From abf2b12b1cd0443739dea7a8b53fbcc45ac425dd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 5 Sep 2023 16:56:14 +0000 Subject: [PATCH 01/45] Release preparation for version 2.14.4 --- cpp/ql/lib/CHANGELOG.md | 15 +++++++++++++++ .../2023-08-24-no-taint-argv-indirections.md | 4 ---- .../2023-08-25-delete-or-delete-array.md | 4 ---- .../2023-08-25-getAllocatorCall-deprecated.md | 4 ---- cpp/ql/lib/change-notes/2023-08-29-delete-ir.md | 4 ---- cpp/ql/lib/change-notes/released/0.9.2.md | 14 ++++++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 12 ++++++++++++ .../2023-08-21-invalid-pointer-deref.md | 4 ---- .../2023-08-24-no-taint-argv-indirections.md | 4 ---- ...23-08-24-remove-non-constant-assign-sources.md | 4 ---- .../2023-08-25-compare-where-assign-meant.md | 4 ---- cpp/ql/src/change-notes/released/0.7.4.md | 11 +++++++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../Solorigate/lib/change-notes/released/1.6.4.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../Solorigate/src/change-notes/released/1.6.4.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 6 ++++++ .../0.7.4.md} | 9 +++++---- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/0.7.4.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 6 ++++++ .../0.6.4.md} | 9 +++++---- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/0.6.4.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 3 +++ .../automodel/src/change-notes/released/0.0.3.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 ++ java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 13 +++++++++++++ .../change-notes/2023-08-07-jaxrs-new-models.md | 4 ---- ...2023-08-21-java-command-injection-sanitizer.md | 4 ---- .../change-notes/2023-08-23-mad-nestednames.md | 4 ---- .../lib/change-notes/2023-08-24-kotlin-1.9.10.md | 4 ---- .../0.7.4.md} | 14 +++++++++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 10 ++++++++++ .../src/change-notes/2023-07-19-xxe-new-sinks.md | 4 ---- .../0.7.4.md} | 10 +++++++--- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 ++++++ .../lib/change-notes/2023-06-30-typescript-5-2.md | 4 ---- javascript/ql/lib/change-notes/released/0.7.4.md | 5 +++++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 11 +++++++++++ .../2023-08-23-fix-cyclic-alias-extraction.md | 4 ---- .../change-notes/2023-08-23-ignore-huge-files.md | 4 ---- .../change-notes/2023-08-23-import-path-string.md | 4 ---- javascript/ql/src/change-notes/released/0.7.4.md | 10 ++++++++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ misc/suite-helpers/change-notes/released/0.6.4.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 7 +++++++ .../2023-07-20-shlex-quote-sanitizer.md | 4 ---- .../0.10.4.md} | 8 +++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 7 +++++++ .../2023-08-17-improved-path-graph.md | 4 ---- .../0.8.4.md} | 8 +++++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/0.7.4.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 6 ++++++ .../0.7.4.md} | 7 ++++--- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ shared/controlflow/change-notes/released/0.0.3.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 10 ++++++++++ .../change-notes/2023-08-04-taint-tracking.md | 4 ---- .../change-notes/2023-08-24-inline-flow-test.md | 4 ---- shared/dataflow/change-notes/released/0.0.3.md | 9 +++++++++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/0.1.4.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/0.1.4.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/0.1.4.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ shared/tutorial/change-notes/released/0.1.4.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../typetracking/change-notes/released/0.1.4.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/0.1.4.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/0.1.4.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/0.1.4.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 +++++++ .../change-notes/2023-08-21-keypath-optionals.md | 5 ----- .../0.2.4.md} | 7 ++++--- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 6 ++++++ .../0.2.4.md} | 6 +++--- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 142 files changed, 392 insertions(+), 177 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md delete mode 100644 cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md delete mode 100644 cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md delete mode 100644 cpp/ql/lib/change-notes/2023-08-29-delete-ir.md create mode 100644 cpp/ql/lib/change-notes/released/0.9.2.md delete mode 100644 cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md delete mode 100644 cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md delete mode 100644 cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md delete mode 100644 cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md create mode 100644 cpp/ql/src/change-notes/released/0.7.4.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md rename csharp/ql/lib/change-notes/{2023-08-20-standaloneextraction-mscorlib.md => released/0.7.4.md} (50%) create mode 100644 csharp/ql/src/change-notes/released/0.7.4.md rename go/ql/lib/change-notes/{2023-08-28-add-error-sanitizer-for-xss.md => released/0.6.4.md} (54%) create mode 100644 go/ql/src/change-notes/released/0.6.4.md create mode 100644 java/ql/automodel/src/CHANGELOG.md create mode 100644 java/ql/automodel/src/change-notes/released/0.0.3.md create mode 100644 java/ql/automodel/src/codeql-pack.release.yml delete mode 100644 java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md delete mode 100644 java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md delete mode 100644 java/ql/lib/change-notes/2023-08-23-mad-nestednames.md delete mode 100644 java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md rename java/ql/lib/change-notes/{2023-08-07-jaxrs-webmethod-improvements.md => released/0.7.4.md} (50%) delete mode 100644 java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md rename java/ql/src/change-notes/{2023-07-25-trust-boundary-violation-query.md => released/0.7.4.md} (50%) delete mode 100644 javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md create mode 100644 javascript/ql/lib/change-notes/released/0.7.4.md delete mode 100644 javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md delete mode 100644 javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md delete mode 100644 javascript/ql/src/change-notes/2023-08-23-import-path-string.md create mode 100644 javascript/ql/src/change-notes/released/0.7.4.md create mode 100644 misc/suite-helpers/change-notes/released/0.6.4.md delete mode 100644 python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md rename python/ql/lib/change-notes/{2023-07-20-regex-parse-modes.md => released/0.10.4.md} (52%) delete mode 100644 python/ql/src/change-notes/2023-08-17-improved-path-graph.md rename python/ql/src/change-notes/{2023-08-29-fixed-jsonify-xss-fp.md => released/0.8.4.md} (56%) create mode 100644 ruby/ql/lib/change-notes/released/0.7.4.md rename ruby/ql/src/change-notes/{2023-05-29-improper-ldap-auth-query.md => released/0.7.4.md} (88%) create mode 100644 shared/controlflow/change-notes/released/0.0.3.md delete mode 100644 shared/dataflow/change-notes/2023-08-04-taint-tracking.md delete mode 100644 shared/dataflow/change-notes/2023-08-24-inline-flow-test.md create mode 100644 shared/dataflow/change-notes/released/0.0.3.md create mode 100644 shared/mad/change-notes/released/0.1.4.md create mode 100644 shared/regex/change-notes/released/0.1.4.md create mode 100644 shared/ssa/change-notes/released/0.1.4.md create mode 100644 shared/tutorial/change-notes/released/0.1.4.md create mode 100644 shared/typetracking/change-notes/released/0.1.4.md create mode 100644 shared/typos/change-notes/released/0.1.4.md create mode 100644 shared/util/change-notes/released/0.1.4.md create mode 100644 shared/yaml/change-notes/released/0.1.4.md delete mode 100644 swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md rename swift/ql/lib/change-notes/{2023-08-04-closure-models.md => released/0.2.4.md} (50%) rename swift/ql/src/change-notes/{2023-08-23-incomplete-hostname-regex.md => released/0.2.4.md} (88%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 2bdc935dfac3..58c1d800b3d9 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 0.9.2 + +### Deprecated APIs + +* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. + +### New Features + +* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` + +### Minor Analysis Improvements + +* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. +* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. + ## 0.9.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md b/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md deleted file mode 100644 index 4baf9b770d61..000000000000 --- a/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. diff --git a/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md b/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md deleted file mode 100644 index f3f3a59e8f00..000000000000 --- a/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md b/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md deleted file mode 100644 index b9bb1fada5ba..000000000000 --- a/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md b/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md deleted file mode 100644 index 2b8817c8d2bb..000000000000 --- a/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/released/0.9.2.md b/cpp/ql/lib/change-notes/released/0.9.2.md new file mode 100644 index 000000000000..93b36c8e40a8 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.9.2.md @@ -0,0 +1,14 @@ +## 0.9.2 + +### Deprecated APIs + +* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. + +### New Features + +* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` + +### Minor Analysis Improvements + +* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. +* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 6789dcd18b70..e1eda5194355 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 1a8ab0be7bb7..6c56393b656c 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.9.2-dev +version: 0.9.2 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index f3d5cd46f668..6edc055a3340 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.7.4 + +### New Queries + +* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. + +### Minor Analysis Improvements + +* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. +* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. +* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. + ## 0.7.3 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md b/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md deleted file mode 100644 index d8207a756049..000000000000 --- a/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. diff --git a/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md b/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md deleted file mode 100644 index 74b8e6910da0..000000000000 --- a/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. diff --git a/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md b/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md deleted file mode 100644 index f4dcc011a292..000000000000 --- a/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. diff --git a/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md b/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md deleted file mode 100644 index 8872ba413fbb..000000000000 --- a/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. diff --git a/cpp/ql/src/change-notes/released/0.7.4.md b/cpp/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 000000000000..bdec41d4f694 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,11 @@ +## 0.7.4 + +### New Queries + +* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. + +### Minor Analysis Improvements + +* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. +* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. +* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index fd076044593a..0fe920a94393 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.7.4-dev +version: 0.7.4 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 887b20471da0..e17f85e34d1b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md new file mode 100644 index 000000000000..5c811dc46384 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 00b51441d882..1910e09d6a6a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 5719e05afcf8..c60da3557a03 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.6.4-dev +version: 1.6.4 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 887b20471da0..e17f85e34d1b 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md new file mode 100644 index 000000000000..5c811dc46384 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 00b51441d882..1910e09d6a6a 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 2a3524ece6d0..22e9e2f575b7 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.6.4-dev +version: 1.6.4 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index c96f22b5aa8c..b16907bd0118 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.4 + +### Minor Analysis Improvements + +* The `--nostdlib` extractor option for the standalone extractor has been removed. + ## 0.7.3 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md b/csharp/ql/lib/change-notes/released/0.7.4.md similarity index 50% rename from csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md rename to csharp/ql/lib/change-notes/released/0.7.4.md index 47da98538aff..9665706305a3 100644 --- a/csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md +++ b/csharp/ql/lib/change-notes/released/0.7.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The `--nostdlib` extractor option for the standalone extractor has been removed. \ No newline at end of file +## 0.7.4 + +### Minor Analysis Improvements + +* The `--nostdlib` extractor option for the standalone extractor has been removed. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index ba47a23065f5..6bc467079d9f 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.4-dev +version: 0.7.4 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0d165e05a258..0326272c6d87 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.4 + +No user-facing changes. + ## 0.7.3 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/0.7.4.md b/csharp/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 000000000000..1b33df9cb1e8 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,3 @@ +## 0.7.4 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index a9d4c81c0f11..857555c05d89 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.7.4-dev +version: 0.7.4 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index fb9e1f49e540..136789c44194 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.4 + +### Minor Analysis Improvements + +* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. + ## 0.6.3 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md b/go/ql/lib/change-notes/released/0.6.4.md similarity index 54% rename from go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md rename to go/ql/lib/change-notes/released/0.6.4.md index 2f1f5037390a..6c561f821777 100644 --- a/go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md +++ b/go/ql/lib/change-notes/released/0.6.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. \ No newline at end of file +## 0.6.4 + +### Minor Analysis Improvements + +* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index b7dafe32c5d8..ced8cf94614b 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.6.4 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index d3765da2f89d..6fa1f846bddd 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.4-dev +version: 0.6.4 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index cfe3163c6e99..7e8335b6affb 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.4 + +No user-facing changes. + ## 0.6.3 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.6.4.md b/go/ql/src/change-notes/released/0.6.4.md new file mode 100644 index 000000000000..7e98b0159fc0 --- /dev/null +++ b/go/ql/src/change-notes/released/0.6.4.md @@ -0,0 +1,3 @@ +## 0.6.4 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index b7dafe32c5d8..ced8cf94614b 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.6.4 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index a625c40a9c82..cd538178553e 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.4-dev +version: 0.6.4 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md new file mode 100644 index 000000000000..af7864fc7d54 --- /dev/null +++ b/java/ql/automodel/src/CHANGELOG.md @@ -0,0 +1,3 @@ +## 0.0.3 + +No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.3.md b/java/ql/automodel/src/change-notes/released/0.0.3.md new file mode 100644 index 000000000000..af7864fc7d54 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.3.md @@ -0,0 +1,3 @@ +## 0.0.3 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml new file mode 100644 index 000000000000..a24b693d1e7a --- /dev/null +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 851dbe69e825..514ab9d08961 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.3-dev +version: 0.0.3 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 42a5c07e8269..eaec0383f13b 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.7.4 + +### New Features + +* Kotlin versions up to 1.9.10 are now supported. + +### Minor Analysis Improvements + +* Fixed the MaD signature specifications to use proper nested type names. +* Added new sanitizer to Java command injection model +* Added more dataflow models for JAX-RS. +* The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results. + ## 0.7.3 ### Major Analysis Improvements diff --git a/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md b/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md deleted file mode 100644 index 8b34698758b0..000000000000 --- a/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more dataflow models for JAX-RS. diff --git a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md b/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md deleted file mode 100644 index ca183d5d0652..000000000000 --- a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added new sanitizer to Java command injection model \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md b/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md deleted file mode 100644 index 0a804f1866f9..000000000000 --- a/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed the MaD signature specifications to use proper nested type names. diff --git a/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md b/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md deleted file mode 100644 index ee878bb11af2..000000000000 --- a/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin versions up to 1.9.10 are now supported. diff --git a/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md b/java/ql/lib/change-notes/released/0.7.4.md similarity index 50% rename from java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md rename to java/ql/lib/change-notes/released/0.7.4.md index be19599c8655..78491df85ebd 100644 --- a/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md +++ b/java/ql/lib/change-notes/released/0.7.4.md @@ -1,4 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.7.4 + +### New Features + +* Kotlin versions up to 1.9.10 are now supported. + +### Minor Analysis Improvements + +* Fixed the MaD signature specifications to use proper nested type names. +* Added new sanitizer to Java command injection model +* Added more dataflow models for JAX-RS. * The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index e708ee160f20..f4c8b2841768 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.4-dev +version: 0.7.4 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 4c5b963ada71..76cd01f48ebe 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.7.4 + +### New Queries + +* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method. + +### Minor Analysis Improvements + +* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. + ## 0.7.3 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md b/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md deleted file mode 100644 index 6f062a63e813..000000000000 --- a/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. diff --git a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md b/java/ql/src/change-notes/released/0.7.4.md similarity index 50% rename from java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md rename to java/ql/src/change-notes/released/0.7.4.md index 802e367bf109..c214e52bd23b 100644 --- a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md +++ b/java/ql/src/change-notes/released/0.7.4.md @@ -1,5 +1,9 @@ ---- -category: newQuery ---- +## 0.7.4 + +### New Queries + * Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method. +### Minor Analysis Improvements + +* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index b2a297894fa8..8fadb6cf148e 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.7.4-dev +version: 0.7.4 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index ad0301e9c7bd..13a56f3dcda5 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.4 + +### Major Analysis Improvements + +* Added support for TypeScript 5.2. + ## 0.7.3 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md b/javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md deleted file mode 100644 index 2aa36cac278c..000000000000 --- a/javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Added support for TypeScript 5.2. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/released/0.7.4.md b/javascript/ql/lib/change-notes/released/0.7.4.md new file mode 100644 index 000000000000..7608c571bdfe --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.7.4.md @@ -0,0 +1,5 @@ +## 0.7.4 + +### Major Analysis Improvements + +* Added support for TypeScript 5.2. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index d65eefd366ca..bb8abe793e64 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.7.4-dev +version: 0.7.4 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index d77e565ad901..3cf78549f642 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.7.4 + +### Minor Analysis Improvements + +* Files larger than 10 MB are no longer be extracted or analyzed. +* Imports can now be resolved in more cases, where a non-constant string expression is passed to a `require()` call. + +### Bug Fixes + +* Fixed an extractor crash that would occur in rare cases when a TypeScript file contains a self-referential namespace alias. + ## 0.7.3 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md b/javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md deleted file mode 100644 index 66769f2b8fa6..000000000000 --- a/javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed an extractor crash that would occur in rare cases when a TypeScript file contains a self-referential namespace alias. diff --git a/javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md b/javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md deleted file mode 100644 index fc82b3b5a3fa..000000000000 --- a/javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Files larger than 10 MB are no longer be extracted or analyzed. diff --git a/javascript/ql/src/change-notes/2023-08-23-import-path-string.md b/javascript/ql/src/change-notes/2023-08-23-import-path-string.md deleted file mode 100644 index 64a70c1fe102..000000000000 --- a/javascript/ql/src/change-notes/2023-08-23-import-path-string.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Imports can now be resolved in more cases, where a non-constant string expression is passed to a `require()` call. diff --git a/javascript/ql/src/change-notes/released/0.7.4.md b/javascript/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 000000000000..55118b12535d --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,10 @@ +## 0.7.4 + +### Minor Analysis Improvements + +* Files larger than 10 MB are no longer be extracted or analyzed. +* Imports can now be resolved in more cases, where a non-constant string expression is passed to a `require()` call. + +### Bug Fixes + +* Fixed an extractor crash that would occur in rare cases when a TypeScript file contains a self-referential namespace alias. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 04ee9ae61350..343d34fce46c 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.7.4-dev +version: 0.7.4 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 0abf0d493177..ab0e65b02b17 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.4 + +No user-facing changes. + ## 0.6.3 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.6.4.md b/misc/suite-helpers/change-notes/released/0.6.4.md new file mode 100644 index 000000000000..7e98b0159fc0 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.6.4.md @@ -0,0 +1,3 @@ +## 0.6.4 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index b7dafe32c5d8..ced8cf94614b 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.6.4 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 0c423deb64d7..79c9cad4f4e8 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.6.4-dev +version: 0.6.4 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index d3b291f4b48f..fcef91e98a48 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.10.4 + +### Minor Analysis Improvements + +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. +* Added `shlex.quote` as a sanitizer for the `py/shell-command-constructed-from-input` query. + ## 0.10.3 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md b/python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md deleted file mode 100644 index 71238715831c..000000000000 --- a/python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `shlex.quote` as a sanitizer for the `py/shell-command-constructed-from-input` query. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-07-20-regex-parse-modes.md b/python/ql/lib/change-notes/released/0.10.4.md similarity index 52% rename from python/ql/lib/change-notes/2023-07-20-regex-parse-modes.md rename to python/ql/lib/change-notes/released/0.10.4.md index 2d6762274910..7f93237c6213 100644 --- a/python/ql/lib/change-notes/2023-07-20-regex-parse-modes.md +++ b/python/ql/lib/change-notes/released/0.10.4.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.10.4 + +### Minor Analysis Improvements + * Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. +* Added `shlex.quote` as a sanitizer for the `py/shell-command-constructed-from-input` query. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index c6c21ef7d6ce..0e1088e51a9d 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.3 +lastReleaseVersion: 0.10.4 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index cac5d51e2e46..bb4f49e84e85 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.10.4-dev +version: 0.10.4 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index d8bc409ff86f..2cd732792f65 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.8.4 + +### Minor Analysis Improvements + +* Improved _Reflected server-side cross-site scripting_ (`py/reflective-xss`) query to not alert on data passed to `flask.jsonify`. Since these HTTP responses are returned with mime-type `application/json`, they do not pose a security risk for XSS. +* Updated path explanations for `@kind path-problem` queries to always include left hand side of assignments, making paths easier to understand. + ## 0.8.3 No user-facing changes. diff --git a/python/ql/src/change-notes/2023-08-17-improved-path-graph.md b/python/ql/src/change-notes/2023-08-17-improved-path-graph.md deleted file mode 100644 index a2545d362e9e..000000000000 --- a/python/ql/src/change-notes/2023-08-17-improved-path-graph.