjyNn23(J>}_sP4%DN1=Q`J0wgcinrj%-v(V2Ziij2cy%-w13IM4^vJ}>t#^e z+mhwqS5hg()f5(jgWN`SMHzC5?k^TNs>3&|EA3KHYOw4NVx_j@j%B;g+n00ObbE)} z@JdflLRz!b*daldskdX8VK&xw`1stK#+(qR3r`=@;L9CQ4} zOb}Cgl6Cq^=#~4aenbhg`zg#GeHg#l{-<|0DJTLXa?chsn0@Y2d|y}E-TLW7qhXgN z#$LOPd9bK;e=eJ1yFPACC)$|pz9Q>8Ers&?UudJD+&dQx4lMUK!<8emgY1`-$#bZt zL-O5OG@bf8T3Qb8u6l8_Hr^m?Owjy&(9d)|l7KulYQ)}qO}s^(H9fRLrtvyI{B-*Q zK}NdPB)&%&@!+YuP#`5;MO=%mb{?t5yK52S?DLV5)@~L@CqZXmY=z^m^#EhNpPnXr8^W?Lz3XuZ-djC1N+O}_U0J+e9 z&2Sly-JH$%h`(b8$6Ve@=av1bd7S3PGLY|RbDgZy0fxKUXw)^j{89Juj32AOR7P0p z{4j=;A!j!9!Ak3g)Hm1EQqx9q2adJsYL5RkD;8N)9E-be+wp4ZR(Sd2W&P|_W>~l) zXa4K2n)~k+CX9p&PD@aeThDP9oJEUnk(_2v%^=MjuSN8jj5U!@A`1CJgdoy z;TD&o_Bz4Mtq%{G^!}jk_dS?=q7Z^u-qW`pnkKy3-U2^-4}6wJ12*YtsF3Poj%d^R zwR``*W>)-(W;HdpdT7v~qk5vE!h&LMGQ;ZG(*;k1zT@QK&@rRbWYtM(WCg33(3Jg+ zdBzY`aW4VQd|V!Q)>D+@|6Kr)8SBp>E3w)1Gw+MRhX(orjqg>5!mE~osuX|ms2(c( za%FwTk$p6XLlxBo#lcqyWlZbSYc!d6xx!q+%h3v5^wA*R3kvT}qwX3A!74av^=}-skW%TMes{gutOX%Sul@9~O zvVvE;hr%xzHSS8KkfxNoDd|a)9+&^12K2kPH>5Y;>r3lG-=G(%;J~d|^LEAjgdZah zE@+-+9y2>Fq=yC#V5GXESm$cL?s%BHlw6*DKl``Hd`V5d1+~ihZg(Z;=|>*0NTppb ztNbbSQ0W(mYSqo0J>{Ordbg!MA*0%>WaiC+-_q`ugl zoNPONh`5Z|CfgSkuiT;+pF7W%xc)+Qdjp4BU(c49QNHPR9rG*UxJp5_iJpR=cd|4D zDvlu&8lgrYu6g!C`qOl50EUxw zZcW%t4L$QXk#1Zz9JtXi3$ z{7(BCS)`%tsRcj2HsH+-1kp-8F1FUZSu5h>eg|Lg#FBq)qX4GVO{(ecA>uVh? z*IYvJR{r=6tjDX9#nI8<+$e(nU%t8Ii$ci0p9eu_Keq1f2+wzcAjRmkp5pY2Q`L2^ zWG^XcvS?Km-u(S_XxX=KW^L`e=z#p)K=Jne1UuSCb@U*p)y{sM@_t0O92h83RKCe4 zTwuh23yM+R0nElyxRM9=Y24Dd~2lpGc2rwv5wF7&eH zXI|58?fKivBnJi_xR^OEh$e#7`|4ZhQbtD`+3#P#a1j^L-mYeL3o97v_mVf=+^0Yc z>2rd@6+%XUBy7d?^5R9zRt-G&?YJigh%V~)w>l(XO3m8>GdQFXo!-%TP<1(?-Pd7} zkvJLL`j@Zl!-MP->~L?%g*3f)e^26Maks<_uS-hVzO$J%;EvHND7puq%3#7@*eI=9 zmiv;A_l~57*IoE)-Iv{sAOo?I!SQLr;vzme5qsvqdBZph<$9l`N?j&fWTo7HSB`*1 zVqb>4O$t|4EUN}K2LnM=V&_qb%XW=|_eJ9EXsN{KT-wb(r%hF7JH3tH5vF*oUz@#D zOL2@zs@YHHX1vlpdxKQU+*7jZOGw_MsgW4L&F9AOO{>W`&9OTaB-wgaHjkAWd)#uF z?{4j-s!jG?c8E9SBibQ4U9e-#dBzo6cXMl~WBtSXQku2d0ZbaYEUSbrfSE`J+0K30`L<`+MAQ&P%! zH3>P0e!rX+l<}YTAG?Zup89~};MO9VP_wu(UPFZI^Fnrg%gqFrr!d*|I zdA9aGil&tv8NVvt2nosnx00W&P-K=c4i{V%v_`5;* zm3*pgqF08Jz$~Y%6x@kq|5nW0l&o;s{&SY1m6eBKWO%swDM?S}MeP+ahs4w&q>d}s zrTfCsD7Jw$o{A&O_zwCyJ>9&wc4ZucGjUumuM1yg)5@Kl{!|X_e3hHriVO`hL#mnj32uk5nY$8 zD0lX}XqBJb3*S;))rC=PCZ}09RUwGJK`U*$dyk2hjfR2{Z`E->slKyoZ+`044B1;u zoy$?A7G?Y+Cg3{hZ0QhhNaCJMpuwjW#&>3>P+x)|>c>tc)eQ6K(|-8z&DP0|Ur53{ zM_DFDYriXQFfV#8kadpT!82vNtvCrea@J6s=qr|4Q*ISULnpAOUIIy852)=OE zR!eXuGw#-!L5Xn*m@8z_W;}KLRPj!l1XV97ZUz$&m)yUiSn(L(&+rCuSLWW;fCIj# zuG0an2ZuQu$|Tt-8HxL2wwZS!fg6wQ>JNh+fXx1A=B+Oy-NN*PNrDeQkKb8wKAq>w zrWbSJZvS=AaluRAD?G<^u~RH&e1HXHN;;(x5Ha!y4}pq+K?6;AbX6==q!g(MLL|INhgzbngi<6@ zk)VYO#mdvMkVqhD5hw^qM3h2I2w*0>K_mu=nR6NYcmB^>^Y=XV{`Nlm?){x}?m9fk zh-(oG5FKK^I7Dt9@$_yLiqw;qj1T1iF z-s8@PsKXFEh~5S#ciymTakP_5FCLZ8a&Li#%}^2Ew6A83yd%Vv;(I&%-E2DFiF15DIrm!tY)bpVbdHiU%B_LVZ8G`cRW=!>Z_f z*umX#$F`Jg+~7&5E+V@EpLU|MW_$4R>^TxL_~(T2 zv(@VJI47zoHwM9jqh=b}xd4X=wGNREDt+K2yoKLI>>ZI0?;~&=&6gb!?44|64;9ygl2< zAdno>L|@11I)|*{Z@g(-`|{vCp-j^B(#Ql1v*A}~;;@@7wvSWzV%T@0B{Ykf*Gt`5 zxIw}-=|yr|t`SI(Lbp~`QC)2gMTv5^7nR0GK!oO-puOLtg-!C7uHX6gZ>%dk!1jd# zh$HL;Uy_Q?xeSAKW6_GcO6MHEv29wt=1*znL%_bDOK5htZ^sj;Zb9;xcf-aaMHsO8 z0w!1=8Xut9#OsZy7m3d^G+TiA4yY#i`rVfoInY(o#-liE2Q;=INl2l$OjPF4$dCE+ z%92pRR6#Kc;FN?G6c#4DIch-{r>oZ({68D#0{(amsc{f1kx3vO!h(c8b~V3ho?=X` zv?H?;4{8bv{bz`X9f*Da<8e5IX~^(n!j98~DN~f)As%mfijyl${dom2OL11!ol?^c zwWlRC)TU#J znRU(&g53A1kFb+UUMP7g|AQvN0!|=;Ri+*n+)ezfPL+%sw3i<+U*`QFTs`gAg9HH( zq15<3Y`(+b+U{BGn7(U}$fUho7Wl~&D-bZ(A`>!rEj7%5a*q-VU6aMUn`T`09*}rL zZAVA(VZVK>KL$5tA|z@mu)PWXSqZZ|0Bz-%-~mw*eMLHS%nU9Lxq0P=cD^J*?+Xo3 z8mDcy^J1vR^l^TVTK;b1a+$6%CaDTi?%z>_L%ePWAfhy4GdJ5QAo8!ceB?y>NuH;; zeq>o<4}NmO3fdZC>avn4x@C^rCn6+I-cmo(#!PW>D2Df;0s;QuN^ySIu6=>HaxRAp zCzIhRhSj?|%?1rM0+wa4+!v#?v*P2E+i*D$d&Fe7wR_g%ZkGuwke&;>k&8?B9{zYj zz76L{kW*twNb0~!|LQ7gcq37%IpIzE#c;v6VrhwE?kJ}oE|}^zWOt3N1z&*(cm)ta zt)1H6`YV0N%&(VKa+HA5tTlB*$Ld|4Vy?RijRt&5JXzzdk@pN-jv1d$n60Qqh6j$z z3wM$80I=<3$3?GCK6!1n4|$fC+|Sr6Z+b?}^hkOUgtCfa3I_1I*l|ir(W6ONZ-!(J z3DE@V>!_goIYXx0Og4eU0QMA7xjS&wMZKyL^?M}oSbk`6-aGOrkQ>#SuI`RPofXc* z4EU5Y+>?>lp)fw6q~ch~VZYY#TNjE-59{U%ALej4 zDH_4{qV{XaYhp+dv%boxyvf`O8r)4%Q!o8~TigC&^|Mj@R4-nYhGg)3carFo!fZx* z#LSw^2}q`i%JD5|0mho{6GR~EMBEY$*Vx8<_<7q^YUbX6%+p`Qy;>l50g%we&WlSN zd)Yoh;j)pPtk z9j=iSzHonCu;X09WM;2)s7y?!PblhTGXQvXu=8S{>=B+*lgf%{#gx7pcZVbH&H?L* zmr~DVt4#FCyyadqYKJ!IQl3qhm~hWa*pp#1*g*8aVO>le!GN!P!Y_ID&y8 zV7&i=gQce9fPsAi`zk7=;+B5g?wU+sn$Y2`=6sr&PBtou_chN4-qxO2WCfAaqQ`*(|HX{Nwl+xR5iurTTeA>j3w?@^N2?-OjmC)n;ZOf&=F z9e9xj!7{&piW-C_9F+Xur?8)eW&V9fKM3_R#rt0cFbRjDV*EP|&S%juxPRY`L?!9{ zcL-G+_WwWK|K=_y>KYt251H{N0lQAh1=>M zt5{qp0()!vM{?kS=`{R!2izSdgC_rrFHlUp4`&3~h*ZLGmFuW&as*~zhjB6OT@~9~ zI8xc~li!_&9v&8jh(}WzAM=9`3Y>WT;MSIM0$$Wl{c?>WJJ??=0isL$J5&|ZLo)I< z(k35tAY3{`G#IZxQkRL!2Wyp2XzzDjzX_LKcmzde-7Bc@13Bss#mN*@sqA~jSOUm| z-5=nDUyx`Pr#?)B@BMmPfmWe>Bcz7tQu&U>B=|rjk)b!&1M0bwopujV+?x*KDWXvk zJ#bcmKUZ-`V{rP8S4GeSuO5!Bo5v0Bf$WCl2JeQ&#r+G0^xx9Lu@M&zGw&i>NB@p% zhb#3dQba5?!~)#k{|CuTUeM4{m*P6=A+&GEhIE9iC|vfD|F^D>@nHlEJbtysb!)W6 zW{aMF!-^y>bW;#*h|l0|sc5L6e~U3_gF;zYMgp!9-%m@yygC4}y#WJF<$C8+75jr5 zA*L}4bkjJ&^n*7lrZ?W;RqK552ci!|!eZd80spoEFd;UdIf&dC&t1C=LO5yI)HVHk zx@=V1rzqmVB(E>q%)18sUGt_&4e??IL|j}r9v&V{e0(|tY?iq$FE1mHkF7{Q!XM~X z&TU;iunpIQ4QwSEYg~wupm8Ghgo%<|C>O~E%V+TH#0+emrl#WMH8*pAPc1~a(Lq4G zJlFJJgA^1M;|Tq4cXr#cY71L|OQpBLd^=;ug3D9#K2oHvp)Y1L#op<{_KRV0fI5Th z-@8&&Rqek%0Hv^7Vqs!pj-;|j*l+bKDkyxhx39)Tgl_F1R=v#8e;ZRT=4s%3<^8&p z!fF}`{C9avOUswrlO=obdoHSjfK98#nIn_83N zV0G^Em@WyNmVLFk6$KC*QsYw8K%T`CQqQMY$)A$fSao>l7790NmJ00Fdf(R%Bp@f2 zZ5nme)p3T0he0(pHEqGc!EWuVoJ2N_X_92ZT3Yzl*49Bi`aC>5W>!}D1qB6qdl?A{ zeF0DiO`AVxo35v%Q+Qn&Kt=MDABWW8Qp6l~_BMJ#wW5gyR~w9n6BA|AID$EW*)J(C zx2AdV6~y;HgS>+{5%FsKZ_xUt#X;&=cG%})&=hj$e&3Xo&@-6y1B%+(_;?(5WnA_3 z^|SNyd+F%u*)OlI_-z`sj?fKK3-xjO@nib?#m6%FrLC>$qoShN*w_@5m3x{U_lhej z3JVJ- zJUw}lkdWBe*(ax_x>wshOG-;O_b2nxx$FaKO~;kg)Itl*N0ONXzx`IVpZTU%ZO{i_ zD3|f0BBs;?9$G=`+c#%}r3Pz>xiSq2R7dqx#t zs|&iu{m5V3Ha#YmCAh4ElbgmnauOM?^%d5XBVzE;O4c&5_Q};C2iV z2}N$d;Bwf89f&5(tFE@MVvLP`{2E7*q0#JMd>?{uQ>9v=t-<1aIBjp!xD+8ZfaI>p zg%zQwrZxcF5Bp|qI*l5#IJC-~b!}Li4e_v$L6TKVKo- zzsPw1k_E83ahS8gvtT;HEnGqPiNiakshqaDH}s9mQ$8SB&K(BLIx`1VRaFL>s1!w7 zq#h<<-c8mzysZ{$g3GlUYkc2)7_{RcHNYeyb6`-VX?l9nSnV-P_xf z7Z*be?l8m)srEfvZ9nq4h|rrByq*xDU0PgJ1=X%;Vu$+6gImIQ{+GytHcYZNDG~0u z&tCB6xG*7ZBMGRL`knGEAx8x zTzgs_1Sa>s9Qc`=^vq|2e`YQ9vFiFSJ%^;fEZOv&5RLZVU@I+6 zk8J@*zJDXEmnEETtW#b?r@&)nLZ=WH7K3J&6#@Oy!;)=Xmp0V+PCloso`}xaQn6uw z(6qvES@Rr^xx-}Xz|2aC$?WL>rz~|fIDB}g8C?s5LiBtR1`X zrL`^>e^t${SO~5Ve z<0G(k-_LnJVk!_gzIQbDx+xy8ScqJTuUTS!nq5&6SlA$`^npAKmm<*^?YtT8zRivQ zkU$!~23PN=n2?KK+c8*kjz6PZR6j=9ipF4%@6u=p|2Hz3xb&YWIv^o@?Fw~soQNQE zbWRyWknmjBnX_^-#^x_-a%}-ubhQy$Q%!S$c6ycl{*KW!&bPxOy*H1sVaCp9?rD_3 z%z3}d8eY(w<9}5bBI8T*99GWb+l@**u@(>y+6A8$#^o5)tJbfm(n1B$IMLH9EO*Wa zJ)*yHIS!ATs1_3rOSqDN3lCaZFaAUHz+>#EEzRG~{kbwWZ&)h{3&?139x zD#9UISM_hxGu@9Xk$b+t81?%4`f8UGO&S`SrtM$SkJstye19fENNq0bA1jFk2dWP# zN{^Pz5L|yT(MJY_n`;aeOG{@G_!(z#UQGRprAUfiJ1YD{DQT{VjA;xdlcvzMTtY5G zOHW2S|5kR^5Loo^px0PsFOQiB4SsemdP|288T568iAgr1jZP4OhQjV->Oi|TKfoT! zo1y3l^m4cMb}#q>67~VbG{pRGjWBv+8tAH!9XB}PyYXe_xvn_R zz1>CGdKsF#xZD=l<<7uJ*hh-I2|Mry3cv&2g+%sCqT zn9}1zhk%|KY^<4_7;LTygz4@YJ99kUn26(_S@sVa@5{J=Evs2sDw(+?Y;f!Hyv37$ z8eAV7=C_5r2k0}$>F>?^1@T2vW+&O66PFDa=L|i;J4=njblC&}88VrPPwQ6-sWOlZ zY5d_kj+89*b=l)L8imFeLt|Ud+v92T${K-dM}M}6bXyTXHLH@ra#SO`<j!Y z-kI;~Rn{AeotQi?3w;D(=-B0a%S&6!8JX#!785-}ip4Y+@iiVi9fAy~mq`{K zE`h=E0B_;5AcnL<3V%uR1Ljt;pfw*W1?C2^5gSz|le_(rB9XT{;}S|n0X=%(p8bY> zE3|T5W@5$NaGi<~JrO4}eH?Hj9fzcwJnW%tbu|BM+k0Drp@#Rn?>Fl_AC{D}HHgDP zwc%<^S&+$)OmYczhW=(KUl-xj9r~qV+%7oIuveMf46*fcD-zJh-k-JRm3>( zzl!nE!S{vDPOoJ!9D`EeW<3z)_44p{<*PvHSuSa!@x@fMA>Z|~TmvDWtm#PCp7WM{ zE6b7AWRz$(StgxSBVEMLHR*?YK86g9{>$b#buMoR4EU$b5&O)f2DQuIl#SIV6XswL zx+pCIET+j!^al2r)-)qX)dr_zs~r{$w0rXXpirvyi$jWzm!m^xUA}+ zI#`JudH# zeYg;XNGep0$Imw~`0Tn|6W>Uey13=|dyM@mP|#+5VKnqx>cr8hJosakA(;%1AvA-I zp-|t4Rqs(Rn>H_soG;@yM&jMuIeRXbah+{ao@C+^bJ(<%Ie*ybd3X%BjUU|KoFndg zt%v`@-!@U@9s+qzuVW(wf7SbNy2SOaY6Wc_dfiQ)7vujzbvt!1dwvN5h|T(_c3j{| zZ%)tmMgFUyG@3lw{lk{l{SJl}oP=S}^Qt1boJU@LUfkf;RrA}aD@!|_x9IM;<=w@L zpjCE7b4Hn;t-7i;GG-!FMl}~4$jHSVj=0?&uCXjRY7XQWWOY`J*YSF_$F2TN+GX6p z>@PDq1z`p=mRwes;OmP8L#vUJd>SVam)*J}=c?NlCQuzcTcIpjixyCWG`0Sh9W%*# zDE*!Yv+~W0e1L4{d)h<%dd}(pAh(pxH#frnb_a3fLQJ`Rw~432kL)Q5*)R|GS^Dz;*<07K-qS0Dn z5Z;ZIXeLs0%Wat_%WY}L>ya>NOD>Bh>Ug#Nslu|d-NnY+`(@8_ey67k25dkT{(t>T zhC?#gGqhdlX+y_-AEVEXrQXvbjDLch{HkwTqWs(4)^SPMXUcuz1oOX{VYqNL&$>R( zeT~em%L{=G70rQ+&--wh^KL(nvl}TDnJnyEo!W@7O%FBQ9%n?-dFHy0sr$C`FDMWm z+n3!Q5H~{xXCX_W$1;TcPwZQ({BBz1?ew93^3 zaYYU=uIzEv{NKc^{^pvZNP)J#hvKW%LkpzG+s!7YkCSo7{Hk#mY%6y98dxW>I9u>F z_fwv#7h{bhC(M11`@>K7x3+qPteIVB_QubSHV6_aK<@JO-Zj}(i6?E=F z;?!1CQ@itLTk2J$9>P|lBqMpJ7l@p4jf-$ymQ>g;D#(KO>w#-e>o9_DjHp$znPq#? zXM9rL(rz+8nEYm=sou_`haZNXRJq5p%58UuJMM5`PT@AzofRt!WyLWzr zqAR9v<6&8$cK7X~&oe8Roq&AZ+4T7e*|mRg9PYe*e7QFPp)h}`%=+#1g}C$a@b_8q z@88mMiI(^@E%-+QRR7lnrz^!}N#N=&Hti&8b-b;d`2fLz;OZ!q_kI~=R^b~+=I;hOwy8|Ag#<9#HJdRWDKLJ1B;vq9(Z>y~; z|D&;Kb>&lbJ_QtTPd6yOh3!BJO24KJML(UkR{AW~nV-pKRM9m(`DSg*co+3sm5xa! z2R#$LK8>YO(~eb-QleA1uH7LX-KBprjm$LEn`A@Enj38{bje(D2nz4x9!cI`o~kb6 zN)lt0c6T==KZ!*{HDt(8@7~@yNf=31>8(>52*zwq((`%P{?2s2g01VeVWLtLrgG^I z(~9!HEj-=2%bw3{++`qUHA>h3cf%S_w-rTp*HJpFL8;AnIGSbL1k z<^sJ0^o)^b8QQfwaQR*jl=4?wg0>|3JPZs*2W2cij|Gj&KQYMASy?P5EWvdfBbxLb z?&P!dS57ewINCQ)ThBVoXG*^vjD)L!M}%zQ0CV%V^4y|1dgQ$HfGF86vk8C}wS?X}1|-3(|o+LN<%Bi(*A5D0o0k?OUcX^>1d zZMnP$kJVNiQp#;oJb9ygsy|2eleiI%zz9s%svQqFp3Ze#S7zYSofn}FL&M(joKfVd zuob#p21vYd*cV)+7^~3|EuX{r3BZpTzPC&FOopiZ+)733zbj3xz?1|T&t0lNy zl)~@aSn)Y_2Vox~t;Vd%)jP!4EX$cqC$W1B&;mP^}z zkEF7!CL>%wO|aFFw>JK9zo=8;W0UN8{j@^Y_9GqluE^=|mjO%n)B2tu2*X+~;!n%C zhBMvN+O@sSYS%HZb+KEfX|RYjX!m_zY!b6fIfyrZ3%c`I8y&Y8gB}joDhpXnzMHts z;?uSdpGBQr9BDzHi2|6EhR0Tp{ip9Y24#u_YPKn z=1Yf-f~V)|%5ttaDKq>`pzEG z+xmiB@3Sg7Mc%8*B^!;;$h-p!<{Xvz7t0t6p>v=bY z&`sOW5nQf)rLEk=MBW%FRBkqAA>miH>P`C=eG(VP(d*JIDFL5is2=>a zrznUmzz0Rp%ZOCohG)NNbm(En>(V-D63xDX5?@ZcWo%W-lr}=6)}+8QH7=$4eRm)t z@SqA8P$)C2mZ|G+t_!~ojTt(LZkZX@xzN~E?pFJ}q*1S53rjACAAPuZ;rCL3^3t?it4PM;{lyl@+jq^&bm?y#IZ zI@)wRuK@s??RMKd4vmq{M91b=3!9Ft_Ya#YB^%nBweQ@3j=8+BI^}cqz5DiDCW)di zh&z44ZzV@K&g@(7_fYg?^=+7}?ceOyr`Yi{d)Qo^7I%k+hpDOUEqDj#tx-M$R}{(Z zG)=>t=Bgwl;05&=KQ*q z_M86^cD2*3Xm`eK@q%4;POM~dUFb>Wo=fY62Vw2c|H_)k97yGKirvvP>=|dzNBg%6 z$KI&kY5y*Tl7P#rlEn~j?ZP6I)qYdsr21#0VBnNufpcMa` z2E1gfXj%>(25g%~!$bb-De(T|WAxlsZedQ8=Ud&Rz0X2=_;cs)U1Ktu!W^Z^i>6xCs|SKWz49J!?f11h z5sWNjhr?+)mW~^YfZd#uC?@N@l&qtO6G54*sQP!gWXsAi!4!YNvkW@R)oQjQilPQW zH*>)&Y_E~XKK*T;UK%$kOLiIObv@2lGaBK;vJI#Im#zcq=#}pG6r#^H0sb^4G*Kv% zVn7>jVRM$>!5(QDS$Mh`{vpCNf%`GAy`}NTZbO)8ZwOdI!)()?e43d}W2Jh!%CF(p zHJ&UX(RA*WT`zZ-gj(wJY|oFLU&{US6+NiyG=!O*#z1K2Mtw>U82-X@=+0|J0zL z%ml&ey1GPSVjLpghgv*g{fPYrCM^1?+riHxX(sa0vuq9a=SGC9%*)i@+0d`u@3$g6 ziyf$z8HbQA{f`*QIm%qHuo!em_ZustBl`>h5?)04U)#zOVraqg5k5A-xE3pq9-TC{ z>Qmn9zKF;&Q;Jfmym{;>UX%#sk+~UeEA`yukAZUKx#d_6n%f52Jq6WY(q75A1~epv zMVJN|8Mk%R3Y>H>r0?+>dEZaadE)41)1}q=6@oApr_h`Q3tJWsF782jfLBxbm`ACc zj$3@aiNQtK2gQ=3ZOp$^b4gp@=4WGhx`+{QRxB)=B)P5}iU}sfO?$1kVJZdw|L@%N z#Cvy70PW<^nL-PXtzub!V?*4>8>y^HYl1lD=4sI4h%(V`k+YPD56xUU;PQPsbpN;) z%!Dq|88B7%Y5xu#exB4|(rlWVWEOlLGw)x>!iYX3<>g(PJg(tKCyY}h1rnJjzYOhY zWG3@sjX53awdeiPY@SM{b=_z}%=lKRnDRm7LauUPzfAJS9q2*i#h31P zT&=9Ed}v4iozd)FuM5)eRtz&XHs)qHu|*i@H_~K@WuhK|a1?(MyKdQfzx#V2(3eyica>VUPQ-IUQ#Gb^N}-NaEE!~T4O+>0FgMNWEv zY;uof2zW1=-!K0p`lm-;2O!U%`XGyqfEhMK4@oA=q$sRYeU8bnCb*OwNyDUFm}9mf z3&V#qu)ouNU7(IS;*YGb8oVkoYueiNK4xwAp{O+0;gyc<5bdfRR zq#OtbK%%|Khzke^z&aErw)hdX3M}N?uUt*$MgcMm8cP+a)6%#$quBSiWQq*a(3Ts zWg^dDvJnX{K?JD6uk&F+>`0{g6l+;rlTH4yOxBY#51@Y560)SYJhd|`N9j?FZM~{-iLBfF*oNT;t*F-&1KL=kQoX1udVjcXL zSn#OSzX{z^sGN>%;Ns2<0G?#k)bVLJsE<3Lu#bEn+H9P3C~e39|9pUk)Q* z`!a!xoK*%KhJ9=|bjT6G#zH-a+_>{-^0;8L@g3Gq98Hn*X)xTff;pzeZpDCiE1{yz zzm(bf30oaxt`v`NAgteDT~SgJURqi@y@A)oLG`Z|3&)?CGB&vTBTBN7OyUspXCm5M zb34QllWFPfS(@9(gjlzu7*=Mt=qPc+Iaz}r_d$+RX`;k z)9%HX6`k2_f; z{*eP%>V4cFcNVeD2zXrp1ub=Yqes${^t~nMX|g|;Jv=_{WkTf3L`Wmw#a*-J( z!8up@X&AGdUT*u@1gFUfrt`}Ce_nu$XtT)U?3g3Qv_IvvdsWZBzHXZ=q#|D<#4Pn; zUJW%H=yJ< z_6R~2M8do8ShqUC7R76$Gi18jOj17jM}eii>}QtGfwk9VC()LhGbwmh(H&(JDjcY{ z{K)I9mb2Dla$2`BrXSHFjn~XPW?~-iE7mRmxhVkTf1I85b1iUfFNaJpf-lr8&onI8 zI?;IJswr8Zdcyv7{ZF7=PiyFQ-+SuKA#U=|D+!d9l?5W(VvxFSB5~z_7@vMLuAUmG z<}WgLk&3Mzf6|>!Yn9$4KSHsk#h#T2{-`yYW{)CI9`u3`|I?KKi;Sf`P-KI3p4$J}GDhV|)|7De;~-@HlbSBvisHTg@9 z@Ge9H?zC(DJOy0Jt$jr>KglFx1vh^-k)x@}QX}hreR)z2{SCI1{Vzjs+7MV68dN7M z6AJ*l{p0or?xl$z(!}`fxbz4$1gQd$(dD-3TyygP1+dWdd|?B4y@ay}epI>sCL9K+ zhDp}g5(sg@+(ITYG@G-uCXQD>7VZgD!5ESSGUb;WBHw)6+6{?&V=2(1YTZ<+iQA3C zx7y4#$`l0V) z7GPcg^^uou;$23hluMT+Tn+qq_#O;N{qT!FL~i?b{+Y~^Xa;&LhIuYQ+AoT_Kb7l8 znZ#3#(h3t)!)`=9$%gvdzX81!l@@Y(Zbbjy5}>B9`d^TAF# z4jh1hdw!)D)1?den-@H62R-*9#l_W+wpHCwNyyJp9$l%hEEQO8n{sREI*B7)f2I`;%M%rvD&M>Gt7bk~`>I?uH(qYV= z^7Us3-qYUs-nhUkTYap75CE7h#OsTH5{_(vK?ZZ6MqC7d)`Pd6eFg4WeBJa>1S%uQ zYbnnATq}(Z(!-kwWb6eUKjr4>W`+;?m)pRpIEMMy`qOU63 zZ&N|%4MOe3pCVC9c1UfB=&G{qW+*R=VtQCIWdE{?;xd85<{)B-d{Mnb1M4mh^R&F| z&ymUD~ch(C3=tWG_V+m($x5ccb!0uEu zvPs2akFq8xD>WSLhkS?Z^p#n=zOPOGw%(T>OFk7k92rkp^HPplM$^+j`l3DnoKkc` zh_IvPh|AZ_9tFHJ?JK$avge$2{I+SqikfPdw7o9X0^Mtyq=OW$i&KAz9H3wk+#Hesn@flZCR#y|-*s3R7N?!ztxF{?tZ5s8%F&2886%m(o(3cVgf3)5Zbf4X9n>T^wiI$NZi~bA=bk8@ zVyW-Oci}yuC~=ZxcFhbjLW!7rrI~S&2_D{~yXk8gW+Uq;jHkOv@-}%b9SMMRDTji_ zMye0w!0k0bA9{d3GbDqYqo#5R0L8A!_ufE7^U z?*Jv2UF&0(0HFolaQBu&wb!Z9z=L2%lf+DqIUctVvAelaq>h!KQwWl0DJ)r@{=3HM zK}B5^(OB5PM8C10t^B@?r3>Q~RE_kY0M9|6KV$=gIE;d#J`g!6g}X4jmi#UKH3H|8 zGMDvWlOfvbmzIUrE4%U{wc~vt>=4d5)*ZTDBO1<{6uPbXr2e*3a_hpi0V(mBlP_$} zj)d6l!{6ODSVwZbJqmGsemk{$eZ50bz+rK7bJIX6lcC_Zc7)42+R0999l!Ip#6#d> zrSp6gMz^rJ98g$0rb;l6Ur>l3ZVpYp0{-_{cD`!s_PL|V-`74?4go;YWyV!y4eD5r4o zoh(=~nKbw;bGLk4&Q@i$w6qS-r2{>Lgisk&A-eVya`)ZWYZ2vwZu+g(EsIlUoT(;% zQe%M$g1LZog4r0_k(5!=_{BiVLumQ6hTPY;bipBkzxbNY1dSe50!&dLwfu?iqp}qXHFW%wv=13sm zyo%8Tu;bJynEQQS0jZr7Xo!xhwWlES*et?N<2i!H-j>OBYywoiJi`!KOMN?z6g*?L z^HqP$?-Rf~fz*Rdo0Q{|zY>8inbHeY29XI(BwFwxG-9wzUSac$LFJkzZbS^O%ergt zfWLkTn=U=iDkHMHjx1d*6h<*P$adRN2DA-WT*|cFh5COzAAiDtuPv#t?PG;jmD5bT zY<0*T*3Ibzs@~JLBUOeJmI{fi@|S_}i=w2vpM=+nI&0$JWNWS2^#Dm3su}z+t!KX? zR`#~EBi%30Ljs&VA+_Tb+LDY&H)EPWXo{gxVB6{mw)(bU45ck;LPL7)ty(;8R;kGn5-n z!s20+iwfa1b3El9_ZW7$Yq-DFSP|&}n`Oa72B^Nr(){=S$v z&p;<*S8Yew9#N&aZrkP9MG?<+Fn%aONcBZ5umW-wPJ627cFSK7EDPeblDHBCdiDAH zkXoKu46gejQ>cJGCRbEV4=!iSk-GHs7~aFjw(?7X{~H?l$m&NYxN0hkZ#_`LBOCot z#j5;yY~7|J66_T&B*`Y50ot_M{tC^qMb?LhZmhCmo)^i;#!%k@v`%fPF^1r>4PUQ;>--@1Y$W z@Xh{l+lj25vdewCZ8?{%ln7~zCN+JddUQ)us(SoYrPnswDf_Ui0qib^#E2M7Af)ES zt~&<(2ZDlPYqik@^QV?jggc0{69M=0bs>^iSpTkIw2&V)!d_qfnHST1EmOtWc8{6! zl>cuq}cjXY^HW50mdx-;w%N&RWb zy>amTsBLIkDtJ?uT!6Y5Z_)m)T5deNA~RRogcqSYNw;QZyD^u6b6o-MNi$896=8=3Yar1i6 z+R#(D#Sj_QU)NJKxUDU2sdMVSGc0x}LCHOAWzbX#o`+IVQ**rDSKJ-X^8Mo`W)2Pn zCSYAMSUcV86^MYQqgKNK0dOBP0FTZB(qu zg7y!!^rVgeouvZ8-wLqRERzcK1l8I~U3|^lt~yQ6rf*ImwR;W9o>p$1<2%J|=Dv`j=hW0pQS|<} z6pqK-t3FdlVmLFyHo(g;x9EkAOFd>}&?zdRmytDWl?{s;9w*tpLJjXDJgQ|0t}w5Y zFkov4vF2wgO27od;3O_9v{PhZL8P-|?J<#cIbnwAR)4mr8Gz_5{(O{RZnT_Z_}9-r zlk_C%y@8!$O^dO{spP2=zd$?tl zvx}%Y|lcYc9$p@L?|(n6(w5I&#*2YkMrb|YW+%lIIvs9 z;;fKT_@s06LFz%zFA#&UxxARMIVtl#gyv6yFAV}SlOp4A1k!#di6D!A$^8|jD zGRup_`R|t*0Yq#xmaE?^32;5;D!Pi!J**VhVm-CZ#gg$_)gKFFnfFGpsGboMIZU#pq_Mv0cl-7Y zQzC|F2QU?UoB<#k^$3#E8hSr}w|G8(oGw*rVanvKa7&?m!=G6L7(cjR?!4UWfr2Bz z&Jk&@!ND6|P&;&vRP}wWh7REK1JK8^)@abFs!a4iFF5=yi6>27@Mc=Mp$M$u590Tn z#H=iw5N~<#3W=HM5!d85Vio$3GIUG^9;c+F+q|O-toSY3l<&iX%(jP%RStOxcCm7m;@AG}qam@Dd=8RQdR9d2 z`F^Im6d?5;9Ad^PZ6aTJm@yw5m~cj`E+?I%0E?)7&+G4UF2-InGoAzcRxZVr-V{ww zcxM1c#bfP!M`YqJA@LFMjGj#XGcqVPLep48P8uuOQkPE;mGwDYRR{?RFuC~eP`zcS zJP$ssGqt~_MSU6yEjeNiR9x&imGv(y(X2MahiP$`^0`pRmqsx8HK!2EOu2h~-X;$T z0*$=zlHwm6AwfDnQ%;Sng*%*dnn_|B$a2lAAJ1=S%duKIO#0al;r2l2NMqX$mYoBm zE^G+P%MjPs1zRbIaZ?#NnKCy+s@LCUWQR za}_$#@|k+f`U%^2iJ1^v7V(%jo=Nty76LFQcH6&}6lFSi2uhI9rL|p*qi1t#IbQ zRE$auM(fLcnWxzIRiRsf`nyVNZ6s;BnrhRx{N#roYLDS;je~x-gm^A`xzQWyH-$(v zT(x-(Raan*Oe`Sd>|Af%12kX2zT_6?7DvDuoX!WO8ymAh6!48AYVsU+IDPKKj?p4U zTKMWkgxwmg3Yy2O9@X&~B$K*)>g-k)>0!zUPPX+!s~#)Y2D4T61!jL45)~ohQ10O zs7VPzwehLIBz%5_G`5YEVxZ3O>t~S@wqm3v_5wz02zmasuNhdxJ$A+Jc(P`xjy6*@ z&>MWL*;@)Fbzvfq)|CUn(sMXSbB+MgTzFKyC2V9YPEkl6Err@KZ^g_P0Re6S*SgNX zNDmY2 zJt()OK-r)l$Pe0ZIU1p6#I0&nDV$*63rkMfIFEzI2|1uL@FL=5nA;Bv^GA)83R@DjaxkSZ==I>Jn!mWJ7NcBH4tVMCUzo<3X}Ja#Jx_?d~7Ll^xzZ(qU&_%gV# zw{{Li`y_Wv218XRL;<3a9`#j zy4$B_y>MS{tGU9tp(ku;E~uqs0esh!Zfk+ksfB1!lxAjdOS=xW&-eT<81EQ~7F#Cg z(~@q#{o}QHruXf_^hT1uh_{b_1Y{cHr##9P64)N`fojrPt%-Y0to_`BR(216*p zA@a5G&du~qe1vBtQ;-HWjS|=HSIS7B*7;?n%>Bfu8Xu}5X&bd*fq|r~aG4W1nS2rQ5t*FCr55Lf= zJ5Gjc=)81Y7wfj;DU!dr zUHZBveVG@T;q+=1pCLsJtyBn6$_o@4}75eAVN# zh7Ti9%n007A4lTSl_hu8aK{ns5qn=xPUq0XGjFCL6>%UR;Jv|no3c$K!SQFedOHy; ziPlx1kDg3(K0$QnW7D`(xjs#1JSvX#G@F#d8}IWaR^tj&q`(*%Uw#P*bi$6W<(dw+ zUTs@w(4ROnp55M5v^=%||J>rh=KxhKua#Rs&h%J|gq(#aMVDinL1Cc4pkaFwWIbrasP zk{JVrfP{7aaxS-o_~+kosF23yRVIPf!HdOTATJ%$k@}WMCr8Ay=@61CHeAj}rIIPa z6@Mij3(v7Hb}ItjL_c@Xab~Em>x|cH%PSZh$mye)%T%Kq&0o0dL1=PdTk#2G9VL$1 zrN6zL`O4F|_|G!AI~I})(c8)!GX>O9HILIxLsfw#a1=|3t&tRCnz_{T^LB}ji8^FA z#F?zg@P)40E=GkHEr~qVmu0psx%yngD92)+YH6i@{^D^HHXkDILdwq#)Xv`lhhkkr z!>_nF$3OSa=39fv_e_soB4dbHG>>dKOiLWtoal8fy#%139v8kuhuCrCd6Au1K)aVT zYJ+pP{m@4AZY_veZtJ}j&}FF)`i3y%zFRM1#GS58(*j*DJ0@(UEwq+94D4@w#x$W0 zkysyqsm1VJN*fnaoji(NBGSYn{^4tb4i*`eT0tAnfk<-v+C-}-_v!G z-8P{L`CH*-UrLdrfU;EabQ?x-a`NW7JTyC`w0Ur|+u+n4d5K;WF0TUm#N%>9%or#7 zZsUeQNCTrx?$j2(RKFF2zWC0ASn5k#K<&le^mg9U)znIIk)43^iAaY0p*^DzdxUPn z^6KEGK5=QRi(dB*Yur;CeACAp_Yj5d7Ryfkv53R1;XZ1@hSL`J!5RXxwsa|KU_|zc zqP(yb?;*-XR7f$PiMECqqjF@fKlo7(dJ&i2&UH9Nr*k{AH(s;u=! zqziNv9RgsOQl0RzMsn>B$A?Rg;t)q})Y`N1#((z<6s_903b?H~Be>gp78u5zt7tQ1 zgd{Q*nlF5?GuM}^yzwYBkHx>VUrHFGpC$5rwg1v|wxOO$AT+0J{70{>9 zHu-1libC;{DWRIySm3XS&tN++YzoiCxd$$K!k5(~%~>?-;On|mt%-px0s=wk z@cbKFUIQTv;IkQexi+f@>d;=`GXX0DHY#{{bmOtZZsI*DwP%wYn}z& z?Y$5CqhlO^Rs{&8wG>O9*LWd+AW`^!@^}$AD|)m33a&+UwD6wJ7%WyfmF^lvtYG5z zLpMrO(EV~?^O0XM;K%*4#5l=_XhD@6B&FiPl#_X@!}^-SS>K_qZfE7*nVdj+gZ!Py zCw%gB4hUcQHL+w2WkumbI0mmQWyT@?ojs)p^VZC?s2ah0*!Bpf{Re(pD4!UQvo|7B zG?QGCPwd68HZAzWPY}RiW8=%(7cK(X|Wk2*h@0ULi3jUX8k61%q zPWVzkS7IIk*%fmGU(UfU8d2-Z6H}*4q2yiOp!>`$PHyA*%y2$VFYwe`G~h>FYS;kW z!0z|9tyMVumaVeV8frkG2SCUuq3BkMEL3XZS0S69**%;7E!!876pYmjKt+>Kbo6e~ zd|sJxd22&iZAu0dfGWD*1F5_^AhVcW;1PxoUf3Nl8sLn&jkF7=UGB_*6_(2#JnXdj z>Wwypl^qttUj(|-Y9)zP9?dj|)FIC`QN}eO_#%JsPWHVH|*i=mJr+@_;|lov>owP z9kP+Hr*A9ydhAIw5K}svEe)WSm!+FExlTqJg~`PPbKOQ{XOT7NbfNY&da4bjupt#X z;g#)Hi4PTGVtY2Sr+I?HJU7~{AGT5a8@a5A#o!8fROr>zR=)F8HxiKl&G_*fcyc$Y zGMhx_Wbma)aV@ZBn^`+h%Fv}#VN6Vn!8C_N#l;CbH6`19AZxjxS15E=dlYN)*Uv`p#MK(Ds1q@QLT+hiU|Kg|iKH#_2PX4AdiP4{nNm*|7G2 zM?7GzV0X@FD z$$xFh^lnEePEuWl>Tmbn&klZ_r6Dsj+j!(8>Ae_0Eow+`JTD@61N@NM%~k11jl`t! z{k2H(9Y6Xo08Mdms;^nY2awpp*%bds(v20cN@>*F{n+a8eX&e?aQNVC@58Eu_#D@B zpC#$b+=_g!bJ@INE(A39a0EGbb#XA584s{DNL(FD%LP;y*RI#)HfMU(5mltcj#?sX z7C%cBCfnbjE56)R9Cg4_qqw1x&nkH$<8>7&Oomhlj(w1-daYV=QH(z?-}O={^NgB5 zh<}k2sn1T`v};>ZP|Pga=eAxHbGh{D`0HNngnQWPixFsffGOVoR??1;B?dQNU+j1) zxe3TS+rR?k77f{$3 z?bNjMxdEENfl^#MHdTy+hq6p%9z5gP`f{`5@w`6c9Z=(o^z}mI=1~D%w}Aj3^6!sY zJUpzK@ND!EB?V&~azz$t5<1@Mt`Gt!p0wi^$0mDWFEF<1kpm}(lRs5OnvWXmmVBA^ zLZ0uZnvS%n6klGCur^&#AKs}3&`nAa`lQC6ou&n$(oFq2bio%7N28=sILK8&yG5jF zf5249@zi^5+A6LaoAWQ|vQ^$4{#ChC_w$o;>v&=0iI|w^tIV3HI!&6w!R$2fRJzo+ zLW3LU3n#V!b^ovtrYeN zi$>~!>ZSJE!iP3U@@wUYn=>*U6~qZAOi9bd3#tv}*2hg|7lo~gR6s>KWw9YEld~CbNIE0hglY+&R1JDUYMTJ zRYwOrP8tpMAZwkXsqagKl*~M-OA*IJUuvPnqFKp->ZG&PIDTSxjjYApnQoaVlb08& z$tC6z)h0&;&?lRLY_V+<%glZRqpsJls%WP)*Dwq37ft z@h0Bm_$;7OM|%_T;JBWFSV2FHyDp-wPKSI5eeLKG{da97_(nuAenK*e;U)>E6wKRo z=)Sd?$zu*fu3p=_{OpnA*2xIz(95@L-D~y#wfB}mbu>}CD1-zF?(XjH?hq_kaND@M zTX1*x1PSi$Zo%E%gS*2S-mlI*=l;C^FIBs!+BJJ-P50{6%ldiFB-a*ONuXSRTO>Yx z`+kmVF_oeVcL~F(&#bFC)xRo=ToPMBi2{Zkk#>cnbLQtV&%}lpd`7`zs`F zh97>TXXwOpgjm0TR{j&p zPmK7**2WyHP8?)eU9QRlSBgD`Txq?Js-Zf4-#J$>Lk`)qq0TnFZfYvGr^AekX01QF zA<~FW>vj0IGhh4a$9zLbOi?VAX!TWV?^2K^B>x2Oq=!+VFOWQUzUdcMa{a{rZ?GFQ z>*6a!le!Kd?Y)kg za8+&VidGg66ggQ74Q0@gijm8@uUP)o9_og+e@?=|VGxLTHE}=`-GI8N?0N^&J3Y9b z)w;sIsa|oh5`nq?z3V>PyuM;>ML?5#tWIfx&Fqh^wmr;nG^SO?m|8UZD!e(o zs}6>~mG1Yn&L~Dtlltxb{f#p3?^l6=$EP8c=>oS;ML3e4o{80xEqfKB^_vELhY?7} z|CF8O7KCJEU^6(ZYhbE@Rm6T8}MxGpm%*UfXVJ`s%&Wb^lTk z&E?(q+{VR`5=o@T`!Dk6FU@F3=yaNhvznEX)fQ9Bg$;8w%RkD0Xc1ZxS{^HCA!e7T ze6dzVQxHSzhG-T$dyd|ck`fu`H}UcHLX~ncNsy~iyLi5r|8Dq<~w)o^r#DgiVK%&?h zY`$?cbY6Zb-Nj~4M!qwA8e%SX>QRnkPPgPgTk0=X=Rq=6tIS0)-jnst^Es^H72y#N z7v)=M0kZdTq`HB#3FdM;5-jKES|YdZ5W;1>zATP9wH~+%m+fDF=1sN0va{APMzWI) zNRXRmg70c{I<0yM;C@X66&G(E73Lu5wm}ppJux5)wS);k5lA4M z9T0=cs9W^WIcq~J9u3h!T+6YFiy48C2N{&e9!2(+?nq%uuWDzWO+_5|XLxU$%e%LY+PBp~Kso;;Ir=juks-jYMLEn-xHe4N&MQ=#ElMaI z?oH@=`~`7xai|Ec{4U%+Kxsxm;rQX-az*sA_3+cyTNLku|R~ zSddT4T;$AA=v)`p%(TqTl!w|=Wyhl_&sXyakvMMIGl@Hq?qM1$YSfy2dXeQR=(P5* z?*Ak5Ek=d&s52=v|4&oe>lCLfzc)1hHO@k;%USF=`$6PpOs#+o8Iv4pe1f*qXr1PI zqT2knHIwDcG2&#SrDR2_Q~c@iL>6xfIxQXP^_%pA^?UWe=Q9a9u;r2#IkDM9(z`F7 z=I)$ZNH`OJSgVg>qd)0Et_gxm$Jjt?zJW)TqfR5o@sI6uFGJ+{pZNwjB}pVWJ69r~ z(RJvnDh1to!lYEQRfLpEybR`sVVZlGx%nZpMRoV3CCWOicbWYm*NQ-_=6{3>OMZi~ zoNXbHTzgW8jVM&w^)HJVYxr$q+Q2Ci#j=b&k`)TM^_7{>LElORjm`JXD*_3E>$Wf3 zt8KbMS)hR{3n5x%zN$07hosNrz?DdlGJyYiBo`-&1uo%61@Rz+ibL;eY}{qZ?bwBz znns|<@tp3!bwQz_tkY|nY5l!E@9UQF{`Frq^vGC9jEfVC`Ge;VPZ}> zcm?79?$L|yaW|nm;(q2zMV5{^4sCIq>s*q*n>r&Plq-}&kMyYNsT7411qNDR%U8S6 zy4P?VMykXLgN5CImE}9{)Fn|Z1MU@j`L&28Owy3+^78MY=Q!Aqc_h9ZM?!jB+*!>Z zU)BV_AP3fi1#ie$ETCTQ-u2%Mve7Ro-H}Sv;Kor9@&jxP}1(xa8mu$RZ!@GwMvU< zn+R`a`44X^WlI-bmv@pUB#@;s3)Y_CB&(XNGc4&%)flpkf6hwS>+-c29)7lm%;Tm& zdg_&vbNKw|?%~S`?sT3Z<8IuTdQ3R|84?HE^qmcFnxLfi)@Yf7l>_-O`1Ol8d^Pfe zVgdPAeeSE^7#^2OjoM%!b;|1HwsY1D&dROqA9sJjB%4r-`qgS-Os^qryQaitirzeAWG}z1COFNOac4?vys@m)&I`QKt1f*` zD?&=nWd{-KW^{yNiQ-dpZIucIKA3K2H?Y*IUbRa~OCLw{-cZ^em_SJBhh$18tc#N5 zKd5yW=My{uU>wHS<#Nhcj5qzOV;lJ6N(-RVl{lZ)UU{vP7g>2)1hiqC6gdY$^CQPq zOSh0-e6sr*Taq*ZCijt3AM~2ZABu^C<+GaRo`1uIJ+py9xRmOMt2AlLdF{Y5{aH!G zjQEFMWg|O{CnoLyNN>72RMZ!#RUSg>IX^DXVZZDVY|Q08ugPr9lMY`&QJJ0m^hTWy%}58M5*XuFT=1)DE23 z4Jm=BjYf#DRq^|;?ZzjPZwM8&8YwZUT%8fKpE<5x%19y1x6Kg;hrVaxf*!vub7T<{ zn-xD*!QEsCZmf5CO;f*0%Ut&H^B>7O)EuuUbu6LqO<=a{8Zp_J*{;O#$8{YeGTq(~ z8!e)3`!?Hf;=1BjMIqEv0_Iw`GRO2_$@NVEoBwCEsE3lqDLMVp7&S!s;I?K?4!viD z^f!lXPPhs|Te2hS`H8Zcn)pG2T6G+BV#tbbBhUz(0~T=MgqGGSj=C(KNY@JqKViBm z<8Z3krL47@pwi&-?H<38CADKV$RfL)0-HFo zywx{T4TVQL{f-RMsA=oA##RbWFiS?PRHcvUj>)2vUFS^ z4Y6Z6(jc9S^w4)75zA?K82SkM{XAx28y1VKaptKiIKQAtqs@bouyS==qmb=P-IWJl zo8Oo#qGP>#vf~l%*z`7KwV^UlN4((S1$+SUc4D;LhvDsvLG+Y%H-Alfi+A>uQeHpH8 zJ-0h9Z{+X+r6jNh-y8S;@wQh`_~RC@UgJU8Z>*Xe-Hr^=%It3ByYJl)R>r2#$FNjl z>8;IoDb}*5IbnP3a$-8n$!l#&*&vCBkVgFI3mBZ6glF~XHq+=sN#Pv6ft=aF22tm^ zeUZO3rP2zQ7qx_$7QFfGWo40rguZ-kmkedBa7hg=NZM{Skewk>$GU&G*>eqCw%< z7dvN@QTb&IsRN3Z^_!i39;=~PwWIP8q{c(0X7{b;i!gUSYcAcLmnxecWa+ExO#*#a z6K3nS-=9rFOquXdo`7%;w41Gq1+1Ud6bP$7U^t>38 zY+LYWej;cG7E4F}e2Ei4h2zD1r8L)Lokcl@6|yTAK~b_av$nP26)0QtqC|O>Z-^cm?Vq1c-mt71GCwXV-~h$i_lRYl z)df>j{7y$!3SA45Zkk2X7=UjN~yx_Jgl!hQz}0s|Lj)|9GmX`vWdhq zDi5LIQyC8#X^i*4%O?x4-_*bJpKEaTGmYW#6K?nCT{gJR7Ny&$i_v|=Z!#}2#(@EA zbvdm$PF(e$y|1JEFr}r-x}gecbw>fJCnu5J$Nrh44a5-D6BWs16cIQRQCS9)9?JOqlYX~x~nQ}y^0c@Q9ITYX;# z_I}HGjL}umTcTP+yU7xhY=_{yz|(cNnids}!1P%w`Kgq&JZR}pJDo1RPo3L(Jp75E zc6UsN@7MO$Mb3%WBL&~ws>$t@N6zJi$Z9bZ129@M?O!>;p#f&7yH4`h(~oGD^ALjF zJf99hxz{@0$WDT|*rup*48M&BAEf?Jq)asplp+3x=O&frK_UJtCa~iK7D5|#-^wjU7BGq?6$?_Z{Xh07iox zK;*Hy*iIVa%Da;w39BAcCso8;w8AtWM`-DUJPzB1+;r{o4*k8ym{-S0XmH9hLdi4G zN?WDN^+NZxQdvR3P7an3RhqaVc;HA6k;9RYbQGzt$G~vSnpV=67lCQ4<*6#q_LvD2 z1sXI5Vb?8O2$Xwhu#jBTQ*< zx-MDbJ}2S6%C$}lXC@B76T{u&U?M^`9RfBlL3a|7ZY!gX#fch3VaQ)Gmg z2S5M0dcIDU>;~OeD@}L>_tWx~XE_m-!>LoUACi_C=H*DGWJRq*2iKSDo_AUK zn9+oI2gLV-QVO>h`|7ufG6ZAUmw#o@ovE?;0q@C z*_s6f9!e?Zel|m9Ne_j`q0RW5I6J#FQDy?`@4Z63!p?Xa>);vZEzb1U%DSvV^Ap>o zut>ykjK;~P@d6a;KZq0$;S6bqb3CeF)+&EHL&k04ZDr@%^DO#_QJ(yPtP6_p)5=(* zdEyf`oM`$jrm$)Ru>eWG68#xIeS3yteocJFq_=wa25AKGlU|Vey_Sg9^QwBI0CF>7 zT9Lt^hp=x^vSo>A2wVaI1-_i%C+wq+q&NA-!HR+R=JEoX6yeBNz zB9$^Rn@$J+)2Hcar4PhMNX81WT!YgjG38C#>iPH=6lS?7Hsz}DHqI(S1r)v}?vO)x z1_YZKe%WiamF|tahzlP11w(w<4Jfy?q2}?N5Vq>skToqORFvUavY~U@hj0H3GzA0O zsC}YkbKx_#6b3tutIjYMEysyh1gZO++c}(fI(JnG01{q z>q{!46{y~hdZ`FtP;>)bte~YTQHie!5_g3Z;L{0U!#0@Yk|htPGlX^zq29rzo;Dco zO*9zFeW)&3P48eoB%LIaLd@~%FNk#1fIe-_!Cx&0R#ZQLg17>&zyM9K z4e^yo1L?f~<1L#Y1{D`*pTcV;Vne@N1_#m0Kh>ronaqe{OFMdwqg+x}-1)M?_m}1* zruB%Lz{k1&^PBU;UM7Ey;M>pcxDrh-pI(PB0}}J$TKOZ}XKh$DNY}rF8(eq@@%%Ob z1e|HvnnC@O0}uYqP%Y={+kS?v+l}H#wLR@cr}bh1o6*DReVk46bKLx4X_y=*CYi1n zTp!w{-!J1YT~I>@b3X=%C=$9Ak$8obCgjB;*^N-_TtD9x65ku#HhPdp4km%3*p@si z7X|M;%Cf&x66HJ|cilrGB79OD>)m4i_ zdM5QtDLRfW>lMNw?%_9|Aiw#d%L2N?tz`HM6BzyXl)TPVUGyx^T+xG&MTA;c*OuS! zooLXI7lDZSl%9Dd4{PR!Xm|5xo#u|$yOon=V>y|e*-lu%zUQ@YFz156(#(gwI$StA zACCDDl7k6KIm&!7-+Tu9`R+3auL4-*$tYQaN-P-nRO?k1o-Up~sm!?@rDquP&OQm5 zf1%|(CtdP>DI~|;mUd9m)fhQ{Zzi&e;h152JhkBA6@}3F3jUOl`gwX`<_>uHw4@RB^RCq4Xu2 z5r;l@0#e_3^?1G)(ow!e>5>V{g=E=UsvdI7X(#b>m5axEG#hDP?}F65nO)vb*y_yG z80aFkSgDEn&_$lwGkY~6$^*=Q4W1BO<=xkKB`YT6*2iE`v**qf^X^rqM4go~D;I4u zu^Vc3QETVN$srLblO$kbyY2qkUH$RQp+Yd|{B0SN=EM3v!E&4V;3>q4OENuc&CvGf z@w)K0yo-U6Ts7xayz*wHEQ^6Jn=u&r7?_yXPsf#xE7skZ!gg=w0S{Jkpr|jS@(L#1 zSLJ+{%a|{3gWXxTQP?_@0aIW2x$K(!(KGI<0Y%PmA>971fewYJ#^NHS;J{LjStGM> z`n#yf|0Z$AFki7rYIka^gnr{{P=oM#QX##wD3jZf;=IjJE8-D$cULJmpQj{lqZ0S1 z@2^n!7%vg1jGWK~XS$g4>to)=ivM6kpcpy`d^ev1wwSr3kawHoU0JNkCs2$c0Cx5G zD3WVHL1f_9Qcy^a=s)*#LvoaQI0m#f^dq(xOceM<2{-&Y1Tq@VFGuUR*mWJBqs&&!sOIvja2Hx0q4R^g~UF#eB zIjQ117xaiaGk9_6aQ&g9Vq!Oz4%h^LP!Wa|t%bJZ4~VLhwrw#XO3$njfV?>zz+I71 z#-dEZ#AvSEU(+Ws@d-)dy6lRDbKez+d&f_)0$=1eglZ6{&;%3W?iX&P)s&LDO@_+* z$%NYnNiIWN1mZ&k{sO1S9#3i~>{@YiU?WCKn_kvafN^IbwkW_uC@Q*Q0aQQxVNL}I zryKscd%b}bptF;;>KH8nR{iN=rLEbGA6P9wF!(80x@IK_DMy$NSP*C_YL|n!g?7DP zep^;F+HQ>Zg`qArGA0g!WK(6;eIbjVu~F*&sg!l7hKaF|z}bAQUKf(T z*dVz+K_De*fFSXIMs7J=70QkEHQN&44|Q@~5OCE{Prjbp!BxX{0kFK$KOC zD7*>&FZP^ITXgDGKZg^_>kDJXHAV&Z8OUkrH5-Jsw!mmC+HTI*!wOBcMJAALzgd&( zr_!xdh0Gdp$`=N#J#0Ez+N4$6_A=n9S$}ZBGjEyl^+ZW zzA?YQnC^OM*4EY@P31uW>4e{ggV7IO0xoB(!vj&c#pUqkav&nL<%kuczHG_mv4Ga5 zff)gj6HcPM?$Ijgzw&DEEq@CtdI`3zKr^U4teH2;cb;SCJoO}7aInA z8%Sbh3L<~-oXS1V^haWp$XH(JuRNc?xFJ`>JAFc+6Ft&VK$SCG?Cc?v9G|SW*mie$ z*hMBd5yO<&&2_PYksy#mV@MSH?H2vTBvVK+sd-~<`uA}JYPdK8eUPrQ6n?q4M%GJR z3uzq}Fo?Fb^c2smM6?ZxOOd%!lEi1!2oH(mhPKCbuGGe!x7RzH#gKHS*;!%;M=&mbtsbGw>a)x#E681ziKks=wLP^5Q>_MTF*dJx%z_2LKWY~MRV!O$MS52<+DR#AwvA{>Xu~&Cj{fr zR&J$m46*2CZvFH3JH#rC1kHBd+CnlvGinu;$ua$w^F+ZL8zMCxw8Bc7X38ha@1C}J$McG}YNOzzx>vs=p`+EGik+ZZ=o ztrX6ui2?qKMoql9=06y?y%Fl>6}x{>dMET(q@t*`lQ2vLeeP8&NUZRfbOJy2K1qIe zzj!^`YkUTVpR}%B3A^}0n{Zc#p9h76lQRXts-G%UARHM$9D7PVSl19X@$kw8)$0ms zU{mw)@1V&4vt^uo^$`Rx4e9sx_EsGy_#=UnUxln!J(nxn4nEhjP+kotm}&OWC=#EL z4Fs-uj4lo*CK~a**71PK^#>?AfJ0toIza#chyl>@JzI904$VVDLqx#CfeysDloUw- z`#Ou)m4ct2|Kz*~ND>mhY(l*~ULUOJM7BZjnWXPa(yzP!^1MG|hz{z2-|fSAciEcX z5>}$vi8GVK+_h*lTTW{g2A_+_bXMnuAQdN=p5g{O;y6)kWW3EKM@Q~Ra(-3| z5B*mzC1!vhSBWkyN&<#GWSSU|8R$w%S@zx8d1@b9jB5TG=c1SEREFv*7CS#7?!4A; zjULKezbFO_gBUrjKUB(U>YR2oR9*DRZd7}gAqj`pg;Y+GwVIG%vCZZk2C^2~FyE0NObKPv{ko_7Cb;F=Zi9Efw)=*ag|}a-WIwPq zFr*|5+P24rQHEsiJ6w-(Uf;|pK*S~{_7y4S{l_=J<4gkq6}*CnPJlkAYvcK1jp5xM z0GFXCcnXsvDCAKRVtV!>EEShQ^#OU$WWOzzBKOq+`J%`?{o0CPo^GvG@^1#Kfjtp2 z3nI$p<#a>th19l~{5r)}0dutL{?sDejfThq7{ynF-NwD*XJ1AVq2*oZ^{>P~CZO|e zjzPH_8f&p@QjPnDY}qT=@OYutf1{+Rg&dFWq!byu-lDbX_DKA%b4>^wA%5fEUB^w( zD*o$A-zk+kJH(cHK34R&I~fKlxZ)`c^Qc$nCO$(aUrG&ezI?@k6zJ?0732voXg>LtW+q>ID40%IEcIQ?(MzmsRdMVxI5ZRVb9Y zJg>vPD+pRcaBP;nKF*13ZfSCTt5K@@&NZ3?y4u4bu4wIxRJ$^xW_FG3R|x4N-=Fz9 zn8?i%Ka-h|j!fFXju@hE+^YFQf4C7IUBP3dNlSfZQh}lkW$HwI-j6J6*(+9OL<*=y zHJR*mdEc0AX|Op5;}E-|I}{RFmDm~s!17aD&ss)mE}ycXQt!HGAK)R>(3E_-fkdHm zR7`6HcL44<;#%|lq$r~O{Tls!R3@__YmLNN4LCS|GZ;E|n($)*R3s}#&4#km5VG;*g000ld?0df|I(v9)8k)pnI<}b zXxQp!DmP=LO7H)bnf$ZsCtnM@cW9*|{BpBFb$ysYt8m$Tv*iY^D>uqdB4xzGLnou3 z$m9e*OUD(?t|wKC)d$V7kjY8vz!FX{@f!va^oEA zD++64v<>h@B<-;zy;^S|HI_9tXuDI04fg+&%g%}{lVSId95q=gSXZ_Wtu_wH699ir z6Y%EA;&Ha9yNnfZm&I}ZUo zXQ$EpbE%XA4>o5Rr(nAqop+07h9L#Q`AFZ^>x11=@?Bak+txH|@N#(7RSC`;iz&>x zcXL|&6^*t$6gVn|Z*4+pCue4HA*Ps0Y!X4SiKPL|nggq-z2_ zm|%DBC~I88N`|6GyQP^|Bx8>SNoifQW^|euXP@|vW`8hy#2g;&cBOcrTkb-%kCv;} zq`n3Z3cjqQm^#Z9Zz-le{1;Q0@=8lj9OS|Y)RvVR##72K*zr;aU2g#o32^0lRn{vU zx*kX5K9{h^iNS4^lkEQhZ>>cQy&l3fm#CU9gYh4U8iasuUY3Cw$+16 z(YKo=RB`(F4xqp0RVNO)q%2iW8M2+=b*{{u7QuStubD(tt$2g64ayEs6YzoVmQyA zqV=!)qhR4NA#=h&)4yXQ_y(G*7Z`v)9(#XX<|zhUF7T$l4ISr`w~B_#_;&r8KNw^( zqVkkT56PrM1_3#g;WIM8neSq{fPyQr^ir9BC@Q;DQrzo5K-|2ADk`fekSV0I>HOzZ z@wPrptY-_bUdX00`K`6mXKlVmXv^01Pu8o(D0iT?i5ND%d?O3O8rEcnA~|EQsv3=O zYS+BF*gz-AOjiNPQ07nNuOHa3vl!%2*?6J}=PIJVu_zh2){)!y2EzlSFCiH=H5|t; z5B^hh>K#d<1**vC1PEmK?w}kmf|ke3SQ4w#<$7)BIaPWLgW}?1zk?iK0VaU5W(9A% zCuzma>8=p8yDS8kIutpgngQ$Xdqlw?@Y**pk#Vx$*YRkzrnOoTsNTh7JyQ-A@#DOY zDLwjvyg8Gsc{i`D64<*{!wpi0e4{FH@DQNn3n2dGo*f(b=9(V@M z&g=k%P9v&;suY&CVs5{nIbGj$9PGk%SZ04eDI10X(WeVu+MYxg1!k0254fYVw$vT5 zK;e}TpA~zo4ExV9{C8L(h+28uI=sdXJ3)EHx8e;mZOg}$Ks$t_EqBZ~{t2)B{n^@x zs+!K+b{tOt6yiRxzu4<~UG_JSSk0UTtUjNFe1>Dq=MU)xkN9y~rNddLr(2rGeAxr; z1g{uTf4vfqv6Kk(6KFF~5;R66?vg1btO2txZS8hVwk7Ydg@~mx=fPcVE8zRO7xdDp zCugk`_~jG0O~<3j{zPNe=?mY~DM&f-F*L(hbi7Opqa}%#?}_y6!Syq}o`O!In&L7u zbp3FsF=$D_9V z;nc88MokS%Me{z+e1-L2%rh)%YU&SN0$7x;_EPj5<~2;0&Mc(e**ksyd54dbq}Tnn zYt}wtEbd||^QUEHPjgWra7oORE%o$qE|2MzEV1Vyy$+Toi*nB|N!F~4@#A-V?2S6O zm_D!AY*U6}U$WK&2%XT?w7bhRYEOP(5*xCik*BA2RmLiE!Ke90#<}Amo7_P$(7F$W z9Z?&t?~)52-xKdxkucMKS48o%qg1WK%{5kchBoK*F5Bwqd_A?*b{u2BIbB(lVjtey zjV_fxkX*UnxqVzQy0XBccoX{hY?C_LWYBKi2<%uNBsRY#R>4Txo^FnMhbePLHB7Vm zu}w3(f#c>GH!#;waA)o=0+x;EwkokUtvTQUbt*CCLd>#94SWR9SQO}U>p$8FQJLUT zI}J9kp@9F5ykRfV*qI!4m>Yu5NO_R1h$F7nBgyo#85~gsGNR+FZ~RI{l~hwElpys- z!oJ$#Y=j}VtQ^w)WKS**u-31|l-ESMM)e}1Yio}NAPSiAEz{V@*n}sqEiFH-w7P3* zVkZ(K4|lu}l%R0 z%79}^kA*dgy6xtBlFoy7ak|fF;?nxL)O~+{3X=90OMYJ2M$DRY}*;)RiS$SJIUBBL#&)tNWF{ue33OZ(Lx*!^4@*^BUTA-Cy>BTn9Fn-7iw^ z=DoFyBz9e&_lX!cZ$-CkGazB8&1L{C$mf`P`t(z-g=NZ~2QQyOOYV=3Jf&~j5ncta zEt#I}V{+C8!M?r*IlC_5T)huq&71HLSf=BFuwQ@ow+Tz_3g0>zXWP{>XiVdoRFY$3{LPUjCrYRR;mi_ec17s|~{BPIX|fHH7uJ zI;1~HNCpW$9Y-*BYyt_&!SnkNyjC;@z^ku`@_d*WwA85bq80G{8EGPx2f?LuYAiIN zP4L|RW!ET3zP!FMG}Syk-(yv-qwu>}Nhsm3h6aucAX|>{{y5=#N3Yk>1}it=$NT98 zb32z%QFA${l*&0(Dr?)NZ%9co@f@r=mEn~-K09;WZcFg(5^*3ByVrR^$JAZOM;=mP z-3OU9+bf1~;hch%eu)DFN~Zv{D3V|`p!4;rC)Qb%*X2YXU=T=5NpXBWZEXA&sH)3l{@rW7f&F_PzAvbK6p;-muB&bZXJjMla1ig=`0QnsdGX}bDc&7ko5Ps(7l0a>} zX1fv{T`}gih5)jMPxDoyfIR*5ARKWR=%}d;fH7+WBH5cmgVV0@Zwgy}xSfNE)evrv zy>n%2iekp~DL@lqp2yv0XNM~bP+~&l=NLRc_>*A+8jdFii^O54*?mY0C`balh|vYD z4&%pxcB^&IP{0ju>i`411=o03h4_&M*2(Cf2H!PK^ORk18g;n+fKFKGmE^ov80G+Z z4ReDfsk-2+D~ARkMGC;~_X1>S>J3)dxSTfmO-)S&3habU$W`k9Xn_~_#uu7|1c6;` zPhe-=8+1z=yzcXCT~k|YO~|#CFAzyM9|CmxB@z@9v#yCAAYeD87csKH1?0S*n6?2V z8Imalg(1-r-Zd7y@7I+Ii>_6fv%6%|N_=krOz?su3{u@*!GQ=~ojE5ju$17GEw^WD-p_TV2@}JJ&fav?~ zAOwZO^Ksqr+uq-vGl6scZ7)|Na0Gl!bBrIfh4`+k-N0#jbB#uWUdWF*sc88}vod&h zHXWD2fYW;eD_MK~o%=(#t@U7nLjEqf7G++A<9NOO3}p>*a&!4BPs+)gh3er1lFH$O zycz9Bm3XRYYsnO?1qfQa;YWZc^5Hy`l+ZAAzBr6L{WNDg8qJYP{W-Hm)|tmn z@M+D6B% zJ2E~Vg~0QKc_4;xBOe;#(yisBW@NF-Ks3S?hfF+u*P%f(a17{Yt~MNG0osHC6JgZ| z^EuLm^=5@lE}oxZ1*iJoKMR1&f%G+Apzo(MH_O1D2iY1w9yU5FA-ciG;@~AFK(6*M zA(EdGtk-%3k}n~^+Kw4cpmYR;V0JlCcW`hxocs;pC-k$YN968gsTYdSs|)Y~7i&!w z78%i3}@!h z0)jqHe9K=EuRM_&rz0hRSK?cz&uc1+@z;YaR|0^~vH;kn%fl1h+jTi?R)>0mVBL43 zI3EDxA@EK`!@j@)?Nn^jN@c)!nGb_aS0P7+Eq*Ji4+O^IDvM-Y1a6ni zixH*Y1J5k$AmD;vI!U8){tb5#>IKrw;cXnCPj&xST<8XTfUwu3>nAv{=u&|+*i@^l zEkGYB4v@qW#6ST&sWV6Uxw-y;=y&HE69CHI$FW+=g$iR}`*(>Wf|Y>oWD1#?vLOM1 z_x>{c5q_HJ2cU*RF_wUJMD_bnf2fZq5ptk9KO-?j>N!+Ju5r|7<50EPJSojm0znqt zBlb;yabSfI`{*S6Ui_*ZFj|lqg=WmzZ?lOgHMrUfgoyAOu&Z!z;{T@B zKhtfc+cC){2oe2UIJORh&Vb+}Y-7qtl5s%R$(b420&8)q;dHE*mLmY8vF1?yZxYGE z(2y;M2Avx#x-_IhbR>VFqNpx?^@5-i<@wiBfaLc3Y#tTai}WX|UxyH47k->8(fW^b zVjputl6CVaXnbT#$}J|cfMxcjQ?=dKm!cfFW`&=P@qY`!`^>e24)%K^5260FT0!uFw-CDv~zSs!XieWm1`7pti)xPZ6MrV#~XZ`HndGv7ff3wFc9Hc&@LJXPP zN^+r%LA-zeY#pSo1g#Yz*2^TvqP*I$69rVV%rE6cm3lwSdhYC$fC%FtR5F!Dk^lRA zv_d%hG;`WFmzKHFISL%eF;2Y?QUAJz-`Nic3RIyLKYIy$0x$Jzn^_VFzkLM{7{{NH zzEg)NP3Ug5@=)SV+S5{OwCcYqjl~Pmn1ohD<%;Chip{e@M-!$A>{1l>3^)n=%|OodZz?B z(kq&Oe7xAHQUX+Lh04eLDE>1eG=1I)Sl;{+Y_K>VN>1KvN8u(l$|lEmMy7>W4Y(Cw zVd>%HJ*R%Je@HkDjSi~L<8c!vLh3qiv_Nef37ZiXiQ#6Em6EYvY59kVj;;t~r`y!| z`+%FHk$+s?t5jx-6(F!v_}jvRHZ{}N<|#)8bMnU<2dRG$yJKw81Q%~Aq>ljsr*jE17{ z_wJ5`YzhJpaI}c5wOkp@%0%`ljyv;1{#-U8V1$b(hI)FAZ z?NE=<4`mDg@-ZwwLYKt*R;3w~_@o;up2L2cOAY4hSX=>n!iVX0tH$`xWebM~W>OMf zscIv1TFLU)(5Xv&_I9_FEWSh+)3B^e1G^(o1h32rSxinnN&OJJj#VYJAA!)0%x&xK zbspyq4d55OF*K26a}Ju+@4Sw_6;H`U~C19EmFuV_1g!VX>}Kz!1_V#o6n7TildH+D(8|C;K@1JHm)ZN-h%25?9R0$Yv-$4T0T zACSC?{Cr(?@eFZuo-OL)5pKK&&>~vjBgx!${P%>9*;Eqyo(@p@MtVP&)t_Y5%nZrO zw2cq{1Q&hYH&9RL1OtOMk`@zIS*g%!aVlN|{m)3Ed_o6R7kmb4Q5;#pPD4_}f|L-x zMD}fca5H55b7M!n&zke9YHGE>#Prbk5 z=4@<^ZoS$qVKsMLkMqvX&VFXp{Q|S}^5N-G!T14hXc&f6uG_vme&?qc(2}sh459Za zpAtA{2&4t<-X4ULodGw;{d#|i|D?3&{C_md5Rj8VhM)!@twyK)q0TWnF|0p5gj!Tw z{}kDuUZP2ulFc1SkX7D*UizaP^mw(`9bxHbT)oKop%vzpz-04VR!c7cZrXy&4lM;d zDJy-N5FXUe1-I9m@$)WU?{lM-TgHwD5}!^%w@b{fC$sba86Z>O!P%#a4`Bc+Z;Vc> zi^gY7ph08fU;++0|>phOKhAJ>fS5cXBxb8Ph<1q+5}Jx_%04ok{ox(CPys43~_SYyNah}_G++{7yvUusVKD)tgG0qrghJF`=( zF8!ZZtUKPGEZ=S`eV5A9BLE7$|Ly_+2Wjp}{cA6#Y;1$nr)S3MMKL4em z$3RBzXOp8TvAk^3c{vM~etAk~wQjujX#XG|2lzHNRp+{t71yLchLl?#Fj0ib`pT4$ zyL@+xh76Sp&vF-ELwdU*W;zFlDV_GDRIU45hnVDOEZb(EK6&|`5b1WDf2-g>NQ_+( z1h^J~u8=O9IT^FY{0~J845D4K^X!1buu~H$G$pCB9yorIozxRmp z-r)3(q~V;l8!&WBkiBX%Y?n_EKud^}3ng>OFDO?%PYl8KT@@bV!XU3zApZ`83&Cq8 z0bRFUTR+ZKKH0y&-Vb_W0z;9wli62o{eE`oy{XfR4y4|50HiKSUIpIMy3*5m!s3#> zOJCpdQrOPlCG(ONHMl7wOD8Gj=@f52{U!*B^i#=N6M!}phy=;(E}#v?$nJc6>}xBK zxv~f7$rZIMag(00FYZlT^49bz7Q38*@!ES34N~`dgibYT1OY%>wq6fgA!{tGtb@TG z7o1uVZsy$!UJV|UP$M)jpJjnM7(xg{i0Cq-Tra@E3wUa0WR&jsELgLptU!*`^Z{m# z>To9QMn$10#jKAshOcMMb;J4q83>lbv7m0A1RER%5>){1q|DF@HH?0h6eIhXhy_t0zuRE+fCybU9vI4q`L1 z)^oE~8*K?)SM8x3_eWvshgmkY`x>^Jgo8eoCW?lHFCDCyeR z*lehup$P#PoxtH~xc6(p_g=u#idZ**OV?_em^HYn{I?xVNd&3CNJC+O6$Y!@VxXaU zJ}7Hqzp`BZq(Q6zD+VR z@g@FQNMIJ%wQSqx>;Ya~vc271u|3Zf0L=OQ?Y`4}FG&q>s&yPQe4(`=0^ySC|F6ey zGeKg*&XyNP0p;xp>&CT@{JJn8e}--q@O)rBf5Z>~KiMDSy+d^)P1w z@w$SMNntPs4srZ0qdHOly84Cg>pl1>_J7v=Tb&|tvKty$?N7xmfnPu`)6MZh3{Z2Q zZ1;4Xo(3EdnLI$W?QPJvZ{MhBXh1-H1q~e?8M@BR?EzzxvFjS|K(Q+L{~9AQ+y{P8 ztc9sHGVDv&*Ug+z$;CLXQ_0ou#2;R*7%n;}Y|L#_VABe8uVXDao%arz3_*{OgU|SX z-D4137V-@j*(eR!=k2RL{snmz(!*z}m3YCGhUXRyF@)!NK9};5Dsyn8eqsj=I~H;dE;`Qb%dBVwh|4S{`aFr z6*xXz1t5jmjeU;){lk!nKUU<5{1>*Pk<0(jb!g&Ys5JjMe&UMTf&Wblu*|uB|NoZ( g1NQ%YKrY|GbsU$!Wq@1OfdPNg;__k@BKrRS3-}~cfdBvi literal 0 HcmV?d00001 From 305f55c2706cd3e6362f6de7810d04b290bb524a Mon Sep 17 00:00:00 2001 From: bglynn Date: Thu, 25 Jan 2024 12:12:41 -0800 Subject: [PATCH 04/24] * Network overview and Reference pages --- .../Istio/{Overview.mdx => index.mdx} | 0 .../Kafka/{Overview.mdx => index.mdx} | 0 docs/features/Networking/Reference/README.mdx | 160 +++++++++++++++++- docs/features/Networking/index.mdx | 44 +++++ docs/features/Postgres/Overview.mdx | 4 - docs/features/README.mdx | 5 +- docs/features/aws-iam/Reference.mdx | 2 +- .../aws-iam/{Overview.mdx => index.mdx} | 0 .../Examples/_category_.json | 0 .../Examples/postgres.mdx | 0 .../{Postgres => postgresql}/Reference.mdx | 0 .../{Postgres => postgresql}/_category_.json | 0 .../Overview.mdx => postgresql/index.mdx} | 0 docs/getting-started/README.mdx | 10 +- .../configuration/intents-operator/README.mdx | 2 +- docusaurus.config.js | 5 + src/css/custom.css | 8 + 17 files changed, 225 insertions(+), 15 deletions(-) rename docs/features/Istio/{Overview.mdx => index.mdx} (100%) rename docs/features/Kafka/{Overview.mdx => index.mdx} (100%) create mode 100644 docs/features/Networking/index.mdx delete mode 100644 docs/features/Postgres/Overview.mdx rename docs/features/aws-iam/{Overview.mdx => index.mdx} (100%) rename docs/features/{Postgres => postgresql}/Examples/_category_.json (100%) rename docs/features/{Postgres => postgresql}/Examples/postgres.mdx (100%) rename docs/features/{Postgres => postgresql}/Reference.mdx (100%) rename docs/features/{Postgres => postgresql}/_category_.json (100%) rename docs/features/{Networking/Overview.mdx => postgresql/index.mdx} (100%) diff --git a/docs/features/Istio/Overview.mdx b/docs/features/Istio/index.mdx similarity index 100% rename from docs/features/Istio/Overview.mdx rename to docs/features/Istio/index.mdx diff --git a/docs/features/Kafka/Overview.mdx b/docs/features/Kafka/index.mdx similarity index 100% rename from docs/features/Kafka/Overview.mdx rename to docs/features/Kafka/index.mdx diff --git a/docs/features/Networking/Reference/README.mdx b/docs/features/Networking/Reference/README.mdx index 626ea0452..f7ad43bcd 100644 --- a/docs/features/Networking/Reference/README.mdx +++ b/docs/features/Networking/Reference/README.mdx @@ -1,4 +1,162 @@ --- sidebar_position: 3 title: Reference ---- \ No newline at end of file +hide_table_of_contents: true +--- + +## Client Intents + +**Example ClientIntent (yaml)** +``` +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client-server-access + namespace: otterize-example +spec: + service: + name: client #The name of the service initiating the connection + calls: + - name: server #The name of the service recieving the connection. Multiple names can be provided +``` + + +## Helm Chart Options + +| Key | Description | Default | +|-----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|---------| +| `global.deployment.networkMapper` | Whether or not to deploy network-mapper. | `true` | +| `operator.autoCreateNetworkPoliciesForExternalTraffic` | (deprecated, use `allowExternalTraffic` instead) Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | +| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | (deprecated, use `allowExternalTraffic` instead) **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | + +## Network mapper parameters +All configurable parameters of the network mapper can be configured under the alias `networkMapper`. +Further information about network mapper parameters can be found [in the network mapper's chart](https://github.com/otterize/helm-charts/tree/main/network-mapper). + + +## CLI: Network mapper + +All `otterize network-mapper` commands share a set of optional flags which will not be repeated in the documentation +for each command. + +#### Common options + +| Name | Default | Description | +|-------------------------|---------------------------|-----------------------------------------------------------------| +| `--mapper-namespace` | `otterize-system` | Specifies the namespace where the mapper service was installed. | +| `--mapper-service-name` | `otterize-network-mapper` | Specifies the name of the mapper service as it was installed. | +| `--mapper-service-name` | `otterize-service-port` | Specifies the port on which the mapper service is listening. | + + +`otterize network-mapper reset` + +Resets the network mapper by deleting all map information built up so far in memory. + +`otterize network-mapper list [-n ,,...]` + +Return the network map built by the network mapper since it started, or since it was reset, +as a list of clients and the servers they call. + +#### Options + +| Name | Default | Description | +|------------------------|---------|-------------------------------------------------------------| +| `-n` or `--namespaces` | | Include only clients in these namespaces (comma-separated). | + +#### Returns + +Here's a partial output from `otterize network-mapper list -n otterize-ecom-demo`: + +```shell +cartservice in namespace otterize-ecom-demo calls: + - redis-cart +checkoutservice in namespace otterize-ecom-demo calls: + - cartservice + - currencyservice + - emailservice + - paymentservice + - productcatalogservice + - shippingservice +frontend in namespace otterize-ecom-demo calls: + - adservice + - cartservice + - checkoutservice + - currencyservice + - productcatalogservice + - recommendationservice + - shippingservice +loadgenerator in namespace otterize-ecom-demo calls: + - frontend +recommendationservice in namespace otterize-ecom-demo calls: + - productcatalogservice +``` + +`otterize network-mapper visualize [--format=png | --format=jpg] [-n ,,...] -o ` +Return the network map built by the network mapper since it started, or since it was reset, +as an image. + +Uses GraphViz (specifically go-graphviz) to generate the image. + +#### Options + +| Name | Default | Description | +|-------------------------|---------|-----------------------------------------------------------------------------------------| +| `--format` | `png` | Image output format: "png" or "jpg". | +| `-n` or `--namespaces` | | Include only clients in these namespaces (comma-separated). | +| `-o` or `--output-path` | | Filename for the image. | +| `--exclude-labels` | | A list of labels that would exclude services from list/export. example: "include=false" | +| `--exclude-services` | | A list of service to exclude from list/export. example: "service1,service2" | + +#### Returns + +Here's the image generated by running `otterize network-mapper visualize -n otterize-ecom-demo -o otterize-ecom-demo.png`: +![graph](https://user-images.githubusercontent.com/29180932/221423644-df8fbba2-dca1-4c56-baeb-f0d0afc55eb1.png) + +`otterize network-mapper export [--format] [-n ,,...] [-o ] [--output-type ]` + +Return the network map built by the network mapper since it started, or since it was reset, +as YAML [client intents file(s)](/reference/intents-and-intents-files/#intents-file-formats) or as JSON file(s). + +#### Options + +| Name | Default | Description | +|------------------------|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `--format` | `yaml` | Specifies the format for the export: either `yaml` or `json`. | +| `-n` or `--namespaces` | | Export only clients in these namespaces (comma-separated). | +| `-o` or `--output` | `STDOUT` | Filename or directory for redirecting the output. | +| `--output-type` | `single-file` | Whether the output should be written as a single file (`single-file`) or as multiple files in a directory (`dir`). Requires the `-o` or `--output` to point to a directory. | +| `--server` | | Export only intents for clients that call this server. The server name must be specified with both service name and namespace, in the format `.`. Example: `cartservice.otterize-ecom-demo`. | +| `--exclude-labels` | | A list of labels that would exclude services from list/export. Example: `include=false` would exclude any service labeled with `include=false` from being included in list/export. | +| `--exclude-services` | | A list of services to exclude from list/export. Example: `service1,service2`. | + +#### Returns + +Here's a partial output from `otterize network-mapper export -n otterize-ecom-demo`: + +```shell +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: cartservice + namespace: otterize-ecom-demo +spec: + service: + name: cartservice + calls: + - name: redis-cart + type: http +--- +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: checkoutservice + namespace: otterize-ecom-demo +spec: + service: + name: checkoutservice + calls: + - name: cartservice + type: http + - name: currencyservice + type: http +``` \ No newline at end of file diff --git a/docs/features/Networking/index.mdx b/docs/features/Networking/index.mdx new file mode 100644 index 000000000..79d3ae993 --- /dev/null +++ b/docs/features/Networking/index.mdx @@ -0,0 +1,44 @@ +--- +sidebar_position: 1 +title: Networking +--- +import DocsLinkCard from "@site/src/components/LinkCard"; + +export const network_access_tutorials = [ + { + title: 'Create and manage network policies', + description: 'Create Kubernetes network policies using IBAC', + url: '/features/Networking/Examples/k8s-network-policies' + }, + { + title: 'Protecting a service with network policies', + description: 'An example on how to secure a single service', + url: '/features/Networking/Examples/protect-1-service-network-policies' + }, + { + title: 'AWS EKS network policies with the VPC CNI', + description: 'Leverage AWS VPC CNI to apply network policies in EKS', + url: '/features/Networking/Examples/aws-eks-cni-mini' + } +]; + +### Overview + +You can use Otterize to understand, visualize, and manage access for Kubernetes networks. Upon installation, Otterize inspects network traffic and builds an in-memory network map of connections. The network map can then be exported or viewed in various ways to understand the connections within your networks. With IBAC-based policies, Otterize becomes a control plane for your K8s networks. Mapped network traffic can autogenerate declarative intent-based access policies to create least privileged pod-to-pod access easily. + +### Visualizing + +After installation, Otterize collects network traffic data in memory, creating a graph of relationships between pod-to-pod and pod-to-public internet traffic. Once the graph is in place, the data can be exported or viewed in various ways. Otterize Cloud users can see and interact with the graph structures within the Otterize application. OSS users can use the CLI tool to export the data into JSON, list the relationship, or generate IBAC policies reflecting the existing traffic. + +To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/Networking/Examples/k8s-network-mapper) + + +### Access Control + +By default, Kubernetes pods allow all egress and ingress traffic. Kubernetes [NetworkPolicies](/reference/terminology#network-policies) provide `policyTypes` to restrict egress or ingress traffic, providing a more secure and compliant environment. Utilizing the in-memory tariff map, Otterize can automatically generate IBAC policies to reflect the current traffic flow within a cluster. Once the IBAC policies are submitted, Otterize will generate and apply the corresponding NetworkPolicies to your namespaces. + +Further details are available within the [Network Policies Deep Dive](/features/Networking/Reference/Network-Policies-Deep-Dive) + +View the tutorials below to learn more about how to get started + + diff --git a/docs/features/Postgres/Overview.mdx b/docs/features/Postgres/Overview.mdx deleted file mode 100644 index 7e4dcc2d8..000000000 --- a/docs/features/Postgres/Overview.mdx +++ /dev/null @@ -1,4 +0,0 @@ ---- -sidebar_position: 1 -title: Overview ---- \ No newline at end of file diff --git a/docs/features/README.mdx b/docs/features/README.mdx index 1513e9df8..e6bf58974 100644 --- a/docs/features/README.mdx +++ b/docs/features/README.mdx @@ -14,6 +14,7 @@ import { export default function FeatureCards() { const category = useCurrentSidebarCategory(); const features = category.items; + console.log(JSON.stringify(features)); return (

Features

@@ -26,8 +27,7 @@ export default function FeatureCards() { {features.map((feature) => (
- {feature.items && feature.items[0] && feature.items[0].href && - + ))}
diff --git a/docs/features/aws-iam/Reference.mdx b/docs/features/aws-iam/Reference.mdx index bfc777d18..62a8acd22 100644 --- a/docs/features/aws-iam/Reference.mdx +++ b/docs/features/aws-iam/Reference.mdx @@ -9,7 +9,7 @@ title: Reference | credentials-operator.otterize.com/create-aws-role | boolean | By setting to **true** the credential operator will create an unique AWS Role for the associated pod | **ClientIntents** (YAML) -| key | sub-ley | type | type | Description | +| key | sub-key | type | type | Description | |-------------|------------|-------|--------|--------------------------------------------------------------| | **service** | name | value | string | The name of the pod that will be granted access | | **calls** | name | list | ARN | The AWS ARN or ARN wildcard that references the resource(s) for the authorization. See [ARN Formats - Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/APIReference/qs-arn-format.html) for more information | diff --git a/docs/features/aws-iam/Overview.mdx b/docs/features/aws-iam/index.mdx similarity index 100% rename from docs/features/aws-iam/Overview.mdx rename to docs/features/aws-iam/index.mdx diff --git a/docs/features/Postgres/Examples/_category_.json b/docs/features/postgresql/Examples/_category_.json similarity index 100% rename from docs/features/Postgres/Examples/_category_.json rename to docs/features/postgresql/Examples/_category_.json diff --git a/docs/features/Postgres/Examples/postgres.mdx b/docs/features/postgresql/Examples/postgres.mdx similarity index 100% rename from docs/features/Postgres/Examples/postgres.mdx rename to docs/features/postgresql/Examples/postgres.mdx diff --git a/docs/features/Postgres/Reference.mdx b/docs/features/postgresql/Reference.mdx similarity index 100% rename from docs/features/Postgres/Reference.mdx rename to docs/features/postgresql/Reference.mdx diff --git a/docs/features/Postgres/_category_.json b/docs/features/postgresql/_category_.json similarity index 100% rename from docs/features/Postgres/_category_.json rename to docs/features/postgresql/_category_.json diff --git a/docs/features/Networking/Overview.mdx b/docs/features/postgresql/index.mdx similarity index 100% rename from docs/features/Networking/Overview.mdx rename to docs/features/postgresql/index.mdx diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index 480851c46..5436707d2 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -21,27 +21,27 @@ export const features = [ { title: 'Network Policies', icon: '/img/icons/networking.png', - url: '/features/Networking/Overview' + url: '/features/networking/' }, { title: 'AWS IAM', icon: '/img/icons/aws.png', - url: '/features/aws-iam/Overview' + url: '/features/aws-iam/' }, { title: 'Kafka', icon: '/img/icons/kafka.png', - url: '/features/kafka/Overview' + url: '/features/kafka/' }, { title: 'PostgreSQL', icon: '/img/icons/postgresql.png', - url: '/features/postgresql/Overview' + url: '/features/postgresql/' }, { title: 'Istio', icon: '/img/icons/istio.png', - url: '/features/istio/Overview' + url: '/features/istio/' }, ]; diff --git a/docs/reference/configuration/intents-operator/README.mdx b/docs/reference/configuration/intents-operator/README.mdx index d8543be88..61e64358a 100644 --- a/docs/reference/configuration/intents-operator/README.mdx +++ b/docs/reference/configuration/intents-operator/README.mdx @@ -78,7 +78,7 @@ it is attempting to read, so the end result is that the topic ACLs determine act ### PostgreSQL users & access The intents operator automatically creates, and updates credentials in PostgreSQL databases according to the declared intents. It works together with the Otterize credentials operator to easily enable secure access to PostgreSQL from client pods, all in your Kubernetes cluster. -Try the [Just-in-time PostgreSQL users & access](https://docs.otterize.com/quickstart/access-control/postgresql) tutorial to learn more. +Try the [Just-in-time PostgreSQL users & access](/features/postgresql/Examples/postgresql) tutorial to learn more. ### Istio AuthorizationPolicy The intents operator automatically creates, updates and deletes Istio authorization policies, automatically looks up service accounts for client pods and labels server pods, to reflect precisely the client-to-server calls declared in client intents files. diff --git a/docusaurus.config.js b/docusaurus.config.js index e5dfddc06..b99c0badf 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -415,6 +415,11 @@ const config = { theme: lightCodeTheme, darkTheme: darkCodeTheme, }, + docs: { + sidebar: { + autoCollapseCategories: true, + }, + }, colorMode: { defaultMode: "light", disableSwitch: true, diff --git a/src/css/custom.css b/src/css/custom.css index 7232bddbf..5a1341d3b 100644 --- a/src/css/custom.css +++ b/src/css/custom.css @@ -23,6 +23,14 @@ --ifm-h1-font-size: 2.5rem; --ifm-code-border-radius: 5px; --docusaurus-highlighted-code-line-bg: rgba(255, 255, 255, 0.2); + --docusaurus-details-decoration-color: #4d3df7; + --ifm-alert-border-color: #4d3df7; + --ifm-alert-background-color-highlight: #4d3df7; + --ifm-alert-background-color: #e9e9ec; + --ifm-color-info-contrast-background: #f5f5f8; + --ifm-alert-padding-vertical: 8px; + --ifm-color-info-dark: #4d3df7; + --ifm-alert-border-radius: 2px; --ifm-navbar-height: 5rem; --ifm-menu-color: #333; From 0ef28f327a217afd75cd48551b8d48b93d7446e9 Mon Sep 17 00:00:00 2001 From: bglynn Date: Mon, 29 Jan 2024 09:58:50 -0800 Subject: [PATCH 05/24] * Kafka Overview / Reference * PosgreSQL Overview / Reference * Istio Overview / Reference --- docs/features/Istio/Reference.mdx | 34 +- docs/features/Istio/index.mdx | 99 +- docs/features/Kafka/Reference.mdx | 50 +- docs/features/Kafka/index.mdx | 130 +- docs/features/Networking/Reference/README.mdx | 26 +- docs/features/Networking/index.mdx | 29 +- docs/features/README.mdx | 2 +- docs/features/aws-iam/Reference.mdx | 35 +- docs/features/aws-iam/index.mdx | 2 +- docs/features/postgresql/Reference.mdx | 30 +- docs/features/postgresql/index.mdx | 98 +- package.json | 3 +- src/css/custom.css | 5 +- yarn.lock | 2337 +++++++++++++---- 14 files changed, 2270 insertions(+), 610 deletions(-) diff --git a/docs/features/Istio/Reference.mdx b/docs/features/Istio/Reference.mdx index 626ea0452..4adb25e10 100644 --- a/docs/features/Istio/Reference.mdx +++ b/docs/features/Istio/Reference.mdx @@ -1,4 +1,36 @@ --- sidebar_position: 3 title: Reference ---- \ No newline at end of file +--- + +### Client Intents (YAML) + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-istio +spec: + service: + name: client + calls: + - name: nginx + type: http + HTTPResources: + - path: /client-path + methods: [ GET ] +``` + + +### Helm Chart Options + +| Key | Description | Default | +|---------------------------------|-----------------------------------------|--------------------------------| +| `istiowatcher.enable` | Enable Istio watcher deployment (beta). | `false` | +| `istiowatcher.image.repository` | Istio watcher image repository. | `otterize` | +| `istiowatcher.image.image` | Istio watcher image. | `network-mapper-istio-watcher` | +| `istiowatcher.image.tag` | Istio watcher image tag. | `latest` | +| `istiowatcher.pullPolicy` | Istio watcher pull policy. | `(none)` | +| `istiowatcher.pullSecrets` | Istio watcher pull secrets. | `(none)` | +| `istiowatcher.resources` | Resources override. | `(none)` | diff --git a/docs/features/Istio/index.mdx b/docs/features/Istio/index.mdx index 7e4dcc2d8..a07d425d9 100644 --- a/docs/features/Istio/index.mdx +++ b/docs/features/Istio/index.mdx @@ -1,4 +1,99 @@ --- sidebar_position: 1 -title: Overview ---- \ No newline at end of file +title: Istio | Overview +hide_title: true +--- + +import DocsLinkCard from "@site/src/components/LinkCard"; + +export const istio_tutorials = [ + { + title: 'Istio AuthorizationPolicy automation', + description: 'Generate AuthorizationPolicy docs from existing connections', + url: '/features/istio/examples/k8s-istio-authorization-policies' + }, + { + title: 'Istio HTTP-level access mapping', + description: 'View the HTTP methods being used across services', + url: '/features/istio/examples/k8s-istio-water' + } +]; + + + +# Istio + +Otterize can map and secure access with Istio HTTP connections across your Kubernetes services. + +### About + +When enabling Istio support, Otterize's network mapping tool can determine which Kubernetes services are connected and which HTTP methods are being used. This graph of connections can then be leveraged to automate IBAC based access policies that result in Istio AuthorizationPolicy(s). + +### How does it work + +1. First, the cluster must have [Otterize installed](/overview/installation). With Istio support enabled by setting the following flag: + +```bash +--set networkMapper.istiowatcher.enable=true +``` + +2. To monitor connections and HTTP methods, we need to enable connection telemetry data within Istio. This can be enabled with the following YAML: + +```yaml +apiVersion: telemetry.istio.io/v1alpha1 +kind: Telemetry +metadata: + name: mesh-default + namespace: istio-system +spec: + # Configure access logging for Istio services + accessLogging: + # Define the access logging provider, in this case, Envoy + - providers: + - name: envoy + metrics: + # Configure metrics collection for Istio services using Prometheus + - providers: + - name: prometheus + # Customize metric tag overrides + overrides: + - tagOverrides: + # Map the "request_method" metric tag to "request.method" value + request_method: + value: request.method + # Map the "request_path" metric tag to "request.path" value + request_path: + value: request.path + +``` + +Once installed, Otterize will query Envoy sidecars for known connections and building an in-memory map of the relationships. After the map is built your can then view those relationships. + +**To Manage Access** + +You simply need to define and apply your intent based access control ([IBAC](/overview/intent-based-access-control)) policies for your services. + +```yaml + +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-istio +spec: + service: + name: client + calls: + - name: server-abc + type: http + HTTPResources: + - path: /client-path + methods: [ GET ] + +``` + +### Tutorials + +For further details about mapping, or access automation, view the tutorials below: + + diff --git a/docs/features/Kafka/Reference.mdx b/docs/features/Kafka/Reference.mdx index 626ea0452..8bbbbdb09 100644 --- a/docs/features/Kafka/Reference.mdx +++ b/docs/features/Kafka/Reference.mdx @@ -1,4 +1,52 @@ --- sidebar_position: 3 title: Reference ---- \ No newline at end of file +--- + +### KafkaServerConfig (YAML) + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: KafkaServerConfig +metadata: + name: kafkaserverconfig + namespace: kafka +spec: + service: + name: kafka #name of the Kafka service broker + addr: kafka.kafka:9092 +``` + +### ClientIntents (YAML) + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-kafka-mtls +spec: + service: + name: client # The service requiring access to a topic + calls: + - name: kafka.kafka # name of the Kafka service broker + type: kafka + kafkaTopics: + - name: mytopic # Topic name + operations: [ produce,describe,consume ] # ACL Operations like alter, delete, all, etc + - name: transactions # Multiple topics can be added + operations: [ produce,describe,consume ] +``` + +### Helm Chart Options + +| Key | Description | Default | +|---------------------------------|-------------------------------------------------------------|--------------------------------| +| `kafkawatcher.enable` | Enable Kafka watcher deployment (beta). | `false` | +| `kafkawatcher.image.repository` | Kafka watcher image repository. | `otterize` | +| `kafkawatcher.image.image` | Kafka watcher image. | `network-mapper-kafka-watcher` | +| `kafkawatcher.image.tag` | Kafka watcher image tag. | `latest` | +| `kafkawatcher.pullPolicy` | Kafka watcher pull policy. | `(none)` | +| `kafkawatcher.pullSecrets` | Kafka watcher pull secrets. | `(none)` | +| `kafkawatcher.resources` | Resources override. | `(none)` | +| `kafkawatcher.kafkaServers` | Kafka servers to watch, specified as `pod.namespace` items. | `(none)` | diff --git a/docs/features/Kafka/index.mdx b/docs/features/Kafka/index.mdx index 7e4dcc2d8..233c9b134 100644 --- a/docs/features/Kafka/index.mdx +++ b/docs/features/Kafka/index.mdx @@ -1,4 +1,130 @@ --- sidebar_position: 1 -title: Overview ---- \ No newline at end of file +title: Kafka +hide_table_of_contents: true +hide_title: true +--- + +import DocsLinkCard from "@site/src/components/LinkCard"; + +export const kafka_tutorials = [ + { + title: 'Kafka topic-level access mapping', + description: 'View Kafka network connections', + url: '/features/Kafka/Examples/k8s-kafka-mapping' + }, + { + title: 'Kafka access automation using Otterize Cloud mTLS', + description: 'Manage access to Kafka topics with Otterize Cloud mTLS', + url: '/features/Kafka/Examples/k8s-kafka-mtls' + }, + { + title: 'Kafka access automation using cert-manager mTLS', + description: 'Manage access to Kafka topics with a cert-manager', + url: '/features/Kafka/Examples/k8s-kafka-mtls-cert-manager' + } +]; + +# Kafka + +Otterize can map and secure access to Kafka Topics from your Kubernetes clusters. + +### About + +By enabling Kafka support, Otterize's network mapping tool can determine which Kubernetes services are connecting to topics and the determine their access privileges. This graph of connections can then be leveraged to automate IBAC based access policies that result in Kakfa ACLs. + +### How does it work + +1. First, the cluster must have [Otterize installed](/overview/installation). With Kakfa support enabled by setting the following flags: + +```bash +--set kafkawatcher.enable=true \ +--set kafkawatcher.kafkaServers={"kafka-0.kafka"} +``` + +Once installed, Otterize will map Kafka connections allowing you to view those relationships, but to manage access we need to: + +2. Configure Otterize to manage Kafka access with a `KafkaServerConfig`. See the example yaml below. + +```bash +kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls/kafkaserverconfig.yaml +``` + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: KafkaServerConfig +metadata: + name: kafkaserverconfig + namespace: kafka +spec: + service: + name: kafka #name of the Kafka service broker + addr: kafka.kafka:9092 +``` + + +3. Once that is complete, the Kafka broker and it's clients require mTLS credentials, which they can receive from Otterize or through a [cert-manager](/features/Kafka/Examples/k8s-kafka-mtls-cert-manager). This requires a annotation to inform Otterize to generate the credentials and volume mount to store them. To orchestrate this, see the example deployment below: + +```yaml +spec: + template: + metadata: + annotations: + # 1. Generate credentials as a secret called "client-credentials-secret": + credentials-operator.otterize.com/tls-secret-name: client-credentials-secret + ... + spec: + volumes: + # 2. Create a volume containing this secret: + - name: otterize-credentials + secret: + secretName: client-credentials-secret + ... + containers: + - name: client + ... + volumeMounts: + # 3. Mount volume into container + - name: otterize-credentials + mountPath: /var/otterize/credentials + readOnly: true +``` + +4. Once the Kafka clients are deployed with the mTLS credentials they should be able to access their associated topics as there's no active enforcement enabled. By applying IBAC ClientIntents we can declare access for our Services. See an example of a Kafka policy. + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-kafka-mtls +spec: + service: + name: client + calls: + - name: kafka.kafka + type: kafka + kafkaTopics: + - name: mytopic + operations: [ produce,describe,consume ] + - name: transactions + operations: [ produce,describe,consume ] +--- +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: kafka + namespace: kafka +spec: + service: + name: kafka + calls: + - name: kafka + - name: kafka-zookeeper +``` +### Tutorials + +For further details about mapping, or access automation, view the tutorials below: + + + diff --git a/docs/features/Networking/Reference/README.mdx b/docs/features/Networking/Reference/README.mdx index f7ad43bcd..4c7ae3fd0 100644 --- a/docs/features/Networking/Reference/README.mdx +++ b/docs/features/Networking/Reference/README.mdx @@ -4,10 +4,9 @@ title: Reference hide_table_of_contents: true --- -## Client Intents +### Client Intents (YAML) -**Example ClientIntent (yaml)** -``` +```yaml apiVersion: k8s.otterize.com/v1alpha3 kind: ClientIntents metadata: @@ -21,7 +20,7 @@ spec: ``` -## Helm Chart Options +### Helm Chart Options | Key | Description | Default | |-----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|---------| @@ -29,29 +28,22 @@ spec: | `operator.autoCreateNetworkPoliciesForExternalTraffic` | (deprecated, use `allowExternalTraffic` instead) Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | | `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | (deprecated, use `allowExternalTraffic` instead) **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | -## Network mapper parameters +### Network mapper parameters All configurable parameters of the network mapper can be configured under the alias `networkMapper`. Further information about network mapper parameters can be found [in the network mapper's chart](https://github.com/otterize/helm-charts/tree/main/network-mapper). -## CLI: Network mapper +### CLI: Network mapper commands All `otterize network-mapper` commands share a set of optional flags which will not be repeated in the documentation for each command. -#### Common options - -| Name | Default | Description | -|-------------------------|---------------------------|-----------------------------------------------------------------| -| `--mapper-namespace` | `otterize-system` | Specifies the namespace where the mapper service was installed. | -| `--mapper-service-name` | `otterize-network-mapper` | Specifies the name of the mapper service as it was installed. | -| `--mapper-service-name` | `otterize-service-port` | Specifies the port on which the mapper service is listening. | - - `otterize network-mapper reset` Resets the network mapper by deleting all map information built up so far in memory. +--- + `otterize network-mapper list [-n ,,...]` Return the network map built by the network mapper since it started, or since it was reset, @@ -90,7 +82,7 @@ loadgenerator in namespace otterize-ecom-demo calls: recommendationservice in namespace otterize-ecom-demo calls: - productcatalogservice ``` - +--- `otterize network-mapper visualize [--format=png | --format=jpg] [-n ,,...] -o ` Return the network map built by the network mapper since it started, or since it was reset, as an image. @@ -112,6 +104,8 @@ Uses GraphViz (specifically go-graphviz) to generate the image. Here's the image generated by running `otterize network-mapper visualize -n otterize-ecom-demo -o otterize-ecom-demo.png`: ![graph](https://user-images.githubusercontent.com/29180932/221423644-df8fbba2-dca1-4c56-baeb-f0d0afc55eb1.png) +--- + `otterize network-mapper export [--format] [-n ,,...] [-o ] [--output-type ]` Return the network map built by the network mapper since it started, or since it was reset, diff --git a/docs/features/Networking/index.mdx b/docs/features/Networking/index.mdx index 79d3ae993..7dcc80a9b 100644 --- a/docs/features/Networking/index.mdx +++ b/docs/features/Networking/index.mdx @@ -1,6 +1,7 @@ --- sidebar_position: 1 title: Networking +hide_title: true --- import DocsLinkCard from "@site/src/components/LinkCard"; @@ -22,8 +23,9 @@ export const network_access_tutorials = [ } ]; -### Overview +# Networking +### About You can use Otterize to understand, visualize, and manage access for Kubernetes networks. Upon installation, Otterize inspects network traffic and builds an in-memory network map of connections. The network map can then be exported or viewed in various ways to understand the connections within your networks. With IBAC-based policies, Otterize becomes a control plane for your K8s networks. Mapped network traffic can autogenerate declarative intent-based access policies to create least privileged pod-to-pod access easily. ### Visualizing @@ -39,6 +41,27 @@ By default, Kubernetes pods allow all egress and ingress traffic. Kubernetes [Ne Further details are available within the [Network Policies Deep Dive](/features/Networking/Reference/Network-Policies-Deep-Dive) -View the tutorials below to learn more about how to get started +```yaml - +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-istio +spec: + service: + name: client + calls: + - name: nginx + type: http + HTTPResources: + - path: /client-path + methods: [ GET ] + +``` + +### Tutorials + +View the tutorials below to learn more about how to get started: + + diff --git a/docs/features/README.mdx b/docs/features/README.mdx index e6bf58974..28c41d948 100644 --- a/docs/features/README.mdx +++ b/docs/features/README.mdx @@ -26,7 +26,7 @@ export default function FeatureCards() {
{features.map((feature) => (
+ className="tw-col-span-1 tw-flex tw-flex-col tw-divide-y tw-divide-gray-200 tw-rounded-lg tw-border tw-border-solid tw-border-primary-500 tw-bg-white tw-text-center tw-border-1 tw-border-primary-400 tw-border-solid hover:tw-border-primary-600 hover:tw-shadow-md">
+ diff --git a/package.json b/package.json index d1c852a70..d2beb76e9 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,8 @@ "heroicons": "^2.1.1", "prism-react-renderer": "^1.3.5", "react": "^17.0.2", - "react-dom": "^17.0.2" + "react-dom": "^17.0.2", + "vercel": "^33.4.0" }, "devDependencies": { "@docusaurus/module-type-aliases": "^2.4.3", diff --git a/src/css/custom.css b/src/css/custom.css index 5a1341d3b..403a55a7b 100644 --- a/src/css/custom.css +++ b/src/css/custom.css @@ -18,7 +18,7 @@ --ifm-color-primary-lighter: #377fad; --ifm-color-primary-lightest: #408fc2; --ifm-code-font-size: 85%; - --ifm-font-size-base: 0.9rem; + --ifm-font-size-base: 0.85rem; --ifm-font-weight-base: 400; --ifm-h1-font-size: 2.5rem; --ifm-code-border-radius: 5px; @@ -33,7 +33,8 @@ --ifm-alert-border-radius: 2px; --ifm-navbar-height: 5rem; - --ifm-menu-color: #333; + --ifm-menu-color: rgb(28, 30, 33); + --ifm-footer-background-color: white; --ifm-footer-color: white; diff --git a/yarn.lock b/yarn.lock index 199721d77..dd4fda918 100644 --- a/yarn.lock +++ b/yarn.lock @@ -84,7 +84,7 @@ "@algolia/requester-common" "4.20.0" "@algolia/transporter" "4.20.0" -"@algolia/client-search@4.20.0": +"@algolia/client-search@>= 4.9.1 < 6", "@algolia/client-search@4.20.0": version "4.20.0" resolved "https://registry.npmjs.org/@algolia/client-search/-/client-search-4.20.0.tgz" integrity sha512-zgwqnMvhWLdpzKTpd3sGmMlr4c+iS7eyyLGiaO51zDZWGMkpgoNVmltkzdBwxOVXz0RsFMznIxB9zuarUv4TZg== @@ -145,26 +145,47 @@ "@ampproject/remapping@^2.2.0": version "2.2.1" - resolved "https://registry.yarnpkg.com/@ampproject/remapping/-/remapping-2.2.1.tgz#99e8e11851128b8702cd57c33684f1d0f260b630" + resolved "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.1.tgz" integrity sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg== dependencies: "@jridgewell/gen-mapping" "^0.3.0" "@jridgewell/trace-mapping" "^0.3.9" -"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.16.0", "@babel/code-frame@^7.22.13", "@babel/code-frame@^7.8.3": - version "7.22.13" - resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.22.13.tgz#e3c1c099402598483b7a8c46a721d1038803755e" - integrity sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w== +"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.16.0", "@babel/code-frame@^7.23.5", "@babel/code-frame@^7.8.3": + version "7.23.5" + resolved "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.23.5.tgz" + integrity sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA== dependencies: - "@babel/highlight" "^7.22.13" + "@babel/highlight" "^7.23.4" chalk "^2.4.2" -"@babel/compat-data@^7.22.6", "@babel/compat-data@^7.22.9", "@babel/compat-data@^7.23.2": - version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.23.2.tgz#6a12ced93455827037bfb5ed8492820d60fc32cc" - integrity sha512-0S9TQMmDHlqAZ2ITT95irXKfxN9bncq8ZCoJhun3nHL/lLUxd2NKBJYoNGWH7S0hz6fRQwWlAWn/ILM0C70KZQ== +"@babel/compat-data@^7.22.6", "@babel/compat-data@^7.22.9", "@babel/compat-data@^7.23.2", "@babel/compat-data@^7.23.5": + version "7.23.5" + resolved "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.23.5.tgz" + integrity sha512-uU27kfDRlhfKl+w1U6vp16IuvSLtjAxdArVXPa9BvLkrr7CYIsxH5adpHObeAGY/41+syctUWOZ140a2Rvkgjw== + +"@babel/core@^7.0.0", "@babel/core@^7.0.0-0", "@babel/core@^7.0.0-0 || ^8.0.0-0 <8.0.0", "@babel/core@^7.12.0", "@babel/core@^7.13.0", "@babel/core@^7.18.6", "@babel/core@^7.19.6", "@babel/core@^7.4.0 || ^8.0.0-0 <8.0.0": + version "7.23.9" + resolved "https://registry.npmjs.org/@babel/core/-/core-7.23.9.tgz" + integrity sha512-5q0175NOjddqpvvzU+kDiSOAk4PfdO6FvwCWoQ6RO7rTzEe8vlo+4HVfcnAREhD4npMs0e9uZypjTwzZPCf/cw== + dependencies: + "@ampproject/remapping" "^2.2.0" + "@babel/code-frame" "^7.23.5" + "@babel/generator" "^7.23.6" + "@babel/helper-compilation-targets" "^7.23.6" + "@babel/helper-module-transforms" "^7.23.3" + "@babel/helpers" "^7.23.9" + "@babel/parser" "^7.23.9" + "@babel/template" "^7.23.9" + "@babel/traverse" "^7.23.9" + "@babel/types" "^7.23.9" + convert-source-map "^2.0.0" + debug "^4.1.0" + gensync "^1.0.0-beta.2" + json5 "^2.2.3" + semver "^6.3.1" -"@babel/core@7.12.9": +"@babel/core@^7.11.6", "@babel/core@7.12.9": version "7.12.9" resolved "https://registry.npmjs.org/@babel/core/-/core-7.12.9.tgz" integrity sha512-gTXYh3M5wb7FRXQy+FErKFAv90BnlOuNn1QkCK2lREoPAjrQCO49+HVSrFoe5uakFAF5eenS75KbO2vQiLrTMQ== @@ -186,65 +207,44 @@ semver "^5.4.1" source-map "^0.5.0" -"@babel/core@^7.18.6", "@babel/core@^7.19.6": - version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.23.2.tgz#ed10df0d580fff67c5f3ee70fd22e2e4c90a9f94" - integrity sha512-n7s51eWdaWZ3vGT2tD4T7J6eJs3QoBXydv7vkUM06Bf1cbVD2Kc2UrkzhiQwobfV7NwOnQXYL7UBJ5VPU+RGoQ== - dependencies: - "@ampproject/remapping" "^2.2.0" - "@babel/code-frame" "^7.22.13" - "@babel/generator" "^7.23.0" - "@babel/helper-compilation-targets" "^7.22.15" - "@babel/helper-module-transforms" "^7.23.0" - "@babel/helpers" "^7.23.2" - "@babel/parser" "^7.23.0" - "@babel/template" "^7.22.15" - "@babel/traverse" "^7.23.2" - "@babel/types" "^7.23.0" - convert-source-map "^2.0.0" - debug "^4.1.0" - gensync "^1.0.0-beta.2" - json5 "^2.2.3" - semver "^6.3.1" - -"@babel/generator@^7.12.5", "@babel/generator@^7.18.7", "@babel/generator@^7.23.0": - version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.23.0.tgz#df5c386e2218be505b34837acbcb874d7a983420" - integrity sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g== +"@babel/generator@^7.12.5", "@babel/generator@^7.18.7", "@babel/generator@^7.23.6": + version "7.23.6" + resolved "https://registry.npmjs.org/@babel/generator/-/generator-7.23.6.tgz" + integrity sha512-qrSfCYxYQB5owCmGLbl8XRpX1ytXlpueOb0N0UmQwA073KZxejgQTzAmJezxvpwQD9uGtK2shHdi55QT+MbjIw== dependencies: - "@babel/types" "^7.23.0" + "@babel/types" "^7.23.6" "@jridgewell/gen-mapping" "^0.3.2" "@jridgewell/trace-mapping" "^0.3.17" jsesc "^2.5.1" "@babel/helper-annotate-as-pure@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.22.5.tgz#e7f06737b197d580a01edf75d97e2c8be99d3882" + resolved "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.22.5.tgz" integrity sha512-LvBTxu8bQSQkcyKOU+a1btnNFQ1dMAd0R6PyW3arXes06F6QLWLIrd681bxRPIXlrMGR3XYnW9JyML7dP3qgxg== dependencies: "@babel/types" "^7.22.5" "@babel/helper-builder-binary-assignment-operator-visitor@^7.22.5": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.22.15.tgz#5426b109cf3ad47b91120f8328d8ab1be8b0b956" + resolved "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.22.15.tgz" integrity sha512-QkBXwGgaoC2GtGZRoma6kv7Szfv06khvhFav67ZExau2RaXzy8MpHSMO2PNoP2XtmQphJQRHFfg77Bq731Yizw== dependencies: "@babel/types" "^7.22.15" -"@babel/helper-compilation-targets@^7.22.15", "@babel/helper-compilation-targets@^7.22.5", "@babel/helper-compilation-targets@^7.22.6": - version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.22.15.tgz#0698fc44551a26cf29f18d4662d5bf545a6cfc52" - integrity sha512-y6EEzULok0Qvz8yyLkCvVX+02ic+By2UdOhylwUOvOn9dvYc9mKICJuuU1n1XBI02YWsNsnrY1kc6DVbjcXbtw== +"@babel/helper-compilation-targets@^7.22.15", "@babel/helper-compilation-targets@^7.22.5", "@babel/helper-compilation-targets@^7.22.6", "@babel/helper-compilation-targets@^7.23.6": + version "7.23.6" + resolved "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz" + integrity sha512-9JB548GZoQVmzrFgp8o7KxdgkTGm6xs9DW0o/Pim72UDjzr5ObUQ6ZzYPqA+g9OTS2bBQoctLJrky0RDCAWRgQ== dependencies: - "@babel/compat-data" "^7.22.9" - "@babel/helper-validator-option" "^7.22.15" - browserslist "^4.21.9" + "@babel/compat-data" "^7.23.5" + "@babel/helper-validator-option" "^7.23.5" + browserslist "^4.22.2" lru-cache "^5.1.1" semver "^6.3.1" "@babel/helper-create-class-features-plugin@^7.22.11", "@babel/helper-create-class-features-plugin@^7.22.15", "@babel/helper-create-class-features-plugin@^7.22.5": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.22.15.tgz#97a61b385e57fe458496fad19f8e63b63c867de4" + resolved "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.22.15.tgz" integrity sha512-jKkwA59IXcvSaiK2UN45kKwSC9o+KuoXsBDvHvU/7BecYIp8GQ2UwrVvFgJASUT+hBnwJx6MhvMCuMzwZZ7jlg== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -259,7 +259,7 @@ "@babel/helper-create-regexp-features-plugin@^7.18.6", "@babel/helper-create-regexp-features-plugin@^7.22.5": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.15.tgz#5ee90093914ea09639b01c711db0d6775e558be1" + resolved "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.15.tgz" integrity sha512-29FkPLFjn4TPEa3RE7GpW+qbE8tlsu3jntNYNfcGsc49LphF1PQIiD+vMZ1z1xVOKt+93khA9tc2JBs3kBjA7w== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -268,7 +268,7 @@ "@babel/helper-define-polyfill-provider@^0.4.3": version "0.4.3" - resolved "https://registry.yarnpkg.com/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.3.tgz#a71c10f7146d809f4a256c373f462d9bba8cf6ba" + resolved "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.3.tgz" integrity sha512-WBrLmuPP47n7PNwsZ57pqam6G/RGo1vw/87b0Blc53tZNGZ4x7YvZ6HgQe2vo1W/FR20OgjeZuGXzudPiXHFug== dependencies: "@babel/helper-compilation-targets" "^7.22.6" @@ -279,12 +279,12 @@ "@babel/helper-environment-visitor@^7.22.20", "@babel/helper-environment-visitor@^7.22.5": version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz#96159db61d34a29dba454c959f5ae4a649ba9167" + resolved "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz" integrity sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA== "@babel/helper-function-name@^7.22.5", "@babel/helper-function-name@^7.23.0": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz#1f9a3cdbd5b2698a670c30d2735f9af95ed52759" + resolved "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz" integrity sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw== dependencies: "@babel/template" "^7.22.15" @@ -292,29 +292,29 @@ "@babel/helper-hoist-variables@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz#c01a007dac05c085914e8fb652b339db50d823bb" + resolved "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz" integrity sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw== dependencies: "@babel/types" "^7.22.5" "@babel/helper-member-expression-to-functions@^7.22.15": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.23.0.tgz#9263e88cc5e41d39ec18c9a3e0eced59a3e7d366" + resolved "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.23.0.tgz" integrity sha512-6gfrPwh7OuT6gZyJZvd6WbTfrqAo7vm4xCzAXOusKqq/vWdKXphTpj5klHKNmRUU6/QRGlBsyU9mAIPaWHlqJA== dependencies: "@babel/types" "^7.23.0" "@babel/helper-module-imports@^7.22.15", "@babel/helper-module-imports@^7.22.5": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.22.15.tgz#16146307acdc40cc00c3b2c647713076464bdbf0" + resolved "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.22.15.tgz" integrity sha512-0pYVBnDKZO2fnSPCrgM/6WMc7eS20Fbok+0r88fp+YtWVLZrp4CkafFGIp+W0VKw4a22sgebPT99y+FDNMdP4w== dependencies: "@babel/types" "^7.22.15" -"@babel/helper-module-transforms@^7.12.1", "@babel/helper-module-transforms@^7.22.5", "@babel/helper-module-transforms@^7.23.0": - version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.23.0.tgz#3ec246457f6c842c0aee62a01f60739906f7047e" - integrity sha512-WhDWw1tdrlT0gMgUJSlX0IQvoO1eN279zrAUbVB+KpV2c3Tylz8+GnKOLllCS6Z/iZQEyVYxhZVUdPTqs2YYPw== +"@babel/helper-module-transforms@^7.12.1", "@babel/helper-module-transforms@^7.22.5", "@babel/helper-module-transforms@^7.23.0", "@babel/helper-module-transforms@^7.23.3": + version "7.23.3" + resolved "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz" + integrity sha512-7bBs4ED9OmswdfDzpz4MpWgSrV7FXlc3zIagvLFjS5H+Mk7Snr21vQ6QwrsoCGMfNC4e4LQPdoULEt4ykz0SRQ== dependencies: "@babel/helper-environment-visitor" "^7.22.20" "@babel/helper-module-imports" "^7.22.15" @@ -324,24 +324,24 @@ "@babel/helper-optimise-call-expression@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.22.5.tgz#f21531a9ccbff644fdd156b4077c16ff0c3f609e" + resolved "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.22.5.tgz" integrity sha512-HBwaojN0xFRx4yIvpwGqxiV2tUfl7401jlok564NgB9EHS1y6QT17FmKWm4ztqjeVdXLuC4fSvHc5ePpQjoTbw== dependencies: "@babel/types" "^7.22.5" +"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3": + version "7.22.5" + resolved "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.22.5.tgz" + integrity sha512-uLls06UVKgFG9QD4OeFYLEGteMIAa5kpTPcFL28yuCIIzsf6ZyKZMllKVOCZFhiZ5ptnwX4mtKdWCBE/uT4amg== + "@babel/helper-plugin-utils@7.10.4": version "7.10.4" resolved "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz" integrity sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg== -"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.22.5.tgz#dd7ee3735e8a313b9f7b05a773d892e88e6d7295" - integrity sha512-uLls06UVKgFG9QD4OeFYLEGteMIAa5kpTPcFL28yuCIIzsf6ZyKZMllKVOCZFhiZ5ptnwX4mtKdWCBE/uT4amg== - "@babel/helper-remap-async-to-generator@^7.22.20", "@babel/helper-remap-async-to-generator@^7.22.5": version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.22.20.tgz#7b68e1cb4fa964d2996fd063723fb48eca8498e0" + resolved "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.22.20.tgz" integrity sha512-pBGyV4uBqOns+0UvhsTO8qgl8hO89PmiDYv+/COyp1aeMcmfrfruz+/nCMFiYyFF/Knn0yfrC85ZzNFjembFTw== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -350,7 +350,7 @@ "@babel/helper-replace-supers@^7.22.5", "@babel/helper-replace-supers@^7.22.9": version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.22.20.tgz#e37d367123ca98fe455a9887734ed2e16eb7a793" + resolved "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.22.20.tgz" integrity sha512-qsW0In3dbwQUbK8kejJ4R7IHVGwHJlV6lpG6UA7a9hSa2YEiAib+N1T2kr6PEeUT+Fl7najmSOS6SmAwCHK6Tw== dependencies: "@babel/helper-environment-visitor" "^7.22.20" @@ -359,82 +359,82 @@ "@babel/helper-simple-access@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz#4938357dc7d782b80ed6dbb03a0fba3d22b1d5de" + resolved "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz" integrity sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w== dependencies: "@babel/types" "^7.22.5" "@babel/helper-skip-transparent-expression-wrappers@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.22.5.tgz#007f15240b5751c537c40e77abb4e89eeaaa8847" + resolved "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.22.5.tgz" integrity sha512-tK14r66JZKiC43p8Ki33yLBVJKlQDFoA8GYN67lWCDCqoL6EMMSuM9b+Iff2jHaM/RRFYl7K+iiru7hbRqNx8Q== dependencies: "@babel/types" "^7.22.5" "@babel/helper-split-export-declaration@^7.22.6": version "7.22.6" - resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz#322c61b7310c0997fe4c323955667f18fcefb91c" + resolved "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz" integrity sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g== dependencies: "@babel/types" "^7.22.5" -"@babel/helper-string-parser@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz#533f36457a25814cf1df6488523ad547d784a99f" - integrity sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw== +"@babel/helper-string-parser@^7.23.4": + version "7.23.4" + resolved "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz" + integrity sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ== "@babel/helper-validator-identifier@^7.22.20": version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz#c4ae002c61d2879e724581d96665583dbc1dc0e0" + resolved "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz" integrity sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A== -"@babel/helper-validator-option@^7.22.15": - version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.22.15.tgz#694c30dfa1d09a6534cdfcafbe56789d36aba040" - integrity sha512-bMn7RmyFjY/mdECUbgn9eoSY4vqvacUnS9i9vGAGttgFWesO6B4CYWA7XlpbWgBt71iv/hfbPlynohStqnu5hA== +"@babel/helper-validator-option@^7.22.15", "@babel/helper-validator-option@^7.23.5": + version "7.23.5" + resolved "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz" + integrity sha512-85ttAOMLsr53VgXkTbkx8oA6YTfT4q7/HzXSLEYmjcSTJPMPQtvq1BD79Byep5xMUYbGRzEpDsjUf3dyp54IKw== "@babel/helper-wrap-function@^7.22.20": version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.22.20.tgz#15352b0b9bfb10fc9c76f79f6342c00e3411a569" + resolved "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.22.20.tgz" integrity sha512-pms/UwkOpnQe/PDAEdV/d7dVCoBbB+R4FvYoHGZz+4VPcg7RtYy2KP7S2lbuWM6FCSgob5wshfGESbC/hzNXZw== dependencies: "@babel/helper-function-name" "^7.22.5" "@babel/template" "^7.22.15" "@babel/types" "^7.22.19" -"@babel/helpers@^7.12.5", "@babel/helpers@^7.23.2": - version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.23.2.tgz#2832549a6e37d484286e15ba36a5330483cac767" - integrity sha512-lzchcp8SjTSVe/fPmLwtWVBFC7+Tbn8LGHDVfDp9JGxpAY5opSaEFgt8UQvrnECWOTdji2mOWMz1rOhkHscmGQ== +"@babel/helpers@^7.12.5", "@babel/helpers@^7.23.9": + version "7.23.9" + resolved "https://registry.npmjs.org/@babel/helpers/-/helpers-7.23.9.tgz" + integrity sha512-87ICKgU5t5SzOT7sBMfCOZQ2rHjRU+Pcb9BoILMYz600W6DkVRLFBPwQ18gwUVvggqXivaUakpnxWQGbpywbBQ== dependencies: - "@babel/template" "^7.22.15" - "@babel/traverse" "^7.23.2" - "@babel/types" "^7.23.0" + "@babel/template" "^7.23.9" + "@babel/traverse" "^7.23.9" + "@babel/types" "^7.23.9" -"@babel/highlight@^7.22.13": - version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.22.20.tgz#4ca92b71d80554b01427815e06f2df965b9c1f54" - integrity sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg== +"@babel/highlight@^7.23.4": + version "7.23.4" + resolved "https://registry.npmjs.org/@babel/highlight/-/highlight-7.23.4.tgz" + integrity sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A== dependencies: "@babel/helper-validator-identifier" "^7.22.20" chalk "^2.4.2" js-tokens "^4.0.0" -"@babel/parser@^7.12.7", "@babel/parser@^7.18.8", "@babel/parser@^7.22.15", "@babel/parser@^7.23.0": - version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.23.0.tgz#da950e622420bf96ca0d0f2909cdddac3acd8719" - integrity sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw== +"@babel/parser@^7.12.7", "@babel/parser@^7.18.8", "@babel/parser@^7.23.9": + version "7.23.9" + resolved "https://registry.npmjs.org/@babel/parser/-/parser-7.23.9.tgz" + integrity sha512-9tcKgqKbs3xGJ+NtKF2ndOBBLVwPjl1SHxPQkd36r3Dlirw3xWUeGaTbqr7uGZcTaxkVNwc+03SVP7aCdWrTlA== "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.22.15": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.22.15.tgz#02dc8a03f613ed5fdc29fb2f728397c78146c962" + resolved "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.22.15.tgz" integrity sha512-FB9iYlz7rURmRJyXRKEnalYPPdn87H5no108cyuQQyMwlpJ2SJtpIUBI27kdTin956pz+LPypkPVPUTlxOmrsg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.22.15": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.22.15.tgz#2aeb91d337d4e1a1e7ce85b76a37f5301781200f" + resolved "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.22.15.tgz" integrity sha512-Hyph9LseGvAeeXzikV88bczhsrLrIZqDPxO+sSmAunMPaGrBGhfMWzCPYTtiW9t+HzSE2wtV8e5cc5P6r1xMDQ== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -452,7 +452,7 @@ "@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2": version "7.21.0-placeholder-for-preset-env.2" - resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz#7844f9289546efa9febac2de4cfe358a050bd703" + resolved "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz" integrity sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w== "@babel/plugin-syntax-async-generators@^7.8.4": @@ -492,21 +492,21 @@ "@babel/plugin-syntax-import-assertions@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.22.5.tgz#07d252e2aa0bc6125567f742cd58619cb14dce98" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.22.5.tgz" integrity sha512-rdV97N7KqsRzeNGoWUOK6yUsWarLjE5Su/Snk9IYPU9CwkWHs4t+rTGOvffTR8XGkJMTAdLfO0xVnXm8wugIJg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-syntax-import-attributes@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.22.5.tgz#ab840248d834410b829f569f5262b9e517555ecb" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.22.5.tgz" integrity sha512-KwvoWDeNKPETmozyFE0P2rOLqh39EoQHNjqizrI5B8Vt0ZNS7M56s7dAiAqbYfiAYOuIzIh96z3iR2ktgu3tEg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-syntax-import-meta@^7.10.4": version "7.10.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz#ee601348c370fa334d2207be158777496521fd51" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz" integrity sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g== dependencies: "@babel/helper-plugin-utils" "^7.10.4" @@ -518,6 +518,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.8.0" +"@babel/plugin-syntax-jsx@^7.22.5": + version "7.22.5" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.22.5.tgz" + integrity sha512-gvyP4hZrgrs/wWMaocvxZ44Hw0b3W8Pe+cMxc8V1ULQ07oh8VNbIRaoD1LRZVTvD+0nieDKjfgKg89sD7rrKrg== + dependencies: + "@babel/helper-plugin-utils" "^7.22.5" + "@babel/plugin-syntax-jsx@7.12.1": version "7.12.1" resolved "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.12.1.tgz" @@ -525,13 +532,6 @@ dependencies: "@babel/helper-plugin-utils" "^7.10.4" -"@babel/plugin-syntax-jsx@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.22.5.tgz#a6b68e84fb76e759fc3b93e901876ffabbe1d918" - integrity sha512-gvyP4hZrgrs/wWMaocvxZ44Hw0b3W8Pe+cMxc8V1ULQ07oh8VNbIRaoD1LRZVTvD+0nieDKjfgKg89sD7rrKrg== - dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-logical-assignment-operators@^7.10.4": version "7.10.4" resolved "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz" @@ -553,7 +553,7 @@ dependencies: "@babel/helper-plugin-utils" "^7.10.4" -"@babel/plugin-syntax-object-rest-spread@7.8.3", "@babel/plugin-syntax-object-rest-spread@^7.8.0", "@babel/plugin-syntax-object-rest-spread@^7.8.3": +"@babel/plugin-syntax-object-rest-spread@^7.8.0", "@babel/plugin-syntax-object-rest-spread@^7.8.3", "@babel/plugin-syntax-object-rest-spread@7.8.3": version "7.8.3" resolved "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz" integrity sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA== @@ -590,14 +590,14 @@ "@babel/plugin-syntax-typescript@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.22.5.tgz#aac8d383b062c5072c647a31ef990c1d0af90272" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.22.5.tgz" integrity sha512-1mS2o03i7t1c6VzH6fdQ3OA8tcEIxwG18zIPRp+UY1Ihv6W+XZzBCVxExF9upussPXJ0xE9XRHwMoNs1ep/nRQ== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-syntax-unicode-sets-regex@^7.18.6": version "7.18.6" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz#d49a3b3e6b52e5be6740022317580234a6a47357" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz" integrity sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.18.6" @@ -605,14 +605,14 @@ "@babel/plugin-transform-arrow-functions@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.22.5.tgz#e5ba566d0c58a5b2ba2a8b795450641950b71958" + resolved "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.22.5.tgz" integrity sha512-26lTNXoVRdAnsaDXPpvCNUq+OVWEVC6bx7Vvz9rC53F2bagUWW4u4ii2+h8Fejfh7RYqPxn+libeFBBck9muEw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-async-generator-functions@^7.23.2": version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.23.2.tgz#054afe290d64c6f576f371ccc321772c8ea87ebb" + resolved "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.23.2.tgz" integrity sha512-BBYVGxbDVHfoeXbOwcagAkOQAm9NxoTdMGfTqghu1GrvadSaw6iW3Je6IcL5PNOw8VwjxqBECXy50/iCQSY/lQ== dependencies: "@babel/helper-environment-visitor" "^7.22.20" @@ -622,7 +622,7 @@ "@babel/plugin-transform-async-to-generator@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.22.5.tgz#c7a85f44e46f8952f6d27fe57c2ed3cc084c3775" + resolved "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.22.5.tgz" integrity sha512-b1A8D8ZzE/VhNDoV1MSJTnpKkCG5bJo+19R4o4oy03zM7ws8yEMK755j61Dc3EyvdysbqH5BOOTquJ7ZX9C6vQ== dependencies: "@babel/helper-module-imports" "^7.22.5" @@ -631,21 +631,21 @@ "@babel/plugin-transform-block-scoped-functions@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.22.5.tgz#27978075bfaeb9fa586d3cb63a3d30c1de580024" + resolved "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.22.5.tgz" integrity sha512-tdXZ2UdknEKQWKJP1KMNmuF5Lx3MymtMN/pvA+p/VEkhK8jVcQ1fzSy8KM9qRYhAf2/lV33hoMPKI/xaI9sADA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-block-scoping@^7.23.0": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.23.0.tgz#8744d02c6c264d82e1a4bc5d2d501fd8aff6f022" + resolved "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.23.0.tgz" integrity sha512-cOsrbmIOXmf+5YbL99/S49Y3j46k/T16b9ml8bm9lP6N9US5iQ2yBK7gpui1pg0V/WMcXdkfKbTb7HXq9u+v4g== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-class-properties@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.22.5.tgz#97a56e31ad8c9dc06a0b3710ce7803d5a48cca77" + resolved "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.22.5.tgz" integrity sha512-nDkQ0NfkOhPTq8YCLiWNxp1+f9fCobEjCb0n8WdbNUBc4IB5V7P1QnX9IjpSoquKrXF5SKojHleVNs2vGeHCHQ== dependencies: "@babel/helper-create-class-features-plugin" "^7.22.5" @@ -653,7 +653,7 @@ "@babel/plugin-transform-class-static-block@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.22.11.tgz#dc8cc6e498f55692ac6b4b89e56d87cec766c974" + resolved "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.22.11.tgz" integrity sha512-GMM8gGmqI7guS/llMFk1bJDkKfn3v3C4KHK9Yg1ey5qcHcOlKb0QvcMrgzvxo+T03/4szNh5lghY+fEC98Kq9g== dependencies: "@babel/helper-create-class-features-plugin" "^7.22.11" @@ -662,7 +662,7 @@ "@babel/plugin-transform-classes@^7.22.15": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.22.15.tgz#aaf4753aee262a232bbc95451b4bdf9599c65a0b" + resolved "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.22.15.tgz" integrity sha512-VbbC3PGjBdE0wAWDdHM9G8Gm977pnYI0XpqMd6LrKISj8/DJXEsWqgRuTYaNE9Bv0JGhTZUzHDlMk18IpOuoqw== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -677,7 +677,7 @@ "@babel/plugin-transform-computed-properties@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.22.5.tgz#cd1e994bf9f316bd1c2dafcd02063ec261bb3869" + resolved "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.22.5.tgz" integrity sha512-4GHWBgRf0krxPX+AaPtgBAlTgTeZmqDynokHOX7aqqAB4tHs3U2Y02zH6ETFdLZGcg9UQSD1WCmkVrE9ErHeOg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -685,14 +685,14 @@ "@babel/plugin-transform-destructuring@^7.23.0": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.23.0.tgz#6447aa686be48b32eaf65a73e0e2c0bd010a266c" + resolved "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.23.0.tgz" integrity sha512-vaMdgNXFkYrB+8lbgniSYWHsgqK5gjaMNcc84bMIOMRLH0L9AqYq3hwMdvnyqj1OPqea8UtjPEuS/DCenah1wg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-dotall-regex@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.22.5.tgz#dbb4f0e45766eb544e193fb00e65a1dd3b2a4165" + resolved "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.22.5.tgz" integrity sha512-5/Yk9QxCQCl+sOIB1WelKnVRxTJDSAIxtJLL2/pqL14ZVlbH0fUQUZa/T5/UnQtBNgghR7mfB8ERBKyKPCi7Vw== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.22.5" @@ -700,14 +700,14 @@ "@babel/plugin-transform-duplicate-keys@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.22.5.tgz#b6e6428d9416f5f0bba19c70d1e6e7e0b88ab285" + resolved "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.22.5.tgz" integrity sha512-dEnYD+9BBgld5VBXHnF/DbYGp3fqGMsyxKbtD1mDyIA7AkTSpKXFhCVuj/oQVOoALfBs77DudA0BE4d5mcpmqw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-dynamic-import@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.22.11.tgz#2c7722d2a5c01839eaf31518c6ff96d408e447aa" + resolved "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.22.11.tgz" integrity sha512-g/21plo58sfteWjaO0ZNVb+uEOkJNjAaHhbejrnBmu011l/eNDScmkbjCC3l4FKb10ViaGU4aOkFznSu2zRHgA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -715,7 +715,7 @@ "@babel/plugin-transform-exponentiation-operator@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.22.5.tgz#402432ad544a1f9a480da865fda26be653e48f6a" + resolved "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.22.5.tgz" integrity sha512-vIpJFNM/FjZ4rh1myqIya9jXwrwwgFRHPjT3DkUA9ZLHuzox8jiXkOLvwm1H+PQIP3CqfC++WPKeuDi0Sjdj1g== dependencies: "@babel/helper-builder-binary-assignment-operator-visitor" "^7.22.5" @@ -723,7 +723,7 @@ "@babel/plugin-transform-export-namespace-from@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.22.11.tgz#b3c84c8f19880b6c7440108f8929caf6056db26c" + resolved "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.22.11.tgz" integrity sha512-xa7aad7q7OiT8oNZ1mU7NrISjlSkVdMbNxn9IuLZyL9AJEhs1Apba3I+u5riX1dIkdptP5EKDG5XDPByWxtehw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -731,14 +731,14 @@ "@babel/plugin-transform-for-of@^7.22.15": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.22.15.tgz#f64b4ccc3a4f131a996388fae7680b472b306b29" + resolved "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.22.15.tgz" integrity sha512-me6VGeHsx30+xh9fbDLLPi0J1HzmeIIyenoOQHuw2D4m2SAU3NrspX5XxJLBpqn5yrLzrlw2Iy3RA//Bx27iOA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-function-name@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.22.5.tgz#935189af68b01898e0d6d99658db6b164205c143" + resolved "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.22.5.tgz" integrity sha512-UIzQNMS0p0HHiQm3oelztj+ECwFnj+ZRV4KnguvlsD2of1whUeM6o7wGNj6oLwcDoAXQ8gEqfgC24D+VdIcevg== dependencies: "@babel/helper-compilation-targets" "^7.22.5" @@ -747,7 +747,7 @@ "@babel/plugin-transform-json-strings@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.22.11.tgz#689a34e1eed1928a40954e37f74509f48af67835" + resolved "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.22.11.tgz" integrity sha512-CxT5tCqpA9/jXFlme9xIBCc5RPtdDq3JpkkhgHQqtDdiTnTI0jtZ0QzXhr5DILeYifDPp2wvY2ad+7+hLMW5Pw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -755,14 +755,14 @@ "@babel/plugin-transform-literals@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.22.5.tgz#e9341f4b5a167952576e23db8d435849b1dd7920" + resolved "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.22.5.tgz" integrity sha512-fTLj4D79M+mepcw3dgFBTIDYpbcB9Sm0bpm4ppXPaO+U+PKFFyV9MGRvS0gvGw62sd10kT5lRMKXAADb9pWy8g== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-logical-assignment-operators@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.22.11.tgz#24c522a61688bde045b7d9bc3c2597a4d948fc9c" + resolved "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.22.11.tgz" integrity sha512-qQwRTP4+6xFCDV5k7gZBF3C31K34ut0tbEcTKxlX/0KXxm9GLcO14p570aWxFvVzx6QAfPgq7gaeIHXJC8LswQ== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -770,14 +770,14 @@ "@babel/plugin-transform-member-expression-literals@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.22.5.tgz#4fcc9050eded981a468347dd374539ed3e058def" + resolved "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.22.5.tgz" integrity sha512-RZEdkNtzzYCFl9SE9ATaUMTj2hqMb4StarOJLrZRbqqU4HSBE7UlBw9WBWQiDzrJZJdUWiMTVDI6Gv/8DPvfew== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-modules-amd@^7.23.0": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.23.0.tgz#05b2bc43373faa6d30ca89214731f76f966f3b88" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.23.0.tgz" integrity sha512-xWT5gefv2HGSm4QHtgc1sYPbseOyf+FFDo2JbpE25GWl5BqTGO9IMwTYJRoIdjsF85GE+VegHxSCUt5EvoYTAw== dependencies: "@babel/helper-module-transforms" "^7.23.0" @@ -785,7 +785,7 @@ "@babel/plugin-transform-modules-commonjs@^7.23.0": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.23.0.tgz#b3dba4757133b2762c00f4f94590cf6d52602481" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.23.0.tgz" integrity sha512-32Xzss14/UVc7k9g775yMIvkVK8xwKE0DPdP5JTapr3+Z9w4tzeOuLNY6BXDQR6BdnzIlXnCGAzsk/ICHBLVWQ== dependencies: "@babel/helper-module-transforms" "^7.23.0" @@ -794,7 +794,7 @@ "@babel/plugin-transform-modules-systemjs@^7.23.0": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.23.0.tgz#77591e126f3ff4132a40595a6cccd00a6b60d160" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.23.0.tgz" integrity sha512-qBej6ctXZD2f+DhlOC9yO47yEYgUh5CZNz/aBoH4j/3NOlRfJXJbY7xDQCqQVf9KbrqGzIWER1f23doHGrIHFg== dependencies: "@babel/helper-hoist-variables" "^7.22.5" @@ -804,7 +804,7 @@ "@babel/plugin-transform-modules-umd@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.22.5.tgz#4694ae40a87b1745e3775b6a7fe96400315d4f98" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.22.5.tgz" integrity sha512-+S6kzefN/E1vkSsKx8kmQuqeQsvCKCd1fraCM7zXm4SFoggI099Tr4G8U81+5gtMdUeMQ4ipdQffbKLX0/7dBQ== dependencies: "@babel/helper-module-transforms" "^7.22.5" @@ -812,7 +812,7 @@ "@babel/plugin-transform-named-capturing-groups-regex@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.22.5.tgz#67fe18ee8ce02d57c855185e27e3dc959b2e991f" + resolved "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.22.5.tgz" integrity sha512-YgLLKmS3aUBhHaxp5hi1WJTgOUb/NCuDHzGT9z9WTt3YG+CPRhJs6nprbStx6DnWM4dh6gt7SU3sZodbZ08adQ== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.22.5" @@ -820,14 +820,14 @@ "@babel/plugin-transform-new-target@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.22.5.tgz#1b248acea54ce44ea06dfd37247ba089fcf9758d" + resolved "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.22.5.tgz" integrity sha512-AsF7K0Fx/cNKVyk3a+DW0JLo+Ua598/NxMRvxDnkpCIGFh43+h/v2xyhRUYf6oD8gE4QtL83C7zZVghMjHd+iw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-nullish-coalescing-operator@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.22.11.tgz#debef6c8ba795f5ac67cd861a81b744c5d38d9fc" + resolved "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.22.11.tgz" integrity sha512-YZWOw4HxXrotb5xsjMJUDlLgcDXSfO9eCmdl1bgW4+/lAGdkjaEvOnQ4p5WKKdUgSzO39dgPl0pTnfxm0OAXcg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -835,7 +835,7 @@ "@babel/plugin-transform-numeric-separator@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.22.11.tgz#498d77dc45a6c6db74bb829c02a01c1d719cbfbd" + resolved "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.22.11.tgz" integrity sha512-3dzU4QGPsILdJbASKhF/V2TVP+gJya1PsueQCxIPCEcerqF21oEcrob4mzjsp2Py/1nLfF5m+xYNMDpmA8vffg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -843,7 +843,7 @@ "@babel/plugin-transform-object-rest-spread@^7.22.15": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.22.15.tgz#21a95db166be59b91cde48775310c0df6e1da56f" + resolved "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.22.15.tgz" integrity sha512-fEB+I1+gAmfAyxZcX1+ZUwLeAuuf8VIg67CTznZE0MqVFumWkh8xWtn58I4dxdVf080wn7gzWoF8vndOViJe9Q== dependencies: "@babel/compat-data" "^7.22.9" @@ -854,7 +854,7 @@ "@babel/plugin-transform-object-super@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.22.5.tgz#794a8d2fcb5d0835af722173c1a9d704f44e218c" + resolved "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.22.5.tgz" integrity sha512-klXqyaT9trSjIUrcsYIfETAzmOEZL3cBYqOYLJxBHfMFFggmXOv+NYSX/Jbs9mzMVESw/WycLFPRx8ba/b2Ipw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -862,7 +862,7 @@ "@babel/plugin-transform-optional-catch-binding@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.22.11.tgz#461cc4f578a127bb055527b3e77404cad38c08e0" + resolved "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.22.11.tgz" integrity sha512-rli0WxesXUeCJnMYhzAglEjLWVDF6ahb45HuprcmQuLidBJFWjNnOzssk2kuc6e33FlLaiZhG/kUIzUMWdBKaQ== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -870,7 +870,7 @@ "@babel/plugin-transform-optional-chaining@^7.22.15", "@babel/plugin-transform-optional-chaining@^7.23.0": version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.23.0.tgz#73ff5fc1cf98f542f09f29c0631647d8ad0be158" + resolved "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.23.0.tgz" integrity sha512-sBBGXbLJjxTzLBF5rFWaikMnOGOk/BmK6vVByIdEggZ7Vn6CvWXZyRkkLFK6WE0IF8jSliyOkUN6SScFgzCM0g== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -879,14 +879,14 @@ "@babel/plugin-transform-parameters@^7.12.1", "@babel/plugin-transform-parameters@^7.22.15": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.22.15.tgz#719ca82a01d177af358df64a514d64c2e3edb114" + resolved "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.22.15.tgz" integrity sha512-hjk7qKIqhyzhhUvRT683TYQOFa/4cQKwQy7ALvTpODswN40MljzNDa0YldevS6tGbxwaEKVn502JmY0dP7qEtQ== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-private-methods@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.22.5.tgz#21c8af791f76674420a147ae62e9935d790f8722" + resolved "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.22.5.tgz" integrity sha512-PPjh4gyrQnGe97JTalgRGMuU4icsZFnWkzicB/fUtzlKUqvsWBKEpPPfr5a2JiyirZkHxnAqkQMO5Z5B2kK3fA== dependencies: "@babel/helper-create-class-features-plugin" "^7.22.5" @@ -894,7 +894,7 @@ "@babel/plugin-transform-private-property-in-object@^7.22.11": version "7.22.11" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.22.11.tgz#ad45c4fc440e9cb84c718ed0906d96cf40f9a4e1" + resolved "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.22.11.tgz" integrity sha512-sSCbqZDBKHetvjSwpyWzhuHkmW5RummxJBVbYLkGkaiTOWGxml7SXt0iWa03bzxFIx7wOj3g/ILRd0RcJKBeSQ== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -904,35 +904,35 @@ "@babel/plugin-transform-property-literals@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.22.5.tgz#b5ddabd73a4f7f26cd0e20f5db48290b88732766" + resolved "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.22.5.tgz" integrity sha512-TiOArgddK3mK/x1Qwf5hay2pxI6wCZnvQqrFSqbtg1GLl2JcNMitVH/YnqjP+M31pLUeTfzY1HAXFDnUBV30rQ== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-react-constant-elements@^7.18.12": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.22.5.tgz#6dfa7c1c37f7d7279e417ceddf5a04abb8bb9c29" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.22.5.tgz" integrity sha512-BF5SXoO+nX3h5OhlN78XbbDrBOffv+AxPP2ENaJOVqjWCgBDeOY3WcaUcddutGSfoap+5NEQ/q/4I3WZIvgkXA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-react-display-name@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.22.5.tgz#3c4326f9fce31c7968d6cb9debcaf32d9e279a2b" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.22.5.tgz" integrity sha512-PVk3WPYudRF5z4GKMEYUrLjPl38fJSKNaEOkFuoprioowGuWN6w2RKznuFNSlJx7pzzXXStPUnNSOEO0jL5EVw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-react-jsx-development@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.22.5.tgz#e716b6edbef972a92165cd69d92f1255f7e73e87" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.22.5.tgz" integrity sha512-bDhuzwWMuInwCYeDeMzyi7TaBgRQei6DqxhbyniL7/VG4RSS7HtSL2QbY4eESy1KJqlWt8g3xeEBGPuo+XqC8A== dependencies: "@babel/plugin-transform-react-jsx" "^7.22.5" "@babel/plugin-transform-react-jsx@^7.22.15", "@babel/plugin-transform-react-jsx@^7.22.5": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.22.15.tgz#7e6266d88705d7c49f11c98db8b9464531289cd6" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.22.15.tgz" integrity sha512-oKckg2eZFa8771O/5vi7XeTvmM6+O9cxZu+kanTU7tD4sin5nO/G8jGJhq8Hvt2Z0kUoEDRayuZLaUlYl8QuGA== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -943,7 +943,7 @@ "@babel/plugin-transform-react-pure-annotations@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.22.5.tgz#1f58363eef6626d6fa517b95ac66fe94685e32c0" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.22.5.tgz" integrity sha512-gP4k85wx09q+brArVinTXhWiyzLl9UpmGva0+mWyKxk6JZequ05x3eUcIUE+FyttPKJFRRVtAvQaJ6YF9h1ZpA== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -951,7 +951,7 @@ "@babel/plugin-transform-regenerator@^7.22.10": version "7.22.10" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.22.10.tgz#8ceef3bd7375c4db7652878b0241b2be5d0c3cca" + resolved "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.22.10.tgz" integrity sha512-F28b1mDt8KcT5bUyJc/U9nwzw6cV+UmTeRlXYIl2TNqMMJif0Jeey9/RQ3C4NOd2zp0/TRsDns9ttj2L523rsw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -959,14 +959,14 @@ "@babel/plugin-transform-reserved-words@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.22.5.tgz#832cd35b81c287c4bcd09ce03e22199641f964fb" + resolved "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.22.5.tgz" integrity sha512-DTtGKFRQUDm8svigJzZHzb/2xatPc6TzNvAIJ5GqOKDsGFYgAskjRulbR/vGsPKq3OPqtexnz327qYpP57RFyA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-runtime@^7.18.6": version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.23.2.tgz#c956a3f8d1aa50816ff6c30c6288d66635c12990" + resolved "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.23.2.tgz" integrity sha512-XOntj6icgzMS58jPVtQpiuF6ZFWxQiJavISGx5KGjRj+3gqZr8+N6Kx+N9BApWzgS+DOjIZfXXj0ZesenOWDyA== dependencies: "@babel/helper-module-imports" "^7.22.15" @@ -978,14 +978,14 @@ "@babel/plugin-transform-shorthand-properties@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.22.5.tgz#6e277654be82b5559fc4b9f58088507c24f0c624" + resolved "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.22.5.tgz" integrity sha512-vM4fq9IXHscXVKzDv5itkO1X52SmdFBFcMIBZ2FRn2nqVYqw6dBexUgMvAjHW+KXpPPViD/Yo3GrDEBaRC0QYA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-spread@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.22.5.tgz#6487fd29f229c95e284ba6c98d65eafb893fea6b" + resolved "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.22.5.tgz" integrity sha512-5ZzDQIGyvN4w8+dMmpohL6MBo+l2G7tfC/O2Dg7/hjpgeWvUx8FzfeOKxGog9IimPa4YekaQ9PlDqTLOljkcxg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -993,28 +993,28 @@ "@babel/plugin-transform-sticky-regex@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.22.5.tgz#295aba1595bfc8197abd02eae5fc288c0deb26aa" + resolved "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.22.5.tgz" integrity sha512-zf7LuNpHG0iEeiyCNwX4j3gDg1jgt1k3ZdXBKbZSoA3BbGQGvMiSvfbZRR3Dr3aeJe3ooWFZxOOG3IRStYp2Bw== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-template-literals@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.22.5.tgz#8f38cf291e5f7a8e60e9f733193f0bcc10909bff" + resolved "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.22.5.tgz" integrity sha512-5ciOehRNf+EyUeewo8NkbQiUs4d6ZxiHo6BcBcnFlgiJfu16q0bQUw9Jvo0b0gBKFG1SMhDSjeKXSYuJLeFSMA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-typeof-symbol@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.22.5.tgz#5e2ba478da4b603af8673ff7c54f75a97b716b34" + resolved "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.22.5.tgz" integrity sha512-bYkI5lMzL4kPii4HHEEChkD0rkc+nvnlR6+o/qdqR6zrm0Sv/nodmyLhlq2DO0YKLUNd2VePmPRjJXSBh9OIdA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-typescript@^7.22.15": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.22.15.tgz#15adef906451d86349eb4b8764865c960eb54127" + resolved "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.22.15.tgz" integrity sha512-1uirS0TnijxvQLnlv5wQBwOX3E1wCFX7ITv+9pBV2wKEk4K+M5tqDaoNXnTH8tjEIYHLO98MwiTWO04Ggz4XuA== dependencies: "@babel/helper-annotate-as-pure" "^7.22.5" @@ -1024,14 +1024,14 @@ "@babel/plugin-transform-unicode-escapes@^7.22.10": version "7.22.10" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.22.10.tgz#c723f380f40a2b2f57a62df24c9005834c8616d9" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.22.10.tgz" integrity sha512-lRfaRKGZCBqDlRU3UIFovdp9c9mEvlylmpod0/OatICsSfuQ9YFthRo1tpTkGsklEefZdqlEFdY4A2dwTb6ohg== dependencies: "@babel/helper-plugin-utils" "^7.22.5" "@babel/plugin-transform-unicode-property-regex@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.22.5.tgz#098898f74d5c1e86660dc112057b2d11227f1c81" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.22.5.tgz" integrity sha512-HCCIb+CbJIAE6sXn5CjFQXMwkCClcOfPCzTlilJ8cUatfzwHlWQkbtV0zD338u9dZskwvuOYTuuaMaA8J5EI5A== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.22.5" @@ -1039,7 +1039,7 @@ "@babel/plugin-transform-unicode-regex@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.22.5.tgz#ce7e7bb3ef208c4ff67e02a22816656256d7a183" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.22.5.tgz" integrity sha512-028laaOKptN5vHJf9/Arr/HiJekMd41hOEZYvNsrsXqJ7YPYuX2bQxh31fkZzGmq3YqHRJzYFFAVYvKfMPKqyg== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.22.5" @@ -1047,7 +1047,7 @@ "@babel/plugin-transform-unicode-sets-regex@^7.22.5": version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.22.5.tgz#77788060e511b708ffc7d42fdfbc5b37c3004e91" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.22.5.tgz" integrity sha512-lhMfi4FC15j13eKrh3DnYHjpGj6UKQHtNKTbtc1igvAhRy4+kLhV07OpLcsN0VgDEw/MjAvJO4BdMJsHwMhzCg== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.22.5" @@ -1055,7 +1055,7 @@ "@babel/preset-env@^7.18.6", "@babel/preset-env@^7.19.4": version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.23.2.tgz#1f22be0ff0e121113260337dbc3e58fafce8d059" + resolved "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.23.2.tgz" integrity sha512-BW3gsuDD+rvHL2VO2SjAUNTBe5YrjsTiDyqamPDWY723na3/yPQ65X5oQkFVJZ0o50/2d+svm1rkPoJeR1KxVQ== dependencies: "@babel/compat-data" "^7.23.2" @@ -1141,7 +1141,7 @@ "@babel/preset-modules@0.1.6-no-external-plugins": version "0.1.6-no-external-plugins" - resolved "https://registry.yarnpkg.com/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz#ccb88a2c49c817236861fee7826080573b8a923a" + resolved "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz" integrity sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA== dependencies: "@babel/helper-plugin-utils" "^7.0.0" @@ -1150,7 +1150,7 @@ "@babel/preset-react@^7.18.6": version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.22.15.tgz#9a776892b648e13cc8ca2edf5ed1264eea6b6afc" + resolved "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.22.15.tgz" integrity sha512-Csy1IJ2uEh/PecCBXXoZGAZBeCATTuePzCSB7dLYWS0vOEj6CNpjxIhW4duWwZodBNueH7QO14WbGn8YyeuN9w== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -1162,7 +1162,7 @@ "@babel/preset-typescript@^7.18.6": version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.23.2.tgz#c8de488130b7081f7e1482936ad3de5b018beef4" + resolved "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.23.2.tgz" integrity sha512-u4UJc1XsS1GhIGteM8rnGiIvf9rJpiVgMEeCnwlLA7WJPC+jcXWJAGxYmeqs5hOZD8BbAfnV5ezBOxQbb4OUxA== dependencies: "@babel/helper-plugin-utils" "^7.22.5" @@ -1173,12 +1173,12 @@ "@babel/regjsgen@^0.8.0": version "0.8.0" - resolved "https://registry.yarnpkg.com/@babel/regjsgen/-/regjsgen-0.8.0.tgz#f0ba69b075e1f05fb2825b7fad991e7adbb18310" + resolved "https://registry.npmjs.org/@babel/regjsgen/-/regjsgen-0.8.0.tgz" integrity sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA== "@babel/runtime-corejs3@^7.18.6": version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.23.2.tgz#a5cd9d8b408fb946b2f074b21ea40c04e516795c" + resolved "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.23.2.tgz" integrity sha512-54cIh74Z1rp4oIjsHjqN+WM4fMyCBYe+LpZ9jWm51CZ1fbH3SkAzQD/3XLoNkjbJ7YEmjobLXyvQrFypRHOrXw== dependencies: core-js-pure "^3.30.2" @@ -1191,37 +1191,37 @@ dependencies: regenerator-runtime "^0.14.0" -"@babel/template@^7.12.7", "@babel/template@^7.22.15", "@babel/template@^7.22.5": - version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.22.15.tgz#09576efc3830f0430f4548ef971dde1350ef2f38" - integrity sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w== +"@babel/template@^7.12.7", "@babel/template@^7.22.15", "@babel/template@^7.22.5", "@babel/template@^7.23.9": + version "7.23.9" + resolved "https://registry.npmjs.org/@babel/template/-/template-7.23.9.tgz" + integrity sha512-+xrD2BWLpvHKNmX2QbpdpsBaWnRxahMwJjO+KZk2JOElj5nSmKezyS1B4u+QbHMTX69t4ukm6hh9lsYQ7GHCKA== dependencies: - "@babel/code-frame" "^7.22.13" - "@babel/parser" "^7.22.15" - "@babel/types" "^7.22.15" + "@babel/code-frame" "^7.23.5" + "@babel/parser" "^7.23.9" + "@babel/types" "^7.23.9" -"@babel/traverse@^7.12.9", "@babel/traverse@^7.18.8", "@babel/traverse@^7.23.2": - version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.2.tgz#329c7a06735e144a506bdb2cad0268b7f46f4ad8" - integrity sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw== +"@babel/traverse@^7.12.9", "@babel/traverse@^7.18.8", "@babel/traverse@^7.23.9": + version "7.23.9" + resolved "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.9.tgz" + integrity sha512-I/4UJ9vs90OkBtY6iiiTORVMyIhJ4kAVmsKo9KFc8UOxMeUfi2hvtIBsET5u9GizXE6/GFSuKCTNfgCswuEjRg== dependencies: - "@babel/code-frame" "^7.22.13" - "@babel/generator" "^7.23.0" + "@babel/code-frame" "^7.23.5" + "@babel/generator" "^7.23.6" "@babel/helper-environment-visitor" "^7.22.20" "@babel/helper-function-name" "^7.23.0" "@babel/helper-hoist-variables" "^7.22.5" "@babel/helper-split-export-declaration" "^7.22.6" - "@babel/parser" "^7.23.0" - "@babel/types" "^7.23.0" - debug "^4.1.0" + "@babel/parser" "^7.23.9" + "@babel/types" "^7.23.9" + debug "^4.3.1" globals "^11.1.0" -"@babel/types@^7.12.7", "@babel/types@^7.20.0", "@babel/types@^7.22.15", "@babel/types@^7.22.19", "@babel/types@^7.22.5", "@babel/types@^7.23.0", "@babel/types@^7.4.4": - version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.23.0.tgz#8c1f020c9df0e737e4e247c0619f58c68458aaeb" - integrity sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg== +"@babel/types@^7.12.7", "@babel/types@^7.20.0", "@babel/types@^7.22.15", "@babel/types@^7.22.19", "@babel/types@^7.22.5", "@babel/types@^7.23.0", "@babel/types@^7.23.6", "@babel/types@^7.23.9", "@babel/types@^7.4.4": + version "7.23.9" + resolved "https://registry.npmjs.org/@babel/types/-/types-7.23.9.tgz" + integrity sha512-dQjSq/7HaSjRM43FFGnv5keM2HsxpmyV1PfaSVm0nzzjwwTmjOe6J4bC8e3+pTEIgHaHj+1ZlLThRJ2auc/w1Q== dependencies: - "@babel/helper-string-parser" "^7.22.5" + "@babel/helper-string-parser" "^7.23.4" "@babel/helper-validator-identifier" "^7.22.20" to-fast-properties "^2.0.0" @@ -1230,9 +1230,16 @@ resolved "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz" integrity sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ== +"@cspotcode/source-map-support@^0.8.0": + version "0.8.1" + resolved "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz" + integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== + dependencies: + "@jridgewell/trace-mapping" "0.3.9" + "@discoveryjs/json-ext@0.5.7": version "0.5.7" - resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70" + resolved "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz" integrity sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw== "@docsearch/css@3.5.2": @@ -1250,7 +1257,7 @@ "@docsearch/css" "3.5.2" algoliasearch "^4.19.1" -"@docusaurus/core@2.4.3", "@docusaurus/core@^2.0.0-beta.5", "@docusaurus/core@^2.4.3": +"@docusaurus/core@^2.0.0-beta.5", "@docusaurus/core@^2.4.3", "@docusaurus/core@2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/core/-/core-2.4.3.tgz" integrity sha512-dWH5P7cgeNSIg9ufReX6gaCl/TmrGKD38Orbwuz05WPhAQtFXHd5B8Qym1TiXfvUNvwoYKkAJOJuGe8ou0Z7PA== @@ -1368,7 +1375,7 @@ url-loader "^4.1.1" webpack "^5.73.0" -"@docusaurus/module-type-aliases@2.4.3", "@docusaurus/module-type-aliases@^2.4.3": +"@docusaurus/module-type-aliases@^2.4.3", "@docusaurus/module-type-aliases@2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-2.4.3.tgz" integrity sha512-cwkBkt1UCiduuvEAo7XZY01dJfRn7UR/75mBgOdb1hKknhrabJZ8YH+7savd/y9kLExPyrhe0QwdS9GuzsRRIA== @@ -1477,7 +1484,7 @@ "@docusaurus/utils-validation" "2.4.3" tslib "^2.4.0" -"@docusaurus/plugin-google-gtag@2.4.3", "@docusaurus/plugin-google-gtag@^2.4.3": +"@docusaurus/plugin-google-gtag@^2.4.3", "@docusaurus/plugin-google-gtag@2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-2.4.3.tgz" integrity sha512-5FMg0rT7sDy4i9AGsvJC71MQrqQZwgLNdDetLEGDHLfSHLvJhQbTCUGbGXknUgWXQJckcV/AILYeJy+HhxeIFA== @@ -1531,7 +1538,7 @@ "@docusaurus/theme-search-algolia" "2.4.3" "@docusaurus/types" "2.4.3" -"@docusaurus/react-loadable@5.5.2", "react-loadable@npm:@docusaurus/react-loadable@5.5.2": +"@docusaurus/react-loadable@5.5.2": version "5.5.2" resolved "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-5.5.2.tgz" integrity sha512-A3dYjdBGuy0IGT+wyLIGIKLRE+sAk1iNk0f1HjNDysO7u8lhL4N3VEm+FAubmJbAztn94F7MxBTPmnixbiyFdQ== @@ -1592,7 +1599,7 @@ use-sync-external-store "^1.2.0" utility-types "^3.10.0" -"@docusaurus/theme-search-algolia@2.4.3", "@docusaurus/theme-search-algolia@^2.4.3": +"@docusaurus/theme-search-algolia@^2.4.3", "@docusaurus/theme-search-algolia@2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-2.4.3.tgz" integrity sha512-jziq4f6YVUB5hZOB85ELATwnxBz/RmSLD3ksGQOLDPKVzat4pmI8tddNWtriPpxR04BNT+ZfpPUMFkNFetSW1Q== @@ -1622,7 +1629,7 @@ fs-extra "^10.1.0" tslib "^2.4.0" -"@docusaurus/types@2.4.3", "@docusaurus/types@^2.0.0-beta.5": +"@docusaurus/types@*", "@docusaurus/types@^2.0.0-beta.5", "@docusaurus/types@2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/types/-/types-2.4.3.tgz" integrity sha512-W6zNLGQqfrp/EoPD0bhb9n7OobP+RHpmvVzpA+Z/IuU3Q63njJM24hmT0GYboovWcDtFmnIJC9wcyx4RVPQscw== @@ -1654,7 +1661,7 @@ js-yaml "^4.1.0" tslib "^2.4.0" -"@docusaurus/utils@2.4.3", "@docusaurus/utils@^2.0.0-beta.5": +"@docusaurus/utils@^2.0.0-beta.5", "@docusaurus/utils@2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/utils/-/utils-2.4.3.tgz" integrity sha512-fKcXsjrD86Smxv8Pt0TBFqYieZZCPh4cbf9oszUq/AMhZn3ujwpKaVYZACPX8mmjtYx0JOgNx52CREBfiGQB4A== @@ -1676,6 +1683,45 @@ url-loader "^4.1.1" webpack "^5.73.0" +"@edge-runtime/cookies@3.4.1": + version "3.4.1" + resolved "https://registry.npmjs.org/@edge-runtime/cookies/-/cookies-3.4.1.tgz" + integrity sha512-z27BvgPxI73CgSlxU/NAUf1Q/shnqi6cobHEowf6VuLdSjGR3NjI2Y5dZUIBbK2zOJVZbXcHsVzJjz8LklteFQ== + +"@edge-runtime/format@2.2.0": + version "2.2.0" + resolved "https://registry.npmjs.org/@edge-runtime/format/-/format-2.2.0.tgz" + integrity sha512-gPrS6AVw/qJJL0vcxMXv4kFXCU3ZTCD1uuJpwX15YxHV8BgU9OG5v9LrkkXcr96PBT/9epypfNJMhlWADuEziw== + +"@edge-runtime/node-utils@2.2.1": + version "2.2.1" + resolved "https://registry.npmjs.org/@edge-runtime/node-utils/-/node-utils-2.2.1.tgz" + integrity sha512-RUl/439BHKshkhSGFRlZ1kzy68wL4mn8VNKDSZr3p0tciyZ33Mjfpl+vofqnHqXRmDI6nLnZpfJvhY3D88o0pA== + dependencies: + "@edge-runtime/cookies" "3.4.1" + +"@edge-runtime/ponyfill@2.4.1": + version "2.4.1" + resolved "https://registry.npmjs.org/@edge-runtime/ponyfill/-/ponyfill-2.4.1.tgz" + integrity sha512-ZbR/EViY3gg2rmEAQTKPa6mXl4aR1/+cFcQe4r1segCjEbTAxT6PWu40odbu/KlZKSysEb2O/BWIC2lJgSJOMQ== + +"@edge-runtime/primitives@4.0.5": + version "4.0.5" + resolved "https://registry.npmjs.org/@edge-runtime/primitives/-/primitives-4.0.5.tgz" + integrity sha512-t7QiN5d/KpXgCvIfSt6Nm9Hj3WVdNgc5CpOD73jasY+9EvTI7Ngdj5cXvjcHrPcmYWJZMySPgeEeoL/1N/Llag== + +"@edge-runtime/vm@3.1.7": + version "3.1.7" + resolved "https://registry.npmjs.org/@edge-runtime/vm/-/vm-3.1.7.tgz" + integrity sha512-hUMFbDQ/nZN+1TLMi6iMO1QFz9RSV8yGG8S42WFPFma1d7VSNE0eMdJUmwjmtav22/iQkzHMmu6oTSfAvRGS8g== + dependencies: + "@edge-runtime/primitives" "4.0.5" + +"@fastify/busboy@^2.0.0": + version "2.1.0" + resolved "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.0.tgz" + integrity sha512-+KpH+QxZU7O4675t3mnkQKcZZg56u+K/Ct2K+N2AZYNVK8kyeo/bI18tI8aPm3tvNNRyTWfj6s5tnGNlcbQRsA== + "@hapi/hoek@^9.0.0": version "9.3.0" resolved "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz" @@ -1690,14 +1736,14 @@ "@jest/schemas@^29.6.3": version "29.6.3" - resolved "https://registry.yarnpkg.com/@jest/schemas/-/schemas-29.6.3.tgz#430b5ce8a4e0044a7e3819663305a7b3091c8e03" + resolved "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz" integrity sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA== dependencies: "@sinclair/typebox" "^0.27.8" "@jest/types@^29.6.3": version "29.6.3" - resolved "https://registry.yarnpkg.com/@jest/types/-/types-29.6.3.tgz#1131f8cf634e7e84c5e77bab12f052af585fba59" + resolved "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz" integrity sha512-u3UPsIilWKOM3F9CXtrG8LEJmNxwoCQC/XVj4IKYXvvpx7QIi/Kg1LI5uDmDpKlac62NUtX7eLjRh+jVZcLOzw== dependencies: "@jest/schemas" "^29.6.3" @@ -1709,16 +1755,16 @@ "@jridgewell/gen-mapping@^0.3.0", "@jridgewell/gen-mapping@^0.3.2": version "0.3.3" - resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz#7e02e6eb5df901aaedb08514203b096614024098" + resolved "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz" integrity sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ== dependencies: "@jridgewell/set-array" "^1.0.1" "@jridgewell/sourcemap-codec" "^1.4.10" "@jridgewell/trace-mapping" "^0.3.9" -"@jridgewell/resolve-uri@^3.1.0": +"@jridgewell/resolve-uri@^3.0.3", "@jridgewell/resolve-uri@^3.1.0": version "3.1.1" - resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz#c08679063f279615a3326583ba3a90d1d82cc721" + resolved "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz" integrity sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA== "@jridgewell/set-array@^1.0.1": @@ -1728,7 +1774,7 @@ "@jridgewell/source-map@^0.3.3": version "0.3.5" - resolved "https://registry.yarnpkg.com/@jridgewell/source-map/-/source-map-0.3.5.tgz#a3bb4d5c6825aab0d281268f47f6ad5853431e91" + resolved "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.5.tgz" integrity sha512-UTYAUj/wviwdsMfzoSJspJxbkH5o1snzwX0//0ENX1u/55kkZZkcTZP6u9bwKGkv+dkk9at4m1Cpt0uY80kcpQ== dependencies: "@jridgewell/gen-mapping" "^0.3.0" @@ -1736,22 +1782,45 @@ "@jridgewell/sourcemap-codec@^1.4.10", "@jridgewell/sourcemap-codec@^1.4.14": version "1.4.15" - resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" + resolved "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz" integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== "@jridgewell/trace-mapping@^0.3.17", "@jridgewell/trace-mapping@^0.3.9": version "0.3.20" - resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.20.tgz#72e45707cf240fa6b081d0366f8265b0cd10197f" + resolved "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.20.tgz" integrity sha512-R8LcPeWZol2zR8mmH3JeKQ6QRCFb7XgUhV9ZlGhHLGyg4wpPiPZNQOOWhFZhxKw8u//yTbNGI42Bx/3paXEQ+Q== dependencies: "@jridgewell/resolve-uri" "^3.1.0" "@jridgewell/sourcemap-codec" "^1.4.14" +"@jridgewell/trace-mapping@0.3.9": + version "0.3.9" + resolved "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz" + integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== + dependencies: + "@jridgewell/resolve-uri" "^3.0.3" + "@jridgewell/sourcemap-codec" "^1.4.10" + "@leichtgewicht/ip-codec@^2.0.1": version "2.0.4" resolved "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz" integrity sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A== +"@mapbox/node-pre-gyp@^1.0.5": + version "1.0.11" + resolved "https://registry.npmjs.org/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.11.tgz" + integrity sha512-Yhlar6v9WQgUp/He7BdgzOz8lqMQ8sU+jkCq7Wx8Myc5YFJLbEe7lgui/V7G1qB1DJykHSGwreceSaD60Y0PUQ== + dependencies: + detect-libc "^2.0.0" + https-proxy-agent "^5.0.0" + make-dir "^3.1.0" + node-fetch "^2.6.7" + nopt "^5.0.0" + npmlog "^5.0.1" + rimraf "^3.0.2" + semver "^7.3.5" + tar "^6.1.11" + "@mdx-js/mdx@^1.6.22": version "1.6.22" resolved "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-1.6.22.tgz" @@ -1795,7 +1864,7 @@ "@nodelib/fs.stat" "2.0.5" run-parallel "^1.1.9" -"@nodelib/fs.stat@2.0.5", "@nodelib/fs.stat@^2.0.2": +"@nodelib/fs.stat@^2.0.2", "@nodelib/fs.stat@2.0.5": version "2.0.5" resolved "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz" integrity sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== @@ -1813,6 +1882,14 @@ resolved "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.21.tgz" integrity sha512-a5Sab1C4/icpTZVzZc5Ghpz88yQtGOyNqYXcZgOssB2uuAr+wF/MvN6bgtW32q7HHrvBki+BsZ0OuNv6EV3K9g== +"@rollup/pluginutils@^4.0.0": + version "4.2.1" + resolved "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-4.2.1.tgz" + integrity sha512-iKnFXr7NkdZAIHiIWE+BX5ULi/ucVFYWD6TbAV+rZctiRTY2PL6tsIKhoIOaoskiWAkgu+VsbXgUVDNLHf+InQ== + dependencies: + estree-walker "^2.0.1" + picomatch "^2.2.2" + "@sideway/address@^4.1.3": version "4.1.4" resolved "https://registry.npmjs.org/@sideway/address/-/address-4.1.4.tgz" @@ -1822,7 +1899,7 @@ "@sideway/formula@^3.0.1": version "3.0.1" - resolved "https://registry.yarnpkg.com/@sideway/formula/-/formula-3.0.1.tgz#80fcbcbaf7ce031e0ef2dd29b1bfc7c3f583611f" + resolved "https://registry.npmjs.org/@sideway/formula/-/formula-3.0.1.tgz" integrity sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg== "@sideway/pinpoint@^2.0.0": @@ -1832,9 +1909,14 @@ "@sinclair/typebox@^0.27.8": version "0.27.8" - resolved "https://registry.yarnpkg.com/@sinclair/typebox/-/typebox-0.27.8.tgz#6667fac16c436b5434a387a34dedb013198f6e6e" + resolved "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz" integrity sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA== +"@sinclair/typebox@0.25.24": + version "0.25.24" + resolved "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.25.24.tgz" + integrity sha512-XJfwUVUKDHF5ugKwIcxEgc9k8b7HbznCp6eUfWgu710hMPNIO4aw4/zB5RogDQz8nd6gyCDpU9O/m6qYEWY6yQ== + "@sindresorhus/is@^0.14.0": version "0.14.0" resolved "https://registry.npmjs.org/@sindresorhus/is/-/is-0.14.0.tgz" @@ -1851,47 +1933,47 @@ "@svgr/babel-plugin-add-jsx-attribute@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-6.5.1.tgz#74a5d648bd0347bda99d82409d87b8ca80b9a1ba" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-6.5.1.tgz" integrity sha512-9PYGcXrAxitycIjRmZB+Q0JaN07GZIWaTBIGQzfaZv+qr1n8X1XUEJ5rZ/vx6OVD9RRYlrNnXWExQXcmZeD/BQ== "@svgr/babel-plugin-remove-jsx-attribute@*": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-8.0.0.tgz#69177f7937233caca3a1afb051906698f2f59186" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-8.0.0.tgz" integrity sha512-BcCkm/STipKvbCl6b7QFrMh/vx00vIP63k2eM66MfHJzPr6O2U0jYEViXkHJWqXqQYjdeA9cuCl5KWmlwjDvbA== "@svgr/babel-plugin-remove-jsx-empty-expression@*": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-8.0.0.tgz#c2c48104cfd7dcd557f373b70a56e9e3bdae1d44" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-8.0.0.tgz" integrity sha512-5BcGCBfBxB5+XSDSWnhTThfI9jcO5f0Ai2V24gZpG+wXF14BzwxxdDb4g6trdOux0rhibGs385BeFMSmxtS3uA== "@svgr/babel-plugin-replace-jsx-attribute-value@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-6.5.1.tgz#fb9d22ea26d2bc5e0a44b763d4c46d5d3f596c60" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-6.5.1.tgz" integrity sha512-8DPaVVE3fd5JKuIC29dqyMB54sA6mfgki2H2+swh+zNJoynC8pMPzOkidqHOSc6Wj032fhl8Z0TVn1GiPpAiJg== "@svgr/babel-plugin-svg-dynamic-title@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-6.5.1.tgz#01b2024a2b53ffaa5efceaa0bf3e1d5a4c520ce4" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-6.5.1.tgz" integrity sha512-FwOEi0Il72iAzlkaHrlemVurgSQRDFbk0OC8dSvD5fSBPHltNh7JtLsxmZUhjYBZo2PpcU/RJvvi6Q0l7O7ogw== "@svgr/babel-plugin-svg-em-dimensions@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-6.5.1.tgz#dd3fa9f5b24eb4f93bcf121c3d40ff5facecb217" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-6.5.1.tgz" integrity sha512-gWGsiwjb4tw+ITOJ86ndY/DZZ6cuXMNE/SjcDRg+HLuCmwpcjOktwRF9WgAiycTqJD/QXqL2f8IzE2Rzh7aVXA== "@svgr/babel-plugin-transform-react-native-svg@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-6.5.1.tgz#1d8e945a03df65b601551097d8f5e34351d3d305" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-6.5.1.tgz" integrity sha512-2jT3nTayyYP7kI6aGutkyfJ7UMGtuguD72OjeGLwVNyfPRBD8zQthlvL+fAbAKk5n9ZNcvFkp/b1lZ7VsYqVJg== "@svgr/babel-plugin-transform-svg-component@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-6.5.1.tgz#48620b9e590e25ff95a80f811544218d27f8a250" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-6.5.1.tgz" integrity sha512-a1p6LF5Jt33O3rZoVRBqdxL350oge54iZWHNI6LJB5tQ7EelvD/Mb1mfBiZNAan0dt4i3VArkFRjA4iObuNykQ== "@svgr/babel-preset@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/babel-preset/-/babel-preset-6.5.1.tgz#b90de7979c8843c5c580c7e2ec71f024b49eb828" + resolved "https://registry.npmjs.org/@svgr/babel-preset/-/babel-preset-6.5.1.tgz" integrity sha512-6127fvO/FF2oi5EzSQOAjo1LE3OtNVh11R+/8FXa+mHx1ptAaS4cknIjnUA7e6j6fwGGJ17NzaTJFUwOV2zwCw== dependencies: "@svgr/babel-plugin-add-jsx-attribute" "^6.5.1" @@ -1903,9 +1985,9 @@ "@svgr/babel-plugin-transform-react-native-svg" "^6.5.1" "@svgr/babel-plugin-transform-svg-component" "^6.5.1" -"@svgr/core@^6.5.1": +"@svgr/core@*", "@svgr/core@^6.0.0", "@svgr/core@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/core/-/core-6.5.1.tgz#d3e8aa9dbe3fbd747f9ee4282c1c77a27410488a" + resolved "https://registry.npmjs.org/@svgr/core/-/core-6.5.1.tgz" integrity sha512-/xdLSWxK5QkqG524ONSjvg3V/FkNyCv538OIBdQqPNaAta3AsXj/Bd2FbvR87yMbXO2hFSWiAe/Q6IkVPDw+mw== dependencies: "@babel/core" "^7.19.6" @@ -1916,7 +1998,7 @@ "@svgr/hast-util-to-babel-ast@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-6.5.1.tgz#81800bd09b5bcdb968bf6ee7c863d2288fdb80d2" + resolved "https://registry.npmjs.org/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-6.5.1.tgz" integrity sha512-1hnUxxjd83EAxbL4a0JDJoD3Dao3hmjvyvyEV8PzWmLK3B9m9NPlW7GKjFyoWE8nM7HnXzPcmmSyOW8yOddSXw== dependencies: "@babel/types" "^7.20.0" @@ -1924,7 +2006,7 @@ "@svgr/plugin-jsx@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/plugin-jsx/-/plugin-jsx-6.5.1.tgz#0e30d1878e771ca753c94e69581c7971542a7072" + resolved "https://registry.npmjs.org/@svgr/plugin-jsx/-/plugin-jsx-6.5.1.tgz" integrity sha512-+UdQxI3jgtSjCykNSlEMuy1jSRQlGC7pqBCPvkG/2dATdWo082zHTTK3uhnAju2/6XpE6B5mZ3z4Z8Ns01S8Gw== dependencies: "@babel/core" "^7.19.6" @@ -1934,7 +2016,7 @@ "@svgr/plugin-svgo@^6.5.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/plugin-svgo/-/plugin-svgo-6.5.1.tgz#0f91910e988fc0b842f88e0960c2862e022abe84" + resolved "https://registry.npmjs.org/@svgr/plugin-svgo/-/plugin-svgo-6.5.1.tgz" integrity sha512-omvZKf8ixP9z6GWgwbtmP9qQMPX4ODXi+wzbVZgomNFsUIlHA1sf4fThdwTWSsZGgvGAG6yE+b/F5gWUkcZ/iQ== dependencies: cosmiconfig "^7.0.1" @@ -1943,7 +2025,7 @@ "@svgr/webpack@^6.2.1": version "6.5.1" - resolved "https://registry.yarnpkg.com/@svgr/webpack/-/webpack-6.5.1.tgz#ecf027814fc1cb2decc29dc92f39c3cf691e40e8" + resolved "https://registry.npmjs.org/@svgr/webpack/-/webpack-6.5.1.tgz" integrity sha512-cQ/AsnBkXPkEK8cLbv4Dm7JGXq2XrumKnL1dRpJD9rIO2fTIlJI9a1uCciYG1F2aUsox/hJQyNGbt3soDxSRkA== dependencies: "@babel/core" "^7.19.6" @@ -1962,16 +2044,51 @@ dependencies: defer-to-connect "^1.0.1" +"@tootallnate/once@2.0.0": + version "2.0.0" + resolved "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz" + integrity sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A== + "@trysound/sax@0.2.0": version "0.2.0" resolved "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz" integrity sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA== +"@ts-morph/common@~0.11.0": + version "0.11.1" + resolved "https://registry.npmjs.org/@ts-morph/common/-/common-0.11.1.tgz" + integrity sha512-7hWZS0NRpEsNV8vWJzg7FEz6V8MaLNeJOmwmghqUXTpzk16V1LLZhdo+4QvE/+zv4cVci0OviuJFnqhEfoV3+g== + dependencies: + fast-glob "^3.2.7" + minimatch "^3.0.4" + mkdirp "^1.0.4" + path-browserify "^1.0.1" + "@tsconfig/docusaurus@^1.0.5": version "1.0.7" - resolved "https://registry.yarnpkg.com/@tsconfig/docusaurus/-/docusaurus-1.0.7.tgz#a3ee3c8109b3fec091e3d61a61834e563aeee3c3" + resolved "https://registry.npmjs.org/@tsconfig/docusaurus/-/docusaurus-1.0.7.tgz" integrity sha512-ffTXxGIP/IRMCjuzHd6M4/HdIrw1bMfC7Bv8hMkTadnePkpe0lG0oDSdbRpSDZb2rQMAgpbWiR10BvxvNYwYrg== +"@tsconfig/node10@^1.0.7": + version "1.0.9" + resolved "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.9.tgz" + integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA== + +"@tsconfig/node12@^1.0.7": + version "1.0.11" + resolved "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz" + integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag== + +"@tsconfig/node14@^1.0.0": + version "1.0.3" + resolved "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz" + integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow== + +"@tsconfig/node16@^1.0.2": + version "1.0.4" + resolved "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz" + integrity sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA== + "@types/body-parser@*": version "1.19.2" resolved "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.2.tgz" @@ -1989,7 +2106,7 @@ "@types/connect-history-api-fallback@^1.3.5": version "1.5.3" - resolved "https://registry.yarnpkg.com/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.3.tgz#7793aa2160cef7db0ce5fe2b8aab621200f1a470" + resolved "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.3.tgz" integrity sha512-6mfQ6iNvhSKCZJoY6sIG3m0pKkdUcweVNOLuBBKvoWGzl2yRxOJcYOTRyLKt3nxXvBLJWa6QkW//tgbIwJehmA== dependencies: "@types/express-serve-static-core" "*" @@ -2012,7 +2129,7 @@ "@types/eslint@*": version "8.44.7" - resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.44.7.tgz#430b3cc96db70c81f405e6a08aebdb13869198f5" + resolved "https://registry.npmjs.org/@types/eslint/-/eslint-8.44.7.tgz" integrity sha512-f5ORu2hcBbKei97U73mf+l9t4zTGl74IqZ0GQk4oVea/VS8tQZYkUveSYojk+frraAVYId0V2WC9O4PTNru2FQ== dependencies: "@types/estree" "*" @@ -2020,12 +2137,12 @@ "@types/estree@*", "@types/estree@^1.0.0": version "1.0.5" - resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.5.tgz#a6ce3e556e00fd9895dd872dd172ad0d4bd687f4" + resolved "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz" integrity sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw== "@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.33": version "4.17.41" - resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-4.17.41.tgz#5077defa630c2e8d28aa9ffc2c01c157c305bef6" + resolved "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.41.tgz" integrity sha512-OaJ7XLaelTgrvlZD8/aa0vvvxZdUmlCn6MtWeB7TkiKW70BQLc9XEPpDLPdbo52ZhXUCrznlWdCHWxJWtdyajA== dependencies: "@types/node" "*" @@ -2035,7 +2152,7 @@ "@types/express@*", "@types/express@^4.17.13": version "4.17.21" - resolved "https://registry.yarnpkg.com/@types/express/-/express-4.17.21.tgz#c26d4a151e60efe0084b23dc3369ebc631ed192d" + resolved "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz" integrity sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ== dependencies: "@types/body-parser" "*" @@ -2062,38 +2179,38 @@ "@types/http-errors@*": version "2.0.4" - resolved "https://registry.yarnpkg.com/@types/http-errors/-/http-errors-2.0.4.tgz#7eb47726c391b7345a6ec35ad7f4de469cf5ba4f" + resolved "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz" integrity sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA== "@types/http-proxy@^1.17.8": version "1.17.14" - resolved "https://registry.yarnpkg.com/@types/http-proxy/-/http-proxy-1.17.14.tgz#57f8ccaa1c1c3780644f8a94f9c6b5000b5e2eec" + resolved "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.14.tgz" integrity sha512-SSrD0c1OQzlFX7pGu1eXxSEjemej64aaNPRhhVYUGqXh0BtldAAx37MG8btcumvpgKyZp1F5Gn3JkktdxiFv6w== dependencies: "@types/node" "*" "@types/istanbul-lib-coverage@*", "@types/istanbul-lib-coverage@^2.0.0": version "2.0.6" - resolved "https://registry.yarnpkg.com/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz#7739c232a1fee9b4d3ce8985f314c0c6d33549d7" + resolved "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz" integrity sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w== "@types/istanbul-lib-report@*": version "3.0.3" - resolved "https://registry.yarnpkg.com/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz#53047614ae72e19fc0401d872de3ae2b4ce350bf" + resolved "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz" integrity sha512-NQn7AHQnk/RSLOxrBbGyJM/aVQ+pjj5HCgasFxc0K/KhoATfQ/47AyUl15I2yBUpihjmas+a+VJBOqecrFH+uA== dependencies: "@types/istanbul-lib-coverage" "*" "@types/istanbul-reports@^3.0.0": version "3.0.4" - resolved "https://registry.yarnpkg.com/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz#0f03e3d2f670fbdac586e34b433783070cc16f54" + resolved "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz" integrity sha512-pk2B1NWalF9toCRu6gjBzR69syFjP4Od8WRAX+0mmf9lAjCRicLOWc+ZrxZHx/0XRjotgkF9t6iaMJ+aXcOdZQ== dependencies: "@types/istanbul-lib-report" "*" -"@types/json-schema@*", "@types/json-schema@^7.0.4", "@types/json-schema@^7.0.5", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": +"@types/json-schema@*", "@types/json-schema@^7.0.4", "@types/json-schema@^7.0.5", "@types/json-schema@^7.0.6", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": version "7.0.15" - resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841" + resolved "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz" integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA== "@types/mdast@^3.0.0": @@ -2110,19 +2227,19 @@ "@types/mime@^1": version "1.3.5" - resolved "https://registry.yarnpkg.com/@types/mime/-/mime-1.3.5.tgz#1ef302e01cf7d2b5a0fa526790c9123bf1d06690" + resolved "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz" integrity sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w== "@types/node-forge@^1.3.0": version "1.3.9" - resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.9.tgz#0fe4a7ba69c0b173f56e6de65d0eae2c1dd4bbfe" + resolved "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.9.tgz" integrity sha512-meK88cx/sTalPSLSoCzkiUB4VPIFHmxtXm5FaaqRDqBX2i/Sy8bJ4odsan0b20RBjPh06dAQ+OTTdnyQyhJZyQ== dependencies: "@types/node" "*" "@types/node@*": version "20.9.0" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.9.0.tgz#bfcdc230583aeb891cf51e73cfdaacdd8deae298" + resolved "https://registry.npmjs.org/@types/node/-/node-20.9.0.tgz" integrity sha512-nekiGu2NDb1BcVofVcEKMIwzlx4NjHlcjhoxxKBNLtz15Y1z7MYf549DFvkHSId02Ax6kGwWntIBPC3l/JZcmw== dependencies: undici-types "~5.26.4" @@ -2132,6 +2249,11 @@ resolved "https://registry.npmjs.org/@types/node/-/node-17.0.45.tgz" integrity sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw== +"@types/node@14.18.33": + version "14.18.33" + resolved "https://registry.npmjs.org/@types/node/-/node-14.18.33.tgz" + integrity sha512-qelS/Ra6sacc4loe/3MSjXNL1dNQ/GjxNHVzuChwMfmk7HuycRLVQN2qNY3XahK+fZc5E2szqQSKUyAF0E+2bg== + "@types/parse-json@^4.0.0": version "4.0.0" resolved "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.0.tgz" @@ -2159,7 +2281,7 @@ "@types/react-router-config@*", "@types/react-router-config@^5.0.6": version "5.0.10" - resolved "https://registry.yarnpkg.com/@types/react-router-config/-/react-router-config-5.0.10.tgz#1f7537b8d23ad6bb8e7609268fdd89b8b2de1eaf" + resolved "https://registry.npmjs.org/@types/react-router-config/-/react-router-config-5.0.10.tgz" integrity sha512-Wn6c/tXdEgi9adCMtDwx8Q2vGty6TsPTc/wCQQ9kAlye8UqFxj0vGFWWuhywNfkwqth+SOgJxQTLTZukrqDQmQ== dependencies: "@types/history" "^4.7.11" @@ -2177,15 +2299,15 @@ "@types/react-router@*", "@types/react-router@^5.1.0": version "5.1.20" - resolved "https://registry.yarnpkg.com/@types/react-router/-/react-router-5.1.20.tgz#88eccaa122a82405ef3efbcaaa5dcdd9f021387c" + resolved "https://registry.npmjs.org/@types/react-router/-/react-router-5.1.20.tgz" integrity sha512-jGjmu/ZqS7FjSH6owMcD5qpq19+1RS9DeVRqfl1FeBMxTDQAGwlMWOcs52NDoXaNKyG3d1cYQFMs9rCrb88o9Q== dependencies: "@types/history" "^4.7.11" "@types/react" "*" -"@types/react@*": +"@types/react@*", "@types/react@>= 16.8.0 < 19.0.0": version "18.2.37" - resolved "https://registry.yarnpkg.com/@types/react/-/react-18.2.37.tgz#0f03af69e463c0f19a356c2660dbca5d19c44cae" + resolved "https://registry.npmjs.org/@types/react/-/react-18.2.37.tgz" integrity sha512-RGAYMi2bhRgEXT3f4B92WTohopH6bIXw05FuGlmJEnv/omEn190+QYEIYxIAuIBdKgboYYdVved2p1AxZVQnaw== dependencies: "@types/prop-types" "*" @@ -2206,12 +2328,12 @@ "@types/scheduler@*": version "0.16.6" - resolved "https://registry.yarnpkg.com/@types/scheduler/-/scheduler-0.16.6.tgz#eb26db6780c513de59bee0b869ef289ad3068711" + resolved "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.6.tgz" integrity sha512-Vlktnchmkylvc9SnwwwozTv04L/e1NykF5vgoQ0XTmI8DD+wxfjQuHuvHS3p0r2jz2x2ghPs2h1FVeDirIteWA== "@types/send@*": version "0.17.4" - resolved "https://registry.yarnpkg.com/@types/send/-/send-0.17.4.tgz#6619cd24e7270793702e4e6a4b958a9010cfc57a" + resolved "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz" integrity sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA== dependencies: "@types/mime" "^1" @@ -2226,7 +2348,7 @@ "@types/serve-static@*", "@types/serve-static@^1.13.10": version "1.15.5" - resolved "https://registry.yarnpkg.com/@types/serve-static/-/serve-static-1.15.5.tgz#15e67500ec40789a1e8c9defc2d32a896f05b033" + resolved "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.5.tgz" integrity sha512-PDRk21MnK70hja/YF8AHfC7yIsiQHn1rcXx7ijCFBX/k+XQJhQT/gw3xekXKJvx+5SXaMMS8oqQy09Mzvz2TuQ== dependencies: "@types/http-errors" "*" @@ -2247,26 +2369,199 @@ "@types/ws@^8.5.5": version "8.5.9" - resolved "https://registry.yarnpkg.com/@types/ws/-/ws-8.5.9.tgz#384c489f99c83225a53f01ebc3eddf3b8e202a8c" + resolved "https://registry.npmjs.org/@types/ws/-/ws-8.5.9.tgz" integrity sha512-jbdrY0a8lxfdTp/+r7Z4CkycbOFN8WX+IOchLJr3juT/xzbJ8URyTVSJ/hvNdadTgM1mnedb47n+Y31GsFnQlg== dependencies: "@types/node" "*" "@types/yargs-parser@*": version "21.0.3" - resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-21.0.3.tgz#815e30b786d2e8f0dcd85fd5bcf5e1a04d008f15" + resolved "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz" integrity sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ== "@types/yargs@^17.0.8": version "17.0.31" - resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-17.0.31.tgz#8fd0089803fd55d8a285895a18b88cb71a99683c" + resolved "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.31.tgz" integrity sha512-bocYSx4DI8TmdlvxqGpVNXOgCNR1Jj0gNPhhAY+iz1rgKDAaYrAYdFYnhDV1IFuiuVc9HkOwyDcFxaTElF3/wg== dependencies: "@types/yargs-parser" "*" -"@webassemblyjs/ast@1.11.6", "@webassemblyjs/ast@^1.11.5": +"@vercel/build-utils@7.5.1": + version "7.5.1" + resolved "https://registry.npmjs.org/@vercel/build-utils/-/build-utils-7.5.1.tgz" + integrity sha512-RyTG951QZQgYn0JL5OoObsCppxHSQApZAqn82GCpAyuQPW7clqcjq7aY7KLD7esHbs0zdzL0KeDEBkGBKaTcTg== + +"@vercel/error-utils@2.0.2": + version "2.0.2" + resolved "https://registry.npmjs.org/@vercel/error-utils/-/error-utils-2.0.2.tgz" + integrity sha512-Sj0LFafGpYr6pfCqrQ82X6ukRl5qpmVrHM/191kNYFqkkB9YkjlMAj6QcEsvCG259x4QZ7Tya++0AB85NDPbKQ== + +"@vercel/fun@1.1.0": + version "1.1.0" + resolved "https://registry.npmjs.org/@vercel/fun/-/fun-1.1.0.tgz" + integrity sha512-SpuPAo+MlAYMtcMcC0plx7Tv4Mp7SQhJJj1iIENlOnABL24kxHpL09XLQMGzZIzIW7upR8c3edwgfpRtp+dhVw== + dependencies: + "@tootallnate/once" "2.0.0" + async-listen "1.2.0" + debug "4.1.1" + execa "3.2.0" + fs-extra "8.1.0" + generic-pool "3.4.2" + micro "9.3.5-canary.3" + ms "2.1.1" + node-fetch "2.6.7" + path-match "1.2.4" + promisepipe "3.0.0" + semver "7.3.5" + stat-mode "0.3.0" + stream-to-promise "2.2.0" + tar "4.4.18" + tree-kill "1.2.2" + uid-promise "1.0.0" + uuid "3.3.2" + xdg-app-paths "5.1.0" + yauzl-promise "2.1.3" + +"@vercel/gatsby-plugin-vercel-analytics@1.0.11": + version "1.0.11" + resolved "https://registry.npmjs.org/@vercel/gatsby-plugin-vercel-analytics/-/gatsby-plugin-vercel-analytics-1.0.11.tgz" + integrity sha512-iTEA0vY6RBPuEzkwUTVzSHDATo1aF6bdLLspI68mQ/BTbi5UQEGjpjyzdKOVcSYApDtFU6M6vypZ1t4vIEnHvw== + dependencies: + web-vitals "0.2.4" + +"@vercel/gatsby-plugin-vercel-builder@2.0.16": + version "2.0.16" + resolved "https://registry.npmjs.org/@vercel/gatsby-plugin-vercel-builder/-/gatsby-plugin-vercel-builder-2.0.16.tgz" + integrity sha512-szRvR8UiCyH8J4xqz3hwDa0XOE4fTxoPawYDBMNHrx91QFEHAtUBC3KcGhApGmVd7ik0WYP7lqokmv9ngygBlA== + dependencies: + "@sinclair/typebox" "0.25.24" + "@vercel/build-utils" "7.5.1" + "@vercel/routing-utils" "3.1.0" + esbuild "0.14.47" + etag "1.8.1" + fs-extra "11.1.0" + +"@vercel/go@3.0.5": + version "3.0.5" + resolved "https://registry.npmjs.org/@vercel/go/-/go-3.0.5.tgz" + integrity sha512-+kEDI+hop3e8BuKisaEozxfzT6GBbp0OMBcgi0tlD5ZTmhGmpwi3vgK5mBQlB+RBXj7qlqDLW/uV2F1Y03FLcQ== + +"@vercel/hydrogen@1.0.2": + version "1.0.2" + resolved "https://registry.npmjs.org/@vercel/hydrogen/-/hydrogen-1.0.2.tgz" + integrity sha512-/Q2MKk1GfOuZAnkE9jQexjtUQqanbY65R+xtJWd9yKIgwcfRI1hxiNH3uXyVM5AvLoY+fxxULkSuxDtUKpkJpQ== + dependencies: + "@vercel/static-config" "3.0.0" + ts-morph "12.0.0" + +"@vercel/next@4.1.0": + version "4.1.0" + resolved "https://registry.npmjs.org/@vercel/next/-/next-4.1.0.tgz" + integrity sha512-5RsyprRts6POFor2JWNNA8kYQ9R0A5a27VaBESFsPi9YIhytsx6cOdrxWusIF6SM+y+kLA0gvi1yA6uixaP8Cg== + dependencies: + "@vercel/nft" "0.26.2" + +"@vercel/nft@0.26.2": + version "0.26.2" + resolved "https://registry.npmjs.org/@vercel/nft/-/nft-0.26.2.tgz" + integrity sha512-bxe2iShmKZi7476xYamyKvhhKwQ6JPEtQ2FSq1AjMUH2buMd8LQMkdoHinTqZYc+1sMTh3G0ARdjzNvV1FEisA== + dependencies: + "@mapbox/node-pre-gyp" "^1.0.5" + "@rollup/pluginutils" "^4.0.0" + acorn "^8.6.0" + acorn-import-attributes "^1.9.2" + async-sema "^3.1.1" + bindings "^1.4.0" + estree-walker "2.0.2" + glob "^7.1.3" + graceful-fs "^4.2.9" + micromatch "^4.0.2" + node-gyp-build "^4.2.2" + resolve-from "^5.0.0" + +"@vercel/node@3.0.17": + version "3.0.17" + resolved "https://registry.npmjs.org/@vercel/node/-/node-3.0.17.tgz" + integrity sha512-HgIDxVAG/cEGLcSYdatGwk/zraN2aDP3ZQxy0I9eFsG8+rgC5eh3mFpNYEcBDkikpMr1jW/zpesf43s/A77/GQ== + dependencies: + "@edge-runtime/node-utils" "2.2.1" + "@edge-runtime/primitives" "4.0.5" + "@edge-runtime/vm" "3.1.7" + "@types/node" "14.18.33" + "@vercel/build-utils" "7.5.1" + "@vercel/error-utils" "2.0.2" + "@vercel/nft" "0.26.2" + "@vercel/static-config" "3.0.0" + async-listen "3.0.0" + edge-runtime "2.5.7" + esbuild "0.14.47" + etag "1.8.1" + node-fetch "2.6.9" + path-to-regexp "6.2.1" + ts-morph "12.0.0" + ts-node "10.9.1" + typescript "4.9.5" + undici "5.26.5" + +"@vercel/python@4.1.1": + version "4.1.1" + resolved "https://registry.npmjs.org/@vercel/python/-/python-4.1.1.tgz" + integrity sha512-EbAdKOZ0hPd5b59tLt7R3RQK1azNvuZTrCFRAVHNjqcIHNCmrSvjag5zBGn7Memkk8qWb3+CgBw9K/3LJKei0w== + +"@vercel/redwood@2.0.6": + version "2.0.6" + resolved "https://registry.npmjs.org/@vercel/redwood/-/redwood-2.0.6.tgz" + integrity sha512-bH8z/0peYlEdFGxyPWwOScTV75eb47H8IK9u0EZ3LtC7hKwiqEkQIRg2CtyH5FmILlGN9nRxEB5XWsboigHByw== + dependencies: + "@vercel/nft" "0.26.2" + "@vercel/routing-utils" "3.1.0" + semver "6.3.1" + +"@vercel/remix-builder@2.0.18": + version "2.0.18" + resolved "https://registry.npmjs.org/@vercel/remix-builder/-/remix-builder-2.0.18.tgz" + integrity sha512-dSi/FQ3jjEl6q9Hpzwkiikq7CwO309TS1bkcuORbsd55HloDeirvQurxoGOqWN+4O6Acuy568YI33A7LAz9/lw== + dependencies: + "@vercel/nft" "0.26.2" + "@vercel/static-config" "3.0.0" + ts-morph "12.0.0" + +"@vercel/routing-utils@3.1.0": + version "3.1.0" + resolved "https://registry.npmjs.org/@vercel/routing-utils/-/routing-utils-3.1.0.tgz" + integrity sha512-Ci5xTjVTJY/JLZXpCXpLehMft97i9fH34nu9PGav6DtwkVUF6TOPX86U0W0niQjMZ5n6/ZP0BwcJK2LOozKaGw== + dependencies: + path-to-regexp "6.1.0" + optionalDependencies: + ajv "^6.0.0" + +"@vercel/ruby@2.0.5": + version "2.0.5" + resolved "https://registry.npmjs.org/@vercel/ruby/-/ruby-2.0.5.tgz" + integrity sha512-Gfm8HDech41vf+EPleRzgoJUnDTJerKgckMm4KX0JT860gV9XBMSOWYH7eMWHmMza104+HRCWL7wT6OlpftF2Q== + +"@vercel/static-build@2.1.0": + version "2.1.0" + resolved "https://registry.npmjs.org/@vercel/static-build/-/static-build-2.1.0.tgz" + integrity sha512-mSP3UNckqr3aqTx8fAbUiM/5E4llgJeUWFf1/RgUUqt5T5QnxZ2n10HagHSZ/fHCx1bT+J8jdty8Aq7v+vJt2Q== + dependencies: + "@vercel/gatsby-plugin-vercel-analytics" "1.0.11" + "@vercel/gatsby-plugin-vercel-builder" "2.0.16" + "@vercel/static-config" "3.0.0" + ts-morph "12.0.0" + +"@vercel/static-config@3.0.0": + version "3.0.0" + resolved "https://registry.npmjs.org/@vercel/static-config/-/static-config-3.0.0.tgz" + integrity sha512-2qtvcBJ1bGY0dYGYh3iM7yGKkk971FujLEDXzuW5wcZsPr1GSEjO/w2iSr3qve6nDDtBImsGoDEnus5FI4+fIw== + dependencies: + ajv "8.6.3" + json-schema-to-ts "1.6.4" + ts-morph "12.0.0" + +"@webassemblyjs/ast@^1.11.5", "@webassemblyjs/ast@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.11.6.tgz#db046555d3c413f8966ca50a95176a0e2c642e24" + resolved "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.6.tgz" integrity sha512-IN1xI7PwOvLPgjcf180gC1bqn3q/QaOCwYUahIOhbYUu8KA/3tw2RT/T0Gidi1l7Hhj5D/INhJxiICObqpMu4Q== dependencies: "@webassemblyjs/helper-numbers" "1.11.6" @@ -2274,22 +2569,22 @@ "@webassemblyjs/floating-point-hex-parser@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz#dacbcb95aff135c8260f77fa3b4c5fea600a6431" + resolved "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz" integrity sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw== "@webassemblyjs/helper-api-error@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz#6132f68c4acd59dcd141c44b18cbebbd9f2fa768" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz" integrity sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q== "@webassemblyjs/helper-buffer@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.6.tgz#b66d73c43e296fd5e88006f18524feb0f2c7c093" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.6.tgz" integrity sha512-z3nFzdcp1mb8nEOFFk8DrYLpHvhKC3grJD2ardfKOzmbmJvEf/tPIqCY+sNcwZIY8ZD7IkB2l7/pqhUhqm7hLA== "@webassemblyjs/helper-numbers@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz#cbce5e7e0c1bd32cf4905ae444ef64cea919f1b5" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz" integrity sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g== dependencies: "@webassemblyjs/floating-point-hex-parser" "1.11.6" @@ -2298,12 +2593,12 @@ "@webassemblyjs/helper-wasm-bytecode@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz#bb2ebdb3b83aa26d9baad4c46d4315283acd51e9" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz" integrity sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA== "@webassemblyjs/helper-wasm-section@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.6.tgz#ff97f3863c55ee7f580fd5c41a381e9def4aa577" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.6.tgz" integrity sha512-LPpZbSOwTpEC2cgn4hTydySy1Ke+XEu+ETXuoyvuyezHO3Kjdu90KK95Sh9xTbmjrCsUwvWwCOQQNta37VrS9g== dependencies: "@webassemblyjs/ast" "1.11.6" @@ -2313,26 +2608,26 @@ "@webassemblyjs/ieee754@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz#bb665c91d0b14fffceb0e38298c329af043c6e3a" + resolved "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz" integrity sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg== dependencies: "@xtuc/ieee754" "^1.2.0" "@webassemblyjs/leb128@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.6.tgz#70e60e5e82f9ac81118bc25381a0b283893240d7" + resolved "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.6.tgz" integrity sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ== dependencies: "@xtuc/long" "4.2.2" "@webassemblyjs/utf8@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a" + resolved "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.6.tgz" integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA== "@webassemblyjs/wasm-edit@^1.11.5": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.6.tgz#c72fa8220524c9b416249f3d94c2958dfe70ceab" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.6.tgz" integrity sha512-Ybn2I6fnfIGuCR+Faaz7YcvtBKxvoLV3Lebn1tM4o/IAJzmi9AWYIPWpyBfU8cC+JxAO57bk4+zdsTjJR+VTOw== dependencies: "@webassemblyjs/ast" "1.11.6" @@ -2346,7 +2641,7 @@ "@webassemblyjs/wasm-gen@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.6.tgz#fb5283e0e8b4551cc4e9c3c0d7184a65faf7c268" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.6.tgz" integrity sha512-3XOqkZP/y6B4F0PBAXvI1/bky7GryoogUtfwExeP/v7Nzwo1QLcq5oQmpKlftZLbT+ERUOAZVQjuNVak6UXjPA== dependencies: "@webassemblyjs/ast" "1.11.6" @@ -2357,7 +2652,7 @@ "@webassemblyjs/wasm-opt@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.6.tgz#d9a22d651248422ca498b09aa3232a81041487c2" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.6.tgz" integrity sha512-cOrKuLRE7PCe6AsOVl7WasYf3wbSo4CeOk6PkrjS7g57MFfVUF9u6ysQBBODX0LdgSvQqRiGz3CXvIDKcPNy4g== dependencies: "@webassemblyjs/ast" "1.11.6" @@ -2365,9 +2660,9 @@ "@webassemblyjs/wasm-gen" "1.11.6" "@webassemblyjs/wasm-parser" "1.11.6" -"@webassemblyjs/wasm-parser@1.11.6", "@webassemblyjs/wasm-parser@^1.11.5": +"@webassemblyjs/wasm-parser@^1.11.5", "@webassemblyjs/wasm-parser@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz#bb85378c527df824004812bbdb784eea539174a1" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz" integrity sha512-6ZwPeGzMJM3Dqp3hCsLgESxBGtT/OeCvCZ4TA1JUPYgmhAx38tTPR9JaKy0S5H3evQpO/h2uWs2j6Yc/fjkpTQ== dependencies: "@webassemblyjs/ast" "1.11.6" @@ -2379,7 +2674,7 @@ "@webassemblyjs/wast-printer@1.11.6": version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.11.6.tgz#a7bf8dd7e362aeb1668ff43f35cb849f188eff20" + resolved "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.6.tgz" integrity sha512-JM7AhRcE+yW2GWYaKeHL5vt4xqee5N2WcezptmgyhNS+ScggqcT1OtXykhAb13Sn5Yas0j2uv9tHgrjwvzAP4A== dependencies: "@webassemblyjs/ast" "1.11.6" @@ -2395,6 +2690,11 @@ resolved "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz" integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ== +abbrev@1: + version "1.1.1" + resolved "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz" + integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q== + accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8: version "1.3.8" resolved "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz" @@ -2405,24 +2705,36 @@ accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8: acorn-import-assertions@^1.9.0: version "1.9.0" - resolved "https://registry.yarnpkg.com/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz#507276249d684797c84e0734ef84860334cfb1ac" + resolved "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz" integrity sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA== -acorn-walk@^8.0.0: +acorn-import-attributes@^1.9.2: + version "1.9.2" + resolved "https://registry.npmjs.org/acorn-import-attributes/-/acorn-import-attributes-1.9.2.tgz" + integrity sha512-O+nfJwNolEA771IYJaiLWK1UAwjNsQmZbTRqqwBYxCgVQTmpFEMvBw6LOIQV0Me339L5UMVYFyRohGnGlQDdIQ== + +acorn-walk@^8.0.0, acorn-walk@^8.1.1: version "8.2.0" resolved "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz" integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA== -acorn@^8.0.4, acorn@^8.7.1, acorn@^8.8.2: +acorn@^8, acorn@^8.0.4, acorn@^8.4.1, acorn@^8.6.0, acorn@^8.7.1, acorn@^8.8.2: version "8.11.2" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.11.2.tgz#ca0d78b51895be5390a5903c5b3bdcdaf78ae40b" + resolved "https://registry.npmjs.org/acorn/-/acorn-8.11.2.tgz" integrity sha512-nc0Axzp/0FILLEVsm4fNwLCwMttvhEI263QtVPQcbpfZZ3ts0hLsZGOpE6czNlid7CJ9MlyH8reXkpsf3YUY4w== address@^1.0.1, address@^1.1.2: version "1.2.2" - resolved "https://registry.yarnpkg.com/address/-/address-1.2.2.tgz#2b5248dac5485a6390532c6a517fda2e3faac89e" + resolved "https://registry.npmjs.org/address/-/address-1.2.2.tgz" integrity sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA== +agent-base@6: + version "6.0.2" + resolved "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz" + integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ== + dependencies: + debug "4" + aggregate-error@^3.0.0: version "3.1.0" resolved "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz" @@ -2445,12 +2757,12 @@ ajv-keywords@^3.4.1, ajv-keywords@^3.5.2: ajv-keywords@^5.1.0: version "5.1.0" - resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-5.1.0.tgz#69d4d385a4733cdbeab44964a1170a88f87f0e16" + resolved "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz" integrity sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw== dependencies: fast-deep-equal "^3.1.3" -ajv@^6.12.2, ajv@^6.12.4, ajv@^6.12.5: +ajv@^6.0.0, ajv@^6.12.2, ajv@^6.12.4, ajv@^6.12.5, ajv@^6.9.1: version "6.12.6" resolved "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz" integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== @@ -2460,9 +2772,9 @@ ajv@^6.12.2, ajv@^6.12.4, ajv@^6.12.5: json-schema-traverse "^0.4.1" uri-js "^4.2.2" -ajv@^8.0.0, ajv@^8.9.0: +ajv@^8.0.0, ajv@^8.8.2, ajv@^8.9.0: version "8.12.0" - resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.12.0.tgz#d1a0527323e22f53562c567c00991577dfbe19d1" + resolved "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz" integrity sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA== dependencies: fast-deep-equal "^3.1.1" @@ -2470,6 +2782,16 @@ ajv@^8.0.0, ajv@^8.9.0: require-from-string "^2.0.2" uri-js "^4.2.2" +ajv@8.6.3: + version "8.6.3" + resolved "https://registry.npmjs.org/ajv/-/ajv-8.6.3.tgz" + integrity sha512-SMJOdDP6LqTkD0Uq8qLi+gMwSt0imXLSV080qFVwJCpH9U6Mb+SUGHAXM0KNbcBPguytWyvFxcHgMLe2D2XSpw== + dependencies: + fast-deep-equal "^3.1.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + uri-js "^4.2.2" + algoliasearch-helper@^3.10.0: version "3.15.0" resolved "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.15.0.tgz" @@ -2477,7 +2799,7 @@ algoliasearch-helper@^3.10.0: dependencies: "@algolia/events" "^4.0.1" -algoliasearch@^4.13.1, algoliasearch@^4.19.1: +algoliasearch@^4.13.1, algoliasearch@^4.19.1, "algoliasearch@>= 3.1 < 6", "algoliasearch@>= 4.9.1 < 6": version "4.20.0" resolved "https://registry.npmjs.org/algoliasearch/-/algoliasearch-4.20.0.tgz" integrity sha512-y+UHEjnOItoNy0bYO+WWmLWBlPwDjKHW6mNHrPi0NkuhpQOOEbrkwQH/wgKFDLh7qlKjzoKeiRtlpewDPDG23g== @@ -2535,27 +2857,50 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0: ansi-styles@^6.1.0: version "6.2.1" - resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-6.2.1.tgz#0e62320cf99c21afff3b3012192546aacbfb05c5" + resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz" integrity sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug== -any-promise@^1.0.0: +any-promise@^1.0.0, any-promise@^1.1.0, any-promise@~1.3.0: version "1.3.0" resolved "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz" integrity sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A== -anymatch@~3.1.2: +anymatch@~3.1.1, anymatch@~3.1.2: version "3.1.3" - resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.3.tgz#790c58b19ba1720a84205b57c618d5ad8524973e" + resolved "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz" integrity sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw== dependencies: normalize-path "^3.0.0" picomatch "^2.0.4" +"aproba@^1.0.3 || ^2.0.0": + version "2.0.0" + resolved "https://registry.npmjs.org/aproba/-/aproba-2.0.0.tgz" + integrity sha512-lYe4Gx7QT+MKGbDsA+Z+he/Wtef0BiwDOlK/XkBrdfsh9J/jPPXbX0tE9x9cl27Tmu5gg3QUbUrQYa/y+KOHPQ== + +are-we-there-yet@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-2.0.0.tgz" + integrity sha512-Ci/qENmwHnsYo9xKIcUJN5LeDKdJ6R1Z1j9V/J5wyq8nh/mYPEpIKJbBZXtZjG04HiK7zV/p6Vs9952MrMeUIw== + dependencies: + delegates "^1.0.0" + readable-stream "^3.6.0" + +arg@^4.1.0: + version "4.1.3" + resolved "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz" + integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA== + arg@^5.0.0, arg@^5.0.2: version "5.0.2" resolved "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz" integrity sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg== +arg@4.1.0: + version "4.1.0" + resolved "https://registry.npmjs.org/arg/-/arg-4.1.0.tgz" + integrity sha512-ZWc51jO3qegGkVh8Hwpv636EkbesNV5ZNQPCtRa+0qytRYPEs9IYT9qITY9buezqUH5uqyzlWLcufrzU2rffdg== + argparse@^1.0.7: version "1.0.10" resolved "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz" @@ -2568,16 +2913,16 @@ argparse@^2.0.1: resolved "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz" integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== -array-flatten@1.1.1: - version "1.1.1" - resolved "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz" - integrity sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg== - array-flatten@^2.1.2: version "2.1.2" resolved "https://registry.npmjs.org/array-flatten/-/array-flatten-2.1.2.tgz" integrity sha512-hNfzcOV8W4NdualtqBFPyVO+54DSJuZGY9qT4pRroB6S9e3iiido2ISIC5h9R2sPJ8H3FHCIiEnsv1lPXO3KtQ== +array-flatten@1.1.1: + version "1.1.1" + resolved "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz" + integrity sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg== + array-union@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz" @@ -2588,6 +2933,26 @@ asap@~2.0.3: resolved "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz" integrity sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA== +async-listen@1.2.0: + version "1.2.0" + resolved "https://registry.npmjs.org/async-listen/-/async-listen-1.2.0.tgz" + integrity sha512-CcEtRh/oc9Jc4uWeUwdpG/+Mb2YUHKmdaTf0gUr7Wa+bfp4xx70HOb3RuSTJMvqKNB1TkdTfjLdrcz2X4rkkZA== + +async-listen@3.0.0: + version "3.0.0" + resolved "https://registry.npmjs.org/async-listen/-/async-listen-3.0.0.tgz" + integrity sha512-V+SsTpDqkrWTimiotsyl33ePSjA5/KrithwupuvJ6ztsqPvGv6ge4OredFhPffVXiLN/QUWvE0XcqJaYgt6fOg== + +async-listen@3.0.1: + version "3.0.1" + resolved "https://registry.npmjs.org/async-listen/-/async-listen-3.0.1.tgz" + integrity sha512-cWMaNwUJnf37C/S5TfCkk/15MwbPRwVYALA2jtjkbHjCmAPiDXyNJy2q3p1KAZzDLHAWyarUWSujUoHR4pEgrA== + +async-sema@^3.1.1: + version "3.1.1" + resolved "https://registry.npmjs.org/async-sema/-/async-sema-3.1.1.tgz" + integrity sha512-tLRNUXati5MFePdAk8dw7Qt7DpxPB60ofAgn8WRhW6a2rcimZnYBP9oxHiv0OHy+Wz7kPMG+t4LGdt31+4EmGg== + at-least-node@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz" @@ -2614,7 +2979,7 @@ axios@^0.25.0: babel-loader@^8.2.5: version "8.3.0" - resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-8.3.0.tgz#124936e841ba4fe8176786d6ff28add1f134d6a8" + resolved "https://registry.npmjs.org/babel-loader/-/babel-loader-8.3.0.tgz" integrity sha512-H8SvsMF+m9t15HNLMipppzkC+Y2Yq+v3SonZyU70RBL/h1gxPkH08Ot8pEE9Z4Kd+czyWJClmFS8qzIP9OZ04Q== dependencies: find-cache-dir "^3.3.1" @@ -2646,7 +3011,7 @@ babel-plugin-extract-import-names@1.6.22: babel-plugin-polyfill-corejs2@^0.4.6: version "0.4.6" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.6.tgz#b2df0251d8e99f229a8e60fc4efa9a68b41c8313" + resolved "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.6.tgz" integrity sha512-jhHiWVZIlnPbEUKSSNb9YoWcQGdlTLq7z1GHL4AjFxaoOUMuuEVJ+Y4pAaQUGOGk93YsVCKPbqbfw3m0SM6H8Q== dependencies: "@babel/compat-data" "^7.22.6" @@ -2655,7 +3020,7 @@ babel-plugin-polyfill-corejs2@^0.4.6: babel-plugin-polyfill-corejs3@^0.8.5: version "0.8.6" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.6.tgz#25c2d20002da91fe328ff89095c85a391d6856cf" + resolved "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.6.tgz" integrity sha512-leDIc4l4tUgU7str5BWLS2h8q2N4Nf6lGZP6UrNDxdtfF2g69eJ5L0H7S8A5Ln/arfFAfHor5InAdZuIOwZdgQ== dependencies: "@babel/helper-define-polyfill-provider" "^0.4.3" @@ -2663,7 +3028,7 @@ babel-plugin-polyfill-corejs3@^0.8.5: babel-plugin-polyfill-regenerator@^0.5.3: version "0.5.3" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.3.tgz#d4c49e4b44614607c13fb769bcd85c72bb26a4a5" + resolved "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.3.tgz" integrity sha512-8sHeDOmXC8csczMrYEOf0UTNa4yE2SxV5JGeT/LP1n0OYVDUUFPxG9vdk2AlDlIit4t+Kf0xCtpgXPBwnn/9pw== dependencies: "@babel/helper-define-polyfill-provider" "^0.4.3" @@ -2698,9 +3063,16 @@ binary-extensions@^2.0.0: resolved "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz" integrity sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA== +bindings@^1.4.0: + version "1.5.0" + resolved "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz" + integrity sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ== + dependencies: + file-uri-to-path "1.0.0" + body-parser@1.20.1: version "1.20.1" - resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.1.tgz#b1812a8912c195cd371a3ee5e66faa2338a5c668" + resolved "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz" integrity sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw== dependencies: bytes "3.1.2" @@ -2718,7 +3090,7 @@ body-parser@1.20.1: bonjour-service@^1.0.11: version "1.1.1" - resolved "https://registry.yarnpkg.com/bonjour-service/-/bonjour-service-1.1.1.tgz#960948fa0e0153f5d26743ab15baf8e33752c135" + resolved "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.1.1.tgz" integrity sha512-Z/5lQRMOG9k7W+FkeGTNjh7htqn/2LMnfOvBZ8pynNZCM9MwkQkI3zeI4oz09uWdcgmgHugVvBqxGg4VQJ5PCg== dependencies: array-flatten "^2.1.2" @@ -2774,16 +3146,21 @@ braces@^3.0.2, braces@~3.0.2: dependencies: fill-range "^7.0.1" -browserslist@^4.0.0, browserslist@^4.14.5, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.21.4, browserslist@^4.21.9, browserslist@^4.22.1: - version "4.22.1" - resolved "https://registry.npmjs.org/browserslist/-/browserslist-4.22.1.tgz" - integrity sha512-FEVc202+2iuClEhZhrWy6ZiAcRLvNMyYcxZ8raemul1DYVOVdFsbqckWLdsixQZCpJlwe77Z3UTalE7jsjnKfQ== +browserslist@^4.0.0, browserslist@^4.14.5, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.21.4, browserslist@^4.22.1, browserslist@^4.22.2, "browserslist@>= 4.21.0": + version "4.22.3" + resolved "https://registry.npmjs.org/browserslist/-/browserslist-4.22.3.tgz" + integrity sha512-UAp55yfwNv0klWNapjs/ktHoguxuQNGnOzxYmfnXIS+8AsRDZkSDxg7R1AX3GKzn078SBI5dzwzj/Yx0Or0e3A== dependencies: - caniuse-lite "^1.0.30001541" - electron-to-chromium "^1.4.535" - node-releases "^2.0.13" + caniuse-lite "^1.0.30001580" + electron-to-chromium "^1.4.648" + node-releases "^2.0.14" update-browserslist-db "^1.0.13" +buffer-crc32@~0.2.3: + version "0.2.13" + resolved "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz" + integrity sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ== + buffer-from@^1.0.0: version "1.1.2" resolved "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz" @@ -2794,6 +3171,11 @@ bytes@3.0.0: resolved "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz" integrity sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw== +bytes@3.1.0: + version "3.1.0" + resolved "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz" + integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg== + bytes@3.1.2: version "3.1.2" resolved "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz" @@ -2833,7 +3215,7 @@ camel-case@^4.1.2: pascal-case "^3.1.2" tslib "^2.0.3" -camelcase-css@2.0.1, camelcase-css@^2.0.1: +camelcase-css@^2.0.1, camelcase-css@2.0.1: version "2.0.1" resolved "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz" integrity sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA== @@ -2853,10 +3235,10 @@ caniuse-api@^3.0.0: lodash.memoize "^4.1.2" lodash.uniq "^4.5.0" -caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001538, caniuse-lite@^1.0.30001541: - version "1.0.30001559" - resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001559.tgz" - integrity sha512-cPiMKZgqgkg5LY3/ntGeLFUpi6tzddBNS58A4tnTgQw1zON7u2sZMU7SzOeVH4tj20++9ggL+V6FDOFMTaFFYA== +caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001538, caniuse-lite@^1.0.30001580: + version "1.0.30001581" + resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001581.tgz" + integrity sha512-whlTkwhqV2tUmP3oYhtNfaWGYHDdS3JYFQBKXxcUR9qqPWsRhFHhoISO2Xnl/g0xyKzht9mI1LZpiNWfMzHixQ== ccount@^1.0.0: version "1.1.0" @@ -2865,7 +3247,7 @@ ccount@^1.0.0: chalk@^2.4.2: version "2.4.2" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" + resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== dependencies: ansi-styles "^3.2.1" @@ -2935,6 +3317,31 @@ chokidar@^3.4.2, chokidar@^3.5.3: optionalDependencies: fsevents "~2.3.2" +chokidar@3.3.1: + version "3.3.1" + resolved "https://registry.npmjs.org/chokidar/-/chokidar-3.3.1.tgz" + integrity sha512-4QYCEWOcK3OJrxwvyyAOxFuhpvOVCYkr33LPfFNBjAD/w3sEzWsp2BUOkI4l9bHvWioAd0rc6NlHUOEaWkTeqg== + dependencies: + anymatch "~3.1.1" + braces "~3.0.2" + glob-parent "~5.1.0" + is-binary-path "~2.1.0" + is-glob "~4.0.1" + normalize-path "~3.0.0" + readdirp "~3.3.0" + optionalDependencies: + fsevents "~2.1.2" + +chownr@^1.1.4: + version "1.1.4" + resolved "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz" + integrity sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg== + +chownr@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz" + integrity sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ== + chrome-trace-event@^1.0.2: version "1.0.3" resolved "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz" @@ -2947,12 +3354,12 @@ ci-info@^2.0.0: ci-info@^3.2.0: version "3.9.0" - resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.9.0.tgz#4279a62028a7b1f262f3473fc9605f5e218c59b4" + resolved "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz" integrity sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ== clean-css@^5.2.2, clean-css@^5.3.0: version "5.3.2" - resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-5.3.2.tgz#70ecc7d4d4114921f5d298349ff86a31a9975224" + resolved "https://registry.npmjs.org/clean-css/-/clean-css-5.3.2.tgz" integrity sha512-JVJbM+f3d3Q704rF4bqQ5UUyTtuJ0JRKNbTKVEeujCCBoMdkEi+V+e8oktO9qGQNSvHrFTM6JZRXrUvGR1czww== dependencies: source-map "~0.6.0" @@ -2974,7 +3381,7 @@ cli-boxes@^3.0.0: cli-table3@^0.6.2: version "0.6.3" - resolved "https://registry.yarnpkg.com/cli-table3/-/cli-table3-0.6.3.tgz#61ab765aac156b52f222954ffc607a6f01dbeeb2" + resolved "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.3.tgz" integrity sha512-w5Jac5SykAeZJKntOxJCrm63Eg5/4dhMWIcuTbo9rpE+brgaSZo0RuNJZeOyMgsUdhDeojvgyQLmjI+K50ZGyg== dependencies: string-width "^4.2.0" @@ -3002,6 +3409,11 @@ clsx@^1.2.1: resolved "https://registry.npmjs.org/clsx/-/clsx-1.2.1.tgz" integrity sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg== +code-block-writer@^10.1.1: + version "10.1.1" + resolved "https://registry.npmjs.org/code-block-writer/-/code-block-writer-10.1.1.tgz" + integrity sha512-67ueh2IRGst/51p0n6FvPrnRjAGHY5F8xdjkgrYE7DDzpJe6qA07RYQ9VcoUeo5ATOjSOiWpSL3SWBRRbempMw== + collapse-white-space@^1.0.2: version "1.0.6" resolved "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-1.0.6.tgz" @@ -3021,15 +3433,20 @@ color-convert@^2.0.1: dependencies: color-name "~1.1.4" +color-name@~1.1.4: + version "1.1.4" + resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz" + integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== + color-name@1.1.3: version "1.1.3" resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz" integrity sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw== -color-name@~1.1.4: - version "1.1.4" - resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz" - integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== +color-support@^1.1.2: + version "1.1.3" + resolved "https://registry.npmjs.org/color-support/-/color-support-1.1.3.tgz" + integrity sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg== colord@^2.9.1: version "2.9.3" @@ -3038,12 +3455,12 @@ colord@^2.9.1: colorette@^2.0.10: version "2.0.20" - resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.20.tgz#9eb793e6833067f7235902fcd3b09917a000a95a" + resolved "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz" integrity sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w== combine-promises@^1.1.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/combine-promises/-/combine-promises-1.2.0.tgz#5f2e68451862acf85761ded4d9e2af7769c2ca6a" + resolved "https://registry.npmjs.org/combine-promises/-/combine-promises-1.2.0.tgz" integrity sha512-VcQB1ziGD0NXrhKxiwyNbCDmRzs/OShMs2GqW2DlU2A/Sd0nQxE1oWDAE5O0ygSx5mgQOn9eIFh7yKPgFRVkPQ== comma-separated-tokens@^1.0.0: @@ -3128,6 +3545,11 @@ consola@^2.15.3: resolved "https://registry.npmjs.org/consola/-/consola-2.15.3.tgz" integrity sha512-9vAdYbHj6x2fLKC4+oPH0kFzY/orMZyG2Aj+kNylHxKGJ/Ed4dpNyAQYwJOdqO4zdM7XpVHmyejQDcQHrnuXbw== +console-control-strings@^1.0.0, console-control-strings@^1.1.0: + version "1.1.0" + resolved "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz" + integrity sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ== + content-disposition@0.5.2: version "0.5.2" resolved "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz" @@ -3142,17 +3564,27 @@ content-disposition@0.5.4: content-type@~1.0.4: version "1.0.5" - resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.5.tgz#8b773162656d1d1086784c8f23a54ce6d73d7918" + resolved "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz" integrity sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA== +content-type@1.0.4: + version "1.0.4" + resolved "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz" + integrity sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA== + +convert-hrtime@^3.0.0: + version "3.0.0" + resolved "https://registry.npmjs.org/convert-hrtime/-/convert-hrtime-3.0.0.tgz" + integrity sha512-7V+KqSvMiHp8yWDuwfww06XleMWVVB9b9tURBx+G7UTADuo5hYPuowKloz4OzOqbPezxgo+fdQ1522WzPG4OeA== + convert-source-map@^1.7.0: version "1.9.0" - resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.9.0.tgz#7faae62353fb4213366d0ca98358d22e8368b05f" + resolved "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz" integrity sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A== convert-source-map@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-2.0.0.tgz#4b560f649fc4e918dd0ab75cf4961e8bc882d82a" + resolved "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz" integrity sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg== cookie-signature@1.0.6: @@ -3184,19 +3616,19 @@ copy-webpack-plugin@^11.0.0: core-js-compat@^3.31.0, core-js-compat@^3.33.1: version "3.33.2" - resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.33.2.tgz#3ea4563bfd015ad4e4b52442865b02c62aba5085" + resolved "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.33.2.tgz" integrity sha512-axfo+wxFVxnqf8RvxTzoAlzW4gRoacrHeoFlc9n0x50+7BEyZL/Rt3hicaED1/CEd7I6tPCPVUYcJwCMO5XUYw== dependencies: browserslist "^4.22.1" core-js-pure@^3.30.2: version "3.33.2" - resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.33.2.tgz#644830db2507ef84d068a70980ccd99c275f5fa6" + resolved "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.33.2.tgz" integrity sha512-a8zeCdyVk7uF2elKIGz67AjcXOxjRbwOLz8SbklEso1V+2DoW4OkAMZN9S9GBgvZIaqQi/OemFX4OiSoQEmg1Q== core-js@^3.23.3: version "3.33.2" - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.33.2.tgz#312bbf6996a3a517c04c99b9909cdd27138d1ceb" + resolved "https://registry.npmjs.org/core-js/-/core-js-3.33.2.tgz" integrity sha512-XeBzWI6QL3nJQiHmdzbAOiMYqjrb7hwU7A39Qhvd/POSa/t9E1AeZyEZx3fNvp/vtM8zXwhoL0FsiS0hD0pruQ== core-util-is@~1.0.0: @@ -3217,7 +3649,7 @@ cosmiconfig@^6.0.0: cosmiconfig@^7.0.1: version "7.1.0" - resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-7.1.0.tgz#1443b9afa596b670082ea46cbd8f6a62b84635f6" + resolved "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.1.0.tgz" integrity sha512-AdmX6xUzdNASswsFtmwSt7Vj8po9IuqXm0UXz7QKPuEUmPB4XyjGfaAr2PSuELMwkRMVH1EpIkX5bTZGRB3eCA== dependencies: "@types/parse-json" "^4.0.0" @@ -3228,7 +3660,7 @@ cosmiconfig@^7.0.1: cosmiconfig@^8.2.0: version "8.3.6" - resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-8.3.6.tgz#060a2b871d66dba6c8538ea1118ba1ac16f5fae3" + resolved "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz" integrity sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA== dependencies: import-fresh "^3.3.0" @@ -3236,6 +3668,11 @@ cosmiconfig@^8.2.0: parse-json "^5.2.0" path-type "^4.0.0" +create-require@^1.1.0: + version "1.1.1" + resolved "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz" + integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ== + cross-fetch@^3.1.5: version "3.1.8" resolved "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.8.tgz" @@ -3243,7 +3680,7 @@ cross-fetch@^3.1.5: dependencies: node-fetch "^2.6.12" -cross-spawn@^7.0.3: +cross-spawn@^7.0.0, cross-spawn@^7.0.3: version "7.0.3" resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz" integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w== @@ -3264,7 +3701,7 @@ css-declaration-sorter@^6.3.1: css-loader@^6.7.1: version "6.8.1" - resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-6.8.1.tgz#0f8f52699f60f5e679eab4ec0fcd68b8e8a50a88" + resolved "https://registry.npmjs.org/css-loader/-/css-loader-6.8.1.tgz" integrity sha512-xDAXtEVGlD0gJ07iclwWVkLoZOpEvAWaSyf6W18S2pOC//K8+qUDIx8IIT3D+HjnmkJPQeesOPv5aiUaJsCM2g== dependencies: icss-utils "^5.1.0" @@ -3278,7 +3715,7 @@ css-loader@^6.7.1: css-minimizer-webpack-plugin@^4.0.0: version "4.2.2" - resolved "https://registry.yarnpkg.com/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-4.2.2.tgz#79f6199eb5adf1ff7ba57f105e3752d15211eb35" + resolved "https://registry.npmjs.org/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-4.2.2.tgz" integrity sha512-s3Of/4jKfw1Hj9CxEO1E5oXhQAxlayuHO2y/ML+C6I9sQ7FdzfEV6QgMLN3vI+qFsjJGIAFLKtQK7t8BOXAIyA== dependencies: cssnano "^5.1.8" @@ -3382,7 +3819,7 @@ cssnano-utils@^3.1.0: cssnano@^5.1.12, cssnano@^5.1.8: version "5.1.15" - resolved "https://registry.yarnpkg.com/cssnano/-/cssnano-5.1.15.tgz#ded66b5480d5127fcb44dac12ea5a983755136bf" + resolved "https://registry.npmjs.org/cssnano/-/cssnano-5.1.15.tgz" integrity sha512-j+BKgDcLDQA+eDifLx0EO4XSA56b7uut3BQFH+wbSaSTuGLuiyTa/wbRYthUXX8LC9mLg+WWKe8h+qJuwTAbHw== dependencies: cssnano-preset-default "^5.2.14" @@ -3398,23 +3835,51 @@ csso@^4.2.0: csstype@^3.0.2: version "3.1.2" - resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.2.tgz#1d4bf9d572f11c14031f0436e1c10bc1f571f50b" + resolved "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz" integrity sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ== -debug@2.6.9, debug@^2.6.0: +debug@^2.6.0, debug@2.6.9: version "2.6.9" resolved "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz" integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== dependencies: ms "2.0.0" -debug@4, debug@^4.1.0, debug@^4.1.1: +debug@^4.1.0: + version "4.3.4" + resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" + integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== + dependencies: + ms "2.1.2" + +debug@^4.1.1: + version "4.3.4" + resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" + integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== + dependencies: + ms "2.1.2" + +debug@^4.3.1: + version "4.3.4" + resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" + integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== + dependencies: + ms "2.1.2" + +debug@4: version "4.3.4" resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== dependencies: ms "2.1.2" +debug@4.1.1: + version "4.1.1" + resolved "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz" + integrity sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw== + dependencies: + ms "^2.1.1" + decompress-response@^3.3.0: version "3.3.0" resolved "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz" @@ -3429,7 +3894,7 @@ deep-extend@^0.6.0: deepmerge@^4.2.2: version "4.3.1" - resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.3.1.tgz#44b5f2147cd3b00d4b56137685966f26fd25dd4a" + resolved "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz" integrity sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A== default-gateway@^6.0.3: @@ -3446,7 +3911,7 @@ defer-to-connect@^1.0.1: define-data-property@^1.0.1: version "1.1.1" - resolved "https://registry.yarnpkg.com/define-data-property/-/define-data-property-1.1.1.tgz#c35f7cd0ab09883480d12ac5cb213715587800b3" + resolved "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz" integrity sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ== dependencies: get-intrinsic "^1.2.1" @@ -3460,7 +3925,7 @@ define-lazy-prop@^2.0.0: define-properties@^1.1.4: version "1.2.1" - resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.1.tgz#10781cc616eb951a80a034bafcaa7377f6af2b6c" + resolved "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz" integrity sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg== dependencies: define-data-property "^1.0.1" @@ -3481,16 +3946,21 @@ del@^6.1.1: rimraf "^3.0.2" slash "^3.0.0" -depd@2.0.0: - version "2.0.0" - resolved "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz" - integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== +delegates@^1.0.0: + version "1.0.0" + resolved "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz" + integrity sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ== depd@~1.1.2: version "1.1.2" resolved "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz" integrity sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ== +depd@2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz" + integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== + destroy@1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz" @@ -3503,6 +3973,11 @@ detab@2.0.4: dependencies: repeat-string "^1.5.4" +detect-libc@^2.0.0: + version "2.0.2" + resolved "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.2.tgz" + integrity sha512-UX6sGumvvqSaXgdKGUsgZWqcUyIXZ/vZTrlRT/iobiKhGL0zL4d3osHj3uqllWJK+i+sixDS/3COVEOFbupFyw== + detect-node@^2.0.4: version "2.1.0" resolved "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz" @@ -3518,7 +3993,7 @@ detect-port-alt@^1.1.6: detect-port@^1.3.0: version "1.5.1" - resolved "https://registry.yarnpkg.com/detect-port/-/detect-port-1.5.1.tgz#451ca9b6eaf20451acb0799b8ab40dff7718727b" + resolved "https://registry.npmjs.org/detect-port/-/detect-port-1.5.1.tgz" integrity sha512-aBzdj76lueB6uUst5iAs7+0H/oOjqI5D16XUWxlWMIMROhcM0rfsNVk93zTngq1dDNpoXRr++Sus7ETAExppAQ== dependencies: address "^1.0.1" @@ -3529,6 +4004,11 @@ didyoumean@^1.2.2: resolved "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz" integrity sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw== +diff@^4.0.1: + version "4.0.2" + resolved "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz" + integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== + dir-glob@^3.0.1: version "3.0.1" resolved "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz" @@ -3548,7 +4028,7 @@ dns-equal@^1.0.0: dns-packet@^5.2.2: version "5.6.1" - resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.6.1.tgz#ae888ad425a9d1478a0674256ab866de1012cf2f" + resolved "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.1.tgz" integrity sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw== dependencies: "@leichtgewicht/ip-codec" "^2.0.1" @@ -3613,7 +4093,16 @@ domhandler@^5.0.2, domhandler@^5.0.3: dependencies: domelementtype "^2.3.0" -domutils@^2.5.2, domutils@^2.8.0: +domutils@^2.5.2: + version "2.8.0" + resolved "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz" + integrity sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A== + dependencies: + dom-serializer "^1.0.1" + domelementtype "^2.2.0" + domhandler "^4.2.0" + +domutils@^2.8.0: version "2.8.0" resolved "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz" integrity sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A== @@ -3646,30 +4135,45 @@ dot-prop@^5.2.0: dependencies: is-obj "^2.0.0" -duplexer3@^0.1.4: - version "0.1.5" - resolved "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.5.tgz" - integrity sha512-1A8za6ws41LQgv9HrE/66jyC5yuSjQ3L/KOpFtoBilsAK2iA2wuS5rTt1OCzIvtS2V7nVmedsUU+DGRcjBmOYA== - duplexer@^0.1.2: version "0.1.2" resolved "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz" integrity sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg== +duplexer3@^0.1.4: + version "0.1.5" + resolved "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.5.tgz" + integrity sha512-1A8za6ws41LQgv9HrE/66jyC5yuSjQ3L/KOpFtoBilsAK2iA2wuS5rTt1OCzIvtS2V7nVmedsUU+DGRcjBmOYA== + eastasianwidth@^0.2.0: version "0.2.0" resolved "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz" integrity sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA== +edge-runtime@2.5.7: + version "2.5.7" + resolved "https://registry.npmjs.org/edge-runtime/-/edge-runtime-2.5.7.tgz" + integrity sha512-gA4qSVP0sNwJlkdQ2nahDPASlSl8twUd17o+JolPa1EtXpLTGzIpOETvodgJwXIxa+zaD8bnAXCdsWrx2PhlVQ== + dependencies: + "@edge-runtime/format" "2.2.0" + "@edge-runtime/ponyfill" "2.4.1" + "@edge-runtime/vm" "3.1.7" + async-listen "3.0.1" + mri "1.2.0" + picocolors "1.0.0" + pretty-ms "7.0.1" + signal-exit "4.0.2" + time-span "4.0.0" + ee-first@1.1.1: version "1.1.1" resolved "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz" integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== -electron-to-chromium@^1.4.535: - version "1.4.572" - resolved "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.572.tgz" - integrity sha512-RlFobl4D3ieetbnR+2EpxdzFl9h0RAJkPK3pfiwMug2nhBin2ZCsGIAJWdpNniLz43sgXam/CgipOmvTA+rUiA== +electron-to-chromium@^1.4.648: + version "1.4.648" + resolved "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.648.tgz" + integrity sha512-EmFMarXeqJp9cUKu/QEciEApn0S/xRcpZWuAm32U7NgoZCimjsilKXHRO9saeEW55eHZagIDg6XTUOv32w9pjg== emoji-regex@^8.0.0: version "8.0.0" @@ -3703,9 +4207,16 @@ end-of-stream@^1.1.0: dependencies: once "^1.4.0" +end-of-stream@~1.1.0: + version "1.1.0" + resolved "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.1.0.tgz" + integrity sha512-EoulkdKF/1xa92q25PbjuDcgJ9RDHYU2Rs3SCIvs2/dSQ3BpmxneNHmA/M7fe60M3PrV7nNGTTNbkK62l6vXiQ== + dependencies: + once "~1.3.0" + enhanced-resolve@^5.15.0: version "5.15.0" - resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.15.0.tgz#1af946c7d93603eb88e9896cee4904dc012e9c35" + resolved "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.15.0.tgz" integrity sha512-LXYT42KJ7lpIKECr2mAXIaMldcNCh/7E0KBKOu4KSfkHmP+mZmSs+8V5gBAqisWBy0OO4W5Oyys0GO1Y8KtdKg== dependencies: graceful-fs "^4.2.4" @@ -3718,7 +4229,7 @@ entities@^2.0.0: entities@^4.2.0, entities@^4.4.0: version "4.5.0" - resolved "https://registry.yarnpkg.com/entities/-/entities-4.5.0.tgz#5d268ea5e7113ec74c4d033b79ea5a35a488fb48" + resolved "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz" integrity sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw== error-ex@^1.3.1: @@ -3730,9 +4241,40 @@ error-ex@^1.3.1: es-module-lexer@^1.2.1: version "1.3.1" - resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.3.1.tgz#c1b0dd5ada807a3b3155315911f364dc4e909db1" + resolved "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.3.1.tgz" integrity sha512-JUFAyicQV9mXc3YRxPnDlrfBKpqt6hUYzz9/boprUJHs4e4KVr3XwOF70doO6gwXUor6EWZJAyWAfKki84t20Q== +esbuild-darwin-arm64@0.14.47: + version "0.14.47" + resolved "https://registry.npmjs.org/esbuild-darwin-arm64/-/esbuild-darwin-arm64-0.14.47.tgz" + integrity sha512-seCmearlQyvdvM/noz1L9+qblC5vcBrhUaOoLEDDoLInF/VQ9IkobGiLlyTPYP5dW1YD4LXhtBgOyevoIHGGnw== + +esbuild@0.14.47: + version "0.14.47" + resolved "https://registry.npmjs.org/esbuild/-/esbuild-0.14.47.tgz" + integrity sha512-wI4ZiIfFxpkuxB8ju4MHrGwGLyp1+awEHAHVpx6w7a+1pmYIq8T9FGEVVwFo0iFierDoMj++Xq69GXWYn2EiwA== + optionalDependencies: + esbuild-android-64 "0.14.47" + esbuild-android-arm64 "0.14.47" + esbuild-darwin-64 "0.14.47" + esbuild-darwin-arm64 "0.14.47" + esbuild-freebsd-64 "0.14.47" + esbuild-freebsd-arm64 "0.14.47" + esbuild-linux-32 "0.14.47" + esbuild-linux-64 "0.14.47" + esbuild-linux-arm "0.14.47" + esbuild-linux-arm64 "0.14.47" + esbuild-linux-mips64le "0.14.47" + esbuild-linux-ppc64le "0.14.47" + esbuild-linux-riscv64 "0.14.47" + esbuild-linux-s390x "0.14.47" + esbuild-netbsd-64 "0.14.47" + esbuild-openbsd-64 "0.14.47" + esbuild-sunos-64 "0.14.47" + esbuild-windows-32 "0.14.47" + esbuild-windows-64 "0.14.47" + esbuild-windows-arm64 "0.14.47" + escalade@^3.1.1: version "3.1.1" resolved "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz" @@ -3788,6 +4330,11 @@ estraverse@^5.2.0: resolved "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz" integrity sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA== +estree-walker@^2.0.1, estree-walker@2.0.2: + version "2.0.2" + resolved "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz" + integrity sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w== + esutils@^2.0.2: version "2.0.3" resolved "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz" @@ -3798,7 +4345,7 @@ eta@^2.0.0: resolved "https://registry.npmjs.org/eta/-/eta-2.2.0.tgz" integrity sha512-UVQ72Rqjy/ZKQalzV5dCCJP80GrmPrMxh6NlNf+erV6ObL0ZFkhCstWRawS85z3smdr3d2wXPsZEY7rDPfGd2g== -etag@~1.8.1: +etag@~1.8.1, etag@1.8.1: version "1.8.1" resolved "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz" integrity sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg== @@ -3816,6 +4363,11 @@ eventemitter3@^4.0.0: resolved "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz" integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw== +events-intercept@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/events-intercept/-/events-intercept-2.0.0.tgz" + integrity sha512-blk1va0zol9QOrdZt0rFXo5KMkNPVSp92Eju/Qz8THwKWKRKeE0T8Br/1aW6+Edkyq9xHYgYxn2QtOnUKPUp+Q== + events@^3.2.0: version "3.3.0" resolved "https://registry.npmjs.org/events/-/events-3.3.0.tgz" @@ -3836,9 +4388,25 @@ execa@^5.0.0: signal-exit "^3.0.3" strip-final-newline "^2.0.0" +execa@3.2.0: + version "3.2.0" + resolved "https://registry.npmjs.org/execa/-/execa-3.2.0.tgz" + integrity sha512-kJJfVbI/lZE1PZYDI5VPxp8zXPO9rtxOkhpZ0jMKha56AI9y2gGVC6bkukStQf0ka5Rh15BA5m7cCCH4jmHqkw== + dependencies: + cross-spawn "^7.0.0" + get-stream "^5.0.0" + human-signals "^1.1.1" + is-stream "^2.0.0" + merge-stream "^2.0.0" + npm-run-path "^4.0.0" + onetime "^5.1.0" + p-finally "^2.0.0" + signal-exit "^3.0.2" + strip-final-newline "^2.0.0" + express@^4.17.3: version "4.18.2" - resolved "https://registry.yarnpkg.com/express/-/express-4.18.2.tgz#3fabe08296e930c796c19e3c516979386ba9fd59" + resolved "https://registry.npmjs.org/express/-/express-4.18.2.tgz" integrity sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ== dependencies: accepts "~1.3.8" @@ -3890,7 +4458,7 @@ fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3: resolved "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz" integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== -fast-glob@^3.2.11, fast-glob@^3.2.9, fast-glob@^3.3.0: +fast-glob@^3.2.11, fast-glob@^3.2.7, fast-glob@^3.2.9, fast-glob@^3.3.0: version "3.3.2" resolved "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz" integrity sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow== @@ -3915,7 +4483,7 @@ fast-url-parser@1.1.3: fastq@^1.6.0: version "1.15.0" - resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.15.0.tgz#d04d07c6a2a68fe4599fea8d2e103a937fae6b3a" + resolved "https://registry.npmjs.org/fastq/-/fastq-1.15.0.tgz" integrity sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw== dependencies: reusify "^1.0.4" @@ -3952,6 +4520,13 @@ fbjs@^3.0.0, fbjs@^3.0.1: setimmediate "^1.0.5" ua-parser-js "^1.0.35" +fd-slicer@~1.1.0: + version "1.1.0" + resolved "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz" + integrity sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g== + dependencies: + pend "~1.2.0" + feed@^4.2.2: version "4.2.2" resolved "https://registry.npmjs.org/feed/-/feed-4.2.2.tgz" @@ -3959,7 +4534,7 @@ feed@^4.2.2: dependencies: xml-js "^1.6.11" -file-loader@^6.2.0: +file-loader@*, file-loader@^6.2.0: version "6.2.0" resolved "https://registry.npmjs.org/file-loader/-/file-loader-6.2.0.tgz" integrity sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw== @@ -3967,6 +4542,11 @@ file-loader@^6.2.0: loader-utils "^2.0.0" schema-utils "^3.0.0" +file-uri-to-path@1.0.0: + version "1.0.0" + resolved "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz" + integrity sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw== + filesize@^8.0.6: version "8.0.7" resolved "https://registry.npmjs.org/filesize/-/filesize-8.0.7.tgz" @@ -4026,7 +4606,7 @@ find-up@^5.0.0: flat@^5.0.2: version "5.0.2" - resolved "https://registry.yarnpkg.com/flat/-/flat-5.0.2.tgz#8ca6fe332069ffa9d324c327198c598259ceb241" + resolved "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz" integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ== flux@^4.0.1: @@ -4044,7 +4624,7 @@ follow-redirects@^1.0.0, follow-redirects@^1.14.7: fork-ts-checker-webpack-plugin@^6.5.0: version "6.5.3" - resolved "https://registry.yarnpkg.com/fork-ts-checker-webpack-plugin/-/fork-ts-checker-webpack-plugin-6.5.3.tgz#eda2eff6e22476a2688d10661688c47f611b37f3" + resolved "https://registry.npmjs.org/fork-ts-checker-webpack-plugin/-/fork-ts-checker-webpack-plugin-6.5.3.tgz" integrity sha512-SbH/l9ikmMWycd5puHJKTkZJKddF4iRLyW3DeZ08HTI7NGyLS38MXd/KGgeWumQO7YNQbW2u/NtPT2YowbPaGQ== dependencies: "@babel/code-frame" "^7.8.3" @@ -4095,9 +4675,41 @@ fs-extra@^9.0.0: jsonfile "^6.0.1" universalify "^2.0.0" +fs-extra@11.1.0: + version "11.1.0" + resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.0.tgz" + integrity sha512-0rcTq621PD5jM/e0a3EJoGC/1TC5ZBCERW82LQuwfGnCa1V8w7dpYH1yNu+SLb6E5dkeCBzKEyLGlFrnr+dUyw== + dependencies: + graceful-fs "^4.2.0" + jsonfile "^6.0.1" + universalify "^2.0.0" + +fs-extra@8.1.0: + version "8.1.0" + resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz" + integrity sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g== + dependencies: + graceful-fs "^4.2.0" + jsonfile "^4.0.0" + universalify "^0.1.0" + +fs-minipass@^1.2.7: + version "1.2.7" + resolved "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.7.tgz" + integrity sha512-GWSSJGFy4e9GUeCcbIkED+bgAoFyj7XF1mV8rma3QW4NIqX9Kyx79N/PF61H5udOV3aY1IaMLs6pGbH71nlCTA== + dependencies: + minipass "^2.6.0" + +fs-minipass@^2.0.0: + version "2.1.0" + resolved "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz" + integrity sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg== + dependencies: + minipass "^3.0.0" + fs-monkey@^1.0.4: version "1.0.5" - resolved "https://registry.yarnpkg.com/fs-monkey/-/fs-monkey-1.0.5.tgz#fe450175f0db0d7ea758102e1d84096acb925788" + resolved "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.0.5.tgz" integrity sha512-8uMbBjrhzW76TYgEV27Y5E//W2f/lTFmx78P2w19FZSxarhI/798APGQyuGCwmkNxgwGRhrLfvWyLBvNtuOmew== fs.realpath@^1.0.0: @@ -4105,9 +4717,14 @@ fs.realpath@^1.0.0: resolved "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz" integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw== +fsevents@~2.1.2: + version "2.1.3" + resolved "https://registry.npmjs.org/fsevents/-/fsevents-2.1.3.tgz" + integrity sha512-Auw9a4AxqWpa9GUfj370BMPzzyncfBABW8Mab7BGWBYDj4Isgq+cDKtx0i6u9jcX9pQDnswsaaOTgTmA5pEjuQ== + fsevents@~2.3.2: version "2.3.3" - resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6" + resolved "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz" integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== function-bind@^1.1.1, function-bind@^1.1.2: @@ -4115,6 +4732,26 @@ function-bind@^1.1.1, function-bind@^1.1.2: resolved "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz" integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== +gauge@^3.0.0: + version "3.0.2" + resolved "https://registry.npmjs.org/gauge/-/gauge-3.0.2.tgz" + integrity sha512-+5J6MS/5XksCuXq++uFRsnUd7Ovu1XenbeuIuNRJxYWjgQbPuFhT14lAvsWfqfAmnwluf1OwMjz39HjfLPci0Q== + dependencies: + aproba "^1.0.3 || ^2.0.0" + color-support "^1.1.2" + console-control-strings "^1.0.0" + has-unicode "^2.0.1" + object-assign "^4.1.1" + signal-exit "^3.0.0" + string-width "^4.2.3" + strip-ansi "^6.0.1" + wide-align "^1.1.2" + +generic-pool@3.4.2: + version "3.4.2" + resolved "https://registry.npmjs.org/generic-pool/-/generic-pool-3.4.2.tgz" + integrity sha512-H7cUpwCQSiJmAHM4c/aFu6fUfrhWXW1ncyh8ftxEPMu6AiYkHw9K8br720TGPZJbk5eOH2bynjZD1yPvdDAmag== + gensync@^1.0.0-beta.1, gensync@^1.0.0-beta.2: version "1.0.0-beta.2" resolved "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz" @@ -4122,7 +4759,7 @@ gensync@^1.0.0-beta.1, gensync@^1.0.0-beta.2: get-intrinsic@^1.0.2, get-intrinsic@^1.1.1, get-intrinsic@^1.1.3, get-intrinsic@^1.2.1: version "1.2.2" - resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.2.tgz#281b7622971123e1ef4b3c90fd7539306da93f3b" + resolved "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz" integrity sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA== dependencies: function-bind "^1.1.2" @@ -4142,6 +4779,13 @@ get-stream@^4.1.0: dependencies: pump "^3.0.0" +get-stream@^5.0.0: + version "5.2.0" + resolved "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz" + integrity sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA== + dependencies: + pump "^3.0.0" + get-stream@^5.1.0: version "5.2.0" resolved "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz" @@ -4156,17 +4800,24 @@ get-stream@^6.0.0: github-slugger@^1.4.0: version "1.5.0" - resolved "https://registry.yarnpkg.com/github-slugger/-/github-slugger-1.5.0.tgz#17891bbc73232051474d68bd867a34625c955f7d" + resolved "https://registry.npmjs.org/github-slugger/-/github-slugger-1.5.0.tgz" integrity sha512-wIh+gKBI9Nshz2o46B0B3f5k/W+WI9ZAv6y5Dn5WJ5SK1t0TnDimB4WE5rmTD05ZAIn8HALCZVmCsvj0w0v0lw== -glob-parent@^5.1.2, glob-parent@~5.1.2: +glob-parent@^5.1.2, glob-parent@~5.1.0, glob-parent@~5.1.2: version "5.1.2" resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz" integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== dependencies: is-glob "^4.0.1" -glob-parent@^6.0.1, glob-parent@^6.0.2: +glob-parent@^6.0.1: + version "6.0.2" + resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz" + integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== + dependencies: + is-glob "^4.0.3" + +glob-parent@^6.0.2: version "6.0.2" resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz" integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== @@ -4178,33 +4829,33 @@ glob-to-regexp@^0.4.1: resolved "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz" integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== -glob@7.1.6: - version "7.1.6" - resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz" - integrity sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA== +glob@^7.0.0, glob@^7.1.3, glob@^7.1.6: + version "7.2.3" + resolved "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz" + integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" inherits "2" - minimatch "^3.0.4" + minimatch "^3.1.1" once "^1.3.0" path-is-absolute "^1.0.0" -glob@^7.0.0, glob@^7.1.3, glob@^7.1.6: - version "7.2.3" - resolved "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz" - integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== +glob@7.1.6: + version "7.1.6" + resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz" + integrity sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" inherits "2" - minimatch "^3.1.1" + minimatch "^3.0.4" once "^1.3.0" path-is-absolute "^1.0.0" global-dirs@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/global-dirs/-/global-dirs-3.0.1.tgz#0c488971f066baceda21447aecb1a8b911d22485" + resolved "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.1.tgz" integrity sha512-NBcGGFbBA9s1VzD41QXDG+3++t9Mn5t1FpLdhESY6oKY4gYTFpX4wO3sqGUa0Srjtbfj3szX0RnemmrVRUdULA== dependencies: ini "2.0.0" @@ -4244,7 +4895,7 @@ globby@^11.0.1, globby@^11.0.4, globby@^11.1.0: globby@^13.1.1: version "13.2.2" - resolved "https://registry.yarnpkg.com/globby/-/globby-13.2.2.tgz#63b90b1bf68619c2135475cbd4e71e66aa090592" + resolved "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz" integrity sha512-Y1zNGV+pzQdh7H39l9zgB4PJqjRNqydvdYCDG4HFXM4XuvSaQQlEc91IU1yALL8gUTDomgBAfz3XJdmUS+oo0w== dependencies: dir-glob "^3.0.1" @@ -4255,7 +4906,7 @@ globby@^13.1.1: gopd@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.0.1.tgz#29ff76de69dac7489b7c0918a5788e56477c332c" + resolved "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz" integrity sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA== dependencies: get-intrinsic "^1.1.3" @@ -4279,7 +4930,7 @@ got@^9.6.0: graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.4, graceful-fs@^4.2.6, graceful-fs@^4.2.9: version "4.2.11" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" + resolved "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz" integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== gray-matter@^4.0.3: @@ -4323,7 +4974,7 @@ has-property-descriptors@^1.0.0: has-proto@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/has-proto/-/has-proto-1.0.1.tgz#1885c1305538958aff469fef37937c22795408e0" + resolved "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz" integrity sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg== has-symbols@^1.0.3: @@ -4331,6 +4982,11 @@ has-symbols@^1.0.3: resolved "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz" integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A== +has-unicode@^2.0.1: + version "2.0.1" + resolved "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz" + integrity sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ== + has-yarn@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/has-yarn/-/has-yarn-2.1.0.tgz" @@ -4418,7 +5074,7 @@ he@^1.2.0: heroicons@^2.1.1: version "2.1.1" - resolved "https://registry.yarnpkg.com/heroicons/-/heroicons-2.1.1.tgz#b574c2d87bc504bf7f4fefacc20960c5672b0202" + resolved "https://registry.npmjs.org/heroicons/-/heroicons-2.1.1.tgz" integrity sha512-54kHbrxsTyAJJU7z07XN1OrVBX8ogN/tbclP8Doxk0X4IQmR6LEhLzJBkFK9Yc814NoXG6ZJBh9Bi/qvauzjfA== history@^4.9.0: @@ -4452,7 +5108,7 @@ hpack.js@^2.1.6: html-entities@^2.3.2: version "2.4.0" - resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-2.4.0.tgz#edd0cee70402584c8c76cc2c0556db09d1f45061" + resolved "https://registry.npmjs.org/html-entities/-/html-entities-2.4.0.tgz" integrity sha512-igBTJcNNNhvZFRtm8uA6xMY6xYleeDwn3PeBCkDz7tHttv4F2hsDI2aPgNERWzvRcNYHNT3ymRaQzllmXj4YsQ== html-minifier-terser@^6.0.2, html-minifier-terser@^6.1.0: @@ -4470,7 +5126,7 @@ html-minifier-terser@^6.0.2, html-minifier-terser@^6.1.0: html-tags@^3.2.0: version "3.3.1" - resolved "https://registry.yarnpkg.com/html-tags/-/html-tags-3.3.1.tgz#a04026a18c882e4bba8a01a3d39cfe465d40b5ce" + resolved "https://registry.npmjs.org/html-tags/-/html-tags-3.3.1.tgz" integrity sha512-ztqyC3kLto0e9WbNp0aeP+M3kTt+nbaIveGmUxAtZa+8iFgKLUOD4YKM5j+f3QD89bra7UeumolZHKuOXnTmeQ== html-void-elements@^1.0.0: @@ -4480,7 +5136,7 @@ html-void-elements@^1.0.0: html-webpack-plugin@^5.5.0: version "5.5.3" - resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.5.3.tgz#72270f4a78e222b5825b296e5e3e1328ad525a3e" + resolved "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.3.tgz" integrity sha512-6YrDKTuqaP/TquFH7h4srYWsZx+x6k6+FbsTm0ziCwGHDP78Unr1r9F/H4+sGmMbX08GQcJ+K64x55b+7VM/jg== dependencies: "@types/html-minifier-terser" "^6.0.0" @@ -4511,7 +5167,7 @@ htmlparser2@^8.0.1: http-cache-semantics@^4.0.0: version "4.1.1" - resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz#abe02fcb2985460bf0323be664436ec3476a6d5a" + resolved "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz" integrity sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ== http-deceiver@^1.2.7: @@ -4519,16 +5175,13 @@ http-deceiver@^1.2.7: resolved "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz" integrity sha512-LmpOGxTfbpgtGVxJrj5k7asXHCgNZp5nLfp+hWc8QQRqtb7fUy6kRY3BO1h9ddF6yIPYUARgxGOwB42DnxIaNw== -http-errors@2.0.0: - version "2.0.0" - resolved "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz" - integrity sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ== +http-errors@~1.4.0: + version "1.4.0" + resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.4.0.tgz" + integrity sha512-oLjPqve1tuOl5aRhv8GK5eHpqP1C9fb+Ol+XTLjKfLltE44zdDbEdjPSbU7Ch5rSNsVFqZn97SrMmZLdu1/YMw== dependencies: - depd "2.0.0" - inherits "2.0.4" - setprototypeof "1.2.0" - statuses "2.0.1" - toidentifier "1.0.1" + inherits "2.0.1" + statuses ">= 1.2.1 < 2" http-errors@~1.6.2: version "1.6.3" @@ -4540,6 +5193,28 @@ http-errors@~1.6.2: setprototypeof "1.1.0" statuses ">= 1.4.0 < 2" +http-errors@1.7.3: + version "1.7.3" + resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz" + integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw== + dependencies: + depd "~1.1.2" + inherits "2.0.4" + setprototypeof "1.1.1" + statuses ">= 1.5.0 < 2" + toidentifier "1.0.0" + +http-errors@2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz" + integrity sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ== + dependencies: + depd "2.0.0" + inherits "2.0.4" + setprototypeof "1.2.0" + statuses "2.0.1" + toidentifier "1.0.1" + http-parser-js@>=0.5.1: version "0.5.8" resolved "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.8.tgz" @@ -4565,6 +5240,19 @@ http-proxy@^1.18.1: follow-redirects "^1.0.0" requires-port "^1.0.0" +https-proxy-agent@^5.0.0: + version "5.0.1" + resolved "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz" + integrity sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA== + dependencies: + agent-base "6" + debug "4" + +human-signals@^1.1.1: + version "1.1.1" + resolved "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz" + integrity sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw== + human-signals@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz" @@ -4584,7 +5272,7 @@ icss-utils@^5.0.0, icss-utils@^5.1.0: ignore@^5.2.0, ignore@^5.2.4: version "5.2.4" - resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.2.4.tgz#a291c0c6178ff1b960befe47fcdec301674a6324" + resolved "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz" integrity sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ== image-size@^1.0.1: @@ -4596,7 +5284,7 @@ image-size@^1.0.1: immer@^9.0.7: version "9.0.21" - resolved "https://registry.yarnpkg.com/immer/-/immer-9.0.21.tgz#1e025ea31a40f24fb064f1fef23e931496330176" + resolved "https://registry.npmjs.org/immer/-/immer-9.0.21.tgz" integrity sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA== import-fresh@^3.1.0, import-fresh@^3.2.1, import-fresh@^3.3.0: @@ -4635,26 +5323,31 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@2, inherits@2.0.4, inherits@^2.0.0, inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.3: +inherits@^2.0.0, inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.3, inherits@2, inherits@2.0.4: version "2.0.4" resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== +inherits@2.0.1: + version "2.0.1" + resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz" + integrity sha512-8nWq2nLTAwd02jTqJExUYFSD/fKq6VH9Y/oG2accc/kdI0V98Bag8d5a4gi3XHz73rDWa2PvTtvcWYquKqSENA== + inherits@2.0.3: version "2.0.3" resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz" integrity sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw== -ini@2.0.0: - version "2.0.0" - resolved "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz" - integrity sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA== - ini@^1.3.5, ini@~1.3.0: version "1.3.8" resolved "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz" integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== +ini@2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz" + integrity sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA== + inline-style-parser@0.1.1: version "0.1.1" resolved "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz" @@ -4672,17 +5365,17 @@ invariant@^2.2.4: dependencies: loose-envify "^1.0.0" +ipaddr.js@^2.0.1: + version "2.1.0" + resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.1.0.tgz" + integrity sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ== + ipaddr.js@1.9.1: version "1.9.1" resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz" integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== -ipaddr.js@^2.0.1: - version "2.1.0" - resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-2.1.0.tgz#2119bc447ff8c257753b196fc5f1ce08a4cdf39f" - integrity sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ== - -is-alphabetical@1.0.4, is-alphabetical@^1.0.0: +is-alphabetical@^1.0.0, is-alphabetical@1.0.4: version "1.0.4" resolved "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-1.0.4.tgz" integrity sha512-DwzsA04LQ10FHTZuL0/grVDk4rFoVH1pjAToYwBrHSxcrBIGQuXrQMtD5U1b0U2XVgKZCTLLP8u2Qxqhy3l2Vg== @@ -4820,7 +5513,7 @@ is-plain-object@^2.0.4: is-plain-object@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-5.0.0.tgz#4427f50ab3429e9025ea7d52e9043a9ef4159344" + resolved "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz" integrity sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q== is-regexp@^1.0.0: @@ -4865,16 +5558,16 @@ is-yarn-global@^0.3.0: resolved "https://registry.npmjs.org/is-yarn-global/-/is-yarn-global-0.3.0.tgz" integrity sha512-VjSeb/lHmkoyd8ryPVIKvOCn4D1koMqY+vqyjjUfc3xyKtP4dYOxM44sZrnqQSzSds3xyOrUTLTC9LVCVgLngw== -isarray@0.0.1: - version "0.0.1" - resolved "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz" - integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ== - isarray@~1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz" integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== +isarray@0.0.1: + version "0.0.1" + resolved "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz" + integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ== + isexe@^2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz" @@ -4887,7 +5580,7 @@ isobject@^3.0.1: jest-util@^29.7.0: version "29.7.0" - resolved "https://registry.yarnpkg.com/jest-util/-/jest-util-29.7.0.tgz#23c2b62bfb22be82b44de98055802ff3710fc0bc" + resolved "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz" integrity sha512-z6EbKajIpqGKU56y5KBUgy1dt1ihhQJgWzUlZHArA/+X2ad7Cb5iF+AK1EWVL/Bo7Rz9uurpqw6SiBCefUbCGA== dependencies: "@jest/types" "^29.6.3" @@ -4908,7 +5601,7 @@ jest-worker@^27.4.5: jest-worker@^29.1.2: version "29.7.0" - resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-29.7.0.tgz#acad073acbbaeb7262bd5389e1bcf43e10058d4a" + resolved "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz" integrity sha512-eIz2msL/EzL9UFTFFx7jBTkeZfku0yUAyZZZmJ93H2TYEiroIx2PQjEXcwYtYl8zXCxb+PAmA2hLIt/6ZEkPHw== dependencies: "@types/node" "*" @@ -4918,12 +5611,12 @@ jest-worker@^29.1.2: jiti@^1.18.2, jiti@^1.19.1: version "1.21.0" - resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.21.0.tgz#7c97f8fe045724e136a397f7340475244156105d" + resolved "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz" integrity sha512-gFqAIbuKyyso/3G2qhiO2OM6shY6EPP/R0+mkDbyspxKazh8BXDC5FiFsUjlczgdNz/vfra0da2y+aHrusLG/Q== joi@^17.6.0: version "17.11.0" - resolved "https://registry.yarnpkg.com/joi/-/joi-17.11.0.tgz#aa9da753578ec7720e6f0ca2c7046996ed04fc1a" + resolved "https://registry.npmjs.org/joi/-/joi-17.11.0.tgz" integrity sha512-NgB+lZLNoqISVy1rZocE9PZI36bL/77ie924Ri43yEvi9GUUMPeyVIr8KdFTMUlby1p0PBYMk9spIxEUQYqrJQ== dependencies: "@hapi/hoek" "^9.0.0" @@ -4972,6 +5665,14 @@ json-parse-even-better-errors@^2.3.0, json-parse-even-better-errors@^2.3.1: resolved "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz" integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== +json-schema-to-ts@1.6.4: + version "1.6.4" + resolved "https://registry.npmjs.org/json-schema-to-ts/-/json-schema-to-ts-1.6.4.tgz" + integrity sha512-pR4yQ9DHz6itqswtHCm26mw45FSNfQ9rEQjosaZErhn5J3J2sIViQiz8rDaezjKAhFGpmsoczYVBgGHzFw/stA== + dependencies: + "@types/json-schema" "^7.0.6" + ts-toolbelt "^6.15.5" + json-schema-traverse@^0.4.1: version "0.4.1" resolved "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz" @@ -4984,9 +5685,16 @@ json-schema-traverse@^1.0.0: json5@^2.1.2, json5@^2.2.3: version "2.2.3" - resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283" + resolved "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz" integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg== +jsonfile@^4.0.0: + version "4.0.0" + resolved "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz" + integrity sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg== + optionalDependencies: + graceful-fs "^4.1.6" + jsonfile@^6.0.1: version "6.1.0" resolved "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz" @@ -5022,7 +5730,7 @@ latest-version@^5.1.0: launch-editor@^2.6.0: version "2.6.1" - resolved "https://registry.yarnpkg.com/launch-editor/-/launch-editor-2.6.1.tgz#f259c9ef95cbc9425620bbbd14b468fcdb4ffe3c" + resolved "https://registry.npmjs.org/launch-editor/-/launch-editor-2.6.1.tgz" integrity sha512-eB/uXmFVpY4zezmGp5XtU21kwo7GBbKB+EQ+UZeWtGb9yAM5xt/Evk+lYH3eRNAtId+ej4u7TYPFZ07w4s7rRw== dependencies: picocolors "^1.0.0" @@ -5050,7 +5758,7 @@ loader-runner@^4.2.0: loader-utils@^2.0.0: version "2.0.4" - resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c" + resolved "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.4.tgz" integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw== dependencies: big.js "^5.2.2" @@ -5059,7 +5767,7 @@ loader-utils@^2.0.0: loader-utils@^3.2.0: version "3.2.1" - resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.2.1.tgz#4fb104b599daafd82ef3e1a41fb9265f87e1f576" + resolved "https://registry.npmjs.org/loader-utils/-/loader-utils-3.2.1.tgz" integrity sha512-ZvFw1KWS3GVyYBYb7qkmRM/WwL2TQQBxgCK62rlvm4WpVQ23Nb4tYjApUlfjrEGvOs7KHEsmyUn75OHZrJMWPw== locate-path@^3.0.0: @@ -5096,12 +5804,12 @@ lodash.debounce@^4.0.8: lodash.escape@^4.0.1: version "4.0.1" - resolved "https://registry.yarnpkg.com/lodash.escape/-/lodash.escape-4.0.1.tgz#c9044690c21e04294beaa517712fded1fa88de98" + resolved "https://registry.npmjs.org/lodash.escape/-/lodash.escape-4.0.1.tgz" integrity sha512-nXEOnb/jK9g0DYMr1/Xvq6l5xMD7GDG55+GSYIYmS0G4tBk/hURD4JR9WCavs04t33WmJx9kCyp9vJ+mr4BOUw== lodash.flatten@^4.4.0: version "4.4.0" - resolved "https://registry.yarnpkg.com/lodash.flatten/-/lodash.flatten-4.4.0.tgz#f31c22225a9632d2bbf8e4addbef240aa765a61f" + resolved "https://registry.npmjs.org/lodash.flatten/-/lodash.flatten-4.4.0.tgz" integrity sha512-C5N2Z3DgnnKr0LOpv/hKCgKdb7ZZwafIrsesve6lmzvZIRZRGaZ/l6Q8+2W7NaT+ZwO3fFlSCzCzrDCFdJfZ4g== lodash.flow@^3.3.0: @@ -5111,7 +5819,7 @@ lodash.flow@^3.3.0: lodash.invokemap@^4.6.0: version "4.6.0" - resolved "https://registry.yarnpkg.com/lodash.invokemap/-/lodash.invokemap-4.6.0.tgz#1748cda5d8b0ef8369c4eb3ec54c21feba1f2d62" + resolved "https://registry.npmjs.org/lodash.invokemap/-/lodash.invokemap-4.6.0.tgz" integrity sha512-CfkycNtMqgUlfjfdh2BhKO/ZXrP8ePOX5lEU/g0R3ItJcnuxWDwokMGKx1hWcfOikmyOVx6X9IwWnDGlgKl61w== lodash.memoize@^4.1.2: @@ -5121,17 +5829,17 @@ lodash.memoize@^4.1.2: lodash.pullall@^4.2.0: version "4.2.0" - resolved "https://registry.yarnpkg.com/lodash.pullall/-/lodash.pullall-4.2.0.tgz#9d98b8518b7c965b0fae4099bd9fb7df8bbf38ba" + resolved "https://registry.npmjs.org/lodash.pullall/-/lodash.pullall-4.2.0.tgz" integrity sha512-VhqxBKH0ZxPpLhiu68YD1KnHmbhQJQctcipvmFnqIBDYzcIHzf3Zpu0tpeOKtR4x76p9yohc506eGdOjTmyIBg== -lodash.uniq@4.5.0, lodash.uniq@^4.5.0: +lodash.uniq@^4.5.0, lodash.uniq@4.5.0: version "4.5.0" resolved "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz" integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== lodash.uniqby@^4.7.0: version "4.7.0" - resolved "https://registry.yarnpkg.com/lodash.uniqby/-/lodash.uniqby-4.7.0.tgz#d99c07a669e9e6d24e1362dfe266c67616af1302" + resolved "https://registry.npmjs.org/lodash.uniqby/-/lodash.uniqby-4.7.0.tgz" integrity sha512-e/zcLx6CSbmaEgFHCA7BnoQKyCtKMxnuWrJygbwPs/AIn+IMKl66L8/s+wBUn5LRw2pZx3bUHibiV1b6aTWIww== lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21: @@ -5165,7 +5873,7 @@ lowercase-keys@^2.0.0: lru-cache@^5.1.1: version "5.1.1" - resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-5.1.1.tgz#1da27e6710271947695daf6848e847f01d84b920" + resolved "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz" integrity sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w== dependencies: yallist "^3.0.2" @@ -5184,6 +5892,11 @@ make-dir@^3.0.0, make-dir@^3.0.2, make-dir@^3.1.0: dependencies: semver "^6.0.0" +make-error@^1.1.1: + version "1.3.6" + resolved "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz" + integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== + markdown-escapes@^1.0.0: version "1.0.4" resolved "https://registry.npmjs.org/markdown-escapes/-/markdown-escapes-1.0.4.tgz" @@ -5239,7 +5952,7 @@ media-typer@0.3.0: memfs@^3.1.2, memfs@^3.4.3: version "3.6.0" - resolved "https://registry.yarnpkg.com/memfs/-/memfs-3.6.0.tgz#d7a2110f86f79dd950a8b6df6d57bc984aa185f6" + resolved "https://registry.npmjs.org/memfs/-/memfs-3.6.0.tgz" integrity sha512-EGowvkkgbMcIChjMTMkESFDbZeSh8xZ7kNSF0hAiAN4Jh6jgHCRS0Ga/+C8y6Au+oqpezRHCfPsmJ2+DwAgiwQ== dependencies: fs-monkey "^1.0.4" @@ -5264,6 +5977,15 @@ methods@~1.1.2: resolved "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz" integrity sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w== +micro@9.3.5-canary.3: + version "9.3.5-canary.3" + resolved "https://registry.npmjs.org/micro/-/micro-9.3.5-canary.3.tgz" + integrity sha512-viYIo9PefV+w9dvoIBh1gI44Mvx1BOk67B4BpC2QK77qdY0xZF0Q+vWLt/BII6cLkIc8rLmSIcJaB/OrXXKe1g== + dependencies: + arg "4.1.0" + content-type "1.0.4" + raw-body "2.4.1" + micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.5: version "4.0.5" resolved "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz" @@ -5272,7 +5994,7 @@ micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.5: braces "^3.0.2" picomatch "^2.3.1" -mime-db@1.52.0, "mime-db@>= 1.43.0 < 2": +"mime-db@>= 1.43.0 < 2", mime-db@1.52.0: version "1.52.0" resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz" integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== @@ -5282,19 +6004,26 @@ mime-db@~1.33.0: resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz" integrity sha512-BHJ/EKruNIqJf/QahvxwQZXKygOQ256myeN/Ew+THcAa5q+PjyTTMMeNQC4DZw5AwfvelsUrA6B67NKMqXDbzQ== -mime-types@2.1.18, mime-types@~2.1.17: +mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.24, mime-types@~2.1.34: + version "2.1.35" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz" + integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== + dependencies: + mime-db "1.52.0" + +mime-types@~2.1.17: version "2.1.18" resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz" integrity sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ== dependencies: mime-db "~1.33.0" -mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.24, mime-types@~2.1.34: - version "2.1.35" - resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz" - integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== +mime-types@2.1.18: + version "2.1.18" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz" + integrity sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ== dependencies: - mime-db "1.52.0" + mime-db "~1.33.0" mime@1.6.0: version "1.6.0" @@ -5313,7 +6042,7 @@ mimic-response@^1.0.0, mimic-response@^1.0.1: mini-css-extract-plugin@^2.6.1: version "2.7.6" - resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.6.tgz#282a3d38863fddcd2e0c220aaed5b90bc156564d" + resolved "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.6.tgz" integrity sha512-Qk7HcgaPkGG6eD77mLvZS1nmxlao3j+9PkrT9Uc7HAE1id3F41+DdBRYRYkbyfNRGzm8/YWtzhw7nVPmwhqTQw== dependencies: schema-utils "^4.0.0" @@ -5323,23 +6052,85 @@ minimalistic-assert@^1.0.0: resolved "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz" integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== -minimatch@3.1.2, minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1: +minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@3.1.2: version "3.1.2" resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz" integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== dependencies: brace-expansion "^1.1.7" -minimist@^1.2.0, minimist@^1.2.5: +minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6: version "1.2.8" - resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" + resolved "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz" integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== +minipass@^2.6.0, minipass@^2.9.0: + version "2.9.0" + resolved "https://registry.npmjs.org/minipass/-/minipass-2.9.0.tgz" + integrity sha512-wxfUjg9WebH+CUDX/CdbRlh5SmfZiy/hpkxaRI16Y9W56Pa75sWgd/rvFilSgrauD9NyFymP/+JFV3KwzIsJeg== + dependencies: + safe-buffer "^5.1.2" + yallist "^3.0.0" + +minipass@^3.0.0: + version "3.3.6" + resolved "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz" + integrity sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw== + dependencies: + yallist "^4.0.0" + +minipass@^5.0.0: + version "5.0.0" + resolved "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz" + integrity sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ== + +minizlib@^1.3.3: + version "1.3.3" + resolved "https://registry.npmjs.org/minizlib/-/minizlib-1.3.3.tgz" + integrity sha512-6ZYMOEnmVsdCeTJVE0W9ZD+pVnE8h9Hma/iOwwRDsdQoePpoX56/8B6z3P9VNwppJuBKNRuFDRNRqRWexT9G9Q== + dependencies: + minipass "^2.9.0" + +minizlib@^2.1.1: + version "2.1.2" + resolved "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz" + integrity sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg== + dependencies: + minipass "^3.0.0" + yallist "^4.0.0" + +mkdirp@^0.5.5: + version "0.5.6" + resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz" + integrity sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw== + dependencies: + minimist "^1.2.6" + +mkdirp@^1.0.3: + version "1.0.4" + resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz" + integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw== + +mkdirp@^1.0.4: + version "1.0.4" + resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz" + integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw== + +mri@1.2.0: + version "1.2.0" + resolved "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz" + integrity sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA== + mrmime@^1.0.0: version "1.0.1" resolved "https://registry.npmjs.org/mrmime/-/mrmime-1.0.1.tgz" integrity sha512-hzzEagAgDyoU1Q6yg5uI+AorQgdvMCur3FcKf7NhMKWsaYg+RnbTyHRa/9IlLF9rf455MOCtcqqrQQ83pPP7Uw== +ms@^2.1.1, ms@2.1.1: + version "2.1.1" + resolved "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz" + integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg== + ms@2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz" @@ -5402,22 +6193,48 @@ node-emoji@^1.10.0: dependencies: lodash "^4.17.21" -node-fetch@^2.6.12: +node-fetch@^2.6.12, node-fetch@^2.6.7: version "2.7.0" resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz" integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== dependencies: whatwg-url "^5.0.0" +node-fetch@2.6.7: + version "2.6.7" + resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz" + integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ== + dependencies: + whatwg-url "^5.0.0" + +node-fetch@2.6.9: + version "2.6.9" + resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz" + integrity sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg== + dependencies: + whatwg-url "^5.0.0" + node-forge@^1: version "1.3.1" resolved "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz" integrity sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA== -node-releases@^2.0.13: - version "2.0.13" - resolved "https://registry.npmjs.org/node-releases/-/node-releases-2.0.13.tgz" - integrity sha512-uYr7J37ae/ORWdZeQ1xxMJe3NtdmqMC/JZK+geofDrkLUApKRHPd18/TxtBOJ4A0/+uUIliorNrfYV6s1b02eQ== +node-gyp-build@^4.2.2: + version "4.8.0" + resolved "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.0.tgz" + integrity sha512-u6fs2AEUljNho3EYTJNBfImO5QTo/J/1Etd+NVdCj7qWKUSN/bSLkZwhDv7I+w/MSC6qJ4cknepkAYykDdK8og== + +node-releases@^2.0.14: + version "2.0.14" + resolved "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz" + integrity sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw== + +nopt@^5.0.0: + version "5.0.0" + resolved "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz" + integrity sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ== + dependencies: + abbrev "1" normalize-path@^3.0.0, normalize-path@~3.0.0: version "3.0.0" @@ -5439,13 +6256,23 @@ normalize-url@^6.0.1: resolved "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz" integrity sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A== -npm-run-path@^4.0.1: +npm-run-path@^4.0.0, npm-run-path@^4.0.1: version "4.0.1" resolved "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz" integrity sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw== dependencies: path-key "^3.0.0" +npmlog@^5.0.1: + version "5.0.1" + resolved "https://registry.npmjs.org/npmlog/-/npmlog-5.0.1.tgz" + integrity sha512-AqZtDUWOMKs1G/8lwylVjrdYgqA4d9nu8hc+0gzRxlDb1I10+FHBGMXs6aiQHFdCUUlqH99MUMuLfzWDNDtfxw== + dependencies: + are-we-there-yet "^2.0.0" + console-control-strings "^1.1.0" + gauge "^3.0.0" + set-blocking "^2.0.0" + nprogress@^0.2.0: version "0.2.0" resolved "https://registry.npmjs.org/nprogress/-/nprogress-0.2.0.tgz" @@ -5512,7 +6339,14 @@ once@^1.3.0, once@^1.3.1, once@^1.4.0: dependencies: wrappy "1" -onetime@^5.1.2: +once@~1.3.0: + version "1.3.3" + resolved "https://registry.npmjs.org/once/-/once-1.3.3.tgz" + integrity sha512-6vaNInhu+CHxtONf3zw3vq4SP2DOQhjBvIa3rNcG0+P7eKWlYH6Peu7rHizSloRU2EwMz6GraLieis9Ac9+p1w== + dependencies: + wrappy "1" + +onetime@^5.1.0, onetime@^5.1.2: version "5.1.2" resolved "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz" integrity sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg== @@ -5521,7 +6355,7 @@ onetime@^5.1.2: open@^8.0.9, open@^8.4.0: version "8.4.2" - resolved "https://registry.yarnpkg.com/open/-/open-8.4.2.tgz#5b5ffe2a8f793dcd2aad73e550cb87b59cb084f9" + resolved "https://registry.npmjs.org/open/-/open-8.4.2.tgz" integrity sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ== dependencies: define-lazy-prop "^2.0.0" @@ -5533,11 +6367,21 @@ opener@^1.5.2: resolved "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz" integrity sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A== +os-paths@^4.0.1: + version "4.4.0" + resolved "https://registry.npmjs.org/os-paths/-/os-paths-4.4.0.tgz" + integrity sha512-wrAwOeXp1RRMFfQY8Sy7VaGVmPocaLwSFOYCGKSyo8qmJ+/yaafCl5BCA1IQZWqFSRBrKDYFeR9d/VyQzfH/jg== + p-cancelable@^1.0.0: version "1.1.0" resolved "https://registry.npmjs.org/p-cancelable/-/p-cancelable-1.1.0.tgz" integrity sha512-s73XxOZ4zpt1edZYZzvhqFa6uvQc1vwUa0K0BdtIZgQMAJj9IbebH+JkgKZc9h+B05PKHLOTl4ajG1BmNrVZlw== +p-finally@^2.0.0: + version "2.0.1" + resolved "https://registry.npmjs.org/p-finally/-/p-finally-2.0.1.tgz" + integrity sha512-vpm09aKwq6H9phqRQzecoDpD8TmVyGw70qmWlyq5onxY7tqyTTFVvxMykxQSQKILBSFlbXpypIw2T1Ml7+DDtw== + p-limit@^2.0.0, p-limit@^2.2.0: version "2.3.0" resolved "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz" @@ -5640,6 +6484,11 @@ parse-json@^5.0.0, parse-json@^5.2.0: json-parse-even-better-errors "^2.3.0" lines-and-columns "^1.1.6" +parse-ms@^2.1.0: + version "2.1.0" + resolved "https://registry.npmjs.org/parse-ms/-/parse-ms-2.1.0.tgz" + integrity sha512-kHt7kzLoS9VBZfUsiKjv43mr91ea+U05EyKkEtqp7vNbHxmaVuEqN7XxeEVnGrMtYOAxGrDElSi96K7EgO1zCA== + parse-numeric-range@^1.3.0: version "1.3.0" resolved "https://registry.npmjs.org/parse-numeric-range/-/parse-numeric-range-1.3.0.tgz" @@ -5678,6 +6527,11 @@ pascal-case@^3.1.2: no-case "^3.0.4" tslib "^2.0.3" +path-browserify@^1.0.1: + version "1.0.1" + resolved "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz" + integrity sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g== + path-exists@^3.0.0: version "3.0.0" resolved "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz" @@ -5703,11 +6557,33 @@ path-key@^3.0.0, path-key@^3.1.0: resolved "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz" integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== +path-match@1.2.4: + version "1.2.4" + resolved "https://registry.npmjs.org/path-match/-/path-match-1.2.4.tgz" + integrity sha512-UWlehEdqu36jmh4h5CWJ7tARp1OEVKGHKm6+dg9qMq5RKUTV5WJrGgaZ3dN2m7WFAXDbjlHzvJvL/IUpy84Ktw== + dependencies: + http-errors "~1.4.0" + path-to-regexp "^1.0.0" + path-parse@^1.0.7: version "1.0.7" resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== +path-to-regexp@^1.0.0: + version "1.8.0" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz" + integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA== + dependencies: + isarray "0.0.1" + +path-to-regexp@^1.7.0: + version "1.8.0" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz" + integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA== + dependencies: + isarray "0.0.1" + path-to-regexp@0.1.7: version "0.1.7" resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz" @@ -5718,12 +6594,15 @@ path-to-regexp@2.2.1: resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-2.2.1.tgz" integrity sha512-gu9bD6Ta5bwGrrU8muHzVOBFFREpp2iRkVfhBJahwJ6p6Xw20SjT0MxLnwkjOibQmGSYhiUnf2FLe7k+jcFmGQ== -path-to-regexp@^1.7.0: - version "1.8.0" - resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz" - integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA== - dependencies: - isarray "0.0.1" +path-to-regexp@6.1.0: + version "6.1.0" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.1.0.tgz" + integrity sha512-h9DqehX3zZZDCEm+xbfU0ZmwCGFCAAraPJWMXJ4+v32NjZJilVg3k1TcKsRgIb8IQ/izZSaydDc1OhJCZvs2Dw== + +path-to-regexp@6.2.1: + version "6.2.1" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz" + integrity sha512-JLyh7xT1kizaEvcaXOQwOc2/Yhw6KZOvPf1S8401UyLk86CU79LN3vl7ztXGm/pZ+YjoyAJ4rxmHwbkBXJX+yw== path-type@^4.0.0: version "4.0.0" @@ -5738,12 +6617,17 @@ path@^0.12.7: process "^0.11.1" util "^0.10.3" -picocolors@^1.0.0: +pend@~1.2.0: + version "1.2.0" + resolved "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz" + integrity sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg== + +picocolors@^1.0.0, picocolors@1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz" integrity sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ== -picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: +picomatch@^2.0.4, picomatch@^2.0.7, picomatch@^2.2.1, picomatch@^2.2.2, picomatch@^2.2.3, picomatch@^2.3.1: version "2.3.1" resolved "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz" integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== @@ -5851,7 +6735,7 @@ postcss-load-config@^4.0.1: postcss-loader@^7.0.0: version "7.3.3" - resolved "https://registry.yarnpkg.com/postcss-loader/-/postcss-loader-7.3.3.tgz#6da03e71a918ef49df1bb4be4c80401df8e249dd" + resolved "https://registry.npmjs.org/postcss-loader/-/postcss-loader-7.3.3.tgz" integrity sha512-YgO/yhtevGO/vJePCQmTxiaEwER94LABZN0ZMT4A0vsak9TpO+RvKRs7EmJ8peIlB9xfXCsS7M8LjqncsUZ5HA== dependencies: cosmiconfig "^8.2.0" @@ -5923,7 +6807,7 @@ postcss-modules-extract-imports@^3.0.0: postcss-modules-local-by-default@^4.0.3: version "4.0.3" - resolved "https://registry.yarnpkg.com/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.0.3.tgz#b08eb4f083050708998ba2c6061b50c2870ca524" + resolved "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.0.3.tgz" integrity sha512-2/u2zraspoACtrbFRnTijMiQtb4GW4BvatjaG/bCjYQo8kLTdevCUlwuBHx2sCnSyrI3x3qj4ZK1j5LQBgzmwA== dependencies: icss-utils "^5.0.0" @@ -6084,7 +6968,7 @@ postcss-zindex@^5.1.0: resolved "https://registry.npmjs.org/postcss-zindex/-/postcss-zindex-5.1.0.tgz" integrity sha512-fgFMf0OtVSBR1va1JNHYgMxYk73yhn/qb4uQDq1DLGYolz8gHCyr/sesEuGUaYs58E3ZJRcpoGuPVoB7Meiq9A== -postcss@^8.3.11, postcss@^8.4.14, postcss@^8.4.17, postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.31: +"postcss@^7.0.0 || ^8.0.1", postcss@^8.0.0, postcss@^8.0.9, postcss@^8.1.0, postcss@^8.2.14, postcss@^8.2.15, postcss@^8.2.2, postcss@^8.3.11, postcss@^8.4.14, postcss@^8.4.16, postcss@^8.4.17, postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.31, postcss@>=8.0.9: version "8.4.31" resolved "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz" integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== @@ -6106,6 +6990,13 @@ pretty-error@^4.0.0: lodash "^4.17.20" renderkid "^3.0.0" +pretty-ms@7.0.1: + version "7.0.1" + resolved "https://registry.npmjs.org/pretty-ms/-/pretty-ms-7.0.1.tgz" + integrity sha512-973driJZvxiGOQ5ONsFhOF/DtzPMOMtgC11kCpUrPGMTgqp2q/1gwzCquocrN33is0VZ5GFHXZYMM9l6h67v2Q== + dependencies: + parse-ms "^2.1.0" + pretty-time@^1.1.0: version "1.1.0" resolved "https://registry.npmjs.org/pretty-time/-/pretty-time-1.1.0.tgz" @@ -6138,6 +7029,11 @@ promise@^7.1.1: dependencies: asap "~2.0.3" +promisepipe@3.0.0: + version "3.0.0" + resolved "https://registry.npmjs.org/promisepipe/-/promisepipe-3.0.0.tgz" + integrity sha512-V6TbZDJ/ZswevgkDNpGt/YqNCiZP9ASfgU+p83uJE6NrGtvSGoOcHLiDCqkMs2+yg7F5qHdLV8d0aS8O26G/KA== + prompts@^2.4.2: version "2.4.2" resolved "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz" @@ -6185,7 +7081,7 @@ punycode@^1.3.2: punycode@^2.1.0: version "2.3.1" - resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" + resolved "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz" integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== pupa@^2.1.1: @@ -6202,7 +7098,7 @@ pure-color@^1.2.0: qs@6.11.0: version "6.11.0" - resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a" + resolved "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz" integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q== dependencies: side-channel "^1.0.4" @@ -6226,15 +7122,25 @@ randombytes@^2.1.0: dependencies: safe-buffer "^5.1.0" +range-parser@^1.2.1, range-parser@~1.2.1: + version "1.2.1" + resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz" + integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== + range-parser@1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz" integrity sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A== -range-parser@^1.2.1, range-parser@~1.2.1: - version "1.2.1" - resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz" - integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== +raw-body@2.4.1: + version "2.4.1" + resolved "https://registry.npmjs.org/raw-body/-/raw-body-2.4.1.tgz" + integrity sha512-9WmIKF6mkvA0SLmA2Knm9+qj89e+j1zqgyn8aXGd7+nAduPoqgI9lO57SAZNn/Byzo5P7JhXTyg9PzaJbH73bA== + dependencies: + bytes "3.1.0" + http-errors "1.7.3" + iconv-lite "0.4.24" + unpipe "1.0.0" raw-body@2.5.1: version "2.5.1" @@ -6246,7 +7152,7 @@ raw-body@2.5.1: iconv-lite "0.4.24" unpipe "1.0.0" -rc@1.2.8, rc@^1.2.8: +rc@^1.2.8, rc@1.2.8: version "1.2.8" resolved "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz" integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw== @@ -6296,7 +7202,7 @@ react-dev-utils@^12.0.1: strip-ansi "^6.0.1" text-table "^0.2.0" -react-dom@^17.0.2: +react-dom@*, "react-dom@^16.6.0 || ^17.0.0 || ^18.0.0", "react-dom@^16.8.4 || ^17.0.0", "react-dom@^17.0.0 || ^16.3.0 || ^15.5.4", react-dom@^17.0.2, "react-dom@>= 16.8.0 < 19.0.0": version "17.0.2" resolved "https://registry.npmjs.org/react-dom/-/react-dom-17.0.2.tgz" integrity sha512-s4h96KtLDUQlsENhMn1ar8t2bEa+q/YAtj8pPPdIjPDGBDIVNsrD9aXNWqspUe6AzKCIG0C1HZZLqLV7qpOBGA== @@ -6312,7 +7218,7 @@ react-error-overlay@^6.0.11: react-fast-compare@^3.2.0: version "3.2.2" - resolved "https://registry.yarnpkg.com/react-fast-compare/-/react-fast-compare-3.2.2.tgz#929a97a532304ce9fee4bcae44234f1ce2c21d49" + resolved "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.2.tgz" integrity sha512-nsO+KSNgo1SbJqJEYRE9ERzo7YtYbou/OqjSQKxV7jcKox7+usiUVZOAC+XnDOABXggQTno0Y1CpVnuWEc1boQ== react-helmet-async@*, react-helmet-async@^1.3.0: @@ -6353,6 +7259,14 @@ react-loadable-ssr-addon-v5-slorber@^1.0.1: dependencies: "@babel/runtime" "^7.10.3" +react-loadable@*, "react-loadable@npm:@docusaurus/react-loadable@5.5.2": + version "5.5.2" + resolved "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-5.5.2.tgz" + integrity sha512-A3dYjdBGuy0IGT+wyLIGIKLRE+sAk1iNk0f1HjNDysO7u8lhL4N3VEm+FAubmJbAztn94F7MxBTPmnixbiyFdQ== + dependencies: + "@types/react" "*" + prop-types "^15.6.2" + react-router-config@^5.1.1: version "5.1.1" resolved "https://registry.npmjs.org/react-router-config/-/react-router-config-5.1.1.tgz" @@ -6362,7 +7276,7 @@ react-router-config@^5.1.1: react-router-dom@^5.3.3: version "5.3.4" - resolved "https://registry.yarnpkg.com/react-router-dom/-/react-router-dom-5.3.4.tgz#2ed62ffd88cae6db134445f4a0c0ae8b91d2e5e6" + resolved "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.4.tgz" integrity sha512-m4EqFMHv/Ih4kpcBCONHbkT68KoAeHN4p3lAGoNryfHi0dMy0kCzEZakiKRsvg5wHZ/JLrLW8o8KomWiz/qbYQ== dependencies: "@babel/runtime" "^7.12.13" @@ -6373,9 +7287,9 @@ react-router-dom@^5.3.3: tiny-invariant "^1.0.2" tiny-warning "^1.0.0" -react-router@5.3.4, react-router@^5.3.3: +react-router@^5.3.3, react-router@>=5, react-router@5.3.4: version "5.3.4" - resolved "https://registry.yarnpkg.com/react-router/-/react-router-5.3.4.tgz#8ca252d70fcc37841e31473c7a151cf777887bb5" + resolved "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz" integrity sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA== dependencies: "@babel/runtime" "^7.12.13" @@ -6397,7 +7311,7 @@ react-textarea-autosize@^8.3.2: use-composed-ref "^1.3.0" use-latest "^1.2.1" -react@^17.0.2: +react@*, "react@^15.0.2 || ^16.0.0 || ^17.0.0", "react@^16.13.1 || ^17.0.0", "react@^16.6.0 || ^17.0.0 || ^18.0.0", "react@^16.8.0 || ^17.0.0 || ^18.0.0", "react@^16.8.4 || ^17.0.0", "react@^17.0.0 || ^16.3.0 || ^15.5.4", react@^17.0.2, "react@>= 16.8.0 < 19.0.0", react@>=0.14.9, react@>=15, react@17.0.2: version "17.0.2" resolved "https://registry.npmjs.org/react/-/react-17.0.2.tgz" integrity sha512-gnhPt75i/dq/z3/6q/0asP78D0u592D5L1pd7M8P+dck6Fu/jJeL6iVVK23fptSUZj8Vjf++7wXA8UNclGQcbA== @@ -6414,7 +7328,7 @@ read-cache@^1.0.0: readable-stream@^2.0.1: version "2.3.8" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.8.tgz#91125e8042bba1b9887f49345f6277027ce8be9b" + resolved "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz" integrity sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA== dependencies: core-util-is "~1.0.0" @@ -6425,15 +7339,22 @@ readable-stream@^2.0.1: string_decoder "~1.1.1" util-deprecate "~1.0.1" -readable-stream@^3.0.6: +readable-stream@^3.0.6, readable-stream@^3.6.0: version "3.6.2" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" + resolved "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz" integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== dependencies: inherits "^2.0.3" string_decoder "^1.1.1" util-deprecate "^1.0.1" +readdirp@~3.3.0: + version "3.3.0" + resolved "https://registry.npmjs.org/readdirp/-/readdirp-3.3.0.tgz" + integrity sha512-zz0pAkSPOXXm1viEwygWIPSPkcBYjW1xU5j/JBh5t9bGCJwa6f9+BJa6VaB2g+b55yVrmXzqkyLf4xaWYM0IkQ== + dependencies: + picomatch "^2.0.7" + readdirp@~3.6.0: version "3.6.0" resolved "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz" @@ -6455,14 +7376,14 @@ rechoir@^0.6.2: recursive-readdir@^2.2.2: version "2.2.3" - resolved "https://registry.yarnpkg.com/recursive-readdir/-/recursive-readdir-2.2.3.tgz#e726f328c0d69153bcabd5c322d3195252379372" + resolved "https://registry.npmjs.org/recursive-readdir/-/recursive-readdir-2.2.3.tgz" integrity sha512-8HrF5ZsXk5FAH9dgsx3BlUer73nIhuj+9OrQwEbLTPOBzGkL1lsFCR01am+v+0m2Cmbs1nP12hLDl5FA7EszKA== dependencies: minimatch "^3.0.5" regenerate-unicode-properties@^10.1.0: version "10.1.1" - resolved "https://registry.yarnpkg.com/regenerate-unicode-properties/-/regenerate-unicode-properties-10.1.1.tgz#6b0e05489d9076b04c436f318d9b067bba459480" + resolved "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.1.1.tgz" integrity sha512-X007RyZLsCJVVrjgEFVpLUTZwyOZk3oiL75ZcuYjlIWd6rNJtOjkBwQc5AsRrpbKVkxN6sklw/k/9m2jJYOf8Q== dependencies: regenerate "^1.4.2" @@ -6479,14 +7400,14 @@ regenerator-runtime@^0.14.0: regenerator-transform@^0.15.2: version "0.15.2" - resolved "https://registry.yarnpkg.com/regenerator-transform/-/regenerator-transform-0.15.2.tgz#5bbae58b522098ebdf09bca2f83838929001c7a4" + resolved "https://registry.npmjs.org/regenerator-transform/-/regenerator-transform-0.15.2.tgz" integrity sha512-hfMp2BoF0qOk3uc5V20ALGDS2ddjQaLrdl7xrGXvAIow7qeWRM2VA2HuCHkUKk9slq3VwEwLNK3DFBqDfPGYtg== dependencies: "@babel/runtime" "^7.8.4" regexpu-core@^5.3.1: version "5.3.2" - resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-5.3.2.tgz#11a2b06884f3527aec3e93dbbf4a3b958a95546b" + resolved "https://registry.npmjs.org/regexpu-core/-/regexpu-core-5.3.2.tgz" integrity sha512-RAM5FlZz+Lhmo7db9L298p2vHP5ZywrVXmVXpmAD9GuL5MPH6t9ROw1iA/wfHkQ76Qe7AaPF0nGuim96/IrQMQ== dependencies: "@babel/regjsgen" "^0.8.0" @@ -6512,7 +7433,7 @@ registry-url@^5.0.0: regjsparser@^0.9.1: version "0.9.1" - resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.9.1.tgz#272d05aa10c7c1f67095b1ff0addae8442fc5709" + resolved "https://registry.npmjs.org/regjsparser/-/regjsparser-0.9.1.tgz" integrity sha512-dQUtn90WanSNl+7mQKcXAgZxvUe7Z0SqXlgzv0za4LwiUhyzBC58yQO3liFoUgu8GiJVInAhJjkj1N0EtQ5nkQ== dependencies: jsesc "~0.5.0" @@ -6615,6 +7536,11 @@ resolve-from@^4.0.0: resolved "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz" integrity sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g== +resolve-from@^5.0.0: + version "5.0.0" + resolved "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz" + integrity sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw== + resolve-pathname@^3.0.0: version "3.0.0" resolved "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz" @@ -6677,17 +7603,27 @@ run-parallel@^1.1.9: rxjs@^7.5.4: version "7.8.1" - resolved "https://registry.yarnpkg.com/rxjs/-/rxjs-7.8.1.tgz#6f6f3d99ea8044291efd92e7c7fcf562c4057543" + resolved "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz" integrity sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg== dependencies: tslib "^2.1.0" -safe-buffer@5.1.2, safe-buffer@>=5.1.0, safe-buffer@^5.1.0, safe-buffer@~5.1.0, safe-buffer@~5.1.1: +safe-buffer@^5.1.0, safe-buffer@^5.1.2, safe-buffer@>=5.1.0, safe-buffer@~5.1.0, safe-buffer@~5.1.1, safe-buffer@5.1.2: version "5.1.2" resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== -safe-buffer@5.2.1, safe-buffer@~5.2.0: +safe-buffer@^5.2.1: + version "5.2.1" + resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" + integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== + +safe-buffer@~5.2.0: + version "5.2.1" + resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" + integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== + +safe-buffer@5.2.1: version "5.2.1" resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== @@ -6710,15 +7646,6 @@ scheduler@^0.20.2: loose-envify "^1.1.0" object-assign "^4.1.1" -schema-utils@2.7.0: - version "2.7.0" - resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz" - integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A== - dependencies: - "@types/json-schema" "^7.0.4" - ajv "^6.12.2" - ajv-keywords "^3.4.1" - schema-utils@^2.6.5: version "2.7.1" resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.1.tgz" @@ -6728,9 +7655,27 @@ schema-utils@^2.6.5: ajv "^6.12.4" ajv-keywords "^3.5.2" -schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.2.0: +schema-utils@^3.0.0: version "3.3.0" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.3.0.tgz#f50a88877c3c01652a15b622ae9e9795df7a60fe" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz" + integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== + dependencies: + "@types/json-schema" "^7.0.8" + ajv "^6.12.5" + ajv-keywords "^3.5.2" + +schema-utils@^3.1.1: + version "3.3.0" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz" + integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== + dependencies: + "@types/json-schema" "^7.0.8" + ajv "^6.12.5" + ajv-keywords "^3.5.2" + +schema-utils@^3.2.0: + version "3.3.0" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz" integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== dependencies: "@types/json-schema" "^7.0.8" @@ -6739,7 +7684,7 @@ schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.2.0: schema-utils@^4.0.0: version "4.2.0" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-4.2.0.tgz#70d7c93e153a273a805801882ebd3bff20d89c8b" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz" integrity sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw== dependencies: "@types/json-schema" "^7.0.9" @@ -6747,6 +7692,20 @@ schema-utils@^4.0.0: ajv-formats "^2.1.1" ajv-keywords "^5.1.0" +schema-utils@2.7.0: + version "2.7.0" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz" + integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A== + dependencies: + "@types/json-schema" "^7.0.4" + ajv "^6.12.2" + ajv-keywords "^3.4.1" + +"search-insights@>= 1 < 3": + version "2.13.0" + resolved "https://registry.npmjs.org/search-insights/-/search-insights-2.13.0.tgz" + integrity sha512-Orrsjf9trHHxFRuo9/rzm0KIWmgzE8RMlZMzuhZOJ01Rnz3D0YBAe+V6473t6/H6c7irs6Lt48brULAiRWb3Vw== + section-matter@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz" @@ -6762,7 +7721,7 @@ select-hose@^2.0.0: selfsigned@^2.1.1: version "2.4.1" - resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-2.4.1.tgz#560d90565442a3ed35b674034cec4e95dceb4ae0" + resolved "https://registry.npmjs.org/selfsigned/-/selfsigned-2.4.1.tgz" integrity sha512-th5B4L2U+eGLq1TVh7zNRGBapioSORUeymIydxgFpwww9d2qyKvtuPU2jJuHvYAwwqi2Y596QBL3eEqcPEYL8Q== dependencies: "@types/node-forge" "^1.3.0" @@ -6780,18 +7739,53 @@ semver@^5.4.1: resolved "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz" integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== -semver@^6.0.0, semver@^6.2.0, semver@^6.3.0, semver@^6.3.1: +semver@^6.0.0, semver@^6.2.0, semver@^6.3.0, semver@^6.3.1, semver@6.3.1: version "6.3.1" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + resolved "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.3.2, semver@^7.3.4, semver@^7.3.7, semver@^7.3.8: +semver@^7.3.2: + version "7.5.4" + resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== + dependencies: + lru-cache "^6.0.0" + +semver@^7.3.4: + version "7.5.4" + resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== + dependencies: + lru-cache "^6.0.0" + +semver@^7.3.5: version "7.5.4" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" + resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== dependencies: lru-cache "^6.0.0" +semver@^7.3.7: + version "7.5.4" + resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== + dependencies: + lru-cache "^6.0.0" + +semver@^7.3.8: + version "7.5.4" + resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== + dependencies: + lru-cache "^6.0.0" + +semver@7.3.5: + version "7.3.5" + resolved "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz" + integrity sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ== + dependencies: + lru-cache "^6.0.0" + send@0.18.0: version "0.18.0" resolved "https://registry.npmjs.org/send/-/send-0.18.0.tgz" @@ -6813,14 +7807,14 @@ send@0.18.0: serialize-javascript@^6.0.0, serialize-javascript@^6.0.1: version "6.0.1" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.1.tgz#b206efb27c3da0b0ab6b52f48d170b7996458e5c" + resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.1.tgz" integrity sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w== dependencies: randombytes "^2.1.0" serve-handler@^6.1.3: version "6.1.5" - resolved "https://registry.yarnpkg.com/serve-handler/-/serve-handler-6.1.5.tgz#a4a0964f5c55c7e37a02a633232b6f0d6f068375" + resolved "https://registry.npmjs.org/serve-handler/-/serve-handler-6.1.5.tgz" integrity sha512-ijPFle6Hwe8zfmBxJdE+5fta53fdIY0lHISJvuikXB3VYFafRjMRpOffSPvCYsbKyBA7pvy9oYr/BT1O3EArlg== dependencies: bytes "3.0.0" @@ -6855,6 +7849,11 @@ serve-static@1.15.0: parseurl "~1.3.3" send "0.18.0" +set-blocking@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz" + integrity sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw== + setimmediate@^1.0.5: version "1.0.5" resolved "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz" @@ -6865,6 +7864,11 @@ setprototypeof@1.1.0: resolved "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz" integrity sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ== +setprototypeof@1.1.1: + version "1.1.1" + resolved "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz" + integrity sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw== + setprototypeof@1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz" @@ -6896,7 +7900,7 @@ shebang-regex@^3.0.0: shell-quote@^1.7.3, shell-quote@^1.8.1: version "1.8.1" - resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.8.1.tgz#6dbf4db75515ad5bac63b4f1894c3a154c766680" + resolved "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.1.tgz" integrity sha512-6j1W9l1iAs/4xYBI1SYOVZyFcCis9b4KCLQ8fgAGG07QvzaRLVVRQvAy85yNmmZSjYjg4MWh4gNvlPujU/5LpA== shelljs@^0.8.5: @@ -6917,14 +7921,19 @@ side-channel@^1.0.4: get-intrinsic "^1.0.2" object-inspect "^1.9.0" -signal-exit@^3.0.2, signal-exit@^3.0.3: +signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3: version "3.0.7" resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz" integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== +signal-exit@4.0.2: + version "4.0.2" + resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-4.0.2.tgz" + integrity sha512-MY2/qGx4enyjprQnFaZsHib3Yadh3IXyV2C321GY0pjGfVBu4un0uDJkwgdxqO+Rdx8JMT8IfJIRwbYVz3Ob3Q== + sirv@^2.0.3: version "2.0.3" - resolved "https://registry.yarnpkg.com/sirv/-/sirv-2.0.3.tgz#ca5868b87205a74bef62a469ed0296abceccd446" + resolved "https://registry.npmjs.org/sirv/-/sirv-2.0.3.tgz" integrity sha512-O9jm9BsID1P+0HOi81VpXPoDxYP374pkOLzACAoyUQ/3OUVndNpsz6wMnY2z+yOxzbllCKZrM+9QrWsv4THnyA== dependencies: "@polka/url" "^1.0.0-next.20" @@ -7031,43 +8040,56 @@ stable@^0.1.8: resolved "https://registry.npmjs.org/stable/-/stable-0.1.8.tgz" integrity sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w== +stat-mode@0.3.0: + version "0.3.0" + resolved "https://registry.npmjs.org/stat-mode/-/stat-mode-0.3.0.tgz" + integrity sha512-QjMLR0A3WwFY2aZdV0okfFEJB5TRjkggXZjxP3A1RsWsNHNu3YPv8btmtc6iCFZ0Rul3FE93OYogvhOUClU+ng== + state-toggle@^1.0.0: version "1.0.3" resolved "https://registry.npmjs.org/state-toggle/-/state-toggle-1.0.3.tgz" integrity sha512-d/5Z4/2iiCnHw6Xzghyhb+GcmF89bxwgXG60wjIiZaxnymbyOmI8Hk4VqHXiVVp6u2ysaskFfXg3ekCj4WNftQ== -statuses@2.0.1: - version "2.0.1" - resolved "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz" - integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ== +"statuses@>= 1.2.1 < 2": + version "1.5.0" + resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" + integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== "statuses@>= 1.4.0 < 2": version "1.5.0" resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== +"statuses@>= 1.5.0 < 2": + version "1.5.0" + resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" + integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== + +statuses@2.0.1: + version "2.0.1" + resolved "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz" + integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ== + std-env@^3.0.1: version "3.4.3" - resolved "https://registry.yarnpkg.com/std-env/-/std-env-3.4.3.tgz#326f11db518db751c83fd58574f449b7c3060910" + resolved "https://registry.npmjs.org/std-env/-/std-env-3.4.3.tgz" integrity sha512-f9aPhy8fYBuMN+sNfakZV18U39PbalgjXG3lLB9WkaYTxijru61wb57V9wxxNthXM5Sd88ETBWi29qLAsHO52Q== -string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2: - version "4.2.3" - resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz" - integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== +stream-to-array@~2.3.0: + version "2.3.0" + resolved "https://registry.npmjs.org/stream-to-array/-/stream-to-array-2.3.0.tgz" + integrity sha512-UsZtOYEn4tWU2RGLOXr/o/xjRBftZRlG3dEWoaHr8j4GuypJ3isitGbVyjQKAuMu+xbiop8q224TjiZWc4XTZA== dependencies: - emoji-regex "^8.0.0" - is-fullwidth-code-point "^3.0.0" - strip-ansi "^6.0.1" + any-promise "^1.1.0" -string-width@^5.0.1: - version "5.1.2" - resolved "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz" - integrity sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA== +stream-to-promise@2.2.0: + version "2.2.0" + resolved "https://registry.npmjs.org/stream-to-promise/-/stream-to-promise-2.2.0.tgz" + integrity sha512-HAGUASw8NT0k8JvIVutB2Y/9iBk7gpgEyAudXwNJmZERdMITGdajOa4VJfD/kNiA3TppQpTP4J+CtcHwdzKBAw== dependencies: - eastasianwidth "^0.2.0" - emoji-regex "^9.2.2" - strip-ansi "^7.0.1" + any-promise "~1.3.0" + end-of-stream "~1.1.0" + stream-to-array "~2.3.0" string_decoder@^1.1.1: version "1.3.0" @@ -7083,6 +8105,24 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" +"string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2, string-width@^4.2.3: + version "4.2.3" + resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^5.0.1: + version "5.1.2" + resolved "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz" + integrity sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA== + dependencies: + eastasianwidth "^0.2.0" + emoji-regex "^9.2.2" + strip-ansi "^7.0.1" + stringify-object@^3.3.0: version "3.3.0" resolved "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz" @@ -7101,7 +8141,7 @@ strip-ansi@^6.0.0, strip-ansi@^6.0.1: strip-ansi@^7.0.1: version "7.1.0" - resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-7.1.0.tgz#d5b6568ca689d8561370b0707685d22434faff45" + resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz" integrity sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ== dependencies: ansi-regex "^6.0.1" @@ -7126,7 +8166,7 @@ strip-json-comments@~2.0.1: resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz" integrity sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ== -style-to-object@0.3.0, style-to-object@^0.3.0: +style-to-object@^0.3.0, style-to-object@0.3.0: version "0.3.0" resolved "https://registry.npmjs.org/style-to-object/-/style-to-object-0.3.0.tgz" integrity sha512-CzFnRRXhzWIdItT3OmF8SQfWyahHhjq3HwcMNCNLn+N7klOOqPjMeG/4JSu77D7ypZdGvSzvkrbyeTMizz2VrA== @@ -7236,9 +8276,34 @@ tapable@^2.0.0, tapable@^2.1.1, tapable@^2.2.0: resolved "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz" integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== +tar@^6.1.11: + version "6.2.0" + resolved "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz" + integrity sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ== + dependencies: + chownr "^2.0.0" + fs-minipass "^2.0.0" + minipass "^5.0.0" + minizlib "^2.1.1" + mkdirp "^1.0.3" + yallist "^4.0.0" + +tar@4.4.18: + version "4.4.18" + resolved "https://registry.npmjs.org/tar/-/tar-4.4.18.tgz" + integrity sha512-ZuOtqqmkV9RE1+4odd+MhBpibmCxNP6PJhH/h2OqNuotTX7/XHPZQJv2pKvWMplFH9SIZZhitehh6vBH6LO8Pg== + dependencies: + chownr "^1.1.4" + fs-minipass "^1.2.7" + minipass "^2.9.0" + minizlib "^1.3.3" + mkdirp "^0.5.5" + safe-buffer "^5.2.1" + yallist "^3.1.1" + terser-webpack-plugin@^5.3.3, terser-webpack-plugin@^5.3.7: version "5.3.9" - resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.9.tgz#832536999c51b46d468067f9e37662a3b96adfe1" + resolved "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.9.tgz" integrity sha512-ZuXsqE07EcggTWQjXUj+Aot/OMcD0bMKGgF63f7UxYcu5/AJF53aIpK1YoP5xR9l6s/Hy2b+t1AM0bLNPRuhwA== dependencies: "@jridgewell/trace-mapping" "^0.3.17" @@ -7249,7 +8314,7 @@ terser-webpack-plugin@^5.3.3, terser-webpack-plugin@^5.3.7: terser@^5.10.0, terser@^5.16.8: version "5.24.0" - resolved "https://registry.yarnpkg.com/terser/-/terser-5.24.0.tgz#4ae50302977bca4831ccc7b4fef63a3c04228364" + resolved "https://registry.npmjs.org/terser/-/terser-5.24.0.tgz" integrity sha512-ZpGR4Hy3+wBEzVEnHvstMvqpD/nABNelQn/z2r0fjVWGQsN3bpOLzQlqDxmb4CDZnXq5lpjnQ+mHQLAOpfM5iw== dependencies: "@jridgewell/source-map" "^0.3.3" @@ -7281,9 +8346,16 @@ thunky@^1.0.2: resolved "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz" integrity sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA== +time-span@4.0.0: + version "4.0.0" + resolved "https://registry.npmjs.org/time-span/-/time-span-4.0.0.tgz" + integrity sha512-MyqZCTGLDZ77u4k+jqg4UlrzPTPZ49NDlaekU6uuFaJLzPIN1woaRXCbGeqOfxwc3Y37ZROGAJ614Rdv7Olt+g== + dependencies: + convert-hrtime "^3.0.0" + tiny-invariant@^1.0.2: version "1.3.1" - resolved "https://registry.yarnpkg.com/tiny-invariant/-/tiny-invariant-1.3.1.tgz#8560808c916ef02ecfd55e66090df23a4b7aa642" + resolved "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.1.tgz" integrity sha512-AD5ih2NlSssTCwsMznbvwMZpJ1cbhkGd2uueNxzv2jDlEeZdU04JQfRnggJQ8DrcVBGjAsCKwFBbDlVNtEMlzw== tiny-warning@^1.0.0: @@ -7308,6 +8380,11 @@ to-regex-range@^5.0.1: dependencies: is-number "^7.0.0" +toidentifier@1.0.0: + version "1.0.0" + resolved "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz" + integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw== + toidentifier@1.0.1: version "1.0.1" resolved "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz" @@ -7315,7 +8392,7 @@ toidentifier@1.0.1: totalist@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/totalist/-/totalist-3.0.1.tgz#ba3a3d600c915b1a97872348f79c127475f6acf8" + resolved "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz" integrity sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ== tr46@~0.0.3: @@ -7323,6 +8400,11 @@ tr46@~0.0.3: resolved "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz" integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== +tree-kill@1.2.2: + version "1.2.2" + resolved "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz" + integrity sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A== + trim-trailing-lines@^1.0.0: version "1.1.4" resolved "https://registry.npmjs.org/trim-trailing-lines/-/trim-trailing-lines-1.1.4.tgz" @@ -7343,9 +8425,41 @@ ts-interface-checker@^0.1.9: resolved "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz" integrity sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA== +ts-morph@12.0.0: + version "12.0.0" + resolved "https://registry.npmjs.org/ts-morph/-/ts-morph-12.0.0.tgz" + integrity sha512-VHC8XgU2fFW7yO1f/b3mxKDje1vmyzFXHWzOYmKEkCEwcLjDtbdLgBQviqj4ZwP4MJkQtRo6Ha2I29lq/B+VxA== + dependencies: + "@ts-morph/common" "~0.11.0" + code-block-writer "^10.1.1" + +ts-node@>=9.0.0, ts-node@10.9.1: + version "10.9.1" + resolved "https://registry.npmjs.org/ts-node/-/ts-node-10.9.1.tgz" + integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== + dependencies: + "@cspotcode/source-map-support" "^0.8.0" + "@tsconfig/node10" "^1.0.7" + "@tsconfig/node12" "^1.0.7" + "@tsconfig/node14" "^1.0.0" + "@tsconfig/node16" "^1.0.2" + acorn "^8.4.1" + acorn-walk "^8.1.1" + arg "^4.1.0" + create-require "^1.1.0" + diff "^4.0.1" + make-error "^1.1.1" + v8-compile-cache-lib "^3.0.1" + yn "3.1.1" + +ts-toolbelt@^6.15.5: + version "6.15.5" + resolved "https://registry.npmjs.org/ts-toolbelt/-/ts-toolbelt-6.15.5.tgz" + integrity sha512-FZIXf1ksVyLcfr7M317jbB67XFJhOO1YqdTcuGaq9q5jLUoTikukZ+98TPjKiP2jC5CgmYdWWYs0s2nLSU0/1A== + tslib@^2.0.3, tslib@^2.1.0, tslib@^2.4.0: version "2.6.2" - resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae" + resolved "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz" integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q== type-fest@^0.20.2: @@ -7355,7 +8469,7 @@ type-fest@^0.20.2: type-fest@^2.5.0: version "2.19.0" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-2.19.0.tgz#88068015bb33036a598b952e55e9311a60fd3a9b" + resolved "https://registry.npmjs.org/type-fest/-/type-fest-2.19.0.tgz" integrity sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA== type-is@~1.6.18: @@ -7373,9 +8487,9 @@ typedarray-to-buffer@^3.1.5: dependencies: is-typedarray "^1.0.0" -typescript@^4.7.4: +typescript@^4.7.4, "typescript@>= 2.7", typescript@>=2.7, typescript@>=4.9.5, typescript@4.9.5: version "4.9.5" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.5.tgz#095979f9bcc0d09da324d58d03ce8f8374cbe65a" + resolved "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz" integrity sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g== ua-parser-js@^1.0.35: @@ -7383,11 +8497,23 @@ ua-parser-js@^1.0.35: resolved "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-1.0.37.tgz" integrity sha512-bhTyI94tZofjo+Dn8SN6Zv8nBDvyXTymAdM3LDI/0IboIUwTu1rEhW7v2TfiVsoYWgkQ4kOVqnI8APUFbIQIFQ== +uid-promise@1.0.0: + version "1.0.0" + resolved "https://registry.npmjs.org/uid-promise/-/uid-promise-1.0.0.tgz" + integrity sha512-R8375j0qwXyIu/7R0tjdF06/sElHqbmdmWC9M2qQHpEVbvE4I5+38KJI7LUUmQMp7NVq4tKHiBMkT0NFM453Ig== + undici-types@~5.26.4: version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + resolved "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz" integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== +undici@5.26.5: + version "5.26.5" + resolved "https://registry.npmjs.org/undici/-/undici-5.26.5.tgz" + integrity sha512-cSb4bPFd5qgR7qr2jYAi0hlX9n5YKK2ONKkLFkxl+v/9BvC0sOpZjBHDBSXc5lWAf5ty9oZdRXytBIHzgUcerw== + dependencies: + "@fastify/busboy" "^2.0.0" + unherit@^1.0.4: version "1.1.3" resolved "https://registry.npmjs.org/unherit/-/unherit-1.1.3.tgz" @@ -7411,18 +8537,18 @@ unicode-match-property-ecmascript@^2.0.0: unicode-match-property-value-ecmascript@^2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.1.0.tgz#cb5fffdcd16a05124f5a4b0bf7c3770208acbbe0" + resolved "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.1.0.tgz" integrity sha512-qxkjQt6qjg/mYscYMC0XKRn3Rh0wFPlfxB0xkt9CfyTvpX1Ra0+rAmdX2QyAobptSEvuy4RtpPRui6XkV+8wjA== unicode-property-aliases-ecmascript@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz#43d41e3be698bd493ef911077c9b131f827e8ccd" + resolved "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz" integrity sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w== -unified@9.2.0: - version "9.2.0" - resolved "https://registry.npmjs.org/unified/-/unified-9.2.0.tgz" - integrity sha512-vx2Z0vY+a3YoTj8+pttM3tiJHCwY5UFbYdiWrwBEbHmK8pvsPj2rtAX2BFfgXen8T39CJWblWRDT4L5WGXtDdg== +unified@^9.2.2: + version "9.2.2" + resolved "https://registry.npmjs.org/unified/-/unified-9.2.2.tgz" + integrity sha512-Sg7j110mtefBD+qunSLO1lqOEKdrwBFBrR6Qd8f4uwkhWNlbkaqwHse6e7QvD3AP/MNoJdEDLaf8OxYyoWgorQ== dependencies: bail "^1.0.0" extend "^3.0.0" @@ -7431,10 +8557,10 @@ unified@9.2.0: trough "^1.0.0" vfile "^4.0.0" -unified@^9.2.2: - version "9.2.2" - resolved "https://registry.npmjs.org/unified/-/unified-9.2.2.tgz" - integrity sha512-Sg7j110mtefBD+qunSLO1lqOEKdrwBFBrR6Qd8f4uwkhWNlbkaqwHse6e7QvD3AP/MNoJdEDLaf8OxYyoWgorQ== +unified@9.2.0: + version "9.2.0" + resolved "https://registry.npmjs.org/unified/-/unified-9.2.0.tgz" + integrity sha512-vx2Z0vY+a3YoTj8+pttM3tiJHCwY5UFbYdiWrwBEbHmK8pvsPj2rtAX2BFfgXen8T39CJWblWRDT4L5WGXtDdg== dependencies: bail "^1.0.0" extend "^3.0.0" @@ -7450,7 +8576,7 @@ unique-string@^2.0.0: dependencies: crypto-random-string "^2.0.0" -unist-builder@2.0.3, unist-builder@^2.0.0: +unist-builder@^2.0.0, unist-builder@2.0.3: version "2.0.3" resolved "https://registry.npmjs.org/unist-builder/-/unist-builder-2.0.3.tgz" integrity sha512-f98yt5pnlMWlzP539tPc4grGMsFaQQlP/vM396b00jngsiINumNmsY8rkXjfoi1c6QaM8nQ3vaGDuoKWbe/1Uw== @@ -7499,7 +8625,7 @@ unist-util-visit-parents@^3.0.0: "@types/unist" "^2.0.0" unist-util-is "^4.0.0" -unist-util-visit@2.0.3, unist-util-visit@^2.0.0, unist-util-visit@^2.0.3: +unist-util-visit@^2.0.0, unist-util-visit@^2.0.3, unist-util-visit@2.0.3: version "2.0.3" resolved "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-2.0.3.tgz" integrity sha512-iJ4/RczbJMkD0712mGktuGpm/U4By4FfDonL7N/9tATGIF4imikjOuagyMY53tnZq3NP6BcmlrHhEKAfGWjh7Q== @@ -7508,12 +8634,17 @@ unist-util-visit@2.0.3, unist-util-visit@^2.0.0, unist-util-visit@^2.0.3: unist-util-is "^4.0.0" unist-util-visit-parents "^3.0.0" +universalify@^0.1.0: + version "0.1.2" + resolved "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz" + integrity sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg== + universalify@^2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz" integrity sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ== -unpipe@1.0.0, unpipe@~1.0.0: +unpipe@~1.0.0, unpipe@1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz" integrity sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== @@ -7623,6 +8754,16 @@ uuid@^8.3.2: resolved "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz" integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== +uuid@3.3.2: + version "3.3.2" + resolved "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz" + integrity sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA== + +v8-compile-cache-lib@^3.0.1: + version "3.0.1" + resolved "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz" + integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== + value-equal@^1.0.1: version "1.0.1" resolved "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz" @@ -7633,6 +8774,24 @@ vary@~1.1.2: resolved "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz" integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== +vercel@^33.4.0: + version "33.4.0" + resolved "https://registry.npmjs.org/vercel/-/vercel-33.4.0.tgz" + integrity sha512-uB8XcTvARBsJtXCbhm/+F3qtV/FQXYYxx6jyUMfMU8izmOmWUlcSOmARbctL4vZ3Izj4ku+P4S25aDQFNmhGYQ== + dependencies: + "@vercel/build-utils" "7.5.1" + "@vercel/fun" "1.1.0" + "@vercel/go" "3.0.5" + "@vercel/hydrogen" "1.0.2" + "@vercel/next" "4.1.0" + "@vercel/node" "3.0.17" + "@vercel/python" "4.1.1" + "@vercel/redwood" "2.0.6" + "@vercel/remix-builder" "2.0.18" + "@vercel/ruby" "2.0.5" + "@vercel/static-build" "2.1.0" + chokidar "3.3.1" + vfile-location@^3.0.0, vfile-location@^3.2.0: version "3.2.0" resolved "https://registry.npmjs.org/vfile-location/-/vfile-location-3.2.0.tgz" @@ -7687,6 +8846,11 @@ web-namespaces@^1.0.0: resolved "https://registry.npmjs.org/web-namespaces/-/web-namespaces-1.1.4.tgz" integrity sha512-wYxSGajtmoP4WxfejAPIr4l0fVh+jeMXZb08wNc0tMg6xsfZXj3cECqIK0G7ZAqUq0PP8WlMDtaOGVBTAWztNw== +web-vitals@0.2.4: + version "0.2.4" + resolved "https://registry.npmjs.org/web-vitals/-/web-vitals-0.2.4.tgz" + integrity sha512-6BjspCO9VriYy12z356nL6JBS0GYeEcA457YyRzD+dD6XYCQ75NKhcOHUMHentOE7OcVCIXXDvOm0jKFfQG2Gg== + webidl-conversions@^3.0.0: version "3.0.1" resolved "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz" @@ -7694,7 +8858,7 @@ webidl-conversions@^3.0.0: webpack-bundle-analyzer@^4.5.0: version "4.9.1" - resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.9.1.tgz#d00bbf3f17500c10985084f22f1a2bf45cb2f09d" + resolved "https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.9.1.tgz" integrity sha512-jnd6EoYrf9yMxCyYDPj8eutJvtjQNp8PHmni/e/ulydHBWhT5J3menXt3HEkScsu9YqMAcG4CfFjs3rj5pVU1w== dependencies: "@discoveryjs/json-ext" "0.5.7" @@ -7728,7 +8892,7 @@ webpack-dev-middleware@^5.3.1: webpack-dev-server@^4.9.3: version "4.15.1" - resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz#8944b29c12760b3a45bdaa70799b17cb91b03df7" + resolved "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz" integrity sha512-5hbAst3h3C3L8w6W4P96L5vaV0PxSmJhxZvWKYIdgxOQm8pNZ5dEOmmSLBVpP85ReeyRt6AS1QJNyo/oFFPeVA== dependencies: "@types/bonjour" "^3.5.9" @@ -7764,7 +8928,7 @@ webpack-dev-server@^4.9.3: webpack-merge@^5.8.0: version "5.10.0" - resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-5.10.0.tgz#a3ad5d773241e9c682803abf628d4cd62b8a4177" + resolved "https://registry.npmjs.org/webpack-merge/-/webpack-merge-5.10.0.tgz" integrity sha512-+4zXKdx7UnO+1jaN4l2lHVD+mFvnlZQP/6ljaJVb4SZiwIKeUnrT5l0gkT8z+n4hKpC+jpOv6O9R+gLtag7pSA== dependencies: clone-deep "^4.0.1" @@ -7776,9 +8940,9 @@ webpack-sources@^3.2.2, webpack-sources@^3.2.3: resolved "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz" integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== -webpack@^5.73.0: +"webpack@^4.0.0 || ^5.0.0", "webpack@^4.37.0 || ^5.0.0", webpack@^5.0.0, webpack@^5.1.0, webpack@^5.20.0, webpack@^5.73.0, "webpack@>= 4", webpack@>=2, "webpack@>=4.41.1 || 5.x", "webpack@3 || 4 || 5": version "5.89.0" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.89.0.tgz#56b8bf9a34356e93a6625770006490bf3a7f32dc" + resolved "https://registry.npmjs.org/webpack/-/webpack-5.89.0.tgz" integrity sha512-qyfIC10pOr70V+jkmud8tMfajraGCZMBWJtrmuBymQKCrLTRejBI8STDp1MCyZu/QTdZSeacCQYpYNQVOzX5kw== dependencies: "@types/eslint-scope" "^3.7.3" @@ -7816,7 +8980,7 @@ webpackbar@^5.0.2: pretty-time "^1.1.0" std-env "^3.0.1" -websocket-driver@>=0.5.1, websocket-driver@^0.7.4: +websocket-driver@^0.7.4, websocket-driver@>=0.5.1: version "0.7.4" resolved "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz" integrity sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg== @@ -7852,6 +9016,13 @@ which@^2.0.1: dependencies: isexe "^2.0.0" +wide-align@^1.1.2: + version "1.1.5" + resolved "https://registry.npmjs.org/wide-align/-/wide-align-1.1.5.tgz" + integrity sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg== + dependencies: + string-width "^1.0.2 || 2 || 3 || 4" + widest-line@^3.1.0: version "3.1.0" resolved "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz" @@ -7868,7 +9039,7 @@ widest-line@^4.0.1: wildcard@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/wildcard/-/wildcard-2.0.1.tgz#5ab10d02487198954836b6349f74fff961e10f67" + resolved "https://registry.npmjs.org/wildcard/-/wildcard-2.0.1.tgz" integrity sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ== wrap-ansi@^7.0.0: @@ -7882,7 +9053,7 @@ wrap-ansi@^7.0.0: wrap-ansi@^8.0.1: version "8.1.0" - resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" + resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz" integrity sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ== dependencies: ansi-styles "^6.1.0" @@ -7911,14 +9082,28 @@ ws@^7.3.1: ws@^8.13.0: version "8.14.2" - resolved "https://registry.yarnpkg.com/ws/-/ws-8.14.2.tgz#6c249a806eb2db7a20d26d51e7709eab7b2e6c7f" + resolved "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz" integrity sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g== +xdg-app-paths@5.1.0: + version "5.1.0" + resolved "https://registry.npmjs.org/xdg-app-paths/-/xdg-app-paths-5.1.0.tgz" + integrity sha512-RAQ3WkPf4KTU1A8RtFx3gWywzVKe00tfOPFfl2NDGqbIFENQO4kqAJp7mhQjNj/33W5x5hiWWUdyfPq/5SU3QA== + dependencies: + xdg-portable "^7.0.0" + xdg-basedir@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-4.0.0.tgz" integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q== +xdg-portable@^7.0.0: + version "7.3.0" + resolved "https://registry.npmjs.org/xdg-portable/-/xdg-portable-7.3.0.tgz" + integrity sha512-sqMMuL1rc0FmMBOzCpd0yuy9trqF2yTTVe+E9ogwCSWQCdDEtQUwrZPT6AxqtsFGRNxycgncbP/xmOOSPw5ZUw== + dependencies: + os-paths "^4.0.1" + xml-js@^1.6.11: version "1.6.11" resolved "https://registry.npmjs.org/xml-js/-/xml-js-1.6.11.tgz" @@ -7931,9 +9116,9 @@ xtend@^4.0.0, xtend@^4.0.1: resolved "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz" integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ== -yallist@^3.0.2: +yallist@^3.0.0, yallist@^3.0.2, yallist@^3.1.1: version "3.1.1" - resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd" + resolved "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz" integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g== yallist@^4.0.0: @@ -7951,6 +9136,34 @@ yaml@^2.1.1: resolved "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz" integrity sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA== +yauzl-clone@^1.0.4: + version "1.0.4" + resolved "https://registry.npmjs.org/yauzl-clone/-/yauzl-clone-1.0.4.tgz" + integrity sha512-igM2RRCf3k8TvZoxR2oguuw4z1xasOnA31joCqHIyLkeWrvAc2Jgay5ISQ2ZplinkoGaJ6orCz56Ey456c5ESA== + dependencies: + events-intercept "^2.0.0" + +yauzl-promise@2.1.3: + version "2.1.3" + resolved "https://registry.npmjs.org/yauzl-promise/-/yauzl-promise-2.1.3.tgz" + integrity sha512-A1pf6fzh6eYkK0L4Qp7g9jzJSDrM6nN0bOn5T0IbY4Yo3w+YkWlHFkJP7mzknMXjqusHFHlKsK2N+4OLsK2MRA== + dependencies: + yauzl "^2.9.1" + yauzl-clone "^1.0.4" + +yauzl@^2.9.1: + version "2.10.0" + resolved "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz" + integrity sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g== + dependencies: + buffer-crc32 "~0.2.3" + fd-slicer "~1.1.0" + +yn@3.1.1: + version "3.1.1" + resolved "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz" + integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q== + yocto-queue@^0.1.0: version "0.1.0" resolved "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz" From a6abf5d88377ded9d48e689ed81c6511a9825740 Mon Sep 17 00:00:00 2001 From: bglynn Date: Tue, 30 Jan 2024 08:44:03 -0800 Subject: [PATCH 06/24] "/Examples" -> "/tutorials" --- docs/features/aws-iam/index.mdx | 4 +-- .../tutorials}/_category_.json | 2 +- .../{Examples => tutorials}/aws-iam-eks.mdx | 0 docs/features/{Istio => istio}/Reference.mdx | 0 .../features/{Istio => istio}/_category_.json | 0 docs/features/{Istio => istio}/index.mdx | 0 .../tutorials}/_category_.json | 2 +- .../k8s-istio-authorization-policies.mdx | 0 .../tutorials}/k8s-istio-watcher.mdx | 0 docs/features/{Kafka => kafka}/Reference.mdx | 0 .../features/{Kafka => kafka}/_category_.json | 0 docs/features/{Kafka => kafka}/index.mdx | 10 +++--- .../tutorials}/_category_.json | 2 +- .../tutorials}/k8s-kafka-mapping.mdx | 0 .../k8s-kafka-mtls-cert-manager.mdx | 0 .../tutorials}/k8s-kafka-mtls.mdx | 0 .../Reference/Network-Policies-Deep-Dive.mdx | 0 .../Reference/README.mdx | 0 .../_category_.json | 0 .../{Networking => networking}/index.mdx | 15 ++++++--- .../tutorials}/_category_.json | 2 +- .../tutorials}/aws-eks-cni-mini.mdx | 0 .../tutorials}/k8s-network-mapper.mdx | 0 .../tutorials}/k8s-network-policies.mdx | 0 .../protect-1-service-network-policies.mdx | 0 .../postgresql/Examples/_category_.json | 5 --- docs/features/postgresql/index.mdx | 2 +- .../postgresql/tutorials/_category_.json | 5 +++ .../{Examples => tutorials}/postgres.mdx | 0 docs/getting-started/README.mdx | 17 +++++----- docs/overview/README.mdx | 4 --- docs/overview/index.mdx | 31 +++++++++++++++++++ docs/overview/installation/README.mdx | 2 +- .../configuration/intents-operator/README.mdx | 2 +- docusaurus.config.js | 20 ++++++------ 35 files changed, 79 insertions(+), 46 deletions(-) rename docs/features/{Istio/Examples => aws-iam/tutorials}/_category_.json (63%) rename docs/features/aws-iam/{Examples => tutorials}/aws-iam-eks.mdx (100%) rename docs/features/{Istio => istio}/Reference.mdx (100%) rename docs/features/{Istio => istio}/_category_.json (100%) rename docs/features/{Istio => istio}/index.mdx (100%) rename docs/features/{Kafka/Examples => istio/tutorials}/_category_.json (63%) rename docs/features/{Istio/Examples => istio/tutorials}/k8s-istio-authorization-policies.mdx (100%) rename docs/features/{Istio/Examples => istio/tutorials}/k8s-istio-watcher.mdx (100%) rename docs/features/{Kafka => kafka}/Reference.mdx (100%) rename docs/features/{Kafka => kafka}/_category_.json (100%) rename docs/features/{Kafka => kafka}/index.mdx (88%) rename docs/features/{aws-iam/Examples => kafka/tutorials}/_category_.json (63%) rename docs/features/{Kafka/Examples => kafka/tutorials}/k8s-kafka-mapping.mdx (100%) rename docs/features/{Kafka/Examples => kafka/tutorials}/k8s-kafka-mtls-cert-manager.mdx (100%) rename docs/features/{Kafka/Examples => kafka/tutorials}/k8s-kafka-mtls.mdx (100%) rename docs/features/{Networking => networking}/Reference/Network-Policies-Deep-Dive.mdx (100%) rename docs/features/{Networking => networking}/Reference/README.mdx (100%) rename docs/features/{Networking => networking}/_category_.json (100%) rename docs/features/{Networking => networking}/index.mdx (84%) rename docs/features/{Networking/Examples => networking/tutorials}/_category_.json (63%) rename docs/features/{Networking/Examples => networking/tutorials}/aws-eks-cni-mini.mdx (100%) rename docs/features/{Networking/Examples => networking/tutorials}/k8s-network-mapper.mdx (100%) rename docs/features/{Networking/Examples => networking/tutorials}/k8s-network-policies.mdx (100%) rename docs/features/{Networking/Examples => networking/tutorials}/protect-1-service-network-policies.mdx (100%) delete mode 100644 docs/features/postgresql/Examples/_category_.json create mode 100644 docs/features/postgresql/tutorials/_category_.json rename docs/features/postgresql/{Examples => tutorials}/postgres.mdx (100%) delete mode 100644 docs/overview/README.mdx create mode 100644 docs/overview/index.mdx diff --git a/docs/features/aws-iam/index.mdx b/docs/features/aws-iam/index.mdx index b701f699b..aa44f0a4c 100644 --- a/docs/features/aws-iam/index.mdx +++ b/docs/features/aws-iam/index.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: AWS IAM +title: AWS IAM | Overview hide_table_of_contents: true hide_title: true --- @@ -15,7 +15,7 @@ In many workloads, EKS clusters must access external cloud resources such as dat ### How does it work -To follow along with a full example, take a look at [Automate AWS IAM for EKS](/features/aws-iam/Examples/aws-iam-eks) +To follow along with a full example, take a look at [Automate AWS IAM for EKS](/features/aws-iam/tutorials/aws-iam-eks) 1. First, the EKS cluster must have [Otterize installed](/overview/installation). 2. We must label the pod with `credentials-operator.otterize.com/create-aws-role: "true"` diff --git a/docs/features/Istio/Examples/_category_.json b/docs/features/aws-iam/tutorials/_category_.json similarity index 63% rename from docs/features/Istio/Examples/_category_.json rename to docs/features/aws-iam/tutorials/_category_.json index bbac434cd..bdfe77bf2 100644 --- a/docs/features/Istio/Examples/_category_.json +++ b/docs/features/aws-iam/tutorials/_category_.json @@ -1,5 +1,5 @@ { - "label": "Examples", + "label": "Tutorials", "position": 2, "collapsed": false } diff --git a/docs/features/aws-iam/Examples/aws-iam-eks.mdx b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx similarity index 100% rename from docs/features/aws-iam/Examples/aws-iam-eks.mdx rename to docs/features/aws-iam/tutorials/aws-iam-eks.mdx diff --git a/docs/features/Istio/Reference.mdx b/docs/features/istio/Reference.mdx similarity index 100% rename from docs/features/Istio/Reference.mdx rename to docs/features/istio/Reference.mdx diff --git a/docs/features/Istio/_category_.json b/docs/features/istio/_category_.json similarity index 100% rename from docs/features/Istio/_category_.json rename to docs/features/istio/_category_.json diff --git a/docs/features/Istio/index.mdx b/docs/features/istio/index.mdx similarity index 100% rename from docs/features/Istio/index.mdx rename to docs/features/istio/index.mdx diff --git a/docs/features/Kafka/Examples/_category_.json b/docs/features/istio/tutorials/_category_.json similarity index 63% rename from docs/features/Kafka/Examples/_category_.json rename to docs/features/istio/tutorials/_category_.json index bbac434cd..bdfe77bf2 100644 --- a/docs/features/Kafka/Examples/_category_.json +++ b/docs/features/istio/tutorials/_category_.json @@ -1,5 +1,5 @@ { - "label": "Examples", + "label": "Tutorials", "position": 2, "collapsed": false } diff --git a/docs/features/Istio/Examples/k8s-istio-authorization-policies.mdx b/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx similarity index 100% rename from docs/features/Istio/Examples/k8s-istio-authorization-policies.mdx rename to docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx diff --git a/docs/features/Istio/Examples/k8s-istio-watcher.mdx b/docs/features/istio/tutorials/k8s-istio-watcher.mdx similarity index 100% rename from docs/features/Istio/Examples/k8s-istio-watcher.mdx rename to docs/features/istio/tutorials/k8s-istio-watcher.mdx diff --git a/docs/features/Kafka/Reference.mdx b/docs/features/kafka/Reference.mdx similarity index 100% rename from docs/features/Kafka/Reference.mdx rename to docs/features/kafka/Reference.mdx diff --git a/docs/features/Kafka/_category_.json b/docs/features/kafka/_category_.json similarity index 100% rename from docs/features/Kafka/_category_.json rename to docs/features/kafka/_category_.json diff --git a/docs/features/Kafka/index.mdx b/docs/features/kafka/index.mdx similarity index 88% rename from docs/features/Kafka/index.mdx rename to docs/features/kafka/index.mdx index 233c9b134..46a1caf45 100644 --- a/docs/features/Kafka/index.mdx +++ b/docs/features/kafka/index.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: Kafka +title: Kafka | Overview hide_table_of_contents: true hide_title: true --- @@ -11,17 +11,17 @@ export const kafka_tutorials = [ { title: 'Kafka topic-level access mapping', description: 'View Kafka network connections', - url: '/features/Kafka/Examples/k8s-kafka-mapping' + url: '/features/Kafka/tutorials/k8s-kafka-mapping' }, { title: 'Kafka access automation using Otterize Cloud mTLS', description: 'Manage access to Kafka topics with Otterize Cloud mTLS', - url: '/features/Kafka/Examples/k8s-kafka-mtls' + url: '/features/Kafka/tutorials/k8s-kafka-mtls' }, { title: 'Kafka access automation using cert-manager mTLS', description: 'Manage access to Kafka topics with a cert-manager', - url: '/features/Kafka/Examples/k8s-kafka-mtls-cert-manager' + url: '/features/Kafka/tutorials/k8s-kafka-mtls-cert-manager' } ]; @@ -63,7 +63,7 @@ spec: ``` -3. Once that is complete, the Kafka broker and it's clients require mTLS credentials, which they can receive from Otterize or through a [cert-manager](/features/Kafka/Examples/k8s-kafka-mtls-cert-manager). This requires a annotation to inform Otterize to generate the credentials and volume mount to store them. To orchestrate this, see the example deployment below: +3. Once that is complete, the Kafka broker and it's clients require mTLS credentials, which they can receive from Otterize or through a [cert-manager](/features/Kafka/tutorials/k8s-kafka-mtls-cert-manager). This requires a annotation to inform Otterize to generate the credentials and volume mount to store them. To orchestrate this, see the example deployment below: ```yaml spec: diff --git a/docs/features/aws-iam/Examples/_category_.json b/docs/features/kafka/tutorials/_category_.json similarity index 63% rename from docs/features/aws-iam/Examples/_category_.json rename to docs/features/kafka/tutorials/_category_.json index bbac434cd..bdfe77bf2 100644 --- a/docs/features/aws-iam/Examples/_category_.json +++ b/docs/features/kafka/tutorials/_category_.json @@ -1,5 +1,5 @@ { - "label": "Examples", + "label": "Tutorials", "position": 2, "collapsed": false } diff --git a/docs/features/Kafka/Examples/k8s-kafka-mapping.mdx b/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx similarity index 100% rename from docs/features/Kafka/Examples/k8s-kafka-mapping.mdx rename to docs/features/kafka/tutorials/k8s-kafka-mapping.mdx diff --git a/docs/features/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx b/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx similarity index 100% rename from docs/features/Kafka/Examples/k8s-kafka-mtls-cert-manager.mdx rename to docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx diff --git a/docs/features/Kafka/Examples/k8s-kafka-mtls.mdx b/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx similarity index 100% rename from docs/features/Kafka/Examples/k8s-kafka-mtls.mdx rename to docs/features/kafka/tutorials/k8s-kafka-mtls.mdx diff --git a/docs/features/Networking/Reference/Network-Policies-Deep-Dive.mdx b/docs/features/networking/Reference/Network-Policies-Deep-Dive.mdx similarity index 100% rename from docs/features/Networking/Reference/Network-Policies-Deep-Dive.mdx rename to docs/features/networking/Reference/Network-Policies-Deep-Dive.mdx diff --git a/docs/features/Networking/Reference/README.mdx b/docs/features/networking/Reference/README.mdx similarity index 100% rename from docs/features/Networking/Reference/README.mdx rename to docs/features/networking/Reference/README.mdx diff --git a/docs/features/Networking/_category_.json b/docs/features/networking/_category_.json similarity index 100% rename from docs/features/Networking/_category_.json rename to docs/features/networking/_category_.json diff --git a/docs/features/Networking/index.mdx b/docs/features/networking/index.mdx similarity index 84% rename from docs/features/Networking/index.mdx rename to docs/features/networking/index.mdx index 7dcc80a9b..21522b9b9 100644 --- a/docs/features/Networking/index.mdx +++ b/docs/features/networking/index.mdx @@ -1,25 +1,30 @@ --- sidebar_position: 1 -title: Networking +title: Networking | Overview hide_title: true --- import DocsLinkCard from "@site/src/components/LinkCard"; export const network_access_tutorials = [ { + title: 'Visualizing a Kubernetes Network', + description: 'Map network traffic in a cluster and view the connections', + url: '/features/Networking/tutorials/k8s-network-mapper' + }, +{ title: 'Create and manage network policies', description: 'Create Kubernetes network policies using IBAC', - url: '/features/Networking/Examples/k8s-network-policies' + url: '/features/Networking/tutorials/k8s-network-policies' }, { title: 'Protecting a service with network policies', description: 'An example on how to secure a single service', - url: '/features/Networking/Examples/protect-1-service-network-policies' + url: '/features/Networking/tutorials/protect-1-service-network-policies' }, { title: 'AWS EKS network policies with the VPC CNI', description: 'Leverage AWS VPC CNI to apply network policies in EKS', - url: '/features/Networking/Examples/aws-eks-cni-mini' + url: '/features/Networking/tutorials/aws-eks-cni-mini' } ]; @@ -32,7 +37,7 @@ You can use Otterize to understand, visualize, and manage access for Kubernetes After installation, Otterize collects network traffic data in memory, creating a graph of relationships between pod-to-pod and pod-to-public internet traffic. Once the graph is in place, the data can be exported or viewed in various ways. Otterize Cloud users can see and interact with the graph structures within the Otterize application. OSS users can use the CLI tool to export the data into JSON, list the relationship, or generate IBAC policies reflecting the existing traffic. -To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/Networking/Examples/k8s-network-mapper) +To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/Networking/tutorials/k8s-network-mapper) ### Access Control diff --git a/docs/features/Networking/Examples/_category_.json b/docs/features/networking/tutorials/_category_.json similarity index 63% rename from docs/features/Networking/Examples/_category_.json rename to docs/features/networking/tutorials/_category_.json index bbac434cd..bdfe77bf2 100644 --- a/docs/features/Networking/Examples/_category_.json +++ b/docs/features/networking/tutorials/_category_.json @@ -1,5 +1,5 @@ { - "label": "Examples", + "label": "Tutorials", "position": 2, "collapsed": false } diff --git a/docs/features/Networking/Examples/aws-eks-cni-mini.mdx b/docs/features/networking/tutorials/aws-eks-cni-mini.mdx similarity index 100% rename from docs/features/Networking/Examples/aws-eks-cni-mini.mdx rename to docs/features/networking/tutorials/aws-eks-cni-mini.mdx diff --git a/docs/features/Networking/Examples/k8s-network-mapper.mdx b/docs/features/networking/tutorials/k8s-network-mapper.mdx similarity index 100% rename from docs/features/Networking/Examples/k8s-network-mapper.mdx rename to docs/features/networking/tutorials/k8s-network-mapper.mdx diff --git a/docs/features/Networking/Examples/k8s-network-policies.mdx b/docs/features/networking/tutorials/k8s-network-policies.mdx similarity index 100% rename from docs/features/Networking/Examples/k8s-network-policies.mdx rename to docs/features/networking/tutorials/k8s-network-policies.mdx diff --git a/docs/features/Networking/Examples/protect-1-service-network-policies.mdx b/docs/features/networking/tutorials/protect-1-service-network-policies.mdx similarity index 100% rename from docs/features/Networking/Examples/protect-1-service-network-policies.mdx rename to docs/features/networking/tutorials/protect-1-service-network-policies.mdx diff --git a/docs/features/postgresql/Examples/_category_.json b/docs/features/postgresql/Examples/_category_.json deleted file mode 100644 index bbac434cd..000000000 --- a/docs/features/postgresql/Examples/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Examples", - "position": 2, - "collapsed": false -} diff --git a/docs/features/postgresql/index.mdx b/docs/features/postgresql/index.mdx index fe872752f..76ff7b306 100644 --- a/docs/features/postgresql/index.mdx +++ b/docs/features/postgresql/index.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: PostgreSQL +title: PostgreSQL | Overview hide_title: true --- diff --git a/docs/features/postgresql/tutorials/_category_.json b/docs/features/postgresql/tutorials/_category_.json new file mode 100644 index 000000000..bdfe77bf2 --- /dev/null +++ b/docs/features/postgresql/tutorials/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Tutorials", + "position": 2, + "collapsed": false +} diff --git a/docs/features/postgresql/Examples/postgres.mdx b/docs/features/postgresql/tutorials/postgres.mdx similarity index 100% rename from docs/features/postgresql/Examples/postgres.mdx rename to docs/features/postgresql/tutorials/postgres.mdx diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index 5436707d2..39db62b50 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -9,6 +9,7 @@ export const introduction = [ { title: 'What is Otterize', description: 'Learn how Otterize helps visualize and manages your authorization', + url: `/overview/intro` }, { title: 'Intent-Based Access Control', @@ -49,22 +50,22 @@ export const tutorials_access = [ { title: 'Create and manage network policies', description: 'Create Kubernetes network policies using IBAC', - url: '/features/Networking/Examples/k8s-network-policies' + url: '/features/networking/tutorials/k8s-network-policies' }, { title: 'Network policies on AWS EKS', description: 'Jump start network policies using AWS EKS and VPC CNI', - url: '/features/Networking/Examples/aws-eks-cni-mini' + url: '/features/networking/tutorials/aws-eks-cni-mini' }, { title: 'Create and manage Istio authorization policies', description: 'Using Istio and IBAC to secure your K8s cluster', - url: '/features/Istio/Examples/k8s-istio-authorization-policies' + url: '/features/istio/tutorials/k8s-istio-authorization-policies' }, { title: 'Configure secure access for Kafka using Otterize Cloud mTLS', description: 'Declaring and applying intents to easily secure access to Kafka', - url: '/features/Kafka/Examples/k8s-kafka-mtls-cert-manager' + url: '/features/kafka/tutorials/k8s-kafka-mtls-cert-manager' } ]; @@ -72,23 +73,23 @@ export const tutorials_visualization = [ { title: 'Network mapping a Kubernetes cluster', description: 'Map pod-to-pod traffic within your K8s cluster', - url: '/features/Networking/Examples/k8s-network-mapper' + url: '/features/networking/tutorials/k8s-network-mapper' }, { title: 'Istio HTTP-level access mapping', description: 'The network mapper allows you to map pod-to-pod Istio traffic', - url: '/features/Istio/Examples/k8s-istio-watcher' + url: '/features/istio/tutorials/k8s-istio-watcher' }, { title: 'Kafka topic-level access mapping', description: 'View topic-level access to Kafka servers within your Kubernetes cluster', - url: 'features/Kafka/Examples/k8s-kafka-mapping' + url: 'features/kafka/tutorials/k8s-kafka-mapping' } ]; export const editions = [ { - title: 'Community Edition', + title: 'Open Source', description: 'Our open source edition focuses on a single Kubernetes cluster. ', url: '/overview/otterize-oss' }, diff --git a/docs/overview/README.mdx b/docs/overview/README.mdx deleted file mode 100644 index 7e4dcc2d8..000000000 --- a/docs/overview/README.mdx +++ /dev/null @@ -1,4 +0,0 @@ ---- -sidebar_position: 1 -title: Overview ---- \ No newline at end of file diff --git a/docs/overview/index.mdx b/docs/overview/index.mdx new file mode 100644 index 000000000..00f5204dc --- /dev/null +++ b/docs/overview/index.mdx @@ -0,0 +1,31 @@ +--- +sidebar_position: 1 +title: Intro +hide_title: true +--- + +# Overview + +Otterize is a declarative and zero-trust approach to access management that empowers you to streamline workload IAM while ensuring maximum security. + +## How does Otterize work? + +Otterize integrates into your Kubernetes clusters using a Helm chart that deploys some core [open-source components](https://github.com/otterize/), including the network mapper, intents-operator, and credential-operator. These components work in tandem to identify and secure access. Learn more about these components below. + +### Network mapper + +The network mapper is a zero-config open-source tool that provides insights into your network traffic without modifying your code or adding additional layers. Once Otterize is installed, the network monitor will automatically inspect pod traffic, including tariff from pod-to-pod, pod-to-public internet egress, Istio Envoy sidecar, pod-to-Kafka topics, and more to follow. This data is then collected in an in-memory database for various uses, including exporting and viewing. + +For more information, visit the [network mapper repository](https://github.com/otterize/network-mapper#about) + +### Credential operator + +Once Otterize is installed into a cluster, it [resolves a service name](https://github.com/otterize/credentials-operator#service-name-resolution-and-automatic-pod-labeling) for each pod and registers it with either Otterize Cloud or a SPIRE server. Once registered, pods can use the credential operator to generate various secrets/credentials for mTLS or credential-based access to services like PostgreSQL, Kafka, or other connections. + +For more information, visit the [credential operator repository](https://github.com/otterize/credentials-operator#about) + +### Intents operator + +The Otterize intents operator is a tool to network and service access policy creation straightforward. The intents operator uses a declarative policy syntax called Intent-Based Access Control (IBAC) to connect services. IBAC policies allow you to specify a caller and the type of access they should be provided. The intents operator then generates and applies the appropriate service-specific policy (IAM, ACL, NetworkPolicy, etc) to enable that defined access. + +For more information, visit the [intents operator repository](https://github.com/otterize/intents-operator#about) diff --git a/docs/overview/installation/README.mdx b/docs/overview/installation/README.mdx index 503ea7a3b..8c41a55dc 100644 --- a/docs/overview/installation/README.mdx +++ b/docs/overview/installation/README.mdx @@ -1,5 +1,5 @@ --- -sidebar_position: 1 +sidebar_position: 2 title: Installation --- import Tabs from '@theme/Tabs'; diff --git a/docs/reference/configuration/intents-operator/README.mdx b/docs/reference/configuration/intents-operator/README.mdx index 61e64358a..69279eac3 100644 --- a/docs/reference/configuration/intents-operator/README.mdx +++ b/docs/reference/configuration/intents-operator/README.mdx @@ -78,7 +78,7 @@ it is attempting to read, so the end result is that the topic ACLs determine act ### PostgreSQL users & access The intents operator automatically creates, and updates credentials in PostgreSQL databases according to the declared intents. It works together with the Otterize credentials operator to easily enable secure access to PostgreSQL from client pods, all in your Kubernetes cluster. -Try the [Just-in-time PostgreSQL users & access](/features/postgresql/Examples/postgresql) tutorial to learn more. +Try the [Just-in-time PostgreSQL users & access](/features/postgresql/tutorials/postgresql) tutorial to learn more. ### Istio AuthorizationPolicy The intents operator automatically creates, updates and deletes Istio authorization policies, automatically looks up service accounts for client pods and labels server pods, to reflect precisely the client-to-server calls declared in client intents files. diff --git a/docusaurus.config.js b/docusaurus.config.js index b99c0badf..700a12307 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -150,7 +150,7 @@ const config = { }, { from: ['/reference/access-controls/network-policies'], - to: '/features/Networking/Reference/Network-Policies-Deep-Dive' + to: '/features/networking/Reference/Network-Policies-Deep-Dive' }, { from: ['/shadow-vs-active-enforcement'], @@ -184,39 +184,39 @@ const config = { }, { from: ['/guides/protect-1-service-network-policies'], - to: '/features/Networking/Examples/protect-1-service-network-policies' + to: '/features/networking/tutorials/protect-1-service-network-policies' }, { from: ['/quick-tutorials/k8s-kafka-mtls', '/quickstart/access-control/k8s-kafka-mtls'], - to: '/features/Kafka/Examples/k8s-kafka-mtls', + to: '/features/kafka/tutorials/k8s-kafka-mtls', }, { from: ['/quick-tutorials/aws-eks-cni-mini','/quickstart/access-control/aws-eks-cni-mini'], - to: '/features/Networking/Examples/aws-eks-cni-mini', + to: '/features/networking/tutorials/aws-eks-cni-mini', }, { from: ['/quick-tutorials/k8s-kafka-mtls-cert-manager', '/quickstart/access-control/k8s-kafka-mtls-cert-manager'], - to: '/features/Kafka/Examples/k8s-kafka-mtls-cert-manager', + to: '/features/kafka/tutorials/k8s-kafka-mtls-cert-manager', }, { from: ['/quick-tutorials/k8s-istio-watcher', '/quickstart/visualization/k8s-istio-watcher'], - to: '/features/Istio/Examples/k8s-istio-watcher', + to: '/features/istio/tutorials/k8s-istio-watcher', }, { from: ['/quick-visual-tutorials/visual-ibac-istio-authorization-policies','/quickstart/access-control/k8s-istio-authorization-policies', '/quickstart/k8s-istio-authorization-policies'], - to: '/features/Istio/Examples/k8s-istio-authorization-policies', + to: '/features/istio/tutorials/k8s-istio-authorization-policies', }, { from: ['/quick-visual-tutorials/visual-ibac-kafka-k8s'], - to: '/features/Kafka/Examples/k8s-kafka-mapping', + to: '/features/kafka/tutorials/k8s-kafka-mapping', }, { from: ['/quick-visual-tutorials/visual-ibac-network-policies', '/quick-tutorials/k8s-network-policies', '/quickstart/access-control/k8s-network-policies'], - to: '/features/Networking/Examples/k8s-network-policies', + to: '/features/networking/tutorials/k8s-network-policies', }, { from: ['/quick-visual-tutorials/visual-k8s-cluster-mapping', '/quickstart/visualization/k8s-network-mapper', '/quick-tutorials/k8s-network-mapper'], - to: '/features/Networking/Examples/k8s-network-mapper', + to: '/features/networking/tutorials/k8s-network-mapper', }, // Redirect from multiple old paths to the new path // { From ed435f9d00d9b961e741ec030e0b8df3a2e6391e Mon Sep 17 00:00:00 2001 From: bglynn Date: Tue, 30 Jan 2024 13:34:45 -0800 Subject: [PATCH 07/24] * Added a smaller more value-add IBAC page. * Updates to tutorials * Removed Otterize Cloud / Object model and added items to the terminology instead * Removed logos with names --- docs/features/README.mdx | 2 +- docs/features/aws-iam/index.mdx | 4 +- .../aws-iam/{Reference.mdx => reference.mdx} | 6 +- .../aws-iam/tutorials/aws-iam-eks.mdx | 6 +- docs/features/istio/_category_.json | 2 +- .../istio/{Reference.mdx => reference.mdx} | 6 +- .../k8s-istio-authorization-policies.mdx | 49 ++---- .../istio/tutorials/k8s-istio-watcher.mdx | 71 ++------ docs/features/kafka/_category_.json | 2 +- .../kafka/{Reference.mdx => reference.mdx} | 26 ++- .../kafka/tutorials/k8s-kafka-mapping.mdx | 62 +------ .../tutorials/k8s-kafka-mtls-cert-manager.mdx | 77 +++----- .../kafka/tutorials/k8s-kafka-mtls.mdx | 50 ++---- docs/features/networking/index.mdx | 4 +- .../Network-Policies-Deep-Dive.mdx | 0 .../{Reference => reference}/README.mdx | 19 +- .../networking/tutorials/aws-eks-cni-mini.mdx | 45 +---- .../tutorials/k8s-network-mapper.mdx | 75 ++------ .../tutorials/k8s-network-policies.mdx | 47 +---- .../protect-1-service-network-policies.mdx | 165 ++++++++---------- docs/features/postgresql/_category_.json | 2 +- .../{Reference.mdx => reference.mdx} | 2 +- docs/getting-started/README.mdx | 12 +- docs/getting-started/_category_.json | 2 +- docs/overview/intent-based-access-control.mdx | 95 +++------- docs/overview/otterize-cloud/object-model.mdx | 44 ----- docs/overview/otterize-oss/README.mdx | 14 -- docs/reference/terminology/README.mdx | 12 ++ docusaurus.config.js | 4 +- src/components/LinkCard/index.js | 2 +- static/img/icons/Postgresql-no-word-mark.svg | 22 +++ static/img/icons/istio-no-word-mark.svg | 1 + static/img/icons/kafka-no-word-mark.svg | 16 ++ 33 files changed, 308 insertions(+), 638 deletions(-) rename docs/features/aws-iam/{Reference.mdx => reference.mdx} (94%) rename docs/features/istio/{Reference.mdx => reference.mdx} (89%) rename docs/features/kafka/{Reference.mdx => reference.mdx} (74%) rename docs/features/networking/{Reference => reference}/Network-Policies-Deep-Dive.mdx (100%) rename docs/features/networking/{Reference => reference}/README.mdx (93%) rename docs/features/postgresql/{Reference.mdx => reference.mdx} (95%) delete mode 100644 docs/overview/otterize-cloud/object-model.mdx create mode 100644 static/img/icons/Postgresql-no-word-mark.svg create mode 100644 static/img/icons/istio-no-word-mark.svg create mode 100644 static/img/icons/kafka-no-word-mark.svg diff --git a/docs/features/README.mdx b/docs/features/README.mdx index 28c41d948..e017bc711 100644 --- a/docs/features/README.mdx +++ b/docs/features/README.mdx @@ -17,7 +17,7 @@ export default function FeatureCards() { console.log(JSON.stringify(features)); return (
-

Features

+

Features

Otterize makes it easy to create and visualize authorization for your Kubernetes clusters across a variety of diff --git a/docs/features/aws-iam/index.mdx b/docs/features/aws-iam/index.mdx index aa44f0a4c..7d4bd288f 100644 --- a/docs/features/aws-iam/index.mdx +++ b/docs/features/aws-iam/index.mdx @@ -20,7 +20,7 @@ To follow along with a full example, take a look at [Automate AWS IAM for EKS](/ 1. First, the EKS cluster must have [Otterize installed](/overview/installation). 2. We must label the pod with `credentials-operator.otterize.com/create-aws-role: "true"` 3. Once that is complete, Otterize’s credential operator will create a role and an `AssumeRolePolicy` bound to ServiceAccount. -4. At this point, the role does not have the ability to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an S3 bucket. View the [reference](/features/aws-iam/Reference) to learn more about the AWS IAM Client Intent syntax. +4. At this point, the role does not have the ability to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an S3 bucket. View the [reference](/features/aws-iam/reference) to learn more about the AWS IAM Client Intent syntax. 5. Once the intent is applied, a new policy will be attached to the service’s role with the appropriate access. ```yaml @@ -39,7 +39,7 @@ spec: - "s3:GetObject" ``` -### Coming Soon +### Coming soon Building least-privilege access can be difficult. Many actions have dependent actions, or services can require a lot of access to perform their functions. To help reduce this burden, Otterize will provide automated ClientIntents based on the actions your service actually requires by detecting the calls being made and converting them into the necessary YAML syntax. diff --git a/docs/features/aws-iam/Reference.mdx b/docs/features/aws-iam/reference.mdx similarity index 94% rename from docs/features/aws-iam/Reference.mdx rename to docs/features/aws-iam/reference.mdx index 6ad10583d..04ead9d00 100644 --- a/docs/features/aws-iam/Reference.mdx +++ b/docs/features/aws-iam/reference.mdx @@ -3,7 +3,7 @@ sidebar_position: 3 title: Reference --- -### ClientIntents Example (YAML) +### ClientIntents example (YAML) ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -36,10 +36,12 @@ spec: | `credentials-operator.otterize.com/create-aws-role` | By setting to **true** the credential operator will create an unique AWS Role for the associated pod | `false` | -### Helm Chart Options +### Helm Chart options | Key | Description | Default | |------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| | `global.aws.enabled` | Enable or disable AWS integration | `false` | | `global.aws.eksClusterNameOverride` | EKS cluster name (overrides auto-detection) | `(none)` | | `aws.roleARN` | ARN of the AWS role the operator will use to access AWS. By defeault, Otterize will create a unique role for each service an annotate the service with the role's ARN. | `(none)` | + +View the [helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file diff --git a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx index 94b8fd774..3c7565501 100644 --- a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx +++ b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx @@ -21,7 +21,7 @@ In this tutorial, we will: ## Prerequisites Already have Otterize deployed with the IAM integration configured on your cluster? [Skip to the tutorial.](#tutorial) -#### 1. Create an AWS EKS cluster +### 1. Create an AWS EKS cluster Before you start, you'll need an AWS EKS cluster. Any cluster will do; there are no special requirements or setup.

@@ -86,7 +86,7 @@ Don't forget to configure your kubeconfig for your cluster. If using the example aws eks update-kubeconfig --region us-west-2 --name otterize-iam-eks-tutorial ``` -#### 2. Deploy Otterize for AWS IAM +### 2. Deploy Otterize for AWS IAM To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and: 1. Create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. *Make sure to enable enforcement mode for this tutorial.* If you already have a Kubernetes cluster connected, skip this step. @@ -324,7 +324,7 @@ aws s3 ls $BUCKET_NAME 2023-11-17 20:42:55 19 testfile.3.txt ``` -## What's next? +### What's next? Try out some of the other quick tutorials to learn about how to use ClientIntents to manage network policies, Istio policies, PostgreSQL access, and more. You can use a single ClientIntents resource to specify all the access required for a pod. diff --git a/docs/features/istio/_category_.json b/docs/features/istio/_category_.json index 1768d992d..5807d8821 100644 --- a/docs/features/istio/_category_.json +++ b/docs/features/istio/_category_.json @@ -3,6 +3,6 @@ "position": 4, "collapsed": true, "customProps": { - "image": "/img/icons/istio.png" + "image": "/img/icons/istio-no-word-mark.svg" } } diff --git a/docs/features/istio/Reference.mdx b/docs/features/istio/reference.mdx similarity index 89% rename from docs/features/istio/Reference.mdx rename to docs/features/istio/reference.mdx index 4adb25e10..69131cd88 100644 --- a/docs/features/istio/Reference.mdx +++ b/docs/features/istio/reference.mdx @@ -3,7 +3,7 @@ sidebar_position: 3 title: Reference --- -### Client Intents (YAML) +### ClientIntents example (YAML) ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -23,7 +23,7 @@ spec: ``` -### Helm Chart Options +### Helm Chart options | Key | Description | Default | |---------------------------------|-----------------------------------------|--------------------------------| @@ -34,3 +34,5 @@ spec: | `istiowatcher.pullPolicy` | Istio watcher pull policy. | `(none)` | | `istiowatcher.pullSecrets` | Istio watcher pull secrets. | `(none)` | | `istiowatcher.resources` | Resources override. | `(none)` | + +View the [helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file diff --git a/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx b/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx index 4f26a65ef..a265c6520 100644 --- a/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx +++ b/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx @@ -24,44 +24,13 @@ In this tutorial, we will: ## Prerequisites -
-Prepare a Kubernetes cluster - -Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. - -{@include: ../../../_common/cluster-setup.md} - -
- -You can now install (or reinstall) Otterize in your cluster, and optionally connect to Otterize Cloud. Connecting to Cloud lets you: +Already have Otterize deployed with Istio configured on your cluster? Skip to the [tutorial](#tutorial). -1. See what's happening visually in your browser, through the "access graph"; +### 1. Deploy Otterize +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. -So either forego browser visualization and: - -
-Install Otterize in your cluster, without Otterize Cloud - -{@include: ../../../_common/install-otterize-istio-enabled.md} - -
-Or choose to include browser visualization and: - -
-Install Otterize in your cluster, with Otterize Cloud - -#### Create an Otterize Cloud account - -{@include: ../../../_common/create-account.md} - -#### Install Otterize OSS, connected to Otterize Cloud - -{@include: ../../../_common/install-otterize-from-cloud-with-istio-enforcement.md} - -
- -## Install and configure Istio +### 2. Install and configure Istio
Install Istio in the cluster via Helm @@ -91,7 +60,9 @@ e.g. in the access graph, but we can also use that information to automatically enforce them with Istio authorization policies. ::: -## Deploy the two clients and the server +## Tutorial + +### Deploy the two clients and the server Deploy a simple example consisting of `client` and `other-client` calling `nginx` over HTTP: @@ -99,7 +70,7 @@ Deploy a simple example consisting of `client` and `other-client` calling `nginx kubectl apply -n otterize-tutorial-istio -f ${ABSOLUTE_URL}/code-examples/istio-authorization-policies/all.yaml ``` -## Apply intents +### Apply intents We will now declare that the **client** intends to call the **server** at a particular HTTP path using a specific HTTP method. @@ -250,7 +221,7 @@ It's now clear what happened: Otterize did its job of both protecting the server _and_ allowing intended access. ::: -## What did we accomplish? +### What did we accomplish? - Controlling access through Istio authorization policies no longer means touching authorization policies at all. @@ -284,7 +255,7 @@ all the appropriate configuration was managed automatically behind the scenes. Try to create an intents file yourself for **client-other**, and apply it to allow this other client to call the server. ::: -## What's next +### What's next - Get started with the [Otterize network mapper for Istio](/quickstart/visualization/k8s-istio-watcher) to help you bootstrap intents files with HTTP resources for use in [intent-based access control (IBAC)](/intent-based-access-control). diff --git a/docs/features/istio/tutorials/k8s-istio-watcher.mdx b/docs/features/istio/tutorials/k8s-istio-watcher.mdx index 422daa522..d72e8495e 100644 --- a/docs/features/istio/tutorials/k8s-istio-watcher.mdx +++ b/docs/features/istio/tutorials/k8s-istio-watcher.mdx @@ -18,68 +18,19 @@ In this tutorial, we will: ## Prerequisites -
-Prepare a Kubernetes cluster - -Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. - -{@include: ../../../_common/cluster-setup.md} - -
+Already have Otterize deployed with Istio configured on your cluster? Skip to the [tutorial](#tutorial). -You can now install Otterize in your cluster, and optionally connect to Otterize Cloud. Connecting to Cloud lets you: +### 1. Deploy Otterize +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. -1. See what's happening visually in your browser, through the "access graph"; -So either forego browser visualization and: - -
-Install the Otterize network mapper in your cluster with the Istio watcher component enabled, and without Otterize Cloud - -{@include: ../../../_common/install-otterize-istio-watcher.md} - -
- -Or choose to include browser visualization and: - -
-Install Otterize in your cluster, with Otterize Cloud - -#### Create an Otterize Cloud account - -{@include: ../../../_common/create-account.md} - -#### Install Otterize OSS, connected to Otterize Cloud - -{@include: ../../../_common/install-otterize-from-cloud-with-enforcement-with-istiowatcher.md} - -
- -Finally, you'll need to install the Otterize CLI (if you haven't already) to interact with the network mapper: - -
-Install the Otterize CLI - -{@include: ../../../_common/install-otterize-cli.md} - -
- -## Install and configure Istio +### 2. Install and configure Istio
Install Istio in the cluster via Helm {@include: ../../../_common/install-istio.md} -
-
-Create a namespace for our demo application and label it for Istio injection - -```shell -kubectl create namespace otterize-tutorial-istio-mapping -kubectl label namespace otterize-tutorial-istio-mapping istio-injection=enabled -``` -
Add HTTP methods and request paths to Istio exported metrics @@ -103,16 +54,20 @@ e.g. in the access graph, but we can also use that information to automatically enforce them with Istio authorization policies. ::: -## Deploy demo to simulate traffic +## Tutorial + +### Deploy demo to simulate traffic -Let's add services and traffic to the cluster and see how the network mapper builds the map. +Let's create a namespace with istio enabled, and add services and traffic to the cluster and see how the network mapper builds the map. Deploy the following simple example — `client`, `client2` and `nginx`, communicating over HTTP: ```shell +kubectl create namespace otterize-tutorial-istio-mapping +kubectl label namespace otterize-tutorial-istio-mapping istio-injection=enabled kubectl apply -n otterize-tutorial-istio-mapping -f ${ABSOLUTE_URL}/code-examples/network-mapper/istio.yaml ``` -## Map the cluster +### Map the cluster The Istio watcher component of the network mapper starts querying Envoy sidecars for HTTP connections and builds an in-memory network map as soon as it's installed. The Otterize CLI allows you to interact with the network mapper to @@ -144,7 +99,7 @@ The access graph reveals several types of information and insights, such as: 3. Filtering the map to include recently-seen traffic, since some date in the past. That way you can eliminate calls that are no longer relevant, without having to reset the network mapper and start building a new map. 4. Showing more specifics about access, if the intents operator is also connected: understand which services are protected or would be protected, and which client calls are being blocked or would be blocked. We'll see more of that in the Istio AuthorizationPolicy tutorial. -## What's next +### What's next The network mapper is a great way to bootstrap IBAC. It generates client intents files that reflect the current topology of your services; those can then be used by each client team to grant them easy @@ -157,7 +112,7 @@ Where to go next? - If you haven't already, see the [automate network policies tutorial](/quickstart/access-control/k8s-network-policies). - Or go to the next tutorial to [automate secure access for Kafka](/quickstart/access-control/k8s-kafka-mtls). -### Teardown +## Teardown To remove Istio and the deployed examples run: diff --git a/docs/features/kafka/_category_.json b/docs/features/kafka/_category_.json index 671f785b5..f48b40857 100644 --- a/docs/features/kafka/_category_.json +++ b/docs/features/kafka/_category_.json @@ -3,7 +3,7 @@ "position": 3, "collapsed": true, "customProps": { - "image": "/img/icons/kafka.png", + "image": "/img/icons/kafka-no-word-mark.svg", "cloud-only": "true" } } diff --git a/docs/features/kafka/Reference.mdx b/docs/features/kafka/reference.mdx similarity index 74% rename from docs/features/kafka/Reference.mdx rename to docs/features/kafka/reference.mdx index 8bbbbdb09..42fce1a56 100644 --- a/docs/features/kafka/Reference.mdx +++ b/docs/features/kafka/reference.mdx @@ -3,7 +3,7 @@ sidebar_position: 3 title: Reference --- -### KafkaServerConfig (YAML) +### KafkaServerConfig example (YAML) ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -13,11 +13,12 @@ metadata: namespace: kafka spec: service: - name: kafka #name of the Kafka service broker + # name of the Kafka service broker + name: kafka addr: kafka.kafka:9092 ``` -### ClientIntents (YAML) +### ClientIntents example (YAML) ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -27,18 +28,23 @@ metadata: namespace: otterize-tutorial-kafka-mtls spec: service: - name: client # The service requiring access to a topic + # The service requiring access to a topic + name: client calls: - - name: kafka.kafka # name of the Kafka service broker + # name of the Kafka service broker + - name: kafka.kafka type: kafka kafkaTopics: - - name: mytopic # Topic name - operations: [ produce,describe,consume ] # ACL Operations like alter, delete, all, etc - - name: transactions # Multiple topics can be added + # Topic name + - name: mytopic + # ACL Operations including alter, delete, all, etc + operations: [ produce,describe,consume ] + # Multiple topics can be added + - name: transactions operations: [ produce,describe,consume ] ``` -### Helm Chart Options +### Helm Chart options | Key | Description | Default | |---------------------------------|-------------------------------------------------------------|--------------------------------| @@ -50,3 +56,5 @@ spec: | `kafkawatcher.pullSecrets` | Kafka watcher pull secrets. | `(none)` | | `kafkawatcher.resources` | Resources override. | `(none)` | | `kafkawatcher.kafkaServers` | Kafka servers to watch, specified as `pod.namespace` items. | `(none)` | + +View the [helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file diff --git a/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx b/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx index 56ad8433f..0276ff82e 100644 --- a/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx +++ b/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx @@ -19,58 +19,12 @@ We will **not** be doing any access control in this demo, just purely mapping cl ## Prerequisites -
-Prepare a Kubernetes cluster - -Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. - -{@include: ../../../_common/cluster-setup.md} - -
- -You can now install Otterize in your cluster, and optionally connect to Otterize Cloud. Connecting to Cloud lets you -see what's happening visually in your browser, through the "access graph". - -So either forego browser visualization and: - -
-Install Otterize in your cluster with the Kafka watcher component enabled, without Otterize Cloud - -``` -helm repo add otterize https://helm.otterize.com -helm repo update -helm install otterize otterize/network-mapper -n otterize-system --create-namespace \ ---set kafkawatcher.enable=true \ ---set kafkawatcher.kafkaServers={"kafka-0.kafka"} -``` - -
+Already have Otterize & a Kafka broker deployed on your cluster? Skip to the [tutorial](#tutorial). -Or choose to include browser visualization and: +### 1. Deploy Otterize +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. -
-Install Otterize in your cluster, with Otterize Cloud - -#### Create an Otterize Cloud account - -{@include: ../../../_common/create-account.md} - -#### Install Otterize OSS, connected to Otterize Cloud - -{@include: ../../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher.md} - -