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated path explanations for `@kind path-problem` queries to always include left hand side of assignments, making paths easier to understand. diff --git a/python/ql/src/change-notes/2023-08-29-fixed-jsonify-xss-fp.md b/python/ql/src/change-notes/released/0.8.4.md similarity index 56% rename from python/ql/src/change-notes/2023-08-29-fixed-jsonify-xss-fp.md rename to python/ql/src/change-notes/released/0.8.4.md index 8268f2966062..223f2a83361c 100644 --- a/python/ql/src/change-notes/2023-08-29-fixed-jsonify-xss-fp.md +++ b/python/ql/src/change-notes/released/0.8.4.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.8.4 + +### Minor Analysis Improvements + * Improved _Reflected server-side cross-site scripting_ (`py/reflective-xss`) query to not alert on data passed to `flask.jsonify`. Since these HTTP responses are returned with mime-type `application/json`, they do not pose a security risk for XSS. +* Updated path explanations for `@kind path-problem` queries to always include left hand side of assignments, making paths easier to understand. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index b6e46394f370..32eff3dc9f36 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.3 +lastReleaseVersion: 0.8.4 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index f7ff3ff23484..37fb0ca79695 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.8.4-dev +version: 0.8.4 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index ae92859730f3..c9c03626ec36 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.4 + +No user-facing changes. + ## 0.7.3 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/released/0.7.4.md b/ruby/ql/lib/change-notes/released/0.7.4.md new file mode 100644 index 000000000000..1b33df9cb1e8 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.7.4.md @@ -0,0 +1,3 @@ +## 0.7.4 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index e50377dfb130..7f512644e8d0 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.7.4-dev +version: 0.7.4 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 9e85e2317d3b..2bc373cd332e 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.4 + +### New Queries + +* Added a new experimental query, `rb/improper-ldap-auth`, to detect cases where user input is used during LDAP authentication without proper validation or sanitization, potentially leading to authentication bypass. + ## 0.7.3 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2023-05-29-improper-ldap-auth-query.md b/ruby/ql/src/change-notes/released/0.7.4.md similarity index 88% rename from ruby/ql/src/change-notes/2023-05-29-improper-ldap-auth-query.md rename to ruby/ql/src/change-notes/released/0.7.4.md index 13c5a89c8083..228683b8a68e 100644 --- a/ruby/ql/src/change-notes/2023-05-29-improper-ldap-auth-query.md +++ b/ruby/ql/src/change-notes/released/0.7.4.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.7.4 + +### New Queries + * Added a new experimental query, `rb/improper-ldap-auth`, to detect cases where user input is used during LDAP authentication without proper validation or sanitization, potentially leading to authentication bypass. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index a4ea9c8de172..e388f34b4ecc 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 441effac8274..92a6a245e19a 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.7.4-dev +version: 0.7.4 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index aab63b11f750..b6f5cd028e26 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.3 + +No user-facing changes. + ## 0.0.2 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.0.3.md b/shared/controlflow/change-notes/released/0.0.3.md new file mode 100644 index 000000000000..af7864fc7d54 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.0.3.md @@ -0,0 +1,3 @@ +## 0.0.3 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 55dc06fbd76a..a24b693d1e7a 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.2 +lastReleaseVersion: 0.0.3 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 90520957d85e..08806425df65 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.0.3-dev +version: 0.0.3 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 1a5f4d386634..7ab03105cb71 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.0.3 + +### New Features + +* The various inline flow test libraries have been consolidated as a shared library part in the dataflow qlpack. + +### Minor Analysis Improvements + +* The shared taint-tracking library is now part of the dataflow qlpack. + ## 0.0.2 ### Major Analysis Improvements diff --git a/shared/dataflow/change-notes/2023-08-04-taint-tracking.md b/shared/dataflow/change-notes/2023-08-04-taint-tracking.md deleted file mode 100644 index 000d7ea265c3..000000000000 --- a/shared/dataflow/change-notes/2023-08-04-taint-tracking.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The shared taint-tracking library is now part of the dataflow qlpack. diff --git a/shared/dataflow/change-notes/2023-08-24-inline-flow-test.md b/shared/dataflow/change-notes/2023-08-24-inline-flow-test.md deleted file mode 100644 index 4f879df3fd3d..000000000000 --- a/shared/dataflow/change-notes/2023-08-24-inline-flow-test.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The various inline flow test libraries have been consolidated as a shared library part in the dataflow qlpack. diff --git a/shared/dataflow/change-notes/released/0.0.3.md b/shared/dataflow/change-notes/released/0.0.3.md new file mode 100644 index 000000000000..4b6ac03adc1c --- /dev/null +++ b/shared/dataflow/change-notes/released/0.0.3.md @@ -0,0 +1,9 @@ +## 0.0.3 + +### New Features + +* The various inline flow test libraries have been consolidated as a shared library part in the dataflow qlpack. + +### Minor Analysis Improvements + +* The shared taint-tracking library is now part of the dataflow qlpack. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 55dc06fbd76a..a24b693d1e7a 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.2 +lastReleaseVersion: 0.0.3 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 62a35f1ccc85..0a15dee3ec69 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.0.3-dev +version: 0.0.3 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 4c7b7dd6878a..2bfa7916b94b 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.1.4.md b/shared/mad/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/mad/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index cf6c9c6ea7d6..711f69baef6d 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 8cd409f97351..bcf4cdb469c1 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.1.4.md b/shared/regex/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/regex/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a30e17c4d967..9ae2aebd903e 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 466f3f453269..175ecab1b6e4 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.1.4.md b/shared/ssa/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/ssa/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 0db56594e866..22ca03d8047a 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 0474ebe68659..01c61a97e760 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.1.4.md b/shared/tutorial/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/tutorial/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 4beadd851228..520077ea1d51 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index ee0d1b59186d..6a11a27cd0c9 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.1.4.md b/shared/typetracking/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/typetracking/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 3505e8f33f1a..e50be8d7635e 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index a8f556aa029d..675cc520f94d 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.1.4.md b/shared/typos/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/typos/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index ec757b0242c4..2c8585faa48c 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index cf58b4ea37c9..b42b17238e52 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/util/change-notes/released/0.1.4.md b/shared/util/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/util/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 24020172913d..75eb3bf288a4 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index e41dc84c7c8f..72ed00d14e3c 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 ### New Features diff --git a/shared/yaml/change-notes/released/0.1.4.md b/shared/yaml/change-notes/released/0.1.4.md new file mode 100644 index 000000000000..a77c429adbac --- /dev/null +++ b/shared/yaml/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index b79d8f9d00a2..e8ee3af8ef9a 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 58627ae3db8b..e68ccfec57d4 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index ad443f621cb3..b59991858c61 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.2.4 + +### Minor Analysis Improvements + +* Flow through optional chaining and forced unwrapping in keypaths is now supported by the data flow library. +* Added flow models of collection `.withContiguous[Mutable]StorageIfAvailable`, `.withUnsafe[Mutable]BufferPointer` and `.withUnsafe[Mutable]Bytes` methods. + ## 0.2.3 ### Major Analysis Improvements diff --git a/swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md b/swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md deleted file mode 100644 index 9e2d3bd0e258..000000000000 --- a/swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Flow through optional chaining and forced unwrapping in keypaths is now supported by the data flow library. diff --git a/swift/ql/lib/change-notes/2023-08-04-closure-models.md b/swift/ql/lib/change-notes/released/0.2.4.md similarity index 50% rename from swift/ql/lib/change-notes/2023-08-04-closure-models.md rename to swift/ql/lib/change-notes/released/0.2.4.md index ba655f59774d..b7e6c5dcc0f7 100644 --- a/swift/ql/lib/change-notes/2023-08-04-closure-models.md +++ b/swift/ql/lib/change-notes/released/0.2.4.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.2.4 +### Minor Analysis Improvements + +* Flow through optional chaining and forced unwrapping in keypaths is now supported by the data flow library. * Added flow models of collection `.withContiguous[Mutable]StorageIfAvailable`, `.withUnsafe[Mutable]BufferPointer` and `.withUnsafe[Mutable]Bytes` methods. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 0b605901b424..7f1e3841dcd6 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.3 +lastReleaseVersion: 0.2.4 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index cd9b209ffae1..b079f1b600d1 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.2.4-dev +version: 0.2.4 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 71fec278599e..7f1e54070bc4 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.4 + +### New Queries + +* Added new query "Incomplete regular expression for hostnames" (`swift/incomplete-hostname-regexp`). This query finds regular expressions matching a URL or hostname that may match more hostnames than expected. + ## 0.2.3 No user-facing changes. diff --git a/swift/ql/src/change-notes/2023-08-23-incomplete-hostname-regex.md b/swift/ql/src/change-notes/released/0.2.4.md similarity index 88% rename from swift/ql/src/change-notes/2023-08-23-incomplete-hostname-regex.md rename to swift/ql/src/change-notes/released/0.2.4.md index d70dfce16f72..12170e4fdf60 100644 --- a/swift/ql/src/change-notes/2023-08-23-incomplete-hostname-regex.md +++ b/swift/ql/src/change-notes/released/0.2.4.md @@ -1,5 +1,5 @@ ---- -category: newQuery ---- +## 0.2.4 + +### New Queries * Added new query "Incomplete regular expression for hostnames" (`swift/incomplete-hostname-regexp`). This query finds regular expressions matching a URL or hostname that may match more hostnames than expected. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 0b605901b424..7f1e3841dcd6 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.3 +lastReleaseVersion: 0.2.4 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 87c3fb14701d..96c455c5ce86 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.2.4-dev +version: 0.2.4 groups: - swift - queries From e08a873829613402ea436eb1e0301b7d7c9089e9 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 8 Sep 2023 10:11:09 +0200 Subject: [PATCH 02/45] JS: Tolerate TypeScript files being requested out of order --- javascript/extractor/lib/typescript/src/main.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/javascript/extractor/lib/typescript/src/main.ts b/javascript/extractor/lib/typescript/src/main.ts index 2594f4e35f5b..e9849f42f5c0 100644 --- a/javascript/extractor/lib/typescript/src/main.ts +++ b/javascript/extractor/lib/typescript/src/main.ts @@ -361,7 +361,10 @@ function handleParseCommand(command: ParseCommand, checkPending = true) { let filename = command.filename; let expectedFilename = state.pendingFiles[state.pendingFileIndex]; if (expectedFilename !== filename && checkPending) { - throw new Error("File requested out of order. Expected '" + expectedFilename + "' but got '" + filename + "'"); + // File was requested out of order. This happens in rare cases because the Java process decided against extracting it, + // for example because it was too large. Just recover and accept that some work was wasted. + state.pendingResponse = null; + state.pendingFileIndex = state.pendingFiles.indexOf(filename); } ++state.pendingFileIndex; let response = state.pendingResponse || extractFile(command.filename); From ea384b340a6f1f67f72066b310141903aa7a4ab0 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 8 Sep 2023 10:15:43 +0200 Subject: [PATCH 03/45] JS: Change note --- .../change-notes/2023-09-08-tolerate-out-of-order-requests.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2023-09-08-tolerate-out-of-order-requests.md diff --git a/javascript/ql/src/change-notes/2023-09-08-tolerate-out-of-order-requests.md b/javascript/ql/src/change-notes/2023-09-08-tolerate-out-of-order-requests.md new file mode 100644 index 000000000000..e6104889ba66 --- /dev/null +++ b/javascript/ql/src/change-notes/2023-09-08-tolerate-out-of-order-requests.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Fixed an extractor crash that could occur in projects containing TypeScript files larger than 10 MB. From e6a6a7931b254093cc17ecb8a85531388f953378 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 6 Sep 2023 16:23:38 +0200 Subject: [PATCH 04/45] Revert "C#: Bump all dependencies" --- .../Semmle.Autobuild.Cpp.Tests.csproj | 6 +++--- .../Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj | 2 +- .../Semmle.Autobuild.CSharp.Tests.csproj | 6 +++--- .../Semmle.Autobuild.CSharp.csproj | 8 ++++---- .../Semmle.Autobuild.Shared.csproj | 2 +- .../Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj | 2 +- .../Semmle.Extraction.CSharp.Standalone.csproj | 4 ++-- .../Semmle.Extraction.CSharp.csproj | 4 ++-- .../Semmle.Extraction.Tests.csproj | 6 +++--- .../extractor/Semmle.Extraction/Semmle.Extraction.csproj | 6 +++--- .../extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj | 6 +++--- csharp/extractor/Semmle.Util/Semmle.Util.csproj | 2 +- .../posix-only/dotnet_test/dotnet_test.csproj | 6 +++--- .../dotnet_test_mstest/dotnet_test_mstest.csproj | 8 ++++---- 14 files changed, 34 insertions(+), 34 deletions(-) diff --git a/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj b/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj index abf4f358a24f..0c9f70c6d6d6 100644 --- a/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj +++ b/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj @@ -11,12 +11,12 @@ - - + + all runtime; build; native; contentfiles; analyzers - + diff --git a/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj b/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj index 5e0d40cdfe22..f8f5c2850748 100644 --- a/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj +++ b/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj @@ -17,7 +17,7 @@ - + diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj index ecc67fa56954..590c03738b00 100644 --- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj +++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj @@ -8,12 +8,12 @@ - - + + all runtime; build; native; contentfiles; analyzers - + diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj b/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj index 6edc9fdcd97d..1083564dd262 100644 --- a/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj +++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj @@ -3,9 +3,9 @@ net7.0 Semmle.Autobuild.CSharp Semmle.Autobuild.CSharp - + Exe - + false win-x64;linux-x64;osx-x64 enable @@ -14,8 +14,8 @@ - - + + diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj b/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj index 83c53552cc0a..7a1f537fe757 100644 --- a/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj +++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj @@ -11,7 +11,7 @@ - + diff --git a/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj b/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj index c37242cd890e..5bf70a9346b1 100644 --- a/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj +++ b/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj @@ -24,7 +24,7 @@ - + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj index 38ba70ce2853..525b1081bff4 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj +++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj @@ -6,7 +6,7 @@ Semmle.Extraction.CSharp.Standalone false false - + win-x64;linux-x64;osx-x64 enable @@ -19,7 +19,7 @@ - + diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj b/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj index 4227a1df7101..a06a1df38f26 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj +++ b/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj @@ -18,7 +18,7 @@ - - + + \ No newline at end of file diff --git a/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj b/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj index 4e04bafc638e..92bf46deb44f 100644 --- a/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj +++ b/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj @@ -8,12 +8,12 @@ - - + + all runtime; build; native; contentfiles; analyzers - + diff --git a/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj b/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj index 1c15b614ce41..433bb15ab1f3 100644 --- a/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj +++ b/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj @@ -12,9 +12,9 @@ TRACE;DEBUG;DEBUG_LABELS - - - + + + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj b/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj index cb362f6df330..384555bf18cf 100644 --- a/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj +++ b/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj @@ -6,12 +6,12 @@ enable - - + + all runtime; build; native; contentfiles; analyzers - + diff --git a/csharp/extractor/Semmle.Util/Semmle.Util.csproj b/csharp/extractor/Semmle.Util/Semmle.Util.csproj index b2f154848860..894488f9f842 100644 --- a/csharp/extractor/Semmle.Util/Semmle.Util.csproj +++ b/csharp/extractor/Semmle.Util/Semmle.Util.csproj @@ -15,7 +15,7 @@ - + diff --git a/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj b/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj index 5ea4974db7ff..968726df7566 100644 --- a/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj +++ b/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj @@ -8,10 +8,10 @@ - + - - + + diff --git a/csharp/ql/integration-tests/posix-only/dotnet_test_mstest/dotnet_test_mstest.csproj b/csharp/ql/integration-tests/posix-only/dotnet_test_mstest/dotnet_test_mstest.csproj index dfa6909c44bc..95c7586e04eb 100644 --- a/csharp/ql/integration-tests/posix-only/dotnet_test_mstest/dotnet_test_mstest.csproj +++ b/csharp/ql/integration-tests/posix-only/dotnet_test_mstest/dotnet_test_mstest.csproj @@ -10,10 +10,10 @@ - - - - + + + + From d5442ec9c5990f307428c2c68c9549d7b7b88204 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 8 Sep 2023 12:58:22 +0100 Subject: [PATCH 05/45] C++: Add regression test. --- .../test/library-tests/dataflow/dataflow-tests/test.cpp | 8 ++++++++ .../dataflow/dataflow-tests/uninitialized.expected | 3 +++ 2 files changed, 11 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index c49d9092cd70..b2e2609829ae 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -788,4 +788,12 @@ void test_sometimes_calls_sink_switch() { sometimes_calls_sink_switch(source(), 1); sometimes_calls_sink_switch(0, 0); sometimes_calls_sink_switch(source(), 0); +} + +void intPointerSource(int *ref_source, const int* another_arg); + +void test() { + MyStruct a; + intPointerSource(a.content, a.content); + indirect_sink(a.content); // $ ast MISSING: ir } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected index dc5ea865b947..722909678573 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected @@ -46,3 +46,6 @@ | test.cpp:595:8:595:9 | xs | test.cpp:597:9:597:10 | xs | | test.cpp:733:7:733:7 | x | test.cpp:734:41:734:41 | x | | test.cpp:733:7:733:7 | x | test.cpp:735:8:735:8 | x | +| test.cpp:796:12:796:12 | a | test.cpp:797:20:797:20 | a | +| test.cpp:796:12:796:12 | a | test.cpp:797:31:797:31 | a | +| test.cpp:796:12:796:12 | a | test.cpp:798:17:798:17 | a | From 0be61be07ab2738d3526129ebeafd5d65fc17e50 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 8 Sep 2023 12:25:00 +0100 Subject: [PATCH 06/45] C++: Handle flow out of post-update nodes when there's another use of the variable in the call that we need to skip. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 79 ++++++++++++++++--- 1 file changed, 69 insertions(+), 10 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 11c77ef9613e..844633ad8d76 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -638,12 +638,24 @@ private predicate adjustForPointerArith(PostUpdateNode pun, UseOrPhi use) { ) } +/** + * Holds if `nodeFrom` flows to `nodeTo` because there is `def-use` or + * `use-use` flow from `defOrUse` to `use`. + * + * `uncertain` is `true` if the `defOrUse` is an uncertain definition. + */ +private predicate localSsaFlow( + SsaDefOrUse defOrUse, Node nodeFrom, UseOrPhi use, Node nodeTo, boolean uncertain +) { + nodeToDefOrUse(nodeFrom, defOrUse, uncertain) and + adjacentDefRead(defOrUse, use) and + useToNode(use, nodeTo) and + nodeFrom != nodeTo +} + private predicate ssaFlowImpl(SsaDefOrUse defOrUse, Node nodeFrom, Node nodeTo, boolean uncertain) { exists(UseOrPhi use | - nodeToDefOrUse(nodeFrom, defOrUse, uncertain) and - adjacentDefRead(defOrUse, use) and - useToNode(use, nodeTo) and - nodeFrom != nodeTo + localSsaFlow(defOrUse, nodeFrom, use, nodeTo, uncertain) or // Initial global variable value to a first use nodeFrom.(InitialGlobalValue).getGlobalDef() = defOrUse and @@ -721,15 +733,62 @@ private predicate isArgumentOfCallable(DataFlowCall call, Node n) { ) } -/** Holds if there is def-use or use-use flow from `pun` to `nodeTo`. */ -predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) { - exists(UseOrPhi use, Node preUpdate | +/** + * Holds if there is use-use flow from `pun`'s pre-update node to `n`. + */ +private predicate postUpdateNodeToFirstUse(PostUpdateNode pun, Node n) { + exists(UseOrPhi use | adjustForPointerArith(pun, use) and - useToNode(use, nodeTo) and + useToNode(use, n) + ) +} + +private predicate stepUntilNotInCall(DataFlowCall call, Node n1, Node n2) { + isArgumentOfCallable(call, n1) and + exists(Node mid | localSsaFlow(_, n1, _, mid, _) | + isArgumentOfCallable(call, mid) and + stepUntilNotInCall(call, mid, n2) + or + not isArgumentOfCallable(call, mid) and + mid = n2 + ) +} + +bindingset[n1, n2] +pragma[inline_late] +private predicate isArgumentOfSameCall(DataFlowCall call, Node n1, Node n2) { + isArgumentOfCallable(call, n1) and isArgumentOfCallable(call, n2) +} + +/** + * Holds if there is def-use or use-use flow from `pun` to `nodeTo`. + * + * Note: This is more complex than it sounds. Consider a call such as: + * ```cpp + * write_first_argument(x, x); + * sink(x); + * ``` + * Assume flow comes out of the first argument to `write_first_argument`. We + * don't want flow to go to the `x` that's also an argument to + * `write_first_argument` (because we just flowed out of that function, and we + * don't want to flow back into it again). + * + * We do, however, want flow from the output argument to `x` on the next line, and + * similarly we want flow from the second argument of `write_first_argument` to `x` + * on the next line. + */ +predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) { + exists(Node preUpdate, Node mid | preUpdate = pun.getPreUpdateNode() and - not exists(DataFlowCall call | - isArgumentOfCallable(call, preUpdate) and isArgumentOfCallable(call, nodeTo) + postUpdateNodeToFirstUse(pun, mid) + | + exists(DataFlowCall call | + isArgumentOfSameCall(call, preUpdate, mid) and + stepUntilNotInCall(call, mid, nodeTo) ) + or + not isArgumentOfSameCall(_, preUpdate, mid) and + nodeTo = mid ) } From 9f89c63771c65b400838b7aac467ec916c9b28d3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 8 Sep 2023 13:03:38 +0100 Subject: [PATCH 07/45] C++: Accept test changes. --- .../DefaultTaintTracking/annotate_sinks_only/tainted.expected | 2 +- cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp | 2 +- cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected | 2 +- cpp/ql/test/library-tests/dataflow/fields/flow.expected | 2 +- .../CWE/CWE-119/semmle/tests/OverflowDestination.expected | 1 + 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected index 4cac88980228..fe5eed1b9161 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected @@ -1,4 +1,4 @@ WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:10,8-47) WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:21,3-28) -failures testFailures +failures diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index b2e2609829ae..c5f7ffcf1603 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -795,5 +795,5 @@ void intPointerSource(int *ref_source, const int* another_arg); void test() { MyStruct a; intPointerSource(a.content, a.content); - indirect_sink(a.content); // $ ast MISSING: ir + indirect_sink(a.content); // $ ast ir } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected index 0260ed62b05d..d4756e8d808d 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected @@ -5,5 +5,5 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (test. WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:40,25-33) WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:42,17-25) WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:46,20-28) -failures testFailures +failures diff --git a/cpp/ql/test/library-tests/dataflow/fields/flow.expected b/cpp/ql/test/library-tests/dataflow/fields/flow.expected index 48de9172b362..8ec8033d086e 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/flow.expected @@ -1,2 +1,2 @@ -failures testFailures +failures diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected index 73f93c6ba9b7..82049fc92295 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected @@ -7,6 +7,7 @@ edges | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:15:53:17 | src indirection | | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:54:9:54:12 | memcpy output argument | | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument | +| overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument | | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:16:64:19 | src2 indirection | | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src indirection | | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src indirection | From d699880c86c3ab0305c0138ad00fc396d4299a91 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 8 Sep 2023 21:17:52 +0000 Subject: [PATCH 08/45] Post-release preparation for codeql-cli-2.14.4 --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 30 files changed, 30 insertions(+), 30 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 6c56393b656c..8f10dc8dd550 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.9.2 +version: 0.9.3-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 0fe920a94393..4fc99dc82b97 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.7.4 +version: 0.7.5-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index c60da3557a03..bde1dbe7b6e7 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.6.4 +version: 1.6.5-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 22e9e2f575b7..4e507d793c22 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.6.4 +version: 1.6.5-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 6bc467079d9f..b8d6a2bf0642 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.4 +version: 0.7.5-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 857555c05d89..eac45f31309c 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.7.4 +version: 0.7.5-dev groups: - csharp - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 6fa1f846bddd..b5baf53f980b 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.4 +version: 0.6.5-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index cd538178553e..391c6d8e5795 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.4 +version: 0.6.5-dev groups: - go - queries diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 514ab9d08961..1fe48a3541ca 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.3 +version: 0.0.4-dev groups: - java - automodel diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index f4c8b2841768..5299bae6938d 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.4 +version: 0.7.5-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 8fadb6cf148e..2e0b9d1a123b 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.7.4 +version: 0.7.5-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index bb8abe793e64..d2dc82f82545 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.7.4 +version: 0.7.5-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 343d34fce46c..64551275ce47 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.7.4 +version: 0.7.5-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 79c9cad4f4e8..3a609657ccc5 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.6.4 +version: 0.6.5-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index bb4f49e84e85..cadfee41a81e 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.10.4 +version: 0.10.5-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 37fb0ca79695..4520fb74ba00 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.8.4 +version: 0.8.5-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 7f512644e8d0..ab634a7ead1d 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.7.4 +version: 0.7.5-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 92a6a245e19a..6b573164016f 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.7.4 +version: 0.7.5-dev groups: - ruby - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 08806425df65..80cbe1fb87b6 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.0.3 +version: 0.0.4-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 0a15dee3ec69..3cc9d6a1469b 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.0.3 +version: 0.0.4-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 711f69baef6d..8d06b6751aa1 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 9ae2aebd903e..e3890ee05893 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 22ca03d8047a..e94527e80a2d 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 520077ea1d51..20655fe37c01 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index e50be8d7635e..b57dbde0ad0a 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 2c8585faa48c..0a3542ac7c80 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 75eb3bf288a4..8c4504f6a806 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index e68ccfec57d4..75b5313d7a8f 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.1.4 +version: 0.1.5-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index b079f1b600d1..e3cc1db02543 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.2.4 +version: 0.2.5-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 96c455c5ce86..30c2bcd23db2 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.2.4 +version: 0.2.5-dev groups: - swift - queries From 6fe9b70c920b6cc331880308c5eaeadcd2a8feca Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 8 Sep 2023 15:09:08 +0200 Subject: [PATCH 09/45] C#: Poor mans quoting of arguments on windows. --- csharp/tools/tracing-config.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/csharp/tools/tracing-config.lua b/csharp/tools/tracing-config.lua index 716a6f42cee6..1b63cb9caebb 100644 --- a/csharp/tools/tracing-config.lua +++ b/csharp/tools/tracing-config.lua @@ -84,6 +84,10 @@ function RegisterExtractorPack(id) dotnetRunNeedsSeparator = false dotnetRunInjectionIndex = i end + -- if we encounter a whitespace, we explicitly need to quote the argument. + if OperatingSystem == 'windows' and arg:match('%s') then + argv[i] = '"' .. arg .. '"' + end end if match then local injections = { '-p:UseSharedCompilation=false', '-p:EmitCompilerGeneratedFiles=true' } From 7bcaa49f5a19bb65874be671d74dcea717a2c569 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 6 Sep 2023 14:16:25 +0200 Subject: [PATCH 10/45] C#: Add integration test with quoted arguments. --- .../ql/integration-tests/all-platforms/dotnet_run/test.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py b/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py index 52a0be310ccf..583d5cc2476d 100644 --- a/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py +++ b/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py @@ -53,3 +53,9 @@ def check_build_out(msg, s): s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test7-db', 'dotnet build', 'dotnet run --no-build hello world'], "test8-db") check_build_out("hello, world", s) check_diagnostics(test_db="test8-db") + + +# two arguments, no '--' (first argument quoted) +s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test8-db', 'dotnet run "hello world part1" part2'], "test9-db") +check_build_out("hello world part1, part2", s) +check_diagnostics(test_db="test9-db") From c6b8c444d08d1c190ef0ab74bd4f146528173058 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Wed, 13 Sep 2023 20:11:21 +0200 Subject: [PATCH 11/45] fix out of bounds string access in isUsingDecl --- javascript/extractor/src/com/semmle/jcorn/Parser.java | 3 ++- .../AST/ExplicitResource/printAst.expected | 11 ++++++++--- .../test/library-tests/AST/ExplicitResource/tst.html | 2 ++ 3 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 javascript/ql/test/library-tests/AST/ExplicitResource/tst.html diff --git a/javascript/extractor/src/com/semmle/jcorn/Parser.java b/javascript/extractor/src/com/semmle/jcorn/Parser.java index b7325021b729..361d5e6f390d 100644 --- a/javascript/extractor/src/com/semmle/jcorn/Parser.java +++ b/javascript/extractor/src/com/semmle/jcorn/Parser.java @@ -2708,7 +2708,8 @@ boolean isUsingDecl() { Matcher m = Whitespace.skipWhiteSpace.matcher(this.input); m.find(this.pos); int next = m.end(); - return !Whitespace.lineBreakG.matcher(inputSubstring(this.pos, next)).matches() + return this.input.length() > next && + !Whitespace.lineBreakG.matcher(inputSubstring(this.pos, next)).matches() && Identifiers.isIdentifierChar(this.input.codePointAt(next), false); } diff --git a/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected b/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected index 48ecc28df265..3514287b1f41 100644 --- a/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected +++ b/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected @@ -4,8 +4,11 @@ nodes | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | | file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) | +| tst.html:1:5:1:9 | [ExprStmt] using | semmle.label | [ExprStmt] using | +| tst.html:1:5:1:9 | [ExprStmt] using | semmle.order | 1 | +| tst.html:1:5:1:9 | [VarRef] using | semmle.label | [VarRef] using | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | semmle.label | [FunctionDeclStmt] functio ... } } | -| tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | semmle.order | 1 | +| tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | semmle.order | 2 | | tst.js:1:10:1:10 | [VarDecl] g | semmle.label | [VarDecl] g | | tst.js:1:14:10:1 | [BlockStmt] { u ... } } | semmle.label | [BlockStmt] { u ... } } | | tst.js:2:5:2:33 | [DeclStmt] using stream = ... | semmle.label | [DeclStmt] using stream = ... | @@ -28,7 +31,7 @@ nodes | tst.js:6:45:9:5 | [BlockStmt] { ... ; } | semmle.label | [BlockStmt] { ... ; } | | tst.js:8:9:8:14 | [BreakStmt] break; | semmle.label | [BreakStmt] break; | | tst.js:12:1:21:1 | [FunctionDeclStmt] async f ... nd"); } | semmle.label | [FunctionDeclStmt] async f ... nd"); } | -| tst.js:12:1:21:1 | [FunctionDeclStmt] async f ... nd"); } | semmle.order | 2 | +| tst.js:12:1:21:1 | [FunctionDeclStmt] async f ... nd"); } | semmle.order | 3 | | tst.js:12:16:12:16 | [VarDecl] h | semmle.label | [VarDecl] h | | tst.js:12:20:21:1 | [BlockStmt] { a ... nd"); } | semmle.label | [BlockStmt] { a ... nd"); } | | tst.js:13:5:13:39 | [DeclStmt] using stream = ... | semmle.label | [DeclStmt] using stream = ... | @@ -51,7 +54,7 @@ nodes | tst.js:20:13:20:15 | [Label] log | semmle.label | [Label] log | | tst.js:20:17:20:21 | [Literal] "end" | semmle.label | [Literal] "end" | | tst.js:23:1:29:1 | [FunctionDeclStmt] functio ... ing); } | semmle.label | [FunctionDeclStmt] functio ... ing); } | -| tst.js:23:1:29:1 | [FunctionDeclStmt] functio ... ing); } | semmle.order | 3 | +| tst.js:23:1:29:1 | [FunctionDeclStmt] functio ... ing); } | semmle.order | 4 | | tst.js:23:10:23:18 | [VarDecl] usesUsing | semmle.label | [VarDecl] usesUsing | | tst.js:23:22:29:1 | [BlockStmt] { u ... ing); } | semmle.label | [BlockStmt] { u ... ing); } | | tst.js:24:5:24:9 | [VarRef] using | semmle.label | [VarRef] using | @@ -77,6 +80,8 @@ edges | file://:0:0:0:0 | (Arguments) | tst.js:28:11:28:15 | [VarRef] using | semmle.order | 0 | | file://:0:0:0:0 | (Parameters) | tst.js:25:20:25:22 | [SimpleParameter] foo | semmle.label | 0 | | file://:0:0:0:0 | (Parameters) | tst.js:25:20:25:22 | [SimpleParameter] foo | semmle.order | 0 | +| tst.html:1:5:1:9 | [ExprStmt] using | tst.html:1:5:1:9 | [VarRef] using | semmle.label | 1 | +| tst.html:1:5:1:9 | [ExprStmt] using | tst.html:1:5:1:9 | [VarRef] using | semmle.order | 1 | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | tst.js:1:10:1:10 | [VarDecl] g | semmle.label | 0 | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | tst.js:1:10:1:10 | [VarDecl] g | semmle.order | 0 | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | tst.js:1:14:10:1 | [BlockStmt] { u ... } } | semmle.label | 5 | diff --git a/javascript/ql/test/library-tests/AST/ExplicitResource/tst.html b/javascript/ql/test/library-tests/AST/ExplicitResource/tst.html new file mode 100644 index 000000000000..cbf383d716bd --- /dev/null +++ b/javascript/ql/test/library-tests/AST/ExplicitResource/tst.html @@ -0,0 +1,2 @@ +<%= using %> + \ No newline at end of file From cc3a76f7f524ca1b64d92dc4620228d53d383f74 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Wed, 13 Sep 2023 20:11:21 +0200 Subject: [PATCH 12/45] fix out of bounds string access in isUsingDecl --- javascript/extractor/src/com/semmle/jcorn/Parser.java | 3 ++- .../AST/ExplicitResource/printAst.expected | 11 ++++++++--- .../test/library-tests/AST/ExplicitResource/tst.html | 2 ++ 3 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 javascript/ql/test/library-tests/AST/ExplicitResource/tst.html diff --git a/javascript/extractor/src/com/semmle/jcorn/Parser.java b/javascript/extractor/src/com/semmle/jcorn/Parser.java index b7325021b729..361d5e6f390d 100644 --- a/javascript/extractor/src/com/semmle/jcorn/Parser.java +++ b/javascript/extractor/src/com/semmle/jcorn/Parser.java @@ -2708,7 +2708,8 @@ boolean isUsingDecl() { Matcher m = Whitespace.skipWhiteSpace.matcher(this.input); m.find(this.pos); int next = m.end(); - return !Whitespace.lineBreakG.matcher(inputSubstring(this.pos, next)).matches() + return this.input.length() > next && + !Whitespace.lineBreakG.matcher(inputSubstring(this.pos, next)).matches() && Identifiers.isIdentifierChar(this.input.codePointAt(next), false); } diff --git a/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected b/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected index 48ecc28df265..3514287b1f41 100644 --- a/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected +++ b/javascript/ql/test/library-tests/AST/ExplicitResource/printAst.expected @@ -4,8 +4,11 @@ nodes | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | | file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) | +| tst.html:1:5:1:9 | [ExprStmt] using | semmle.label | [ExprStmt] using | +| tst.html:1:5:1:9 | [ExprStmt] using | semmle.order | 1 | +| tst.html:1:5:1:9 | [VarRef] using | semmle.label | [VarRef] using | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | semmle.label | [FunctionDeclStmt] functio ... } } | -| tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | semmle.order | 1 | +| tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | semmle.order | 2 | | tst.js:1:10:1:10 | [VarDecl] g | semmle.label | [VarDecl] g | | tst.js:1:14:10:1 | [BlockStmt] { u ... } } | semmle.label | [BlockStmt] { u ... } } | | tst.js:2:5:2:33 | [DeclStmt] using stream = ... | semmle.label | [DeclStmt] using stream = ... | @@ -28,7 +31,7 @@ nodes | tst.js:6:45:9:5 | [BlockStmt] { ... ; } | semmle.label | [BlockStmt] { ... ; } | | tst.js:8:9:8:14 | [BreakStmt] break; | semmle.label | [BreakStmt] break; | | tst.js:12:1:21:1 | [FunctionDeclStmt] async f ... nd"); } | semmle.label | [FunctionDeclStmt] async f ... nd"); } | -| tst.js:12:1:21:1 | [FunctionDeclStmt] async f ... nd"); } | semmle.order | 2 | +| tst.js:12:1:21:1 | [FunctionDeclStmt] async f ... nd"); } | semmle.order | 3 | | tst.js:12:16:12:16 | [VarDecl] h | semmle.label | [VarDecl] h | | tst.js:12:20:21:1 | [BlockStmt] { a ... nd"); } | semmle.label | [BlockStmt] { a ... nd"); } | | tst.js:13:5:13:39 | [DeclStmt] using stream = ... | semmle.label | [DeclStmt] using stream = ... | @@ -51,7 +54,7 @@ nodes | tst.js:20:13:20:15 | [Label] log | semmle.label | [Label] log | | tst.js:20:17:20:21 | [Literal] "end" | semmle.label | [Literal] "end" | | tst.js:23:1:29:1 | [FunctionDeclStmt] functio ... ing); } | semmle.label | [FunctionDeclStmt] functio ... ing); } | -| tst.js:23:1:29:1 | [FunctionDeclStmt] functio ... ing); } | semmle.order | 3 | +| tst.js:23:1:29:1 | [FunctionDeclStmt] functio ... ing); } | semmle.order | 4 | | tst.js:23:10:23:18 | [VarDecl] usesUsing | semmle.label | [VarDecl] usesUsing | | tst.js:23:22:29:1 | [BlockStmt] { u ... ing); } | semmle.label | [BlockStmt] { u ... ing); } | | tst.js:24:5:24:9 | [VarRef] using | semmle.label | [VarRef] using | @@ -77,6 +80,8 @@ edges | file://:0:0:0:0 | (Arguments) | tst.js:28:11:28:15 | [VarRef] using | semmle.order | 0 | | file://:0:0:0:0 | (Parameters) | tst.js:25:20:25:22 | [SimpleParameter] foo | semmle.label | 0 | | file://:0:0:0:0 | (Parameters) | tst.js:25:20:25:22 | [SimpleParameter] foo | semmle.order | 0 | +| tst.html:1:5:1:9 | [ExprStmt] using | tst.html:1:5:1:9 | [VarRef] using | semmle.label | 1 | +| tst.html:1:5:1:9 | [ExprStmt] using | tst.html:1:5:1:9 | [VarRef] using | semmle.order | 1 | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | tst.js:1:10:1:10 | [VarDecl] g | semmle.label | 0 | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | tst.js:1:10:1:10 | [VarDecl] g | semmle.order | 0 | | tst.js:1:1:10:1 | [FunctionDeclStmt] functio ... } } | tst.js:1:14:10:1 | [BlockStmt] { u ... } } | semmle.label | 5 | diff --git a/javascript/ql/test/library-tests/AST/ExplicitResource/tst.html b/javascript/ql/test/library-tests/AST/ExplicitResource/tst.html new file mode 100644 index 000000000000..cbf383d716bd --- /dev/null +++ b/javascript/ql/test/library-tests/AST/ExplicitResource/tst.html @@ -0,0 +1,2 @@ +<%= using %> + \ No newline at end of file From d7278be0642d66ebcca8bba00c476f4f9b78a6dd Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 8 Sep 2023 13:49:40 +0100 Subject: [PATCH 13/45] Go: Update `versionRe` to include patch version This is optional --- go/extractor/cli/go-autobuilder/go-autobuilder.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 0b1011db866f..fc309a3d44ca 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -370,7 +370,7 @@ func getDepMode(emitDiagnostics bool) (DependencyInstallerMode, string) { // Tries to open `go.mod` and read a go directive, returning the version and whether it was found. func tryReadGoDirective(buildInfo BuildInfo) (string, bool) { if buildInfo.DepMode == GoGetWithModules { - versionRe := regexp.MustCompile(`(?m)^go[ \t\r]+([0-9]+\.[0-9]+)$`) + versionRe := regexp.MustCompile(`(?m)^go[ \t\r]+([0-9]+\.[0-9]+(\.[0-9]+)?)$`) goMod, err := os.ReadFile(filepath.Join(buildInfo.BaseDir, "go.mod")) if err != nil { log.Println("Failed to read go.mod to check for missing Go version") From 75955237a933010da478d416a3df1397a7c86e82 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 11 Sep 2023 15:56:14 +0100 Subject: [PATCH 14/45] Make general updates, add framework for new article --- .../codeql-for-visual-studio-code/index.rst | 6 +++- .../using-the-codeql-model-editor.rst | 12 +++++++ ...ith-codeql-packs-in-visual-studio-code.rst | 36 ++++++++++++++----- .../beta-note-package-management.rst | 2 +- 4 files changed, 45 insertions(+), 11 deletions(-) create mode 100644 docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst diff --git a/docs/codeql/codeql-for-visual-studio-code/index.rst b/docs/codeql/codeql-for-visual-studio-code/index.rst index 1b45ef10a3e5..fc615f932f89 100644 --- a/docs/codeql/codeql-for-visual-studio-code/index.rst +++ b/docs/codeql/codeql-for-visual-studio-code/index.rst @@ -37,7 +37,10 @@ The CodeQL extension for Visual Studio Code adds rich language support for CodeQ CodeQL queries using the Visual Studio Code extension. - :doc:`Working with CodeQL packs in Visual Studio Code - `: You can view and edit CodeQL packs in Visual Studio Code. + `: You can view, create, and edit all types of CodeQL pack in Visual Studio Code. + +- :doc:`Using the CodeQL model editor + `: You can view, create, and edit CodeQL model packs using a dedicated editor. - :doc:`Customizing settings `: You can edit the settings for the @@ -67,6 +70,7 @@ The CodeQL extension for Visual Studio Code adds rich language support for CodeQ running-codeql-queries-at-scale-with-mrva testing-codeql-queries-in-visual-studio-code working-with-codeql-packs-in-visual-studio-code + using-the-codeql-model-editor customizing-settings troubleshooting-codeql-for-visual-studio-code troubleshooting-variant-analysis diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst new file mode 100644 index 000000000000..8fb9b6da51ee --- /dev/null +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -0,0 +1,12 @@ +:tocdepth: 1 + +.. _using-the-codeql-model-editor: + +Using the CodeQL model editor +============================= + +.. include:: ../reusables/beta-note-package-management.rst + +You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. + +TODO diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst index dabf59cc5636..c9443d88115d 100644 --- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst @@ -7,11 +7,17 @@ Working with CodeQL packs in Visual Studio Code .. include:: ../reusables/beta-note-package-management.rst -You can view CodeQL packs and write and edit queries for them in Visual Studio Code. +You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. About CodeQL packs ------------------ -CodeQL packs are used to create, share, depend on, and run CodeQL queries and libraries. You can publish your own CodeQL packs and download packs created by others. For more information, see "`About CodeQL packs `__." +You use CodeQL packs to share your expertise in query writing, CodeQL library development, and modeling dependencies with other users. The CodeQL package management system ensures that when you publish a CodeQL pack it is ready to use, without any compilation. Anything the CodeQL pack depends on is explicitly defined within the pack. You can publish your own CodeQL packs and download packs created by others. For more information, see "`About CodeQL packs `__." + +There are three types of CodeQL pack, each with a specific purpose. + +- Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. +- Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. +- Model packs are used to model dependencies that are not supported by the standard CodeQL libraries. When you add a model pack to your analysis, all extensible queries also explore the sources and sinks of the dependencies defined in the pack. Using standard CodeQL packs in Visual Studio Code -------------------------------------------------------------- @@ -19,21 +25,33 @@ To install dependencies for a CodeQL pack in your Visual Studio Code workspace, You can write and run query packs that depend on the CodeQL standard libraries, without needing to check out the standard libraries in your workspace. Instead, you can install only the dependencies required by the query packs you want to use. -Creating and editing CodeQL packs in Visual Studio Code +Working with CodeQL query packs in Visual Studio Code ------------------------------------------------------- -To create a new CodeQL pack, you will need to use the CodeQL CLI from a terminal, which you can do within Visual Studio Code or outside of it with the ``codeql pack init`` command. Once you create an empty pack, you can edit the ``qlpack.yml`` file or run the ``codeql pack add`` command to add dependencies or change the name or version. For more information, see "`Creating and working with CodeQL packs `__." + +One of the main benefits of working with a CodeQL query pack is that all dependecies are resolved, not just those defined within the query and standard libraries. + +Creating and editing CodeQL query packs +--------------------------------------- +To create a new query pack, you will need to use the CodeQL CLI from a terminal, which you can do within Visual Studio Code or outside of it with the ``codeql pack init`` command. Once you create an empty pack, you can edit the ``qlpack.yml`` file or run the ``codeql pack add`` command to add dependencies or change the name or version. For detailed information, see "`Creating and working with CodeQL packs `__." You can create or edit queries in a CodeQL pack in Visual Studio Code as you would with any CodeQL query, using the standard code editing features such as autocomplete suggestions to find elements to use from the pack's dependencies. -You can then use the CodeQL CLI to publish your pack to share with others. For more information, see "`Publishing and using CodeQL packs `__." +You can then use the CodeQL CLI to publish your pack to share with others. For detailed information, see "`Publishing and using CodeQL packs `__." -Viewing CodeQL packs and their dependencies in Visual Studio Code ------------------------------------------------------------------ -To download a CodeQL pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette. -You can download all the core CodeQL query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java or Kotlin, enter ``codeql/java-queries``. +Viewing CodeQL query packs and their dependencies in Visual Studio Code +----------------------------------------------------------------------- +To download a query pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette. +You can download all the core query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java and Kotlin, enter ``codeql/java-queries``. Whether you have downloaded a CodeQL pack or created your own, you can open the ``qlpack.yml`` file in the root of a CodeQL pack directory in Visual Studio Code and view the dependencies section to see what libraries the pack depends on. If you want to understand a query in a CodeQL pack better, you can open the query file and view the code, using the IntelliSense code editing features of Visual Studio Code. For example, if you hover over an element from a library depended on by the pack, Visual Studio Code will resolve it so you can see documentation about the element. To view the full definition of an element of a query, you can right-click and choose **Go to Definition**. If the library pack is present within the same Visual Studio Code workspace, this will take you to the definition within the workspace. Otherwise it will take you to the definition within your package cache, the shared location where downloaded dependencies are stored, which is in your home directory by default. + +Working with CodeQL model packs in Visual Studio Code +------------------------------------------------------- + +The CodeQL extension for Visual Studio Code includes a dedicated editor for creating and editing model packs. + +TODO a little more, but mostly about the general use, because editing will be in a new article. diff --git a/docs/codeql/reusables/beta-note-package-management.rst b/docs/codeql/reusables/beta-note-package-management.rst index 7697c9a47d9c..51e1fd225e4c 100644 --- a/docs/codeql/reusables/beta-note-package-management.rst +++ b/docs/codeql/reusables/beta-note-package-management.rst @@ -2,4 +2,4 @@ Note - The CodeQL package management functionality, including CodeQL packs, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. + The CodeQL package management functionality, including all types of CodeQL pack, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. From 4779c23da1ac937dcbf2a93f34238d015c743c3e Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Tue, 12 Sep 2023 18:56:58 +0100 Subject: [PATCH 15/45] Draft content for VS Code extension --- .../using-the-codeql-model-editor.rst | 59 ++++++++++++++++++- ...ith-codeql-packs-in-visual-studio-code.rst | 22 +++---- .../codeql-overview/codeql-glossary.rst | 13 ++++ .../beta-note-model-pack-editor-vsc.rst | 5 ++ .../reusables/beta-note-model-packs-java.rst | 5 ++ 5 files changed, 92 insertions(+), 12 deletions(-) create mode 100644 docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst create mode 100644 docs/codeql/reusables/beta-note-model-packs-java.rst diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index 8fb9b6da51ee..6541fe13811f 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -5,8 +5,63 @@ Using the CodeQL model editor ============================= -.. include:: ../reusables/beta-note-package-management.rst +.. include:: ../reusables/beta-note-model-pack-editor-vsc.rst You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. -TODO +TODO - EDIT THIS CONTENT! + +About the CodeQL model editor +----------------------------- + +The CodeQL model editor is a new feature in CodeQL for VS Code to support GitHub staff creating CodeQL models for libraries and frameworks written in Java and C#. + +The editor takes a CodeQL database and runs some telemetry queries to identify uses of APIs that can be used to reason about the dataflow through the codebase. There are two modes of operation: + +- Application mode: the editor identifies the external APIs used by the codebase. An external (or third party) API is any API that is not part of the CodeQL database you are analyzing. This mode is most useful for improving CodeQL results for the specific codebase. +- Framework mode: the editor identifies the publicly accessible APIs in the codebase. This mode is most useful for improving the CodeQL results for any codebases that use those APIs. + +Setting up the CodeQL model editor +---------------------------------- + +To set up the CodeQL model editor, you need to be using CodeQL for VS Code 1.8.7 or later with the following settings: + +.. code-block:: json + + "codeQL.canary": true, CHECK THIS + "codeQL.model.editor": true, + +Open the user settings editor (JSON) using the command palette (Ctrl/Cmd+Shift+P) and using the command “Preferences: Open User Settings (JSON)”, add these two settings to the file. + +If you want to test the CodeQL model packs you generate in VS Code then this setting is also required: + ``"codeQL.runningQueries.useExtensionPacks": true`` CHECK THIS + +WHAT DOES ``"codeQL.model.llmGeneration": true,`` do? + +Using the CodeQL model editor +----------------------------- + +The easiest way to explain this is by using an example, so we'll run through an example. This is the same example as used in the demo. + +#. Open your CodeQL workspace in VS Code, e.g., the vscode-codeql-starter workspace +#. Open the CodeQL extension and add the CodeQL database for dsp-testing/sql2o-example from GitHub +#. Use the command palette to run the “CodeQL: Open Model Editor (Beta)” command +#. The CodeQL model editor will open and run some telemetry queries to identify APIs in the code +#. When the queries are complete, the APIs that have been identified are shown in the editor: + - By default the editor runs in application mode, so displays the external APIs used by the codebase. + - If you switch to framework mode, the editor will display the publicly accessible APIs in the codebase. +#. You can now start modeling the external API calls manually by selecting a model type and entering the correct values in each field, as defined in the Java models-as-data documentation +#. You can generate the CodeQL automatically: + - If you are working in application mode click on “Model from source” and enter the name of the repo that contains the source code for the package you want to model. For example, in this case you can enter dsp-testing/sql2o-import to download the relevant CodeQL database and model any APIs from that repo + - If you are working in framework mode click on “Generate” to generate any models directly from the source code of the framework you are modeling. +#. Once any modeling is complete, click “Save” or “Save all”. You can now see that the calls are shown as supported. The generated models files are saved in your workspace at .github/codeql/extensions/, where the pack name is the same as the repo. + - If you are in application mode, the editor will create a separate model file for each package that you model. + - If you are in framework mode, the edit will generate a single model file for the entire framework. +#. If you have set up VS Code to use data extensions (using the “codeQL.runningQueries.useExtensionPacks” setting), then you can also run a query and see that the unsafe calls are now detected. + +Known limitations +----------------- + +Only Java is supported +It's not possible to place the extension pack in a different directory than the root of a workspace folder + diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst index c9443d88115d..100fcc30ad2e 100644 --- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst @@ -17,29 +17,29 @@ There are three types of CodeQL pack, each with a specific purpose. - Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. - Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. -- Model packs are used to model dependencies that are not supported by the standard CodeQL libraries. When you add a model pack to your analysis, all extensible queries also explore the sources and sinks of the dependencies defined in the pack. +- Model packs are used to model dependencies that are not supported by the standard CodeQL libraries. When you add a model pack to your analysis, all extensible queries also analyze the sources and sinks of the dependencies defined in the pack. -Using standard CodeQL packs in Visual Studio Code --------------------------------------------------------------- +Using the CodeQL packs shipped with the CLI in Visual Studio Code +----------------------------------------------------------------- To install dependencies for a CodeQL pack in your Visual Studio Code workspace, run the **CodeQL: Install Pack Dependencies** command from the Command Palette and select the packs you want to install dependencies for. You can write and run query packs that depend on the CodeQL standard libraries, without needing to check out the standard libraries in your workspace. Instead, you can install only the dependencies required by the query packs you want to use. -Working with CodeQL query packs in Visual Studio Code -------------------------------------------------------- +Working with CodeQL query packs +------------------------------- One of the main benefits of working with a CodeQL query pack is that all dependecies are resolved, not just those defined within the query and standard libraries. Creating and editing CodeQL query packs ---------------------------------------- +''''''''''''''''''''''''''''''''''''''' To create a new query pack, you will need to use the CodeQL CLI from a terminal, which you can do within Visual Studio Code or outside of it with the ``codeql pack init`` command. Once you create an empty pack, you can edit the ``qlpack.yml`` file or run the ``codeql pack add`` command to add dependencies or change the name or version. For detailed information, see "`Creating and working with CodeQL packs `__." You can create or edit queries in a CodeQL pack in Visual Studio Code as you would with any CodeQL query, using the standard code editing features such as autocomplete suggestions to find elements to use from the pack's dependencies. You can then use the CodeQL CLI to publish your pack to share with others. For detailed information, see "`Publishing and using CodeQL packs `__." -Viewing CodeQL query packs and their dependencies in Visual Studio Code ------------------------------------------------------------------------ +Viewing CodeQL query packs and their dependencies +''''''''''''''''''''''''''''''''''''''''''''''''' To download a query pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette. You can download all the core query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java and Kotlin, enter ``codeql/java-queries``. @@ -49,9 +49,11 @@ If you want to understand a query in a CodeQL pack better, you can open the quer To view the full definition of an element of a query, you can right-click and choose **Go to Definition**. If the library pack is present within the same Visual Studio Code workspace, this will take you to the definition within the workspace. Otherwise it will take you to the definition within your package cache, the shared location where downloaded dependencies are stored, which is in your home directory by default. -Working with CodeQL model packs in Visual Studio Code -------------------------------------------------------- +Working with CodeQL model packs +------------------------------- The CodeQL extension for Visual Studio Code includes a dedicated editor for creating and editing model packs. TODO a little more, but mostly about the general use, because editing will be in a new article. + +For headings use '''''''' in this section diff --git a/docs/codeql/codeql-overview/codeql-glossary.rst b/docs/codeql/codeql-overview/codeql-glossary.rst index 458651e36936..bd5dc29e9398 100644 --- a/docs/codeql/codeql-overview/codeql-glossary.rst +++ b/docs/codeql/codeql-overview/codeql-glossary.rst @@ -34,6 +34,19 @@ A database (or CodeQL database) is a directory containing: - log files generated during database creation, query execution, and other operations. +.. _codeql-packs: + +CodeQL packs +------------ + +CodeQL packs are used to create, share, depend on, and run CodeQL queries, libraries, and models. You can publish your own CodeQL packs and download packs created by others. CodeQL query packs may contain queries, library files, query suites, and metadata. CodeQL library packs include one or more CodeQL libraries. CodeQL model packs include one or more data extension files that extend the core libraries by modeling additional libraries and frameworks (dependencies of your code base). + +.. _data-extensions:: + +Data extensions +--------------- +When you want to model the sources and sinks of a custom dependency, you can create a CodeQL library (``.qll`` file) and write queries that use it, but it's usually much simpler to create a data extension file. If you model the sources and sinks in data extension, you can use this information to expand the standard queries to cover your custom dependencies. You don't need to write any new queries. + .. _dil: DIL diff --git a/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst b/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst new file mode 100644 index 000000000000..af4b53c7d235 --- /dev/null +++ b/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst @@ -0,0 +1,5 @@ +.. pull-quote:: + + Note + + The CodeQL model editor and CodeQL model packs are currently in beta and subject to change. During the beta, model packs are supported only by Java/Kotlin analysis. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. diff --git a/docs/codeql/reusables/beta-note-model-packs-java.rst b/docs/codeql/reusables/beta-note-model-packs-java.rst new file mode 100644 index 000000000000..049621a57f79 --- /dev/null +++ b/docs/codeql/reusables/beta-note-model-packs-java.rst @@ -0,0 +1,5 @@ +.. pull-quote:: + + Note + + CodeQL model packs are currently in beta and subject to change. During the beta, model packs are supported only by Java/Kotlin analysis. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. From 8218397a830e84ce1063e7e99bddb91975ef1a2f Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Tue, 12 Sep 2023 19:09:19 +0100 Subject: [PATCH 16/45] Rename private beta article --- ...r-java.rst => using-data-extensions-to-model-dependencies.rst} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/codeql/codeql-language-guides/{customizing-library-models-for-java.rst => using-data-extensions-to-model-dependencies.rst} (100%) diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst b/docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst similarity index 100% rename from docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst rename to docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst From 73ecb119d605273799337908af8268f39a529cbc Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Tue, 12 Sep 2023 19:10:45 +0100 Subject: [PATCH 17/45] Update name of renamed article and add to index --- docs/codeql/codeql-language-guides/codeql-for-java.rst | 3 +++ .../using-data-extensions-to-model-dependencies.rst | 9 +++------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-for-java.rst b/docs/codeql/codeql-language-guides/codeql-for-java.rst index dc486b828a9d..a6bea0f4afed 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-java.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-java.rst @@ -18,6 +18,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat basic-query-for-java-code codeql-library-for-java analyzing-data-flow-in-java + using-data-extensions-to-model-dependencies types-in-java overflow-prone-comparisons-in-java navigating-the-call-graph @@ -32,6 +33,8 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Analyzing data flow in Java `: You can use CodeQL to track the flow of data through a Java program to its use. +- :doc:`Using data extensions to model your Java/Kotlin dependencies`: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. + - :doc:`Java types `: You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues. - :doc:`Overflow-prone comparisons in Java `: You can use CodeQL to check for comparisons in Java code where one side of the comparison is prone to overflow. diff --git a/docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst b/docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst index 707ae531fc1f..dd4177744aea 100644 --- a/docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst +++ b/docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst @@ -1,10 +1,7 @@ -.. _customizing-library-models-for-java: +.. _using-data-extensions-to-model-dependencies: -:orphan: -:nosearch: - -Customizing Library Models for Java -=================================== +Using data extensions to model your Java/Kotlin dependencies +============================================================ .. include:: ../reusables/beta-note-customizing-library-models.rst From fde045902aa48165a397956351f5f4e3cf092bcf Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Tue, 12 Sep 2023 19:37:19 +0100 Subject: [PATCH 18/45] Rename again --- ...dencies.rst => data-extensions-to-model-java-dependencies.rst} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/codeql/codeql-language-guides/{using-data-extensions-to-model-dependencies.rst => data-extensions-to-model-java-dependencies.rst} (100%) diff --git a/docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst similarity index 100% rename from docs/codeql/codeql-language-guides/using-data-extensions-to-model-dependencies.rst rename to docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst From 67ff5ae10e7a00a3111e450afbd643105c81f1a8 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 13 Sep 2023 12:15:16 +0100 Subject: [PATCH 19/45] Add changes from Michael --- .../data-extensions-to-model-java-dependencies.rst | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index dd4177744aea..607aa1e532c6 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -63,7 +63,7 @@ We need to add a tuple to the **sinkModel**\(package, type, subtypes, name, sign pack: codeql/java-all extensible: sinkModel data: - - ["java.sql", "Statement", True, "execute", "(String)", "", "Argument[0]", "sql", "manual"] + - ["java.sql", "Statement", True, "execute", "(String)", "", "Argument[0]", "sql-injection", "manual"] Since we are adding a new sink, we need to add a tuple to the **sinkModel** extensible predicate. @@ -79,7 +79,7 @@ The sixth value should be left empty and is out of scope for this documentation. The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the sink. - The seventh value **Argument[0]** is the **access path** to the first argument passed to the method, which means that this is the location of the sink. -- The eighth value **sql** is the kind of the sink. The sink kind is used to define the queries where the sink is in scope. In this case - the SQL injection queries. +- The eighth value **sql-injection** is the kind of the sink. The sink kind is used to define the queries where the sink is in scope. In this case - the SQL injection queries. - The ninth value **manual** is the provenance of the sink, which is used to identify the origin of the sink. Example: Taint source from the **java.net** package @@ -303,7 +303,6 @@ Taint source. Most taint tracking queries will use all sources added to this ext - **output**: Access path to the source, where the possibly tainted data flows from. - **kind**: Kind of the source. -- **provenance**: Provenance (origin) of the source definition. As most sources are used by all taint tracking queries there are only a few different source kinds. The following source kinds are supported: @@ -359,7 +358,6 @@ Flow through (summary). This extensible predicate is used to model flow through - **input**: Access path to the input of the element (where data will flow from to the output). - **output**: Access path to the output of the element (where data will flow to from the input). - **kind**: Kind of the flow through. -- **provenance**: Provenance (origin) of the flow through. The following kinds are supported: @@ -374,7 +372,6 @@ It only has minor impact on the data flow analysis. Manual neutrals are considered high confidence dispatch call targets and can reduce the number of dispatch call targets during data flow analysis (a performance optimization). - **kind**: Kind of the neutral. For neutrals the kind can be **summary**, **source**, or **sink** to indicate that the callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink). -- **provenance**: Provenance (origin) of the flow through. .. _access-paths: From 075cbfd7d28b207b5021713a6d6ca63aa6700e04 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 13 Sep 2023 16:33:26 +0100 Subject: [PATCH 20/45] Split information extensions and predicates into 2 articles --- .../codeql-for-java.rst | 6 +- .../codeql-for-javascript.rst | 4 +- ...-extensions-to-model-java-dependencies.rst | 400 ++++++------------ .../extensible-predicates.rst | 182 ++++++++ 4 files changed, 318 insertions(+), 274 deletions(-) create mode 100644 docs/codeql/codeql-language-guides/extensible-predicates.rst diff --git a/docs/codeql/codeql-language-guides/codeql-for-java.rst b/docs/codeql/codeql-language-guides/codeql-for-java.rst index a6bea0f4afed..37f257bcde14 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-java.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-java.rst @@ -18,7 +18,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat basic-query-for-java-code codeql-library-for-java analyzing-data-flow-in-java - using-data-extensions-to-model-dependencies types-in-java overflow-prone-comparisons-in-java navigating-the-call-graph @@ -26,6 +25,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat javadoc working-with-source-locations abstract-syntax-tree-classes-for-working-with-java-programs + using-data-extensions-to-model-java-dependencies - :doc:`Basic query for Java code `: Learn to write and run a simple CodeQL query. @@ -33,8 +33,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Analyzing data flow in Java `: You can use CodeQL to track the flow of data through a Java program to its use. -- :doc:`Using data extensions to model your Java/Kotlin dependencies`: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. - - :doc:`Java types `: You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues. - :doc:`Overflow-prone comparisons in Java `: You can use CodeQL to check for comparisons in Java code where one side of the comparison is prone to overflow. @@ -48,3 +46,5 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Working with source locations `: You can use the location of entities within Java code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem. - :doc:`Abstract syntax tree classes for working with Java programs `: CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs. + +- :doc:`Data extensions to model your Java/Kotlin dependencies`: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/codeql-language-guides/codeql-for-javascript.rst b/docs/codeql/codeql-language-guides/codeql-for-javascript.rst index be3950c53ecd..3385d5d7ae33 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-javascript.rst @@ -1,7 +1,7 @@ .. _codeql-for-javascript: -CodeQL for JavaScript -===================== +CodeQL for JavaScript and TypeScript +==================================== Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript codebases. diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index 607aa1e532c6..95d54e306753 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -1,18 +1,33 @@ -.. _using-data-extensions-to-model-dependencies: +.. _data-extensions-to-model-dependencies: -Using data extensions to model your Java/Kotlin dependencies -============================================================ +Data extensions to model your Java/Kotlin dependencies +====================================================== -.. include:: ../reusables/beta-note-customizing-library-models.rst +You can use data extensions to model the methods and callables that control data flow in any framework or library. This is especially useful for custom frameworks or niche libraries, that are not supported by the standard CodeQL libraries. -The Java analysis can be customized by adding library models (summaries, sinks and sources) in data extension files. -A model is a definition of a behavior of a library element, such as a method, that is used to improve the data flow analysis precision by identifying more results. -Most of the security related queries are taint tracking queries that try to find paths from a source of untrusted input to a sink that represents a vulnerability. Sources are the starting points of a taint tracking data flow analysis, and sinks are the end points of a taint tracking data flow analysis. +.. include:: ../reusables/kotlin-beta-note.rst -Furthermore, the taint tracking queries also need to know how data can flow through elements that are not included in the source code. These are named summaries: they are models of elements that allow us to synthesize the elements flow behavior without having them in the source code. This is especially helpful when using a third party (or the standard) library. +.. include:: ../reusables/beta-note-model-packs-java.rst -The models are defined using data extensions where each tuple constitutes a model. -A data extension file for Java is a YAML file in the form: +About this article +------------------ + +This article explains how data extensions interact with standard queries and the syntax used to define extensions. If you want to create your own data extensions, you should use the CodeQL model editor in the CodeQL extension for Visual Studio Code. For more information, see ":ref:`Using the CodeQL model editor `." + +About data extensions +--------------------- + +You can customize analysis by defining models (summaries, sinks, and sources) of your code's dependencies in data extension files. Each model defines the behavior of one or more elements of your library or framework, such as a methods and callables. When you run data flow analysis, these models expand the potential sources and sinks tracked by data flow analysis and improve the precision of results. + +Most of the security queries search for paths from a source of untrusted input to a sink that represents a vulnerability, this is known as taint tracking. Each source is a starting point for data flow analysis to track tainted data and each sink is an end point. + +Taint tracking queries also need to know how data can flow through elements that are not included in the source code. These are modeled as summaries. A summary model enables queries to synthesize the flow behavior through elements in dependency code that is not stored in your repository. + +Syntax used to define an element in an extension file +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Each model of an element is defined using a data extension where each tuple constitutes a model. +A data extension file to extend the standard Java queries included with CodeQL is a YAML file with the form: .. code-block:: yaml @@ -25,27 +40,42 @@ A data extension file for Java is a YAML file in the form: - - ... -Data extensions contribute to the extensible predicates defined in the CodeQL library. For more information on how to define data extensions and extensible predicates as well as how to wire them up, see the :ref:`data-extensions` documentation. +Each YAML file may contain one or more top-level extensions. + +- ``addsTo`` defines the CodeQL pack name and extensible predicate that the extension is injected into. +- ``data`` defines one or more rows of tuples that are injected as values into the extensible predicate. The number of columns and their types must match the definition of the extensible predicate. + +Data extensions use union semantics, which means that the tuples of all extensions for a single extensible predicate are combined, duplicates are removed, and all of the remaining tuples are queryable by referencing the extensible predicate. + +Publish data extension files in a CodeQL model pack to share +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can group one or more data extention files into a CodeQL model pack and publish it to the GitHub Container Registry. This makes it easy for anyone to download the model pack and use it to extend their analysis. For more information, see "`Creating a CodeQL model pack `__ and `Publishing and using CodeQL packs Date: Wed, 13 Sep 2023 16:35:03 +0100 Subject: [PATCH 21/45] Add bare content from Google doc --- .../using-the-codeql-model-editor.