- -Finally, you'll need to install the Otterize CLI (if you haven't already) to interact with the network mapper: - -
-Install the Otterize CLI - -{@include: ../../../_common/install-otterize-cli.md} - -
- -## Install Kafka +### 2. Install Kafka We will deploy a Kafka broker using Bitnami's [Helm chart](https://github.com/bitnami/charts/tree/master/bitnami/kafka). In the chart we will configure Kafka to: @@ -96,7 +50,9 @@ helm install --create-namespace -n kafka \ -f ${ABSOLUTE_URL}/code-examples/kafka-mapping/helm/values.yaml kafka bitnami/kafka --version 21.4.4 ``` -## Deploy demo to simulate traffic +## Tutorial + +### Deploy demo to simulate traffic Let's add a few services that will access our Kafka server, and see how the network mapper builds the access map: @@ -142,7 +98,7 @@ Only the arrows between the clients and the Kafka are green, because we've selec Clicking on a specific arrow between a client and the broker reveals which topic and operations are being accessed. -## What did we accomplish? +### What did we accomplish? Enabling the Kafka watcher component of the network mapper shows which clients connect to running Kafka servers, the topics they access, and the operations they undertake on those topics. @@ -152,7 +108,7 @@ You can consume this information in various ways: - [Via the CLI](/reference/cli): from the network mapper directly or the cloud. - [Via the API](https://app.otterize.com/api/rest/v1beta). -## What's next +### What's next - Try our [secure access for Kafka](/quickstart/access-control/k8s-kafka-mtls) tutorial diff --git a/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx b/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx index 8bd74c7dd..1a4d1b13f 100644 --- a/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx +++ b/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx @@ -22,20 +22,9 @@ In this tutorial, we will: ## Prerequisites -### Prepare a Kubernetes cluster +### 1.Install cert-manager and configure a CA issuer -
-Expand for cluster setup instructions - -Before you start, you'll need a Kubernetes cluster. - -{@include: ../../../_common/cluster-setup.md} - -
- -### Install cert-manager and configure a CA issuer - -#### Install cert-manager +##### Install cert-manager Use the following command or [follow cert-manager's installation guide for different setups](https://cert-manager.io/docs/installation/): @@ -43,7 +32,7 @@ Use the following command or [follow cert-manager's installation guide for diffe kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml ``` -#### Set up a CA (Certificate Authority) `ClusterIssuer` +##### Set up a CA (Certificate Authority) `ClusterIssuer` :::caution This tutorial uses the built-in and easy-to-setup `CA` Issuer type so that the tutorial is easy to run, but you should not use this issuer as-is in production. Instead, consider using one of the other issuers, such as a Venafi or Vault issuer. [Read more about CA issuers in the cert-manager documentation](https://cert-manager.io/docs/configuration/ca/). @@ -61,50 +50,26 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls-cert-manager/clusteris You may have to wait for `cert-manager` to start successfully before you are able to deploy the `ClusterIssuer`. -### Install Otterize - -You can now install Otterize in your cluster, and connect to Otterize Cloud. Connecting to Cloud lets you: - -1. See what's happening visually in your browser, through the "access graph"; -2. Generate certificates using the Otterize Cloud hosted service. If you prefer to generate certificates in-cluster, you can [follow the tutorial for cert-manager](/quickstart/access-control/k8s-kafka-mtls-cert-manager). - - - - - -{@include: ../../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher-and-cert-manager.md} - -#### Configure the access graph in Otterize Cloud to only show Kafka authorization status +### 2. Install Otterize -You want to make sure that under **Istio Policies** _Use in access graph_ is turned off and that under **Network Policies** _Use in access graph_ is also turned off. +Already have Otterize & a Kafka broker deployed on your cluster? Skip to the [tutorial](#tutorial). -Keep _Use in access graph_ **on** under **Kafka ACLs** so that the access graph only shows the authorization status for Kafka ACLs. +#### Deploy Otterize +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. -![Make sure access graph is configured correctly](/img/quick-tutorials/k8s-kafka-mtls-cert-mgr//cloud-settings.png) - - - - -To install without connecting to Otterize Cloud and no access graph, run the following command: - -```shell -helm repo add otterize https://helm.otterize.com -helm repo update - -helm upgrade --install otterize otterize/otterize-kubernetes -n otterize-system --create-namespace \ ---set intentsOperator.operator.mode=defaultShadow \ ---set global.deployment.credentialsOperator=true \ ---set global.certificateProvider=cert-manager \ ---set credentialsOperator.certManager.issuerName=ca-issuer \ +##### Note: +* Under mTLS and Kafka support choose **cert-manager**. +* Copy the Helm command and add the following flags: +```bash --set intentsOperator.operator.enableNetworkPolicyCreation=false \ --set networkMapper.kafkawatcher.enable=true \ --set networkMapper.kafkawatcher.kafkaServers={"kafka-0.kafka"} ``` - - +Note that enforcement is disabled, we will enable it later. The configuration tab should look like this: + -## Install Kafka +### 3. Install Kafka We will deploy a Kafka broker using Bitnami's [Helm chart](https://github.com/bitnami/charts/tree/master/bitnami/kafka). In the chart we will configure Kafka to: @@ -135,7 +100,7 @@ helm install --create-namespace -n kafka \ You can watch for all pods to be `Ready` using `kubectl get pods -n kafka -w`. -## Configure Otterize to manage Kafka access +### 4. Configure Otterize to manage Kafka access In our simple example, we'll call the Kafka broker service simply "kafka". Let's tell Otterize how to connect to the Kafka broker by applying an Otterize `KafkaServerConfig`, naming it `kafka`. The name will be the name we later use to declare `ClientIntents`. @@ -148,7 +113,9 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls-cert-manager/kafkaserv {@include: ../../../../static/code-examples/kafka-mtls-cert-manager/kafkaserverconfig.yaml} ``` -## Deploy clients +## Tutorial + +### Deploy Clients Our simple example consists of two client pods: @@ -337,7 +304,7 @@ You can now browse to your account at [https://app.otterize.com](https://app.ott The access graph shows, through its green and orange lines linking the services, that no clients are currently blocked because we haven't enabled any sort of enforcement yet. The orange lines indicate that, since we have not declared any intents for these clients, they _would_ be blocked if we were to turn enforcement on. -## Apply intents +### Apply intents :::tip @@ -373,7 +340,7 @@ We can see what happened: 2. Calls from **[client-other]** are not declared (orange line). 3. Looking at the Kafka service, we can see that **[client]** has specific access configured (via Kafka ACLs) to perform `all` operations on the `mytopic` topic. -## Turn on protection +### Turn on protection At this point, we haven't actually protected our Kafka broker. From everything we've done so far, we can see, however, that if we were to turn on protection, the `client-other` would lose access to the broker. @@ -408,7 +375,7 @@ And if you look back at your access graph, you'll see that the Kafka broker is n ![Clients blocked](/img/quick-tutorials/k8s-kafka-mtls-cert-mgr//clients-blocked.png) -## What did we accomplish? +### What did we accomplish? - Controlling Kafka access no longer means touching ACLs, issuing and managing and distributing certs, establishing trust, etc. @@ -454,7 +421,7 @@ This was achieved by using the built-in Kafka ACL mechanism, which the intents o
-## What's next +### What's next - [Learn more about credentials-operator works with cert-manager](/reference/configuration/credentials-operator#cert-manager). - [Enable the credentials-operator `CertificateRequest` auto-approver](/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters) for production deployments of cert-manager where the default auto-approver is disabled. diff --git a/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx b/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx index f06e2d51d..61e86ff89 100644 --- a/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx +++ b/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx @@ -21,36 +21,23 @@ In this tutorial, we will: ## Prerequisites -### Prepare a Kubernetes cluster +Already have Otterize & a Kafka broker deployed on your cluster? Skip to the [tutorial](#tutorial). -
-Expand for cluster setup instructions - -Before you start, you'll need a Kubernetes cluster. - -{@include: ../../../_common/cluster-setup.md} - -
- -### Install Otterize - -You can now install Otterize in your cluster, and connect to Otterize Cloud. Connecting to Cloud lets you: +### 1. Deploy Otterize +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. -1. See what's happening visually in your browser, through the "access graph". -2. Generate certificates using the Otterize Cloud hosted service. If you prefer to generate certificates in-cluster, you can [follow the tutorial for cert-manager](/quickstart/access-control/k8s-kafka-mtls-cert-manager). - -#### Install Otterize OSS, connected to Otterize Cloud -{@include: ../../../_common/install-otterize-from-cloud-with-shadow-mode-and-kafka-watcher.md} - -#### Configure the access graph in Otterize Cloud to only show Kafka authorization status - -You want to make sure that under **Istio Policies** _Use in access graph_ is turned off and that under **Network Policies** _Use in access graph_ is also turned off. - -Keep _Use in access graph_ **on** under **Kafka ACLs** so that the access graph only shows the authorization status for Kafka ACLs. +##### Note: +* Under mTLS and Kafka support choose **Otterize Cloud**. +* Copy the Helm command and add the following flags: +```bash +--set intentsOperator.operator.enableNetworkPolicyCreation=false \ +--set networkMapper.kafkawatcher.enable=true \ +--set networkMapper.kafkawatcher.kafkaServers={"kafka-0.kafka"} +``` -![Make sure access graph is configured correctly](/img/quick-tutorials/k8s-kafka-mtls//cloud-settings.png) +Note that enforcement is disabled, we will enable it later. The configuration tab should look like this: -## Install Kafka +### 2. Install Kafka We will deploy a Kafka broker using Bitnami's [Helm chart](https://github.com/bitnami/charts/tree/master/bitnami/kafka). In the chart we will configure Kafka to: @@ -81,7 +68,7 @@ helm install --create-namespace -n kafka \ You can watch for all pods to be `Ready` using `kubectl get pods -n kafka -w`. -## Configure Otterize to manage Kafka access +### 3. Configure Otterize to manage Kafka access In our simple example, we'll call the Kafka broker service simply "kafka". Let's tell Otterize how to connect to the Kafka broker by applying an Otterize `KafkaServerConfig`, naming it `kafka`. The name will be the name we later use to declare `ClientIntents`. @@ -93,8 +80,9 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls/kafkaserverconfig.yaml ```yaml {@include: ../../../../static/code-examples/kafka-mtls/kafkaserverconfig.yaml} ``` +## Tutorial -## Deploy clients +### Deploy clients Our simple example consists of two client pods: @@ -248,7 +236,7 @@ You can now browse to your account at [https://app.otterize.com](https://app.ott The access graph shows, through its green and orange lines linking the services, that no clients are currently blocked because we haven't enabled any sort of enforcement yet. The orange lines indicate that, since we have not declared any intents for these clients, they _would_ be blocked if we were to turn enforcement on. -## Apply intents +### Apply intents :::tip @@ -286,7 +274,7 @@ We can see what happened: Also, the access graph shows information about the mTLS certificates (credentials) distributed to the various services, as long as [Cloud-managed credentials](/security#cryptographic-credentials) are being used. -## Turn on protection +### Turn on protection At this point, we haven't actually protected our Kafka broker. From everything we've done so far, we can see, however, that if we were to turn on protection, the `client-other` would lose access to the broker. @@ -321,7 +309,7 @@ And if you look back at your access graph, you'll see that the Kafka broker is n ![Clients blocked](/img/quick-tutorials/k8s-kafka-mtls/clients-blocked.png) -## What did we accomplish? +### What did we accomplish? - Controlling Kafka access no longer means touching ACLs, issuing and managing and distributing certs, establishing trust, etc. diff --git a/docs/features/networking/index.mdx b/docs/features/networking/index.mdx index 21522b9b9..9d76470ba 100644 --- a/docs/features/networking/index.mdx +++ b/docs/features/networking/index.mdx @@ -33,14 +33,14 @@ export const network_access_tutorials = [ ### About You can use Otterize to understand, visualize, and manage access for Kubernetes networks. Upon installation, Otterize inspects network traffic and builds an in-memory network map of connections. The network map can then be exported or viewed in various ways to understand the connections within your networks. With IBAC-based policies, Otterize becomes a control plane for your K8s networks. Mapped network traffic can autogenerate declarative intent-based access policies to create least privileged pod-to-pod access easily. -### Visualizing +### Mapping & visualizing After installation, Otterize collects network traffic data in memory, creating a graph of relationships between pod-to-pod and pod-to-public internet traffic. Once the graph is in place, the data can be exported or viewed in various ways. Otterize Cloud users can see and interact with the graph structures within the Otterize application. OSS users can use the CLI tool to export the data into JSON, list the relationship, or generate IBAC policies reflecting the existing traffic. To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/Networking/tutorials/k8s-network-mapper) -### Access Control +### Access control By default, Kubernetes pods allow all egress and ingress traffic. Kubernetes [NetworkPolicies](/reference/terminology#network-policies) provide `policyTypes` to restrict egress or ingress traffic, providing a more secure and compliant environment. Utilizing the in-memory tariff map, Otterize can automatically generate IBAC policies to reflect the current traffic flow within a cluster. Once the IBAC policies are submitted, Otterize will generate and apply the corresponding NetworkPolicies to your namespaces. diff --git a/docs/features/networking/Reference/Network-Policies-Deep-Dive.mdx b/docs/features/networking/reference/Network-Policies-Deep-Dive.mdx similarity index 100% rename from docs/features/networking/Reference/Network-Policies-Deep-Dive.mdx rename to docs/features/networking/reference/Network-Policies-Deep-Dive.mdx diff --git a/docs/features/networking/Reference/README.mdx b/docs/features/networking/reference/README.mdx similarity index 93% rename from docs/features/networking/Reference/README.mdx rename to docs/features/networking/reference/README.mdx index 4c7ae3fd0..3b239324d 100644 --- a/docs/features/networking/Reference/README.mdx +++ b/docs/features/networking/reference/README.mdx @@ -4,7 +4,7 @@ title: Reference hide_table_of_contents: true --- -### Client Intents (YAML) +### ClientIntents example (YAML) ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -14,13 +14,22 @@ metadata: namespace: otterize-example spec: service: - name: client #The name of the service initiating the connection + # The name of the service initiating the connection + name: client calls: - - name: server #The name of the service recieving the connection. Multiple names can be provided + # The name of the service receiving the connection. Multiple names can be provided + - name: server + # multiple services can be added + - name: orderservice + # Optional granular rules can be added like the HTTPResources options below. + type: http + HTTPResources: + - path: /orders/* + methods: [ get, post ] ``` -### Helm Chart Options +### Helm Chart options | Key | Description | Default | |-----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|---------| @@ -28,6 +37,8 @@ spec: | `operator.autoCreateNetworkPoliciesForExternalTraffic` | (deprecated, use `allowExternalTraffic` instead) Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | | `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | (deprecated, use `allowExternalTraffic` instead) **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | +View the [helm chart reference](/reference/configuration/otterize-chart) for all other options + ### Network mapper parameters All configurable parameters of the network mapper can be configured under the alias `networkMapper`. Further information about network mapper parameters can be found [in the network mapper's chart](https://github.com/otterize/helm-charts/tree/main/network-mapper). diff --git a/docs/features/networking/tutorials/aws-eks-cni-mini.mdx b/docs/features/networking/tutorials/aws-eks-cni-mini.mdx index 9e6ea6e55..5743fb857 100644 --- a/docs/features/networking/tutorials/aws-eks-cni-mini.mdx +++ b/docs/features/networking/tutorials/aws-eks-cni-mini.mdx @@ -17,7 +17,9 @@ This tutorial will walk you through deploying an AWS EKS cluster with the AWS VP - The [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html). - The [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) command-line tool. -## Step one: Create an AWS EKS cluster with the AWS VPC CNI plugin +## Tutorial + +### Step one: Create an AWS EKS cluster with the AWS VPC CNI plugin Before you start, you'll need an AWS Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) is required for this tutorial. @@ -75,44 +77,11 @@ eksctl create cluster -f cluster-config.yaml Once your AWS EKS has finished deploying the control pane and node group, the next step is deploying Otterize as well as a couple of clients and a server to see how they are affected by network policies. -## Step two: Install the Otterize agents +### Step two: Install the Otterize agents ### Install Otterize on your cluster -You can now install Otterize in your cluster, and optionally connect to Otterize Cloud. Connecting to Cloud lets you see what's happening visually in your browser, through the "access graph". - -So either forego browser visualization and: - -
-Install Otterize in your cluster, without Otterize Cloud - -{@include: ../../../_common/install-otterize.md} - -
- -Or choose to include browser visualization and: - -
-Install Otterize in your cluster, with Otterize Cloud - -#### Create an Otterize Cloud account - -{@include: ../../../_common/create-account.md} - -#### Install Otterize OSS, connected to Otterize Cloud - -{@include: ../../../_common/install-otterize-from-cloud.md} - -
- -Finally, you'll need to install the Otterize CLI (if you haven't already) to interact with the network mapper: - -
-Install the Otterize CLI - -{@include: ../../../_common/install-otterize-cli.md} - -
+To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. ### Deploy a server and two clients @@ -126,7 +95,7 @@ Once you have that installed and running your Otterize access graph should look ![Access Graph](/img/quick-tutorials/aws-eks-mini/access-graph.png) -## Step three: Create an intent +### Step three: Create an intent Now that you have Otterize installed, the next step is to create an intent which will enable access to the server from the client. If you enable protection on the server without declaring an intent, the client will be blocked. @@ -185,7 +154,7 @@ And you should see your access graph showing the service as protected: ![Protected Service](/img/quick-tutorials/aws-eks-mini/protected.png) -## What's next +### What's next Have a look at the [guide on how to deploy protection to a larger, more complex application one step at a time](/guides/protect-1-service-network-policies). diff --git a/docs/features/networking/tutorials/k8s-network-mapper.mdx b/docs/features/networking/tutorials/k8s-network-mapper.mdx index 7c3db3339..b462db79e 100644 --- a/docs/features/networking/tutorials/k8s-network-mapper.mdx +++ b/docs/features/networking/tutorials/k8s-network-mapper.mdx @@ -8,7 +8,7 @@ import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; import styles from "/src/css/styles.module.css"; -The network mapper allows you to map network traffic for your K8s cluster. Once mapped you can export it as an image, json, list, or view it within Otterize Cloud. +The network mapper allows you to map pod-to-pod traffic within your K8s cluster. In this tutorial, we will: @@ -17,54 +17,14 @@ In this tutorial, we will: ## Prerequisites -
-Prepare a Kubernetes cluster +### Install Otterize on your cluster +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. -Before you start, you'll need a Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) isn't required for this tutorial, but is recommended so that your cluster works with other tutorials. +We will also need the [Otterize CLI](/overview/installation#install-the-otterize-cli). -{@include: ../../../_common/cluster-setup.md} +## Tutorial -
- -You can now install Otterize in your cluster (if it's not already installed), and optionally connect to Otterize Cloud. Connecting to Cloud lets you: - -1. See what's happening visually in your browser, through the "access graph"; -2. View pod public internet egress traffic. - -So either forego browser visualization and: - -
-Install Otterize in your cluster, without Otterize Cloud - -{@include: ../../../_common/install-otterize.md} - -
- -Or choose to include browser visualization and: - -
-Install Otterize in your cluster, with Otterize Cloud - -#### Create an Otterize Cloud account - -{@include: ../../../_common/create-account.md} - -#### Install Otterize OSS, connected to Otterize Cloud - -{@include: ../../../_common/install-otterize-from-cloud-with-enforcement.md} - -
- -Finally, you'll need to install the Otterize CLI (if you haven't already) to interact with the network mapper: - -
-Install the Otterize CLI - -{@include: ../../../_common/install-otterize-cli.md} - -
- -## Deploy demo to simulate traffic +### Deploy demo to simulate traffic Let's add services and traffic to the cluster and see how the network mapper builds the map. Deploy the following simple example — `client`, `client2` and `server`, communicating over HTTP: @@ -73,16 +33,7 @@ Deploy the following simple example — `client`, `client2` and `server`, co kubectl apply -n otterize-tutorial-mapper -f ${ABSOLUTE_URL}/code-examples/network-mapper/all.yaml ``` -
-Expand to see the deployment YAML - -```yaml -{@include: ../../../static/code-examples/network-mapper/all.yaml} -``` - -
- -## Map the cluster +### Map the cluster The network mapper starts to sniff traffic and build an in-memory network map as soon as it's installed. The Otterize CLI allows you to interact with the network mapper to grab a snapshot of current mapped traffic, @@ -103,17 +54,17 @@ If you've attached Otterize OSS to Otterize Cloud, you can now also see the [acc The access graph reveals several types of information and insights, such as: 1. Seeing the network map for different clusters, seeing the subset of the map for a given namespace, or even — according to how you've mapped namespaces to environments — seeing the subset of the map for a specific environment. -2. Viewing the public internet egress traffic for each pod, including the DNS name and the IPs associated with each outbound request. -3. Filtering the map to include recently-seen traffic, since some date in the past. That way you can eliminate calls that are no longer relevant, without having to reset the network mapper and start building a new map. -4. If the intents operator is also connected, the access graph now reveals more specifics about access: understand which services are protected or would be protected, and which client calls are being blocked or would be blocked. We'll see more of that in the next couple of tutorials. +2. Filtering the map to include recently-seen traffic, since some date in the past. That way you can eliminate calls that are no longer relevant, without having to reset the network mapper and start building a new map. +3. If the intents operator is also connected, the access graph now reveals more specifics about access: understand which services are protected or would be protected, and which client calls are being blocked or would be blocked. We'll see more of that in the next couple of tutorials + +Note, for example, that the `client` → `server` arrow is yellow. Clicking on it shows: -Note, for example, that the `client` → `server` arrow is yellow. Clicking on it shows the automatically generated intents for both the client pod to the server pod and the egress of the client to the public internet. If we take a closer look, the ClientIntent YAML specifies that the `client` can call the `server` on the internal network, and it can reach the IP Address `142.250.189.174`. We can see from the comment that this IP belongs to google.com. Client to server edge info -## What's next +### What's next The network mapper is a great way to bootstrap IBAC. It generates client intents files that reflect the current topology of your services; those can then be used by each client team to grant them easy @@ -125,7 +76,7 @@ Where to go next? - If you haven't already, see the [automate network policies tutorial](/quickstart/access-control/k8s-network-policies). - Or go to the next tutorial to [automate secure access for Kafka](/quickstart/access-control/k8s-kafka-mtls). -### Teardown +## Teardown To remove the deployed examples run: diff --git a/docs/features/networking/tutorials/k8s-network-policies.mdx b/docs/features/networking/tutorials/k8s-network-policies.mdx index 3686dc23f..714d508a9 100644 --- a/docs/features/networking/tutorials/k8s-network-policies.mdx +++ b/docs/features/networking/tutorials/k8s-network-policies.mdx @@ -23,45 +23,14 @@ In this tutorial, we will: ## Prerequisites -
-Prepare a Kubernetes cluster that supports network policies - -Before you start, you'll need a Kubernetes cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/). - -{@include: ../../../_common/cluster-setup.md} - -
- -You can now install (or reinstall) Otterize in your cluster, and optionally connect to Otterize Cloud. Connecting to Cloud lets you: - -1. See what's happening visually in your browser, through the "access graph"; -2. Avoid using SPIRE (which can be installed with Otterize) for issuing certificates, as Otterize Cloud provides a certificate service. - -So either forego browser visualization and: - -
-Install Otterize in your cluster, without Otterize Cloud +### Install Otterize on your cluster +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. -{@include: ../../../_common/install-otterize.md} +We will also need the [Otterize CLI](/overview/installation#install-the-otterize-cli). -
- -Or choose to include browser visualization and: - -
-Install Otterize in your cluster, with Otterize Cloud - -#### Create an Otterize Cloud account - -{@include: ../../../_common/create-account.md} - -#### Install Otterize OSS, connected to Otterize Cloud - -{@include: ../../../_common/install-otterize-from-cloud-with-enforcement.md} - -
+## Tutorial -## Deploy the server and the two clients +### Deploy the server and the two clients Our simple example consists of three pods: an HTTP server and two clients that call it. @@ -176,7 +145,7 @@ If you've attached Otterize OSS to Otterize Cloud, you can now browse to your ac ![Access graph](/img/quick-tutorials/network-policies/base.png) -## Apply intents +### Apply intents We will now declare that the **client** intends to call the **server**. @@ -269,7 +238,7 @@ It's now clear what happened: Otterize did its job of both protecting the server _and_ allowing intended access. ::: -## What did we accomplish? +### What did we accomplish? - Controlling access through network policies no longer means touching network policies at all. @@ -304,7 +273,7 @@ Further information about network policies and Otterize can be found Try to create an intents file yourself for **client-other**, and apply it to allow this other client to call the server. ::: -## What's next +### What's next - Get started with the [Otterize network mapper](/quickstart/visualization/k8s-network-mapper) to help you bootstrap intents files for use in [intent-based access control (IBAC)](/intent-based-access-control). diff --git a/docs/features/networking/tutorials/protect-1-service-network-policies.mdx b/docs/features/networking/tutorials/protect-1-service-network-policies.mdx index d43d3b445..ab317035b 100644 --- a/docs/features/networking/tutorials/protect-1-service-network-policies.mdx +++ b/docs/features/networking/tutorials/protect-1-service-network-policies.mdx @@ -26,16 +26,13 @@ Note: all the capabilities of IBAC are within Otterize OSS, while the access gra ## Prerequisites -
-Prepare a cluster +### Install Otterize on your cluster +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. -Before you start, you'll need a Kubernetes cluster. +We will also need the [Otterize CLI](/overview/installation#install-the-otterize-cli). -{@include: ../../../_common/cluster-setup.md} -
- -
-Deploy the demo set of services +## Tutorial +### Deploy the demo set of services To deploy these into your cluster: ```bash @@ -43,88 +40,64 @@ kubectl create namespace otterize-ecom-demo kubectl apply -n otterize-ecom-demo -f ${ABSOLUTE_URL}/code-examples/shadow-mode/ecom-demo.yaml ```
-Optional: check that the demo was deployed. - -To see all the pods in the demo: -```bash -kubectl get pods -n otterize-ecom-demo -``` -The pods should all be ready and running: -```bash -NAME READY STATUS RESTARTS AGE -adservice-65494cbb9d-5lrv6 1/1 Running 0 115s -cartservice-6d84fc45bb-hdtwn 1/1 Running 0 115s -checkoutservice-5599486df-dvj9n 1/1 Running 3 (79s ago) 115s -currencyservice-6d64686d74-lxb7x 1/1 Running 0 115s -emailservice-7c6cbfbbd7-xjxlt 1/1 Running 0 115s -frontend-f9448d7d4-6dmnr 1/1 Running 0 115s -kafka-0 1/1 Running 2 (83s ago) 115s -loadgenerator-7f6987f59-bchgm 1/1 Running 0 114s -orderservice-7ffdbf6df-wzzfd 1/1 Running 0 115s -otterize-ecom-demo-zookeeper-0 1/1 Running 0 115s -paymentservice-86855d78db-zjjfn 1/1 Running 0 115s -productcatalogservice-5944c7f666-2rjc6 1/1 Running 0 115s -recommendationservice-6c8d848498-zm2rm 1/1 Running 0 114s -redis-cart-6b79c5b497-xpms2 1/1 Running 0 115s -shippingservice-85694cb9bd-v54xp 1/1 Running 0 114s -``` - -You can now browse the web app of this demo, if you wish: - - - - -To get the externally-accessible URL where your demo front end is available, run: -```bash -kubectl get service -n otterize-ecom-demo frontend-external | awk '{print $4}' -``` -The result should be similar to (if running on AWS EKS): -``` -a11843075fd254f8099a986467098647-1889474685.us-east-1.elb.amazonaws.com -``` -Go ahead and browse to the URL above to "shop" and get a feel for the demo's behavior. -(The URL might take some time to populate across DNS servers. Note that we are accessing an HTTP and not an HTTPS website.) - - - -To get the externally-accessible URL where your demo front end is available, run: -``` -kubectl port-forward -n otterize-ecom-demo service/frontend-external 8080:80 & -``` -The demo is now accessible at: -``` -http://localhost:8080 -``` -Go ahead and browse to the URL above to "shop" and get a feel for the demo's behavior. - - -
- -
- -
-Create an Otterize Cloud account - -{@include: ../../../_common/create-account.md} - + Optional: check that the demo was deployed. + + To see all the pods in the demo: + ```bash + kubectl get pods -n otterize-ecom-demo + ``` + The pods should all be ready and running: + ```bash + NAME READY STATUS RESTARTS AGE + adservice-65494cbb9d-5lrv6 1/1 Running 0 115s + cartservice-6d84fc45bb-hdtwn 1/1 Running 0 115s + checkoutservice-5599486df-dvj9n 1/1 Running 3 (79s ago) 115s + currencyservice-6d64686d74-lxb7x 1/1 Running 0 115s + emailservice-7c6cbfbbd7-xjxlt 1/1 Running 0 115s + frontend-f9448d7d4-6dmnr 1/1 Running 0 115s + kafka-0 1/1 Running 2 (83s ago) 115s + loadgenerator-7f6987f59-bchgm 1/1 Running 0 114s + orderservice-7ffdbf6df-wzzfd 1/1 Running 0 115s + otterize-ecom-demo-zookeeper-0 1/1 Running 0 115s + paymentservice-86855d78db-zjjfn 1/1 Running 0 115s + productcatalogservice-5944c7f666-2rjc6 1/1 Running 0 115s + recommendationservice-6c8d848498-zm2rm 1/1 Running 0 114s + redis-cart-6b79c5b497-xpms2 1/1 Running 0 115s + shippingservice-85694cb9bd-v54xp 1/1 Running 0 114s + ``` + + You can now browse the web app of this demo, if you wish: + + + + + To get the externally-accessible URL where your demo front end is available, run: + ```bash + kubectl get service -n otterize-ecom-demo frontend-external | awk '{print $4}' + ``` + The result should be similar to (if running on AWS EKS): + ``` + a11843075fd254f8099a986467098647-1889474685.us-east-1.elb.amazonaws.com + ``` + Go ahead and browse to the URL above to "shop" and get a feel for the demo's behavior. + (The URL might take some time to populate across DNS servers. Note that we are accessing an HTTP and not an HTTPS website.) + + + + To get the externally-accessible URL where your demo front end is available, run: + ``` + kubectl port-forward -n otterize-ecom-demo service/frontend-external 8080:80 & + ``` + The demo is now accessible at: + ``` + http://localhost:8080 + ``` + Go ahead and browse to the URL above to "shop" and get a feel for the demo's behavior. + +
-
-Install Otterize OSS - -{@include: ../../../_common/install-otterize-from-cloud.md} - -
- -
-Install the Otterize CLI - -{@include: ../../../_common/install-otterize-cli.md} - -
- - -## Seeing the access graph +### Seeing the access graph In the Otterize Cloud UI, your [cluster](https://app.otterize.com/clusters) should now show all 3 Otterize OSS operators — the network mapper, intents operator, and credentials operator — as connected, with a green status. @@ -159,7 +132,7 @@ Otterize can configure several access control mechanisms, such as Istio authoriz Access graph - access controls panel -## Choose one service to protect +### Choose one service to protect Now let's prepare to protect just one service, but remain in shadow mode: no actual network policies, yet. We'll verify no intended access would be blocked before turning on the network policy protection. @@ -199,7 +172,7 @@ We see that:
-## Declare client intents +### Declare client intents The graph visually tells us we'll need to declare all 3 of those clients' intents: 1. `frontend` → `productcatalogservice`. @@ -297,7 +270,7 @@ And you can verify the `productcatalogservice` would not block *any* of its disc The server is still yellow because it's unprotected — let's fix that. -## Protect the `productcatalogservice` +### Protect the `productcatalogservice` Now that we've verified no intended clients would be blocked, we can safely protect the server. @@ -325,22 +298,22 @@ Sure enough, the `productcatalogservice` is -## Ready for production +### Ready for production -### Will load balancers, ingress, and other external traffic be affected? +#### Will load balancers, ingress, and other external traffic be affected? The intents operator automatically detects resources of kind `Service` (with type `LoadBalancer` or `NodePort`), or of kind `Ingress`, and creates network policies to allow external traffic to relevant pods. You do not need to configure anything to get this to work. [Learn more here.](/reference/configuration/intents-operator#handling-external-traffic) -### Will admission webhook controllers, e.g. policy validators like Kyverno, be affected? +#### Will admission webhook controllers, e.g. policy validators like Kyverno, be affected? Since you are not placing a global default-deny policy that would affect controllers in your cluster, only default-deny network policies on individual pods, Otterize will not affect calls to admission webhook controllers and they will continue functioning as before. -### Working with Otterize in CI/CD +#### Working with Otterize in CI/CD We recommend placing the `ClientIntents` and `ProtectedService` resource YAMLs alongside the services that own them, in their respective Git repositories: - The `ProtectedService` YAMLs alongside the servers they are protecting, e.g. in the Helm chart belonging to the server. - `ClientIntents` YAMLs, whether they were generated from the network mapper or created and maintained by the client developer teams, alongside each client, e.g. in the Helm chart belonging to the client. -## In summary +### In summary So what have we learned? You can gradually roll out IBAC and drive towards zero trust, service by service, in a safe, predictable, and quick way, by following 4 simple steps: diff --git a/docs/features/postgresql/_category_.json b/docs/features/postgresql/_category_.json index 02b31b4a4..94a4efd26 100644 --- a/docs/features/postgresql/_category_.json +++ b/docs/features/postgresql/_category_.json @@ -3,6 +3,6 @@ "position": 5, "collapsed": true, "customProps": { - "image": "/img/icons/postgresql.png" + "image": "/img/icons/postgresql-no-word-mark.svg" } } diff --git a/docs/features/postgresql/Reference.mdx b/docs/features/postgresql/reference.mdx similarity index 95% rename from docs/features/postgresql/Reference.mdx rename to docs/features/postgresql/reference.mdx index 56e95b209..61f63b245 100644 --- a/docs/features/postgresql/Reference.mdx +++ b/docs/features/postgresql/reference.mdx @@ -3,7 +3,7 @@ sidebar_position: 3 title: Reference --- -### ClientIntents Example (YAML) +### ClientIntents example (YAML) ```yaml apiVersion: k8s.otterize.com/v1alpha3 diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index 39db62b50..ea1b7ea11 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -20,7 +20,7 @@ export const introduction = [ export const features = [ { - title: 'Network Policies', + title: 'Network mapping & access control', icon: '/img/icons/networking.png', url: '/features/networking/' }, @@ -31,17 +31,17 @@ export const features = [ }, { title: 'Kafka', - icon: '/img/icons/kafka.png', + icon: '/img/icons/kafka-no-word-mark.svg', url: '/features/kafka/' }, { title: 'PostgreSQL', - icon: '/img/icons/postgresql.png', + icon: '/img/icons/postgresql-no-word-mark.svg', url: '/features/postgresql/' }, { title: 'Istio', - icon: '/img/icons/istio.png', + icon: '/img/icons/istio-no-word-mark.svg', url: '/features/istio/' }, ]; @@ -122,11 +122,11 @@ Otterize makes it easy to create and visualize authorization for your Kubernetes ### Tutorials -#### Learn more about access control +#### How to manage access control -#### See how to visualize access +#### How to visualize access diff --git a/docs/getting-started/_category_.json b/docs/getting-started/_category_.json index 594203d97..012adff4f 100644 --- a/docs/getting-started/_category_.json +++ b/docs/getting-started/_category_.json @@ -1,4 +1,4 @@ { "collapsed": true, - "label": "Getting Started" + "label": "Getting started" } \ No newline at end of file diff --git a/docs/overview/intent-based-access-control.mdx b/docs/overview/intent-based-access-control.mdx index ade9e2477..2bbdf41fc 100644 --- a/docs/overview/intent-based-access-control.mdx +++ b/docs/overview/intent-based-access-control.mdx @@ -3,85 +3,40 @@ sidebar_position: 2 title: Intent-Based Access Control (IBAC) --- -Intent-based access control is, not surprisingly, centered around declaring intents — specifically, declaring **client** intents - to call servers. +## Why intent based access? -The mechanism to declare client intents is with **client intents files**, or just "intents files" for short. -This is a natural approach for agile, cloud-native organizations and initiatives: +We developers are working hard to make the world’s services functional, reliable, performant, and of course secure, all while maximizing velocity. In practice, achieving successful zero-trust security requires enabling stringent access policies on the service we are developing and within the other technologies and services we utilize. -- Intents files are **declarative**; -- Specifically, intents files declare **what** needs to happen (service A needs to access service B to do operation C) -without specifying, or needing to know, **how** to accomplish this; -- Intents files align with **rapid, distributed development** because they only require the knowledge that -client developers already have &mdash no need for the target server developers or admins to keep track of who needs to access them; -- The declarative approach thrives in **cloud-native infrastructures** where there are existing APIs to configure access control automatically. +Services may need network access, database access, cloud resource access, and more to achieve the desired functionality. In a zero-trust environment, access must be granted by the data teams, cloud teams, and other teams managing dependent services. This results in a large degree of friction and a lack of a cohesive picture of the access rights needed for each service to function properly. -## Intents within intents files +We believe that each service should define the access it needs to function. This intent-based access control (IBAC) should be easily understood, easily reviewed, and capable of being statically analyzed. -An intent is a declaration by a specific client to call a specific server, optionally specifying more granular - information about the call (e.g. the resource path and method for HTTP, the topic name and operation for Kafka). - In other words, an intent is a tuple of client, server, and optional granular call information. - If any of those changes, that's logically a different intent, though the intents file format allows some - shorthand ways of aggregating intents that only differ by HTTP method or Kafka operation. See the example below. +## Enter client intents - An client's intents file specifies *all* the intents of that client, in one YAML file. Why is that important? - Because as the client's needs change, the intents file should change with it, and any intents no longer needed - should be removed from the file. When this updated file is applied, the corresponding access is also removed, - i.e. the network policies or the Kafka ACLs that were previously in place due to those intents are now gone. - In this way, access controls always reflect all of, and only, the latest intended access. +A client intents file is simply a list of calls to servers a client intends to make. Coupled with a mechanism for resolving service names, the list of client intents can be translated to different authorization mechanisms, such as network policies, cloud IAM, databases, etc. -## Intents file formats +In other words, developers declare what their service intends to access, and that can then be converted to a network policy and the associated set of pod labels. -Client intents files are independent of the infrastructure on which IBAC is deployed — indeed, they abstract away -any tie-ins with infrastructures and implementations of access control. - -As an example, let's look at the core of a client intents file for a service called `checkoutservice`. -It declares that it will call the `emailservice`, the `orderservice`, and the `ecomm-events` Kafka service. -It also provides more granular information for some of the calls: +Here’s an example of a client intents file (as a Kubernetes custom resource YAML) for a service named **client** that has network access to another service named **auth-server** and has access to **production-db’s** **metrics** database: ```yaml -{@include: ../../static/resources/example-intents.yaml} -``` - -You can actually create and use such "plain" or "vanilla" intents files without any other metadata. Currently, Otterize only supports processing client intents via the Otterize OSS intents operator for Kubernetes, so you'll need to run the plain intents files through the Otterize CLI (`otterize intents convert`) to convert them into Kubernetes custom resource YAML files. - -Within the context of a Kubernetes cluster, it's very natural to format intents files from the beginning as -Kubernetes custom resources. These files are applied (`kubectl apply`) to the Kubernetes API, which validates - them against a `ClientIntents` custom resource definition (CRD) and then hands them over to the Otterize intents - operator, as expected of a Kubernetes ecosystem extension. - The two formats are trivially related: the "plain" intents file contents are simply embedded in the `spec` - section of the custom resource format. - -Here is the same client intents file, now formatted as a Kubernetes custom resource YAML, -so it can be applied directly via `kubectl apply`: -```yaml -{@include: ../../static/resources/example-intents-resource-highlighted.yaml} +apiVersion: k8s.otterize.com/v1alpha2 +kind: ClientIntents +metadata: + name: client-intents + +spec: + service: + name: client + calls: + - name: auth-server + - name: production-db + type: database + databaseResources: + - databaseName: metrics ``` -## Intents file specification - -The core of a client intents file has 2 root-level fields (keys, in YAML): -- `service` (required): describes the client service that intends to make the calls in this file. - - `name` (required): specifies the name of the client service. - -- `calls` (required): describes the (server) services which the client intends to call.
- Its value is a list of key-value pairs, each describing a server service to be called. (The combination of client service, server service, and optionally any more granular information about the call forms an intent.)
- Each item in the list has the following fields: - - `name` (required): specifies the name of the server service.
- The name can include the namespace of the server service, if different from the client service, separated by a dot ("."): `server-name.server-namespace`. - - `type` (optional, case-insensitive): specifies the type of call to be made to the server.
- If present, the values can currently be `http` or `kafka`.
- The Otterize intents operator will manage network policies for all intents, regardless of type (including if no type is specified); it will *also* manage Kafka ACLs if the `type` is `kafka`; and in the future it will *also* manage HTTP access controls if the `type` is `http`. - - - `kafkaTopics` (optional; only allowed if `type` is `kafka`): Specifies the list of Kafka topics to be called.
- Each item in the list has the following fields: - - `name` (required): specifies the name of the topic. - - `operations` (required): specifies the list of intended operations on that topic.
- Allowed values are: `consume`, `produce`, `create`, `alter`, `delete`, `describe`, `cluster_action`, `describe_configs`, `alter_configs`, `idempotent_write`, and `all`. - - - `HTTPResources` (optional; only allowed if `type` is `http`): Specifies the list of HTTP resources to be called.
- Each item in the list has the following fields: - - `path` (required): specifies the HTTP path of the resource. - - `methods` (required): specifies the list of intended operations on that topic.
- Allowed values are: `get`, `post`, `put`, `patch`, `delete`, `options`, `trace`, and `connect`. +## How do intents work? +When intents are created for a client, the intents operator automatically creates, updates, and deletes the corresponding policies and automatically labels client and server pods to reflect precisely the client-to-server calls declared in client intents files. For instance, for a NetworkPolicy, a single policy is created per server, and pod labels are dynamically updated for clients when their intents are updated +Service names are resolved by recursively getting the owner of a pod until the original owner is found, usually a Deployment, StatefulSet, or other such resource. The name of that resource is used unless the pod has a service-name annotation, in which case the value of that annotation is used instead. diff --git a/docs/overview/otterize-cloud/object-model.mdx b/docs/overview/otterize-cloud/object-model.mdx deleted file mode 100644 index f9dad7fab..000000000 --- a/docs/overview/otterize-cloud/object-model.mdx +++ /dev/null @@ -1,44 +0,0 @@ ---- -sidebar_position: 1 -title: Object model ---- -In Otterize Cloud, as across all of the Otterize product, the central object is the **intent**. Intent-based access control (IBAC) bases the authorization model of a server on the set of calls its clients declare they intend to make, granting them access to make declared calls, while blocking undeclared calls. - -## Intents - -An **intent** is a declaration that service A (the client service) intends to call service B (the server service), often with more granular information about the type of call (e.g. "HTTP" or "Kafka") and other details of the call (e.g. which HTTP resources and methods, or which Kafka topics and operations). - -The intent is expressed within a file, specifically a Kubernetes custom resource YAML declaration, that is then created in a specific Kubernetes cluster and namespace via `kubectl apply`. All the intents from a given client should appear in a single client intents YAML file, which then represents the overall intents of that service to be a client of other services. - -The declared intents applied in this way to a cluster are processed by the **Otterize intents operator** running in the cluster, which -- if configured to enforce intents -- manages Kubernetes network policies and Kafka ACLs according to those intents. When the intents operator is integrated with Otterize Cloud, it also reports those intents to the Cloud, to build an overall model of service-to-service access called the **access graph**. - -The declared intents form the basis of IBAC. But to controllably and confidently roll out IBAC to a working cluster, it's important to compare the declared access to the actual access (or attempted access) happening in the cluster. To that end, the **Otterize network mapper** detects attempted access automatically, and generates **discovered intents**: these reflect the intentions of services to call one another based on discovering the actual call attempts themselves. In other words, discovered intents form a network map of services actually calling each other, while declared intents reflect explicit declarations of services to call each other. When the network mapper is integrated with Otterize Cloud, the access graph in the Cloud will includes both discovered and declared intents, and will yield many more insights. - -Currently, Otterize only supports intents within a cluster (i.e. client and service are within the same cluster), not across clusters. - -## Services - -While declared and discovered intents are the edges of the access graph, **services** are its nodes. A service may be a client of other services, a server to other services, or both. (Note the difference between a "Kubernetes service" which is a specific construct used to make a pod callable by other pods, and an Otterize service that's the more general concept, in the sense of a microservice or a workload.) - -In Otterize Cloud, services are _inferred_ from the intents reported to the Cloud by the intents operator and the network mapper: whenever an intent is reported, it carries the information about the client and server of that intent. The intents operator adds more information when the service is identified as a Kafka service (the **Kafka server config**), and the credentials operator, when integrated, adds yet more information about any **certificates** issued to that service. - -A service name is unique within a namespace in a cluster, but not in general unique across the cluster or across clusters. - -{@include: _environments_and_namespaces.mdx} -## Clusters - -When a Kubernetes cluster is connected to Otterize Cloud, it is represented in the Cloud by a **cluster** object. You'll name it when you add it in the UI or through the API/CLI, or when you create the integration directly (in the UI or API/CLI). - -The Otterize operators -- intents operator, network mapper, and/or credentials operator -- running in your cluster will inform the Cloud about the intents, services, and credentials within this cluster, and will also convey their configuration (e.g. shadow or enforcement mode) within this cluster. Thus the cluster object in Otterize Cloud contains a lot of useful information about your Kubernetes cluster -- information used to deliver insights when you view your cluster in through the lens of the access graph. - -Note that, while a cluster and its namespaces and services could be in a single environment, and an environment could contain multiple clusters, many other combinations are possible. For example, a cluster could contain namespaces in multiple environments. Or, environments may contain some namespaces in one cluster and other namespaces in another cluster. Use whatever mappings make sense for your situation. - -Cluster names must be unique within an organization. - -## Integrations - -Otterize Cloud currently supports two types of integrations: **Kubernetes integrations** and **generic integrations**. In the future, many other types of integrations will be added, allowing Otterize Cloud to work seamlessly with all your infrastructures and systems. - -A Kubernetes integration is used to connect a Kubernetes cluster with Otterize Cloud via any or all of the Otterize operators: the intents operator, the network mapper, and the credentials operator. When a Kubernetes-type integration is created, it is always linked to an Otterize Cloud cluster object. It contains the credentials needed by the operators running in the Kubernetes cluster to communicate with the Cloud on behalf of that cluster, i.e., it ties together the physical Kubernetes cluster with its representation in Otterize Cloud. The integration also determines the environment to which namespaces in that clusters will be associated by default. The name of a Kubernetes integration is derived from the name of the cluster; since cluster names are unique per organization, so are Kubernetes-type integration names. - -A generic integration is used to connect generically an external system to Otterize Cloud. It provides that system credentials to access the Otterize API/CLI, in a way that doesn't involve any specific Otterize user. That makes it ideal for building automations on top of the Otterize API. For example, new clusters provisioned for the development team could be automatically connected to Otterize Cloud, or a CI/CD system could automatically look in the access graph for services that would be blocked or intents that were not declared and applied and fail the build. The name of the integration should reflect the way it will be used. The names of generic-type integrations must be unique within an organization. diff --git a/docs/overview/otterize-oss/README.mdx b/docs/overview/otterize-oss/README.mdx index 5436c09dd..9397ada18 100644 --- a/docs/overview/otterize-oss/README.mdx +++ b/docs/overview/otterize-oss/README.mdx @@ -30,17 +30,3 @@ To get started with Otterize OSS, see the tutorials for [network policies](/quic Components in Otterize OSS collect usage information — counts of events like `INTENTS_APPLIED`, `NETWORK_POLICY_CREATED`, `KAFKA_ACL_DELETED`, etc. — and can report those back to the Otterize team. This is entirely optional and does not affect the functionality of Otterize OSS, but it does help the team at Otterize understand what the community finds useful and hence how to improve it. (Of course, direct feedback through the [Otterize Community Slack](https://joinslack.otterize.com/) is very much appreciated too.) For more information, including what is sent and how to turn it off or on, see [the usage telemetry documentation](/otterize-oss/usage-telemetry). -## Roadmap - -The near-term roadmap for Otterize OSS currently includes: -- [[Done](https://github.com/otterize/otterize-cli/releases/tag/v0.1.17)] Adding **network map visualization** capabilities to the Otterize CLI, so you can get network map images from the network mapper. - -- [[Done](https://github.com/otterize/network-mapper/releases/tag/v0.1.16)] Adding a **Kafka watcher** to supply more detailed information to the network mapper about calls to any Kafka server: which clients are performing which operations against which topics. This complements the current map built up in the network mapper, which only records which clients called which servers, without any more granular information about those calls. With this new capability, users can bootstrap client intents that contain granular Kafka access intent information, and Otterize Cloud can display topic-level shadow mode information and insights also for Kafka servers and their clients. - -- [[Done](https://github.com/otterize/intents-operator/releases/tag/v0.1.20)] Adding support for Istio service mesh access controls. This includes: - - Pod-to-pod access controls (akin to the current network policies support). - - Granular HTTP-level (path and method) access controls (akin to the current Kafka topic-level access control support). - - [Adding HTTP-level (path and method) intent information to the network mapper](https://github.com/otterize/network-mapper/releases/tag/v0.1.16), and to the information optionally sent to Otterize Cloud to support [shadow mode](/shadow-vs-active-enforcement) in the access graph. - - - diff --git a/docs/reference/terminology/README.mdx b/docs/reference/terminology/README.mdx index 41a1b82a9..1178da535 100644 --- a/docs/reference/terminology/README.mdx +++ b/docs/reference/terminology/README.mdx @@ -17,6 +17,9 @@ The [Otterize CLI](/reference/cli) is a command-line utility used to control and ### Intent (or client intent) Otterize intents are a way to declare that one service intends to call another service. Otterize uses them to apply authorization rules to enable the calls to go through, and block any unintended calls. An *intent* refers to a client declaring a particular call to a server; *all* a given client's intents to the servers it intends to call are collected in a single *client intents file*. [Learn more about intents](/reference/intents-and-intents-files). +### Integrations +Otterize Cloud supports two types of integrations: Kubernetes integrations and generic integrations. Kubernetes integrations connect a Kubernetes cluster to Otterize Cloud, allowing communication with the Otterize operators. Generic integrations connect external systems to Otterize Cloud, providing API/CLI access credentials. These integrations are named based on their usage and must have unique names within an organization. + ## Identity ### PKI @@ -57,3 +60,12 @@ A Kubernetes custom resource refers to a resource that is not present in the bas ### CNI (Container Network Interface) CNI is a CNCF project that provides libraries for implementing plugins for configuring network interfaces in Linux containers, and is used by Kubernetes to provide pods running in a cluster with network connectivity. Examples of CNI plugins are Calico, Cilium, the AWS VPC CNI plugin. [Read more about Kubernetes CNI plugins here](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/). + +### Services +Services represent the nodes in the access graph. They can be client services, server services, or both, and they are associated with specific namespaces within a Kubernetes cluster. Otterize Cloud infers services from reported intents and provides additional information for Kafka services and certificates. Service names must be unique within a namespace, but not necessarily across the entire cluster or multiple clusters. + +### Namespaces and Environments +Namespaces are used to group related services within a Kubernetes cluster and can be mapped to different environments (e.g., dev, staging, production). Intents can be cross-namespace and cross-environment, and Otterize Cloud associates namespaces with their respective environments. Environment names must be unique within an organization. + +### Clusters +A Kubernetes cluster connected to Otterize Cloud is represented by a cluster object in the cloud. This object contains information about the cluster's intents, services, credentials, and configuration. Multiple clusters and namespaces can belong to a single environment, or environments can span multiple clusters, depending on the organization's needs. Cluster names must be unique within an organization. \ No newline at end of file diff --git a/docusaurus.config.js b/docusaurus.config.js index 700a12307..2228bf7d1 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -150,7 +150,7 @@ const config = { }, { from: ['/reference/access-controls/network-policies'], - to: '/features/networking/Reference/Network-Policies-Deep-Dive' + to: '/features/networking/reference/Network-Policies-Deep-Dive' }, { from: ['/shadow-vs-active-enforcement'], @@ -180,7 +180,7 @@ const config = { }, { from: ['/otterize-cloud/object-model'], - to: '/overview/otterize-cloud/object-model' + to: '/reference/terminology' }, { from: ['/guides/protect-1-service-network-policies'], diff --git a/src/components/LinkCard/index.js b/src/components/LinkCard/index.js index 414c2df27..d4b6be9ab 100644 --- a/src/components/LinkCard/index.js +++ b/src/components/LinkCard/index.js @@ -16,7 +16,7 @@ export default function DocsLinkCard({items, colSize}) { > {item.icon &&
- +
}
diff --git a/static/img/icons/Postgresql-no-word-mark.svg b/static/img/icons/Postgresql-no-word-mark.svg new file mode 100644 index 000000000..d98e3659c --- /dev/null +++ b/static/img/icons/Postgresql-no-word-mark.svg @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/static/img/icons/istio-no-word-mark.svg b/static/img/icons/istio-no-word-mark.svg new file mode 100644 index 000000000..e3e82f9b1 --- /dev/null +++ b/static/img/icons/istio-no-word-mark.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/static/img/icons/kafka-no-word-mark.svg b/static/img/icons/kafka-no-word-mark.svg new file mode 100644 index 000000000..e373aefc3 --- /dev/null +++ b/static/img/icons/kafka-no-word-mark.svg @@ -0,0 +1,16 @@ + + + + + + image/svg+xml + + + + + + + + + + From e7ccbc8e7dc658e66cde2aec6d8f82819a17ea45 Mon Sep 17 00:00:00 2001 From: bglynn Date: Tue, 30 Jan 2024 13:38:07 -0800 Subject: [PATCH 08/24] link updates. --- docs/features/networking/tutorials/aws-eks-cni-mini.mdx | 2 +- docs/reference/cli/README.mdx | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/features/networking/tutorials/aws-eks-cni-mini.mdx b/docs/features/networking/tutorials/aws-eks-cni-mini.mdx index 5743fb857..56177fe59 100644 --- a/docs/features/networking/tutorials/aws-eks-cni-mini.mdx +++ b/docs/features/networking/tutorials/aws-eks-cni-mini.mdx @@ -13,7 +13,7 @@ This tutorial will walk you through deploying an AWS EKS cluster with the AWS VP ## Prerequisites - An EKS cluster with the AWS VPC CNI add-on installed and with the new built-in network policy support enabled. See [Installing the AWS VPC CNI add-on](https://docs.aws.amazon.com/eks/latest/userguide/pod-networking.html) for more information, or follow the instructions below. -- The [Otterize CLI](/installation#install-the-otterize-cli). +- The [Otterize CLI](/overview/installation#install-the-otterize-cli). - The [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html). - The [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) command-line tool. diff --git a/docs/reference/cli/README.mdx b/docs/reference/cli/README.mdx index 79fe6fe0f..3c648230f 100644 --- a/docs/reference/cli/README.mdx +++ b/docs/reference/cli/README.mdx @@ -4,14 +4,14 @@ title: CLI --- The Otterize command line interface (CLI) offers the following capabilities: -- [Interact with](#network-mapper) the [Otterize network mapper](/quickstart/visualization/k8s-network-mapper) running in a Kubernetes cluster. +- [Interact with](#network-mapper) the [Otterize network mapper](/features/networking/tutorials/k8s-network-mapper) running in a Kubernetes cluster. - [Transform](#otterize-intents-convert--f-path) [intents files](/reference/intents-and-intents-files/#intents-file-formats) from plain YAML format to Kubernetes custom resource YAML format. - Interact with the Otterize Cloud, through its REST API. This CLI is open-source software. To see its source or build it yourself, see [https://github.com/otterize/otterize-cli](https://github.com/otterize/otterize-cli). -The CLI is available as an installable binary as documented in this [guide](/installation#install-the-otterize-cli). +The CLI is available as an installable binary as documented in this [guide](/overview/installation#install-the-otterize-cli). The following are the commands offered by the Otterize CLI. @@ -38,7 +38,7 @@ To **disable** sending usage information: If the `telemetry` flag is omitted or set to `true`, telemetry will be enabled: usage information will be reported. -For more information see the [Usage telemetry Documentation](/otterize-oss/usage-telemetry) +For more information see the [Usage telemetry Documentation](/overview/otterize-oss/usage-telemetry) ## Global options From 856b0369424e514210542940385ff63deab766eb Mon Sep 17 00:00:00 2001 From: bglynn Date: Tue, 30 Jan 2024 16:15:15 -0800 Subject: [PATCH 09/24] more git issue fixes safari image issue caps matter in vercel? --- .../configuration/intents-operator/README.mdx | 2 +- docusaurus.config.js | 12 +++--------- src/components/LinkCard/index.js | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/docs/reference/configuration/intents-operator/README.mdx b/docs/reference/configuration/intents-operator/README.mdx index 69279eac3..c980d1fba 100644 --- a/docs/reference/configuration/intents-operator/README.mdx +++ b/docs/reference/configuration/intents-operator/README.mdx @@ -78,7 +78,7 @@ it is attempting to read, so the end result is that the topic ACLs determine act ### PostgreSQL users & access The intents operator automatically creates, and updates credentials in PostgreSQL databases according to the declared intents. It works together with the Otterize credentials operator to easily enable secure access to PostgreSQL from client pods, all in your Kubernetes cluster. -Try the [Just-in-time PostgreSQL users & access](/features/postgresql/tutorials/postgresql) tutorial to learn more. +Try the [Just-in-time PostgreSQL users & access](/features/postgresql/tutorials/postgres) tutorial to learn more. ### Istio AuthorizationPolicy The intents operator automatically creates, updates and deletes Istio authorization policies, automatically looks up service accounts for client pods and labels server pods, to reflect precisely the client-to-server calls declared in client intents files. diff --git a/docusaurus.config.js b/docusaurus.config.js index 2228bf7d1..81a744b3f 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -159,16 +159,10 @@ const config = { { from: ['/otterize-cloud'], to: '/overview/otterize-cloud' - from: '/quick-tutorials', - to: '/', - }, - { - from: '/quick-tutorials/k8s-mtls', - to: '/quickstart/access-control/k8s-kafka-mtls-cert-manager', }, { - from: '/getting-started/oss-installation', - to: '/installation', + from: '/quick-tutorials', + to: '/', }, { from: ['/otterize-oss/usage-telemetry'], @@ -195,7 +189,7 @@ const config = { to: '/features/networking/tutorials/aws-eks-cni-mini', }, { - from: ['/quick-tutorials/k8s-kafka-mtls-cert-manager', '/quickstart/access-control/k8s-kafka-mtls-cert-manager'], + from: ['/quick-tutorials/k8s-kafka-mtls-cert-manager', '/quickstart/access-control/k8s-kafka-mtls-cert-manager', '/quick-tutorials/k8s-mtls'], to: '/features/kafka/tutorials/k8s-kafka-mtls-cert-manager', }, { diff --git a/src/components/LinkCard/index.js b/src/components/LinkCard/index.js index d4b6be9ab..76a11f4b9 100644 --- a/src/components/LinkCard/index.js +++ b/src/components/LinkCard/index.js @@ -16,7 +16,7 @@ export default function DocsLinkCard({items, colSize}) { > {item.icon &&
- +
}
From f8e2bae3f87dd47e6650ad35f1669fe69dabc731 Mon Sep 17 00:00:00 2001 From: bglynn Date: Wed, 31 Jan 2024 16:58:10 -0800 Subject: [PATCH 10/24] Another merge issue. --- docs/features/networking/_category_.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features/networking/_category_.json b/docs/features/networking/_category_.json index d8135a87a..8c9fb3844 100644 --- a/docs/features/networking/_category_.json +++ b/docs/features/networking/_category_.json @@ -1,5 +1,5 @@ { - "label": "Networking", + "label": "Network Policies", "position": 1, "collapsed": true, "customProps": { From 63ce824c66cf67560c974c88a205c355228072a1 Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Sun, 4 Feb 2024 19:57:22 +0100 Subject: [PATCH 11/24] first pass --- .../k8s-istio-authorization-policies.mdx | 2 +- .../_category_.json | 2 +- .../index.mdx | 5 +- .../reference/Network-Policies-Deep-Dive.mdx | 0 .../reference/README.mdx | 0 .../tutorials/_category_.json | 0 .../tutorials/aws-eks-cni-mini.mdx | 0 .../tutorials/k8s-network-mapper.mdx | 0 .../tutorials/k8s-network-policies.mdx | 0 .../protect-1-service-network-policies.mdx | 0 docs/getting-started/README.mdx | 115 +-- docs/overview/index.mdx | 35 +- .../credentials-operator/README.mdx | 27 +- yarn.lock | 929 +++++++++--------- 14 files changed, 509 insertions(+), 606 deletions(-) rename docs/features/{networking => network-mapping-network-policies}/_category_.json (68%) rename docs/features/{networking => network-mapping-network-policies}/index.mdx (98%) rename docs/features/{networking => network-mapping-network-policies}/reference/Network-Policies-Deep-Dive.mdx (100%) rename docs/features/{networking => network-mapping-network-policies}/reference/README.mdx (100%) rename docs/features/{networking => network-mapping-network-policies}/tutorials/_category_.json (100%) rename docs/features/{networking => network-mapping-network-policies}/tutorials/aws-eks-cni-mini.mdx (100%) rename docs/features/{networking => network-mapping-network-policies}/tutorials/k8s-network-mapper.mdx (100%) rename docs/features/{networking => network-mapping-network-policies}/tutorials/k8s-network-policies.mdx (100%) rename docs/features/{networking => network-mapping-network-policies}/tutorials/protect-1-service-network-policies.mdx (100%) diff --git a/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx b/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx index a265c6520..46205e0ef 100644 --- a/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx +++ b/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx @@ -166,7 +166,7 @@ kubectl apply -f ${ABSOLUTE_URL}/code-examples/istio-authorization-policies/inte ``` :::tip -Client intents are the cornerstone of [intent-based access control (IBAC)](/intent-based-access-control). +Client intents are the cornerstone of [intent-based access control (IBAC)](/overview/intent-based-access-control). ::: 2. You should quickly see in the **[other-client]** terminal that it times out when calling the server, as expected since it didn't declare its intents: diff --git a/docs/features/networking/_category_.json b/docs/features/network-mapping-network-policies/_category_.json similarity index 68% rename from docs/features/networking/_category_.json rename to docs/features/network-mapping-network-policies/_category_.json index 8c9fb3844..c0f24a86c 100644 --- a/docs/features/networking/_category_.json +++ b/docs/features/network-mapping-network-policies/_category_.json @@ -1,5 +1,5 @@ { - "label": "Network Policies", + "label": "Network mapping & network policies", "position": 1, "collapsed": true, "customProps": { diff --git a/docs/features/networking/index.mdx b/docs/features/network-mapping-network-policies/index.mdx similarity index 98% rename from docs/features/networking/index.mdx rename to docs/features/network-mapping-network-policies/index.mdx index 9d76470ba..55297923d 100644 --- a/docs/features/networking/index.mdx +++ b/docs/features/network-mapping-network-policies/index.mdx @@ -1,7 +1,6 @@ --- sidebar_position: 1 -title: Networking | Overview -hide_title: true +title: Network mapping & network policies --- import DocsLinkCard from "@site/src/components/LinkCard"; @@ -28,8 +27,6 @@ export const network_access_tutorials = [ } ]; -# Networking - ### About You can use Otterize to understand, visualize, and manage access for Kubernetes networks. Upon installation, Otterize inspects network traffic and builds an in-memory network map of connections. The network map can then be exported or viewed in various ways to understand the connections within your networks. With IBAC-based policies, Otterize becomes a control plane for your K8s networks. Mapped network traffic can autogenerate declarative intent-based access policies to create least privileged pod-to-pod access easily. diff --git a/docs/features/networking/reference/Network-Policies-Deep-Dive.mdx b/docs/features/network-mapping-network-policies/reference/Network-Policies-Deep-Dive.mdx similarity index 100% rename from docs/features/networking/reference/Network-Policies-Deep-Dive.mdx rename to docs/features/network-mapping-network-policies/reference/Network-Policies-Deep-Dive.mdx diff --git a/docs/features/networking/reference/README.mdx b/docs/features/network-mapping-network-policies/reference/README.mdx similarity index 100% rename from docs/features/networking/reference/README.mdx rename to docs/features/network-mapping-network-policies/reference/README.mdx diff --git a/docs/features/networking/tutorials/_category_.json b/docs/features/network-mapping-network-policies/tutorials/_category_.json similarity index 100% rename from docs/features/networking/tutorials/_category_.json rename to docs/features/network-mapping-network-policies/tutorials/_category_.json diff --git a/docs/features/networking/tutorials/aws-eks-cni-mini.mdx b/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx similarity index 100% rename from docs/features/networking/tutorials/aws-eks-cni-mini.mdx rename to docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx diff --git a/docs/features/networking/tutorials/k8s-network-mapper.mdx b/docs/features/network-mapping-network-policies/tutorials/k8s-network-mapper.mdx similarity index 100% rename from docs/features/networking/tutorials/k8s-network-mapper.mdx rename to docs/features/network-mapping-network-policies/tutorials/k8s-network-mapper.mdx diff --git a/docs/features/networking/tutorials/k8s-network-policies.mdx b/docs/features/network-mapping-network-policies/tutorials/k8s-network-policies.mdx similarity index 100% rename from docs/features/networking/tutorials/k8s-network-policies.mdx rename to docs/features/network-mapping-network-policies/tutorials/k8s-network-policies.mdx diff --git a/docs/features/networking/tutorials/protect-1-service-network-policies.mdx b/docs/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.mdx similarity index 100% rename from docs/features/networking/tutorials/protect-1-service-network-policies.mdx rename to docs/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.mdx diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index ea1b7ea11..6d01004b3 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -8,21 +8,21 @@ hide_title: true export const introduction = [ { title: 'What is Otterize', - description: 'Learn how Otterize helps visualize and manages your authorization', - url: `/overview/intro` + description: 'Learn about how Otterize works and the function of the different Kubernetes operators', + url: `/overview` }, { title: 'Intent-Based Access Control', - description: 'Dive into declarative access.', + description: 'Learn how to use IBAC, with YAML examples.', url: '/overview/intent-based-access-control' }, ]; export const features = [ { - title: 'Network mapping & access control', + title: 'Network mapping & network policies', icon: '/img/icons/networking.png', - url: '/features/networking/' + url: '/features/network-mapping-network-policies/' }, { title: 'AWS IAM', @@ -87,115 +87,38 @@ export const tutorials_visualization = [ } ]; -export const editions = [ - { - title: 'Open Source', - description: 'Our open source edition focuses on a single Kubernetes cluster. ', - url: '/overview/otterize-oss' - }, - { - title: 'Cloud', - description: 'Visualize all your clusters, automate policies, and more', - url: '/overview/otterize-cloud' - } -]; - - import DocsLinkCard from "@site/src/components/LinkCard"; -Otterize is a platform that allows you to visualize, and build secure access for Kubernetes workloads. -Secure access is managed through declarative intent-based access control ([IBAC](/intent-based-access-control)) providing an easy understood and centralized approach to auth. +Otterize is a platform for automating workload IAM (access control) for workloads on Kubernetes. +Each workload declares what it needs in order to function, and a Kubernetes operator figures out the policies that need to be created. This concept is called [Intent-Based Access Control (IBAC)](/overview/intent-based-access-control). + +For each kind of supported IAM mechanism (such as Kubernetes Network Policies, AWS IAM policies), Otterize can automatically learn the required ClientIntents. -The platform is composed of **Otterize OSS**, which is tailored for a single Kubernetes cluster, and **Otterize Cloud**, which adds visibility and operationalization across Kubernetes clusters and non-Kubernetes infrastructures. +Otterize is composed of [three open-source and standalone components (the intents operator, credentials operator and network mapper)](/overview) you deploy on your cluster, as part of a single Helm chart, which handle enforcement, and Otterize Cloud, which supplements them with additional features. +Learn about how Otterize works by reading below, or jump into one of the tutorials below to see how it works hand-on. ### Introduction -### Features +### Features & tutorials -Otterize makes it easy to create and visualize authorization for your Kubernetes clusters across a variety of services. Explore each below. +Otterize makes it easy to automate and visualize workload IAM for your Kubernetes clusters across a variety of platforms. Explore each to learn how it works, and see its quickstart tutorials. ### Tutorials -#### How to manage access control +#### Automating workload IAM +:::danger +TODO +Add icons to the tutorials, same as the icons we have above. +::: -#### How to visualize access +#### Visualizing network traffic and data access - -### Editions - - - - -[//]: # () -[//]: # (## Let's go! 🚀) - -[//]: # (Dive right in with simple demos to manage access control:) - -[//]: # (* [Create and manage network policies](/quickstart/access-control/k8s-network-policies).) - -[//]: # (* [Network policies on AWS EKS with the VPC CNI](/quickstart/access-control/aws-eks-cni-mini).) - -[//]: # (* [Create and manage Istio authorization policies](/quickstart/access-control/k8s-istio-authorization-policies).) - -[//]: # (* [Configure secure access for Kafka using Otterize Cloud mTLS](/quickstart/access-control/k8s-kafka-mtls), or [using cert-manager mTLS](/quickstart/access-control/k8s-kafka-mtls-cert-manager).) - -[//]: # () -[//]: # (Or visualize communication in your cluster:) - -[//]: # (* [Network mapping a Kubernetes cluster](/quickstart/visualization/k8s-network-mapper).) - -[//]: # (* [Istio HTTP-level access mapping](/quickstart/visualization/k8s-istio-watcher).) - -[//]: # (* [Kafka topic-level access mapping](/quickstart/visualization/k8s-network-mapper).) - -[//]: # () -[//]: # (## Components) - -[//]: # () -[//]: # (### Otterize OSS) - -[//]: # (The Otterize OSS components are standalone open-source projects that implement intent-based access control (IBAC) for a single Kubernetes cluster. This same set of components is used to integrate with Otterize Cloud.) - -[//]: # (- The [Otterize intents operator](/reference/configuration/intents-operator) translates ClientIntents resources to access controls: currently, network policies for pod-to-pod access, and ACLs for in-cluster Kafka client access. [See it in GitHub](https://github.com/otterize/intents-operator)) - -[//]: # (- The [Otterize credentials operator](/reference/configuration/credentials-operator) integrates with SPIFFE/SPIRE to handle pod identities and manage certificates. [See it in GitHub](https://github.com/otterize/credentials-operator)) - -[//]: # (- The [Otterize network mapper](/reference/configuration/network-mapper) sniffs pod-to-pod traffic and builds a network map, which is useful on its own and may also be exported as client intents files for bootstrapping IBAC. [See it in GitHub](https://github.com/otterize/network-mapper)) - -[//]: # () -[//]: # () -[//]: # (### Otterize CLI) - -[//]: # () -[//]: # (The [Otterize CLI](/reference/cli) is used to control the network mapper or output its data, convert non-Kubernetes client) - -[//]: # (intents files (if needed) to Kubernetes custom resource YAMLs, interface with the Otterize Cloud.) - -[//]: # () -[//]: # (## Open source and Cloud) - -[//]: # () -[//]: # (### Otterize OSS) - -[//]: # () -[//]: # (Otterize OSS is a standalone open-source implementation of intent-based access control (IBAC) for a single Kubernetes cluster. As well as being open source, Otterize OSS is completely free, licensed under the Apache 2.0 license and does not require Otterize Cloud.) - -[//]: # () -[//]: # (### Otterize Cloud) - -[//]: # () -[//]: # (Otterize Cloud adds unified visibility and operationalization,) - -[//]: # (and spans multiple Kubernetes clusters as well as (coming soon) non-Kubernetes infrastructures.) - -[//]: # () -[//]: # (Read more in our [product page](https://otterize.com/product).) \ No newline at end of file diff --git a/docs/overview/index.mdx b/docs/overview/index.mdx index 00f5204dc..d495cf554 100644 --- a/docs/overview/index.mdx +++ b/docs/overview/index.mdx @@ -10,22 +10,45 @@ Otterize is a declarative and zero-trust approach to access management that empo ## How does Otterize work? -Otterize integrates into your Kubernetes clusters using a Helm chart that deploys some core [open-source components](https://github.com/otterize/), including the network mapper, intents-operator, and credential-operator. These components work in tandem to identify and secure access. Learn more about these components below. +Otterize is deployed to Kubernetes using a Helm chart that deploys the core open-source components: the [network mapper](https://github.com/otterize/network-mapper), [intents-operator](https://github.com/otterize/intents-operator), and [credentials-operator](https://github.com/otterize/credentials-operator). These components each have a stand-alone function (mapping access, provisioning policies and provisioning credentials, respectively), but together they can automate workload IAM. ### Network mapper -The network mapper is a zero-config open-source tool that provides insights into your network traffic without modifying your code or adding additional layers. Once Otterize is installed, the network monitor will automatically inspect pod traffic, including tariff from pod-to-pod, pod-to-public internet egress, Istio Envoy sidecar, pod-to-Kafka topics, and more to follow. This data is then collected in an in-memory database for various uses, including exporting and viewing. +The network mapper is a zero-config open-source tool that provides insights into your workload traffic without modifying your code or adding additional layers. Once Otterize is installed, the network monitor will automatically inspect pod traffic metadata to create a map of accesses, including: +* Pod-to-pod traffic +* Internet egress traffic +* Pod-to-pod traffic including the URL and HTTP method, when an Istio sidecar is available +* Kafka topics +* PostgreSQL databases and tables +* AWS resources -For more information, visit the [network mapper repository](https://github.com/otterize/network-mapper#about) +Out of the box, only pod-to-pod, Internet egress traffic and Istio traffic is collected. To enable the rest, see the tutorials. -### Credential operator +This information can then be viewed as a graph, exported textually, or used to automatically generate ClientIntents, a resource used with the intents operator. -Once Otterize is installed into a cluster, it [resolves a service name](https://github.com/otterize/credentials-operator#service-name-resolution-and-automatic-pod-labeling) for each pod and registers it with either Otterize Cloud or a SPIRE server. Once registered, pods can use the credential operator to generate various secrets/credentials for mTLS or credential-based access to services like PostgreSQL, Kafka, or other connections. +:::danger +TODO +Let's keep people in the docs if they're here, don't send them away to the repo. The repo should be standalone for some basic explanations, then refer to the docs. +::: +For more information, visit the [network mapper reference page](/reference/configuration/network-mapper). +### Credentials operator + +The credentials operator handles the provisioning just-in-time credentials for workloads to authenticate. It can issue mTLS credentials or database username + passwords as Kubernetes Secrets, or create AWS IAM roles. To learn about each of these, check the respective tutorials. + +:::danger +TODO +Let's keep people in the docs if they're here, don't send them away to the repo. The repo should be standalone for some basic explanations, then refer to the docs. (see network mapper) +::: For more information, visit the [credential operator repository](https://github.com/otterize/credentials-operator#about) ### Intents operator -The Otterize intents operator is a tool to network and service access policy creation straightforward. The intents operator uses a declarative policy syntax called Intent-Based Access Control (IBAC) to connect services. IBAC policies allow you to specify a caller and the type of access they should be provided. The intents operator then generates and applies the appropriate service-specific policy (IAM, ACL, NetworkPolicy, etc) to enable that defined access. +The intents operator handles the provisioning of just-in-time policies based on the declared ClientIntents of workloads within a cluster. It can manage network policies, Istio authorization policies, AWS IAM policies, PostgreSQL GRANTs, and Kafka ACLs. To learn about each of these, visit the respective tutorial. +The intents operator does not implement its own policies, but instead configures your existing infrastructure's policies to allow the access required by each workload. This means that it does not ever see your data. +:::danger +TODO +Let's keep people in the docs if they're here, don't send them away to the repo. The repo should be standalone for some basic explanations, then refer to the docs. (see network mapper) +::: For more information, visit the [intents operator repository](https://github.com/otterize/intents-operator#about) diff --git a/docs/reference/configuration/credentials-operator/README.mdx b/docs/reference/configuration/credentials-operator/README.mdx index 8efd28c35..2c0a1f329 100644 --- a/docs/reference/configuration/credentials-operator/README.mdx +++ b/docs/reference/configuration/credentials-operator/README.mdx @@ -3,7 +3,7 @@ sidebar_position: 3 title: Credentials operator --- -The Otterize credentials operator automatically resolves pods to dev-friendly service names and provisions credentials (certificates) for the services from cert-manager, Otterize Cloud or SPIRE as Kubernetes Secrets. +The credentials operator provisions just-in-time credentials for workloads running on Kubernetes. These credentials come in the form of Kubernetes Secrets (mTLS certificates, database username + passwords), or AWS IAM roles. ## Deploying the credentials operator To deploy the operator, [use the Helm chart](/reference/configuration/credentials-operator/helm-chart). @@ -11,34 +11,41 @@ To deploy the operator, [use the Helm chart](/reference/configuration/credential To deploy with Otterize Cloud as the certificate provider, we recommend you [follow the instructions in Otterize Cloud](https://app.otterize.com/). To deploy with cert-manager as the certificate provider, you must also [configure the Issuer name and whether it should look for a ClusterIssuer or an Issuer (namespace-scoped)](/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters). -## Acquiring mTLS credentials using the credentials operator -The credentials operator is controlled using annotations placed on pods. To have it provision credentials and place them in Secrets, you must specify `credentials-operator.otterize.com/tls-secret-name`. +## Provisioning AWS IAM roles using the credentials operator +The credentials operator is controlled using annotations placed on pods. To have it provision an AWS IAM role, you must specify the pod annotation `credentials-operator.otterize.com/create-aws-role`, with the value being `true`. Once you do so, the credentials operator will provision an AWS IAM role, and automatically bind it with the Kubernetes ServiceAccount of the pod by setting the EKS role ARN annotation on the ServiceAccount and the appropriate Trust Relationship on the AWS IAM role. -## How does the credentials operator provision credentials? +## Provisioning mTLS certificates using the credentials operator +The credentials operator is controlled using annotations placed on pods. To have it provision certificates and place them in Secrets, you must specify the pod annotation `credentials-operator.otterize.com/tls-secret-name`, with the value being the name of the secret. Once you do so, the credentials operator will provision a certificate for the pod, using Otterize Cloud, cert-manager or SPIRE, depending how you've deployed it. + +## Provisioning database username + password using the credentials operator +The credentials operator is controlled using annotations placed on pods. To have it provision database username + password and place them in Secrets, you must specify the pod annotation `credentials-operator.otterize.com/user-password-secret-name`, with the value being the name of the secret. Once you do so, the credentials operator will provision a username and password for the pod. + + +### How does the credentials operator provision certificates? The credentials operator performs two steps in order to issue certificates. -### Step 1: SPIRE entry registration +#### Step 1: SPIRE entry registration This step only happens if the operator is configured to use SPIRE for certificate generation. Once the operator [resolves the service name](#service-name-resolution-and-automatic-pod-labeling) for a pod, it labels the pod so that SPIRE can find it, and registers an entry with the SPIRE server for that label. -### Step 2: Certificate generation +#### Step 2: Certificate generation The operator consults the annotation `credentials-operator.otterize.com/tls-secret-name`. If that annotation exists, the operator creates a secret named after the value of the label. That secret contains X.509 credentials within, provided by cert-manager, Otterize Cloud or SPIRE, depending on how the credentials operator is configured. -#### cert-manager +##### cert-manager The operator creates a cert-manager [`Certificate`](https://cert-manager.io/docs/usage/certificate/) resource, which will create a Kubernetes Secret with the name specified by the value of the annotation `credentials-operator.otterize.com/tls-secret-name`. The common name and DNS names in the certificate are values that represent the identity of the service, as resolved by the [service identity resolution algorithm](#3-service-name-resolution-and-automatic-pod-labeling), i.e. `servicename.namespace`. The operator will use a [`ClusterIssuer`](https://cert-manager.io/docs/concepts/issuer/) or an [`Issuer`](https://cert-manager.io/docs/concepts/issuer/) to create the Certificate resource, which it expects to find in the same namespace as the `Pod` with the annotation. The `Issuer` is configured at deploy time, using the [Helm chart](/reference/configuration/credentials-operator/helm-chart). In the event that the default approver controller in `cert-manager` is [disabled](https://cert-manager.io/docs/concepts/certificaterequest/#approver-controller), the credentials operator can auto-approve its own [`CertificateRequests`](https://cert-manager.io/docs/concepts/certificaterequest/). Enable this capability by [configuring the Helm chart `autoApprove` flag](/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters). -#### Otterize Cloud +##### Otterize Cloud The operator requests certificates from Otterize Cloud, which internally manages them in Hashicorp Vault. The certificates are then placed within a Kubernetes Secret named with the value of the annotation `credentials-operator.otterize.com/tls-secret-name`. -#### SPIRE +##### SPIRE Once the operator has registered the pod with SPIRE, which happens automatically for a pod that has the `credentials-operator.otterize.com/tls-secret-name` annotation upon pod startup. The credentials operator then acquires the SVID and certificates for the CA chain and places them within a Kubernetes Secret. The SVID and DNS names in the certificate is the identity of the service, as resolved by the [service identity resolution algorithm](#3-service-name-resolution-and-automatic-pod-labeling), i.e. `servicename.namespace`. ## SPIRE workload registrar -When using SPIRE, the operator registers every pod with the SPIRE server (even those without annotations). +When deployed with a SPIRE server, the operator registers every pod with the SPIRE server (even those without annotations). Alongside the credentials operator, you could use SPIRE agents and the SPIRE SDK to work with the same SPIRE server. To learn more, check out the documentation for [SPIRE](https://spiffe.io/docs/latest/spire-about/spire-concepts/). Note that to use the credentials operator, you do not need to work directly with SPIRE or SPIRE agents, and can do everything completely using annotations and Kubernetes Secrets. diff --git a/yarn.lock b/yarn.lock index dd4fda918..9bb583314 100644 --- a/yarn.lock +++ b/yarn.lock @@ -84,7 +84,7 @@ "@algolia/requester-common" "4.20.0" "@algolia/transporter" "4.20.0" -"@algolia/client-search@>= 4.9.1 < 6", "@algolia/client-search@4.20.0": +"@algolia/client-search@4.20.0": version "4.20.0" resolved "https://registry.npmjs.org/@algolia/client-search/-/client-search-4.20.0.tgz" integrity sha512-zgwqnMvhWLdpzKTpd3sGmMlr4c+iS7eyyLGiaO51zDZWGMkpgoNVmltkzdBwxOVXz0RsFMznIxB9zuarUv4TZg== @@ -164,28 +164,7 @@ resolved "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.23.5.tgz" integrity sha512-uU27kfDRlhfKl+w1U6vp16IuvSLtjAxdArVXPa9BvLkrr7CYIsxH5adpHObeAGY/41+syctUWOZ140a2Rvkgjw== -"@babel/core@^7.0.0", "@babel/core@^7.0.0-0", "@babel/core@^7.0.0-0 || ^8.0.0-0 <8.0.0", "@babel/core@^7.12.0", "@babel/core@^7.13.0", "@babel/core@^7.18.6", "@babel/core@^7.19.6", "@babel/core@^7.4.0 || ^8.0.0-0 <8.0.0": - version "7.23.9" - resolved "https://registry.npmjs.org/@babel/core/-/core-7.23.9.tgz" - integrity sha512-5q0175NOjddqpvvzU+kDiSOAk4PfdO6FvwCWoQ6RO7rTzEe8vlo+4HVfcnAREhD4npMs0e9uZypjTwzZPCf/cw== - dependencies: - "@ampproject/remapping" "^2.2.0" - "@babel/code-frame" "^7.23.5" - "@babel/generator" "^7.23.6" - "@babel/helper-compilation-targets" "^7.23.6" - "@babel/helper-module-transforms" "^7.23.3" - "@babel/helpers" "^7.23.9" - "@babel/parser" "^7.23.9" - "@babel/template" "^7.23.9" - "@babel/traverse" "^7.23.9" - "@babel/types" "^7.23.9" - convert-source-map "^2.0.0" - debug "^4.1.0" - gensync "^1.0.0-beta.2" - json5 "^2.2.3" - semver "^6.3.1" - -"@babel/core@^7.11.6", "@babel/core@7.12.9": +"@babel/core@7.12.9": version "7.12.9" resolved "https://registry.npmjs.org/@babel/core/-/core-7.12.9.tgz" integrity sha512-gTXYh3M5wb7FRXQy+FErKFAv90BnlOuNn1QkCK2lREoPAjrQCO49+HVSrFoe5uakFAF5eenS75KbO2vQiLrTMQ== @@ -207,6 +186,27 @@ semver "^5.4.1" source-map "^0.5.0" +"@babel/core@^7.18.6", "@babel/core@^7.19.6": + version "7.23.9" + resolved "https://registry.npmjs.org/@babel/core/-/core-7.23.9.tgz" + integrity sha512-5q0175NOjddqpvvzU+kDiSOAk4PfdO6FvwCWoQ6RO7rTzEe8vlo+4HVfcnAREhD4npMs0e9uZypjTwzZPCf/cw== + dependencies: + "@ampproject/remapping" "^2.2.0" + "@babel/code-frame" "^7.23.5" + "@babel/generator" "^7.23.6" + "@babel/helper-compilation-targets" "^7.23.6" + "@babel/helper-module-transforms" "^7.23.3" + "@babel/helpers" "^7.23.9" + "@babel/parser" "^7.23.9" + "@babel/template" "^7.23.9" + "@babel/traverse" "^7.23.9" + "@babel/types" "^7.23.9" + convert-source-map "^2.0.0" + debug "^4.1.0" + gensync "^1.0.0-beta.2" + json5 "^2.2.3" + semver "^6.3.1" + "@babel/generator@^7.12.5", "@babel/generator@^7.18.7", "@babel/generator@^7.23.6": version "7.23.6" resolved "https://registry.npmjs.org/@babel/generator/-/generator-7.23.6.tgz" @@ -329,16 +329,16 @@ dependencies: "@babel/types" "^7.22.5" -"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3": - version "7.22.5" - resolved "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.22.5.tgz" - integrity sha512-uLls06UVKgFG9QD4OeFYLEGteMIAa5kpTPcFL28yuCIIzsf6ZyKZMllKVOCZFhiZ5ptnwX4mtKdWCBE/uT4amg== - "@babel/helper-plugin-utils@7.10.4": version "7.10.4" resolved "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz" integrity sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg== +"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3": + version "7.22.5" + resolved "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.22.5.tgz" + integrity sha512-uLls06UVKgFG9QD4OeFYLEGteMIAa5kpTPcFL28yuCIIzsf6ZyKZMllKVOCZFhiZ5ptnwX4mtKdWCBE/uT4amg== + "@babel/helper-remap-async-to-generator@^7.22.20", "@babel/helper-remap-async-to-generator@^7.22.5": version "7.22.20" resolved "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.22.20.tgz" @@ -518,13 +518,6 @@ dependencies: "@babel/helper-plugin-utils" "^7.8.0" -"@babel/plugin-syntax-jsx@^7.22.5": - version "7.22.5" - resolved "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.22.5.tgz" - integrity sha512-gvyP4hZrgrs/wWMaocvxZ44Hw0b3W8Pe+cMxc8V1ULQ07oh8VNbIRaoD1LRZVTvD+0nieDKjfgKg89sD7rrKrg== - dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-jsx@7.12.1": version "7.12.1" resolved "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.12.1.tgz" @@ -532,6 +525,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.10.4" +"@babel/plugin-syntax-jsx@^7.22.5": + version "7.22.5" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.22.5.tgz" + integrity sha512-gvyP4hZrgrs/wWMaocvxZ44Hw0b3W8Pe+cMxc8V1ULQ07oh8VNbIRaoD1LRZVTvD+0nieDKjfgKg89sD7rrKrg== + dependencies: + "@babel/helper-plugin-utils" "^7.22.5" + "@babel/plugin-syntax-logical-assignment-operators@^7.10.4": version "7.10.4" resolved "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz" @@ -553,7 +553,7 @@ dependencies: "@babel/helper-plugin-utils" "^7.10.4" -"@babel/plugin-syntax-object-rest-spread@^7.8.0", "@babel/plugin-syntax-object-rest-spread@^7.8.3", "@babel/plugin-syntax-object-rest-spread@7.8.3": +"@babel/plugin-syntax-object-rest-spread@7.8.3", "@babel/plugin-syntax-object-rest-spread@^7.8.0", "@babel/plugin-syntax-object-rest-spread@^7.8.3": version "7.8.3" resolved "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz" integrity sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA== @@ -1257,7 +1257,7 @@ "@docsearch/css" "3.5.2" algoliasearch "^4.19.1" -"@docusaurus/core@^2.0.0-beta.5", "@docusaurus/core@^2.4.3", "@docusaurus/core@2.4.3": +"@docusaurus/core@2.4.3", "@docusaurus/core@^2.0.0-beta.5", "@docusaurus/core@^2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/core/-/core-2.4.3.tgz" integrity sha512-dWH5P7cgeNSIg9ufReX6gaCl/TmrGKD38Orbwuz05WPhAQtFXHd5B8Qym1TiXfvUNvwoYKkAJOJuGe8ou0Z7PA== @@ -1375,7 +1375,7 @@ url-loader "^4.1.1" webpack "^5.73.0" -"@docusaurus/module-type-aliases@^2.4.3", "@docusaurus/module-type-aliases@2.4.3": +"@docusaurus/module-type-aliases@2.4.3", "@docusaurus/module-type-aliases@^2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-2.4.3.tgz" integrity sha512-cwkBkt1UCiduuvEAo7XZY01dJfRn7UR/75mBgOdb1hKknhrabJZ8YH+7savd/y9kLExPyrhe0QwdS9GuzsRRIA== @@ -1484,7 +1484,7 @@ "@docusaurus/utils-validation" "2.4.3" tslib "^2.4.0" -"@docusaurus/plugin-google-gtag@^2.4.3", "@docusaurus/plugin-google-gtag@2.4.3": +"@docusaurus/plugin-google-gtag@2.4.3", "@docusaurus/plugin-google-gtag@^2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-2.4.3.tgz" integrity sha512-5FMg0rT7sDy4i9AGsvJC71MQrqQZwgLNdDetLEGDHLfSHLvJhQbTCUGbGXknUgWXQJckcV/AILYeJy+HhxeIFA== @@ -1538,7 +1538,7 @@ "@docusaurus/theme-search-algolia" "2.4.3" "@docusaurus/types" "2.4.3" -"@docusaurus/react-loadable@5.5.2": +"@docusaurus/react-loadable@5.5.2", "react-loadable@npm:@docusaurus/react-loadable@5.5.2": version "5.5.2" resolved "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-5.5.2.tgz" integrity sha512-A3dYjdBGuy0IGT+wyLIGIKLRE+sAk1iNk0f1HjNDysO7u8lhL4N3VEm+FAubmJbAztn94F7MxBTPmnixbiyFdQ== @@ -1599,7 +1599,7 @@ use-sync-external-store "^1.2.0" utility-types "^3.10.0" -"@docusaurus/theme-search-algolia@^2.4.3", "@docusaurus/theme-search-algolia@2.4.3": +"@docusaurus/theme-search-algolia@2.4.3", "@docusaurus/theme-search-algolia@^2.4.3": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-2.4.3.tgz" integrity sha512-jziq4f6YVUB5hZOB85ELATwnxBz/RmSLD3ksGQOLDPKVzat4pmI8tddNWtriPpxR04BNT+ZfpPUMFkNFetSW1Q== @@ -1629,7 +1629,7 @@ fs-extra "^10.1.0" tslib "^2.4.0" -"@docusaurus/types@*", "@docusaurus/types@^2.0.0-beta.5", "@docusaurus/types@2.4.3": +"@docusaurus/types@2.4.3", "@docusaurus/types@^2.0.0-beta.5": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/types/-/types-2.4.3.tgz" integrity sha512-W6zNLGQqfrp/EoPD0bhb9n7OobP+RHpmvVzpA+Z/IuU3Q63njJM24hmT0GYboovWcDtFmnIJC9wcyx4RVPQscw== @@ -1661,7 +1661,7 @@ js-yaml "^4.1.0" tslib "^2.4.0" -"@docusaurus/utils@^2.0.0-beta.5", "@docusaurus/utils@2.4.3": +"@docusaurus/utils@2.4.3", "@docusaurus/utils@^2.0.0-beta.5": version "2.4.3" resolved "https://registry.npmjs.org/@docusaurus/utils/-/utils-2.4.3.tgz" integrity sha512-fKcXsjrD86Smxv8Pt0TBFqYieZZCPh4cbf9oszUq/AMhZn3ujwpKaVYZACPX8mmjtYx0JOgNx52CREBfiGQB4A== @@ -1785,14 +1785,6 @@ resolved "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz" integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== -"@jridgewell/trace-mapping@^0.3.17", "@jridgewell/trace-mapping@^0.3.9": - version "0.3.20" - resolved "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.20.tgz" - integrity sha512-R8LcPeWZol2zR8mmH3JeKQ6QRCFb7XgUhV9ZlGhHLGyg4wpPiPZNQOOWhFZhxKw8u//yTbNGI42Bx/3paXEQ+Q== - dependencies: - "@jridgewell/resolve-uri" "^3.1.0" - "@jridgewell/sourcemap-codec" "^1.4.14" - "@jridgewell/trace-mapping@0.3.9": version "0.3.9" resolved "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz" @@ -1801,6 +1793,14 @@ "@jridgewell/resolve-uri" "^3.0.3" "@jridgewell/sourcemap-codec" "^1.4.10" +"@jridgewell/trace-mapping@^0.3.17", "@jridgewell/trace-mapping@^0.3.9": + version "0.3.20" + resolved "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.20.tgz" + integrity sha512-R8LcPeWZol2zR8mmH3JeKQ6QRCFb7XgUhV9ZlGhHLGyg4wpPiPZNQOOWhFZhxKw8u//yTbNGI42Bx/3paXEQ+Q== + dependencies: + "@jridgewell/resolve-uri" "^3.1.0" + "@jridgewell/sourcemap-codec" "^1.4.14" + "@leichtgewicht/ip-codec@^2.0.1": version "2.0.4" resolved "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz" @@ -1864,7 +1864,7 @@ "@nodelib/fs.stat" "2.0.5" run-parallel "^1.1.9" -"@nodelib/fs.stat@^2.0.2", "@nodelib/fs.stat@2.0.5": +"@nodelib/fs.stat@2.0.5", "@nodelib/fs.stat@^2.0.2": version "2.0.5" resolved "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz" integrity sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== @@ -1907,16 +1907,16 @@ resolved "https://registry.npmjs.org/@sideway/pinpoint/-/pinpoint-2.0.0.tgz" integrity sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ== -"@sinclair/typebox@^0.27.8": - version "0.27.8" - resolved "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz" - integrity sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA== - "@sinclair/typebox@0.25.24": version "0.25.24" resolved "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.25.24.tgz" integrity sha512-XJfwUVUKDHF5ugKwIcxEgc9k8b7HbznCp6eUfWgu710hMPNIO4aw4/zB5RogDQz8nd6gyCDpU9O/m6qYEWY6yQ== +"@sinclair/typebox@^0.27.8": + version "0.27.8" + resolved "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz" + integrity sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA== + "@sindresorhus/is@^0.14.0": version "0.14.0" resolved "https://registry.npmjs.org/@sindresorhus/is/-/is-0.14.0.tgz" @@ -1985,7 +1985,7 @@ "@svgr/babel-plugin-transform-react-native-svg" "^6.5.1" "@svgr/babel-plugin-transform-svg-component" "^6.5.1" -"@svgr/core@*", "@svgr/core@^6.0.0", "@svgr/core@^6.5.1": +"@svgr/core@^6.5.1": version "6.5.1" resolved "https://registry.npmjs.org/@svgr/core/-/core-6.5.1.tgz" integrity sha512-/xdLSWxK5QkqG524ONSjvg3V/FkNyCv538OIBdQqPNaAta3AsXj/Bd2FbvR87yMbXO2hFSWiAe/Q6IkVPDw+mw== @@ -2244,16 +2244,16 @@ dependencies: undici-types "~5.26.4" -"@types/node@^17.0.5": - version "17.0.45" - resolved "https://registry.npmjs.org/@types/node/-/node-17.0.45.tgz" - integrity sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw== - "@types/node@14.18.33": version "14.18.33" resolved "https://registry.npmjs.org/@types/node/-/node-14.18.33.tgz" integrity sha512-qelS/Ra6sacc4loe/3MSjXNL1dNQ/GjxNHVzuChwMfmk7HuycRLVQN2qNY3XahK+fZc5E2szqQSKUyAF0E+2bg== +"@types/node@^17.0.5": + version "17.0.45" + resolved "https://registry.npmjs.org/@types/node/-/node-17.0.45.tgz" + integrity sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw== + "@types/parse-json@^4.0.0": version "4.0.0" resolved "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.0.tgz" @@ -2305,7 +2305,7 @@ "@types/history" "^4.7.11" "@types/react" "*" -"@types/react@*", "@types/react@>= 16.8.0 < 19.0.0": +"@types/react@*": version "18.2.37" resolved "https://registry.npmjs.org/@types/react/-/react-18.2.37.tgz" integrity sha512-RGAYMi2bhRgEXT3f4B92WTohopH6bIXw05FuGlmJEnv/omEn190+QYEIYxIAuIBdKgboYYdVved2p1AxZVQnaw== @@ -2559,7 +2559,7 @@ json-schema-to-ts "1.6.4" ts-morph "12.0.0" -"@webassemblyjs/ast@^1.11.5", "@webassemblyjs/ast@1.11.6": +"@webassemblyjs/ast@1.11.6", "@webassemblyjs/ast@^1.11.5": version "1.11.6" resolved "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.6.tgz" integrity sha512-IN1xI7PwOvLPgjcf180gC1bqn3q/QaOCwYUahIOhbYUu8KA/3tw2RT/T0Gidi1l7Hhj5D/INhJxiICObqpMu4Q== @@ -2660,7 +2660,7 @@ "@webassemblyjs/wasm-gen" "1.11.6" "@webassemblyjs/wasm-parser" "1.11.6" -"@webassemblyjs/wasm-parser@^1.11.5", "@webassemblyjs/wasm-parser@1.11.6": +"@webassemblyjs/wasm-parser@1.11.6", "@webassemblyjs/wasm-parser@^1.11.5": version "1.11.6" resolved "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz" integrity sha512-6ZwPeGzMJM3Dqp3hCsLgESxBGtT/OeCvCZ4TA1JUPYgmhAx38tTPR9JaKy0S5H3evQpO/h2uWs2j6Yc/fjkpTQ== @@ -2718,7 +2718,7 @@ acorn-walk@^8.0.0, acorn-walk@^8.1.1: resolved "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz" integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA== -acorn@^8, acorn@^8.0.4, acorn@^8.4.1, acorn@^8.6.0, acorn@^8.7.1, acorn@^8.8.2: +acorn@^8.0.4, acorn@^8.4.1, acorn@^8.6.0, acorn@^8.7.1, acorn@^8.8.2: version "8.11.2" resolved "https://registry.npmjs.org/acorn/-/acorn-8.11.2.tgz" integrity sha512-nc0Axzp/0FILLEVsm4fNwLCwMttvhEI263QtVPQcbpfZZ3ts0hLsZGOpE6czNlid7CJ9MlyH8reXkpsf3YUY4w== @@ -2762,7 +2762,17 @@ ajv-keywords@^5.1.0: dependencies: fast-deep-equal "^3.1.3" -ajv@^6.0.0, ajv@^6.12.2, ajv@^6.12.4, ajv@^6.12.5, ajv@^6.9.1: +ajv@8.6.3: + version "8.6.3" + resolved "https://registry.npmjs.org/ajv/-/ajv-8.6.3.tgz" + integrity sha512-SMJOdDP6LqTkD0Uq8qLi+gMwSt0imXLSV080qFVwJCpH9U6Mb+SUGHAXM0KNbcBPguytWyvFxcHgMLe2D2XSpw== + dependencies: + fast-deep-equal "^3.1.