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index 6541fe13811f..be12e6631a27 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -11,6 +11,8 @@ You can view, write, and edit all types of CodeQL packs in Visual Studio Code us TODO - EDIT THIS CONTENT! +Explain how to find the data extension files that you've created and test them. Also how to save to the right location in a GitHub repository for default and advanced setup to use. + About the CodeQL model editor ----------------------------- @@ -65,3 +67,14 @@ Known limitations Only Java is supported It's not possible to place the extension pack in a different directory than the root of a workspace folder +How to use data extensions in CodeQL for VS Code +When a query is run in CodeQL for VS Code, by default, the IDE will load data extensions for the given pack and its transitive dependencies as defined in the How to use Data Extensions in the CodeQL CLI section. + +To include extension packs in a VS Code workspace, there is a new setting called codeQL.runningQueries.useExtensionPacks. By default, this value is "none", which means that extension packs are not loaded for query evaluations. The other option is "all", which means that before running a query, the IDE will locate all extension packs in the workspace and load them during evaluation. + +In the future, we may define other options to selectively load a subset of extension packs. + +To use this option, simply set codeQL.runningQueries.useExtensionPacks to "all" and run queries as before. This option applies both to locally run queries and to variant analysis queries run remotely. + +For more information on the engineering and product decisions around extension packs in the VS Code extension, see Customization support in the CodeQL VS Code extension. + From 8c8bbde1f71a4bc7c7febfcde696a008039ba3b6 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 13 Sep 2023 16:40:39 +0100 Subject: [PATCH 22/45] Fix a few more typos --- .../working-with-codeql-packs-in-visual-studio-code.rst | 8 ++++---- docs/codeql/codeql-language-guides/codeql-for-java.rst | 4 ++-- docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst index 100fcc30ad2e..c4e9d112b63e 100644 --- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst @@ -16,8 +16,8 @@ You use CodeQL packs to share your expertise in query writing, CodeQL library de There are three types of CodeQL pack, each with a specific purpose. - Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. -- Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. - Model packs are used to model dependencies that are not supported by the standard CodeQL libraries. When you add a model pack to your analysis, all extensible queries also analyze the sources and sinks of the dependencies defined in the pack. +- Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. Using the CodeQL packs shipped with the CLI in Visual Studio Code ----------------------------------------------------------------- @@ -31,7 +31,7 @@ Working with CodeQL query packs One of the main benefits of working with a CodeQL query pack is that all dependecies are resolved, not just those defined within the query and standard libraries. Creating and editing CodeQL query packs -''''''''''''''''''''''''''''''''''''''' +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To create a new query pack, you will need to use the CodeQL CLI from a terminal, which you can do within Visual Studio Code or outside of it with the ``codeql pack init`` command. Once you create an empty pack, you can edit the ``qlpack.yml`` file or run the ``codeql pack add`` command to add dependencies or change the name or version. For detailed information, see "`Creating and working with CodeQL packs `__." You can create or edit queries in a CodeQL pack in Visual Studio Code as you would with any CodeQL query, using the standard code editing features such as autocomplete suggestions to find elements to use from the pack's dependencies. @@ -39,7 +39,7 @@ You can create or edit queries in a CodeQL pack in Visual Studio Code as you wou You can then use the CodeQL CLI to publish your pack to share with others. For detailed information, see "`Publishing and using CodeQL packs `__." Viewing CodeQL query packs and their dependencies -''''''''''''''''''''''''''''''''''''''''''''''''' +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To download a query pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette. You can download all the core query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java and Kotlin, enter ``codeql/java-queries``. @@ -56,4 +56,4 @@ The CodeQL extension for Visual Studio Code includes a dedicated editor for crea TODO a little more, but mostly about the general use, because editing will be in a new article. -For headings use '''''''' in this section +For headings use ~~~~~~~~ in this section diff --git a/docs/codeql/codeql-language-guides/codeql-for-java.rst b/docs/codeql/codeql-language-guides/codeql-for-java.rst index 37f257bcde14..cfdd01515cec 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-java.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-java.rst @@ -25,7 +25,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat javadoc working-with-source-locations abstract-syntax-tree-classes-for-working-with-java-programs - using-data-extensions-to-model-java-dependencies + data-extensions-to-model-java-dependencies - :doc:`Basic query for Java code `: Learn to write and run a simple CodeQL query. @@ -47,4 +47,4 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Abstract syntax tree classes for working with Java programs `: CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs. -- :doc:`Data extensions to model your Java/Kotlin dependencies`: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. +- :doc:`Data extensions to model your Java/Kotlin dependencies `: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst b/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst index af4b53c7d235..161a837d71ae 100644 --- a/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst +++ b/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst @@ -2,4 +2,4 @@ Note - The CodeQL model editor and CodeQL model packs are currently in beta and subject to change. During the beta, model packs are supported only by Java/Kotlin analysis. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. + The CodeQL model editor and CodeQL model packs are currently in beta and subject to change. During the beta, model packs are supported only by Java/Kotlin analysis. To use this beta functionality, install the latest version of the CodeQL extension for Visual Studio Code. From 7be0b2e9eb7a73fbee6b51efb4018d7ec5750cc0 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 13 Sep 2023 17:13:35 +0100 Subject: [PATCH 23/45] Fix Sphinx bugs --- .../using-the-codeql-model-editor.rst | 6 ++++-- .../data-extensions-to-model-java-dependencies.rst | 6 +++--- .../codeql-language-guides/extensible-predicates.rst | 11 ++++++----- docs/codeql/codeql-overview/codeql-glossary.rst | 2 +- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index be12e6631a27..2472fa326577 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -30,8 +30,10 @@ To set up the CodeQL model editor, you need to be using CodeQL for VS Code 1.8.7 .. code-block:: json - "codeQL.canary": true, CHECK THIS - "codeQL.model.editor": true, + "codeQL.canary": true, + "codeQL.model.editor": true, + +CHECK THIS ^^^ Open the user settings editor (JSON) using the command palette (Ctrl/Cmd+Shift+P) and using the command “Preferences: Open User Settings (JSON)”, add these two settings to the file. diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index 95d54e306753..848097a5fa90 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -50,7 +50,7 @@ Data extensions use union semantics, which means that the tuples of all extensio Publish data extension files in a CodeQL model pack to share ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can group one or more data extention files into a CodeQL model pack and publish it to the GitHub Container Registry. This makes it easy for anyone to download the model pack and use it to extend their analysis. For more information, see "`Creating a CodeQL model pack `__ and `Publishing and using CodeQL packs `__ and `Publishing and using CodeQL packs `__ in the CodeQL CLI documentation. Extensible predicates in the CodeQL library for Java/Kotlin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -62,14 +62,14 @@ The CodeQL library for Java and Kotlin analysis exposes the following extensible - ``summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to summarize how data values from a source flow outside the repository in a dependency of the main code base. - ``neutralModel(package, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the data flow analysis. -The extensible predicates are populated using data extensions specified in YAML files. For more information about extensible predicates, see ":ref:`extensible-predicates`." +The extensible predicates are populated using data extensions specified in YAML files. For more information about extensible predicates, see ":doc:`extensible-predicates`." Examples of data extension definitions -------------------------------------- The examples in this section are taken from the standard CodeQL Java query pack published by GitHub. They demonstrate how to add tuples to extend extensible predicates that are used by the standard queries. -For details of the *mini DSLs* that define models for each extensible predicate, see ":ref:`extensible-predicate-reference`." +For details of the *mini DSLs* that define models for each extensible predicate, see ":doc:`extensible-predicates`." Example: Taint sink in the ``java.sql`` package ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/codeql/codeql-language-guides/extensible-predicates.rst b/docs/codeql/codeql-language-guides/extensible-predicates.rst index 9b31f226c7f5..af734343198c 100644 --- a/docs/codeql/codeql-language-guides/extensible-predicates.rst +++ b/docs/codeql/codeql-language-guides/extensible-predicates.rst @@ -25,11 +25,12 @@ At a high level, there are two main components to using data extensions. The que This example of an extensible predicate for a source is taken from the core Java libraries https://github.com/github/codeql/blob/main/java/ql/lib/semmle/code/java/dataflow/ExternalFlowExtensions.qll#L8-L11 .. code-block:: ql -extensible predicate sourceModel( - string package, string type, boolean subtypes, string name, - string signature, string ext, string output, string kind, - string provenance -); + + extensible predicate sourceModel( + string package, string type, boolean subtypes, string name, + string signature, string ext, string output, string kind, + string provenance + ); An extensible predicate is a CodeQL predicate with the following restrictions: diff --git a/docs/codeql/codeql-overview/codeql-glossary.rst b/docs/codeql/codeql-overview/codeql-glossary.rst index bd5dc29e9398..f86b5346e2c2 100644 --- a/docs/codeql/codeql-overview/codeql-glossary.rst +++ b/docs/codeql/codeql-overview/codeql-glossary.rst @@ -41,7 +41,7 @@ CodeQL packs CodeQL packs are used to create, share, depend on, and run CodeQL queries, libraries, and models. You can publish your own CodeQL packs and download packs created by others. CodeQL query packs may contain queries, library files, query suites, and metadata. CodeQL library packs include one or more CodeQL libraries. CodeQL model packs include one or more data extension files that extend the core libraries by modeling additional libraries and frameworks (dependencies of your code base). -.. _data-extensions:: +.. _data-extensions: Data extensions --------------- From 34e5c5c1f7c7253fb385a336bc3aff0530ee5f64 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Thu, 14 Sep 2023 11:41:40 +0100 Subject: [PATCH 24/45] Start edits on using extension --- .../using-the-codeql-model-editor.rst | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index 2472fa326577..ea304a34ea9f 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -16,7 +16,7 @@ Explain how to find the data extension files that you've created and test them. About the CodeQL model editor ----------------------------- -The CodeQL model editor is a new feature in CodeQL for VS Code to support GitHub staff creating CodeQL models for libraries and frameworks written in Java and C#. +The CodeQL model editor guides you through the process of creating CodeQL models for libraries and frameworks that you rely on that are not supported by the standard CodeQL Libraries. The editor takes a CodeQL database and runs some telemetry queries to identify uses of APIs that can be used to reason about the dataflow through the codebase. There are two modes of operation: @@ -26,21 +26,22 @@ The editor takes a CodeQL database and runs some telemetry queries to identify u Setting up the CodeQL model editor ---------------------------------- -To set up the CodeQL model editor, you need to be using CodeQL for VS Code 1.8.7 or later with the following settings: +To set up the CodeQL model editor, you need to be using CodeQL for VS Code 1.8.12 or later with the following settings: .. code-block:: json - "codeQL.canary": true, +{ + "codeQL.canary": true, "codeQL.model.editor": true, + "codeQL.runningQueries.useModelPacks": true, +} -CHECK THIS ^^^ +CHECK THIS ^^^ - is canary still needed? Open the user settings editor (JSON) using the command palette (Ctrl/Cmd+Shift+P) and using the command “Preferences: Open User Settings (JSON)”, add these two settings to the file. If you want to test the CodeQL model packs you generate in VS Code then this setting is also required: - ``"codeQL.runningQueries.useExtensionPacks": true`` CHECK THIS - -WHAT DOES ``"codeQL.model.llmGeneration": true,`` do? + ``"codeQL.runningQueries.useExtensionPacks": true`` CHECK THIS - should it be ``"codeQL.runningQueries.useModelPacks": true`` Using the CodeQL model editor ----------------------------- From b42ab24bc82eda7c8a9d136bf002fcbc865fd404 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Thu, 14 Sep 2023 13:00:28 +0100 Subject: [PATCH 25/45] Try to fix sphinx errors --- .../using-the-codeql-model-editor.rst | 27 +++++-------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index ea304a34ea9f..2eaf370eea8f 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -13,6 +13,10 @@ TODO - EDIT THIS CONTENT! Explain how to find the data extension files that you've created and test them. Also how to save to the right location in a GitHub repository for default and advanced setup to use. +Copy file into GitHub folder + +For testing: "codeQL.runningQueries.useModelPacks": true, - does it work for MRVA + About the CodeQL model editor ----------------------------- @@ -23,26 +27,6 @@ The editor takes a CodeQL database and runs some telemetry queries to identify u - Application mode: the editor identifies the external APIs used by the codebase. An external (or third party) API is any API that is not part of the CodeQL database you are analyzing. This mode is most useful for improving CodeQL results for the specific codebase. - Framework mode: the editor identifies the publicly accessible APIs in the codebase. This mode is most useful for improving the CodeQL results for any codebases that use those APIs. -Setting up the CodeQL model editor ----------------------------------- - -To set up the CodeQL model editor, you need to be using CodeQL for VS Code 1.8.12 or later with the following settings: - -.. code-block:: json - -{ - "codeQL.canary": true, - "codeQL.model.editor": true, - "codeQL.runningQueries.useModelPacks": true, -} - -CHECK THIS ^^^ - is canary still needed? - -Open the user settings editor (JSON) using the command palette (Ctrl/Cmd+Shift+P) and using the command “Preferences: Open User Settings (JSON)”, add these two settings to the file. - -If you want to test the CodeQL model packs you generate in VS Code then this setting is also required: - ``"codeQL.runningQueries.useExtensionPacks": true`` CHECK THIS - should it be ``"codeQL.runningQueries.useModelPacks": true`` - Using the CodeQL model editor ----------------------------- @@ -55,13 +39,16 @@ The easiest way to explain this is by using an example, so we'll run through an #. When the queries are complete, the APIs that have been identified are shown in the editor: - By default the editor runs in application mode, so displays the external APIs used by the codebase. - If you switch to framework mode, the editor will display the publicly accessible APIs in the codebase. + #. You can now start modeling the external API calls manually by selecting a model type and entering the correct values in each field, as defined in the Java models-as-data documentation #. You can generate the CodeQL automatically: - If you are working in application mode click on “Model from source” and enter the name of the repo that contains the source code for the package you want to model. For example, in this case you can enter dsp-testing/sql2o-import to download the relevant CodeQL database and model any APIs from that repo - If you are working in framework mode click on “Generate” to generate any models directly from the source code of the framework you are modeling. + #. Once any modeling is complete, click “Save” or “Save all”. You can now see that the calls are shown as supported. The generated models files are saved in your workspace at .github/codeql/extensions/, where the pack name is the same as the repo. - If you are in application mode, the editor will create a separate model file for each package that you model. - If you are in framework mode, the edit will generate a single model file for the entire framework. + #. If you have set up VS Code to use data extensions (using the “codeQL.runningQueries.useExtensionPacks” setting), then you can also run a query and see that the unsafe calls are now detected. Known limitations From 488b824ca6283a5d4bf9564dc6f29f79a480203c Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Thu, 14 Sep 2023 21:11:16 +0100 Subject: [PATCH 26/45] Add first draft of CodeQL model editor --- ...etting-up-codeql-in-visual-studio-code.rst | 2 + .../using-the-codeql-model-editor.rst | 127 ++++++++++++------ 2 files changed, 90 insertions(+), 39 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst index 6ed374381d8d..ac67d31afde0 100644 --- a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst @@ -74,6 +74,8 @@ To use the starter workspace: #. In VS Code, use the **File** > **Open Workspace** option to open the ``vscode-codeql-starter.code-workspace`` file from your checkout of the workspace repository. +Remember to update the ``ql`` submodule in the starter workspace periodically to ensure that it remains compatible with newer versions of the VS Code extension and the CodeQL CLI. + .. _existing-workspace: Updating an existing workspace for CodeQL diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index 2eaf370eea8f..88279cef6dfc 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -7,64 +7,113 @@ Using the CodeQL model editor .. include:: ../reusables/beta-note-model-pack-editor-vsc.rst -You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. +You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. The model editor is designed to help you model external dependencies of your codebase that are not supported by the standard CodeQL Libraries. -TODO - EDIT THIS CONTENT! +About the CodeQL model editor +----------------------------- -Explain how to find the data extension files that you've created and test them. Also how to save to the right location in a GitHub repository for default and advanced setup to use. +The CodeQL model editor guides you through modeling the calls to external dependencies in your application or fully modeling all the public entry and exit points in an external dependency -Copy file into GitHub folder +When you open the model editor, it analyzes the currently selected CodeQL database and identifies where the application uses external APIs. An external (or third party) API is any API that is not part of the CodeQL database you have selected. -For testing: "codeQL.runningQueries.useModelPacks": true, - does it work for MRVA +The model editor has two different modes: -About the CodeQL model editor ------------------------------ +- Application mode (default view): The editor lists each the external framework used by the seelcted CodeQL database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the CodeQL results for the specific codebase. -The CodeQL model editor guides you through the process of creating CodeQL models for libraries and frameworks that you rely on that are not supported by the standard CodeQL Libraries. +- Dependency mode: The editor identifies the all publicly accessible APIs in the selected CodeQL database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the CodeQL analysis for all codebases that use the dependency. -The editor takes a CodeQL database and runs some telemetry queries to identify uses of APIs that can be used to reason about the dataflow through the codebase. There are two modes of operation: +Displaying the CodeQL model editor +---------------------------------- -- Application mode: the editor identifies the external APIs used by the codebase. An external (or third party) API is any API that is not part of the CodeQL database you are analyzing. This mode is most useful for improving CodeQL results for the specific codebase. -- Framework mode: the editor identifies the publicly accessible APIs in the codebase. This mode is most useful for improving the CodeQL results for any codebases that use those APIs. +#. Open your CodeQL workspace in VS Code, for example, the vscode-codeql-starter workspace. + If you haven't updated the `ql` submodule for a while, update it from `main` to ensure that you have the queries used to gather data for the model editor. +#. Open the CodeQL extension and select the CodeQL database that you want to model from the Databases section of the left side pane. +#. Use the command palette to run the “CodeQL: Open Model Editor (Beta)” command. +#. The CodeQL model editor will open in a new tab and run a series of telemetry queries to identify APIs in the code. +#. When the queries are complete, the APIs that have been identified are shown in the editor. -Using the CodeQL model editor ------------------------------ +Modeling the calls to external APIs from your codebase +------------------------------------------------------ -The easiest way to explain this is by using an example, so we'll run through an example. This is the same example as used in the demo. +You typically use this method when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL and they also are not used by other teams in your organization. -#. Open your CodeQL workspace in VS Code, e.g., the vscode-codeql-starter workspace -#. Open the CodeQL extension and add the CodeQL database for dsp-testing/sql2o-example from GitHub -#. Use the command palette to run the “CodeQL: Open Model Editor (Beta)” command -#. The CodeQL model editor will open and run some telemetry queries to identify APIs in the code -#. When the queries are complete, the APIs that have been identified are shown in the editor: - - By default the editor runs in application mode, so displays the external APIs used by the codebase. - - If you switch to framework mode, the editor will display the publicly accessible APIs in the codebase. +#. Select the CodeQL database that you want to improve CodeQL coverage for. +#. Display the CodeQL model editor, by default the editor runs in application mode, so displays the list of external APIs used by the selected codebase. + INSERT SCREENSHOT? -#. You can now start modeling the external API calls manually by selecting a model type and entering the correct values in each field, as defined in the Java models-as-data documentation -#. You can generate the CodeQL automatically: - - If you are working in application mode click on “Model from source” and enter the name of the repo that contains the source code for the package you want to model. For example, in this case you can enter dsp-testing/sql2o-import to download the relevant CodeQL database and model any APIs from that repo - - If you are working in framework mode click on “Generate” to generate any models directly from the source code of the framework you are modeling. +#. Click to expand an external API and view the list of calls from the codebase to the external dependency. +#. Click **View** associated with an API call or method to show where it is used in your codebase. +#. When you have determined how to model the call or method, define the **Model type**. +#. The remaining fields are updated with available options: + - **Source**: choose the **Output** element to model. + - **Sink**: choose the **Input** element to model. + - **Flow summary**: choose the **Input** and **Output** elements to model. -#. Once any modeling is complete, click “Save” or “Save all”. You can now see that the calls are shown as supported. The generated models files are saved in your workspace at .github/codeql/extensions/, where the pack name is the same as the repo. - - If you are in application mode, the editor will create a separate model file for each package that you model. - - If you are in framework mode, the edit will generate a single model file for the entire framework. +#. Define the **Kind** of data flow for the model. +#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. -#. If you have set up VS Code to use data extensions (using the “codeQL.runningQueries.useExtensionPacks” setting), then you can also run a query and see that the unsafe calls are now detected. +The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. + +The models are stored in a series of YAML data extension files, one for each external API. For example: + +- ``.github/codeql/extensions/sofa-jraft-java`` - model pack + - ``models`` + - ``jmh-core.model.yml`` - model of calls to the ``jmh-core@1.20`` dependency. + - ``rocksdbjni.model.yml`` - model of calls to the ``rocksdbjni@7.7.3`` dependency. + +Modeling the public API of a codebase +------------------------------------- + +You typically use this method when you want to model a framework or library that your organization uses in more than one codebase. Once you have finished creating and testing the model, you can publish the CodeQL model pack for your whole organization to use. -Known limitations ------------------ +#. Select the CodeQL database that you want to model. +#. Display the CodeQL model editor, by default the editor runs in application mode. Click **Model as dependency** to display dependency mode. The screen changes to show the public API of the framework or library. + INSERT SCREENSHOT? -Only Java is supported -It's not possible to place the extension pack in a different directory than the root of a workspace folder +#. Click to expand a public method and view the list of available methods. +#. Click **View** associated with a method to show its definition. +#. When you have determined how to model the method, define the **Model type**. +#. The remaining fields are updated with available options: + - **Source**: choose the **Output** element to model. + - **Sink**: choose the **Input** element to model. + - **Flow summary**: choose the **Input** and **Output** elements to model. -How to use data extensions in CodeQL for VS Code -When a query is run in CodeQL for VS Code, by default, the IDE will load data extensions for the given pack and its transitive dependencies as defined in the How to use Data Extensions in the CodeQL CLI section. +#. Define the **Kind** of data flow for the model. +#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. + +The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. + +The models are stored in a series of YAML data extension files, one for each public method. For example: + +- ``.github/codeql/extensions/sofa-jraft-java`` - model pack + - ``models`` + - ``com.alipay.sofa.jraft.option.model.yml`` - model of public methods in this Java package. + - ``com.alipay.sofa.jraft.rhea.options.model.yml`` - model of public methods in this Java package. + +The editor will create a separate model file for each package that you model. + +Testing CodeQL model packs +-------------------------- + +You can test any CodeQL model packs you create in VS Code by toggling the "use model packs" setting on and off. This method works for both databases and for variant analysis repositories. + +- To run queries on a CodeQL database with any model packs that are stored within the ``.github/codeql/extensions`` directory of the workspace, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": all,``. +- To run queries on a CodeQL database without using model packs, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": none,``. + +If your model is working well, you should see a difference in the results of the two different runs. If you don't see any differences results, you may want to introduce a known bug to verify that the model behaves as expected. + +#. If you have set up VS Code to use data extensions (using the “codeQL.runningQueries.useExtensionPacks” setting), then you can also run a query and see that the unsafe calls are now detected. -To include extension packs in a VS Code workspace, there is a new setting called codeQL.runningQueries.useExtensionPacks. By default, this value is "none", which means that extension packs are not loaded for query evaluations. The other option is "all", which means that before running a query, the IDE will locate all extension packs in the workspace and load them during evaluation. +Using CodeQL model packs with code scanning +------------------------------------------- -In the future, we may define other options to selectively load a subset of extension packs. +There are two methods for using CodeQL model packs with code scanning: -To use this option, simply set codeQL.runningQueries.useExtensionPacks to "all" and run queries as before. This option applies both to locally run queries and to variant analysis queries run remotely. +#. Copy the model pack directory into the ``.github/codeql/extensions`` directory of the repository. It will automatically be used by all future code scanning analysis for the repository (default setup or advanced setup). +#. Publish the model pack to the GitHub Container Registry as a CodeQL model pack. This can be downloaded and used by advanced setup for code scanning or by the CodeQL CLI running in an external CI system. -For more information on the engineering and product decisions around extension packs in the VS Code extension, see Customization support in the CodeQL VS Code extension. +For more information, see the following articles on the GitHub Docs site: +- Default setup of code scanning: `Extending CodeQL coverage with CodeQL model packs in default setup `__ +- Advanced setup of code scanning: `Extending CodeQL coverage with CodeQL model packs `__ +- CodeQL CLI setup in external CI system: `Using model packs to analyze calls to custom dependencies `__ From 93eff2a66a27d4c52790bfccec5aa34e7ce24e8f Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Thu, 14 Sep 2023 21:49:03 +0100 Subject: [PATCH 27/45] A few more updates --- .../using-the-codeql-model-editor.rst | 50 ++++++++++++------ ...ith-codeql-packs-in-visual-studio-code.rst | 6 +-- ...-extensions-to-model-java-dependencies.rst | 6 ++- .../extensible-predicates.rst | 2 +- .../model-application-mode-expanded.png | Bin 0 -> 152735 bytes .../model-application-mode.png | Bin 0 -> 101623 bytes .../model-dependency-mode-expanded.png | Bin 0 -> 75219 bytes .../model-dependency-mode.png | Bin 0 -> 90190 bytes 8 files changed, 40 insertions(+), 24 deletions(-) create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/model-application-mode-expanded.png create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/model-application-mode.png create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode.png diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index 88279cef6dfc..fae3cd4dfade 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -14,11 +14,11 @@ About the CodeQL model editor The CodeQL model editor guides you through modeling the calls to external dependencies in your application or fully modeling all the public entry and exit points in an external dependency -When you open the model editor, it analyzes the currently selected CodeQL database and identifies where the application uses external APIs. An external (or third party) API is any API that is not part of the CodeQL database you have selected. +When you open the model editor, it analyzes the currently selected CodeQL database and identifies where the application uses external APIs and all public methods. An external (or third party) API is any API that is not part of the CodeQL database you have selected. The model editor has two different modes: -- Application mode (default view): The editor lists each the external framework used by the seelcted CodeQL database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the CodeQL results for the specific codebase. +- Application mode (default view): The editor lists each external framework used by the seelcted CodeQL database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the CodeQL results for the specific codebase. - Dependency mode: The editor identifies the all publicly accessible APIs in the selected CodeQL database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the CodeQL analysis for all codebases that use the dependency. @@ -26,25 +26,34 @@ Displaying the CodeQL model editor ---------------------------------- #. Open your CodeQL workspace in VS Code, for example, the vscode-codeql-starter workspace. - If you haven't updated the `ql` submodule for a while, update it from `main` to ensure that you have the queries used to gather data for the model editor. -#. Open the CodeQL extension and select the CodeQL database that you want to model from the Databases section of the left side pane. + If you haven't updated the ``ql`` submodule for a while, update it from ``main`` to ensure that you have the queries used to gather data for the model editor. +#. Open the CodeQL extension and select the CodeQL database that you want to model from the "Databases" section of the left side pane. #. Use the command palette to run the “CodeQL: Open Model Editor (Beta)” command. #. The CodeQL model editor will open in a new tab and run a series of telemetry queries to identify APIs in the code. #. When the queries are complete, the APIs that have been identified are shown in the editor. -Modeling the calls to external APIs from your codebase ------------------------------------------------------- +Modeling the calls your codebase makes to external APIs +------------------------------------------------------- -You typically use this method when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL and they also are not used by other teams in your organization. +You typically use this method when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL but they are not used by other teams in your organization. #. Select the CodeQL database that you want to improve CodeQL coverage for. -#. Display the CodeQL model editor, by default the editor runs in application mode, so displays the list of external APIs used by the selected codebase. - INSERT SCREENSHOT? +#. Display the CodeQL model editor, by default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown. + + .. image:: ../images/codeql-for-visual-studio-code/model-application-mode.png + :width: 800 + :alt: Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing three of the external frameworks used by the "sofa-jraft" codebase. #. Click to expand an external API and view the list of calls from the codebase to the external dependency. #. Click **View** associated with an API call or method to show where it is used in your codebase. + + .. image:: ../images/codeql-for-visual-studio-code/model-application-mode-expanded.png + :width: 800 + :alt: Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing the calls to the "rocksdbjni" framework ready for modeling. The "View" option for the first call is highlighted with a dark orange outline. + #. When you have determined how to model the call or method, define the **Model type**. #. The remaining fields are updated with available options: + - **Source**: choose the **Output** element to model. - **Sink**: choose the **Input** element to model. - **Flow summary**: choose the **Input** and **Output** elements to model. @@ -64,16 +73,25 @@ The models are stored in a series of YAML data extension files, one for each ext Modeling the public API of a codebase ------------------------------------- -You typically use this method when you want to model a framework or library that your organization uses in more than one codebase. Once you have finished creating and testing the model, you can publish the CodeQL model pack for your whole organization to use. +You typically use this method when you want to model a framework or library that your organization uses in more than one codebase. Once you have finished creating and testing the model, you can publish the CodeQL model pack to the GitHub Container Registry for your whole organization to use. #. Select the CodeQL database that you want to model. #. Display the CodeQL model editor, by default the editor runs in application mode. Click **Model as dependency** to display dependency mode. The screen changes to show the public API of the framework or library. - INSERT SCREENSHOT? -#. Click to expand a public method and view the list of available methods. + .. image:: ../images/codeql-for-visual-studio-code/model-dependency-mode.png + :width: 800 + :alt: Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing three of the packages published by the "sofa-jraft" codebase. + +#. Click to expand a package and view the list of available methods. #. Click **View** associated with a method to show its definition. + + .. image:: ../images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png + :width: 800 + :alt: Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing the public methods available in the "com.alipay.soft.jraft.option" package ready for modeling. The "View" option for the first method is highlighted with a dark orange outline. + #. When you have determined how to model the method, define the **Model type**. #. The remaining fields are updated with available options: + - **Source**: choose the **Output** element to model. - **Sink**: choose the **Input** element to model. - **Flow summary**: choose the **Input** and **Output** elements to model. @@ -97,12 +115,10 @@ Testing CodeQL model packs You can test any CodeQL model packs you create in VS Code by toggling the "use model packs" setting on and off. This method works for both databases and for variant analysis repositories. -- To run queries on a CodeQL database with any model packs that are stored within the ``.github/codeql/extensions`` directory of the workspace, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": all,``. -- To run queries on a CodeQL database without using model packs, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": none,``. - -If your model is working well, you should see a difference in the results of the two different runs. If you don't see any differences results, you may want to introduce a known bug to verify that the model behaves as expected. +- To run queries on a CodeQL database with any model packs that are stored within the ``.github/codeql/extensions`` directory of the workspace, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": all,`` +- To run queries on a CodeQL database without using model packs, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": none,`` -#. If you have set up VS Code to use data extensions (using the “codeQL.runningQueries.useExtensionPacks” setting), then you can also run a query and see that the unsafe calls are now detected. +If your model is working well, you should see a difference in the results of the two different runs. If you don't see any differences in results, you may need to introduce a known bug to verify that the model behaves as expected. Using CodeQL model packs with code scanning ------------------------------------------- diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst index c4e9d112b63e..74a5992a09c1 100644 --- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst @@ -52,8 +52,4 @@ To view the full definition of an element of a query, you can right-click and ch Working with CodeQL model packs ------------------------------- -The CodeQL extension for Visual Studio Code includes a dedicated editor for creating and editing model packs. - -TODO a little more, but mostly about the general use, because editing will be in a new article. - -For headings use ~~~~~~~~ in this section +The CodeQL extension for Visual Studio Code includes a dedicated editor for creating and editing model packs. For information on using the model editor, see ":ref:`Using the CodeQL model editor `." diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index 848097a5fa90..a3cf59ef026b 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -12,7 +12,11 @@ You can use data extensions to model the methods and callables that control data About this article ------------------ -This article explains how data extensions interact with standard queries and the syntax used to define extensions. If you want to create your own data extensions, you should use the CodeQL model editor in the CodeQL extension for Visual Studio Code. For more information, see ":ref:`Using the CodeQL model editor `." +This article contains reference material about how data extensions interact with standard queries and the syntax used to define extensions. + +If you want to create your own data extensions, you should use the CodeQL model editor in the CodeQL extension for Visual Studio Code. The model editor automatically guides you through the process of defining models, displaying the properties you need to define and the options available. You can save the resulting models as data extensions and use them without worrying about the syntax. + +For more information, see ":ref:`Using the CodeQL model editor `." About data extensions --------------------- diff --git a/docs/codeql/codeql-language-guides/extensible-predicates.rst b/docs/codeql/codeql-language-guides/extensible-predicates.rst index af734343198c..3f3e28cff579 100644 --- a/docs/codeql/codeql-language-guides/extensible-predicates.rst +++ b/docs/codeql/codeql-language-guides/extensible-predicates.rst @@ -13,7 +13,7 @@ You can use data extensions to model the methods and callables that control data About this article ------------------ -This reference article describes of each inputs to the extensible predicates, including access paths, kinds, and provenance. +This reference article describes the available inputs for the extensible predicates, including access paths, kinds, and provenance. Sources, sinks, summaries, and neutrals are commonly known as models. These models support several shared arguments and a few model-specific arguments. The arguments populate a series of columns for each extensible predicate. diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode-expanded.png b/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode-expanded.png new file mode 100644 index 0000000000000000000000000000000000000000..b319918e891bfe70b5e5d91ecd4b0f1bbdb0c045 GIT binary patch literal 152735 zcmeFZcQjn@+CPjCqt7T&f?*IPIzbqt%;?bx(Mtr0UZRcOMvoFLdM84N5Tf_sOOzmp z&S=4?BTC-Md7kI}y?>nVdCvL!{moi?&0e$iz3kTQ|t;o(uJ zsUr07@BjsPcmy!OZQL)Rzn4Am@bIl1;cy)_IGjz#!}Xb?lN}x&PqOo?HjN$~+CJ@% zdeurqeM;kklt3l4P9T2IB7L)!AhNXEK;i6j7p}-y%D3G@OiFa-9qBq-MiZOMJfaJ z*;_i+H~+)Vp$Iy@=k?qOQd$A2xlp;j!H?l^=g~*M^)};o;BTE&lCe^D&oDqVxSNmR+6XXtjBF4+hdf5O<+M7ms2uLHCqy-su6k zxvM7?LoIbq%i<2BPI3t4U#GXJc>8IVtKz=2T%}eI95KDn?OJIR{pw*gFQgIT3aD6| zKQsN__*O;!_?DYvAOW?~Q}(0hE)KXQcd|29d#0(0$A>!y;1S|8;Su4^@NowW|L*^L zu8hxvck3U&6X4-RJK_=k_cdC$??0bcxZ}^5|N15_-cBbhj@7Mcxng*17G~TT#^MB{qND|Q^EE`)QP#RgLwg*qi_T%Ky(@)d@&- zssaDj{r`JZ0)R)}F=A}wKN*9Y1M@nE2B&s7Uzs7&?@2olr^N!NW z(-hMbl;Bw}bOy??Pjxs2RQ~;2#Pj15#21`0q){M3x?jmC!x*Qy>X`ri=Mg?4WDPtS zUrknFWgJXoBGX~G3&4-P_wQRKPGNVz$b%WPz8)$$Gw8*7Y64YD9Ujqx`2Xl0A|&Jx zQgvJWA>2kwh-~{!{U;WskF5cmK*U4dRjl@Jn$tg`@#qmj_}3uuI|bx6%mpzqOU3E` zzFyMgcmCI$G~izR$I_iJdQT%x_aYzAPDF`N}@gJ-P zZVt--f6gJ?rt9*5mMT<)O*r6eZ*?)?K;YS5*@jR|FO97m;l2ka$v>q0>UhkOzxA-Y z4|)8TWXk7yr+=+#w-Huzsh-tpPo#qWkC72JAq3_x`0u_W)mA3MGVBwx4^3zYy#v^h z*M@%n7g88n2@e@9)Er^=&HgG@`#(^iSSw_ZTUnOTd(XBWUL!VRn))y0*y@T#Cq(q7 zHd%$|zhzKfv2*JMNj$Ic?r9zY{dfJezaJl}rXY_$RPrf4FXF$Zx7q;;|N1i3Je^ZH z6Y$*Jb?ouKFkSZq@rih7&gcBr|9$PYG6QD91QWZ%8GHzDaK@Tm@`soHynEZ8ozVR| zCJu#--fQkFXu02hn3;~7kKPWRW3oPVM??3U(tn>db=jYGsp&g>K<>JHvNm;>+5cqg-V0J`c(>bt zmoGLdRV;Nnr5_i3wFb^jX>4@vxIXKTdA{I+qfSu=QTmGhHwJvOj<(Pf=98#TWYEW zk_3_qZgAejPp8wS0mH9Kq&L#^NpGf2UE5a4EU}7=EL`6gvU6nvUcP8wVuUsLe;fb@ zx6YKj-bUR_)S3tU{MaWk?<9usrQSH~Lg5j)4;yv-`eve>yjb}^D)!ICRX+)j#RMlv zXq(NEEW46ZKF|Jg^6x({7d%z!b7!Gdu2^uF^BW=I_=_-_NY!lPyT-O;r zDto@5uME3bK*Q+Y4u5rz7k1)=WTVp`isEHEHo7TP&01p;qMRm*L!)BDTn&` zzYOgBBV_(8)~mw!pp#-S-O}~GPn@RYj|R~tHzR7h4WEun^NYHR5qsE&)|cU{$|u>M z_gmgtWpWP%t&mw7KO7nV12BXM_2kZ~?PcG}`>{y8n66&smb*~HTrT}?&&1taql?D7 z(#5x2h1IV_Y9)e(bcYkJ({@rSlu&fQ|k{pn~v2?-_HWt6wu6f~>yFp+h~HuI(4G z9XF@7rGSlI8f|`#Oa!g(+=v{ui|X;_u+aqm1av;y-rOLFXknHM^5i zW>2T};xAVhnF0C^Y@hRRxS8=Eqk@x%I)Rpc&-}}UxqqlIyq6pIWKVgaYDD;kM33@e zZC+Ynw@!S!UrB*`w$91gjkv8?jlEyvaQFG<^+9m3`|s;>Bf1%rXsdAc=X$2L2@i%= zLMOa)H!s*^)?dNrqzp<`*pZW(k{_Mt?DGSMcm$pA%kV?7%i%=HmU;nQWEML0#?LED zNu!Q023269>p3{vQy)sAgDUgrBBH0Iw?w-8Gi*Q!63^Su+xo)D1f`yu3f%|hxyb_a z*Q10(t)u_g=;^ZE+KzTCZhe24?At{RN^1zUd1a*~IYqgvM=Pu{nFpSJ>$_Y$Zy$0O zw7z(=bXAs#vmsg>F`X6R#a-sZ_d(B;okVVp;~!;_mJ z^%b4{!b`>a*RbV{-U80>ZGfvZiy&;%s=4!RIaIN_7PC?%^lv5u@&T;j()5t11sr%F z0@0_Nzx=-HHx^(q0EeUif;Fr21G}9uee?&8K1&y)K0_6t2Q|P4NoU} zb1&Uy(mHx{&A){1{rB;ut^UL*c2hJ(3ALYAW0efWJ*D%hyI6zCZt_1)o4h?sYd?MG zO6SG%S3)83v9Wa|(tE}ZNv_KpM2Wn0&EVIgtx&!)?(%tnSj=;C+0 zrc`$S)7nttGWG_iiSJvU_L#`&4M3~Iv*fe3bTm}lk>T;P!gJov1cglW(N*-Wof)Cl zyeOSyCar*+R-F4VYH2aH&-EU{%ul=_B;LaefGv?fUs&F^lyGL;j2%J8v_(Bi}X7Rjt(l!^l;z+vWL-kI9Abi`V~?73{q9rX(L$QxVHPXwB(cv zDsjfle!ATM+=O7SOMH<>Dh|vq8CS>hNNty-4yn@mU9&NfoW9!P1rT&wT+Yp;pT;=Q zrbV)QD3o-HoZIXj9}Nq+YW&&|3T{5?c`Gn3e5Ycmay7%>V@g-$RN%4AUX>7K3?wg3^5`}JiuuC*3zf_th5x58H`9#pFcn0>><(Zt(YLhn zFY{ue#E{&y;38bH9}C|0jCD%lgA7v>|&mkfz`M87Fvx5>fUaxjT2Qf$AJAbAH7 z30SND*?K(60!~5bbYT*NLseV3}3fc0$1Lv~)e(ly;vh8m@mCC)4*{%K%`v>01 z^JdL|oUt% z>HBrX6{!=mrZlT(w|D&GAjoI?m3?N`l%i&K&G4}OUDD2z$bh}NfyStzm0OWVLe1+b z4VlwW0#J>q;3I`z#oUcqP%+|S$~{8iNBq%I9qGfwWFQ?-gfogEW=-*xVX1K9Pj7vQ zH}FYB2kzf}7G=~`^ngE=0BGcc0fnfj2zLSCfKEQp)ve=)`v8mVTV#xXPg}f5Jk8jh z?h9*_EHH-|=Z7~$$7o@k)|e}_T!(y#fj!b79|sFIo=qIDF!sn^<1nj}od%IKB6Wqi zVz>@WT~t8XHKBahd8)~`;-i>-89)9$Sy1nIK!~c+quqG08M$_EVBWMg!lHEmn5jp# z8_#3e+Vd&NHy_>q(qInt-gnd%Y83Ol@3=^PFg+ubA^x0;Kqqgqxi0rI9vr}aI5gQS zDkm6oPZ=8JO`XN$iPOPbes z&I>qfAT-otkGhr=49_eTc0Mq%*7 zSDR{R84{NXuM4QqkV}*;br%&#BYQ3h7e<72xI{S+j%%`FN=)0Ie0cUcSslVMZjEXQ z1N{}Y;c_|F$GuK*%Gaav^L-EHyWL*z1Er8|H`z*Ed&T8fHLlW0JOCy4=L(OKUFKvTu;fEX#M&D^wrG$K7f&XIvSLB=M6=YD`Tw`u)5!}s4c z=y8J2Xz}qj>g3MGpf-50>dKi59eZR5jW>W>HknTq{;5|>`6<~ETdzWVlt)g71;iXk z6h{>}WbBk!P&+fI$V?>%9UN@Ly@i_=1PN#vcsS7>Nl4kJrP|Net>O&h}k zUin|*@I*5$8xWs6*vMPpsXR$VQ`3)^rcan=KF}on!N9H4e&+BrMaC=4Epid1*QJ+3 zO`c$P*H`x*ES6qfpOni9M24QAD#Uh#4%Ff=>BrTBmOKJgdjdYB;zdfo#No6wI}ABV zoM*yDi=#hlt7n+Ixqp#B+qR}FUx&8;#dO8}fz!XUh5$l`@={F(ONH0t7b&RSHk39* zE_XtC!Xc@A(oM41TozL9rLp@G7eefSaKaTe1C4s$`CYYkkFV#;$E~8c^wEti0hVp! zXU1=!inoUi6)B>o<(WP9o6(K_7Aj8=4DxnaRDqy*+t_1VbPoDSYx(x&ssVdP_w^#eSXZNcG#p6=oGoO!0Y|zE zuu;m9VIAbLN!}D*oVU0dE(%eL2r1Z!)bzR&wYEKQGzcbUc9Xv^<9&}lpH209@b7Dl z0crLH<541I+E-C-0pH$QeB(=9acp6?AhfT}ozWD?*LD8^U_?Au0AA|6zV?nej3S4bmrI)TIM zqbCNfA*!JO661KWFVHLDoH>yb;Mj1Lrx48bVB2tWkIqahC=#3 zFpj`Ryy!aAN5uhcIgIfzj63G;Tj>_%2c~#cCI!I z0!r@%Zo$EPN<6qAatKK4Ra8=JX82jE`*nk6u2!m7p3`%$>3+GXcVb*DnU0r}f6|-= zpiDOc+9@CMnPh2^w_4Sc(yUl1#NuI;q?fwHS7)i`K;7j|?p9gZ{bG9Ao~-pzkBNM* z3AIw;&|BB9d@WX($%FHDt-f?YZ3 zU<|n_w!J^(*Ixu5p^g%cSW)#DS9Lm&;3^^>-FBm-X^UjPeYC~HOg8fjsC*J{aME)q z-pp1$f2d?Q5UO)8p7m%Yq+}nA1HE;XIn>sXEsXuql->zR@e30#a>&Sl%%#bKN3B!e zramqHVBU57Wr40N$Hm+B^C>jfTy!H1&Q9;$E`K%|Z9eWn(Ds0R=sQ8!d;4IyZ+ofDi%&kBdohLyQjNm2_@5x!Cmu0rL*y``xNtaoM7}$_JXe0Pnlp zlKsSD%5A7E04O(HW_J z2H7re-=JG3pd+41#}qvQF#*IN3P=rf=#hC=O~yY(hp##j9P*#Hs5SU?f4xN&jJlm0 zDie3}VMrXe@tTGOKO5NHFV+m+*06kjF|lP3Q~SPhoKzIuQ|G(KO0ma zCJItL&EprW`Hl_jGjyu+kYa_ePcl5VX3vL=+UqyYtA;ab%2{$7^~&~=3corEl~Z_e zI`JoFC9XCIO@7bhxnREKT!*-hdWa@JIHZ3meGufgaoI1|_5LR|#9>C6Ia0gMv|KAO zUv-7urRZl);=6Ij=1GwOiLBs0mDbBx@4 zGqTKe;X|L#+9pZZ-+8XqONS!=o*KA)Qc3;Z{dW|EaQ^C zj7NG(r!f^#Yb(lc^*oN=4<=-g`RT1~a(E2we?G{o*>_~6L@=s>*$}mzUs`T{?KZtu zhaA@kN6jxhy`d_W<)Ev2k0PhGS7D#+SKhI1?P9_>>W525Lo!=L7TEmRB=pd z==(2u=n8;Jv7X(&iNKZ6bFvGm0bG@|?#fL8*iDsqA}fEAg5_D^Al7A=$xaf;JI^he z(-}~l?YseA>(FCAtp@^iD;RDfepVh9LTC5Dr$0x;#+=@5F!q5D*v{ZyTtPgYNrA^f zByfHuFJOFd_?H;IVgV5NaYLv|_Mh12q)_?NvwEyt>R_9}Xk(^0 z9+xq$RSk6TyIJ8+>J!l?wt5s;G`W>1vv2$oTE18srTq+75D*FkZvV;zQ`RDvyrAVD zf?crWhk;WcD>;x=JMkJUOE2f0k5{Ak*8(119rg@Yz%P`Q7dz#0nvEbL_J9*7_-y*3jhkiLDe<|M}4qM^ft=%5hPO&fNrYKZZzw`an) z#OM!}%zP*7O52UwWpC1{_JW42RY9y+GjYY<@^R*0y!KL#yHRyk0CLvpO7`1b)&_RC z)YJK^Z~v%yn3GqIn~2yyOVyN6qaXH*Adu?Cu088c{y46DmqKmEnJBT=fG4#~g;UQC zD(_n`DaJG)*mms4Eh+L7x*ytX~l>PjGFy~4oS#~fa&0$h&vKI;yxypBxRUdmJdZ_<$XHSE89hm<$ zJvX++Dn>{K$z5kz<|VAP%Yc6K%lJDQmuxk9sdG;@hz)7Y0K2pE=yj>x%cCa44Hl~1 zdj^EGg0o+^^Ub8ck3K}_=tU^nq10zdc&Hxvk59f}+@PmwaHD)VB#CmC0>l5x%%C6b z@d~WzRBys4u9T@M-H$lw!XLUYP$H|Oxm_Y@*^(5rxoxODmCWZ2k>t^ZB|hBDoP+pv z9r+BhN2gh%fZboi<(NM{t)?z8AbFq~wbqAKPQ@$zmWW@OQ@i^)rfP|~G9^$r)q zyiGQ#&MdKAF)X1%2VjYc^_X{Vdi}(=i=(I_z~zWJ)>cWu^n9dPn9vO>>07wQ%q<|a zfGUY#6Uf;S?(^+ucU$Snu;t+YUiG%dWbwc*%=&7W1L)2?HEh-6x2|kX6%7O5=0Db@ zK_?oQ?PLv~vXkBc*$Iz^`@sD>j_UG`?HEDiV3Fq1RjU0;K8_(m@XA!oN!~m4;TE1$ zd(h4SU%06mct-^g;VWnZ4SyTe8Vd}F$b2&x4L4#nM*SHXr;N>_Mc*E(z+k{yhCGUPvt=7MEDUYDb_ z=cR&_Zng@d)^cA$ujnc#W&WBRhW-r1)ggDukU`8epm@f9uBO?3|6U@)_O8L63s#>6 z_c~+cf&xztbR7J5QJf%Ov}ZX*N@9DwDlkYx8c*y5iB()tC03cE`L2A)9~Q1O?~;C%=wkqv=#;;L!yjQk~3k>pGh;Wj5woGZgyRQny{G13)3n&_3XDXpvRFqyR5 z<=rooefv2BVeMh+*ShqVPCJGO#==~tVz`%d3X!f4&?jPrN`XA`09;5H#2F!iP1uQ7 zWnXa}kW`59pId8|bdZzV?pVFkfRAdcx=LLzZFq|-T7m^t_N*+udgX9w{h`2~*Q(g@ z?fjn$+!+@BydUf=kgE%lIg&wkNHMR@dqTOvG4W#(gj`ssl}OdN(TPgkjBc=eG^WMc ze*(JZ9E8J%Ap^H)?ImQ}82jz@kt3;ob7TrPXrf|yw8(+ zLd1>*O`Qy#aHet0J14Rxl*7bmr;*yx9wBLcM1u@4y4R6H$iiw%B($HH^PJX(8WCg& zZcoz)M8jDykEhPD3cUgOmtw(2k$92ddVt%S?0|P{058JQaA1^5{-!D(%pK9cH{;vk zo;cN~vwUtEwaxX<*-paAfUkFc@cPR+`}}~!xV1MNPt?)m+cS(SIlLL5s{j7%P2Y~S z=Js-e1Aere4bhb}J0OMt!=fbP)+90RHj-$wc*9Y6UsvT%lMTi4nCB@ z+%SFS%a!xarqDsW|V8gns$tSS#y^I^3{(y-*=8TV@*DjdVJHdR_oev zO0Aa>Wq|6muyZ1FC;K^#&Fc9bNrjT`^WzY=kt=z3tO?TOakej)&9nWJy3^m6K1Fwu z>#EJ>1?)d5@yFYY2|@hm36A!S)K!wYH=6na&WNBLBI3d3gsB;-Y|o;7^QHrS3}AFU z-P?bCt4$vgV0|R@VV9ZF0Lr>(;KZsN!BXWBpRm4NM!AlZGaMb6!p|(Xf5@CsC%`Pt zZ&Xj(ltpRtstw*ET2YLhW6ev%H=@2I^wH6F@ zNefkr;O$H9jcl}%BlDf^gcCo*49VYvNut1?k?hZwqZPh^!6FQkX5@D+vdRePCLX`; zYY`vPhJq(sx~Qt8HF~DMm1Y5Uo6|8`Ydw-d z$Lt>JQwp$lTd5L04CtKHJDTd7K?Bp6kH4zdXVxpJieI)%Js&@v7g zRPgTePVJaeV*QN^EH znbu>I@eZt)n?HKIp9%EC*8Gt>R^_uSgCT~XBk*}wUMtF|io8zG+$zk=nB@eI9i}#{M#SwXt1-EJuGz<3 zC%{6%aT>myii_+a8B@_revT^TYtp(?Al*oz`-BQ5Jt}Ft1l`29Qh|0#Su}RiQ=cUi z5_6*O%C1(bMvy8-C{D#sVdz#6ogUQJ3HNLfPJLjA7d^|ek*9R3V4xAaN zHLj;kkGpFBFaS1tcg!nQvi0-k<~i$DZ(Q@pA0qWo8q zbd*k}RK_E}a`wl@y%9`Ir~rY&DtF2#?7d2ocqJW2xf{K+``xGw9jjQC$pk-H8BVlM zQydku{cz{wQ?v9fR8MH|?&hf>>QOK0Kcw6qChfC$jw3O7w#-Td~m4lpP87{kh4|8H! zCN5eRP9o#JmJHRj>{LxZr=8H`H~6w}j>NNp-WP`5j?5ONS^e&0a&9` z&;-13h|_zl4Jx9m*sZugtv_8p&%rWjkw=%S$WmtKovlrTj|84U7Gr;9<*D32wa*`_ z?mITyii|~zCx1g7^@^pQTS>zJ|I+4q<7Nk%)6n~@xXTqcIUkoPkXgBiI-u5Dw zL*!7j8${ro10vsk9}DYL98ru&(^962Qjmq)%0>9cC!I)J8=XeA;hTcfVg>*ShZxKuErvcNofkZ=5U4As3kUJRpQjA9W##2itQUX^&9 zOlf($osSS$DI`coH}&y)@+O9gUAjRz>k)ja6Y5-S7-TY62aiy=%g=Hlol9fqU5|q( zZk2IQ$0Q=yuw$6=35z%e8=cledIOQC9S9n=S`mJX8UpQi^v&C)jB>R@D=^Pp03tWs z@U46}`QGW15;W6%R+Jo{IsI{ioxaM1uI9w<4_+bZ5IzAsmUoP-fZN-`(CtGRlw~(D z&48$G8O`Gm0xQ-Q#7x0zo_jx|-KR2O;UOC$O;LME_H4G;iYK$KUW+P-PupNY3g$0* zY&8bof1it~^uUSuhRNHisOMILMP85isMoMI$PXwJAQ9W1D$8hH9`M8(USC4>+WNcovd$m3LAEHrv` z82q)Lxf__sop7T4Ysw?v!YS^GfAXIH%>{a(Y>0OO_@g8!dMM(-{eel5wM(`6-edTt z|JThC5zkQ+_wBy>=aOZYHOB`^4cOKmpX`j|LKd8pb)#I-hsZ)|T+)@(wI|O4_O|P$ zzV$R*A@drqz7m)894>29b(l#jD&z&X3TZpwle)Q6kCWwXJC^4@j@5A^?^t6w;CZbT z@sYjy+Sr6!<<6*bQOu#Rwll5-!#l7N>p%d#atlFk4~Dmh@J|eg>PK}H`kc)#-JE$m zp!`&vDE%CTCG67JQPmu_%Bx>1j4bA-y1ZqN;H#JwE-FQ27I^gK1e1qGptxAYE51)# z24BxEWS43A_&X11GLX1oMe^=cjY-|3wGp8-D%rIksuLqul=_aVO!@jZpRQSr94GdB z@X1>Tqe1{mkLifexB?t6%A)(UAaVQyjQ*DH?e2RK{D1Wtm(gkU zwu)P7I{0`&8)Y1^fgtn^PSFEKlOf*BX zG&KP*>Znq$D1#_rxkHM6ar;M*Z{o7Gal_wGRQp*%>5RG&1GM+e0?oS70H*Ty2Y&~7EM4hS6Rq9(3InR3s zMYq)Ji{Rh%OIwo!$bo>l~1~t&-YJ?5RaW;C;X7T)?I!LetkDt9?q37ek6WY z&mlUmkWA})bz1#al#l~u{AoJ;eM7F?{^y{f4JlCO*KJxksvvr#AgGHO%sLhk^PI*a zguqvjT9+|1&wr=VZp=Ez@(;Djy%V1}{_;gQJa>z|QWV6^zy~klUM}gvm~DK5Tcw_* z_2Xac`*Z}Lbcl5E$5nhq4pUGTi@Z5Mo0eeads5nIw*N|I(@ED@Vu_B8xtEzU32tVj3k#My^7r0TDXv zX3y4=;+U)kSoVKdA=Dz0k;2ljiz_~L&X8~O83`McTH?(H^$|C*X?&6QDWgC6a(V?zW6kX{B3AImy#TaiDpZ!Z{s>R z7izoOUYN&*)R<&@6l0x$#jEtFDYx#g>ZRFs_sTAJiCkkzMm%R{Rh7H<5J$B#{^nkK zq2iy{(&ZT|O-41!m89G^0Qb*@NNe*oD5!>P@m@=znJ+-Pb_*Jyz|HCpqkPfEU*vj0 zToH#v;~GB(jMBzr2-%60vkYwoAyZ^ZUQB%i7#afNAmCx1H6UXOwU?|Ms@9aS4n>c& z0f=FXzz1cg&@&ePO4l}+%;50n_<%HfJc1NHTNHDzTD*6x+qI zeSM9mORI_>SoF@lHdehgnJ`t`97|~G8`8Cjqkvp{o)6f2A@HV_*%!@af79;J`IIdL zF5~_D+(XN2J)v<MrFn?oVPq}a&206&}8%QaIQ(R>=kIwkXyCx2M;b<-v z(W)gTh;|?blUcYwGV_sMDZ6Q!y`!J_dEaC$jsy(Azq^_PIZ)M{e2Lugtz}uATr13F z#wSIqaQp0k1{N#_k6g<-E@EJo0=JkBRLtFx(7`{6$3HB79u^H8#eOUTnD55d3UE6# zdf4kWz09V?^4tBFflE}~m!G!aOXCfV*jMTZI0?5=c9Q#o#GFI1m*LDs;Q0?9)$FxI znHulnHN-RKPYb}8dpM_F3W(gLqpVaNAWJ{3Tp`qS-JI|X(^r4 z-vD$VzeosBC`#%}z=pfDxDgZG(*_vNs_zl+IdgJ#_a`)}3XW2&p-GMeh7xH&q7bw4 z`x<#23=5z`kU+Q}tTm=VpL0oge9IgKWU? za}u%+z-8eVi2y$S1VCf~?+%R(Qv@F>6S&Ft6mnqvBqHW1N@kJ1(uB!^84RHy4>h{U z*?YOrDmSSr<@d|?v7QjHxKk|Nzw2i0VYjfWHGAv|M~jw2Bp#Q+BBqe#A}eY(X170p zBGjgKOeMm?J9ry5aiKcqhba!Fdbao$bG7nNm+lLfK#$+wG)z2tK+wQ3*_iWtT-nqf zOSxs7eKXE3%d*-o=vsd2bwyeHfjtNqf3{~)B>J_TDOU*dV@jz>-T?S>)A5ZRAF3iY zXsizSn&_F~oy%wQf0CS4oEt3;!%yd?`iDh&J|r^E;ERBwEV<^o2EynELR{sL9SvCn zb#(#{uE@R0YU{;YG_gZf6MY|R<|J~wE9J<+&vTV7rC|M2Lh}AdOZL`ol@M2+2#d;t z(waR?Ymgp7o}_bu2k;R4#v!UR?5;CTN?qe3^t@SfxMeHc4U~OL#94ay3o=(DQ>C3I z#YMEAL~uf+)umW$O`CWX!>-TfYnk=9HHW`)NwMlaTiJrUM-7%_5KFDn5b_~*R4MTB z>_i&$$~__VqdRhBt(1 z0M|_Lg&>x+W%ZaKCQbRpYShxLxO1g`U!9w@b*WiMU z$EJQ`_Ba1BCSVw{;#Gk*v(hd8fP}H?kNMS>)9E zjS)^G#^uI0BBbdQG*Qp>ZZF8aacOaEsWPziyg_jQQ$}$0Y-gDn-j0{aR&SgedHXWf z*Ep*AifA1#jJHc+MX}1SaBR!Kqptqr;vwIAWj&?3+KegpBQy|nLmXt@(iv5OUEPc~Ft8oU{g25s~wi4^Ub7$p zQ2hLN&EFbth&);ZVuGHo6mYJ4n5=-k+pxmGog%(U(aSv!leN`~h_aZwqXsXRo`Yd@ zzt$xE7JDE~LT!xK)09T4)6F|3fsAU%D%(9AUlyyT;p*fsn(Ikxd@_g9x8+RG4&2c% zbq&)BXb4BcYQzJZE>5uhzcMiw%VhDRZOk$w#@aa4@biD(1rYs+pUx$osP>4heysp5 zIKz3$0h!xcKTpzXNmJoA-Z5YNlBLy{kL~3i@+|M!3|KtQo4tNtK80cM4om!jJ@EK_ zCyeRpfFU;pgDz2K#CAxz?9&yYY{~n2t|gP-eI~YnO4-c#bHpG59&10FyiUb z>|X76akARJQ}uSJB!^hnNXo)xr**_D3&kfjSQP~<6lOL$sZyy<-L%cKUEYXHWm-{a z$MK`8UPO4ZSOAQVTGJBX*oxxBD)J|=)06ou-nE15;g2Il z0O#Eks``QJ#w41?+%5$!rRPq2Z>T7uOybstlHQixQl*n&&Id!B`}$4H5Aq$joLdIzr$EZ6@{ zP*BE%KWFPGH~RaCGNHIDvT>f_ISvh0Yj6~M$xzOf*aCc_><0$!=&}mp8eH`pJ_~gp89{jC8xJWV^=`~wQ}yz7?;V-P8V7u0C$6gF9DSKlL(F=)P5AT*4IP9 zkXRXXj`GaIr3mG7dZmUY4%M&IB^OS}iF#hKAo`b?AKpQbNR2i>33!k*mO~Z4^@Q?G znNaksB>dS|jocQ^-jLR4pOQG<9*aYHjRblyNUVPX#TTkC-PWg#`tuNmiK zPR4tIA%}vi=G_4f4Z9%Fi%(k6{O0IMRZ-2+7ouoQxnAyLKYy2hPTbTF$4lPCD2+QN zto-$v(fOknbFUmc+6qannZN@yY+=}IWVjwqbu%r(=8le^(Ym%WV| z5hEPIHDv$TBvasrNBbe`L8W%8{n>Q3?jutP*XK(e%+$GO&!j~s@#}|{mC+ub&=SlR z+wGY0ARNJSEKVQ;WdEmE?6r4-^h;boIhClVK&&O*EBaK{`?V@>bH`P@*eK5}L4$qd zsQTz#UAl8qhH*azmRrSw8z6P#u?u(bat6m7X?N+=VPDi&PIK__UdEP;7wp|}a_@%_ zXbC#6n_et^dg@@7)x?^AtT(U;)af@kYzq_ul9u_L`|3O@e7Pb4ZE{dINDQI zMH~d~Gq|^*@R%-!O*?)K2%=b9+IUP?3egsu7#`;T@QBebD%yl$9HKLPgo{2$!mGh+ z3K|T&7Ee(^-M+$N;(r;4?vSi<-zd)mxlZms+S*|7yI6@wyEeq5@p~FiYyfQv&^^T2rgg+#e0{x48#~64V zQ5B$LXOj3gRs{FL2NGZcE~eOL@F2jtKeh}!W#1*P3p-nqmIH+Wl_^k#n;a1J7Rw{$ zo2tPHP}g1ePNCq7;YP~Iw4|k!if@LiG-u&UF_hJa)1=YqJ*s3PQ2Dll@kVi+E#g(! z@0CCCri@9M-SPlO(W%LccMmxEUgj9(TCok)W+#3V8K`sH13X7{;=eh`ajdl$kLcs; zlDs=7Fvi(qAfM){jc>rhx^2q&bo6 zyKlTUx`S)^wK1Kd8S0J+z~vT`svOuyyKwEr!VgHq6GB8ERBG;hkRTZ9Z4Y8?