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + uri-js "^4.2.2" + +ajv@^6.0.0, ajv@^6.12.2, ajv@^6.12.4, ajv@^6.12.5: version "6.12.6" resolved "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz" integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== @@ -2772,7 +2782,7 @@ ajv@^6.0.0, ajv@^6.12.2, ajv@^6.12.4, ajv@^6.12.5, ajv@^6.9.1: json-schema-traverse "^0.4.1" uri-js "^4.2.2" -ajv@^8.0.0, ajv@^8.8.2, ajv@^8.9.0: +ajv@^8.0.0, ajv@^8.9.0: version "8.12.0" resolved "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz" integrity sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA== @@ -2782,16 +2792,6 @@ ajv@^8.0.0, ajv@^8.8.2, ajv@^8.9.0: require-from-string "^2.0.2" uri-js "^4.2.2" -ajv@8.6.3: - version "8.6.3" - resolved "https://registry.npmjs.org/ajv/-/ajv-8.6.3.tgz" - integrity sha512-SMJOdDP6LqTkD0Uq8qLi+gMwSt0imXLSV080qFVwJCpH9U6Mb+SUGHAXM0KNbcBPguytWyvFxcHgMLe2D2XSpw== - dependencies: - fast-deep-equal "^3.1.1" - json-schema-traverse "^1.0.0" - require-from-string "^2.0.2" - uri-js "^4.2.2" - algoliasearch-helper@^3.10.0: version "3.15.0" resolved "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.15.0.tgz" @@ -2799,7 +2799,7 @@ algoliasearch-helper@^3.10.0: dependencies: "@algolia/events" "^4.0.1" -algoliasearch@^4.13.1, algoliasearch@^4.19.1, "algoliasearch@>= 3.1 < 6", "algoliasearch@>= 4.9.1 < 6": +algoliasearch@^4.13.1, algoliasearch@^4.19.1: version "4.20.0" resolved "https://registry.npmjs.org/algoliasearch/-/algoliasearch-4.20.0.tgz" integrity sha512-y+UHEjnOItoNy0bYO+WWmLWBlPwDjKHW6mNHrPi0NkuhpQOOEbrkwQH/wgKFDLh7qlKjzoKeiRtlpewDPDG23g== @@ -2886,6 +2886,11 @@ are-we-there-yet@^2.0.0: delegates "^1.0.0" readable-stream "^3.6.0" +arg@4.1.0: + version "4.1.0" + resolved "https://registry.npmjs.org/arg/-/arg-4.1.0.tgz" + integrity sha512-ZWc51jO3qegGkVh8Hwpv636EkbesNV5ZNQPCtRa+0qytRYPEs9IYT9qITY9buezqUH5uqyzlWLcufrzU2rffdg== + arg@^4.1.0: version "4.1.3" resolved "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz" @@ -2896,11 +2901,6 @@ arg@^5.0.0, arg@^5.0.2: resolved "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz" integrity sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg== -arg@4.1.0: - version "4.1.0" - resolved "https://registry.npmjs.org/arg/-/arg-4.1.0.tgz" - integrity sha512-ZWc51jO3qegGkVh8Hwpv636EkbesNV5ZNQPCtRa+0qytRYPEs9IYT9qITY9buezqUH5uqyzlWLcufrzU2rffdg== - argparse@^1.0.7: version "1.0.10" resolved "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz" @@ -2913,16 +2913,16 @@ argparse@^2.0.1: resolved "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz" integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== -array-flatten@^2.1.2: - version "2.1.2" - resolved "https://registry.npmjs.org/array-flatten/-/array-flatten-2.1.2.tgz" - integrity sha512-hNfzcOV8W4NdualtqBFPyVO+54DSJuZGY9qT4pRroB6S9e3iiido2ISIC5h9R2sPJ8H3FHCIiEnsv1lPXO3KtQ== - array-flatten@1.1.1: version "1.1.1" resolved "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz" integrity sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg== +array-flatten@^2.1.2: + version "2.1.2" + resolved "https://registry.npmjs.org/array-flatten/-/array-flatten-2.1.2.tgz" + integrity sha512-hNfzcOV8W4NdualtqBFPyVO+54DSJuZGY9qT4pRroB6S9e3iiido2ISIC5h9R2sPJ8H3FHCIiEnsv1lPXO3KtQ== + array-union@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz" @@ -3146,7 +3146,7 @@ braces@^3.0.2, braces@~3.0.2: dependencies: fill-range "^7.0.1" -browserslist@^4.0.0, browserslist@^4.14.5, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.21.4, browserslist@^4.22.1, browserslist@^4.22.2, "browserslist@>= 4.21.0": +browserslist@^4.0.0, browserslist@^4.14.5, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.21.4, browserslist@^4.22.1, browserslist@^4.22.2: version "4.22.3" resolved "https://registry.npmjs.org/browserslist/-/browserslist-4.22.3.tgz" integrity sha512-UAp55yfwNv0klWNapjs/ktHoguxuQNGnOzxYmfnXIS+8AsRDZkSDxg7R1AX3GKzn078SBI5dzwzj/Yx0Or0e3A== @@ -3215,7 +3215,7 @@ camel-case@^4.1.2: pascal-case "^3.1.2" tslib "^2.0.3" -camelcase-css@^2.0.1, camelcase-css@2.0.1: +camelcase-css@2.0.1, camelcase-css@^2.0.1: version "2.0.1" resolved "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz" integrity sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA== @@ -3302,21 +3302,6 @@ cheerio@^1.0.0-rc.12: parse5 "^7.0.0" parse5-htmlparser2-tree-adapter "^7.0.0" -chokidar@^3.4.2, chokidar@^3.5.3: - version "3.5.3" - resolved "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz" - integrity sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw== - dependencies: - anymatch "~3.1.2" - braces "~3.0.2" - glob-parent "~5.1.2" - is-binary-path "~2.1.0" - is-glob "~4.0.1" - normalize-path "~3.0.0" - readdirp "~3.6.0" - optionalDependencies: - fsevents "~2.3.2" - chokidar@3.3.1: version "3.3.1" resolved "https://registry.npmjs.org/chokidar/-/chokidar-3.3.1.tgz" @@ -3332,6 +3317,21 @@ chokidar@3.3.1: optionalDependencies: fsevents "~2.1.2" +chokidar@^3.4.2, chokidar@^3.5.3: + version "3.5.3" + resolved "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz" + integrity sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw== + dependencies: + anymatch "~3.1.2" + braces "~3.0.2" + glob-parent "~5.1.2" + is-binary-path "~2.1.0" + is-glob "~4.0.1" + normalize-path "~3.0.0" + readdirp "~3.6.0" + optionalDependencies: + fsevents "~2.3.2" + chownr@^1.1.4: version "1.1.4" resolved "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz" @@ -3433,16 +3433,16 @@ color-convert@^2.0.1: dependencies: color-name "~1.1.4" -color-name@~1.1.4: - version "1.1.4" - resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz" - integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== - color-name@1.1.3: version "1.1.3" resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz" integrity sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw== +color-name@~1.1.4: + version "1.1.4" + resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz" + integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== + color-support@^1.1.2: version "1.1.3" resolved "https://registry.npmjs.org/color-support/-/color-support-1.1.3.tgz" @@ -3562,16 +3562,16 @@ content-disposition@0.5.4: dependencies: safe-buffer "5.2.1" -content-type@~1.0.4: - version "1.0.5" - resolved "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz" - integrity sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA== - content-type@1.0.4: version "1.0.4" resolved "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz" integrity sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA== +content-type@~1.0.4: + version "1.0.5" + resolved "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz" + integrity sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA== + convert-hrtime@^3.0.0: version "3.0.0" resolved "https://registry.npmjs.org/convert-hrtime/-/convert-hrtime-3.0.0.tgz" @@ -3838,35 +3838,14 @@ csstype@^3.0.2: resolved "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz" integrity sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ== -debug@^2.6.0, debug@2.6.9: +debug@2.6.9, debug@^2.6.0: version "2.6.9" resolved "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz" integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== dependencies: ms "2.0.0" -debug@^4.1.0: - version "4.3.4" - resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" - integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== - dependencies: - ms "2.1.2" - -debug@^4.1.1: - version "4.3.4" - resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" - integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== - dependencies: - ms "2.1.2" - -debug@^4.3.1: - version "4.3.4" - resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" - integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== - dependencies: - ms "2.1.2" - -debug@4: +debug@4, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1: version "4.3.4" resolved "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz" integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== @@ -3951,16 +3930,16 @@ delegates@^1.0.0: resolved "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz" integrity sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ== -depd@~1.1.2: - version "1.1.2" - resolved "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz" - integrity sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ== - depd@2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz" integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== +depd@~1.1.2: + version "1.1.2" + resolved "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz" + integrity sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ== + destroy@1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz" @@ -4093,16 +4072,7 @@ domhandler@^5.0.2, domhandler@^5.0.3: dependencies: domelementtype "^2.3.0" -domutils@^2.5.2: - version "2.8.0" - resolved "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz" - integrity sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A== - dependencies: - dom-serializer "^1.0.1" - domelementtype "^2.2.0" - domhandler "^4.2.0" - -domutils@^2.8.0: +domutils@^2.5.2, domutils@^2.8.0: version "2.8.0" resolved "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz" integrity sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A== @@ -4135,16 +4105,16 @@ dot-prop@^5.2.0: dependencies: is-obj "^2.0.0" -duplexer@^0.1.2: - version "0.1.2" - resolved "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz" - integrity sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg== - duplexer3@^0.1.4: version "0.1.5" resolved "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.5.tgz" integrity sha512-1A8za6ws41LQgv9HrE/66jyC5yuSjQ3L/KOpFtoBilsAK2iA2wuS5rTt1OCzIvtS2V7nVmedsUU+DGRcjBmOYA== +duplexer@^0.1.2: + version "0.1.2" + resolved "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz" + integrity sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg== + eastasianwidth@^0.2.0: version "0.2.0" resolved "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz" @@ -4244,26 +4214,121 @@ es-module-lexer@^1.2.1: resolved "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.3.1.tgz" integrity sha512-JUFAyicQV9mXc3YRxPnDlrfBKpqt6hUYzz9/boprUJHs4e4KVr3XwOF70doO6gwXUor6EWZJAyWAfKki84t20Q== +esbuild-android-64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-android-64/-/esbuild-android-64-0.14.47.tgz#ef95b42c67bcf4268c869153fa3ad1466c4cea6b" + integrity sha512-R13Bd9+tqLVFndncMHssZrPWe6/0Kpv2/dt4aA69soX4PRxlzsVpCvoJeFE8sOEoeVEiBkI0myjlkDodXlHa0g== + +esbuild-android-arm64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-android-arm64/-/esbuild-android-arm64-0.14.47.tgz#4ebd7ce9fb250b4695faa3ee46fd3b0754ecd9e6" + integrity sha512-OkwOjj7ts4lBp/TL6hdd8HftIzOy/pdtbrNA4+0oVWgGG64HrdVzAF5gxtJufAPOsEjkyh1oIYvKAUinKKQRSQ== + +esbuild-darwin-64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-darwin-64/-/esbuild-darwin-64-0.14.47.tgz#e0da6c244f497192f951807f003f6a423ed23188" + integrity sha512-R6oaW0y5/u6Eccti/TS6c/2c1xYTb1izwK3gajJwi4vIfNs1s8B1dQzI1UiC9T61YovOQVuePDcfqHLT3mUZJA== + esbuild-darwin-arm64@0.14.47: version "0.14.47" resolved "https://registry.npmjs.org/esbuild-darwin-arm64/-/esbuild-darwin-arm64-0.14.47.tgz" integrity sha512-seCmearlQyvdvM/noz1L9+qblC5vcBrhUaOoLEDDoLInF/VQ9IkobGiLlyTPYP5dW1YD4LXhtBgOyevoIHGGnw== -esbuild@0.14.47: +esbuild-freebsd-64@0.14.47: version "0.14.47" - resolved "https://registry.npmjs.org/esbuild/-/esbuild-0.14.47.tgz" - integrity sha512-wI4ZiIfFxpkuxB8ju4MHrGwGLyp1+awEHAHVpx6w7a+1pmYIq8T9FGEVVwFo0iFierDoMj++Xq69GXWYn2EiwA== - optionalDependencies: - esbuild-android-64 "0.14.47" - esbuild-android-arm64 "0.14.47" - esbuild-darwin-64 "0.14.47" - esbuild-darwin-arm64 "0.14.47" - esbuild-freebsd-64 "0.14.47" - esbuild-freebsd-arm64 "0.14.47" - esbuild-linux-32 "0.14.47" - esbuild-linux-64 "0.14.47" - esbuild-linux-arm "0.14.47" - esbuild-linux-arm64 "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-freebsd-64/-/esbuild-freebsd-64-0.14.47.tgz#8da6a14c095b29c01fc8087a16cb7906debc2d67" + integrity sha512-ZH8K2Q8/Ux5kXXvQMDsJcxvkIwut69KVrYQhza/ptkW50DC089bCVrJZZ3sKzIoOx+YPTrmsZvqeZERjyYrlvQ== + +esbuild-freebsd-arm64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-freebsd-arm64/-/esbuild-freebsd-arm64-0.14.47.tgz#ad31f9c92817ff8f33fd253af7ab5122dc1b83f6" + integrity sha512-ZJMQAJQsIOhn3XTm7MPQfCzEu5b9STNC+s90zMWe2afy9EwnHV7Ov7ohEMv2lyWlc2pjqLW8QJnz2r0KZmeAEQ== + +esbuild-linux-32@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-32/-/esbuild-linux-32-0.14.47.tgz#de085e4db2e692ea30c71208ccc23fdcf5196c58" + integrity sha512-FxZOCKoEDPRYvq300lsWCTv1kcHgiiZfNrPtEhFAiqD7QZaXrad8LxyJ8fXGcWzIFzRiYZVtB3ttvITBvAFhKw== + +esbuild-linux-64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-64/-/esbuild-linux-64-0.14.47.tgz#2a9321bbccb01f01b04cebfcfccbabeba3658ba1" + integrity sha512-nFNOk9vWVfvWYF9YNYksZptgQAdstnDCMtR6m42l5Wfugbzu11VpMCY9XrD4yFxvPo9zmzcoUL/88y0lfJZJJw== + +esbuild-linux-arm64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-arm64/-/esbuild-linux-arm64-0.14.47.tgz#b9da7b6fc4b0ca7a13363a0c5b7bb927e4bc535a" + integrity sha512-ywfme6HVrhWcevzmsufjd4iT3PxTfCX9HOdxA7Hd+/ZM23Y9nXeb+vG6AyA6jgq/JovkcqRHcL9XwRNpWG6XRw== + +esbuild-linux-arm@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-arm/-/esbuild-linux-arm-0.14.47.tgz#56fec2a09b9561c337059d4af53625142aded853" + integrity sha512-ZGE1Bqg/gPRXrBpgpvH81tQHpiaGxa8c9Rx/XOylkIl2ypLuOcawXEAo8ls+5DFCcRGt/o3sV+PzpAFZobOsmA== + +esbuild-linux-mips64le@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-mips64le/-/esbuild-linux-mips64le-0.14.47.tgz#9db21561f8f22ed79ef2aedb7bbef082b46cf823" + integrity sha512-mg3D8YndZ1LvUiEdDYR3OsmeyAew4MA/dvaEJxvyygahWmpv1SlEEnhEZlhPokjsUMfRagzsEF/d/2XF+kTQGg== + +esbuild-linux-ppc64le@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-ppc64le/-/esbuild-linux-ppc64le-0.14.47.tgz#dc3a3da321222b11e96e50efafec9d2de408198b" + integrity sha512-WER+f3+szmnZiWoK6AsrTKGoJoErG2LlauSmk73LEZFQ/iWC+KhhDsOkn1xBUpzXWsxN9THmQFltLoaFEH8F8w== + +esbuild-linux-riscv64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-riscv64/-/esbuild-linux-riscv64-0.14.47.tgz#9bd6dcd3dca6c0357084ecd06e1d2d4bf105335f" + integrity sha512-1fI6bP3A3rvI9BsaaXbMoaOjLE3lVkJtLxsgLHqlBhLlBVY7UqffWBvkrX/9zfPhhVMd9ZRFiaqXnB1T7BsL2g== + +esbuild-linux-s390x@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-linux-s390x/-/esbuild-linux-s390x-0.14.47.tgz#a458af939b52f2cd32fc561410d441a51f69d41f" + integrity sha512-eZrWzy0xFAhki1CWRGnhsHVz7IlSKX6yT2tj2Eg8lhAwlRE5E96Hsb0M1mPSE1dHGpt1QVwwVivXIAacF/G6mw== + +esbuild-netbsd-64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-netbsd-64/-/esbuild-netbsd-64-0.14.47.tgz#6388e785d7e7e4420cb01348d7483ab511b16aa8" + integrity sha512-Qjdjr+KQQVH5Q2Q1r6HBYswFTToPpss3gqCiSw2Fpq/ua8+eXSQyAMG+UvULPqXceOwpnPo4smyZyHdlkcPppQ== + +esbuild-openbsd-64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-openbsd-64/-/esbuild-openbsd-64-0.14.47.tgz#309af806db561aa886c445344d1aacab850dbdc5" + integrity sha512-QpgN8ofL7B9z8g5zZqJE+eFvD1LehRlxr25PBkjyyasakm4599iroUpaj96rdqRlO2ShuyqwJdr+oNqWwTUmQw== + +esbuild-sunos-64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-sunos-64/-/esbuild-sunos-64-0.14.47.tgz#3f19612dcdb89ba6c65283a7ff6e16f8afbf8aaa" + integrity sha512-uOeSgLUwukLioAJOiGYm3kNl+1wJjgJA8R671GYgcPgCx7QR73zfvYqXFFcIO93/nBdIbt5hd8RItqbbf3HtAQ== + +esbuild-windows-32@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-windows-32/-/esbuild-windows-32-0.14.47.tgz#a92d279c8458d5dc319abcfeb30aa49e8f2e6f7f" + integrity sha512-H0fWsLTp2WBfKLBgwYT4OTfFly4Im/8B5f3ojDv1Kx//kiubVY0IQunP2Koc/fr/0wI7hj3IiBDbSrmKlrNgLQ== + +esbuild-windows-64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-windows-64/-/esbuild-windows-64-0.14.47.tgz#2564c3fcf0c23d701edb71af8c52d3be4cec5f8a" + integrity sha512-/Pk5jIEH34T68r8PweKRi77W49KwanZ8X6lr3vDAtOlH5EumPE4pBHqkCUdELanvsT14yMXLQ/C/8XPi1pAtkQ== + +esbuild-windows-arm64@0.14.47: + version "0.14.47" + resolved "https://registry.yarnpkg.com/esbuild-windows-arm64/-/esbuild-windows-arm64-0.14.47.tgz#86d9db1a22d83360f726ac5fba41c2f625db6878" + integrity sha512-HFSW2lnp62fl86/qPQlqw6asIwCnEsEoNIL1h2uVMgakddf+vUuMcCbtUY1i8sst7KkgHrVKCJQB33YhhOweCQ== + +esbuild@0.14.47: + version "0.14.47" + resolved "https://registry.npmjs.org/esbuild/-/esbuild-0.14.47.tgz" + integrity sha512-wI4ZiIfFxpkuxB8ju4MHrGwGLyp1+awEHAHVpx6w7a+1pmYIq8T9FGEVVwFo0iFierDoMj++Xq69GXWYn2EiwA== + optionalDependencies: + esbuild-android-64 "0.14.47" + esbuild-android-arm64 "0.14.47" + esbuild-darwin-64 "0.14.47" + esbuild-darwin-arm64 "0.14.47" + esbuild-freebsd-64 "0.14.47" + esbuild-freebsd-arm64 "0.14.47" + esbuild-linux-32 "0.14.47" + esbuild-linux-64 "0.14.47" + esbuild-linux-arm "0.14.47" + esbuild-linux-arm64 "0.14.47" esbuild-linux-mips64le "0.14.47" esbuild-linux-ppc64le "0.14.47" esbuild-linux-riscv64 "0.14.47" @@ -4330,7 +4395,7 @@ estraverse@^5.2.0: resolved "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz" integrity sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA== -estree-walker@^2.0.1, estree-walker@2.0.2: +estree-walker@2.0.2, estree-walker@^2.0.1: version "2.0.2" resolved "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz" integrity sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w== @@ -4345,7 +4410,7 @@ eta@^2.0.0: resolved "https://registry.npmjs.org/eta/-/eta-2.2.0.tgz" integrity sha512-UVQ72Rqjy/ZKQalzV5dCCJP80GrmPrMxh6NlNf+erV6ObL0ZFkhCstWRawS85z3smdr3d2wXPsZEY7rDPfGd2g== -etag@~1.8.1, etag@1.8.1: +etag@1.8.1, etag@~1.8.1: version "1.8.1" resolved "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz" integrity sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg== @@ -4373,21 +4438,6 @@ events@^3.2.0: resolved "https://registry.npmjs.org/events/-/events-3.3.0.tgz" integrity sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q== -execa@^5.0.0: - version "5.1.1" - resolved "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz" - integrity sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg== - dependencies: - cross-spawn "^7.0.3" - get-stream "^6.0.0" - human-signals "^2.1.0" - is-stream "^2.0.0" - merge-stream "^2.0.0" - npm-run-path "^4.0.1" - onetime "^5.1.2" - signal-exit "^3.0.3" - strip-final-newline "^2.0.0" - execa@3.2.0: version "3.2.0" resolved "https://registry.npmjs.org/execa/-/execa-3.2.0.tgz" @@ -4404,6 +4454,21 @@ execa@3.2.0: signal-exit "^3.0.2" strip-final-newline "^2.0.0" +execa@^5.0.0: + version "5.1.1" + resolved "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz" + integrity sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg== + dependencies: + cross-spawn "^7.0.3" + get-stream "^6.0.0" + human-signals "^2.1.0" + is-stream "^2.0.0" + merge-stream "^2.0.0" + npm-run-path "^4.0.1" + onetime "^5.1.2" + signal-exit "^3.0.3" + strip-final-newline "^2.0.0" + express@^4.17.3: version "4.18.2" resolved "https://registry.npmjs.org/express/-/express-4.18.2.tgz" @@ -4534,7 +4599,7 @@ feed@^4.2.2: dependencies: xml-js "^1.6.11" -file-loader@*, file-loader@^6.2.0: +file-loader@^6.2.0: version "6.2.0" resolved "https://registry.npmjs.org/file-loader/-/file-loader-6.2.0.tgz" integrity sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw== @@ -4656,6 +4721,24 @@ fresh@0.5.2: resolved "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz" integrity sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q== +fs-extra@11.1.0: + version "11.1.0" + resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.0.tgz" + integrity sha512-0rcTq621PD5jM/e0a3EJoGC/1TC5ZBCERW82LQuwfGnCa1V8w7dpYH1yNu+SLb6E5dkeCBzKEyLGlFrnr+dUyw== + dependencies: + graceful-fs "^4.2.0" + jsonfile "^6.0.1" + universalify "^2.0.0" + +fs-extra@8.1.0: + version "8.1.0" + resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz" + integrity sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g== + dependencies: + graceful-fs "^4.2.0" + jsonfile "^4.0.0" + universalify "^0.1.0" + fs-extra@^10.0.0, fs-extra@^10.1.0: version "10.1.0" resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz" @@ -4675,24 +4758,6 @@ fs-extra@^9.0.0: jsonfile "^6.0.1" universalify "^2.0.0" -fs-extra@11.1.0: - version "11.1.0" - resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.0.tgz" - integrity sha512-0rcTq621PD5jM/e0a3EJoGC/1TC5ZBCERW82LQuwfGnCa1V8w7dpYH1yNu+SLb6E5dkeCBzKEyLGlFrnr+dUyw== - dependencies: - graceful-fs "^4.2.0" - jsonfile "^6.0.1" - universalify "^2.0.0" - -fs-extra@8.1.0: - version "8.1.0" - resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz" - integrity sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g== - dependencies: - graceful-fs "^4.2.0" - jsonfile "^4.0.0" - universalify "^0.1.0" - fs-minipass@^1.2.7: version "1.2.7" resolved "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.7.tgz" @@ -4779,14 +4844,7 @@ get-stream@^4.1.0: dependencies: pump "^3.0.0" -get-stream@^5.0.0: - version "5.2.0" - resolved "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz" - integrity sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA== - dependencies: - pump "^3.0.0" - -get-stream@^5.1.0: +get-stream@^5.0.0, get-stream@^5.1.0: version "5.2.0" resolved "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz" integrity sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA== @@ -4810,14 +4868,7 @@ glob-parent@^5.1.2, glob-parent@~5.1.0, glob-parent@~5.1.2: dependencies: is-glob "^4.0.1" -glob-parent@^6.0.1: - version "6.0.2" - resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz" - integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== - dependencies: - is-glob "^4.0.3" - -glob-parent@^6.0.2: +glob-parent@^6.0.1, glob-parent@^6.0.2: version "6.0.2" resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz" integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== @@ -4829,27 +4880,27 @@ glob-to-regexp@^0.4.1: resolved "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz" integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== -glob@^7.0.0, glob@^7.1.3, glob@^7.1.6: - version "7.2.3" - resolved "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz" - integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== +glob@7.1.6: + version "7.1.6" + resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz" + integrity sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" inherits "2" - minimatch "^3.1.1" + minimatch "^3.0.4" once "^1.3.0" path-is-absolute "^1.0.0" -glob@7.1.6: - version "7.1.6" - resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz" - integrity sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA== +glob@^7.0.0, glob@^7.1.3, glob@^7.1.6: + version "7.2.3" + resolved "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz" + integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" inherits "2" - minimatch "^3.0.4" + minimatch "^3.1.1" once "^1.3.0" path-is-absolute "^1.0.0" @@ -5175,24 +5226,6 @@ http-deceiver@^1.2.7: resolved "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz" integrity sha512-LmpOGxTfbpgtGVxJrj5k7asXHCgNZp5nLfp+hWc8QQRqtb7fUy6kRY3BO1h9ddF6yIPYUARgxGOwB42DnxIaNw== -http-errors@~1.4.0: - version "1.4.0" - resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.4.0.tgz" - integrity sha512-oLjPqve1tuOl5aRhv8GK5eHpqP1C9fb+Ol+XTLjKfLltE44zdDbEdjPSbU7Ch5rSNsVFqZn97SrMmZLdu1/YMw== - dependencies: - inherits "2.0.1" - statuses ">= 1.2.1 < 2" - -http-errors@~1.6.2: - version "1.6.3" - resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz" - integrity sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A== - dependencies: - depd "~1.1.2" - inherits "2.0.3" - setprototypeof "1.1.0" - statuses ">= 1.4.0 < 2" - http-errors@1.7.3: version "1.7.3" resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz" @@ -5215,6 +5248,24 @@ http-errors@2.0.0: statuses "2.0.1" toidentifier "1.0.1" +http-errors@~1.4.0: + version "1.4.0" + resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.4.0.tgz" + integrity sha512-oLjPqve1tuOl5aRhv8GK5eHpqP1C9fb+Ol+XTLjKfLltE44zdDbEdjPSbU7Ch5rSNsVFqZn97SrMmZLdu1/YMw== + dependencies: + inherits "2.0.1" + statuses ">= 1.2.1 < 2" + +http-errors@~1.6.2: + version "1.6.3" + resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz" + integrity sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A== + dependencies: + depd "~1.1.2" + inherits "2.0.3" + setprototypeof "1.1.0" + statuses ">= 1.4.0 < 2" + http-parser-js@>=0.5.1: version "0.5.8" resolved "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.8.tgz" @@ -5323,7 +5374,7 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@^2.0.0, inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.3, inherits@2, inherits@2.0.4: +inherits@2, inherits@2.0.4, inherits@^2.0.0, inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.3: version "2.0.4" resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== @@ -5338,16 +5389,16 @@ inherits@2.0.3: resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz" integrity sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw== -ini@^1.3.5, ini@~1.3.0: - version "1.3.8" - resolved "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz" - integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== - ini@2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz" integrity sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA== +ini@^1.3.5, ini@~1.3.0: + version "1.3.8" + resolved "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz" + integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== + inline-style-parser@0.1.1: version "0.1.1" resolved "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz" @@ -5365,17 +5416,17 @@ invariant@^2.2.4: dependencies: loose-envify "^1.0.0" -ipaddr.js@^2.0.1: - version "2.1.0" - resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.1.0.tgz" - integrity sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ== - ipaddr.js@1.9.1: version "1.9.1" resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz" integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== -is-alphabetical@^1.0.0, is-alphabetical@1.0.4: +ipaddr.js@^2.0.1: + version "2.1.0" + resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.1.0.tgz" + integrity sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ== + +is-alphabetical@1.0.4, is-alphabetical@^1.0.0: version "1.0.4" resolved "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-1.0.4.tgz" integrity sha512-DwzsA04LQ10FHTZuL0/grVDk4rFoVH1pjAToYwBrHSxcrBIGQuXrQMtD5U1b0U2XVgKZCTLLP8u2Qxqhy3l2Vg== @@ -5558,16 +5609,16 @@ is-yarn-global@^0.3.0: resolved "https://registry.npmjs.org/is-yarn-global/-/is-yarn-global-0.3.0.tgz" integrity sha512-VjSeb/lHmkoyd8ryPVIKvOCn4D1koMqY+vqyjjUfc3xyKtP4dYOxM44sZrnqQSzSds3xyOrUTLTC9LVCVgLngw== -isarray@~1.0.0: - version "1.0.0" - resolved "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz" - integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== - isarray@0.0.1: version "0.0.1" resolved "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz" integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ== +isarray@~1.0.0: + version "1.0.0" + resolved "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz" + integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== + isexe@^2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz" @@ -5832,7 +5883,7 @@ lodash.pullall@^4.2.0: resolved "https://registry.npmjs.org/lodash.pullall/-/lodash.pullall-4.2.0.tgz" integrity sha512-VhqxBKH0ZxPpLhiu68YD1KnHmbhQJQctcipvmFnqIBDYzcIHzf3Zpu0tpeOKtR4x76p9yohc506eGdOjTmyIBg== -lodash.uniq@^4.5.0, lodash.uniq@4.5.0: +lodash.uniq@4.5.0, lodash.uniq@^4.5.0: version "4.5.0" resolved "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz" integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== @@ -5994,7 +6045,7 @@ micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.5: braces "^3.0.2" picomatch "^2.3.1" -"mime-db@>= 1.43.0 < 2", mime-db@1.52.0: +mime-db@1.52.0, "mime-db@>= 1.43.0 < 2": version "1.52.0" resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz" integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== @@ -6004,26 +6055,19 @@ mime-db@~1.33.0: resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz" integrity sha512-BHJ/EKruNIqJf/QahvxwQZXKygOQ256myeN/Ew+THcAa5q+PjyTTMMeNQC4DZw5AwfvelsUrA6B67NKMqXDbzQ== -mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.24, mime-types@~2.1.34: - version "2.1.35" - resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz" - integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== - dependencies: - mime-db "1.52.0" - -mime-types@~2.1.17: +mime-types@2.1.18, mime-types@~2.1.17: version "2.1.18" resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz" integrity sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ== dependencies: mime-db "~1.33.0" -mime-types@2.1.18: - version "2.1.18" - resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz" - integrity sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ== +mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.24, mime-types@~2.1.34: + version "2.1.35" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz" + integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== dependencies: - mime-db "~1.33.0" + mime-db "1.52.0" mime@1.6.0: version "1.6.0" @@ -6052,7 +6096,7 @@ minimalistic-assert@^1.0.0: resolved "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz" integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== -minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@3.1.2: +minimatch@3.1.2, minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1: version "3.1.2" resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz" integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== @@ -6106,12 +6150,7 @@ mkdirp@^0.5.5: dependencies: minimist "^1.2.6" -mkdirp@^1.0.3: - version "1.0.4" - resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz" - integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw== - -mkdirp@^1.0.4: +mkdirp@^1.0.3, mkdirp@^1.0.4: version "1.0.4" resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz" integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw== @@ -6126,16 +6165,16 @@ mrmime@^1.0.0: resolved "https://registry.npmjs.org/mrmime/-/mrmime-1.0.1.tgz" integrity sha512-hzzEagAgDyoU1Q6yg5uI+AorQgdvMCur3FcKf7NhMKWsaYg+RnbTyHRa/9IlLF9rf455MOCtcqqrQQ83pPP7Uw== -ms@^2.1.1, ms@2.1.1: - version "2.1.1" - resolved "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz" - integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg== - ms@2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz" integrity sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A== +ms@2.1.1, ms@^2.1.1: + version "2.1.1" + resolved "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz" + integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg== + ms@2.1.2: version "2.1.2" resolved "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz" @@ -6193,13 +6232,6 @@ node-emoji@^1.10.0: dependencies: lodash "^4.17.21" -node-fetch@^2.6.12, node-fetch@^2.6.7: - version "2.7.0" - resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz" - integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== - dependencies: - whatwg-url "^5.0.0" - node-fetch@2.6.7: version "2.6.7" resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz" @@ -6214,6 +6246,13 @@ node-fetch@2.6.9: dependencies: whatwg-url "^5.0.0" +node-fetch@^2.6.12, node-fetch@^2.6.7: + version "2.7.0" + resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz" + integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== + dependencies: + whatwg-url "^5.0.0" + node-forge@^1: version "1.3.1" resolved "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz" @@ -6570,20 +6609,6 @@ path-parse@^1.0.7: resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== -path-to-regexp@^1.0.0: - version "1.8.0" - resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz" - integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA== - dependencies: - isarray "0.0.1" - -path-to-regexp@^1.7.0: - version "1.8.0" - resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz" - integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA== - dependencies: - isarray "0.0.1" - path-to-regexp@0.1.7: version "0.1.7" resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz" @@ -6604,6 +6629,13 @@ path-to-regexp@6.2.1: resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz" integrity sha512-JLyh7xT1kizaEvcaXOQwOc2/Yhw6KZOvPf1S8401UyLk86CU79LN3vl7ztXGm/pZ+YjoyAJ4rxmHwbkBXJX+yw== +path-to-regexp@^1.0.0, path-to-regexp@^1.7.0: + version "1.8.0" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz" + integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA== + dependencies: + isarray "0.0.1" + path-type@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz" @@ -6622,7 +6654,7 @@ pend@~1.2.0: resolved "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz" integrity sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg== -picocolors@^1.0.0, picocolors@1.0.0: +picocolors@1.0.0, picocolors@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz" integrity sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ== @@ -6968,7 +7000,7 @@ postcss-zindex@^5.1.0: resolved "https://registry.npmjs.org/postcss-zindex/-/postcss-zindex-5.1.0.tgz" integrity sha512-fgFMf0OtVSBR1va1JNHYgMxYk73yhn/qb4uQDq1DLGYolz8gHCyr/sesEuGUaYs58E3ZJRcpoGuPVoB7Meiq9A== -"postcss@^7.0.0 || ^8.0.1", postcss@^8.0.0, postcss@^8.0.9, postcss@^8.1.0, postcss@^8.2.14, postcss@^8.2.15, postcss@^8.2.2, postcss@^8.3.11, postcss@^8.4.14, postcss@^8.4.16, postcss@^8.4.17, postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.31, postcss@>=8.0.9: +postcss@^8.3.11, postcss@^8.4.14, postcss@^8.4.17, postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.31: version "8.4.31" resolved "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz" integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== @@ -7122,16 +7154,16 @@ randombytes@^2.1.0: dependencies: safe-buffer "^5.1.0" -range-parser@^1.2.1, range-parser@~1.2.1: - version "1.2.1" - resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz" - integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== - range-parser@1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz" integrity sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A== +range-parser@^1.2.1, range-parser@~1.2.1: + version "1.2.1" + resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz" + integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== + raw-body@2.4.1: version "2.4.1" resolved "https://registry.npmjs.org/raw-body/-/raw-body-2.4.1.tgz" @@ -7152,7 +7184,7 @@ raw-body@2.5.1: iconv-lite "0.4.24" unpipe "1.0.0" -rc@^1.2.8, rc@1.2.8: +rc@1.2.8, rc@^1.2.8: version "1.2.8" resolved "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz" integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw== @@ -7202,7 +7234,7 @@ react-dev-utils@^12.0.1: strip-ansi "^6.0.1" text-table "^0.2.0" -react-dom@*, "react-dom@^16.6.0 || ^17.0.0 || ^18.0.0", "react-dom@^16.8.4 || ^17.0.0", "react-dom@^17.0.0 || ^16.3.0 || ^15.5.4", react-dom@^17.0.2, "react-dom@>= 16.8.0 < 19.0.0": +react-dom@^17.0.2: version "17.0.2" resolved "https://registry.npmjs.org/react-dom/-/react-dom-17.0.2.tgz" integrity sha512-s4h96KtLDUQlsENhMn1ar8t2bEa+q/YAtj8pPPdIjPDGBDIVNsrD9aXNWqspUe6AzKCIG0C1HZZLqLV7qpOBGA== @@ -7259,14 +7291,6 @@ react-loadable-ssr-addon-v5-slorber@^1.0.1: dependencies: "@babel/runtime" "^7.10.3" -react-loadable@*, "react-loadable@npm:@docusaurus/react-loadable@5.5.2": - version "5.5.2" - resolved "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-5.5.2.tgz" - integrity sha512-A3dYjdBGuy0IGT+wyLIGIKLRE+sAk1iNk0f1HjNDysO7u8lhL4N3VEm+FAubmJbAztn94F7MxBTPmnixbiyFdQ== - dependencies: - "@types/react" "*" - prop-types "^15.6.2" - react-router-config@^5.1.1: version "5.1.1" resolved "https://registry.npmjs.org/react-router-config/-/react-router-config-5.1.1.tgz" @@ -7287,7 +7311,7 @@ react-router-dom@^5.3.3: tiny-invariant "^1.0.2" tiny-warning "^1.0.0" -react-router@^5.3.3, react-router@>=5, react-router@5.3.4: +react-router@5.3.4, react-router@^5.3.3: version "5.3.4" resolved "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz" integrity sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA== @@ -7311,7 +7335,7 @@ react-textarea-autosize@^8.3.2: use-composed-ref "^1.3.0" use-latest "^1.2.1" -react@*, "react@^15.0.2 || ^16.0.0 || ^17.0.0", "react@^16.13.1 || ^17.0.0", "react@^16.6.0 || ^17.0.0 || ^18.0.0", "react@^16.8.0 || ^17.0.0 || ^18.0.0", "react@^16.8.4 || ^17.0.0", "react@^17.0.0 || ^16.3.0 || ^15.5.4", react@^17.0.2, "react@>= 16.8.0 < 19.0.0", react@>=0.14.9, react@>=15, react@17.0.2: +react@^17.0.2: version "17.0.2" resolved "https://registry.npmjs.org/react/-/react-17.0.2.tgz" integrity sha512-gnhPt75i/dq/z3/6q/0asP78D0u592D5L1pd7M8P+dck6Fu/jJeL6iVVK23fptSUZj8Vjf++7wXA8UNclGQcbA== @@ -7608,22 +7632,12 @@ rxjs@^7.5.4: dependencies: tslib "^2.1.0" -safe-buffer@^5.1.0, safe-buffer@^5.1.2, safe-buffer@>=5.1.0, safe-buffer@~5.1.0, safe-buffer@~5.1.1, safe-buffer@5.1.2: +safe-buffer@5.1.2, safe-buffer@>=5.1.0, safe-buffer@^5.1.0, safe-buffer@^5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.2" resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== -safe-buffer@^5.2.1: - version "5.2.1" - resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" - integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== - -safe-buffer@~5.2.0: - version "5.2.1" - resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" - integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== - -safe-buffer@5.2.1: +safe-buffer@5.2.1, safe-buffer@^5.2.1, safe-buffer@~5.2.0: version "5.2.1" resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== @@ -7646,6 +7660,15 @@ scheduler@^0.20.2: loose-envify "^1.1.0" object-assign "^4.1.1" +schema-utils@2.7.0: + version "2.7.0" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz" + integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A== + dependencies: + "@types/json-schema" "^7.0.4" + ajv "^6.12.2" + ajv-keywords "^3.4.1" + schema-utils@^2.6.5: version "2.7.1" resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.1.tgz" @@ -7655,25 +7678,7 @@ schema-utils@^2.6.5: ajv "^6.12.4" ajv-keywords "^3.5.2" -schema-utils@^3.0.0: - version "3.3.0" - resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz" - integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== - dependencies: - "@types/json-schema" "^7.0.8" - ajv "^6.12.5" - ajv-keywords "^3.5.2" - -schema-utils@^3.1.1: - version "3.3.0" - resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz" - integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== - dependencies: - "@types/json-schema" "^7.0.8" - ajv "^6.12.5" - ajv-keywords "^3.5.2" - -schema-utils@^3.2.0: +schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.2.0: version "3.3.0" resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz" integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== @@ -7692,20 +7697,6 @@ schema-utils@^4.0.0: ajv-formats "^2.1.1" ajv-keywords "^5.1.0" -schema-utils@2.7.0: - version "2.7.0" - resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz" - integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A== - dependencies: - "@types/json-schema" "^7.0.4" - ajv "^6.12.2" - ajv-keywords "^3.4.1" - -"search-insights@>= 1 < 3": - version "2.13.0" - resolved "https://registry.npmjs.org/search-insights/-/search-insights-2.13.0.tgz" - integrity sha512-Orrsjf9trHHxFRuo9/rzm0KIWmgzE8RMlZMzuhZOJ01Rnz3D0YBAe+V6473t6/H6c7irs6Lt48brULAiRWb3Vw== - section-matter@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz" @@ -7734,58 +7725,30 @@ semver-diff@^3.1.1: dependencies: semver "^6.3.0" -semver@^5.4.1: - version "5.7.2" - resolved "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz" - integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== - -semver@^6.0.0, semver@^6.2.0, semver@^6.3.0, semver@^6.3.1, semver@6.3.1: +semver@6.3.1, semver@^6.0.0, semver@^6.2.0, semver@^6.3.0, semver@^6.3.1: version "6.3.1" resolved "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.3.2: - version "7.5.4" - resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" - integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== - dependencies: - lru-cache "^6.0.0" - -semver@^7.3.4: - version "7.5.4" - resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" - integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== - dependencies: - lru-cache "^6.0.0" - -semver@^7.3.5: - version "7.5.4" - resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" - integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== +semver@7.3.5: + version "7.3.5" + resolved "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz" + integrity sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ== dependencies: lru-cache "^6.0.0" -semver@^7.3.7: - version "7.5.4" - resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" - integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== - dependencies: - lru-cache "^6.0.0" +semver@^5.4.1: + version "5.7.2" + resolved "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== -semver@^7.3.8: +semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8: version "7.5.4" resolved "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz" integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== dependencies: lru-cache "^6.0.0" -semver@7.3.5: - version "7.3.5" - resolved "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz" - integrity sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ== - dependencies: - lru-cache "^6.0.0" - send@0.18.0: version "0.18.0" resolved "https://registry.npmjs.org/send/-/send-0.18.0.tgz" @@ -7921,16 +7884,16 @@ side-channel@^1.0.4: get-intrinsic "^1.0.2" object-inspect "^1.9.0" -signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3: - version "3.0.7" - resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz" - integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== - signal-exit@4.0.2: version "4.0.2" resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-4.0.2.tgz" integrity sha512-MY2/qGx4enyjprQnFaZsHib3Yadh3IXyV2C321GY0pjGfVBu4un0uDJkwgdxqO+Rdx8JMT8IfJIRwbYVz3Ob3Q== +signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3: + version "3.0.7" + resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz" + integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== + sirv@^2.0.3: version "2.0.3" resolved "https://registry.npmjs.org/sirv/-/sirv-2.0.3.tgz" @@ -8050,26 +8013,16 @@ state-toggle@^1.0.0: resolved "https://registry.npmjs.org/state-toggle/-/state-toggle-1.0.3.tgz" integrity sha512-d/5Z4/2iiCnHw6Xzghyhb+GcmF89bxwgXG60wjIiZaxnymbyOmI8Hk4VqHXiVVp6u2ysaskFfXg3ekCj4WNftQ== -"statuses@>= 1.2.1 < 2": - version "1.5.0" - resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" - integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== - -"statuses@>= 1.4.0 < 2": - version "1.5.0" - resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" - integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== - -"statuses@>= 1.5.0 < 2": - version "1.5.0" - resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" - integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== - statuses@2.0.1: version "2.0.1" resolved "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz" integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ== +"statuses@>= 1.2.1 < 2", "statuses@>= 1.4.0 < 2", "statuses@>= 1.5.0 < 2": + version "1.5.0" + resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" + integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== + std-env@^3.0.1: version "3.4.3" resolved "https://registry.npmjs.org/std-env/-/std-env-3.4.3.tgz" @@ -8091,20 +8044,6 @@ stream-to-promise@2.2.0: end-of-stream "~1.1.0" stream-to-array "~2.3.0" -string_decoder@^1.1.1: - version "1.3.0" - resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz" - integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== - dependencies: - safe-buffer "~5.2.0" - -string_decoder@~1.1.1: - version "1.1.1" - resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz" - integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== - dependencies: - safe-buffer "~5.1.0" - "string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2, string-width@^4.2.3: version "4.2.3" resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz" @@ -8123,6 +8062,20 @@ string-width@^5.0.1: emoji-regex "^9.2.2" strip-ansi "^7.0.1" +string_decoder@^1.1.1: + version "1.3.0" + resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz" + integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== + dependencies: + safe-buffer "~5.2.0" + +string_decoder@~1.1.1: + version "1.1.1" + resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz" + integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== + dependencies: + safe-buffer "~5.1.0" + stringify-object@^3.3.0: version "3.3.0" resolved "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz" @@ -8166,7 +8119,7 @@ strip-json-comments@~2.0.1: resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz" integrity sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ== -style-to-object@^0.3.0, style-to-object@0.3.0: +style-to-object@0.3.0, style-to-object@^0.3.0: version "0.3.0" resolved "https://registry.npmjs.org/style-to-object/-/style-to-object-0.3.0.tgz" integrity sha512-CzFnRRXhzWIdItT3OmF8SQfWyahHhjq3HwcMNCNLn+N7klOOqPjMeG/4JSu77D7ypZdGvSzvkrbyeTMizz2VrA== @@ -8276,18 +8229,6 @@ tapable@^2.0.0, tapable@^2.1.1, tapable@^2.2.0: resolved "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz" integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== -tar@^6.1.11: - version "6.2.0" - resolved "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz" - integrity sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ== - dependencies: - chownr "^2.0.0" - fs-minipass "^2.0.0" - minipass "^5.0.0" - minizlib "^2.1.1" - mkdirp "^1.0.3" - yallist "^4.0.0" - tar@4.4.18: version "4.4.18" resolved "https://registry.npmjs.org/tar/-/tar-4.4.18.tgz" @@ -8301,6 +8242,18 @@ tar@4.4.18: safe-buffer "^5.2.1" yallist "^3.1.1" +tar@^6.1.11: + version "6.2.0" + resolved "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz" + integrity sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ== + dependencies: + chownr "^2.0.0" + fs-minipass "^2.0.0" + minipass "^5.0.0" + minizlib "^2.1.1" + mkdirp "^1.0.3" + yallist "^4.0.0" + terser-webpack-plugin@^5.3.3, terser-webpack-plugin@^5.3.7: version "5.3.9" resolved "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.9.tgz" @@ -8433,7 +8386,7 @@ ts-morph@12.0.0: "@ts-morph/common" "~0.11.0" code-block-writer "^10.1.1" -ts-node@>=9.0.0, ts-node@10.9.1: +ts-node@10.9.1: version "10.9.1" resolved "https://registry.npmjs.org/ts-node/-/ts-node-10.9.1.tgz" integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== @@ -8487,7 +8440,7 @@ typedarray-to-buffer@^3.1.5: dependencies: is-typedarray "^1.0.0" -typescript@^4.7.4, "typescript@>= 2.7", typescript@>=2.7, typescript@>=4.9.5, typescript@4.9.5: +typescript@4.9.5, typescript@^4.7.4: version "4.9.5" resolved "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz" integrity sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g== @@ -8545,10 +8498,10 @@ unicode-property-aliases-ecmascript@^2.0.0: resolved "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz" integrity sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w== -unified@^9.2.2: - version "9.2.2" - resolved "https://registry.npmjs.org/unified/-/unified-9.2.2.tgz" - integrity sha512-Sg7j110mtefBD+qunSLO1lqOEKdrwBFBrR6Qd8f4uwkhWNlbkaqwHse6e7QvD3AP/MNoJdEDLaf8OxYyoWgorQ== +unified@9.2.0: + version "9.2.0" + resolved "https://registry.npmjs.org/unified/-/unified-9.2.0.tgz" + integrity sha512-vx2Z0vY+a3YoTj8+pttM3tiJHCwY5UFbYdiWrwBEbHmK8pvsPj2rtAX2BFfgXen8T39CJWblWRDT4L5WGXtDdg== dependencies: bail "^1.0.0" extend "^3.0.0" @@ -8557,10 +8510,10 @@ unified@^9.2.2: trough "^1.0.0" vfile "^4.0.0" -unified@9.2.0: - version "9.2.0" - resolved "https://registry.npmjs.org/unified/-/unified-9.2.0.tgz" - integrity sha512-vx2Z0vY+a3YoTj8+pttM3tiJHCwY5UFbYdiWrwBEbHmK8pvsPj2rtAX2BFfgXen8T39CJWblWRDT4L5WGXtDdg== +unified@^9.2.2: + version "9.2.2" + resolved "https://registry.npmjs.org/unified/-/unified-9.2.2.tgz" + integrity sha512-Sg7j110mtefBD+qunSLO1lqOEKdrwBFBrR6Qd8f4uwkhWNlbkaqwHse6e7QvD3AP/MNoJdEDLaf8OxYyoWgorQ== dependencies: bail "^1.0.0" extend "^3.0.0" @@ -8576,7 +8529,7 @@ unique-string@^2.0.0: dependencies: crypto-random-string "^2.0.0" -unist-builder@^2.0.0, unist-builder@2.0.3: +unist-builder@2.0.3, unist-builder@^2.0.0: version "2.0.3" resolved "https://registry.npmjs.org/unist-builder/-/unist-builder-2.0.3.tgz" integrity sha512-f98yt5pnlMWlzP539tPc4grGMsFaQQlP/vM396b00jngsiINumNmsY8rkXjfoi1c6QaM8nQ3vaGDuoKWbe/1Uw== @@ -8625,7 +8578,7 @@ unist-util-visit-parents@^3.0.0: "@types/unist" "^2.0.0" unist-util-is "^4.0.0" -unist-util-visit@^2.0.0, unist-util-visit@^2.0.3, unist-util-visit@2.0.3: +unist-util-visit@2.0.3, unist-util-visit@^2.0.0, unist-util-visit@^2.0.3: version "2.0.3" resolved "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-2.0.3.tgz" integrity sha512-iJ4/RczbJMkD0712mGktuGpm/U4By4FfDonL7N/9tATGIF4imikjOuagyMY53tnZq3NP6BcmlrHhEKAfGWjh7Q== @@ -8644,7 +8597,7 @@ universalify@^2.0.0: resolved "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz" integrity sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ== -unpipe@~1.0.0, unpipe@1.0.0: +unpipe@1.0.0, unpipe@~1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz" integrity sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== @@ -8749,16 +8702,16 @@ utils-merge@1.0.1: resolved "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz" integrity sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA== -uuid@^8.3.2: - version "8.3.2" - resolved "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz" - integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== - uuid@3.3.2: version "3.3.2" resolved "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz" integrity sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA== +uuid@^8.3.2: + version "8.3.2" + resolved "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz" + integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== + v8-compile-cache-lib@^3.0.1: version "3.0.1" resolved "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz" @@ -8940,7 +8893,7 @@ webpack-sources@^3.2.2, webpack-sources@^3.2.3: resolved "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz" integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== -"webpack@^4.0.0 || ^5.0.0", "webpack@^4.37.0 || ^5.0.0", webpack@^5.0.0, webpack@^5.1.0, webpack@^5.20.0, webpack@^5.73.0, "webpack@>= 4", webpack@>=2, "webpack@>=4.41.1 || 5.x", "webpack@3 || 4 || 5": +webpack@^5.73.0: version "5.89.0" resolved "https://registry.npmjs.org/webpack/-/webpack-5.89.0.tgz" integrity sha512-qyfIC10pOr70V+jkmud8tMfajraGCZMBWJtrmuBymQKCrLTRejBI8STDp1MCyZu/QTdZSeacCQYpYNQVOzX5kw== @@ -8980,7 +8933,7 @@ webpackbar@^5.0.2: pretty-time "^1.1.0" std-env "^3.0.1" -websocket-driver@^0.7.4, websocket-driver@>=0.5.1: +websocket-driver@>=0.5.1, websocket-driver@^0.7.4: version "0.7.4" resolved "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz" integrity sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg== From 44cc1f61e845e527f5dee3f47fc87982a1908d7d Mon Sep 17 00:00:00 2001 From: bglynn Date: Mon, 5 Feb 2024 10:28:42 -0800 Subject: [PATCH 12/24] PR Comments. --- docs/getting-started/README.mdx | 11 +++++++---- docs/overview/index.mdx | 16 ++-------------- 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index 6d01004b3..b41620b7a 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -49,21 +49,25 @@ export const features = [ export const tutorials_access = [ { title: 'Create and manage network policies', + icon: '/img/icons/networking.png', description: 'Create Kubernetes network policies using IBAC', url: '/features/networking/tutorials/k8s-network-policies' }, { title: 'Network policies on AWS EKS', + icon: '/img/icons/networking.png', description: 'Jump start network policies using AWS EKS and VPC CNI', url: '/features/networking/tutorials/aws-eks-cni-mini' }, { title: 'Create and manage Istio authorization policies', + icon: '/img/icons/istio-no-word-mark.svg', description: 'Using Istio and IBAC to secure your K8s cluster', url: '/features/istio/tutorials/k8s-istio-authorization-policies' }, { title: 'Configure secure access for Kafka using Otterize Cloud mTLS', + icon: '/img/icons/kafka-no-word-mark.svg', description: 'Declaring and applying intents to easily secure access to Kafka', url: '/features/kafka/tutorials/k8s-kafka-mtls-cert-manager' } @@ -72,16 +76,19 @@ export const tutorials_access = [ export const tutorials_visualization = [ { title: 'Network mapping a Kubernetes cluster', + icon: '/img/icons/networking.png', description: 'Map pod-to-pod traffic within your K8s cluster', url: '/features/networking/tutorials/k8s-network-mapper' }, { title: 'Istio HTTP-level access mapping', + icon: '/img/icons/istio-no-word-mark.svg', description: 'The network mapper allows you to map pod-to-pod Istio traffic', url: '/features/istio/tutorials/k8s-istio-watcher' }, { title: 'Kafka topic-level access mapping', + icon: '/img/icons/kafka-no-word-mark.svg', description: 'View topic-level access to Kafka servers within your Kubernetes cluster', url: 'features/kafka/tutorials/k8s-kafka-mapping' } @@ -112,10 +119,6 @@ Otterize makes it easy to automate and visualize workload IAM for your Kubernete ### Tutorials #### Automating workload IAM -:::danger -TODO -Add icons to the tutorials, same as the icons we have above. -::: diff --git a/docs/overview/index.mdx b/docs/overview/index.mdx index d495cf554..918680aa0 100644 --- a/docs/overview/index.mdx +++ b/docs/overview/index.mdx @@ -26,29 +26,17 @@ Out of the box, only pod-to-pod, Internet egress traffic and Istio traffic is co This information can then be viewed as a graph, exported textually, or used to automatically generate ClientIntents, a resource used with the intents operator. -:::danger -TODO -Let's keep people in the docs if they're here, don't send them away to the repo. The repo should be standalone for some basic explanations, then refer to the docs. -::: For more information, visit the [network mapper reference page](/reference/configuration/network-mapper). ### Credentials operator The credentials operator handles the provisioning just-in-time credentials for workloads to authenticate. It can issue mTLS credentials or database username + passwords as Kubernetes Secrets, or create AWS IAM roles. To learn about each of these, check the respective tutorials. -:::danger -TODO -Let's keep people in the docs if they're here, don't send them away to the repo. The repo should be standalone for some basic explanations, then refer to the docs. (see network mapper) -::: -For more information, visit the [credential operator repository](https://github.com/otterize/credentials-operator#about) +For more information, visit the [credential operator reference page](/reference/configuration/credentials-operator) ### Intents operator The intents operator handles the provisioning of just-in-time policies based on the declared ClientIntents of workloads within a cluster. It can manage network policies, Istio authorization policies, AWS IAM policies, PostgreSQL GRANTs, and Kafka ACLs. To learn about each of these, visit the respective tutorial. The intents operator does not implement its own policies, but instead configures your existing infrastructure's policies to allow the access required by each workload. This means that it does not ever see your data. -:::danger -TODO -Let's keep people in the docs if they're here, don't send them away to the repo. The repo should be standalone for some basic explanations, then refer to the docs. (see network mapper) -::: -For more information, visit the [intents operator repository](https://github.com/otterize/intents-operator#about) +For more information, visit the [intents operator reference page](reference/configuration/intents-operator) From 2430e5339d8947d5e18b0060eb1529576839252d Mon Sep 17 00:00:00 2001 From: bglynn Date: Wed, 7 Feb 2024 15:34:36 -0800 Subject: [PATCH 13/24] some clean up --- .../k8s-istio-authorization-policies.mdx | 3 ++- .../istio/tutorials/k8s-istio-watcher.mdx | 2 +- .../kafka/tutorials/k8s-kafka-mapping.mdx | 2 +- .../tutorials/k8s-kafka-mtls-cert-manager.mdx | 2 +- .../kafka/tutorials/k8s-kafka-mtls.mdx | 2 +- .../index.mdx | 7 +++--- .../tutorials/k8s-network-policies.mdx | 2 +- .../protect-1-service-network-policies.mdx | 2 ++ docs/overview/installation/README.mdx | 23 +++++++------------ 9 files changed, 21 insertions(+), 24 deletions(-) diff --git a/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx b/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx index 46205e0ef..11f392bf9 100644 --- a/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx +++ b/docs/features/istio/tutorials/k8s-istio-authorization-policies.mdx @@ -27,8 +27,9 @@ In this tutorial, we will: Already have Otterize deployed with Istio configured on your cluster? Skip to the [tutorial](#tutorial). ### 1. Deploy Otterize -To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. +If you do not have a cluster, we will need to prepare one with [network policy support](/overview/installation#create-a-cluster-with-support-for-network-policies) +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and associate a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. ### 2. Install and configure Istio diff --git a/docs/features/istio/tutorials/k8s-istio-watcher.mdx b/docs/features/istio/tutorials/k8s-istio-watcher.mdx index d72e8495e..85679169d 100644 --- a/docs/features/istio/tutorials/k8s-istio-watcher.mdx +++ b/docs/features/istio/tutorials/k8s-istio-watcher.mdx @@ -21,7 +21,7 @@ In this tutorial, we will: Already have Otterize deployed with Istio configured on your cluster? Skip to the [tutorial](#tutorial). ### 1. Deploy Otterize -To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and associate a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. ### 2. Install and configure Istio diff --git a/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx b/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx index 0276ff82e..66721cf2e 100644 --- a/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx +++ b/docs/features/kafka/tutorials/k8s-kafka-mapping.mdx @@ -22,7 +22,7 @@ We will **not** be doing any access control in this demo, just purely mapping cl Already have Otterize & a Kafka broker deployed on your cluster? Skip to the [tutorial](#tutorial). ### 1. Deploy Otterize -To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and associate a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. ### 2. Install Kafka diff --git a/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx b/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx index 1a4d1b13f..cccb495ac 100644 --- a/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx +++ b/docs/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.mdx @@ -55,7 +55,7 @@ You may have to wait for `cert-manager` to start successfully before you are abl Already have Otterize & a Kafka broker deployed on your cluster? Skip to the [tutorial](#tutorial). #### Deploy Otterize -To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and associate a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. ##### Note: * Under mTLS and Kafka support choose **cert-manager**. diff --git a/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx b/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx index 61e86ff89..e1fe429a0 100644 --- a/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx +++ b/docs/features/kafka/tutorials/k8s-kafka-mtls.mdx @@ -24,7 +24,7 @@ In this tutorial, we will: Already have Otterize & a Kafka broker deployed on your cluster? Skip to the [tutorial](#tutorial). ### 1. Deploy Otterize -To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and associate a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. If you already have a Kubernetes cluster connected, skip this step. ##### Note: * Under mTLS and Kafka support choose **Otterize Cloud**. diff --git a/docs/features/network-mapping-network-policies/index.mdx b/docs/features/network-mapping-network-policies/index.mdx index 55297923d..b80cb2475 100644 --- a/docs/features/network-mapping-network-policies/index.mdx +++ b/docs/features/network-mapping-network-policies/index.mdx @@ -28,18 +28,19 @@ export const network_access_tutorials = [ ]; ### About -You can use Otterize to understand, visualize, and manage access for Kubernetes networks. Upon installation, Otterize inspects network traffic and builds an in-memory network map of connections. The network map can then be exported or viewed in various ways to understand the connections within your networks. With IBAC-based policies, Otterize becomes a control plane for your K8s networks. Mapped network traffic can autogenerate declarative intent-based access policies to create least privileged pod-to-pod access easily. + +Otterize empowers you to comprehend, visualize, and oversee access across Kubernetes networks. Once installed, it analyzes network traffic to construct an in-memory map detailing the connections. This map can be explored or exported through multiple formats, offering insights into your network's interconnectivity. Leveraging Intent-Based Access Control (IBAC) policies, Otterize acts as a sophisticated control plane for Kubernetes networks. It enables the automatic generation of declarative, intent-based access policies, facilitating the establishment of minimal privilege access between pods with ease. ### Mapping & visualizing -After installation, Otterize collects network traffic data in memory, creating a graph of relationships between pod-to-pod and pod-to-public internet traffic. Once the graph is in place, the data can be exported or viewed in various ways. Otterize Cloud users can see and interact with the graph structures within the Otterize application. OSS users can use the CLI tool to export the data into JSON, list the relationship, or generate IBAC policies reflecting the existing traffic. +Following installation, Otterize begins to gather network traffic data, assembling it into a comprehensive graph that illustrates the connections between pod-to-pod and pod-to-public internet traffic. This graph serves as a dynamic blueprint of network interactions, which can be exported or visualized through multiple methods. Users of Otterize Cloud have the advantage of directly interacting with these graph structures within the Otterize application interface, offering an intuitive and interactive experience. For open-source software (OSS) users, Otterize provides a command-line interface (CLI) tool. This tool enables users to export the network data into JSON format, list the relationships captured in the graph, or even generate Intent-Based Access Control (IBAC) policies that mirror the observed traffic patterns, facilitating a tailored and secure network environment. To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/Networking/tutorials/k8s-network-mapper) ### Access control -By default, Kubernetes pods allow all egress and ingress traffic. Kubernetes [NetworkPolicies](/reference/terminology#network-policies) provide `policyTypes` to restrict egress or ingress traffic, providing a more secure and compliant environment. Utilizing the in-memory tariff map, Otterize can automatically generate IBAC policies to reflect the current traffic flow within a cluster. Once the IBAC policies are submitted, Otterize will generate and apply the corresponding NetworkPolicies to your namespaces. +By default, Kubernetes pods permit all outgoing and incoming traffic, posing potential security risks. Kubernetes [NetworkPolicies](/reference/terminology#network-policies) offer `policyTypes` that can be employed to limit either egress or ingress traffic, thereby enhancing security and compliance. Leveraging its in-memory traffic map, Otterize is capable of automatically crafting Intent-Based Access Control (IBAC) policies that accurately represent the existing traffic patterns within a cluster. Upon the submission of these IBAC policies, Otterize proceeds to create and implement the appropriate NetworkPolicies for your namespaces, ensuring a secure network configuration that aligns with your traffic's actual flow. Further details are available within the [Network Policies Deep Dive](/features/Networking/Reference/Network-Policies-Deep-Dive) diff --git a/docs/features/network-mapping-network-policies/tutorials/k8s-network-policies.mdx b/docs/features/network-mapping-network-policies/tutorials/k8s-network-policies.mdx index 714d508a9..f76bbe470 100644 --- a/docs/features/network-mapping-network-policies/tutorials/k8s-network-policies.mdx +++ b/docs/features/network-mapping-network-policies/tutorials/k8s-network-policies.mdx @@ -24,7 +24,7 @@ In this tutorial, we will: ## Prerequisites ### Install Otterize on your cluster -To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. +To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and associate a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. We will also need the [Otterize CLI](/overview/installation#install-the-otterize-cli). diff --git a/docs/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.mdx b/docs/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.mdx index ab317035b..279e71e5c 100644 --- a/docs/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.mdx +++ b/docs/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.mdx @@ -27,6 +27,8 @@ Note: all the capabilities of IBAC are within Otterize OSS, while the access gra ## Prerequisites ### Install Otterize on your cluster +If you do not have a cluster, we will need to prepare one with [network policy support](/overview/installation#create-a-cluster-with-support-for-network-policies) + To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and create a Kubernetes cluster on the [Clusters page](https://app.otterize.com/clusters), and follow the instructions. We will also need the [Otterize CLI](/overview/installation#install-the-otterize-cli). diff --git a/docs/overview/installation/README.mdx b/docs/overview/installation/README.mdx index 8c41a55dc..6944b3976 100644 --- a/docs/overview/installation/README.mdx +++ b/docs/overview/installation/README.mdx @@ -8,29 +8,22 @@ import TabItem from '@theme/TabItem'; ## Install Otterize without Otterize Cloud (OSS only) {@include: ../../_common/install-otterize.md} - -
- - If you are installing Otterize for network policies, make sure your cluster supports network policies. -
Expand to see how. -
- -Before you start, you need to have a Kubernetes cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/). - -{@include: ../../_common/cluster-setup.md} -
- ### Upgrade Otterize {@include: ../../_common/upgrade-otterize.md} -## Connect Otterize OSS to Otterize Cloud, or install Otterize with Otterize Cloud -To connect Otterize OSS to Otterize Cloud you will need to [login](https://app.otterize.com), create a cluster, and follow the instructions. +## Install Otterize with Otterize Cloud -In a nutshell, you need to `helm upgrade` the same Helm chart, but provide Otterize Cloud credentials. Upon creating a cluster, a guide will appear that walks you through doing this with the new credentials jut created. +To connect Otterize OSS to Otterize Cloud you will need to [log in](https://app.otterize.com), create a cluster, and follow the instructions which generates unique credentials for your cluster to communicate to Otterize Cloud. ## Install just the Otterize network mapper {@include: ../../_common/install-otterize-network-mapper.md} +## Create a cluster with support for network policies +Before you start, you need to have a Kubernetes cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/). + +{@include: ../../_common/cluster-setup.md} +--- + ## Install the Otterize CLI The [Otterize CLI](/reference/cli) is a command-line utility used to control and interact with the Otterize network mapper, manipulate local intents files, and interact with Otterize Cloud. From 15f9bec003955bd6753eaa2c0999f8a4ded78352 Mon Sep 17 00:00:00 2001 From: bglynn Date: Wed, 7 Feb 2024 16:21:14 -0800 Subject: [PATCH 14/24] some more clean up --- docs/features/postgresql/index.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/features/postgresql/index.mdx b/docs/features/postgresql/index.mdx index 76ff7b306..4adfadf60 100644 --- a/docs/features/postgresql/index.mdx +++ b/docs/features/postgresql/index.mdx @@ -18,7 +18,9 @@ export const postgres_tutorials = [ ### About -Once integrated into your cluster, PostgreSQL support for Otterize provides intent-based access control ([IBAC](/overview/intent-based-access-control/)) from your services to your database. Making it easy to provide just in time least privilege access without having to write a lot of complex `GRANT` statements. You can provide access to all the tables in a database or limit access to just a select number of tables. Similarly, access can be limited to `ALL` operations or just to those that are needed by the service, such as `SELECT.` PostgreSQL support is a feature of Otterize Cloud. +Upon integration with your cluster, Otterize’s PostgreSQL support streamlines and secures your workloads and database connections using Intent-Based Access Control ([IBAC](/overview/intent-based-access-control/)). This feature allows teams to provide just-in-time, least-privilege access to your database, eliminating the need for complex `GRANT` statement configurations. With Otterize, you can grant access to all tables within a database or restrict it to a specific subset of tables. Moreover, you can define the scope of permitted operations, ranging from `ALL` operations to specific actions required by the service, such as `SELECT.` This capability to fine-tune access rights ensures that services only have the necessary permissions, enhancing security. + +PostgreSQL support is exclusively available in the Otterize Cloud. ### How does it work From f660f3374d3c1f38ad9b530d73b3e9e385cdf8d5 Mon Sep 17 00:00:00 2001 From: bglynn Date: Thu, 8 Feb 2024 11:14:38 -0800 Subject: [PATCH 15/24] updating broken paths. --- .../network-mapping-network-policies/index.mdx | 12 ++++++------ docs/getting-started/README.mdx | 6 +++--- docs/reference/cli/README.mdx | 2 +- docusaurus.config.js | 10 +++++----- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/features/network-mapping-network-policies/index.mdx b/docs/features/network-mapping-network-policies/index.mdx index b80cb2475..3ddc3656f 100644 --- a/docs/features/network-mapping-network-policies/index.mdx +++ b/docs/features/network-mapping-network-policies/index.mdx @@ -8,22 +8,22 @@ export const network_access_tutorials = [ { title: 'Visualizing a Kubernetes Network', description: 'Map network traffic in a cluster and view the connections', - url: '/features/Networking/tutorials/k8s-network-mapper' + url: '/features/network-mapping-network-policies/tutorials/k8s-network-mapper' }, { title: 'Create and manage network policies', description: 'Create Kubernetes network policies using IBAC', - url: '/features/Networking/tutorials/k8s-network-policies' + url: '/features/network-mapping-network-policies/tutorials/k8s-network-policies' }, { title: 'Protecting a service with network policies', description: 'An example on how to secure a single service', - url: '/features/Networking/tutorials/protect-1-service-network-policies' + url: '/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies' }, { title: 'AWS EKS network policies with the VPC CNI', description: 'Leverage AWS VPC CNI to apply network policies in EKS', - url: '/features/Networking/tutorials/aws-eks-cni-mini' + url: '/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini' } ]; @@ -35,14 +35,14 @@ Otterize empowers you to comprehend, visualize, and oversee access across Kubern Following installation, Otterize begins to gather network traffic data, assembling it into a comprehensive graph that illustrates the connections between pod-to-pod and pod-to-public internet traffic. This graph serves as a dynamic blueprint of network interactions, which can be exported or visualized through multiple methods. Users of Otterize Cloud have the advantage of directly interacting with these graph structures within the Otterize application interface, offering an intuitive and interactive experience. For open-source software (OSS) users, Otterize provides a command-line interface (CLI) tool. This tool enables users to export the network data into JSON format, list the relationships captured in the graph, or even generate Intent-Based Access Control (IBAC) policies that mirror the observed traffic patterns, facilitating a tailored and secure network environment. -To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/Networking/tutorials/k8s-network-mapper) +To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/network-mapping-network-policies/tutorials/k8s-network-mapper) ### Access control By default, Kubernetes pods permit all outgoing and incoming traffic, posing potential security risks. Kubernetes [NetworkPolicies](/reference/terminology#network-policies) offer `policyTypes` that can be employed to limit either egress or ingress traffic, thereby enhancing security and compliance. Leveraging its in-memory traffic map, Otterize is capable of automatically crafting Intent-Based Access Control (IBAC) policies that accurately represent the existing traffic patterns within a cluster. Upon the submission of these IBAC policies, Otterize proceeds to create and implement the appropriate NetworkPolicies for your namespaces, ensuring a secure network configuration that aligns with your traffic's actual flow. -Further details are available within the [Network Policies Deep Dive](/features/Networking/Reference/Network-Policies-Deep-Dive) +Further details are available within the [Network Policies Deep Dive](/features/network-mapping-network-policies/Reference/Network-Policies-Deep-Dive) ```yaml diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index b41620b7a..2e6928edd 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -51,13 +51,13 @@ export const tutorials_access = [ title: 'Create and manage network policies', icon: '/img/icons/networking.png', description: 'Create Kubernetes network policies using IBAC', - url: '/features/networking/tutorials/k8s-network-policies' + url: '/features/network-mapping-network-policies/tutorials/k8s-network-policies' }, { title: 'Network policies on AWS EKS', icon: '/img/icons/networking.png', description: 'Jump start network policies using AWS EKS and VPC CNI', - url: '/features/networking/tutorials/aws-eks-cni-mini' + url: '/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini' }, { title: 'Create and manage Istio authorization policies', @@ -78,7 +78,7 @@ export const tutorials_visualization = [ title: 'Network mapping a Kubernetes cluster', icon: '/img/icons/networking.png', description: 'Map pod-to-pod traffic within your K8s cluster', - url: '/features/networking/tutorials/k8s-network-mapper' + url: '/features/network-mapping-network-policies/tutorials/k8s-network-mapper' }, { title: 'Istio HTTP-level access mapping', diff --git a/docs/reference/cli/README.mdx b/docs/reference/cli/README.mdx index 3c648230f..809d84c89 100644 --- a/docs/reference/cli/README.mdx +++ b/docs/reference/cli/README.mdx @@ -4,7 +4,7 @@ title: CLI --- The Otterize command line interface (CLI) offers the following capabilities: -- [Interact with](#network-mapper) the [Otterize network mapper](/features/networking/tutorials/k8s-network-mapper) running in a Kubernetes cluster. +- [Interact with](#network-mapper) the [Otterize network mapper](/features/network-mapping-network-policies/tutorials/k8s-network-mapper) running in a Kubernetes cluster. - [Transform](#otterize-intents-convert--f-path) [intents files](/reference/intents-and-intents-files/#intents-file-formats) from plain YAML format to Kubernetes custom resource YAML format. - Interact with the Otterize Cloud, through its REST API. diff --git a/docusaurus.config.js b/docusaurus.config.js index 81a744b3f..e5702225e 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -150,7 +150,7 @@ const config = { }, { from: ['/reference/access-controls/network-policies'], - to: '/features/networking/reference/Network-Policies-Deep-Dive' + to: '/features/network-mapping-network-policies/reference/Network-Policies-Deep-Dive' }, { from: ['/shadow-vs-active-enforcement'], @@ -178,7 +178,7 @@ const config = { }, { from: ['/guides/protect-1-service-network-policies'], - to: '/features/networking/tutorials/protect-1-service-network-policies' + to: '/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies' }, { from: ['/quick-tutorials/k8s-kafka-mtls', '/quickstart/access-control/k8s-kafka-mtls'], @@ -186,7 +186,7 @@ const config = { }, { from: ['/quick-tutorials/aws-eks-cni-mini','/quickstart/access-control/aws-eks-cni-mini'], - to: '/features/networking/tutorials/aws-eks-cni-mini', + to: '/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini', }, { from: ['/quick-tutorials/k8s-kafka-mtls-cert-manager', '/quickstart/access-control/k8s-kafka-mtls-cert-manager', '/quick-tutorials/k8s-mtls'], @@ -206,11 +206,11 @@ const config = { }, { from: ['/quick-visual-tutorials/visual-ibac-network-policies', '/quick-tutorials/k8s-network-policies', '/quickstart/access-control/k8s-network-policies'], - to: '/features/networking/tutorials/k8s-network-policies', + to: '/features/network-mapping-network-policies/tutorials/k8s-network-policies', }, { from: ['/quick-visual-tutorials/visual-k8s-cluster-mapping', '/quickstart/visualization/k8s-network-mapper', '/quick-tutorials/k8s-network-mapper'], - to: '/features/networking/tutorials/k8s-network-mapper', + to: '/features/network-mapping-network-policies/tutorials/k8s-network-mapper', }, // Redirect from multiple old paths to the new path // { From ebbf9632f67e4c87d39355c140151cff4cf121ef Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Thu, 15 Feb 2024 20:31:20 +0100 Subject: [PATCH 16/24] Feature pages edits --- docs/features/aws-iam/index.mdx | 35 +++++--- docs/features/aws-iam/reference.mdx | 2 +- docs/features/istio/index.mdx | 75 +++++++++--------- docs/features/istio/reference.mdx | 2 +- docs/features/kafka/index.mdx | 79 +++++++++---------- docs/features/kafka/reference.mdx | 2 +- .../index.mdx | 30 ++++--- .../reference/README.mdx | 2 +- .../tutorials/k8s-network-mapper.mdx | 2 +- docs/features/postgresql/index.mdx | 41 ++++++---- 10 files changed, 145 insertions(+), 125 deletions(-) diff --git a/docs/features/aws-iam/index.mdx b/docs/features/aws-iam/index.mdx index 7d4bd288f..a40a74cca 100644 --- a/docs/features/aws-iam/index.mdx +++ b/docs/features/aws-iam/index.mdx @@ -5,23 +5,35 @@ hide_table_of_contents: true hide_title: true --- +import DocsLinkCard from "@site/src/components/LinkCard"; + +export const tutorials = [ + { + title: 'Automate AWS IAM for EKS', + description: 'Create just-in-time AWS IAM roles and policies that are kept in sync with your workloads', + url: 'aws-iam/tutorials/aws-iam-eks' + }, +]; + + # AWS IAM -Otterize can provide least-privilege access from your EKS Kubernetes clusters to AWS Resources with [IBAC](/overview/intent-based-access-control/) support for AWS's IAM policies. +Otterize can create just-in-time AWS IAM roles and policies for your workloads running on EKS Kubernetes clusters, greatly simplifying the lifecycle of managing IAM roles and policies. -### About +### Tutorials -In many workloads, EKS clusters must access external cloud resources such as databases, object storage, or additional services. Otterize provides unique credentials and policies for each pod for exactly the authorization they require. +To learn how to use the Intents Operator and Credentials Operator to manage just-in-time AWS IAM access, check out the tutorial. + -### How does it work -To follow along with a full example, take a look at [Automate AWS IAM for EKS](/features/aws-iam/tutorials/aws-iam-eks) +### How does Otterize work with AWS IAM? 1. First, the EKS cluster must have [Otterize installed](/overview/installation). -2. We must label the pod with `credentials-operator.otterize.com/create-aws-role: "true"` -3. Once that is complete, Otterize’s credential operator will create a role and an `AssumeRolePolicy` bound to ServiceAccount. -4. At this point, the role does not have the ability to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an S3 bucket. View the [reference](/features/aws-iam/reference) to learn more about the AWS IAM Client Intent syntax. -5. Once the intent is applied, a new policy will be attached to the service’s role with the appropriate access. +2. To have a role created for a pod, label the pod with `credentials-operator.otterize.com/create-aws-role: "true"` +3. The credentials operator will create a role and an `AssumeRolePolicy` (trust relationship) bound to the pod's ServiceAccount. The ServiceAccount will be annotated automatically. +4. At this point, the pod is able to assume the role, but role does not have the ability to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an S3 bucket. View the [reference](/features/aws-iam/reference) to learn more about the AWS IAM ClientIntents syntax. +5. Once the intent is applied, the intents operator will create a new policy, which will be attached to the service’s role with the appropriate access. +6. Done! ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -39,8 +51,9 @@ spec: - "s3:GetObject" ``` -### Coming soon +### Automatically generating ClientIntents for AWS IAM -Building least-privilege access can be difficult. Many actions have dependent actions, or services can require a lot of access to perform their functions. To help reduce this burden, Otterize will provide automated ClientIntents based on the actions your service actually requires by detecting the calls being made and converting them into the necessary YAML syntax. +Figuring out which access you need for AWS can be a painful, trial and error process, and something you _must_ do if you're tightening production access. +Otterize is getting ready to release support for using existing traffic to generate least-privilege IAM policies. Keen to try this out as part of early access? Sign up to the [Early Access Beta Program](https://otterize.com/EarlyAccessBetaProgram) and we'll be in touch! diff --git a/docs/features/aws-iam/reference.mdx b/docs/features/aws-iam/reference.mdx index 04ead9d00..fe0517232 100644 --- a/docs/features/aws-iam/reference.mdx +++ b/docs/features/aws-iam/reference.mdx @@ -44,4 +44,4 @@ spec: | `global.aws.eksClusterNameOverride` | EKS cluster name (overrides auto-detection) | `(none)` | | `aws.roleARN` | ARN of the AWS role the operator will use to access AWS. By defeault, Otterize will create a unique role for each service an annotate the service with the role's ARN. | `(none)` | -View the [helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file +View the [Helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file diff --git a/docs/features/istio/index.mdx b/docs/features/istio/index.mdx index a07d425d9..3d4d0ccfb 100644 --- a/docs/features/istio/index.mdx +++ b/docs/features/istio/index.mdx @@ -10,12 +10,12 @@ export const istio_tutorials = [ { title: 'Istio AuthorizationPolicy automation', description: 'Generate AuthorizationPolicy docs from existing connections', - url: '/features/istio/examples/k8s-istio-authorization-policies' + url: 'istio/tutorials/k8s-istio-authorization-policies' }, { title: 'Istio HTTP-level access mapping', - description: 'View the HTTP methods being used across services', - url: '/features/istio/examples/k8s-istio-water' + description: 'Map access between services including HTTP paths and methods', + url: 'istio/tutorials/k8s-istio-watcher' } ]; @@ -23,21 +23,42 @@ export const istio_tutorials = [ # Istio -Otterize can map and secure access with Istio HTTP connections across your Kubernetes services. +Otterize can build a map of your cluster based on Istio Envoy metrics, and enforce access between services using Istio Authorization Policies. + +### Tutorials + +To learn how to use the Intents Operator to enforce access using Istio authorization policies, or map your cluster, try one of these quickstart tutorials. + + -### About -When enabling Istio support, Otterize's network mapping tool can determine which Kubernetes services are connected and which HTTP methods are being used. This graph of connections can then be leveraged to automate IBAC based access policies that result in Istio AuthorizationPolicy(s). +### How does Otterize work with Istio? -### How does it work +1. First, the cluster must have [Otterize installed](/overview/installation). +2. To have Otterize generate Istio authorization policies, declare and apply ([IBAC](/overview/intent-based-access-control)) ClientIntents for your services. +Once you do so, Otterize will generate an Istio authorization policy allowing access from the client service, identified by its ServiceAccount, to the server, identified by its labels. +The HTTP Resources section in the ClientIntents is optional: if you do not specify it, all pod-to-pod access is allowed. -1. First, the cluster must have [Otterize installed](/overview/installation). With Istio support enabled by setting the following flag: +```yaml + +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-istio +spec: + service: + name: client + calls: + - name: server-abc + type: http + HTTPResources: + - path: /client-path + methods: [ GET ] -```bash ---set networkMapper.istiowatcher.enable=true ``` -2. To monitor connections and HTTP methods, we need to enable connection telemetry data within Istio. This can be enabled with the following YAML: +3. If you would like Otterize to be able to autogenerate ClientIntents and map your network at the HTTP path and method level, we need to enable connection telemetry data within Istio. This can be enabled with the following YAML: ```yaml apiVersion: telemetry.istio.io/v1alpha1 @@ -64,36 +85,12 @@ spec: # Map the "request_path" metric tag to "request.path" value request_path: value: request.path - ``` -Once installed, Otterize will query Envoy sidecars for known connections and building an in-memory map of the relationships. After the map is built your can then view those relationships. - -**To Manage Access** - -You simply need to define and apply your intent based access control ([IBAC](/overview/intent-based-access-control)) policies for your services. - -```yaml - -apiVersion: k8s.otterize.com/v1alpha3 -kind: ClientIntents -metadata: - name: client - namespace: otterize-tutorial-istio -spec: - service: - name: client - calls: - - name: server-abc - type: http - HTTPResources: - - path: /client-path - methods: [ GET ] - +Or, as a ready-to-paste command: +``` +kubectl apply -f ${ABSOLUTE_URL}/code-examples/network-mapper/istio-telemetry-enablement.yaml -n istio-system ``` -### Tutorials - -For further details about mapping, or access automation, view the tutorials below: +Once installed, Otterize will query Envoy sidecars for known connections and build an in-memory map of the relationships. After the map is built you can then view those relationships. - diff --git a/docs/features/istio/reference.mdx b/docs/features/istio/reference.mdx index 69131cd88..edf4247bb 100644 --- a/docs/features/istio/reference.mdx +++ b/docs/features/istio/reference.mdx @@ -35,4 +35,4 @@ spec: | `istiowatcher.pullSecrets` | Istio watcher pull secrets. | `(none)` | | `istiowatcher.resources` | Resources override. | `(none)` | -View the [helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file +View the [Helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file diff --git a/docs/features/kafka/index.mdx b/docs/features/kafka/index.mdx index 46a1caf45..c3178535d 100644 --- a/docs/features/kafka/index.mdx +++ b/docs/features/kafka/index.mdx @@ -11,44 +11,34 @@ export const kafka_tutorials = [ { title: 'Kafka topic-level access mapping', description: 'View Kafka network connections', - url: '/features/Kafka/tutorials/k8s-kafka-mapping' + url: '/features/kafka/tutorials/k8s-kafka-mapping' }, { title: 'Kafka access automation using Otterize Cloud mTLS', description: 'Manage access to Kafka topics with Otterize Cloud mTLS', - url: '/features/Kafka/tutorials/k8s-kafka-mtls' + url: '/features/kafka/tutorials/k8s-kafka-mtls' }, { title: 'Kafka access automation using cert-manager mTLS', description: 'Manage access to Kafka topics with a cert-manager', - url: '/features/Kafka/tutorials/k8s-kafka-mtls-cert-manager' + url: '/features/kafka/tutorials/k8s-kafka-mtls-cert-manager' } ]; # Kafka -Otterize can map and secure access to Kafka Topics from your Kubernetes clusters. +Otterize can build a map of your cluster, and enforce access between services using Kafka ACLs. Otterize is also able to map access to the Kafka topic and operation level, by reading Kafka access logs. -### About - -By enabling Kafka support, Otterize's network mapping tool can determine which Kubernetes services are connecting to topics and the determine their access privileges. This graph of connections can then be leveraged to automate IBAC based access policies that result in Kakfa ACLs. - -### How does it work +### Tutorials -1. First, the cluster must have [Otterize installed](/overview/installation). With Kakfa support enabled by setting the following flags: +To learn how to use the Intents Operator and Credentials Operator to enforce access with Kafka ACLs, or how to map your cluster to the Kafka topic and operation level, try one of these quickstart tutorials. + -```bash ---set kafkawatcher.enable=true \ ---set kafkawatcher.kafkaServers={"kafka-0.kafka"} -``` -Once installed, Otterize will map Kafka connections allowing you to view those relationships, but to manage access we need to: +### How does Otterize work with Kafka? -2. Configure Otterize to manage Kafka access with a `KafkaServerConfig`. See the example yaml below. - -```bash -kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls/kafkaserverconfig.yaml -``` +1. First, the cluster must have [Otterize installed](/overview/installation). +2. Configure the Otterize Intents Operator to manage a Kafka broker by declaring a `KafkaServerConfig`. See the example yaml below. ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -62,9 +52,36 @@ spec: addr: kafka.kafka:9092 ``` +Or, as a ready-to-paste command: +```bash +kubectl apply -f ${ABSOLUTE_URL}/code-examples/kafka-mtls/kafkaserverconfig.yaml +``` -3. Once that is complete, the Kafka broker and it's clients require mTLS credentials, which they can receive from Otterize or through a [cert-manager](/features/Kafka/tutorials/k8s-kafka-mtls-cert-manager). This requires a annotation to inform Otterize to generate the credentials and volume mount to store them. To orchestrate this, see the example deployment below: +The Kafka broker must be configured with a superuser for the Intents Operator to be able to set ACLs, with the ACL authorizer enabled, and to use mTLS, which the Intents Operator and other clients will use to authenticate. +Here's an example configuration based on the `values.yaml` of the Bitnami Kafka Helm chart. To see a working example, check out the tutorials for Kafka. +```yaml +superUsers: User:CN=intents-operator.otterize-system +allowEveryoneIfNoAclFound: true +podAnnotations: + credentials-operator.otterize.com/cert-type: jks + credentials-operator.otterize.com/tls-secret-name: kafka-tls-secret + credentials-operator.otterize.com/dns-names: "kafka-0.kafka-headless.kafka.svc.cluster.local,kafka.kafka.svc.cluster.local" +# Authenticate clients using mTLS +auth: + clientProtocol: mtls + interBrokerProtocol: mtls + tls: + type: jks + existingSecrets: + - kafka-tls-secret + password: password + jksTruststore: truststore.jks + jksKeystoreSAN: keystore.jks +authorizerClassName: kafka.security.authorizer.AclAuthorizer +``` + +To acquire TLS credentials for another pod, specify a Pod annotation with the required TLS secret name. ```yaml spec: template: @@ -90,7 +107,7 @@ spec: readOnly: true ``` -4. Once the Kafka clients are deployed with the mTLS credentials they should be able to access their associated topics as there's no active enforcement enabled. By applying IBAC ClientIntents we can declare access for our Services. See an example of a Kafka policy. +4. Once the Kafka clients are deployed with the mTLS credentials, they should be able to access topics as we have enabled `allowEveryoneIfNoAclFound`. To begin enforcing, declare ClientIntents, which will cause the Intents Operator to configure ACLs allowing this access. ```yaml apiVersion: k8s.otterize.com/v1alpha3 @@ -109,22 +126,4 @@ spec: operations: [ produce,describe,consume ] - name: transactions operations: [ produce,describe,consume ] ---- -apiVersion: k8s.otterize.com/v1alpha3 -kind: ClientIntents -metadata: - name: kafka - namespace: kafka -spec: - service: - name: kafka - calls: - - name: kafka - - name: kafka-zookeeper ``` -### Tutorials - -For further details about mapping, or access automation, view the tutorials below: - - - diff --git a/docs/features/kafka/reference.mdx b/docs/features/kafka/reference.mdx index 42fce1a56..a2f704193 100644 --- a/docs/features/kafka/reference.mdx +++ b/docs/features/kafka/reference.mdx @@ -57,4 +57,4 @@ spec: | `kafkawatcher.resources` | Resources override. | `(none)` | | `kafkawatcher.kafkaServers` | Kafka servers to watch, specified as `pod.namespace` items. | `(none)` | -View the [helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file +View the [Helm chart reference](/reference/configuration/otterize-chart) for all other options \ No newline at end of file diff --git a/docs/features/network-mapping-network-policies/index.mdx b/docs/features/network-mapping-network-policies/index.mdx index 3ddc3656f..4c93ea01f 100644 --- a/docs/features/network-mapping-network-policies/index.mdx +++ b/docs/features/network-mapping-network-policies/index.mdx @@ -27,25 +27,34 @@ export const network_access_tutorials = [ } ]; -### About - -Otterize empowers you to comprehend, visualize, and oversee access across Kubernetes networks. Once installed, it analyzes network traffic to construct an in-memory map detailing the connections. This map can be explored or exported through multiple formats, offering insights into your network's interconnectivity. Leveraging Intent-Based Access Control (IBAC) policies, Otterize acts as a sophisticated control plane for Kubernetes networks. It enables the automatic generation of declarative, intent-based access policies, facilitating the establishment of minimal privilege access between pods with ease. +Otterize's open-source [Network Mapper](/reference/configuration/network-mapper) and [Intents Operator](/reference/configuration/intents-operator) can map your cluster, with zero configuration, low privileges and low resource usage, and automate the management of network policies. ### Mapping & visualizing -Following installation, Otterize begins to gather network traffic data, assembling it into a comprehensive graph that illustrates the connections between pod-to-pod and pod-to-public internet traffic. This graph serves as a dynamic blueprint of network interactions, which can be exported or visualized through multiple methods. Users of Otterize Cloud have the advantage of directly interacting with these graph structures within the Otterize application interface, offering an intuitive and interactive experience. For open-source software (OSS) users, Otterize provides a command-line interface (CLI) tool. This tool enables users to export the network data into JSON format, list the relationships captured in the graph, or even generate Intent-Based Access Control (IBAC) policies that mirror the observed traffic patterns, facilitating a tailored and secure network environment. +Otterize's [Network Mapper](/reference/configuration/network-mapper) is a zero-config, open-source and non-invasive tool to map your cluster. Deploy it on your cluster to get a graphical, textual or JSON representation of your cluster, and optionally use it to generate ClientIntents, which are declarations of the access each service in your cluster requires. -To learn more about Visualizing, check out [Visualizing a Kubernetes Network](/features/network-mapping-network-policies/tutorials/k8s-network-mapper) +By connecting your cluster to Otterize Cloud, you'll immediately be presented with an interactive, historic and filterable map of your cluster. +You can access the same information in different formats by using the open-source Otterize CLI, with the commands `otterize mapper export`, `otterize mapper list` and `otterize mapper visualize`. +:::danger +TODO +Brian, please add screenshots of the access graph and network mapper visual and textual output here. +::: ### Access control -By default, Kubernetes pods permit all outgoing and incoming traffic, posing potential security risks. Kubernetes [NetworkPolicies](/reference/terminology#network-policies) offer `policyTypes` that can be employed to limit either egress or ingress traffic, thereby enhancing security and compliance. Leveraging its in-memory traffic map, Otterize is capable of automatically crafting Intent-Based Access Control (IBAC) policies that accurately represent the existing traffic patterns within a cluster. Upon the submission of these IBAC policies, Otterize proceeds to create and implement the appropriate NetworkPolicies for your namespaces, ensuring a secure network configuration that aligns with your traffic's actual flow. +By default, Kubernetes pods permit all outgoing and incoming traffic, posing potential security risks. -Further details are available within the [Network Policies Deep Dive](/features/network-mapping-network-policies/Reference/Network-Policies-Deep-Dive) +Kubernetes [NetworkPolicies](/reference/terminology#network-policies) can be employed to limit either egress or ingress traffic, thereby enhancing security and compliance. +Having deployed Otterize, you can then apply the ClientIntents generated by the network mapper, or declared by you, to your cluster. The [Intents Operator](/reference/configuration/intents-operator) calculates which [Network Policies](/reference/terminology#network-policies) are required to allow the traffic declared by the ClientIntents, enforcing access on your cluster so that only intentional access is allowed. +:::danger +TODO +Brian, please add links to ClientIntents reference here whenever it's mentioned. +::: -```yaml +Read more in the [Network Policies Deep Dive](/features/network-mapping-network-policies/Reference/Network-Policies-Deep-Dive). +```yaml apiVersion: k8s.otterize.com/v1alpha3 kind: ClientIntents metadata: @@ -56,11 +65,6 @@ spec: name: client calls: - name: nginx - type: http - HTTPResources: - - path: /client-path - methods: [ GET ] - ``` ### Tutorials diff --git a/docs/features/network-mapping-network-policies/reference/README.mdx b/docs/features/network-mapping-network-policies/reference/README.mdx index 3b239324d..b81897009 100644 --- a/docs/features/network-mapping-network-policies/reference/README.mdx +++ b/docs/features/network-mapping-network-policies/reference/README.mdx @@ -37,7 +37,7 @@ spec: | `operator.autoCreateNetworkPoliciesForExternalTraffic` | (deprecated, use `allowExternalTraffic` instead) Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | | `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | (deprecated, use `allowExternalTraffic` instead) **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | -View the [helm chart reference](/reference/configuration/otterize-chart) for all other options +View the [Helm chart reference](/reference/configuration/otterize-chart) for all other options ### Network mapper parameters All configurable parameters of the network mapper can be configured under the alias `networkMapper`. diff --git a/docs/features/network-mapping-network-policies/tutorials/k8s-network-mapper.mdx b/docs/features/network-mapping-network-policies/tutorials/k8s-network-mapper.mdx index b462db79e..6a9ef08c2 100644 --- a/docs/features/network-mapping-network-policies/tutorials/k8s-network-mapper.mdx +++ b/docs/features/network-mapping-network-policies/tutorials/k8s-network-mapper.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 1 -title: Visualizing a Kubernetes network +title: Mapping a Kubernetes network image: /img/visualization/k8s-network-mapper/social.png --- diff --git a/docs/features/postgresql/index.mdx b/docs/features/postgresql/index.mdx index 4adfadf60..38d87a00c 100644 --- a/docs/features/postgresql/index.mdx +++ b/docs/features/postgresql/index.mdx @@ -9,26 +9,38 @@ import DocsLinkCard from "@site/src/components/LinkCard"; export const postgres_tutorials = [ { title: 'Just-in-time PostgreSQL Access', - description: 'Provide least privilege service access to databases and tables', - url: '/features/postgresql/examples/posgres' + description: 'Learn how to manage just-in-time users and SQL GRANTs', + url: 'postgresql/tutorials/postgres' + }, + { + title: 'Map PostgreSQL access', + description: 'Learn how to use PostgreSQL audit logs to map access to your database', + url: 'postgresql/tutorials/postgres-mapping' } ]; # PostgreSQL -### About +Otterize is able to create just-in-time username-and-password pairs for your service, providing them as a Kubernetes Secret that can be mounted to file or mapped to environment variables, as well as `GRANT`ing access to databases and tables, based on `ClientIntents` ([Intents-Based Access Control](/overview/intent-based-access-control)) declarations. +In addition, Otterize can map the access to your PostgreSQL database, showing you which service is accessing which database, table and which operation it's performing. This can be used to automatically generate the `ClientIntents` declarations. + +Unlike other access controls in Otterize, PostgreSQL support is exclusively available when using Otterize Cloud. + +### Tutorials + +To learn how to use the Intents Operator and Credentials Operator to enforce access using PostgreSQL GRANTs, or map access to your PostgreSQL database, try one of these quickstart tutorials. + + -Upon integration with your cluster, Otterize’s PostgreSQL support streamlines and secures your workloads and database connections using Intent-Based Access Control ([IBAC](/overview/intent-based-access-control/)). This feature allows teams to provide just-in-time, least-privilege access to your database, eliminating the need for complex `GRANT` statement configurations. With Otterize, you can grant access to all tables within a database or restrict it to a specific subset of tables. Moreover, you can define the scope of permitted operations, ranging from `ALL` operations to specific actions required by the service, such as `SELECT.` This capability to fine-tune access rights ensures that services only have the necessary permissions, enhancing security. -PostgreSQL support is exclusively available in the Otterize Cloud. -### How does it work +### How does Otterize work with PostgreSQL? -Once a service is annotated, Otterize Cloud will create a unique PostgreSQL credential for its exclusive use. The service will use these credentials to connect to the database. IBAC policies will define the access to that service. As the policies are applied, Otterize Cloud will update the service’s credentials in the database to have the defined access. +Otterize Cloud will create a unique PostgreSQL username-password combination for each service's use, exposed via a Kubernetes Secret. The service will use these credentials to connect to the database. `ClientIntents` will define the access required by that service. As the intents are applied, Otterize Cloud will keep the database's list of users and GRANTs up to date so that the service is able to access it. -1. To get started, your cluster must have Otterized Cloud installed. +1. To get started, your cluster must have Otterize Cloud installed. 2. You’ll need to [integrate](https://app.otterize.com/integrations) your database by providing a connection URL and admin-level credentials to manage permissions in your database. -3. Each service included in access controls will need to have Otterize managed credentials by annotating the service’s deployment with `credentials-operator.otterize.com/user-password-secret-name` below is an example of that annotation and passing the generated credentials into a container with environmental variables. +3. Each service can request a username-password Secret to be created, by annotating the Pod with `credentials-operator.otterize.com/user-password-secret-name`. Below is an example of that annotation and passing the generated credentials into a container with environmental variables. ```yaml apiVersion: apps/v1 @@ -43,6 +55,7 @@ spec: template: metadata: annotations: + # highlight-next-line credentials-operator.otterize.com/user-password-secret-name: server-creds labels: app: server @@ -68,7 +81,7 @@ spec: ``` -4. Once the cluster and the database are available in Otterize Cloud, IBAC policies can be applied to create unique credentials for each service scoped to the defined access. +4. Apply `ClientIntents` and the specified access will be `GRANT`ed to the service in the `ClientIntents`. ```yaml @@ -91,10 +104,4 @@ spec: - INSERT ``` - -### Tutorials - -For further details, view the tutorial below: - - - +5. Done! \ No newline at end of file From ac4470e14ad2ba88523701d454c3344b8fb8c1e0 Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Thu, 15 Feb 2024 20:36:00 +0100 Subject: [PATCH 17/24] Fixup --- .../postgresql/tutorials/postgres-mapping.mdx} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/{quickstart/visualization/postgresql.mdx => features/postgresql/tutorials/postgres-mapping.mdx} (100%) diff --git a/docs/quickstart/visualization/postgresql.mdx b/docs/features/postgresql/tutorials/postgres-mapping.mdx similarity index 100% rename from docs/quickstart/visualization/postgresql.mdx rename to docs/features/postgresql/tutorials/postgres-mapping.mdx From 61c016718d935dde44c711d7ae09c5163f8b1064 Mon Sep 17 00:00:00 2001 From: bglynn Date: Thu, 15 Feb 2024 15:48:06 -0800 Subject: [PATCH 18/24] Initial Draft --- .../aws-iam/tutorials/aws-visibility.mdx | 182 ++++++++++++++++++ static/code-examples/aws-visibility/all.yaml | 31 +++ .../aws-visibility/cloudformation.yaml | 104 ++++++++++ .../aws-visibility/eks-cluster.yaml | 39 ++++ .../code-examples/aws-visibility/intents.yaml | 12 ++ 5 files changed, 368 insertions(+) create mode 100644 docs/features/aws-iam/tutorials/aws-visibility.mdx create mode 100644 static/code-examples/aws-visibility/all.yaml create mode 100644 static/code-examples/aws-visibility/cloudformation.yaml create mode 100644 static/code-examples/aws-visibility/eks-cluster.yaml create mode 100644 static/code-examples/aws-visibility/intents.yaml diff --git a/docs/features/aws-iam/tutorials/aws-visibility.mdx b/docs/features/aws-iam/tutorials/aws-visibility.mdx new file mode 100644 index 000000000..912af8ec8 --- /dev/null +++ b/docs/features/aws-iam/tutorials/aws-visibility.mdx @@ -0,0 +1,182 @@ +--- +sidebar_position: 2 +title: AWS Resource Mapping +image: /img/quick-tutorials/aws-iam-eks/social.png +--- + + +Many production Kubernetes workloads rely on external cloud resources. In this tutorial, we will look at how Otterize provides visibility into the AWS resources called by your workloads. + +In this tutorial, we will: +* Set up an EKS cluster +* Deploy two Lambda functions +* Deploy a server pod that evaluates jokes from one Lambda and forwards a review to another Lambda. +* Automatically detect the Lambda function calls in Otterize + +By the end, you'll know how to map Kubernetes workloads alongside their dependent AWS resources using Otterize. + +## Prerequisites + +### CLI tools +We will need the following CLI tools to set up our cluster and deploy our scripts. + +1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). You will also need credentials within the target account to work with EKS clusters, IAM, Cloudformation, and Lambda functions +2. [eksctl](https://eksctl.io/installation/) + +### Create an EKS cluster +Already have Otterize deployed with the IAM integration configured on your cluster? [Skip to the tutorial.](#tutorial) + +Begin by creating an EKS cluster for pod deployment using **eksctl** with the YAML configuration below: +```bash +curl ${ABSOLUTE_URL}/code-examples/aws-visibility/eks-cluster.yaml | eksctl create cluster -f - +``` +