`=`q; zFB6LL2ZD4MTnLx+T>vuAMsuDh+c0<$rXejknjf9GLW+P7awr?6(7O@b7w%sfnJt;a zXb`jjieC?koPc$AbxFE2lM`cQvj@!RBO^|!poj7gr(}wvf*|fm61AW55YcF9_A_~h zG!^L>FK>NhAtKh^mwTUOr~tm>FuV8t!?3hgoAQYs*HD!-CE@?W-do01)vbG=(jiE9 zDgujMgd!m*DV+*R2qGoY-64fgJ3F&`lrDYsarj$1;tv`Bm^X1`>Qm=3G1WcdMJ9=*hCvX!;)9(h@8TInUR@ESO zP4UE9LJs$byL)V(|4qmD_qe2Jj4E}LHCe){K2%`O18zxmyV)kYl>g0ln|(|yDUMd6 z5~(Y%eE32l(G=eJOQA`a-wv3&>u}btWtIIrCY>`5Zy$1A38dOBJ>qyPktiL&81DWW z$&hy;g)`Nm#v*L#L_=|8GL$`9%ts@v@5kp?|9GZDW>HdOLglpSK6kF~3Ne?8MY3C0 zTj2|RVL`U%PLt;O-S0IXQkY2mO}X~F%m%a#hqLiw55pTsK|xP(pwnYOYT(??g)I=T z<^E3tf3>hNzTp6}jBo+No^%Iv?3wS9x9>?&{RH*94z!}rrQ#j=ivn8l?V~Aco}gaC z=>|=g54h@!Cvey+SHS7zx^qFYq4c*zx8Lb+1}^B7c1wV%W2BNqr7jH;a+dojzl;Ls z&j71>RybOk{CSQxAfW5?ka)_VbW1h*(O(ykFrpK~w|NEnK=6Gj3K$VQ&-5IBEPgBX zv@9D{SBN-69MrWUr_^moPU6+&0)aQg3WjL6tELmPp_JqibHFxjr!)>&U9_GsPT=Zj z+jREM`y0she?oXp7<|`mc!2$rkQ#VhmAkLIwE3~SSR>?yAI@4M#z+Q+9pz> zL-gtd-gZ-e*Y6eJnsNhv|JPULcvTqV=Jr|iq7&%5MbEz`zZU$bh6eFkSQDU~O=-E2 zsCb|P#e%)>;y43;C){w&Yy&D*3RzlPDPEuz(vVmL2&rxTB0IW_!h=X=LO41KI-imv ziad$i%I^>)gHaqn^>bV@YLLW$7<5t)W*qia;Iho=`8Kirwq7(*Ng|8x-`N_-aaVJnL@V?A!?;&qK~${NdK9*eak^ zck;U76tKdvHi!P@$Ft!0=Bag&Whj0Koj3pIs{L^levdBy`~}|yVl(zfw%BP49|Y5X zU)ewX)}KG-k=!GcP_oDWYRUfV(*qxnK?D?1B6gGhr@;5mTSHzHCDifn-qgRk$$wwt zuU6%+SMc9!^?z9_-}MN)F=Ys}n40`E-u&f#{`csK z0U7)ArvK05>h}}&_gBkT258p&`x<}0K>uYi|GifKEyVxJBjn#}_3yR%Uq!rs$E)8% z@qdXlfAizN*XrME^*@A_|6|-;d)EZ2&d?xww}OP6JWyk?F#4{O>?YFC?Zv2wJzq(` zZ~0@k5PsL-&ye4AY65AjAZ;k3!AQ-kXKDElx6Rv- zENV^wiD{F#$)(Ar9Kv^JB-x_mIp^12zOpq3QtS($NX3rSd`xgpe&~KwO_K3jRS&cr zhwmW#C}59JvG@XnV(|%R(!BtJo!)-qR@DoEZDB7j7E7R@8Bw+vK%xwx zlf{1A*$CtW$&f7lx)nN2zvzopky&pzL1^aklZ=~t= zlv|*O&$2O6{q57S%j&$_@-5rKcE5hktyO(Hl01yT=LCm#`;FPi() zbv0F|$B}CY;`6Ftx*&dlsoj!P;ar**@FO)Dw8nLOOkkl4yM6ip4v!aD=YP2!C^Js`)UzAw)rRl>fy_grgJ2<@m+c+AA_Kj^-wXZrYNA-qzD%rvT(5)gba;<@Ci- z@ChCp!ZZ_^52z0ZsuOp2fs9(=Paq}&bQ(`@lW<*u7vBZ3mL0W{Ld~NRd;SsomY0S= z!!$Wm4u??hZo~(P*D+BZOH6J2X^8N>@R0s$&`>82o&X!JX0d+9(|UQ0IEFMTpV^m9 z(m-D7QJ4GG_aDnlndxQqnr81m zY>MB?mJAe>N!pTzvkgDhamPTCb%2QQoG}^yr;wyCIZ9yf`CdZf^!@2uMB_-^2D^fA z(}$bSjq?Y9VqXPg%Zs1Le&0s`y0#?3f0Y6>g$y=`8AFGGg3T$p4^n5F;bI;uC|vgo zAiF2D#5|KQ1$#zL)<7Oxb@&OZhX9fKEhYzAA_el79*8vVtv8>GpTU4;qP4>LSXINf z6Tqw)q3#LC%$&Pe5p3(xKPsD|i)1fw>y+a8+o4?P+MRHJDOY{-)~-IR-*y zt_YxtaqgP*>#Wb2&*>fLME_?CT`WEnW2MgMSDE`>@LK zqms$VrOFiMYBF`>jyXk>83j^rc5-+~rm0MG0w{8hut&`uR~Q-$1-7_C4{$6o09*SB z8*WygUuDd1JzTTQcfyt8s^r_k6==8F@9g1sNSu?6C|go2{kW?to$<+Q(IYQ4OnkCH z9|X7rOIO#ciqz;cS-LbaPq&Hw;I)YJgmZ&3AxpidtyebJZJtlAkdNKcGGwciTd4w# znCkX7Gprn#*|B1k2oDO51FO%Mdt@bc;@e1>S`K|g=(80Uo)P8rTZPSpH2fyLkU5LH zC3QhM7>-Xy20UjET)!iBMHgnePx&rnVI3nz#quO`qzgPD2MDFduDjHuf{L*_ny4hc zH@wD?0h!DD&M{hR(6du{2Di0LzquQf$2aE|4a*`f-on!sPyKcX=U9lIo}{fLNeRRW zhnW(4DK>PxJjkMmn-faC2y`^A0b*Ng=}kEl8I0AB@Q5mbCImTB8&x5|4oqy0I3I=Z z4YP??&K{OHlOZRT7KcdHobI4E9FNoa^V7ZD9y6(58A|ftX%A>NS`-_Z039UmAE7`v;)p6Gw@6H;Wa5Vh%pb_?>7#g!W1 zDtca$%K`>0VH&pi{P%l(5ec{7*pyht6_H}Td#bKXhn#NWhFqiOf+}_i^?q7CkL_}DV9(?MLXkT(1d!Ca-lV8xtWCSs`-g8yJc?6gaz{S_ilu)eT&;B?6nA`qVL zvKS&6sGP-R3Z!Tusrto!AE+ijnce(EZD*cj9M3joFdX?v?wKjGsvLM5hgY073iEH7 ze|~{HVVoQGQ!P=6gf;0vFeolRp0p?}kJtj8e(T~eD&ZZZc9^9^As9IDSRPX>j|}nL zqpe;3w+tJvy_)EMjt1hz3ch8<26XdbZy%3ADI-mWOHw zQpBPjSZDo&3%0ndYy)oYvd6_|1%IZx1Z!MvbK*pKbV3(epq7l0I?{T7;&lw)2X)Sl z*z-+fO7U*2D4X9Ec0JLKO>!d0+mLihKc6Cc%`Jl$W*w`%TXQ>{nfT`M+c&|j2)H>= z8|@@1NC=9!Xpl7~C~(nW+UT%&c|JMD-i{}YGyYw5BELQ8XGVD0FlA#BmUZ0Ft}S4n zS3LardDwG5W$rCWx@PWrCX`(E&Y=n0VnqgW=QU_<*f5vgKJ_xy!M?Dq?wV&e4o zYt2{;oZ{GZJzLMBf<=Pw?#3nOq`%_}6NG@d44tDF>Ddw%|K z^R!_vu2ePP&+)3@?jwgtsF%AI)vZjkM5Pg}TsneAd-END6t#g>a9n`1pA$?zi$1k7 zL_0c^xc;W4mEsiqsWKRusl){)J=N0tW+_B&CYh1SSRz+sDzDRz6k?iCZh{UYMN5sv z_SCuS71mKoPP!fAhwf47#_Y-uRvf9hFfdtHzYKL z0|SXLUS~(#4{hsS2ZQOKl~>?AHlNyi!sSpqAiM86y8ht7vDK6;5Z016;KZ3H$=-Kj zKYA2iyAVioUyM^mp-E8d@L>cr-LgjfLq)LRFgyh9F{3|}IpTtJ>LbXE{h6Wb7!dQF z^xOpf+VHVxTvbZt6`@ zDUaw`{H{6#R}I67hMcu;z{BG`@m?JKNvjUxy{v~HFDGHQq1(;eKp^R+*`9uNkl%Cr z-K&QY4*`nrIbuVrQTSOL4~5kIfW=nw6q5cJed2&6r3mA(eOc^jc6e@U8S!wK+av3o z(Sn-+!}v_wK)m7k5j4y(;4;fM#OUs{)=zxFY1J#2DC4{XMG-I=8+p1s_)tnG#Axg8 zTl1bZzdv>l6y;E*RfZafs| z$NwgTIo?c!XLt_CbYk53I7(?3gn98LU+l1OS#|J$F_()aTxK8X20@-GpJ9zU^fmFm zV%EN$cut^3(n9(Mr|{emw~V_5eKbzt!I@}%+NTTd6-hf6SSFd z_lJiH^Av?=EbGsd8|u3}#gYfIy&Bl|>>Zw?#>Cx_w9k!>2G=fN_J?|;g9NX!d-ax> z?8Tcx-mL-fw*GkWjxun~fBlQ6M;QF;l8&&{tMvk^;@*Bx9HKEp9g3oT$;B(*Atc!@ z-!Ed3wPWGe`?}Z|YU$cavlT!n0ufRALWR7fN*aH|Y@q~pJoC|zgqxd4!oe8f69@rL zK9y1PumuNx*Edk>#EHAXDNo91h90{_4|YnP!kSJbIVIqVl(?1>Lr(mZmS6ks7r(}f zutzc`;|;qLt9}9y+fQMy_|wPzLLComgU!T%I8`NSq5%4^0r{P~?W@YCjMIj+ebtyC z@x)-?lKp+0_n$2RbQG_!MM?>mCTm67x}o;R)L#7jEW+(OO2SH`(yY}$u%`XMnY$xh z=E?FjrAz`g5NN!{X{E#Oz+;^*EY9v7U0{ghn`HaR(>T$(rdbXEaNl1E=>dKot`vjA zvzB0)7S%_F2Q41+zF4oy-e#L|Y4#3Qe%Wa_uM9j}ruO`0pKg(x^Ds2?=1={F#bA4&tAdaLPh-%0ztdw?@x zdtIDei|G)T_smh=@u}IvsKpdiUh69B&{})PdUO^N6c3MJsTLO*D5vsC<15b?w(J-4 z3E?~VzaC~`1oCo@19^OX?!{6Cj4w;4AYkf-Hp}^_BxVZ0on>Md0LP6|)K`uUh4~Wu z#*BsjelmHp050wwe=}V(=7OXJEGq9DR&`9H+?5Dn*VmEBS;8fG(M;a}FtB7>G7^hb zB5;&axuE}~S=LB821}eF^R}3wc(_n1NA}!NW!1M^zMjkVLBoN`$f`Y#+{7GCMN=(v zK#Z#}(oyS`FR+obNV2z@*(5RAdcP$w@5q&7*HRlCQ#JCTTz|lY@`xQgJ2~jlvsu}i!l9r zEnxOE6e~5)raW#pZ$vN9xh-~^=TN9PrAT3FS6kT<;1$eC(!WF;eG^b8=%?HG2JSFi z1vQvmBfGef0)C~!#lt#tpL$;`O2)tZ{QaYQzCaxeSIWGQ@|&>Mj>YNyIb_+pNMg5l zN!Q{SKf;L4ON_o*)+aaz>+1-PvKn}Jd@&$%4XP$4`FZa~KUoJsBaH_Sj&Qz;>2|JpYsS}B zWDzV1m~A`@gXd6ANA`|dhu@yl+$k-EB-V1O@t(58!P}f;xY{~@$SPKPWcf{#jq z|F~IZ0(@`ZX2Qe@RMK`nCHKxJ+5h$fdCxb+C3DNvUPtG#8Qlk@IZ4 z;IY4~z>}Po5CNY3)2L1lcb=XDiH+C1oJz?o*SyqI4;m{dh&Jm&po^l};R}lChef7O zO%&Yk=Hd(!>`*>qo#_|lY0_*W9{-gYME}NuvOBv?N~q?I=oqpW^xr3jI3R9T-H8nD zzc26$1iSd#9J76*mz{LyQDHeC%6zfBw^|AMDdfR#)wA()bVQz{vG(o2(1nQ#h-H^0 zz9^p>t!;?n-%1^=#fQh_IU?6t4;5KMO*tjX>{(5{=M2EU{|qtR*%M-!eecj!;6=_% z6#6Hec|plFTjZ%hjHDJkI2e@dAwqw_5yaan=o*Zfl;7QCj-UJ^x~?D@Ey zfekuK@r_*hUe#~hs>HrVM_Us}qa2FQ?D>VAey;SI$WrHVz=uz>XmRfjzVKZS1sUYY z_eLM%Ze*_6M&Dhg#FCOqn9d@Kpiug8y1I^4|4|>S-KmJ5I;&-II=JY=i-gI4e2C0-C{RccE+;5K&EJgGNk^v<>Ku zkKDg9*KcBE`nY7g+EZhfNKp3)n|7U$X9yaTaF0HLC?!Wtau!gl;_*%4+u9+C#L>pX z(6)8kJG%1XX7EYdNZ9Txozzg#r^b29!k{AmLp%Ek4&mb%Y-+q_1<$8FZlpYJcCdyN`69{n%9j68kEfUu@*1FRh9%c6yN#@E%WjfosR@P2JldEYqR{ zc4S=&XLas-wYciu3-F}H*x7M_JP=+Un=qSMRZ5q|BYS3CacV();(gSQ{;RUk<08d< z24a<$gQsUS92aXNSAu6;AQk)?BKgE$;E5)+K#1lBg|vB2?E0z-ZX6-|5Tj(LNBPyH~EkjG!~6-f*jYw+F1hXL0ex&IwaRk+f69-TNmdrUo)D#jodhl z=jJ9aPB|k5&H@2ukTPjS*LT>(A+Zt%#C-GRU6Kn0KataOpqT|N-bsNB%9{D&s z_~YNFbUXm=5awKu1vkET5`=3g13wD2ppg@j!!&0d23xekAYRfT=~82l#yWF%ZH5ST z@~cD%^x-2u%L$-TZaO-X4$zfUmWzlFW?CJGq1#rG8VR{+AMX_DfNM0Ov*e=4S7+mE zT6@50_L=RzbShn^f$p3!NLQ@Td$2IO@z7tOwA%u&hA}F~Z~OzI{0ys`=*hKm(E=TdF(K+=fyJ^e-ke%!`} zju7S&ePEYGj#Zq7UaSVEce@z>?E(QHz;qP{$Wm3@fFa4f$LclO_zl^1%*`*ChqfCyI^B8tp;ZL8C zXHOlp1M%D#vd-lFHc9Rb^a|?RmH|23vdvKz6)tzfn4{znD7ehR!uQT|VwAf(V0RdR z|A+3D324}L?lzG61u>GsVlA!`cMn0`$EciOMWOGqpw`jxiq>Wnx34@ii3v= zxW?!NWO5r`PN0v}^#%5sI2=QrfL!1{=sId?VlY&}DYcNHcmfR0e%7*BnI{P~4c|kK zcs3u1^g6t-u0NEaqd8#cojf}o@J_31zEg^~*5v);saBsjwhNvd)(FstPEo7U)cvpq zI!}GGpgnC`P4IoH5BRn{WcT0^w{Z?5!abGHj$B0wZHtkFIxdECpCPfpobmIwF92jW zg@C(_PfTFeRm#IoA_qoK;6Tk?J>l{=eAEQES2;q#R9xgCrHh*9V zqvEQ4RrYphy2f6oaVEOSg``Pg;C2u#-uucFzgq4Ae=Qpl?Ce+^Y;6nZ`W%)DCuA2?h=cUG6mxa)v{h z2zO3UuxO#(8KkX|A#MY8g;CX5c&e|GZh0XGlmkdf$7$_IW|562lX*=x`Fbf?%5H(t zO|Nh7f?8cH-GS~9(-C`za{IcB+#w%n@Wan?5Hw%24m^TnW>@n1GQl>3OBxKjK59O> zd+)`QnWnhgZ8l7)t{Mkv>g1-dNJH8fr?F~oy7DXp4n7MWkJ$-+4AfvBL=MwYJZwx; zmq3R*BdfuPE@0hqp;py#L&x^v>&3w*c>YmpL~a*=-s1im51QL@Zy1HQ-x8z~6TmMm z8nb77=(Ur&nmRm2*usGVey;OJ3{M`nuLBi5B67Up=vy{DV>=nA zW6aSvHIK~sUqMh4^(C3w>iPESY)BYarS>yj?qI02N@1G|B84i0cUJTM&pyhIXF8T- z&HG%ls)+~0hzFe~XzenE2%O`V2dW!tuQVmD-ZxQ_Wc1^(MK-I6Q4Mf5hyxv^eTd4< z@2i(L;Uw*5Q(Z0*Xq7$wt9PMPIM6~zfYeXk8FLXtXp+h=Vf*Bh;K^zb=-XP|ncdgl zV1hN1J!H0NH1zPZ)vYteKUH=f$-@@2Vuq4o8=y;w+#|zlFk6iZnm6!?gQ`EarrfsO z_>$GYgTL8;es_=oHKzZ@GH{F;z|vdW+8yuWz~+}(o0oDKql`RkG<)*hwvv}4m*zle z#04m6C-XwTb29F|$31O!@of%yH9PF_HT{-;j=966$_Sf6_Q>htCB;a_ZRekcLB^ay zQZEX3X~tpN1pG9Gin9lKg3I(4l$4*kZ@yjBMVv*O)Iq;L1jA5!II)LD$#OoqF(+%Bug9JmweA+RQtv_(+oKC^0z+J4AW=Rm_(D@C-W)= zMn@B%yC*c)SFCNqK+R37C?OGWk5loa1b; zg=rW|)Hm-rFaYDP6@F;gE(s#-Se=2FH$L|Yyldao+{k{>sn}*(hq&bx^>0-w5rt37 z8zkcFa({PkuH2fLzk*5_tAh!}4|=3Q+Qrd`L+ISD)2bhx?Vas%(XGboD`1X+L(+29 z%~ASsld16YWLwk&D^R-4;&4LCD`$-AWe3WEBT=cG1KjEH4LGFQ}Zwl?v`lC< zXK*I1E2WB=tQw!ZrFS6GHHIAA&{G&m6SU~1`=lAR*xOj7xk zCB&$_efqQ`oJmW!t#NYDuTDC|O*rxC{T7{oy!3$gV&6$g-LLM4d!uxlS&GQ=?zFCn zc*>ZhVe!S&DFh`}QEg=hGc*ZjciWJPzCj!k#(T0j)n;eon2_N=pk2RuSrT>P1z*S5 z!KUowwVEp)HP>)R$y)%6xq?1Ov1sGtOzQbY&{2E;bBZ5&U`kVO5}E~ z9vcvz)j*0*X;hkj=Ds1MHXa52#YB)~Jul`YO1ro0PE^7VlKztHtOK}8bQ2?q!3SFJ z8Ej0}UJ0u^aNb)#?|Qe#HGLtTuhY;yYDjQT3OnoUh5qDc9T8ROd9!OD@b9BF2bK&Jc~hCdKjMJ@V*vrhLmM~vu;jU)kFlTWKw7FLz^Tyf z&{A9hd$KNiFw?|)r#-SPEv!FygP2kl6-I$fW4)xij{$CmH&W|Z9eJHJMgz|S^qa^3 zNG<*44SYLfa^zN!gjbfKi2sYtFtiyxF?L9b{4McB_3vNd4<+MYf0Mx*ZG8U=wDdpg z&%t1@g#ZKzMY`rP0D%w<`BV$s5KkdxQw zpE#fY_Cetsz8Lg0(JWdpFk4BM5-j;s7&I`$nZ787m+L5tc$w{scT#zeMPj}F>g3wP zXgUP@V_t;ZqrP&|2EY+F;#UW=3-tp3pVSBxpQ5^m4V}E+N)vl)SoGHq5DyClUo{Xe zl%(*-4NM6|^%jG3pv7l*CD6s+SO0TSjodkb{vgJ*B0l!!{_zXpQTlq%o=lR+UErSY|o(JT>BF94JcieHHMxdc=b_aup0P|3}*9e+f*KO5oTY61`yl ztM&ftCwX^}8N3Sr@BKmsXKU$KAO5tqinIWxsm+)IK)p!Ew-p_)uLJRoR?DDV>^X4< z5^=JZ5BEBmP7zik{IEa1qrb1YsxnwEJ8t?v&JlcV@A&w39juSo`^P}V*2i;OZQfbr z_^EXRi{y`n!NlI{uE&3O5c&QBC)M5q9!v&Fx1^^OwljZx*B(7YrA*ze8kD$sxHOY9 z`?OnfXa`<Ezd!?K zt5C)BO(kFm8zU`%E4$f0zeXxQdcHjBe z^fbh{0h|86yrRe-p*PU40Q=blX`;FRv8ZMxc>;h8rtfP3Otghncq72#nj)uLQ(rDc zLo%_v+n8<7TqE>Ha3x7$tP8d5wE%ssKm=} z^1z_Lv|*-P$bMy%$)bQw5{$m-JCUBZ9`$Fe57*_;9Oodn6KlHWz0^=1r*(h(k0l_0HGsqguO43V zcF>L>j*xgW69B_ervDA$8hE=~8~2c5d)aUoO0}(6Ir>nIAcC1;nb-Ie9P=Y@{6*V+ONSoZpPiiX{Hcs%49(z^%22pkE|mmN(mphMl=FMfRi<2p~> z@nD^@ZoF*A)8c7orSwD^Q%?X$O#)A9_dZgBVc!XLE{MJPFxX@`d&@=FGW^RC&zcUFF%_jyqez~Z z+UA{;pakcZs4~7o`p@>645ZPCV>uz6h)j@Z%CyGA@t5LS!FX>?&Oh>Qv;fCpAuX95 zfPeg^e!XQXo?-}9l|{A&g_{GpdjS}?V++|C+P@6dg1zcBO+JRtv@=33XAhbBoCtma zNL~-pjK0dRH~Ah1z{9k@XdFoe(&3EYO~0JGAPmH&yc_;bRW{SbW9(~MT>TO=kGThq zs0RKg4*(w?D46;Le672Gv825H;C}T9cf1ttLGuX@zoVA(Xp>&i^es-fGu^#P=Mhdv zykA6#2HNVfyD}2mll(Ai9nd6Bq+;$U7jfK^rVKBb15kNWBsoJN+ko*j(ixULI=BM9 zRu52hjv97ZZ$|1%#?2)P(7NXLFX#*sG@GHXkJ;oNzgP1@ehd&-tPnG2|d|4FnOWI zMI#lhlJfu9exmv2iNReTUJUt?T1-eb{T}J1Ef|1RboYYbExLjUxoq+Pr&ZO5%-+UL zy`49g^igzpsk_}}!}1&v9n12ih-`*S$T6%8_^uwd-N-$-BWd?O7e~!b<9Oj=n6LpS z20WcG+`m5d`KT4+Wk| zG+)`z(1P43esX8^9*wp#1~ zx!Z+A#sS@g`X5Lr+=t79(nqP`S>)~11K4XwNqQ$;Az#rv7jmf>>bt0T~14dpwY`KCPTF;@W z3#`yWd{r+HdrVCM06$TbdDxinKxn|VKQYHTi#U-T9jUKzin+)8sF2^n@e?$e^Vk(& zM#GbZF1l2_$`7}IYxUr>4ztM$^O)uM`Y16XgBobO2#u3ro|ybd8#ovtRu}{P5M9L2 zmSK9Aoe*CpQId~dXX_J46cTS8g|G!AGaBg@KLNNkXS{XsI0^8x-Ds%YRA$C-zwmQtfOCG}1vIrB5@_##=4FZ~wvz2hUw@>YWW=N&-5Y`h`iV9_cpUv<6 zjzok%dgaeB>R4v;k+-NHh9?;*`gL?G_XI9>#q(05r#@{A-<>iUjrorZ#`iut%QqBU z?u(RLx1N zGB|$sPAA7H8(%?6$CK>w6UR~w@{$CLY|=K=2JOJ^;ZkAp@#PDtX~A*hX9H4l)82x| z{fa5O+FvgAdQ8DR?C-l#`7#T!m`hCq8>;chYNb7T^TYCp&EpTp`Xv;$i?#LB&fg;{l5>VEr;#a8BPUu6pk0J= zj?ON|h1HTbf9?d+6g3g6d>@aU)6X0gXn-a~TKy~$CQDc6wjuSoO_;wBd^y^Y9;4kTP=KdI!m1Tgjp40J`1 z31xXz{kCOIGew%(f9Ax4T)s$@^S4+YPu9sxBunfFK;u{B=sjiHxX+ zvZ$;O|9buS+}oF0-`CSm`7H=A=>5BmL!rNdsQSnCob}Q$4fO#v!dS(9a-Cw0q|giNkT%QVXNoYDO>=EP4m**_ zIJUY45d9uEaiKqLWw?4zu%}UCp6F~usk$lg?vXBu?>3SWG=1aUT(9o(l?V;HUa~e`hUeDVxBvS$OlbIllIAFB_u*X&uDB|j;h{R|1iWX#Q zGR1UU7T)deH2|6Vl^xGdoOj;VYO0Tx!kDUEIB{{)y^4vt@l3l}`73H<$5dc|1yT;? zH5~59aVvj@WLNKv2QUDv?_C=W%(%NclSeO|spN@$46xKZt38Tuej<_3Li->EHXiLo zji)sXyyu6S=6jl@s_#ngVm$%qOE22i)}wO}V<+2WYF- zT(TY!HQ{NxyiW%?S7Ui(@MhU^%@CV0CN7=lqMeH9ei>;uj^ph)@&`kR)yuqa{x7Qc zM$+7uyoh2WkfzvL6HCIeI^9CXnAX%V9bFp1($Nl(Yj=8>57$KT^~>!=?b3!Wr`Ec5 z&^h-GP+Z$u{;GnA3RWlJ3CNwUP?? z?uks=c#Njqe>gMOE8C`vzC-CoX45dvJuC9uanpW2##p7h#TteFp<8Un(<(`WE1617 z#}w9F9!4%J9vYxau1B8hSTuenM7;J+JNu!`r7YE=o&gSe15PST3d6mD zOw@VyHtg4XmVx>i!K?&WhbK7b@9rp-44i*2SBLrwHfBd=J#0QMOI2mn7?-6}@|d)( znBpzTwX#l-iP@8HfWTomG}c`@Slo zG8b$u>wf>0V*dS0wiwKG=GB?fKxmKd#DA;E~Ybr>PfJWk2j! zUHulC-t=%Ld%mt?P1ECeFG5`K*hg3}ydL{%MX*t*m6D6B;byhZYJJW$|Ja}$%7=F6 zm;bCMANe4Hn4(0>f0z)kSDb>m`t-AurSBvvy&dW!yj|ELah2iDUtpYLZg!o}759 z$xEp)-g90u-GNM(McP1okf2L0hZ|GZQTiC@s*;j+?#eD4ffm3gbt>)f4(r&lXqK;? zbH@$GeH2@O5Zguexs60O;Ub&Ra3YZJ9Z|PKJnv&$q887Xm$CJZSRHDWSve{g#+b%_ z&$E#_>~5c|&trM^!ZJQKKk^CW!#Bkg;^khui_9=&<7|f|eZPyG_d7T6Ydwh19pX5K zNS-A~ia%F{*o`C9?KIrQJz?Yw%PYLgyD2qDp z1q}xq^L~o$fjA?HP~nR*d^yehnO=`3()APg$Q%_Alg1scY0~h}SFqYfwWfGI|Jo4e z0MVeu2=}H=UswkpYb<;;k+GylBw`5nn8xom5vCAws=BCZRUvU1_Jy8nE+8x8qU8yu z9KLFSbpPJn9 z;L&L?MB;?3XcOC4pErk}8(F@Xz0TUDYkiNG%MI(a)*IiU3`3HZ+V0w0#bW(RvA)Z# z@2aKYYo4@#-TuUQ;A{7dceVHKO@~_SdTCN+?CQd)DSHfTR9Ps01lW?yt!1eal)uJs zRmKP$EnV6Mp6J~`d@w2PSG5XNvl(l+R6$iJCPXPs$kG0V43i{f;a&o6dzmpN1V%7w zYc9ML;!NY;R>OpeQItvBy&<4<E=5|M;+|d!crFkGX>51&)*H> zN#}MoAzIVo%k)OM<;&r2eeQ0lEayslvrDzH_>cwf2A)U8EzZd&=B`Y% z1L006J2Zhh6_PzU=B~_24MVpJQA}t*e{CatFC0|vM?`B0x2pf5sh7W@_Zc^;jC7lB z_SESsgHhgV-qaI%ds;NcU%3#aU&T}BZ2Bp4VVnY7Q;y$nb|-k9ulqn} zgNeD6cs-^_vK^+# z{3&6>YU|1HwfmHf+XCytN{zo7EF)@j0{Ll|i&7e7-4ebVZ~60eYGacOMl0{2BL)}t zeho7i?D5(Pw<(lvU(FML>0i74niPu(fy^Wg&1#xNP^QxYS>RJfH2f3?DF5(^ux{y; zV;_@Ot@Lx^P5LZtZIDOox8K0Uq9*c4Ec3|qRW-Gt!l1S#5?kthFGD0P>EEu(4k=fM zljy#%zt&BVVZd!c#9Hn36LSODjH_uAo2Ln6`4lowm8qz$%vLXJA~zzm07vnk@5IV0 z`3Pp)RQxqWu`Q7BP+Zs84#=6L%Zg3DBJY}Vl9A0rYAYh{O3Lp62%K?)_o<>;TaSh` zwYc4;Ptc9nf6?*qK|G>kl!e)>=L1vrYt6@SC}vf#d+LGgyMfKzw3dLx=i$ZFM@jJw zJd`AZE=`OJpu{#qHoW=-?JIGdi#oGup@dyU9sz-NYQFm8syCUEp<_)4$VF>HAm0w*0Dc=HNbDd}O-9nZ zc1uHy@K;#UFTD9CoX2bf&ZyR+m!xT33qcIC>>RrtyMB=ZFjudoYow=zRlvKwuMlME zxYrl#FEtg0@?r73nV$<+U#dm&=4zG~++D(THKkiH>i%Q8 zHfg~_`^M^^Os3_y9limM?pt$Cc#1u`SR}WyKSR#(gl(^LBxjz~%O(X`sGY?fzp8cg z7VL7Lv50*KzZBgl$lg19zmF$6NN>0sRWAEbZq`g?{+4ijPH2ToJ~S44r6ThrjWE47 z%`I}r{RM%PZsjF=DME><%a-8Ul0>(N`u&p{tsg#@0O!+G_rh{X$uq>QO#-&j0 z35;hcbx+wn_&D$gpI+^RyAgEgwok9l?p0Te+)Nn2SM6M-(wa-#zWxw5k*cDd#rk^H zQIdWz3<(#kWTT1D*<(&ck>Wo=Jh7CN%eg`8OMT#s(C?)-dx zAm@!w>w7Z$p)8BnD*1T>YXwEYKsPCM!15HZ|H)sWUmdQ_sRM|ImD&1X_*M*yCtJ&4 zDOXJEEfLP0un}41sr!^Vc1nBxLFAKmY80;yKw|BY8%OI%tv?F2%PnS*NL6w7XuLe4 z`Ee_J|1DL5L6PsyWA=)1vzTEqwOUpifXrN$xqBejjo1EJeaT%uJ*e4mF`kX}^P-zB z;791A9y~oU^2pWMaSBfgK;RzF$2jPoGrCnrYAi84_1_mPw{? zZ{9SYoCWQ(_mwv;JNA_*N(@<_f<2qpdgeDs>xbhP#tl$&-v;(#$RvIURqA_Fw&o; zBc&cBJA8z4bT-4wTy0{8Z@laFC$J~UY{7w(P_uf7_5^I&)N86eB`+D_C1uilh0QPn zR44>W5AM**3*u1|vX6tzuHN>OokDA{uN^gy07OFdDEir(=V3J0gz@Q5Of}$C0Tec( zxmL4<7b7sta^bBtu=Ph@db*=mg;PwWTIgzwUvQV3f~>7SUv~&YW*_K5h7m3H`h?d$x zz629TH@c1VHiOZA21i+A4{c`gvW0{VVhG}M064D{KA8-l<5&wL^^C@D$7 zPUJYv`<1;<5g6JlZ|WpWr#Z_MpiCw|mFH(Cwj9GwQ^P%%tSmu2O2BEMStRRXO%>kp z1ta&yve;~HxdX3ywi<0Wzwj>7gkmoPQeOqSu?_ueIlr(anM?3*l3w4AK+}dE>MT5K!$JK^>ZgOkglt!5ZH;jt?h;qLXtNo|JsBToc8E|H(|YVOFMi6e zeJ-WOd_Y}MajSJm_t?jCjepv%N~tFGu#54Ycp{$|X6G z9@-t}S-Gz|>-TnM^z$j{TVeB$b#SFw(cWQOLc^6QA1&3%(>)h>ErUYtZ!)S;aUA-= zja6>o@GGqS;d`$b-$McJ9R+bbRme-V$dPmF@+d==9p@*An(xP{`+%y)v1hR43(NSj zLNK6P!K7Yl9Ic;k+4#$JhAg4egzIo=YsLN7K!amjItRXL!$Z4U&1**faWWir3|Y~7axVjs5c7MCZ;s(Lj(^1MesX{EdFJ$i83y%k%pA6viYszOO^S<$UtgVO!2 zYA#`Be+SE6g^eh}B7il1>Kc*0Mc{nJ@7^DLTcI0L8zb?6jt z={g|zSYmI%k)E!q(GSICR_Q?gwA-(Hi%>HB@6L+CxmU9)iDh(CB*bKKWJ^N>P|QKFn5QH`)mR_ zp_&rxrjU$D;L#?0hnbt=(X%8m7hr{ZC5{^T>UG@7y~!0Z)0xg*Su%;a{8J{_=;3yO z@u<%rin~UVT|byow-bnLW@wf1iS4{E82@ba1vTB>V=)zg8SxO9V*bGif97F+6)iy+ zXRHx@60eWw3SUh?cI5ajd;S>=kE4#5M4h4oQE-aI_r>22M9Yho@iW6RNkK>o%3o-7 z!A(H1;`fc?7ece8-=nh&3*+A!JvI-?vFxzSj>;TXiB$d2-XfyduZE?ekR9|4;_~8? z8NH0hy~(vxxI$WkfaxRLIjgt%T^uVEY=&^A%#k=>&SeS6AAIB9MBr6nU2RxE=4;_q zBz%K9Vh)JGFrsmtv>JLuQR;)#cVy4efGc%5d@`Wy!=BR3*t^ZXG-A@f?)_-q*{pg` zx3j!LnqKgPaF+GYq;Rs=#Lpg)t>K5*;ujWiDlz_CWcW1YeSm22c_uV-T| zXoZ1Lc*9g$|8)qSEWywtc;30u!^oE-upBNbS~<>hnO7&dmfmeoX_ZziNZHa|MT{5? z$^KM!T*uSAFmIO^$&zgK@u@lTd+w&Wk{jtD;*ePma37fSt5K!Vw3 zbLUQAj&$sJj>5pO!r?te0^x*^RiQu|uqHFuHrExa8-5ouPN*=$+AbXGNy%pg z?#?HmPq0+V0|Zmb)w>d1e9)Ev>38b7U83={1ST<)3Y!x{*DHfY6hoXoI*yHWxWQ&S zDoq9PghB2ErVW(_Esncpz~XH$pwAWZt;)^tuxFd@REcYFcT675gtkY;jYp&J`#hET zXzh0gRf9DzEQbw<66;XBoRU?*0C6hlsQX zs2^w$wSrgt?XSO3xtBd1>KhbsXx|Q(dGp!FH_^3XRSuyWGnwHcd(y9eJEG{gyQx}p zeAD^U&ziwvJ(g~d=J=9hGJ4nfjr)3Y1te(dXi7C#;8Cn3ZaBtH&rw>-H$voV&@g;* z6AzajxUy5iPCSD9^R?r`hyWwX=hxKJQJh|X=!WmE)NOR&U#yL|WtGX!+_C363bf>4 z=5%elFM1FfU<}UKzs@s|25)A(BB#mmMObfEgjdcDvigrGfDO7~8;_nqfX-nuDy0RF z21IIc(HOQ8h`e^ZyfFr#H@FgMi{x#bm$SuG^_$v6a~%wvtL*h+y{>eBrgKItwFy-5;MW>Gp;DJO044=O`GUUnU|@?vbsiYCuPBua|uNf!zDmQ|ITsUI#4XAhX#D9A8`xxswL z?h?;|D2mjM4iQP5LewVurrd=pHlJZE1V{>(6fGZ;3)ar2yA*cqXF)ZH#}vd!GIpP? zjze@Ji%0c%md7WOv-*!=_H4E&GhY+T{(MA=U)VwV&JAWyVTJ!EY6HmDOiC zx$k0(v`xI<^CNUSw2YA|GX{KZF4G|_=?=22;UD@@Y7NHzqgL81feFN4y=Nbw^gm-F!H6Axk_V{@t)CM}_SqEL~ffQ2nH0@$rQfTr_4Mr(B zNb=dB#O3yD>4@d~w%lFk%TIQL1DY%a^NrQCgF`9IYQwC>e7j@cuB51_jF9q(NUQ{} zCld5SgIhp%6kqhEx%*#ahd*^3Wm{$;s;c?g9jEA+TyB`*(Y%>`G_RhUIOiquUDTW- z?^JuXOkc8K(ykA9znbDEkaGfplZ4?`;io}jiJj4howkyPhOqjINy4Raj~pu z&cKVHgJ&u6tKjn|`+&D`bfv-bIYEoT)P|Cm1q_K!_Iid$FDd=1uv}ZRgfUvdEMn7d zPjO?HU^Ak&NcAD4c$l+8XAkG`L6Fl08voX>Ny+OLF~8Pz*yR4oqINrQ{Ys*Fg+wl) z$zwg?YjoWejgBOA!>Icso7ZOFdGn?9Zg0@OS2JAO?TAVHn}z zO4QZDf`ue}EY&;18Lrpb-kT?M%`>xEtI93!KEkxu*KULrXw~M?TrV(VkNk9CdR2d= zstPW)sX5RnLGFT{V1mA@c@L{(M|OyIGKI{HM{vGSo6XzP^^^w!*jqXj?d(?<&Hbyavkb?TnOA=wgH#8O4=6&+Aba(hQSD-HX7 z9;q58_F^OWdlZo^5v4g9AIVDdG!A$r&(MAyKUgBBi{r;fS~aY=&ln3i5N>0AvsdKC zV7g)gfg)+5sh{dYhvJd=&PP_@G2+%F!7iJm-;}sCsTQO7KKw^QM{&@3qqaLfm`Cgz zU_75dz|*b9oKK(qS;X`0#$VYxL?%#s^*R2ITqlndVHba zY%;dYfQO`*X97uu`;Z(-gWX0>jTBU-lkpteYf@{##RWU=CmuTcVz9Izbzj)L$##fy zgDK26?4U2Lfdv*e-k%6R2u*hmMAAalc;^lloonJ?#_1b%`4szK`{j_V3x z8p)r)8H*kPijQmybB!+>hor1te4&pvwHcc_H=g>O&bK=Wm0(u!+&QAP^5oR)(%f7V zPatQu*YZ$}E;v=B2T`<*NpCU)IL{Ff6(t$SzNU>yqs$dNNiv9nICR3eajU`GftaNy zU*cbkoOOMd64W~kV!V~liEYlFX%mEP>xeJJ8@z(ar{?Q(Ys+Yy`qLwk3`CZ+^U!|o zwt|^24P!|}B=-d|M!l@s#2ek3PfXX0(~b(O!4G7ivm437zZKaY|IS_#w25sZTxt#T zdU0y%&`>-pFaH(HARpHW$yNA}7*Sjk_6F*R;nBoLs~Wr0v4fC% zZ05->ej@{ zKBZLhbl`qmc>m2q84+0dfSOkNQt#uwgvW}_JXR@TZi>1do5#tg{TOVvbXnV*53GE@ zwoQ~|T=q78VF0K7uBfu|SwXR?p<-69Ho6!09f|xf{yGZ& ziUdzV#yBU`*BMb2caSeF{SLX|=HK|5NWf_tlEXLosxLC4-S4NFCFcuGTn^Fdz7Jh} z=j+)%H#OGR`lGmElxEy5Xer0Lv23v(XLxb~&*Vc!t@SDR$)+rW& z{8edRw{|g-hbblHu#=VUXxZ1*flB^vIP(gYrUrl(t)y27{09}99r#38?iQ}DJVVIo z311*>u*k=5aqNb?Ggb>oYW!Bf-zMTg{y&=U*1V|j2!2egV?M_ycYj>gK!<^zhL zZD7+xyv-3eqg{!5=gdl=y4&L^? zReo}cd=H4QkZ=>PYe~yDx0tx;9frRQfktDCe&E{#oFk##&+3A z=-byp3gS=&mgO;3=@BB<>6b;A1m3)~x*9lH;&Hq~1JG$nt!J0SGCo}kG(z^H(ZzLg zo?>bK(oLgb3|2MezpG22)Gxawe~S2!uovC}ddHuajIc!l1tdRaWAVZjk~_9 zx43StrQvG45L7|B+l&R=3W}|3-tqm^#xc6#7V$nN09DcDm@8X50~ESdpoKd;)^@l9 zG9%KunZ|loJ*W{7{vHuZbk1qdEc{Fmbm^MzmBz0FtKJj}k<5}}0}W-J*|6}22e{#K zYMo{<79a}xMh$D_(=QqUDWv&picTf?*F|s|^=2d_yTyTp@||p+=euve_6``&>B?;N zRP!%KrntT~j}aTv7T7d%-@xbeQ6lhqVUM>DYe;tk#pG$$eX_@*C^I}djPjvY$`5t~HRZ;VkF_?)OBKPE%ZzF+seU)-Q)r_kDnUt=b$X@KBi%OM#s$cVQhTMc z3%zRgpD_0{Gq}lA>Nvb?0Q==dx~AN6+8?&9Vn@Zf_jIq~H9(tca&4I$3;+SmSMt#A z0I@9Q6SYy@{D{H4!!@?<*jcjnbaYK|%3Z(tRA4U+o{(lAds=a{$*8nd|K;Li<*0L| zmIgNEJW0ddRHwd&JnlWUI=yatw$?~OIqHGXhj*YL*4;>e1%wq$G#aWF1wi%pf*lnGM}O^Wx(a-W6+hj zi%ofO5PiwiN9}j;Y)Y9`36l(W%K7cn3?y%ZV|rpdSs6!Aff55Qm%f;VHwW)Z^1&Nc zEO3^Qlsr=$rhWo*7lj#IC)+-NnShZS#X{ayR>V=x&!_S6;h?eqGZC=pNR?MMIEw=^!gm0xFXAsH+S1C@t-GHe9j_17_w+8WA9%3&T>@c?5>br704f0lD>F2!O^TS^-AhK&&hyLsAh zpKbwF!$y2hhFScq<|7D(1$}=t%8R&G!FQz|_O;NzPm!VxF8cKr%0Nj`EcvrLTv{9? z&~}Nnx{v0Ml)iY8*sHLYV~|{AqA?(&S2gPF{Zd9l+p&0($F6tOoqJ+|ONk_p!}u#M zvGrE9-vX_yRiWOn+G9_XOLUdAB3-S_?nK9lW6S=_1JbsRAX z)w`xT-I=_?PoWaV)a<)Lnydtfc87&2g)f_dl~Kj|)S?CvhgNCjfDk6iDQlYdCffHX zXLQWv#Ri^QQxV0NHrbUUeHD3XQwj5+-1mf|;KCQtByAE4#OZhU9xa4Iq@d-+ zYJTJ}=WfDXqqADH4UfCn$60*Y;$RbiO0XWffsr%S)5MI9A z4>(UwNo=WgTK-t{K{(VKRA}^J^s7$RIF}M<5>kTWT|^=|ZnnB1>-bYJa}}M#m$*q6 zf8k@SmmGG@?Kbrj0&=leTIt&x%{R>nn0=>ZzHMB;xiaLFJf9tk8xUK}3>l0P6a& zvKQxZs#EKodvC9P{Jpxo=8dZ_&qcMF7_R&M+k0Ezv+cykA z8YG8T`DP>w@#FUd*t*R$#TP!3)lj+R)$z2?;7EM5rV$=oz`M-wwt-`_xV%wclL-fi zb$@2Gq31)=gzyiF`JAA^d^t`|)HhF=R(}-!)`w4>T=^8uwJMTgnUJ1{V~$Dl%=&?r z2WdsRlQJ(>zRx{T=8D(u+~4>Su|B#0RtqxY@1_Awn?&&FMfMBYNS=(fe%)u$gbDrh zqD^<;{FPlSXyEx?nr9+@JzbY}8SVL(PSr=J*y2W{aNs{9dSgj%lG#em1x@PY9va8E z6Y;hW&n!53L+d@2IYW_2B4ZhUhZC5h6^^^x3{!|* zYupw)-%0TDjHW1O>f(5vvii9%DOX@B!UHxbVtcO?Z2#ppKQ-v3E`Px>ENG{j8oQV@ z9WJR`pxZPFJ+i5-t?I_H2kWnXh8 z;7=0XD|Hc5yQ1Er-As^vEU}c{vzPkR*-2GzCGLc9;oBMS{!M}0-B!%q@+S6?GPVb)kCyr9zasbs?J)(S_-LJ>vXh8i#z z!hMw@^=L471>zO=iWKI@T>4JFB3|OBc%E76gchua18Ym4L0DZ<_m4@G8Wvj#vZAGH zL98Xdi8`CuAOlidZIc!@$>GlCB=zTX-@nXF$~r{`R=mD@EQURX*VT?zKYMotZ3Nfc z0yRW}r_TaMOyEth_HP+gf#z&|D3co0S>x}vvG0?m_1-5tT=EHFjaNfcWcrd8D|8Tz z?wjSI^HuZ<^DLplT!UCbK!@1#oP0A{@TkoB<4c1*JU<=x=Q8|;#PWGJp;k_ z-tiE+^hTbp;Brb{UB5XzioUmK7Bpy&?-XWp+0gW z;>W0yMGgMG-F|nmKEloFa;b=7Rb|B5pgc{>b$z7!tH{C-GHY>T+?>ZyfJn7b`Lcj> z_UD=C;jJLBgzVJy;I@JT4#(7{?2)pE!H_EkoQD zJEXWMk?10t8~Z~l;9z=4lbO5lwk_93-j@}nyq1!7f?7*UqrauuY7xGhk9zxe3Z39d)JL$|uIpMC@;b7U@GAbjG`zUIB*|~ToYFqxq#`-95xuZb6 zdf@p2Yl(Z^$hA|!A5#ec5mRmV*;;d<lS~+ z)Hsh`y-P9!l>mg59=qGsf>b`WZpOudUczj5S_Aok-!3HuS$(jWZhGulnMI{RE3YoBeC^;6)kFW?kIIW0f1EeErwq? zl6=g%!1#=}>agWg*Vp>!yNtMyHqH=x-}s+L)7PGBu7|S1Vzc|o&!JsHkmJEoWs$}p zR&~=VJMVaKy}DsAg6TB&{d%0fT*6xIN{B~)c9ThmKwr=5CuZgr(IKXtT(@I7 zA3RXj5C9sw8dTF(Q!TEVepez2q@qfO^f~0*Ogwa>@*G)UUt&I(mhTN0bpL||U_08a zhc2)>;oHHwxG)QO;F#u;GJ${89r3+82Q*D0josYh&iTF*3TPV$^a(Gv_ z3E~|9E6>>D2NQ;%@I8~=8@CLe&bWAkNZMh$U%0Gh9~qj-g|B?7Vnu$~_B)8n*!B>s zvoo9t{$4T?HMp1_@k9hExO2e>#g);Ga8sha=VLHeu2D*bd>wy#eKNy0nU!}z>B0>p zqKJ64oV7!N_f7`IRpa!e2?JkW%joR;RvgAbZJGRmbFXIHti7LIq?L~Gl5ErhuBr9M zhX6wCXUQx5yK-(2DLgjTPwT}WlV4nuTByq;u>WlD%>BwoNKj{3+j^O8N`m|fWp;3U`Hg@iEHAA8A`Lgf0a0BsnK-w=t>$0LC zQe;HeU$zQn`{t>dPM11!1|K6O_V+(|x))MZD}X_q%hTWwA+1C^{``STr9WD6=_+}{ zI7*h?%Uzw`hI%%YqF#0&r;9k!A(Sguufz{)+zM>pNnN5#BMvV6L=nbPoHL?%`hcx~ z^IrVj%@eqg$HEyv87vInTZXJRZZm3{_CF#f$@5StITG7_vNL z;=BlxWgY0zwJMz2{Y{!5Gu&pzk=k0)h^i*?C3qU+p$|2a1Sr<&ICBx+eJad4mUed^8E z+kTbX^xWM`3J_BOW3a>6diHL`J)PP8!Ty zKHRoT4jlScY>rX?)P801QEVSrf->XNcTN|gM7(U1=~J3ax@UhwDbD`^2TinJF6-dKG$Xey{&SFyitIM4^l4UQ5u+ZeayCC&ndYT=eoY!E;`r4rb3m8r>kukJBZic6wbn@C~|X(#=O75 zy#M%qk-&*QOyG!;UX?>3e<_8cc2Fj3?j>Qx!vXq+&Cr)xBrINQ5)zs?$p$e~ZqeqGn0` zacLE8;#0oe&aO*L>M_12d96O07x_(lO*hN(ZSS4p?y*(9aL0&d<8FTGSJ7=zUTf|> zKoN&{pR5V}o>|JHz?p~j(5esXSf`KL38LD=L-@8|+yWL2mS#IzWu98rl5U?Jq6L4C zk`e4l3ipnfh@f59|h=*^c((?y{u(;%T2&+hVwJ#6^{ z)I~V$PT}nqSN9SFa?jb*Mj%F@u!hP%Sv*?b_QTY}Oq)*@>o0(9pW>e{{o^-aE? znz_J?xqVNYEUa$6jKU(@=g$Y-*UX~3ME#1O*b50R_c5&<%m)ujV=Z<+o#G~Daz6}i zm14-sQcW9Ifk=fBV-AH?8pECzq$Bk|@-`3i@(l6-mL49YeUGhwWfykthYOk(Wth+o z{LULxy#*9OeBy%=9$ayd*cG2Jw%yTyP!oC(GAR!cvw)U#3Hh(gNLhq?hFyIZqaTXS zdsIi&K#ucfTH}h@^mt%vjYO4BT?l1}N`*283wdt{X1m+~1#d|iUp?Ji%MwHANOm`l z!!Ny~fy{aJgz;?PK@&>lph>-}ups$3o;HolIO%Y{Zs{$@|q?!?1?v=GgeTthGgLl75wJgaQBGRwI8R- z+U8lSp4%I5DT$l>?6wh~2EY~$E=st$yCF47GlHDO=)&FgdDyihxu9yPp9%zD|MJZpI!EW3&#S+I6Ofg%R$QZ9 za%#_m<%?Z(X9an8bQ2cLs2?B|!v9fI+(_0!=#B7!b}7v;2SG#5(#IAar3gxiW=KdZ zyuG-i_3Vm2>}W%tYKHZQfhNahl<{G`IbSz8(3l%n`YEH*w`D4^1P0ic@@1o0oc$jG zH_GRhE(~Ux}ajt0H8b^&I?HoEBEdi*JS4H z-k=-i`%rh^CmO8JP2hud!~mR~nu^hUp~iV_mgEHx%|8)cOEQ%s5y2g@>vl8@X35BBBr44#nAS%@|O46f+ENzq9gQ ztX)59GA)V~SxyzpMl7c2v4dqB*2VW|TnX4t0D{`%O|T@Sg1d>yOesH)OgA4dhxDNL z+LfPE2{|!k;SlI9cpyvj;gaU7g(1hAAfQ0f=fGb0m>icKY4u!mVpbH|5{K_94Z?9f zY$9@=k9eJ3LVv7M9_i1_h|7$JO*-opzxv30d`3%deO#vU@a!vjQ+?%e#OTn0A|3Pe z9;mKT-?K1@r0EUx?8SAPP*z4;rh||b^;U7ko;K7kl-}uuwN#i$@yLn+4De?aIK?A1!70 zJ%n~PF`GPG6+dz8hz$VRUd}4%!$6DTGD%BUT|!OJg=oJG*mFcXvGAflXcb59J7~p( z^7r!^A;ev)f*2-HbA-t(L*|LKK@xpdM<4Mi{Qn zg*PJSpc_nP%8hUhOzBZc;-ZSX4>ho$ECTD`l77A8TllBU*YTo`U>^v*&51=vmr+XhM%4$jIK;0AQMb zHg1hFu?`l048sY>nI_9D&5RuM3Wpd=?s%!GcKjwrCX@^E8HYun;IIP@BK8MM;vedQ zQGp+nUL9fJA+Ny;rZK9?7P>}Vu;CP=4q2Z(s8&>;A2}x*y67IPmc_CWTJiNow2MM> zM%&$c5eB$j$>oW9zfl1Ns7}35GwqU(B#&OSv20ILwec^?&^zJLcm0UjB%+^p*$rZ|lJ1(DLLIucIdB(7 z1@Zd*X|OM$6ptc@p5kUtCEy3by<;r@@DJZXo_)v~Hp-`(i0!m)BO2lW3wLmTH@SdI zFE#D=kVdMu#Uui2AfnCG0!RJn(tUKMn6%r1%dAWtSum4SO&7Y1HCAPgs6>NkXE0Ms zz@f{7wy)1Sxa??fKwKK23X`e3%ZJ?n-V;rp$&olo4TNGN%tqtAKC?#>Pl&G9E<5pP zeTa*Gq)=P_Mjn0&IE=Zk57if9tkbA#gDoRhslJS^rpbMj>yA{>6Fcl_2UwGb#LusI zXJVgp8HzC>?BJzE@dhbQQ&9@El5-q9%Xxd?X4aA;y`8p%V5G=L;!DVyJ8c5e#g3+> zt6puNh29k_O%t~#0`x(Los)j!NZlO1KFS|AZ`vX2sL-A;wc%(xNJbreh*obmq7fv4 z_YTwe3)EE@I;6aE+r=}BJ1HpAT1B4Gw$ol=N>PDW7a~1h&1hCtLR($hb zXYr!OLVZScToyJ^9GVVAQHD&HK*Y z7cb>Qtpxk1k=C_&@GE3WiiG=UcZ%v%=IgkI0*|b#TvytSiBE=yh6xg8F%>PM5yp<6 z3l`~7milTOM&r8PIyFp9CF+v0slWLlVcFEk$avROi>LRO3j+NdqiiMntaIfrQ=j1P ziDQRX^3DA4VP({Bl4mwG#!wVZZg%rYs*%v27Vcb+Pv5H?@)5|vUxlW}g!7~6Nnink zzVG1t%~Mtq$GmYm#(HQRSAu1s8&f!*@}jypqhzes2MxjpC=L<(Qmexkw5XZf^GNs=w)G5IZ8 zWla(+A1}P;CX8qFS~?~DhSLw0R7if&egxIbibPDRUQmJNM|U|jEr%^qwA8qVC03$O zKLyMzKOmiMhSlAF(?}39=Y7{w9!bQFh#NbqA>L_wd6ux;%SZWeAZVqG6KtMHLwc|M z{2!?1fOl93b-5IOC_82A(FWz^_ST$*Hp-FKid z&ja~h&$`F0!Gp|(2?Gg>$<^~s7Gnm7zr@|`1K|q4I?Vnig~GcvQs;=YYagyLHv-*x z!X!l-C-|)&WY{;#J|s8`VZUF-nRJHX#>M$HDLI-Pn{eN5%GImUH)K6|=^%Yw_PqG8 zNpN+3=*m5XI*q80vyY$B2uyaw(y+xD^-z*CcPaE)apJ*P|8Xdf%J|O)E_h1O*V(OZ z9}UBz1+_;S)u__bgH%odaMbgu*37pJLDm{}MSFih@&-Z)$6S-S2xnz6j4bY5xrY*l zHeClI@j5l87|%HfcD-4>9!k!wIkTV_W9?Z_2dY1MtEoCIAdlx&9=LpBm|>m#@udV27bQ3Jnk)^z6qW0Z5RmI_+f{XfTa zEdp(pAJ^0RI%mp0-q`HeJ6$m8UAnrfoK0m^xTi~$EnJM~{2V0y{dToVUD9{nbxNJp zuSZfsym{%E;Z!`vXZzM5G0l5}CudaGWoct7Af-6Aaf6M^Oi9e6tI!!0Xy&Rdy4-NJ z?q)41AY>WlT<&wL+uSeVyhL<9M7VGhYm-Jr9jz&Df7$ze9R`wm4r=RGI+I(r`y2*7 zl6|vJ$Xw`6!OTdO|;LS7Z9lFcd#+~sI&JhV&co_ zT)0DLKDvN~yJjf%1m<5%!F)mZrZ=-?!YzM z$3uH3{ovQC8h0%DfK6LC*O7(!vtlZ?MT*p@I5X;{57%Y~Lk9%;Yr=@1+)(taN#JAA zyM_cP;RQdQ>2q*o{*D`hR#?uD$JQDW68RnuI2Uj;)UVG(wLaD8jUftR@+a zP1twHx>7e-L)L|s<-CF}gv6BPKW|j22q!3*w}DN~V1gy&lxs^g$tSu~8s%268+4E# zqkLhNW?;IO2!=TEr$gUczhn2g1>s{ZeGKVU?sTK?Y8NA%PkRx!-sjwMpS=P0&E?&Q zT4EKutx(_d%KnfM46`p)kGpc_|Gd26%sCR@AMF8q=rOr$dXXk7h=LQkA1L%mt|mIV zAyoe`Q3i*dk7GNEFK5adk8k=jeK`evV*l(E zr9mvTw>XQvc+Bu;<8d^cu5~dmOb*n>KUS6EiP@tv%THV z4j7(j>1im1j9_&_<+zM()DfZ+J0F*iyS9XO1a2&ET{c-Kep2|bvNyKGo#<1IRUD1F z(F~EY-9UO@+FHY2GUa`-5!~>4{`#oFmBV9H$M}HEC$)|u;mg4;sz}!8)fOUu?<&{u zJx4g?6W)a7fOhw2!m(dHm538y7OdX{QmJ+fWfQX-dbM_U@d|GYtKC(Ge;=8c4NImjvBp`@1{6q_OL*!*rN?DqasbDEzFgA9W4dAFoqTi^a zTjGJ~loG77h`S9?3RtPj+`J8tLTG^-Q4RPQg!o3vW^@v5TIZsX!8<>h(D3 zm3Qg?z%KqX-;rG?;Gu;-c{D{1xmfmo!2s(%!1Ln$8-Ngve-Y~PI9m!mJU-nIX*-Yw z%;=_;O~?R?roZg$;yFec3);+V*TZqRAyAR&Rs}hAW0I|q#<$-FWWiu^xG*BFw&~mIoo_Bi<18p1qubIt+cFyf9W0n z=j)$)0TA*H9nbv#jBW=`1VIA)v@7(x&cEKyfQQc(mv<(USll;l|CL($_s6q{k3}d^ zzV)AI?ymUUN8@>$xQ|~)|*@;nV5YzQm3*1)Y{NY&?_8jebECm14&mouqi8mSJkDBYXbepvHo92 zP{I5DSwUUoL>RPM|9a|w>j*{~q^}ms$*i0>PUqa;#Qi}t{r}QK{^zerMpyzCgEsMj zcj!8w{2NgEFOB$LzqZ740M9d?4-4zx&-h=r{lDk)6U}l*WR(9mgzmrJmj68r*8kqL z|7~gi+ixH~eH5hscOd!e90Ddq4`K8%sYyimAf^Do2(wr_9{|Pw)LRN+i#hK4Cid{~ zsU=SSyEK3skC67FT$9I=k@*`q{?p{Yg5w3z;P|Y&@zPvjz-E6v%>OvdfoRZF{q2Bc zga0)5{5@d%mpwo%(QNoi4in%1d5He&&st*0hB3@~7?Y;{KMeALazOkc?Zxu{qYE;+ z$TaJ@`saBjE)=jw=Z-=9ujxCq-jTm{O#Les{%{ANyT$H(U#UkI50-jKk51H%U= ze*^?xT4>WFi|RQyeK!C-xr+S@6wgxYsQ8yDI-r~tvIy+t5f}c zy7>vWp(EJPz~Ju9yw6EpL494_#muiy^Ivs_#13KbD^z#8X|yVd1vFnLSiMn7LOXy7Uh@K_QJZwKH9@Y_#wxIH zIF^q2WlFWB`A#^ydQN|8x>4}Il53Lr_!QMaaXJ*L_T}zl%;wqq=kUxvfW`|xQ@Vr1 zL-5m*nd&6a%?lMKe#}1R?cxATBr}#DqwUg^vEu46kQ&;bz~Ou~QC?`4tN7cqS7x8I+5p;p z#(C*ln)`gqg2+}e1+dmq>j2P*LI8{`4?W<>g!&Dzv!_oU?+8$Q31pDQ2qv|g)2+id zQ|0Idyb;L_ea}}5A(8+9-0Q&(AVwnsToQG~s(`Fqu&zbgkM47~8#v$})drZt>ea3S z%YQnq)W>M#`Tn@3Y9|B@kysVkap4URnuoIv_Ni)qSdOiLk1BBN{Bb%4o&$*UJy}zp z8*SF&r!Bw+U1h}VCLK_WiVTwS3S^1=cEh^MI@jv9*Y=mwfq^$$&tRhWF)*( zIW|%E;8e_Y7vPfK8`6}VJTQNs^#`~Ts&?dcP#&{&Z=rfl8-N;RnqdQ6K#hL`=y_{{ z(fxCCa7N7CL182U0;tbJ(bnnadYpvNiq==D?&ZL%en_%KdTr@NJHkxl7vAdEvWKA8 z0_C5}bTOYx;rzGH1vEg~*uRZm1k{DZ#4-(dx|Wo)&&A5!ckVnSE`+|6C17DD%#d}$ z&}*m7kuwv|g#}acaB}ZdR*$dlPqqVq%6w_p2oR-0(3aT;^_uQ#sRqEB2h@YJ6^)d4 zf2Wa>UJ6j&A3yr8E@%&!aXm(Moz7!8&I*j~R!AoTQ};1%5Cjp^e(eDKXSC5=A*T%O6t zg>4$mfAhrsO8>$w3b+)16mtatc*jMkeP#yB!d2PKnsq?du)c~zE7T>mUtK452F->| z<%rzI#=t^+FE~q0NWBbg70n|6>5OSdJmsg*TwDZtC`At!fKhhP!lr~X0L;e#eqO3g z!_B0I3O=GC`%&f8wU6vvF!65M$FvG%Uh6qSZ4av@=(_0KQ@_nQIR|A?M7~kwr_@G2 z1x1Q)7h(9+K*A^OGu2bM3~t8;fQXALHt*?OqP1Vzh>8!~w zU9xjgWeMo5bp1#1ZGbA2A&HZn43mr$_yn}V7J;@dV)3 zX7UO!LTKmyJ}??Dm|4AK58T%%Qy1m1mmfi%SlIIzt5=6ZBto+eGO1)y8ug4wihc%g zsSV(@i8AfNxHGxd(QZ`x9Oro^Jtpo$^k~cYaTahOxNgI^vsy$H#Sall0;xfIWQv9~ zaAiSio(+o#CXkb+w(0NpiCAI;3ZIpXAnTI_8NPJ~CA>7Gx3wQUXcmC z0)5H;`}Z2L?vsUTr^v^|$T$`!z|kWFn^^chu539JpcdZ|vt}NbMaz*)ugiN_B05ZE zZ&h%#JgxPIQ0D6|i07w=wo@48<7915{mxVR76_##hYVA0AOtc=&a za0L^-y14DQPk(#fQ_E9R#d05uWmp4?uklFZY+dq}#!