+ Inspect Cluster Configuration + +```yaml +{@include: ../../../../static/code-examples/aws-visibility/eks-cluster.yaml} +``` +
+ +Next, update **kubeconfig** to link it with the new cluster: +```bash +aws eks update-kubeconfig --name otterize-tutorial-aws-visibility --region 'us-west-2' +``` + +### Enable AWS Visibility with Otterize Installation +To provide visibility, we will need to install Otterize in our cluster, and we will want to enable AWS IAM roles for service accounts (IRSA) on our cluster. We can quickly enable this using a cloudformation template on the Otterize Cloud Integrations page. + +1. **Install Otterize** + If you don't have a connected Kubernetes cluster, create one via [Otterize Clusters](https://app.otterize.com/clusters) and follow the setup instructions. Skip if your cluster is already connected. + +2. **Integrate AWS with Otterize Cloud** + To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for some information to help populate a cloudformation script we will use to integrate AWS access controls into our cluster. + + If you created the EKS cluster above, the cluster name is `otterize-tutorial-aws-visibility` and the region is `us-west-2`. + + Once the information is provided, a *Launch Cloudformation* button will take you to the AWS Console to deploy the cloudformation script. This script will install IRSA within your EKS cluster and enable Otterize Cloud to manage intents. + + After IRSA is enabled in your cluster, you need to redeploy Otterize with the AWS credential operator and AWS visibility enabled. In Otterize Cloud, click the *Next* button to see the updated Helm commands. Before executing the revised configuration, you will need to set an additional flag at the end of the command: + + ```bash + --set networkMapper.aws.visibility.enabled=true + ``` + +## Tutorial + +Having configured our environment, we'll now deploy AWS resources, authorize pod access using client intents, and monitor access in Otterize Cloud. + +### Deploy two Lambda functions + +First, we will deploy two Lambda functions (`DadJokeLambdaFunction` and `FeedbackLambdaFunction`). These services will work alongside our server pod to generate a humor training dataset. This works by receiving a joke from the DadJokeLambdaFunction, the server pod reviewing the joke, and then sending the feedback to the FeedbackLambdaFunction. + +We can deploy the lambda functions and their required roles with the following command: +```bash +aws cloudformation deploy --template-file cloudformation.yaml --stack-name OtterizeTutorialJokeTrainingStack --capabilities CAPABILITY_IAM --region 'us-west-2' +``` +
+ Inspect CloudFormation YAML + +```yaml +{@include: ../../../../static/code-examples/aws-visibility/cloudformation.yaml} +``` +
+ +### Deploy clusters with access to Lambda functions + +Now that our Lambdas are deployed, we want to deploy our server pod within our cluster and point it to our two Lambda functions. In the commands below, we will create a configmap to hold our functions ARNs and pass the map into our deployment YAML. + +```bash + +kubectl create namespace otterize-tutorial-aws-visibility + +DAD_JOKE_LAMBDA_ARN=$(aws cloudformation describe-stacks --region 'us-west-2' --stack-name OtterizeTutorialJokeTrainingStack --query "Stacks[0].Outputs[?OutputKey=='DadJokeLambdaFunction'].OutputValue" --output text) +FEEDBACK_LAMBDA_ARN=$(aws cloudformation describe-stacks --region 'us-west-2' --stack-name OtterizeTutorialJokeTrainingStack --query "Stacks[0].Outputs[?OutputKey=='FeedbackLambdaFunction'].OutputValue" --output text) + +kubectl create configmap lambda-arns \ + --from-literal=dadJokeLambdaArn=$DAD_JOKE_LAMBDA_ARN \ + --from-literal=feedbackLambdaArn=$FEEDBACK_LAMBDA_ARN \ + -n otterize-tutorial-aws-visibility + +kubectl apply -n otterize-tutorial-aws-visibility -f ${ABSOLUTE_URL}/code-examples/aws-visibility/all.yaml +``` +
+ Inspect deployment YAML + +```yaml +{@include: ../../../../static/code-examples/aws-visibility/all.yaml} +``` +
+ + +Inspecting our deployment YAML, you will see we have added two labels to our pod. The first `network-mapper.otterize.com/aws-visibility` informs the network mapper to identify AWS API calls and the `credentials-operator.otterize.com/create-aws-role` that drives the credentials operator to create a role specifically for this pod that will be used for our intents. + +Once our pod is deployed, we can see in the logs that it cannot access the Lambda functions. + +```bash +kubectl logs -f -n otterize-tutorial-aws-visibility deploy/joketrainer +``` + +Sample output: +``` +invoke error, operation error Lambda: Invoke, https response error StatusCode: 403, RequestID: a3bab063-dfb0-49e3-b466-0069807c56fa, api error AccessDeniedException: User: arn:aws:sts::12345678910:assumed-role/otr-otterize-tutorial-aws-visibility.default@otterize-tut-ecfd9d/12345678910 is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:12345678910:function:OtterizeTutorialJokeTrainingStack-DadJokeLambda-dnNYqlwipYxG because no identity-based policy allows the lambda:InvokeFunction action +``` + +### Applying Intents + +We can apply an intent for our pod to be able to call the Lambda functions created by our cloudformation stack. + +```bash +kubectl apply -n otterize-tutorial-aws-visibility -f ${ABSOLUTE_URL}/code-examples/aws-visibility/intents.yaml +``` + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: server +spec: + service: + name: joketrainer + calls: + - name: arn:aws:lambda:us-west-2:*:function:OtterizeTutorialJokeTrainingStack-* + type: aws + awsActions: + - "lambda:InvokeFunction" + +``` + +We can now check the logs again to ensure that the pod is running: +```bash +kubectl logs -f -n otterize-tutorial-aws-visibility deploy/joketrainer +``` + +Example output: +``` +Joke: People saying 'boo! to their friends has risen by 85% in the last year.... That's a frightening statistic. +Sending Feedback of Funny?: Yes +Joke: Have you ever heard of a music group called Cellophane? They mostly wrap. +Sending Feedback of Funny?: Yes +Joke: What did Yoda say when he saw himself in 4K? "HDMI" +Sending Feedback of Funny?: No + +``` + +### Visualize Relationships +The Otterize network mapper inspects pods with the `network-mapper.otterize.com/aws-visibility: true` label. For the labeled pods, the network mapper will identify AWS API calls made by that pod and determine which resources and actions are being used. This information is shown on the [Access Graph](https://app.otterize.com/access-graph). + +## Clean Up +To remove the deployed example: +```bash +kubectl delete namespace otterize-tutorial-aws-visibility +``` + +To remove the Lambda functions: +```bash +aws cloudformation delete-stack --stack-name OtterizeTutorialJokeTrainingStack +``` + +To remove the EKS cluster +```bash +eksctl delete cluster --name otterize-tutorial-aws-visibility --region us-west-2 +``` \ No newline at end of file diff --git a/static/code-examples/aws-visibility/all.yaml b/static/code-examples/aws-visibility/all.yaml new file mode 100644 index 000000000..06e4c139d --- /dev/null +++ b/static/code-examples/aws-visibility/all.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: joketrainer + namespace: otterize-tutorial-aws-visibility +spec: + replicas: 1 + selector: + matchLabels: + app: joketrainer + template: + metadata: + labels: + app: joketrainer + network-mapper.otterize.com/aws-visibility: "true" + credentials-operator.otterize.com/create-aws-role: "true" + spec: + containers: + - name: joketrainer + image: brianglynn/aws-visibility-joketraininer:latest + env: + - name: DAD_JOKE_LAMBDA_ARN + valueFrom: + configMapKeyRef: + name: lambda-arns + key: dadJokeLambdaArn + - name: FEEDBACK_LAMBDA_ARN + valueFrom: + configMapKeyRef: + name: lambda-arns + key: feedbackLambdaArn diff --git a/static/code-examples/aws-visibility/cloudformation.yaml b/static/code-examples/aws-visibility/cloudformation.yaml new file mode 100644 index 000000000..89a7444ec --- /dev/null +++ b/static/code-examples/aws-visibility/cloudformation.yaml @@ -0,0 +1,104 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: >- + Stack creates two Lambda functions for dad jokes and feedback, plus the user and related policies + +Resources: + DadJokeLambdaExecutionRole: + Type: 'AWS::IAM::Role' + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: 'sts:AssumeRole' + Policies: + - PolicyName: 'DadJokeLambdaExecutionPolicy' + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - 'logs:CreateLogGroup' + - 'logs:CreateLogStream' + - 'logs:PutLogEvents' + Resource: 'arn:aws:logs:*:*:*' + - Effect: Allow + Action: + - 'execute-api:Invoke' + Resource: '*' + + DadJokeLambda: + Type: 'AWS::Lambda::Function' + Properties: + Handler: 'index.handler' + Role: !GetAtt DadJokeLambdaExecutionRole.Arn + Runtime: 'nodejs14.x' + Code: + ZipFile: | + const https = require('https'); + exports.handler = async (event) => { + return new Promise((resolve, reject) => { + const options = { + hostname: 'icanhazdadjoke.com', + method: 'GET', + headers: { 'Accept': 'application/json' } + }; + const req = https.request(options, (res) => { + let data = ''; + res.on('data', (chunk) => { + data += chunk; + }); + res.on('end', () => { + resolve({ + statusCode: 200, + body: data, + headers: { 'Content-Type': 'application/json' }, + }); + }); + }); + req.on('error', (e) => { + reject({ + statusCode: 500, + body: 'Error fetching dad joke', + }); + }); + req.end(); + }); + }; + Timeout: 10 + + FeedbackLambda: + Type: 'AWS::Lambda::Function' + Properties: + Handler: 'index.handler' + Role: !GetAtt DadJokeLambdaExecutionRole.Arn + Runtime: 'nodejs14.x' + Code: + ZipFile: | + exports.handler = async (event) => { + const payload = JSON.parse(event.body); + + const joke = payload.joke; + const isFunny = payload.funny; + + console.log("Joke:", joke); + console.log("Is it funny?", isFunny); + + return { + statusCode: 200, + body: JSON.stringify({ message: "Feedback received, Adding To Training Set" }), + }; + }; + Timeout: 10 + +Outputs: + DadJokeLambdaFunction: + Description: "Dad Joke Lambda Function ARN" + Value: !GetAtt DadJokeLambda.Arn + + FeedbackLambdaFunction: + Description: "Feedback Lambda Function ARN" + Value: !GetAtt FeedbackLambda.Arn + diff --git a/static/code-examples/aws-visibility/eks-cluster.yaml b/static/code-examples/aws-visibility/eks-cluster.yaml new file mode 100644 index 000000000..ced63f6db --- /dev/null +++ b/static/code-examples/aws-visibility/eks-cluster.yaml @@ -0,0 +1,39 @@ +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: otterize-tutorial-aws-visibility + region: us-west-2 + +iam: + withOIDC: true + +vpc: + clusterEndpoints: + publicAccess: true + privateAccess: true + +addons: + - name: vpc-cni + version: 1.14.0 + attachPolicyARNs: + - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy + configurationValues: |- + enableNetworkPolicy: "true" + - name: coredns + - name: kube-proxy + +managedNodeGroups: + - name: x86-al2-on-demand + amiFamily: AmazonLinux2 + instanceTypes: [ "t3.large" ] + minSize: 0 + desiredCapacity: 2 + maxSize: 6 + privateNetworking: true + disableIMDSv1: true + volumeSize: 100 + volumeType: gp3 + volumeEncrypted: true + tags: + team: "eks" \ No newline at end of file diff --git a/static/code-examples/aws-visibility/intents.yaml b/static/code-examples/aws-visibility/intents.yaml new file mode 100644 index 000000000..8e06a6b24 --- /dev/null +++ b/static/code-examples/aws-visibility/intents.yaml @@ -0,0 +1,12 @@ +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: server +spec: + service: + name: joketrainer + calls: + - name: arn:aws:lambda:us-west-2:*:function:OtterizeTutorialJokeTrainingStack-* + type: aws + awsActions: + - "lambda:InvokeFunction" \ No newline at end of file From 5ccc617d7ea5493069356303154428154b3aa572 Mon Sep 17 00:00:00 2001 From: bglynn Date: Wed, 21 Feb 2024 15:08:13 -0800 Subject: [PATCH 19/24] Some minor revisions --- .../aws-iam/tutorials/aws-visibility.mdx | 57 +++++++++++------- .../aws-visibility/cloudformation.yaml | 4 +- .../aws-iam-visibility/aws-iam-visibility.png | Bin 0 -> 216843 bytes 3 files changed, 36 insertions(+), 25 deletions(-) create mode 100644 static/img/quick-tutorials/aws-iam-visibility/aws-iam-visibility.png diff --git a/docs/features/aws-iam/tutorials/aws-visibility.mdx b/docs/features/aws-iam/tutorials/aws-visibility.mdx index 912af8ec8..298c87a4f 100644 --- a/docs/features/aws-iam/tutorials/aws-visibility.mdx +++ b/docs/features/aws-iam/tutorials/aws-visibility.mdx @@ -5,13 +5,13 @@ image: /img/quick-tutorials/aws-iam-eks/social.png --- -Many production Kubernetes workloads rely on external cloud resources. In this tutorial, we will look at how Otterize provides visibility into the AWS resources called by your workloads. +Many production Kubernetes workloads rely on cloud resources, like S3 Buckets, RDS databases, and Lambda functions. In this tutorial, we will look at how Otterize provides visibility into the AWS resources called by your workloads. In this tutorial, we will: -* Set up an EKS cluster -* Deploy two Lambda functions -* Deploy a server pod that evaluates jokes from one Lambda and forwards a review to another Lambda. -* Automatically detect the Lambda function calls in Otterize +* Set up an EKS cluster. +* Deploy two Lambda functions. +* Deploy a server pod that evaluates jokes from one Lambda and forwards a review to another. +* Automatically detect the Lambda function calls in Otterize. By the end, you'll know how to map Kubernetes workloads alongside their dependent AWS resources using Otterize. @@ -20,7 +20,7 @@ By the end, you'll know how to map Kubernetes workloads alongside their dependen ### CLI tools We will need the following CLI tools to set up our cluster and deploy our scripts. -1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). You will also need credentials within the target account to work with EKS clusters, IAM, Cloudformation, and Lambda functions +1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). You will also need credentials within the target account with permissions to work with EKS clusters, IAM, Cloudformation, and Lambda functions 2. [eksctl](https://eksctl.io/installation/) ### Create an EKS cluster @@ -47,24 +47,24 @@ aws eks update-kubeconfig --name otterize-tutorial-aws-visibility --region 'us-w To provide visibility, we will need to install Otterize in our cluster, and we will want to enable AWS IAM roles for service accounts (IRSA) on our cluster. We can quickly enable this using a cloudformation template on the Otterize Cloud Integrations page. 1. **Install Otterize** - If you don't have a connected Kubernetes cluster, create one via [Otterize Clusters](https://app.otterize.com/clusters) and follow the setup instructions. Skip if your cluster is already connected. +If you don't have a connected Kubernetes cluster, create one via [Otterize Clusters](https://app.otterize.com/clusters) and follow the setup instructions. Skip if your cluster is already connected. 2. **Integrate AWS with Otterize Cloud** - To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for some information to help populate a cloudformation script we will use to integrate AWS access controls into our cluster. +To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for information to help populate a cloudformation script we will use to integrate AWS access controls into our cluster. - If you created the EKS cluster above, the cluster name is `otterize-tutorial-aws-visibility` and the region is `us-west-2`. +If you created the EKS cluster above, the cluster name would be`otterize-tutorial-aws-visibility`, and the region would be `us-west-2`. - Once the information is provided, a *Launch Cloudformation* button will take you to the AWS Console to deploy the cloudformation script. This script will install IRSA within your EKS cluster and enable Otterize Cloud to manage intents. +Once the information is provided, a *Launch Cloudformation* button will take you to the AWS Console to deploy the cloudformation script. This script will install IRSA within your EKS cluster and enable Otterize Cloud to manage intents. - After IRSA is enabled in your cluster, you need to redeploy Otterize with the AWS credential operator and AWS visibility enabled. In Otterize Cloud, click the *Next* button to see the updated Helm commands. Before executing the revised configuration, you will need to set an additional flag at the end of the command: +After IRSA is enabled in your cluster, you need to redeploy Otterize with the AWS credential operator and AWS visibility enabled. In Otterize Cloud, click the *Next* button to see the updated Helm commands. Before executing the revised configuration, you will need to set an additional flag at the end of the command: - ```bash - --set networkMapper.aws.visibility.enabled=true - ``` +```bash +--set networkMapper.aws.visibility.enabled=true +``` ## Tutorial -Having configured our environment, we'll now deploy AWS resources, authorize pod access using client intents, and monitor access in Otterize Cloud. +Having configured our environment, we'll deploy AWS resources, authorize pod access using ClientIntents, and monitor access in Otterize Cloud. ### Deploy two Lambda functions @@ -72,7 +72,8 @@ First, we will deploy two Lambda functions (`DadJokeLambdaFunction` and `Feed We can deploy the lambda functions and their required roles with the following command: ```bash -aws cloudformation deploy --template-file cloudformation.yaml --stack-name OtterizeTutorialJokeTrainingStack --capabilities CAPABILITY_IAM --region 'us-west-2' +curl http://localhost:3003/code-examples/aws-visibility/cloudformation.yaml -o template.yaml && \ +aws cloudformation deploy --template-file template.yaml --stack-name OtterizeTutorialJokeTrainingStack --capabilities CAPABILITY_IAM --region 'us-west-2' ```
Inspect CloudFormation YAML @@ -108,10 +109,9 @@ kubectl apply -n otterize-tutorial-aws-visibility -f ${ABSOLUTE_URL}/code-exampl ```
+Inspecting our deployment YAML, you will see we have added two labels to our pod. The first `network-mapper.otterize.com/aws-visibility` informs the network mapper to identify AWS API calls, and the `credentials-operator.otterize.com/create-aws-role` that drives the credentials operator to create a role specifically for this pod that will be used for our intents. -Inspecting our deployment YAML, you will see we have added two labels to our pod. The first `network-mapper.otterize.com/aws-visibility` informs the network mapper to identify AWS API calls and the `credentials-operator.otterize.com/create-aws-role` that drives the credentials operator to create a role specifically for this pod that will be used for our intents. - -Once our pod is deployed, we can see in the logs that it cannot access the Lambda functions. +Once our pod is deployed, we can inspect the logs and see that we cannot access the Lambda functions. ```bash kubectl logs -f -n otterize-tutorial-aws-visibility deploy/joketrainer @@ -146,7 +146,7 @@ spec: ``` -We can now check the logs again to ensure that the pod is running: +We can now recheck the logs to ensure that the pod is running: ```bash kubectl logs -f -n otterize-tutorial-aws-visibility deploy/joketrainer ``` @@ -163,9 +163,20 @@ Sending Feedback of Funny?: No ``` ### Visualize Relationships -The Otterize network mapper inspects pods with the `network-mapper.otterize.com/aws-visibility: true` label. For the labeled pods, the network mapper will identify AWS API calls made by that pod and determine which resources and actions are being used. This information is shown on the [Access Graph](https://app.otterize.com/access-graph). +The Otterize network mapper inspects pods with the `network-mapper.otterize.com/aws-visibility: true` label. For the labeled pods, the network mapper will identify AWS API calls made by that pod and determine which resources and actions are being used. This information is shown on the [Access graph](https://app.otterize.com/access-graph). + +In the Access graph screenshot below, you’ll see 4 AWS resources associated with our server pod: DadJokeLambdaFunction, FeedbackLambdaFunction, the role assumed by our server pod, and our wildcard intent definition. This wildcard definition matches any Lambdas created by our cloudformation stack. These types of wildcard definitions can be helpful for AWS Resources with dynamic ARN names as you move across staging and production deployments. Still, they open up a security space that could be overly permissive for some environments. Otterize makes deploying with a wildcard definition easy and then applying more stringent scoping without disrupting any services. + +![Otterize Cloud AWS Visibility Example](/img/quick-tutorials/aws-iam-visibility/aws-iam-visibility.png) ## Clean Up + +To remove cloudformation yaml: +```bash +rm template.yaml +``` + + To remove the deployed example: ```bash kubectl delete namespace otterize-tutorial-aws-visibility @@ -176,7 +187,7 @@ To remove the Lambda functions: aws cloudformation delete-stack --stack-name OtterizeTutorialJokeTrainingStack ``` -To remove the EKS cluster +To remove the EKS cluster: ```bash eksctl delete cluster --name otterize-tutorial-aws-visibility --region us-west-2 -``` \ No newline at end of file +``` diff --git a/static/code-examples/aws-visibility/cloudformation.yaml b/static/code-examples/aws-visibility/cloudformation.yaml index 89a7444ec..ee8b20a56 100644 --- a/static/code-examples/aws-visibility/cloudformation.yaml +++ b/static/code-examples/aws-visibility/cloudformation.yaml @@ -34,7 +34,7 @@ Resources: Properties: Handler: 'index.handler' Role: !GetAtt DadJokeLambdaExecutionRole.Arn - Runtime: 'nodejs14.x' + Runtime: 'nodejs20.x' Code: ZipFile: | const https = require('https'); @@ -74,7 +74,7 @@ Resources: Properties: Handler: 'index.handler' Role: !GetAtt DadJokeLambdaExecutionRole.Arn - Runtime: 'nodejs14.x' + Runtime: 'nodejs20.x' Code: ZipFile: | exports.handler = async (event) => { diff --git a/static/img/quick-tutorials/aws-iam-visibility/aws-iam-visibility.png b/static/img/quick-tutorials/aws-iam-visibility/aws-iam-visibility.png new file mode 100644 index 0000000000000000000000000000000000000000..b5531e238d81b11f6201581f3c82a99e0f2a0aa0 GIT binary patch literal 216843 zcmeFZcT`hd*Dnf46QqfNQltthO+k7WlqN-_R}qjJKuYLc1Vp-kNL5gz7a;)x2}tj~ z1_(X$-b3JSe7^TP-#G8%ecp5byyIky?7dlgmAU4c^Ec<3bA<>^bwx4~dJ-HQ95Q7k z1uYyLA~+5X!Bb*FpyVp#MmG-5H91>(c}-<`c@|9ZrbKXwlQ{BVOdE1Al#2@_QEr;yghlIiJnGCd@d4Gfll9|vvUk}vRZ0h+shIu6? zXFx{^UQ{Dlt|{@|@=&owlPMj=oF#C0@>{Xlv;=QJRIsg5u5z1~_6taQh zeR$VqdS;j2e~ODU$C>Cm**e@L+c!)W{NF(S&2(=FL)3+CM&%t4}zQ|DYwn z(eTD4U??!PGg#<~IHkm{==m2)23f|tUE~xmw)1R*WrdrZL$d_&z1H=^-C0e$ddb3{ zA3I#vh|+C(%rMZz^F3Imm8x@2#X>69viTv+X^G&mL#Xt3!&s_RoQDLj_I%}hMVs;| zB^F*czrF9 zvWDH$mmuS4o&Zt0bpf-s4-5mdXmw(S&!jP1%q*D_BaL(|&3E0T!*|cVE?T^Ke^)|l zHYRoVXGl)%y{4Y(lZWriJbiB)$GZ4Qs(qxp#obHI-?s2pp<}N>FYrM<-gzK7N9niV zJQiwV@l$%tOkyn;rE}oToGa3$dJp8;uUkqz_WXcLFryKE%;MphmRXogvCDel{wa}p zL+*2-h?y`Osbr`q(c54LPu{qw>*R`&L>esY$BJ&`4#uCHgdGOX19~aSP`5ZOf8F?C zd6&%u)Ru5lcAtxo`bvawmGowm&z$-8GHEJxPyJNb(#}-o_QyVDPlYP=Wwyx-w!1ej zJ}!Fp5gc5hsZ_$2(N^6Va%;dk^Zy`Ee8XhSJT~9+fSmd$D9(hXQ)_{@hy=^Ef#{wI zgMHa%mxzD9OI*%Beu|FEhvf4$-XAc$&}a54&TBk)O?Gs~n0X+7;I++o`jZQCQz9_E zS^X8dEL)#F%Ys**dL)`DVQzN#Kmk(o?(37z-S%Md;D9EEnx6wIOX4G9hvNQmM~gew zN~r!oA)QArc$9kEvIS@9f;6m2tI4yM)uYvWaFh`IyQ8D2cgH=h^xIza@Sa`4DM@N* zXkbTG$I{{)RyVX>Y(?HrsF&)%P92`q||FQf&r9~57nS2^0;an6xi@DOH`0yN-m2k>9mY;EzUysHo=ZF?uf=t0ESaO&@jqh-QhC5KMkPt?@C*O3 zxViY3PnzmuPem0($uhq={*qve`ypS!R?}epFz%Cb+7n|HV~t69Nx5|nX-@K3B@U^0 zruN7ia&xh}O3gX$IVL%@12kG9DdB(Q618=@@tMq=9P8e>d zwWM&tPf^TJHdUWiapW{(^GJ|+@#wDZ4Sp4#I|=21T5@^0Y2PQaYoF`t3hRLNqP1x6 z_UaXDP8ay9pM2R>q*0?WqDfLIf3IMb(g9ASz7N%z*38pZ&F2@2_^fF1wCG#LSLrN& z&2M?)KgxBy^7ph0v>CKZe!#Wa3k-fd9Of*b`H@(_qzTIz$yL{dYFp>I4x#h)@|blI zdD2;OgEzCOzQkphXfwnzVH%u1+`40IBu06cAaeu>N!bJR2^fz)NE+gye9{+R(@yw?;qhChP z#OMor^>0d~+HzN1Jzd>(S9LpDHXX(0D2|f$bq*NijsEa3V;+SL#|&f^BjheB{836p zaT)B@?5a;UnY~(Zgi3|Ng+E!9HfK$}tnX`k(57iw)wBK4JTopjuH^ame!J}Xr*$ol zESxNYcI@V9=h1E;@q`Suk}POHM(x_OU^NcTR5kHu(y4|iEh)60Hy_qHJ$-2L>03&X zu)WZlh=?$=lQgon=Pa6FJlH(WyliByu-QkIyA!|jNm5jjlx~f#Ljhiac!AG|wmtKj z?TFCGs6)8$wN#$e1L0)Qb0a$BHROGyD)>iwL3+JooeBExue(Rje?1qG;cr7DHTHJQOqu*LFz}4+d7kF~j)8oU^r`U&~7N1*d!R79A;yPj` z45~~FqTuPV?`0)v8)+v!3~5f)ea0;?9v55plhxIw``{vv4R=8g)i(uTSbN_q1%V`i zo@(kz>?FFH+5KX9b~O%NhMMQs@ag60P0x^;FKpRq1u-3sbq+<&SB@8Srf#Os)wRPq zTbsh>U(D~djdmrYVckc!2H&N$Pd59mpqIH0B^Hh{78^b{iqFQJ5S=6+d*Is;HW6qO zN)kUJdqz=6x=!J8^)rnd+b2p!`dWcwPGoGi)o3|Je)93s+ltWqw=HjV-$|4FB%=-! zicxG0`(P$?Zd&!E>Ot*8JcUwr-6xYV74Oq%y*S?Aq`9R-bMVOf+5Y-;Q1%TYj|Ozp5Xs(ooPf(-oDn^^>g}Vomm% z%W|vzd53bl7|+m+*H@9>>DAI7R=%+0x=-t_w)YA0+7KbCUCT??p8gT}F_$1<0eNR6 z-i(7{uWqkkSLRtvrvJ-#E!Sp09Hu}7le>I%DfPFJJifFZx@!&zPTf3nPSJ>Fdvp17^T_fb44DcRqk!^C@b^dUm`OuUK*WYFp|y2zkQsYk3gslW2m zMKR^6f!z4K&b*#b;r9|g11z}vqY%0?y;G$4TVZ11Mm}+YjiEK%vAKpn@mAt!!CC$x z05JS{{)i0dc?Thi?0|txB+2otLb-HhWGSngOejfc(J0(#7b-bLk2qL&`hc>7t~hZ| z9lFDueMX~~nLw3}m6Z}?V7?OhH4gVWSiFbH^acW!Hx2jSyPYoe&8NY%eHx9?I-D9~ zu0b5&%*$fsB14A5Y{FFNW8bBaVWVzEnW#mmrH9FrLxp{WnZ@UvEium%vUOT3Vt8fL z#Z29NOTT4V&AeS!K(+5D#2DpPOiKyP4pl;aK%xh~mU=D{)oq^+}WQ z4SMrs=j&SYJ8<%$JOXy+|D&-odo~{V?R)2Da;ikD`)$OW>*9jWMS*p3S&2#QZU4Hx zr;|}eA_-35sky1u>U2NMaQc}<=2j0vu}aUy4C{Y#C4@*QVC<|cx3h9>O#UKlBj(lZ zDZehivpMC>1pcWf8hIL>nYUyLHr}j?O)!l4oSZbFr}!24rH^PX@^-8bRM(P;E_Sg6 zbpek9j<|OU8b(!7%XQ=DBPXCW*@gNL53wz21pi6ak$J0POY6_f>(WvfNi6A#YO`Ky zNjK^-Vv3>b7UPXKO^o9uID`zJlL+hAHgGhlakCn*x2(SUUT_I2z^xNmw=+w9W9|y- z;jGSH_-Heq!K$y;PZv332o8qhal>=)DA&mQ$}GZ=eWq%Vl8^LMn^%ON1gLc@6I`?` z`1COEo}XOH$?us#?;&t1_Iz{jukEV)Nt+t&%`+Rxb!##z!NU;mBwZG z@8_qucX6)#F2}>c3A4q)|F1gg!2R+Q3w$rz{B^$){|<);`0G0G^~}QiS8XDA)|G!f z6Fddp;mEy^S5^k@FDzWFtQ=i!oZOzUXpaL0SDlp%Tybz{?_7Rym9;pwf&RyAwe{Wf z)t-r4IDz=gEuCIj@p*!rFZ;of^b`jkK~`?&ES?|-M^|xADYoA=#DV9_VtzK3-&Ne~ zrP%bngf4HvDvt}Ig9i2dw6*8c?j}3 zxmfc*6cZEUe;~jwAixXM;C1zKbTjwlb#!I_tCN5AqhRG~;bQCTX6xk0a@nu>D<^k1 zDK@stf&TmR7oAp~w*PA+N7w(F7BE5n%QyTF`5y59ci%u$$;(o4OyCBjLDDpT9oK$-I0-S;Gll18>_6^~$*nNu zgs@~~y`;PG{P_(IxfP`?UXGljY5rUOfm2IG&md^@kM8!>1>`g7>O>oC4VutiaN1r@UqIZ#vHydfBfcNTkrGTLx^P!w)!yP zNCPT0>c4wvjL9>ws-YY8w?hj~A$*SOGHU}kk$bKm&%C0vmNXJD{y%Y*QZ|bl4XC~ zz!?b(bpnatf2N_21~+)C_(vJ}Kdb_IASyHvt_+3rryzkHu7`fd)f`0#lLpGL?HNnrg8EA zuax|jq5mT(`Trfn4RC9sSOzrt2X0bcC3Hu|?K{dCL6>&IkFjh7p=?i1bu?p(6g%Fq z0+wR@Ql+KP@$7$AY1z-874q{Hz?(Pn^7`u~@KrqUcXt&!RG!?wuW))uv*Qi>DKzrr z5|x(k0l1S9Zw33a9`Bdej});XArad4Gu=vvz)%zx6S+T#lNNM|tg!|Fey6xgk1_mN z*0pGfZMgT;QWb=qzNdP1c-||XIf}SO&mrJh8m^Hk_!~(D@E?78CeyVt)ph_cD} z^lrDe$QUXHe0-91t-tY+T%*4$;Gplux6S7mJp8+#fx7^Ao<0)}{UhwlI+5Uqu-T71 zMW!Atp?3|Q;})D2GX@b}0a1RE=yxHIi;2XqBd;q}evO)L#!Mdu$ z7ZRB(=Tp=dJ^@(oxC6tD?lD(9cJAz=-WO9L8MS;`Q_07R<0YO^J(=^v)z8naFEt0q z&pi1p z>2X$;tmPa&m5=3bzhwOuAkR|sJ-KXuD?*n-(PtIZvvf!vCjZJT-~=;O?$~H|?>=9g zJjLl-e0m0}{k90LO4kC1=^8om$)jumk8=jC=lvQQr%B6)&m7X3W_W69<(@0XCvB{X zo$rSu(?;oqZd@$0wzky=$={JdXx2_Q(V#pgUF+5b7jeW6f21&N1lJypM3(ywUl%(d zwRWpAu9-H@Zor06pt$HV{Gxs;W7b7beoxM~Tyt~R*snWUXT6)wesuQwKW6EjAWbF9 z^Dwp`*}37yi7QfHdAl<`4_OUh;Lt||sW~}S`rp;W6h{42TcXlAx%GJC=i&wK4VUz@ zbJ;#P&o4CnY5ZM%+D!V*!ZQ;%&n!_B5vsr~9T!WaeD}sjp*7w1w`B=JqWrN345Mw> zfQuprRGAL^B$2tTkCi>G*UrWvc9EM-qF3=6!|?S|BTWPtd*62Gs5LqxE9gw%mb6>W z0(!B%oF>xh103QqtaVGkv+Cz&@oIXxVGOA2$4*VjxAJVeR7uR-{O{{vlW1X7ly<4ZBH*%w*Qb)vkBj3MwMQ4!2Cip6kW5bqq&Zp;p4${V|N3{s9@^&4RfonWbFPOwp_cxeX@< z)}|aGgxBIo1NK4V0jI3=hWyD}e)Eq{ocl4m<&G#kkiE741YPftrUVb-WU$vzx;KfR zm)G@vy;IFDy1bx9W%GEE?D`1EXbfS#CoYCYCfhH|sBdCBrwj?0`}`)@tmr-Y4d9wG zm{%!}{OuIGil+BY9vx>4t=@sR%i+SvCrcP5eaUYHN!^#-u2VcYasC6UWclHeig?&^ zubB+9xmU80MbW=_I$@TiM`goJIYhE$0)updWDweon;PPKUiLk_t;`0atWm+m zd5~FKk=})tgV7#sEtki|xo-7w*k~m_ius}~cj03Kob`5$qN(q}trY14oRtFC1ex|4uy@^>;o^KNL>zH~bQunX ziZ?(BmPJfXNb7Lx`5}eadcTd2TjI!B3Vbb^(iA)r(kChv)UwsW8g~cz>nd&nKp6sn zwp4iM_utU}@2DT7jn6YS4L7k|)9vp-YL8eN;2VYkgkuBD~2FTc-*#IB%EqTxoXN zlK?-IhSgY~3Rhn=1>AnkF0BJ(WFvdg&{J*%1r4yAd2+3rmaof;X&8M(65Ap7UHLFI zf_hM+9Y0{MZKbScR6wi^Ty~$K?md@Ix-T_I_qe1>;GaMH)yy z)s1vzt9HfIYvv0|xeTJ}fyT?+TaZbItf8={Cq3n7L9!kM>xy~CFf`J5+wauP!@e*E z2XEslr7tx1m;E2GT$Z0yf2Pi{Zh5k??ySMrSeN8DL}$)vg6$x*A2KUV1_9~Eg1%Hq ztXJ19;ZJ@Mzc+c3|53P@vV@Dxh{*rRFF2b=zitdDWNSY9^S8uBX4j+$3OMsgFDmVD z)_Ro@b!dP#J5f97NQU3RsL6~OK$N-eLrK=4r~tL|oh{5F*XX$l`s~n_^w7$s(?qW_ z{}{fKZzf7J-SASA4>3#RvP#$E4B4Ah)o5ebs$IZG0n%5%dbqXt+GOOZZ}X8W*N?beZm&a>vW@CS+7_xo)lvp@Y zR-J^>7rkJM&iZ??VR?bSx~iaCM4LAZUW#}(JZZO6v`}qU(W$18C|IJWW1!2QDIC%2nTd}3tRWBq(*;J9|FEuT#Be-W{loou?%RuDJH^Q@0&sBnbdl8@OQpZ3>ZmiMNWJ)I}5Q-U)^O!c_n_dJvdpoI+$KvOUIMJ zMTedFoTQ6(+@9*w2gkm;{)q(awjg`U1EWZ2-}?v6@+A$>uXuIT&K zq5u9N5i`8k)(`I7E?K5|F4*cPr}AEPp}+NlHS@ITs=6vTbsh$5@bLGq_~tHQT>Ft7 z53CxY_F~rGb{;R)oMm?T1*=w`+BFiA>wLc$0RJc$uoWcwJn#SDwdTBd*+>|7a7v>W zh%EO?B^`Mj2luP%(YtN#5lN<@ki12cNhali7jkFq&V*EJK2E#1H;w#T&m`c_s6H5lK8$-(?A6?{Lf`3 zz`k#vrB{@kq4NS(=KTe{7euX3u>j>(;^F2BaSYtRkT+@ki9>IHCK-$@(uXKbMF`P&z1Nz0JJ z&@m@C=6z4PG3y}b7XKa{d{nC)WDWyae|EI^v6-!t0MnV~*5&QrGE08f;+;~wwt?tn zg@}1AcB7jg?_c?hfL8x10B_pZMsD&9wKFHO*9w%E`<1BcE^hG95aY9z`zb1b*NHoO z(%HUjZxXEzs(yFLsk}g8rA*~;f`))F#*4jIwtuo8NIY{gnWPfRvivDX&_hFJ8m^fPcxz&nlr zLAs3L+&AQj{DUC5y{ONJCG*jYR~H<-D_nJ|BAjjvv!77|kI;v0fvNlQ$`%_5uX;9^}xhcbUTjJOC zVZuBGBW{`pQ~e#c&P)}y$ag#si!(!a=4%B!DS7Dyj>|i$ObUw0JLkTc+uGRF*|S&d zUBt2$naxW8ZkIZ+krd-fdi;l=TMciiRb*TKaFK|`UXA+At=u9nds?{a-??HOgYyF&5yemYW`_^N*=6)g~O{-#Dl-HhGHvEe1ablKmgMHw9MtP4vrmjWs zKN$0lrWrrIbNJZV^yc!Yo@Iw60>c|aoWoNJ@=?$&yryhn(NR$Tm>wVSAX`2h+A1lp zrW5w0O}_2MN;&x}+1XiyW#(QOd=l5;;O9T2?*$^at^j*`qV)0p5UX2G3hZ73eep1v z^z8!R8KZs_8Dkp+v+C?%V-R`g-ZNABXl1hD!!-5X`!{Zh4RBpKrS?9`@CN&9Sy(76 z`BTQrzF0p#-KV-G!*?k4d%PeZvgNvjZ?*I+AZ!oBAwk!=J}#H?u#x}dBz?z?uA# z+Yiqe-QAYJ0sINQcVrS^nI#G(W0$+(oWb)oW6TDO!&@i;*a1_gS00-6F1WUDVGnx^ zd`iA!fSvSEhRfXOzy?CZ1j8T_QE0;Ob7w`n9P<)Wsae}|gb9}vFsginCzFt?ISC@IQ#NWwxwlfwRmfuIuHJ*T58k7Rir6lM;;%17hQGF@;>F7axwNjnUKsXy(G`&ev*4aqLj;-x zI3WgWR(*Ck`WYS!To^b|1vyXySqz9^$IkDq?Y~`s@IH@0z7ABv0w!o)t4K(eWBG{l z7og!l0tA9rF#6WA+fc1OwRJ|0Eiv&gj{O79xyje(A5QyeG)<%|lE<6%ra*&7H(efL*enmHfSr{G0UH0H>xAclk?m2Ui*z zdgEu`y1kygwf@~<1b*R^m%PRL)Rn{B1OI0s*2ES3KoSB@TJooW$kg?*?|VKa`nQlx z+vc}#Nxc_FKcvdI3^WpRT-UF2bGD}?jdmUB-gtTz)QB@h6ABNNL^C*>UJuug5@_*l6{O&*K zHl;qo)Drt{>>Zc-en z8y;*#M^IPH`QXr?iiu+W;yb|vAfha12| z+O7fwr-^nmT7D+@ajY(QH}y}84p5o8_S>js6##UaBwExN(*n}G__Mc+{codPvN6CO z<>)3a!_&)IngX+2(|AZUb_HlH71+V~_x?E!Zm?7FUmPw5Jb4eD=mQr6plNcibn73C zxfCZbABzfyo0s$P2If;J)6Dpi0?3pd;oMJE_)YV_U%(V_DFNp|ikp9}lsFBL;`|s+ zKslzCg={!V6O&638|1$oV-1ah@w@G3z&=Rz{43+jd|@}5i3AMJu7}^1H}>U4q8~Ui z<`VI>CfQaF=g@b_MIv&6pzD$P_2ur!9At*QjF*p*z|=XAxWQPLOUWppkAw*fUq6ckF|b$=ZsXoxnRH2N56x_&$0m5 zzUHDQp$Fl#dz3rorM_gqnc3-PO1Cnm3k`8Pdh2$>(E}h^`Y+-5cTAHN23E#;aC|}k z5?Q8cmVxaD%%?M#HTD*;I4N&#kCFbp{I&@I?B$X8!g!gh?2EjV*YIvdt0=(h8%a|k z|3l7KKp9xTgdRf7WioW#1Zd?mdh*Ii@E>CC2Arin+Z%~NS85HwAAgS+D64U~s&DTj zyTAY;4l<35%zq!=TBicuOa1BzyTly>Rv;)(lN%SZYz35>5~An-Ufo$l04#8wmvsFI zu%LH$S)WU353(d6h9@Mx z62pH5(Djh?FC+9fAX;7vuB?S)H{M=PeA2kEeNGgKnpds*P$#!N#Y*Ay+t9hO0FZ=B z?!+1^3y41MHU2*!q$3GWk-EUIe#lV5kL#m%r-6F zRe)>M_1gk}VAgk8fd**1r=%$vg5sIzmPmt#qp1v|5Kudo91wc9yX8^Fm(E9}V9(Cq z+hW-;ymms==F{ul7`5#UlAYhaW^6v7+WD_|Vgjc>R=Fdi!&~S3Vbn$ex1#@bnkMDH zj>TAQd^>yx;!1hw1J-=qwXN#!FQDoH{{V6t;R!&Ka+cvEFZ1M7wQ~>RJwN~U%w=PY zIHu0erXw0R7Hlui#Yo^f?SU^(vmkLiwn3MtR)!iP?9oNP&&5Doe_gM&M9107;Hn2F zS07T>b9jpV_RP~N@cFHGs~3*^gA+!2I#;A)&KN60CL2^&4!82`Wrk;v8eIt!BEWi8}l-&!|d9Q?KT-G9~85+Tm#CKKsNvPtvn^T?k zMtIwklRak;@JaNZKSKW}DdN$j3d_%qQ)>C%=+OB#d~uQCp7N>4|q4Z{Ve0 zo}|HRLjJpHx^#77jqps!;A-vf1If31Vn6WZeVitNH-6TxJ74m-PGUc%ZOYjT-+te9 z;T)H?+f2PEqan#{Cc5L+&3plr^t3B{e_!-^1^+tSu zWYiX?I9tQ4#Ms3u;s(tfzKapFd%N>%_BrZXvo{~Ku?IaZq94VUuI_Lb-;0}@Yg(JI zp7b(GFVrtyoE9g%w%;+UxX_s!t@d#hh*2r2@2;@U&t^M`Xqw^;hp zXOL4^Tbcx`mm4<>pwoU&fc#|1HO4-#N=t{Rh0NiR5oLLc?4ePSwsNzd6t z@?zrXbo|x%RvXVm{)>#gx9ftSaz>y1xLq_6b5aP!m>y*7NBk(tTMvG?$ZwZ;d_H&J z_3g(4kpk|7(an@QSK&S_LUhnmq}fRO8AY&wSH2m%VCqUd)7}!{q6Z@1mG)w+b#L)) zFRcxlI7afqSoStnFJ$lZ12xIQaSFjz5!;5N;1fBo*#KOF+6VM6V;C0`vZHxpZ3iVX zRw1Uyd^51zK4FA~j0sC-e{b)i+;)1Wb*9DEB|PaZ>Qnso82{~3uEoOC0B!him67c{ zpNjXX6pe3KBbC=~3VN~sLh_D0A;rfcBd7$Zi(l-*XLkhVYPFXH(h~FiRH$EVh`ezW z=kJGU3nNW#E1Z|PBOgYd6d-x_iO0A?yFiq5aiQ1mX|&{=W_k=1Gu)!PXuG$clms@O z9mmVjSgk0pDDBHG8ksi(VQZfjguNJleKtYcQN5NsOF1u6hjb;~5zqesf;|RMyYfqM zUbIrg=kMhg5ysu@lr{k}$bw@?uan(-QF9w4)(KOm!+^H8v2&Fl<$S&a0s+CZu`V9| zl8q7XC7*)F!mZjoKCd+tf(`hlML z%%GC4h@``aLEigGFmY3}L~&pr)dQSv?HO;~f8 zWEV9SlLimOMEihQ0eq_e1u$=(izNfP&LGSdyCS21ERSLN<0x}BTi!+1tWz(P=l}&{kl80?DX_=<(k#O1ljJcy;IvOlcQuASbGZdQ`UreRb=sse}yArNY9Cpsf5L7h3 zQR0KwD!d~*>R4BFli@m(lv$hi5-OSFPR@o*WfGxhpmtbD9d9J-!t5p#x>niS8D}FxG?=!|BWuT6mi}fUeZq&x#yAlpY@AJQ>QE+I@b2SIjcH# za~llZ3+fJ-^zuoc7YCUkd=J*jz;iNK`@@5Pis;NxnDe+jCIt zu)7uT1Z@RPRi88$i61*g48EU`GTU@Hw84dLgn&Akvq$&XT-v>cPyN?ski`ce?`Oi% z67a0%%`XU{a77ajhnTjW{L+k8NrODhS@)Jg`nu@4rvpmb>)F2b@hS6gg+u3f*17ps zz{=2LEH*Y5!A!px(2Jk*HAaume$e{@!aUkB(rqsGxM0ZIkI(RqV+I&BR;7>pi8xZ% zobF$9+4x-gGZV8`>0WNipEsE{=TJy@0qk3!I7r{O2mHgIOWH0he``}0ie>L!kC&}d zM&R{WBuK?PirD+n8*=KO;Lm(*t#;&8@@Bu{k=LGuz8QtGz8Tb+mzL38rxF^x#i_=o zA-dvrvfIwp(HbNA>~_GZm)GV=^5Sk}4;YNyL{0Mh-S1eacp=Td1sBn{owAqX>$vpB zCB6q+=e4J+R$Xx)mZPvFd0x?V-aEM4OXOc^qaT? z`)uErYAQV^To!fx-(0vi`wv}@V=~& z?GN6Fq6bfdU5lv6qcfM2&#`soubwCgJ6#i#!`|^W_B-{q#6U`oJ#-$$N-g)*CiOjf zz74{iHlcrwJfGO1U|Mp2tc7tv^fdT3e7nuYvXetHIaazu7EkU<1pv^@_zg#f9m9Jct=JZZpMXi2q=3XunD`jg1`S;mIjcQN&a_6DU!M8&K` z5tyAJ#^7U7w5}+7mtu2R%CG$SWWIism0{4uO79I(Gr$c`r*K5aRBsV1QXnGUwYA#S zgGBC(RiTS(lE6#QDT87WJq0~TCPTpwxDhwP{$SG7S=lYx6WVe5ncFUnLEfQf+urfR z#FVqUT4$LebU^$#BU{8@6049c*jojQhD}C|4z|pGEbw=mcQ(_7;Sad5=1^avya_C7UZ}zJrKiI z@Y~res)`*Kk2v?<=Lh+oM}`{i(38<;_Bn4O=&!F5E{d=5WNN2}1ypR~(*CfEHokSKoIf(1y&hM8RzI{F1dmm}YG&L3KYjvSkvtv^{d^eT_cZCg#)b z8y47*Y89pL>m(10^5)E=9|H$8Huie!el+FTKxGe?*6h<4Hx5ER7i1UFRO$>!?=VZr zi1$=y0jaG>T|Za@w9b(>H}mZutQ@<>X&P!wL9*i3cr5Dd&Ry(ti z=kIlGnF~d3kCmR3W_q(_W%Bo=je#Z8qdeC-OZeRLhc=#GDFB08DTZAOz2O&*nk6CP zXu@y?CtlZ{FFO1(yBb9wMkpi{C9dhCaSI^+8p+uCt*@hLl{cUxbBCu-(00w0?ZMUEYs&!Fyg-G@R( z&MQRw$(3uuZD$0LR+#Afd3X5}8p*{p(Ksc}BN}0d&{-!NQ4!3n&CQ!;5x`k9ScCbQ zbqf({blRAchMo^L4<;KMEhKMu16|#KXg~soCybD#NmD0fe9N15J=vA35G$v;hxDb* zdJ%>gy8<3)zKwl~gB*llg0_BQvUQ~VgkjYISEQ(YQ|#3|hfI6`+IpsqSzTKYrf;aujh z?((K{qbBAY0;>>*R%;?5R>KhCo@4ME)wP4;83}1h=;C>{h=63C$fGgmf)d`hezHyi zr90_ABaL)|Ws1J+rUfXL1Rc*H4MaC7V9)CftuJ=b?h~96Jo6QaP=Yz(!nw)&xu7w% zYnzfYdAh!+BaAl)7nLJdsUiKw4X%GsVI;NbV0`gl6p9Mh{Q)bfj-eHRnOB4^(-OmU zE)dnZJ+`PVQ+`khJ8X8Q02My%yHj8`Bvyn8vrWXDc!vZ_tP}GdLwg8!(0z`#OFP^O z-b3w2@>`~GCQL^C+O{n?CTtc;ZeNyGxkU#kb<3zQaq6PtKWbR_GJ8|aFU{j6g@N6VAaqCdfuEhEm z0IqL;)=RI0E@Q{YTNVL-n>=W9#>51z#5-9| zJF+wXt5YRyWbyDbgD=GZiBka^NMdpZR{M*4bczuaw$5kK@T0N^K%uFl37?9rlf>lD zmgDhR4#@8q%R3d_>~OoY@m##!AMf_FTTj!y;GpT*bX}%movBef9~aU?$5Z8$$r9cv zl#ilOR{%sa8so-e?h(^I1<^2y3s}hZ>N#uGrJ3$uzIzM_+-XK%DSw7Op8kqkI<-C% z?RV5`pJy3E0S|EYS5{4RHX2#dhIYKMXL3R}Fv0d;2Qiz_f*Pkxw?Rb%Ma@3GKWts| zP+xdEKx1c1!bCrP;DvUWr$R0v?nbW%pB9NC_~?tFz#%wKDDBD!1ex?RX@B!(Ho77I ziv)chA?medVh8PNjYSqAywx7&Y~SkCdJ9!PY0~0XVF&goJ|empU@3v$hz+UiK23%j z=M0i+tENDHL1{Ne*A4_Me`px3B#ZKH^SVi6yIxsmfC}soU53l88zC_4vErKBcH>@l ztJ5CxVsrFBeHaS+5IQ3~T1T+610Wc7Xdc&E`rz1V3T<|-5;r~5KUrXG=Jt5Y%x1Yx z()&ta=%MZ%<^ZOuweM?XxxrhI;rY!9LI@B_T@m+jAPVXN&OY~i*sC}Fn}9AcOR3&f zeQp<0XhG_J=k4?oLo%p+TE|A+;>%ikTC^7s4qQ#fY5-?_>Uk@+HkXTLBx>!`6;>hd zb1h3fRSDnc(CZ@^mkZ3|W==gg21@0BMOA9KOm>SaJMr|XwXpr5N%O!y5=XfJ$!K|7 z1a-OakYXBm0upr??38+O;xhrS-f#}lCcRVAr#rC2o;ZU9$vH-(SEfTq%nBT^Ynhcl z1A9^dj5E^NQ5zizCm2DSXs_cZz4(5zC}B<0xh3RwHiPA~HrbRu3-&bvh}a(r7ty>W>2)pR-m3e3mbHnMrd+i2K|^0R()3`V{I>}R&* zg+ulrInt3lyu>YrqGLW}tGR~BUV@3_=}|SdBD7eO0y)$I1h9%b+WqA5_I@Z=PR>}pl+p; z$W?tSEFM|IXwg-BuCQhQUePaE!!8lQP7F$VnqKKC;Dd8Wq{M3IeUWPT-~=__qj$$*aQ>v;jeDqzvHfkXY=HA6 z?osh~lk%T=hG4=}<^zlye&f`Xa!D%}!L;waeHtZTyL4q;(ywcjKVaVnU0s*Ny1q;?3N>+jlb_gY+^=bn3j9W}EZD6NGr9{79n@pge*>5GENSHZm6{P!YE^>p+6 zF8mJ4%}tb$(R6let4$)*93=3mlh~NPlP(R%jNVB+u)T&OsKH147&8A8JU$|fWTLPq z^(+{GyqSvW%rQ2CAP$};oEgLnKlNR#@?%EPOGzKYO$u7NdCzY;oMcYva&cDWK`%)9aph1Z@^ILv-NC(vh7Kn_)<0G1Ts0t)gb?cET<2&(=k6 zCV~o~8lSo`$#n?-CK^@(t!rpp@`o~Tyjw}zrW5JCnz<~<8xE)DdheoB$5QdAJn}it>H9aV;^sW*(oV8ViB~Bu7V^K7Y1(;)ZVz^pdkgOwc_5^)+f?obxqh>?(~5xJTp7f_*C#`&GzQ&sdX6)5g@ zzTutOjm~sk^m#{PbGFVj71r#0f%?UFck~;`3}%2^H4SGh7-i%%VE?09$U_5=i8l_Q z5l~vLD<`nmr6CnB8G1R;QkKc*JnWhTds zcDdz8+w8lG7wWujhMIsI+>?5)NjmravNtAp-$EGf z-1cRm&uS$?T^t*Qyx4Habl+LLBk=O&BOEX?3hC~#1dX&T>=CN7kyF~lm=xNFF!%x@ zkd!%j15|x3MfQWsRuOqe>f=W@ir*n`bQQg63nN*qy6_dL3JB(upTmtt9A1AX7_;7duR4_0t4d| zKu2q3ij|Radt|q*GmUt_>``7w(bZ39x;lrOW#9JV#NdN@?GP8>hu0E%J&#%=exF$R z-!8IgfuR#fJRPm!99F2mj_nK+v7&q$?M?j{pBlB!p53 z8HI>Yl08!q8I`?d71?p-nb9&LBs_TikFojr5zj_i5I;c%Sa`;6FmX___ zNMRJa2EcsV*UxKIHp#@RSu{2?nBcW*|E?{)EMs5LJ;^Rc+&5vi1~i zn|DB1CdT<#$Mqcezv=1q8(+M?*4DXUbESHD`}s||yQk1J6&j^7;JsKQJ9YxGz+KHc zxKabuMosG_bg^uEQPZXb`;}e6HR7mPENt62lPrVo6{cX(@L5L+^Jb%9Q{=3SJX}G zlu?Y>MjV*r7ejZ)9jh9la)+^=oL(x;9&Ajh2oDR#=8$nG|Jok3*jb~;kqG#Wpb_gkaW^FsIUuxD)0+VT)C+yPZB3q#jNCA>L3Da|aR+995W&S#N1!MvAa3I*HzyQ!72yyVP zo@&knp4hs^Qd71IYQELR*j~`vGTzsQd0LZt!7p1qW_2b8$mR&AI7Tx5&E}NqDIOk{ z6Q|#S7Y`L^7ZT)*x+>hRSQ{LEj4X+BG?ajr}#cIcPB^)a8p@YkCsnpJL|Bz73 zZ=!tEkGXTv`Ngi&A?9kec&|_zGycaMxN`F69K#xww~Y_`_!Kh;oK7Z!gwu%lI_P`)cS>ex8D!@v5Sd( zr#4b6BP-V{obTnwu2xsP1#1X4Iyz1JI6BHJHETFX5m7Q4qRvj*1*{{5HI=hM*0qEl z>FlMgzNndwkK;?f*dfoqRp`dezu;Z{HQ$m~gTxEH@zWFRDD3v09@}CbcTy*3FHx(=p5&PW%`^sWsm7PvdMv!CSYC!DIVXi9s@YiMXCHC$zLEF2K}*>Ibxk!(O*sctsFT9oF79 zy;F+aH7G=Z7hf-USKzN{Y6w01fF>jWmKy$F?`)&2kOAMk|YHEHtf|f~-^3IRc zukI+Vk)o4>Tk}8i@{pE?3Wssbr#9llwh_<=JXsQ-4Qy(<>4|SMamGdgurA}*o42*Z zr3;a8p9S;bw70o6$jH`!c`<1P7`u=aCM8p%*uVp?>{Hf}H^+9h2VTsxSg(cXzC1jx zlu_`L8%+eSJP2|0dD`x8 z<=nI@<9;Q$hVrPg(M%XX5zIFk&RzQJIB^M56i`g`m~KZ&UWILT&Ba(91$(bd(^U`Q zRa&oAUxVYGTk7vChLfh+`A@N-14QrlN2({;iCsc0ZCrUXN5hAHz_rhHVVFpZ_V#2HcaSXMF_- zB>?1N=+!H~CaN@)oeu2Bt{HFLdiky5#U-;SeF3q_qV`b{T2I0Ky*Pd0Z$|wo-P{1a zWez7_dl&?JO#}iGzc`ndB=}k{fS$w`h#2>30*Sj7S;%F^zsMo$jKGRJWxFS#jvmrE zHdE)_R7qc-qcULIoN9hWY&)3rV!!gGPW5sZef*j&zlT)@oM` z>Q2hcfOg*>K^0fqtE=CqrjhHBt=N@DC+iAsdnTDB(H3W`OkA{+J9zw(6M&5xG=S59 zmb70LxqkZ%FMWy~dCc99x#i$5@AK(Rg|Z##fPL>aG&$11BqW^THE4bKtR+-3Ac}kT z#mM^fw9T%3m!`F6ob@v%BQwF65u7({xmAI|ugw8_`Dm$(LBkHprM4O?hZ!H(xuqe# z0>&1Ge#EDx)^3c`pFSD4XrNR*_<3dU4gVPYr zw?;zIByf|_y62uo&A~2w@Va*w*<$7VxO0Za(!--xJ7vZS`I!w~Ibyv<~ zA5a!uRHYziG+JwKd1COO{0oBP=?mS|4x-$a`;Z|PiSk3OExyHH-SO1*IzrE?>ZZdO z(d$5`fUPowaN3&V)(|>vd<~R`&L&9uE@7_ca_H}G`~rUfU{Iz7kxi?SDEHC%^T&s- zm|hX6dsW!%a-rgffHo(I6^IZ>MRzZm8nc7Piua{yu(2r;`5?^8(TEEBdcf#!Zt z?jMH%1UqPr#-JUZp%k*V*ZpL;ysV4u#z6e69#EwP#eM6Q+f#V3K_<97(w>h%*@Ir+ z!+ArYHyc5|0<~cz*^B<52nxYi%ZJ#UYZnK&@}*4XW%^@5c&(^yj1@Mi@?9`BxgqLQ zpx@c`by&vGwfHhQ>8BZF=T`-)JWW;WuQJdi?o zpBimammn72c%}3Tz|U}?ulonS-mVIy5K@nSw=zELqaSv58vsJcm+aR5f$hWjw1F7o zzIyo{OoM=+&=%``Stbsv@gMFeq5CV2!q*u~fNIp!lfWN6Mb7$eT*cT~U?T@I{jKAg9TGY=gdS8n_J za1VUC{&i6EhuJg>K-0d|zzQK~F`}-Lq7n*K4Tt=?j8vwkd@&}c$VsV&u9asO?oC=` zJfqU|d)U1%4nR~M_bbzJP{V&Be0*JyWjYaPqwTOq@>} z(K(`GAVSXvlVSSX>c~KRp&$!-^D~7xrnU9bTMeaKHl=UEbKR}@Np%h?7U5w?hvm_( z@fupwFA&&O$OIKk2+NUY{<9wrGBW_u&hy?@5E4H=B4rZ)&ulc81I0_?*e<79zT!8n z*X`xG!~!|nBfoGAL2h5Zx=V>`DxBM|tgdtH0m|2aw4k+y^!CWEh4bI@;0mW0DI8^* zXM1+S+xsd3vkY_!8FTnkzA=U)Tb2m3X`zN2=X!fpjQfs@eGDeUGjg0)5z zlqEi|rlK^%@~Il7>2JaK^DWKRKs{gx&FSyu!Za9CcFh+pWfgTqb5i%OPq!PvD;lKB zgTJ1c9~~)RYaA#>3K)M~#5;dyoV_}j{dhgLf-m`$GC(i0^djLKm~L8i9tOFKNxu}^WK>gaOAX?fa8(k#pfsx>pY5`7}GGEd;Za%I9+mylTMgQ^S?tzSPGQLa| z5YYFU*TP9~yUkKy-y$J6*ME5OzqK(zaKnbVZE!%5D*r{9cmCPF-wHn1V?Lh&3fE2q z{k&jMD#nup72`wK_=Zrv)zPy>flE~YS&$1dZDa+?$PHn7_M6_NnL6_eMK?GE08sI_ z05IBG->Uis39(yxp>v94=HNhU8RYvhKb;Z4?Xm05ol*RI{D9vvR`gU!*!(<#;0DxU zh1+8;{h9kLV@~1wb^<2+M?~Ghc#c)Q|9x3KVmFDI%q;G&+8gE$BiSlCWqv(g5gaJ? ztqManTU(rrLw3~I;M_>Qgr}4^V7b%n0C&cBB%#nQ8=!z^s(vK(U){caHOQvxzURuD zRcz=w2a8xAvv1I!N+1@&oA{7)oi@fm%`g1pCEQk^1a{z1G|4^1bUWUC87{qh3Zp35 z*D=r!_2)?YAi!~j`wo`FNK!J_!+;+|!r{-GxMz_(lNw<1L7~oVHznXKn0rLqj*H+} zgs>>W)kcd~%!O*$z7YT4cs^m~vkUc&Van&TzZR$8Tz6yf?|U&`-P-zQZ1W4pDz&+G zG=k~HRh!#@cK_Ni?s3JiV!UvdiA7q+dZ+lJMAL6TB-<$B9X#;w#&t`pT^$ApqP5T8 zgdzJI5Q2{$$BLOm3aMgKtoV|fNtHXt&3@u;157F9o+qV!?B?hMK~a&bhA-Y$bPStS zvw!ei%ZqKH2^oN<=@->yl!x%jfR{Vf?ZsT8+U;x^+droL#CT1e^~XmVI{-Mc=(Fr| zvFb%SvLqeR*F`owY?&ydg=u)f!N_>^LMseS!e%GlCmwt{L5g<3no_9N5$8E^BQq90c7c{;^4_ys?6AhE`` zBfp+?S8D0$B5j?1(U}esMur6Z_3&wH8)UZ*1|ENu2$P-30wg%HeHqd=w<~<(T%x=j zyRj`$NZ$99jHEuG=a@)bka z(%&Hx_{`#gDgle$GY0qZrQ>m>wYG6OlnycDZ-XdKSwDLC?Zb7B>t;#%uY(ks0X~EU zwhA1rE%HR81Tz^~E|9Iwc4}okUaz7N1pu^p9LK?O>+AHSj45X-EfAgD7(1$vVF&nt zO3ljZ6^&VUE1hh*jIos|P_vNTu>D=YP!Ikj-hM%dVe!?VH%gYpSXAv4=Hq}q;>+!G z3q^pSfhY_C5BOZWDR5>Ja`?;Mqkts9oZ7zpXKHd_>W{2``koAa3PgjFVF0dPJ8K^$x?CpM4W@>h}W*xIEGf<;o* z>fh5q|TXCmAcSfLF#N0?52-;7L5-5Zv3_+-lG2 z0Pk*6Q9LnXl8IE|bo$itK3LSgTuW2_Ti>o~eoZZI+h~6Gq4|fkLkEa>$5#raw+rt21ggNWB;ZZNVS!FsS>ezR?0A{k z{^eCephTGmleUItB(?WDZrW8}=%3e!H^(?fkDAlAtJ3=R)=RQpLu88>UXDTAbFn@D zKuo&|>E)i%-t?{~nn^8BJX?fBtvzS+!;Eo^G)S_VL~$&~Vh+*`sHwjOv=K1L54?XX z^t-i|xISY5Tk>6vNJBndtCb~ue89KDAwI!3%gAB4 zW7+48bbMcD0oDc+@_p>k{@|!j@jljex?-xF-z6waTpqqPD7KzPp+~w181asKv@P|A z&CeGma@qnqy!-W*(}<6PWN|v_Hs+ZQ_nR@8WJa1?A(Q&~9%;ku!|Va#n!OUtdyF4~ z?WFG!bfT&k8meE*d;WgNDsphu!Nu8Xg1o*g8AlrcC^JneAal7|A?-}?t(TEpL@|-- zrC(+t(&`m>F=-$C?+Ml<3>EZ2W=r$0?}380Nvia)TgXL8L9wk6}+TzRI>IPLZyA6(UpRAhJU5EKIp8o)jlljtXWd-ZS-XwUY4 zm1EE3DM|+)q3yaNDl{8pJd@2e4~#N4IVa=dx|BDveV0?tL7f#KCLX4_25e?*>y7w~ z@Oh~W{G7&>Y_MtY)hU_IX2>H4jp0+WydF9E+^Bd zTYm_fW#Sqgxi|COA+r(tkdL_&fYVBOJmqDzK)8fB`Wholy%2=c6%~|b;n`2k^(IrRU=gY%2oR`-F7FVe!}=y%{wqQKLp;Y zLSQ1&@`K)pv4-9w!7-=!*uEQEIJz4ouv3u}X(gbHlz zjvM*k`=%vadqdBXVkC2auK#;AhR z?ejH+YqL=tqBzeLH6sJMm7%=l}N*DJ^_0F-xoO!8@ZrQ4FJ$PlM= zH9hbfw-;j7m$w_52rx4a~At%RF{Z>5qN1NQchF-X0C zP89;|+DGmeDYlDNC++%GrPRnPlG^~J=1F?^h#^cbs;XcQ2*UHPFa9s~`&!8RzQr6ka#=WA7P)Cq75p2=gRm;FRmNtUY z>ddO=T1T$H9UJmSIl(#oiPOFfijYcrd{_DvvqYR~xjnEe>HHn}Er)6b~DAy~Au4%&2{@XaHy$5j>!z?583%N>a+)#ZTC{RqAPsv>K57PB; zur8^*jUKNm9HbXnXLb<8^|Sg!eIy%C1TD3Y$?+9~;q800C97IrCgV;@^Pc}(blwBd zP3FRHe{xS|KrE1<`hP=!6G3K-Br5EeF)>NJ8J+(KAPVEY&h1vODl&;scgletgdp8T z1U~j#89}8F3-p8_Cg)?SF?XbfM@N=w-K-0A_e28B_}(*-r&JdJS!>s9@hzh(j+WIC z5HMVoPFjpf7UAHOk0SwAxcBqa9g_P9x6_0^St+m=ey`k~XHJ9qdZk590(~)m94?eD z5W%~G_ua-+j4_Z^_x(4JoohRh2~$#J)q(&GVDqWm81|D%FoZxYNPKl^^Av%3Gj^TV z%KBwTyJmvTNpc@$3+SZp*VE|nZ*TuJnc;waaX>NCo_TF%tTSV3H-oQ`j&g)!9_zjJsbe4XmIEK&Z z`K9Ho_9|?@_1kUfwYP~oJy|&+#eA`=L8(6=nvfQ@6!ko3ZQW;Pg66&P96i)?2LIyy zmc`AhBmk*S63m)8#aKuq=*{H<94PI(?r3V&)uqT_%<%ZT{m41J89P6i!8Q^tk`dhw zWYRkawZx>8v_LIT$4$Ko<9cBptMZzCm>pw9xjED-;Gtk2CGB>nM7{CKPbp38YN`$3 ztuz2BWlvtOdtClx8dK>va!rNb=O?K9=hO|-M)9*Q>3|TjsI%mv57Qmu(?RN8l`iEPUP_^M^DU|R z!M(ei8ecibPJxb~JzqW7$!e$RT94*#-YOG!Jgfd9SEXPHF?aEB(~de>1mP(SJkggy z3@hHN(0aJa>jI7a=FN ztJc9%dt-hqqGC)wh|-ZK6L}R{pLMxZ>|3A_LP?p7zekEDf>D@c-GYn?$tir97UfK{ zw~}GS6ZPV)uxZx|exf#C%;kw4e%TD;zZ7wtBl7#s^g~_2^varyHCoNn2+TWTeOVi) z!>9Q)8rA!+^@ZViJm5R?)vK@yCv&W2-|j@owBJUx$i>d&0Eza}Z&#$Sld`)537NRJ z3fMNEM7)xAs}{B^5q;fl1S-`HsgoVA*`IkzoidB0H_W#@Kz2K#0S9hG2)TMKh>w$A zGOfhhN>w=k@+fsFA%uPl`UO7`4+AQ0>|(PWYz}6wmq_&^d#8Y$ubVo+T+ki~6~t|_ z;YQZ%8sC!Bs1(}zQIQL3t)2I1Yv23#9}+>8bQtd9Z1OyZdrU&_{A+ZVH2Uc@&i;v? zr7w8l57LM3+ZDMpA)U=X)<)Xd0WWN+jZz!|g0DjbU;IffeO)N+exke#!dJZGS`v!p z92r#*Pq{W3|5uUiU|RF7G7IN1L4gtd`}Zl7?%fX=cpnu;Blr%BCQ`(MDFysmhXT04;JqADn;ZxU9i=M$K`YAD<1uYl#F z6tDf=lqG#ietmIaQqs%BJdIP_xc$;}BYU%-u5uJ1i`!fDu;km4Cy4M-1YQ@L%jx65 zu{c#2TY$QGn*G^jhJ9n@xrg*{k)o%-1aB@{VA-!XIa2e8^sTLZY9QQ<+zfm57O3}@ zrK+}L%4zUr{ZMmjhom*q*mnT$?)?3Xt z8FPMH+&R97+>R4@BM5(&s;(N?$2!F&zc&1o+0mZTPf+kjy9G6pqXk^*2t^Gh6Z7WJ zn`BVkW}4TXxy*n?r7M!1JdLIbtV$xgMQ&u`Xf$bx28p(!uwS1&J#VWzDVJ%XwnOLi zm`j;_d-aqL*{RbnK(e4nj&HnEnYV1(GqK`F^t1Rx-jlrkyS>C>h4xdzsi#X17Jt{C zr4Tg;Yy_Q_;BZa>W&+lt7_@Tk(j)A_FD*~ytp|Et1ShB^ii|GyGdqS%o&s2F2ie)W z+tpiMm`tI*g_n)QHDyT~g;?ysY`kb;I4Gr1+|pDpT~V4wOpJ_Axo-Ng+3BCDE%j~L z?n&z?e&8TKR5Uoq$S%WKV-5|EmZ=EscyXY4w##-Hbaud}TFfL%5Yx*hp|s+L|Ee$A-WFu!~k#%JKb zpgRkuwhj$6{*L`sf}3!emrjg$zJB%8%VZ-y?(ryzhrk3Di1d=ucPw~Id6fLyCgKyeJ3b( zdvFZxen}%TJ~T@H3gmPdb#~_XlaIy1g4$ezd?YjrA&09SNHgYMZ zVez*7WjW6xD762?jc63=wD;`Ylhiy+071vz+&QBC5!0ywT$=qUfiL@rK>-fD&NoLP zsyeCa3>VMx4u{>IG6i1YQ$T^@{r)@D!!U^K7njSvWZ#hA+QS>R7X4SbA0@95E>n+^ zMw}@QM6R`Mr$%hIJuRu#t8bAH`ki&d%sFh(4lk61h%viGxJ?+&-P~w{Lm#60w+c zN^=s=&*TMu8Fy+EruXsfr5bzLko+qdK}bF`${$T)`e)oDM+|>-me(19{Xa2FO(w}( zCu!@+pP5yko~%bloq~r~aG>C+byc9;!Nr^T7Bx&>h_l|V%WixWrH1Lsr; z126Cewtjbc(-HgXvt-Z|sEQhTMDMVM3~n1D}z_QCtc;7Bhz?vZ)?}^Q_Q0{KM0{cX z`d7aNl9iCmfT!hk(k~wYswCyQPz&L5fnq|oF-IN)7QV)ygpr*^H^c%Hj~hKl$d z$uyfGV6G@>DG}9wG-v{@g!{U@Cmq;#s+&7K zKI2PlBN9Fh*N~qrG8z4)TrO3I`XC)-CQE7B#O2R^P*+RS{ ze?QRB>qgPU_1N9tBx9S&AN>BD(h5t(OXd^`*C{BpHy?A=tohA(pa z<}gJS5n2WbjKE1YQswj!ezK$+%DJ5+MBgyQtInwATdexCe+-627R5_(md@HU{4rBMX*O))-&uz};#^Fc+~tqv24;89 z%GmvUOxG-k;&ZHAu3q@~TTv9_5$j$A-gk2v%`&JX<(~;h)s+R|AA9+odUW;jRk1tu zbhl};zYhJN;!`%LQVY7pi1j(;9tcAQjRwt~;v7txX*uGg6Avy}#Gob`_33PSBq%5z zXazRn7YuP~$Fpj4eFv<`=NmUj4hHa+A;5|Gp6j;pz}Uo5a>)Ixij4v8-h0g&&hDRS z-ziWO4;CYTy#A}7|H_QwX_Ag?5rvSs0m6`7907A5O2DqD2*^|X5_d-EP zt~TmxWB(^?rH~Jettw_Mk>aUkf6|2!JBp(-`j6pR;1 zG;sH_{fd~EP89k*w_F|wBqu%bHvIPJ;;YZ83irt{(w{!R8=R!_qWQ0tKH&yNxl<(j zZ`g~fM!@O@bP7mHkV}YU<88{Uks1}%>^iVN&DG z!>{kg#^m+>havwEwDdl(sLFDlw2)(hejpLFM5B$3G<7<_b8~E#Srp?Y?2;oOG8JB| z=dQ`al)4_h{BCq%u(R;-I{uzJkii5HvX#$c zu>W;-`3=P(7!}Sfi&Z1;SJKG92kYCfIm(?=&FS#o6LW)JN;RW)And3yzdGYQGe z93AsncNeQ9?!#ki4^!kKkcB%;R}Il&1@HKYvkRiFMqFkTQJY zYW@(Z8mw0BW)8fO$&35mN>3dAzVJT&JeqLcd5t{D55srj-B?PGnIA?)OfR_ml~b3= zj%i9!FYpq#V0z6TPTW&3pG024R4bY5;Pjshe7*BTO zM?5+Sh->1icsvNXy7)1jkVTH-OCO0f{OMCB?u^$-gu#C3B>%ipKr$x(5m9ZfY?9j7 zamQI68$?wVKo>5K3DokDzWB#n3M4p4+Z3%$`)9jMfT=Yi=d!Nn6)=8&mX!4xC4E+Q z+-!i)`u_hnZXgf{00N-S79RzO(b0^Gb0ig&T=_eNw2wEu!0mYIu1|sH#N-8;!q-SX zo=r{9k_Dm9Pqg1lQ`M^fg2@<)kNn4KkT}iF1Yobo`jb05$9(qz4ybceL3cl`-`ew5 zX#Uz$q}f6MCs*!F!R1_^0q_Gd%u`8A1zHF?Y4d4RFI#pu!qhHbWABpQajSL?h)v@4CAQ-+j zuXWGVOlTvbGAqjJzsYg&3=m?nuQeXIkVlKZxdce7N=h;_X&E=al0JO8ZKXLELeEF& znf#;-UZD-4h7D`a#lE~yo+hAvzg70O^ReDLrl~Z^otYn*f|H^vl3I_xK+*wU6L+Hl zqre2*?fKmr;UyM6`gSn#baFhv7`1x`b#GYL#ciZ7AiNy;ac{k+r*&uK|LgcJUJ3>j z%a!!?bN_DKj3KS@N$fnyiM+W-`hfNmgN&`M{Q%T0lc$7?F{S^DJIqd6Vg~0*XD+~dM()huffCkfWf`MvS0oUe%2VU z@x@f$WF!Jv0o?BUXgB=Tx|tRyYf3kRXIE71I6P7*O(lD9ixPQ(XGPro5>AP2@!oa^3YZ)CboQfz|BRCsaxO z;xq2+ivKqLcZN%H!2UDsx&@DUS~2J|z!p}e#nAxqfu_iS03yHJyL&uW0_BGy?cvQx zsTH=IQl0cpqqnXMuk?*N!~Nw`{}+Ee0K6FdLK5!Xk)RyW;t@dHOOz6%y;&y%>@g&k z*fxJZJp0sYk?`)~r!7tI)xcg1+ct%|1}`wMDr8Mf=i!*+5KEZ9=Kr3cRS%e8Y!A2e zZ-NtN>vpdliRCX~2jOTiQj`*u4O0h`K?Ek(HeS&m{;=!SwiS*GgqbXN7y5wmr+$)L z>wg1~{#5iNd45IPGlR!>qJx0ZZWs4^b&vL(hiT9$N}4zrGLdsr&Nk`$uWH-v2TJfn+ZPZmvuc`c>o%U?XQzG$kgvTM^7Y zeKj5&1%_6k-l26~g*~8V+SWexv)(E5te4s0ts_8GUa~chNtroN*#l9a0hmJmm!p7u zgZOd#Y+WqWN`rK=i~Q02f9$8-rA7B|zcE^Jsi?A(&{{S6HN`RHdk(7FSkt9t|If09 zX*ye1pI+(wrUG3WE(Ac2?hnUYxgA^UaiQz2$aY48j$h>Orfb!=_4juZA8pWH8Gf)Q z*N6w+a+)`%O27fHHa%2Dkp7cH6GF;5c>&z@X*}xEBHHTLJ|^0d5-rSJo-Tc4OrH;) z?qxI*Pu}_{%h`LUDn4D`(XCOpr8V<-P^Jcq(hiH1Edw6 z?qZ^+_-SYBhW5w(&BFILGkUF5qP7JxDr-HZ2o@@wlX&|1%5p2XXaw}igS8ara;5HG zQ>VvDAgazs-$Y+}@1rJ^y?cT<0_Ry(uX#$rpTT|zelwI!S@7R{C;nDHrpRn5b#M#i zWxkGj+)r3wbd1RfwS61fgdY@~;O^HG_PQQo;-x8X^%X>@K4_+^3(0=R?9_%}mQ98H z;~6e}l7!oL;ebbsK`+m%Ui7o;bRXyK^W3>y?3)~<|EtmgA+S){Ty!A$VAWOaQ49Yq zX7xT(9tiJ-(OH`LIgUF4W^ewB1^>n9$39532f%`5MGtos0op`TWf@}&=ej)iOk4;P zF1tt<-&qwi-NfeQ82#+ZwarxjI7eM!(~7pNS?UkF{P9zr??2q<7w?KH(GFg_x-d)s zCk#7QQAbQq3LAm;t8)LeL-bWZEnE+teL?b6KExP zTF{pC+v$A@E`jm!J-2B}H%Y6}NWQgHYzOS`e z&lNL6+B7rrYROw(@17cA$!GVaV-Ih6*;M}U&Mjx)ZRtVmzEP7+uWwJe`MT`Cx-j=B z?V>IeUZygRtty|o{Az16Be&wz?WJpzKN4-rJziP$C+9wHD-I;fAp6*e$5mwpKu=0v zdIkPGquYJYG2SD;V199{xRDEIz?Ly+JUN;;nNXc~Ao>ZaZ}({j!37E8j4FWHq^U1u z;hx3#>cF8mTJejYc_v24oTzGev6UQUdrkx06|1LQc1rvbrOIwSSX^7yy7RT<+bMPC?xp(Q?~_1QOIfa$ z%ym)b@jpAivr}Rt(ugbphr|jF9I0Et!CQJ{|o}liN__IUJad zL+-Uq-4@$Ek&yOdu~pBHkU;;N$QdA>w-%p5xn7Yr5mkS%q3*R+;lG1ZNNW+PBc7MV zLgq`RD&RZo3C;-|mGZI`U_s#vlu5%39&}7Im5Q~KG9N$af}@y$ko)Sc?bEl^EjEbs zK?ivH)%f0EY2ccrO2B2xaSaq8v$KNQY&~>Z+%PjtVqXvh>z<`qb@x zj5dCaOb(FI-H`pyV}QT%!9xlyS$Ic|O)rp%xp+wp>sYaHGa&W6yDeLVj1^X{>h#{M z|MHCbDQQ1!p#y>5Z@H~5q!$Smoa@b77E$-SPitAwBf+5V;LD7{EpnkhTAV2gc4Z99 zPit@CtGLV%n19aXAjczI7`yZ_UDoZET9iAZf$>?U#n(e0H{05cJQ@iT5zElC-W)*lhE?!O-|mRk zYg8KVbQPWM>VD(k)AVvR0e5z8O1kuA(k9f+klm(ZUr(?Ue7vM*d@U%@L7w3Y{}` z!k-8N(NoA_55)L^K^2#D?OVU*S6$J=`2AVe6?yHbje)Bs(7n5h6}9ISYUiDIFkvZ1 zTW_ZYuqb0liyXatSS+oO(XW*k6+3Ho&LON12ugqpR+_;w$QRW{K>M)^biP~1x0#0` zr(!s!R~OtRU6;pocUsa$rozqlPJjhR5jD%vo~a{|!atLwSj_j@jVs*I1Z=FN+x}U5 z2Z8k>sYpIb7?PAoH#$Gz+E)p+}@sMO~TTHwPobq9$E zY=`rH-eFyK=Pr12mi~9K$uvv=UL;@m|e+YT`xznOpr{Q@~XvY)Ukm?(oF(&_&NFq7B1%TXqaFj+#9?Q+ItAN}P z=8_7=%0@%XsJ`f%+S1X~fmU9175{7?qpHQLH~24oV%9f*(Ky9zR(r#8HwLHiS+*lk zU!tmyYij2;^XHr3+LI!6Gj~1WINmcSV$oZ|jy*1nlK9U3sb2Wx561i(M*Ig&?}aB` zh3MW@R1kM`vz%3o*{umNU?k#L`+zVjJ%+XvqlbKDT z+7-84@cj9vB|O>T+eCm;9i0e#rK!sG^rJM}hMEAG;^!F;X@-a0^BT-d-Ju0(@~bVn z`aB%=dy&pW);Lj#ErfF&nM#zzb0we>+1Cf@H6hekLTwG`bM$Kp@tkOrtx~-!b4|aV zPR8GwRq&Y?aX}oKguG|!ZEZd@jACa9L~qU+6eXn>?HcCd&Ahj1n0_jLoiyG`P182bkV79Z?B}KSA7bPn38;Q_bIKuR z^)r{bu-800T1D583QXLhpI$$7YPDtIAi8tbFk*IQ@K{qS>@YL+8u37({K~LZ_h{jo z(rd(0;t(?p*!wVZXA4T?1Y?)OADbHHQOt4f>?3#DWt<1@?wcR%q77W9{B%0K6*j-6 zO+o5+uF@rYJnaP!4tJG24ih^ZM5i?(L10yfL&*L@l-I(%`B|E}!>u8~u_}Lsx{VU( zbk*6Y!?(`+Mos(pE<&CG&9d|1Z>{w%XTOWnGaO*9soI)U>XGW1RKQt;D;-iKmKi@_ zh*mITkybqLDi>nOP@MjlIUo8aYN1if&F5DOYn+EEMC&r|f@KBO-ncz>K#>i1X5Xt-8yPW%>g8({+J_*K-UHAB0nd4Gx)U?-^ z(W5)bA-F@#4=uN+Vqe;?XY-siqnZogb2rMj{5Y(Q#KdLvp*L!}9zWInPJv!x0sN2( zEA(~=#=a5XB=xi+bqLY{=aBSyl7!fc7&R5Z``tId7W!1ebd*y}QJ`gycBrB2#-lPO zRfzALuH(cy+K*sm)VtSlA+KD7b7jo;o=;g?!#okMCyVW!FMhtJW8%L^vD1VP5ShnK zKB3Ch7ctKAr&8L=Q2^Im_oA9`nH61$Md3x9e}y=Mmykvn%tJSnL}%?Z`f%8s5aK)x zB*Y~g+&@BM+~X21Ds4TWr>(1hHOlFNF$JkQ@A<9nV+a#b>!%lA7p>g}K&25fsBaW| zAC*%A4zlrGCBs$T-Mj;~peZ|Z!p*#_gQ`Ca?&Vq@MBV5s>;K%f;%k5Zhts<+JS)5lBXqEw{KWr3&R-eiQ|frg?BNr z43U(+TKUuCHka1b+ewQ(@ ztuKAXePL<=J0;A#C_3LGnE{LR&P}(54 z_0$c=s?F0Zdooo3++~ib?79=Sum>+kg**H6GeyCu=9pqCO z3Nw#QU8E;&;u=lQoJK#j8FSKg&OIw358C5#!8smL)3dD`oaoJz?V;fsZ zo-g1K-G;*ot=d!eZ+1p1izazpQ2UGHQmBJmPDNULkx%B~1{j2l(!|2?o_`I~=M%R&lB)Py$L`+>x6cDzRl0bW}}*TF)wfr?(CM16C#n zUQ>g2T|KVVZ|;QsJn5uZ{lV-?>b6@x zTX?%cM7yeVzuOfLomd*a0dM+W*)$-fO3M0uxpT%j{BM#2Xv2F+6I)oG>W|8$KnmpO zHR92nRGVaJT+Ipj)fM=M4F@9GtQb8F){RV7@wayo7c9x%)0~LGvphB|4eio@=1pz zTp;jDW`-HQivZ2B37b3VjPD5lYu$FJ_?BAIN}n)l_HD=o?)YK*}sx7BY3 z9_x1t+t%Caw*z+a$V+f`BQG-MBH=3Q@kx3P$|>|0{qngsjTHhEecaLCU*|4u>x_Yu zHct~9jEfS?y5E0ecDqf)?O$`eNl>G zcTJ3*qCnd}->xSTC<>W64TZ`>tI2qz``(t@%tS+bWT$9&TmCP#D6E(As;P zyK4;ctE8Ci7700wo}nF`1yfx=r}nG;Kjnw(r{+LxTFFh45~wQzzwcUwU-y z?8Ks6M=w^!G(bY_5u;XIeWFU4y9n@mz^vqPU(ft;vB9n}JEz_|UbG7FY!{lO- z&GpLW#i$$+i|Ti1Ir1u5xq@qfh(1<6(h}n7MdU+mTRw%dKK~n@kp@Rk_2!0Uk^urp zsB??wP~a{dNADjDTQ|4aXzf?$Ri9cZIwV@wUWzvUviXPZe`02Tf%IvoJabNfr_XPQ zDqO*|ve6yBldtRi0^wPs13-1(C+pfSq^gY>aMz`|cN`?3qcV4?HN^3{vQ852>k_7)-{o6}Vf_3tz1|pik)3@< z{&pRDp7!3ipSz$qKd-|>jgtq-6CWPjfe!J5Y_L`|JC}U%V_F_F0sNAXjl1L5v7gYc zz0D#6IC}syniyYuSr+jf@N(kCZ$kS5xS=|nMq~O&o!7Eum!2z?zjJg1$t$UxKwAdZ^*~+MU%Lh@* zuH8@%vZdX{>(bX^BCNKO7sWe)4v1!JI`N;;M%~iK?FEHCdTW+RWxADMp=^^0Vg|fJAVa1LlhgSE2;vFlyx2;n8%F#}tq-E&gE_Clw}N%|!0FukwyNYS zX|a{4eyYmP>CXFAuc=BSZxLv!C#2ddG1sh@S_ z-be3=pwgezpC?fGRbD$dkg@N{yy<5odti;5^!Wk*8LUdhv2v zTU!AcF=rcyM%_Z!z7B^7j+pDfO}LtYMymM4Odqb6g06oww`XLRpV=v~&c#9V4^q)g z*B&?p1}aJ~7f`#yyy5L|UZOS)iH<^C-H~F!Vy83qUMh*QD4yEb+qc(jZDX7!QyeFe z7F2N|F-gEqa>q3B#qu)i#fFsKKS0fCH8A_A1XWFr=C5sFfao>Vop#aI=OIEF=50!A zkUel%WL&;1(1df}Q>F=O?-!#`BGnHCaJzA9NEWyMgB7qxe z5s+;d<2;AKk_O%`2sb{JQ%~8imko_&2B488&VE7bA;WRD3Gb_vL{ovD^jMcC7kxzj z@Rv>l0W;MlN#2mDnEAlLVIaKmXOY0aOW=2a{(u@cb*fJNi%DT{J*9S^_E4VENDP{O zMF4|EQ&LY5DtB9pQui&qC`)T!Q6**Z-kF|)YJc?Syi}qKj#~etT0kM=_ASZS{n{&h zqLdkCK3leWI}5{N^HM(0x{x{n`LHWRtKWHauzrY5@KGG%1gd&15o2~|@gyX+{?l~d|d4-s@<%7A%S`3FxNbYcc&QEVm+=BC~^Of})J(&w+8g3C&g!J|PqL~%_4z|k`#sl6hd91$Ny>w`9CrG}> zR=wg4u-vg*eyyO>bUhqD2|qE0k9XmG(jFbIyX?(C<$cDKHUOdWj{r1k`5@$wMak#+ z3;bkPOiW9HHsAUpEromGK7=e( ztvO;Vtseavc)y@no5N&bG|VuAUac{=>9q(1pYra!M|Kr4W$=P2Ea?&`>D5+e?aVLA zafm$Ebr17zqoY2FDd%p--KlHfJSQ)$;`yAcnD*bRHjJvqL`$CDIPYtj4~#Cup5#CcJk7~h29-!?v|;5;0pdvea62O~H`arP5`Uj!W5 zK#G+`I&`L)`r5#7DoVKEV*CjxDH<+Pq}godu@$xTBLdLsJ)0@Lbv^~xd=S@r0U3cN zll5GAditVy&b!eSJruOIv5!SZP|x%emM>-#yvx8oaN~5DA2_sS&rx?J5MS*H=y@J# z=soz4bo;My__T$c%4=tS7QlqxCMO;shH*E$E=n5FE9&Xm#%d7w9LFy$fxww{z%NHA< zd)z2WL#xD#zKtwP+g#KOJh`g>rbYGnfTaj#j)g1#{YByBsn#pRZN})&gZ_x)ia*2^ zQ>Q@Rf5kBVwxx0mgn`P^oafZHni-Be1{gL$e`Bd zd|IVZoz4Engk)-?TynQ(<5Lp4`Ud$zUfGA$V$y#vj71r+NpkIt?N20D|8KZ$in5#qu*@!(SGx(ef>m$fp^K5~bW@m20#oY|L$o8c;`GbxT zFCx0((EpcGNAD4#LMovMX?bB>4p&8XuSVDGPSAu6 zyU@A%G}vps@byip!aQe*uw6E|6sXYDZQ8|d12eT3ZY*m=`vwzX_A@oe1}>A_!_}Ni z-$V9eKBA`b)I@R?C;$A<|ECTx{6k}fSJ*XB%{z2K!?dfi?4SjhpGA(0iM3mkpxqdd z9xPmE`eYcHN(+Om4&O7yV4f`BL28HbiqHkJN-R-nz~7;vrN&clevq?4I+Dqawq7)Z zvlm>${gw}%ZOUt>o6=u-?&jGD!$(eYOz-Uz3}kre!F@lrm)NRB0sg+!oF~5d935hC z`r(qc(AQd_?Y%>so>vin{)-A(3K^sT$_Pke@xZB;e!%`1oNOei_`sH1`zx!>y#fn4 z?Zlty8eShEuhFO0tdy3cRprFXs$D(J7GvL!i?0{7mvI1R+(zY4Yw6NYy2p5$ufLE`4t1)GC%c zPP@Pxlc1^VwgG!9*LR!!=jcN7a=#p39E4>jdQ2L+IaR&rNEjQWJ{X=luTfV?#~H9+ z>Cl&JdKs`R`LSGUpPK@UfjJI+?!D~AD79dxwrh$ic=rxRDL*cl`fROb4WiNB7s2T` zoI;n(y_YF0(l>%DB>wQhtp)o^nHRl72d8u;Gu5-<&U7Mw@5ZkR%0PP8)BbW+{nY7r z8j{1+i4@6^5JMX!M@<(RyL$GYiTrM=kL;xqC=pI&#JKET(}^jYSMe0XRG(7GR%{mm+Om<$hOd{r1CmUlF_W|R0j>y?TmEjM zzbe(d;B_0DWMIMZoZR7jrpeDR6wqR#V2HbS+7CthE86(!EOvjI_Kj)P=Z!NRoqkXtqc+5#(T}|Yi zm2)(~hs#2%Hj7@W4@_m*vEcVAPq=Zy~Ug_I(x#rCc#Dlp4EqEM}O{c%-yThCTCHo zE053U#!%E+)o~>~Vs6-@OH{BvF!}KKa^6S&UjMFG{wBKi9tSOU1~Vp_2JcR>!^)#z`TJTn9N#q;J*K#mgWVr*0P0{T1rBC^ z2udxq=OzE)9s)wH#22e;c+1(Rrj$eaMQr)Kf>$x`(9WrD`_pZ$IK2Tmoo6ou zT3cv+Vmnvg^Y?J!Ytk#Kjyw*vuKjrXG@sw3?V|}C`a8J)1*<&cxCvzaRu4tDxX!+` zzw`r8&Q8SuWTPd@@*4l9F3_b3&Tdmc`EC#{JN?ip|zDS){=W&ApM`eW}0W6OtiR|9X?#j_BjXvQTC&E0%cfq&L2`s3>sSY z<>PXGm~2G7eyQ^&-yf4NQ2%awG0F1dctW+$D>%f`!4QDkGi&vbd_J3bD;xJ*SO7v> zP6prKi%>t@l^2|9QLouT!RuK8WCMl+(WKO-U1W!?8r1HZqZ{4jq0Fa>fKBt&B9ETC zY6Z;jULRaV<=Tzqtvc&$H|k@+P|$AYXG@OM;mxV48mh2;Z~d(9N2Iq7Dt&2tXDWIS zxZQOcVaxk<9Ll|rGK@m+<#+&GCg)rwD+Dcvh^GtoBVcx!bSVLE8qMfbf05mmdcFBeWBm|h9*pv%*;$B zG5llWODj8yyEj0M6%@rfS@|)(@(Tk*Td%dKM(+v6{!yEuOalikaGnIS4n3+g($5Y8 zOsCB!4pZuo!WaG5Dz5oxL^>Grue18>>>O;$SIoU`bT9j1lv0^;r| z1-3;8G*+}W_yU2=ili9GFW@ef6~=mic&roI&s4ZkT;k_-jlPK4D*Yry+ivZS$QD1owil-W@-v8W5Fq|GCGU^h0u(zusP{$gde%;X z)khB8mmBl^7sY6wfOMB;fi$Dm`jJbWz|SrNs+8j#KvW_J0`>7CApj7>8Qc#)D zVFn^*mK!HWBu2JTgRUf1A}MD8nOz1Vxhl~JP<-u;jTf5Hq$oYQD+vHV4lA_+#1Ty(KNKd`D0oUZKUYjWH9V-(H* z+G~NQd#zB@L-lO0&BZi)^~aPn2O?6sDJgnL&|0V7?CW+>(wZX722ej2b8r<*q;+X}WCi0`Up9AzZd_t= z!Q1A`alEi@9o;y~CmUYz$u`p&>L}JS&TZEaxW4<6lmexa<$JRd zooBh|d+y>3A1<)FS073`4IsMd@^zkW!cVyn8A7Lh`UN48Q0M7y z*oCP)iM+t4L?^N0nAXVEim%yaSDe$x@PtWN;*SXX*1juL_*r!FpfTpCk(E5Z6>!lh zlv7#&HR-7O?uu?*&COV>>a`cT(|5mw-)l4p5$3MUDOgy~FCkIxeJ^8dhgp_-vz}OE zzTWh%)=^K>@$$|#H>WDjp7Gc)&>7cNzeK9%(jtPBfcnyWZGLgKt^Y1}mbw3tl4l*U zzr7%vbRbU^sXv&9HSK0f-Sd6Jr6sS)dg}C+B%F+L<$N)f?~Oip`-Mc^4Fy`;uu^(? z74n9gZtzlhU(CaEZ6hqNp-9}UY1^>auVWadO@Zy}?O#4Zjkt4}7Js!W2uT4nEYjP! zV+VWJwBG0?j0RgWy@uEkJ?lnK))=7wCAZGi$-+o~hy_ceASb!|?cR~08l^PJlKD?P zZ3U(FVWW9HWfm_vb)y6WP=DZyb+yxPQIg)p?lqyW4{Zc*px9)}o_hJ-OvB;cEK;xu zy$2=P{Gs<;EU}K(JB$>YwtV>Ikl?e;AJ4nq4(QP_ zLw#N?{@zE()v8!b(W3~ziXc`PnFg!icvyv?hs>W11OB{O74lCLWmL?fGmt2c+yGFd zo}ES8*q?-s){~~i*y}P6t|eTjvB?3c3fV=Nb-~TF#>&I%{B$BG-|^-MC}n3$TALJp z?HdV+H4txHb|wuzFj1YWROJ;=_7e{1f3m|GIo&Ivx`^30URBP2rI<|L1Ls>1KZ}`X z$15!Yh^BX~FHQaiKdMe`krHEx8bF0-0aqv|L+7N2;S!rv^O#ea)Tti(=(mXE!Ax-1 zZC8gGbuxcyzvtxvaR@%`T?fD~<0!0qRciAhkvY z;w8wde+8dcJZ^BUJY!{l7m}?2UyFi1hg>{ON5uvce z8KQ08EtnKaqU2n<&6)@;tg-RcPPDe+6o}oFo_v9mvOsQz0_q559j&@9on8#!Fc?5y z<}YNAJqL^2Io|l_ZBWPghtF6>>tyfqf9>n545GkAZm!%*c~-zE{D)u6qFe!Z3m_+Y zu)?qoArn%Z$gCgAN1%F;cR8XG>fgrdcpO>hvu7HL&K2KmAMC03rcq4JBPr!8OQ5fwzH5j5yzSI5JoJgO} ziB&J}?>RZI{-#j^{ihCG1k4c&WaiJQ!nkCH4xekMssrqR=RR$o;qJIk^)g9mmDINt z{zxg;=MsI}PgY;DtV&2@k#bXUrO`XG1-ESnXN@pkZyMz&gEqwF7!`Cf1SOaBWv zvH`DA#$oMm730-&3^1(GY4qhNA#viz>*l2|Z0TY>RRmO@(3=4u`0=WM22GMZ?EKSY z(QlurK{^EwMH+Vl%k3n8LHTApfceM|1ZnJlK{xVt6)qmTkvEX(x$KMjiI6v>uzw{D z{%6YnIyD?9AUJ99|G@s91V3Wn|6DoeC;|Khzq|D9EkIG-f#nxe>2AsEUv|j5z|g3SHlsu_Rb_)_V)FJhZkl1*J?T0Pf>$uYhAvQ7W1UHe6{w>34sdM1xB3*V3S<;!!_V-~S1$qd{a!|RSWoZh2eW!h5qT7Ik_x!up$KEC!6_k~4>1q0Cp19RU`!!*R%>4{)?g6fi zEo$~Y@8d9a1zi65-fZ6J%^K6eH-xG)-|+7N{6CG)PGWf7(3FKKU1vuXf#4?#X7(wU zPQ2YlMvJZxYG_C#2qyGbyBiN@<`&x6UJYYuwS)y?lhD>17)|g&So=8oSL6gc+X2p` z-hmCM1_%;W|K-xiKJDh?Wp3>E7tjD~h3~*7VT}!vK3%%BIt2mX@^Ta}w~J0`Uril- z4Ftu)dzHzMn3O)&zUFr(x{ktJbEt=`>DdH8Acim?#!N45>7D+`{IoT|PtpYG@>x?{L>6h4{Wu-a z0Ax27vo7}@z*u%6WS{{^0;#$Fuh_5cu&NV9=?cI@pen;aD|E%pO`bvW-Nc84d z|7F7S07{EV3}+Fp=wE)>b0mTMfZcNVoy_@vhLLnSjQy=we+~oqEd7&64!?;J)ktmY zXCAy&6v*M5?Ro`>b(avC;<`ElDxqakIWoF_ih)mkm76dE?x2AU081CnbWqmz?4&#t zAg?zeUh8vCvKcB@k51`DZDOjU&=i7y|JuLls38DPSTqR6dY)YD|)={VO%ny`fk4$&wJv16KHyM3SVif-l-P$xv(Eq0u&EHF*c8xA=H9 ze3CX^GHx6)lGh*kn4DC-<&6d9DU_v)RNkvD5W!UVe)X)UDp%-*sCF++UMVadx}!Y=^X80wyHB?`f^->4aPW_AGU*%@NhsrN@2{8TEB_pp>>z#r_{@qnTJSc|R+b9te$Q+_5f4@CK26R!G7P0e$=uTSa zBj}d%RsV$VD}Wmj_mpDZV zxYtW)iK7p-S9Bk__)8K{Rm~?G%$1AIL6=;1H&c61G)7p@FNINq0oNR5gNYA~>Axg$ zn+eTR&1647-%DA2D;c2c`qh2GwD$_aho_fy)vK8oOMv}M$lZ=CsH4W%o@L4T62BIo zpwP+GxIuICvB4}ABO_Px){bZBlrHCP!PLe+27`CAZ7%qq#fV#lJv6-V3dh35i{ce3 zG=h^ZX$np(xw5UsdjKoDkRCGiW$37)@ z%#AsvjYTA<&aLm?WBP(RB_!wn7a{3qNP#@^5i}^5eV?z`+ca4#4@!{PaAxKUC`9oo zjQA&LN-ob-x>fRe)h4x=Wb=RF&(gIPhHUe~Jvy>+( z`ys50SJFI|t@pZWeAQJT%?^k?yL~VpR&HZmN=qY@`qR~jKLG-T(Xqygwy;ie#Ew-5-8Pf^zN>=lk*nwKra3^#i{_~ zHme9eOnnIO;Lp;&QW02;<@=u7v^iY|e?+rICG7P+8B~0(gfdel>Bhz$Z(f39F6NS2rNG6tr23FiVdP^L;pIO!&tmiro$5Og@?Z6H|%!x=qi}Np^Df0vAVs&Z6J@z&1W%$ z!(8h!Zykoo#7b@Hpm+h}HDyg}7G#GNhy%%RZ+&OZ9XiCc#4Y)H&$TQ6j!p{pz{cpw z+gs>AV^6{ZiK=K}($ZnGQ%8`;&DS2G!8}p>LEHsL_YWpHFno8;t90FGIq0g1%;|b! ze$(_$VhAIo%D0`~YLhiN-#C!fS3i&)ZkV52eJMI-yKn~R;Ia99wY5;B?6Qr=PS%sl zBmitKGq&^M;hkp|Jl|2YJ_#=7)aw6!8=ny574|}lV51q$HQGA+YdiQ`r%Fu&X5*YT ze*J?mAZopKv7TQi)f-& zWwx2YmM%y-$rdKJ5^ia!`YhIjS$AX4)1n=l z*+(xtxBsq|$xzqPQE$RRyxeu|JJ1_XQ)iLBx6%LGh~|8%F^6I;0h~ng#p;`2o>w{` zqO6vQCnQk*&NKd=wEs*+|J<4iDX|~0B>{ z5|J+&m$IQETY_Gt9*bQI%=5}Ww14$}U#8=WqW))!oKmYjsL@f7UgwI?Y&UKfLgN;o zn8?jtUS%##?Z!@yFuW~WIW%ZUr<);8%Crr8J>nS`V?wVZuX#V0ZE+=z?$>IKu9q+T z=tfCOg$&v7s`=!{r%jOIjPK)Z4^ESU|2*^;0e*Ku`k$;nq^RK$DcV?Yb4FF*t{5Ra zxuCxZLxK&B6P}Q4)wsht@`4y$GPwtKVMqJ-3m$$uId0|m6@2nCzX=IN51PcR(5Y^D z=yh_ZuD0_kBBP9ny1w1%>hpfVTN{>tKQZ%V3qe!zH97U+{*hUmFrIprVL%y@%r00z z^PmKF%~qWCzyi9#auevd{bQLhjup_>T@eNhx+nO|3nf;J!d81f<+y!1f&fDAMUw~6 zU5u^POl8%K#cMOMQGLD4YlKV_IYl)L?JfI611&AShw)}1RXx9VGQDv86}rOgbI0WU ztM4DUF_)y}Mnab%2dpgXyOR3@pj7H?Bdlv2CBhLu?To1@-Y;mwM<;(zGBG-z+{Wmt z_Ras-y&?0a`Q-kjuGKYaM3TIZa7OL1mE_?Nu5q$d!q((Dv()PXnz}clg2z|$#!fyB zT#tyhMPY?@V@#&o(e^5Ulks@s5|VJ|dG$e!{2TNW%BWg5q{=v#t^bW#{tKQ9)M8&NI6b065=H zXkB}4LxSB?0k6&XOc)e>D; zO!4jHDDFZ_ix*!_`=!*m5hEiXncWaA%6gp!Rwfu?60ICboslv>xfH=R&m&X68(Ji9 zRpgH`y$GAbus=Y@vld3>u(kQV)9|{U>~l<58a^S`#w_2fkPX!8^=4)zuxa4Oi+F%6 z7GwtW0usIkhSt!`03r{wSlwxCsF=;I0qPU_=;qb$^_K0pQuP2Z z%Fc7`iBmiaXxOeJr%Q6YN2So46c;-bZA3KJ8&U-i_}8>K83Cz#e*Fdf;n|0fs?$SZ z#RStk`F6!7zx-R}Z6Vtdrq(JBlLD&c+&y-gB|nM-YwI07AvAHK_E<40bX!EW=dOpQ zcAAQNg~n=~0odjzjGA@tTg6b25~aGN>u9iIQ0+6tM+mlj>;hAnv+ektvTGR|Hz%wh z>u0K3pgw3QNlY}Hi<%RkFLM(5>q7Y-dkc!U6TLad>+)WW>`5%k`q0i(Lj0>LNyB1p z-i|MN5-4Y{f-Mi4ekJ>HW;yno$7uSJy;vHh?w`6Z z#3V5h1j`0Ncdg2tvnHz&gG@eQ56_cC3Mee+@|t!E4&|dt_wO^#jBqx825Y)bgUt}1 zKOi$MjJh?xQ(D`~Bd0!L-)*ZKF6;{h+f&2N-||r2m6PMgpt}Ubf=JK>_6}y-7B{V1 zm&%;m*pT#~A0Yb=x>o|P`}3L9LV zcrHTjCj7j2c10#TF{jYJip5tpq}*wT1^s@3-#6T9H)t21UpvM6Offmx>lnH%{Rj?Z zlTp1mK06n3SApGt3uRG1kffX?`FHA&9<#5afY^{^1I{s`c-Miwc)Txyfe#K z@h!Iq+B;8jUtsD|amM-Hn6>3M31b%=&QUk8Zie{Ky1jI_vO0m1J@LXN#tX?Y&9>=> zHk5we_B=t@#mNh{>Ji46*NjVrTHD{{5p@0qYu{`pKDA!naU$AkBnjk%!lc(01bn;b@; ze{%IX7hmk1cACdicv@|a+NvFq4a`wFae-W5>0`uCZLi1vZ>++Fov(cRW>;L~U2*AVP!5oKFsale{?b z;bac{hJfAOPK_gWKn=?I6Gv=ck0+75wJA3pkLkMGJ!GjC#3_WYyxcC}wHxGAhhyrG z1|@ku&A&4eQk=g%+->pz6_7~FQGfk@RRyy=215{_81fyx_z`3>Y)`z`pOG8g@RI)m zx>alGME+@VS*n5m06Z59^SQ9Ql(1FjZN>XiEx1u~KR;`oC7#HruF#PX){keYx3po& zM>{YGzR$YT*Y-$((4^F>-AyAHDu(1OV6|^MC=CG@|xJ2eU0$>8lLTBuD(5(`AUe~3oVr{ zO7_*c+ST)!QlS1fLlcswELW0cTNvJst$+V+-epF&G?Cy!W(h zYgwE9amHm2$ep_PJMkJE;+)BTm@sbfyUgyNF|&_Q&tt|9b!ULnkN*QP2)>~JJQEjFybNTXQ1BoaHkla}>fJ+{CR7Y=c zc)B%s+y3Jh`7^)?Jttwnvt?@};m(AJ3d0xQiEOUdWlO~m?#Ec9Pgc)AthLCnA2)5z z?sqe+T4?B;Pjc1NdFiHKMcFGuXGM%Ox6D~YA!G;!;0ce7eO;OB=j+8g)^zVTWhRF- zYm(=nt5)Ap>}7u|UtKlwc%k~`GG3Rlm_`u0h7D^Wh(4Qwc1rvDD|ZwN`0T1oHiuUn zYH)&~B>9I!P)>zI;GH``Ao;3S+*6G?_(;>| zrqMDWAEWS%7@-qxNNXHXzhX}N3~D@Rl>cy}7&p5uIQiO8%hIXsF{$V5QRE{Y!z^`I zIj;$m>pHC zryr3zle5~3=S7gHi7bwy&K~4pNt@8TQGHCq?og=O`W?(MRsP`&d5CY9eCo#F`6yN0 z-BNka%j!y*QiBJ&_qRggA&u$D_TRtDALzsVFrS8wH8a%Fe%lg0)X`@7ofcIYo&MBO zTX{q%p!tC%)uxQv{wx}3P7nXXvh2EwNUJLKv4TIw?h#YnBe~gC$93Py$%yQADj3@5 zcvfVx|9uRmy%Z-4u?Uo)PhP(W%Y5V@WwSAME5RGVC;IcY{!-*uqCFbpavu1=l^VH9l{BX5FHlUN~j~4S6de++tGmJ_gjhYm(_wZlRbLo?q~4^ zQ3h9`*Gn0c+q)J$lE`Iq3vs6#HQI(M6F&3obFJn#N61^pB>2#M%eMb$x zvEFuiXuu?2QeRx*+}xv|Y!3Nh8?EGpt-MSJ{>J#OPv+kGrb!z6plUf313dJYhncOZe*hPgCBi z%qO$qd3sD5$vI`>b66jmJpz~r8`uT=lSDVyFO0&w3AjY%hJ*Ob*%bfqNhie&_Ih7* zK$*=>c26B6T6nvs)$i^4f&0U!NkWs>wYR<*?>rNX$a?;KrfF4WbW24f(aYolTKI#0 z9MApfPeUgpRW!cDvAzd!Kc4*jn2qtKjUm6z(B85}WH(f#6)>xa*6c zL{NV^`^rU_)sJzW^ERFz=3|pES)HUHoSxT`igHa04M9=G~f{P20=kK6xrbY!1uq@I!w#8Lgd>r}AhPYu8` zW4~71XJDjA=_ExEa|^$vN7;7aYh0_QO~mDdm)7zoz9jT30turvowO3HOGD54j03za z$&L)>l``>$xjhCit=T(C-Dl~(E<9?uuJ@e&(I(XXe}sr%#6XC6t?>nS=3`J8CI>=9 z9+6LG&v59Jq2U)2>iE!o5^`8UgqnTXWclZ${jIi{kX>Xjr^C?XhIj@i%~iba$P~{Q z>W+6-$k6wPlmaG>3|eyX<-*j$!a{?xy3^>UK3%P;8sp*~9R(qiL0S;!vngqt4J{F) zEy6AAKH7q3=4P?amZCD3`~C-$uFuH&W#P?4IlH%C2n9|Xn&d1#4SGX_(E_&4|lkN-X#xVkl3LAI7a?=V%=R{+jU+q(8d?1wH5KqH2#?7Ee%0I&mGxcPA6q z`aOma0&24~Z;M_sjPC7BW^M~HK2b9N=upuwP{L{(4M6S;xbHa2j~hf;YSv{>4=cHS zOmjWGwK5plPX=h_oumB6Xn&};CtJZ@S{H2e5utf5${7t_g&>gpfohKa^ zS;#u^`BDV%e*R%*ZsSp@FbY4xnk<|l#$K||Tv@S-ZQYsUdC!t8YE<0rYZjtOHOY+E zUG<7(CEWRCWg9`SdwdD!=6m_6=kmi)oxCkpUUWy3O1-s(<4d}RKH7*7bTk3n#6)Vg%yms zJZI%Y%eqjKGPAyeOSs8=!FF4kMa{wutn$ePCVY&ECw7qxHg3Cf#UpR~Hd|@btGoaa z6rLj9N#@zeb$#@%kN&8&wUd~Vr%9)dK8B$EW*51b_O$Is)NAi$r>UOT)#u%JZTtut z@ieMD=<uZ{oIXvDqBp%H8Pl{H<(*Nix(WI;C75{Br};x14={s?Di zw5lMcwGmkV^twl9FBhC)o5Zb^qH3x!c(J~Mu&S(!j|(+Xa4{@ib7hW410f&jm`mYr zB?x2Y)9e$O@Z@D%JMk+rF;cWF z_635%gVVbAEyVciKOaa-$#v_YCnaVHjgtirNOE-k(64)A2DvR-T$)!tca9P5%a4ZJ z(U$7ocW;k65&VX4a1T-Wn(;^PXF;taRSpAnR%6%{n3foGsnwMjX*s%e$rTxrz0fIe zweFDW)-=oDSqCy@kG;@ewCbe$B8tCjKrV`EBLlo0a2LvG{v>+Jo#HK8 zaUbUK=ertbnA$VbrPH$Gz^dW$8A2)4L;|~jW@K#G$xdo8^wno#;{3{c-|oZt*DV4g zS$4Enwd1oVzYT7c8}KU^j*n&dN6#|HlJ1M!-64kf=?}D<$m0b0 z*eOtcUxvR`PS)#4RM8%n_mN(JnJRDiSCcB@(MiMbAxXuFOr1eGHr~btGG*mFYw?3< zHQQL?eD7e2VTAX(Ym4$`ue*t@Q&_|YM8*eQB@)KeE5GLTWD$Kg3X8Hmm20G0p(aRg zPPln%MS+S*Icl-6YJ^|VdI?Rk8xQ}~TTAi$z}F2$$wozGe~a5aDYdwgb^Dvj7Yhf( zj8lh|!NH~vQYWE0ObTTA8DZ;4=K%kN(Qx;Jh*?(X7#BK}i!(G@px_6v?5VPnx{jR@ zt@94MzXA^O@z=zd{Z>@V5Y9T!4Ah6%S(63KKiTcGAYQ=SEGO)Dy|qiIJdh@3tVY?r z-^9fAkNw=&5muvD6=@QM-q>v1@7e<;>6w^ed(o?0h_@KH4q;~ZK_ znbpU|xPNDVTecFyVsjU{Pa`HLc3f^i7j;$dj_`+(*3VM{(BK_}_9LdRb4>TwWxjK989`^;HK3t~cj8}+h;q)k3+S7>9a!WUsCALq59nBVowdERz2O^4 z3OOvOn+ka^e1iz>&1iGH0&ir-Z*=WPIE1;&&OBn^Z5u9AaQDOH_s%3WUR~0ds(F&p zSMQXLC3&Of>G%2&-^k)^VS;#?A%MQ46-S6IyVn(A)3pUrew%uEOm*+`=wf~OCK`qu;-;SaP6=1{SwImD}E9=;l~gD z#_5?MYTk~{uJJ~;*^ezWw1)PzGQp4lcB*@1H^KDz#PJ8x3wL!%tkn3BjVce23ln45 zSI~5aYh;juuuEm~@`OeLVa%lVVri*clDuy|s-0oomXQq%L=lS|tb5?v%TE-Gs(V%$ zYN@q?7T$qim5$k%j-A1zI~mP(wk#T(Ks7`L5z|%~6=^lwmOjqZh^==WyJJ%g75Sw@ zW=`S9Qty#>f;o~iTI!B`FaeST9-G=)>8~7dQ8CZ1jt_w6>1UUD^3tyq%)ll%At?Oo zGQA=(jOKT+Y?lpw<5KI|mmPP_gIz%yE4gz!kuwY7qVyaPB({tEDmyKUr%4ICe? zxpUgt)0D}|6JE}47(7_-?e%dVJwQ5?FXA5g>dK;;_VokD+>6nE5KQxuK;^`Q9A^LU z^jW&I?bF~LUsU$PYH+46m7f9piq(xJg&Ia9{q>wgl#DJB8q9#FR=A?6ehC(IGFzMu zZ<%vH&KbI(qcxT+IWH6wu$d%d!)5Uq3JH~ed-;{a-N)B(su_wy7V;srm6{oDsISFH zoxKW3e4Hd(u;@Wj%8}E)&20!`XPs6Y(H*BO`%J+|+Tk`2zx#APjB_fQKRfsqURL^l z6s-Bc644BCcM;Cq(Ht*`nJgc#@`9v-Y=TLywYw~88fj$pdpZ!?32#mif?C9oP{_3~ zt5R*lmhKaRf+TgQxtA7)fb$Kmx}(^-y{ufP>6Nmc*F9HeEWI&|bsK@)?;AdRE~%XK zP%UW>?P?rdn>R?PaH`lpPYtS@&T~5)7qS*Beqo8+my0rhvbsfozR+P#OHnA}?8xrL z@=nWOo+R_3FiZl`mh#)21ps0wX(%lk6cb5t(CEW~&G(!)aq97pM1H;fr3`2K( z?^ySDy{_*+7P>g+J!i+W_kPaaa|$Vi!sa4+kX^{g2~pRqAhJfFt%8~4WO0Hr3IEQ& zY)o?rnIS-=lhB@`{H4K>Ov+j~lQo0Fvzi@8X_A7}{r#ynk&O$k;|}Lp#p!2@1(CjY zUhw*c;2ai6z5QY*@FZt?YOtjxW1KTpHsab2!I#jPt%C95OXppxAjwx7xRL z*dhGLM_lH4T=?4+i`hq9IEuq*t;0ddFfBMv*_{bcN!6OaYkhw1nssazd~{2D_^y}* z=ZK;P=(SysUc`rQ*bs4Rw(hE#B9SZhLUGO>R~am={t_0Zpu<8%rReYd1kidQ^@$+Y z#aL~`4Fp=^m|xK5HaY<=LOq~qKw9#FPB*-VWFfJAE9Dv0r+33wy}CY3*B6 zCUoo3{AJ&S2qCjs>Uqcs;U^|saK23yR!*--y02%~xBhpDBK7=dYavq6DrJo!-C78c zlRCpF`N3iRQzu+OYCBN8T!`#vlbY3v$|=>PRE{yNBc8Rbk8yUauX|hb3$q#(W}t9q zto4;q%&i@4BW=xuIPE6U!dg5CMMLS`7$^m;o-W)QN`^K zImE>~EhBG1xpgjAY=*0*U4`*bHLQKMauImgViPwL$5%e%C@qg|2z*fj3xE~CSQXvh z4)~bnyB~EPsFk#3SsZJ=u@1I|v0pdn z@Y%NU0eo#m2wrysp%cQ7`=+KmQotqCd-Pd@SKyJyVLsOIaB6VdxPM|!eH6dRt0N4C|IspI=A&95w-xS2hSo1FqJ>xZ3*+w+x@i1cD4D59fp zCBRy${xSpJUuA#Z=Ffpnshswe4wT1JR)CExZgeP zHZP$S4h)W@B*IkV=hSUj*-Bi%_|k#VMoJW1M+o*3()XbjOkTIZVhiPJep~oiJK1jG zbCkG+Bj2%rk@^bXSH;94=x+AFighe&ufe_K0tHbU=lc@s&pG>HABzU;@z-G{7(rw> zay^;;99+#30>4?rKm5gOYe38xj}IMoei?{M(g8uZ(=eArhC1GiD;=^xqUw&ZG35ze zP((@R^A)U{-b#F`(~!XD!gghN|HJIX>g^VKW8huDROYu>eb#P84CsM zGJ2rJ0R{e7mXbf(Vo4nka&OR{^}c5ORpc;yNiZ3Gjxf;AK-4o88>xmr%pMLi-m6ml zvDbHmL&G)p$KiwuN0(qFoyRgN*%#iBh?-JS2CVE+ud#|6u6WB$;WEi|@!iJgd=Y0{ zuWp$(r32|mC5gU19Xg$)ZQ8j_n{{mHHV(bk#u6SWb#foV!F~s7*9^CB5v%ydr?gn5 zmd$DSM-z7LOK6S4C6286tx+3f?hIOptf*6@!F%RGZm!Y5llt35r^tv_bTu`=mw=D2 z+H~YHg%z{M7)!^*H?`BVR6hL2#(j0*PI2(rPa95@k|c&tIPe@~(-?b77OV`@UY~fW zjGb%uC27v?3vBMp?BNIrY1`7VV6Yxs&j;J0)|gJiT7Z3=2U%lUQvS>A{oK`SXSAT6 z;yeE4LR|6+$hVR*^Ak;7)KOdQ%+9`Gx%~8td{y)FIqK=>%$4Xr@J%bdXzEpxm7tXs z+`<;$+dGPhT8XlExf^TsWh1l@f>|8XROE8q?9E4&!-yLKY#Z0N1A3m)iiucV<}n$B zHhSs^YkH7AY<@V6pvD(57dbBAwd1E|Nb>1$z2hE{W?Wjq+aWIt14UN^Uxp+Nl&* ztPUhj+#Aoob_Y5ElLiW!vZcW3q2wtk-R%_o4ddhMxu zo&6UYVAM;`z_`tZNuB(t78?Zyl(4y(@IgnHG}~BeJPQ|TN7n=P7hLvDH5ZFDXh%7( z+l949A0}4_Af5oaQ%Ky1sOlK=Win@WwARYro8r^8tq$jfF7B3%eh=Qu0d?;$<*e>9 zz=Z95bur<7qhi>hDe+)#*6a^2xMKk9?2M)i@3(p7{)V}`EA@)0d3dDbsQiqukLbw4 z{T}+CTjdzkpLc(Wq0A=mY{yM|>g5i%Pe61R4QMEX;w3k{JEfPmxmjfwQ&I1)LnPiz zD0n`1y64TQZpN`X8#DQ;w;elurZp2;=)|81q4cOtwfaAF-eZIlCos z;>7qLPem9o0qqI*5B_xHcQq!U2z#g&!A4lGe`XuUzA>VnSgQfk{K01w!hqg|pe*6wlHrqq2P$5g0z%152Ms!BS@)(sY~KN*jje|XbEBPXzpnDfT?cGX z7*30xfUnA+d+DG7(m!-t%6?40+f%R9bL!y>Dyn;xowMutxrQ|aNyl*j;Ma^kEwNJp zS1JvswGRi;z-s!R_K!u?VQi{6XcFLy*H~re zX4n;Hp~=1?e%PD^#DwP7KVrfg$xjq_t6V@9t#U*l`C~E{jZVCUJm<3geL8efMhth&<+KjQLGyLRyRIA&|eIr z1PkHH@iLi+yq-ngc`fZF_Mz7Y8ta)Y9$YX-?S`uT+=VH(NS%0=zPdaws`%}BX73z9 zpSjRJ87m_5Lg78ZSLKrDsVv{xDYwpvX3Qnsyd<;?H_hj8)*9sN&}1bF`@ zv4^64zRceC68!g@x8F&soM{0>+btbl<`IavOSR}@{fDEu@*D{Fg2%CD?0;gU|CK>* zLe;8KW2JH5CR%bay%MU*T+ODvo|PZ5TS57~O3$QQdZN|IPaq9Mbx#cL(%zM{0ZKVa zJkVel>F<@%K_9faAXY|s@>xDDH;W7I z^KAKHnD?D2Xrs@>&|YmyETvi3mfgC`sVp0~%X*JM4A;_hWzRo(1MZ2(yr;gDOZaRI&M*2Mtu<{7E{r zk#KgqgbkE;p3zWLH`BHk)u23>e;oJbjfolc9!{ge)ly`U1U8=@Zv?;ZC3dZdg#Q{P zdGz;2l40Y&5W`Pf!hi5B>oa?*gxH7sn-VgY1mUoK0$7#?YO=!l;b{Qi23_vi;1Bxjze00QFy@Rlm zJ60l&{2VoQR9yF#vu%Mv&Nr#q)ome;C8uStZOH!Nm+w?N>s?PB~>Q$qU)%P$4 z&p142-d#^MwL;mv&@1b&imiVs&?L3_H6|}1nmUncV12|m-B?MAKyL351E=I)(l%)G zfv1x)`tRwU-<3KYfq8s~D5C1}(P%D;rT$ zajB>4k5J~jaQg*#bw3nRbk)utgRQtK-H#Ww??7T?Bs-LonDs&3KT#n&_dRh z#?xVSNU8*9#+5D}3QL=-YL?a5Zpgda?=lCCsF+*q@B{zEpp;L5FAshO9{okI_#Z!- z-iyf^4e2U0K@&G9P7m1zA*tcO@J`^Tea5Cu1EAIQG9vD<^z7DtCKrbJCE=!fiaG$S5A%$ehqzkJ_B6M!F7R zEkxO%tobhYM%@^!VF|kBG&Lmr=NUWSXl{0+;I{sYKr!%OSH`YA%#F8U4t6{`g8 zvt~pTNA>%{J1WhLeR|j+5Xsms$1q;s(bsR@wg4XF>K#eO+KPC&#eLfvoSbDKn2Nx3 zz{z$M`1PSbEjH!tf1$EC&h|051R}c9#>sH5&EiwrQRSYG4jPv^BSbfZqkRqyu}fu( z8Qysl;X^5!WF)HZSqH(uO>Tiwe%tTR$c(ZlJTL6xFA?f zoqGd57A1lf5QWiOvo9jP_QQ^}mshJX^@>M*_z|z_R>+(*o(j}^yJC&l^$4I=rR9p- zhr9Xj!$<88>0G2oko&oH+n7i~C{SF$dqy-#Zsp~>hb8JZOl{@oyH^(_P!$YI1N)Ra zxN&6cEtxlo+V~gBF8kSs{EnmJ)_MT(B2nydDWoGB*PZNdBAXTL)E|B()VOrNX3 z6SwJC#<3oS@#X|{@r5hvh$0Ot1l#sR73nQf!-tE;h-_aQgl%I)rW%X9k9D^fDG*F% z?>z?D3+iK7g(n2lrsB%=+-jz_n`-|vk#vI`!0n&X*TVk=*}sc#Knn#x6QHE4AO%tA zzZ1X%jH?ykQXk3iR(6O?o-J(F?>>H`xM#QSu^lg4B$7Z%5n9Cq6&Q}0V=4(GvknX;?xiob#H_YVsNR>zv_)c=c5r8Et2a*4Mu z)$bKb`{B)39hiz$>%+@N2$0o>mgRRjJfhHFZRT}(FOHVmrBuLN*wIEfd+)Wiz32=l z0;gg%ZbhHnGQ@wr&#YhO12Nt&lIss^eklRH_@l1yzb!5w;OT|s8nZsgNp+3v1t4X? z56@PLCPADZGxFzPH-6hbyM8+-8~FN=60AHn2e;)K55dKU9mSC)hCEFGYT84^NY7=z zVBPkn!mrwa{hNnp-H|$WT)}nLRiOyW#^A!sC7&V$s>=UNkVyhyaUG9N>7Vz9zb~Dk z9@~~5{<(BT1(v=w`^ZRPuT@(oy>lUGRY=9_-b5@-{0r!K7qs$BU2!C(721}pEtptJ zu;zQ#Mjnx>$7{_Tcl!sBOwC(KAiKE`Q)NA3&?>dY#4oNH3yqBEbHdeakBZ zg-vj4mN|6+YuE750zB3=p0<|^^>P9^Kr|s_#ld4dSW$VVs+|IH&oGTx7U^Q*_0heO zxO`f(X9!-kt;Za?e%C-iWcb=iWn1!o>7SoYkN$KlYNbCSB(!m6@Wu((0Jn8#i^4Aa zr1qdc{bvztf}hn=jP40I2fAD3ShP;UIbtweEBmY3Fry5FBe*NQ3AUe&yIzTUU1N`1 zA2kq6{et_)=VPF8y8p*pfBYJK{x>z!>meju@lDxqsVB}nbiF#oP@Mdsicw>?abKHw z93VQ|5Hij*uGl+MUE>Tk^+5&cm3{T;lBU|e%j%F~H@GntS7^t0JaKM2+uj-lZEK4C z^Y9zchd*j6_Rm|t-`**}o?`52E%ELiu1!M3eBpy|4ml8^s<5&HB{RefR`grV5N|sV z)Dsbn4;9*rvd!qjKWn0NMotA{KTwr?;JV9S{>Pt|vO^zu77x)xy5*`I(zI%KbTCkJ&@60Vo& zNqN;Q`?BW|`p4A#*U?^72kfX}mizCX#=m9UAM+|>-?YUiAijgSo0#TrnVWVx^1FB_ znI)%8-1a$$QyZ6idL@2oVhDx2b6L>7cCUU!DUct-t^<(^y`20up|;BnOHrK001jq8 zHDa(_DXCGLy7+J4SdB(CMS_3!YCyZMW(NGVVxgA<>f&_=Ghc(b1&o{{7^{cuFPnq7 ztlGoEd)qq;`;|)W!5L+t{KuN|AAMXIRGp*Dlqw<`Pe`)5SvhFQt_n7 zf@adT%9TQCK{7}Plrln|>sWEbWGe_CbnSke7+90X3$0XE1u8>KDg}a;dfiINuPi&F zp_MbL4ubl4R{Da7DE|IyC*g{BQ6_&zf}Cgx!wl;FpZopw=xtCJ`J?{z z9$5O>l=_?aE`veWJpUSkl;B!jyZSI79;&b%hNgX;zz)e;;_rZ7W6Yf`ikIK7jb6Ok zZt59`cv||G#EMipA^?S)pdBk?uAMl)NVo@#cKwOug1$9bs`}|vJ;JL-P6?J4PbKz) zEP&h^wYJ~c6#kUtP}7}*apLbODF73_*e5pk@{I`e3qPUT?O~g2I2cF4w=XRrOis3M zADHK*%{@L?J8yy$8zvqG;YOQveF{oZ)7H_5jqlWdsOAMN1!xZxZQ)@b%K&c?uRJ!) zdJl?sL}!C`88Vr!XJSBUc}jZ3ExoZq(eo+Q+r~*~djPJFxQodbhr<$6J3fJ6W8IdL zJcqECsHZ|e9}Zt`uxjt!4Bzm7(L&I$?Q|M>IF3pke!MlipX&w=Q$DAo>G2EN5#2!g z@WFAa>L!-N!IFRRrRmL57f&+WDYR1|+M^LmMKVw1%Yf@3xqZz`RaaodtoWj{dlSr- z58gsEoCB4ZWnMkzXcb$XsGiAxVK0anT8HN{$@?=qL2FVue%yAQ`lgX2>s(k zb1QSKf0-63jA8(;=;Qwl5*v;YtlfqOdwRWa^`m(NxuSf&u8q~2JXMEFQ5@1ufhcd)6kXO ze<5(Rg5#$YH-!?qXjEKPik8|sVJNRuYpd?OzRw}YOK$8vONq#SXN{+=A$CLL-pJ7u zWz<<~WAxsWYQTot)>-Dpg{n!-KKO48%)Qaw`%kd_KbS~Ay+=PHHH!%8fc`!kX0D9>{tqry+&-MyObUIlAkb&{)`i?jnvFenEgJuW zet>!KZwx|N1K8|{N%LOO|AwNWw*wj$ir<$(wCk3j!gt<*x<+7_YLoVJ`wvA8-Ile! zL;ymhEpL^sax|PhLaG4@Igb1A?Ew&Q3{_dW+X=#7)@d6g!>f(t_}GP`PU(_)>rr4g znSUMU4mz)-@33k3pECyRw%W8~t4m5=L;7XEX9MnHF%nAOW$H(k%T-A(G4wF6yrNQB zO&@TU&&|t6QmG55w_me{#ZMOrKX23n1p<{_jQ$M2{Y>Ntxl8HgD8Z$sO8xfx1^O}!Pcv9)1Cx4f`)ImVpba2DdC!kT{0qkPYzcaPf-li- z48oU>rW3Z=NGTtqvxv{)eg0d6xP3((lg;bsa8?hNVEo>A!@7kW0x5Xgiu{BMscc<{ ztB?nm0Yp5ehg}~dZ*VGBZ+Q1}R@Ci09^3l*nKD}W%51?aKezR_@n#uwUW);3-;17T zWBvLvF9tcUFhm+O$o(wa4!oW}!lYkHNz4GOs60 zMATm;4#o1yk}@R}O0})1stb#M1Dlw%uyCf4d+ZE#eyQMF6;8|21d3)nZWQ(;2t^mE zWsX?<_m%#oRNoD<5hflRQRWAzeBElSmfT$t{l(f#?*R}Lrla6i!DybN*j^Z8sjZXC z_A{Xesk7E02SVK;*rP|Eaoi5&qDXX%8{wZiN=ys6(czR4yE0eHx=s~V@k}a1*XUAs z8G~q7r;A1F0hOZ#aOd+Es~5UclC&v0J9Tp-wFEF5a-&(!MH0aD!uy{hfpSwVV8Uzh zK))s7AESE7DS(Eg!dE(Qw9zc3FtI^?q=zUQ$fVB3IwrbK6= z^roUp++osMa3lqblT&!b&2iNFmU!8PGWM5i22t6qQH?|BDBxw5KS6D7dKJN^1M=j{ zx7kBK=2|EE#s3J7a37>+^fQ;+RAcs3Msk4sB4|Y!;>~gZpn3ryQiwMULK18`oQf7kA)Pp~z1!!W;$sRQ3f zy&Eld!Dp8)h0JS}d=TfmspUQx$=KI-K{vj*qKoAl#P<|U7|ZS>DByQof5nIn8m@F; zE|76f*31RMGZ3$|x9be&A#9n9C659w0wn-ZOnT~I`Ttyby3{!~k!q*&633DA(w(xn zbZ&|28V)Xg-PUnf2#moqn!hNO@`gIx_{`XzSMk!qfyZ~!eXCmYvh&=48Ow^&rSoAZN~A3Q7FM`P}F1<6M1k-e?g#Vps9`tvO*Ot~mS<6f3itp7mhWznYaNM=qNAYmE)<|7AsZD}UMsyc`Dz-tglD%RuI``Aq{bT8*@Kd=RA4$?RKP|f>$ zNFwWT5;)S26t_-dq|%1SdXh41Y^+Z+_pH)3R^yhm@|Xtd%JTn9Zw@XOZ<1+|l<|%5 zG$&ivKUv#f_XyfX-97Ul1a`u#A#7*zYj-D>wNHS^)T@6DBKzN=iYYogJ0nNMN8h=Qrf; zw9@w@;piJ$`*^s`DdaPibLU;G{nl13-T33PatJ84X#Y0X*|Ex~M8Mt#FZp9;dz~gM z#FTB_|6AH_AqBYB8rhqtPk*WS$k-bMcQN2ZjDb3 zN=H`=j^Fu#nbVsvnX@=2YvELf>MCiyNpIdU+w8e{iviS@Z`y#tY}mWW?Tg zYcN%ENf2J64L%+Zm3u!(i zB(iBh6|x&njy3LlaspOwL01>Kp&s8w@(<?Q<$+j2xtKpeTc^@}|y0!c+kh>WZKw4r3 z^>TG@IoQaRD8!0@UDiz6)0$gxSp@I6LhORvu18i zLTe-ATcc{!0}*reYG)ss{Rt+Uh+|^i^xrceZVoQ+tiV}+*pnGnWyJKyL&8*$&xCba zA!_3~hYS$Lpm}14!hgYJh7SnWirs0mAY@4`Nhu3o$`>qb^whLdI7q}05M+4S11iuf z9W#Qh0JgeL{d+cEsUxS~*-dZ8ztY~mOu=+;`bcKj?FEn_qn@OD9I(BmFR!DsM7G#l ze)ER@;#afpiN}Bv3L%%afVj9Gqn;FuPwj3aHNc);#-ok!u9y(@UyLxW*0gpjKr|Q6 z(Q|Pezy?xb1;A+m969WV99gg%a;CLA_&hd8Qn6Bl6*+Am44u{)v0OS{uZ`+)^;WK% zHkaz~XaL2jm;T3Nj{}tPQ#K9{@(eoyJ$ObBxjFaOMfzbYLEX<=#vHKrx0Fg=R@sWo z*jGm;Slny5Qe03pLam;oXTp*Pq7850jM>0 z!?m#)-_d$Wf(J#wtwkQM2|51d*6uR_EPDpFiGqr$AEgr&AZ(irqG`GVBMR=ypxt_K z_J~OvkMp%d=^1s;u-;ISFdHY$Y8k-LD1023h27L|w&4|P>Z`vn{p8+D-OW{QP3Kp%btWzB@SZ(GtTmrs$SaWW>D3r?X3235@Aqq3 zxeo-?-p5ev@Tep9HC>9K{G4O6?2jW?v8hAc)*6qkK=9YG z^GDcPqLWoZruF$vmpppT27BCq*RV^+5qJCe8%CFH!6Mmpy`fda=!6o`p2Yb<4JoE)(;Y(0v!FcWGEq^dyP+z?-@09Ppe)*amPAsEwh3?<>Rzv$QBFE5l1>s zBa7U$Xu(pmTR#?yE7GDJnXJgiUmNQ0GNXBiPW$?cV2vjgyWLw^z5MSR6~UV=b*PE+ zgupHe+JnzZ$qfpyUS{IJQB^cAe zRJIiq~*eO0I6{m2bO4dgNfmyq%^_NP8nIeO|c7GE~N!>Zj0(>y@e>9hw9>uU+T&j^-gsv1FK%;_qU#y2M2i1;?DkuI zfHn}nGJp=*TtS#mjz_GiPTphI&jb^p-i4w&WD%rnAK5SVDxh=E^P4>^9fIP29LjVrINN zVdwiA5FyuUJ^%*F(uyWFhQWD7;%4lWc2zLsvH z;a^1N8$Y|rPdTae>FoL~et=(`RE#U-dm?psrq`=U&c1~mbjq9ObG(ZnB0VS~1Daz? zGbSZXMvc?Ga+rfWdZ!1EU_%{7yR&2Kg-MEm z9`eznpwISCk)7LijR~()o~D_TSOabi*0{IuNVN;LHf317q7C6M;Yv+}t*wE`S0$%)ckH#_97=l<9^DQ2Cn31?=Cme)U&A3wTgl z4jvYi%3-om$jVpUAtFPZ^&mMOmd(;;64q@)*;IOWdL7n2!hk94Mm7J15I;r?t&Xjp z?(+L)_X}9t)uaw;5S6pL8saS`h)b407Yo0U0}013;fRy`&()bqCoVT{$!~pdD=^&N zXVTF&(>*StUBB#Ia8315Y3Fq?&+uD5eB6TNF)TChW2aP!g=Vhv*699v_dHYM^HP>; z6LsV@N2j|Ty|)aVGtAiqnL>_&&%Y%q%r($IZa#U{g6DvR(-=VyoioE{Xzz;oOdlC) zMfN~_p$=jF@r9QnrrTI6l&# zdHQtmn1c z@Q5FLc%Nj8a3^oV3+P#~Hjk2PLPl|jYx6{(Z$-a(l&-#e8trG(#+*2-YsPUtY)+!4 zB6GMnN*%@yGJ9{WYPdhFvBU0&YOzw-_$((LIV%M`x^>UB~{TN`pp&GYs}+K-q_XY9Q!+HlfB~ z5S|XFpl*92j1V?+ExOIf;i&mJF~W|uZ8g?&&#|7LPHE9@pzY(63jx{5_8O~H+f$kB zZ=wT2$)?zV%NhNCIZ{R1EZVV6$Ip45G5N3RoN0{&HZp_mMS!nxfULaqzbvEi@ZhSI zxQh3&ewUl5c?=o&yo}|_+GTI^FEL1iBT;eXqMl{W4LEGJZQs<>l|ReiO&y#jLmxNCRKAT|%eQ~82}%|zEM{5UQlmr_ip zSll-p3P;+2BmT~Jy;vfhG~50$3d*@5QTZ$#4{fv%LeJZaeV6f#eV0+urVSS2$=Wz! z!=&@&i;ovKWyBKOPcM7>t)h}cck_mA*bT-Ljn=(%WIM=nFBGv&HCNef!1p!nN`P8p zqU-ToYPnhNbidz8H4a7ZgjuHzp~TjvyL{|&i%*wE)7V%kori|W)A8w5!M2Y#RKieW ziyf7FNNJm#ES(Zh$dW!L&?N5GPE%*nm|{mZXN=U*nsC3e)|3n}bZ(0o5Agp@-#vRF zZzc?Arla!4Z>}zb*xR6HtvTX6ODp?b{BloI>`Rni4%I@IVj{IfBV*?2+fWS%e(~F+ z6){1L^RJYm^Ym8TjwrspDFHMD^h9$+%o*wK1=y1S5nM_dZu=jkesr?B`5oa&qXiyJ z?`Wr{msBi#OusO;p=tJ=yr_N=yzA}P&$s1o_rdP#)o_llurPt(RXeV!jtD22N!Knc zfUZxCwAJDpZyMV&>d+_D#KglrB{omR)JLB_2s8w=5@3IhfM%!}KzXuuM;nJO=Cp>f zfZwzx$%ug;LeKUM{OYGPLyj#IF}-7ZcfL*Ct*nY(jSln1ik?YraR5qObfN@Q$D-V@&>>XlH*}(RM2~+2emCu> z?n>HtpeCL?DN0U;tq#(}(*f?_d>5STfP9N})^g|<&9JS8FAyvTsM#diKQl7=#A0s| zcRH!w+bcek<}pUhgQ8jIB#&hiF%b)G*OWdR!GjbvTzr$|=ZfBHd+AOIqF(}fvI3+D zt`>J8oFL7ASOhS4x#9w^r*<1SDnEz>-@+v;UI^#ZnV`7@D|VM%-Mrn7$28nT7JYVj zlAT9Mthjt5Y6k^S-^rE7$IvUorv1E7^dKq?kA2%YT=NYfm(0l1ZiscT0y zhp4B$kzgOc*!5MQ=>cl4NiYRq9PImPrycdLL|4O|l_qNVOm1-2N73(`n^*Tc3LwdD^4>(G=8^XuLR=LaB6NH8_j%g zj-3UXA9<WpgO^jj^0re|)pNz&zf?PNb_yZlns`S}pQlci{?n|5_Ou3y?_ z`HK@Gy@>aVnorZIiLWhr^1M%bqW@tQ+^iia>m4JZ(-Ee%+uw5g>OY`HJ!E!&ytjcp z)u73o+b-n+y#dUnAm*M`wc5tS4Xp~_&&ILrLtlrZBogPUg4GDH$-mhEy1=fsxCx(F zOvF>QKVanXIS|sC8?OQ&(Pb~URjzvPV|o=4l2FwV)MyjzFMt^kzZ`BPrijoN~(aJMefSz@n&>ImA( zxly(Y9Pt{7i|RGQdxGs-q1dfz(^Z1#RzG#>l`HKe3m*5R^vur!DX&YyfR|FYy^+a_ z{Ec{C`A+iv;@0xW%fJ0- zE&+Z$R52Yj7)o?NOrV@D4P1v?d&?w{ItlL}?CXEyDa19OE<0h|S3xNW4QhhGL(a69OfBo0UDFnd{>aS$=4F1|deUJZ)hhVz2W8 zo~C#rViW6_9ZNSs;p*+aiRP->hh(`Dn?bZyrW`AEZYhs$p+3o~e@&%l1U+57r{q$v z4fG>ybWIVr5zKy|6vtn4eq=`ycA*kh{6s5}P}EFe?ftPLqjIgIOJS*cr8$?q3?`DI zM>u_?$u>4UFA3NCNd8W?yjr=BXT+8%gF&?QMt%Klv0a(8W{)L(DV$h4c#QSRU3F`p zfpX4+Jqnn;(#S1TexV+H$TF{p0YR+;96y%XcRQ$+vH&KiaF!%K1LOOl;PI853ml zFDe4JIi2E8iu3Uy@RPj<$#uNHXp<46efli-6K%6j5SV1md1gvwT|lyVCSR~#ZO+^m zc+_gnF$lwb?^t+53J__BYtvHrFhT~FtZWK*7#KheG%YBBQ=Fji@&WoFW=kuXSQ^rc zOnvdqZt1>bKju2U;A(E(pHAL>OZqJWfIX-Eb2Wd&Yu^)dasjJhRrc=}3tjD0qHY-* z9bJb&>fXvNCY-`w*x1+ZvbX1K3${MrHNEHR=Igho1|6NwD#OyIAeSQ@f|_KCB?iM3 z)oaP@H5v%`5Cra_%q|%3K2i{1&X)9F>BB;ho0{)RfD&WAFU`$|j{d_$i=PBEqA{6< zaN57AD*)65AVCQk&>Ue7=#cf3OLUF*WPROe|`EzGN$5tVc3QrW<(-`9yYss^9`>de;pr?Ni%T;F-w& zYxl49vOrIZ1au1od3ts`&=~qBYkCg5(7%+%&n~7E*M$O4U@JHmKlC(zjhTWhpXl}z zRdi_gH!g4-CciTb+qa>9hXi^CDBIcf9qGr_T%02zIG6Nt!=PVs$RR$_vefu$8jzSc zuDJHeVeOM^%BPHh*qI_^Y!R!TS5}=s)}-FVD)d}G*-=_i{>^we@IOmGe=XTL@4h29 z6{#^$R1rm+J`$!)k~K2En!k#NoEN$iH`&F<6V!ppM2 zxUd_-Yu>;pH-^W+bTzyVsja*B9|0o}zFgv`|IaKqK>qBopO}KzIBfPh6hq`c&tAe8 zXb>Wb2RFwit-{EF*ARxPllG7z76OWb;%Uv#mXPJpFMRBs)k*~>Eut9aryS|lg3}iD z`}b9<*}XWykqIsPjqOSAfFU%rQLR0}z?+=F2f*s@E-}$FngSaN{;Irv?_ZR(AJwi6 zbwh=-M?>Q)(5|#EzSvLo+09cC%CA#DA6EzrFiZJ;>AIi?YHkgLTLvdN*hUu@1=m)s zU`5zo)a;sJhvR5=O$r!4Nx@~3cRr@OBP|CkX%Qv}jsuJVCvYS!{Au1v)4)(f+7pwn zEPr`{k{*J&{v6c%B=K!V>5F=+&9M5aenY#yBCRwi<>sOg`T(rjs*(P)i|hY&2GFGZt8e00g^_Ki+g;Dmp%$u{~56UJ&_Xc!gMlV z{R-(WyuZEqtHT7kYL?c``;UBWPPqP6E;Vo1MP2Bb14(>Av1N{eB6Y;wO~#7awA;Dj zjl=o~n}{ixc|FqSMd=#5-fkb>91NIAUC>8<|2 zXTYYEiSE$9{jZ>77+lQF`e@LthnI8Il;%bxmw=ckY^u$^DO%knmTw7gfQp%4gpl<9@uE)QYk|sT0^EC_z{X zQpAm|@6yQ0Eh3uFfNCe{MJ=?9itc!CTtFX4I##>wU+7DHqL`?dH5q-M0M~Lnp2Zuy zJkkZLg(U)h*Q{(@V3u8`HQO)sHP^+OG9K?yAqwE4+Iy^ix_ft)W~2j-bjo%P>6$aR zKnO=Xm5-zh4vun>2GVFbe0_O2Cv(mo?_HYAz4t!(YL+QX^NLtd?FTsB) zVy5R{=iBgWf}0+KBwC{U%@RW@YI_JCmQ5a33UsCBbUH2(?+-XG#e<6G9v|XEk{fC! zYhCBA+!pFG4e~)U?<-N$;W70Fu+}ym?`zSh0#jLESP30+1L@({=wX7T7)x`w^}v`1 zfBO3pe*-__92>4JuBw`MpcCxzW}R~ly4jOR$E8H#8!aToQ1~?*mK4p@WAdcy3fkKt zJnPbrOq0~x10%3SVEa1on+|O9_|e|ZyaIE@z{;mCreoh{z^4MUd)Fsln=3bi0h4e% zXi>uT7sq&z)x6osTdnM(wK`ETFH1=!s0xUHec>!0r@BGEVsZ>0k;$Blm5aEV&{Gfc zrGg!;FE32+3>7g)W z0vjQkX<5p|`+z=!>jJL-^u+n@3DHLqFhzRX;`YaIW35`)!k4!z!LOFfG|DN0Cl-1b z0WtI?thdNo&8gL?)Pq*?c(EE+FFB7IiPjDD_g(iLML7FC*K~F|pyeGyYo-No=NRJN zYhnN!Y8Kdt^a)mTJF!rJEgoWZbfUz&hU!*y9y}QJO?)(D1X6C)LBf0UrY@-NOdDEd z{HkX4a@uD-~R){o>w>b^Xy;vq7EpW#s;R+JJPmTKt4#&8Ca@tcCnz%2q#_AypAB z_hX;=LJ@pbI#AV2X8a?gqnjw-#P|@d- zawZS;iPyJzD8dySINtM7`itEF)*Q~V(>vPOap8AeR8}?HPO%zSdAD9Z`EAh-q+xGd-HT^^b;9%Rfh+2hHag!Gz%VVl0pDBlbxRAe@hFzzMSTr~ z7fiIc5t_@)xXPfQy1m7JQ3OCuaEeBzK4tLuRIY!iHcE&S>o2ga(^(he;K2#u^)#<> z8XgbB5mmN@^c{(dno$RRA{tuJ{B{GwOFU)aIAAYMLZeC{g+S%w2fCFD$w&o22pjUc zz0is14TwKWOO+k!%LpLo>%jQ1^>Di4zrFA=#a>}5)Qzrs>NVx=bbW|tVTukoHEo?# z*YUT7!B@@0hgUrF?Q0fA!ehXFNlFp&pQWkxK`!h&h5qG7*OeVgPLm&)cCMkQ$|jAq zkC!%Rn*eu=+?W1DgmwxR8h~M}MB_CB8sqxQ)udbSOn542lv=;zhv7zjUzl4O}`UF?GeNpXqK zep{YOTsq(uHSSSN@iTGS)S)2yAY9Vaq?BmN+~iToA66 z&=k1Zt;_QB>9TdF6LTH^OrAK2da~77Tgh_84Xf)G-WB`{6$k+oaw65Z9g_gOzS%fa z^XzJp999E(g?2-$rK#^P_7D?w(J6&PjZ$%BKqn4G9A> zAI|DpW+u+s0;DnDI+G0^P*+KJWyU+c=hIZ-4LG}Z{=NL)#dbL#g4(DWL%pk$rbI2J zCoKLCfu#`Vf!Z2H)Rh~AgH|5_A^R*Fjqv(ujaL_{_7BIUuXBX8j0QyLG7;Bt&Ah%9 z3>R6RXvmgOYexK%+iOJj&q{i+1DQJn`7vQAH8U`HVv6 zO;G_(>VQzv;lC%q{5~VO6e9iXI^PzvcGzb4JC?BQhm@FO$#oJ-0X++eNB5EJB|lw1 zX^un&RuGk^e$V00m*#iAez9#~Z^3S?Tmf4MU2{yJ>QsJGs!YTBlIZdF{5WPO;4Ba_ zi_5*3NclA;nyo;&3gWqA-ZCqU+zmQUASH77`J^_xVpicFEFU(efj|Ll1ive6)_p^H z<0svXX97}?BFsiYhO~eaErW#QWqE1G$Y|x7q>|y$?_RqgOQfwdjtJnO&iK};e+u6G zm4OC>0~p+G!>m^g9)_-&2(b0RuEQv-R+XFZIT*g*oyI91E0|QJ?)Ay|`Es7vdcCM8 zF484w!o{q1VHmwAzn!O@ctFEgQc<>6tnPPgO1S5SijW(+A1mTD)=a9&~nwVXdSCpj82pPhD1RIym)54qty^;v;CH8{z?!6cr0pMwWpb68vvl z@h??5qg56DI`r6TB#m1bws@942b-`lcA7q6$;s)>d==F~aa~FK;QPzUW88wD`Xig7 zLiSu497;Z2Ee*JNpL=Ir>gu01N+*W0kUjGYHPZej?NI#11yA1}VchcgO~^SO;^sb>^C|%~yqlA$Q_Z$S?U54QcjcA>=wdhCoRj9V}; zHZb=H{}2n8I@V6v3BaAY<#>IWC2Qw*Q3WdC zUZX!nzQ@R9MFZmsyL#i*QYJt&R-@c;5o3}6$NUmJ@FgCKepx#gid^}f@c12+TDyE^ zl(YA&A09sWRT@G0IelpV^=xnL`>cu)n+i8pPiCPsA&{mYKWiN0N@k123TyKVle`i^ z^lVbw2g|kniHv)6Q$;xI7-ssjuM9{4rtnv4Iq<64fH)XjYtPBleFvzyDm0BvnnW+L zDw{+3qjccY%vv@MGpb`RH%g3){RM>0ax_PN1U~z`{IY!24-$W;Wc_H;&=6v~8EHo056zzK|)*8b}r{ijrJ z5$E;71Ay~yE52zVakZHT;|4E6*{3_8N|L-cc_>sCq;h~nQilzLVQ%r8RlR@tr+VOv zy!cd|iX|>obU$5TVwxos;OHQ6+{BuWcp42i*_txDZHO7JmeLPS>EMvO2#0Fx5!i^9 zzEtcvcbjOET3j1KGGgs8o&P~=_lLQ$-0O19<%h=5ZDuM_Dw|B17(tekt3P1XNqp

S>gmCoR;u=;4ia*mLgiuKAkW5Ty zvISUma4%8TbyB?BmscQLbzXIsx})Qbg<{9+G!zh3hGq7Nmz1JnE?=J2o!B4AsiWrZ zF>q*Hd{n;ZH`}D-?&h=b>Rn+S%5%YQtx3rUy}KNSzv2QycTn3&n#dLQ1hc8@mrqY^ z`w{H@?GbQ=X`RCwT3Ph;`%Kw0#(CLrDHbIW(7OrU9GdPgj(4soD%^WBJg`;C784<* zlWU{rc;NZE_~>SsM#s)izVkCGrrA zc3>+uM$Xi1^q*`>8D^DH3!I()eBVU!xp=R_TLBZZ3oS7PPB7JtypnFfNDlnPf88cu zIZD9Jo9V5sfZ4al&lgGA6oa!$9oO{VKh!IGRx=(otVm1bKx?ZI2zy%d%5e2DNoeQb zsy2ZfR^}8zL!!pb3nS6LT+p}FBq;opE-(vsY)s^>>jP7^EH4F0`6)gPL?EX?+rY>8 zi2}X=7pltWEF=8ioA`aZWhh6rD{&T;sdb?@QJSf+iuUVPxp~TZN=MQ@pWa+^h+iE( zq_r_cx>d=brMPogXfpaYG;3-{lW`N|_9bHR_^@0ppgu|!%1gL97d>NeXLi~d5h`SJ z2cE|NzcDSVD((~Yq}D?aQ@U7uecZM+%BGvh8Tdnk)-hwJ7P1;}f6PcS)#YHMysKoi zaJddI^GE9b;$Y7M#WKYUUF=!72_m#+G?mB2QSL~6H5^kKlp|piJ{02hCb<<1J(0cO z;Q>&f6buTqw^h8$2EtoOT>QlFb2@E&5V$)GM2Im;s1FaJj8W9Z10h3(*=RKY1JvJ)p0(uaRq_eH6&-N#9CWcQmNHqAB=1FkwbhdjmV;(^zkJ9dytc zyqWxbTODKZysiUJ)qgQyDpigXcnC?Xxru-1HO5{E`!cmc)dp0*CYD#ivA;SS)2yqF z>7hTa7jL*fR!Rzpcqx=y9vzNBK!vkh`CZ|eX1EEDHq{2mjsK8+hQmI~48sWiAi0|Ltq>6l0LpkpygZ1!qWB>v3SIvGWo;6 zjrrL-k8p*rQ@c?%c>WGrm+CQ7qsX-}QnaZZ)guD$XIq?Ox-sTMu}AZVjyzJ|hnTw(5TcYz%>vpDkY2KSDww5`U6FHa?JnvY{@eY+ip}xI@a$ z^PQkUS&hOcmwfW$%GAEJN4Y{%#UTFSY1GyPm1N!&vmnYoI>-TYdRtJ8_mRE7&Wd*n z{6vpWe6IT0U_+J2W~Zw4H(tP`s&q3ZC+0H(rqS1qA<`GyNgESB{VLF?+o|r-e1GXs zZy)+FtKlY;?y8jbl1{^i^b~4Ko=@cZ*jq;o6n-P_XE95tC9^?xVKdFjW5V$L`b#W^ zvu;~c9zVj6C+1rlExyLjFq?4K0hX8Fe-}cvk^yY3J@(Fdym_t^T)q+g_J|!y`nDKU z1gIN50jl@hd2~y6^Y(^%NI(xjnnzaMbBl6KWnZlkmrW=?jPn`XZh_sV0e_ot$xYxP z!De1G>!cc7 zL@VGYXR@gOaznp804Bl1&B+rPRV{i@BPwzgkL*A%Wyno;RHv5g@KWITFEZ1fdl^Jn z&_j@821|3`!)mVUQfyf+UCj@}BbsDSG4~UjjEV(@Ul-Cp!K@Y2L*bR#ova?ib7M#2 zG)uY#y0Y>VunFhP;SLw!(zg_CK`kOhjvs@t;F(VQVatFL$;Q3MqJO0||8=Nxmc)4& z%NAeXvx^D%>1bv}deY-;#C5%%*4Tr3%wy%Gl%ajirm0eA=NkvptHOwR3+(boz%NZ; zWwF+(X_7mR*NinevR@F(zA#D9%t0c?*&+06aLQJzT9X|;9*x*|A$e2}2N7>aM>j?| zC|^tlbp;pVi*1Op$$w&>e|YdPT++`>Ekn9G(_@QZG%_*Hmr?_3DQGtKYiiLNW>6{N z>DOJ?9kMCxS2t+<)wMf*ao=NdtHU?(Fxn=47e&JYz} zVLIumO-v6>wBw|XOC5u7y@5R!+KZ*GstERC;f=u8%+63p=HDkuPL44wFJeX?5|shd zVxK-ke6D$x#&Vf;1aDT!XgD)laPwOx#>I%!%u~o)IoE;l6Yf{U)=XoqqcN41P!-0F zr!CP`TfRO&1{r;n2sUkNDFY-|JqC(0m9rdmk7oSmEeC`3^!}uv-~_QT)hIa_UbOll@WP&Wt zDb!N?WVETUBPa6%V*eiC-(x!3Ymo7cgud!En@rKb9V=BHO{h=qxi9(m|y}-8y2R!|0v31QX_T|X@_PPQ&6Z0ZQ3*mg9o;N%sL)KJ> zyA?Xei4hrM!R}WF%&Hn!=69jy%eu5=iN4hl)^~R^X`eyZpFV5e>iDP_vuO%PtXtoG z_fz?b1L<_}-fX1Zm=lShT11SPXTo64ka@eqX*CwY`^9C7c{3d-f0zqtQkx{c%Bew^89jS(>WjDm5v7@Vk1r`o%!#B>y`*lt^);Aqk%QaR2x9)vEY%@eW!a5aS zUM4?DC1tgCcb}TEP(0rtkuvcu`p1%`b5dEl!N8rSz}6K3t_Av9PRai!WUKETZ`6gXaW7>b^-N_1V#nXaUb=f;@dG zvdc8WkGONTiVJJs71b+QKJ3oM(#anl?NIy+`(;^X}hzK+Z8z(<@@zHQv$yl#u)AO7d}za$J@Sn z_euKKVpg_|oO(d3t5KbnrrP^(sWai@xte78hBDI)w;Y?*Z}aw7rgx-fXN_O=-@f*( z(-7$rR=ybJ?gilXO`nR?=iF#6@)c}lA)NjF$xGuVe*n<@z8`)yte(#w zlP;zA?UfNGCygu=y>OnsNa(g1B)fXCyM%_l$wSO``!!sMmOd58uFuUB4#ySYIaWvoT~Ecflip_;fy zW&yL`9&+c{Tod>#P*vMZ__@6=k;#|6J&$7ZwpsS;=i6Tt*)93Fot}>*U1$GLKAsRG zKJ6!%)?3ttz_A@0wk(_axo~S$K1{%*T~hf?gxA92gx;f>cSs;s zCP!sUjTP*t^A?3O%ih{JB4{1F(f)kxH`F2K^G@(XYWqpPTYMV6C=1y#inHzRhKH_G z$HF#8-!6j)5gy!7Tg9|i!E(zyNa2C}jFBwb(A4bfmF0|Ut@DlB#4*=r4@YNlioGW8 z)S~i%U64hy+b@Y$7^rE4NIYww$vs2yh}Jpbdb^v%Us1T?>2?~~|9r0q%f7~YVUOeZ z^mA`p)y=PG@AMnoM$~HKwE`TxPjT8r)+(4j=qzP!H*3iTIh-vgtLnjhZXXIejEncg z3DFyQ&Ymq)#e4rS9!JfhhL@+q8w$pZrBuqKLfn%aJdn~IeTuDQr^^V%=%TarRtBz{ zxpEn}i!7d-myeIr#W=DGTL-XWQPa^frno2el0A=z0xCgq$mI>?_V$e#Elf;hEj~(j zj-vV9dG0j(Cg#|HA#Zk!%z56(n&_O9h#?*0_XJ=&EvJq8m z&OTaD0C}--bdd*ojUwIbiGG7|%RMsrFPhCe-CDNtAM*ViU?k`kG74W zGVN5MF}djEhUbw!^jBmH+-RJkI4R~gz4s22=O_^dLBUJPt)CgHTu*}=S`RoHnZ#aw z!2RhhaChx<$TGchmd+FceN2p+3a@|ja{+f<(w+2dciGu>J3jfY?yIY(W$wA_^PZHl z$6X5VXV9psTzS2;AY^-aUAvw?BI=Y;+KG<;c-4$O2BNrfy2x@Yd%VYx{EeJ2LhKR2 z=}vVb>O|!<9Srncb2(k>mw$e`<@v)=wb_|^oQx^vt@qJV|8_3otW?lnFYrJ`N{ZGh z`z@-KW%$vF#o&NtD|~oUAj(Fov=WZ4VwtPp_rUsf+Cc&1QxxYx4P*|O}|2l)mS>|z+6ryYUNvGGs5Upi2-{WLV4MW$!f%;wi zqhgq2G^B=W%;}hL44QzC2PzR3O%)P^3cE>`9CQ*_Nq$+C7`jRZ6Gab&I#7Fvb$)$K zt=J!H*YueiISfcOd8_e=aSrwJ`6FdX3XTQMJEcVR8U*!y4xE9%pKh5x7Ii6!BN}$%P3NnBHa6&EC*Xs$kJ@u#D zdwA=u9HeQyA`Fv}_wd?eqf-vTWj*ViGfH%)Jtp7WaqTxDdrj|gw%VVX`<(UfSpaMA zecVq&m!unaiMt&)G-V9WhAOt2&+0>6bx4m(S@f-5r`v5AJk@;L?~U-@CR35Yr8aCR zw&FK*w2(AWcYYt}GB` zbvE69=GSy0ENIaMfZB$$&@=R4bm(W1`s<}NLr<55Ip2RwpIBy9_Oo{;8<|0mc#rv1 zK$z_}?%h$NE0|R8-&HNS?v}1x}MFG(J%6Ml=4K!?u0BovESe{ z0y^OWuq!xhhMNf252TrLS2&RWJ?-mvlH%(_(UHslO_Bp$CPNlR=L6Dl*liW!KfIWY zJ++rD0wQi-G)LkCdmkWD%8DP?EP|}~3geoWo6*L78m^gTY#GA(H2juNw^gF(9Y~Xg z*rAjjxw{UNMfZ5m^35GBz6P5#y9!T_k6QBB$*3bQ@JG^(Tl92d zK68&VHFH;oDJK%6vpuMOd}~%Jj;YmFgYjqzk5r9E>UNUNRzC7b^PqDx+OOYx;oO~OQM%s$6#Tyi7 zc52iBZHdV)K(3rNQihQ553P)Ki#e`*dtm!{Y}q=h;u(_83_Pj{Zf$Hngr+p*>S zKUicx#s0df>fLWbj4>m6fh*zCx7xXcQKDB+Vnk)!pekZOUw;Ry0h0qpw=_TbUD5h) ze3`rhTQrlYkiI(-?)ffe%QCOWKIx@P#c-(>tb}%Z{8)Ls(|YVR%){M?X|oySrS{8J zz|+gf`RzfvPd{!ogGc-vC)UGf?@t*e+$;2^FTz*5>?Rl@IMJpmNu#x72i%1t^S*cy zZ$2+}YpmG9ZtGciKq)*_5?=_Ko3uX~kbXFx7vb5Yl3Yx0XIOhpDYN?&?qsf`sbX9@cO;t zWRaayH4w2oQ+fs!YUchb$uzzR2?ANroJ7W-(=)3u-Bpjg08l_t7RoL$N^=!&yMF%7McvlBSE>CdFKWlcSC8F~vTa_hF_`x7%g&C(Inaukq>+ zOQW|s4|pPH+^!7Uj`2fd6lP-0h(pu+CW!03(L3^lxny&kMrYzz%~&=F#uN=;Cx?hr z{v<;P%Vx3!Rt;&QsJZjm5B$xku)BDcM#raTbAy4x#m|xVYpdJ}i&?71DfR0PQoRq0 zixH4+iX|v%a#LJBdVAm7z0cK%*Y`B7(32$gS0}1tSGEPp0&N`Kt*I=-zBzCjAk}Z` zmgKBQrg+vP?^+mj+hS{KF!L=!EyV=nuuSMJ10qyB@F3m{myzdGeSK5NM|I1HTi>UT zmrBJQl2h<*>n3Ifz7LdComNjxJOwz875|;wwR}HN>-2(3t9KyWd3rs_JEQIcia>^3 zBjIalR21FM8@tBu>S~Ni#F{FI3JxB|XFe@Kf$c znlg{|v}^f-A9paW*&U=3%k!*sQ5Ef-+n8b2uufUB3{n5uNsv7xwA%heTTT6I)FU!s zbDLc07Q3Adk4GE5ymz1hk2jeGdqSH^ZdL29>f;St4?|*k+6&B+RpPCEb>pP8koz)D z%Z6!YqE)(W9w2nq{>oq-zGWlSq6d?FY@SuY11&%@Yb_7`6#p>BKS@wGbZG7E2>XQY zq3i7*crmkSQ_LfAN;}ql^nG8Sq~lS0q|$PC=*DSVb`>5+o6LxHl>_xt&bIa!2dTo^ z6&pT0)Jd#RU0IW!B12AJmxpfD*Wc56?#feCc4Qf3QIh*r~i>=ecwuC)C ztT@|M>4-M_Hvb|%+La|HF|6McMX2v7#!_fM8mQ;i+QvL@4RL<;1r3HPIZ!JO)RRRQ zF4IAwvNbQ*exCf?9`i4g`KLXB!ymn zc@I!3h&j3Y=JfYDHugFn&I?}m3c$D&c52R-RY!4WCri%4t zyGNg?$*z8fweMd?4fE}#`4QFsc-j)0K75j;cV~z?{ut8O-f(nP=4_DjJ*!L>a~Rn@ z-wPO4YNLO9K`@4w_<<23bL*VCh%~S2fOY`W11M~Q6Ky+hd0NOi#KavmLOks+!VBm}(k24H-@V;+9Ltov>enzZXCLaRrln(Gb1N;%Y#GD%2nRR+jE)!?fSrUvEAPKu zK4({QzI+6>+~d5dj&C7mF381cBM6n4HGF71KKeE#j>#(kY4PYspE7>%s$#afoUJ{H z@cMoC7?(qU2c(cH(B;wg9B{Rm9;bC$U=Zhj zqiDZ>Y%IimqLtVl+eNIK492Q_^sEoYKvecWrId}ry#DAc|*l=zCM?; z>WD1H_ztEvp36Fb*ECR&%;wveRL>VM5+nuM-qwAU3jw-FLx_PZ{`Z4@uw`f*o8Lw| z1 zXtCcPI!1L5V-Hir^bpE5e|>VW3mH+q2;WrK#x%yT3II{#w}}@=Q(0aHB#o<0=Mpqi z@WFw1$-p&^WZ+YT0p0o3quNFH)~s|*iD)c%2Eh7T_6B^&DCY0>@r)4x=_kwstJ*2R z%ZP9I+^FrI0=0|(PvV0sC%F5e;O>`&Tx{Em29Lp6I!{v#FFD-J&wo<005H(YOw8Hf zxQ+j`RZPglykt3gkYVM_qssaTd{yvw%UvBX-RU_ckhCp(*D@glC|HwBv&VUp1CP`j zv4Yok>okvMfO?TdCpLZ_UmJJoeH0s%T8sm$p5{yVIJRLi(PPhY)iaLQbN-I6Du&*l z!`{D)X#%+e4pAWVYBJk@Ed37@dWF*0uB6{ZE#9-9rPqVtZ4`=ce;MK_1BqrFC}6r) z+OZ5Vp{W|yrX>~;BKAz|k#~Sf-6$PoN4tu;PskKM_MHZoa!T)eEg42b;egzYth=H2 zRZfNIwIs^0VLE8ByH_Cg@dmOKU}pTf6@5V*NNlEJYspi1Hq2S zJDv(j_C&P(NcIlfPF6??Pp1dmWa)#|&Hmya8sNhgr#$N&reDuwcRmx8vVY?OUezr( zKr(tQB5&W2NFArY#YJ-2__Frr(mbUNnEpZt0x^}2|FVX!5N4FK@t3=~-)&cWx*FmI zoBTOqw~fwvFkD(#k0c97Mw8S_qiwf%Fn9Kp3-FAY-ksU5^=aP#Lj@yU{EkE2HitH5 zY8EyB?-Y&a)LfQ4z+fF%hl_EU`}7PX6%4sO8`UWxJKPT(=Lj*C-3XPLR*|eoy-@S+ zz~|Kmf zafJ#cgM5$xQ`%^{UE)#j9HVx5?A^=f5qJx6%V{?5zBI`m<`f~;?G4)OQnSi$*29}9 zQ;Ot$s2z6*71c(zIxL5!I!_f^P4kEF z9?yvi=RB^@e9s#x~vFZ`_=~Ct$kLj0u5y=#u1b>i_=_Io>gpp zs9#W@VIZW`yq7vf@B`LXtp>_YxMFMeR=j}Y@4x*v4O5OKU&jVzoyA4cJnx#zAh{u5 z`sk6F9>m7h#6fsKo?kuw_J>7YjG#0&O-L~9VUrat|Cp)~;@iT*X_uq*^mtdNT^Wyg zVZ^VU$l9$2{`m+zVS$%D1AG-t#J~>CU@Si4d`Bh$6UN614|_btXvlwsWPqTi+PGRY z3!8M-C7bIh){fXO0w2Iu!NyYaj?6L|)%|e}@BM>OwKAMcJ2drc*Io1{r5{f{j1O-XVb`0Hh zujFZ_RFC_9{VG63Ejhr?PI6tME}M{x*O^sjI-s(0X^n|AI})1RSeMcE_M(*vEHy0Z zK)vej(adY{h=j@Gr0O(xA56cdy?>b?58QJDBrh!ioFiOFPQ9!)Y-dE!t^O{OEOW_vj)NqcMUT3 zFPU|`?Re^&jE{L+%fDcmS0f_cH!Ox*r>#Ne#UvumC5G-LAe}(jJeoC2otH$0eX!QjT z)EzOU0}_Y(0iBh|+17|RAtF;~9_QZvS394mm-)v-ZA#4C4y>N>RyuatPugsM=^&N8 z8Slc<%6~R`Oe`PSPTD$m_)O5lk+gn063%{ujg*wI(GDVcdeY4ze^;L*>8!~i;v*G* z6e$%|^t^1+8G+aFnwI07{_Z3C(#+7dk<(vQq=-&2j8~ffCE`xO$FO zAFI!}F4E~|0i5#*uX6!FIaiCHMXB^hoBcEhe?WJ@#xB$g%TX~j%Bz28LY-L#UA}KI zcUmU#J8m`ykLAK|uGq)Y<=Zm53s49O_8Px@^ymt+_5h<}0~=PEE~(Uw!GQPi4BI~= z2Zf%|yD9@rGi>a|cRxh_1jEa-V*(QTEA~BmUi_00gK~@z_OV1Md+3a$#8?16t!VJrs*bw0%xgt)q>`LN)QnLtN>jnUfa$%E zutD9(Sg{?PFb@v7!0)yDtSuXkJ~Rr|fuHU9Qp+F04Uf}$<~GC4$a=nEGA0bR%qlER zS3{QAgi`bWkZ>iO%>R2K9+o$4|+civZF#g{U!w>vGCcwhKf(hlOKJ57ZGkT@k z((;|ycN;Z$rMfo#H?wj#V}?(kIa+{%lCs_H$K&vXiN7jk;zMU55Q!)=UU@%>zVsme z8|1Z^n=qlbs^5!Bx?#NKgVl?*wZ!}W3Kv^BQ3{ZhM~qICB>t0x65}!Uh_$cyZN$*9Qmp#Duj!nI>NVez8y*yf4_z;OL_Hf2d)DOXFD(cp~v+V7iK24BqVpd*G zRG;iF)TOOkryq6Q=u9(BFjqft-`f1J&n0d`<3ywMyB_HDfrjO#4{N}GLT`>TkM8j3 zE$S@5+@s2yD#Vh*%9{?l!o4RdJ>)cZ`EjPY_?ybMTekE2>sY+?YA9{W*Y7u)mhNQT+K#L6bZm9GRod~5RCnB-yClhzN}{#wsll7<=hBWy-CDqjtm2MorR+(*5c zU4r@{q@nR!dp94pEvmBZ#W`P+mk=s()7kH(kXbejHW?joWJlQ(Rtz25`6Dcn-^m9& zmU1Ahm))ASbdIC(KzL*lMhK-s+xC{|Rxy}}Y0ZP{uYh7Bc|u;wIww}UC~f6OnUcB0 zZs$)Q?2YmX*N@nJrh~(+leSON5oh$z+QS=j6qXp2vrg(;uBBFt*=E^T-mm3x^IAO? zIbL#bm^G3)rD_Yi5`i2y7icrPA1oHEX7Fpb`j|JXc*rsuQlXq*Y)|!$L8%yK89jXWlhhjJPLC89IT1$j zEP9I+#U~i$x!GaYTyuC{7BtTx{T#-s#|bi-N*bG?NmhnCwO_tx^Ez+Rd*nh~6b0-` zB?R5S(miM;HHm!%3wNn}%%!E2=pu&FEbThz+F3Gbi!lqgqYO(ddeLPXQe5T^=xIb- z{fQOEt5n3_e>6MZK^_-;mTp{rv;rS{S(AdBeAZWZt^Ed+&i2t_+ju(D9-!`t3O71czUvuMtbqC| zcu%s1R<_bvuA2&d^u{p7KQeLajY z(Ikl;8?~--bWV`A5XOEf(xS%%3WF);8o7(jLu#DH+nvueV|AE(b8d3-85J8>ulG*9 z%5vg2EJ^+P%@^fL8Pxgom$moHTx#)GWe@w_3z%Ev?vgQ;zv!_n73|jAn3Z;t54ilH zV)7o|&T7`j*oB)}no1?PX^P+iqrE0LBD937hf1^Nv!p`ebT*H8tj~6M+-PD$?W97g zAvx<31@)r0#09?CugULRsx)lU;pE~MiSA_wt za9P1#$fI`uU%g6XHV#E{zO0m6*HNS;3d{4Dh=jluxJ4}401qE>Odk3Ir?34Sd?CdF z?=QNR+S+}WgN1U54cC37ZhmjamZDVbNtWh_7GBK{HfVfd@M`8-aTy#(F--AQ{+taF zZX&pODGX0#$ib)G1)p}$vgk1D4hGZU3W^{*hX^IdN|+ZdU6nhr-g%rPnqx zRk{ftWAO`mv5_Av1jc`xf<_B1fclkugTm^+q5ta1EH146hJKo&1>DR5k+1`1)K-cD zu4(keby-$4|D?oU4NH%XK^xis9lECd)6-zxUj^R0Dfx0_1ycJyEu*%#?}W!WC@I>X zdo)|-7ZehiDN~QCSKh0s)A2ji07Sv--rFG7{g0F+m378Zam(`qCQTAa78J*Lz;^MS z8|U030#+<)_uQ?C{VUM|M8M-!Yr5@^8x-Z4LvwZDr>_8z=Kn?BQ}ZbF(~T?4lA}h| z9bT%9%Rr)@Pr81;F|-#4L~WS1^qy;m5}c`wu_^oi#O}XWZFKUzsV5@3;4sA3@#azc zm%T&X#EL+XLk2aA+!4NK!a3~CSIdBx&@Ti;7^9q4w+?wg z{WuHLzYe>+ynC@)uEHO&zhhV`Lp1`e|BZerk&9|+sM}*+^;JhN4~eKdiVM` z4#|Wr^Bln>_txB#FULksk97u%E7od$H&1I+?2cfP`v#}oDB zqp(8fuIFDJ4cl1{N6MwDQ~V>xZPvh`iG?Z#7`Nm^NNpY9UPRh2o#>zE zn|iG%bC2A9Xwf=+Qs+Wm;(Es4EXip)8nG+Fk(rjxo;rUu((_pvT%ngFD1Dk?jRA|a zFB z+KDxHYOY>FR%){1Vn)85KFzi9KXBC^QEJRKq|I0Pp{v(dR3}V-Ed%ht3vfq(|{TIiTUSI z%=5SHB|X8vwV4E?&Bj!RBp7YR+}fdtWheX`aE;`cB#`m{oB9Ir`+%1nYiaQ=Js5X- z4M;J?J;>>srS<&~_3(I<6A5uQMF;!Zr8rqb(}#kfUA zKpSWPWNIbga?D3@!`!vC=KAmKl{zj;Yi+1+gE1cj-@jB32nq`n)5$+>{M`N#o?^hchzs_0@buKo@`vNJZ*;$DM~w;1F%Y|?)MnpZTL#4JD^x#>{vu(4#Z(o-PB0A-jp==d zbYMgS#>AFgHt{}hshhqoX8fCVC7cy&f@@q4w`ISmjmMESAQXMHn+T>{?uL-gQWA{1c0- zAYY%gKNk(O0WR5=RMN25AlHC`nmLfOgk^B`IMwk_8*%kqhz>&6pGP$%9QUpus-VjG z3iA4iMckZNCrjowXvOGHtMWcT_FC;7+t;m8X4yzdKQ=c1wx1j%5b~H|@s2M!ZP5gi zI0Q+QH(Vo}bBSWaLBK^m(c_0i!jt<7@~pW=L?yycr(iQLnLyiAw(C{AW5DvRFe1T` zJTIo)8q7_DG?(rEZjy}7j$N>puaadlD``KtKDIWoFA(3OJ>*T- zyui;)MPTZyN>sl_+@HFz(4AFX&+tU=87rAyI8yq$6XR1(Y5#AtA?|xJwh7p$JdS|8 zm^bz60%!l)L-pFMbKW)_`cynUQ)U_Z>phCan{@pt2Mo;G`AsOW2mDX4Jw)DoU^ zL%~1>xn787X_7(s+qWhHe8y!qpGOM&H4U1xyGqBMBR{qo+a4?C_puO7gt#av8hvp# zbKfxyeZ%ktQ_Yg2BuJk@4@Wtq?R+1WWB4NT%RzlrfJFO9`u_Dx>yhZ)45}3+-_^L= z$1_^|^8lHYo_;?X!{xEhlHB@j&;Wfv7%LU#Nm38>NN~j=LSY(E3$Km+ZbJB9bzJ!( zR|O+tATGDkvUsrH(!5uN31>cLyt2J9nQbu4f0KzUqkjaW8EHrwWHi$t(2Tl1*hNtP zVj&24v}F(vWfT*WA`6DqlYPS3jf!=WeP4D1LDFWX*(8@!l*K(&JDPW6=UXE?_z$@$h`7cLeA4;kC#7X|2SsrT&+ztS?w z>zneC53XO>5-#y}brnOBA*_vV*KC5eOf@jV>jpx|d|9TkeQ_QbChB#p5*#_(XcU>DCm7sNsEI z8Q`L)EcR*z&pY8t?msm-gl0!>dMw%1v5#3pZhC*?&e2oJGWZf|vAT(}R8KUL+Q)K; zb+!KVGW{tR0|S3cw{AiU)TP&YYYzWi6mGgcurUKYac79)7i%#Ug4z5Sgci`|>shpX z!TqvYgNLW4ItT9&A4xU2O(kAJl0X-GY>mV zdoFVIu@QO~(C8avCw9>tyDt|GB3v|2H(UGbUFLuF%eJHXLG$j@_w0a;58ZF;7ouuEl+zu2Y6Gj>Va;IJVf?0*$m-7*QpG%* zNk;|huhWe-rW9bUh&1Hu$r1FpEV!Bn(L zmKpkpY*y2tU>HV7Xd)oRh()~9JXlh%#lqtU#V0)g>rPH0mbgQA8vz4T-q0z*rQgUp|sD%zUv z@)M|QNT@xX^Uhp4EH)2i9&*C^ zoY`jQ@9?Y=&qNkUPefK5@G;V%OjLL)!l9XwI^4!V3a&fyga4y~?6nGk)MG#9GB+o9 z$JbNE_+#8xE~k_6-JwqS(noeCxdRLgr^+=^zXeG~B%as^P!s(+^Lys<;`H$eT!7Qx zw@yI9Ohvk1Y6ggIwFhICR5atoE)CQwh3{5hg}>v_FO2%&xia8bVOJTyeezwU{u&#k z_OfLzxgJxvtQ0MayR{(m**6#6iC7R|)E|ZS&*B)lVkv(dZ8&@T!1ZVl?YM8wT#q_| zmnAJ9y=eOyfg0(r9f5Vtk966?u?~BEBo%%q3`%b?cflKzFgUO`pZ+tV;36-V{pKtML9?DmDEXfJzAunRD{pjX)}xLnEA67B<=YbVsCgVVZ!}x{J~RBnXn!SmbNjYLR;zd z{Ri<*6T`wNd+ON`8H&o+V?ls@u3deN;$?BKEaQ%;=0TWC+}6UpnyPTUo*%+7I+>$j z%K5+(zT-7~qU+LrEwpjrzRvXuhTvYS_S}jQYu@{T3bSw570PaV-_SN2I~a0fm~p&R`qfEE zm_@FHqtmFm6Ce!iSVkA&VsO~}2i!-yOZQnNxqB)bY-V1oo4=l}v{0Q{g+#PegVrh=9qqKUgcJmZ~yfX0eLrtdVQ6}2q=D-oK!*-U9TgK+0boqs(FV`zIyfg#YZ@2xV_lS|oh83k z-+Y*aHhD&5Wxtf;EiLfc%u1`9fg&QD00R{l$s*~njx`Nwt9aTS*F79yYM?Kf)O|GAjA?)E89WO2=#K8|R zITjZ-^nx)9QiSy;T=u=CV|_B|#z0S>5F=Q()^t#$A^Sjm+>u?tKBud_F}NWpXAM8p z2ijqB7ItNftoHetk|j?KTWP+m-&Pi`{_$=whx+NQj|%+qL$JCX3zj^Q)+;4D!CVcM zmll`B*v%%>6zN~e7UX*wVte2R<-4mPM`Y}JP@2nOuA5r&RVy>e*Bq1IdkM?>ao)6&Z`={C4>pr&R+#6^D0tGB<75$p*p- z7;$L5@nCq%i#n&oY13zt5}D(bMr8qObl<%;HYg7+!XuNSpdNj2+2(a4AL1;du){U@ z+V+5d#L7tFA+7ni%*Qn_04;XM1tK;#migu7sb4RuD#federEx94e}P-L$8PCN9rM$ zKjlK0y|})k7Gs6~AKyzPJmS0`Gplj8VA2sbZQzi&Shp-q0 zs(A0x#t1uymj66_(2Y}I+^_q- zuKRgCujh5$_bVi+%Iu9hwvAwOR@*32lYXs_k-~?1VV4^3=ApY;f1DgR^Bp&>Z zjB|_Yd83-Gn-T-a_U?*2OOK5SyFNV73tEsMCTuO%P#4xYx0?oT+pBGOJWctU%l9-{ z5UV-DMN!A4vtJEd;rHG0z~{ISgT1&T(Uei_kwx-lYpxbh3q8~j#h@8S|vQB zP093&uiL?0(GsKlllpMuM!#LR^R#=SFT>y?&QvFPu-qVzG%((ABS?kVw7r7EH>ewS zPQ>hUd}1^S#%O$}B_|2UDG)gIx!IIX5C_e{1EI=_pp)xvI`v@R9r4k+l)zLQ)#=cp9&-@<24D}A+K3h}ya@c?UN zVMQdPG)-Z!zavStcbEV3=Tym(A-)fWa|X|5NCF41NS1b87xMeAG&vu#j(z?Wu}kBL z-Zj`bkF@Cx@z{uY-yc2Eu2%xq zrKROXDj&zO?iV)))o$$V-jVZz8+HgClvZWGi|c811_*}{lyt^8!L#>Wi06NbA~)caM|}g*WCvP_X%tkKeGKUZe#YESHB_$6mqZZ%segS zcFDJRRI{QdPA-2nFIrgp^5)ZJcL;BtiQr}ZXff@Nm<3&OQ~AkgZ%5>yRb)XcX~Se= ze8|H-=&TJ(`Mh&e_M0e53(!d0Zz&mjYiTL-XBwyLZ9C-+d6J%elfb9Ox;Oq47sXz( zWXjx}k!f`4X*jhx!RoL+#H32{!8akM%~1QZ@V+x>jsl;457qYkjyNnEL7L>V56wBm zIXE^1AN!J{udBuvWeelGe=+x5!w=qSLf-Y5MO+as)FXtOy09p0?u(mRuWr9nY*?Rj zT(8$QBgc@MMsJ~Nd|NWLlS_s9=#=}OVQ`V3leV7WqE5W3nHk8lzkS-VZJTc2HGX`j z92>6tjoINb+Hxv(e`{&o=axSm=@&K*DV-^~CqpdBs5{9RYTGHxCvDv-k-8&X-aeHl zk@}@V@3j2xS`_8dbUD9f76os}ke>5_y{oGgyGKg+D6ZjQ)Ac@I%{Lp z-soy=@Y?m4%F&#y!WmVT>*Y#p|A~<<~i8a4!k(;l-M+fChf7Z=$CK9Kn5MzJ{NSbuQ@GsDK~CBOu(p z0>T~ZO$f2nvE#Uh|GB3`IO0&o6JuLIeNs`Q$UXgR^O$?kx!VCbDH-ag5M>nm2(;kVH|SOJ*Qwz|OQ9ct3#4H6zL@PHYmiQ%JaPO8ie*s!`x-LWi} zlFAs)fmZ1Jly|Hi&S-V-)=*M(M+uAjCp|R3gj1uC26R8H*S2&-F)xGX3*)Uu>`hl} zQ4Hi(TrY*K109qS3|VrruR}6BZ6xE$69}X7t%2J-$Foo^<@R|5)3>rJ@P$ekK z#t53_LU+FyFv{ZjOI>)+0%uiKeD1Q% zB?rTNL-eatHYZDmz6^;ox@>jdcE7o^M>K4frI#)y*FLhuU6BXz&A2s<2#fS|Nn|Zp zw~f*KWWWQ-kCE(`N2l5F7#q4m6%pipm|oPbC2jY}iciu5Lp0AaZMxuTghp}UdeKy9 z*?H>%4o$_d8ZI}C>YU;T!MAe)j8&Uc#+CD1@qUBA+C9=(%{8?dFNnRiTo6;RKBv8a zYU*sAaXHzbSB+yrYJY2*drTccYi~82lh>MTG;nr>5X%{2V{C6o+Q6mZ?TUR`m#RuG z9sj}^t9#4o6!%+e*taD_ z%8k6X(S2j%k}S>Y1A#`Q)n5nA1$K5EM-)rv;i!CUwhZe`&gQLe&ce(F_FdnVnA`K1 zeJ}IF^XO=HwBN$virfY^F)c0J?tCJ0i51p+^rJ2aHN!dIo zjZE`yq3ZKo^)`X7qf7nmHYpD@w-tS`VaUDgH|0KxV`GpJUlj|zqTQOBb@V8IId&1U zP3E~5B~avt^4WqRvHJ1~FCx&pV~|&n&9VE!PH;@?<4I?J6p`N^E2^Mo2Oh^YR$1NJ za*H2T3c2qAGTGsZ-k3+d=stv^$-7KkKlhL%e0pLl947dQ#lX%>e<0ie;8FD8a7Pt- z?F<^3zb#Trin%WL2HaYkS1GcPgrU0B@+>Z=Vci94(e!DmT$b|{JKnl`-`EtMY>aES zK5GpdKJJr80?P^UWGw0|M3T$2O_Pf}%ZrK-w~5N)>RX9)yU{%DYvo!64qZEyFhr1% z)}qzqR^DwNZ}|@E%dDNo6Faw_>}ClWhffr-3;V201gWfhjK)xcRugWvvb3W8q!?G& zYTH!v|0hu2o%}VF&SAS^l zV?kf=9e0YL1-CMr!4`zUe!B?v8yTq#c?UYdkapJhk^=TIYKV!9!6dGgXg;)18}}vmPCnpjn)#3A0UzN%s&3-edjM;epHK(|7w%&xS50hVKn#& z4rgvjp_lV8+a=_{eT`N|2D*{mUya+4Y}RjS2{+mZ;;Tfw`Z1VND#N$bJ0hhD{#N{Mvt+` z%SVPdA0s#6>Cs+}RC%ktXv_zwppPPvBA08(~e%#0XCiyp<;y-;O&VHyq3vjP;~=C%8PqbZ@hDva77y_e$~Wuq|my2cSQT)xo;rV zG<244-&k^8Hxjfgxou$Jn81ijj4uXO)E}cXOLAmI>Bo)c40t>pxb%yJZd+(n2wcmZ zls0cnt*GuV(_)3Y;fTEoO2jL${H)*F5Znj77;k#kDHxo?iPU}}<~uZ;H=8+A4F4?6 zfmu}X5t0xe5WN$6^8AB3%ceS7tg=b5#aWMYJoLobIOb6TD|wPwOHaLAKjBcRt;HlP ziEg=vRT8WcBbxT^9VSSuS)QRMBTUM&91jP7lSyh~m{o#X_AfRDe%xhzknz>uAiLV) z8vMFByiMVaMcs4taszK^2cZ#uZo|Y9o%DKD5L30-GHbX7<{T(TsV>HI%=2qe^0MRO z#yv{J^-Ym#-*%W^)ODb8$#DFA7l6uZrC6FSYJC5c=d6}#E8XsCS(^&@!3_}U7fNl> zZOoGF)~jRRk;+z-{>Ls}e>k1(gB@q{oNk%*So-)ioO%L+APE97{*X z>i!PSD50>hOKSXYf{)>((2u)J?9?95SQtXRdjH-(W{_$@VE#1*?cP#ie=blB>G2_D zcH<$s#IlBFh-!%JqpfT8CQV4bWQ}_jrgX<05ABOyTn8^!Tph!VNxoX#qVdGiY|)%; zXYZ``Koc!`o?Jom?n|uf>(0$Ic_Y0Gx;DkN2922IT2v?!-Vn#|*!E~s6n^z#3DR$! z@~F2?NeFbBOr2Ysc(m`xmS+>YacNCA-H^ycuERn;R71V6>dNP3s!Ux8xf9K2XiA4A zU;Cj4vTu(uC3;&SJ9w#Dd0HojgH(Fm4x z?+VfD(O3s+9rJPRO-zQr{YkH9m@iU%iB3sm$Wi5U(Ia#Vu%-E}z@u-^n zfyE~cU1&w^i@P`IiSg(%>)b=kWBhLmSXzGE#SaX;OP~qBmi|#~=IL1oioFaKSy3_O zAS3&-ErD_3y=ADm<7b-7j~*H0-uBsf79~sacj|HMI1&%M9N<-ppnz?+n(Krj~^x&gwFV zD+}CCg$%3HvbW8cn$ZqqAmahZNz*q zezzf+Wc_)6#$VXP>w*H#*$@VIbR368V-~uoEiui)PcCBjT$*LO4zU#dbzB4P@KZ#h zX;trpzU6r*#xp|EJ2lRDr*Nue=w-kf1vEV|qd1DaUO1|8geccO%Z6GDX62ar=GEXY z57_q>FDFvRbMctxQmVKxdbLMPTehGcJ0Vh=WCml4>klk;2amnigitjxuDYi+Q8kf< zJC-sTHd89BU;_q`x<_!W)U~;KC!sqN9%;tKW)qF+&0_GyTqsTa%nL$j;z0=YW?92O z5<-a|5MC3GH#cs+EX~NzB3)vZFJ$sLuS(xlO2nYrmOCIP?Guu!RR2@2q`%Qd3{AAG zWkgrI8zqOik6j{3%42Xt{`m`mk&#{-+ya_r-F5hZL1%Xn$(HEAgWTfd<+r7YS2*W1 zY62={5Su07ZS~=l{4$@m=%7*0OmQFI1i8o^F&2@do^Gl+9#DTOEv-1sa`Wr`uPZ30 zg7scs;p@7dDyQ{dhOiiQ=&=rV#maILa|lr{we$_)q}Z18+BA4sj3ab}M3l{y2qUxW zN>v`k2hB?)-G3cR!s1zepY)RIw7F7^JcSqz{ulPnt}f;@b8a@aZ_sm5yG#0Oeq-t^ zK{7IHzRyI!nmqw)cF#j$jpWFhHRRSdvq!yg5RB*K0p-}b z`hY?r53G_5*jE02cp|-@1lzf|vkK7Ap&@PzbUGi76jalGo^wlZrS~1Lu#K_f0Wm57 zPdM)TaE<2Z6F!oH@W;obaYue5Q1_wpHI%FNxwBo^rDEY)Vb?r#uMP+1e1mxroi$Yr zQwm99;^-#VKTrU^<0K?7)H5@nP&OOxk_43V$JYFcy;vBEN%Gif7=cC89~r?7unvor z!R4O)t9okCrl-pcyu5qW3TKYvK9&deyeiJM{qhKMnX0_a%~K1FPP*10F6{R>S3%#V z?zw)K_lx=Jx;#|-t|2KUo%LC~DJNyQ1R759xi0V;jcWEnlHCDYA_|=2Je~dNq~kXJ z0dqD86ygMY)s+~`8K2L8vuvigYJFw;JoxD>;0?*kG?XAB|C!k0Kh1npoTCocE<;cl z{$@9y^WNmauY|=VQpGqn=`e27f5mc$+qfi8K+gx!+p*uWk$`4%7BEBC^J^c7Ja^^_?PUYiokyiLClp8p+U zEBg!9R>WNd530581BM7k_Ik2pF^|o=r0?$r9|sFTQB*sle^VyA-gYhN${wo%)8!jX z5=JtPls9f1^Y1)Qzf2p4h`M_j*zb>(k-{hN(Q>)9BqYHn`+?UKHdQ|jLas)fsJ@xw z@{P&v$R;ySff;i~@}?-FKIa*j&7g~I*N)Hp9-Qs)_gobOco!Bj({|-ZPyp{IqZ1Sl zcj=1>CTUYlOp9Jk1k={vdb?(tHJ>TOO_c6igwEo@Gq_`X?tS!!OpU?lJ*Yq(fUN&4 z`1Cz+b7H@;GiQ&u`Auml)-*TgAw6f)VpLkNK!4}^FrHq6DDM!Wka_J4o(OrT$q=2l zS{1!s2+1qkcZLk6Et;sKR1=-w{rCLUf*T2maPn!s9x^-BY+U&~chL_a6z;i}6 zh^{5^GRpi-6a9&auWK!5MV3TUGY-a9-h$Eu%GzCzdZ=CLQ#0#3*^Mh#wb0>P4~9sq zscvzDlv+AMdov@YmPCA|4}TXmu*2}9+hm6p@7FXR)!^m#jYdA+7HzQCO5=)ZUM2%^ zha;dhOi@!G=CqYRk_Vl=ebvO@K)7Jz2ITFAbZK3x7{22JS^!H>w zrXxO%FYf;?npF6%XFtW4wWn-FoNmb^)D9>Gd;bxeGFt<m6JZRt1UP7G42lm4nzX4CY$WLKGxOUYSo z?VKtSPhvzTF(#!X>u$Z-T!N3@YhL_lG!IV%a>(C%_ZZF-!UY~-&X5k4$yA;&i1MdC zNjP~-+0>%tjt0M>xN?1_Zg)Y>VE0Fjm%kvTwTq-{#cL_&iOR@T?zeyV<_%Who3nJ3 zv`11H|3dZ$6?2cptowE*6rv(RfKhxYqKq+f=RR zuC1#&4?#i9^NhofEM;{X?6CHkmdwLy^$*{r$HiN^CiY4ZHV_=nr4q|iOqxMi_*Lul zoMS7jLcal}s7Bt@R+lBq*~vi^m)Nv5rzk5F!5Co%h(C}W4@1IDxdUlaOi}iasr^{G z%iMRmjF>M)C0vyi=5?qV3h<5vu9@~u8D{KIl5{DagPKq4Y-#h|N(TUZ)=PH0OErSN z&y-%Y3Ylmeeq#D-2h^^?#q9hMi(Ea4n~45gJwRdoJHo&<;MyOI-*8*1l7&79@L_|v ztBUKKJ3WWa9Gn*lS+clg*)*NIE*t!VcK`POr_TY}b$Wyb;~bvak7sCjQTve(263w_ zhpf+giZZb<43YbT+sIQh(|WCJ75h&%2dfB~_#1tjoqL6ODM73q(>goXsyojlD$)Ze zL4GxNDfJSyA??L@R*0AZJ9+*@VwreOko!%9T*+1m&WdsrPcmr88BWS>erePKRRy zJvf{R2Ehz=xf~tj362}>`pS)OjSWrfc8=on!}%*lT|3>=HfU>ZPELSF4q;ETAdmmY z14a|6B;~bIxdi{Rc^QyWPGMG4Fo$RNV?SO!iTBIIh$hodDX8^bT5&gHA{EVq7|Zrs zvi$Ky{R%3s(IkY=6*Rp=Xt;OkQgRAV_AzBIbi%IxVPAZe0~u*+WLDsh=^cy`eBVFi zLPlyX>=W^qs7g&zS^`0I4dIyNs#(HhtS=!lw)tM9{ZSKUZ4#NQUb z04!dG2u(a-aeqvtmf}L0n!B_^ACh0ThQ+sBDVW+4#OSPft2?b(5Ho{Bk_2x3VnK?+ zds&emqMKPSWP~iqKE2g+;DUT3_v^9_+5C~zgM*FUF(X@WB$VDeLpW>RwC+6B&&S~u z$EgzQcy`ORs&w=1HTMz<`>NO)Q7f|gOHoO$UY4+%iV><$x4fyN{A+jMW*ksnABQ!n zKUVJ`7j1YirEXcgz#(CVZL>T^+w+OU!3h_&_H&Dij(2g%zXJC6+5!3Pmccf=0IaGc+* zru-l4fteGA!2*p}27P>G35F z{0P%F`v-;kX(4(cfT`;h`p@fDKGgGZ`9Vom)12QPBa9 z^O?XkBy!3bFw~bQm2;JiFOyBIgy>w=1oBrzD@-VudtP_Nt3>P%Ab+e~J5z`8KcO-R zYrTB`{{0i|XEx&2-|g)r6xqj1zq8x!e(&IjaR^u^|16OXUf%jupu)%}RCXW1!qP@|Vnl^kwt0191q0cQY%oY+)!MmprkY>n>9u0&COn z)7iSfTD@3Lc(dxjnf9_lK`clT|{;p`4J2>T8xd@)e5l!?X z*bncGmG&ee!ZC<&L|137kBW~w(&7Eo#=QbJW5gd0`O7u^lL=_9?A@jkp$ZNfqr$|= zJQY`cO3ia7rMr8O1t_<*WqiVX@(-u%1Wi6_eRGW6Y@2l*gu*U=d43aecrT8-01v6U zaLD6-4?ut6y1MTTIw5g>uY!nDkw9DRt@mr0y$^dS+pD8X4JQ~(4h%PBNW1c6f~dZ) z&)U^ndfEo;E8f2V^EwEUry5<}#r)+Q;KxS+wFwP7&RNqHB*xGRDGL@Q0pK9q{RR=0 zAwvWopi~C=?iG&iXnK|Yi^sqIUE$wODTAb*%$L4ZuxcX$dVC+dJHD)08-S@QXiLN zBe)}-GQU+QTy)tK1~ikyo5uejDfpg5B7P((IF5Vr{H!C<63;Xmn)$uycmd@c;cvb^ z_?xeP)UtLJY~F`{rW+l512Zam$1gT<7!IW99~=a)rQ&4Eqqe9e!~@4pqfaS^g{%si zXQ3)m7WMOY6h_YiR~Mh8;{X@Es`o-?J{p0)y6YDfd_Op-Jz|}b<8R2Z0}kcC=QB(D zHyGg4U(KwoZjf_Mo_^`n@hP&LkJahJ4V zN;QKE&+>J-Tu>eyEpvRY)uCw&1&AHIr23*Y2KJ33_%HM{IGD6xR;dZCg&0v)OB9Ql)p!$M6N`DWjC=V976*%^u=k>}~qpsfyttGb)E5+F$BGQ+T2J zOyY>9a12M9*dx<|JxQHEI?vo_g)=tk+A!71w=%_wDSHfb&QN@@PDZ8`kO!~1kA9ul zT(px-0UGsD;@WoDe;Y%p>0lCDa&5^}NlyzSu>5lKNg(0owhHv2BT_ZX&@XW@Hk&az*~+xOHwSsL;`*EaSe(UMUyjWtTq)a%p00UBy)G%PQZG{#sTA>!3qBnN1xT`x z74Yc>#M?JO@3G|hL^9L=XpdAaJ1AmhfBXk;AWp^c@^q+HDuuNv$FUJYXLO_`Efza9Q-E=-CM&00q)ZE@kql;8d7p{!EvjT-tAsp`+F*b zCGD5*-tC|L9_Hp<=`Q*l`3R*jRCLe7=|#-N+tKO^8z77RxIWS80P#b6`0sDAJsdu$ zC>bSLmr8;X)82`}|AHvaXb@(3q8pBPp=_Ox2uiOc99sxP>Lrl zAD0x;tU2sAg2>7o3ZZS_jQN%Vy6JT zI7siYcl^*hAfxxY_Jq0gly}~a*N>vce}4J%(s+pZoTs={kh0L0ud z2dM+wPMsCIkQVb7{wme?)E7@#rRAsGkhrqfl;R%GH=v-R6#bWk5}Xg1a@YFI(%*xC z7;KNz$gU!94K~f#??3|A`XO`WhbCIk+$UK{bMp3@OLqRQ+kT-Ox!FV!s^T?2C3FY@ zj^pAe0vNj|PUQ9Ezis>b(;5A71w;Rl>>68x|K-teE$|||C?F7}#B%9UGx3XzzQFTN zyTNq{@)ohO?4?A_r!DWN|8jVJ!0=;b%t4*d9yTIM)J>z9LNUaVuW6Q1m<5B zVd@;WQ{#^$qP90{G;3*%oezFp5EU1yC#>VuX2qfrbIftcF1)(_R7l}mOWc|{9}pM* zHpD@Bs>^96{~v}h#vS9>ml_fo_8JO36Ba47>b~B)C^GAv^#1*Wt)ihBQP8VrlUBn# zrJkZ@=Dm@AhnjuzP&Pqtbr9SaQ&J}X@!c7F0ZqyhBEL(WpeT)uItEq-`}81_OF8*J^}?uJmOWgF6s?pg;08M2x?P87(iM z_){skDgulw*O*ZGkA%XH#G~JUGb6i$(jK7@#~lH<=3^5Ty7UcvpS62 zJI|5N9kakC%#@dqC(A>g))p}s*z*@xq3{F&p3$*`_DEPccD#n*pb(a%(5a^wt>@=c ztoM9m>453(Fg^Y})jEl}UAE179@G*~IcIIe@qV}h3)oH^StO-gx;pXaa+v|Egyjmk z|DnzPbl+X>PNB=RS`#ZJR?UUg0=mbY$cC*e$>coPDXNtD2$>c6!ZX@-u~Ue z^rt=)oD1A3e0|#CA0|iQNn~B;V$L&f@O?OK7Y?e2jMKI#qe;f{J1+HB77pD?y063< zUp!Mo-R)5q*7xl)z3uH>DqqFe!Km_wX=PYTp~?Hc)wT7RCBixh0%^yHQsohFLyz}IZS;!_EsCh-%cNEVlrW7|@%>~&! z^o)!%r)x>eQs-hbw&P|iXsqM}O26uBnigqGyF<%@`{plIpJwDo$fnq*9&%d~F zAfZF(hgXGH_Jvo3sp2%>dM}S%8d^Owg*4suo!Tqz1xYp>W8}Z@om&Gs-xLGi1NCO`5YSEVJM*SK#j_(ZmP+9{c|%CHTVHIWoxL9YjQR_K=^Z zq-Qt-ZL6zSDay>4?>2Pwy6_7QZYQ=G=?1?!uj@dcZFxK;d_#<{BJ_7i234;ABcnZD zfaiB-H#z)Ohz4kx&5EWkt-L1O2SqYZLy=i`*^0!yBSuS4H*G8lNI(e%w8gedI6zDh zA^j`ctn~wqx)I;aaCB3Hcjf)Ak???i^V@1>??{SMR{XxnsUf@WU0e4WI~N%ELeL~x zPuRfEAbTh~o4E0#e!I|=h#O3kG*i0q)f|Q@$_8#UWRrCSA_iX z#zM6{ZLg(G!>X^q>Y!e~dG4#_!Y#0?=`NN=wk)^s(@lD_xr9tLn0fyN9o1lz#r0Hy zqZ@+$9xmuWK$)S0QzVO_>8;=l$pLgkOy3kXT#xPQU8@6?FY{y)LR3qJ<_rp4)52S~ zHhayJ**4`b2;2ZUP6;xS{Aeule?&a%h+bTHt>h`}lCZdE`^_%uQnq+~9y2q$u2H++ zAl2z_lOnL*ol`c=7`VAEP#P1jra8U_Z43Wl-IptX(90^t-TVXEe=Hl0^7tus%F%3S z_b4-;nA%tyvd<8(-%M-EaJdi2vpnn z1Dn2w9Sd~CmUXiq9{T4){Au!11t{ak7lU^}EYbvSbS+LV04MonNf{trU7PeQ-Ecu8CDA0!0l=6GD3zd@(v$)Xx)mlwpg8UcfW zQsY5;C7>UW-S^)D-{iojcsue2shJts+y4r8KA;-1Sb3T2zqR|{r{f%;`8q{)U0xQU z0@w$1W^in#q(jiNVDm)ED3jc~g|<#_5Uu?ghHAeMTe%9h?n9*;?z#Ldc`#aNqwWpzW?2^q#0^JODo@Zl$#V8`T(H+% zxw}OWc0d2NK7;xs>)(;i5xA@G>ZHv-+;tppjnht?y0Q`+$Zfv3>i$sMe$O*&I&Q?; z=iY~McKa-)(4>1{3TZXs2+%iXrrn_xc*Z>#52xYK34z)dKnF7*A68T#bl$-LRl3jUz7`vJ zF{ml5u@R_IIzZ9B*x`GNlxA7hE>|N|>kYK1|FmftW!JYN0ox~k?d{LNrNn(i^Zz01 zJ-+$&N=(PkHVVpkkAIqj=+uo+i(fT`gFt453YL)*n=FpW^{H@rh{Xe4g{p;f@d zG^-mKa~#yyfzkVUMald)#UTy<_3n&AfGrLh$q#|buZ>ZgNw`)zvXNM2PkM>O(iin$4ZsVxJ>Q2Ou1aUmLr9ksFwUNL)lc*xVh7`W0?g??7rw~oIT8I zA@p7=YykD}v#)641{b|IHZ#?JmtIm)B4SMJu~~4-eNTWYTe#i+{20 zmm4097MN}=Ojzvd?@YusO8%NA_p$g)h-I@2%@B|k!n7ec;9=A$#hwq2OZXbs=M*%J zuS>0WSD)*JcNKg@s{j05(ERJ_FHK$zRvzLGUM!Z`JUW$^fAuJc^NQ}c6=q8<2_g^X z%BgC|)I-Wb&FjeiaKrY)um}iepjrLeb6RQ=4pA2&MQyoMd$OCd-ftR?ab4Ip|M-34 z0jG!c^TMkt4YT#sW6mu)-zTaaJ;#mcLZ4yqOxISx%ADmVe10(?c?sn*Q91nJ|Eg~s z#}f3qU26g{h*GF2tUdfJWlqRz!zj>Hu>}Zj*GOHNQxT|6l2F@5u~-&Y6(mYqYG?4e z?mauUSAXn}68afcz-GUXlpQ@UK#VWqkG`--mXRa$HQSO3a@n!cxS?wh1$94-p|Wq3 zt;^i0wyA3{K{-rHm+QFnna)!8cCT(lr_G3~{4XT@*bOHRK>gM8i~nFDour$YyH7y{ zg7QgspjE=F4Y{qd-PFiZO)6z{(;#PaxV)?#r&g$@4|`f3s-csNmcXWYm5VfeKl$(w zwVfd8CTb5V{s%jFd!bCnMR`e3;_7zIT`sr8jA${8T)7cM5!}Zh7-tk+aVMQsiPyxm z5VT{ko>C0+I^$~r*e;Y0`B&gOd4N*ju)`q${+%FQX8is$YMKRG`mNZ-#$0O!NXTZJ z^C|_E5j@?{h-$4^y8w_7bZVfRU={InpOLQ%Wqm0x5C1&~IT+;q*@DBf`^8ExGj}36 zO(87rDkH~+pGijMbNjAU{gQ_(a!mJUNMO4@=1HiT2nMoSJOl{njOqU3@&71oE%Cu3 z9S>6f$0FUkxH<5tnw?~Ej#Bn9qtU||c(;1#&iJoD9XFb|T9hiwLS0y>mt|8B{@Faq z;|xR=bV$cl)c!SrZLmtCHH3GMh9r6>ymK*^VzNtYOzj+}(2=v>uN(yM=XxDGUP-8` zb-I2p9@`cdf9mzps4gy|P~g){l7a(&eZLq;Q@!Je4{?Uyj16egKI<1eJJ*^hkm~n{O&2u^Xh0tw1C5qn>7s%1BF1YqJ6kMT$_8D6r+c z(xkWuA$f?R??YyqLu#=!lJ|30ulgNY@{^!}LHr64&p&)MnR$H9xfwLYhumPk#nRI8 zhD)}sqow_Mr8BIg)~Xv>+!hj#cNe7tIGTOlRj*vjrh|>>L{j+I8m)mfT7r%Lqe+^A z4ChibDCLBTnC2Q&mC6B)RJJYuAZw2^_ZzX|<^k0Ri(Jq+A~PpKH3eD#y3^oq?{RIl z*q$)bA`K;xswMQ#=MHa>4Ug6e-w+HxmywC&nY+0c!1rG2H4v62Uz`sNBoEX?f|LH2 zHeHQ=_yYbJ5P$ubX=eWs`|Y2tNpgd_se?DuYQVZR_6oDouTjSW>C}5fh(oJCwsqKtCfFRO^&ZF|Gf@3e9A0b z1Ewga5jha!{3DU8#XkVM8+H!Q{@Z!KKjA*EU3|XdT)t7!6_u7nXfFHd{K0dWp>)~o z*m&bcpn1^6yZeeI)Ix+sE#I;cQ}Qm!as_*Pcz9vdq=1XPC4G=p&(PB6K%g0gu=G5o zIrAj7*lXHd_WAAfZRwxOzteJ2Xz(9*_g^VdIKWq@B(~)UGxH&ngW**^pD5Sx zZntv&ja+vcuKx%XKpfdP5YEtBoNB+Wo`rCLS6(UokpH9f4f9kX>;2F{?sG!Nz+(O=W8Pm+gkM{H_*E5b39>x2f^kdSd18bBY$OT;5YfgZs{Z3qLivtafFxRGG}16_K0TeUz(4Q8QS_Z6K%R^{c=Ike}RpXVGyZ1mN^A6V3oC>6gA z)60A)n|asUOI_ATipNvJ;mvKCx+Y}2=#L%u8V3**BAN#+`G)7ZuyW>a`2b0=-S~AJ z=w*>?03>&KxO$j(_avuwcQoGTAnB?qsiHR~r5BSJ3G*)ofRjMpjf86m)xzP#|G)hi zZ?SaL9o|?V^{;#=Z<2aZ1~(cTx{pXt+uO^(p0>1=ix3ww&x?3t1v6TpPpc_8DeT)B zv*2LMBq4Vx%lsQh@5-8QkkN{m0AHHp7sFETH=jMj)(3dE`;uB}3#B%w0x|owd?#v1 zn=JOXX~fm#(M3i6${zJtoUJW}a$)HjgpN=_)U-D&f;+ptWOpnqVW5tO?O= z3@Kd?^|O)#%Twtnq~q-UexRaYhV^JV{HV5xV8pJBL)(@xnEF>9N5w13@$1N{Y{V~G zCL8>c?an|K{i!~_<@|h=$!FJKVtX7mp4xZNR4ZjrXI7D>W%pIC5@qF7jx;D#D0y5c}OKS)5 z3Y24*;EgLimJ3JHg{u~LdLsI$fci^RlZY1zF(3;Memxp>iTqMzbO(9LU}?i*_=~H8 zasqd@vwqg6HKKD=b>oVpESOXl$DZ)*=oG4}Dy3S6#Ws>+f6WRORi z?}vTv22(7%-lrPlb*q|+JbzzEP2_V*DuxP4i2Pa1GZT#OcghRXi1IC@*Uhc0V(7S2pqr{@V zlzHeDx~6<6g*B%V@TZpKtF>?_nl(QbaLyaAVq(o`-V4A}(^%7aXF4&3tlH9)S8S*H ze$o*;4rz@H>@nYh!cHXi>^<)Jc0S;9m*M)3>ik|lxj`g`2x9EFqg}Iz*-_Ephx3C& z#XrJ-?d-wXURw91e?UiYMeUEKK@$sQ&^8o3)x=b@zUbFux|O?K)V04*M_F{mJpW*h zkH*kD54L!nvdyAlb)pky`u&Qew8<7WYQ$3al<-HYInH}6#Tx_)m+7jcr2QTVt> z=)Ary94qFOE+cb2wK_$5X{?4NC#HroEOE@KaY#eWr+uZJ-7}u!?pG*qKwqp}Yv=1uLa*Bo=vbXPU>>04&IAvbt{*(&jE|(6@P9W{Ea$2ivqVfBDB2un zJ7j@6QD?=+D54CG>RvO^I7#l&ZEywDXjZRZ{u$sm4wMA{PO=B(GWmvNPI2IceJAIf z-LlL(MNyqy?rHD8hr3=EWs=}lneH&+#uMUc>Sc35Ek}rwUQD_|FoysZ*EHD;7W3V> zGu@`gL_L63n_;E0*W&>9ZiMK^FiSeVyLPR&nP0%vr=txI8VBWezcdmF+03Yk9NMOe z+T6#Bm2fLb&5lJyX`+?}Ci;9WmE$?Ox_Fn;hlhtz8++8<{r&7NmRym;7>B0dEEgsg z7AAL@INXW zKRg)Y!-&VlQEPs}rhkByRt&2swm)dRBvvsGSJg0!taOZERf(v2lf37f>0#bsmqYsV zi~u7WDC#i5$}b*8KVqrhMV+n`UHKk!rxh_q3wLu!^L^04MA`1g3yG0=RveS-&vzT8 zH>$jz_Dqz{GPrJawT#W5gzQevt)Ts$ENH^g)0s!!qG39qW9SM&X7docwfJVcn@Q=r zcRKs1(VFn2y)0zp4$IZ=Wi^+UM4k4RFcvHooN=P$SAy3t(H$)9DUAH;oY4& zJm|$e@4>PqO?PK8_9AQ)Q*Iy{iJe47Mowv9*6-f!Vwd;Tf-lEI7=+LU5fESWr4d@g z8k=G}o#I>U?5$Imko)?&6;@HA$H#hm>1#GtYvvQ3_A?->TmsV7H<(i`bIiXerj<>_ z`Yc-dsTc7%PYpmYmZQt(1U8d4R}jq^Gm_!nM2^k5-&Ut~(^Sn78$9xACNC=&MWU<* zF!AE1@TYPzFN~u1hHF-5)U@t0K(;|CrY+b`Ug35$b!kBpVt13Ll57t99l?IXSbK8G zR@N)ppz0lTMsl05=)qF=$7HU8Z2jgb`6S11hd`I>4{<+zlBtfl%%E`>0l zHH?<+3I7Nak4UYY1zX`zY1yP-{n)@@D7$rL&t5YNJ3+I2=O(-WVcRmSgZFl}InFkxb2iLd;f7Sea4k`@0TdGmC!;JA8 zV@Gfmz*iXAm-nRIp*lR?e$%^+MXt*t@~Z7x{K*B1F18U0P~@x9vCZsYMACxFZH#*l zJP^J1L1}9Xf|*}Z$8Pe#FB58f+Kf`JM4duogER)TnrpCK1?9#&d5-&!7d+RwV5!@( z?t9p+&&Dxa)b16Qz7T*S%#hu7?6)zZ-TlwQE3A-p<*g9oZ41?joj$IDO0tpdPdP%| zP1gigMY#pXe8U)`n6S5^m}>l1p}Ro}CG#?+J7Ta#clU`MH1-=$??pKgl%?N9%xD3v zM2WFVf;c;JcRT5&iqE`xHv~J6mHwo$v0@CzV!DU=ClZC1Bx12Q?or^7*pxn!fjzhh z9l9lp4fKSUeY~nSL5fTK9n@b-g%sZWqqX8`W-Vw_RgBN6wsh_K+O;CPADUPpd5%s% zJgT_wVo16ri%JAD+iD0!)JHtfs_9&|K-SgTh~fI#C8CAAx=v5rSzO-AA;aF6R5BK3 zLA>^c`()gsF=QpUKIU0{Sp8sEKGY#=>8XRWTHFwImDVDXHXYht*qv(OG0)uixet!i zv>{k|-k>M{QZ@PvxWy;&cz#6fUKB73Sl!IMPf4uB*bN9aYYG(_GdetWjTGr6h=FWZ zC%Fj4yo(kaxWyBek0BV?2}OE8Q1n}u+zl1YC+n?QTThBK#tsR2fxjpBESZbpE=7;M z3RCf+7humaGT2sP2~A?CS#L#BU0WVaFf*=n20f#nCRkTaVfW@&5*)Elc6%xztbsP< zoAKU$ZF@uhpOM-RRi|L5*xAAC?-HQngq ze{hu9OHKVy3p6PO6+ycn(Bf@U)Fh+!E#fj{)0#FGW&-ggM+KSU^Xv+u8O9{_mo!)};Pu;D*t)kj|ZGwYH?%I?HygL!a4trY*2)4 z%y6wRw47`tp`BFSU6yo+PToT&M#EzNbs2+3dVW&3&~l!odx62WPd%~igf}|Cu`)&o z`)$?i1I@8xZ0YhcH#9C`ncX>RmO~0!^b7VPwud+WI z58()B|C*0E1+F{-FE@wm)a*X<4tr32YI6XBwOvt^+;M{mZE3*5wj|1Z_Nqje4G->7 zlC+uLgzSvgxRyft_$GHCdz0=Xibarbu%rhy50@s`2Hn5YZau;7S}su{y^!C99{Ser zQ3W~*oxo1A`e$CbYkZDGUX}Iu601oZZOQ>boPA>X+>mapfpQ7~dkW{BjA(wy zwnqDR2kJ6LucR+lQC9*rAnzDHGx0f(yLg)0;cI9-3>=&HemgOnsnLw4lDE0e%vI=; zD(vU)`W%x~x8%U6l*dGZ^wIoeXb;tJH+Z=MQLgy3V;ny?TvwVHyXTJF;~#`?0bm_d z!zkG&XpCiU?DQ8`NLKpj!S^{JZ!LV}%3=f^ZEPaH*@U5oDs0?WhD9bTMVCjDE#5=+ zz->*o+Eq-2yoJtM%%-mML%9}FkiP1+?U7i*w8HXa%dFLmXJJ#KkR5wW z+ge$f2W)C5;9bPH$o+yC5sbicUQD5iBC6B@vt!M<-)qeFZT3!*GR#D-a@(gQ2RWZG z7o>b5%41#pb0FERiCv8EXMYD}8vj=Z9h=aws2l&NdW;c(<6SHnIouSih@VY6l)RN3 zNqq+4J0W4g76ZSEEx|9{alj1~@;CPE!y;JgLLy+_TE!=DaipaXE8Ltu5vdmv4zO)qOsWF=$MfJlKhjfv{LDJ!-UMq`?+-`BT*ZfG}d9U zOpD>M-IU3KbXvwC1THWIGdY+HOgthpl+-#Xk*VFOm??cdP$OeeD`O2iChESNYGyIj z1o$v2b%@n_F7+EUhJVZ#tvJw89&LUZN9L}$K-a@I0zSmiT<2kXYn*EnP^QAS61U76NVWANE_)VUk znR#yVnr<<@z5fqyZypZi`}U8Qh&C!A$x=x6B4in(6rsqzQ`xeYeH+uHl8~$u+4p^l z7~9OyLdZULW<=I8#x@3HW`4Im&*yob&-3p1{`vc-;~q!Hecji2UDtV?+v|1u)hGUf zXqUj%hO05YgMxq|zkLbFgKP533L5}IRiL1t-$=WBLZR>@g>tS zcX(VJ-}t>O5k1`S#ni_J#j9P69UShkr$eEay_fgi>{e;N3RMgUb}9)~-Z-`Nya$=8 zq;#|EoJ%XR=iP+~4a<7HqtQ0~V@t|EuqN^1iI%$)#;@3zaDXSfg?l6amk{r}GeJd9 zvit)4w_>FAi6mOu*!*}Fz!_i~Zn2m1H2S~U6V~jq^}2|A#e4ZCwWh%~pRYS*0z@n; zr^JB5vyehchU&$85|qc%Av^0)oL@v$qhBBgU(V23#s-Z#0#^cbAzz!T(Nv7wlf00_ zly-T+lF?6GRS#B-Mn8r`hqeYxZPg)N7Tx?`Spxpy;md4I8X7%JvJxvMM^;tnjG4%50r=%6Ae2l*ak>1(+q@wDB!90?H^q$4fiH?y3zh;&)bRVaLMXpI6SvtE z8?N1db>G#f`Z`!b^+H#Mw19cVAKxWYR&#mnBJ31b9YaGF;*K-w+5DicaFaOMynSM=)yk?7TY4g+f8;UyH8E?)iR=IR zNC4kM%;0qSi>A0B*^3V!|1VgZeOp+`R>OqreRq&`N9pGRIRMx%`sLR?Q$-BG{$^ca zy!>=gkJnv9$&AM1-%)%dDQO`!e2(br`vtpR`}2%~DL^OR+jk+CvO7d&HP$i^5>vff zsQ*h|EyO@5h_q~X@OPzgsr%2X3!*&({XfqF#TY@KfUGAE-_yf?aWMLsC?5nmT?XN? zS7nU!9D24k`bTb803~A6gl>cS)y6$CZxr!p0f^*%ce7fp|jLfST`hjRb5az!C9MFHEf(b!bPK z#Ru=VPMz~C!dh~-MBT^dy_dHZQBipps*nGF(imOIWlAP0_~b8h&SY{9CXBda`$yb26Lk;S%z-pdQnZ3ONb9WNDM>)`I=R9vGYU*}&fcil=N~S5 zdZH+IbkC$J4PSWpyEDY_`neR1+b{Jpxf}9p{4L!-dzH zXR1AI{}%Pj>;1pZuhZi@Db*;N?NbY)tlgjsbS88z0rlA;i}Is8U0YL+-44QR2WbN%ckce5$|m9!o9rq+&H60Pq2~m`-DIg+XgAK zz?^XOw=>PwVG1Z$Y5)A9T`Q(zl|`o55>LS{lhC3-JYq8wAO9;JVxQ|(tr6PzBbMnD zh|t*h^SuDT0@H(e+|NHF#)LkK9S+oSP1Tc-s5rJn9g`TgX4y11ts2b4DUV8dd-?ww z5r7rF%vfKxB+V-s(YQd+%sbbiwj+n`N?zDUA^jG-dgw3Z3U*RY3IQ0USBP7BooHx; zqt*%EwD`XM=6`2qpMC){vu>&6Ss-rd%>)<`KLGX`f!O_WX}wf;5gVH3T2`|$xlaPI z;0YGBbX++fYF4`JnJmnld2B(}Vqp|-YHDj_JpMuBYn#%+j8%OD4rAySQB7LD&=dzu zh8&Ly`z|h>;(4q!Zos~FwQce-ClG-FjG2(0q*H%UQJUO!lTQp}hH+OatqYy)3@95v z3GpSFMsbq@dw*7U^-Nv93k12@>T;Kd{5=|{ zqRl4MiviRs-S+igt|bTE?5;r>5*NxlM%k8lkfuANB|I0`5!*2CgQBPOZ6+k`$jLuV zJC!%xsL@!aDT)CnFKwNRYrPX5`flWOU0Ll%g!cjfBKrA6$H1XB5Wxlv2P7{bEN|YZ z%&raKYIx=3Z(Y(~4&?^&APbTj(~Sr=;OT!C?EH!6#T;FhR2I3{J(t-R8Tqmk-i8`7 zrVQT*wk`n3^ZFl$+jvx#_gFZ6D;^Q<1*q)W27i(OR7%|8jR|>-xz79D$mzysc5b^J zTs1#;=If(hv&D0Do=mPP>9hrmRn z`9D_(c2yYYBAwQ2PS7J9^1zmib?F) z4jYpCs&E?sY*ONgIpcm9=VOo4^^iv7i4?1SF?J{4 zo?O_+D1a}&_=j8$z&>5hhVu<~zP0XL0`LdoUQG(W;SL!uq+O-u$8c#VL%H030Odwy zPE+{+$V8rY2~!P}nn8ATqm1k|vX9$mSLyy_wiF~6T(W`y0IW$D~*?&&Ku`PdhC2H!C7mZ^1LFn z2j#m`pB3tIJbXUgxWJjcxO63W@@J}<_zwrR9f4Cre}sG!ATO*dC~p$m&Q!TAA}fpS zOA>zej9X}XPWf-MU*HZZ@F}|v;-4H3D6}*7@ehMX{sO;^k%nc!@rh|$orTfpz%On(dUq6(zdr&RX`qZ& zuEZRx(DxaytB=VU&a4y!QXPublqpp9fM$(tVRUR~l%AdYN!# z?K$TzMPTZAB^z%%8n;tQmcpzvCk(g6jd}S#@r>9q;?v!wkA+-B$DB+OeSD!M@ILp^ zKcc>PQfM2%4QZZa10L89Jmmb(VfF_E@@=sIHwJB5pR?s#(h(nDx}33PxuT*O<^ntX zs|ih$b67V)wB4jtYng?;7{?G}3Sm%tR7A<=>aTi#f+l8N0OqFId>`O?1TKK011*7B zx6VJ)kUjXEWG8awFU2|z)>ALv#7-}+`w8cZ6}C6zsx~4W>Z=;*&z4-nTKtakHxO1c zMCnWg=K4Q=wdUP0NcZkZoUM-*)dUGjwXm?EBO34j$wKuafx+-v=V2Pzz(Y3M_&=Ae z`7BRR-W-1k>G2iua#=e`Mfc@UTf(mz@|E#cC$rY$mPw!-A^lnngaElN;1I zdkGP5o=$O{wbQXZ9K&X|_U1tQlRKYLL4v$bge_ug!C9)O zvh6`4V_Ry}_;G@89zl9cKy%&&Jx?ojH6KnP*m!yA^Lh|}Z!*wG0{=`kL)^)5bAJoZJ>N)@c~ zc%dz9{=7RWPqLDG=RSF_(szi}C~D8>xGpV}NM+gs*5G862`9>(86 zkjFV-o&5gmW?hYit#?gx3Nw3@1)|v}{kOerygIBeCK`+JMq3C1Jj06#lm3G3!P>#S z)h?n=9VhCK6*Q;t_%SRbMYaXp1JeonmEyT#S4O5(L!@&qF>Ad&&_el9Z~pnrKli}v zXpN#aQCU+j#SF=|6zM=NoU=sqpjLgJF0O3cp)@>X%+WHf@rOxkYwwY;{xF-j*Z7Z( zJ|hgW9jvBay{Ylzjn+2%bJD5sL$2z;X}abO!Ih@@fvdN}?&@XNC+cisbzoL?u*c`6n$7Km1GV5(T;z4JA z(vhm`E;;!kBN0RaPA6u(!?dDrJaB|G?gHE1;froTp3SqV&?Ni=8IFHW^z7?qs()y~ zPea#`MYq8jRde#*+qU(&0$bEvf}OEnq~oQ+wwcXz;hQjS^Ri{n>p}{|nj7{Hkz-DV z-D;_FT9G9r{xItTA@Jt;g&U{D|5%h~6M^YEtk?SXMVt}Z77!7V)&3ui`0ppJyym{S zM4#dkte+R&Y1Zwt59PuRMpHTw%X607xhr||8}@!= zOq$PglA*6;{mK1dR{-fg6`OyNrvWVMnTcC6f6-yDUpAMSj+>Guw^m9Mu~!B;xDZ6# zTXKh>X&foKbRPNC(l)3p%|)%v;@j?(GuKCb%-FA;SA;xm8Mzz%{o+P-WwN`x^SNm4 zNtG5#abtnaNnjVBR05`1XXu-2D59|ndgFBo{+HsxTgE~bt4);)`h&(w(rHCUEX@~_ zIeqHZid`Ac%L%{7e)jRFq{##^dtYm;EMBF)2FmDPG`%@*UHh{$UHZHD?F(_d?W$~O z?e)n#BCv;>dyk$BB5y7a!|QH|kv zpOC5>?y9MMlFel#_k^Q_gG11V&am&uL?h9ZK2$0 za{tT=EbdtWV7RX{>b-B`MS;myt?*R*1!ppS=?TtIMsSFzl;Q0)XNBe;H6u;(>1h z_Vwjg17J|Tv>Z@XX zy}QYw(PnL3(XCCrZgi;6x!pwG$e-itq zbb#_&yVitsa?*IRPO2kQwpy-`FZxR*XISLy!#@>M8fSq$cjfx>O`#XSC$OD;^Vc(m zYx=CWluo|%hE=RQ%KGH!a>GUIvMyBj#&W&Se4X`O&qofwk1PO03SDBqZQLzKS_uz{ zE`WK*qes!BPr z&;De4aSE_MBfiQo-(&+m>RHa&e_kmX8ozzCGnz~{Dx+>j#&()|4+lxl^Utn7oD3gW z)a@^7Pe^AelvC7-)JV-U(*K-pcCaq^HSK}9OZAwe?$WK)+{|`0YyFR!hfTP3R*8rp z!!0!h66H9fa8axU85MD2-(Z7<1H)4eMQfg_lh9c0%KPu~$Ny!go-}HnecB$K{NWze zH=$~_at)c<@u8PK`=y%=)_H8v~BJ zh=K2_uP?_6B<&sv? zi;$n6JVIb&uLBx`1X+$o;sstqV>hY-GlM5NC+ckKrsCTZD_V1brb`N}+uxEdit7u= zrt0uc&gPggjSu3dtcO))lFW=eY;7-g2arElc?3jTM1XNE zcIOhSy7f;X%k*fInAafXO*})}$7iNSbW{omg|(MmcfQP`CJ?`?5_kQ)ZG!!SWGt2r zKD3KgQVhzkuh;YOsYpn5t^7*lUR+)UZTzZKxY~X(>Y!m9qh^R%@5kMe9NaMd%i0l? zo#0B?S10^~2vRe6{IIWWUu85SdCyQdP@ z!q%y-5e?l#DKf!Jcb5+-Y6H31wXxfkT%Ogt_3Q^`~uqF4y!s23##7D z*~BhJRng@GQm>bg=8Yofpdm$?xCz{aiVC-xrQECnR>9iNWo0y#LC;c|{fgWNuDHEIJ$@e6yub+>9xf1us!i?CJlGB!K3UAK4K0TgM zHYU?iImU6%^L@IC4&VSh0&exqV+-#n>3Mf)5^%j!>=7&GpDfBH4#>V^8Wgr+bRg$T zSQQ27y4<9SAfAgVeyvQ64DmA7hRk|Td};Yjdi4%Km-Pt}PA35*V) zjv~S(kImbP#X;8$cWBWczRmhX=@s1Kk+n;R6tocLNVvXTg1hrE`;(4#IhxE zc{xFGaNI_gAgGh_!F!Db&r=3kr{ZhcU;3hVV_J}23=DYwov%w6ahTZEQKjpjOtJut zHQUooOYdgj0)y}a2|3on+X5<~-D*C-J+Hlj%A5VCt)XGV{QPBiwVd;7cFJ^3UE{=h zI`dh6hEru7QD~Ar+hGiZFlGIJ)5ax*Gd?~V|F3(TsIV*cA)$&pD^Su$~j*1F)*FcqmiV9ouoVr*KP%1Rr8Rz+q zBY*@yJy~>lIO$REFxa);$YYl*I@|-_eWf*8&B#`({dK{z)-lI|vpgXo zePZD8(DWsZReq%t;2_?l?nm%Gct{V7Q3`i z)!9G{IT_LLRfeMefWy_oa3uvwXT{I2o#;&X{p*A{F6T$5Y~8GV__CzZtHB(J5Ta92 z(?+dvzkK;RR^D|$}e=oS%QSD@%*+nUOA=M*ZV%Gi9E&SqTe{{ z(zDY6pM0EnB1@1r>nSsy-uTmi`63Sx*qL}E{LgC~c2#`p39`Mlbokz|y8a1X+T!zM zz@G44ZraPlGHzYMfDw1kUbzkOLjbY_g-`|FoJKfM$_c-p;+G4-(CuU`KWm%%&V`A!if z^Ot+dqi&BkjjL8x#tVvz@7sm>mz@Vc9aFuw`;~%-|6ne~zj=S2pC7#gvvqsBpvJXT zl)t%hp)~U0R$U{u9=nG!k8~J9DQ^s}g;@LFp>$pKB&L2fA1({cT5?E;z>dc9JKlD2 zqVK%&m+dY0h(>CcGw$04!mF?#qu8&S)bWQNMd7h}HTa4#@2j7C?BTe;oht34ZDm(k zF78!o+5;OL>T3+YrVtEd;4Y3TqXWZP9r@J-`s9EkH*_yR;d&J{m z=skZWMZXe5J}gxf;XQ6e_E@Btq=m4@L^CXDWZCiGKgHooqvg*@2A$je32GFCHPb+Fnc9z$<5A*T-bf>gGL4hB^=w2~N* zhBa&cv6#%vN$`$gnTct`V0GoI6==v4P0ELJd|yvIC!L)(A{TQ3I=Kd!a_ldZHMwG| zZi4~FCm&Z|YTuo%=~KPItdOjjbziemP=UYxN@(TJ_RCk3Kf#`{x0H>!--DLX(5RKkT$LB=l9sqag0)uWw9%1@WlJ;rulsnLFO`phi{k5$y8IgAwV^H)3gdEy6M{^kA8zZ+$bV_Y#*bBgk&z+l@uB5zPg5XuduB${YbRm zT3JaVTBqYa{<0nE5hO=lJNdg9GGeOKaz@7m*R+zxa0RgC0HKBPN1ishJMj z*duT$izE>!y-wCfZ985s0NVSD_;ATcQ-SaV?dY645mt83xqJQP6BRYwUa5DG3&c~Y zap4j{(iS(o9hp8f{4U;=ywx;_a-(&=-0<2N&f5OcQk1E~!_O=*GQX7R61>(g zva>vI{5#)`GIUSBI)9%faY_lVvvnD(4DdpIRlVGh^spxp@J{N z=jO{omGt4x?ObM34Zga2g_yA{y*z`QH+gMcc+-ZqcQ%rf(I+pB3yJM{S-HfDcVAP7 zA`!KLV5Ca%(6HTZR2g;jXGd*E6HCJf#Q`tYm;Z-s^6vUwZ$ z<%Ymo^&x1_a|PS+vsuXx+FnQuJfsI^)=krLJN91ctQTNbl^JUl>?QRJ@?k*{^{AGm z-CqOJxti3Q3d58@&7XXT`GxQ;R%s)1!rEa9KJ4Nkm4zLGz=c$Q4Lu>Rd-^vRy7F#D zyQ>BH$%QgTO`P3Qh4jRQ_kd`V+$5K_FW+_6zspk8#9GFbZ8`vdzB416Usz{~aqz$a z2ID9>sQKUBo0cb!gr$FnY%@r@WmL3uJ1g3oZ~VdW!x1eHBAkvh`&{diz4u`Yzcp;1 zrr6c@F5fk+%r#AsrU2^yjHz`^d&MUe(Q?=$!t+Y)+6nb$_zG3syo~X)QgD&iGQqsx zjbgbd-xQOX3fW3crKmN^g=M8a9mEb%8f;{Ex3x{GI?5epiokgcqTcRAPX80c39>-P zKX0Ui%<00bA!PNEg<`pLpG6t!Issz5PBW<`i>2_4!E17%-Y>V{>oaRUg3 zglYap$MNXK-;4Hp)!)8<-=Q;B?~HH9F_8DVo95%|g5W23t@UPeRZl5Y$4vABsMkNR?anj6A9hQ4ZW zdiGT+-B;FjIUcifql^^NY5wiUnuCD&<<|*r{$A!q_`AcwM#%(pQGQ*1u8qG|!8Z|j z*oleRitMQEm9b9=cbql;s?l z0tb`cAvw0&C~MxAsI7PHN!q0txG9Ewc45n+Bqzrly))=+zlFs5r`Vz13OIm*l;VWS8-{6@=uV9X9 z*iBwb6hyYy%L}CDs&nYU%X~kC&Wm0gI$VIPQC=q-w+ORn`VLz85n z>X)4T@lfX{^AK;p&P0rfzj&`K-8J`2X=wPzO#>(iY29>9E1XK%8(t5&O{cjK-P9UI zFAa%ydim*@nI-MAFQhE#B1A-Qx04_;HwyLn_R=B-IlHSQML|A0Zy3I1<5%4a?>IYO zx4t#WcHO@D_SE=J#I0lh)B><4$C}2U7~#CtU9Qc%T~?4&xPZURNBSx6G+t0$1b$K? zW)tSO6mhzMe&NE&*BX$(Jd?m7-Fq$>*nmNu=r+OEM}DJ(L1HE_k^mQR=L3e3ip65v z%lQh+vOVIi)qMUzqu@kGEmPOORgatYVkI$KeHH7t)D84hKp&0rgCALu5)t{fy`9os zJY^q=9aQ-7xrAkX(LlZQxqqK9dl(^m60?^GZnpWXU^mxAVTA`^hD3WngTH2|^f;qk zrZTfBYfN^;w7XYya{Wdwq{Wnfxta;TOLkJ)jd-T=+QND!*&7OAC)m*BEsLEI#CL+R zV{tPQ{g$1LF!hn0eF-}@CW+tHjjmcsj#NJ_8#u{HIMxKFi$X`e>H4{{j|0~0w8H~x z40a)Lkc&5laHnP(Guf{+=Gv@h2#VEB$CMxcF@ajXTP`|+T5SgG6 zP<{SE z;4#Pz+{kr!7z1G()?yhtWfuo$7iu(3H>J=>;n+*2T=WOEpw$XNkD&Pn$oxXBc0l2^ z@Q4hNA=DnLFc|HF$rb7_;&62Y*EYQxQG3TB!aUp-^dwvGe(&NJRuFn^fLId)kv+bF zkRu;xBAVL-kYU)BpSZ#3$=!5twR_tL8eR{RBXGLT5G0aK%9Ew%gdF%fP{xFelC!rp7K7NIH@UGW zLVnlkAV|TFHvseebPr@Q9nZ29PMriVKu2z26#Mf9g?c$07Y>AmJ=a4Q3aH#MAuF2MJ5qt!$hC=cHE2gmMfr?E zF^h7NkZI#1KAja`Z_QV5@~xt|lw1n0 zT~jRKec>brv4W*RGDSrTW_^}W)kfxcA=eUdpUy7H+ZY4ZqSiE(!MkG;3Wv6O$0yO* zxo8{@Cav80$*!QuCss6LdAvO#-c`N%5l0wQyDR;kk$ghMCKBwC7%dp$*uH*tXPGgd zMI0?&t#FgCR5Q#J)@hPx;*h4m&}Dte7Y z%BAb=7E30P_;D<|b932E^7Uhm^W%qlwoiZekr1xx)fa7GFuCcYQW$`FP(B4C;`0Q;gSM8wa%?ptE8BD%ykldRG7TXEFl*3<@F5Rm*vheRdwvb1 z8Oz5w(jB0s`9VMa7k1T(TA=J-Tc9(i9HJwaLN?EGq-@>|mkcU(S#ih2g-O}1)XAHb zTaFIVe2UVdXdgpHrlafwe$bT~!Z-rM_J(PcF$20;*OXb=!3AFO5XflzefKDL9eV@9(<&R0gB2Frh)iz#iGADkG1>75J&YM%FShVFp_(7 z{ub1(9Gl--rWc#2Kj!oiaRO!Z%qvboelK8lvv~cS6slq+$KDPVxf#J3a+rSK^<#5j zbQ%jI5IO_>aTA=B14e|j?xVY0W(cGjgK!lz2^N`CNlfx#!t3)M89SxJ#Ecep{rp&R zKU49a+yCSxSnJBA;7`-0d0Qn%SbVg%q_swaT)L4q?*fWL+A=O zY(tu75VEymA@eKL`v()=R(kr4Vap9T?{)UNLnynoA^VfwdIdp^)}j*Xwz(VTrJZC} zl|!f$b~Q|GwVr-)!DmSclO#)RdCx@y`n3|-I%gKN|Hpf9j=O;FXI1upFp*g6E30n^dx%XvpNcj9lL>Vt)?KPKg}qL~_7i9Sg%Co+pP6#;kLgP8rE|c^ZTSkiF^M zH82u*FHs~_xeR)|LKIE*Awl;F!oB&M_FA)c;mm?ks}+Z;p>*2;y!!ZPnldf_=!%;I zYLgO(HCh`wJ=stZVi^ERG%td|yg?B*c=`Fk(|Av}OK4D6`YbmpiTcD9xG;{^Y&M{w zo8{h;qN3XEAjVj2zE32Yo8!L?lr{&?jh+F-9C?LEn*mqb=3+Z zyRn(jk>8ErYowl>CAL6i80kse0kU>3plI)$R~Y+Ku=JnX?Zu5LbJ3n?bCw_F`4q|! zH7rtYk(L(S8F9dB(^kgB!lBAOI+i_)`v{P**alx2H{Q<=B3Q(+pd-iYOp|9xxLw@~si#@(qF zCj21^y>_XJ39syCu+ql(dA!N$V3h_Feh57f(qoTOs$#d9D{-es9%n)qibd7zD zoxW|)HQKJdNC_=Cl06&{{}9ZS|3R#o-Xj7itp@JJkas)mpE`CZsJNLT2vyc8>{-C@ zly8l@7!tPZWLGOD{XXK=g{^wjhUDM*_v^V5L~AOt^StJfgX^RtZk8UBi_d6yalMRX z7%7kgSa(KE*StLR;b$o`dA|*8_*A3a;(FIf0llelbkS!>ocH8m)HxWAVMEabAJ2gg z4YiNWSc7e{;nIRqiv=_0h&9&NWICC#I%9?}Cq@d!np5?VQ8k-Qbg2ah9!z;Df;S?K z8Guio3?(}_N!M2rdT-3O7&#YqzJEAbn8G*A@wBNZ<@zvjh?+ofB(8bdIsg-kbmR4R zpR4h&BpZ_oyt=lBI9T^gSjq|5S|*iIu<+2%FxAx)l1;H6*1-#7XrWPB&v4-

;S2 zW48{4$c9pZJ~F<`Z4oSJXt~+*x@@!OcY0nYc!#&`bqASF8jojgAdFVOBQBk&53EDI zeIm%Y%}!yv4;49ja{KK!!@RD4Xt`$^XPNCP$E5u;$XZ>3;!+7C#dO|Btt4uaq%~-k`^6OCCUfS5W6{||z`K2uuOvQSWc;9*vej!V_ zf?~2_Tl^rTMJIO=&KKeKji@&`!TnN-XQP zP)%gzkP^~S1?G>dSQCfk>t*dWb<1~a3Is2H zObEaK3m-mK=zO;Ex3yaU23HMwhs}G`U{9@rBK!&HUYHl^8>%J}X^IYVjXAov>oP}h zXY4U*I)4Q=IDKSQ-K<&xE#YE~F+-cEa`>W*_*!Y?5t9R!pzZ8Lblj%PN)*EjeyipL z;2psGl{BsJzG83v`SjMPxHHX|?j}+^gCa{rJI#_0@qIwHwjWmD3;&o8*4}Ml&sgRF zc-<|*XLC^g4dejE`rMY~BAUm8p|Wj;+yl_j7%_EnDzl~k#wrwfR%(?-VvNaXa|BWa z^0!}w^nOD_zVsxu>p10N&Tgs`N=jt1a>$lg2ZW%0FURfTkwy|#b37Dl-GB&3d@Gq9 zh)k>SBIx$A9|>cPO*nS%;z1^S;^U8t692rYf!jC2U;B5&kY20kN;^u^XQnE)YOQ;r zpqrd9zvbsXch5(&|61s&Hntcmp|dd3sE)jo)qJdx)et^r?PwU`oZo5#;WuZ$t>p|UtNt|=I094bec9Z{X-uc6fGy90e|;%se~Z07AHR+8ZMo3iloLr~}% zoGygUtfz0ot-ggS^dcWRq@O9t&Q1>BGN8})kk_#oTH}#~d?tp3CJO?fUDn zG8I)Z-R@GSGJhd!Szd3By98Q2rflo_FiaB#t<9`yyxaA0SRRpOPR&7EVl-fFjQQW)+O0bd{RfzRT0zR3GL?3vFc; z&u;k+F4NJx8%xZnA{6@=!M7sv>gJ&{c!nXPd~ZH;#YBEcb#R(PW=Fcl3TD@UuP8;^ zY1p$)L)WtSA(T2?oHZih%9TY^PCr4$FVZe$g$_hLApQ%Mvy8n&MLZ-MUo>9olFxBB z1nR?YQQKc_;NOusyf@=Tc>}JC&z_fv_n&*Yot(P12(dw3{Z{8?iP=V(>y!0@$iZ**rM^drPh?{`!pN( zDz=l`nNq^{z<-H*Ts@lZxpSX=SWv#QO2Q!(XlLM=6dO3F8=Bf=xlwD_Ri4l5qc^9U z7jv8`kL#@aRH)OgQEHZ)c1Ne_s^l%edmOe?xQ(@j+BM)p&D6}wbMQw=Gx42<{H-XQ2OIEZJ9!X!bM{cnMkv)u220n3V(xonM zmOx0dI$rol7$GFQk|{XSRHFx8ndV%QeCTMAR+;EvqZ5t^xksPhqdp)w4Ke0e>9wrx zCBFOp+(L?2*+-x=> z4~P_0m{UyHTs5t_s$z?SGH_I#;A@76GL>ZBM5sSv*&-i06O!`uO_y#KLJ+;}&GmSw z#T)Wgk0nvM(I9+G@cr<734E4^(I=zwvCO#1&G&9hnRm$stc*LUbo3W^FTBiq^a-91 zivcXwj>B~94TrL~FvREvczfIgugkL4lftzf?xYQG+I|kzc}fjEEC9X1LiX3d=?-nN z^tsKEIp~+1eu(x}Y_J{+b1&jSl37bDd@Hhc!*|O=F5d<>=WxQj^w%au%~{0i%CWIiqa>IAR*2j{u=9jFFu_%{PMH{YO0J?Cu8UhKYIt0j45tU0jB z%F7=7%KLRq|;*os@M|hHVVB!fI!G{zZmrD0Q`CjVI^jb#f>Z) zSbAX8iOW$Y{hVkB?fZp_({u(28QfPZ43T1&}ev**$zBE@7FW}YDs zeoen?bCVUhY1G<=m78cAlxripSufRZ8m9ou62*z%uOked=vcT9@>QabV6T1Y#FV3oe?C6{| zeK!nbP5WrIWE&T$zx(iIa@jLPp&n91DJwR~BRq z7ULEOTO57pQ3zDPM84AC(OtYTe&T)}PSa8j3@YgX@Sl#T&!&r&qgM)TaX2^bR^>cViZxkw=x|TWI zfW>WwJB02u&lr?leOeYZ72^Lw&Z%<1yO{OxrqNso$GXPz`9mZFR2Vw^z6i(`f&&jR zR-2m}Dw^z)bAG=WM#j-lANH~?5ELL;kBw>fZ@If8NU%iLrH60@cZV>J9EC$I%3rM{)W~dx??LPXvv2dC804Dn)_CY_Lu6S=TcWJ znw5nw*(%<%6#Si539ZjC4J|0F9=g6p7Z216xtq2hiR)vFxwM**m$HXZ@J(Kbyi$Iq zwi!8i;9m`!Zk6vx`}kGP31|UF_u;pqzm+HVGuI|#E=p(8L3*}swnK3S{5y8d4n#^+ zA?3H@3>5&d6v`TR>h&n@2S3ii;t!+A;kYt+@1{ZtCj9Wb`+t1fli9#X2Xd~TIQZcJ z%$x6U>2or#*h_~(f72qX0MycnJbsoV#=pCltz+fn*kZIEh`>m{ z1nPuVLFXX2Ka4`zENo%Ef&&G7&8)y?@_*ZVfnX|A-)K8Au@@O-MyKy1~0 z$4nz?SYR0qU2$giO-kH7NN>kFC(Q5|^Xcukac>f>tIWv6d60z@Gn&;n=lGwZ`IEpH zu**-`nF^cVAHskCE+8)96Wuv0hw$h;K}jQC1Nwgn^C>lmDh}DH>^eYD($*7sm}kTc zo6c9KnlIQL6dKh(QVUQ>@_8MIY}uL*6+5t5R>VA>847+93UU5OtEU{I1Okn-^P1a$ zMw&m$(^tNuz*TF0>y)#YI3__o(Ax-!D0pST)(-~siofi~glm(EFoKf7TGj27D0z9scx)=3AV=g7;}9(f@B`4%l5Y zQmcN80gLMahs;Elwh+qH1gwbIVl_u%(}34eBvNwcJ#xEUoSy!UJ7 ztMQ)k@J#=^Q{xF!f9BDAheZay`6F2p1@Zm>fJEi1WjhZ7 zcTmOdy^`f(Mg0-0k2Oi+}@a zXXKFJ^mHk#J+6nZ&z~(U?satHAA`*U2tazCJ%90k4$FSA@PC#lH_JZBr`M&s?le!; z$y3e5@4N?={o=-3tEIgrtM!S@A%MsX*xkh2=Y>yl?;q-iMMl6|9^7R6h~0T{R!im7 zBjB$W4j286`n8`$-2)}!JsG#ot$9R~%}zt#)?$>gljl&EmgQx+ zNz~-JiOwfO)8}KpdpTE@mA$S#KhC84tXT;Oh#f#rJO&PSoY`B-J!jyP6N5JwRsUjG z90fXrCo}5T)7QGO@6U{?IYk(9m;S6QRmyLuZY}l#Zin`mdrE+AI_UsC=9!btcvL9;tJ!l@e2$ zQY4!KFigh)YUzd5v*y6!?v6xl zQ;wJRU#;~3kLmd%Z{2-)V+&>W<^2c{MW)4!j`vMrK;GB7v3~*I+`SCz z&eRVsT)v%WF#5^T#~Y`TCuNe#VJ+J}?ynuQG*_arS9*nII`-AO)X)1eCiV{OH`aLY z6Zp|~_Xo?Roc-BcU+~+=`Fv_8q1B17(7!-91O-x-nnz* zE-NiyXqm?6DP3S`p{IbBSKbEtNV34V+oWoq@xR=SLGJ-{#`Lo;yh$tLJjJH1nuo9} zN${hdu1K~PwsmT=tblS|^{@c!eAA1^7WVE1>(R?9Xw4lFr(3Ep0&FL9{O2-+w7#RN zo6&{37F_W=rk9RkYU;$n)BW5SV*jjRWx-Y0Rvzoxl>d_2DQg3Pv`$u=vj%&OB4qTrqXGu|yqup9O`N0J_F7|WP%UdjO6jaO}i>Uk=HrxRCc*B&>Z34h|g z&-0)V$K;xtCiIJIoy3(T-bw-eOiAyy8){Lh4jUlI8C$L`(*_i)N6s~M+WEjHC8q;M z*3&8h&9F;=-5+Z;d#p~p2mrlOeokB6uyS?o&9F51MAf*E2}!r z0wNv(MJ&h9#s^HZz$-AGUb!kh?UM&4>4s?4=|1Rz^ta$akdOQJmD|5Bnz1F!|QnRD37P^C9`pjdzO75}xIfUl)Wnyt` zmGY&roiUNV^hKxaD+j8FNApe-GmF(b_WNUT&7%SIoHJEL3L_TP%fBFbqlm|G*JC-P z9H&N`muRuMxMoE@C&G=z>y?Vd8GuxF8OR8ml$tcEnZu;xHcUD`OTtiARn2W!py0)q zb~!or6!v1Kw20w#WV?U{W~V^(8@@R%NzR5*J?IIX$3@uCA}l4?+C*wj9B!~r+rsGnGs+13C&;Iv#lRHt zBD|yP(9VgZ<>}m_8HNO@E-W-)zl>mEl1YZAid1rnqnb^JC9**=L_L~Sw|5H zUD~2)gF?A$8g7FI2Qt8@aU%U!zF$^-M9$Js9i}9SD^yTlh_j$D&sK`1aed(A?0oPg z!25lm2%69S1|ccNH4hJuRmaVE3TmG!dzz)ROF$go*?1Tujd7+{*()YO-|vt!SHjNI z7oLvrJmW2cudR|YyXR(;fqMWZY02U=Hm@uk$&JbyK68{=AqpZ0Hw6^d;zMbqdn|5B z;x~||&O*uL#Fsubcxn-`9*<8X5z{g(y1z5up%3)+z1qoL>QTi7bUQJ%G9!YL0ZAN> zU|=r2fw^2+I2}LyOI$y)ttrqGOL*Hyezqw$|H)}COa4=`;?%^?WBg>CQk_~Gq_HD1 z!c(((ozh|^Lu70979GP!rl4q(X;{C6*RXGte9Q7*p19!g5=ET1J9e;VCU$UBex|;0 zE9s&pc|SFW9cPmdcA0OJUaekzZFw0?wfUw9Nu<{wtU^ImDr2s}=dy1vPn&dHME1ns z+QYsYLsF*^&nUvoJx?!cYWP}FI zc4n}m?g>y*K{a!4o^rn3r%HR-M`yK_`VP7vUeIBb3tfmB#{9`K7QE&E3D!11NDGN5 zrow7UG(Z_GrtYUVy#{8#GdG$?13fUvECB+p2woz;qF9rh_W>n}OJ%C+&!YL{c7-$r z2(Nf81T>U{q5FL?Z&0Vr3(~s-gWNJ6dHPQxBM*#~nFYmjS-f4KJ{G6IhxzHJ{Cp8c zNa6QUGVTE~*4@P>A*u~jbzrOy@G-CbR}Ei87QVNpx*a7qAZuFAFr1ezG1P;(#6E+$ zbS5A%r{8C^ol|U6^6hdM?`qNSNfe+X47o@T%k1(|c1sjpP~>3TESOLMMz^f-7o#Pe z^4YmR$T7G&EgrVA#c_`2FzWl=uAL>&{oK5@wNsBpIrJ>_h&A~|{EMlM@9|GLUYAmp z2+0K0=S&)vSQjjnNHcEh59HE_Nx$eVLVx3a%29Wa*x4c6)+-B4H@3yqGwOqqj>kx9 zy>&2z#$meV%ws)g*_h=#&@#iPGfRKe4uvH#1pQ3g1RkWmUEfmp#*TQxV43ymhjOk0 zJ({Z?7+2L5Su4{`(8v-~yy+oRH)WTfojR%*v`7^TDi!wICaeC(I5JW9g2MYwPwxp3 zHGe+BnKG!zG*8DyNO|u;I9p?r!?3^cH#fasRGD+)DCK96jG*RBW-7$B^sOqsW@GCe z&DSHisHVhWE*&y8#k}aO{;PxwC>@OFNZ}GrQ;pa|;_UayB*Nc4USA~pE*v!D3AC(z z@l+b_fAP{sA*2c;?sd&jKBfw%FP%Lhn89REVGuHr0q*}SvMxs*rk$Y$mff+_aYvdBk7Kuj{ zz(ZHeeny-l`00;7P?u62q!!8u{8#~4BU?#bW1KJ7K&gy+c40V{xOt35Y~}H39w+_f z=;T4SVPI?Pv5}m7cV(u}$OPHWNWgcPGG@MtQp!(OC*zR#qp-&D{XWrs_fd+PPfe)4 z4}cN4v*v)H*yE)TXc0fD2HLO7Kxam12XZ2I;y;iq{z)Op*ZQ$=Iwn`V(?+h<_>}Zy zsu@pqk$fv+^0ab~Z?dZZWZe!$rh5A<#da~a>L3@&UjU|m{jvh%HMsB@_ zjOSSF^v6#qqe|7&_E(ltmfu{kb`(ik${IDl-r4;Isf7Fh2WECYW3)HLEb6u`)4IQx z&}*UCHRb#Td&m0mIug&ED^QjT3oWCqa&0rZp3ss9c@L&A-eGv$zf$Sr!!P$NF?pI=GMJs#v&>!RDFIC)XsK*#k-c74h4hf`hAMK#iZ`*zc zxlt3lvGF)rsvz8VrN7}D_1@}-K)7$zXF)POMG8XWK9I`sGluNR9>J+cAScvz z$VhuD?F(^v?=DwGU3wFgnjw^QcU(LK=76+fx961+;Fp7kqjcNb6`eh`7yeOc8Hz z%5>Lv!VvU;%LP1QpK`>eHgtjHe^$dLV!*_u!%R4?`Qlo&ojV7{djJnm|7t2%k&Qi6 z+&+Bw)v(5bbA<^16x%a#@n>r4%@|_O1jPW&?10wS=A62QNDC>UFcyV2Rt~=QtefcG z%LPFZSsef7oLYIS()kS8?e|+rxum-OFuGWvg5H0i1=m|u<_Ao#rB6Y^$6}S&tY^`KMxOyw{1@Rg{U|1}4FpT}vGt>9=F>fmVA+fzpWJz7;Fu0!q= z%KFxqxsjfbJ29kcXdEg7UyogY`#ryOzc2V$^m$;7aE_Uc@)gg^|USbj|V(X!;Mxj2Z)AS-XlnqS4#5$fIe3_h!`?@3?Bjl_@6I zOyleRs#iBDBfDaRj;GKj8OdnOqJ#&q5nQ-{G#4VGA*Y8@!q%-3T(`DCu% z^r8{QOxKz$!;92n85uYh`~&=hz0inZ4hNiS7t#S})jwlBzTm%9csYskrOZfIX&RCc zBOR%5^aoMpuf`7ZQgAX3(UAYuGd~a(Jh7^MA9mW`0{%-bAli)ILqOjrs7%vQtiZ3+Yq{G)T?5dbft8r0k2t08(aKA9Da zd%O9W6LKeSc-jBpXgw}kW^*=Rj^GZ3OaZn>O7)xf;Vu*gknea`0V%R7$?SG$5@w&| zm2Ww;dpHQGl!)YO5te_yu^N2aJ_xWjJQ5)TkqmnsU#v_7eLTs;$3awtd(>gjV3Q#t zT}QFgCV^f(g8T;cl;oyk!oC7tlMZCV1ZFVdcKFy6@Jjt1YE=Z{_c%mIMda;Lnt)cm zqgx}PN^kLmu)?H=zi4HgZ< zXPfNqn6~<~1(sQxaW;OBa4fYcvvDl*rQ+kU^{FWyhWS5m>}OF45+t($w-^u|T5dcd z7ZCXF)=k%1eQ(mVKv1`M1Wz|C^ty_K>u1y5QnEC#KdjFoqk~ zkKTkv9!U)qI_gXc7uD1bN{F~;WEbg5Sj4tZtCAC3DgVCsbC#z3*ku)Yg=A^<+R9PY z@^%DBSB#<$k2UPL_#=^s2#Ap9S(V~KkLzo@8o+3Bfom@G+gw&4_A$M+dOv0KK+JeF zsL|i((mqJ*22Dw`HD-n5Wv>#Q#*m#O({@NT6L!eZDb~5KJ#OIBFR$&)(4FEQWM^Sr zISO=~&nu}D)|&y7sgBt!Ydh22-6OAqJVwo|!6%`wmC!oE-9mg0bqnX>z6>bhrU);t zf@dBN!7~qY8zYS!d|JtRaQC4gNzl}l^iz1-QZ{Ep^q1Z__TbWdSyi-I_YMbBb z-p(younmQ#2v!Va`~=lEv9z6f*l<)? z>p6AWicPw3Sced%Tg@tO+p4llj87r9MAAO8rlULLqH3)gjyXi7;({Ry{Gcu<@ zE0{u<8s=5QDY`1q=BYA~j>$G<9pOvGlI&6Y(h2m#5ukj$aW4!_ znAJ?NdXM{_sLWr{g;_L=UAyBu9S`AI;P)4j#-jjWrUFuJuCDLwo-~Q12=s^Be}C{t zhp{CwKYyRmRM~U>%)mM?H(P#I`0Kc*)$UbqZuP5ehJ_S{6C4dhe|sP|LMyCN%qkOR zh857K%{H0yongWskpJ%^JHn34NtKUa%;d+XNYs&|!NGp31g@nFi+T}(Ts<^s_8?in zYn7H+V^BMo(Zj-@(|&%7Ah)qxe*g0mL|eox?o_;I-b>83pHE|3NiUZ}Eb&i&q(fl3ZngnDV!_k>)e02!^nB-w1ibsQ z_csil2c8#ekTn`|)PCp#PyOF!!Q(3RTF5mT`}C^ZP|SF&sn4&Z6npOr+AFPwZ}^KR z@bd^|U)uhSPX7?qA`7PR{ckWJ5NVLi$@)?uH=<&^HT(J10p(quQE-DZ>L5g%3PQxb z+zqVLGrk0{U(!o4uh*dFwp5WeAU1^)kqaIVkZTEd85ws(WdqgJ8T&}Xp|~J*j=&!IIB(&8 ztq3+AU`FDqp}RmaL|eTBa@jv_j5GJcY|~4(?GUXY5Nv#G+}Ytd-X_`SQtN_!A9!M822`qopbZf(4$3Eg7(bWdqd9D&cf*{N?G;Md&T z069D|obc790DtKW&J4KtO9lv8NpnoP-OxdP0?t|Z1&^_qf7rP9U=IQ000})5C#Q;y z#|@jpSGr!vO?%Kn@90X`v;6^C$%)0mNi-*r^Xx1F*x9=FRoHoo00LpDj{khGl$2A} zFgID3Y#K_l9njV3-`JN_nO<$s3!V-H;YFGKjbSe80}yCe%hi7EzgkA?JK9nw*=#?bmk;3O4B<@*(IJu#Cg%Rpfpk`- z#-&6&|3&AR!QjK`i_Ss%sRN@?-5DUk4996)|4VY^K9wiP*(t4Z?sIVJf>dPXFpaf% za%^al=TtQ5A<$Pp1TW{qfw(h+{qZ)^GC$FV`hbM6ru9Uw&La>9 zXr_&@Cy;48kec!B$rgrNgM1(NqmnH_Jbtg+s~QH9#;fSNOLqs2RVK=@yg%HCukW6 za*v}Z3x@gVaGZewfi1Y5Vuygba#snB`5027TJN}4@*m(tggw;?;ij|(*(Xpe+HTPL zuYY@XM=(+TP6u#)`EmDYYgpL6j)TS`&w2s;`^}Q~JS0phbHD8nCA3L&;?#G7$(#}L zEZ8v$8%{j}3EbS414fz~y#J@|vN=ZTI`1(iw7tE$m&@qvCp(kaT;#3FK zq4V?>fRQIJMGp~qu3hJN?c}<$%tFanmqXkZQb`jtDxKhpjy=qDwPXF9=YSdjoSU^` zc?2O%W>MS5a8ip#ZSrU(sqg~_xA-^4NEf`)OAC+Y2|w%w9ZD#E5l;i57pp=|0@78g~k>L zibF`5SCELaMPlhk^tywIgQ=i0B||jUsxuKR1;dVQRnx7UY16G((Y?QkI!2d&?Y=_wR=%tZp2U zQ2waUBY9&w#FuNCp!Pz0IVnM~w{Ix-C;vWL|7b&j$(@UY6WAAmmP53h*ST|lUADMm z;$CTwB=pTm{OdBv=>8ugq-5)(W10v4>PB?;FF!vkQi;~l?EM_Zo4umBa@a|koe>#B z4V@WtlZq0NuYxYtcf$g+-yVHmB=H_QAirh3F&pLVPC?#q;*KBDJGDMx&6dmiqhZWj z`oNV998M{G7pdn5N|Bdyi$H#F!IG{v_syB@;@)~;q-^hBNzT>E(!M!5gd!ZErp)06 zRn@EkbLg)oW`a@u@pOk9xA6p4pD~RXr4;(v-Efz=;ews*LDtu%ZRbjUfal;HZ6rWm zM<6|mqd(r z%dsk8#emF%Sc@KzQ zuu<_mJ-o^Jtv<%Dd;9@M9Uq5xO-iU|ZzePwMpzXL@0kr*&6c_bwwtAJcM`)%?JMBx z@%G27Bj{5sL`v$R-vkNrkM*y#*8ZKXsw|gBzg(zRwE5dXwlNAegda4D1p&zG4ap0h zcc**L52pz+;Hq)X zn?4T#k3SV9u8yu2&b5;Iu;3V_3mWpm1;{+}_XB?=6b<{t*f$ z#d4$kV&=P=y}H@=8>2sR|49x;7V??q(2K|DpVMLOFdgQ{T7Y0dP}>J9Ch6=N>Vk^L z^U4;^m@hT)ZhtDxQ?yf9W{(U%3#945sWKr_HUJ?WO-eGrvC=<_zeX*WD-bc_UG!BV zrgadSh@bQY$1V(A4Z)G|>ByIoUkUU5$aW6U`F;bMdz~}+G8{LZeWS-+5X0mJF-)dA z*;#EWbn+80l&uGXdO^_0Hhd|yj2#+HoQuvO1b$TT8WI@$J;?;J(1(6$2pTpEX`y;V zX7LQDl+-zFpZQ?TX%T1jbB+WXy<*ZPVdr3CEvyn_ci#%Zgp>;&AeG|eJmnpP>&x2N zLp%UYugE388)M|8>CaiI&t~hkVWJX|(|mr90Gc?vxR&tzSE655*&>62&>$+AJj>oQ zXe=*ppJ$TYugk`Im*)ZTy?&i@%(D(c1pJki>O}DP=MQPdd5{i_(HoKq>1tI7Hdlh0 z`>!W}Gykc=HW-Zo{SY3U_CtXG!zQiZ82@epU#0odz_R z9!PzMgTSWmOpBc9w|MQG zjBVk|%#pJoY>*&d^iJaF5q#9a<9`%)kuv)VIm>wQDeVMV3QMbpnbd3Ohj4QzT!Qkv zG?yvT9ieB%Od0gyg0CF(u*AG$JziGaPyXbInPrKmo0DyE-_p_G|6irjCS=10ZE1L2 z%SJQ#p~H+te93x}yd$Iggc=4F^yWQ8g^{ZVDjz>EE#~&!(fy&j>qaC!JJ`2Y+N)C> zq~)vvJ+`pDys!Foh~rizmRH^nW3CuuO|(J~`YfpZ5sEw%*9Ns1oH2&Eo;vFK;c>I7oN><2bxvC# zgD9o_np6oHA|6LY`JF)1_qES#QDp$t7(iR--|Qw1@-bENrOJ{!2x*f)2n{|{FECco za)A}vW-}=vC@;Z46&klvOIu3kH;68wv5f^07ZX5m`9TPyv+*cPEBHf&I+o)q%?vGg~E~<+0G?C zEMTPveZlE)i15tJp!&*bDfK|oRx;Q}GcS$tTp*@ROHPLXsLK%F zb!m4JyV*;0KkF;KYaqRJgn0-zzcmP;5}NawvRT`8-pJ*#etS;azJirHJA|p9rtZ#R z0Ilmtwi-7!tfm)hu|dwY5k%%-gvpHMaQu9zn-H-=Q^cpLOu@K~{?~860w#fXH(CAG znZ|*O^l05i0+rdC8jg^PyrR_++WWL}Y`Tv$1>|l5m;E#rRswQw4b6%3=a23WJ35yY zHlm}GqJmJ*4$xYnzD-1L(!EwNaaEa`)NH-{u5C_kPGv<8oo61{tF&s%se5NU2#=&5 zV6<1iAYv;_xlyu6LCx3%ncCIPc9>2JdNDu0e1EW%@=upIoxj9o3E2NSvwCd!56|xN z6@^9e^d)XN_u=BfFTT?(Opal)I9DV7JW3Xp4^L(Yp-e+Nx5@vRgMNUSx{wj5lnzF~ zaqt>?X0)mshCF$goSUZ#Nq6cpF#0l>=VFb#qGDzP%IE(*Uy~Cj57n`+$6w= zgwr2qt4rE>a2nri4Be4?{k$t=JLp!h8SL0UyQqd5H8~>jr{4#G;z)`?Y}1fnc;n~M z0ens33Zhj62{ep5S3Km6!nW2g<|S@lH{_S+!R%Uz1SOCVL$;%tW^5Mf`SZyUU&y~@ z!cUmE*`MLBupc-Vnr_zD`k8tA6@>dAD{GoJ;Xvn@w4AB?a-Snxyi>X$S}6Z&`R8oC zCqdQouSa{MS1%kb&{h}1GH8%EJQH`2Qag$Wi40Mj# zH+tv&etp?zLYh2&dNN^sblL{CSQd`@jWQ40Vfd|F>QGvquMYwdnid_v($%cVVUA>js7l zs1zs}@fiD2jV151k-s|7vGIf##^VsZ6Zx|%sNzBcA<#q+36+%q9l3@>t)pad#PDRy1Nbyl z>0!`fNfh#ZWDXTR^ZcC#=yKoPXNbg`IloH&p6DpG3(5&?hH+aB(OW^O-xb+z}bP zWv-foA(T;ndjx?fRNsUuP)}@?yjL#!qcoab?oOO}$P-mPk?BRbu^ufpXHc#k5vy!) z4%z>&+QYlIi`$)4M!)cybQjZ`epbbI@sPzai~v>TjlcG_h4VJCx{s#^0?XV>I`H6Q zt#3e4q5YlqG|V&7!kNSIeWdLXzubfg_Q{&F7E&sSx~0yrMALHT(2y~kD@e_X*`}P2 zSi^Lr2e%~-0z!j^Ep7@MBjBsZlxOKzK=fj=`mD|4hK3LaV!6z#cr&Xku?9yU(ip)Lp7q3QXHnrLgnjfQ#c{ zD1rk&pH8ttWdDC5pFJj&HSmAE#IdI~L z6y5G2g12|1K^XHC+et@!)_XjbtS2nuwDDdkmT`oUIJ<7H(bdsjOwq*ioQC*c&mG># zeu9B`8pmpb2WOtNPj~aL{Yk6B=}QTF)EqI*gsx-75z^Q*6tRZM>@>1v{${Ac# zwH-YG3>II~*s)(>ntHk3sq1#95p*iXxywB1|#%^7b`D~|$m@P66 zC-@$^WXXBp^9Tkg20fJ!;XOjqr#&j<*@_j<^Fa;L^%6?!Bw3t>2;4@^Fh!ZDj<>c0 z#)-_J#pvIKT(4m(4!?!H%!HGo-y-ORY6G=vlBfJBY|L_o&4O4{B3tW0k%Ta=O}pBa zZ+~Gr3s=B7eVh~55v=CHjCNMUg$*m>@~Y9L^Pc)~(>#SwZGVDY!$GU@vY3xpNpdt2 z{BJV@bsI%Ig3fuSUWrodrzdg6bIq*(m z#Ju{?J0rMTBz^hvHOgqJqnh|&lP}Jw;Ix@ofEa5d8UH3^lbd_cqH|98-}=!rT@Pcv zeL!lc+V5u|=WcRb%LCMIG=YcyzBpM8>XfX($ppHAv9KblJYA;uMSaFL)1#n#%Yfbi?2S|pXDp5^xra79IzkCBQyMZ= zIM3x+tAL*w#fvELNJ@qbs-~y+a*2f1K+ab8(F&39z~i$F`my`Y$|a#MdBZ2Wd1ZMO z)i_%7L`Zkv1Yw9{%87Z@Jl5{6Nmn{DE?+1R$)>`W=uYkHcQ)@ZmVABtp%W>E5Yiib zry*SrU1z4e6DaqO0d9RgyN|kP@|D@RcCF3}2i*E$>EAXh&7aDLh0+HS$|yeN$A+T` zMJX6^6)$)(p9KEGe+$*SyB;Equ_4L+Gg)*y6wXs&x0*`BCg*=F1TRimXs4x%$!}6M zWE@&+*wVub%}dm3PMOo!(dU?6s2R0fIY+TEvQeYY`RFShB@=s}0xmjQovL)bb)8aK zr(|+(@PjB5WzB2!Y5{F3A6`>Q4JB^21Z74h$kZ2~l(%(F zae;${JW9cg^dA|pa_fp0l;N~1X&{OdkxRC62ctx|69p}8np&O3Vl*#<<|v~?m;(hv zi;DA1+_pngm}BeV1%H0-uuJ5x0vw*aoa#@^uGl5!wjkf_?>jym^}cY_P38J~(3ROh z-!W{^l}H}{SVH|O`B*}%%9AqOHn+AFeYO+gN!W);qav|K^%e0)P~~|31N2b-y9`7O z8l21w+)|@vGZp@cTidH&J$8wgv&N_izHpR9a&ob2X5rbDq_>u|_bp52>o*$?bhUZE z5X5M6lUcSsc)UK#i?`R+(bt9yMxySxP&?~|ib7lhoOVpWQaKLCoQZwaMXtu*-wyri z9XLQ(9(ln-6ggHfN4PO6po~L9)hcw#$x7XJJ-2;efHr{8RXmb6QbS5r+2ONqEB>!@ zBnHDZq`P@#eh*Rpi*G#cVD~?(kh1Guw$gAd_o^B)vTuxH=T$dllx7N{^HQJqzpTX7 zt$fc|I?Gz)h`S_s`tU)QhV6QO`+{k(S5xe5bA7LL6(1j5QL);mNjEmLP zx!M%!;GdIvgP}n&2KLcA2>c^U(yuvA=}Q^b=m!<4YY*{4*~xCI_PJsiwJ@&+T)DoP zrKZVllXE-i#)_LrFPyHym<6)}E!|!l62n31KR1mLfOLf*pq`GpuPl;--~4@axL}I{ zZU9=gLgn29{F|kb98|`M^fcvF=e7w(Z^nq)M-?L4CK<+;S!+N~74>pbY1MvL)-Qub z(`g&}uQ`-iwpeII32r}=L4n(fHz`;Q)jom)(PA`fTJzToHw$eG=*aP(FZpm6k>gvJzHi zU|iVPIyjOQW;mW+Z5|);rO?Rn%i-Rq8OZ&q7kELCb9}f?1CASDAIgCMh+ZYL__Y2t zgTJJ@XK>z8eyaS?5O9sAL&3%kFl4m7r#Yzkd2aD}jWeO}sjnLP9(y_0CQT$LD5#YE zT2X6B*T(d6u8y}zXJ>SQ{;^6xkx9gCGx~Ucur@a{+3q_fWKn;q{Xw7Az)PI30$i8d zR%1}xWlTH!eh=9W1D}A|jP7hhoBZz&1vdB>A{6qS*O#D6Zo-?Z_m9DckOkMNfq-GU zLH7X4jXcdE2z3C7YppG-1dC_m!~{wfkMrkjcdsW+(A4Bi=~x;lFCpJt=zZ;=X*nzx zbk2(o=Hi-BlpC9aT?ZH~I~^NKS0aV;@Y>wQM;6?;BVqHqp-_hINQ2677wShNIqkNt zt|WWJZ|zpH3bT(U_XbvN*G$LWz$P8q?i?Q?3f>BhOCl4~Yuq&*EzHtjm1CJo{?%v4 zK;7uItq`RnbL6IE?bGsfRw?ps8$6V#DFaenKK6X@^o8CT8u`sXH6{N__2@rRt!ZFj z9#ZF@b=_#@)%Ow>D&uE=i3EipQ>sXGIR6HiqfZj-p@3oHvh^h zeXRW3#*{K#PMU5ic*G?0W~NK{AC=&N3`9_RJW8euK~b3l23Na-a&PSLxKZO)Ijt4s zm`zE8j6UB4%g_aP*m2vvYPeJG=c@qYN@RegqfiAti>Xv-PY_s(<$Wud1v5 zhc=2S)G19Z!dgn4 zN3}?3eD*I22#p1PVJa);KDOcmS{Lk7{+nj6lIb-Av!G!ECs+L>oy*;MaCI_5OK4!p zWBx=0uLXp@qnUgexW{W`Uq*<71EERC6E0rBH2jsO-6o-6T#()XkYnRplsxsnfHwv@ zP#NnMxP}OH(1&p(FMJ8zmIhnKw}y`LI(nxRVjwiU7aUFpK{MJ2eZ&|zvGx6v(>-|d z=mPR6S30XBXlnHGCFRpT2os%umX+c4raNTe*i1G(l!MK0 z&+SnGw#N!)e2q;gZ-zNHTs#dF+-W0Q#| z0Q5jsD3;+c`C04(Q(eotg<}9x)|4dFrWcs(uczX+WjH^#WHHdpycri~Jo5nPZ=pjp z8@u=U`R^Pm$o3j1anitD$-r8?n*ST`aOY5ZV-4t?abaI+Zo$aKZgE;7! z_`4j5DLzvlHG{eJ);^T;-O@-t<=Dq5;O1>cakCIS`w;r%g>+-tZ==5>G^@fh5w{8Z z5l+bhrtPnWjoHM~%-WvA92EdXe*K0b7(+<-4sjW`)4ptMZ}>0wKJM$$*L{DTm|pIw z0n%FjTq#G^X*xyd&3IJG+3mqGl@O^JGBKmGTx3i8sNMQ+w{q#{n`6hCt#|I+pG3-E zsmt+c3hP{#Fd)DW0FoEYM{70lW`5e#$w7W!M#$L>ofZd=E%l_eI`C8%IWY>Yjaakp zAiB_Zavr#Jz2YkJC5sDL1a?VNDKp?gZJ*ozNN9jDQdQwApGKxSKGq{CXbtF7IxZBj^1e(!sS zQSRAoCWd&JmJu>R+v3@UZ^>$;lOA{_5qnSFJ492%}$rS4rE0`vhiRQI>cx&Rf_2M#f|X>9zeHOuK|y4*|w>2XBOB?!N}!3;wNsvmTfoR8?12Hakdjo z*n{3V0Ut7LpH4Z(UjA0+uyX{>%`Z`h@Z|JrJ{OQ`#bdI*+?Kzvzi+Qh?-uZ|g76bp zU${D@V=Q4)!=936)OtCO?GJZ zv!QKuZ|}u4-lAjEp>wFm_L2oACWoY9}ZD8TK_sMY8l&)bzK1VHI7len8+-q z;{PR`Hk37Y}97y3cNehoAFx8yQG-+Fy0w?bjsa|8H%#nLCNofez>cD!cz>3RsxS6 zwGwM@r3*o2JLydnw)P&aK9#WR6_VFFCByl|!>a}x`=*6n&)-|1iJ*soiKYZINfcjzfX9zI4kAcr)udGw4i-(d zL@sCbYCL6@pwbJl?V;R%7>tMG_OnBwb9CTW{Kt>1(u{Xpemj=$1Ux3Gn}> z5OSMS4HUJ2bIA!wbmO2f(4LR%S(&tK|L3`*x z6UEDGEh@4$J4!(NX149bQ}8;TPg|om29h5nWmZV#=H=?_bK}+*E)(c{-<`J_A6E+s zjiKY7Y3uKhmt?L~yh$`l-IW~66b>oxHZiYVT}gh7?;?1(dr3~kRZhTRsIH7#ZcNd9 z;MkLIt({~_&HgCS9G$SbW8-??RKqQkda6@Pc0>mBE>i~K?SJsqzuJD>qLtS^77X*2;fsBimYyBz zMSN7DUOJ~rM<^p9h3rl!6}*OT$~QI zWvV|IJCdcnM@Xi5urjMNAEY+ropQoJQhtO*CMK49nC32~viBU1)u_CD(i7U)I-)im zhklZ?=n~%itrK}4YdR<8Smt()fhj;wZ#j3~2799c)L(Nk4q6r$pOit@j+DU-89DQ!Q|6f>s5xMnC z6&*EaeRb`REaPIUdP=!y$lMq0YU-~&%|4ZsS`ZtJykY~75FKIYVa2)|I&bssrR^Ca z{~5hotSklFDLsd5G4@hAVq(uO-Y9QLoq8@&<|t}pOgDWXxEFu53^&TLGC&o*r9kOh z6Y^MqXlz8Bnis!j*@{X8t8w7%o5V(*0%K%;EjOqr#_p|_@7=^>e-X`&?39Yd{d(2h zdzdD!a*|O@N-EU+WR0=pCvpd?esh5*UN%q9BriL=l-o|(s<@tTSoz}2$?eR( z$-}-Y0{U;;#`Zc!Haws%lC2Rek78La?piYm(#9R^^0Oowd~{i%BMB3mYzrjFuIRZ| z%Kl97WEgF#eBOGBB-zVeT>L$@+qd-@v_Pr_XqUtTrn*HEC8Gd%9@ zdAr)ftA+d1`-QZSGpD_sQ_JDtm1ZBz%%E`2{(Z*TS?rIFU(=;f!*#yTNE$Npm*)ZJ zvq5ikHJCaeig>IiC_IMgiC(Pv^2N~+s37xhET?{;y6XT-(|ox5p@%OG9z#=D`6JLB zw-7+yQdQc8Ai`31QA;{{r%5Mjg+4Ut|dJVQp zqdG*|2WsYxOebrX_Nptsff<{dN{S=yk>eUo8=>gp^Bs?@>J9|888&f|DsC}rayGQ# z($cIQQ6R7SQ5}%AR{$Fb<;Z|@2met??_@nDTd+5lyu&q=1R0(4)t@ofDb&5v{1jgx zr%2@7p=r4gTuJ|l>BiH2%}*5?iH9HSud+@%c@>?s)!|L3RdqoaVhgc4L+(G|X&$;w zOV!^S|De#b)~=&XRUc)T$S+7XPti(sN5V=j<=O2q#?cT-XZgOis&TbP<~P0-94-Vv zo7RG4M=p=~;6hBDOb=d}kGS=J_?4@FqL$3LV{O$IGuC%6?Mqq+lk4Q9)vUXFMS2~y zXyrKVdMjtcXIh?er^>6Fv(4qAJ0yd~p4?+(nuk-IG6XJ~%+8X`946V8M}=3`sTO^|p5~UgL|R>xRITYst96;|!*f06(7TW3P)5VE2+=Nr zX!#8Hd6tA-+&f+mJ9DqY^sW0!W%fG3VWAqlp>QP-ZKT=!lQh! z{cOwcrQU}+seTPT;rQOs(ZJiwZ_JMaf~t`Ahj%9zwNPc$-Z~7XQ)HVJu<1$%*Dh@) zl5^XK_TbJjPU+D-Ic2%XQh&)-3QOKWQ+p z)V{&$wkWk)gtY7ak-NmabVWlib&G0m=SVY%prw6+N2GWMSyS7S5*^#6FAA~{_igrO z3A9NtY$=1VL%YyEU#+@mr?awcYw5V~YJ+V|UR}{m+e*715*uj&E)84EZMmMDG8`J_ z%b#1>MOUTPGRMS@%;YeYguVs)L&d*8oO?P)F8uB`3z~#7wIW$N7H~ad4RRO|AV-kv z;!`<}epb{|oCPH!4;MEI+S81r9l4glvlH|zKh`F*ZAYhp{Si}mzRr?5v+Gyj$>q9# z6HVB|`!c7Vi*i9{FI^}s9Tqur{h5j+@y>O|t@9_IRF2d*AX5tkeW8E1_4 zIZ?Xr9<=H1ehti>+8}8Dy1>3s_U%~tCgCVGN$C+5%k$yeU1j@9is-9^tTp>dXjuyj z9u<~NPL4ZC)QMd~hBw@gomp3RV&ZlqZ)4vKEL%BBblGlQRjJ6`COmQ4V%iv7WRftG zj%^k&k2M)75rbLCg?oFGmjsKDR-14b1J|{wqki?CFxtDXlqt3!*JGW0u+7d61$ ziQ&>1J!nN&+w@s<8FO@eodH>Jx_+afsS(|Wf2*W7CM)E+M9}(V{9%)0sqojzJ|rF| z5ebQu?Ub|AXE`WbEi%mj1Pq^XmdkK(?=#nZi)};OFOJr1&X!l+> ztAC}WY+!M)VBs%&ZIk-cgFFes?T~tKe?6FoH<7jB&DWUapk6o0&ZwIb!c7pmaq0UH z?B8E4FL1WKHtuDgivpdr)AXEdb~h(-k&KsM95aMMX-woZ=&Fhbf>&|(iFgr# z^v8KsvHM54l}5pfnEE#(8M~~g%NCSTarz-e5*$kAXsVXgFGWU8TH6L2<=UUpQN`170i)EQDDg=irm$cmL7oD?gxXd!UCL%Y7x`!s& zywLnIi4Jy|Dq=~F7S!~%USBpQUOn>KsRw3+-UnA>q)vY!?uV|vcQh;ePyEo&?yXg_ zlTSXye=pCs>Zfa&8Nt%;Se<@z^@ZCBukjvu-^G6m5ZoJQ2+^5pe1%eDn-W;On&RUf z?{|6TIeun}c6j2?L4sENh5|$obXjOZPZR_$B#ZbcD3BfOM7VV1D7|kW7x5Dhy7l9T z{{>O{-a8>tkBS2xU|KfCu9c`rDufa9(^Jz0GHcAd z!=&i^l7w&gxzkJg!PQ7*rG(c6lJ{3<=Ovzkpw(Onuyt)M{jesh=XE!!F!HhGlM9bUmD#zMo52L#d$F*JEsT2Q~Fkd+I0T`jXW!8J5nH&6KtEtyRg73T4X(0nVy ze~X4;v(e+VKPRnIF6+>as*v-X^qp|}N1kgF;@S7Hwl3IiLk0>*=!pE+)Mod4W5@o# z_XV0M(U&biOR{!@;(c@;>v^a9zgf5Kxa;j8rITTS~hFzA+#H{o*oQFI)`aWS{KZjzGS z%0{UtKMD6ko&K-IhGaJ$XbB<1C;!t9I5B@@S{GXFZP=;g)@aWxTlB{6>GO}~>c+AP zzSNfSpRRg0P7b+6%FQuv3_?FQhfxJ~3IxB|lL-kHh-nUOE{T|BtAS5I2L8Ciqzy{5 zaZnFU)mQ9T`I$GCcYxROt!@{5=$r-()EBhMHaOw0%^N$a7#_0_g=D%^7{7jBuf&HK7VQy(IjxJG9V1h9NOhV`dV$I3^aPXv0D6SiVcB6;1kt^Xx=f=161 zS+!+IHb1Z5`_GyH_OGtU{n1@1r7+WesR4O-EU%seQ%RTbHaOSd0zVe*)0$}5=-6105`BtRy z{(UoZVeo!(m%po|8&#o@bD8LXZ1&Y}74Z+al1`9WSo5jPa<4P}`WbpGFWpT3tt3ff zVd2P>giW;haQ#?U0JKkZ0DxdkAOk_p9OIp(hkJO|2gPhb6mbdZ;G%$Hfm${8weW94 z*YUnpUne3_rqT%rMnh{w&(IsVYq617e|+iq{j*^EHl8u^w6tR$fxGQWNYr$^(=}JK z=VZjkt{I>Y$A71wLDO({)C_;9nlD#NdM~i(M*(PR~v`{HT_O*oUyRpq6m26`l*=EQx7-lfc z3}bok(f4_tdg}ci@A3QN_fN-|?zyk)I!>3cf_>@**fW}ORrF+SB-j!uu8hF_?~vO%#31D%LvMz>M8} zzo+A_2z8zmkv_ROkqE*$EZTd_#sPLVtjh8W%byJG@+AP@<5rT7QL9=4tf{Pm%MGKw zjTKqUDe9Z=l3cU*ESXu=UelEgX6_UBzdSmOopCx|>HrmupF7sR$%{+8qkynckz;|{OBV(xfN1It%=s+4!$ z-oBN-U#~V7P0@k4ebp>az}U9Z2z=U=9%^cl-u`Ir_ULI0>i zMpqJmw1AF#+f#aKS2M2?vL&Ya>?m^wny+eqmH8yjFdRXeL9<5+U55g5S`p^)i6XLg zx}&D2MILIV0ZUF}YyCan^%v89@rCKG=BE(EL|WiF$n?} zRKnT?#mF2}yZXfMUe*i!8k4^nQ+;&d%#DSw=j~ZObxb z0K@eNh}1qd`0&TGqg;@HPmP^Pc{(BA376C$XXlBgop+h3SI8eag6b>J>d3;*15h6go-#&p?z0=WNvORN8dIrwX!oVp>+4sk_A1Q# zO@QT|C8^~90lTwbchpSpsVZdM?p9)xU3g3=`xJl}o37GC@?G4FAD7WJ(e~;@b8yJK z=`t62G|Q9mE>Hjc+=sgIC~+~J`}-OYHcyPUcW`7kzw+?0kZ{^#(*5yE>>SlY3I5F7 z*8pH0aKFLtgbu3YbtG4`KF(;ho^R7@k0yjz&j1>sjX5llmm`JqL2<@p=LG>aAw|%Uq3OPD_JM`lTevX*}3NPR#0@i@%T`$3BMm&FWN37r~o=uabE5-!Rbdze=^JU!@nWmC!19eV@F zjv{%!S(RE>^rH@XN38d%@&w96PA4kq=^T4BJk9);g8K1+Mf5xkGo7t4>P4o9v zeV%!%PjaL6^a>(}nG>OdES=#TGB@+0yEB*4ymlqcM0xTv zkISSZxj1d-UPA%V*h3w$ZRhva?M6LzSNW0W+XoDw&Gy-z?ffq;nnd$`Gb#h2X(|2x zA42mm;LcH(z(xWw6EjDxRP=xN$R2%{OX{g7_lxZ-TIL!;2qf;V!dcC7S!y()N z;Er##U@Q4Qglp>g*z?q@4EHL=R8vsS(|09wj{*n!wg`)#eA-bf2g7 zY193%rtj9{j1Egd)7*dq6GpGU`6&jF9oG?=f_6hO{pUV5esFe#LwMcXpr=0Or1`b;{WqH~Zn5X(4xWS(xSps!M?FcC5&7hQ zj25<{@^yvbaXA=09Hq|~fI7Rmn z$+1q$igDu^;Ku14r?%3fum4`!8naA;RQhdajkjk%a4~V|isf`-;yLG38?w zcmlx@3{DkC%WI`}NW@8q&1eC{s$dYSM#PGXK`cgkwb-k$vU?f`cZ8)t8>0U!)QoKM zp0s+c45O=|hz!EZ6x;A&*}LZbvO?&T`YFI0NBZ7E@Sc$Zm$bE|V&~T!%>hd#1$jhZ zgdy$%?4&{=^4)?_7;?9%Hu}e#Ina;l0ie)h|3fx%bDn%j3GhP&!6v)d`CV0y6LJ-F z5@%QhbM_b>6)oMBEUDEKs+CWSs!nfjdY_Yj1xUl&d1Ial3Pp|9G}+EEW-IKW`*1W- zdq+?T5SF42zf}9(qXAq;&D$>Xh6Ba`7%h^6-M;zLTrtDYr)VbgMFu|JUDuju;uKoyWh&!CXT(&3l(?6R09QFu$#uUY>nJeOA4^-@`eLq_JvF(k% zlFSxAU#i*{^MEg@MrA2)9Kw(X%HRyec`8l>VEIRwr#ZsF%|jOj7$azk0-N~yWHBd` zJK(_~SoMA%^)IH~$2&0tC%6R7$DG{)ol~q7=hy*}?KmvIsM!QUjOy>omd`YqpQ zSv7DD-==EG?dqEGxonNw!REMcBhK+EG+6u_xq_h;3i~6l<)a_Yl^P&n#O%XEBElCJ z+D(31s%J+P(P??K)Ytl7BAp==izFBR~8~WcRp~ z<<$L@?=LmH@>06Se0+i8j$~_iAn6hj*Iy_3fFgqEm!c1*0%4mi#|k|3z-qt*v{x?I zk@|grG_dh<3TSo>e2MI(e+BTgx5|JrkAd)Y(5}tBxlXy!;w`B@0=Lb+a98C$c$+KT z3zVi`J2ggN+Gqp|1m*|inSv8t^G77Wee=8P9-CVxT^Hpk`SOgy3^_zM^R+g51cnMh zv0!{L8_G@Khg-0GBMs4jAOoc(DJmXxl=`79HPLJ5*FA0MO=LI(aKUK~&&&VBqkz+Q zZDzdt`}EnQgrrlX!^P*&mICnhT=(490_8Q6n&V?V3erH)!Wa8jvhXXq7Y0Yu<~u}b zn8(a$y1|0LCB4gsgOE_=2@>4Bq~ZZRpHJ4!ALl*G?$x4hQ|_f*k3;LOj#)` zZzfvLdzQR2De=;WUOCY!7Mr1C8Z-Wp3GF0P04+CI_UrZ}t8|O0H6lBjqkvduhV@>7 z>4=;hLkYf=)8k*VzRp!;7x)e}ajcNDn=JDJR{Y&-mDGAqY*@J*|h6q%co6fKWa4x4m7Hi2cgFY}K+yY(#V+nU+TSo=a9P`S5aX1)g z;A{8&eCwr{{;^2@~TWO!X zK1GE`i`Y%dy05&P2cLE0&$z#|@|wKs=hk?%gq)A` z92+K27K@uUm&)YDct zcjw+w^whpL8XE;V3dpWQ-k1YMk;9uP{doB%-U-~wQ~&Hjxn}pcNT-jzV7Latg@ZG9 zi#Bv(0FgD4Q$uc5l7&5y=`1KDz0p|D)S(b5`Gmn{Sm$^xRYR@@bex9iKQci(Ya={2 zEWJS9&}b#FKZLlt#M*4V(@{n?1g)yzqMTSpgXoBJkQR+C>}jy;g5NrRt2HvdbX`Wa ztSrf*4vW|fmYAx}&kwCz3+4x5WI-|#Oe_3;4QF|iK6d**=Viy;a2|I;D$C(G68669td z=b9`&XwJZd>9_IW^S*n%+m6|7nj8&Pg_P#D_jNE4WpL z-ynWC9oa3rMFc_+dd2C~Y`6hQ-Oqs9>2p*;=gO7p0|yU%T@p`?mM<)b+NzyT2JkWt zlT$|v_Hj1Bm&v%+IdVs|in>S5`f3o|QrykeIWj7`&$EdY;Fw`o;I8xRC{d*WoL&Xw zRulF$JO4M_F|LhN8GWm@iaqhFV!j}CvsK$r)vDqCS5RW@jjH`a-@O4fB`j zV>1A4kkQQF<5E>t)~F1z&hMX{U(Y8^>b@8ocE31h-?LNY#%iomSa8Fj9KF=$YlT7= z8MigE%Sqva@Adm7Ru8V{yw4IhM;3?k6VEj1M}}`gV)TD*Wd_5 zH?WW%+_?r$Ltb%GZ0fwY;C6Po)doNjeQdcfZUt}!8hqwYt^2vzWUgU7tx_~lU&>#j zcLZE-;0GLvVhIKe9C~E$S0GZ{Z9lbB=&NjFjah=^x>h#z)aO0X3#8BTLV?^l%%R!^*Id;luua_7>u`r=rJi+U%1%q#M=$#! zRshqpimoZiztauhAYU0k_4P+t?!<|Nz>sOlK;a?ru3X+)EGn|6&x9VIWoh?W1m)#& zUd_&#ipRWd$iFkyPMb>IgvGq%OT3FRIZnlz$SAk@8M>FiR#WB*QaY6nRPAb0Uas2p z6%x>nAijnp;uPqhzpjNg+E4pP`7UfsYe_Aw%QX<@M=hZh@JaaW3WpSjj82p#c5+MI zIozMKy&TrM9L&YPWL0=e%WJ50uycKK4=P!$9IT+#Y*X@0;}R_)c4)$e>zw)KAm-7> z(O8>hmWL#GO@nN4xY2@}-tvagBN9q+^4b4Z%Eb0$U+0-+p!}~uiUA;8yK}30*6f+v zj=~3abu$~ty0Nq*M=Qvs#`!CknPHYlCO@6&{pD z$IZM}Y%A&*(*L@OrrMg(r_XfNU}uZ`2SN95CQM%&UCS!#b!q1dnCx>ZSWR?sQO>{f zZiT%ZQh+||#w+0OKcArBa@diRm%J2ZyZ+>WxuZWD)HuKr>G-HWT^ng^>py8z^$Bp{ z*K`vBQ12ak5dQNm8bSV2+0$m$7vIEQoYbH>B zm#(Vha>cSk0>;W)y;gnx8%B8xPu~rK@U`DK?a!0?WDqT5T0obkR8~&Il1IZF`dqdS z`1KL{!-W1<=@ea5bK86#Srr^mI>P=kB#uz${5<~X&|EIw-^(j;ahatQpMrnwHzhcL zup%YyLRp-upX^z$JAZfyKtt1KL++WIwg>Y>o?^GpkX4Oe%zDfKExadD*_y z*zkiJP4~A2Kt~HvNw#cT=7cE;krImxW#e;YD1pqV&W1S zl6b7$faK`Vwb}+><*^weo_V`@gJ;%d0ZHsLHFx!QcIlWY49rFke&&PKRaErNHmkue zBj1D)CgX}_hK|GP!AwsdnE6(_H-0DM^ADkrs0M^g&um} zlIsFPjsl9%X7ih9VPaKhIczdf$@to+MsO)oaX9JN+o^WU*p$zCsK7-KbP_Ck0d{-A z+R48Ju_oP<03QkjZj)vX$n+L{ygN!2=~ek{Z>h-7;YWhhF=V;8(|sPL&*j%*hfE&2#2*6JH1gk!RDjE!wFG z#CKc%j#cY({qUIR@b%BkSu+mjhO7F#C^9EtJ;baXlk=G&GoQl*GwaThPk@I2wH#E_bJGroav#A?mE;zxAxn{a` zF8){M5SSB8S9QA z6H{WXw@|M|vWdfk%3+%;5B)&$FVScPyn|qxzcbw|EY?>^^vop!XLfFb87+ zAK~QlT#oN?e}T1w((%attH_TVp*2$SOVh5S|Qbs!Gzl*>no)~@-0Nf zpxD5k!p#x7m$i)VoT7rpS@I)7E%ugmlsod_LI{p_(a!+@q`eh4T%G#N9uRa9?~GfsU--(uHatshS~b25X+WTEyz_eBe}fL{ zEHd<*m7&+n=7mmm0O2+mq_V=15pKh%G;ZI9{NLlaNDQU zhiDcM=7zLg`=oK7#Yh$>|JPCIjFeD>q`@@uHr8r2Yj+Wsp!)IDtqB3+GY=w$w|a01 z^?l5>LK|s$I9ld9C7kOk>*lzrU(--Q)UAHEvOz1W8^T5!^mnyOgGZMTxQ(yusHnMu zgnc=V+#fE0EM2nthE`@>dM-gd)LnxMF=MeiciO4YD)xfW^8WfIGp}cg{Trv^7dip| z3rRVH^mVGO|#K?B=Nj6ceZx-)R>bx0yMssUz|d*p~@ko0IGsn z$K!-yA0xwCB!9Z{a@LWVg#iofonQ*cHkh{eW;F+Dg%8@hCu{Rv{H>u=Yr`r2ix+JY zDmMb+3$SGLJ%W57fxu~c8%jTT;8LK04BvoNnfO9{V%q36gbOjF)I0t-})hTzENgl9}g zA_?R?WZR0LvXejBWjE~YN2Nl9zzZ4p`^#wHkUuUiCfr$NNpY&EZY-kKVzru( z)I-kv3RG}0xEP^%4;nR{M1r<^Odkw5!@s7W-e<`NW}g|^m=np<0=fLamT6^x*w z@0&eR(vh(?<}y+zqCuXYKcC>1i7qE#BSNRpkzSdGk(}UK2`(A9E=AzHs4_22KnPa& zQjspE($o>QP~k$Fl9ltWin(sDZVzR<&)FAv=cA<*BtWX^NU)WL%41SEtgUTJb>yr< zl{pFUAGL0}WM(6aa&v2Cy-aiBH3oRkyTeBIxYZ8z_uSa224!3977@U7wytJ6RC+l& z)QBUz9NnPbT%jKvpefU1BF1eILjtDZKJ&YC8;iD9sRjkuf}=RcSdEQ}u35KywY%bm zODpb}ho$XSrol6sxjSs`rSo;KpSAJO7;F;@c*|E{6)NZI8$6&qQQE&8EOo9CLEzY7 z;eB#RCNLAdKIi@PGkTP+z(WI_>441n_B^NPO=Ud6n5cCotKGMe4O-ONT55l~;nPDm z4e7^>jiv^EguEJWyVm0+y&$0d_--=7GIZ~JzSjGYQ_8%{9r}esjagF@6 zI9o)*##NMJu78+k@b=|LHtS_w>?9uz2P3H3lmWPd?MUXZ`X+8`*p<_u0QsTLId~J3 z(&W23l$v0>;o=tgT_=*X^_6<@Arig0+FrOe^;iGf8jVFK_~Cp4{S*x&*ru_DyW*u< z$mb@kGq>8Y!oOzSIX3EZ)i2p)oov&hAag~u*`9n?`@^Uu)z3a7p1yt^w}G*%nGQW@ zH&ye_ZtdlbRk+YfKw%QupFp*M5(ytzM_6!cdjut^8-kTHF)s`D?Vl6G`LB1tjt$jL ze%o zp8{Dn4#;ztmkL1Y@`h#tMWqs#|=pKor>1Z}B*AoO^z(C~Ff)QZKDM zAsU3To}v-k6BF=YV?ViY5c2yDBd+UIWPVl~TEd-jpvv<~0Ja5O%@&u{Ryb zPQh!N&uX&r1yzcs&$JA>ScJ@CK*L8)2x?4mtd@loQ_f+QigrIN#}|!^uQZ+T7)BsQ z*y-mgB~R){7Q)oBT+Dp%DF3~jJ>`h(Ljo!0cyZK3Nm&8+utit94M3>sDoSSmSo+FZ zcs#an)|ra7rc~^alc^|-EdvhgcLsa{-D_ZtZBO&*ZD;I-yyKj>)^Ho$)Vm+ma4qGJ zOrWW9s{^jVu&pXS;#x%2mW8yemw8?5@(r$=Wg)~{bvM9FR=ATpNP*z#d2igc2E?v9 zDt4SBwOo74ZR_=&_Q||Em3wFMWllQs`U;$|#K-s^N~UhK+I-+mzNOmh_1+6baAdI{ zR`pjV9WlnK2UE^%t&0=dxJQybv#XkpEGdV|wUy&(z6Ig$n-EwBfeOG$Wx^kUQ=H@q zsUlNH43287+r-Px_qK|RJpv7JmRN!3?d1v) zsIs>>+;K8fa18Mg*v0Ny-Q1{(jD|UCbDqEdP-2^&2>hJPE63FdhtkV76&{D^PY*Z< z3!S1>*qC+(_*go0IUOvUp5BLB15NYtB@JmeIsgn)$zi3Hw;M<^4hoF_$Ugojow9a$ zbgV=?qpA_dAq~I)u}Vw9fl9oruiS&oI8aFW5K#$8C7=3vZ_-eY6Qlxhl|X^((cj+s zWO?g^#M3A-!i&P^?`a_c>LX|8Rt6Jqgy>^Zz8-nQDWwx*FXvViTyAlZ1!vNBtyM@~ z>ly1I6`HhyRup`ojXrmpVO-*-G!hmJp^}7!dF9@!&4Ig9Z!q8Y6hcU|XVjvP=7EO% z(KT(?Fk+2SlZHJ}6jq#D(MPLf(yCD=0)f5`Yierm#Ao75t(W=30ndA=t&`|Wa<mAE3&vJ!i)Qnp0q}Od`53p;LH<2RlG|S!yaZ$YU9-uHuXj8Sr=adQ!1iM^aJ3qe( z9g1y01S9KY)grhOLDd%ai7DTeL#pm@nI~Ncs8p)=!2=P{Y`#0AP}~xyk&si2n24GjT>a(gSMO*1x>KTnJN^Gee29ZwEZR-JUs7`T9E1hI#U#?e)PzkOT2oc zNa@u3>M3#s!fSI+UrPQ|#xq=szr;mocPcpS9&fUGy|h2kk8G09t2S3%pX$4ipUw)z zIY(r2&ua^?!R}~r)@qC}%=7Y)&k&gLT)&OKszS{_69+A+&Jl(XVfJlW+Ssej* z)w3pnQ^~|IAKwJc%2F+5LtB zsY&eI9ak3ISW(J~OZf;pUrvX7wWsBH1fUc^waP|*QG8)mcrLiTU8p>%6uq^+93^Ec zb9bJTK9^%E_rAhRON4ljj||_vBHx*U-J(Kp93UY%uOKd=vAU^pm%)itI2p;dU@oVP-0QNLz^A+( zWTF)kqFhi)9I+?P`Ejf_RC*-`?&XCMB4}GKQ&X6`E9lf&c>E>8Tve|OQq|hsKZKO= z>RJOeO47nMgYTVz;d5Tx={Zp2_^i)wg5P;3W z&Q=ExJhuM|)Pim^Lz>JZaQIAsTKc`>-qeKr`Go__|E~UE~4Bv%2iUBe&2$ zbw`gVPZo#3$PVEGsmIB@YiWQo8}wR(8?}RBAu|Ux`j+|oONf06tMt@>V|H+6oV-1o zCsc50xBX#PsGw)Sbxr7sOV^nPQ>Sq&)18#TT+q%yPG`VJ9O+XT7(6yAgTFS$BMzMy zKkmuUPm$HP#8Mmdm731xJPdfXCi`U9*4r28#saT#0oh`j;@7b=M9 zjWv+C*d5E4*^%zacQx_J{kPXD`Qk5Vi+8@>Qx?0a)8n$4#qsj@D+RTI-%s9Vb9C2-uP^;5HiXG84`IU)bh z86WVKqBGQwdq?s)ca6$CBJI$eI&fbc0PaB$Z+86&Ig<3eeldpKk3wrLux_$_^@ims zFMz^)1`h)CF^m11hoS8DdiO4;yop&wuF26V(BIu+!+2EQPqx?T(Z|Z~c1!WVc&~bH zvgx#(jCg;82OXa>g3UZKlc#YCyXMLBBJ1jG+~pI~D1%6j6S`yqJYty-an-mQ8s`d^ ztllc?YU`nAnUI&m1W2#E<@xGF5d-g~xqTB};RcvJLCM&L`K)tGiXE92(^MdVw zYO2M9rnyY!mEM-KF6Jo-^0__w($ZpRPWH?#EBCcPj`E(?Jt**qPJqz;XVGWrglnS= zJH4`!oY@3HK4@3%W_j9d>X@}-z1R~7M2N!nwHK zlvRt~z>l8}w05WPT86ar`=xt%u8-%tMEFs833&li2_9q$b=Br}(J2AAQyQ2{vT!V` zDJdO=rmBX^b*wgN2>7$nL;7aT(CKQ*gm*|>$EbscH`rvQDtk)!s=@{ z-QO2ZMp?<>YU}1H!^73dXe|vOOu(-?8XfFkI8EO4lgq2?(M53F+;jzT`!&`I%Q_a3 zRPKWB8EK`p;x_Jp`Xjyr&fAD@te?}QVx40dN>Z7N`sBHweqDw@)zAu5J}Y!VO73=77z&$~N_X-_r*KIDM)~i6{rphR;qw z{MEs%ae#1U!Fi>fK5Qaw#yZnf$A+Tsi`8n%2XI5fSc@aU|DZAc_4w<1ft&u^JD#0~W8KAFF_GMW|KwzcU{ zT8nzy&Ys}Y|5i+5se#L(1%aC4h{A5YJ*@<_`ZXRkkTX zCvOB-Vd_V%p;9j3+nmwKZwm!mQy{7XPn?fD8rYFg(DM$7O_h6_xNF{b@%;&NWW7(E zC+EEXei-4bcjZiUCe_pKsf=qoT1UZ4*Wqi9xTQf_KXLXxtl|;LXyaD?$gn#c9T$H} zX#JVSZOk3S*1}O7$F8iSCoH)JtpQFeW35H!gG}b-x|MzUSMzah{_+Gh$RPo~Q3s7B zmNrJzIo4)|^p-SisNqt$#MUz_IG=f5Xed{~+pSHY~Y@0kz- z{8|-T#{6gSVQv^w^kBZYwRTklGj8C-UsrLT)`TO?lN_4RM z;AaRmF4KmF`fciGdG|vaHr;27lkk`^vJc7!FNYghU55HjNA#;U>R_(2zO5jvZQMcC z`Hc*7tQ4vaNZe~bGZ%ytSIgYHSWw4PHVrY<4l1g9Oz{H4!AwI=^SvGLuJM}GASIX; z0AX&Lbj!H@C->apcu}!E(0+4de(+|9azD_U?zu=OfaSoGQ6FxHy=>tpUexU!9eP^7 z-Osb04>%mA?mMa?Rte~vM;d>f`(rmRnZH}<7M@A{sW1k|1RUb#SAoFcWBjKRKvzfn z6AZ)XZb*1cUk%|`pCi03!1HMsLc6GVJ|zXF{}ocd{94mQyHwSf@}A&$#8sNF`Wt|E zg>eAgOjPjXy<$KdME9xkHd5~@^Yo&?^Zi4@qlcz_7La!@*POPVJ?nMJTO;*Sr4PE* z{6}9U=60X4;Y{%#O?LfD^bkXydG1aZ3+g3B^$^hk^Pj07EN3Gm*9L($OUL51Oey7R z9f4P;+$9-ktUAltw1eA~cGJF3^Pf#Yn<27u`Cj=97#8Wc(mYegrqgq)qnAo~J5U7E zWZz>6B(XZG5tLr7@N7c8;C!|2EKu=E>Ec4Xti7PBBT=BNb_gfJ+w8=9d{JZmf}vYy zYSRl*+TNs&A(T7bXCG|n)Q=v7)7hF}C`@HbZFZ(=CxS${x45Oj!X9EnblG~aN!p9t zi?X!*%%0Q8=(ei_&ImZ|U=3EMPA;A|?I1FP7RNI3M?qhjkQ3^ZIiMHR_(9!=r0XZ6 z7kuKLQg>U0-b%Yln{-_1&JDx3j8}iuFbQ&5WIv#^A#0zd=;M*4fXM%7 zw7owm?8_BR|3Jtb)nY&nWuT+|2WbbM+7KlRL9956UGV=}0@x*7R1;VSG@+fSe&a>% zc+KZ$0yL)nRH$j^QVtYi!LIFWY{v_f6=(l~qeOC|M3h*Egt@`Mk!8_W+lc{^{nu*# z_@r6LoHOJ+0o12hHJxledLC_4UAkhdJi0e7>Gg! zT9@s>^!zn^P}4oWpi2O{*YHV={?R`*YVj9cAayro^tnvYRBn1dAXr{GUCO%}FU)jv zO6=Keg+=qCtfF3nTYreYfj<&x>g;w5LDR>;MklQ1>r_zfXI+sKWTOg@oHF zNV#WoXX|@mw+Ke#;E#X+hxFX}fh9e^BUqU$t5KQxA^@HZ@qPOz@VamiOGO`23~UO9 z>~7;zH93KQ2>}`;YMuvdj)!vIkF|kXFO-JDEozlI3s=5;`dWh(e+)`bN+c!OD{8fRh zin~_w-X)%kEeSx%)4ea|ZC|7@4g67~!Z*8b8U%cR9{ss@@IRX@T2!AiE~9g~RVTK- zBr;d5DQX^Q9`+Bmmtjsvy@5Gp@!VBoY5+booap_HMHn8JaH4ZXbJ(D@^mCw2>ucp) z7jUfQ{$~n|O)~_J83D@2Fe2Qif%Asz#XsSN|6(#8^u7VyrO_vL_N+sa)fpNLh|98h z13w)}-m|j3%~=4w)RVah``Cc4oO>1C{&IiOKhZj;8OPTlEh!#4dvsf4T|z*_|8L8> zy<7GAW?pYuU-dag^XT_k?}2iDP2o4dE}uL&yFJ=*2A2HNb2n}efQM?-%>Hy~i)NbM z?SQ@$115EKF6J6mRzNpld!U;zz(ps4eZF?8cl+pd31}+yKYCi2<_j&_E*4za8mQr! zRxVgR)2Tsus?v~rTtfH#CEa(I@-f}{?ml|&dXM*oMxpg(m6~7T&&Ru>zw0NR_x(~F z^;~X1)$qH{iRa0-NlBD$_t3e^HNDO{BZIug$1lHlQ%R!l;%@ET$@2Z+qTsc^1fNkC zP~C5@Q41{*?g3QH&gVimFF*Wi2NN?Jx3K2+2kG5&=S$@RVax4$lfx}9BwEKYGm05^ z*_qjQUxo1+?-KzY3p&lTA7}oi_gKWC2$~`EMmozh|8MaRYD_`nY)44IdO^oG>gCABoQPY`H31Yx+A3y zM$Rd`Vr}3S_*FS*2k?WPSGOlEoc{0=BxGy%ST_=!4syk&bTH-V|-zVQbxVh}~qrSkr;qQk;PE6bDzg_nfex$^@LfF?JU?1>ISt*>Fh0(Bn8QFU8Yy%(nBJHmQ2P(wa%jQOh1?BBYZ zZ+g*kKkoAtqa+3|1n)oW_Pr*l&S(wt^;&u=7KFZM?!L8`&*ythcwo^4<@V4Tg&O?} z*KCtpvx*%CB~jlYb2p5sv(B^M6K|;nX1hN9b86{?7&NSZTE?u z`2g@lnySM7-#Pl(`R@CtQpcx#BCyxq2xoYB0EFDUp{4y5h^+Pj~{%dy_z5!Mto0=Sr~5x7wM zXL2AUJmUZE1;AKV&|M}Oet$7avPQ(<`qx_4yH^^Q8IqY=-|%>!3S=evc+BbS=edWj z!lF4q@u^QAdz<0!cL?7OO}I@ec! z1qCrg+~Cshyur4I`~0`S^C@aH<5Q>)K6hXR^99?}*VNYj1h8N9aSMy%?v_%EBQkei zF_@Hnw>O0P$)yl-`4;tazEAnS+*{(1Qp|xIsVfgPQvvOf`lRq@di~GV@7g#0JcWiK zioeUkm!@76_emrqj1xEn1#D#!bF4=-7a=lY&V~F7^R6<=0%)b);7UD0t9<%eQEdK ziu_;7?csi~^(mxyaboJmdKe$#(^7N)dqAPDF{6{7)6Rff&WRc+*KJg+eTbqHMV7Wl zSYk$}lAa^5GrB2fyw1i!YggM9wI@(;GdAwSz*?XlLY99R$ZG#L_~va@`1B;hc0^)w zzhf&@e#l(aCy4Y8EaEii22W@~iC2lF22iD>e54l3S;ChO28f-}9HlKja}%P5ctM~ze?9AS@_zl0 zx)<^cX*lnfqoUwGORO7GIaW0m{4C~>0yCQ}phM8_-tYZYUbbbVgE>WsX3XzwREMV* z`*D5g4VHMxcHrQ*q~VnSWl{l&uP4g(i*8506ubRS;O9B|X)3G9)ezkL%ToNBQEk3d z)ewDlvjiA>7ofBRhnq})k;xxCCJ{t6gmEVty6b!2uMQJ~@ z=lyMieP&eO8krUHyE3%}Tn+!RQleW1}l!LIFN>(Q2#$IYmh-L>SaOMf1AGtLZ0A=%E$^XhbJv;LPM+oSEz{}+Q zI;gjh_!^;478insN3d1eDXBWdO`_#&R8}(XftH(ois29C*5eX?~tp$PYU( zP$v<)j&k>N1B%5V8rw{8Bd9*;v2}5Pwvjh}WNu`bzu5EgCE|7bA;9E`|7@ctQd&)H z`CKhGr3w9zFA4H1UEkt_1XleEkUoUSI{BE}U6=)KzgLB^1V`9L0MV8zv*PfyDs@Et zR%!3%RG{ycX9YySPDs1IYay>?q;*&b`yhslk0WUhG|4K40S^>WZmE1r|xxl?PmPiqK7QBRLvRTYf zoz|6P8u4gCL*&q7H^LC^)^EJBgDLv>wFNa?elrv`REw`M{^C(f_nR{lg{)ql5QL}H zos++OS~u|RU7~BadIyAIK7*bMN6_1FHHDItxtZr2eny*LlP!sRNrV_}{e*M-(7j6B zhlK!nUc3*v@!NPo?1xU$Qb=pSPLhSPM@zd`B&9r-CO%IJ!nsW!?gq>WOteI%d`Fc90DU<_m903(eX%C!SRS2Q9i|&?o3_i z>c3)XDOy;yU`SHuvf2Ie3ZO2}`BQ%POFviy4MS0i$-|M#TPpT>VUtm@nSfd@VdFOt z3_v+RE`(J9z(JCI7doJn^O;MP?m; zswI0D6?luBaLoDTcW^v&fu~C^FR%9;YPo&fXQQ znfl-X`dK|U@OG`g2DW`##$*4=dRl}g#JdUMyK&#yM9z<6Ld0g}M*hZF^-+MozG?-%t(>)pCMK#Kouzy$aH(#8&z=G9Sz2mA{ ztmNa1=%^GcNQ4=j%KYiU`fq?^7@l8<`Q6%`D5?*lXe|ym2xXu>t`k1etcI)sTKuG| z?nwdzSD-8yRQTy@V9jy$Olr-gnRVs#=hHJYDDM~pAA`kLEH+g)DlY!}Z2dRjY!Qwu z7WsJxe*Cxo?I1kY#z{)5#vA2E?I|^Gxg(ib0Q3C2Suc|TP5o`aIsQLG0|La(tdKIy zPfDeo@ySFO+8mV3Jgo-NsSX?f z|J|1VjUPolmOm~&@Z2J2%cTsds-Vu%z5cV!BEU8)6j=O0!exWNq*eDa2*gU6kdTl- zoBG(4UXe*LZu@1?B0t%liOu6St_;(o{=4a!)y8UKQwCcazZSJf?lcBP8$+wYmOSM0 zVg_+|!(GcAId2BB!yWFax#rGr;FJhg8mb8^2~Q_DJ}{jm+7Y?Hs;#SDZPfI+d+|rL zfd_6?!NcO|15G8psdrZUyIQqDp~()^_sZnY1Juv!Q%c!p#TT>b_Mih%f`=V6I&F)d zk&Zo{Ie@hfJLoHMNXnsby<_9w$AF|FqLTI5p_h zf%AT2H(-!0xokPGO9CHP$LhuZ=ieSQt0QHfAMrckL&2HR%+B@2OpgR+#~l1g3Z{Yc zDKYAY$NkgS0Nd1`WC5wHnZjUGJvSs%6Mb%-b~cauMGCH2020*g@4S5g`Q^uHFId!- zN+m&RYgcq{4@_j-$G`0Rm7g*IuSYsR>&M~f7wOG08@1|RrJ=E;EaprF{pU?nYX8r} zwy*?xjIN%?+*i#ga^Gw`TNP;hA7TM2S^DO1U|OU+e^tCXfqC;OSq}WlE~>!r z7jOnoJzzz8aS%`yQZLSAZQbdHrD%BjQ=6l zyWA|5Krof(`K1oAS5wuQw6#ZtR;MhF{VTO;Wq_*5Sm{0TlLq;p7X>{ac7}hiU)7R$ zF7H)$Snj9;3V%A)36n8ipI=6eWr53S^T+-2Al8Qz($J~?r1Ae8I z6N6Uc9}fP3RS3o@mDRaDEslG7D?e>O9JFL?)3A-|uRx>}9O!8$lat+>b!^vkS)>$`yi0{Fwv zO7rh2>||C~Cp*>pF6ZA^Uz2G4UNMvVt9HG@FrxliQom1``>?P_CK<4yq~;qii^g7B zORda*Oc4ms%*(+Rzpa*A_}aBmC_VKR53gZng_=6tKtBg;@C$DpPOksJgFC9={bjIx z<+_Q9NtyU#w^p3f#v0nJG*kV^QF6M7O-DJx-FoBe(XT@$mVSr%O#SRMTYyNJOh3^0 zHMq~1P9JW5xM?13Jd{WunD>&`n+Fpes4@=F{_B+gL)@FkL%F{3QOkRDcx`VO; zEpTqOnJK{uEaTUk*W}>*R@^GX&j*AIE{u=L97DaZJ0IT%-U=RY^h~+@=MoeZ{`1*! z;%vv(MkCol}*`lhu3NBjh3M*W-U{-7Ff{>EwY;r7IG-SqsDb0C~# z5!>{m%pIv_+`hN?-@Cp)C;3e+bAVY8e4OQV2}Ej~_I#j=5r6x41JAku`xcJr`wF_g z3DMtzSo`ezX`2b{EQ-#zoqDoS>BAYY2HTeSgFb$HwEsaV_b+!Tx9Ei#UWLanLodr$ zHpvnr`Y__Y%=`1KpQ#Lnt;ip>mTga)^09bl@G2wc^hV{m3zUb)wUGT6_M(L;mlG}v zlt3kuChq{P>&_0|qyYRt0nSUpei0e|a3+s5ljyPb!7gK6O+X~5(i*pEwaznEtGqAx zU(5Gx3W`>~p#343vAed9KL0o%laZ{hmYHi_IX8upO$ z99--20YGf%o%E({+G7s3Y1L}^Uy1p?UuRGG5@)D?BuvZ1_OEa-a|fsOH*6Xh911M$ zY7W1!t~`fV8#_wxkY8x(knx@F$|eI9f*beP1MKm8l6L&hOI;hd%{_5|O^n-9q?iuE zAZYmuPMRAPDiLVJTvZqU_sM?0ID5yJS)P4}#og)JEZ(H|pt<>6^#Ad!Qx1GPjxr>; z5@3iHNBfO{`-A9-dE|hq`Y+x%a!hNfsz>OYUZ@R2;dlx{2!A zf^AobNu}-KXmoo(`73CZMjO{gCiY$Ak?~oOhBT{Y>@gEux>*sreWeXQ1-pj2TH;0$ zkJmBJc3D2wIPQb@G^G_Mw0Bw$ji%^T*&h$a9PE!Exo{qeIL&nd{RCrzvg`^XqPFi) zb7U#Wc0!o{?1$~t4X#~>YoaIHIx{+{QxxS_#VEcFGI1gv;1daf;$LV%)b+uTVPZp% z4n}8oK-$9XOnlYF|MPoq5zDFbLthMZW=*>bPAEX8(>L0T0wBoNuG+s+`^K#mDFQx- z6}FCnPIyLZe_X}tnBMd&{P;V#f!+AvJ|8cqIpm^~uEQWk|D`-RWh1^B1gig-{P`Dt#x2m-)BSj`087;~TZDdRi^sh- z_KjQhA5mHhp}9Jg!0`3)zOHj98G87=Y$ufsWiTe5l3r z-+Kh_r=rlTAV9+xc+@^T4-UOr5P47ow(8D41pJ}cd-8z zh`qA)t8n#oMnkiJ-w8wuKuIyHAF_5J4FvAKTlWi%GCAoR8&-8#ww<8DIg2W(yyHCm z*T#|mce26coG+)fdqY?l>V*vMmsVEr3|OwuSEBwE=5JC~dx&jff)EJ7k_NiwkJ)hy zrL*U3goFQe?;#J`$L4%Gv!Z%Ch;qf^ zar%zeku3|Sd+RtmfkYJ?RD~yw-8{S$?3P)NigK+nYB5n}8{Q_pqr$HLmpH$`i-fRRWJ+WBn< z{@oK_=lvd2gTca<>WBY)JMEvw*EU4P4^x4v zh9ZW$riaIDBscnBuYoJl$))Q?SEf1m<|rG#ScA>@%A)$69vU5Fmf4N_Uk-Z<#~19+?7e<4rj z4>GtD`G7;A+wO=&33+1I3N~yGNGH2)GJ%YN6%BXK$Rf^~NiDi$I=RMKqhqZR8=Yb> z)#JaKY6%k}N{&FGScb{cryc=Zkdtap&a(Jdk{Xn1Q`*o<1LuBW1MjkW%udM8&%fZz zhy$TvX%HHA`0=<&?gxwe7QS5y@zeVH799EvBPdpRtVZk7$N0hM5ol!k^&fNxFc!A_ zJB@F$K5IIg!R6!TvrtCz3X|1*DfoT;b&J7ip~q4a`Ey8F5bAp=OtwY@ zEb9^%)Qq5%j`%);fz~a6qV{sgSj_gXzsblr-9P)TWRzIs1GmmH)Zq>ZS?dVT9q%_T z&G8x8J2IP*E%$T}sINXTs&~3Lc3O}{^1W>aBhRHs&r;2p1+BpuHhY3Nhu*7gq{l(d6;xzl)f-n;&dbHHV9-}OJ}E+I1W1JJVn zN@Q)_%}nXQ5z%Woq>PX-v72m>Q$`ysNw*Lr)$+HF1a z<~d8l4ZCl|*nPJVq~uSMu2{cw27)-72m$h1Qy6E}pyY~r_M>vW(FaDzmeX_mXTM$R z21C0Z1ML#+9!HNsj_6FMZ!nyhKrbtgDGx~hoPgC$s5M68!bH+bQ`f71VZao{K`O&w z_>HXf&jR~|O{&X>7i7HO>(*FbydJDP2H)U1YlQ%;&@DC9_KR%7scjN7Fc}TEM2#hC zxF<{9Q~${y4T7&N2&3kd?1!Shi{tl;L&9@}AQoVAjkT#Yx0~FYn-@7Y?htUgO&xd$ z-oMx({lRWtUD*x&X8T>599lZUn`NUhzdg5A-Xl8ezq@e`gqt8I{sIDpyT+7uxf zsqOEY{q;hzo;hJkj+0|q9w`&{PegO$?y7*@jk}5||CxSteW$NAOZCAW?c5s3W@;fJ z)K7%8aj8y$r4r$pmHTEQo1s)+*DlKo~akN6V{Nyc0-9^EFw`%`^VZ zcNfn`T=#xFjy%xZmd;PB`>VJ^%NSv368;@2fb1mTajja+?D@sW$+c<$hy#`Fv+Bq` z(+f_)b^;;$7P$T#&v|~I2>{Sg07MgIay?rMhkg5!Hh4Jyb?-AKM4q*h z$pq?|OsN|*s%)m4ETXOW=MoCCCztqC+-@o*{~SbSVaWtG-4i{AyxM;ZCpCA> zT&%ZabsdBf3FcGnyZ?t(`fn1RHo`w-#cgptA9@Ef$$9#r9-tA1vd6BK-&D1nyOc40 zMcgEESbilq3j$d;w*@r<;GykZTl$i+W)j~MRa;iw;rW5ER@m7eh5c*?Fl7SkJ7poi*nN??0eE{|W1CKf zD`jD(9i1>{xIwvt0G5{zSMDwUIV^VF!#6}g0!wi5Rt-TBtJ=@gwuONPV#;r@tfP$n9 zJb{;8(l~k2@=X~V=O0z{)+=BMHM_#y%r+?~c!C~J9+dKX z9=?$Dx{aJ>BYda3D|+K%3xdVouiP#D^J42FYu}LqhWnJnQrloI)Yms9>0f?S@!HD= zfszKMOeJhINsKki)E*@7NDLn46wn^0`5CU%J&N(%I4&df*>SaN?K=+nexaLP8<1Yo zAd8kvYeT3^>p44NkpDmKEzcp%BdhV;_h}%WcJE@ZI7=Y&_h+*{7X*9EX32}(u~9l0 zSkL$J;3!XSeOn<+`|#Uz{6XRLGaDia*Li{Y54srF=J!o3zROth)VAeBJP53NiI1MG zb~cieSy9_KXI_R-U+paacPiiE<+ZInM3|5UG*QJ+?(8@UP>BULDANsK{RNt?$*}yS zOusWF?P4$u7>t9a;i;Z0&YBp`jpG6nE`Q_dC(mDuyLx>P1Ry-_;3K!lq4Edw?`7H@ zXJ!9BtrJ?4V6CDR9<6JBf6wn1$q&Cnu}aZgFw( zEArbhF*Tj*OUQgHb@;`YiCB%V0mLLk;Qm}YJC6rd4ZY277f~Q=SU`?lFZ}EOHt9U- z%{j3A@yqI$mj*ggIvi{s#OS>G$xjWl|-+Pf7G%Yl|whV0aEiz zD?P7D>6qmsnYtooIVmr#E_uOTkFx$o z7s#tBr!@5!vFB%h40fkDH3(R{r`h79me$KW`}b~~G@#+K%vi@yleD_-?YoCsn>fyzF@ zPZpzN$GsKCF1D)v7=6%v1%LxzXq>{&K$!JNTCJ>rL_>f;Y1(pyjAz%Hd?Qc$SH9EV zCR@l9z^qToTJ)a*%g(#3Qr(_10MU9Ww&sd@@ET1UZLiz*uhG`#06= zt9k(J^XraJzoPA>9Q+op$&CJiP4<1}LJVvfaaHYC5%j0pw?IZ^SU?%CT716xHn51q zjTZ602IgaB5E9V9lxM_%5ICVM)6!?-P6LxDZ25Ze7r8>kAfQr!iiBJ}+udI^COuy} zL*5Ymh-RSL(>$q3KOdJ{Re3++1^_fARlhDy)D327rCw^WO?a`v3E1k}5=0zJ^T&}g zGBU~^nECazBW0mBFubZyHR?H_P(C$FPEF<0;hE(`zL?6`%wW(BtK~rBLbB6K(=}Fq zWwKRS!H)cSHV2reMX%6Zdi$8nM;oRnJs`3JVCt;ey&KJ03kjFr^#=e#1cXM-z3*!C z_l57tZHY3gcaGaY;xeJ6MUJ6{)4dz=(oFyrR+=bZtpNrEaF!pw{*mCtklnMdYXz*K z^>3AN*ShUAaPvr5FI0UY>0flBSPl$vEP3Z7x9=Z7VRpRB588xWj>OciEJHYe6kMNm zonF+-ztglKfTk!7%yI1Sn+Y~xd=KD{zSP|eto;wJuC@rw1C*(=1Pt5I+eTCT4_S** zMjnH}^BS>rJEOQ}E1G}Pd2;JB6L4NR0W?ovu7o$VIuDH4Z2-rk41e8`=M`kD|4D#l z_MFlCcdx&K8nBQhi8wB&<1k4*CvCW$9N>Ix6e{rU%?_6r18UELs{r5BO~ouHK$brU zuG#RStuUjaR8y0%o;Z|4Jox0hl~gojP>Q6(xsQ0mNY& zVV%oJbMLoz^_>S+mP^bN&8Ni#Wb42Q+ee!>;)K>j4iS@<`(!%(42PD%ccAr9Q5tyC zvF`;Zw)pM`n-Rv^2EOmH0nODWGx_0`226U7n;XyF>)KP19Xn0RA=sfER59i7W+c6CvW``z3|G3N4LYjSo5ITb!s+{QS)=LRQb zHlE&suD(m;#L!NpO2ZkaasU^c!Er=7rN4_+P}$d{fc!Z>a9BW;zp6PuEV?JXCnnIQ zlgEk|VHA0}?5jjJfkL86O2g%_op%AWXuF&>06L; zFI$iW^+Z3e6mS6X1N7?&RriJ563b;#u23J4A`=wz#e&aZv+zPaxy5pQ)Vpv+e2qj; z*GP1-0QAw{>~J}T09hPgd{i3V zv@xi{qbKhRtx=<@$){Y*MGQ1ftb8VIW9F^NO(^35=JD2jAP?{0_Iz4BOa`ass~O=_ zV}m$!tc{&VXHf54_1~uc%dA0`1pUr=zu~Igl?Q`k3S+0=e13B%G?sL8oo4FMvik~y zU&PMHaIY}(-P&ztV?HnU3v&sN=P#CCXrQwQci{nqaaPY zF5($(|MqL>wS3$*x*v6H%qOF@!4{P$%bss%P^Y3ooMFGb%dRcqX#PZIpuhhYNu$%Q z_N&%CH36eXnbkWyaX4*I$SJVW5T;4F zt5{ldp4faY`}Wks)my$U^2*d>_FdZ@g;Nc3mb6O@LLA@~7d&%UUiuF6x{PiGyz`sS zv1{_!)MMk*_d^z@Nlm>+ysD2?x$N$~pV;O+v4%5H8miR%%Yf;S;C;RW_(LCFHUB6j zz=A6VZDT}Q84=g+sR-ayIsM~Q8R!pw=m_ML&6zpJ>5#0bv{2iUs>YMHj|lbMF2VaX z$)0lHNNF9^BE#_{XZIxLg`(%~2O~akf%m88k-w{K=Jws{V%mXWK^N{YKlZV0iz^}6 zQ{D9|GCTtFB@hBYq(d?g%)k zrO!0(A~x2TcegsUUsmQqQQGFCLNU3lR#+JqsM*dhcA(7|Am322_B9i;I$#P7R0l6d z%;72=@=}&~IqXh(Riu=p%iC7AT{i8Vd^4@UAui9^m=p}TFq4rHMuW-DmcFnI>C(#IgtG4H+i@(w5 z>EzZj$G(vHwaOaZA`QHMXS!y?NTUHkdN92`;Ynj;+9DTisnk3OVnVN+*YsJ#FS=Q` zphPQ#?hvr&?9ASOJ#)VmD;;40iaW0by}rp5+!FLH4Xxoe)<|_ahctnl?rBAMyfJkU zP)x34iZ8vKpkP|nk(h|(#CODF34}@TU0_IHwlO}~E(XWSE)yw>va_|opyTf>wL;M- zY9%OLg5!7Mh3h*B7rAfhiA*%!T9OI&Ri^G=qtDMRw6FtZS-1VQ{8Z`JSRr181 zNa~h=#F)c$W>)XIx2!HWX9l)lodZOwL8u(A((+&~YcZ<@DhgJ!oBmA?Xe|-PnTE6LPNH%_Yms&H6g> ze08Y?p=}PUFv~eU+@lArCv#UJv8g@=3#)S~^M9#nHgJ~W*ql)0VH`Y-k37=9`d}sW zru))T{Q*3CynAPjw^WOl@2T~lkyiT^z!d^ zh*!^taHEjNtzB}Ja|Tj_W0xFrGgP?Plbjpn$0+{MM}^;ht>xtdQ2|kDo284-$;=%Y zI_X~YQ)hA3rUnMFazfS%9?+D#=-5@!qpAKI5BuMI4=~$n5LSI;%Sp0`Mn3}(NrFOcvvO<(!T8y{G^_iOczL>c)qt3;8iA?45_-gApl$*)DFdpT7b%^y``We*x zD*b>g)FHT<3<)9=;b#)bU%1g#<-vERMr`Ka#gq=m032hf=JfP}wPyX~1%XIjlE24D zGvbs=Xl~&8y8ojcO`6{HDF|7%|_t{C;#OcSyW`PAE5O{kr!&DquKso7&I{iew(K zb#?gzCozt%Ifciwh+ImWfDUofsraXwP=_!)1wmJFx&%{Qm{{Vjnb)RdnOEbZGV&L1_Yqatt8pFkw#{w>0)H~E{dVX)?`vdE! z!)pWKndhAgw&p|uWr>bRe2AV@rIl1eiMRr(LaY;~s7YDgnRV?a8UVaqy1}vOh^f7~ z%Ns#=bq4e{T~hgq_c(6F;dF@Ng6-HyT4Z3P0FMSQqAf{Gz0xRy%NH1n@wTK8fuyy^ z&n1bO6I0ju^$M~ozAS$(n618NYaeP@IEG%H<>rUViv_Ewobu=;ghh_5OpffI5*W(C z)Ew!wZh6u_5(JQK`w={4U|72I(m_` zhsb#PI3k*NjAOW+9>z{yql6_sO*jAi(O5DTe7?!afI_WV()7a6sSui2V=+{Y)(au` zdNtFOZ@p$J7x?|Unwc}i&4`zn7&aolg~y@MXY0;Ae85$RdNz9n_>;k(o_am5TY0lf zd~C4(2SJ<#}0OI`MPV?t(PG|1DkUb#^>e^Cx?$Bx12wfo)70=UKP=#?@7q)^E z@v3@nkQA;Xg11^WC8JzirL6n1g_6z#e&`=7y!389;vDK(mgL2YSJhoyZ;<bF8+fJU$dZzP~f8c)n7(TM}3Ap zl_$G5d!TUx%}jd?AURzuA-!r1WK_MT!s<27`BN+*4| z)C<#IGfak12{i=u1$v(o&7N3-<@uBZpNGv0*UX7|al0uvOx2^`j7z9`uN+vzAKAt0 zo6wkiM^na7tuB^1>`ZH_Y+pPDzlcID|Nzfn-Y7Zf_w11J7M zvf4jM3vO0+LDBoGbM-6Y;}Lkj7_5$Sd?eOFC!)~)Udup!ymxE0yL9ug3ttCwxJKY- z6ji{CmCrUNwRU_)iHTlp3khx5*3tJdhPTK#5{9ySRg%s#RS~Le zf%bi)NqfMDX_FLDUtSXoZKFl1Ann6s#9~&#F{wtGrq4|?fEG4>M&bTFb4srhwX$ru z2bS{o?FAPgtE=Vav+ycU0u__QPaHR^@Gx}pZ0-q}m!vO*2Q7RE#5N6&YCpC$1`Zcp!kJl7#aqanX&O zvynW|-qm)BCPLiN#92+{06sE8*{D4+a`dk=3XUbZWr_d9we$PK$ z9U>NEu5%nL+%4&d?>JOG0?kk5uXvT7E}>#<9_SxR?Rem0eX$sEU@!af75Mo42!SwC zKi{|%r}hxqqY>OT=GT#kJ&MB>2?p_nDG)PMB1Y=XP4jF>vghDN#%Hc`+0Y0Ll3v^n z3YD{Ws3I7NC0ud!y)WI>1DN9R$dT%y_#ps{mT&_|HASbsiqk5~t$~M{K{J3#_`Jqq zVqzk$4oaAAnRJ*BrcaD};cEu^&!0Afkw?phV_;tR4y4`UYEa5NEr7@yCXm!a&LPew zIflsU<2zwhDd>I5gwS~`4DC8Q^SNBav1XKjb0|k=JJIf0L_CvY7miqY*1kRyK5Y!4 z<&|=)9X9PWcIr*k9G)rfbcTPb$!hKnwzK&1*IzY)&x-dh@h8@nyUIJS-iI!5ttU#k zmdveD;zwWJ>C?{>z^87{-!lL+(Az0R39#7r& z^6Md`MMZZrdvP~Ldi^fUW*^uXF921od5WUaO9KE0=^)c}4jnEvJG4?f0HVRKx4A%> z04=Ya<7}h68EV9*tJLELqyK=fdwGaUP3;#R`TWt8ky3#tXW)=RT+v#q6ny>ig2ESn zUg>Jy^5zQRH1!wz$7S0DRLXSDA=>nu2S4IQ+9qS9+$r}Hh&Qk3O$t z-3c?HI+ITE)dEtME_DT#;n)c&=eFJ#tYr+UBOfb(mcI`P#=lWFdz63w%U?H2v=u7V zykpyMPVCyW3TMk|K}K{4WJdSCd0>t)%`bBsqEuPc?g~Bi4EB0$td*VHHy(eTz!hMZ zlLNXv@Kupav)B)RkUuy0zSY!u=cE=z=AvkK0A3b!ET3E+aUNY+!gZLU zQrJH5pp z=oP7CS>Da7ddIgDX>IYImL9RPE1f7;?YL0vOnw@#j3r#gI``%TZrRakU2@l1-K6-V z*v{8_Q3arvnKaRX8(RPJ{iK~(GioYIue!TGmCTwt4=S!7GpiE3 z)0Qyha=!!|*dTbyRBx-{9s5v|Z5xPQF(>cb9F?~e$y)>EAmr7C-{BO%O|SqQh2Q6G z_Z)|W^PVnEZKq`ViRa(Ve+~A)Mv6&5bE!_Cktb3UsUgtj-|1h$!~R@4g+Iqkn?po| zu*_BdO1{*)>u5mOqHGs`r_E^7wJ|+J3!tg~&Hul6cW)5!WRUKWG=Q7WzSG^zI&8W$ z*!Nhh9?(lNP}l9AA2WZkGOC+(jJbT}oD=q-^GPB+=YrK`Y~Cx>G3f-?plzXCvq8wp zilLUi1Cm+ge{4%r&km{&wu@YOrsl=6+j96BQ+c{%RcZc(wuH&t{{A@L8iUJS&&{ZU zJv;X>;>laJVp_j89y=PUD9wlJ1#BI+X;l)-S%~}TGBP#*@ zY20VtxzbxL1Kr^kby(q_o=-B*qjHi8&N#-SGBfGfm9Exx@06$))f;Qfoyt=cj;WF? zVrl-_dfBxd7V`N}CuoAyWE)ZV+%6ZWmzc>j-s;GaQa{DhTicM+ps9|AkD8E^s)#C= zrvmiPFgdX$yr(Mo5Dj4S;GUiy&p$I-C3pq2<9Z)&yv2zCp(WmcLtR}L0L5EG6ybAtRYkH>h9>UMd|SQC zNXa{k;j5~*w15)*;aT7iwc0lJTK{h?x81DMqXKh_@7Ra$lRI?L{Jok}@DWc_^(E?} z4_aWq@&az4U*f`@`X$FD4Ruz(h~39kxZpk`*PtT=rgnKN{CO|m27l1f$_^a05^0*v zm3+`ebvs{0)xm)knc)XGo_2Q8z~>N%-WA{9d`|%jdF7TrTg=yHV1__x3I#JZ2ScLX z)_xfYAJ=5}7+L#=iPT(-vG|mWm956ZYUqwcY^9L_UYk8znUNAgC9(h<#xpx8T_Ep6n}BgqQa-DdN;c#Ccpbypeu$S zw^E^SN#2?V&aN)KrBJx}@7@7#Jiw|Q*z>Xux{Fmj9OM@?oCPlS=T8Isw~Tbl<>%N^*PK0FHY2@7_FlwXz^{W4%CFH*-8t++3KR3R& z(XN_UR;^$=T3yJKsRG6nIyh1Gk9?~r^FoZM1vK^u#I%lg-8wtpH5!y}uP++6#j;dMzP(Q`M-21W}<%#{9}iraH?Zn+Zayljt1HI4un3eHH7Jpox3_R@U6+A{E>VI0+4 zHj@r4PRvbpNDfC{klj(_O`n0?xlOA2eLm=bRD#?nHByt@Zq=bDp6_wP6jA$k4S?XO zxsIMTsi>8bXVbaC&(Eh`vjkh^1w3H&txT4H=Vj{u_|@jBcu>G7y7-`hWf{VrF5CXP z|6Y#W6LDAWz@Ca2UGG;1muG`N7naiPV@!3}T*ra0^1XXo(#*^gdDy!7A(vM1{pA7y zpo`b{nx$a|xyx~J-{xj7Ps15~WQP2da`)VWn~@ScZY{&N46&WelT`5{sz-pXWJ|r> z4OtRmtKYhkJz<`~4ID}$Olf+HRm%Y7^?-wvOyILs3Fe(qFM+rm-SOV`)`}H z;a0*{GwB5{Z!hfuf6G5{ZROQ7U-n<&B46Od)wXfOc5>nX&cA>==O@ zhMaL?&Or)uKnK2fa&fn_3BarSBLy_M&|FVjU-JE`vrX+P^MmCF^^rRg!y?%=_D;0K zjsa4OMC&ou+%B**si6rzK&Wm}fCQisdlr)yfF%=lYH3PCgKjF42Y=a81^oJ-UIS;7 zc^Hk*ZbeWMO&~V4C8}Wg42IrJUH}Tvqy%z#at(io38{gLf`+$QUc&S8?(a{6KP5(+ z=|)XTx6m(;^TR1l`zEd%f31|G0_LT`WH6XySTgPFB*EO!?YMAZ1Mol>v?CTK3ZA6| zu8_dXC_6JUiF(#-C9^>6`NmGb%;nI*f<0Zs+ z-l<!0GOqpZ2F!6N=c%So;R^J}(~TTDC8SVW72rh-_;BA)r> zB7$Fgy%P9ZM{Nr^pKS3@jqP#P+^E{xIw+&{l)>qN-mlc?Bg(*xJJ&%co`4n|IiFv0 z&_mU{!v>B->3nB?@Cv-m{&H^NZz$67S*nWqq4)LV?o#VD)K080vOW^^RTbx~RM}uIH;c>bQAR<2mfsuVX8sfNY@r-I)4-I21}}=qUm*`%N|I67a1ab?pHX_+!*w zEBqUAO(%~CiN>zM)%~z*BJ-yAcWz@m?mI)o1Q<^E(ZD-@L!kHBr|0EO&Mj?z+aUhD z(XJAY=~ePJ&FRn)B)(aA5Q#s4-xi?xjBz}j2ZRA@MQy)YOJK)heFd%9CkTYlEj#wz z#oyjztC6H2Z)9ZDkUTo?pgjchrg9<~H~lbQK^9*YO@|O@sMDFxFSB8toCVv01f9?-^?kfcP8}ioRMI$I?(xVkO<*5w? z(c!D2n3o;rz@Sl}Uj(#|C467ZcViB0`;H$b^Eac0$`l`oPOLE<$sg~%ULoUSJC;q2 zZoa2JRQYtfk^%U+)@|^vha_%Q7#{`~mgn}!{BZ)*3?rAdHfJ4o+CxY-l#vPJZ70Vh z+CyPhxcz`aw5>GEKx+tAHNqJSRwEkV9@908i9I=0jOe~3^fHqY;9jt(y#CG!`De|v z{1_DlL9ulDGGU8GP6d{}T385|j8A0Me)#Otft}TtS+B63x;Ei)4DFr)HP^)?Vv3Lnx{KFR2%~Xyok@=!6eOoVzo{BoPZ*uZTpXZd`}(zj78}s z`p`Z5x=_+{Lj2uCp&k412B+3*P@;Cm_{dnvYJQG>i6?rIL~)O}>sffdl=u6+t?TL= zzK*2u`y(gr?PB|{>42H53rZ-RNCJbdb&Z+))UjRbDN{%2bGgDV+YHOA&*iN>7UmdH z%%K|P#NASHXHGkaub;>VxvU*#;sxR4D1_s3L+WDszc(Xr| zmm)VT9Ah0%6fvpA>wl;UA@Lm!+g9Ryb5yGjI+1uj&FaD6c%v}8gRxNi^t`r+zPitc zxh;3^cIWBFOHJ=W!A8C)F}A@MwAVnvKoDxHHW)Mg;cYiBCUtf7Nr&gd*{8w-yLx)Y zR?n=-%DscqvZUF5>f9gYUmG)_@9Fctxgf_4-ozZI3%Rk(b>7sr>8*~V1^41%?@HO& z#;h;o6)B?RJ7`#ocOavW`^U$iwKVCk_XzSXj&*SFI)@2Sm=S za!ERxxU(45rtJ4-XHC-id3|p%pZQFws45xFj_TDi(-)PXtUdM5I9;kDw(1Tg+TffX z5u@t7zi!6IU@)ARqW4pf)OiQ}ZTH(xpu4+9dxn_te(#klA@HA8^|#**ZmBoRyr{8x zX>W^9huRm^xC>UE{1|z;r&EDY9;1FOz#cA>E9-(`GAg!UF3HA6&`#Fu9a$h z7gJLTt0|pwvWwp~$Z?p!Z|(EoNmT5WgfXjQ-WUyB6~0{#`*De$%IYnfKoL;)y{CJZ z3gc|+d9QrAV43dx+H;*#0#hI@+S=-z@sVzKe?)MlGXMQmo1BS{%|@j?)g>?AH@!|v zJJTxPm!-vITvBH_5VvofE02b^xqi8+`GQ@@0K{(Th`ZQcZZm$_SrZ&6*>9gM#Kri( zv(z@nQxoTxvwL0$`|rii)9f8W)P{u|5IQCep}|`nJ29TjR8PcXqBk8GpA%agjDV!R z9d%?ML(R+sbDQ(g$4}1A&MvegAUwn9&}gN7{hDS7l7nG^z2A&DJd-k=F+Q>u zd-$5ArC*Em@;&LHIm2W3EuY`t_Bc;si*I)br^|pICP5xW>Gpa7I-bGj#v#QYA~lN| zC(ez!%%?6LHE9fumv9Jf=3{qsQ&`1HyA|MReW#21=C5bXGv9n8=W%VN_A}k{A5pBkocc9%LKa6H`W+^S3e_I1(vut=}|Wa}!hS)Vy4VrBxm_ zEIX0es+jb_A0V`)qN?R}N2uCJ;Aj{U^KLn(5WaS)N%8A zPnMxTdJ@Ii=H3zB>}-dE_Lj*5K{Gf1croQ=n8XQe%8ZoD!Ep8@r&u(Xjq4?%n0L9T z!vU(>3CQ{%k!Orwi9I-)a;X1sLJdj3WsOtYP>-M8%tS2Z>I#MY1zLj>6|>>6&$pdH zqOXq3N?JJXG}GrFr$Y87iz}MXx#)7i%ewnS*B}^itWU0M)I&}0O#OY-Td9%nYnH5Z zX%vKrX$sHkV^*Ku^+?`BxPxGq4kH(cGL+Se$B2ges4!| zS0HCDtR(O&b9mp9EjX zV3Bj5<)3R#5^uK4y=vM2bT_bvK4Tf~Yn`(MVnb*9o9OrZpu&YB_O!mRIHarhDvzGa z!ejVZH|LJUD z+4yPHh$^M)&%%+Zgse$BJrzBgZ9v|{WIrKdofW==jjEFbIF>~8Y*&VV82?)ZGn-hL~)#|k_j9TaZm za!QCTJ$o56>u_XpRwm2Euf*xHHMz>7uek4QOC>=+N2yIp1-HH z;=X;ao8z*3Yo+=bqBF|c4t*f|7*`s}(^%GvV+t!2!cixqWy6ERx%evb z2MjtBG0Rm{KXxcLhu|Ye#tOwd>?6&4Q4hCS6@1R0Jt>eU(|KQfMx1D8|YY0S|EH zhP^9=qg&pjTN0|X7aHttjK`rK_#i_mgN_a>O{HR3esy(DjnrjNdSt~DiVY`<(ugRQ zo?RcJzn$(0laO2cRDWYOEYQSfDLG2rb1C`_WlCT29%P)^t)LfosI7XPY8SWoCE>iZ zmwWUX<71JM=3(yOrTz8k%}9|p=k}Up+?weSvTnJU3}4icc|fBme8(IkB5sL%R)E6?%SiG99(t&$SW5zrKu!FSPZ*mv$&1T959(X+s` z$9-S1z5g&Y=!0@-rb|v|N&fu>cku$tCayy+T^$5$z5F)31p5NM3;jshDgSml#NDL$ zxZCwR1PkUZP8B%#^Wk{>(UIqIDgpaQ_RS+1hg=ArZVOEm_i|#QzC$ofPPPZ(o!L-+ zn7B$CBwt3xu4y9doiiP0NkV(WS!Ao4GRBrlN|O!`_80fD_H?+fB&00$G?86xpZzJ8U2kKy}^G^@$)2;1T-*NZfJ9x%VHcHKcO znzDdtS%ggTC_eC)7jwTz7aV#c%g#9d0&M-MOZvd!85n#F*-7uTZ+RmYEDa}3V-jp< z;Vf^W3ftU~M7rJEER&bWoMr$edWYY$mV{Vea5pJ8@ld(HYR}?f;+bJLDp|BcW=y_Q zbjNYsNx8)ZQqn~tfXPI9N?3MGSi3VayL}ex48Qil$H}_^nsl@BuL|&;tYYhX2G4<0 z`W`ELw97K{~12TIl;&?7ybFmf3;+qyKCS@TOMzhHw~Cst z;5W>_K7Ne*SojOFuGFFY+^U0aOc>Lm^))+o{=Y=UR!esGUd^s6NiKR-(9+ky?QL9K zs@HS1$jj3j>AE^_<%Yo7qF{2=cKnWZm-khb4{-SOqEB6i#pFtR^?kj@IgeeOUYY@5 zN7b2G%fQwzyLFAc6g+j8@~4ZZo3H*08aDepl_0)XBhU8TNWIbI)HXDpMmUlFs81+P zY<*on`(9Wx!Uv_X+?V^;E?z_yi3f8|q@~2&_^d5S1XIC`G91@6G4@+Hgm)f)22oTZ zU1)cqBU*LemDa3xkMWn3pvW5658F*RHnSJ6_gpeIro6)wB848%mY?e^RoGf8_p)|G zrs;mr&VGPX;Y?VI$M>v-EyTC=-0N~W#-K`t<)5PmLT3<7+el0 zhEC)sP0KCw#j;F!1)l00#ALoS?+y4ps|iCu>Wi?J4Cf$n-@hQQ)zn1o%tr=apHD(_ zJ4Dvt28RCZ#8>9O%LpxbvO1mXPVSM*UGq`uEjEXjSJF6SluPt*#-mkxxg8aj;eDE0 zEMcr)qSw|xK3op)ylHH|mC4vA883oyUuitF&U(eqzEc&>5r^eEBIThU?Za+6f(H=) zQgxU-1k?V=(>PQn%_xl!{@m-G;fpcE%*!n>sdtBAH%C6S1&BL#EZ1betQL{P%9Wv2 zmwJmMDC`io8uNhTMts)Z{2pbCXc~^+m1yIPx)6KMvLxgPYthzicz5G|_%wyo$1m_Nb6(X#(af-?Ip*l`9jvK z_OO9Na?{gq#dj_~(gUjCu-q%u_8y`;stbj^7dCc#tLKbydG6z0p+DSz=Y5j#QkGwF zfVbk7q6-5{8IOoNh)!<)Ql+=i)l>K0-lCRpz0b5CPtYCCDpl=N6U9zt6-qyJ5FK1Q z)=yt9u^K=58#7E(A^WO=_gy`M4-V0dy(W+kN6%Bu!%7(NPv(YVKYblQ$O4|I@j+5I%z^bumACHv8FTn^**Z~Y#m}NaopbV-QtoLrIfNU z%dtLo@&2jnmtxt(^Jv$sZ&4|(vo2((f!&Lwwp`+FSosuoH zRuO+JLDd{K_>Rjvul`Z1rcXsfMuTK;66IrdQ%O7J-3maz$mAaX-H;^+cGe+&I>*+< z-)#l7y~rNKV9%Uc4wzd0_|DZx-F^j^5Q&w}$mWz6IXnWpz1%C78M|x!w}6l{bG7he z{k9XfE5Uky5Ty$*DId5OD@)58IO;_yc#G}Wnq{=!5nzlAkQeQB!+j*shJCJbKgrv_ z?aW7N!LV>$_0QSB^B&qt|k>lZN zqPb9iyVBWDdr|QhAE0Pc{OAGH1w6$a-usxDM(SgoH<*wcRL961mn5kb1JNzXUZZL# z2jsmRj*QiT+~5h|4)@UFStI3D3#{%l4*QsR2YkU%)Zgq?$QJNbL0GMuH2c$^zO#Jt zz|A6u47nO-pBm$++(8Ue$srltHD;1|__6G+L^+#RY(RM>>M};mfUC~tuZfhqA>n{K z)ogIFNtCUj=}kD#-O>)`M$`V=$VX`H%RJN?4A`HrI#=ccbgd~lnl6_~!n6XD9lAXawmaHS&V2t_R z>HYhBdcV`B&*z_?KfIo2o_p_E?m6e4bMASbyIX&z$Fqs)K<+^M0MffVe|10rZslR2 zYP?{V(m%>tRY1O=YTS1_h5U`awb(?WnmCYgwQb!6WiwD`L9&f(h4LE|I`3RQz$}*s z_1gN(3{zhFA}*(+YHWtBX=fUsqy`n1QOY?T+%vy(+u7gC+3%;eOBd#{^NnmoF8F6 z5dyOt#79v^6TbDCIM3=TCOF((e|4;|ix_ z^f0J3i9qQ!qsnVx&P(zX^ipj^fy1q8Mf(xStq6h5S`-mYE{$L}^0G`~PH<^a%QID` z%s8(lW(S(^s~Ch9w?PSkE?AxU|AtBs}dC1 zM(12qaX7Cb?j#9C`;#qZ&d&1(IEIwFV2i7i4tk6E`IoP8Fnd8CK7ybA0(9vGjO8P}|~bg3ho)nO~N;FU`l^-1NbWwWdhf_1&nsG%6F_vRN;nQ?_Gu;Z<` zgCn2L_rK*Lv!k^hZ(3Im@fgE#LrQXM$h1m<&h=j7+;86|Zco0*geu~DjR>1tDd2?c z9&QZLs6fkr)@%*l_a$Eb>V>kU9gP}86BxwYN=l2R-e;eV>SeB87ZAYd;_Rk(?Kk@3 zOpIji3`kZwXkC!^l#J=!`!q)iH?cQ;iw?mAf5D>Ye0WQ?YLq2D1rDdcD9bx;`zNt9 zxTqGxB3oz3hxvm>MDvCVvUF%ivVvU-jtt@Ol+Fnq<+1j62S+}n5iiLP)Ux~LUw(Gf zul-$iopGLf9&5KCg%feXzx}Rr)fIu=?T0rdOOdcPn5eKlE_H;Itc+^rq__&0EKu@` z$SxcHvBx_ZePAPBO!;37ABx&T0w*P}9(v_x4Kl?nwgv5PcS=JR6h~Zk?%0-mP7S1K z;D&oST^IR2v2xX@I#zA^B0AREZnXEa)aP+M?b7ce4^U2VQ9VbqlqX=OGKlL~ zl&!NmZRZ=f`}#LO$Ox3R-h$8Q4Wj+X)^R*=+`)HNU62z#--8KPG*3@JluJ7RE^L{X1YG&h|x*AmLj~Wx8~0JLUJ15-HauhV^kq zE4~@wSV_|~IJ%8a$=&{lYbiN5*tb?U#QW9>%#X?>)*YsTXQ}MN}Bqhy- zrjWcg^A37P!+g37&zH(m9+j^RbHTD+Ftvb_38+AM0}UXPl@W$rtJhs>QOr6}>i`{{ zQF+PStrh7ZC31)HG-CQIeJLWK*K^!_a)LLHujnFa^D5Dwo@jX1lN<`#j^aEri= zGV9t0c7MKR4j0$0%n(kimopQ2I*^Z@*g@ z%Xw(2Meu-+uXsYAe~I*NIeN!$op`|a$+JcF*f+V(adF+>T*nPf)%h` zWF7k|`}bhK<~fgh&jjPr=U*GoR6VGHM)>VAau0hRf6MeRf zW>uJ5Bdn!(s(4Y_;P}GBc8!_InxU1pU9{>K3l}O2xIk~1))`)-}IgcS4N~#+@9o~YNKJQwj zbljHs0Oh?DV*U?%4tQ%{G#Hgv^L6SxHPu(x z$2*O+sXH##DNZQgDsUKh@E|;6y;+&Cl%Z^#lXeS@&ExtsY(C)m+6~MvYzk^ggYs2?r2>mB8Mq!1 zgA~8P)bjcO!@$$?#znI9OV1H4Whz*WPgYV%XCI-mjroj7O|NstLt}Fq>gpt_z8b{~ zqy~*9+M%uOfy+^wO-JN*)$4z)qDxkL%vq;MCdk-{whJ3zXNY zRC1DK?F0H$X}O=F${KDBm&~YEmDLt9YQ%A4Og$D? z&)f^|owLKupC0(MwWB{f+vT(PTITLSfi2DWzD+#$MD?%iGxMqGWoCQ|KL6ycfUG z_DE3{UCx%oaAO+|Y4+)49MQC7>6nJ|g%2{t&MomdADTT6zFd@p^RKe7L9BW{={vvt zp~ccP$g04)1hpm*rOA?43Efl<33j2>^Q@AS(uL0N6=1)6$TZQ8)!`dYv$8=YMPZV; z-kG>yir}a{q_sZG%)D6RC;zlob)LL3UeMDrCZ^!KhKp|nl>q%+Vcp}rgI z(=>VRy=WBld)+k`QjRo!!eHOUQbifYU_)LK47w@{qH9S0*(&s8eoy|$Pyib#|D}g6wD-g&E#9Bs zQs`%8%>z&qkYEyVPj0*QGobNfu8J^Vd3L>?HTsL8Dq^P9YXJf2c>(1|o=4uvdWSmW zP(!Y2!$A!{oy_~zGm=w0oXB+k)J<$0Yrpy%6;*tG+y|O+OOA|p4?Mlg3@4kAg6(zI zeB9mx%lC@pu!PUq21&;K6D>$BSF>dQ;vrtG!HJyJa6zI#`$UZ88&wll2T`2$^P7A| zL*fo#lSozhTe#1XRk6>LA@TVqZTX(zlE|<9?V~b0t2xpa5$lbTo5g7@d5d|m%bL7h>)slvGbcVk}qT8WGX#vu;KgazIiyK95o5~l)SWA{i86dSpVK`f zV_edD1!`C#lTj+Ux={P|NrfT7Q%B|z5@jM%HfKwwZf(z$p_}uvyFuXRJLv6|lF+?m zu~Isx>}rzki=Hf*TYYW>z9VH;=Ds+(_gGc?hSbDfIb}Z$^ipc=5TcfNSY8j^N_LL4 zz}?HcZJFw4OTM#onNVUCrgWYyA;HqAH-fWyY^-z8u>{f+>|y5A=Y)~QHngn|o}MS) zyijS#iGz0&w;Gtc0YJmvg(c(@W)bH@^MyV0(W9QjQwPeu{J5|o#Kq1Hcs|RxOYgn= ztK+nI?6kBJe*WVwrOOe=m8YMFqAAgtcwMatig>`BaK(`1l$(EpRX{T2}JocLeKe-hH;}5 zOW*fR<9gy%Zdolw+J;~!+W_`#M%)2x#J`$XI`Cv$$gD2ao-hJa89H}tIbT$pRzHlX zDiXWPUWvNl9mocE;}ncW1Fv=B_G}QO4Y(0*x*zv!3zT*Q#nFK9Q6_~rta^La^?Wda zU(+Or3M=|8==?(8DLhawa0C}ot4&*X1jO;rl2iG&Dd7n=I*`F?X+B~)URgbBBzrg- z?88Ne#s6q{hguXB^zJBwFi_%SK?~eLC%`WeX*~A3w(rdw1i1$j#@4YRxeQey1||_d zFo^<~$ZI);K)e7m<_}?21^3ZdGgeKuJ#Ky}$94Vg7n8)3qw(n8*?z98hVlLWS;$7^ z_{$5v*kFsRdCVm|_}2!N+*qZLejo7oT0id6o{boovgXkh`FV1e%!QQD{z#Z|=KHG! zOm0?-FpxhM33xi^KL(3CKDb13B27*YTMd?)C*u}unj;hS6^w2_KBvFA~v0R}?e(zF;i-fVd2-Rq3e+sCVfoq-leZw3ggRNR&3yGb(HBxUg|ym?YGmy#2p zEOJ)iHLAZtBbe~0uYZ5gCPS#$TH7ZsH|}jw1w`;XjRaD*Id&$6$w@yOa7O0n8p~B{ z{vSZ)X$;^QuiwcqxC8fae!dp7msVb0{^n4H2k&eQMyI8vP#=Sx@b_V*#P9HF4zhvgtruX!Ddky)-3TwAqX;P_D@Cj>bEsJw6g&WnK~ zNqlLaXo^fOAK>F7VFP5m9;qEU{gE{(QRQP7f2~j4NqZBPt8O{8`4)>u zUI;gkX(|mDJB4+y*EmIs=e=8Wl1fdWUTU=}g2d9GO}qQij#^^i)by;CXsy?(PNfhB z9LBM!wtd)##z0ZLNm0+JWeH*2z(;mxb=|T783L(BOQuUnd#c=e+5gjiFr*3;?k$P5 z`T(^E>fpSQxzsUpEnk!fToSabRR3vE@R08aMzCv%VgGxz<&WaaAn-wR_@wrWC2Fx^ z`Y}j@*VKxbaU2XVYLG8smKP{oZ`uC{8DLwfH2&}&$Y&s6U!N-O0;MYz&%jnT@*wXI zVE_2nlmPUh>Wv&L4Z}W}XM#I+a6P)DcELbU-xnaB-kV{5WuB_;F6PB{pj_0V7wnP$ zzHVck13XVSGkF2XQV4$tj>!9_KG`d+M$`7*&TyUHff&c8xr6BPk%u1@RZ(*bOn3IHho zN;xyC%}LNuzQ-kU6kue--#q^RN=koP(V9RYB!{Ah+SI9{bDbR!#VAD2dxHuow;nw> zN=>9k`M>(hi2Va)2zZkKuQ;{9`$Gr+eNzj5t(D4EPo-`b(Tz`z{iD+l$PgnSaV2$4 z7pM}qQw*f91Tl!n`3!)z^3Hz#Aaj8Cq)NQ)k$A@ zVLd44@}=jM<-`!*<0};>h$7X*YecifWBv0Nt1f=1Q>^}k4Co{H1rw49^h)Yf)HEgA z@goW!111*<8C~Qb|hi0wdr67-k>Mhg#yhAvKLhnnfpb*daAQo+mUQ zf}vor!?XKdg#HtGDlIofqYuLMx<_F9YQ4fAI#F}-doKf;g8B*O9uy#_q)FKkqVt_Q zd%`XVbHrq4XX}@W@I3}n7=GmaHgmX>mQkYc_T#2z!v`{#Uzi-VZHzniH|(^ZHM}W0 zIlMCUW=K7pdB(Se2_(#bhOt1b4Si{fo|8MezrRo^G+9stD+ybvu!0VN6D4%c%^m<>A1ZD8K`S7llW4 z0C8v1HVQ#bPoTYzYA=4Ff*}!dEw+iz<>-O4H}5xDo)+hj@DBUII0$19kJUphZO74i z@+z0uWPcVdL&4t&pv6zgt=y6bCRAk>ZJ#$mHmRWUD18OWt(Yhll*KrEObE;I-jP?w z&6(5B{y;p9!+!WsZ?&?G1vESBGkwPD><3wFm z;elr+3Q$%A9;QF42%ZR0BeT#&cDIBiPq^k_&TH7s|W0k9?69J zdwE}dO)mLM>Z64VZ$l%nm~ywMz2sb@2swPLbz5wlcO;|`Xi6cIV~d*Xpv4T7++A^$cO`O7Zwxpiw;t6)7b87s9Rcyax5A8>Al<^Q)HXD!JFPX)) z(elvZ!>V4NQ{JZXg3%U1XC2jz@-H7OF+WZ4Ta`)}Fzt90%1E7opdg9DJJ%wxTel-_ zOYI5y5UUo>qJy2}qG4DDTW&)otSLwI*}(h;7rI^DChQPFI~wkr*za#O-P}g^d3YRw z5eyHTcGd<{1^z@Johe92j&wgSEjz|`d;vL<1oWi?IGMWmhm!0~)O7f8rX2fk@Rbdk z!woIqCR|sZeW_P_t7lu~@+l+*Onwc7^M1o<@j}^iCr2%FpY*M=6Sm=?_}hjb(2`1Z z?S~)t(F9?s1`+X+^EXSN54$%(G3HhaCdFZlAx11#LbxstKVlxa#N*%aI7ys(cd8{ zRj+Qgp;DmBHmf%bExlfuQh|S}{J~RsQBjL~e%%jAj$9eGLS7!LTp7yS&CHP~uRgh% zZ{0?iKZX6VhF`le)5GEeyAn}a>Rw&-{i|Bzqp7NVX+qtmmlVanIrk!19<50zliFZH zwvz~F;t-$HW5^YT(z3Gj?zVw}fl{O+H1cg3Ki}bBRwnB0m}Sib$+A@Q=F+qIN%7u? zgu7pxm-WzUP1TsM3oO(HojoXX3%}B0{O)G!KzSdYe(P43W{ic`O2L=2U~M>}UpS%= zt5GaT!$1orgdS74JweCDfC+3}s`P%)^j1d!Sz2Lw6T5rl^~F0o+7>1iXo_}Ip{VRk zYJsgxv)nP~Pgo5!E&Kdh-7`@?lt&|$ogoGY(S7-lw}R1G;Oec7)AksbAyoUuio<6% zHP6hA5+kE;vu>&p_xJK~-`z5}Z6{OVy0iTN5bV@Yx`BbwVryG-8RyyP)+BYCjrMDc zHn06I_o?3;yFaGq4Mt7`ZyDK%H?A^-Y64AELtMD_8;haDct$qzxS3Q(SKP)9nMEJ< zbj@^P1l#$u+$mJWr{gG$X~E$*18hwD5occbpq};D>u{Df<1{vIT-Xt`MK#m-XdyxU z6I8AH>}K;Dt(&3YlewSkuf|0b#1?E#T>|$U9RIlS4IayI(;PS%$1H5Hn-sA2+lIiPoGI zivBAmaobIM4|v0f)21xjOF|g-nb(B33>B+WoVf1vSht&%atsFF{Sl4^EikFM&(FU& z5VPUSjO9~1u&hVdX%Jfd)!zCFAehI4_<1cz3V1v1gdO<;+g8=xFCfQ{j*@xpd)rp1 zI^7_sZz(lO77JhP(D>=d^11@!yDPs1ePcVz09pT{gLHmY|Yo(k& zAO7Y_Fab0}ca8Tkj8PXQu%mM5H?4jGNEHQsPvom4dtsV?dGkLX{^n}G2^H;}YV-gH zcpXZrh-LiVzfk=>oDE@Mn2*VLst6tgJ->XTH~o=p`HcquweIMf0D|i_+&pPFL_kkz zB~Ojtpz(9r7G($RIi@tFY;OR0XZ`3unY}%9{X1$EU<$p6Bm6Y#V0;UMA$8k7x4#Dn zKnR(zL_(CP!E@S2xjz$J2PEUiu06xDVDyuJy~*`iRicA(-!|Rlmf8Qm#Elz)I6Fr< zgIgUW`40_S+2K-P)n0Bckxn=_0<3t7{1K^4^!J@d8a|&}Ka`GtVohi%^gFhv>NEz` zcOXcA&lm_Hy6HOi|6BV0&bOabgV$=ScIlghL5hIZ@@VUQ*8O9LAagJ=lUEaLg`#c2 zTpiry=KbgPuc(3OL+4j9f3UZ0|ZX%=h&0Iu&IcV!5@0suU!R7v_nYrwi1Pxd$K z0ucbsNP&$~4F4`^_z^_^N1B_|03Mu@NcB`|8X>autG&#h0hrR$e3W5vL6h03b!>#nj%H?Clju0kei62 zr*jHncL{bqDb`zxjrfaG#Pk&*qW^}aHAS(pGR5EOHpy#0{`E4j1GjE-c}mZdKW?1H zRm0XQQ>p@xb7*2Gij_n-Sp_L_u>ABrlD5>2600wum1~pD$6=R;!W51;oSewR7GrovNKW-LEhBj_1gjd NE~)FP<*VEX{y$hWA Date: Sun, 25 Feb 2024 11:34:44 -0800 Subject: [PATCH 20/24] Updated docker location Social image minor doc changes. --- .../aws-iam/tutorials/aws-visibility.mdx | 34 +++++++----------- static/code-examples/aws-visibility/all.yaml | 2 +- .../aws-iam-visibility/social.png | Bin 0 -> 161075 bytes 3 files changed, 14 insertions(+), 22 deletions(-) create mode 100644 static/img/quick-tutorials/aws-iam-visibility/social.png diff --git a/docs/features/aws-iam/tutorials/aws-visibility.mdx b/docs/features/aws-iam/tutorials/aws-visibility.mdx index 298c87a4f..25f98288f 100644 --- a/docs/features/aws-iam/tutorials/aws-visibility.mdx +++ b/docs/features/aws-iam/tutorials/aws-visibility.mdx @@ -1,7 +1,7 @@ --- sidebar_position: 2 title: AWS Resource Mapping -image: /img/quick-tutorials/aws-iam-eks/social.png +image: /img/quick-tutorials/aws-iam-visibility/social.png --- @@ -10,8 +10,8 @@ Many production Kubernetes workloads rely on cloud resources, like S3 Buckets, R In this tutorial, we will: * Set up an EKS cluster. * Deploy two Lambda functions. -* Deploy a server pod that evaluates jokes from one Lambda and forwards a review to another. -* Automatically detect the Lambda function calls in Otterize. +* Deploy a server pod that retrieves joke from a Lambda, provides a review, and posts the review to another Lambda. +* Automatically detect and view the Lambda function calls in Otterize. By the end, you'll know how to map Kubernetes workloads alongside their dependent AWS resources using Otterize. @@ -47,16 +47,16 @@ aws eks update-kubeconfig --name otterize-tutorial-aws-visibility --region 'us-w To provide visibility, we will need to install Otterize in our cluster, and we will want to enable AWS IAM roles for service accounts (IRSA) on our cluster. We can quickly enable this using a cloudformation template on the Otterize Cloud Integrations page. 1. **Install Otterize** -If you don't have a connected Kubernetes cluster, create one via [Otterize Clusters](https://app.otterize.com/clusters) and follow the setup instructions. Skip if your cluster is already connected. +If you don't have a connected Kubernetes cluster, create one via [Integrations page](https://app.otterize.com/integrations) and follow the setup instructions for Kubernetes. Skip if your cluster is already connected. 2. **Integrate AWS with Otterize Cloud** -To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for information to help populate a cloudformation script we will use to integrate AWS access controls into our cluster. +To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for information to help populate a cloudformation script we will use to integrate AWS access controls into our cluster. If you created the EKS cluster above, the cluster name would be`otterize-tutorial-aws-visibility`, and the region would be `us-west-2`. Once the information is provided, a *Launch Cloudformation* button will take you to the AWS Console to deploy the cloudformation script. This script will install IRSA within your EKS cluster and enable Otterize Cloud to manage intents. -After IRSA is enabled in your cluster, you need to redeploy Otterize with the AWS credential operator and AWS visibility enabled. In Otterize Cloud, click the *Next* button to see the updated Helm commands. Before executing the revised configuration, you will need to set an additional flag at the end of the command: +After IRSA is enabled in your cluster, you need to redeploy Otterize with the AWS credential operator and AWS visibility enabled. In Otterize Cloud, click the *Next* button to see the updated Helm commands. AWS Visibility is not enabled by default. Before executing the revised configuration, you will need to set an additional flag at the end of the command: ```bash --set networkMapper.aws.visibility.enabled=true @@ -131,19 +131,7 @@ kubectl apply -n otterize-tutorial-aws-visibility -f ${ABSOLUTE_URL}/code-exampl ``` ```yaml -apiVersion: k8s.otterize.com/v1alpha3 -kind: ClientIntents -metadata: - name: server -spec: - service: - name: joketrainer - calls: - - name: arn:aws:lambda:us-west-2:*:function:OtterizeTutorialJokeTrainingStack-* - type: aws - awsActions: - - "lambda:InvokeFunction" - +{@include: ../../../../static/code-examples/aws-visibility/intents.yaml} ``` We can now recheck the logs to ensure that the pod is running: @@ -165,10 +153,15 @@ Sending Feedback of Funny?: No ### Visualize Relationships The Otterize network mapper inspects pods with the `network-mapper.otterize.com/aws-visibility: true` label. For the labeled pods, the network mapper will identify AWS API calls made by that pod and determine which resources and actions are being used. This information is shown on the [Access graph](https://app.otterize.com/access-graph). -In the Access graph screenshot below, you’ll see 4 AWS resources associated with our server pod: DadJokeLambdaFunction, FeedbackLambdaFunction, the role assumed by our server pod, and our wildcard intent definition. This wildcard definition matches any Lambdas created by our cloudformation stack. These types of wildcard definitions can be helpful for AWS Resources with dynamic ARN names as you move across staging and production deployments. Still, they open up a security space that could be overly permissive for some environments. Otterize makes deploying with a wildcard definition easy and then applying more stringent scoping without disrupting any services. +In the Access graph screenshot below, you’ll see 4 AWS resources associated with our *joketrainer* pod: *DadJokeLambdaFunction*, *FeedbackLambdaFunction*, the role assumed by our server pod, and our wildcard intent definition. This wildcard definition matches any Lambdas created by our cloudformation stack. These types of wildcard definitions can be helpful for AWS Resources with dynamic ARN names as you move across staging and production deployments. Still, they open up a security space that could be overly permissive for some environments. Otterize makes deploying with a wildcard definition easy and then applying more stringent authorization without disrupting any services. ![Otterize Cloud AWS Visibility Example](/img/quick-tutorials/aws-iam-visibility/aws-iam-visibility.png) + +### What's Next + +Now that we've discovered AWS resources used within a Kubernetes workload, you can learn more about how you can manage access to these resources with Otterize in the [Automate AWS IAM for EKS](/features/aws-iam/tutorials/aws-iam-eks) tutorial. + ## Clean Up To remove cloudformation yaml: @@ -176,7 +169,6 @@ To remove cloudformation yaml: rm template.yaml ``` - To remove the deployed example: ```bash kubectl delete namespace otterize-tutorial-aws-visibility diff --git a/static/code-examples/aws-visibility/all.yaml b/static/code-examples/aws-visibility/all.yaml index 06e4c139d..14c78b2bc 100644 --- a/static/code-examples/aws-visibility/all.yaml +++ b/static/code-examples/aws-visibility/all.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: joketrainer - image: brianglynn/aws-visibility-joketraininer:latest + image: otterize/aws-visibility-tutorial:latest env: - name: DAD_JOKE_LAMBDA_ARN valueFrom: diff --git a/static/img/quick-tutorials/aws-iam-visibility/social.png b/static/img/quick-tutorials/aws-iam-visibility/social.png new file mode 100644 index 0000000000000000000000000000000000000000..b1113f47aeff0004dadb045d0b923b5822b6732f GIT binary patch literal 161075 zcmV($K;yrOP)P@yUXYJytontg z4|lh=?rcd}I_a`DH>duWk+eSF@%7f7hGn@mD}8s;`DD*2FL9^$ba%47cXL@*pU!99 zoh4hFFVLMwx3+Y1US)^uTc0&~J@4IECzest-PkMnbmG0NySuYzvvI!s_}Y_y)rpnw zBl6yNx*6};T1j`B$p%fAhlS4bD+}ti`gPJ-S#0O$_s-+f<`=9vwp})>m7UCI&t>Uc zv&o*V^ZBucGv=SA)w(Z`-^rrP>GBO@?b?#&ZrLBr#Sm}oQ{L!o?ViSST50+%@?G~8 zbICVd{&;Le4Bi;AR+HymUiZwYP`)+>;Tp)F4_2-6M#>KbR z;7B?x@05c&%GzbceeNT!WKCA;Z0~7&6R&mIi@DRCe04lONzO)Gc4+05@0LS++Vk0` z+br5?4`*?bM;fm!dBx|hZ}ZPF-a0CAn4Krc7p-;U#oyqQr2HkWF)PxSjR(v^D9%|yC|P@YmVJ{u3osN zFY9)9Pma+fD#|C{X->M$k<+qTgbX`R&!gxp`Nqm7+U76ujGnlUi<7cWYssf2z8UYo zIKI=)ct)}CScKyPyzzIM)#NO(;GD3zJk9h(4=aA7<4nnWGT!9myE)$|VZqxcC2sf} z^q|fD>9m^72amHIecHRlX`XIw2{Vmo_{*z5%ws0-#LI31d_JVkz>_UdZQTcq$ftfD zXjXH?d=Hqx-}5Pu;!JeUTJd4CV{2~JBb!f@wRKE*7|*aooYOvoWi63wt<`B)F8 z!t;p2spS!uNX}tCYl+3a@k35_4-RG?z+h#&SQ(yN=M`}AI7xMNdy;muqSy5ejFZO3 zSbCUU!v?f|5KehJUw@WQ#2`+SziwE&zle9d!NkPbv*j2AQ4zP85GAl~wr#Z!KPGTq zy)K^7celH;=Hcy`oDCBw0palhpxx70d!8F&#+^L@P3NGCd|VE7K!xtsm!ErXG;1FG z=>hS_*Ja5-9y(ni1khn58wkkb##hO{k>)tI*n}S}F}~6&F3U3I=+4Qvd767`o}Za+ zZ7gN1^AxMZ%6-lmTOgt&@80o8uk(>X7k4UV;n963ukHmAUOJ~4KyX>%A>?}B#w#8W zCSVg~2oB4Jf&k1(o@}GW)_CxU2@Z8nTUW?g+Cs#;8DdAg%w#We@NV$|35?m!JwjPv zr28nrN1To9Mx27rb1s;jyW9D2?$l^vqb@c(f|L8{Sz;^3Iy_;%LPbp%H!GcXpi$bj zCX4o2=b81+n*$(nys+)8?3d=ZffsV z3ncN`+emi0a?J$#d*)n>&q5te?Y+Tia=3g3i4VqW<=xJwEhJW-OXC3A#>-kpKDX`< zG8>UqVw{ zx&>{Am?X68#@fNs3!guDB5ctIS`>@m-7JNa_`jFnLRh;Xg~v`};_-UN%Uz<|I-q=j zfh%d(AuYE$Zw!!is9kW5vh4ZY2sL4$0lW!NoA@k#AB(!XCDK7R`{6E-)0}7c_mFy* zAjKm(0Ab~m=Nxc%m*18B9R_^|qRd97QR@$Hr6085HM8b^bsqY2;;!=UaS#u=|~&$mTzbN1?D zC864linjMgTM}XgeG@(n=Ix1$HQ&}*aX`w#YrhkmEuiC-J%S%|^wt4L=R~PL2R$+5 zz?^k{&k>d{xZX$67xv<@s>SuOF4>GM`>?DVPZwf?6RoB?;VpO76bKXvIjTgeApg6~ zx$xb20~dXo!wjwS&1gd@Zt#GMOf&f15STI+=+_b^dD>e!o@@M&NPbdr+k0$T{ty3V z0$n_G44t(D>|I{gYV7yMV-|c5;3Ous{5|rJ z@%m1BqMC%xdnlUYA>>D2<(#^!fr%i4#ZxR?IX2!c=PUW*{>@cO4{|Vq!PMSvN}V0o z8HW~oy!tO6Zozlfkm-_fytg++<+q9?!pYyL{`sIQG>n2%TzR*%XWaxt_1tb#md*)| z$JkqbOp^BQb^)b$p}b7As*`rTZyiDIMI<9FBCgNgiQ6oIxVa@gg%K@#vN_E~y-$&Q zK{Vf#*ppO8sK|l}RDk5r?aLWGy$uBJ)?eW+lNrj2*hF(HaOJ_doCsbQ)uRVBORpUt z>d3u3qtBYYe8i4CWcJJjdo1#xR3(0m`GNXO5ARPze@-s~t&#GdyL6oF=1AfkLe zNoQy{J9NqH7_$vnNv*)#CVcyDPcuO(aixKUE=y0~58lw!=hP!Dm`CzVz7hoNSQ4Hf@iGg_i@ToNq`-tH?LL8*Ou)WUc$Cg)ich|&fav=|j6O`Q znIeHi!si0tPdVE4yy#UBUjK(a;T#>^m{gB?8KK%Im0O6eSjtM;RS|htzl-OB_FcA9`?{*&>h?ibT+7Us-cd};|Zw;7aTfISU zPS}py(@a3?SbICZJ&~1`PM)ovcoum$qebK6{9K#|bv!s-NIOKph=?RBhqUTpZpxAPr<9=EGkRdu0I zJXs{WO>mCQg(GHz+$GOyDb^iF7ufIji`2g)`>1QZ%ay*^cY`Zj6Z7*?)0bwQgufbD zFNeHY@-5xgt+lsj{rcAnf7PZ+#&@AqPS$uIFpAtB&&b=)gUGUO$M+?8;!afv97`sq zrBr5@N{DxKQ^ACrIO8JO;kShR+{m}yn;h<*g`QF3TVCj}*Soz~%s53?z&T%5J=^de3NS1_1=@y9y)fYY~KnaIafnD_o=d(RcKZX(JQ3Jn|E9sI?j*~QegeoWQiLSr?Q2Bjq1sH@+li|#)>50qdilnmZ~(A zU%-9*Q6v{NO*|+It#*-aDNw>%f)0VLl%Fdt9TeMu_%{W56`8>FGmqXd(#vqPy)1)Ki;_h z?ke2G7E}Gz3YMU6$gr{HFD_W;N$PE%1GC8GNnj4UrMBn}7U zRY&-|zwA<8{T)SvoXb>O+X(RWBz#i0 z+`N`I{Cc`@akJY*99SaBpvVe=-g8=V4#9S<_{q|ZtclZxkY#D2B)H*b8ZxER&7KjU zxBLH`O68bB-AhJ#?(1HFRI*9K!v3l4yO*CMzNB>eJT=*{hCgtJ0#iVIKYq~KRcVVH z2C8%LsBr3U_ZzDvdw_VP5kdwAnXBZDcd>qmR=x+Pyn9dcM<5Bs79v=Inxn0p>(Q`w z`6k@=%D%HuU}q`L@u=>^O=%V2@L)c129v5VIB|$`=uQ4pCU}qbdjdO8CojpqQM5lh zZq?5Z=9ll0Ga|z1nLtWAh?WTqsk{zUEOT3Z#~blN-8Z)5$cMRji_AKVU^QV^2~qe* z_(*y$DD2DLgAwh1c#a&&cGVwT9KR!t$7dg+%~a^xI$j6*6=3wW>WtsvOzdFW8l`|! zh@bUlfo3acQ8IOTf2ut2bvmh~B1bWH0Fvi?;BsjaI|ze4k41Z?Wv(Ej*xOd; zViovO_IkGAShq!+wVpzzWeYZd(46OzL_J_`gSWP=dPEX%0*{uGLW2!c32i!0l8Ev} zY0FAs*C>qOYxyRbA~_`sk4%uR^S$b1Uu`|oa{vzHFXo_!xS@rL_~kI3 zlz214q2`=SQBZJi%MvLM_#92lbSJM%l`EAzz^eMVWGpQ|h>)l0GN0EVpgVz>N7S_y=Hr7GznBt;VQ=Ma;Uk_2y{a?NS%Y#d8D z+}49ix)S9c!suTHWmOA$1*`%z79IAFPcxxZ@mIYkiQQk^n8IjQzF(2c-Mk{SxUKva ze_*xoeRwFhK}9OQOx>~SW=&t<=ybc3Ga3i5jSWW)PjsdERG*cXx{Eo|o1azXSDhmC zoV3rNeBS*C699yD8ck{-DcLFDrg7KM?+XX4#i>nb1v0JpUQTtQ`NkQ#Pf6?8K&tJ% zt{XrmKSf_{4r5TH0(bPHz{+!uL%(WKgPENoO;ZvRKV30@X!(tPO-UtW zz}RDWMuET%8)@LJu67nf6zKjuua)XZg2EQIzZ`$*t}hkSSEip{9;55KvD1OY0Vih? z7?{zyEm=ZuN;QfslGHs*d1h=rqJXu7BC0xUNA`|pGgmaVS0aT2Sv!8=b0pPtEE;1H zr(9Jj`(l~QmF(~= zzBVA1Y+EnwAl! z?FR|Lqj7T(!ce5x>`JE}`;#w=7cH|26jbp@V_VO^uW9rLb1%NqyuiM61McHK6j{%= zz&=IL(?i5Z*~bWjNEv-R-Q92)Bgb*1^D?uzjxCJE4@w`$JRI-d z0X}1O>nA?c&AnjRorr<8xP+5R8@dZgvQfr; zK#6w@FoGJ;t(#}a`xPpVCaTSYZ;-jH?%YGb!=X{C>18V9Z(foxzy{eVkho_)f73#U z;Um0?*WO-o^7gP6E{>y7%m?a#Bv3EF3E!$_HArK*a~gOJ^Rq$J-mZ zCZL+CEKZFkg-nBV<$<)fG`WO4D0*#8<}ciCz$xkm#jMh7!ru9uFr$kvh@fcyZnjyj zg$wK2q9UcDx+^;MuCATZf`|f@Ggf%Xb42_ zte_k%s``>ADhLriamtS3@>;|g$Mn?_c1vM0Ke zfX?ID7D>lQ5kQ^LT1alFSNKx}7`@2jQ12$d3^d8!o*#hC0TshW8jezU&ui2V?zMU) z4sz&fujhjhi!e3S?{Yj0Is_}a5NdcSg#%vI?U^vkOs9SUcm;|L9N@?ZMAn&Q3)nFQQv-aq-o7cuM56euanWqjRMXUv+UX$bG-k)8h7zq)t;c zki-kWjzHY2y?e(B&4o)-D3>kYo-%5QsVL!uBEQ*f)3ZDkYUXZTkaxwr?$nW>AjzY7 z<8YEi@wD%wSUGhbicFOBGT@3plV63kyQh(3mvcDj^2DowICA7qmw7?Y@lC3;^6yxP z%1`gw+jB3C{oEo|Ez>JVjZ0LyH{c|G}pmWrQlXl(r70r$5LFcK6?RXkWKO%dlUPL z-7k7+tDmF<>x>?nTh;2L&e1)8{cwKiRa{)h17t%kQd>RaJ?-J(2S^2eAW;-J->o$r zPgK`!*o87;M9sp`k{<`2J*U=`#NFL_uqKu}8-R12YyNL@!ZAiq8Kyt3$P z-}qNaHlAq-YESC%pC^==paIk*I}$nlJi@e_-fKsJktE|i9LSRF7IXe}Qhn43cij{Da*4!1| zf)Id11}sy`*wX<+i4E*yn*j9WGF1_H5Co3X8XadUB;lJO6$KzPGX=lPvkZpB?9dPo zEPc{xmKH!q+}{Qm`PTPqZ84a!@0H{;-@bn96&>z6iRw6a@4tT8(#VTh*)k(|FL4nr z`vg=eV_6oigyeDZ-k;&D z&o})d^V&!ugBHPjLW+(r8l7ls;q>?^b+tZQd!IV03V>hEh^T|R5_86=YKep$@2-%T zrLyNv`rKmE9Vm)3415S0y2gbor{TY^%{49->{{qEV^D@g64R?-B-M ztUZWBG->m5oFGafASUZySh=x)?01%H8H|?SfujxRBON?%j*H&kp0(*4W{gnbXFfeF zZXNj|^cWy3A>-AFyGTkW6q)M>R+3A2OQlrgzSbZ0c(}{T(7W|iBFNHHIUxZI;%6NV z0-t~TDV$lfp~OgO^*+20AUH-(wO5)%PLwa6Rx^d=eNXt4YT6BGpvn^V_=wKC2uPZd zQpo~~=S=TornnMoFJ3QaW5%Qorb|A@B+1OcRMo(%ES>h$Hh`woR(Q`8j$I{=M)Kgc zebG6N=m){N>;G5h7?fdS=g>s!7q9qt&Zj@JcL;oNk8QiXt!{U{BJP7tiB zPw5k3=ApvC*wZ};%_dA+$As?VC$B!;4U0o&;y{=uS)D7%$g;49oRoyS7Am1MbXkGL zntKLht9!9eq}q5gcONwy>@gsvo;DwZtWLd1X`&^Vbv<4BhJqk6eZzT!^K7MvtpD{t z^?AHkKiaNt>ITY$rV~yB_|uT*%LqR0)5fo|qo8h~C}~y=JJuKX5iHWma?eEfgEp!6 z>(r8Z2hI@MQ^@`2@LNcDBWrKsvN3mD^J4-r>Ey1*6s5B;TX#jvHfioZzk6ufxc(#5 zPCXiWmgqf&@EZP@1tLyv<(qnlPL(`e(XaA_z*QpjG;zOzDl;zq$u4(ofp7Lz)v)0ZHVnttJh-R!VhPFNF7mSEfP z+%_SQ|Kq}2%f_Dr0OCDk(NtqfDix{cJsp=Y@b_RvJQbqbxn$#__7Nzsie;jK@22mT z{{U{TZW| zLd8x=uzEdDr$dFv7Gp-N2Ro$VS>G*pXy~XhI2`iK;0I?aM%ZGS!lB0;1xw_h+wM3o z_rlx~ST-27jxt}GGJX{Y?PK%V=Q3mF!^DN%%_n>@qT?8EKh_LQAiA$NA7GUs)N||c z-?pP%Oc9-5n<9Z=p<7&Z?BY4WQbfWNE+6-IU!&mVKqalwRL$1Yu|a+XcxWW z=j{1F;k8aH03wgEfAj~Hs9rg7As=5rFJM>)4kY-7?B|nwy4UUs9dDT*%>uS2?=D#8 z3f!a8n{6jYOwiBwGac5uVzk!JKOSy2dWCGjXbDi&;M+HqG zg|U9!@#~k+5my&@ohq8#ViH>3n%}A%u9(@ux>xw?bt5xH7j0d&@?*k^qq@ zt-KvZjLaN-g+kJ6cw!k$2D?;nd-sW=VxG@i%}jdQ9yRL$z(HMNma{9aKgz)e&c_wa zg(E=-4O$myjFuJRBl!Z7S}=T>ms3e#}k>fJJ;0 zl6zOoqxgc1x|v)u5kj!!-}v2>P92avi~O26@!>&et>Np-XNFv&u`=d#%1Et*-`B+z z4LEo{?!^!iumu8I#G{a&su=>4gnb6zfy7R_Tgfa$A#bkX-fF$5k6G`@lgmv!c zXf=pSxfa6M&BWK|jOq4f@n$~xC+#7l-@V%qAoj71v|m1Se%Gms*udGhttq=l@j>0X z^9CVqTRy`{TGv6shp^2comCmRisqvNkz@%wzLI`0W8|zc>L_3qoy{aW3s4>|n59$DlH@fXp>P6Bpqfn{|4%iIX077i2g+$hn{@PiO?O zK329RvlMM=zh@!BUAm)>0xXmhvvD~bVqKaEni{QVjNbS`q~Eibnj;ct%<4Nr@aMDE z28sGHf!;u<29DgYA%UnFQW^tDRy=>~Ij^eJV|1R)Yl+KSC{apO8R+^vLd_0?Sc!8- zY(B2ZfN*f`D%0n#nt9Y9LDs?LveHT$V@*)c#6;=n$s?S!2J&vb$})^(cmBUp*(n?teqKn3_PTY>HXu8uy`=+)pXVj+ZGinR&=127_*Kx_A8V z^SMu{A-?Aar&!67(~#%Nw-E!K_!Gbum>K*8VfV+0Tvrm5zl_=W?iR8R5kD?+e|fiDonCo4)%=_U-wf!t(&ck26O2TFRK)u#(t*K}?5?j?%M= zs6Ao7Sz$T=EJmHU=Sb!@pd17jKTM}eehC6QO=YhDJA2%(1R=&F7m^ARr`%vQs)|(> ze$_i!apEN{zo94UWYo202lkPbq#nVrNb==bz2jQOc=g;Ba_v@beY@QAgs(F|fawD9 z8I*3c=t+H(ViKB zmtd3NC&Z+*OU^t(VUTCNZ_cs3j^cnkhsQEV){mJ%wbQWx})BVl)mFF?Lx$ixcaoFXwWB z^$%!~UL#6@b28#WU|#DZld?s|Gnj+sbs%;=$xtXRpv|W(SudI%_e~fI3z|i zLcy2EYL7!sAP*9n2Ek1JuQG6}Jj!D9#I^jUPz+){i%E~oMS zDsD1XwnR4L{PLIk`A9r^BRZi-u)c=pAi+RzG|j}3v_D8G5>emc^~du}s5V=KFM0!Z zgE$Hy_>Zr!YVDLVUr@R9cR=i~#?Z=b&g*Z13+v|-^yF-nTSmXjXkpSdzMu6A2G2rJ zn8Be^k~8w+8LLPD)EPc5^{pP!) zt!&hdym2%rs&}q!*kuQKYQ~q$qp9-Hs?4t9aB7){XzG?h;t$3zLtPyfmYH&5pq)bf z|9miUlSj+XZD1n&QGnTw^a^9TdyG#_ng&PMQs-4Zz+YE_1G>-E;u}0*jRk(ZTd(mL|l@H~_zN7w#Z4A1?+JD26@?6$q!5JcWlNMNxm6h>S9< zCu7{p-X-sJcc&eL;#VpE7Q;#fAH4Xo4D~Ta{(O@zLcdD=1u$|W=cQJFv#A2h+l8o9 zzN$Y(TFAa&P$?#9imWF4+(n{$tYeuNY3fn`gDw(BA9roTo+fEXJ%I~tCLw%z7K5== zi3nTD{-BTIf>27bHmw812xEeI_G%*TnSHXPrI~cA{bxYzL*4#BMDMB_xSk$QYtlmYdJZ=|Z*<<@|HX z{aJTT+hKm8qvdjr3AqswyR9iCA;eIxB*M=0TvK4hGS5pYJ$*b=(~6y{q3Jr&Kd1B^ zac?@rtVE@t_cxsLHaU+r+UixriiXX6s5%(riFFwZ?^9^P;5@C)Ve=&Z<I+Q}1QZpex#5-(e0&sjH$ead`^4xWa1SY9pTpb~xvm2=9egHOKk$i-8{m&45EXser{aDt6ktu&vZ44@zwH1+QRFR6&g`TwjAc@jUZ&;ei_gtdzjGFV)n>cdJS{4XX}@cd@dbn)RQ} zftvf7r zT*?iPeljK%B((%?x@l)#{~-~?-*R8^X8h!3niEL^C`yObigQYj@Z3iU5)a%$`yRvN zj+*>45vCCiqmDrMvVj2hxaQW<<$UO;HrTbOz@qy&Tbs-30<+Rk`DFOuWg1#s-+3A~KJH$*XmMKkKEUf`I?{9PjM5PLE$Vt`$D%j2gx~Qyspn1+JO% zP!wZOWc=tkeF6wN&OJW?EDlnk7!t?wg)CsLVMl+!Z`IKtmN(2gKYA?-1;k}B_2$t8 z^@UbF{Bnh9VOrclbC|T5alZ-ogS0P3u00ypI1>9w>kYoblIFXaF6Q?xZS4l-jH#~C zPe2Sx112u&#V|SD-#lUs!{zsKi?K4nsd328pkQ18vl z%L$EFr2?xeRi|q2g{|7mv|YQIuYJ11A1`@w+fp$#{0zZFJIwwLWIr-)aXC})2iLiJ z@3@4MBB4Eb15KpZ5c%m+4@T>qxFpBV>ourcLj>wz^Iz({Ea7{r>nzh0pPomdpgBB}M8X&_bJrz4S!HyF?#shDpkHVIEkHV6xK{wejWxH3WQ9picM6c9^gb$1% zAr3Tr#U}1Z=ObN{tEwV3*OhPj6EJ91@QFhlCqi(VozEy#zm5&cyXO=oAr=ibBZ|Jd zo|t?|Iqv)U{+NZC%gxRvqZme0*)CJiNN^RS5$n|P zrq`OAjHS9FuTvk}IwyaPih!KYYS;UTxYj_Qll@vjA`utR&c`z~-!{DALA*giNh%mV z?#)nxUBr4s;t)ce+wPLj6IkdCoK!JL3g81A5jQeWzR?xouS1F1ws9xxpRMZjx_bjV zF=E&oIG=5AG#Ak`08mM@5`gT|UQ(7Za$Yh)H0Ar;vvZFhcNm=CIVyXv_U4Lb*%|w> zt@HV408}ZxRS-`s%%Uw}I>-HU%bS5uZumx#%#68opalC*Lhn6H2<;byU~#FnFEr9bn<7XB9c`0 zdnWl4*uE(Vi$}OsdkjENFArb`gt+N+4f$JITEbyh&oHPP6Egu{!WzbVEtg}3LXTpV zAcSswG4FZ4)RjzgYX17=8DE$UZV0*ZALPMAXTVm&HV%2NNje>!^p{dmLb*>`?}~ff zW5V+gR7GU$=X}jF#Z5VwhX#_1yHxneo>WyDlwJq> zMH#11cfjqYmYu#bo-99^iBipo;_kmx=OYI!US}_0Hy49RIn;g8q;w1AB4O}VO!{`; zl?PlkEB-u*qtEMJMIv9z$&E~sxO~pB+wY0E!YUD^^CKP_g-J!YIi=2dR!0MP4pDU> zxG;F%z(RGI*UzWxbSZMh1t$=?5iVWsxJBbbi@6i}0l7`?;R%>7)9&L7Ee}Enls+Ah zD+<8Gm}exB2vkG+RZ@s#89kHW7ENU&ZHH8h1pBYc7$2HSdQg-o4jQ{>Y z;EF!ffOFJsTer!yXsn+Ec2?>xBzA4}cq^2?g# z;=~w?l-RrXrA`_lQ~l|f8J?x6E~Utc$*X(O`#DJ*BjIm4c2_;b>c2!oNoGOXT!DG{ zRZR{}UP)UdlflSs9G&=f2b2HQ67g zyteJizVr=dSWUkCIuZd74zNCI<^x`{Ho2r&$(ToVO7J7PL2r@(W-TbBRAVF*xgH4g zc1gr;sLS)+9M1S8)LU#eVQEL+eJv^OI?iev=5ieDcgUtf1yu z_%za{EQQv9g3e(oHJ%rGP2`K8&wy*$%-fS_IL%DT$eJrt+82DBd`m8E%fc4=oF35Z zs)dB&R~q*WE0fw0ln95*1C7>H{g4^{I}a$)39 zz;&;4peTYZRUHL6g0PeTty%YKfqUxD0Ym_xXWeFkakH_+NYQyEGbN~G#=_Nb3UI7x zoXIPXcQqA*bKuOePz*=)j_PyF+ovV_XT6UME+BewW=Ya-ozXp1mu(`0{+JIl20BD1 zpE+0L<7<1BM@vZd06T|Tkb?+~wDX!?RLLXmmx|1c2?^TDb7OOVkRe1l-Yj2DcS_zh z_Bg(D-{S4l6qS#)LRfiuQ}`F26A~P(kuGhx?^0}WQZ#qHR3@b4 zNg4Vn@ZL&7AA3@ulDGvTOTW$zu=4tgi@mLi>sK+`lF3=b24LgSinG``m)?QiHq)G$w6h2H38`PSh- zWfEDqh#N^`CwgxRqr~_o*U7AdI7detRQg!vt-EW3GDVjA8hHAI(M|K?DWrMNDKF0h>HVKHIh0VP7eplI@9Qo(NT&jzV&x!Z95a02as!7 zD8G4}sf85@-BE0U4vV(WIuuyp<5d->H3m6F{L`XI7R=(5=1ikY2Cu}o={b<#O+ESk z!zCToPr-d2tCPcYZ(^>$(3_VC_`4@CB&%g48gwjl4_6V}JFfXT_b?D&fJl4_p=^2) z;iWetHKRQN7fcZ_1ekFL!y^3kM+5ucP<+vOy)NV?0@1)K2nntjK1&SjAKWJlnx*-}%xYxc@G*t$q&WSgObFs-FJ7?xbB2hdw zw}-47EcF%C$@XkJxxY@5O^J-kzCz!)!mJXx_Cl=mdxte2S(i~*5P-iwytNLVc(FWL z*Lx$f)j>rRdx+kU6!302SXS*=app3uthrU2dsE54Gl^RI63Eke@7MjNhocRjfjOu( zuAjlZ7`Ilxz?njSIMn&je4r`coC~zBg~lf{dw^<;Ye2{%(3;9;XHM;b{r0Xi z&1==VHaz~Xg5fCr?oS$pxW$O-d-#s=STFWdbTC%$L!7wC-Z~IZp4}_A#7>UiqBHjj zfrBJkr$cg(pXGM$;n3NN*+1e=Y^|j*}es( zm-o7}SO8!5yG~)I8er*T#~&uo+==3W=&@-LX|ednw(@6p?6aLy za}Qrz9wH=iZ^7F@CvslM97~@>aj#aKW-Fx=Nd_=y%;>!oWF$yDm#S1!j%l4VT!;(g zj-oQad>$Ze=0}UORj%4d8{?06e1~%4|IRLYDWYJO_c8(}f*R-#hng45#)bbH!)2SS(nl2~Fw@ZS6=xIG;Id=}TR7Efmb zOEVp3uW=xmIq1T^n@f9-V#`+}@TqhmG=gL}M%dWx`^A@8nSB9Qg*XP1)`E1AU-I)U z=JFdQ17T0pw9aMIzA7*FV}BGWF#tKv=8D=RLC=F9B3^_d3JJ`(22m;=BEaFyakZ3e z4wGW)QX-m&p%%4|TX)XX0y`=@utU4iG5`iIP6A;ctUeO)ZoVwAH7+Z@LzYmJMox>s z>70bTuIG(NC4VFi#daH~hoxO&N}Pk1Cin!Ok4Hz%;37P=LDBcA5IKu=tPjWw1+%;2 zm|^6a0BSurYBUkUawBfI2%`v|oh)%mldy8P!*Nl@HR49$n;eb3YZG+D+yn7tQFE6K zwA(;~b2X3n&4UH#m_y`e+FaAbs7$)&#*f~33~R#QM3g5Z$N_4+$%{{!wcjg4Zy(v) zoKd;$gi#T$b>ab??8r8P?a^k*5Wp+lp2wJ8)PD{UZA9;a8GnPJ8@Wz`47znFdY5EP zSSQ!e6zvS0O5%oM2%^{#%{(6AEBVEa04(Wv9K-%_?{GGQCuf2X@9* z)gj0mHIJ!ebTaFk9810>x4ixao7e$$z{H!W;m}WgLUK_M%D~yw@!W@)<@1|F(cQk# zm58TVg@hgBrEe3cpRY^VK#DLj#2>_@7kSAK7s7KXF8FBNEDc9Ci!YE{(%GWHT*U*g znYNUZ|8Mv88Rbk^5}E_B$&SWhl)y5^r}$G~khpnXddO;YYhJn zyGaB=Sm9UyTp>HWdCW9gVAkx)gexygI@EWvjRh+)PjJmQ%fJBuL_oX0C3)FMJ`7w6 zx%QtUuErUx8xk3s03%t-Y-y=*%K!i%07*naR8xW=i}u3M2tpBdS2elhyw3BOUY zH-d8fZpN*N4;SK_;UH=x_)$25%7m{=MMNYrrkl%d%?j)In3R#N;vkuK@Ph_Lvv^-I|j@{~~K$FAQGU_VOO7Ohmr$A%|Q=W6yKA4@c zM?`LCg9=GEOLt;K4y2ouI&pB7ltO!Jb_fUgY$ zN|)flO>SsMIU+_@49qbQ)kLe_ninl)?|#M7zc=>96yTobW{%lES7=@~IkK6~|3W`; zg|BZoBBY=uqW%W6AGK+%);|U27VXCwqYaolxGr~l9nfJd^;Y6VCQ7t~OFTllsjt71 zUXlzwz~aiVD`>NN*-%JyM;TtrKa8!_$r`8Bzq+Njl7eu?tuIJo>tQ$ko_P2i%88ct z`j23)khbE6z>2#Pcor>Fj{e97Dd~=*FVzeV3j2#UJL+hSRDdHY@@~e+*W^RI6KS%$ z-mXQk*vT*}RfV7#v7Uuau!83L=(pQTG3aiU+ey z2<@g}W<8$~H1;mn{?tjkjFa_g!yd!fa^zUGxoWDRoXz+0zo-+D#3YXgKS`i6B1)*j zO0UZr*u~p^KCVirSRe=DcZVQWiKQIo1|3|+zFm2kex3gzIOJ5%`-(W*q_}z!{ob^B zO=1u&5$#@Q43TYLS|u+qcP&`;pVf@BQ=msI8A&{D@^U?csqo4+mY~I8PeG9^@!Ss^ z%UHerX6C;zi5QUP+2SvRFISHdtGws8{;NvDL6t!0%f9XguHRbH4gzM%;A-0 z`-+Z@8kSV_={l+Q%*%&@@98CK5ruM64)L!uGvp3QOl0WCvef8GTH#s(c=Vl_7rKyS(XY9@{-* z`d|J!8?v01xN~iah|(RO{awx_L5&4s5O69dR&8RA;{mWVQs2KT|3iB00Hmj%^iNmt zC(XFgc|(kk&hYsm@A@C7-psOo4c;;}*CcAQNZ%MZR@2y{+ptB5)R5|8VS; zRd?H3uVJu|5&j~-m|BMu;%UIm2i*L@5U*xZWCG)1EZ|LInR$kyh!=xrl}=d78!YW7 z_*$*_5g6i+^MA0Xct)kw7USp!{Nn}$-1F>xghZl;aw|>fmG}g=@`~KVxddcSk46{? zuJ+!2E`<^Cq~JBR6K{Pp9f7ZlU(il&b^BOhF=&8K?2xM1Xfdcjnb5YEt2)@Fpb@65 zv{onSDyz5`qzXjTXD|_Eu0zlo*!>X?tnsdg);%!6-b^E!Ct-mK_3&H#Tfke$(cnr^ z1`%MC0ob{YP-;vR?@wu?mcjTg&X`2iR=3qCJ{g|-0u=zBeVnl4}1V`Le^ZL@UJq#~`8dIE#c z|F=0&(Gz@rp0PVoNfT>FC2&z!oUBuM(DX44#GAUb6kqu#pZ&X%S!*L>Ix|78>DnA4 zZQ;S9H~CUV1FH>>N&aqs?#Jq24>_~xk_lmP4|%M*K&X}BDfFr8cv7dKDV)@`U9&PdsukJlq?7>fdk*n>(D!&fEI=oDm~N$z3*us(y|rS95M~&o>an9# z`rW>fWJIK%#yh?00zj8i{u-P_XP=MuuF%PVq}Sg6wblo@lu=+U^DI7_9U7;uH75^G ztX{H8(@D1hBwp;B+-KlOBgx3L430kf)*!cyt~h}@|Mo_yDEktR-c=@_5S@HnLr7C7 z*pWtbkm1HHy*~8tD4jRLq74)li>Vqo>F(zh_zE3Cb(QLB#k&>Y&}a3EXNiyrPgvy_ zIE7Nx06(2QgX_xts?c44o;cDSYmXIe#G_kMx>uVbOzN1dLWXUMfj}A07ZyyaNwh=g zUc{oNscfTBlpxY^jE0c@JaAxMK&X=OT_5W~ub5%5s z<ug#jl3`V3w?dp`^kS+H$t{GjYQ`znUBulJkRmcW)pWM*C5EM{_{#D_qJh54Op zug6!yeW}9?#&D|+?soi~(gnSjN3Syk1fSny*dXt@SaO(OM(Iw)qhq?+CB*qP#S2GzSb>-%6!;jw?)f3sCow*z* zOBs|%OsmtmFX&*d`Mp6piz&TQo32zC<#v}d)x_u<0{rMB>tD&&`KspnX`E;I7RMAP zaYq6H4`GzG06}71o+|H;?!M*@-4I=3<)0u)rEo$?`?J*Ljx}$xSL5=NUK>QbH&>4a zh=LE7NrwG0DPzsJ(7EX&e45-+PXtFiO`XH_h9AKtThgu5&B$xoxIYA>OYKXl8Mkpn zzcTSyMLHd$9sCONH~m`VCewP1AGs%rCwmnrF`Eoic;n`A2@)B$aHn*l0+fT$c5m0a zElmXLU{3-238J==oMU%T98bDmrgUc$u_WQE$a|Y-Ic(`v&ixfZDrpl0|9L+s#GBs6(aN9>4T;QVO zNmyR|G8d#&!coxHaN-|X%G#J_2TMsq2V%J0b9s7F)T`5`%>gADum2ECno(NYEVq*M z=sC&ZMVd6^6e}m=p?zL5xSq=V78TreSb&l+(8)iS)vgy!NCBN&mTD?3K0c7CfSY_x zDAi=?CAV#Yu@M|nTI(Xa5pGg$!;Ad%Fjos==h|B7Y%Rx>8&G^R#S&TacOz0##tr`T zSAnR+c(#Ubb=ZXOO>4t4^YEmXmLuxA_$w@SK`Z}M%|C!jTLc5?-YTVEjzv1Xil`R) zCP?HrQ?M4d-{>HMphXt5j-42u$9fUh0py zqphIU)6#L-bhod0hB#?d22<%ch=~~|LG12s-SeUmj;_2c;M@`t3FVM_fA!Q#uC5RD zXki6yQ1cbX9R2w+9T9wBmbu**dLI-Q62_I*jhT1&?~rSl)P;p60tP1nG4V^hT*47l zsR!N#h+mINnT<##-91F!NdkTJd_kO5dtSkwpI0kiB9DP*tcn|S=hRp1JwVu51Brbn zCY#**;Hxf@H3>M*{|kk*Qg^gBYrJz(E>OZ&+BmMO32eNb2Q5?P9fbML9}XvktsB;*XXXM3 zEWeU-pQVpGg&;lF#X~*k`gGHyn3W;`6Yx4{6Ez>_yaZdo3}=dd;3t z@)k++8~QAG-}#MSqxuj7a1~B}XR|p|@O&P@`#A7%Aj7VybMeuKZ51t^&SmNWR8OfP zQNzdO*-bIi6MYcdNe|ge9~w8z{Du2DU8(Jzs-5WX>*oQr_GEwsZVII?r{XFxm+U0jN;>m-L)%=8Z zgFr}Uq4mqHM?BhbJfFc7Ra}qirz(YeCN|w}H1L`j0T4!9u9)AvHs?0xn5g1PH>UD0 zVib}tu{ec1@)~6|GDmz+4%tt>`vwf41>OnXh4r%0ArC6uc5j0^NsMa<3VK*7hkDDF zw{6=$ZxTK!=X!U{Z4VZ12b2_cTf7+xPBn^&Fu1&X$(EwIN4bb_ZMDs@ngxh4iHJ3-4kBaOMf?2}FnTTi0J( zyccg01}0+?V*JcCIPjqRyIW+I+OWg)+~|Ifk(1gak<~evEvTT0BpYBbp!OTmfU3Wb zzn(EzPBBTRp5#D3tcqG!gZE9q@GlNT28(L;>2)KWAG{9mEetN^)iy z8K?)B^8R%fEOmfaS_fEciH>E3b=)m5In>6Up$VErkUJk0Bm%4Vv@Q)>2?qi ztY2&#Y!Ekv)A$ie?WGp5d zQ7&Je{?a(}ajYb#jk@JoV-<2Q=*1&bw~F#pXC{aPL7*%0gqNBu&vXy6MjpDm?W#3{ zEq4NFHogzo7N7ikeq~u9_uL#8>2#QDEY#{nIv5*#xc#4@lnMmr8FR~V zB3aj8J;XkHnM-G8aIUsqqa~g?4Q)#05m_!)6-Lr~bC`cX9VdvuSB^Oe!S83I%dM$1bOLH|y~r0PURh=aX4B-4y@#GzKuH3^`n|-A5=6f7$qs3X-Zg}QUdx|z zXEac40CNw_mI7GkYaYh7a-&p4iM+q?;V@0VoBiBEfTMS)Z=Bx3c^tWiadJy*-GmyH zQid}Pc=M1HE{TG%DB(FPV8CWCbV^e$r9Wj36V1=^bwV%*@nRsU#ZmzIjof@rzC{V6 zb|XfcQ(mypO9v8%dHDHr!%P0Q)K219yn0?lf&OOy`{z(fX5_D(@Ftby^an&E_C49 zneLv3&UN6(c6flSM>-p|@^3T$pQ>|PkR-QpD9HBzfAJ=<4>(ZN*j}%vyDBq6qDTO| zh^Lm7sf7ROA`HlNhxEiBSe^YiYEeIzHDmN6_BXQ9Fv6DX}tOD?LX!f zC`2wtWoSccrQT*%y9E}z${4LYA!cw1UHSC56vXp``^4$>-RG5t#ZBc>4U^~{rtEM6 zD3VpcNLv}^o#_gqAeXU{p2K^3<~NF;YFABuK8SykC;15{DESZwj3rF^l&-(Hge`mQ zqk%Z|Qj&kk%$&ce9}*xjU^y0&yCAaRE(}k8xsHva$)jLIK^oUuOh8EJd7ub%YG|k{ z7!b&z*Dfh@GWj;mt5lYof%Z=3ITw4%CYf!1hrtvY&F!+eLm_ybnA?Oj@w}Q$bRJK^ z%GlG(=$!AG(K&30Bj-tye&@JhT?mkJfa8j@ zUy64|7iML*1j5o~Xl@W^_XLc4?E`F_7j!iUVVF~uopr8j2q?%YHYl~-bpFpE+d%w< zn3A1(OEpQZvfD$b{01r3%M_@yY0|vbyi`)v|4O&?#0mOdMz$K=UB`LyjQ~T378Hk? z-zv=1LvQb$S$Fq@$u3W4PL%ooksYA+Rxv63%;Vv$KSy!fFXnEB440v z>G3nra=*1O!k7z(_qABqlz;^!aHSsF8Qw2Z=}F%Aq^A^`piC366Hz;UD|mJ8G~Qt* zc7z~L18Txf?45fhriWmdh&O(9dkm}|EMVFF!r_Uh+;=5p@w0W_#{qLhob67(S8p21 z2ae>;6HQ&9&2X;S5wWQ z2op(Dkr&eaG2A$_3hE->3ag_K+pKy>?Xr>mSq#8jwAd|osAwI(ekr88)!^szFI?N~k+Sr^u7_M3pQe>TbU zsZAi*5T1mxS#9=X8PpoAIdi1O)1$`&Alqet;Ul@v+O83h87 zE3CGKnSL}m_{DA=*Tc~WYP_cdJ*l5ZVgM)NDI;FL8yG)l6vXk6oHA=D%k0L!X*m|` zZ!~Qc%2!;52s+!ur^h;7eEAS5FulS|PE=+sNRY9*ztH!wJ@b2L-=)ksSCTS1OvwdT z8?$~6obN>|MJYhVf%ATPmhNZ$hDqJl_|6p&;}!!~CcN&;NSu}+yml^k8&rf3D*t^f;frqcW#2N406OBfQ$7D8)VDC9}lmq1a_Xyxd z4G>`$M)PgAmd7g9ekf<+J`Pa@OD!iAm9Yn@kJay_DcBjVXzLwKZRnn9+Y=&nic}Ma zUlUp)LYdWUYu9d^38M*XD2A@E6gY({$B@a{8ScK2J9_*8U)8OcpdLre{VDl8Q#pc^ zl-rK_;%wLBGRJ<2uw-#T$x!RgSDn3W;5`F16vy zHS6%pEUHH>mz!<1yLyQJLc*YP3(u)%m&`A&<3oMhI^SqHfny2uqh^l$fTPequ(6D8 zdjS)b2^B-GjXYnoagRrvvC>rhG%A2$^ZZ`@CPG|`0|T%|N)<%zlNl4S zTI;Ppq?#y?c<|x)$`JjBV36S=k>o=gwDb3=3mRWDeS4E>arq`UvL+)k{PN{%d&p8( z8eA8C9db9RV%QQjzOIOW2(Dsk1{?XO6&epXs1S^E!GH2`1bBnXleBCk3Mt8%p$6Qj zVdPben;dZLXCabzr`I%5LUp`;K;dG%J)A3FdUW7#A>KeEfC8n%@tr_uorhazqHG*2 z_w^sU>qhX?=v^?-MZnV?@>NPTiOcE?Y-tGGJ6p2B`}V0AZGjPsciJ zk6a9WG@47vf*8gxA;jYplusF2Hb<4E4I>c|!nXIc%eaw|ZUdCB#fkHH4+ET~_m+u5 zZ1R-0zmU44r!#Aa&Q#K%Tt_EK8iP3M`oW|m8cDZ=S@(k0<-7OZ07Pri1gsAw<}+F)(b6 zH9y^U>8$z5|0Fs7hDH8K|5P%sVvjnrH;gT>_-o^bsfuAlmuB8X<~J4WAE+&O+7Okp z$Tjt+SFd=KeL#YzuB$7+6r_G*BU1jNExI$!pt9O`#dCDMfJ} zNjKkUzZ~`8~Mr@r&cD)_7C?^SHPR^Yrq)@7y)vB_kE4ZH-);E_2pKy7ROr|jl<38KVO5PgxWT)Xd1fgwR7s*bd~-0_V&a%i;3Ze6d=bdL1JC5JH|DI7>)`}KA z2AG~_kD|Zx7MMQwy@ zNh4l3h3bXs0dgau;8o#?(#&a3fR58Mna&w4>Vj9~x4!cFXb<}`nt$>qbeN?RucrfI z5p&*~F9u*tZOTNg?6Jv+yvGL~PRfv;A;`Wp3gUg5ZRMz*%JG416QAy#*&fJtq&U-e zOg%5*Iw8guVgLXj07*naR9`|xG!FWn5{a%;M?H@Pq=`DEh*E|(%W~#djZgDSlb_mY zr>y+^=9`}wV8wsJxF`8|pDxpb#7WF2Flgv55Ks)K306nr%Bot*Y+e(ezw+F`b(#8w z(#rn!m9h(~4mjxVHQtU4Wf%p6ih!c5-umhwFnNu?N3I_Q_<%Y+2a;s;$`Bo98?nuaU57+B;Sa%D`vP$F43|l(3IHEMIq_ua@dgFg%xt&~^ zIk|a&+CZUP(PO*AnbkbG z>qDnk+g1e3d(hd1aFpt(G`|L=nueqW41&0a;e^8lB_RZww1Q9h`}5Wh0KNusNi*E5 z6Q7G;m>zxu8d`97lRDoFvB$jMNu;TmE z1UV6f*!EelTQ1~dlBPuHdvTTp4UF2P!JJiS8F1W2lC)DTN`;hMuM>w4uIB7c>(j1Y zL2c=5nt$rl0376kuc11^!R#^pBXBym`!(TI38s_yKtmHUUt7YX5Pr=#(nB4j5bT-S)oP z6F2cpk4>!RW>Ub4hae!Ea?r>1`7PQ`_`_rfI3O`Yp_#|+0o5OzP0>-k(5R!sW@mRZ zN|yer^ukS;&y=8MB3jS}Z5fU8@xi3r(alZ8X{xbPavE8sRQk>JfTTCl!4Sqd{_H{I7NQH`cqlxK z6~>gFL!@Eh`2CerrxOW2YAnT(nl9?KVKrIsP8lz$&yRk5KYszFR%!H~xev5j7e0oF zBP1~4qVV!rdIG0X7Knxr;wG|T&G=b!w@ct2O4sPK8qjnj_?ecm*n&KEv!!Lx0X> z7JYuE#~BYlGnvyPdK2>H^fZOKp}YBti+`SUDDok6VC%{(vollK337*q-FKe_2^nE^ zfSD(nG~P^I^o0U*Oj-J)(D(^o!WmYDGx{Z(zlYAaI0YC3WPCDxY^Sq8z!`8kKUR?} zdkW$xw#vzSx|+!QPHr#^sIu%?Uy1=zoS?cIm$dNz7>V(|)lBYl@vv~!XgFc&xdY)1 zX)t&hCq+`1z|Z%R)X?X(rO_)5o!rl?GUFl;GVA=@ycVKi^Fc^tM=VkXi7|1HPvB4!EtGBhb$RCx`@=E%%_BoNk@s6jxUPK9!oZONk%Q&54YkS{}JhznR^ zqGxt@S1ZOxV>U|J6l0hgU!H-?0AdYxV>)*--Qxz&s9r8(q@SGDKof7D3aA)v%;X6ZTc+P<<8e=h0~XCqQhX2pa2<+lLmY|JWLl zltj=>pFt1*wtqXlKO|G@bT|9NLe5cu?1(zOhN*wlT6nchM!}4J5El{5h9ZZv7&#-} z;g_)k8)qydG_$y_OSY)&81p`^odLffEN|j z`3-7N)Epzol+WY>wv;NzLd{_YcjQT%a-rG)y(acM`U5@-lyXQC0`6PP#vm%!zrV#d z<)koHtMWmN=rML#nq!*I01I;*aV4;GhWpG$25kXY!}>5*j=~CFB=UY{^%Xb3|n?>yO@Al0*Xxi zrj;;DQ!|zWd(YbOul-lBi+-U-KS}`up98&b4j~v1GhoKWN*hBSgf$fpG27IP?QG6X zR)~5r1u8bD_NDjc(Q$P%3g;jAn+C7|il^^*tRLzBOIs|cWvgQQ!PCe22037k936do z;m+!FiJ9E7olA|{1T(AR22VwA+^ls~NwP{ief@iltwY#jCP6j^mpodbDI-OHsY*n; zPR*@-A4Yg^`wSkOQ3RxqE(eo18Bo2B=jZL1j+3iLN%Y4re`6yWF%s_a<9ODtFw)2B zg9Ndy)V=K|TXB>gV;X4vgi2{6=(WSQh(d?=$Z7)mp4JgTYw}lNZd^QsPmGJHjDbie$HfBvXK?$n46(HG zX|u_1fmv~{*T-;fNg~B!jfR`{ru{kgNk2O0A}+|||I_@aYZ!O7_zm}1#i@~Hs^oQ? zLFwEqaqQBi7dg@19fU~mnrm9z+f$Nh$zF zx|~b~sM%&TZ#*X`821N~zv6@}{Sl2Yr@?l^Ye}{U1!e}I+q zYEfN2P?valQ_#!dUeT{|DO*V0M*Uf3yb&3USTI%J5Gq_r#S`H-Twucjb4nvq4uaL# zb?X_UeX@P$`JJ5Fmzob~0EnAM>F_}5H~V~O1^}Mroj;>wo`~TO1frAkQVT6&}RW;O@uZtG&`%h*s3y+))!%pzYp!Gg7*PX!@L+ zL#X1liWBPBu--&BHMB(D!vv>2;hNbf`_bvg;L(Ic&_uESR8JE%o}It}0$XP`#m!sm zBq)(D@*A^@s&f)qygF4+g#CS00mXu;XhjYik^&a>bb}N)K-dL1dD2g}sT0Y`B?T9g z2%v9FDG5{j_zpw7)i-wmRwsyx1ZD7W*Q%pyvrDJhYXO>PGMVE1X&`(|Y!YXe_L*Q0 zE5cKyrcHroh-wb9?Tc2aQ3t58H33&HNcm$mXeDv#vESHV$0k_)6WL7I@3m>Ipd8Zr znt^vO*WM(nj)TP@QgqQg)@0b~Nm|U47v=rW%zos+hB?x;{-9vFJ*^W-tqsTO+6MnmVOxk=p=ma z)P*)$@K5(kvEAsGhLFKGe@TVpF~l^E;&GU7Lc;NZgP_q0iTd&CJPC6%0xZ9$^>=us z^2m?CdJ-JlH9oaBJ&-{-!zHetu#J_ajiV>vY1?o%7MV#9++7zf6hDbMvVL9cSOW>i zhZB1xEJaYN)F(^cxB z#Jl?1?lXrR$*2dz^p1)HTQoCF4dH4TjO5!_Dm92zZVE-|-Rx|+(qt7KoqMk?1uQ|2 zxwR`o!TGuUcN7n*-rP&57O)&+ZX`Xt3~H>P)v5T2=>(7_q5ndl?^d~PDchLj4hIB< z80VfL5^w%Zp^88W{l_9neyhp~SRSR7J%~A8gz?4cad8k}9=5B*nz>O5%_N=lvuyuf z4k^WASDJ7cJ7%?F(Zhj#wegu(>g7Vzyxhf;#sR%re|3=Jv-!y+fan0RaYkc00tPW} z{586$-#*g(RLr8Pc_YX-rMdnIwzziPUdCCb9SwQDL;XX*~T+_>Kk=DL6c!RFp2JIw;d+SPGG~etejna%Qiq zw@}mnz)kl-A4TaRFo^mHFJm~sHS=tS>fsq?t&T}hpB_*O4#@zM-ce-7Af?j10g&*F z)iv4yXB=3GIcO|StA(6TmdT-S=LkeP4h*TF%!_(JbsUl&HlGo-C_efwpPA3(kW#KQ z&4neZ>>GPS^gqIMrWfs6?U)5jk6uRW6@K;&6}IZxTO()+)fVW~$lsk?MvnA{Q*h^= zaoF7g=c7U$-NWKm15Wie@!ZPu7zO-yE&qU7EMFdmO5|RU@fSzi4>9R-&BVa`lo}em zq&`rEXn5b#YtQSBPft~E2SS=#Ei{P?Ctb>Ul75$dj~f3G*yDE2xg1HRsy&mCtOG5G+ZH<8P97_5zXk^WPV8}Sf#M4*Bk)?MIVuB#ieEKTr zi_@1L+37RqjnkXptC-$^#6=XTNq&7I3-iStdjy-08JlGdcGzfX3eyED{f75 zbGmjTmzJ7X$S@rNk!GmZZGIs^P5aEH>@}`H8yzh@%QP}gQ!A94c48YiKBVH^Lc@zgJdPec{&0oL zcewYnenV7Ewtps;Da3Z-w+Nw>)B_JO;F2#D>};eIhaXX z0W>zrGt*WGe)OZ91Zq8s_1N)bOaD*#5Er9yb=UEqq2M7cNp;+@xqJEQT>mcY^)R;h z@1T&Wpq47qc!$7OW^t>va3al;P-zzz+3v!EUL5VAHK_Zj0#IkWif9X4@YYeWWK!^D z_l{4$Jlpy;+20G$6M6HP(nWW-g570#an z%kvDSN5LKSnC`6rTP0b>f10ccc8A+W#F7omlyQ`I}&uNh{vx z2a*3aqSImDl19HJQFGn{_T_0>4PoXk9m~pTq9a3kx0U~LKu4+XiEv3{%aRHN7QRbM z5m}*e1$>KwogoxS&3Kd$j=d(-n`*#+WCg!hI@=Vh7GP`2dO2@7xJ-_N#-AeZ}R~dl0g7es}KKf>N`YbDeL=Y)hxo z?5#<_Z>5oM#8d2WW}a!UHOJt@ORc3+X~89KpV!Q1Fsj-2e9UN~_`ELWuUL-7jBE2y zEjSiacF3N+?htn~3eIneIXDZ`wA>MrA>yITC6^p=kUB_A#B0@A|L3p5Qf8YzAVJlK z_%ynCnx=_c5S)^)sETseDqH5l$w-WOKB~y3NPnuCs4PY^?PqFad&I+&u0K$6+XCXd zg6s9?ziIF4yVmy9TBbTh;aL>vF)c!fR5z*Jh|Wd7alCPFn%V5&$5Ik<;B=~MMtdj$MB|>-41F5T)Cnl z@eIevT~I?Ev1@+lMnv@B+PRyelYr3U%cSI1g@wm5PzRetz-`8|&)WG~jr9Jwh}R9W z0o8pf2CGC!p1{38o{IrwE#rBWh8&Oz+Lk6cgRPX#N0s3w6%n8?xsxH;)P{209it

(1Z8 zWtWeBPEsz>1fH=20hBA*p2pgOAmFF4dJPF!y=xmdl}%u<%U4{Qy6n45kPUn1!1$e* zI=y+LzM(5&jAK81XE!g;e46lFk%BmYjNDCPD2{y{W|r&p;u)SXPpZMcXpzZPbFGF! z^sKc6wh`qrGDnR7#h;L_xS-h8=%;V!!%Zvq8R9F_EAd!jPD7}!c&Nx;U_fUI2O3{G3&Z(gRs7UdxV#A?Ikc zz-0fF3eS7^t=pz`qZNb%QK}EZ$d=HTfor*ckLZ~V80|}PlDnyA$d=pAhG>ikcsomW z_7B9E@{+#2i@)`bO9#umOZ2q8Rfl&9#GFjv*48~VmJmSnAS9m)e5E5W=S-C!aEQ#* zjB)O^48Qo1UimM;3g?zcQ4RsWI@H4Sg%ie|$Oj28r1na4e(5upq4{>0wxBNsEoZA7 z67t>tUY9b20avV=c?+ykDubsv^pjy42X%woxYAGH-q_{TuC1!QU zo*GV&8xf{A(B(p$kQqu)=P9Q+(=Q{d6jSgMgF%wbEaK?a5%jsuz;F45n3|J+94({x zLb(~KkmbGqe5Qfn=8|Da&h=7&4E?fhal4~9;X6d3Ow5QorT|DZF8?Lk?j0}J!D~H` z^8_^a&VU!W-PEcwH=+O_n|hVJ7?Mym%W|EvX;DMc;?wH@bi_ftaEC>9(ASJtxu;5+ zuqb)%t`0fhS+#94D$Mivfa*H+{#Y+vKW5O^_rjW+xo^6_$lvvqWaWbaGGz5d268Ro z34mF%Ez>-XnS!rB)Asyr^gfL6ygeqv#7LTi_)BPPCmnrwhv38cn)2Fkx)ehT)F`B! zc$FP<8`h-?Fg9`yDn*`Usug`N^R5!it2#4Rg)EaGI~grxd%4xH`kWaapB;a9mULw% zIfd)&1`(GSu|cI2VBlJGu<;#QTWc2%utG)Jj0o zlW79X7(U<*OYD!Jb7l^#jRLCzxO^F{>;6J8vlNCbQzi$9oe|CxpE~}oDJTLp=|E!5 zv;m($sOdq8j*J~nUne{GY&X{2$&X(mY8q~E1h`+>(&;F12oiacL$57UV>AOCGhk^v z${l-=%#s-#Uv}7Yta4=Y z%b1m9H|MLr2~f&=S-HjxU3_{zarX%h8jXL%4}W+7e9GsRSr^w;-O7)^QdX0TmO$bn zYqQLSByu68(F?E?Kc#8w7($g)my$Qaxkw4DX{l&|@08uL+M7-z5ZY*FGHly$1oyW# zc<)bQ+8sxZV_9U1K z?Y2tU-Cc%MKth|o6_Q{2KmEXF4K5*QE6+=<=pR#c>PnUR3(6LwZ|)DalSu$mCyh1W zK0Y0^k&Bf6xQlu5I1@h^o19DaKzb7Rkh!2g!%N;KtFa2^c;C7v0XSM}XI+Ys142%% zp3rrz@n;*syF~<9XQd*HWC+Aa_MCr_0-K?}hW{TRJFd<0{7%0-#*snp*}*;@Nc;U^ zr#-cFA(c`04`Tz!O+)J*qZOG_`m<*8JboVF$}%kf0)SY)$sF#cNILeF;4(;?=0!|Q z%0FeSB)IZR+h+ZPotq&=V+LCgs-KuLc{R?H{MrhiQD^RV7X^#kjQpP>J@I>mG64zX zUh~h{Q#fx4bq`5T>@;C{Wr3j9gIj92Xarl=Blwu7gK}Ck7L_k++|*&};I@-MCTBnI z&Y~f;Su?}rWL|70f>qutd=u|I@T7cLOA|}vX2D)L8;+yQ6blN9f^v|$;Q>6$dnNo| z&s0`@${sYiBZ%-&TX%g&&~vIyAPEdx3+CvgzlaEJRY+HYn0mllb(ovFQr7G%8}>ul z9j90}NvvvlqBlwkm-Lw0uDI>{u;gUe)Jm6;@-`Kll64sx5+;LG2XX>OesMNWIfVgO z;SQJIWT;ClZ@DRO9|p{lJ=p-?x*ulgE?)wFKBwPw^Ez{;T*vUs9Gc;@B#-!}G?&Ev z@cie|uN?vL0#>s7E+g@GU`Nr6qvFMN<=(^=Mx4HS7iSoFd=H(}88wqK!+c~c1$m+u%_>&2RB26d4Ra zaypTm5=CodFLn_R}zW`Hf_?f}uNt%#({QKtfVB31oy zYJAzfdz>{_Sum7>OA7+7pR~){;5`ax1!FZOVEO%|C47489cGglKlbdTG6Cnw$4@7k z&dBRRBfpgm{-Vr&WQHT>xE((-KM}Rz$ZDTu_x%9oagvPpVGe*5(vYU+NbK0ffT>UZ z`MmVx{YIsz39oUHW`xPvqhFlCy2UZ{+c5Z;UqE_s+&5EDgJ?ck)jcl#LFFvkYL{ss zS9U30PB$b+DoQq2m)^yiP0Alugfh>zf0<)da* z{LL?Q9P*CI}d(Pq(n%s9YF0s*brXAIVxt%}m+7JJ8 zl5&+((gViZ@1$mfO`qw2kK#Vd2!JKo<%F=Ei_^*2ShwRlkOa!?0(89KT&XE@VxAZ< zf4p2scGTo<#0`OftiF0rUb{yyMEAV zaF@c0(5_RheZlmUasairXP_7*ou&nCo_lkBwu68;E1_=r_r2JaMnlJ0CnKEh zz_gh@7eFV@I0ZWS(51;BvgVYXPTFM8BwMLODUR@Ien{8kpc7Yvsmb#XXX+Y5ep8vK zDs_V8y%REZrrH*4&kto!L42qE0lI9>?>g>5bvHv`u4D4MEXbYg-j?Kqis3Zmw_8`n zyHFZSNo3{GF|FSqnKb+75ZWUyz+%gPe4fPhHSRC&^qs>RVL01kohxe|<~ridbjs9* zW@i$Gr8iq~EN*U^j8n<6XN`nK=GA8Em}9r^MnuvVaW_NbCqH#mj($nv+}U-UhNWIT)&T6u zQ`eg`kK%_|tw2;fas6HLnGI(HNKb9b4*#P+pD$4AumYCmzV9S8K(&;}a&XBb0Wimt zpw@J05eA`^a=Bqa0al=Fm8Z+g@*n(d4(PuhWI_x#kL&!_3LF z_!iN)j`+U8h&DG|%EAT2Ab#Z)4#cy6qg%O(>HD+{2b1ijAvDtva>qw7mgGy#-S!t} zEh-kzqiw$@9~=5|a9#-wF{7JCxqvcZn<`6#AyA7Fm-?J>qw(Wj>JKY42GM{I-6TO$ z(xik(zXHwjscB>)m`5;8El6a_lzTrd8qX^QOa%@-4NxV{!AxJYaU>nRSf#=q0M1%1 z$_dKKI^q1NqfRMs47PB-Kq-#LapQGsGp3;_j`_`-N75UJLaKIV3*F9cT`rl22?gZ74 zHWs}sgc>~{n$H6u5-!>lG%ZkQ*THkswo^8FV1WT!^fAJzV$sC%go<~63*p8T4JIw5 zt*QHYl*a-RyUC8I^k=LQY^XG3EQ!$44|D% zNRQbNP-q&$MLPC+{Cz%$>!}#KietIDejok*96Dl ztwaSY<) zow|EtMk6Wn5ocbRuub2K$cL_zUD+JFwf5%^l;R^!-fB(qwR5z}EAiBDp0I)ZfGY$| zNn0(NgE~JO&y>v8(1r}!_ayk!cCtM}!vP@|vD-BgXmLEL3YC7xABwgogzV1O2@Ai* zp>Gs>4pu9B+z!PiS}{+`0kCUyiw_EwrmMuL$Ql5U8*DoD$0ffRmrANN#s`@M;vS}r zOE;__GNq&C%vPWSlao=5Cz-+i z7cMR9b0BIJRAx_{Rnxq@IB$agM(4q4gwSQY9=cIOlM&~<_DT*yc1*a)TNS-+kxr3zv@vQ^)`6SQ|gV!VB2eBZaf|h8Cj*Mtnnl^ z^*;1I#eP}}%OsJ+`b=zXX}2E(37PT4KE3mkO>Ban=EBzBaL0=(8Y#9oQCH9q^Wi@h zZlgFP=JtuPv70|`?4l=*I-u;Q$cQ(QJE4W-My85Ee*MJY!Ehj!n&Cc)61LT=0kfgg z`k;F4X1s{Y<{tw#+D#L;KW*!LM}*UD%eq?@tyy;Y;ws3`f*xV^i7m{$QVRhrt~01m zqz&OczF)ciwSrnUn$dEF)3rvr7aqsf%ynE|>KdvQweP2T*Hys#;MU2W zdHpEr1r!=uMGP+yPvMyKQ#Zk)?c8i@ z(|V-1_#+n0%B1mYDDyiYeC<2L`X(8aeEm{Bk0hND?<@GBgNVG z+dpqk{fo0U{gt<|}@U=bGvK z?Ko=TkKA-?C@0)`=LKT`hxgqan>S7bHWx<0iPgL*ejeQ_#bCb1*C4S)%>*i@T~$vQ zbJieEV_$W6or}m=CBssZ1)%h0IFGm;@QG5^n#PRyYAK1yI9p7Aap0L&Bhs+q>)k)50Z*TF{NNFq1&;=`e|QYB$|w9`sKX(%3qCrQl%(ij*ZHXp5y$9OQ`9%W?b`Epy&rcU7ec9$NERj#+1 zvHU|rAyaqB)dtfg>*8^XYLkXe7x~HQ0{j)%{iIL6-nH}tDaC0-j!?N?(3@W=SY^bx zan%s^(n)W`IBA<~iO>=>!H(3LDF-K=3n1iRLgBbaFd5_w{t((P-YOu za3XlZxHCp86uk>MD=QhvD%*;7k>GSO@z$Bn+YT_M`PAkch}($1^~enOX7F|RWnKsc zKX1Gom5Yhh9)GXF+BEI zi*r4DIO4<2cZVn|-b`{YqVdOP3HMi&7WKZPczLa&>N*mVIwR#(elxUuiDhoNxWZf}=F(sTGP zwDJdg^%MwK2t%ZpxkhXCU)HpK4Hjz!L=6?((z#=CTU>@WdvZkdDWCQlRfDu&=y{(% zGb_mKJb#CfNw@mgYCAA?Iz3hRQ2&XJ!}Lke6%cl+P&}MWBf@}<6MGmOvwY~NcS^l; znfq?IsuC^Ky6VHdQRpTl)S-87na&dW#1t}7vA8qIljS0_e6{9PsEd8A(N%NVEl|t9 z*Y_qt#xtcOD@BEqaIP;f0u@Vh?yHQMr>=Y+F;2-Ala_{(nX&0?o2KpJnjl73N;qzP zFWjR!FyWP91}@IhreEFT2(&(iGBopT`6a98C;gu~?Pl$ppsplXegN#xRpo?N7JTCl z)x@Ui0OTa2&u%sJk5^M#^mN=0l0*4_9XsBri7|R3n3V5l9a=c@aFs0<52d8JM@Xm76QZIasjxzgE%7vg6 zq{n*fsn~-%#5b#02TwCw0SHVjY4)|6Ox26Hq=z0;SU$8jG7mYFC{sewW72U`i8GjT zlYU7_OVLU=)VAOSpJHqGYAJ3fG@X4hgU7y^*b}gG%lMYJPiWj6H6lv?KUTnD)_*aQG5>K}GJZfl+XGCZM z?TVJ*ck+=#O%f&_#-ZLRO9VJ^B=Ajs_YA~Dwh8M5htP;7!3a%yKH_?8rJkgFu8TG5 zodctL_Y1@=0_tXULd-xanm7<7p?Dj284$-jM}goTWDijEVY!XYl}|2MOGP9Jo)Wmo zVz|lI%^AR~#+rG{5GZh^eBFtmc=u?hrO~t@ltq~V%!t{Vo47}@`~0!dyf7CB_Psxx zM1<~P;Pjle$DFRtuf=-wFn16J#@*&{pmkuzxLJPJ`%or=S#C-FPZ% z?%JYFHX<##`13sGeOc)szyb7rzEZJC!Lspy`maNbnf*}IU^o7PV5EY~6Ek();SWK4 zj#Ee!BrN_OvX)#i+-+ypSINx3H#$}2ez{5dz~6$<2dgF(5UId|Hztk7T+$Yy87nY= z_+|>%YxhWqaX6jL81eZlcaP>CjJ~y}c`6L>-k6X)nsbK@8&T2EOFrS#AW{(#@Q%>U zM1^`+?A16>y~G8ODy0_ND3Q|4C>66d4b)HE&8LSvZnc4k{s`L;VhI*ay~1DpeYbo}Oc-}qlManU6c;z)4LoV9b8<6j

^%FWQmz{BICp>o~FO>?7i?g*fC_p1r@RIp-7UIhw>5g8G5{})a_mV4rjdGyRH_q>PTh|5($E;(bXX3N zZ?2+s&RKFYU{?c8)r$DnFt)kx2w$yGSa!Da7Z0nJ?PU;7)yOZEGZN2?TSbspkA`cE z_{BYEsZ-Io?av{4iygg&av{61upw48yEJo8fy`Pu2QHM`_HFKg0*v64PbA>9!S8WU zs>AWPy=OT{@UZkfT&MJfw+}}{{YSZXP@t?hADn?&H!ujJ?JhQ&s2^aY1x3dbRQ4}f zq=t9g59cQ_%&`Gg+(&!t#-9sQ(<8!S#SrlFo6DChuN~*vG}JaMGUeRn@@uU#(58h7 z@gBJX~KTfE!gy9d#MxjNu zYDL4nYr-+$41@b=`M)@Ldf}bh{|AG*Y-^Si?lRz11s+Uq2v2bX87QPgas3aGJ~Tzs ze9)23a-qdQ0Dr(}YNyuZ3<-|({_{7MqRoynFH#rhS`#Ia(4`3Go-CSo*!wBHeLU%+{_t9Exh;{k>*8pKw(ubq>j}zX4)Cv$Q6K0!@qOaUF5iW@o(H zCq4FO4+SOG++un&{bfUNQiq3>c?~dG%{QV$j%b%xh0Y`*rZ&!tmZA=om|vrgXY}K| z`Igtxl2~@a_9BLrIQM^Co!f#eH;!vTx&Qx*oy0s~fl;2*bGq%lt1=@b5d^`DdW1qh z7FUqsp`X8zdAYnM?SNkYsKyIbJ4H1+D9ihD7J5>UJ={+4DL&$JtID5`i*=EE$rPXc z492EGn+Xg#3A#6G+{lN$HrF?jx>G?SIUkWRc(F9@3wj#8_lFsVVFvOVA$4m+S+G-> z%3nwGO~GXPrKcm&hZ=*+W2D6K;kq@A)THBk>_?O%?fo@_uKC4m8-s3#X3zv$@(lLb zJfVv#7-hcMnJ(_TTnlXIkT}C=KkVjePr{gZiKUu3fL#p6$+ZGwYV%V@0O9QkD>Rm1 zOb4^&=%I*QKUAL-s+0YjCbvs4mq;7q=?=@9MF7?x8VJA)OBl>FHd?}KS9^`edFTH# z1o4%23KH~vOYXaEJm7B;csnpBQ|}E{po(VWX_wJ#%dk(?Iw}M+E$tO(AZt24FQ0BU zFy>7wwWRlpWT7oF=k~re^+)zB(``_Y{KmT-SGB*pSxkb7xYcVtR;XoomoF#|s_W^u z_8W!~5W<%*u5*=@TEqjzb&gD`;`KAfN;ALcp3>>0>m6zJJb#?+6#X?j&RiT<=F^TJ zsFjc^6ec=(R(*S(GhYyGae9DomnFZwxff=tlG%KOt=yNuVW;L~u`Xs;{#A9Dt}>F| z0*hCpGZVd50+t9{0x_w@e^kw`D{-0iPbb=wR`a;7siD&7y?v*>d3J6Yy1uzs3o2kLK!LZPy9bgR5e(>@Vzt`5GETq4JGWM%lwAOW}Oi*$jxzDj`nT| zmelY!P&yhCEF=WXvAp%2b870s5}iRDs+XiaHZ4~xl7~tuIN6?*H;yJvFKW%8pMD*- z>d7T~2N`ks?L!!?$@~0F3X#U%0Gws%H~Kwg@ahjq5#OGacLQW5sr-z0T62ST99w4O zZUc-M8$ExIoeIR4$-XVTa7AszN-3&$8;XYOt!Tn2E8iP=dtR|aiJDx-A%)E(Ymt;% zeqg+PUnDdWgNLwd8!{7%Ok@U*lRFrrh8_y-SZSeFot2OR26P0Gmrd7FBGT1c&Af() z9F_QVYnXX@S91zbjS6CTY9fHwOR=QgJt-*{#P8Wi&drEbsWs1-!Tt?0U#unC%5c)F ziIgDZ7fp3@Y9v3^Zi*vkbF{U=Qy?TSHS$Fg!m={0fir4)TS}iXib=p=W;#DD&uFdv za)-C46p`1}@xG(A#LLi(#BcR}T!qv8RwQmU8+I!+=L)!N_vni!P3eMicsrBTb$9cBU6$7qe)Pa>rc7mNND z&qmwL>Nh-53P#Ic>jY#pvYY0ukvFI~=JshcPf{rUe6xFRL;!p(Z`8@a`a10*^*Zqi zPJX@ukSMF_J7tuB~iBWiNE_V-j9?X5JDpnWt(246@I8PdF5IS&;S)bt| zk>u}9GtAr(40I-A@`J$be8HA=cjh4L_8+ZgXC{L2G^X3D63SjI#4^c1%D;-iaT2rh zh7xIxX7nY!KyG!oRHeI!IH!eQ`l1b5Hba5jU5=+9m?5y43zWxICL&4kQcpj1J- znTls1a-K~ExdlZOQylBchbdSZF?^&4xO@aAKeUjB_$HRCj3tkX1s@~*@zhBc^O&tH$T<{Zf+KBuHb3-g%#b}S~w z0uue^Ny+Di9&&TyuOy&soFso!*Qlznv~KKMoS87&ZVv$Z2;1!sV0;J54hRub%uyEyR^C}kMPma-jiUb(mDHT=W-@Q9fR7IKlW zcHU&lcZ|1jCSS@Fxnx+vCWzZ%CvG#rltCH({&&4=ZHHA%!s89JKLf&NH%CZM}^KpyS|O&TT|L6nC| zc9uQcN{#?!CYP5H@pW6n(RKu+`oaX138q7!a!gC2W!Vspm0hRe5qzRroGROv=>XXil%uaS@G;DVi6# zFF=9h8q9^9^`s9jL50b{xo5^t^Ef8>pFd}aa4qP|8^PzhB9M2yFA)!T89pdY=0UtL zI67F4M*bkKt=!Jh>CEB%u$XXLlM3YMT1C_bb2joAQ71R~(2=<+ zEy~?)n;@JT>8X3hZJeU#epmjpu`V>=f#_%S3uc9<#U5HLNxN|cnAyrJ@i8GaTdn3N zy06rzKN94RV>heT^Yjixo+lfJdFBFA=SGk?px=(S-OXS4lh8O3h)71KML3t+#1O_` z`f>Oc`7biY#ZPrt)?zl4R;IW$ncrB#^o?TrFcUlb@WQHwk*qL<=mN7eU;2S{6fM?Z z5;l$%36=u_PfH^BIHxoj91S3D-q}tZeGSP8>K-xB5IxTqN6)<0Y$uIFmOSSZZ%B}x zw|QMKkJ?=q-Pv_B(w|hM=1bZ?60a1ef<}RCLk-25^I-|BNB@a0p)4j zx@w_&}r{n51RX+jfDcBuoos&$i< ze)9)bBD((yeB4N#H_BBcRCoI>miOXWODNL=0pl#&*IF%UZy-H~YuAR!L?>gzM}A;mjYt*O~icpf&u*z_UEp@A&{ zS0J4K(mj4pYi=WpQt4)=W?%OpD``(-G4TR>XRkg1G|pf1d#_}tEb4^;`VF_L>fHUD z%waHxvo&RFK;IEBmjY)ygP@T^re0kmF8d>D405D7rxy9l2$Q(UE>l+SL&ET}*U(2| z^x>OHgbhv1w&vj?qWm2Vfk(^`$g(+$vobSTODKjux3aKb=>5;qQBUL7- zqG8>*bmucDX?z=!>5DrjiKAARdNlKXx4}fjx8r>HFEHehmzfI*sOZ5Df=t>}t!Pq& zV~IKPZNEYDbETHw^LjJymM$5~FH;q+(O_(FAxG3O-Jn*S`-RBlpnrA9zZ^NlwRbcY z8&Tr=fg%OIJ3jIUvy4!i=v$w3_!NckHjknfxspOo9u4>TnIB8G`v~`lpeyiQ`(U`( zf|IsajI804?+~jQ*H5)Hs(lEPQ%o8;@(T`%T0ZYuUwt=Sa!~mo_wW%538tCMQbtK0 zU@Vu1$5fU=LZ1O}R5kXa7jg_h%p15zpm`MUgSG%pr7t-NvXZ>ZJnwj36@`lT5k@?- zgET&!23j@-gV~QKa{A486MSRP@&;=mkpG9v(f;J!<+Y79O5|Bnf=c?!5{;ksO7qRKZ&xC9$ z>s&@)s%p5ZJi{onZu!&7u9MF{L*EY? z4+M%xWi>i1fGZbOWWT7_{onm>MbiRbiU38`;A7YwL~$4`5FbA^hhD%{=`utfUj1r8<| zHy0621V#$^))#lXVvhl`GNQxg%1^|u<`$u0Xt5If-Tk7P|B%`l_Ba2wN zv1w$^A$g@CvNaiELX}CnR_1UE-tudZmL>RQoXEqw001BWNkl;b1Y#N!F2ndn4hGGs`=^!T7{Avpp&ZyBWC0|n;{zDb->->aVm>`VdD)#D``s&z% zv;c=vNw%%1ufqW8cKO2`X1`qU(xtqMJ9?mslFE<>Pp1)Ec1F0yph2?=g|WetDTuju zGjQ$gP2Tpc4OC$2-Lh-*Jeg6l9c=`F&aD^bpJ(-Z_FXqUvb}d{V3>h-V;uJep4ODuKr+wtfiB3;Z4BWDk8gkwvXi#Dx5^8foF9dZruh6NGH|2l`s^@w*Ez8cb$|Poa-%iZ!-F)c&S*SV?*&+CFYcXXk>IB2N4&Vp?V6wOE#2oBYp1Yw8 zq1&r3?!z#jYO3t!9JgPE`1e~5TcXGrM9abf2iPV7AH|$ zJnYdDci#)oQxP@0`ZbGpHE>M`7oq!EEvgA`!3zmp?>V|!KdEW>QsLNL!Ooi9I_$jj zrj|94`D4dYVBMDC%Yi3Vhq$Ko-pw}U;|ozDA8iNkmKNie>cH&ANsv(zWh8qNCck{= z6bnoc76nJNozLNMPeEuD_FiW)c@$1GuZ)4M$?H6Mi+4N-( zlVZ8=Wq#CpxI8=~XJ(tS2fDrXZmwF=c)YoNBf0%-{#;(5wCn}puiz#NkG0_^z{>AH zL@tm(NdIl5a}ppLzx~~0@+E9evUMRD`xz!xv1o+_Sui( zv*Qo*ZrQT@)nh~WkM!6?R>;p|P-^l>+_o zaiK?nuwd1?)A5$1?%cB?UBJ`%mMCTO2iyd6^B*{xua(C(6H_Kp0{vrZX?TbNCkQ<3 zza_3gTGk`!GJU@LSeDlNh8!z%xr?^bNSWkB*Z2F1(VHDyM2`Qij;j-2Pv2N1OcRYs z^Ghn+^@*K-VJ6#|q#uNWB)5YY9QJ^PJP8B%e zt{UuIGN`y81${9_%4$3!pYt>SuIo)GEvQwyX zOP&8Zd{rw0k#f*dNf5d&t|cJ(y6wFhV!~!558q&jG1XitrAAnG3>L&LOW}%1Dl##FG$fbtB-B{mM z2mv7I3UOfL`$2y92bA4*enar8f*KGpgtW292im|h-mN%nF`PZzu$tmG00F0qb{_}Q z^IOhp2~99!3LE`5=9W@VREuqHdGERLxH)#?F;jCc;Eih zGk5Q*{m3U|0t&||R3$mLhFa?odDyWw{`6%#r#OE`4lW^B7z*3oeGT<4R;oL@;I45TB)8jf%-^;IG}DQwq# z8comSCfioFLKUkQ5e3tFJ|?MMvX|4rY~UdHQV>=bEqiCDT|f!BpDKDM-}^L~m^q^sz)-p|97B#qelp*066WbZ3Nz~9xgoS~{oX7Ohur>JD&B_+M}?uktU`D(-C zw5$aRr@KF8GFPu>_^&9M7y3g?To%>THP6Zax`^p6&-uoz@I&M~4+0TUpE>r8}IjOf&(_=sR{ZiPOjseKsmO`>wl{z0I&6gyoto#UETbx zh}pw69tkEBUnN7`r~ri3Z)cw~<%acP6kYStO79ETl``OGc02H#g_1nCan_{f#~D_b z*IrJHXWq^mGA$|Tn-16T&%@AE^@6Yri3nGCc?QDm;7jUX{HcBUzi_c?M$G1NKNF}! z1)l!7&3SBIEFH!Bk|bJ!ly|NcQ)^PTS>#iR!7i+OhBKPfgPx+UP5#&NdSBwtiTUO> zm}K_F7_PW7&CEA@JlVsZ*WLGaCzFXDrAr%)vIPq7y^I7I%;)%WRT@=90Qu)?q@9tG z>iKJ~D3N3n0z4G{=SHIvivNk&6glNJ8)J18R?uBlJ<{hqC9$J89qO8S^_}nT%yp&$Dzz zq6#33SW(l470N~rC`Y1J>6$Mi1mPUE-K_aOuAS5Up$Wd@SW7)M3d3m$<9rOfd}sns zM^@(KUu)<6W`1{EAJJ#3{7l5u_)JWYPE$?KPo2n7gj{PEfl?R%Lv--ExhQmDfMwdN zX}2=-0+u5b{RY56Xjz8X{d}1dw+66Jh4tder1WY&t|x4qvCu@`%Kyk3eW-PTnK<@^3cr{fhAy8;7)3Z<9bVrA43CCouk==kn# zu9W6AbaZ=@kSSGs%}q|bP{8LY5e@}#CCKuh_^NTmrJmr59MzKR!dhh*N5XGdIftxU z6vR~6081D#;rk7}T;s)BVh`49rToGB8xpY093Nw6=f|r$~n08igP-ji*$3^mZB) zD-$aK)EIT{7o@Q+`|3stu+-Ms^gxVC!YlQj5}mC#nNrV7!$%({@6H4$GcD8I!lFji zakQ*csitVUMr?ofwa5vyKDrBHh@XGEa9&TBMyFAC<^XZbl z2Rh*snr@`|8{TY!YQ870Xjp=p7^U;7BK0tp`Zc=52g_AB!f(wouyUeQwTHphKMy*b z+ir4J^2MQeDP@QVyo`#hv+Q*owr2GF6jhV^ejL>aZY?*OiJ1K~>t)I-mOJ`K(;K~8Df6_;4zq`z5^xJuvgX*#UzaF`KNH&FF3Rg!t)Q3n~2s0UvRWH*V-jx&e4h!S*AK$)5J~?=aG=b<+q=SBt47yq@$zBrcjb!c8 z{E)MYvG+7kRrlmfuOU2{_QPh&qL+OggMo&Pk~p)o_Ve>jw4r)ni?~!v%;Ei6z03sC zYvp!RnntF2U#$73rXU+8ErYvLt!2IW>HYfRqBHq>J;U)D^G<5&^fUe?ta0%4@yQt{ z zCWprmlth|I$D?@&uG`?C?(=r!E4VQoj(JX!o1}+2 zzH~cdYBKZH+8ggI9R6a~WN&^Hdq-hZH+^isi)pL)$ZqL3->1vyt3^p_V?S6XKy^ z92tCK!F80=ndjMDHFFucrdu4&R%Tup&ROHq#OchK!%2nhC*$%b&v_irBc+vkM4^wB zaXB^KFzg4L3`Lku7{_|FHJhM8$ybeA1;l*}KnO1&Ca)I2L(SP0w%ghrFpyr>?Wmd| z60I`>Upk@7PWGg+=3FpZlm&QNr|JgY=biF!3Ck1v>4M`z0MqX-rZ}E~ZMyB$?%(tp zB?n$(704Fog$XTAYiX>BGc4l49+fy`8pB98>agBArhOvI{sDB2zL65u0m@SW7CF$K z{8WwtLya_$1E}4(dUGgBJv+n=5K+_NkuVEnBJA=3xCdKj=8dhHpXSk1ycY7M*2^e{ zuUV)*LY~)L$J3umZ0ciXcV6MqQ0b*w2r(`rB$_Q+BE=PXvtAK{zgOdisW{k59j-2z zRu?fC>~bQ&-(dUfL7Wwl_l9##zV3}YKgbXeba>Q^=KRN|DByJ}>A&-)kl(rELBguY zkwo?-NCN8$^~>0L%QHU|iz6?yuk`^VNxvL)3n4k@G>13$c4fk4Y-rS}5S=GCSIM;B;6n$&oW%v|E&CD4^eEo4xlAWbgQnPHrh z8v*$o1jOX1@k&VdJ7^7>N@N6oPWA|UEaDWHtKeL2E+L;kEDKQ_;vN!1r5Erzy~M9>38^~=M|Ov=1pgG(J>%aDb1Lk9r!w>!PPFLoXMD5f4Q zhfAf6b6_ycTFe9gJ+B^Zn)DV=fIB}Ei0qAk)D7())niLgK+n@n%owyGRg+|N?6%9u zP&MzSjy;K?X>klc=Jdn7lyoI$pZxDI>!H1~KN|>6`CSXl#v-MY@3y|O`NT+XEd8u` z9hu`sAdO?A=`mz;G~6f+PmWys(@rw>@vKA0eIB01365l#;^EAe3dO~Z?F{FT zCyj%8_5kBACXneJj*TYFOI8Ae%jk-XjC-)}RcGhqC_OGLRjZ}c5Q4Ct&}+KPKpGJN z4kt@9UvTYC6PYssu*73-rGG@pi96%EV_0{?yU}SR)e(sd;FMZ^fLNw^1U()#%fJa9 zk+Go*DNIM48zEPdG^ojLL<7o16eYew6 zuP`T4LSmrT(1;}YS>BS94*xDbm(ka{mR`dU~B_QrvYh?@gShie^PJwnnesgS^6sgGGxv!8ai+?}e)+mi z^x6c?XvuQxI^8+cQ074`i*w3g$OsZOk0-y3%D*mMil5JJtnq^sfVk5zH)2U(@!&p3 zj|HjVIGw#cP+h-Vuj82^7?@DPTH)Q?Atq~`b>NPYSz24?(c5EtSx$GAQ86D53Y&s=I!8(+0WU-y3 z>;8zSK+?FfUgF{yZ$8cjtESZ!XXTgAs9LF3;{fdNl`#!=gwvNsNg{wiJAatB82Adj z%)Z!6Jw7vOy>S^AnPXV-E6=Ki+{*}qTl0>il?Hy8ysyE&|@i;J8iA1tkQW z$T(%<$IqeYUW6oH4E~)2tZ(Hfij|HH?W-J{bjnj4yN4DLoBJoO%-hFGrf2EHffAw) zI&jCHhB$RfZk)>gvQJNe!j+c9T{dBz)|We%pQ9wmAzGZSQliCXjegTUUnZP|g*qvV zn>SHQi9f>?WQPm`C4kOYgc|hBAx5(RsVcB*&G1@mNgAPlrrm9{(~Q zs1Zdf!+$f%Y%F6)=1OD;DN=6;z7Psm+DAPp1Z1lf>La}B#W>tGoi9$^7X*_~CQiuV zaj$J}cKrvXqJ+;uvwrpJBHesv{PMP-IRA!A6J@$={K@FK^eMFD)Qn~=t+}|Pvx3uy z7ee?Nxtc()945aeBFSuT6EG>Oh-V!|0vGG>H_$y}&4>61%zz&6kEvuE551rd_AQ$^ zJ?v^6i|!&qaHvNWZfEtvC3XCf%Vm$W@iXNXeROAG-|RB2hb;SWQw~?xA&6!nv1cir zU%pR-1lJjLnaR;jt^yrVrioV8g;&v~rzND(BC}Du;xfr3aUb?vH)1xK4 zzB>nFcGOy!IyUk}c~c?lBBvCW46m#P~A# z5^LNGRB2&Woqh`*FIgea&itewXT6nd#jGTk^IyODMjT{3;&1%RgrPil^5AhVf;s$X zLW;R2x6Ywe&4Z`Q@4fwno6h|7r1vW#L`vG3dBi#7zB9o*%nhr@YKB~&{aEb zeoA8SuBM1|8^Gi1VLL=b9^*HzEszB2CALD2~`nLZ-l=%|s1l(O*yaZVG$HqWPumt}`Bj;-;4 zb@Nc9zHD?N_&c}5<#0FjAQn1j*H2fEq%il__!Y0 ztN;!GL=}Z#Q=i!>+fTkRnL{M%4@p}=v;<_#{DbFa>Equb!xxq%?z%fwNXw}%3rX-5 zCB6y3&mn(Z|nY zZRG`mCpw|-PhZ>LLAmCwjZT-F!NslC@lE-2H}}wLUP{g)xAD6(?mwggx%T9(n6oFs z&nT+EFXs4>@Qat_*@VavKEx5g- zpO?<+6I_s!|CgmLcZeBMadlyy->XQe!l{55_#LQ~r$X`l0Qo;SbTvI=>4{;Y;y91- zq(cp1_hfL|EeH65G!9q-0~X7m;Tet(rsX)Jq&CV?g zf0P)jkS!#dogT2liJjskH9{1IOQqp7Ad`8)9I)hw3`lyJiJw2*mr_7RL@=vur$I#e z@H~nHf>8Z#gvOSrO=2moBQ7z@8^15Z?8*a19y3O0{vpY;_Zo=>^?WFhRV$8<84K1= zhby{>GT+JOp-=`&zU)sQ_)GOzMkn^$UP2prQJ&R*Xjudl-x>cKS+naJr>JWZq7o-G zkgdO%O9+D<#CiOn3hutuQFneCc9R$E+pOZ9w}{?o^q`%^sT`+)28u0;+!9fp->N4{ zVrBIC$b%ld`_N&JQ`dzYQ7^~-|_jK#!G`UE`Sz9BH`t+B4#E5cqJoIg8K|4 zrZSQ$U%V-cfIRPaD=WIBow3u>Fq7stFFk0#cnOAhdp&ohy3Dx?o6Hr_GI`^zrB?SiM<65WzL zsEhj5S8Hayzj!;nnFv=&F?(aFoLc+H)3mLP!tFWP(F4Wt^iEg)e3}Np<`WxI)1DIo zur3>4(>f}kBzCIBdFKM z6VEl(#ap|7QfI=jIhs920AEsosmS}vcVIDIrQ4p7v}DUWPkWV-uK4N0vP`zo{4v}{ zz%>7(@`gaU+8`3^P&A&d0qx7_s{6|No_Nn# zv|UHtf!!x-eq*Prnpu|J*(9TNQz4p4j5Db2W8&gdDaWESQHrL?kg=bf?&ukBVbNM> zX`*swk--Yp#X0*gFi{GA3!3??_a{;d&IDIF zfMV(@!K-X(u}*S(RKuRIe)wfhg!t#@nSG>>-%&?b$RiEVZvwpjJo3!DEpEL)ivV*i z;mr4zZV=6))y@y4z}%U7K_XO@*3OrFR~P(%ukt7l>W{kqualACZ0{ zzJ0`>g2}_J&-0gpCNrYZ`&EgHC3&4eJ6o@pqkp;47P~zs77SHxnM9^SEXNJ680x*5 z#XV`wS6F$fX{!Z*6n?r2n>=bf{E}}e0@`1j<{a@?6+JktvrTH06aK@@Qu=&QY?YSE zSZ-V9l6g9dvHWQV(Quv_|` zXQ^XJmn80<3ideaC7haL4I^zEt0Kj8WNSg~sfr^({|08;#usHJkr`fl-7q816&)G( zEV3nlJx#s2lx1G8zASk;TzMP?jFb2yd;K^K$yZx~r%wq;+tsEc0IJUAUm=zw001BWNkl~IioxHOx~fe zEio}(!!Wg?^lY01tXrFCHlt!CE7rfQX9VnmKAk|Q(ui2tc9%w;x!0l|Pt`xnFeu<< ztV&Wv_bdhD<^FDe$>5CM3}dzI-aKv}=j&-wu?pG+mguLudcpMxR4))(XUDQpFxvtTBk7EMs(tP7y%#{RFh0qKeak&CbENlvDO{Eq5 zfbdW1O=K|EAoapU%Dt>JJ)hehsgjFYLd1s+7HVXIIbwQ5a2w8-#1a^)y*}}o3Z-6PwTppkMr;N|4r?#h2K@ZC4i5!d0kDO9VQ;_dZMV;?)LmgyaD471Lt|B#5SPDCW#P51thFk?_p1`q7EQE zab{We=jTSJ!S5UoUR+ydm9T35hz7Twcr zkbulKt55FaOu@4_m-QBo572pmz*r=P{nUtj(yLIZ83vofC%R2g!l807+X}fckeR4F&x*R~8Q-p`#MIo@0%hr#|&=Sv?-}4ODcvZt=>iUkjudaZ2<1g0w zNk7ulGlQOpvguK!$vEhrEWci09lq^x2rqo;_t8H|ci(9zqBHAUzoEiBF^fZphIKRo z2!In%ng$p~5)F7)xrcZDl|i6?`IUeTGh``VBKq?aUFjBBuXOY=GOXaqA?J3_9{qvk zXt-Y7mDHH3*r&jIG)VFzH=%RGJ_Gr zT>yWb2p)z4s&g&C=K@NJ@Z?6*Lh zJC1BJ^nuW&D!ZzcXjm<;G9{U}9yKcLJTVNk1pHWP|JgO4VKl=u{0cDBCa*A<>>wzw z+icMjsI}+c^9g!H*{WSLz`*VD;&EF~|~b_{W!3X3wm&JM*yl!#3pW_<^Bh$b&9_E6$nwA=vU8w0kwHRS znBXfQ6Z)Zd3YUS0aU%=qVvL-P5D5P0T;co)bA29XdNRVdRF;_-i4S=U;raNq$^_|8 z|6Ebw$urJ;_~Ed%j6II7W#_){O{dSmfJQazr}3=aYV}XK{2oJhhRsB4OvjS^eyML7 zGHPEHNu!23&MuEWaUi7*Z4N1Isy4qw&fR93*q-KvJG;?gcPVMO*eh z2;3NwgImYQDlT5MH?Rb)sQG6c2C4J>-<-YVtPBGE!(p>HgP&S3flauKLa6sR*Fd5V z(&U~mLnHFUe?_|#xocT|?~CwqC?;rA!z+n=<(4@)8ov~8#D$Oi2tRnZ890D0r{YNH}`-Q|KdunPT|Ha6$9`%z46ZDHf^MAe>DFn^Oo zO`L8cZ}&P-urKGqGxBQQmNu6~TGLJ<&q_a2GNmRrBs#zL-1k`W&$@+KZ3esk%RsO| zSgD5GTu0bK>I&=J1aZhYTKV@^^0jiER?F;gca@ z$K8hsgm!a{jSlNzadn=b#ocjnhkdGmIRv?hRJZXvM=OVQL7;?nU}!u^ETuJD7bM$Pv%u45I|ujlhjm^AD6TUZ z62jey&%e|@VqLMhF!7asFveHcQ3H{`Qa-3{_b^A@${i#pXR|y!Z%?MOSzNAtB zV}xVmnTn<+8fTFWQ>l>#Mni9NJv}Ig4(^ zk4~fJ?wafDBE;NXq#>e9CSlsf&c^>liH9McMF%*bV(&{+&9gI-@4`4l`TXS0b&XxD zBqXpsW);H$SSNPAQp z_%th>ExP<>ksYqx(+KdTU4)KfGl)$gE?l|l>L5rFQ)>zE%!deU^kzbl17HA(JsBq$ zsXeqX>%<_qiP_|w4fy)4Lr`v}IjxpP!d_jsU0gh$cTtWz86kLCchr9ziVdI%bFEI3 z4wL;$iz8o5_vDX!5v=zYyAK^|n?suAxv?+T|=oR}L*W4cr+BYuuY``j^$ z`QE&gDaj7^NPv?PgvmYZQZvl%;w?QKU;S`KO>CK|NA0EyQw|kX7~Qnq&Io+*qZd|C zsAx^z_s3?;BIbwJqAdSpa|vo7`(-pvs?MyV_9OyG_2>#D9S68Cf~Bn$7k**{&L-A9 z+Qo!P_g3mBQ4d}CoN3t*G#@KN7AhO-e7X5xLZcL0H9U5Y?`cylV1Xto@`W1VrHY%Y zN!>iufa4k>q0kHx)G>#hi&FztFlZ4A^9oqsf-pS!_WI!2MnxoS0*-FS1c@Nxli5A61@#y&`zw=f^Zd{M{1cf~9d?uC@z7$?@aLZ)@zAi^ifI07;?TD4Kkr$MaLKVvxT;3_dzp zBUpw!UrC_H-u`TMFr6wxKPlNvP7+0^;hXuHgeDzJQ=Y>~40?8Uciv)FzXP>R zy3<09FN(DoW23+-fUD}8=DKQM3H|mmynI5YOpY|a{|+>)AdK6Owx1~32sLx##eV4y zdRC_v&m%a_4x#3Pk0NsC0B}a5Dz<&;S`{?UDbhE^>dht&qY@FQw23qS zjvpMg8CF9RW*+8KLoNf&Bl6i}Zmb6CR5gQuA=MR?W{U8fMIB(tp4Z_zX`b*%+lH<@ z#c=I*i1Gk6FFqg~+Mg#QVRILvxIV8=q3vJPldCI8Rvn%r0FD}McrV@jYuN*v)YW%ER~p5Ck^)Oyjff_|g<2|$4fmlFTlrb0M;%x>a> z(veb^`MUJx3Mbxux^u3t4)WuvOJo!+Uksmk-j!R3V=~K<6fEP8l-vA5d~RX+7>+qS zIfnaqkX3G{_YYliR+0A76TLre3c$kbs6z_6T`d`5>HL^Vo1vNEywkt7XU^pc{fJ;S z9Z}o1DL-#+Vk1APDzG_WUr86e&6&jiD>QDWZc5Q{+zE$#YtI&*TTD z2|u8uZb#hGGn&*+^API&8NBw(sc*Gm(FY>?s$nKLJKcp}GA~@!DmaUX!q{HE45L3< zV}Jbf!u}SA;>xd;!o{?`~U)VQw+US5t6qrgbpGxNBR^#irQbJ?*vJ_7yDl%_3S?^zB(jkDUf;rYU zqH!CX?Z;GYxBK@8kd>(Lm*B#t+_Ki_i;g=#ah1DGZkKVGJCE4Yw29|;f!oC0o*O;* z$3`Pyb<4CZ^C+6#* zFULi5U7v`>QdgpV?0Jb0KI~Z)&i4Fdo`m)Zk}M55;-}}hR-W&ZabNtU#GJMA1d(vy z{FgoQ+9Pudv~=efeLpWVjOF>tho;CP!t1BCwvi%uyyYZitN+kXMaFhX$d*b?Mo|T(oyO|;9!nymQanVCDp+exOw`jm zyt0H5hJHv&6`z{SnH{RWrz5+G!KXc@H@Q~2@@(lh{Nz>QjywH~=H=^*zyKBjMhv-l zti@_KaOM^U(!bzMrS!A3Kl`j5I3sbNcpSdVO+YG$<5&~m% zqV_(E*sT5F=uXsK6OZIY$xVwXjf+-_=@ywf@KmRb3cuW_-pG_L|1w1z3DVX}8G-+Z zXC?br%MqBxu5%WTLN={9RGQ9#r#>94H`eE3-zKFqDy>HCDu^a9nogA#C*MS2tr-Lw zp%|QG> zs=lWf*Fapi{<ZVsSqd!N*%nwBxT(V6ecPJMt# z70bHEli?8=Hc_2H`ejzwo4JmvaB~wgxt=YRH=sapaOz%Xe)Vjn4Rjg(z%MAFHNOfS#jk0$y$~kx3CzmF=-q@UwGo&^d>WsR+*E9PrQ||;h2x3o65|gcKKiY9Cdg;ri zE7cT2&dj6Xd24SOEF35+;T$|$ep`@HoMkDdJR)zUieEh-AOa+1;G8RQ1IU0+eKYqv z2tf`-@~fzsga(>=Otkglje)o*V_`WbnpK)`VepGG2`&3)<-mM+|D5}5XhjR1tS^j% zO3>7hfHUvWOXoBy@}~lRcr$12z&B_zbyGo-?{`18LT2QivuxHBT+rkZG#mf@X(>a~ zVloXt8{1*U*a;Cgph^-g;h|p(Xi!+DCm#KxY6S*4d_Vr;Ckw{MyCjnvyV|#xl5@PE z>81N6Y&REHuhy$yXesV7)8V4ZjdBrlQrLOoms_Wk4j!V*+QBM=6z#XnEoQ2Ye(FqC~>vlFT52F z<5KsD+WT`cG49G_axVM$_atUdeoT8iXoP*w%+||UnhY#*OWeMd!ECSmO5)A4%L|NC zKkun<0qSBCYb7Q7nofa_L5j5W32MgFZr@EXu&xA+r{qoeZRW{nuRUw@#5_ZmV)qZ} zaQqx$1`#e8lmS^$2mr%&z&l)y|B4FuN?KGQiHuJ3$H4Jm_ycjq5<-$nWewnbl3kAeE2~(XgP(A(5&ywbLeQ7y> z`cJSG-T7S<9HasoW*dmRxO9~#Vc86XHQnETzQIr#Nt!n=8JD{ad7w6tA~oLJQM($Z zP&|CB)G>0z4M}woB~Gg=DE13z?pa9cZCKp7+o>Qt7ZaA+s1R4xDX2NSM1eOeAlXPh$&Rs;CBs(7A*|%SjQS*vQWL zghcYGL;3@8xZ<_mWMDM+_hq+Kw-lNfdR69jif`E>wtv8m{=A;Z^bt*{I4Kj2Z_>9} z68%y6BlF$8QkZ;7C{oUZe@Y=F&d?+` z0AnJ<&R+zmes{5PSmqt0@6B#9J zGNy2~Z9_UJ<3|x2S3wWz}4W`k1LJX-?V;@?&u_DL)r0MEm08Bz$L&}@#oMRJ(`v-Hf-VPeIab`PtMnmw{rm=@k?Yxd{)+Bc?{KO za5#{~!JN_+)thjhNk*FiMFLu>&MW~&uK*HilkoNTT}v=|-fuf_e)BwUzvpZX+ zS{s=WwXGTHmXzR@Zg8Aad>6?XE^WqN4hkfLrXMV)p3C$Y!e34OV-P1u8 zQVDje21R1XiQIr^S(=v?ydC|l)8ChJ-I6l6Zgx;$=n^WOA`nE& z%xO|l0=Agu;w`|(_VG2THl7Y8+lJ2P6JrxgxK$G5>NmOmqw!OvJOa%=Ww`nPwoMy0 zU{#%G-lm?LKL=KQurdB-5{h$7b_5Jj-A9Rt2)R`{;hwuI2LjgrJQ(N`{HYJQhYU=l z2F8`P^5Y*N{FvyDrLB;qEfkU&=iv3(`K!-etZ7hoH7}y1`PL^ty{OQ!wHE#JHhmR* zpq^UI)GLs%SCx1;Gqq>Tlm+DA%MF>usSp9!;Sx_gMz+!IvKjXeq^HhfQ=F*V3{>RL z{bQTec+b@aq%=DV{Yi@-u4=w_?m)R@giWG`^A5YRDlhR{1KJv$?xhFjB|RdG4uZ;m z?UmGix9CYZam(=q3jy8z^Ngyg<#Ga_i9FssenADh z3OQjkuk!`}d>b&Coi?CSyDQD)zoT2m$}quWNnm(so$TR(4)+1U&48|V$iTW~XFE*FHB_gTO6R?q&L zaHBlHmi%*xlkK!Ej-BgOT1i+p!bLtFM&7JW-!SEfZ(1ESzeXv;y;S2~USavCXQtBT zr5?<5ndIoHE5ch_DP8&?cif^Ygow{nXV}5J-j7e3(aTjbZ!%F%%HVRyuU-3<>pbQ*s>Qk#?>T{HuXm z&~4RNkc=tAc?VWYSQ8uVqyK$>3~M^o)MY?`IQ9l>1Z1-v%>k50sY*q;kO6RxzsMkc zgR&|?m{fxZ1J4RZYOulIpYrTumT0gu@1%r7yZ&8ct#u3Vlo3Oz5dc-^L*wH4FcBN% zhy$88GSyf0r6Xxxy5sZvL(DMMP{ElD!{DSA!}C zwyI~o(?E#ETAikk68;&8xgTwEDy@6bsjSp9$GbWRn1;6>DWVJr*j3`zblP^*h-4!U zCM%uzalJo0@AKVhcVijrHfZlMC*vsWmeW|RcOfV;ih)_p{bF!!GD`%)c2ZA`Kuq8q zn9)9M?u;Zj%`_Ss7q+R)K*BGPGBy_quv80^d}er$aW)BtL+A+2t6jGH>_6aP-hT!! zG^qioyYfe%a$Z;3q@g$f`mFDLxmUL2 zXC8f1+$!BTc%JO5QyP_AO;IFWH*^P12gxQh;b^P+8K)Y`0wB`g@1u|AkGHp9>LgL2 zGrqKbATUgQ0mRo56_@&Qb`45H&7!Z+9oM@2biF{E@+6OHH5g^Ii!2N#eKgjsF@Xzv z2q@UYrhJ0>*Mydn{sJN-bm5w?F3zj(3FJ#cC#av}s`Wx~*6H)`>qw_Tr3)p>3En!P zOAs9~48J-4{%xM_eG2UF)C zwL-KHKWD;92i0V8e4NwvbSy$eowZJurFAH;jRxpEielexdcuE;1?V z=TTZ-(7!+;e8ZeTypkvl*|M=<#swLcwL#wYZdc1w^?h9Nd5aZyftl#Xb^Dmt*-^q+ zPr+r<;2r-GB!ktxL;wI37D+@wR7+Y-O|>Lqy1O5W)8W!VDQTBpF+YZROa?B6Jnd;8 zr9i1>Y^FnLa?5Mh0!u_y5jO66D`kH9`7sk#IHCz5Q=)-m=nWk)muYTfkmne=v(mKU z3B0^uF4RU+n}3LfpGi|AuW1zZSFl$;>6$3qHTZ&J0ao?$oKEn-P|Sg==6iVZvRUqK zY$9ITsrwkt$?k=EXU&Gz7k!q$d#V#-6|5ValMla6t`n>Q#;bE6PpI2Q5CB)HMzB3> zB5!n#M&F6CY6buY4f|8dTSViXdE~vXCJ@FY4+Wm#=ee{1k5qjcO(9nWGNL9Tq8=h| zqlaus`HP)WhdBls_~q_mrwpZJC#@{&Prvbez0YbR4H@Alx_i1Q=WXjZwSe7-YfGo5 zn_9nAzfA=HplTA_tgY9X@OW`b=@cKDStPTMtsW;O{3msoDct=k=!k6@lle$?OfbO*#b4#{=f(iUbp~aDuW}x20g@N5o*dgsWiC1ipHh!wfb0 zqv+{2m1pyTNr*OXuHQ3aur067S?8yY%^x+$S1eV890S)v2G2popDJM_-fV4DVK~%p z`PULgt@NX~|L9uk4Hr~>9XFHfRkB$jiG*eGIA0H6bW?17rt|&PE@r94-lwFP)}8rQ zFv^AP(XU#!cYb}(9sL;8+C+IM-V9BX4MHtN3bZA?fBUh^H~~cg-sE8h>R`}=aTq6G zip+lKs(;22#ymVe-y+K}~=~J_*d^6qlM9iVP%D6Ckv`>aw{h4S_~K+2C+_g z)Hg+N;4T|{!B82~9U#8Za4y2wLADzn;E*fy0<_9Da?99*{C&hYn=(D52@Z4g^ZXaV zKnn61u*DQ40-VB9^|2%hh2<=?@A@Jgo@AJm43ZIM4I1=diYx6{kJh@miUA8=JLlcqxn^yW^3ggcYcIB zJv$j)#=B&R?>?D4{N#7NNg9(3;h@iUOv9a`Nejl3O33#8I;{FPjoKs5+P%)3PpG$S zU{S~CK6!1pr`@~t>-qI)ePFa^Uq-DRDH)n%s-=`&`u7k+#I!vtDmNxQvb6(+H-|SS zGiv*;m=$z-mK%E#z3e_wKGuLF8z`;j1u|J=G0h^-c+0>vef-BtZ`N0X>W`cPk1s5o z>9$l5#o!8nW*|5;D0sAu!HBJ2O`ol)XE>bU$mt7nJ@SiK|FT16Qh*%PtVtJ(K}R5} zeNFLUdIyoK$!#@5+V5_A;jySlfU;Rb<^I9L0Vbf3ue*%4Z9b9G7y!6pZ+!@K2eS*@a`QN8`SJ=A@{B`q%on=^jD82tua%i25*j!WvCKpCxr;x@_9R9;Ozy z(BlEtBbH4Cj`MkTRYJbCni>#lFN(9AD8yJWSM|o zu1=hPp~9o>P(^}iNd8X3@J7c}f43Orb&Cc#nUiJja142Bg~5P;!Px`QA-YceA*J}< zXTA9~0+|T)!|_7l=z?3lhc+K|`Phg`73v9f8Z_ZXg_lh*%&Fq!Gyf!Kg_&&w_>lyK zVjgb8Gl&?`QRaE{JWGvi_p060Bs#A08#zEJ3iq^XbBVS}GY^Au7(@~DHhv7o5L_1A z@}~@Z&Em2LL5F_s5Dmuv>?@BmWMlk?qL1mYAk6prO$4qSXX0A!p7sY)!IHA+HeP3U zaZgkIBVSrP$e#@sb-9(WZ1?5#5s93jbutq8l;AS2c5b!xT(stMRc!;0mwns%ca16n z1T{PMLp@*qppu~S+<;i;PRthb%tBoF-!8pS5=K@t8F4{>^bW_rKSln|kp>Wx?Nt$H z|FGGV)aAy@CTfx$$|!i(=Pb#kr{wvD!gdnqY=_*)G*fFgR7?6Xd;6PzV-Bb;1tht% z2zZ7cmxSY8NJl*8fTz&Y@q2e|YDP7piK7d~D%)VV^?6%!Yf>PbtKsMCM zGJ{CGOA5tbk4?DhDGIxD3SVAoxY&S`$E(TuQ`wsbQ?)7iMlQ;I~p9Gmnua~!q z(oP&E%p8Dfo4`yM+eIIV(Vr(bsd$lhX7IDdyAU3EXgPi0_knXU@;mAYE2D`?-S|Jb zmzmss#f?$wq+R@WY~V|mvNF|2&)>dkIvz{!#{0mg%bXI_Gt39}4ML*Zo>{wGaLy!g zV)|&vj38=NG)sG29x)uxxatcV4Y>f7B0kNBi1AhptNCZhh&A>$kK}r`VhigwDWYXH zZ$%V8HA*jJI6HpZAehE?T%!-oLFL)o(==tS+6jQDR}rlaX4DXGb?3lp?q3CQv?)R|m2(Tm|2g&lwY$#Y}y`>d{i{Y`}%~WI#XG`x_;g zG2ynhr!77y-}_^h@NHJuzY5%sBHYej#@t{_M=p`h}ZtW>iAJP@Ki<;XHhRf?~imG0q%<9(YaW z^Jq`RP^rzx8$Xmfp>i41c9@1lp9M}XwDDQ3?cDUzs1?&CWq8B49b3&0%ALY67cuIO zj-P1}Dj&(<934;0B{ygZXVsx#Ip;8!&{ZZx2d_)mIDee;c@47aX-GfUA7lWFn)Ju! z+f_(x5pE`5(iV2{^vWyo6~}obGqCE2=*+&(->m(*-1EEz1{mPWuJ6p$XC{<%{U;%K zP~V=fy-1CN`-R=B0j@^rQlBZy9j>QN%+j<(x6xR7*(SkIRRq!&-6i-+%#5hW<9F!A zCVxcFMdzH=EB9{P8m-7Zc-hgb9YPB|3&zq0>r$toM0Kz^sr%<-xJx(v*M;#V&C-CC z8n<2~ISt?~$-On{^D!4$Ffx2Z+2s%|YxOf~Y6>a3d?@Wo>Dt>gHJ5$cxpoE;gUGlW zW?GN`wCY6sgmSIc+zPW&XTXkNb3{VI)B5$V2>%g(lCnm92t(9PKy92Fo$0r#A+wH} zKWtdMqD9@k7ozx3-11}sxw%UBnM%r@c)1E6xxHH$ll9D zOmtOc+QuLWj2n71SGQ!--65dm)N4VmHlKNcHp5x1oBP<_J^1@crv3@zNIxFoN!*nmzmPhy#epk5q| z6h4YI&sDGes~Q$h0Jx&okz!T-Pk1(Jy(dlEXiJu9+E}r`a0X+IrpHM5V~|CTql}!M zUy1NgI9H$>)|)l>tja+m5xL&d1{KQeCQ_iL6Vkn{eQ+A1L{Bv0W4IQT9pF>FSV$F* zg4-8)wuywefS$&4<3v_x$+sNLXy(qim}-ue-i}0v3Qou*?Q2ko?b229?_tezu3ebs zGy*AZ zYmWa*GWjrn#@r}0=O9fANhX=S>TMZ~ORBB&#=%FBqyc(hP}%TPE&{}j+v?3Dl^hbX z-jsy!7W$u`t{1>D6sFV#r(+O`%IJbqS$QEKH2}j!KceY(B!k|Un3ru(7U8Ab7EG?b z5kvWir5a~2M-bLcKzg1Gj>&iwjxtl#$h2JuG=r@p?vSQtpuUWmY2=$N5Y{)g+slgt zG9tUiPxRngYvoJ5GroX&h!@e~PSok_8frP5=#YW%t2T|9`Gw!{Dg0km@7*dZ==YPF z-S8~^w8=P_5@Y3{L&95h|4kd{n53UbiI58xzdABFxoPf5Lw3SI8--*4tO^;Q?RuYNl+=mjQ9 zYUa3>G{5Y6C~gRbsmjb&Ufqtm>59C&U`ss7&Ho$$U`LGgNUsg(Pe-V8h5MWCw9&{f z<#&DZD`260PL#yl1E(>q89%%Ral_+}&nA`qE6)0m&AN0GTl%EBfzYb;91r%#tHy)4 zm59bD;K9thRA~TIlsTB9L^iV18V-W_#Uve3Iu{R6#(^9l>Y8SEZ#~#-ypwac4x3p% zf2z-$!6m>pxS%QuqyzG9<6;`g)eh<)I@wT8xKTe&!b$TkeF6#;Nv@i?{BkX7=R-kY z?-r7UuqpugsD^0BQ3n{pB;?De0JcsPxV%hw{Bm@LL4? z12AZed6rvk2JZZz#VgOQTnnswZ`#6R-abf5HmE>YHB{L%Z{91aU=VVSb581<*%F#N z3O2Y6J~QQWS-ky@ZF^|FW7CAS7V7M)xl1q8So#d(psN0c}u zQTzfz@J;H1WIh_d~uki=qI1U@`Vi0xrG=f^2H z->^``?pA#_^e4B#GitosCO|I5=9Adc^P61yv6`F@$YlOgyIS_n_!#mu!e@xTZnR&m zZT*cj2I7`9iEKVov!y1If1Z8kIzbrRI2boJNM-i{X1`ny&Bzed?HXxKh*&xIA7TB_(Y5T=LtremG$+^1h1-MK5Cx}_fUEg*M&S1IwRBs{a?M?b{m4i{H+KB633b2x6Ko#i63%7S$ysCN_6 zaNVSbW5;54RGjCV1H9klPMkd?%{U^5%O)9(M`^4lWk=rUVs}C8sQru7lm-*42^Q__ zK+X@YwW{s#_OSBxKE|h&$GNeO81uahIE%RortszSl1R04`!IulsZ?%^q0c(FW2w^J zKLijGSAI>j)F;h@`rEpu!<>#GXMv+97AVAIIg34-dHaUeUSDRjQo@Tkm3`L!VC+VA zi?*j(TvhH*WZ5!|UzhhM0ynJ*ztevDb3}T&wD|X`;v1@)G5j8b*}9=k+st~#?XQ|! z;blFy>t^=lul`_jN$Hy{?448sEwN*!-L$eCli@h2-WlJmSdLgb-+ILK)37#PY#U`s zfoh#7bvUM2#AEs`*IG3cQe=h*ULG1<%nZ4PzbltS#v2IQ5 zmO!Bl$}KBF!J(2|gr1R87<+}yq-c^Uh6TJIZhhgz+ov%LfvB;~jZWW=UTWSYe||7Z zppDB0QR{FVwC3Y9%#MC$JO1QfwddpqlA-=5b5ZqNfxTM)jM!(T9}nM+^{t)r&h*zB zlbCptCKHqL!u~k;IxT_%A!2!pnwK<`wf==eWt%3pDK1Yo7{{?rVjQ{SwfzWTKH8zx z_yzuRz0000 Date: Thu, 14 Mar 2024 23:35:23 +0100 Subject: [PATCH 21/24] edits --- .../aws-iam/tutorials/aws-iam-eks.mdx | 56 +++--------------- .../aws-iam/tutorials/aws-visibility.mdx | 19 +++--- .../tutorials/aws-eks-cni-mini.mdx | 59 ++++--------------- .../aws-eks-mini/cluster-config.yaml | 41 +++++++++++++ .../aws-iam-eks/cluster-config.yaml | 40 +++++++++++++ 5 files changed, 109 insertions(+), 106 deletions(-) create mode 100644 static/code-examples/aws-eks-mini/cluster-config.yaml create mode 100644 static/code-examples/aws-iam-eks/cluster-config.yaml diff --git a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx index 067b9f66d..6924d5ea8 100644 --- a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx +++ b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx @@ -25,56 +25,18 @@ Before you start, you'll need an AWS EKS cluster. Any cluster will do; there are

How to set up an AWS EKS cluster using eksctl -Save this `yaml` as `cluster-config.yaml`: +Run the following command to create your AWS cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/) -```yaml -apiVersion: eksctl.io/v1alpha5 -kind: ClusterConfig - -metadata: - name: otterize-iam-eks-tutorial - region: us-west-2 - version: "1.27" - -iam: - withOIDC: true - -vpc: - clusterEndpoints: - publicAccess: true - privateAccess: true - -addons: - - name: vpc-cni - version: 1.14.0 - attachPolicyARNs: #optional - - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - configurationValues: |- - enableNetworkPolicy: "true" - - name: coredns - - name: kube-proxy - -managedNodeGroups: - - name: small-on-demand - amiFamily: AmazonLinux2 - instanceTypes: [ "t3.large" ] - minSize: 0 - desiredCapacity: 2 - maxSize: 6 - privateNetworking: true - disableIMDSv1: true - volumeSize: 100 - volumeType: gp3 - volumeEncrypted: true - tags: - team: "eks" +```bash +curl ${ABSOLUTE_URL}/code-examples/aws-iam-eks/cluster-config.yaml | eksctl create cluster -f - ``` +
+ Inspect eks-cluster.yaml contents -Then run the following command to create your cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/) - -```shell -eksctl create cluster -f cluster-config.yaml -``` + ```yaml + {@include: ../../../../static/code-examples/aws-iam-eks/cluster-config} + ``` +

h%+kM%(h;BXddKpW zKR*TPJN}Kw&}WWRY~+m&_~w+4a|u^m#|VU=rVJmHZvZFIf~R73eA56E=(mW8MRXgy z%0vt!1?XIP`W6_65Y>X3we#~oTfBBa=VA`2OD^bM&)LW&#aYA@WkhIYXu{Pun~vx} zrQD2doTh!jQGxlZC>lZd=m-WKER*x{XQ|TZ6jsP%BPUm-={od`IYT?eL+XbS3vlH$tgdm_z5yebLXDrEif>E&RwE z#ORW#x(Es8KIdzvCtPN$dg;q{>Mm;R^M(n#h*B{mkGz|(nM6$LKHZKKEMMtf9h-Ty zOqxnkLQ)}KfbZE)RBNR|qEe7D?H&1OPV85zyFaE_-ToTHZHwc^{uky86IC7UEP8V$@ILO~=*A?(B@ z0|CEwWP7ZAJuUbl&Gc%6fTVyHLO~qrMTz=qIuir{B-jZLEZxEhZc-Pa)=}gJs$myr zl7PsGAMOc>@RK2T_44ACrKo;aF&syEGPc;|BU5RiPRTcE8cUH#2e+SFFD|?%R5-Z7~JWM8v;l;L9i%aZn z^B?Y}eWxzt#za-LsMjVtW5#^@Mcg2aQX^YG)?}Vr7a~ z(BDrp>mP4=b!|z%AYc6=p-iMHMu;%SVMviT37fvYHz@%nqT1?sbh{YY`X!oVr9aO) z&;5cxN*-)|3Rt>&5I!T|0g0??nl9nXPi!d?E@&z>%5$2%!-CW5>CtsW2O)`@2peA` z!*s3zJ5%vNNT4|!Gc7W15J!mW6MEbRJ5^d7!aLFNu~Cd`P;Jm}d6)2}~~?OK`B^fsfrQr6ng*uqBy7HrG2+<;nWvzp^-*OB0i`dG-gNY6|ReJk)>hs8P7MHebd zC7?z(>57<*xDRMtoTE?4G%nwCbocPq&;gW`k4Qk0kv@@w^a^n@tiw$@I7x<=?|Qp2 zu$Y3Bd=IH!0l?$mHm;UqyX2}%4Ca|pZ>ow>zZiD6{q}uxB^I4WL&*Qa(oT8;>o_CB zW?jYM&mkx2w+Yv_+6Zv_+R7^_!~=2)a@$PGna-WD_>3)bWH?Od#Z-Se=~#Ild zal^^UPdav0%58zKNi}Cw zpq1ws8tuafgQZl_Atx>`#LV%12Vt7mQ-^wtdmQf_|BmxR;>-ez;`Y>^T!x+-n)Q`j zzhjcVN8M1cAUo9$xiWB#D9`3k-=#=I@4ZLGm8@d%#tr)2baAD=&#Aq;Mg)G7CFu5O zQwFNC5(Ak}L)5Ems{m5dP25RFqc66amTE~E5S1{L?an_D2?)9%!ve<3tYW|8_~vNr zT+`g&sFI5z?)b)x@?JOlIGYAkG3GMdCzZ^+7>2U#v`%qGA{I}&Q&bm!u7wqCU`up_ z$_EtkhOiM)^5s9N6Dot{Qa~}4MOxDrh_}TF11w3r$!1Qvyeu8PCBp9wK)M{rdci_H zSwlcmLxZ6wRRxmZjt{j{G#)p<;w~2fGwMjDz+R|c2x>%Fif3)XSpxfMoB4^1&2^@p z0)^%qpb0R0&c;}hQ4@Keb0$JgohpveP1#QiIU9ojf=(-B3;&x`mw=>d?RJ~Sgj?)a zjfmzl4ug!DP@wSM!e_!e@EEC{rAT$6;jm`3UjPq<{5!-Yv&J(eXU6~lAOJ~3K~yC| zc&WvFBdG{&X@mR_kz`!5%ZBlf;kuf_Kj`6t@;}LMq;qZ~f(vWLPQxd(Gq~!|sZ)f+ zluO-HD6*}`79*#}4_iP7P-vEZMBkN7rc^mmQ!+b{(Ky6-oWoDELzSwPYIr7q zvP=&EyXD#wWLM@(3?<(f`qj~CIZl}XR~U$+9S%brJTp9_y9#5;>L5J;D5k=Xul~~` zDh!sNnRwDe2&Y(fC{vw_elVgv_nhXV!g+I;M&VJfKVrm?9i+|nm2PoJ#+MPvSe^f6 zOQWi8$Ume0{oukVf9u;Z!hoYw<23#I1=(X-1%`>Jn z4YwyRcfroiEF!0D|1vDybJD+*PCj3+*!9&%H>}w|(JLH7c|5K;uyog)s>ush*AKz? zDtT*+MMcb48i)_4WI9i!Us^?oZE6c#+c8zOD={knPgGw2vUoScX zt>pDxdin#7>xfl{fU4P<^GY6X*p)D-p*dGKWGg^69;x+`!0$F0??x`pDIn{E!>?Zh zIOdfxn@&GU?s)hs_9Heo#Foyc>*n_Q8My*;&jVxD$F03afmtHo!d?4r_&d{ zdJ_-c5afi_ofjd_nrX>O$VP?6tTC?H9h@nNG484>;%|8-Rmu*SOWnb|iN)H&$)TBm zgPucqqfK7ygfj0PUW|9_+1vL5r$v(+N|#-eHAF!Y$uVKa!%svie@RaVIL+A0#ZR8M z9Kfxz09%PEZoaAf#mXSnPLn>sFmVzd{k;Lq>WrM|UmVrR8@T{h{V_N9?R;<^{y4Lph+iW0 zIj~Y7-u78S1mlL?u38GO2R0sGU3@IId=)nvvx3CzKcs5az?HK z4!5pcYzGx_iwuK3`4YK&bVkQS;_wdUXzZvL{m7dC3GZoZ{&7-gJwFxuuJ%X@?&#-9 z6P8(s%7~-!)0gnd5itH~NB+(H%Nx;>{{N{!@P43YMZ1p(n?oMM1Wgq@5D82KLtj*BhQOt^}( z^8-A=!ug}N&XEw|@n$Uj3wpqMQWR`wDB^fh5*xFPV?q?(h=;d~_enx3Co6U`b*YBI z)N+LWp8csNAgp9Xf+g#5*Ye(`$F-FCgXaCF z?HdKkS1AG2PdAdm`hx$2W+^n$D{kQjL3 zv_&8~w^Zmx@-0=q@@%`dRe&5_y_q9{D3h6|J+@;9V>y-5%h84tYeUIG^5&P)%0jlt(g(I;2X5$rx!DZ<^2`q`nF~smpe!k$NpjfLqbLYx zjD>7X`WNeha3yDg29{7eO@qOY&-_mj_+gD{4vK#X@B`e^XsCimJiY-m1mQ|jidOpo z8W8hID~f=Eylc=k)ujIw1qy}G8$t=fUow9>x~D#MUE^}x_H2dEc7;!EB! zEgHi8Of}j{)-#^8lng2txgHU`hrp@HGBHt12J*+VPH3yAfk$Sov~K3Bx?r5t6rs?4 zEe?Ie6gFmHt5Zp1i1N;{i?5Y%$fL>qOcUSMIb-(rE{C|D0r`zcgEFkY2l79M5(>u3 z1&E__u}y={OZej4sC;BhFE{>U$UkMLagW15uxp475M_1gf4XN4K_zZ{TxC-9=9gLI zRAYB8cUF9Zt6SAoPAcXD4{oB2JKx>1?%9svBhc+F2ybM!2c4ntnsy0gN>VW+aX~P z1tGXnNz>0rH2SIK3h>!v-S~rqIvmK2O`A3!9u+xbOKHLI-TvaW_tLK-rBvu|d7SO} zd3b=5wRfc_neLcc=|AULmi!y4_DH@A!87)llI7!^3)x1poe6B1$3{Kb0$=>9|KQwe&J~VefWduF5or7?C&cw2u-z2!Wg`ZM zn{`BLM5*(r)7C42XlDZ;;t4Z%M#4arBQu_ z_A)KMeQHi(e}=XJ(J*yk@6=#118{~u+k_tWc$!*JAnt_#2Ede-qvmCxrR zDgmW)1l4n3^cyo*&Nqc4Ihr806d%a3D@u0qrdeaBj)wRd} z;8;D=merBmUUj>j$k+dX9mlzo-WuHFmQ9VV6dM{f((!9?$Z?sTOl^oIMd^5Z4MTpH z>rCSN?L0S`vlBb{dAh{-(R*4UCx(5$2v{2JP0F8$KP@DbEdK(JCbK7ovy0vM$+`*f z@pM$%<+jx!!pDm1yFpk-FzQO0qNOOuH!Z7JNCx6MzsD)bli)hQ2CE?xjKa0Sr0wT* z8|BjUIH_Vw=~#YrZnvI!@G#NEVJ`yoH(T@FAIL=%FSK@C9?v_)h4^sY1CuoxS(Mlk zB%|6UDV~lOlm&LmuO3G96@Zmu?n8LS8)h9g@9feh5Hx6GAw#$B1T}Nqr*ISWb!OT_ z5FuK^&P}dRYq}~wIZynp3z`AGT$A^DV`$T8pLt(laf-@E1g*9&2ED2nXZB`i*AQbs zd1>xQ;_jWia_3k z#{?*|FB~dnwT`mJz8`Yrr+kQFOmM`Z`CdUKhtVLM|}VD_D4n;!}j$X6~f zYQ99Gfs}EQ@k$t5PUbJ{g&sXw^P5jGN+`Rvq@SnKZ7I?Fei?hEdSo}B zM|C8QjDl{>>AMbP5|gB)Pchr>nn(6lPMt zK-J+W;4QbLZ}FL}91j~kfZUvz0TYKwvNQRYovj1#w7P=8gF~00GH#&Clo;T@D#n(- z5WK;zl28Ij=~`_u?Zu8~3RZLA-d zBolmp4o~}IrQ3rkbVOT4jzD5d4^tlv5c!k^!RLz?X5M71o#11=KADivEU>E#bf*jw zQkR`kiBry-$eg?_4RUF!ROw8u^ZERfM4DL{^hBYr!@D&)sxNo6N6Uvg)N3AEw9+OV z2bzjX#>cuUI{EP6Hm9J9y2+>ek#^uhJuEij+hx2+6nbtXYrIz0NOh&{d&b`G+Kn(wP|_BU4OZj1B_{*?>){8Pr5PqTlAhrZ3k9Qa2Ttp~3>`Hf%obNI z-HOpvz)t%ahGMnxxDRvyr%rWMCi`a){PU70ukMaVX8->eml5Xy8}gXbYo@w7Gs4|W5=j8OXy4EsU?I8Q z9#PrQD6ghg{^68K$Mc=g5>S5TYe825nmztJ_PyTfOP2mGrE|RD8!9Awxcf!=L=AdY zAzkT5_;rRlrdnt!IB?h@)2VPTmK#RbU8OE!vzwwgAojP^$zRbiTbQrz@JBaz3oufp zs2{~Ar%QKbZttUBG%GNfNl^!Q#cgx%>VgK`T=BziMep(*Qywa8KHiqaoeCCZ{C_-V zk}aB(jzl^?E`*R;Y(RAJS2hx|nu9bXp2ps=daz64*i;CNe!gfQxiIMx$a>TU65w3j zQ%D)R%(JREJRiB-y)(~u>J`to)>qp*Ev!^4s4nH|g|#l5!(AHh7>a1JA<)&l7uavP z+M}g>K5}_UYN&VLhS`k#=5tI-w1&YxOV9Em&oTHZ3Msd0KUbjO1p+=2D*KXI4^u+3 z4zNq%RDGPl%-*>hr|1-l%8EtHHAD$@mwPdiz)4mJH-|9=vOFnhWCvJXi9<TXXo$ za5Nq0YI}b`wg87PmNqURA!93UNEwQQ_Eo~>%^?o61=HkIvy6K2C{T$-KE8^B0Y0Ii z5LV<_qKU`qWmU!d1JNL?H80v?LjscfbPoQ`A6FO0uFog(dj7RE2!M@A-7C>w?zx*r zIsqbrJS$d^PfKyvfu_vMqkU+G%Y6N|_`qqy>vmEMk2??V1f*t6*~36?Vkywne5g4d14ZKs<*&#+a9H*?XDj#W zC2}NY*h(X8>_>&P<=64@b6kEa_^MjEcbAyvJW+gCOuVu74cLxd+5&<0mfx&HLr@*vG(}1{8T2;73^>n z_6dZSY-tG&!Pk9Uc)D<=W%O$86&ZZgMYX|^VEEcMmQFWb5KxE# zT`z*+6I|wgCyOyOQLCN?V7XGI_Z2%THB4FlP?<+72{pu0mt&cm3jy_09Lr+ndMUgDJ@*ZxqBP}0J9s+N z4|IQu`poe{h4g&CH}|(4fI9lD|Crt6L}XV}4Ewg9Aa|1&gs?4@o{tLDtJwHEufFWi z1R+^ZFANM5HteTS9YVyp$+;M5BQr2c(CwIzp6uCthr49yqqr0L=%2Iu{{1g(dBOUR zELNx$94S@3#a9Zr#6){;nZDGz%(QztF?h*CS~D#-FolwNzNcC>yMb{T^&<)1EY0ij zxrpQ$6P()Jz|B7YD|bc!#8Ue5p$orLJ;IIY9p|fWR)_eie_s!4DpE$htz;s1oY3nU zHX@t)mnOwSxhdfmIi_zr-%&-}?x4gR*K?=G2C+hTNWV+1AS9?iiFG)L0*+Wp`%wZl zzI}N)(c&JpX1xp(d(FvPM>)u-S?8J>j(=NVkxgXVm$~23AC~MN!VtBcdXXsqM(H_z z*6KvJt9sGEl#sbQbs{x`coBjZ_Cf8{M#JJjNRe*bc!>x_CTcb3TOBpxW!!1M!>{en zKr!I77Ru^qnrny6$eF_kekm;wmVSU57g3iLIbHJ+8*-0W`2! z0>&5L;A-X1v?&4uJGtAHposEffqJu>Ch~6Q)?*5zmxordkn+>xA3ET9rr#1Vim+K` z-9QkCxHFeAirN41+)Gkpse@AXkWt0L>m$*=pCO9$&*E$6P2!JNxwM=k=`~a>kF82d zIO>G`SXHBo#;uH%7$8=7Q4luNcS!0A1UFr(!LlP6=v3b@RbDIMU*)jkxG;=uStH%k zAWwR7#Y!VkMD9HI_7#RDPXI<%jLz!WDNu+XgB{N}`~d7#hoSjH>a58;48De|9Z=c} z*)2tBeSKh)xMDRbg-q3Fj+MEffp$owaS|p~Jfq0x)*M6EW6fF97j&g|0O370OrxHu32*Z5D3nlM=ctRQ%&w0Twsrqnc?z4qq?5y zbqPSpQP^Gvi88`M{h(qRo$CFHAAai@WKvRp*IXcXOGxc(s`pfx>kNQh_$2u=#85-` zi>o)gxkI}SPIU@=UV_bXGe~|SN7F?*fI2qsS@)Xbhb2BD8n+OjbW_|u@~`6;aigyP zX-4W2J9^5!Rhl$VsF|I9=%kVcWvm0`_6dnE5jRcpBxDG|jyr8XM&1 zB4KS#k#h+(BU2G*phyRKPQ3}~jG#ynJ|iGFV7$fkoD1b*Bas04F?#8ZBAhCL6Gjf< zGjpL6HfARECgahVNoBQ6-$+LmfPw5igo!@GU}UmaMzxHKk)OE?BE(Sk6X;ImHm&fy zVa{*qSJ5lYc?075Apb8pG|6UAGbnlVZH=_kv;)-hlT!#w!5I#5-ZA#?MRPIqpYe;M zCWl#fQ?5v8pfGIek`j57Io|%EJwdxV&EA*+Wg}NM#U)XUMuWTe6se$qH0~-Qe z#D!+Rm_Z^slw?|8uw+P1jJIsO$stcuV;oduMq|=3{@d}s>9Yl=cqZ!steh14$6r#39Y_<$ zgq}`y{7KrMGG5nTAtrw=nsX1S33=Jo8Ss=9C&l;en8`(njHL%Zd_`++QVH$72q_>e zOhEwYCm~4XNG!hZxV<6Ro2MC>(w}i&mr*dF_XS!_vX;QogoFt>V?~zP7lzSV+}8Ni z!$dPRyhWXy-5OP<6o7Z|io;op{PSayV8mZz$v)iQffI$3BhDb-xjnC0-LkA@yohtp z!K^44LJ|s&+SA(sNyDs6yjESJ{(L=;9fz0{MdKgmX25iL{wv%IKX`uib;S9dYJzc; z5lJ+*TFt1556Ufrk~!$C>?-!{3+FQcpOnj zh$1$Am4NuQzIKw9fo4FN3La#b${vdHh!w=3H;IlQ3}a2e3p33())9bBiJO#p;Niw6 zhS}s(KKV4?dwx>Y%fhyPPtv7ADF-WA6f=7~LgM_6+~g7%Cl8(_^3qox-#2auP4sf~ zQ)u4kdqx;`15kLbkHaQf7=u9w3{QOY>SN}h>ZbC$1f80lOH~uhmf_K}Y5r=-NE-CU zf2ssL8itbMn@t=ZBV-fW^Y!GAe7@W_lWMgnG7V)=F(j2==EW0rp#5Mqx~QZl8{Ijs z)zceYv$j*5EG~OT2g4sY6W$1RKZadjdk;HtQYpBs*p->RG4eVPgR@g;n0{*DwquJ2 zGgfs9s{S4*V)wGt(&h3UGA9Is$6x00=>C2L!i<$Y# zRTWvViX=IQ@u4e1V~+@t?;VdnQ6JNl*C%`C%LMYa#e#9-YJtcjP13>F5I2*4!9A~S zM<{lgc+4wUl`HoapN@OBp5TPD?Ohc)9w^aMI|-wXcg{V3O8)-PgHqC^Zzh9wAvQ{UjZ7y%0O6lfF z;~D5&now$f-@qj1f-iYYpMwg54PuFKATEuQ5 zRgz*BlXcQf#0^X2j29EMBE+yMJ)8zZeL_JKnAbfcZ-{K~H>fW)T_BaY zwAmxZ+xS=J?f9@9dK@(fW?~|QKRtc}W=LjaxjTk@!Z1Fjz>1xInzTGf70muB-#ik@oE8jC)o!TzotO+rOtA$`4l(aK`2TSEK_+#<2~G@K zBvjeS-2v6xLSM9UL`?y!Jvxjq=&JHYdT+2UC~p@KDOMB(|EHaVSsz{{_0uP zjK-U@0Z}2&QhwJbNMt!sp@lR&FKHUm<4LoIV--{{myHHv{)$rH#2U-9_L+-Dg##6? zQ#bn3vT*Y;Pvtk*iCUajn;3H?OCK3kzA74^)DX#R7sNkE`pq4CT;hn*`a~p6{K&(9 z9+p}Dr1X%)*=4KZdp-(N(w2$~qt!IUtm}@zKpsfb&^%H3rDOA&tfP`xs4s}1fI<_L zir6dKY%aTlpfD!I+}M{lExPY{%|2h5d>yCU=~sjz$O7{6FDu|^f51YtlC)o7UUBh& zM$9gKSe&r&F0+9+76 zJTQQ~OcsRednGk>UalKOg;bGOz6#vhxXe7F$+oIc(Um3jfI=&}0!^yi`9u7hV!+so zCaL-G4iIblxRc0+w54$Cz`nr$gt;%iE%I|L4dYG}Qi*|>Ei{oQe1%EyHymc-2TW7M z4A53~(dusM*BFe91eldZD38QZM@`Ih(8i|7HlynlWvYnsx3-XwYV>qnb-LBIJTWlN zGf_BQov1N+2x+MU1_a#2WBR=J^0!kW5fI3DPaGgrGY&st%cDsjBsgKJN_4J1lci=z z@`w^PWV#4meOA-!!arFMWSm(93UslpArwYux}D;er1hWDDwxd%gVc8RTIEh zDly7>(-)4MH5%7*{MuTGQ>&d@+LXI{`M`u=)TfD{_(QTKI4Rjp^3tzbyHd`N5v4sF z_CxG6ZalEqUR`E@lvDjdSojdR2G+5hDVnj#bY(?kI06O5C-aIC8sevTQXaG%WozDQebJ+CwViwq#YBEhP+Z|(-xY<=Mt)~kkBkJDld2{UQ*)vT=_py z&xkN4*_(E&uh7{gwFg%MkI;yf;Q~D>Ri>(#6yo0WdbAksO0Qa=gjT5;oYCq7X^bcr znJOS)n*+Zlpr_!tX~ha{pAh^a@4bkn?xV=B7Jl-Y;1C+M+-(RKDVYG2n6Ls6bd8vw zk#VyfsXx~PzSK7S+NOrI6XIO0Kj{vX*l9CE5}|MjRk2$qQ1#$B7m0woTQ3<*TDy+NaIh#)zh?>Cwv~#{a&MT?CCs z&2))DoX{m>oXMl}eyAFt-y0UP6$wJoE;SZA)^25ox$B}0$HAJQcl%+(mw+&OM>Veu z%1#84-(!_>7$0^*JjMfZhI@zw3P=Q;XD}me8dDIOo1D#Y>NYQ#;G4`$p!pAsqFbgI z6(3IbRnUn?uoYMC&8&gNTh9OB+rFFRk*I{NBw%}TTXE*qpH|H0_P%@HCPU`S=;At> z>J;hu1(YZLU2%fwq@^z_XsTI-rHU_>LC+4wHV@X zeySC-iR`)IW4M&@N@e~M6am->05QNYFlX{qDyXN@@z3QoXmOH?|EsJud{1|o9#X6S z=ucc(4{XVxy8OSm{c#wCarj3qn3B*QueHu~mt={86j2y|lru#ks;uN6UY*KuNkc$f zmtv6dWNzD3C5a8uWc8vTh{LCbvKLp9=kRpP{Fd#Zte3sb#d3cSJU^L7zD6jCQI_*t z^(7G2u(UMs7S<9|-P3EWj{2v^cE!kot?Chm$B`Ck%ycHeYB<=te-Frmyw0UV2vV3q zV&mX#>sH>*D8DuAQmL>Rj)4Tc1?RX_Hu{{V|T2>*e-DRHyi^p)u3kuy&$rA)RObn)TUNS+_hLf_nL zL(s@=xcKakdfcEC7T-IcHeE4Ug)1Vl7FEn3jc@wrn(s+(v&T@fT*{kGpUCi^lt)k8 zNPsp)04r`6q8h@*wzYH$zv0f|HU80>tYn= z1c6##moH+7K+So5P73xw`)VBs0k5#q|{zyN6jO!=L88bQ28dqbsMn1y!$$2ryBW zc1v%B7NobaID7Qyo?4DTynP)U4;oOKLEu&<_BUOdC>5EN@+BisQi!8gM=9|+>|q+5 zG@200OmqcqfrACg?ku@pY;V4bV{sw( z>na>*JN13OKn|pYX`cxG>vLEhq{}v{U(5?-!LduH-mq}+xVivdf34K%D-VEIvbCqr zgRrNT^x#Oww6YwIOme$uFZH*2rnynS=(33fh#b_cMJs%AQyeCtT)u}Xu`@V9B4ebOoa%J(Kd{wCa|U_OKm# zJXMJ2`X2sRPvyfXvpUhZ#+pneD9aEQq-eOEjuZR?>&u1EWH=!(5mW;<(?)nvR3pB2 zcs_F1J4r02hm;-(A(MQ&2*rRI!o!Q75IpJZ*M~sb>hNQY*IG@CNh75FdRxt?yVV;rFrEc_sPI^$0}# zxY9pP(n4ep?Qw@Wg6iN8-fh?4VhTJbDkb$jHH>6X%$bIgtpnS6BL-QeGgrI8{6#E2!UH%%Vzy8U=J zsOzs=45XljNQ`fh>PZOo!&?Rpn3RxU;3-xi`o`_z7vtzPGs&old<$?hA*74Kk|New zIYjS~^SAqok&{D-Vd-)}W5+oVL>Andk)ktwDOfl2jm68wZEk<1bI)um0nbM^cKx(sv1o2H`8ta{V=>2Ig43c=)E&36N}5u zlN3vod{NfUHvFKxaTjORxk>9&9PJ%;EzZjeX}Kj1+XY#4PYdAKJx0`ajbj5h{#xQD+omLnFnDoXo5uovC zLKPXY6LN$E{W3Ec0uC-{F2;yn0J5cdcl`$azC6D-JRoT=T$o16hy@m^icb{pMpGPd zI*E=Hb7nueS}=iR+d3RqkY#{SC+sC$#K@~-s>-Ub^;7qz8IprO1@k;FXiPiu;8Y3% zwd{Eh^fehMk=Ce7bkTHrLZ~U!Dh>YEYfCdi(!1|k5#o(coyMEHS&z{H8A@OPWPUU5lH-3JR-y(2XHGITt@WexsT^y4Ij^ zJC)b7pZ(mrX55<^K6WoL7TJ%R6)HhyXXe#uXKk-jFkTGEQgXb^Evzx^V&KUt;t{40 zBvyOHwu*r&UOJ<2VL@>XG44io>Ra;vfSGtH)7qjTOAJ~ViFK;wSAENIykYPOqhymS zGE^)OcIK+KKTMj8?|~DyQIBMObPg{}rxmJGNn{roK>|gnS38dLl7``+Y-9Blq}sfA zfTS6HkTdw_mYd@-;x8{co@sfmh!+1J}%NO-b;zJ#G_ zK`Ttu(f;c75q6*d88L<;K3sK}+0be=+3VcA;Pfn{Vr1lb;}<6^dW)LoCyuH!=yQsL z=llejpv*850`Qe=5Vvx+5B|-O2tp4^RQ@@CRfU(1;7{-}Gv;G&EAf%86ung>54{R9IYqxQ82>p{%QXdq0BL}hoF z0y2Vkg1{HZA%C$cap{Uf62%mcW2NKQ2E(7KnemSS)R6JsAK>Iea^F@)ZTqNc5hPtY z?H9+xiCjkNqQcZm$!-DuM=+I2qE&D=1-6LqKV%|VU&Sg8*fv6R&P#fkg3K-*yP-O^ zq+SY8e3k_tn>n(*j!O7|hZXlsaVL$dp12tO9zCdd-r<{>P0L&8odH62B>;w47tS)$ zC;dEAGD3LB$)DL?mLo3+5U9SzBX%EqFvTl?+A{WJYvP3pR5j&6OirM+#4Ih@lgP zZaw4(7~s#tM`RC8TVvF@AB=WOg$Mz?cKX54jpLnen#;^E-psFQcAUPhDIJ+V{yVw= z$VtFRAHAGnH4@JP&I%+Y_;N38c2QBvIv(FA^0@S~!r}s?AF_{lSpe7~d3scy=6=>k zIQNwRMmFWrCA2?itka`ahSN#QTMuN-eFWbyK7Hd)CE^FiuqX2=z>)=w!ADi>UP3^Y zzaSA-Y|i=;2Cx-q=>c`(TKW7dDz|z!7aU9AJXm?QHMQoC3gT)9~RgelUjP2a96Nd?uI(uJjR> znzu}puY+LSup>RZ(f79u(Z_Set68sND!dAnlB z*5<(eM;;}nGU@C_3a_H^?iDG-{^KJEfj{gz{qX2ucX!SmM~^nD+R^=gwE<|0`S*#+ zT*0KJdt=6h6cQOb*Pl#o1qPg;S30Ia$UpTVAZL+z32Xx}AXp&(ZpqVjPS}XH5H4T3 zF>}q{U4Al1qCNLNRKy6vy2z>R)^Gw7v1=Og*3 zilEm#FAR;ZieK>oDcZLD*&p5S9JFj2Q**X>%=!Rk_MdXy7oJW}Gmw~xJzr!vP0|-! z3uP6AOU?eZ)^(Ehy;PTwpNV(KS!`k4YsVg$w<6Y zZ@9Ej$lQcbz2R`3-t*n=jm8g=P2`jXjUzLRE=51;Y|M>n0adRBw!=NrG?G(jLJ2ENPtkd80YCKGW?!3Y0bADz7|3d9*c|ig|A~hu+@)5f&48 zk`UJ@SfS|5jECt2~ZV8jr~JJk-Sge6Jgprnux!3XtA9P6vymSB=uMkpJ}CHT_F-|Uwl z7tS#Ay{%6UJjF*%aX&`Ga9>5z_$&6zjWSB0faVF#H7tT!5^xNU;G;MU8idrJ$u&9A z@qaG_#xzrRxvnpsKW-#dqX;0Gkg@=$_RzatQRvO{>@!uzJ^DA3`~EVj!HP~+aPYuN z=(Y(w`LL_x8LpZlRFp=Fcg?5m4(0Lhq+lmeFt+6!M;jHI*T4DBz;rVFFe+zVd1oqM9P0m@|A-6GpIdW=1uyQD-p z)caif6Ca!XU@!j2j=0r))>gZDc!ZcR7Zq>{O*vY2YMcm51u#ikx9hVpa{_;G(haZN zhC?cL0jCBv#%L!lz|uEy1)G{Hz*MQOm_)G9tc(Owo@I{8l?Ls6-L01juHP4x6!PaX zW3jK;3cHXZGz^|D+k7K$>ZK|LwBJ9VatNghcsYW98P=ROIQwt}gDvO9VZ2Wwc9!XHf( zu_|aQZ`_EfcN_hzTKC-I06J6UHF5o#00&fsb^@uoNfn0QSS* zTrNqnzp{f&;`jph;(3?P`S8D)EdNWM2=GJKQ{eqQPiLnWd^A_SZxy*i+fyW%4jBy4 z)_)PbSVNsvpkUcIN2BO$P zOM)ucB6CSyH*!5xY@jj|ST8M6CN6nCB8$G|;L;D%kvXFcYp$wLLLFu6j}U)u2~6up zRaShaBl$M)ePDz8Y)}vA3?~;kKbf3p0p*4<Hz* zYqw#2DH~84h}7s-QJ_yN;(4kqvm5!z?U1m-c?4He9US=*_6=JLB;3TRN6eYZvLl+O z)O-J2x7^?#bDp>?5n#`B=VE?Phw^AtHMn~Y5H!=$WpdX@S^yeB_;06G8ddiQ;c0=% zjZ|d5k3Do>`@Tlr!dXUyX=Uc_&nM5kln7sF&F8tBs<3JjN51)nz7CYfkr5^9+LA1W z1N(e_wU9HGGj8XmR61F$hV}wd#P!1)BvRUBkemx-YTFaAiBGQy8F(skl96gQvmkYu zIzD5cDIjG8Wpf>)moGvw>L=sWgTflg0M0o8)bvSKs#Red?-*>+lzJc4fL*+oQo|hE zl7phpWFAIy+-@+;mLB3wwSV`kz<~#QZWD73*IksTnR#>IkoHk@lPiHiH?9X-%nTD_ z!qp2E0(j`%Wr|Hy@a$Qa13KqS77Op=uF*cqR0$x(9!jK$RvHCUu7?h`nb~z`XUyY< zgR>#s9M`l;Inq=IDHck)mTzlPdh!og{7*Mk+$OkD8_=9`pBV~k+dtSH4WsGaj%DzP zs^2;bZ-KX<3lS{1Ep0L?lSz_VOokgjNmdO+S=WS?d_ z-(|RKqlB7MHZL1;4tY+z$f7(Ur3fNuFsc@AGaiyvR4(We<>Xlggxd_rbPkD7LAcmU z@5(M>TD~*-Bzu)GDY{)esy^h%uKBuagc^1!#4|(3-d^Ec-Ty)9a7MOpe-LO>T*mp= zGjiIn7*RYdo}do1yTyIU1zN9vI@bW zAREo3c{Zi#55YVSC_&+yV*YIFya(+925oq6$Nin`~wI2uP$4%aRS0`ryq5h4Xf z3D-MCe(A$k1M}&FM4?ZMct_49G4+=>jEj^QcO0+5YF1JVDsQ3MJf_~tzc@^0q(IfzI#!J=5xh?$ZH^|vL%26%2BznL$Meuk@V;$D31Evyr-gajV`9O`S zIdO8y2Z|x?=crAoU%sS;(|*CA(6b;7`2(NL%<6J>drk;-}O5aG5~x z7QEjly(>aEfhJ#Uvd}}s0Vb1slt|zJ03ZNKL_t(PYaQ+UrA*04L0se|weD(pZTXnS z7OD4G?C-}6ISoGrfc2koczcK_-MZm+(BQ;iNu0-aAU51YdUY_(oQm!dG>R{bo?++u zU|opmU!L>)1!-=CP8uoV3P0j`JtmCUnzWS1fs!k4FwD;Q^IYq7Oi0cC?(Ytox==&` z%@+vdu^HX3@NwlL=EV9bBuK5A|9F)ke?sZ^c6h8~uuH!gOCXGEj#~BU+nbKy%8IJ> zIKsC<^-dkgJ3yW{`y+cXb%G+Xg6)z-fT6J-q+W+2Gm~W~14Izyrc-4+RD{@^vfeNo zx4ikCYo_Hz^l2Twl{(V)x2pn4gCW(W+&2KLahow&{vQu|<@;v5pt#xO#R4$8^-w4H z4X>ZIn#-OMEavdU2`bg=11wiPTaudT4V0UZaRH5DPxVvLy%JX#p9nroeITya59&It zD2oy_v^BAJoaV-;@+t7e3}>YAcXO;25)QaP@kaBk%sIH3y(A)Ki^3%sRQ|1Mo_Fh> ztjrynVogaKs$t7*971>`mtq(+uas#ZF{L2UR^L`N%lcCd$47W@mqFP9eNF0dXd+!W zq3)A&eTMhghY{Ij*>(rdAV&99;azA2bG*_*L$K0mL~xTOBOfND9SGiFSBIo|sf4FVW9 z)jvBRfQI7YLaI@3qXaH=kLK`sO-hmzrj;4sEx3@&q^+@wSo*_Yp*r`y+eBOAk4}`<_X!J?{id|x^dHwW? zOX?_Pwqw#>Al>L+0?4Ce+8f?8mVp_bW=X~&xJVgL{QCc}GJp8_R$_+Hhl- zWMOy7ljf`?RwO4meUfL2^P6CwS8S<7uA%z_vw(M7*nz=FAom~MZ3u)2+|M3KhB~Su z5Tu}Ik2Z=Uo`&u?&jdDnbuRUG{6^Q+8oFA&+lT9V zU;kY+09h>`&dCnEo&Wt7V(BKNKf})4)@&>BP2F9+l7d?1{xhS!^Xi|sQ_k`B zQCUv2zCieYb8(9i2S%FJd3W^P{fiqJhVvZ=*++wD4oNOhq+COmXI|w&;%Wm&5Mi}1 zKuyAnot$01>-ZXsy*+vVBGByXMO`Bbx0Ww>4}etFpecbK z=jWM!W#hjYt*^XfG|oAQEAgB0LJ(>k$OZtLfTnpfz8}Cv2yacQdIdy8#rIB zQ992ENpVp}=5wZd`$PTb+uc6{T_O#hCU#x~DfxN@Mjc&+ozuh1(;yUW8H>*P}C)6Su{pZb%; zh@YUVX591nq;VNH$T$wSs_{rNIBe!xv6#(HKS^gNq2Ns z$*7F+P1!5#R#q}dRQ+p`W>Tf0)Br;5lQyg?Bhn_;-uRjlH|&Pv^i{;G{9;veyq@@+ zBRBYDD3>WXHE;Ecyy{tn<<$|#k8|o&RhLf<5;c{x>LH=gfITqv2%QLNTxpN4^U z*Z#)10Rs}E)JIj&>mnVvP5|#88gO1}PAFe&GPO!ZBFTmiF}xs(8k2Z`+%5-qSBqb- zNWu40ekdtTY@VZ_mVrO{aJ`w2yPdSHseG@JqjeMj)sw2kyz$4WbDsHLGD|aa zpYK*o&nCd8T;K}4Up~jSymM5U#T(|c&=8BXlu|??@6y9}KaUA#DBK6-xQEs3&KwJl z3%1bFEPsLl+p_NS^n;URAAxI=uF6XIR~7Npv*S$PHYeo=QkzbgNZMmc(s2_r zpvKWu^M091DA?ge%oVQ9AtW60gTi-v=57fXF|^i~Y4AfklU}ED5pc?jK}n*>Cu^P3 zxy52r2|-eV8&oui4)c@7rYYlT=pMDtSlSLZOs!*<{d$lO#xF9ryTwZG?j!^$YcoI+ zxH~wHDNB5&$j>r7QN?IK6>SFL1F=|@}$suzw`nq#P4Y~$TfP!Jwxf**`W zOJXR%;TX%A(3(1gyrOFXrr_f+^0UvE7c$RGv5u9t`~>D8!72TehUQTU602*`2x!8) zZ__$D`bRhkvOat6n8EbZfqo*-v2CYjYGVo|=|`lsW8p*f6)K*%ZBTXn^{t5@RPIBtB@SbrErn@7#cFdS@pR(&Z#hA!^-oo@Br^ zocTZ&*7OgG&v9+Dsivv}9i=BOuCXZ+LJCKE8$D1xE$Lx6b!wXImwq!hMR^JV+%Kib zDN`pLkRr^BFOPlt%?5TsyJgW9uFBT|pU(I2jCI=o{3~It^q}~r-CEGfHKT0 zpZ=n&2&iNhIH-D`Vbs=>xMxRv8KMDx4KHD2JCR-hewM=Q>@{zzmp~yF%FAs3S6VvN zfs2bd`p=z@STsu7$utOGERsB&+g{Hw9F&~+7^9Jk>2(Sm&Nodj*}7@nX8a?11}T$N zDYIoI~0e$jahuLHO5g(}+tlCBp) z@>&4T6oWks>faqNaoeiN-RQ%xFEITaY7dmhrAT#o6X2ABQi8g9rK33l*-1uZJJlib zb=DLsj)AD@o}Mw4m9*V`QXuUC(Z*&)h?lsB77WygVusam2(W6E+~}=ap&}5qpBd+A zuJTb(LBgCWB?5I~WCvclL8*f~Z@tU(PR-7YcsdPHqKLvBhzd-QCatM)=VH0%p%{Xy z$8>j744y+kX##F>;rg2@!YREjD|>E;hzWIe%$s9K98&)__}R4J z#-ry~vI!v3_*(e>KE&|u=*z?MjMr|tWkYZztEGlU1v7fcj%&~Gs;c%O%66%*z3c*& zi69=-EKAP7_>+6UgSwL~*n)fSkNlr>n-*AUyfoyaxc?e{(tWC<-z$(2 z=QktD@ANVX*}GqLo|x@%@;C7LI9!yQ_Ul>UnOth)R+Ep#5OH~W#qr#=-} z#lcaKIP$v@5H#GdlT$jXcrp#}#HqwSu!{dUP+9FoWlGJQ?|OYkqRQ20eM1lW*UMW> zj**D{l~t zI5!^-z5q(K^9|4u5#~(~tWl!HU2i?d6CASE6h!}g==fDePny=8!pRUrIHRs-eUidT z;fytuO5GHPQu_$Dg#U2u?)YW^ooc)HPGx9 zA@`d<@JUQIR3(bBz9yyN>esrzAW*DwJaZY9^x)enX`hKRnnL0ix)e9B>xwm0_@h@R zKek@_UUH<|6Lvk07vGl`<*smBQ5G;rIHfR53z-vQ+2!VkaojC}DCx6Tj z!K3=s(8IzAqnbiO_D^@rkfK@a($seB(?bGES&f;Njs=1i2`LF|9ER^wylFuDOe$t3 z8aJsp7CTREdm4T@WXFrd11N9lVp!HVkY`&|$24L<>*!<&4(&r5cY}aIX7L?Lqd8`h_cT z&N?- z#If7Z*OWaS<;aelsclLa8O za-l8s*HBFfn%RZJp-QP+??KOl&2x@<;rxF~WIjTV^mN}RMu|pk|B;YDoXTtPI1QT2 zT$l$*w*-}A{62wK8S0NzpE>xK!oaCNM3S0ZQdw5$ncf~8QGTU4d3G`Qt_&&2(alST z!}${!$EY>aM6#X-WHNQ3OJzOJk}BS69>p!0BS4#`A2w-m`vm=y{w{|4Q?W0+CBLpN0ZaAV$cSItWoQ_iag zbcZhpoaF^2+PWuHyXZ+J(!+bA2 z<)36_50J{FP)54%2dpIOY{1XPXmy2?pPn^Avyzh6OXr&Z{SjwS$gD!RZ$ z8k5)F&_V9GPx_QG*G+MtguC|WA7iQ{)eZ=u+9W4!hP=r}z+)PskA;iUt_J*~V zzOE_D1ZG85I+8~5V&TiP9i%WFBEcoTF!GjIqu~b0^!ms+Ir4e)HZ}YUDt>Ot|2)*& z065;n;*j;E`-c(C!8%Ll`<=AR<7v(b(Akq0Ao&PUd?YkbMxGD(e-5+R2YarAIPzB@ z@3@|Gu0EYQ#dK^wMDu(a4na@Y8Hf+<^H~K?Cqy7t!i}N@JbaBC!V$r-idPBfXR?9|nVH}?~8VVpnuIYGQN$9M+)gbf02kr41pTezOkY5BF<3-{}SPS?o75DmKwn+s^ZGKZO~qpC2hM*acZd$osqc8c;Hct6K* zNCJ7bIEvwvf|UGYQ^iX4kof^tvxr{FVuGIo2N=Lr6beC^saN(q|2d~8<~rFoXov|G zG?c^^xqf}5a8|`-Do`Yb`$Ah@V93p^Usml6$W?QIlqf%L+U%VtjkT0CdAS`T#|H!T z0*pIQQG?hdJh@tljiGVOo+y4rKS=m+coi$vnQS?1E0YJ;rfNABG0Xiwl2$i!2yZcqzC)P!UM7nKyxW zNBIUea4#mpqG>|m^MgA|7l=+*F*z&Bv?pB0`p3JC66!54e3o4t5s zfyxAsn;>`4p;}u8mpK6clv?2fTpwP9PpFHi=ityFRl+=+6MLIq%c3`|nh-Skv zRuF|}xZpJ(NT^$!Nft7PVS@>#_*e1RnZ*HBIW^HEYHT0LgSFM~LPwzmk=Ny6M&&ro z&q7)i;u*Rj7-O`&)bq7!GJ+iQ3u{SnK|v^}dIc~_WS5=$0JteN-X4clxF2t1@Mlv9 zszi~OPCxWXEd@=RPW)u!ML#pjF4C{Uc}r@Spsl)t^UPf4ipS3PQ7=!gP)MckYJQ!F zn%lY3*5}RDC>l6h%sCKvWS<^jm=e@L%Pslf3&%BWp2P8a}kSmrk&l&QVPVN@1x| zQl4g&;3>wy$Mew6p3h2a&^^K=rfS{XClto3g%qjb@RDCXh80cEsX?FrWL-K zS?d7(WV++0s963RZgcov#lZ`~S+*?J%!dbzI0s7*3UMe)Ye`f!&{doe{BF2!LlT4a z5zu0Yfb`8kTCT_%iq4($@XPa#Nu>!S*11Y&ZfJu*`{g*K-x zny2xQiEYcTOx#eQIEO6ZNa5X+T9T`U7hjUY1({flVe`JNHHj+pT^0=0)#YMz)6g&g@JLPy}s*(6x)p_m`uO zM|Rb~MOD+3v@?i11k3>?0L6#b_;EKUG_Ngn-gBC7vEpD=d6f-^@AA5Q!2spxn3(AsTt-rZvCGHB1K;0L=9+N8Q3&Xie7|-|wURI*=*R zOgE{B<~#=`JX&2&Tz;KO^PV`T&Igv}#zD%y%}GtN6*x|;XG&j3xW4}YIbHq0E#3Vy zOQpLIA#O?$v!|&124ud>;((C&gpM3@V_Y|{;QU5N^Q_*@_%W4 z3K#?vZX^A7T6Dnh;J6~0x;%LIRs_MBoq zH--iZs#mypuDxlVQS)Au_`)6Fp#;%Lp!Nl9&0DsR(jfeo^(N>D)HC(I0e<)D0#%4s zv&gG&^1}f~Gs!f$lu*UtIZ>C$RFtFi;)$s}#i5QoKu$EdsD-pwE4kUZD@~}O#F4*o zPtSi!b^AF^f{|&}YAK$!KYA#-KbP3~JVI^C&69iw4l&1QpNbyhnZLlbS(nI@VA;x2BRzUI z!v!YlD9|RD^88foMMZDtkdBT~wf!MD>zkOERr;TH3OvVTMT0oxLd z{PbTmG_ppXeKuX6!FQ#T85uTFhYyAf08V zOdU%S^r=Vtb*^n;>K`n4q_Oy=ihYuIHlt}~h5~_HG0UUb06Jd7bnl|CPlI%L+aH|F z)pwNgl(In?GTaw;n|OmDTAh0^MJ==5hP`$PvIxJqVTI+6w`qN~Qq|XPwp8jVohotg z@S|NsN`YWA%E6aguJ(X&l={}gQ-_wXO<0Vp$j6*>HhP~Q^*7e~qwHPcrWD~gAZQa| z(E!$1ku5W<>)k#U7h7=&_W}0htJ_Lw&6R{sVE@N7Y~4&|zD@EGNn0kxOinSn1%60F zQCU4B#*v8?$y1$oHkAN)oG)BP>cc}~t@kZ<+MJPVg~J{Oc{IQ#aM2A393t3p`1u`W z3if2Q$jta+B2zXT5HJrA@HM8UFlQ7MMlEJ94Vq`@u>Q@oyeS;P2jpPq+lE38<@y6u zSP~{#+|X>FQ>N5hRVI4~Zw3EFszAasUWl9=567b#oc>w>P z!thQpm--UcURPb}u^!!moR~Np0R!)}jHg+CcumH^Bh7f<+_j-`kv$f)7XQ@fNh199 z3gRTQu6Msb#l6Oyt45&kb11S(t2a_nm3@4=^yjgXan5L2P?M&9Jk^8i5+=f>o)9$z zwMM1ay#2;js+}=gXa0mh&elT^tMkwU*ZqP63dESqX1Gf`DAic)3cvHy4J#ZsnxqOe zK|Rg-aczNbo4%B9T1gX|?{yrpGA_EVILHMCRxy^izH5T--XMdZJlcUxayi|8{-mQ_ zx3}ITz7EbMXHqrzng$Ak+dO>I&vu=&=WpibiuVV+*(wl^-C_1*a-6&FblR^-Y`_i1 z)E_aL%PH;?A@tF9RvONBX3qI@dbmsVB+}|<{B;o=(c~Qx-6j5Lnw;efPQj(dR1*yt zB?Smdh0VMk66{rT;u4czQs`wl)4Udl-v8RsJ|a};K(0ur!Tis))Bz}w+NTG5hO!9L zX|!beh|cfO=2#zrKa|=4h}flZ&IRX$(qGM7EiS^2NN|{JswcqV5F6 z(=(LL=yHD|`P~VT0{CZ}vy)84l0BnM5zFy?4WRBtyg?3ZUto~6CYe3%Ym}u9qf!`yD$C#6R1l1jo{*fb$CPlIeU9HD=Vfg>p zpUa){NL@tq-Y{Aar;fUHd~%abs>%{i9I@rE2(|s=#NuWmU75`G>YqlL0V%!cIlLQ} zei`t2ZiKpu>4{r56G}ppVkHMa$WHsL|DnhEizd&b*`t30@JizQAO1wBa~hBS)BF=E z@m#dmxzWD{ROk}`03ZNKL_t)7eMysc5YMe^TpA7reqbgsf!4?bD8dYo>6DC zVjX!R!ZP~D^j{r!JHL)(aJ}3*Je+ov3EH6Z?*66R2XtqpNi9sIJ}g{Qr(F9i{FWXe z)@ZXpjUi_2Ia+%DL-d_z_bS#`Aervn4lz3Io-dW@odjOVK=8T}3Ep>P-!dCymc)=H zG8#X@W|SnrfsBwF2^*(ob2Q#+Oo4$v`I{)9B%1txw3hGh^spYVBv%O&`}PdOh;0_h zCxd)9#CeTA*`wTs%u1R%n1B>nxA7L+F2D&Uy&nYg%{C`CX;$zERKKZ!^4X!-8r?P9 zo|8RqAe6qDvp(ZK31f?S%DRg(Fw|X3kpk@rVdCDwln1Rn{wAeGRAPg#ldYcV{WGz2 zsU2iF<_xn)i`M6)YoYKFP6M=I&;`Now}7QjCIcZR>Q;M6 zm%0mL2eP7x1Q*_YX;e{ga%nYRgx#j1YpkdSL}~YKf*7fXSzuJhh%p~{gBD4Zdz9(k%9&0UkFXsjHo-Mi&K z((cflk?B6UaH=t~iiGS$ZL^duw<5&&mF!J=4;pH->HV0(3{|6q!+v9PWm4TemcJ6? zaO`MP+3@Ie(J?DMiHT<_Y8O@F+nmFg8n-mh; z)df_m^zhU@Z&+`f)l!s_-17Ve8xe<|Ix!SRsLXg#@TMhYa6t0L7+5}r@_~v?^{#p3 z>BB)M|NMHhA;v$>OK-(PpLDq{DIRffF?Bp$YdPY|Ze*Iu4Ws~Ugdw5~>Jh|k z#p}H%<{3IvGKuVQ`ZIWEJ=Bo{{Cm@YwV5w0Zur2HeEMcSb)wn?@Q;r;etilg7IS9< zUsP?**0*Wh#jKpm61dgvTJC~-qh2so?&*H9p7|GD4)eo?Xm-v6$ezw33(Hlf>Q-FZ zp}~|Kkw#oyolGyzZZuPg-ebojr&qQf=@o{hp*}P1Bw7?I&O8yiJNjJA4A;UDqqX2s zKm9XXAIx&WSfh%t#O}Z%>Kz{a@l*qguWm7@ehHa?TD)*_(1H=Dj-)nf+n1ia$n7&- z)y@qw>lxIU!p56nbgFYhM~pd)-6_91%GDBjQ*>PT=60TLBUBbRf8!t8t2m(qev6U$ zWwcpEW{W2<*^!uFzuBy5MH2fKyu9^*?R{a*qCB&o!KieXYtuwX=*kW^V($)3>&Nk_ zD~@Z+?&j>pOkT?;=ZB&qPZ4+J#is;e@xeKc2LZ^>JCVo_Wo&|wrDTQX^(_`wLdo-!pXZwN>TI!8t1wIB zpbLMJJk}?Duku%bO5-c&iX)}k>n~RNJiF1G{_~*r?Hz>`hVQLdAy}pRV_N^ z+UHbvs!vj>RQf)IBqTrxA%xH*^a!XZHdh4|c~231DqinHedv#$-FxU0y~+a|2{E0rVqIew zeTQ~prGBE2o{%zkIu8Po%Gf7NCA7CR&r%)-?|9GA&+k+$i@GlWCOg`fsd-4G3xbe2 z2INeCl+rtfG*ik7(c^qA;Kq;8h%yy;Dm1sM$TJ zbm*(KefjD+!e6^m2O0}FPoa#Q6Nm@x}u_OZ| zfe1{*cQ7bKlo2gCfdn;Zi;zVq0?F>1s$dXmCrRe`!}7U~AvritgI`#8&Zj)#S&o=+ zBA^~G;Tp2ciU>O*>?jmP1Ds9IUCskZyXT%Y#4ROpia3N#4*bZ_M)K|5#4vAi{9*x( zt7XBzJ5`#PLbQhT-qX&3pD2PuS(tN791yyj&_-z0lA~q=MKlmXCElhgL4`o6^Rx>z z7d??$M!w9|Mkd8!BW= z2fb4!Sr-d(3v^?aYRu-gy3i2B;0sOKWf5~ zy+;NgDp>ih1PEo45$4!9B#%!J07og|K|8mEWt~xE7m+MqLaV53Y~LS13=Qr>6UvA- zC>iWyrS1qFL`56y!3vfZ5N5?K)n8z&7f=N5EnIO%mD|$kF>^&4i6W1Z>Qp2Y zh17}~KM*0F?Kw|I9n8?_&`g*yRglA^5*r?2f^lRA+@DQf8OlJ@c7nufPN#BK62`bm zQR<+g130vsCB2#6*4+gG_3l6bK@E=vTVJJH$ZBdu7%j3@t5QW2kE4+im^)_2tQ7qg zBv>KrUW$d2b;&ib<}p~`U&@2DGcqNkepardQ8NcV+oVlbjKP{4e3FH-RZPv~enM-L z3!N)3Ecbgc^+92D`3@DH(BQYu*{l&bMACH6Q@B}@XoS3nf_G6>npIvJY(yRc)uBwC z6|vIN+JyuTnq37~c!`4|S*V`t5EYy|8hmzyc46Q~zo_Sv5WTaVMYqf1t)?|Ju<0sh zt|`f^(yhFH~th%PopK|xAh z7mOhSO|YkLmnSe)3*i%fEtG%Iicw@GRVv?yw;(Aa3S9`GE77(fU8i$!mbNW(v@m3= zFrWg{I7d5T$HYzqVbKQ>>Eqzqd@e{-X~09+>j+6!8F5=}6~|RVZfUAk!O`k&f0<7y zcH}lTsk@?~Dq*v5h|A^k;tSqOXwfs<1ISQzc9l8=qXNy6l5Bpp&`+RaQ0X6Jx0ZT9 ztwqoT5}MO1O86~6dZ7zxB1$c|D|{)v8>jc3a3}mMSQ3|186-Zc4~Uuw=xfO;J3>`| zd^8Mgj9{=NhK&LxNtVLL?5y3t-^CkR*fLm=s31!kh3MV?i%EVIVfk>adJcL(3D7MeJn7j-6Zl31R*8GKyeaYgEF~lK+z8sGqi&= zyo!2IMO9?$RX|!98cBXabA1ZLe!}H9v{D=r3q50V8JZwTVl*jfmQH=6bssI!s>aSf za>E(aA-#FPlo+l}siA1Fn}uQ)G!+^R+YvxWTrRsVLXqkOTjFC$rz3Ax>1#>P^jU)- zc^Qy7!&pH}Mdiip(`HAWpK@V{Er*a0TR3rjnv5F7RbLCeX|ojRxHMNfxdtUW%?0E$ z6e$)Gtx(Sm2CURnlHDR$b4ja0MBjvdp#v}TThwH^6j91;&n7g&P7?wg#q9~0dN+4d z1T`zGlAQO{kE~FT%H0|M)9R5@i#&(*26*kNcY&c>uHI>vCz1`%_^99@ThaI!Ee0`+ zwp?fFUi0d0_}%V zaa)54xR8t>t3i{XmbScO{FPHEkCuyT7;c{x6x6bxZlQG1FvnO>#+5Z%-hv8XF#fls zkeAU4z4UZ_O9dyZJK*3GQ-x&5Z|ETwFep)u!Z;%iI)}VZAXR;+X&qe6B=cdk$4I?o z#bkx0Ad*~ZB2B1fXefVvqtmIZsHW*;*#i|+?ulsC(1_1E^o{AIQ@@T%n3oia4S{UF zs-sqe$PWCwSkPyGi+UH)0S!cW&^e7AZ_}ZO(m%D7w1!RI5~#??2u}}niET23%I$6< zA;U{~C*3-%G}|=Ftbr;`d6$&nOthwRRH}|ZSl=oE`Y5m$9&vi8DiW@4st*zu+wm!`eU=)q z%iS_@Ns^7;W24T#mSVU~i=EbqDuwW6yh_4{!CO}i#Ho0GRSvpz@p!u4uUjhZ2U$ zu1vPQ4M3rB{4{m3v{fz7Zvv3Ybkl*Ltr*ah{~%21)dN)74L*n{%N}COg~3l!;rKFT zA%L)w5gtS#@Fkxb_ElU+N$_5W(oy8qHYPR~+*w3t8YHsi4546XJZ*dw%nvs2A{6v( z=qf>vs;DW=Su26ORQ*2Bq~STpjTmqVHA!U`7iNy>kzXa$40`ao%k3 zeJlbkWn&ce(kNn<0!Thlj&dPFZ%!UB?tklh4%~#`Nk+A1nNK+wJVii-dw`+~fx21n zXjLl>iqTPp{jtRz{vcg3T!eFiUg}*N(2N*~Kv{ukC?zw}(h^UFE)-J8z#j$+DZ)?M z2+h<>IwElp>^|wmnvoF0R&?q-0Dh{xAAs1tt}u4?OrbOOpr``!}#NSeS+vPnD@zl>AQ((y$oy!;omLJe?Q<_l(yW z5S4QH+yg0;ljHy`+f~&_295KYW5>df+=!$?CWnm*N>n+_K#ZilV|Q%`5j0DoFNp*u zW+FU01X58Lgx}!6G6WL^?S0%patk#|v)Kl<1=?r&>`MQpk4A;IXeb2Be^GcM(8aRx zc`6+PP|aIovO%ysRa6B8*~vr=VcBNqVn9MONy)^$PW%nMc(5v>B`>UETqHRlISPvQ z<#HOS$<)?!ToA_otEz!b_@YH+DVAfz1EnIC*d`xI%gE+*q-^|JZ)Uj^;uf({Q$ow2 z5Q?B<%8*rN9*7MG-`P8WXaiArXp!!T;pd}pQT8-X8C7G-F-YU%ZF|)E@^ruIsxc{t zguy%>jOjHcL-SkQk*>)F2Q)I5>FZ30u8RKQ0gsR^_vD_&a zqr9l3MgCZ}jGiVX(&<1D^ANZy$IOJJM~WFDBN|F}i%~#BC)r1?vN$tOq+EFwdhYZk zEjbOwLLr3m2!$kxlH2;^Pyk}wvj#_vA(j=C1&8sx$TOzoYR$Y!$Gv*7vkzYM^~qwm zhFk&xR+~gqf5OmD3PY1m&yYTx1(RxeqNadYgNc-cv;K?Za1PM*K4V5gk}8TcVkoHr z^ta@TYK`|DV<#W0vOCkni$F1;T*5d7_s17k zif9a(`WWhwS_vdt6qwA?m|aa__VH(_n*bsKyM>~rAaPW4;E$hbaYOWmA*ZCttlo%K z$Bw7Cyh;Sd%xI?gT@jU~f92U44S!Wc>lN6tWulBqj7zOhUkC237MALDIsA5d1l9=B zu<{*cU`S-*LQ)|eW5+7#b~1C)2kG(%jV(2_a*}}R-xb!Vh;kQ=0vcNHu>hD7Mp!v5 zv+L9o=465}+y#^F-rM=7`ww+ zASFIuFbAkm<2A0EZ$ZtfeYqCz(B_#IO#PQJ7RD2p< z10f@3M!NLq-3^Pei?muA0UMFhaI;F68_VFLN-^cAz<@9nw53t3otVlBN@3_J<$&5? zwSJmpMM_a`3_+d0(+hyNUsh#ME||d(F<5Fzl&b?vmjEDG@;EZsGzt-+=)k}jS5E-N z-jr@)RPu#2CYhx@jh`1BCE^E!oCkRv?UhJ{P8kCUg1(VdkC+5cyKPfh0Z(yJG$)V= z?|c!R6msCEN(Y|Ggc<=;1+8tbQdY)dr@JHZv1%UD6U^vHugP5W#XhKrt~?MxK~C7T ztCaN^#Zb23YU7aHW+)X1jWyJ7t1Y584Z$>hXZ5ELDle1_D~Hv3s2He7mbbP9I002N z9{i6A+Elw0E*+{xv{2a6FZS3p=iq+o6`0(76=qvX1d$N{gOsXpL8+;d)0Dxa+!n37 zH&G+rk~oBv+0+I!?T>Iqj7YQnLa>&-8DVhHEd&De{7W$k#`?+)voX#$kbh)EpN5>Y zHkhXZdl#-ud7p9TRY*mnmrPD-0nm`?oJ2IXWvo)IYF1z@H6#kF!P?6pCslIoDK)Ur zl30)Z`bkk4{~_RNy-r!NITQv~9SUi66Ci-X!5l(cybPuXSgv;PHwKx+fNKM2Hg)2w z6>6v)%4e@~P~=F#6UIZhOKcgd67x|EgRr8VswL07nptR{h1mdoAVCk322IpPTR|4B zjq!9|6pR-APIQ23mj!8z-RSTTgim4kG@um32q4sTjBrtT9fps7JiJC)z+NXF=_aMH zy(YaLZ<}vNr8~K)_m`x71CIizJkpftc$2X=hLffwA;JZ8JqFrk2y}@{mY^koY^|Z# zAD$M0bzs$VE!7rJFiEJ9uC)QxDzo}=C1jDASXd6Z>tD$3$l zD!rqa=T;G_&?Jfo?n9x05GrY9S-}4_FYq=+-~7y8>6x%C%k6N~W4q6@31g-1qESk> zD?}*#T>ZnRY%RT*A1d9`w0vl~X7F3WELAb14X*+Z!r>@(hUINmn-G}GL>ORo&J2M3 zS8d+BHH2JKb-T8JfnMj?|K7)~gb|9`wA>Jsxz6O<5`NBTP+uUCr~uPX-4jazPWRd< z+9LU9Ks0E8I&7u{K?)er5<{>iL^L+o9?ds6L^+vWFp7GZHC=5ObvojELeXE^557aT zH@t&F9kj}o0Xa3`o9QA$VFCacfQU9Jz*v&Uc_1%~nkbDFz47S)aP;L+G{-f`NHy^q zU8m}EB$*;gRTSvR-}FGW5-M>iz~v=WUs${=@?Qm61UWQY7D}F@*Wmv*L@E}75noDf zh)$A#YArIwXlcd!ae|weL98{z2N);i-7!ePoiaw51tC-Rt^m$av)tT4C7)YB8nV|> z$&Xo_mZ3_nDWW13BDH*0KZyBc{3xk`M43Sos8~I8ow{Rq28IMNfm%dJKE-IJR5;;( zB`z*ZgPx#%?e1wo`n9ERvPSGN(Osl8bPW@H6Lz`OhG@V5nO2w7~(cHC8* z*!6V2%W@uv>mRS(+?uO+Fa+?HeQrD@N3+sfs8tp;>o`x1ctyiQX(@ z+zigcZ>kMa$yDQDi&80`G^7klw9OupGBHvE_$rH?6TyYdzyuf~CIxO>N_!0$Pz^C* z5J^W4m^#%|e2d$=sZ_8kCITCs@Pw7JnnaC<7%?Q6nKeLx|8kBU4PpdE>grBHoH=T4 z>16S;%?s!5nOU%XZpGsL4mfbh(&bC$mcy@|JGSoJzV+@+8}{y*-@A2D?OL<@?ge|d z^I-rAHL^O=+|vmaO1&T;DIp!bfjgDKM4vQ;Bl!krrH1x8)V_m8ri^=|Xqh7AELt+&?Czagckj68o;$xe>>lQ~E}U#% zvv13y`E9fU2!oHt*$Lfr`IJav(9wZx2auYs*W3z2zd$FLEF_W9qnim%ItyW*5a6N7 zBM1qPKcSf{MW3pwH9egu1vJFuvU=8^q=Xg>9)b0XG2$JWKVl7q73?PriCG%hSWw!G z3RIKJ5Fd?06@2KJDA4@-<=xU`DR^47;trV>SkgV_=cs^)z$692_&IZPv24})gASVJV&* zM`cB8@D8n+Ws_m`*OwmA)*O1|qDOSIyLWEA^XB#2Z_2jmsJ+|!Oc0qX^~Qy!c!4`w zFB+^aGl~c(F2Ie{z;wOlm~Nngj=wJ@KZo6sj5Z(%qQgQ1WKMlhTb*J@Fj`!Rk@VQ? zTx+GvODv1nO(PAA;GQ&F#SFs-8KrJII{9U?+BadeN=KWe8JZArVKh^$2~b2iv_UMW zw>Nv5ZekF^K>?;^g+ZxG%U!drUsbSGa45P^l*+J>pQUk+W#?}aNs9i(-95CWKmrWC(ZjiehI&;@ikbRiBlIoJp0+6{qms!c1U()NV)8&tY@3>? zP!pk1@<($73XS==7!7(B8YU?{jU1897bc_$0Q>Dnp_Ln{A}7_VYC??QXzkJ^alqP} zjyvgq{nxB}1g7DEUUzN0{gx{?@7-|7-fd+Afq)0JRI!Cam{*odNZ=*%pV3;6mrhX< zCD=NqB9)DlHH6_K?DiFFSg>qT2Y-FdNo!UeaPXsevs*UZw(+XXb<3f9cc@_md~ArA z&8=-BlqF(#B?tnM>+G$^`G~u0(f>u%jnBVRO%&7t-RgG7j44h_Rie4xC7miKUt{ZR z(;NWIh1ojarmb7KN?NaMV|HG@E}2E&MFpQ*|9!4RrezXQaYwUg;e?=rh*k<(M9>Go zHp4Wt1d+oCvP0YufK_V@{wmF`*SPp-kdbUG?{vTdg6%7ooquQOdD?A^YM6LUm_YOp zchHd2eTTNK@_P798PUe^35p5X1@X8>$CVM0)zr{QN(i@uAzRpJ6ACcgM2QW};un{# zAsa(u1h5puJqW0I_?iF)g4w>!e5b(;lW1|8EL3U{^ES5S%o=VEkdK*^9Hy_z)^4W-k0K))6(iMmR%18kwxDaRsU| ziIsaxOJPW`SJhWmSM-gw*fpWZyb z>EN(s6fV$(mC>|u5FAK?_M+7Ol)4i=T2Wjf*I)+>y^IzQ*tqQRI}bblyK4=nU-xXf z_0~%^FnPFO@jXasj?t(5>*dEXPMCApP-7UbQD4JD7W!DD1&Gdku_D#AH6nMaq#$PL@* zK}`oCFl3;uEzsM`!BQl`ETcwLRfdnYcO!%5He*5?GQdmJrjzu|lutQhadci10L0P@ zHW|(ed4v}sn;s#FPP^Z9&{3%OE^j%tK4v-E%2!#^R0uyTvEwFs< zo2NWs@9`)8$63Sa*XE74eeJ?+x%EIX2~ei!F=wy8m{e8v#1z;>>b=c}#zIkank3AU zwQt28t4`bd-NuFw^txx$t+!mbt+pIQL}n~P0~x)MIq19$Z3*3EDOn3czuIFO+MqhW zR`5tqWK#i%u!jhgJF&ull#NjL(x}Q%Xa(YE3I;>sBMi;Uw7!d9gqVm(jszop@6s9M zsDy&mx2rnxV$D{Mjp=w(W-D_G0YQFqvF{;uI4OAzWP#4@fIv$rP$H8_D-!~GOoq&U zE80MC@Y%s|9(}r+rRQ%F%%K@`49NTvBc_Kw*N@pMA#5ulTOZ?}`EW@e!GfR(Q9od} zia^obwCXINO&og?;(#C@%G@?8vPD#r2_sL@ZZVn%a>fV`)iLM_QXW|fmy*ir4t=>_EJcARRx%9 z+(Uh_5PJG$v!R!JVS4LGYZ_TC?%hRad`3+DQ?0wG@`FsXL4A7$9>7iHwR{ zTaQ(Ef*mTRWMEn|-+;b`Ib^Z)f;(lQ{CA@CxD0=O!gt%<|O@arlIcDTghVY%_yir_1t17mKN->p)slbKeo(06DN}cKy??#xu zO?bINh1H-7kbxuPCKC(vb31-tIhBOcw$)*)>Edyo!U393qrP z!viGz#SEbefb)7fr19zrYSXkuDosP>^o-V{$2&?UwWgwCnk`aR z$tt2UDJ4k~E~7!hRG>>Gk`{p|hZjoC+o^+#!xBCwq+a?mx~~+hZ6x{}X*(K5+q+WT zxe12X#$G~N22E)5=X-&}V)wH1@9Z88wvJL_t@t{A)Jt{U*;uL4l16oCNr;X>P9nlKou0M18wh>Ni<7_D}TF>Rx z|CcfjNJmjI)Ak!J;8a_b&?| zi+iG4LZcdp2grm=RG4HX)gDT5iOzEgUSz3+OcZu*)-=lr)7`wN;ftQmbbo%<4Jt_< z0K&qYqnEu}LVLFi;cWgKXzC^6%|oP(NjnDYI*IIm7fbo^%C>K|apCB$DjX=lR5%vy zrLJD@D0{CYe409@T`xO-69CJ=(i?Rro#Uc zaoGY(7srdAz2ktjhdgR0`_X>gwc*yAJ~p>+2VkVnBh^eEl>E&AT{7`nwlb_$@tDjm zsRN$BbM>0X?#*u5bjuz8GM77gEsJBo5LgkI3M=+X8gTEavR*SqwW&fXDlm0O)%2yY zZ4SH0Al!CdiXVE^nC4izp6rXe?nsxeWb0o;b!(uc;nkdN=sbaP&n}9N#aah5HOhFx zh<=mOiU?mu2-m|W#VC$Jpr9*kM5|hJA_9r7XX}&?Bj1e?0HTzj-ra&gn#^Ljio$4g zvgqZ%Aq!S!+azOQ4Hcl%X`O%f^dn(FcEgAsfknVo;tEsgd54*0=%+BNH@c;<^dZor zQ#!K(l*Q4slu2k(8x#yLh%AJn*gSq7wB&nn?VPV!$Q(cr+>!oASjlkwlh@0FJt(^; zLU%K|&v4*8#`{v}yr%*%TBf&;Ie0+zW^-g5aDGY%o+BiQuh}nu@P)H0S0C`5ALj4g zYsu2(3)XJlacA4NEBeyK~zD}F;D$<)-T*!o4GsNSoX5m||ME_4Z9GbXb?_(mh^0LHLW82d~9BW1M( zkyY1vlT?PpNUeL%f_DHC-VS=ET?h%VHHH_co6eBcm0nqWA^l-mO4bf4qov1Vi*t6! zhC@qa6C9zxmUX2h;1~(XaN2!Y)Y3{YyyFj2R;B(zemVSZJ)52a4nPrdosUwQz8sV7 zuPOexO9Gh!z)?|g$eO!fa_;iErH>U&?Ll5kmM&j@`20N^@7lM0aq|+v^o|df*qM)z z0et!!I@Otj?mp~!%O5)e;)A>v%`KlheBahhch-)@fOZJYUYhtZk}OWB(WpIhG05*+ zq-o0&W3mUTn14k8QQnuVaC43!_)j+GLQ^tXuP6#Gy27wwi3dQCsZ?uH&#T~4cUdzw zg{SQu8J;Xixzjx)TtVl8D66{(<1a>rSi4bEnVmJ>hp$XUb23lpaIq&S`1AD-<4<%u z(y4e;g0rw-lQ0lyvF!X!72PL{hDVrBAIjc|Av7gjRXD3`z+g;ob1kzeg)n-j2BB1% z85Zg~?`p)|&0nvA8I0jzZ7k_`j@vkmW8%OIr8-*svF&P|RUh$H{AH9S8AN0E7!#C}{V|n%M(ai%F+z;B`N8n**?Y76g?6B|grGNXcuYLHY zy|*m~GhHlv2}meJsvmS`uihD9)8&LhJ5VBOnM~)KG!t*=9mIJSVfC>jlVAlx^gyq= zGqj47#H&pj3DOi!SanXg)V}DD(!rnzPfOyFbU?g}dD-|e0JKCed~z@fkXcPJ&8ZY5 zvN9B07{r1(?vtLkjpVJ}Nmu{Kn$gCI#04z%5)0gclns3bY&#cvsVEEXaaHR0TM&de*tyiw&x z%vBsa_f;!?X;yXJ()vzuQWZNYiJRuYEm?iDwh9brP{&zNATOYbGg?J`Jp2KWeG9K0 zbnzl5%&n)WD@e{hmTcI?Spxcs(C{oRXfzVf(FyroNh> zP|fD7!U61WMyr@EJWAuVf`^bMOI|UFnU|&>4V?h2u{88qG7}Y$m%VO23*yMeCq5 zFN55Xs>($RJT}E%bNWkFxRioZ7)Be}WJ#6aO$34hk^@_GRT1u+4dgtKsrM964H?Bb zWl-K3;2Tdn1CC{BQN_NCPz-2rGkzXyPTMH{q7t4|{-=SW@OnlRdoS`iBZlIn!{A;% zaKGWj&v{I1Y7hQ8;oSWfACL+4lkdU|Br|p|fC3ioHym-^_wmghaqj+$)-d~2s&FYu z!BBwELSZ~cniQH40SO&Q=PL4Or(@crQjum%5Z3l_Q#@auriA#+$WWs#093T4<^hnE z6|w@rbQ^e#tD-M#;YBP+-HazXM$Vt&eca-yOhSaxRxxS<%HF28@L%-7laK;I``n`< z5Y*))Q4e1fOH943rkle9U_B_;Mo}x54mDFV6^w-BZC(uEyp}TcgUxTml$k(h?K;Ws zjv25w6cvPQbNN}Y9VPdNny~sA6(!E4dnibI|^GrOdae((W@*g5=x@d5-Y)lp8{8;CS?)5L*7S>_gp4p+JM zSz!ovl?P-i_|8(Gzs7);gAZV{UL9q&DQ62DkwqyS3IHn_sM!>)lhg2CmMlh8pp2`M zkplp*$f6<|&qX(%IwH_Vh++zd@w&oF5=2#L{wP$Ei$+v79XK})&<%G5f?h=|lqG+H zV+<(KLXoY*3&=zjfk~-iQ?8@4MA|y_@vdNZe)L9X9K8_|Co(Gy$3nn1Mw1$i9qqYr zvhJN<1>mk7;3B7xt6Q(=pJl&Da32}fGS$lijCJzENdgivfYS?jQy2opsQ?OVtKq#& zxi>SV>jKJCrUz$TA|gG{uOhO~cbE24+4@)*DHc!zVrE8!zlioTt1vU$UiqvYYt}xR z?OwhouO)NK4?k~5Yt2Uy;aeu>sj4>94tm~>{nmWn-|V8f6>FcrV=_xvQl3AnF^)1J zgfY_AoO8o-&SDQ)B58%_Oc0~wMULmw<5*^e!;nxTL%-1ki<=$=0vQg*tsve2B|Cy5 zGHD7>l}%4gh9P<~qQ>cV+@s4a1vSweg-i}dji_>=nS?c^5mmS7t(qrY+V-O~cB9m- z+>Do4k_#l@8I^%-PC#ZoorzhR&xaB`)Hm8ee6mdASu)Y;Xfwh{aJ15THC?9D?gp_= zg3gjt^caU4ha>Zot4LH$-?^GJNyRujsv-w1AWf(>P37~cxP!m#PIt(LOqHURX1f&1 z8l_2YN{xv@zK|X$vyjy|8r#elKvi%EwWRBm)*EHMT-rxm;Nb4%RQsWjiJ~bDLt{X{ zCP+Yfg#n;XJAK_1YaYXSh~L(0{{s(+qc0!Iz!~C2^0$Hcqc7j@F`S3^ZM{|=aA+R) z1)hWmkEsGW5sM^czgfoxD10pY z1EoebOX@27P*1!n*-W0zCP-J7G#$RMk?mAk+FB|K0gLA6)mJBiBKV%krMkkX56wFeRm?1`cW zjO67+V9W2;lJuyIBS|!;**{8BKom!p(8^o9<0vSH(K6*ksd`jZ3|Rw=wJW>GIY7>k zACg&URY^@&Ynw9pbR?D1dL%j*kidXqcUL+WmSSWm!jsi1S|X}%Z*y&_Dgj?oRH)Su ztbV5V1m~+z9LZJ{G@S<5DQtekvadhq+-E&%$MiAqdh)ZLQ~TW{zvUnV&&d3KH$3TC zkHxZ_NBnyHGtSF3>%oDfqGOsJ>Qigd`S*-+fic|$;H;XY588%tyF#80-P>8=#!Sj@k5|)9YLyrE1 z16SyFvYeys;1aa*K%i+<>G%YrrcA0}BkaY9_!KO0eBJDqVIrb1IToM>WHrX_Ms<(o zDHU_CA;Mt_xQ?kLY(z1nMj^OLV@ON(n<3`%zDv%QqLt(zD0W5GP&f*}fl`d6rfe=y zjpO6E?$u{$X&LpeLKR7rh0#63N7klF}j#m1e?(P;Mk=8yH|R3|^(8 zP8lu$P=f+gwD9Q+l1NL3k*x>hC;{rAbT}363X~4QRH3QKXmOA@dnE*PE)|cO=DZ@= zWza?wUJ@O|XKkpZc!;ISa=-H3)vA%fzg}RtU^Z4ze^hItlTKw!#agb>ry0 z8k}_=t%kH~j3||+7?_vU5Fiml1(m)*F>VWaO#zj`f#XCnq*q8eXl@uv2*G4{Q9N_u zN>oZqm1hS$u6oSj?i#I@%&s;DV5le{QA2SSu11V-$MfM*O8@3ZA+v>1Awc(5{pyg#d<6`ybm==; z!vW|_ni@Z)5Gu3N%0U$&N@2`$q79!gVkq{E#Sl1f*`~A4KKs!Fpj<{yjZt`%8riK0y;_su zXc9!Z&J8W$pEFQ1k?9jeP2QP@2hjC$ssk(3B`!u33*;-JVSuvOL)f#}58czZQHY^( zro4a}j3mJ;ly22Bs?={06JWlwwP;LgXa#oj3f(0)fa3lXUzG)_)gIVmE($=?;qQO7@L^&|L%&9@F$d~Eks7w@^_x_$R-%3)tEoQwSqnK}6Q znWLYy;G}0Q-2bqdNBy!N*=yBl`?h{c(jm+r^#4{BWiL>v5R{^DN@f%;~?}zGPTZB-5#qJn4Y~`)E7v&CekoBBOyamy;#cnO((i71_oMM#1Az z!~ZEzp>mUbz_+zYmbKfwK~+X zmXo^51c9gtH>N5}ldah&NfiT=k`tL|_bOmc@-%UlPpHHYKn2@iZR*;5~X%Qgi7Me+=G6mg2zf*eU3s+ezztYc#rO%y~(NMl67$IhorAAPUty5-S)WB()Cr)Rht! zR?%9Q-cv17I3Ts6qBkm&tf%#>ZbHM$;bymvWCRRdTS`}Sq?#e+7L|R}F7yb9#wuny z)u3>ph7n_?JFH-aii;FN9c49Nr^D%fyn;Y_)TYB8VkgxX>buUC9oa|iG(eV92E{r$ig%D_cq~+t1wf%^TtI z8yGX8hao5%_8XA<@pnRET<8kaYsbn)vz90yMH4265U7fYoSc>p>Jda&HDW``uC0$l zWR+p-Y+H5_9Tw~Ix)O?LEqbCuRJwO8)3d^20XO0V8mUu}iN=0vdK7>MrX~l>Xx}t} zb+`77Zjt?4eBwE{a|GRv=j~F6&`cF2R%Hy0pjEyi14k{r* zjql$7z*j%yJFmWI&tL!2W&mIN+}=;TYkU9sfk(}}OEIn6Pwq{?KU02GHT&5YND-zQBeWOJpl(i&BNHd z3mqX*Z&NuN4h-Z)H+_!(+Yh~MlKYldYYkN*fE_1M1uM3u?_84ryCD;vc3Lwq z4V2fap3kI|qgF_DmvJ(HL`mVIe$LTX6^tZuEkuXMMoBcd5u6dG0b4zUO+!W;bBD(3;kmfq;Xa8wkA zs)@!ykQL}ja%t5lGdiS=3`~k*G{;?O+jipej1wM^5B_I*Rn;&I&wbg?Je)V*vvIiZ z56}DgrLXy`)vew4Z}eKdZnApa;wQg&@viNe`yT0qK6sOQu}ytI3YotP|zS0_F+Ma zQYzXMPX#3Ci`Vi!X`0%HJ~uV_iBV@Q%K$PS=)g>uUO#Kq|rzGKd-mU-Co_;95k}FXE!O001BWNkl^V|?Po$Qik|m8ybZ;zDQm!>?avawNk;zcVtV9fYLk(*4Qv)v@ zH3Sp!v2y9;lv7UmE}X~5){9Zc%xn*0(xzS~p1o+@akJAu`N7{@{`3F+!3^T`Yw^-H zx9Z`&^}G2x{BftvE^SVEfCMt3H#*HKA3B|Zk^rkfRKI0}vJLHMsogMKTa45qB2|&* z^hRPz1vd(rE;JA4Jpf|!r3?wq@W3cd0zh&yX_VD7q7;?53KQ8*7dty8dm%#wu#wEH zA>m?b3awNk!p&gCCIg6MA`WP&FkTD*DGBN###7hERSOkF7&}#>X(^SIqwB2DY>Yz9 zNGT9@lQ)uQfn)}vb_emh2oR$fAqOH*nu^bqb;WYz%k!QYtgT+GqWmV!>a56?p^h6Q zs8apd*^N&@3NHAK78(rq)5GA|Z#Fd$SY%Gil zWJPy9WXE2>im>chh#rs;sm?;n=qy?8yLt=B0)WS_ya`zO;76;fuK3DTSA6B_tFOD^ zo8R29ci;Sy#fuJExAycWpZe6(Pg`@q{?l*%`udwUY}|y1Lk~IVkahQy0lsg3{!3rJ zYM7s&ot-`PloMxW?k85e>8{N;+^`v&lqMY?r4dPftm;R~ z3J}k|vR@<($@~gSxzTkGn26VPirr5u&kiT9^C|_F0404yR&QcmJ=if)H)UnWVKlg{ zg5X$#dj~O)4&Ix96%%*Lq9)MSC>pvYrnTc-sT4Vm83&BedT5!SULM0F>MA5$GEBO- zaKy`mPx3GyY&wxi3LSk?=t~9%kwx0aDd(yClIRv;)7GE>7ICuTYn`XMLI-Yw7WQ+| z9I`3KsT57pc;QN_2P`YlSPOX|I$jPl&p~5=qD`603THS_-Y9KdxlG05YA8%9Ji=`h zL$!dG2iP9qtdk$CN7k-gyWjEd_kH-I|Lf*kZoBW_zW*Qp$Fik!ul(Vc{`wn!K`T>u z?Hm5vH*UHG!0J^iKk+}`w`9qZd;QjL{MPUPkAL|%|NLvO|Ap7Q>c{W(hTXgOyx?X3 zW$U)>08TsQ@$WzXzw_tcxcQbhz4?zXyZp=3Z@%Wb8!r6RX8;_u_Q2o!tzUh{S!dku zjSwU*Sg_zhZuVZUi{7_0O`w0^*OtvLdbsxVQGD&ZCzq`Fj_~H1lMcA;Iyl}bY}Djh ztLrUh%m^7eQRlKC77bZF2-B3?sFaX~N+(`KkuEj>)iThaIZp*d2MvaKJTN4$JW&Qd z1rEpSEu_Z+br=Fz_BhGO`>Twgtf$mMal=mC+P=WzooG1ztPhQ7EPC{0!Pt-wpc)_ji^!5 zpFk>2vjP$Ps>mr#u-JLixii&9ixXk6XIliC>CEa)A3AU&qHZw&)v_G+RpN9PVpzdK z)w#g8MWE2Cv3Q2vB66sl=MG7gTtlTV(I0mSCbvXo)!;xOYoEgT-dv0Ul~IErITO?+ zNvvAZ4m#+;>f8SGFW&j*Z-4jw8brRfZQt>ZcmLh*{o$YSUn6kN(`A)5-@WDYU%c{O z@2{%QeD?GGUq5-#CHMWz%dfbS1`)uSXFQ32xasEGe&W@yzn4Lre%vL@aZaPnFh7Ac8^!V-)I157cY0m%yXOlB1d6?m3zsKH`G6uauD zm@;=Dbs>%xsL?HVgBYFADrHX0S;U#s(#qkMD$u?r@k?0)i~`|lILi@4I*r|$Yt-_? zG^yMrEQH&LhQt&x!Z&0z)w2}Pr?EJK+EY}57O=;;^&;=>eH1)=x)L+64xoc=E-PFG zv$@8wu?><^U4hWlYLi_HElcfl@vI5o@{;5RD)v3?%~%un#q@S;y%bg7Q+`#$)B^Pc(SC!PY}tf!v-p1=JE{`{*~U)xP2U$@_};qJTd z>Hm7|bvH78IsKl`f8mP$=d;dyGXL;~H~wFn?z{`Y?Ck7wo_W?wU-aCA*R73+9Xod3 za@*|}e)2P)yZlS@!~FzC_{z-55A^!_6??aA7(Z>%(g1MbySD%HA8-B0Tk)Q| z4tXH>_Sp~a{D-$}U9zGbd&a_b$9<<{`=}=_c=LH1|LF5;=T<&)v^eay9@~##9czYS zfdzT%re-Ko)lv*B)xxUJ*Xx5xX_Vmb!zi-B%(cW?0l@z!fC*>%p@)qtILVLTkw43j zAxLo8YUhhQK2?fKR51O~LR@D>)V5OmRmCkDJ_=sFSgDvNf2vGGLN)}`AOYWb`Tt$J z!GrI(wCyq6T0^Pj;9#q$o)QxcHN(3QgQaEuR>MaC7{?FLB;VAX50l#0_aO1RnzTj zpoc_!Ev7D-xctHMEExsd3f1lamj9 z2s3f^)1GqlQAeEf^fT@y>Ye_iC;ZS$U-(z=eD7P|_748!BmeSo+QhS;cKY(=%eHRa z2H?||e*PC<^V8G6c-fS_1F&P~&TFo_;lvY;o&MpapZ^m7aQI;dpL)vU0bG5}*RHzu zYy9CWUjCxr`OP;>o6#qpdeTc@^xVyxw|sNs#{1qvkFMOWaQQ&5YcAe9{jaxOyKm*% z$rH|9wC=c>6Q8kY@$%6^-LoOLY#b&N?0@*oqPaN!tOZA$GJDub3)UR@ZJ6K(dYy3A z!f*b<{JY+8_v_xh-y{BzWrw$|>*ePg$`y7R&?PmhT0piXqH`exBg!6rss2gh2*jc* zRwYcCh%=#v)I@oVun;NQ8%i*w2H&DGVT?7(a#IOw1)!Ds1Vk^7(Mgmk^>OV;ComPA z<{%Uy6xbX(P#ls8$m3|mjE!RaJfNWF(Ex-oZ6v0odY($ju7o}nudledz^hD>t2@bzOUz>_sj?R+n@cZAN||^??W3l-3j25 z&whbFoJ=OqeEL&A{L%jf;PNkBxqbVNrAz1fuUve|W&FcQCm#RRtFHs_@lSqw+9uw9 z$HuF!xsHE6?Ua*dXJ!CgeccWH4KI1YbMBV{uU@@!_3HZ%7G>rz3=0=7eDIr{e%)}{ z9{yqBl32NRa_hD8kAEf(IdS$+t~_WmtM9-4x_$5XrMs`YWY3AcJ_}idBtz7 z_`@%(olLs;{2jgaJ7hAqs(tGG9Y6G&%hw%0`_R8|f3E`$J8~=LfiYK%NJQcni zM|}c-Yx^A5DDQa(QcLVea3=z#;0SrA1hYhI5{zgd%0gx&vPEORQ1r??^Lm7O;{50D=M{OF!o( z$>!%(QBgzV>=fl`WwBXK8`u{|VrUd1r{=d%#ztaGusHy5xAnkZIAuU=Y9mwiVK z_h)Bkk3Hr{{(1A=Tl&w>KI!;svrTfVJ}Bu<1BtB3oVT@=rK&C=ig*EMguZrz_O|J4+2$9Dm})m2M|*5a8Xi{BByrt zk?z(|fzt3Hb$!4HDj0a~vK6dhRbZSWqUTr9j1CeK_xwp&K@6$yD?puUo3e{(a~SWT zALt~vMA`yXP3b$`B2fd>j09dwD`v`YxioIooLy~pNX7B%LJuF=YxU|?{KMXTV<_O6XP?>s{O=cE`n0D? z6TJPK8?L_gdH}~9b@;Q+IdgV)cHh2zU;Oe_yLRthyhv#@AG`1({$bV16=ytITIUl_ z9m{O~!+eEHJnpL@>3zsPSZ3x}^?diQ>D?cD`|kB$+IRcc_U+h`dv?^Y z4<|i)(Qp0h0Z)0^k}v+xT{&g=7A}bs&RPiIkACRR8$P#pc2TT4Xma4uljF}^^wgIx zUbXJqX47p3vkL>jXWqZ_7ydG*Is3Quij|vV`$|z7rS>|VhO}3~NHnJ|3oAg#k}!%O zj7c3lD=4da=&GJ7{B>r8k*buL!=z)@0*@co6-Gj-B;y7xk%*88QLsO<|0l!lc}Rez_Fw^o=!v`zJ=H zy=)@HIF+D&?~TF#7`Bfafl!wgM_E2$t)Z;Mq5(BT(`Y}cem!*u;xIIwQ7ucwp2~Ry zC2d4Rs~Qk9jBr)U){xa$wj}{W?tlh+Kui!>+0ei)Pe36KoZSRG+@`8~_U_%Z>CVk} zZ{4$d&t%f(=H?DKVD;)%D_iTfruv&#EMNANC!KoP>e}o3&#%8>Jzf5jPCa>c zcJ_qhj=A!xYc_7W^O|d~f8wd?KykI-|BR=f(GA&QhaPE{95wfXMX|N8Gd z{&B}W@7#0FdHPe2KlZ2xv3HLk;tZe)*Ic~kvVYq7sS9>&yDMA6+GA%9J9)wWhs`Wo z)fOzl(NA6o;MqSjw_p)I_V(>pU%Ur})1JTR6~DFO_@^xdaOMv#+5ga)o%alP-7;MF znY|bP?auSx7{@$m;j>;fclM7hdH88PIbiRu;vYWw?j0}uNMp6fwaz z9Vi!)X^@PNh8VDTx+Onlr zS=K4G)9HbyV3b!AK-?xH5SF(ag-E8(>&hLR&xV-l>{E;f7!19Q892h z9IwSwrc}rtG9(Neqh>WF6n0>uwrFyb9>5S5SP|0-3{PqNS#?(fD#CZ?~@_tmSfd+XcY z@wnrUdEU9_y!3_Vty{PDzL&wR^zbtibG|P6yPY5UgRQq-vv2u+?U_Hl^u%W@Jn5W8 zOIFH??c1GS`S_k|FW$ZG*vaaHXU_idxwS{l{MR!#0C?>?R_}kv41gV5vdzS^etPbx zC(gD>pm5uD`>wud_h&!2>o0%quD|;~x4igQmYw@^OP4;3LYF-|a_2U!`DZ`0>k-?; zVbQj5QF1?Dlyh3wyST-stQs7lMvu~=hpm+WV~h~edzwTl?_y%YG43oo7Zs66Hq?T$ zw+qpu1!T|B!4NXt8zv;B*&ZqcKzheiK@xOHhS6G*?vlHzM~;{}Or9m~mmGu#n}uSh z&74z>UP81L5t(4EpF;BiFuO(JofcWyOxNM#KcmITjA)btv~a$5CW1Bxe9H#gaSH?7 zQg5GNaYvX`2Aqg5-YNYqI&f0XXNba&wuzx+kz>zRo=3i3=Aj*t2(UW?g#O z7oT_TIdFhwW@hH7BMt*_@`=au&0TZ6--a6wD?tTUHOFPE$+XxcXxj7A9sKDA9r5%&%1KIRvtJx<++Pj9}EDWe!slJrGLNc zCI81V0AKy&p1*k2UGw{D>8f`6%NC#g%DI!Dz3|`@mYw&SWp{jS-v{5a_3!@MmRqjg z_qxA%=uq;8_4B*7ik#nm-M-yBa?#u)q0ft!FWyxn?kUlta_qwx_(gOwrr>@pFrK;ukz(Q?|!Zb=2mIrU2^1I!|zv;o)0 zD4o#j(&4%H1eBr8td;pbFJmVC?~G9{eEf+`03={M_qrzU6lQ z>w#+y_~Dnm@R*|xU$9_y-~4drotwXU&DSpa^k=7|EB$r!k%zBaci{SO+ydasS6=hH zbI;kmd(RDDzX`x`#~itC?HT}GXT0!JpCN|5{0ilGpZbIomoL9}qpkf`uX^hr{PvCO zZ~E-#zW9-U{rFeDdhPuDC}RHIKm79z>%Z~dcmCPEeygg6VR*U5A`F z`!jFd|4A=eykKz$hV}Um@A~jtx83-Ky(`wV=e=g>=`US;*vYf(i*xHW`!0I#j@Gbf zS^L26-gDwJ79RcN1y6bD;y?bv+JAfd_K&@N+od1ab@6+5p7z2;KmL{#hdqA5LC4Mh z(tGxM_N$jJxj&G&XJ@_lH@2Mlip3{BL+a}FpBpvb?VEGg)><@o-`{)a*Qx{7?v!3= z0@9gq?+hUR+cch1ZaRw5jt)4q8MA3aE66FJQz1OmFltAFCDCgl0H07xOFhU^hK(Z0 z#XLGjjH5zzb^(-=uX(KsZbVObRcd*`*+I@nM=61_nT2-MG+S%E4w3MYQe5?5fzK$| zNP=2h7xTy@i;7~f6GcLuA1GQl19?VaP8_^ zqhl@=VPOs?i@lytps!1f+7LY#K(QSszZiKb$Y!rmRg;PVm=H=<*HufHnwbH9eiOsD zCQ*esvD##z?5C#f4FmGRBJf?+8G_9(PHc@B=c6v%6AQ&GC z4;gfR-#>h~8^qI}_=F4o`cLm`S>F8nfBLuY|ImGZcQTng^XxNe6F>Fo&%W_jUi;;* zUPBYcG)4d`mM?q4$tQmK%B#0;-*L-rcN})ex=SznBLC_oFF5ysuIlI`4?p_I!++wH zFWe&mb~Rf z8~^JW8yUs5@|W%hgwgR(sxSfE5;8#kQR+pDpwKA?~!EJ zV~sF?38jvs$3UB#d!row?WQ?990LCy;p#r-saG#w5n)WX4$G+uVcQL*RI+^;7f^0Q z6*scmY}guzLhJ2qn@nqVNE+^W)8)w!7e-a9j*&}X)P=&PH~2x_8MAcc?rwUoNr~2*)4$hP#OKe zz(^LVA`{>Y`-DM!G;rFV^OL}t6j7RF$U1=rr=I|*LF2Yj!HHcQ5{+dKWfMPriEK?o zyy=avyI-iad-v`K`t|dkt?4f7Z@OjYuH792o@B}l;DqCj<{!TJr7Q2c>+V}_y`5io z&eNaz;MWFV`SPVNd-3z$^;iG*ue|Q(`?dYMOKbQlzaA1N9&q@~S+88u4dT{K`OaUy z`}beG>FZzI*G1Hg>*wEe_J;rcs5^f7ggah;;vMh&<-2DV;FmAh|A*hS;_y>u|KF?D z{p265XfycO+qYf$iQT)mCxG*RZOci|TKGqwU;C0@S$^T)?D)jrJYdb=hV}Cwc*{Ki zQ25KA-@NV4{Kl8}U31a5XuiWEE%RGEw?d*(jOMJ^?i8UCx@g><4nc?i9?H>Sm?TGJ z7JhScX_>>X;UHguWq@oApIvCOsUqHE%1oJ6Mg&yeWmKa8gcLXiSBeLmOYVG^<$2hadST(lC5831} zspO*T61F1+goaeHrInIDL+SD@_#F%)G{unsq2Y>t>|2Gio`lo9l+iqs+SM;T;w@iL z41;(=VybpqWkem%ONkLg*8|O_38K;xys*`0n1#Y%w2v}O)+|Wq2S>5H;8KB%Mk#@7 z&7t+#oe{dSz&KBEVtob*HB>8)=o_FFtl|*rC?|G4_$xEl->gi)RV!BfAJ-kedWrl`SYhd`LzC?r=G4qUv~MIFTV6Lzv0wXD_1|OjY>NAZFhC+8+G1@f-8M_xueXecQJC{k{3Uxoc}4deZDG ze|O~{eD=Vze@sm-7B7#N{_65KesKRYe|T(rv0?rEU%dLR`91lgzq{fOK6l{Lf9&2J zG5FfGwf>)1+%E3>?mni*h5{a&|Qo zQU3qAd-H%#&#FrB+~@aIeYK}5`vPPk3j{DBi(zjTWf18x(5<7;!=T+b>e#K)E!eiU zAR~77C}X!hGlDZCf=+`A62%CFKt{5Wg=~;O_N7v(HI@2mukU;B?LW>r&-<%NWvhfG z{p(gMRlntZpZ9srJ@?#=A1|e_XG0;fT41K8!W$8x6eVZXbPpFj;2`7)0dW&aqoEO} z472lTak2D604RXkG?BBjw4IxQ%_>DR;=2EV2XFbtH~Hs5X4Fu-(ICar~2ix8`;4dQ4Ss*02a;6Os9PFb?x;xeetr(r!#@3Usrzhx?cQu?o@U+-=CR}^}&O_ z9$7z}cERHR^v&bn@u9;Wok%#pr~Z$h+VaK!d&faP%h%GwCT;)h?6tSf|HkV!{^~0> zeD43+aqms@Th|TSHV$`QyYFxR!t$$5y0(N?>*ol9ewi5l9f-VU{Iiu z38YT2Vs=Uy3)PO0iisqWV7S;0D9t#gNk=%1yNY!?3S~EsJq0-WT|OXMk5F(#e0ZPB zeFWsRN7uKa=wNp!3m%b@+9r9AQPe1MHs$dtOUTMS=#z$pC(Ee3Blf2ff1+RSFtqZD z8nST#n4PHpX_WG-(R8>21fl^A(U1(!%Rul0%-MEcX8$QnySuy)2ril7C{8Fh8|9># zw6TE`Wr)abd{&Y^p+^mOT@|mk*Ugd`^4*}X8c}{sUUTTVisO-zDZt^Jf0(IuxzOv# zz&%Sg1D1}#yuwf@C97j~PXRD_o&dx2*vN3i4=#(QIALoaA+qWB$3n4BZAxK@h|2BT z=N?~De9bE_=rH$hf9u0LcJ4a=oU>+^%x>JY`Qp!i`EM@1WN!P8HEULHb=>(cFZ#P5 zc-?*zqJQx9ub!PM19k_tKZV?zOKx>hLwomMsP1k!^FAeChB1?5{pcCb(kx@_+KGv+}7v4c=72kJ9y6Hb6&XU!uPJa z?ecw_?wj9yzrb!-04G>2nvJC^1Hi7iTG;m#!20{%@OT|_AOE#$$2Nq5bs>dj%o{{2 z?E#dsPbS>TVU3!HM2d|-OKn&8k08+wBl{!~U6Qneg(b(=@e!KNVl zFa!{v8i&XLCHZtlM7=wrsA3zgLNpS}5*!1iC~+AsRjb_OUsjlQDl8%~(Nc-xvAi1J ztYivDSV+wxnlgK$LI9uR#4>V!RIy2yb6iA&jo^dtLtAdcfkdZA~pfZ^q>iQaV{4MpntWtox1h=T7KCBYMiijt~#CN{^AARyK z{`&5F?+37Z_nr^@_U|3=h8LfC#s`1xU%mV1-@EzYtpG0j%2n$g+IakNqia07c=0)B zy|_n{0i1TqNss=LKl}7&`+vUdymRoV*WyKs0o-}_y?5Sy?e|+xDBxGQYPFIOW{Mr(ZC8{27y#YbL``Th|SDe0AR~U)nRb`QQw`HN5tnhm?i` z0NA~Au5x)qCu6K^L(lhZKo;2dM^3<_JV3DN!0d z6#JoJjbf9BWS72Bl?9{i%oA#CqN*}MlmVFDJ{d6^Nt3{lwUnhc$ivOdzBmx)vv!~W z2u0kgVBI2rq`DwNHarTbjz2&P2Zyez(z>i@Wh8QN&boXo|3{=EToE>%prcx7VuC1X z8BiaQNRO!RFfZqtdNj+ct0f;l>+BJQT#(<*p5HB5ds&eTm@sscNVF=OX8YOz)PIwG zB3fjO;bu3dt-(%E0qfUqc>IIZTKm{XKRjJ)++Q;@Ge7mt|KVdF`S6R*JpEt(i=U2& zC9|`?@vq-A4TyYAch))i#OI!V+9?OT;klGKA_c#p@ zPdWL--}?{mf7d&Hbowtz5BcZmOvWewddcgTyyC|Wjzqh*n)TrPkcmRB?q4ZsJ@`-K7JGNcKinjHApj;p{_|?-7)g@0Zb? zx`w1e)!CIrGm;QtO=F64vhx7l>U6n^6uD3ib2P`jRlQuw1{8^Dop)t`MgEe)Om9>J zXgH6mLh|yH9rvIh6Hji9S{Hd-mrNP4r1V8KRhp%MhEPS-U!i8QC1d~@vGU`ac-;+| zmR3jCxT^=OBt)l2#aeNuC`GynSnEmG(mk@z1C{x~l&%{<2T2s*o(aVqaOoqYpUfBU z`bl;D*eWT&hZxdFJ405*3km6j&#k=es(_flfg#jHg^6l($eq;KiLEek5_cOLY&cF6 za5tZ59NiFz#6$xVVuAu<62;5lGE8hKnjDMx$&+q-)9YUOgvV)qe&NcmUU%tbm)~*M zeG3coM;~?M`RAVX`hW1s9_j^f`IXn6cIwH;9DU@YKb~3F-Ei}s-FpC>ar!C89DR^c z2RD8Fwuc|y3gEb7kLlStkAB^A-vc+@^o^^pz2RGT-u=k7ZBOeMZfWdqmFpaV^#!x z>iygP{5Q8%VRmV}P8O=U7(SA5BL~~tp!+)t4?|h^RkvUP)PMtrHe_y38gXvpY%cm z-$#~YRO``VAuJs^&Yt7Rboh}WlV+mM z)UaY>gl=Lgs^k_xCc%_?g%2ieE_~qwYw#L?-i72|KFem>%1dsrW?aQGLz7Gmkr6*5 z00UvKmIkGjkSXJ=>EtXXqt-*fXNdp`K4jgJ+(KK*60zw*~d9(L5h zIqa~2uU)+B;Ro}TKe24Zlk1h81KxN3`nzu!D_BmuVDWEXdF<0^$aw3QZm2s>Hk=s{ zQEp8r*~{YT=Pj9COd)gI^y>3); zsE*EVGm|RqMW``9qZqxFb|LzhW5sT${OtW!0{zNHAuS^g?G_R&HLzKYcMPk1d4o5d?mKSY>#w!Ek$ z&d<+R)wGBHlwQX?e`fjWcEjfmo}IpB?Qr{5`_8{`*{sU}r(dn%gfkYMdj8_YPr4UQ zG^{+LUHRwA=2^Tn{>|SWeb~`Yt84ex+iKW0qk|D_w}KvM3I1vTEYWKr>mSyGe4_N{ z<_*_F&xvoq z^*WM*bLI6!19SobkUT;`A4#RU8io#d$>v=O_b8AX21_e}fWj5d@o~r+9@{`)kbY=m ziJHxTU|CU-EYf9_f#>7LJgfywAGns7A_2J`&n{K7&YOE^*&sI4Fcpvfh6 z<1sB73Kc^tlaP;+ooT@|8B=TquM>TtLSi5P5!5Hcx((p;(?Sf0tjbCXwB6A!U??El zptXvD5wxCR&L~P$G7AS|TUk``Yb#Tku;3N4pa%Esd4dt9&-PcZ=ZlElyB}|`)Dymb z_!n0G(Esw7uJ>)1@BO{EZ+SZ3f57XUH!r2#Z4>;|@2z?6nTM_<@-=Log$#e{4~S|_ z!H{6a5+L9!^;1$jQ0E==ccP(JkY$A=L%D_}fDK5cYo6Ug2bTY?!V*i9Wq2VtsBwN| z*D`s<=6a~8XuV&G+A+dY381KKb>}S*P{MeE-Bt}OmbHLn0E7X`&^79%JV*t1lWB3v z4n#Bpd$}?L3_I&TM6gKm7{*~(1e3*Yd#}?zoo5mZz>EGhgHY!?1}^)cbh3$B#ndKs z1MDoxON-VVsGp*9S{|)_2XRRdbnJVkz_fSZIvyDb>UnwqA-$0I+guPM10{Zq1|-w5 z(ClFJP;+bDkos4vYYgFe3c8Dm*1~E3Kmge+kpR{~(3hAi)4JH{bO`L;n?H2w!c*$V z|2_Ju#Ll&tyBoV6!mt;MRyadU$%*u!SFKw0O`-3O%1-xkz4#hf8cmEU2o>q#I8!MrNJrI>XHD9{m` zUUe1)mUC6?T3V0{U}p49QQgOv*DBv%O@0KEWV#_L8LX-6G2p1Q%BH7Kh0vTlfLT?5 zq9}9{6nqNDl0awHvGVX`@PdRny@{lhUbY|tJSd97M^%(t_eO_)L}O~9>mmDOl|C<# zDGXWFHA#_tHf!L-hko&Ja(4jih+F_#B3twTxd1Z&<`h(5LiK|YMSg2xi1^lB_nvq5 z_dU%c_g#BE@=bj6|G|cT`dv{gRLDIAC(=ZI|y^f7h~OpZ~Px z|2=f?y;aYJMI=>9C`3r2l#-H^$qje@;@is|St>@G3jm39yViUhBfaw4O8Ihm{ZjMja=Gb6K^Oa;j?RHPiAXpx1OEPm^I4N}kr2!eUnJro@t z)egY4-Fkv(UdOa>)Wq&6Lf8~~gjNFh$DkSLN-jVMkHl1Khp+_E`rCpg$q7R-mH$W{ zYS*7;D4G|(ze5%RVDDnrvrDpw@#*`nWwd;=+RWY|trPQZc4RN3r~-I#?UYy{7HL!TA*?S0MNg)hGoSN;MvT#20zAooY8VK3(H!u)oe zbRnPtRrB-nnR&>PVt+m7%tfz%*YfRKhI?-udqecsH?P=x`UQ)RJMF2tx(|F~{)2DY zc*Q4o?R?}w3cCKzg)e+$#|0NIdpdgJ1J|x=bE|z=w0|WBTICu~b|+BQ*<0VlQl$Yg zKE2V=NJJ0m`uH`uD^P#c?gRFNDBYa6<8X({$M`QSaxh%@h;=?1CTip1DpJv~tX_(c z%VXCenDtwAs#||3DUvONVTIZA7kV)*hU z)Ilz6BlO;44-DGdNR@hPgQW!;?iwZ!F$k5mV8J;9w5|?>R7GSZypT^nm!;*t!*nF2?U;9n$ z*@9EwffdigqE(nI27ra#SpOBQ{eo;=&cmm)wKkbdcI?=3^wCeyGV;m1maT3-`-ex| zam~K_ZazqI;*DR}bIzNWKKXCE{^H%g`(vB;?tB!!`n9mP{`0%G{D1k6PdkvDj07Iy>z8CcEL$UjXf#GzVNy0g77#z#{sWd@@(oIC__G5h`mn=l(mssiaS_2@iK9p}i7 z!y1*|Z*Z!t&52450XTC7{yx5PY+vJP(=+B<$kO_i9Q)|-+$z<(BAl?~tbsstKbnB2 zKzl)}*L9%xxAC*m(<(p-L*44pL-kcSG(`~1tfsg-odf!w?y1mOcreOAJvGo6I@_;e zsle$t@LdYyK;BRBIU}Pcps*ZGff)5~WV^#jFWwt#R5Y0&;5p84<8^hBfGDLPy9%04 z(SVHDurt>^wC?!h_MghK=7qTMYFzx^;pX4LZGV8X-iH_b6qY^N$t~ZB*K7ayG5_iM z_v88x0Kkgp@h|8&PbL$x#YKyrZoGo8om&r{o3rAGr{FnX_t(4sw|~5Oy7|pPUw2)< z@4j2+PkhOtT=}LA4=(Ij77eM^QehiU&k<3ToB;$Pl^CO_33oFfHAhG)6k?@dda9>9 zL|J3=ELgr8MYyU0d$&r>Y8Hp!-wS085t2cqawjsSZ_9NR!E@UMPv+}%LC(Hi%`r!_ zmotjaiLBDs4+dWOmo;WsqD7=YTN&Qv+Qtwe0q{t(BZJ`sUi@nG7lg)YY{B@frC?BC$Ns8&_w?Ul!nWq z`t+@|qQJ=vvZ@uy#~s5IEQi-EqXmoGp&B3ldwB@YKnF%yoZ$*gb%Yn}M&CCK{rT=~ zPW7+u5ntVWqbfqZ7d9HIGIegZr%D!{pRXp4&uzNI%@K&$EbUG^y}8Y-}}2i{=|UT z8jgJ4RlYDKw`Qbt##U$jmwkl*K1v(y~Kme^7G^0hb65t2#)g|ryij=Wfjyp zD3m~7%E3aR(sd*m48f>`va|UJxXefu@QEl34FwF&+M!DW%d1Icl9*Khr`bjkj^*4V z(ia2Sl&V%kj~AqnS`Elox?v&l-LvUwby=n;*rWorzDKfzMy4zkK9d01y)#|60gEgMc_QGqYvO zGnO&)(t|n3uX+2jNL7Kl9axm>w{* z;d#xKB{Y~RC^UY__ozzGd7_O?WJN1wriqdOJVnTcL}jQMryM@WmczJ^4s%yzCHHZ7 zJPU=UE(m6m){$T-Z3s(AB+xR#%}sbnvoD|ZML{5g0g9IMZ&?1D8bB>Z5xqy5SX5Ow zIooX@O;Dgy12E3gl(3{#tU`y@7#mU%U&P5d=TPLxt01XfYR-yC-iaB5UV zOl9lWsKM&S%g|3N+Co){{D+joVFkE2mjUA*qPVfc+>f3pLOsf^@4Zfgdf1)zZ(x;3IH3g#>T7h)nCE!ug9rBfn#6! zT~Hf$Z^VON!kvGD4Oe3CRsdMM3a9^10FVoK@QVO&+-tE&g~MG>oSB)4h#fn2tXOg2 zq?bc@{m8#sdC5n%KeAyz`gZ&oi}vlV#Rp5?o_;;>_4(iWhnu#nJ$SufG@SnZvv2z6 zE6#t*(nB8T%-0>a+_bRcc_mX#Y-lQ9RZ=0GufP-7GJ1S9L~FW61{6{RExOZ5;24WZ z90`DBJb7)+vgByl%jL~*Fo6)jFIE|z&kWL@Ec}H=3^?kbnIm1AQv{ZNKZB3m-&RKl z1{(M!^fEQQAhkMTVNj}I1U#qOAx4P6)Qi!Ns)r+j=u1E zoa)pS0RCs|ebiuKH=N~eI?LF-WJ1T<9bQR;j#P)}sW+sGssqBPf2c4~_&oJ!qclAl z-XMm{nt+qMoxTtN3zt($z2@%1J%5RZzJhgM#==ww|6^Z;*Zd(?zW@L>T!o8X0RXT26P)%A zU3%3p46N|mv17-VzHrgIfA&4k$Q9jw^}gTv(al@d?ickw?$nt#|KiHC-mvt97aW8z z&hM#iQm;d9ZFa!E=USIp<*Jrmrhw+mTx=C%*C=ZzB z0o;qqL;)PY3^<^`CIivqupygHmrsdd3V?_jfbR>^6H>1p>bA1kg+gFd=F;@bM+goP z3M@qxTVuT*y3ZIM<~zJ1(IPH2XL+so#HP>^iY~$t?dsy2HBkVqS55;8nK4n@y|$VGoTHi*QjM6l zQ~e4tipGRU-mXjOG#yqRvF@gd#M$=&YNUh6 z5C)S)^-#DD(Wh<8r7na+O~`joOA!# zXFXBv^PVlZ=3nFXKRPh?g|DSYe&&7pTjeiLY!?17PzFoU^-E;SycinK>Y3F?N zobz7sbT1D8u=)Oli+*SOji1}S{_cf$d}#HKt$F=tci;c@`3M|-!sG?7oIUxai;q5O zCK|RpxUlvc3)ftw zAqZ@`nKtrO^x?OolP_OS+dBlIAwUtE*$+N^P|4%qacw?r)lY3fpwN>h%tX?S91>^@ zSDPPtS=hs;s4Au)W>zHRAbihzeV`5_JQg#1fMUtmG z%pOC^ewdD>hbP90KiL!+<&m-x!Dv@0NeT`om`$Vm+RjZj@RpLKFviMje0Lc~O{%h# z`%L#A=52;M`Kk&)dme!4oxn_3-n!c^>?;73Lb~x8v*%EbiS&_B>LM+3i&oWY^e(78 zaMc>iMoamK&2}dgAZbmpF5YOef-+E(sH!%hXThfy$y9B!+6cNoF|plm5v}sv!?yg! zTOXe)`nBy2T>o!z*Po*f?)vG;t$IFIos4D2V$~T~buyMe2TPB^;#HU|L0hE4i5id# z81`Uc7j|#J&Id4e7v}E5o=w+_LS{KmW`B>`C41lYbcvDslJM_T7Bxo^M{c@6NC8 zePqL9u2KY!JaOjC*UX;v153{Tk!8zPJp;sW`t`NHyk&Ot34M%4V|X|Nh-ihe%U^|D zYWvYcWv{5`)hATG3tCHEL+7*a|uwBZJku z%6%(3&zy1z?WI-q&XAU@x&^rY0${Ug+dX%FE=A)GS! z3A6~JNRrn;top>p5+sFra=$z6Cjw5ho{>gk54RVex0V^+M2_xEhu*_MiWq%!(@p(i zNQ%Jtk1^8vl09XaN^jN6_BldBcw8Nkz5oCq07*naRGvz+qM>Ec=v+*^WkT+Nx^Oi6 z`_ZMAK&Vg=fO>qDc^u?-GhA#x8lrv>U4=Ch<)JrSOL^W|A2|2y zC*3Az+nxBv@8eq^!~EP+KCDmYb=c`RqEe|a0*;$!bc37-AcILTf&K!68 zqSyCcvTpe> z7m2IW*ZZhswc`O-hyB9C^(dWS3q6|(oLhJ6I$u(kF|K}Zdsr!B%dpH5wl~(|o6lTPq;A1jM#Jq6L8U zl#%dLykqpdhc;vld(ew*wkM5@lB*B|vM6;(BzD^!u;`%*_cF`VoBjPQsNJ@lfGarS zCL4}4M3fsuhANZLXJbc9O3waii`Ren?Js(2CvVq!-1ixL>yNSddge%fyI!+vaQqu^ z=Fj4omt*EJGNP~i1;hm3{~=5c;(iXp@W&th(vq2TXciapYw!G-AN)36@OS%l!=K)^ zc*ikp589I$3`i1h?4rU1qx)SwglQS7>}4?7xjDHblq{A}tVAtApx~F%mMQ~NZQes+ zN>N3zfOI557zum!m27}h3aWZ)l&OgW7pz`p?w<31MSShi$_v$3_ip|M1sE*$PfSN2 zI~SfM9labfi>^d<`0F|wIt}t_-W9%CVu%|3N?J+7+%^5vTnI2Kpem4L+`(1;8 zo|M(hE=~0RY`*BO)53Jz(J6AM5Ifbw51P0X=l5o^I4kfPqc(a|=lEQczA}j3aUDSp z40S{&N#y4yX6+#$lQ)g-r$d3hP+!GSi-eu-U}giKIobr0GaHQ)kx?BtsRM{Xw?Y&e z;+Ialetu)|H~HNdKR4#DkM>bifqvoux#a24$18ljWEV9 zquFCtm6Kr;p8P)o{J%Vh#; z2FpCyqt5JX<28nx_Ha zH8=ep#-B&5`1qy~T10|-T;3L8bcfSDSe0v;_DqTMd?b~Af_#c$CwXMuof`HmEPk)= zJED|$ZI&;{keCNpF@U{X8y|fOJ0iNl5uEc~RTHMgJJh1sTA?*14H2C~3eJdhZh`J7 zmGT%eTCk`*T-zAM%_}E5kPRVFuBwo>NGB*Nn&T}2G_V|%>0cEUt7hX5-ZHal)#D9m zd4ku%E^N38_g{>yU&q6@VAn%W?c>p~<|R1%#W?zWJm-yAb?S7err4zgwPr6r)A50Y8(FTQoC04S{1!VY*h0j-|J> zov@BEC7x3%*^;l-=?`h2wibA`e-_~cTRvBLXy>tTEao!;Zbe1FnrEpQl3oC0q zb_;ak6?U6--g%$8VTTqVAa$!AGZqS$^yw%>rIYt~1y%CE$)YuI6rtu1)zJ#dAw&z7 zkHo5vZ!U`g=12Xv_3dPsB`Q4oZqA&ppn1r*A zz&K$AyMTrKUvO_CCn4x0jgQ6|TQR9@tV5;AhCHe$Ntx#@UHgF_dyHJgr~0bIj{7lp z7xr$(j{C7|J$7%vzU>%xqY^QLMa!^w4VE2;iV&*yEoPyJ z`8bGZ89fR~n$-oNQJ!o*qp6*)3)Ci#F$k>wgum$zDW@b58ftq%~f^5dJh zLZM~{G$WiMjdX}tnx#MID_3O2Xa`uPEZzWEK$*ctt9zb^UQrT5?e(ngA- z6n9VsYp7$Mcf%Xr^aJ1RYkbCDSAXG)EABdv;Q*Zs*!qVBJm(A2IqF$4ql%yGjEIWR zv?wwPh~((}OAajS{AO#>R5d5BIi|Qzr!+>co`={-JYm2yXJd@0>+6A3M$eScCbnYQ z5?ynHARNu9H}GLiCH6JZTl#C{tvXAbIHkU3{IV)f4~=j<2!J)m=&9^h>;!E*j@cK1 z$DCUcX3GGg@m|LUsVugE;B+cwy}X7d$Yg#{Q#MV789yL5R3Gv8(^x3M-FMj||0p=i zg}SWjb($V_F%_pdP*iY%opx1d2l9cIuUba3qb=>U zI#j#O-50*3kWJB!Y*B9AI7BgaRF-gw$3qoD`TPZ-+JAZY><1rQ`!o*b_t5L1b!#7d z=v+i)q0kaBuym}74`9psbJwr?Z{%h-u76V2UUSZg@8w| z@KNy=*gKR7=dRu_9*$5>IiSu{I)b{Npu{PUSL!7%8dBDxQWdw>@C#5OiV&-W(r|oL zij_dGaHnTh`BXO~4rqx-2uC@74pM;d120v+_*D})L_==4U6 zz&hF}hqKGBIu!|irRC#hZtQqB(-m|F)+SV|Gfg)kufDt{e1geGDF6q-h#pB*C8shP zFj+jxD`6r)vI@Udu?n6W5s^(|bw(SMdQ^od&J{4b=2+)!#XZ7>;T1A)=uFEl9<+=~ z)SdJ`i9=DxE@Hs6NVLk~T8>6e!+ER>ZA+833Wv+j0&zOKG(#g6UI`kUSO(Auq+ ztgMBs>_L*oy`7ylYKA5U3u{s-g)apTnucL`d#gB@A>B$!dHg{a^mY|W-JI;OYcI<` zDwf2MM{rz0j@+W@An~k+CW1ihry^BCra~@FC6a3fpu%Q80>Q~fya?-$AO+x6)3NPh zfg2mhJyjlFC$}7y6h=FSsra*mYyp|v>~M5d>yY8A3jJ+}|1~?@q?cZGg1aqOjbX2m zy1^6k6cS?KBq~p*4KYzcmhK!hvd(w)ho8D*-+5EE_7PoJoyW;BE9lJ1aBsZ6(GiX6aE5xpyb@?Up&uUoQ zxqWWi!eH`9Ei1Wbb{CP+;Ur2U1~{9An3Z-%i@8S*jgX@OfCN;QY>Y`u zb~)*Pj!YGT%jiCDXi|+NOi73KzlDHO2(l3JcpZsqJy^}vM3kaiqInYC>4^)GV!Rs8 zymAbpdW=TahR%bcW8K2)e`%UPRj?PQII+Uva#J+8N*)0e=_@ZxG36>NZKG)(2iT#G zO2mLl&%k1THx{&tFcY*RhRO;ImP|_gRVZJr3N;`Qar?vg@RtwPM(kPg`urC+ZrnVv z5f%TaszOUL5w=+c3ia@o_LWOEKjC+N&%W-tWYeB46R35vHI&92Y^vx~@!4%gnQRT zKBQ*cZt7dns=M9%v-~x)93@g%&~r^)4^<1}(@>~c!GtRvh-exqB4*dh4PhJvC4gkA zkQ)@ls7OFX8Ypu=rf^bvH5#=}SF2Gcl~kbto&sy5t=?+>**XyRe;4V}UxX9;h^J)y zRd73N24YA;qKk(Q0eVdN)xApax7u~mE^AWni2oquXItdIQIHJSi*3D}^f6=q@W^etg`(oqa z{By|%;p5My?#mUCYA?;8q`Z>~AhiYz>V;Y}^EgE*yEiM9&;!X$;)Pv*<6*8Wi-%0k zHa_ytEu1Y`ay%9DljGOut_RN>E0)LU&h$Q6Z>Jyzb*Qch+2toKbeL0r*QLH5uc61; zz@0$6Y>IRWmJtr*^t?gy@E%7A9e0)UGJ=JYde*?o9yQ-0FKW>cli9buSMq}ct<|fe z>B94_dZXy6*pbRa8(U&lOgt_0-Sx&v+5Q79UxkO$1N z5L#TWXzR|p_Q=R`X+4C6T{l2=52Ca*$`MxrW6y({;>^%4cPf%?0{Yu}vr6YvfzW4y z>t>EY7Oxm{Q{_+;s||eZO%oIX>vqrHe($<-kDqzAjQ88VeeR-**RJ2PT5&)aA=#N?v6q{*=JN&Ac>Usq3jf;d-xraA&MZXER-s{f8shEbigb?eOeT( zRrC{G+2|6gqzph5CbMsSAJ`0L)Xu^%!fIl5W@}?bd0*0y5Fzamtt@(=`;&eK63xOU zLI4$BR%sI24&F0RsKUPq4I1OabZ(moHWOk)!EEwMUke{@h?7dVaZ}w9g%ND|LH8u4 z{@KuBVWm!(BxS9y$*K)grHf`zd1T zf0;Z2!K888-I0{gHrX)+^(#0%P|vJX@DKtP&t(gjZyEJ;gn0g1H~sx~5utuiHUT== ztd4EP6if$oI>}NkPw?oW?9Y!_LMUv)*XZa1FO7bl?zsk}H1evL%)a%#CM`^zQF(L7 zMRx->dfh-o>vXD%i;@lig}8;03W^8!K`RiXJ1r0N2c|pmtb1X)QL1UN?11w^&41XVm+Ucr;z)(OA)Y_}cbt{;O=K=`p}!MdG;4Uoxa zzc?->`voaiQ96iw2vuv1XJgBrxO)A}`Kup(S|u*u=GQ~()_(eniynRifH+{6mBV_k z51|fA3lpJcB2=+=Pus9|X7!OXl8U?!~%QPvI>nQ;!2<~NDbRsihQ7VFgp*%t{IyK1~2T{nNCNe=0E3P;+#??#xD z(GKn2(KPoZt9}hC7UeJXoA0A^g7%GcmpUpMIL3%qt*8uf6}$JvrS~t22d{e3X(vCy zdHrs@F24BEzrW?g-MfoD1vua^#^a&8DfC&~GWZGt6cIo+eVC86_sp)}aK$O7p7Pzk zvxB^@_`)T_wI>gI$1N2OrAZl}rREW{?VWN9!M*41@hyNxgoB>H|P+5q*@=i*>4l0Ze-R0e+$ksrr9j3fr7e77pdLDb5FgAOi9&AG)ZnT$GM%=#kjFHqIzmqBI%^ z6{+Y2)HIggUvAFqLrZqs>~=DiThR?3j8k0%P`DxVwf6j@;226&Rcpp-Z1uhy9L`IhoEIO*BFl@`H7K zQG}fG9JElJhO7PTOVIDODK`W_U!QdghyVS9 zi?(|bme7Z;cX}>PN{OZqMeZ(Vs4ih&iS2Dsah=lP4?;D-Mn&LUp4V&3Nb#Wl~ z9lq{?MVlVJ=ERdv`flDQ0N{ozubTVHk!{yu0Zf%6*v_-Kw}%OVa84^a3Y1A)Xseao zYB!We(?*G@y&x)C!nD+2~VDibA`RF^Y*l}h@d?clvdzYj)VYGiI2(j?Xgm2T+4 zDc&Q@H5$?3<{0EoL>)Zo!(nAiB4X?i)P+r&YR$TpQYnfJ!f}uNS=|?UTH=upYdg$a zr{RJc(Au1aJRj5N=nj5Pq;Awii;bqag=mPTsf=h)Y=&HbF|MZMfGWgH@ozQ1h--QJ z?8f)JX4MHNobb$?_^0@~@x~j!^7Tbq_Z~MP*%deB?dV1(kk&Bi4i^-UB3tHQx+qN4 zZYo$26>d4uL_jdRY~#ybxANHIzdJX3+s!v@y=n21UB`1b!UKI_ew4t3%*eey#n1RR ze83hAeX2>AsWP$j7d;K7hgP}|%GzGmK_hw*ify|3yNYLuu_xP~07@^`Byux$JujD3 zjBbv;LynddFnH@1c=c>Y>d}Do&M_s=^)V%y$PE6L*n&YKyAL^4DIH4H^u)mGjx0u& z5X=RQJ~&m=Ny6B~W6ej{R~4?oDfPt>?3Mqm^AFoRHCbTg1fNw58e@HE5h`Q-9BDa&l;=li=8c)clDS z-?4Le)469ep9sWOfn#tR?)03L9F^hwt{e6KOf6uKkxMZ97~v#7@E~xnE74nAIk_D`N+MaZL@k z6eO`NvVT6*ypQwT)P_)J*Y?a`E83_Iv#z{AcLB+h3!x~fTud&WMi-)$6HcTxIgcll zxe-;;T1vn>x>nI$@?ht0t8NIjG7NT_0Loq}ifz4P`qK@X8?8MNV{MimV>eu*T9$9S#4&C{tX~q>F>%`$E?xg4XAIx}((il5L1FrJ z{nu`~>WofGa^~M|KZd=mkjs=aPWn}vRttYj#NKe>=HE%d!O;G?% zVF4=DKVh`q(GSx&txi1w%cRY!p*RQmRz|c;>)J$$8YjE(%f+d<_wAq?60_W+POX_j z+={;{rdwGNm80(ITuHS#Xlw~qvUwbRR9#i4_t(*U;%f@eQJ!#v{45*iQR5g1# zlM?Nna535DDq|9fh^9_aI{vi(ZHi|#=X12GKx;gAGytgZ4sKjnEjpGjZ_5u~d&XIZ zA9LI@d9xcHdhq_6H%~U7xNkd+ka|CNF3hwPcOsFL-egBjw7k_FpP-(u)H_Erf$|^| zSa6cKgnlNh4@o5BKE4@UJq$mGjszWqy7~=kz};1~>s+RE(c4~`D60Lhwo9=f zbNtW!!a35>p~YzXW2l_j47BvBIgVSTqUaCR7ufr) zU^iL0Bmi1z(yVx5(XG|hHaEo+=%NMC>_3M6BA{ALE0xt6`;4|=9L-hs!ES8Q=AB9A z3kyJHp+K}~rC8R{E8-=y_n!Bh$r;Z->Cht7+vn!)xa;0;JTTn1`{b=V2g3SI@ zS||EL6FLdaH;P1SHZ}o(L{g_p!O2pOUa(VoP(lTOsF=7+iBGm^f=wzd13=ZJAu5)y zXl=#a$DBAh`IM6nEkeCx``iO}-?R1pn%#cV-tC2`mO&E~1!?$=<$0wru}YVU^=|2m)!~l z*$Dgq1gU0~fzY>%rl?GnML1228L$I7LoOMG@iGE^Z}CD#t7O-K#u8D^>p)Ki0MigV z2RG#mvua>s+dqM}Y@qs-R2xn*m~p=NB*L4I=8I(r1*m9Ws+p_HtEVe)_#dw=)Renn zD#tAlRg-d=f~H98o)poyhY?j1?HAowbMEd@%W=|*y~odNI%e6Pl}l%iKlYfFD_2be z<@UL`x$ScgJ+xu-w%yx@6`S|1TEFY?tvgbv)HBXZT7!lEA9waVfTH3pn{W;G-6}Q>ywhm(@cgGSO4~rx2|nGaCbgBqru>HrFM^Ft~o;QwZ_C3XM+AOJ~3K~#Y1{ph_{@3B?Z|LD!DC)TK|@(_9K9{|LP zPi!Kr_G%ypas-AVwB2#nk_fH4V=Ph!k>8Qm$&-!l=Ze-(S+44mL{)%;Rvq|t+KH?P z#(l#!XQ7y$>@JM#GL+sr)(Q1t`xp8)U!49rMrf5d+udFvzsHcGI?9;7jYfcWfbO#t z#{PVp2cMQ8gASmueF9ruV8(j^8iK0q`=%yO&@h9P-rPhvx!3!DW@CSPb zG$9(ozC7KT))AjT>;?7@bxtZP5=%r^{H~vutSc$lBQqxy!RyDg=t*)F(fV*uximcOYL#Lh zM}W>U~ID47hyoWzw5XVry>=$1@(%}?w9 z+xN9o+QsMo+sbV(_eV>MjREhMqMhc=QWit_me~fC*Pqe-*BGxRfIzl3a0F2WGOO58 zk>;>SA5%m}T@+Dl#V>a=JKPFa)WpK=qrjL;qKd8KiYg8>7vx)2#2_h$D-$Z$iYOqf zrS=d^hLWxQc$?LpjXlTILcP_$-Iia6i^6QM6lyt2DAyc=1qQTHJN@H<2xWioih zL=5K4RWD*Nfhs>zdM8O=x|orHhNz4}LQMeq0or_FP>TQ>dx@#q#-@r24(BRb(h|_A z=X8^I8sw#AJy#u0Lop4p6=Pe$&;;F|&K;MLv`iR@PBE)=uBw+WX*b(K6rA7(OU~JK z778ArxV}NQoO9@fHe9(rrnH`6yP)#}Z;&XoQpdv%qqf9@=4FYbsK9UlQ4j?`0E}JDHHGV+*n6{Tvw${e%gc#z}RfcQmGadgM zDo~*uMsSY^I|5*5vmgjffk2D`V)1&zY#<_~i9#mBU>b~&%Ykl{p*o;QwDO>?veTi- z5D-ZgGp^p#Ao`uc=1z%8g8qI9{y)SyZBA=I;yW^-JPasgIOG%7fkd!PJLw$T>PKlp zt=$RF3ah}_o|>Rv;b0z7vi1F8+L+$*rY?nQNdoT%K0e#fnTNr=*;4SZm1$Z9Z@Ab) zU%H5XHp@m-rZjzgV8X>Y88wJD@+Qph^gM!H+cH{TOeSKLkyK$fn0>bRa0kQ6td3}=z) z0PS;28C70sfF&)wR1&@tQ1TaBL~{mm!1IYzYDMu_-E_KJA@?E4M1whhpovf?s32ou zql3ne5rLy;S*R6jYw`)1NYTPVsDhr+#RyXv|huUI^TARxJAtkp(SRth&NuaAVJx~D^N zIz-u9fW2kxigsS)V5-<2S5}j5TX%h>e9%=gY{4D@^t^dS1y7nt5s6BV1n};Uq|oIq z-a!v8WVDpbP`Xlb7xv;Fq`XFwu$5Gpfj%bLSy`y&GDcOg7k?Bl#wH*Os2Ymaj;W?J zNeO+__TDUkpVpUfBcX{hgvxew z_UyJG!lm#dZ$VXaVJJi(cL|0Nkt!D+(jTdsEi60^#pry+@Ln*GFMJ5}gYRGP!C6z?5NfQ{JtYx-1a#|()(6ov#nm7adIib~v;ouw!zTpZ2RUE3~^EwUmT$0WocmRS-n3WMOa z6Eq>_0%*jV7;<^90~r`}jw7>}H^Hx!)2*lB^A>PdEzvZd2|kXd&7{$lx{lD7RLFzY z3Npu$tek#^94Q4G?1f9CNR;GM`GzqFPBCz{jF6A?RTGGF%G}C@0ito%T?aaei^|I{ zP2}MdaLxh`Jgmd=+(j@L0gZVKCDkP}y&dz4reRfj_*Co~drnuGlNJKehr2XgpA1?+ zpXJgNXjJKXalM9(xyS?-a$h(IOnc~?y>v_n2_>HMk;H@6b90;sDRNR2#f^j z)-?Gma%L@`b)wXuP(a`R@;t3`@j}ZgQgzrJjkB|YBuELt5P;*iqJU(;WRGdXo^D~4 z-SReh=;bB0I>7%^{TPiY)YZKxO$3x5LaW#ciGd^q{w@%A=q&b`IU0gm2v5o&{AhbX zJ5Fv*flcjE?3*AzP;4>_6c&f#@ey4mbx+v^0W6na6Ad-HL1CpXDW-~0BmsK2dX1+# zq85sUt_ck0R!M#xLIVZsstphy8R!^RRn$;)+NgvTsKW?=G+3#S9XryF5Bam`c44Th zszDc~-%VKK6@-zTa*y-FRTaYVGCva9sf|;*II4{0NT^p!X*y%H>aa+~D`lC0&|nW9 zZ(3e%(W1X>slsi8L{1ppAS|LeF^{fWYRg6%Lx4<;u__bqrtxg$gCm{OL`Ubj6H&TS zC`)6)9o;mV+UAyalUS7ulKgl3txzfx*Oc9_=>dV9K8U_$_>nWjjJDBuS^ceEV@tnH ziXx3xAAU$rJuFH&4@rS(2p>iM#Hr;DwsAFNZcNprjoBEwAsR;fv{PXi^!%L37ei)A)}GHCA6tZx7mM-Xv-K86*HPYGMK0gUO88_B8fDqAi+e5-UZJu9pmmX1{@I*+={95naPlr`A&tbYnRdp{!vAlF3U{K+gnS`;v)X3 z+%GgjiW<}G8?`j~TM{k&zzApNaOielZEr{i=p|{gN0?KGbWP@fG5^`-8f5pO!CRm-R1y<}+~NvZCA;L@I-LNWrG_5eh$%`@^2}tu zJDgd*3@b8XB)VAdU3#%&EkX1t0t91nz3OfN^dY3lOobFCR~P|_RSb7m7MG%)&d;?&J?H15t+<`RTH z7%bPYlTYV;v4kvq>!enVgi&5zUy~A%XJsi7fIV2)=t%0Ow}jkbndIUW(~3?D%0{L7 zF4Mj*ZI~KaCl5mhe@doKlmj>uwJDD$NSf@JNEGuLQ?^Mdb)qPo{KxzilFejz^O>abuVI@84tQxezlLB|4 z1iJLA0s_?NXLj^6Xl;@Scb>0F`vHI+QfkYDW+I0y$smNKnTt*di2egNxAk>eb91fg z5_~FWO)k7>y5bs;KPY%L^CVi@ElhQW2?L0-7sTNu-2+IKRl@vfaaD^X3?37)g2{V4`Q z^MdJoMll6}oq9|8B}jx$17BHbt4CkZ!l>EQd~kS%?y7 z$*P%)nH4(F0K2=sP)XDTHctGK*`%da+l>;gWupk_RdX5NSKZ z`f2w8bkFG=9a}<+$?%j$nUNM*!Q8EqliQa(V9kVYcRNsSM;fn$d@+bv$%BIFGw2T* zt^<|8kdeyzBu5I-ztqX#Q1|E*= zizx;`=0`F(h+OH?AsX+~7<8)%kugT=MfWfis%n7JTL>$3ZU87jlAE!Dhf+98q$g|b zPAS9CFh7MJRaPr9HIjtxzMzAlrGREs>-+}&olzbmLCn(B`d}nF6pZE}bB-1GbrHQe zd@5oUvVI|@I(7Jcq5&H!n%3?WWxDsY+?$ZP)gKT@ggQYq917dO&NQ6P(b<)NvVeek zpqJatxonq(+d(F#f^(+EGrUVHoh>qHADV_B$S(4}jS1?tr)QwBVnSOSj3Krru;s&Q zPDYG2I&Oln>X=ARO{EZ8xI}Z08z_$eCJ+p)jHwxfL%0V5&jEPl%4-OZhV#SKbova9 z7@OiiT=;<7Z0YY}1aPGbie1L|34wQka#(Z&hu(x;zK@k=(gwQXX5&4`X4Rv~j@cU^ zKkL1^1+txKvaJz$P!pOIYwY@5fe0QknTpCZ#|4-u!_(aj9n~wEy8(f&>NuI1p7$G_6X- z5h<}UdN8^W8rt44AW67MqnPy)fuTmc=dotJ(n0`AbnASXYb9?mrPO4iG2DT!40;Z7 z1_rf7spR!Ys6mAsXvShvxdkCFpjqprV1r=k1EPj11sE!sP&q{i_{0?|K~AgbVm;Cg zE1*nu0PKfbrHmDxg{)9QmCQ4b5nETKqfTZXVBcbiB~1xXuIG);c){$7Mo0{^-0q3# zIYiL)@oBXUO!gGw{_t)y2zon5WYH;2@o)L@nO2H8T{?u&Nqa)8n4OHE*fDwZxGS};X5Qp z)|a_%8ez9d|D~nYX(nHnFC_hfnXZHqQKSH4fa;fCiXNGl3Ok9XJrWiD=_}AJu0hX1 z1u@E$6mN%}^RS~HDvD0kWW~sxEoYkHQi@F8TGM12)y&voWF)i#Rc`VlV1)&f0!T>J`-7%& zfSjUqolPn<#@{0?i0&GtT}?-j)lR(x%Oh#5Y6Ej?^n?q6LHYJ_Dfqc8RAK-OEM&xy zeYc?oZJ>~`ww_cXlQM;!%P|v#HiG%_W+Kt_1d9eTd_Lt$X)2Q3GoE){7AYuDW4_Wz z+vGqfPSsLu#b={X^nVn#ve(Fi+bkB3KoZs@fpE_r-C(KZg}_5?b?6H)zcOJuM!U;k z8_hxJun6v{K?;_@){Qh8MXN3uCv2?TiLZ;CR?xMrT$>xd5NM9-K|hHf+3g?E~=ysWkkU?z*>oPjIvt|`Kk)?RM#Y`6H+`<`}4Ak#N8to#KyNGTM1F*;95yz{6zWZ5@QMuk#Vn(gTeY@me^<& zf`WiHA5>3mh9dt@K2P}j`9L#yzO>NEs9gs>nI~mR5U*u7*p8w2BX%&gGrVjGC@#f6 zFj&%^Z*o-`@1Rkyf?V|0WL1!nmE_peJLt1e^P}JxA)O(e;3g6!PM6)^&z{bweCBct z*ZeLNPeC!@Pmcm*pH`l=ks?vaCQRzR!PEts0Q2(Z(qAAVq`7KjH1sjK-zcRsClglN|mb&tq&P;ZBzGdx=qIPhgY@wHD?Q;Red4ia>*2q7*ap2HibO zP_n)h%rvFr(KosECNSqC6|K1sIE?*L8?)9IUf3}*tNB(=*^j*1Pvbq_M=uY`M*27=>)_bI4-Z0w}QjkT=X_=6NI=-SQtT2(^_6=Urz4cF+`d|^8 zZ2anN6E19T9xLPIYK^oxT%>1w#?Cp;iFckNb)8UBmhS!ePIp)kE;>}r}xVAU(EPVtU!Af}S#}ypMC`y#U zW%8O>rVA2bZIofE7}_L}OK=mzqz0IOXhL;^P4xfGF1@mVsDI7TiR`qd%{e||rzN%W zIJMC6L1P-S0y<@R6%cn^)a#L{!${1YtoqtqSVDez6o#vpIGyCT^Nn&vaOrKe@}1D$ z&~qz9eK4d?s)n$koNkyAf=q(%oUmyXcYdV@Wg7kkaPdrY3ek(WK^#23^AwGk?C{8! zfr;}TUvvtOyeL|N);`zs1?{;5U;Ow-U%DhnBu;1V)=I&!WZaw zPdE|Fi#_q=)d1Y#2$M>SmE}hb2e3PAeED6~u7e#(f9m^2Gz;dW2mG{l?{imrwLCJ@QfX6;@Lv0uTJp-aMgCV2%PBg)%Sm}uyJ=Uw1agbVU< z!gEyr35khc@-G*C2|@;H48%if1tAo5E>!8Gfb&}(8)T|#$hZj=m!fhd=;!yX=`_LP z=+;b2Saeb1oVn)gu`M`=mSN3`QF-`q9L#SF1o7GrCUXMxl$>vP$FKZbLb~7)^5Kbx zzfw^pupLpfsJAn-^F4jqj}r;7N%PGJD@{;`if2va`?=;qlU7(_XJ7BiZN8&~PT~}O znk&+d*HOac*~OzsRC@L}4b_J_{W=ImtIUDjcISz2D1ugHKa z4|h;it4x^Jp#s0!qUFrZFtfgisCUr8k6QBe4r%llg8bl_N-C=R8-UIVG1kXrtRA4n z;k`LH&EFzmWbX2A-?}ti)sv;v9Om&=fQ+mIeCBN;Szl@=WW-a_wu~B!-=KriB<4PLMc5+T|#YyNL(&x!O*^C!!%n4}MD?61+b#d$%Dlw6oS1jdF&+mG*hZLj%R{W(Uwqzur4(zN72%>30{7Cy||Z z`}#x6=?FWV)w=}uYCn6mI~1TfE!CBMXD1P{IpCpn{>mSbAvkx8am%KBlh}Oasjw^N zgy7x`^-QpaV8o0J(Qlef5rqc?5;JXsI@;L422Rs3Dd>kEiskKr*;HA0a92M@_~etM zOghckvcqz+d760-3moE$dEvD3v^+gImeuRU#_U*&?_<}TmV}tkJ$C25oA4<+xSuFb z;d{zbT5Dz752cn!ZO-~a1fruor32c>lRCS2FvF;ekMJhK2I-^@pyOw&14s>PtM(~l z=JY(7wAGl_GZz8lY_hOZrlbCI=zg*keczT_&^F!gR#qNQ&@t1brisCy#8l_F?VXEo z_%Jzn_>P<;-!Jp2Gj$KeqEl!CA%8N$-PFiwzqWgR4|X!Q0A7kqz@A)P(}Q)+9+uw# z!+$Wmr=#)Uz)pO5(eND}K|de>MG3c9j0CxILk;O7qCR136O$zj7msZQG_Q0#?k!J} z=ig+U_c08S*{)*~o7><{Lee2lnMt6XlHA~M!jhHdhR}rm4|Wvg@w26jZ4JOON@FFb zP$t#tj7Xi$WS!7D20bMD%S`2I;haB{$c{z1vkh=2xi{huRot{ZQ)I3s*kIU9!|(w4 zm7|;2NIC z&XpZF^=QoGZZv5>2KstxgOP+3S#gQ3#jF-Iga6Qc35XnOja!7 zJ+rO6u~{2YG4OsSG0tpz(|Dt1mQGCim3*^&YSM+}a_9F6ZN?Y?(%X>1oVn+J93-NP zAo1x-QX)7Pg9f@kszE9;NHUGHv|+pqD?(r0o7$Q1B#wmSfRdsaS^5|d#jPN;6`G^= z=PQu1I`+n2Ai0B*s8u}iAsYJypg*@f#bbpdcwXl8(J7Xn{-)%0owyQ}fm>yL zU=>fe#g1PfT@g7-9_Ki;6cAKe@LuEHDc#l!P1^Dh7(%k^ge$he0~UK}wBYI=6X%yc zmUoB)OCV8S9oLAWB* zL8Q)(>^dqTb?h#i!sQ-6V<=k(Z}QQ2wh)*twJP>kKLQ4dEMVTDV8p`GD*lrZj3zag z?OQ%{7_F2~O)Q2SwK42LI;4C)AKoV zH3wU+viA9DTEm(ppZ=1@5 zRAU>6p4r1{wjBG zrYuh6#r&k9=})Eh;lvo;g#bT5z`yve*wu0WOzqIhG|9OwJaOEbXTK$RI{vevS(pNd z2p;(xm-^42q_RMr6i0o#bWIptnROany1a zrwMo;WX+_e7i#$AUg%b;d`YXL(y?UTK>7{(wtUrF2^X%%N2Ha}i<`XhD>(Cg2c>X> zst=9rFe;Xw9^`3YOH6r4p+2YItn*L47Dr_qkuM#rk$TS~Y+swgLq-~Ih)8zgSMH-( zZs|%4o{%tzzq^k=(+y!%qmA8ju=yo^FVS&!_R(V##-s`XIRg|$&+cgSDZoMGw@;S8 zMkOXr#C={oRF5r;ky9mG`+^Z~>35Z-e>6AFS89%|XLSJk`-Pt2aS_7WVx6f6sioiE zy%E^s#A?4m5cyr5Ab`iy>7ik_mNZ|Nq6*o3i|!oHnAw_Yo`)0KQw?rSiNa{+eL}OD zQXPjo4pnj)f=$A%D+8(Fpmf95*;<+OkreK1kt#AGI#S3a2Oi}(S8(GsblfE0}5?>&l22>WA{Xoy=R91XL(h z>m!kC?CaXxB$E?x^_XzN0pI`lNNJ=fPv63`tE_?m1b1S; zT){stz;u$t*nvB4Zk&saW3{*;VvlTFmKBk&|I^UH?f3z?{Y&P%t~JTT0>E?OG9G6l zOF81buB>OWgzh1f^hsY9#_v>)H@U#~G$EfslHo+|TD(ldXHEv_|`0khC~6 zZqe`FO;{Ve4S0Fen)OsncrEtU$7+(a$;pZ!xN04eXM_Lzq(!h1hLP8gAyY=q>6k8c z3$SvkerYj{$u%=x?K5p^Ci`+x{BUOxhZyFT`X|5L+<0Ga4NmdDv$|WQOSrs3h4pEs2F=&1O7k93vLQIlF z>OE&?t5#o(Z09sq;>5h0D@c&(GUzi{R-wa=P>M;)o=Jdc^ zVme$o^*b3`HqT`r4u0WfCslgGQy!KQf^Nn6zp=w)(1IjA$`|}7=0c*O#x1{(W2E3W zey!Y+LIFHmoP!!W$449;%tmIO?y%)1F7A05+;g4lSi|^8_f&BdgjLmj-ap~wPu&62 zWXs7s>hs$oZ9qSVqU_0y5WC-ENkCxao4p^#l=R2`Q@6;Uv^gp~cq;H}_2#we*r?q* zRiQRl4>oQN%FeV@2KsDmQq)wNKGaOnaKduLMsf&}(%8A_->Ixt1vRhq&6o=b2CGx= z=VQ3BIG<^dw*HAgQk2Iw5DpYy1p1mh@#^`TQN~p%72X}P-5~{y&5|ERvOqpAmo$Pv zYO{aT4n!yG-D<=ju}1AFqImn+84<%J)^O?^rqwK$mt$}H$Z@#YIk7w#fJB!%yeX6~ z!UAZPa&hz&eo73Mc|e44-;m_|mtWvT`Qft}MCb!bb=tCF-!ma9Fozvlj^|xl2Iy(v zb7oQ^$V6f&-NBAmPffi9RfBCiMdm2JBTbu{^m6%N0gCIc2o$BX`)ZHxQhN@9>`bo4 zY8axFck~Kx*B8mmvBAP9oMY`XN@e)QLE? z-qQIz9Da~bokpPG(sVTmqs09*C=X8+N#^HTh%s}!Mql#WQ$nXiC>AYV&-KSy*}ia| z*bPI#P+5$n84?B*9y$-`qCN+tZ?(7)A_v>l8+KDZh2{)N(j7@31N~tLoB#T*H9H~s z*cna6glLQ#&1X`}VvJybW7>W@MqZ;NLuRCHH{OVOV!ea&kEgLa%0a~$kOK8(32UVB z5;OYtYdb^8(dMeBTPJR%|O(K<5BB8@?j%*Y-NBB#%c{xG08cy&sW-HR_wEXx6 zi<&ANOa3Hs`qMNu1u0}gL%*DSoI|PdEpcg2EeC3xFq);0>-B_GucygR5=x~kf3kj+ zqz)^@YUk*4q$9{?JGJwlmw_E5@_m_+oFf)ylv!|>L>XyQl;2x=O5rjz!Iw!$%Wp7q zW=N)vym4&qxf5Y;xPngQoL(-W(#z*NX%Tu(>;9|o9xek?rk-jiz0Un;)tfSP!CLe8KryWQ!aJxQ3ON-d?+ceO_I6 zVzdsz@wLjSZ3yd)M30H&lX-4ecHi+bYyw+N=k6-i&QU5Gn@AomP~DMe%57OsY}U`c z2<9_fbi3~Hg`wY-j`dx>A*zBeXJ6!4_<1t+gz4C>8pWTWZzIcI7f3Pkm(PU+Ng3)NKC@pKiM{s_Efo1 zreuycO%dWqGCP5OBu+br6fC=rNQczyMS$;7POYdrGi(|}#+tK~I; zy9md`T@6jAw8olLh!MZRLPt$gg@9DHW=_O3{59TYqK6i&x=Erg@^+jvn?D-D<`hNn z=x7tJ>*9k#GX+Q&tl|KCQ`u6GcVTu^mQB)IlSY*B)g@u~36hu-mG}&Q(S-mut>)$& zzdVF9$=3Q@Ku~d7@#7Vp< zEDfhLs-oNx0Y8Q2R`$x6e!ta9X_UCpXMa?#X91%d7SbWAyN?O7?r5e6WS^mP3-e)r z@E^(TYKmJ?8_a0MIQPLFCMeDmaNvd$zSKO8Mjx+00F<0{GDrY1A8LiI*@-(B;^8lQ z0W)Cu&|(F%3)EiGPs+hM8yx$Ihx;xgl5!aW8$5=Oa?}M@PSK@Q5{ad>julIRX=AF0 zUGJ5skDX!%2s|1$-)7i{D?n6HyQ>Mv&7#k0-ZnavclVehSn+Dvstb5Z^sySzdbe-r zJ3=U!9{OotVHwWc^{w_!0TH-WLV}&r@FdDbAfU;NVUm3QBgBJ`^J7>k(j(>hic10c z^SKZ}lZpR>OWm{@Zm0^hSPkN;5S77kn5TLHsix2fF^zGF$Jwk1A>#vE4$;!=x4d5f z$a^hWzrZudvdp^h0gvm|LXLe%Xo?dx8F=Z-(*zy+Mryn>RtL`k*$F2_B2|4V;BqDV zQTg)I6ZVdaX%H5wWLdl0qZ551Vga0sw=UZDoscY zeX3U(F0x%oGkDrhq=5Lvl~((`!Wr4p$1omaoQgqy0Bgk;=L&B^-7SS5aOrt+%G>>F6$J@X4p%U zC)34~F{5TYF%J=hPY2>xAq7awE_mu>(jK!xUUy{!EIHf~lLWt1HlG_gC;|{Ys{DA@ zF?&invdd`YLWnFRl7M>kN-DF_NN1;|+VyvK>+I5GA@yeRp}2yM8z#@ zx$?&TFcKBnk|csW`bq{;T08PLjK118(FYFx!Ye~^Q#hQ!Tnu^5)LfVOJf~2xf%($i zkCc$+97ar%Zr(q>GE!5=>^DYczD9Er#-qY!rCH`P9zo;|mYfFIeR=qzflzh?4aBTq zAixl^OS4kO{;iqOGWIlP?e!?P9w6yvqzVW&evz)5b7;I4|M&E|BQrbPGci^CX5^hs zoo|i-WCwYR5e@VKf?9QCGu(`#{6YI92g}aV+VTdfz5B8^;um37;{NJBdz=!o2XIJf z!vPgr;>uBU(FdzrmdLy(g4LKs#>(E>yU-M`g`-BSoLZ?Ah4z9~+!$o!l=S~!jCuJ`Cj9-s)}$WSOp#v_dBxQ_q-u=u7*=L!MrJU>a{WsVwe}< zeEu0ao6?-%>z9f#{jgv)xp{`RmKaH2gTap7%|cb1TV9Hps`<+HHIKRBM&=i$WXCB2 z$&R@YxN>0Vt6I8%5i#ItPf;9T6QEVVZ5U0(@w?W;687s%c*>-%xU{QRJzM{N=Xq*O zk|`A#4h|U-I&KT&O_jzt9gSn3odO|_*5(ffv&?gJw@^K|FH>vc(BNQlj%7cu-uc)x ztfI*woC{rfEl)NL#`s+b=UWGxP_CI!>RDrY?Up z!yOtVFk8MxC~(d6F`yw$ndjS7*E1gSKhtos!0uX^bXo$+DB%73NAaHmEOV|;Q;@#Gn;bn;Ky$S zza=#5#BGi2#+;D!s|8gaQ)N&hQlWfwyo0@X525B2o8R<~VFh*`ztiM*wZkTM21cBS zZMU(bENp735w!3zOT%9E`rA_pkTd(ngAYeVnV)UA6f;D zcYghe-Jz`!F_SFjXf-38-r|u?o=ZllMcMI6nB3lHCORIeFrkLzFCJv1?{QX-`G$Kt zCC6CMe5_E(EgU{(42ho?AFx(y#<&+N@wn6OqGnMdbZR!yqJc9G#`cDhsn5vNw_M`v zdEepw;IXXfl~$5A3geUZO*{)e$-h*X!=6ql?_pVMgM{)mFq9_-9xiP)78mSQaOgg1DQ%5DIr!U{%c$@JzFeTcoe=PjMvZmWX zyj#Kqw(*7}HayA~)c+0#Qc_2UPPtpaR)5&#nd$wJ0Rh5>{_#~B0iFkM2q#y0QlaiC z#h~@B1-)tHExZlrKJ!GWhxFIr8b5D`pL=bWfHu#c#Ic;grU?Z^PY4Hjq zH<7@tX6mKTe^@kAv*NhS<)0pU9<)-@Ww=6!d1JuWWSJvZr4Vm^_1-0n>XudV-46*? zDG!X%LoObw-y+4YMql7LVv|l@a=k=ER3)Srza#g`+5eL5*CwN zLYVl z%s{R){0>&YHplUU6EiCl6e$YMb%2I3et`SHJhQ~_+GnBWy%N6cf~&OvA)2j=33@PQ zhb`&0d2}dvVHhF^yrvOxekFkg30l(=7>pEjIQVB(rO$zkg&lsjKjZg_jC%G zCpWBDLl~(&xyigTRe?pcdVg!xl&d$-(*;2pGtjeQS8=Kv>iWf}^?>BS*RkX|p|P#6 zp^f${5s*^uIKg5#9p0k41fsO3>Sh^4RwD(2tsgEW8+t3D=!+r-HB-js2ah%_`4h+u z#<+gigqd@SL4G)mF@B613exp#J&wSnxqFkmrhze^lX(r|x&mYh#~YCva=YC#r7>0N zVY6R{1K^`N$(Smf91Krt+i71J>k)D1QC9kfLQ5+Zk73LEX+UT6lXO6@t?JQ z5O+1}mkyMD^R;Xsjeu^)p6!g2sFIX%8&idG0%Y4riY*nZevq^5)!R^t z-dGS!uyf)ghgaB|ajI%BUKU190GdpfN5ie))lewZc{asBFL@(iC!80AD5)8}Z5*CG z=;M~6_0Q)f`S#e24;GWHoS7s%3nm9?IX+Vu$cxVewsEKa11q+Ohr-)ktBH2NCKc0i zc9^o<>MrT^0@y@HVGJ!;bh+GgyK@B20cq9VNa*KuGpsut14iV@H`>V$UG;NI_Me*o zNJ@Ap*-IG1C!Z^Qeacu`y&10qNF5H85#x7*BZyuKZN@CvmVV3Tmd-C)^h2}DPwfR7 z7;&s#X82Z8G(Otf?8@}#DcqV#RNGlnxxb}HB~)%tQ%YPJ52thTVp@R^M3y3(*AWN& z7-6Q|i$HJ_vbe^NPmauqA6}l}MF(ekwr1X8w8;0Jf{~h=escjVCPYbSF5k=F`OOx` z2lj`%4p3!r*e_x=+I3=)IZav2p8K@_W~xu#YQ8s=ae=YaGmJUYXc#jiZ)U*clSu!T zU&J-rlkOPrPt2U=CAO|vg8DN%nj@;zm>(Zb^)(%Qr%yF3BSA}4I9FCP?kH&L)>CnU zgBp!IFQp9+9+$iC^mw?mD55Dpa#`Wa5z~Hlv=Yhr3KQ(X;o0<0-aBbd$IVccmf&x6 zYuSK*C=qngE~sA9E!&(Ku8Jr20BJIW!WBJpO^ln^Gt4R3EH%~&Q{b6&kf=&69P2+& zm`%1%3V2TpQ7LT+91zbEBn=A}2f|=G_okX~_d{@&1W{pxaFwEQPiy#jcq*I$myR&} zzwi@3Fr~A6cq0=`aO+-&)4`}aAEA$v%;RQE(qiCWNLF38q;GBQ2TU8XaRgRCQ<3Q{ z8vkp^e`6g6al^i#LG?HTOo+S+>E^uP4SM($;;i}ejC=b6tUSCt`}JRYo3$-}=`7?p zgtJ7?0C%neJW?K_V#RS04xst?@2LKOrQN#+W*8nZG$UemhH36E(f7k7AA-#~rK74I zVK3riE9WNzkdn2Al{X(SOsMqBkIiEi7At-R(h!QkW2VF-r>soUn`8GHWn~H5@Cd)L zw&PiAKJy-{+NGTYQBhu+hiax^dXPi?0jPQ9l!1?J+%%IZhwoviv@Ak*0$aT>LO@Ns zH5$il`6S4n153cF%kTSwvQg-QOKXh5 zwf3XIdd=^+JO@1TV<%7Kn|JC8?vEX#eyHK{=s8@yzT=i2FYuZ;zFpF&H$f`FW)SKE zj7?E!<*~?%oPQs6EgzgtG{U>I?g8Ed&ld~tFAZ%hnHvpAqIuFfmOb`<{o18KWX9Tk z(UbBFdx<=`#dlt%Pn-|j89#=X1IN@Y_ZvA%Ui3*OSFdL%rprUgc?B{vO)>iylvrh> z<4+pV_f}i3USoie&gdBp9Zt)vSub5Kf2~zZa{6J5>G;+xz4ebHNk%4(hO-+cMa=m< zh~B3OWtkq1ugAUi=y-Y*y0k}L5lXg<1QaRUZg(96lt@$0o?rQC^`#eC`8Pco71{%u z6pH==_E>mf8Fx^p@em9i*M2fGay%_!unUXCq{9ce^!RRQL(EwetUP$7{7I{OJfTAb z_Y}2PC!7zY_A1B|s3G=#5!dL*a$T7H1nG*q0}82;5`Jg5mBjFH3Hq7WjMa3b)3x@~C?4BIZrjc&_04BR$% zP*@^CaK~TP^QJj|A|DG+`-_Beef@WiPXxiSJnyw;8#Bj^)J+(eNCavMI*{<7qUeSm z%0W$lfz3DfHc^y9&@SW;Rj-E<1T8R>s_&N~GXx2;5Q5o7B>hdvPBk@e|JL1b(vPFr zwRhinJ)oUqTlfncz~exxd6#;g;`Oh#<_{nA*UU-R-IkvHg{|Z>t?T``+QXn?vhUfT zj)$1LtuUjc>`oz?WQrv^plfs_C8Ze?qlx>K>f3X@Ozi0E7*b_e1D@8+aGNmq_sqc& z*MnBfJvx&*@T~pRAL1G@O;l2ZVQ=x#xKQ?P^fs5ny-sOq62YSSC~fC)fm~9+aSl*; z&WNQkmDM|&U=mF#Xu>R-cY!iiUjj9dzA0-7@AR}qEY(i^`+3aH+0v%WOyl{3Hw5m} zigUL!Yfb! z03ZNKL_t&{HCH2%DCPY#NMZ^h6=e#(@ZDSzEr(`OqlaFgj+rtnOjHS`wlU3=Pb0l$ zY6HwpUm`>SyxT=3C2JLTYA57F*RgYenyRej~z1y7nx$>i9Uv3Nn!*+xJ!#ejrsvO4X=qt5}ccF zBDN6t6FL}6zVxzwhdPxOsA?S$AA}pN=H(7SRuE92lsa2+Odjq6m*7JbvOf2alB(I2 ziErdxT1dRdOeIC|OdCvJS`#K`Cf8(c=FINK{LzlYQ*`H18_X-6QsdqPZuQe%)a%FFHvXBrE$fLvaQo8KP8`aN5OF zzcZ5&s%ovwZ|o5gN2S0#TTGE7lAA`Pl<$Z%Z^(!-bkx=Opd7ozo5Xa<9QN!GW;|!A z!j~;Hwf;tI;fvJZ-#VOmlXy%3l9brvmRwf{Hh&UQyOBm*P2yz?-Iy|IRB;~ z#e{xm#7(w1`Dk-VBc8iM0-vC#vDPHYbOh6lC_=&w?+Fzi-1H>=h-u72_JTPN4;K7b z2rX4pV{=19a3B;J^qHy$Io@6!gV`{{hi=QX`-_QVB~UiXYTWCD$P?gGBWV zTrEr)y6oJ&#R-V@EJtw)V}$Cr4u#FaQ=J_Df1QC+=Nl;wpyy;@pT|QBgmo;Fq`a5= z!wiMT8VA2V{$;*ZwJs0CsZ~=n#Wb#{-Eaod?WKyc+u+2oo0+R;4(#&7f3PzD_0zQ( zNTYRgZ%>y+Tfa+&sv5Vh&~o*u9e9^KtSx+582v_{qP<=OJx+bkujx%lp18*xExMj+6+$PN$ zGKM`fZJY_a8zRbIncG0LQUU)nZ_g!vjG4N+yMW%=bjrNiv-Vkjp+-9TO43j_&nc&QVHCMqCmGoFye+qxv-#K6=z&TkhOX~s zOOPpN8RVImFWj1BMUK9*1d}q|{%9nIGv_&fT$AWo>@9~xz1~MH0pn7p2?WQdRM+?$ zfyU05J;YJT24w&L>{?*feW&SR$sV%`W_FM+S_z_<-Tg};-GN*AzRFlOX#y~5kW4f7 zrP2tom(5TILHh!w4hp=wt85?SvWf7Qy_v)BJe49-|M=;-yylO_r4=(`G!CYt zvJ=#=3owFC1W-a^y&-5nBakG2&mMoTSoet8Xm9wlTbs2upMN>9v^|x;KjiC~!@*BX zbJ*H_#2y!z(Pbe6**5*62#(IG|JyrlPDSTe4M)-!0y4s1J@Q(0F2_J-GXDI% zJx8u-O4YmV{3519xLW_p9qj4&AI_)W-l}eii#!C!e4Z`sbjYqrEA@iY!6rHuhu|wu z&rG=%a^$2w2Luyqnm$$g2YI1>?r%};%8J#$FMjOGn-fr^!y zt3Spti?HtGqDDZq0XHHcrpd#;=Y0_u?nldSQj{@u>I!_e#XmfDmuJdRhNRMzu1A%6 zgutiCHGuJOd{KRAj>@w4#}%>CaP7LodzuGB5KL6!ajZ=^L>bLH$4Qeo|F9$RNu{2i zdQa#8k-#w@JhM=Bi9gu{vzF~Rj+@92Cn82gz?p>nL?@Ay_EY!8TVKMFXjSU|mL`au zpUwW4otxpmBrf^e+TI@T%WaUAU`L;RH++2WElHUQi)DK(_b_Vv+xf6(T{K`)S1t(| zzn7Rj<6A!1K5d11%purLXQ^0;8Scz#zJxsQH&EwC>ry}Xh^VM49zhr_YyP#YEsueB z1#2_RhJ8*AYvxeFOrJ)(^IFk0^Q)(OqyhBI)<|vCkYCeusNq-%s35J)kZ|4^s3Fg(92dZ|I2Gac`uE(~Pxl zm#4^7LP-?BZ59Baj3hW{rD#~``0$RL7J*Oj+?$|NUc`U+X<_h?SoGiSaOm6lAqtt^AR(Vrb21e5BM71f@lM zkmm}Jw|v}X84ESg)*6E?YjVp>m&Bm}|bZ}=MiaGGVl$f?2-3QmnvDU8yVL;3e9tgqs$M%I-0 z4Jq5X496o957m=nF|ePQdZ}_&>b{Ee4C{It^%{hso1Mv-$}X5A3++}v^44ocX|gt7 ztkOKFDSDx5d}RiaakB-kFi{sW^lNb9RXPb_8`q$yJ9iDED~)S0bfo@7D(@Rn3AHox zWibRDT1<+Vycy1_V_}6^#)xi&iYe=6I2it1&TX8Qzq07|$-dl6btcv!wZ8~DRk?;J!Y1EFRSX9=TqjL6ZGcAHqWUi!D(jHN9nCPCeG7$K zVy~0|Y%Ti$)Xl392O*Z|@~WLN6^B>a9^9giCBz+u^!z3uxiiw+x7CA*hdW$@{KljR zed;+j2fg~p`w6m@CT9Lj-bX*!i;t%yO>z3mwE})P7DB76iZXs}kz0Rs+?tLi*W;21 z-BRUPX6(?9m_IBr+2Qv?FE$!RTbuope2H&hw|dw?xH%x1{(XEO7k9ki2{e#mNi)KY zT#?3ezM1|3m9}lw52*XaB18aqkrKm`CQEWGnd*I$+sKX}9oFr!ZbQldN1xsdMVP55 zWV|`Y0-3CAagvw<{|6x@8C&zax3n!#)1%Gnc7OYg3wUHw~WwJqP_vngW77!nr zqqL)M2>K#%S@ie-e6ooUg?y6Nsi3qI_R4&ngw+Y($e zwGihlb}B|j*jnl|`!n?^L*1V4rzZ-|>?u<_7c~Rr&mYy16D@MD13h6ZxXh?AWlV;o zq*;<%hYwoORZrFmgH5Q{iHf}!%ro{9kMbd$w9E((;(0v1(J-IqO_=d8F-v}k4k4v2osan=U9~cJ)TBRF1)2AlIMi^-cGGn$Y0(yn@mv$Td6d#*?p!QW!te3(vY2p=7j5y) z@kg9RbfDpSijqWXK?K+LSb6^;mZh4y9F6@hK$cka8lNyo&t+s{S|?XXGpXGp`tu{W zZ`i6uy~+D|I$xGk8&T*95l6jy;EFnjj~#V-SaKJpXj~l%%i^SrZS2|f1oT!AmAIy_ zIr$TUO?Fw$#u4YTCFu-LtIYRHfQ0H3g!HEApRSRQ+Pv+r^$Txp&8I8MnN1QkFi*|< z`VW)0lo2>}0hhT#l&ZqRS*oY<-Snbq-to>6D$@Ks%pER|X1<9`oM>yT4#Fu85`9pN z(*Wi$C*C&A^$e;dunlU#zaqa99FXI-c=(=6jXP9k`7EscG>* zQ4F__rkS-n8iSw|zSf0~CzyJVxhUK%C5?iT8AyCl2vi-odn9wD+cpv8!2=XZRDb7D z(y1XfBHUWfP)k>ZFJ9WR^t~Ypsd$<;onL>R3EFaaVz}F0d)@s<&8wteCCKBZ{5P|y z`$yzwtkHZZxzKA#A2mRLCUrk|xN|QwVr*w>m}xq)uU5$~jpy^J{Of7;Dtt~$Z3qd{ zO}H;I-ML^IG?)6~eQO_aiBF5q9XC8zpxv3BEFF`se5S7a@zM62t zd1wb`(lrPC$t~l>(LtaKCX(}g*!fYVI4$r3Bo5e3%_27mst!APz%kj40rNn*s|$XB zkus%(TT6R}q~WeY-_+PzdRJ!t3Z5!mcxuof<9+W(mRqFV=6^o5?wq%G$ zNy{DtN`7x@1N#eSen@ACURJk#ERY*r8}CF!?#X!TU$b3(>*q&sP)VcxcHA#lSqUH0 z`Tmm{7%^TUAo7sD>tIT|x|_e=XRl@-<^-AIC|QCT;7Nyly*(M^Sien2>*82Y6j|*l zm!z*#YBNoV#55P}LJr&_;wc4xZ@GCoKc+C2g(4HjNSWIq@&e7FZe2)Iz43TipoIt4 z!vq|rbI?a6nsxTg^Z=r_$Vb;SJ0x_co6gBEjU!0MFHAibqSMsxO$Rz->x9V~4tCvA zXQ52Z$Nb?zM8og)bRj1NDjxotp^dg%a9iiSf)K3dFaP6$vYRD5D#TsWXrdyP_UDruBtklM|oKeDRd50|QVTYoh3I+lhh8 zoupeE&o;w(Qk@uvmYvOw9ql63z@vj!n~K68X=l2d3f^iUM+J8iHQJ<}SHB@+VOmbD zp9UW8Nwk-yuB6wH>W&yi=zbg8W)hIne!G|pwP8Gd7Z+;MN>c(3g<>= zL6Vu)Ia%DGI($=3=hU`bWTJEh?bMZS3u4t_Tz+~ho@hp!75c-V8!?AV^yg}tHthH4 zzVtfQ?04pYU(1wV5>()&At1C60CEuJfjVyRMsu@=atIk#KJ- zZdP#x-S~82FCzC|`P$vzQ~dc7S_1GS)6F6tCci5kYlh@#}m6&i<%Dh2R z&8|qt=OKN^MrRC=(0P0J;3O^&gw!eTtn7avV7_8S;URYhl>s3RB#XtNpZSOm7*-k@ zRCV=C0v|A<;_}B0|MDk+fwAh$!POo5{%Ph_5t%&M`pDdNJJWSPmpNm*s&9ZHZnQod z%E__a7S!NYfKBoN#CF0Jg%LIBl&!;!khE0d7U==9CBHZ`@{A z-9M?nC2-o~Tc@;}>PVti*sR*PR3nlKH^zV}zQCTI@q8hzk5Yp8a6-*TcPD8`JdA$o zZkWW(C^aEH$48UrO05Kv5Q-z@J#g4mXC#0kJ$omvPr2Od<|6+KKH-wkIrK}LB?Il`z3%&y)4!S&d$;O=Ivq| z1vagu>;LFRV^(VN>pM$bR!0 zc;})P;z$WlSX530ckb#0hEkGjUj~g1B60MFAslu1vj!m&cH^G!#7eP|ILYhEY)2CX z>7r{Sc6h`s5y1myE!n?GWCqLcJT{2M*~aF@HO+rwcA;(tfnPLH=nGs?fB4O+N3jA2 zPcXm#pWh4|@l`qhg35>c4)eCJ;}4X{>jcpgg}BEojF@Xtc5@}MFA2;|pT0u==dY2-}yI75WIt7(nV> z<=Snq^N#F)$7U~%yE_cgw&i;a-%4noPz## zA7FlJpF>lYa7v99`@41GDVYIZh;NUNw@G$Grzh9ER}WN;tpB9u%@)Hxft5c;Uz7X) zvKdsChKX3-p*>pmj~0kqoDl-6a!F>uSs!?Q-6p{X1f_baDT z=Uyxf*D$JX)d|XotRZHMbHufGMA(@^?@|eDKV{z1)XhwHsrIn2OK~VJoIB=_H+|Wh zKj8s?`RtAbEc4;|(84sIU?WX^o^PH$3DqXJg{?X6O%Yfji~ z(pS$JEHl_ZNMvsTB8o)9g$9gs#{K|9C@-2Ciw`|Mt&Z~@yT9jl85lEKGhYJSjBnF1 zv~9smP<&J-DM$qba=OhNAEwFvS#LaGsDD%wdv4#agC#EX00vfS(eysg^1G3Dm>9@4 z2U~DYmWos}g4rLm&SSlMqQge%qM#08>v9&<(u;XKPZw|n==q4&*8>GmHr{>&M-@VG zN^|2u*3m{4)Zn=6CIarXfs$Ta?l69)No4Y(uh&seS*JDrw23+*R+2kVV`|^1o}71C ztJlCVflh`!m78nzWz+)SWw2(wFTWq28$bBs!jz$JV`uJvW2S$?L&W~V8FExVd%4~+ z5$Jw1*85^&l1KmS)pLvJMdCZ^G>-2(3NSZbNoKT5O;ABbkaestNA>}WzCzCV;eK3s z8aCpl8{Q;{o^Zrph@l45`DXGL0QXnt6r@A6o;THyFf#16QrIhi1@ zK}vMyjh_9~V!mCH44h^6Sex8YK4V7v%6L3#iT42Zq>=~R(2Q|05$M1ILB^?ur`RM$ zc=LV;8)Ef4(_0yy9xN;LZ+`Qm23Ck0HFb^wjaY2!$c7T$$_ZUiG7HLe7QCfd{T#IU zacQ>;ubX7@UvYTg&yNWk1yuAx-w*tP{2xJ7jgtBc79*R(gFwDO8dXwv8-xmTP~^&i zGZfSZGK->j_g-d;q`X88>@Q_!ivsaHXW}xROh`;YnGWE?wDz|kk<)!K4iKsu2lz57 zDW>DXR}+)F=Kg^14Bn3+4*Ru$bVb*M2TBW1lsxa|lmBv#=v<2khc!wdslZcdVfPpfsw<4@Z4_nH=n7uIV6M5k+f(%32F-j^~0f0hSQdE)ywo)?8Vs-IGi z6uK8$k!l|2_&A;16L52#+){KB5a&-l`(+svmR)BsmSzdBeX%&P>zJCSbIqy+_G-Rt z+7uSEje7^??-bh%w~N9#&A%uCl9nbuv>Kh++Mez8Ch+trHz$bX)Wu1>IFyZ&8RaQ& zn#pCl=_|pXINH^msvVb~EQpt~lV7A%%BiLZpq{{J_|R!p80Jh#l?S8pdyP_59c83u z@e!dSqUDg)f3yrvWv2#q`(>VU0qaZ02&Z@bWrF4*iNdi6N05Gbvq;LjdR?bN);dh-NqU(MC9fa4kEM zc@Qv5?;~6L`}W-qfNlST%v>eJxG(clh|?*}I3$*t_x2Izj@o?~s-W%Yht5(oOYHRk znva@V>AaODmuquHEq0hm1lfq~DHGL%fU_-Y)ANU0oE(&v)V!qQ_06aV`)NG;dC=yf zC&V{a^eLaUW_JCJI|WH5NP3#uJ zZ-X?p?YcO3Pg{A@^vd+iugyH1sGz7{Be%R&o~LEpSM-73=uD!}yg`tm#L)?&h+P}2 zzRur%I*n1|eR@&qnn7^W!HpShGFSsW_VKSjd;tw1f8jq~2|tmRu7o+SZt^vfNW7SH zxb6f5p2LFRChh$$1Ucj;fH`thw^5vLB$4NUtr$0<`7z%nA4CvgLVPm^6fL9%JGW~! z{_e2uz+4=SbTT>aD#x{yf&TS_Kpr3x`9=fcFAW&e>T9*B8fP;SUC&BZ;{bFrcAVGH zXfpi)FnPCa&%*?C`?TY}dN)EFjXIT0O2h1eacTTacQ7&5ZOLw6?dJoCw(2iv2a zBN#O(%VT>!Q>3g(%1-CPa$xw4$R>M2@pK?S{{ENA-u`=HynL>kgz#C42#1NHX39x7 zYT}!=?B&e9)Cs1kG*>=v+tJ)6SF2O>eZV!+L(yokc6@(h(4V;g03ZNKL_t&3wGp5IEVX-?Tx$x+2xGeXh!q~xIb*aPruzO4a~A|Q%cIb1L}AYSvybiE(fne zZb$^V%7CSv`PaC<<0o1l*C|rl0Fco-K?2>d_Sf6A7!Ias`N5Pd)MNkbGe%%HgBVOn zv}N~#Ujl-CeiGw}-1W4*xt&EX-IMIor~nRKZ<=qS&JcP&nkh3(_)3m-q(#TPm^zia z0HQqclYlRao{qfe1%as*LsLO2CQGO~r6^)hD35PUL)LBTTL5N2nZG8IJ*NWDibskd z@)zx$%pgk*A-87UqM<}2>0S(fvWyT{@m0gUxUv5H2@F+!f2k;_l~xLTSJD$rfpK`~ zesUEQphTo3P1<~T_(sAyGUdWjeNuNN=Dn)n;4%LwmVsR61 zWAjsw7t!p&u_wfhgO+!0n7?0s`OTk+J~+snwmsk|dkG;;ad>3DR11%^nIT47h)dk$ z*`|y};cj8_NeR-^ufNeWXIwWnwMQ;y`h0?KD=6cBcDtD-3WQyL4mWfzK)E|;Rg*&V z3l{Aq(4p>Xb7z4AumdF719tiZO4**wX`HK|$Gy0`FOZ0G$&p?wIiOi?dz$Cplx-I> zx=)WutMJA*TLl@ehcp+->Ai-So=JJzDEgPegQEfNj=78UIC*IIm`l2QqG`5q$xkv335Ua){}97xw3w9OOeF%{wGE55mW!kgH^(tL&++uKaf?kB*!s9nG1oX#^`q} z=J%GrA7nGf6;A`8&PcPpALVV?t9Z|X(dEFpM}t}Yc|+=oV9_wc=y66M5WoIgX`b46 z=+({6D<@>|Cr0D z{TK&u`g0p9C!)bZa5Hh+86`YH2bmuvG^QR)dMP0gIhGctIMYX7v(!1+VQuE9<8?-L?>V6<(HrhO0KhOu zlfa&aAthhdyd>-~e8{I6sZ;9`F%JeimS#3e;>(a7Uj!2@-aEE4A@J#~el8u$+dNmv zI4sL|Rf7T!QS|1gmF*pDLWLH3uv0UdyO6G86686{$PzUW4lX-WNWp|e=tJ{Co$X|F zIXMZ=2bdiv@mzrK!#JrcO`RmCqN*~;P)TZn&gWOA)zU??jsZ7{h1{sPa4T)Ald3G8 z_(;xl2dSfL$#5{~kF2E`a-al9gLCbs9i1PC>2BB8N!k6WX*!ax3u~AI7AK_XWzZ^s z*H10vLZ^yEH7m}Gj~CP+8;vF4@T(`GWXm%QmUo@Tk#Ch#)EI*8*vmO7m`$flX~4h0hB%!_l8k{A7c>5tK*_|ejQ zIp*O0N}B-?XqRsPzLxz#~tR=$P9~%o3 za$>|+(3$v^l&enJFb*)Bq$ilMi}1>*K5mNPaca(-Lm5js8wqwB6fIB_)E? zl+I`yA|IslX&LjE_$7GMOEi!sGchm%@{Du+bqOeowUAo`FQu(s;S5;-j_+t2dGHJ^ zW=xXmWvV`}liXQ;dbciwq^Bz;wgV^ZZ@aW<<1J}A(gVWUA}IbwqI=6f)qv}m^>y?& z!-0xRiW^T(?hFc5SUcL6iNC7Pa^_-u@OzmuVQc1t-cD(cN3WC3w)I%^$=|gSiul$} zYS1f+jC%^Raj=X%Yyljht0jy$+^zn12T@hqTp&DlLlDOJft|-K<|@%k7Pn>oWyxbo zS4uh@)%?X?$^Y~n32zz#;;4&%dysS#kX8$e!H%L&~;5&m+ z@}}@WpqoX1SJodE!c|n=q5<3UCd%E-x3J-cW%TiNpJn+gDslxYN6O#B8I`|mg2!!PU0$uz6R_t)=mgjV zKV?pyU$5Cp`+hN7T&*;_@|#_?`NYR$%Nx}Cb21oPg6baqFpn=D+q2d@|C61uiJ9U8 zC{HGL1s2y%k%pw*j1$kxWX@x_c%~4=q^4UGhWa|=gW?CuePB?6n1|s);0rmH?Qf4h zTTdNPjTOL+DulT8l`bf4x-dOny_dV5$quJjFe^Ems%7adq0RF*<_NeFa}xJRS6$|2ixm2Oi|(g?Ozvu|)*p8!s1-!=o-2Zi<;Zy`M#2#dbw7vI1$2a>A zd_X?|*~h>v8yLpwUsk)|bU@1=K~qL4yDB}4Uo1E>Qtr68>Zlu*H}uwNXn3q@E=~p? z8SdsA2#euo(Hq+7d?=Y?Jm^`P3&Zi^s7Z}tR0cVn_Z1aw)VL}GSLRkE7Kt85I)&Gb@c{pD=Lk+4Sm!Gb#SXTRA;In>o4Z9zm;0Pc6ku~|?;ZinJ)&9|+Q_w`C& z*!zHfNj)KkL`k;FwWh~YBBUI+$`})Mr

diff --git a/docs/features/aws-iam/tutorials/aws-visibility.mdx b/docs/features/aws-iam/tutorials/aws-visibility.mdx index 25f98288f..a33b85ba8 100644 --- a/docs/features/aws-iam/tutorials/aws-visibility.mdx +++ b/docs/features/aws-iam/tutorials/aws-visibility.mdx @@ -1,6 +1,6 @@ --- sidebar_position: 2 -title: AWS Resource Mapping +title: AWS resource mapping & IAM policy generation image: /img/quick-tutorials/aws-iam-visibility/social.png --- @@ -10,7 +10,7 @@ Many production Kubernetes workloads rely on cloud resources, like S3 Buckets, R In this tutorial, we will: * Set up an EKS cluster. * Deploy two Lambda functions. -* Deploy a server pod that retrieves joke from a Lambda, provides a review, and posts the review to another Lambda. +* Deploy a server pod that retrieves a joke (as in, a string containing a joke ;) from a Lambda, provides a review, and posts the review to another Lambda. * Automatically detect and view the Lambda function calls in Otterize. By the end, you'll know how to map Kubernetes workloads alongside their dependent AWS resources using Otterize. @@ -20,7 +20,7 @@ By the end, you'll know how to map Kubernetes workloads alongside their dependen ### CLI tools We will need the following CLI tools to set up our cluster and deploy our scripts. -1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). You will also need credentials within the target account with permissions to work with EKS clusters, IAM, Cloudformation, and Lambda functions +1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). You will also need credentials within the target account with permissions to work with EKS clusters, IAM, CloudFormation, and Lambda functions. 2. [eksctl](https://eksctl.io/installation/) ### Create an EKS cluster @@ -31,7 +31,7 @@ Begin by creating an EKS cluster for pod deployment using **eksctl** with the YA curl ${ABSOLUTE_URL}/code-examples/aws-visibility/eks-cluster.yaml | eksctl create cluster -f - ```
- Inspect Cluster Configuration + Inspect eks-cluster.yaml contents ```yaml {@include: ../../../../static/code-examples/aws-visibility/eks-cluster.yaml} @@ -50,7 +50,7 @@ To provide visibility, we will need to install Otterize in our cluster, and we w If you don't have a connected Kubernetes cluster, create one via [Integrations page](https://app.otterize.com/integrations) and follow the setup instructions for Kubernetes. Skip if your cluster is already connected. 2. **Integrate AWS with Otterize Cloud** -To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for information to help populate a cloudformation script we will use to integrate AWS access controls into our cluster. +To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for information to help populate a CloudFormation template we will use to set up roles and policies for the Otterize deployment in our cluster. If you created the EKS cluster above, the cluster name would be`otterize-tutorial-aws-visibility`, and the region would be `us-west-2`. @@ -160,14 +160,9 @@ In the Access graph screenshot below, you’ll see 4 AWS resources associated wi ### What's Next -Now that we've discovered AWS resources used within a Kubernetes workload, you can learn more about how you can manage access to these resources with Otterize in the [Automate AWS IAM for EKS](/features/aws-iam/tutorials/aws-iam-eks) tutorial. +Now that we've discovered the AWS resources used within a Kubernetes workload, you can learn more about how you can manage access to these resources with Otterize in the [Automate AWS IAM for EKS](/features/aws-iam/tutorials/aws-iam-eks) tutorial. -## Clean Up - -To remove cloudformation yaml: -```bash -rm template.yaml -``` +## Cleanup To remove the deployed example: ```bash diff --git a/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx b/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx index ec3fc6a69..07bad7f1f 100644 --- a/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx +++ b/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx @@ -23,57 +23,22 @@ This tutorial will walk you through deploying an AWS EKS cluster with the AWS VP Before you start, you'll need an AWS Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) is required for this tutorial. -Save this `yaml` as `cluster-config.yaml`: - -```yaml -apiVersion: eksctl.io/v1alpha5 -kind: ClusterConfig - -metadata: - name: np-ipv4-127 - region: us-west-2 - version: "1.27" - -iam: - withOIDC: true - -vpc: - clusterEndpoints: - publicAccess: true - privateAccess: true - -addons: - - name: vpc-cni - version: 1.14.0 - attachPolicyARNs: #optional - - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - configurationValues: |- - # highlight-next-line - enableNetworkPolicy: "true" - - name: coredns - - name: kube-proxy - -managedNodeGroups: - - name: small-on-demand - amiFamily: AmazonLinux2 - instanceTypes: [ "t3.large" ] - minSize: 0 - desiredCapacity: 2 - maxSize: 6 - privateNetworking: true - disableIMDSv1: true - volumeSize: 100 - volumeType: gp3 - volumeEncrypted: true - tags: - team: "eks" +```shell +eksctl create cluster -f cluster-config.yaml ``` -Then run the following command to create your AWS cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/) +Run the following command to create your AWS cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/) -```shell -eksctl create cluster -f cluster-config.yaml +```bash +curl ${ABSOLUTE_URL}/code-examples/aws-eks-mini/cluster-config.yaml | eksctl create cluster -f - ``` +
+ Inspect eks-cluster.yaml contents + + ```yaml + {@include: ../../../../static/code-examples/aws-eks-mini/cluster-config} + ``` +
Once your AWS EKS has finished deploying the control pane and node group, the next step is deploying Otterize as well as a couple of clients and a server to see how they are affected by network policies. diff --git a/static/code-examples/aws-eks-mini/cluster-config.yaml b/static/code-examples/aws-eks-mini/cluster-config.yaml new file mode 100644 index 000000000..8343ddca9 --- /dev/null +++ b/static/code-examples/aws-eks-mini/cluster-config.yaml @@ -0,0 +1,41 @@ +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: np-ipv4-127 + region: us-west-2 + version: "1.27" + +iam: + withOIDC: true + +vpc: + clusterEndpoints: + publicAccess: true + privateAccess: true + +addons: + - name: vpc-cni + version: 1.14.0 + attachPolicyARNs: #optional + - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy + configurationValues: |- + # highlight-next-line + enableNetworkPolicy: "true" + - name: coredns + - name: kube-proxy + +managedNodeGroups: + - name: small-on-demand + amiFamily: AmazonLinux2 + instanceTypes: [ "t3.large" ] + minSize: 0 + desiredCapacity: 2 + maxSize: 6 + privateNetworking: true + disableIMDSv1: true + volumeSize: 100 + volumeType: gp3 + volumeEncrypted: true + tags: + team: "eks" \ No newline at end of file diff --git a/static/code-examples/aws-iam-eks/cluster-config.yaml b/static/code-examples/aws-iam-eks/cluster-config.yaml new file mode 100644 index 000000000..3487e4549 --- /dev/null +++ b/static/code-examples/aws-iam-eks/cluster-config.yaml @@ -0,0 +1,40 @@ +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: otterize-iam-eks-tutorial + region: us-west-2 + version: "1.27" + +iam: + withOIDC: true + +vpc: + clusterEndpoints: + publicAccess: true + privateAccess: true + +addons: + - name: vpc-cni + version: 1.14.0 + attachPolicyARNs: #optional + - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy + configurationValues: |- + enableNetworkPolicy: "true" + - name: coredns + - name: kube-proxy + +managedNodeGroups: + - name: small-on-demand + amiFamily: AmazonLinux2 + instanceTypes: [ "t3.large" ] + minSize: 0 + desiredCapacity: 2 + maxSize: 6 + privateNetworking: true + disableIMDSv1: true + volumeSize: 100 + volumeType: gp3 + volumeEncrypted: true + tags: + team: "eks" \ No newline at end of file From 0bc67c0cd7bb0a49417e3e8f8ebaed91b0e57e34 Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Fri, 15 Mar 2024 00:14:04 +0100 Subject: [PATCH 22/24] fixup --- docs/features/aws-iam/tutorials/aws-iam-eks.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx index 6924d5ea8..2c8b42daf 100644 --- a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx +++ b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx @@ -34,7 +34,7 @@ curl ${ABSOLUTE_URL}/code-examples/aws-iam-eks/cluster-config.yaml | eksctl crea Inspect eks-cluster.yaml contents ```yaml - {@include: ../../../../static/code-examples/aws-iam-eks/cluster-config} + {@include: ../../../../static/code-examples/aws-iam-eks/cluster-config.yaml} ```
From cda48603a36800fbecde66f8219d6501e7e5b093 Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Fri, 15 Mar 2024 00:33:52 +0100 Subject: [PATCH 23/24] fixup --- docs/features/aws-iam/tutorials/aws-iam-eks.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx index 2c8b42daf..6a03fc849 100644 --- a/docs/features/aws-iam/tutorials/aws-iam-eks.mdx +++ b/docs/features/aws-iam/tutorials/aws-iam-eks.mdx @@ -31,11 +31,11 @@ Run the following command to create your AWS cluster. [Don't have eksctl? Instal curl ${ABSOLUTE_URL}/code-examples/aws-iam-eks/cluster-config.yaml | eksctl create cluster -f - ```
- Inspect eks-cluster.yaml contents +Inspect eks-cluster.yaml contents - ```yaml - {@include: ../../../../static/code-examples/aws-iam-eks/cluster-config.yaml} - ``` +```yaml +{@include: ../../../../static/code-examples/aws-iam-eks/cluster-config.yaml} +```
From 54d7b167adb01d699b01036b09d45df1d8f52671 Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Fri, 15 Mar 2024 00:54:42 +0100 Subject: [PATCH 24/24] fixup --- .../tutorials/aws-eks-cni-mini.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx b/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx index 07bad7f1f..00d96bb23 100644 --- a/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx +++ b/docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx @@ -33,11 +33,11 @@ Run the following command to create your AWS cluster. [Don't have eksctl? Instal curl ${ABSOLUTE_URL}/code-examples/aws-eks-mini/cluster-config.yaml | eksctl create cluster -f - ```
- Inspect eks-cluster.yaml contents +Inspect eks-cluster.yaml contents - ```yaml - {@include: ../../../../static/code-examples/aws-eks-mini/cluster-config} - ``` +```yaml +{@include: ../../../../static/code-examples/aws-eks-mini/cluster-config.yaml} +```
Once your AWS EKS has finished deploying the control pane and node group, the next step is deploying Otterize as well as a couple of clients and a server to see how they are affected by network policies.