_JEPC|v_K`%!%<4@{WMgf+y zFQ)c_FRpr6qYq#=)(`Bv6b2Y^R}vvr|AP#-^Sz3(9jx zPu9YmGV267+nlc-09O=A(GuzV<;obt8L&XL6w@%68o^2GRb?f*^FZ+rM>?Fvvxr}I z5m2GtL;KNMo{Uf0I|9vv5OkLGtr&NK=shaBZ01$?GZrjeoGJjTZ}~xe!cVI z(bI{s3b<{VkWK|5ywd3q}YD z!u`#wbf6dtpJI-4_W)^*eaj)f(raq6X&iI!HVs8?)1a(gph3}!_5cmh9S&%Y+R+xR zc=`ZC8Q8H$ar9;_FVW?;K2wM_qYn?`ymzl|`^z|34DJT%vhmi3+V^qYrRb|w(J@&h z1=i6kw}S3y#>A~q^u#9k2_rBGBhrf= ziteag_z)U6q$ej@LQmJkCrCxQ@`8oKa|`D8J*=#?#XL|J z45z0n-XGVGQNNFm4JWsSy}f^&0At{;BI)dt1;5+tB>)Zm=A{XLN)w~i(fN)@y$+2p zwS10#MuOhPzH#lF5@1gUC_!3z!&%*KnwoTgCx$FaHvjyPHfMjA47Vx2h7ZQB8(_$rIRmEq>a08E}dx;PPi!F}`LhB`3;k_0heA-$fidKkPJBUmpjR zxGu;I3SHj(j4GQD_@$qIaptY}H2t(>pJD9e*}ly&+Vf(!;1+OHkohD7FYSrTKK)tW zMAJRCSC%f!bM4XarSljNY&AN00*2H@+xO;L$4GEFdjNkQYV;y^cH#sm^jVgA9+urR zAP}AjKaKq?v_-HVDtVPfzFp>bZ7nFVgwgeqyZ7*7t1J}lA3HeOBC7Kd(=}o^o$YbZ zk3-q&6dtHG&~U$mz9CHEd#e9Ssm$Z(xbIx~-fe!#_b~!zSC8j395Be+*>A_A?T?Hr zS+RhARKntK-21Q~l{}}Q>9h0T({>>GrE83WP^33a0}~S^FnRv)*D0q^5oY$3Tf&;o z1wtT;Vhcz@hjTG7z#2J_8Ij|!e!y>rzS9RxjCNwG7^M79+hRZA^`}x<@d-S%dDX>V z6xs0$6E7a;?+pq}ibMUz8}$va(3aifurB$bt(hK%?|yU);WTG4WA1ni91aysi zhpC&^Pgb?6#bYt8{rSxYk_xYkjB1kucR7{hBWbD7)xE!a+qe`3EI!3zt4(L7F3}{p z2F>VFA~^3mJT+7XgX_-MQcPn2GmR&YJap>`SFs5U%smf4kY4`2*2t%Kh<0;H+tdn` zfl&XGtCTwR50eC+smh#6ITVJ_|3lSzM#CAm-Cjx5K?E_QCPWLOjOa!SqJ&J zG0OQ@bG;so?g{Tf`y~yBQ|{apJF(dI$R4LZrNC(bmnvY9!8q{;{7?4kd{0Cm0y=l* zT-kRg`C<2I^_F+jig{bK?_M{5X?w)y^Tt0mksUj8{9y8pWDO44R*4|B7z1OWGB#I2 zS^gfkT`e-lZc&9mxgNHbcV*|Q<^2csdmPcU!@XYWETEz$09)^lpaGr0BJq0zy%JA9 zlW9B~x6%r!(z~;_Z48ZT@tuR(jRjFY1nbWED97)gs`^XtH@$ZKcN0%wC$REpCrtE? zN)3d5CBJ;={IZKD^M*jiPoa7K?Q}kN)Y`Ha{=vM-17Br}K%EnZ*0}qQbGGVoh#)(1 zRQb@a5U-fl&pS!4!@YXFuFwJJoc?bK0t99Dcq5eg!V}J+Q{bEXw^m ze&e4h7H>F3zijm9+INmK1rDGno7rxeT_sjEa1>b=Ct!qhUzO;RdDKE2k&H-kht1`j z<)xlVYC6c^e18O=D`j-*(|Ry_h|a6a*yn800l$tHde=H#b7PheIfJOxePJ zp+(c`tu)tdJ5(+_hg29l^b_^~YGM7E)w`h2fWUs6Cl+C$1aCRf%Av_&%G>!2$HcWGIyFIKQ`QK?sVUKLk z)hTH)T!+ECnSz_UOOqDUc%S_k0BHcKTJ3`%e4H#UKJz@!?mg+Ukf{y9P2p~5kc;rGW&$qF@STz0 zFbcspN8PSVZDj;-YQ(bj=tr*T*K6qra$=!#l%jfu{ktHgbgxJ&6OFm0^fas9RtX$X z?i2z*XnUzilL{8kv^(Zx)|H1otOd&EawW9YVh(0Lpe2z!?K&CzM_f84lW}u08oaxm&#Ln7)vFs8rK?x&6(jN&__MGk8QX-jDN1H03XwmyP`{a*BtV={ z;XxU}1Pu;k)L=>4-BW7x2WH-!MN24yWIK7L!PiLNG;X;8*KR8_+}^CuA_Q#3J)j?o z5X=sWr9wfn&s)hxDMR@VpYmnue?LVexL^7oY(qJPBbjjmfUff#=%ZSG#)BHLNZ1&q z8ZA(Xw&pu4{?Fk0&o3CvhIIhVAnoggrlj8LrQP!tiYA-qQj)$dI_i{WT6z4fYS;a2 ze)jU%xZgnYt};Dhta9?_?Kpo?5xNl3}4Bn}o_af{@dW`+~V!pIO%=wvba0 zu)oC1!QU4GuMP$M54kSF2(})Zu9jsO>}^BflUDDk{{7UlHhtXeBX7OViV;k$S4x}m z+17G(oiFoiI!A!sRYS4S;65Mg`h@EHE~eaft(Lb+xr#2TH->%wxHt7t#vy6eyGcQ@YZzMsxJoX8YG(Gx}H zz)SU5=`a}S76qO#zU!-fq?XxAc=2rDWwNK*k5j40TL)a;cewZ6T|ZOgxr7yMM6gw! zO0IllTl0#oCOXnC?bD#N{^wYCELof6$+8pY8L2J%G_z&cW?enNKIG_#ud=jS72-WP zLH&f7o`N&YJTfd!_2$aekQzIy`~w&n;wvX8p=gqx9N)bPQ-%GlMm5?*LxjN2ER3V zFMVe~l6!r+u)$``$c<=np&81R@8nJ`X}2fYYxW#1YOrI~GZVorbV7M)T;2|19AXB) zp$VPKj4^vKEBS` zn}pf+Xsh+1xj|EN}|c|3Pa4akSR$Hm^I zlqmHQo+dhp*0V2K+)eREeDhz|q|mfCI?weUj>f|*TmN)x$j;=27MiS>LjT#2c=qR*{D)^3b^((mqRjzkrbMZ>fK}+?_UcEHO0yI z5`0>M}7x)(odhBTo%O9h=R3i_>QqGN%aosfN9r1-0T0r2h>U9nAhXplbC#abTRzqvDpuS)}gTxx7kpYR`S3H2ySAV5LY+JOZq+lFUI}e>zh@ZG#r;%TPSxPz>Zu1z zpM)=8A5PjI@y1S9|C{d!_<6E%2>z*4Nag{Jw^iPx-Jhm1Ulf@x$%yqAcvKN^D0R0A^)fdYK6-j8XekUX1H@2<=x=V4rWL`Io6Ohsv;3jT zV#hE0M%U6svaBKsqs6CqnbK2Ue}YIM1@U^JbB}4h9~B%&EY>ixk29wkg9D-h{~2^AxjXtETw<((?Zt5iKUsUG zY-$mh&%SF3&%_CyPWIjwF{HLN-$9><@_yf1XfvEXBIc@so=p*~TwU&5edChYV_6q3 z99KV@r#U}uC9o@>{6f+8CF6b+>MYmoa#m=SDa&logF4l*JG^aIs?iS3Sd-}mNlEb? zdM@#$;)($sf_2>%f5_gMZo8g2f3X$5dl;4(syx0fp0c(d*VY(*H4ndJHniMLTk)3+ z*vg#;|C&3`l<9XXa$}1rR zDcK4?5_T^g2VPTQ-9=%As^8_-z!JjBr-{GnxuIWL*e|@JMDZZqBAurXAf#pC@bg1I z*qjvBZ5&g*$727QP}OyY@!nHQ>Jy)1tjO-f)rm0bY~LIlso;B}@@dyosR<7(1GhXf zF6H2F_Y+5OvZuCZJ52%TeGJ*JOL$Z`j);3cFEr4wL^M2PqtB|dAktst;_2xY*?^ta zBEqH<|HoLe$pv8so8vfp0FBVq0|V2Z&O3GID5~8s{}wdl)NQ>nN=J{wZ!gVmqfpI7 z^j=}vX^dAlP~zS7cLv-E%`RzE7}@aOlx`ioT43V#ICH<>@4f{9Ek-nXTBWAMM+ZZyqE&GYn4W&TGlb9AA=$BnpYVr8`7Y4Nv8Eq&wMO;nC9aDpcxX+tbknKBa z(3&qrTFkKCI}-ecb?omY>-n*Eos&yTN%*$=2SLgv9eNMAksD8 z{Ixc$mO^Uyo+6w2zD5c*^nEoIc-Yio*8tR@vV=y1@1DNywH#qQ`?9}gj^ezdNjcB% z@i=L)T9{ZAA50Z>JIOm`@&lQ>utK^cdl7W`NEm#%P_t zSHiK;d&^E6q=Ve~Gx%0xdJ2JV)r_=q3;*~gm)lencU`TPO6}P>8K!>kr`1xcFk8T# zTUpjc+q^K4lp;8tL@gV-m<3y!0n>nDIam)Ox}&_q`Rd6&5FC)ZJngmsX}%1XfR+FH zI{rv{-j`_fz1Hy~EZtOO6c#R~)L?fYaIgsMY{xhWk@ulkx_^T8PP(MqKi4vbx(EUb zGYjn-B%Z|NN>q{m9NqfMLk&pU4rMkOle@3tc);x`IC8q6R9K=8TbORICcj62#^cX{J2V%FVF28Yf z)tkPVZ^c7epJv^ufVr=7TqE(Ptf;1{!C7+yjy#l-{-sHTkZDgs?LVAo>=A`F?ZCXxEyl9NmNpX1$vl~S}=hOVS3`m?~79h^zJ{b|7CR?a>Nm(iyR=E2SryD?F`oETFJ&SjkybUt94Ta z+wZeTs!qNla%C2)fFC$J{>}h2LEPa`@5dGxJ(*QNNyR;VFt?Q}l<=k1HXq~0}Y4+D0`x=*NnC2jIO zK#EUd@2`_emr_nC33u#ywURAO3=D&Vrm||mGf3x zPHsFxc})hb5UXf06)Xx{ulG_z1!fbs{)tB!SK}a4=l(h7b9B1Yu{0^iVXs3QVHfr# zHTl)+b?k$W?tz4~_fH^KHbr;x^}dJr=v#;&FmaYq(WhO~d70Se~K|m9$FGX`go(M zOcouTErOZ?JrUL`@JF<=)A`~`qG=1)$wd-6cISdU!?a`a8{r4!h7Yplfl8Lp4CH7( zUCFf_1?%V}BTP;^O9{_I`c;+dF&hm;emCiitY&yQTRK!tsdZhj1D4ZDt?%i+iR2Oe zGM<#%;JQQHAhSh3QXrhskNoz-{KNOeoNCoK>(q{~-lo&0@f`}pzxW3BwU@d>!OwK) zh&aITRC6aAy)uz?zIZ43%C3hZBqQ7?W?H2BEkdi8Xwcu@B@&$Jmflp;6o!U+K-LF- z*fcpzx$w~re@ylan33n75KcjmJf^oDcU(1V2zos(q~5&1R4Mk2oYg~C@$TDOxF?EX zpPov9-1yT9cx#^WGrang98RM`6`(>dg4&s=^w}uRh@jYhrrI0L=U!GH%2=P3qQVz} zsJwk(?JO^}^|sXoLq&D#O2Dpm+Ar;AF{1wCTo^t&aA7D{E$qckd$N8zHu0a|mP-r1 zC~+bW-GZ)~S(OaEg^-LtY9#NJhzcYkVumU$)dYA#4Hl7{HpJFuJrb%G-?T0ubb9dqd>o~jAHVH%3d?K1{^=M7{VQ_KV8T>@F)-mAi9sHD99(zX|$}|Tg@gCH4 z{&dbcPSnoKvSM$=-6B;XLj?ZorQ?AMDajEtLqIXQa_IPUNt)SUVQ#FOV8^jQDAVJx zgbSIpfmeOKG2$BX=JG=6&zmvVqh`-TbD{Qmfd;63GVaMU)bYyE14Zl+-3@75F=sm(Vo_87SGT<&=R6glg3dgkK_TmCfFr4nF6_(&Y}B znC_VW8PLs_*Rc#-u{-e;5m0XmxVjH^wiPUR{L|_}M)tj}c1Ft?Kio~F-tE+9yi&(f z?tn=%lZ=>dI84;`Pnoq`PP=4`6Bv!Z(4ZGtrHX@MOe0LSgx!$N{~^96-^r&e$cY%^{aS1Nuv#4XW|kf>cTh|89ipryOB9D-0S|f z^4ywtln=No_vYH)i78|gzdH_vHHl0qNFge>8fYUVU@aUmty!O5ckna)D+lwin%Hb_ z^ReK!oh*!M=Mee!9d@1H_+AQvO!-+RkB$~<)a&dS8MNyx?{K>c_cpP!XV~xUhz#s@ zf=BD@wBa*>2#*JX52e2u_+HDWc6V-2yw%T%X9Sn!F6}81zKZ+tIV>GJ`JK;Mz%2I2 z;{Je%?~iKmWpiin(Z@z+na3TsJ;G_Ef zI)a33C6ual*ciawFqf4#H)=V1`q%i-PY#pWlH5nd`@W;SLnYLW0J^Jft0BtmYdv4< zcRssavYd1=XB}g#p_%C<+#7>fin33;>F`>cP$RLTKQ;4t3=daPIWNq%q}TQ+?Vi!* zzoM1+s{*`8-%lbMKLaY|MAsgf-Mwh*_G+A3*Of17c`p%N{o?wb^dIu>Ydu;?3e>?L zUK`;^4f*tSfmQt=_aA^F*PP_8PSa$AzyLzCHwmURHc#`m1C9q~>JZb+^`D=q*XEE{bd#<9*@HCJTECfd3KmIPT@xV}Yl3(x+ZB(i8&Qw! z_z zi17IVCokOr8!;!3pXNQ|`+b{6-?38Y<7&#&wzNiz*JWqUJ68ecSa!x2>#ZfuhNjtC z(;d(*QSs`krNt6D6_@DM`b0v!Cx)b3B!}%RIAq}*(om%edm^*&UI;8P`}}n%>oyW*a`i?3VHX%xdVHX z!i_F-{`-n!K)4zy~bHH9(7)@y{@x!#>oRfLF{CpXQ> z*9{oKw0`{R2&=rv8E{!Vd##BA9v2&`ST$+IUW&T|FZ`5G6zjqvg{YqHg_|Mu)bi5y zyfw!d+Bvu(Ovn^-zy+Nvg*;gvGcl~0&?u02TzQBncB<(2aRp#r=%u}6T%R}fKw&AB z?zl0T^6?p5RLE~(C4#Wqj;2vh{q%)-&)O*GQPc4&u49sd8I#F@>6Skow*S<5$mY{r zy4~g}cS3=gRfZ``7I%6!geA|=Z?R z4&i3T@XT7d8Qr<=s<-_`H2~Eu`LLT=;=6aQzqg*9>J`ded|h0q z0|kGGTJ$ix!Nm2EDf<>Wu@dh)%saMf(J3hfUw)DlYd<#&4uj@Wza_GuSt!lUXm`6w zOg|-DW%AW%{pjxJ0ldX+9nXtoriMT6uFiq6C6IqpCvTm$cw;JERV5rH{YS>XinAqo zXje{A*iAjGj*1f*(6BFH*Eh{QXJ-0H!V8*#9?N=e{&DbIEgpA!^EX;omn{dRmKszM z{0JH;_NQ;wKjV>kLn%oI!NYJ~0Y{`AB;`2hODeR`&&;2sG=L<)H9&T@^IfYcp`OCh zol3G1u@a7^3$4?7l46}Y8lCfHx?vJ8p8}QbG=|V1Kfsb5lSuUNr}Ie=JVuJ!`|a0p zcP^?Tt{!#w zm2>U$o2Lff&dzLA6n+`++{*6lv?5cc#7jk6M432i|1R2?M)k@^{_J&HyAW)OmpAqq zVGc2tevydwyTsXr&nCP4IA3i`obCM3#!Mb}lw|h0t77QRFSgZMuT}JEXhqtuK9amu9Yt#f1`qnejMb`cGTAoho zT@Y5u>d=4d1eN5~-21ni<9_g5()HbvT*1k{uKy=5R>X7T*~PZ1Hv#zY(BNpsG%ho@ z0nNpkItvhB2}m!gwkBJ_c<&ec_@WELp(*n%BJFk;4a#d7AvM+IYv#_z}xI*WbC?wpBP>q4s`fk@72SJ{SF?cwWzv8 zzosY6Bcynu`*2Ar5JFcNH_n{BfS@$7ja6CNe0ycxP6xRXS+Ie+<7ZS5W`+m1ZqoD+ z+{=^FlxlO2N8FJHoD6H-pE@ji%ro*MC!ftNp|L=&!}slktM#X!2O*Dqg*h}jnAL3E zIjJd7^va;GcEy5enAC$bMal13#-gN%di{h1!0u^i7hO~2bRn|T9LpNp|<{#>nL3on{gj!0z zx5T>eEN7?%?&E2^7Z$4kv0lABzXNm^vy=WPZMr-yTm9r@nA6@ISx-$|UC1TmxI5mu zE^u#N!KMKtO5v;jYRM&1tU?tUq1X`dn_FU2ddOMz z4d$eXGLwobDH%m^6W?)%clcG(%wU;}Ggoj^&u?s^SDhT%y~LvBeb*Se{*F+cZ)g67 z#clfzQ~^~}(`vXwu;?LnAg6$i15j20MF!k1AaNw-zJ51KA9hvY6rJ%9B7Sh+y5EsI z`s`E(Fo7=6W@Rj({dK224|O6%?qWU~S^9a1-N=6R(r8x64>|fwt;1hL!+BWvXy#34 zI5RAI3UGQme@yn}8{kPlvRG&KCQc|aX^lEbsnKbLR#yVKsfhz&-!<<2y-Ks1H<_}; zc6c;7+vkeBzrn>tPRvrPolLmTy~wCMS;9of3Zz<;5_xaKWg*NK`yoAp~l|f8=ss?!ii;I7NA>N^Y&4&UDVES^mUEj5%*#d1dQ3czi+g_TGr-aNwR_`p z>zA*l3J-eHJ*NtDX6y}tUGluSdf3*k1z&JwaErM9F9bxj+!;-d5@ooWS^v2&5o-Kp z^T(TIoEjVI{^eubUw#(Kk>5!XQTC2fy*bf)TR;Opc3rfJV%$B(XfNw-*E zyIyToJl1&t<}*QdcN!>my-8andvAauelDihfYbBN+?OEXJ#_h4+AnuBBlbi<{~HRn ztNLzEH^=BP7mZk)rFJ;ADKxH2g9L>cpX!yK|1Gk?n}rN@dC*(c!!JKl25b7_VaAj+ z4=gh(mbQdC=YV99#mcw**|pr4CyB0uBoPoXj53pwR1%Zciy6Bf$;eLEi=(kk*?&7& zQbD&z8RME&#KQ0R9*92)!)b9sWkjeSbwQ8I_YPi-KyDpaSn437?wjC2Ex(t6K-WKa zDZA!t*;=X^0Bjo^Ms5R(Jx`gUzXv9ZNn4_;|Jg|tYVHI`nVl-sc(EkaLvUM;6%Px& zonuYD6nzdj|M3c2-%VJf{D#-@c1PuWx<_|&Lo9RV=8J#Z;Sx)iWNWjwKTZnJotG!e z%!}3bzvS|Z8W%vgluJ5b^h&vL%?c08yxcFql};7O{1ZD3CA*mMmV+c@t7U#VYymv+ zrs1o#*qDt!xNr@QANmmhdK#E)LdxtI;SMfvHK)=BPqVm4b(KpR_yM$EGFKF%F6Jq)MrN?f7jgfgz0TdVn$e{RV!z+e1!fK;$ja zlU({~uzOCucarq2S^A}DRlu8rMM)Dc^*MPR*E;a8sPk_e)%zq#S$x@AN==zq5)<52 zDDCpu=jYB_{50vQj(vD)>Jpuk=N-yiM#5_xZ5@uDK5YUR)~QrpupryE_SfN-j+ z3MYkwbcFcGl@ga55XDg?W=i1XT|!GPeTZ0!J8zEKG%z&x7-QQsA-S~ zk7;%&h*^^I0N0~tkY#tXW%3W2y7$!5yf2WgG4`u9-$S?4wXa{=e3edVa?6uZk6@qa&3AU zatOp2KW&J47F3@FK*gc&8A)2|!`PKtZrpsprl;FFg8UNLp&+jsH`f*-QB{66SgW%B zGQdCm320|ia{6WH!|3G+Dv6mgn_lI%4A)3imLsY){6zUqqHcJR&>B7)=}5@l{v3MG68<_UV;X70a|#PI$(X z1gGP<-8f7QT(20!6Xmh`bFN!i2H}3}0_~P$XFt21ELm*SWg8`=VdwdnC%(xUlxHy4 zytVV&$hU9%o=eX2+VL(fKAmj6>npcpAC71Hmw1i;u~3?{4YfVM#4=_aO+E!e3oZ}X zR=-jLc**)>ixiVcn>en)TT!h>FC6oK#UFMgTaNl^7gHLKBlZ?6JFFNz1v}pK1G4Hx zaWdo%hTV1MMe>n!(_pVMf2U{Nam#KCPlG*v4!>_|ea!wUDj*=Be!98+A%`5o>h;1H zy0Z=WJoOd+6(@wcNX+s`PsT|8{6+0$`SymqOi>w_$Zl^yp1JDrGwy&buQ z1Yor8@8)ZgeX(K{>FMCaIa&$C7(Hfq()Z6sx_EGT*N+(oKEkAh#}04=N~byv`qU;P zeI1I>233`rm|`+_??epNOahr3xO{r!T^A vt?YZvF~hf0qG6+Z*rbUGlui8Uc@s zVz<*S%FevFPEULPy*wxln2pO58{utAb^oz!%~1HC*sVen=K_^FHSBmnl6##!2bK{4@j-AU38WRT^Y_mSg$&Q~T8o5yXq$q?QJT~(_eG54NS2JgQr@3?bq z#*7Ym05!VUd|pSRftr~YH?>l3>Bckqj`j-g2I-B;mK|f$%bEbW0aJyu&~?N0>su#P z8^O-@=<|Bdm85zr=s{)HwZkAqsW1_G4aZu%|GK1U$8WhO60Gy}{X*6O`?>4~8q{-y zlK$6`fH%%AO-2h$q_w1*^+Vz2t(&-5PPM6lVbdLQjL&6PM9QAQW3o`LFEf#(jhE=j zq2<1!^Pi)7njzLwb3sfi+dF+Q3h$_yTT$foGB1*-6~dk~OK)lwG52W#0}GaQk01W}4|DH6%4Lo6rUsH#lBOe;k@wUy z^2HW;`OihwJq3F-mmvu!JK?*v$^$R#hnK!dG!4JQD1!&ut>j6_s&AxsOn%!^Wp**Z zwJT@9PXFfm%tXAVO#Yyfv}ipE#*?7ZDlp`lRgWLOd%V7O1PeZ)mEQ?GO0_diwtzPk4)j48 zRy1-oi%opjlLB#w&eXZKE1(R+x8rLv^*`V#u&UE}k*yqdD7?DCkkw6?QNU2qa)cmP zyTBH*VL0SZ=X$ATUxsGWh4`uU8JVcszt`WUm==%`5D+=5X;sS%pe^y)KiEy<|CRjj zbA8W9m);xy?-PE8C;e|1OU>tuGyE&3Q@lrsp!;OdE0A*T#GNE6QR3u$=+e4-tUqA- z+;<`Z{ThCiC#Z9_ea$ftfET{sMTT|~g2aI=W^05yg(`nl-=Vy+yk{T6d!x3}-1(&e2a2Wq z!+WY`RgY56(|F990JoxAItO;`?-h`3X!tvn-bi;!hH)H{8&)k8mlE1x^Yf^`-fs%m zmb>e7m*gB-e@^neuUnejZUsQ_XeVO0X?seGOY0|$xLt|q(SWh@Tc5z2 zzTWceWc32^&TL+`2fn5W;p#@v?Q{>vOpedb54Ti*ICcUI=_TjS4sGto&qdDDYq&9w zC$i&jNSKDPdK!P``iyCL)Z3V~=bRJ;W9xU<&ItQ>%@BN$L*90mO~ZqZKF0uQaR2%T4ej8ivbAsG7nH1H1VxPPR zz8Ty2GKdh}u})R72_6XNc+?mFx%2w~kW5X4_?c|O^b&mX0?*aF1zf5RtS=hZ48@w@ zCqIwoe2fr%$H%?DBS=zbWrQq}(sS;0EQng`E5@!Rx2X^8rPYcYDmkJFLuW^-fnO)x ztG`nRK0F+v_mL1mH^)cC*xf8PTUMa>xUrO5{-jH%6)0C=LSn?I{o{EmNxWa?XJY6A z+7ZxpvDfp_Of{byMtlH=Y%=o13>VSLhbyg@G=I z2ZX+GtditC+SN;98g-LT0X(ryQS(8#uM9ia^{;%4Bd(7&W&vlVo6d;fIk?XEzvs6uK0rmKykQtO#|w=YzS?M}u?+I%A2 zO|L_nCSwL8GiyAF??43P7SpxdisK!=W9r>L=}U6>{c%js3-Mp$2cPYWB47e` zAIZ;GtlqXRn@`;a%L8FLt1_k8w5N?KmP-w#<^V?L+1h);n;4!d zd11@|-9FKm$kyM9{`AthfOSytA9?Tbjf)K+*qy+r-N`C6;;C5kVa+C3{Jw=Pc%Xo) zwH>ixFS?q{)ZY4gN^@Tybz~O#>e+ArS=2~A@5T$kdUthm$Rjp=r;_D1V5cQ$@{X2J zL-fs}{&I=2?c$wq6GgL5E3L}e)PnW9v%MA_-Rz|_=aZz#p)MV+%uy0gYbVo)yFi{wy7JX;d9YIR06iwUeWJwa*pPQZU0xMoEH#m~#%GW6#8XGJ zWXJ&ZM|-GEnGP9351u)dCld4CvFB60RbotxD|9RTGhk#+5ywEDs#P>5(}Q(I_#|E) zY9+jJShQO#IUe;ZpJDx_$LHneW{)eJ=}`$@+WszTvx7yVC1X+erGhA%YOZ;yP`>Eu zd&YM@R%D2>DVM!iVcAkmI#>D&hNnzWD5ie21O18c$#?&>;nB@G^Py-now{e*?^W^L=|=dK=36Qa^i8E!tHH`79@!8Z}7h;>$K|H~Dlq3_*= zH893qgC#p`2ZG$^Eu^p)I%|9BhQ3$~n+0beFD@LiL|2b;i8S|+KdXDx`>*PtDS`7t5FrZ1V+m*!ANs!XP-AP80j6U5r z>Bp#h0Qcy>*YCqEwLm#$R-t8((&uo59ig>D4>hy6K#Y$yS&*>eeL>Tu@MZa=-fa0N z@}I(AS6w|J?Rol|CRp9BeJ6y=4R_drWVX9AF<6?d)%NCFUpF8U`SEw(ox+U`t6kBn zkYmZg+gP~=3~&|ZOP~SiiB2bECNENiivNu|^U6KPHsst9do52q$$Ij$xo6w?O5mth z;E6UUh(barA+=XbHC#25u!T279mb8kBTf@*A}eSXTPxrk@P~R_GPu zRFx(&c3u(O`N%k+AlVNh1kv3Rpw_2s3EYkHCi&l|6_CjNd!GnwI5ivu;+^>SwSwfK z=7dPf@7F=a&ZX8LMycU>h7C0ICFcifCpkU0Rt}Ej$#;B@9l_GLV`~f__dh$WVfIW- z$2)|y$Ds<7ff=qg-(1m(Y8aRA&YU973vu7sXU~<1bY>wdXk&rGGPk~xbi-XyHA7jZph8fb0cAo=2QYMghv2~6*w*p*T%-^#I-6ZtR#s^?z! zcrj3uTcFMHt$vwsT1G4A`?oaLMyVHevEh7KDR%IZ%u`KF2~WBJgpejFVgb8`re@tP z>^%;C!}RW3*tb@|UId(vuRjX#8@lHrl(C0=JxXJ@XF`^?(4H>er=2qWPaU244?6=j zhx;u95^=v|lY2+)-nM1}Oap}*pVZ&E(_CJ^FF6L2Z|DXKt2$~9rxbAN8weYo9AnXH zSi0e^$1Sp0x_-ErcHOU$8(c4*sl0%W%zfYx+_~(F;@@GDet3;n;1EWV>o%>S1PWDe zw$bc2osaRarsvLW_#!d85mDF^r&F6uaRw3?IP>n0`b}V(y`~2QHhG80>K3OPx%yJf z!-(Fu5_Gu508|yG>?k%lY1xzI_@Qo=qxa`4F$3@JJ+o380K_-4N$72D;oVT zW@}W1fJP9Yu-G7v7q|0sf2LF?J-+ct#Yz{FMG$T01r$?R1_OksdozHLb>k%rmS0tgxbXK<(U$izX^8ap3@P`|_h7EwE6b3LZc$laGWJyn;ypVDz zi2NF8VGQJvF08jCo;1t$x}5+hYUA(_@^n#!!iB+@|GktzWJCgCd(Ff&1{pUCZj7GX zrggXzsA&JrX2Doq%v?Dk(6Q+-KZI3a8XF_?@VaGr@nkI%?UcK?oz4};i(CZ=0}7o_ zIsS7|0N2HTJ{bg|tl-yardsmIt+s~`Au+{Zw+?Z1U7-ZcY-MDWr z<)^xvax?Y=VGiq9l{@76I&vOs@>=rh_c9nw`bQ{ttQSKV55un0ZU5)T2osQ%5s`Sv z0v%mj&LIqjA2eNP-l>gnz9st~_TD-!s(;`2r=+_Z0cnsF5QdPH4wbF}DWwq@xFy8)>5}dc=@?*W?qct=&-tEx?!Nc#e|~@c9uNMQSr?CfdB^h==-g!W zH1$ME0tl_+dy=xq{?{mZxQ1L_EVBwbe_z{~81VDn$@A$n)enEO%u3QaM)PEMTjf^e zrP110oq%{bxj8=on4rL(Hbwce@Q2q?d3#R?CAfC*kH$cWy8%?oOKt_&s_~))zIlY6 zSn{1e9uUeZ%tpIpCKP; zEP;ScU>Qbh{%vmlqZ$9>M*s45pZPIr@_FS{_Fvml&PN zGd`i!IB%b`P2JTf-u8&=o76EStw?OPe>C1-e)B)iGQh`r_pC zS^7U+?EmHMC?|@5v@Mx_50IJiziWekbuc&txK8w+QBxNG-i1nk!|X#UeDjv9{QuN^ z|I{eJTU=t`I;o!U8pLt@dl&khiEmifSeq5dMunv|8cqLumkT&w_yYmoPpWbtC^xyQ zI0~2u|81!K-`>6r_ze1Y+V!EmH6O-+^6Es-ziRw{bzDGNi~a$)_V4_$%S)rP7anb! z|9f8}1dIlDg8$i1|K}sgOu#7BzW7l2?{$6z&>qPc|5m#LA66!cM^@(WY0~@mdQ1*z zkABpD)x`hmc;UmaCY3bi{`W>F&>p0l|4w&3^lhLv+S>qa?3|~70r_wBbv$z9$^Y9j z^k3a5%>hh2j!+GX|02o!zx_lXlDy~tZFc-~m*$cJ!|MN^W`FI~|1YOm2O;DCc0B!I z!Kt&~llJue-}>rhZg_%@TEi0PLXf^0pl@MxwwVv@m=+ z1HOVFz)~zgI{?B|r<%VHfe%Q*A^s92F8S?k&kLK&u}TL2?26=GM@io^=ep$Iw+a^O zprR7d>JA^rywg%TPK#C^ei@r+{^1$lCAvtObo&PH(cB2X=o0gM*+ zT_x{-peO(51PKgO1|~S_+0ahoKaW0XG;E@dqqjj=tTqcr1^vc+b{PQYHXl6jfb+xC z`ieHq@zsayWIqEH5{oQ1TzWA{F#Y%>e_%;GtxWP%|6AD{gD z7j2$B?D0NTtO0l%;0R>}8WgaGkATQ#$d{r|oPz+l3HAK>nc07=ZhWJd>03$eG&z)t z2P)K(cNZ3(GW_fh#T@^&F8t;7sW-4hY$M7w2}Y;UD21$kGd-=HUu|lJZruWL=`IRW zAEHGc4WThPiKi?>1#}qzB-kr!B5nsw5-=r2EyxOy9VS_VlR9Q9ExPl<>8acAf9V*0 zx4_eU01I}Qa#GVUf+1=Y&e#WbUlZtel_ zUQfs5m!ngr1E|8~?dQwZn{3ixHoo+R2?yTyJ`W}Op+J@dv#P||Bp5yDAm|{2e!+$8;AX{&ysNlw3?l(t$Hyx~ggYE>;0X?sH&*UoI3Z0kmB$ z#!qAcC-3{>r-bg!)Wi}1!zfJODuaa!YZc(TM*C-F`JT^q7bK~FqAHufmjv!(wIn|_ z@@KynhHp=+mO6mT^n)DtP^@nzOF&${vQSoQIWT^|u~LYmr+Z-9LUI7;n5Zg{d*R%k zbPp7D)pt#3NYUNfj0`@THaaesqPjd+Jc#*?g{#p|o#S)}oQ*B(!?@DJPROATDO8j% zr1J=aSr|z9{LAqC>+4ewl<#BGryiWj?U=YID8k(-if7mRkkj=zDM>yHAq~xi(#GGP zfc$lx2&m;r*V!-U7Fc>s(juVpO-t{&LDcMK`Q8Mt?RpW&g`YMN=gSmUQ3nRoQ7?_- z+w4eKgf&2Y#CiZ7_LQ)QI7vx51NVR)?W}oW2T;)PB(Qp=0o<)_i#t$J9NLQc;IvzP zNZknI(iedO2w_xo@E7aQ(hB)F@aqk{sJRU5sG`a@tFfSyKBK8^30;6783vc7*5&fM zcEMmSdM9(Y9p#~Z>2f-z2rH<30_caIeH(mx2Y_I3?ysiX*BSv>v?O=kjCsbY*nX}* zhW@gask3A91aQ0bB@~3wf2II#$|o%?3?SLe*3I~p;CM8WWSsW_)eCRhEIQe18y(B#p!Kzt78fqMSC(TeWJ(ZJ4=ISs3H1IL>fmvV%pFCBgNd`q47 zSdA9C86@^tNf6C~^5WWKG#WzoH-zb5d*eS}|8=P=QCa~;0VV)p^=sHnHT+Z-UG53@ zqeR-Ija&vG&QBkR&p`c+J0>t7Jr*@&K$O-iJg6g-F`N}UZO)mz0Yv>`$vrXDxw+CJ zRL@-s_J2EQy*37rmB=Hqtdy855*UusMT5N-3Hyc(Rr3#k^P|5JeIK>)|LkDl^SLs%kNI76^viM=Myv2L&|@aW#*w zf_1Zsp+p-#<)QyQjYLj5 zvTpwI#jZ_K{8Or22`K4MCUvQl4i2O00u~-}6M&rOG@&LE3M_P@Ua4S(1K`xx4IquB z#d84D%m+A`U=!S5IuiLF2>mV4*>(28huoi*0gN+e(M$mbmSX2p^i2Q`a|recDn?EY zF^Wngj^j)-a#1P@&wO{hW8{qDxg^Sso~pI`mP*)8&+MlNn#OZtB6gJkmIc)o@J9eg za^EnQ*Q3f0TU(aJ zMCbWIrO(G@r!*hymKwNyX0L@4r%tI=a9~jnRNC#^J&)?O%8N+5TL~=F4Nu<|ci-0O zXX5w_rr&)@^@`$wDXrfHI4r3jR&J+R%d{R9{!(`Hfbl`=tzJvYDK9JkrEz;$h%cP`SX=kf(h^b4YeQVTX{mDFnQT}DZI za7}0n9RR$I{Hjuw1gd>d{-*Uo;PEKH7BOz58;O0<`4BUGcwoy6UNhI13R%;A3;0s? z>du0}tC(@#RZ(FNpNLu)=w~yuLo9y|!WJ zV}8Q>8;Q)y<$fVe#7X$r>bzsSF?-|EE9^5(qDt$>c3O9oA!jLCdJ@~Mt6?;pm=BT& zkqG|OS744T;6YwlB}Cu`iy&g=T!p*u-O1~3_Du903oP&~F4T|J7}Ca=m~Lc*M=wJV z2!N?y4k2ZZX&C|VvNg87>_2Q3*yW+};QwiM{l}495-cG}l&i4fI6OS4C8M21iVhWgpikm3vhK=*fe)kYxZA;_Q_CLd~eCysDoQ z47f3Oy(`tz;|hufM7b()8?r5=k1?zW-8b(7s3)rPe#UPCJYb=7i4u0QlW z^acaZ#{IKWeT;_K+0q|94A>A-ZYMn;)v^0+l3J>p{x6Fk;o4L$ehzvoJt82VHud*C zy$CdPTnN$t+___fs7nh{BZL9^bq!g6hrw2dMX^8k5d$6_2~GfnKkNZm%~|k3orldf zQ9iFR^49>>3QFKfNRQGfCRoIIXQoLoL@Tg zlJafPS)r_37MQI1!k37WH6hI}L$7ZDntxmv{UAFG756ZUYWqQ*xf>Auqs?J!eR?S3 zqvwUej2_~G#!7icN|w3+(2{LARk&LKM=Ae3MQfXmD9Gn1tGfyGJYG@%X$Pr@J8p0+ zcl`xlD*$F*WhL=Y0H|wzd4AMQpvcVEzfHFeB<88ffe zbRSM6(b(TJbpGc)J-7YAdxFu*k4`-TC}P;~ttFiS+Xb{1Y9jy??L0+?&gj|o_~wB( z3ZZ^Pg{_~=ZbAvN%)Lmrh{Z}$6;RqFMO_EhJ(EoladrZJ8-3ftl%Sy#Ii)3R#J%OX z`rNS8{SCdX;%d}Mm@BTsL%~KPIu<~J^~uG28T!KS!h#S`F;G0!j4uLDEH{|ei)u~X z049xka0noxAqK=pnx>r(RIaqf4=Z8x8IkJAO@NjNBrebqntA&9)C#FNBDdp({@$ZP z3Qwl9sg>@UcML2<{jAZlgn9+&?CgfI66Z4|HAmZz88XIxX#ip)UlnB8#q{3w9#|Y- zv{VE6Md1JoXi)vvLSh*p%v1Flt(*Nx3XI;H+t0sUO=^` zW<=ryis@ONMY8K(#*vr8wQQOb-VOo=g{o?-F99Npy6yOl#+@F03%=YzV_JSwg#v(UjPE-fU z3?}?`h+=MEAk<(k@fODC*ByW#3dLFuZe_q#eMp1(A@(zejXt?K`Malr7kS&#K7hxc zW{z=hO{v_lCS8ZvoFEjO?YHZArp+rly=lch*o5LNBaO(LFqsyka77;(PmNY8G`dz>ZDf?5qxDc->D0KX+h;w#XYl02g0>o(Ez=T$eHK7>S#=1*+l> zdoz`R0w9%=X#mM(lW%Z!Tf3n)FmMM+MaH&giGDK}FyGaU$}EK2=?7HfB1&`tCUGcM z*f1qa!5Us}b$_?QuKe7I{s`=LXr-q(Q~+Rz7HS>*FfLj~(N&T1#lB)_8|trDrHS!q z2A*tJiX63Z$jVfV-`g*T9M=$m&VJuQKJ){w=@0+XH7)%OE14$rz1t4D{tY{=W)?Gh zH91go)uC!jYKPnLxl}=am_K!(gax<2l_$s=)yh%e@d%Qr31$l)$vjQYpx_8dOKH$o zD?Q`*V|!7`^;rQOONNLf<34*XKNNgK4Gv(?Abr?7SXJ>htOU`I^r>1{ZRD#41Uds8 zc1n5d-5<>C6k72`%J#Ub0C(%qM=#9<`T~-iUcf-W#(rIewwXKBv_TIUejEeT-)Own zu{2I{8;sUC^6IJJ17+Cc>lHB~@Xm=+)* z!9l;GHCBeA-IMWJRIJSMlZU;xB$x&+I&TM&9*q!t%G|gUjLS(D<5qm=?4l`ouo;|B zD9n{T4nDfj7qTtS0W}z;F`DMNtT*9XSW;1+JRFsM{TCck{EFSPcvRJtdg~43ZoKtcDK%Oug8&z863_C;vO?$)i@e_ zNQkymS$F#xf-q0CCJYn7N&gg1b$z!lHa}&^J5F(QMsYYe7Yx}`iV=d(ImNiJEe`F} zn}vkOE1WQom|N0Wa?_`Ns-z`3tSd$CzrS6+@2RP~k{Va?+V_5cc1zm+FZa$uNq`&V zlTx*u5w7_>u?Vi{-!ksPFv(fMaD@d=0Sg)1Q`rq?ggg`(^$6I*zlzh3!}TLcV+gqg zAl?Rz$(Dpi5c44GcwqB5<5y>CD74RB?=vU7>;rFj9m|qfNUh2J7((4ig00%JQnZL` zXBG#;NhUDSlrg(`^&tZT@~Iv@83`y8M@z-0mhG+C~n1r}8E@}9ePI4o))faNy7$|~L-Wis>4>8!1Ki?Kg`|+2=`M6*7DFQnY z!=h>G=+}b*$P{pW6X&Cuu@XpO5=Va3TGu!HZ8_~n7|PP1dct>DS^nVlc8RJv6CcqyRD(s zX^-wNK|Fe90Z6Ts(3*2_v~blLXr6yMW;L;^!qsdk##}ZzvdzCKv@6s7)VX+|?+C3F zi`xYsrYWq6x9oiV#=TSI$S+jonC%!QKyATA(hq%*$El1iFc$tiK%)FE%ND#ldsS%3 zSJqV#>otLMNs_u@LE@iH2cQ4EFWQXGjCbhPQ=iYRI+a?NL=l~Mxx~M~q1|R-22gY; zpYOFImL#I-%$$M3yB&sPhWg#>T}3Q1JJUSIK0&--lK?*Is!6V}IgY|J&iWi+>s2%cVkV zs*M|pP;yRYGIJ>Th?aJ@-N6qPr+lKIxnm}zC8yWV^Atimg+O^+EpPR_hWPkR=~C4zzgJ=@H4{$ zQ1SbOm@41f5A4|rO1{Vl+`ZynC+RYrn}vBRakATK1z2)4?b91oZx?0iL~C3O`A!=; zO1R@-DaW0*=2O;z!cTs3L9yix_y|37sLDVD^rC!i0v6n#U*a*QBRgzSp}g}YL&=MQR+CzVn= z>YB`|Qe!&c=ZigzZkj{m<<>XvrAc0G@ki@vpb}g|#^R3y9V;^2ivV6^-4kITl{UTl zZGsMnoN19_}@~m*MIHFu+WR$#$1(=6R7a6O^v zmT+=Gr1R;ywh@s#YH`Q;yVtzJ)ypy_8fjvu^f*H^bE40hYF+BbcISPK{Z$;BFaP)f zq;+Bbu#B5uJFcg`?@~~JK%P6H&5vua_;{f=DO*57Wy-$az|4E-(bA>GUe`IiYo`H7 zY`TA(>uz!n(NMN@#mt?~8?IL38~XUB67Zc#OVewLJz+>k#{8)i!_NJYR>V>aoxK+Q zUdyf!$^gJ1&k!bnS{DFMxdVI&bZM1eXl;(w0f3%t*1Ls4mS%q)Z!}l$*w3LE%a&;6 z)K;{C`~=W-)^l!YcUu-j4(&#;}lRzj*FFrEgsrF6d9;dC2~| z3KuNET)LiX8q{YRh71EXQMB43_kICMn^slH-5~L5Yob@|R}C2%_Cd!=RGqRhJhRgD zbAZz`Kj=BH`UoK}iV9Ed>kWgA?5&>dIB%92z*DfHaW(_%h^W9N>FMEEesQ$V$MF$!=D8`!J8TufLhd>WmwUI4{aoj?ilKrOcS@7q(f!7 z_mmBq%pC~QmOL%?8k@^4Xg9cSe%T%>Y{=R6{q5lsyjO>ZjO%CR4&_u1Q`cG8yeMbH zW+>9%#b(#uHtKzw-wp>n3bV(gVVQT$wMTzLbK#><^4tKsl2{dFix6cv|#!n*biv200#kgWkN14mKiW=74EE(iVLgDH=MY%P1_+ zud6ru(*zq9kini{5nsn%SX3XdL863pQsr3bUns!RDH$rOr1x8xHpq(FiOu%HvB1$k z`H>gn{LiPYwVUK~lQ2)q6B@`9^2f52^T|F?Ym6;Bwq07Wl<1ck-J0o}%-uTQmlkA%WpPB@a^EUI!;xJCC0D)BSHDu_ z5Qe?*Xz_o{?J2z;A11QIYu2H9%3a8{sL7{*{YN2ZX}^1M z1Jt_qi=}u+pF~*t@g;tHbLR^LRx*w+wk&f%D|l%>mr&?HbcGs*Vl<@|Kfp<$Uq0UvZOeqC4Uk9necxK9BQ8V*1QduT5<{ zTetnxa_+-nplpB`1wme$Px<+W4JAS8FXZZ5fP)a70{IF_Mm|{UMrRW{@*IRtwPWTjVwW!adp|mKe7vL z$O2!y59l&m0?ZJa2RR3uFGJFtcsA5igM9LpYWV=ef+DW$-0%#A+vHWE;EZxNlgf>> zN5X7?Cw8)sL;I76_HY90>YCe1odXKBW(0oxG$Fj-hXHze-C5Uye5#NG2YUK%Vu!z8 zG=aOrLIKqg~wB**S62S`*!v+OxNd{>RbZF?RI503U>imj^$5` zyzZIWEB`1E#du4#!MMs>1iYyDETBAfGoKZOBcb<0{P=V{~pkxQB5IPBOPvj1Ba=nuQ$EJ+Zq=txuN-Z~T_3T@T%HEV%~E zD;E0FpLV03Fm9r{mHg7ENw`6bmI?vSb=xl@BNvW5pAcc4^#>e-jlk|X@v*We-^z*lte^C=)K@JQ`CC#hz#d*Z{(vMWjig47=QQ# zrAjn^-3(6U58`K2Gv2ScwJP&V*n=V;y+ETm4^qBEWb8J394sxmp4WH}HzKb68up-z z8MCw29@f^@ZSY~{I5{?$qufnifW+LFl&?f9O)G9x`TIO77*h7ywwsbB#A-e=nHVOH zlnbF31={q?-_SKMo^m0hbLxp>-tyJtpBVR&s#6A|9N|L;=HD?=asFQ7eR8WDx+xwI z7z{*oK00!l#hXbUYOkI$7J5O-Cp|fg{}z!7JeSX1#M1o3_t}D`oCIu*nwCAxVsiA_ z=OSP51_*5(n;^LZuJg}g!PQIZA6||tLBA!8aat7E(wQ}mkId!L2sacz%Qa*(EL%@; zHJxe+&z7^5iQ+pvj$P*Sn`@+SF#)`KP3448APy->y~M8r)L4^G^o7_m2~+Z!1?UE^ zw-K*KdLrk3_5mWQS6{Td5`M3GZZuhsr-#6-C0gpce0^}!Lrd)ppQn9jbBg8r!G$>; zW1XVqo|l$*wAAP3x7yYa&pZH6JzMyLCZ~B)-+nvfJwYYnkVTQm7b^ehnCN~>>VDQg z3m({^=*1rUxic(*<3Ux|fcVS2>yyK+Y< zYZHRB`MrMWB<7dhfXFRASO$7iCXciGOsMM~5UA#0&&*4ILYnb|q*9D-UUp2G^65b9 z8VQjRYG2SQRFMfng^qpi9b+!Y+{2O0EAnwcF59GJU*H1)(jsk~oMO`*tBCeP3 zC9eXQ^X>sqhn83AC>A*8GTP*2wGkZ?I7`TV^<2o2T1a%}tj?0X2s19pG8;cTKF4>) zV1bWewYK)QPKbc|Lr^F^<&2}lYNH5GRu9()+gE==Of-Oyp4cHLzo|h)(w`%-+tZ1~ zk9e*dVGNiSu-G#Is#!?1%+OR;1CI{>c_vO;5IQXtjVjnYRaf9D@GaEDV9j~(TSUso zI;lN~3b8Tc3|5a7dHI5h7{PZ7GTn52?kvuJIXwL}q9R&^_grP7Xm9rvHUiSdc`M$c zt{Nk3Gnz{t!@$b<^@B-&wx1~7%d(p5vt5c-Ybaz5>yTx*MdhRgQ{vr?k)9GU#znfM{jr?c+h9+N+7qtgH4UF5<8-7K$kUKN|V%fx*fCe(gfyHXAceNZ0g(8@S59HXlPV1 z(Xs<<^ZGfIwVjARkrzHgqcP$Ko7fa-$qv;(T~ep2mlDsag)JUZ#ATbt4G48?)7vg0`(w~z+livfCTURgEq?1Sfxc(78|L6Xn!OA6LeRPg zKRMLV;D#IAFpNprIOWV}VbB!npxda$UO9)Evw6o@+}Kqacb#>eeGOgi(JQmi^V09q z^jPs^lRC8~%VZEQN=;$R70ACanvcOCHNsm0c&AIglALox!t>laA+Z*PuhQEAi{z3Z z5CDZO`2QJI8Wc9l?Gdk8w z+VdwGP_4kH2Z`=f3?(Wsg1hjUFCKG78tOScac0Kj6cf68_1p;9VXP~?y&7WoZ01b| zC}T#iOgL3-tAOCIwQ{&nx+$3k>7cJtD7O-&91MdY!^dZWgWNsDDVO6_QGs7TuOJGu z0_P8&w-i{>B!7%h)7 zE4BGJGh`Bms7H;yS8r>mlREVxM$lS-MTY^S%}VMvamxotBC@ID*~b_$7?)7VkJ7(s z3Z0;Tf)&^BTYqRc$~vlDMjUc=y1fqUtXP)+bXD8ZIorave7jwP_?ZF`5h-N0&UW5? zc{A6G<5eu&o^>{l^H(FPxQ6mZ4br;qOZr2TNxX-bY6GL%Hq?) zWhsq6SZU$)%uZ_6nh`I$$*sCbjGkDWt6NIojvN{Y$hju(=1nKm+-NzjNwR`skS_bX zA!0sU=~~PAV|;hR1cy{4XL?yq`h(v5(T<1D>i9Wp$90AdQ_Y9J6K}rZzhoCu|Gt^Y z+WZ__0xQ(99*vzO!z%S0dACG}GD7e2VD%cd2gDaYKnMzBqnj@;Ub_N9Lf`KtHyTBE zORE=vfTpe1?FnGOAHgi{0o|}qo}Z+5{^*)`7CIhck!;K-b+Y9BNksIR-e2i1Hx7G? z{j{J0$4cD+`pe42+^E@ufMkluYG72S#un7O%<-CEOVs=|`sdQ7ov(M|Ia(v-t>>TQ z5!p(Rl5Rm$8%T-8$M+XFzW9DBHV*d4+b0WJY80D1tfmrCq(!l><(k z>7W=2F{ssL;Xygql~`y>P&69B<@{y6@2g_K7HyuGf+6j`83+!-h#<9LP!ed{A`tuY zxIGH_xsfguOtK-MR;$L)3Gd8(GG1#P8ZjwkYjp$iGoRFv zo%qIxpyLwMg1q%W{-Ek)>s9G*jIv=3fZD{gzY4rnj*2YRZ8D8&fs*&z4Knpz{^DgO&_<#pI(`CclvP}v9i!`%t@QG%*VDh~djCjCMOAaf~=__NTue%j_= z+MB;$_yk?SffU9QvW-$Ga*5v2m<&q<#S?~~$HV6?S(wZ*Ll9)x8z)kosag3Ky^2bW z(dy{CZwnINGLWQ7#+*zsI?TVbR8p*uomsP+3l6{2--3-lRH z@cXKr*XDX#>*Jr&H8dXNSC9zpX;y()csO`hI)tRHe4J(?yyjCKmD(OOTiNwe)pyvP z0=ZUSazs%NlhINng)$LU$|myP9M{wA0KcCTskI zVw{*7Te3EjY~3EO+O~>D5$2H6qgL{ASomsxt;yfkE5>hss?%$@sETPX6@;|^=#@jV zX7M(M-;Aib`!~6^cwZ+ua(ebFH^&gJ7|X-3-7t3bFb}Qgo)OxHWH;(SiAA0^So5qeno}3bB6;ZegNzmq2pn6S@;G?PXv*aK_+Y^^^`{+#6< z8z#ba@PU}dGbeNOJ3yqvh31tJ{5usk(g|JgE-u5`OP|Czon62Rnh8<&5qVr9e3*0W zrInt4G@F|p9n1Vasq#AU$jCKB4*(6CPJVoQO+^~~co5wyzDNS+2VNYJgLRHRC9C}{ zfWvg7F#eFhTfR5*Ls3=1T5yDxNw~ksNecBXVQu_K!x(xeoSY(#F!sgs2=kId*ib*= z+^4RKRc8*55g>rZ&bifd$A>F!Z%CcV9yo)&t-nP1L8rf?T5tTh|JT93kHtfKHNqd% zBRni^LM25)7p~9kW(7cH-{-4|Q_1$KMK>tGksmeIMvN%&6L3%i);G})&9A`rq zIF&kffX1sNgihYxqJ-eJ|FRL04pEpjTO%2ufvu)bdQ^FZ5{xXThj@Y|a7oIl<6P*7 zp4uO~LsJ>f(!u9)q7k9cNVU3)!oz`HYBbE%nD z<2}L_zb@tNfJNM%#`B2|<`=F4eZDlEck$yywsni){z7r*dDym1s~cv?UvxCEA(txRq{VarwebhEuF`x@Zu>Hi%j^a~YsG@2|I8HX2kJC|L@YfUte@SKb z_(33{=bN1FySnz#LbvnG@nq}?eDS@Nk+eA0;YOVpbk-keB?wQVqrBdi*m6ji7=Qk3 zuH)|h`lkCi933?06i4Y@Bm;g;wCc$*`txNm5}kHMWtxE`D?1f|=n9fQ57q!}D&!}o z)aVSlg%}HEkF+&e3O{G*YkK<{Popz6FUXr*qL1*RU{oR^Zpd*A^|Su1G$;LNA)9FP z5Fx~KGVg;If<}z2AIdzVZi!HU6q6dvb$rWgB>_MBAOGfF$@S zd^wChhLTavf^9ldO5skcR}~7H)r}vVCq(F%sY{X`Mc=I5tDc5#lMfW zVO}Cs%MubyAiSpHdHD!cE6jJ#rPW@70}qW|Xss)9m&$#dE!3I@wqnxLz-!|a&Wm8m zulvKd5gh-%(}vf3so%N%IvD-FbBJ?Cl}NY%e46^~>Q!vW;ZGMAf+|h;x8z^$QlH;$ zc^wgrJlmSZk#|lJqmm0)4OeAnT7hDT+xN*{IDFjt*pk^0y%p+$TCNLuze1l+lw-N@ zXYx0Fp^15~M8byJ;CWhADXT|6U5IzGe6rw&ms&Z}S)G^Rhd)ZU^e{b^lv>&$_e?j1 zl7i+xFimsvK%b94#o3-HdX6L~{?2~#-fz51%e3+&g)cc_^|k{;VySDe)S}Zbt!YEz zt=lt|fgP!v-zEeSQ60?RT@%D`OCdVjq-IZ^y2%g6xne8MCkeaRL*2@r$C!PP(cW5> z=zuHw2E<~ZC2suOq5sj-V69rJqW?nd_8NfzUz${S2zuhvpwL)|+_wV@ETuSz7k=?l z-=QpxO5WPsHA)v7@y@Sa?+!;l4B^Un{FSb5(#Q1d)cc^8p#6iZ@WOSm!}7FS7T5hu z5{606D*Y$E?wqSt8s5WHlagxhy&;W-Lq~_x4PobA-Gg(~>F>hSbnPgBLD_GKyHgRS zvy@+BsySV7*LfY{_-yA0_Y_>fhss-ms;Q&xH<3r{wNqpp1%0VFTCs<%IT1cmcz^5qF7XqHbo-C zPq3#AE~@8mx*F~#Jyb)?mpBt+fX zt++K`#b&(aCzHCRWgl0t^Duf{n*giLQ-k#ble6P1kIy{ii3;MVBaioGaF^CI^5Dr^ zLFXiQl%jIp#Fxd!q1G{C5&&@JDZq+&pDf?D-Ehc(A?k?EuT^fI?OLU-FIIZACnF)@ z;FGCm)Q`2(^n2*zho2-P0`%`Zmz2WAI89j!-@Xj+O1<|?nl5)+1u{IgcKp6UPk{E$~ z@I$6^+;B70CFLYu3>(}ntcG$tWNR)mN5#P~$j&x2!EK3h#ulqY_2LrERjlhWwa~tG zJglDUz2VAywoA4bj^%q6)lFbCts|^9C%k>X3SDXKyN#<$AwLln3p4l_GUMH)$SSgOFu}8kdI`?I7p~>!k0JQr= zkW)x5lRWpRvU?yoj&ahlPGvfc*jj!B#Mmjsb#z6s4rmH$8YS zl(oaXKt_4(UugL?xbSF5g2TAVaFh0?+wa@}cENI- zp>`%kW-qG3RB|^&A;aP4_&PJn$dgq}myPSa0g9YlUYKe`LQ1c19+q2+eU&C8|>Z-&oB)|!%fDR{!3;GJ2(}Yrlglm!;KtXB1Q9fCp@!o;#Vwn%VgGSf2{e-kte?zK(kic4?66yUD8u$KQGYm>XWrN_ z^#Nq*`&g#v<_7)mys7ENHoniukGJU=?|oWcp}*-bIW6*R%smclA7#f_ABowoZ$jM) zIUdGc-o~sP|B>P|7&`J&k{927&^-0mZ*?{T=7fgdK2OF)jUvhVvt81zFkr=YN-p=A zEK<%R3`%sbk3U>s))B0aHq)*WS{pDEorR9FIDxXw{U#niq`4O=6pn#}#901>C|9j^ zhhHmroFDu2=8QE2geZ7~D71XD#of4qr~UeaCc9y7vPD>SLP0(FP?}@q*6!rrVA2Qd zd=)W}vMGdqXqLftgE#n1(zrvtYugRGTt}*)-y~C5{L1(Wh8UJJH|wmU~$XlHp!bTJo_0T3uXrDhLDhC1SVOWTc29~Q|kXt(3z1^dxkWcjap+GK6+1swe_Aw*Ui0te0q!56t) zJA$mxHGQc{aIW6WwlZDxb#~pXGBvDsBCkdYGI`sP<8k)H9Y>VeDiY+5V)=1Ek z;}xT~pf24-1E0V5qOtE40-!oyygl)#yHTEvbN{&90RxPngR+W4XjGo2B@)%OQ`4^QJ zF;|oht*$~@M=s`VdJ2zW6ORvH(|-*Gap5xAEuE ztUUx1jHW>CODl!N=DQX(6}G|mWo`#tXwpsuczKj$Rile04LJ$2(E#_%s?;?Ho}lO> z&M==-^W+}$*PrNW>xs3>xBim(f+K^}v-=)%iE*m^5YA7uYz`Yah&MMEAv|Y(aSTz) zB4l2YAK=;El|X^ak&j;eKKGCf_qqqAFfN5dy(oA0Y1e)oeGz!Riu)%49*WRh&k$P7 zQT1u}jlL(b6vI4ySnb7e1+Cyhnwtc4`bflb5ztXzr_tcy1vi0boFuq$`n!D= z68X3B;0_#JFve*&BsoAN!A*ODIB=VJyPw|301V1>&eHX%A+IF( zz6>?>1AKT|ofF{pCiIQBvhlH|#u<3u z(4OoTI~1`zI-@Wjknu}!Uqq$fSP))e*>0~y$9T6t>^&Ua>rRq0Q+L$LP^2POQ+=eX zl%J61DyYG}TG{ZFI44Bzo%JG`!3H~N3G;A8!ae5D+KA2#Zo|3rF&6m9>ur|+G)>dT z+*XrSQ{#I<#wZI29ahss=615w>K)$f8~znbhcGo`%+v1d!%o=b<$7*RIw0yAHUt%BUfi=c*huQIgob~c~0jv(dVc1smS%ak%8aNjQZ_n$2!Z{d!= z%ERw^{E~}iTvm+tDWi{#56s{>g_kcg?&e1&l5$yu)9?wldirCR0@T6#R7ybJ{PC&%{Llr&{ABX;u9( z7S9uf?2sN7#(V?zkPCK>wBvCY7b>s;Y==9?Pt6(*@_*sZMUvMVE+MB55@q$*Ir^N9UO7>=XEQw$ zd3mwDK=1%^%UJ$e^vhsajNUP10d|v-4O#o>_XM5y<$cze^J=r{tl z`YB{WBlP;Y6g86#?S_}@;+Ga}u!idpL$7tV&=LC&2E6Qo&f1k=hFIGXVT6HXJ~*Yl zVXOm|wYBigNRV^|bSO0GG-6;O3!-nYrWN6U+UFma(JB;vPj(3dt-J{jCHOc zA9o~byPMqIGI2q;!vMG zqBgRxBE7+mfq5q6mC+}!2Of=tj)-+ozLfa z1I6{Cc}v&Lk7*pwV%YkQ2Xi33G0l$Hw+|i!!m8ikhZIFkaQA~PF%LV^lqdX6@J-vX z-^SDL-nCd^=d@y+MV{Lh?i1&>Wmws|O+p~=?P|Tee5Bevrx|^UnT73;g!9nO-lDO7 zh&+;Tpw}eS&@4Bt&G-ikfVX=WL&EP6_WZ2eC)I*Dm&2x%V4GLu4t(pknJ`r-M6fHn~g&Fm>m1fZ^`(J zf~@3$G;+kpS|S&J#&N#&yZ^=BTSry7cHP5(sC0u!cPI!5lABElh@_%)2uMkHcS|YK zjie&o-67o_(%s#^YoF(R&fz@IalG&M|2KwzZ1!Nwy|4Sa*R|GMbIrM={1y7VCfrte z-QSR)6}?GGxv?}&NXU4FN3MCib{ zzqU(IrpS_?D^eppQlac;6m-ce;IJ{@I8*&oEk*5(hz|KysJ%q8bMp0jUEHr2P6SpC zESbiX>KzpK-hRQ5jJpn9c%`Ac=7e&f(C(7nM7J>uN2&GJ6i+z2QfqBC z>CkAk|e)}r^G@*`WSw60PUp{(n;#e8jd z-|y|7Pgf$o(F^ypi^EU;b%mJPKl`Srg~AD7n^%7Fr#Rxt9-ZtOBN3M4&Ejek;tFgl zuMFbL#~O)TUSz5~I$>I=7pF*AxWqTAu3ts!9et=_d@iv^Xw$7(AeM+NwX67%(jHm7 zDk@CDsAXwtt-SXc5kyjB)wyG|Ac{8OhgP{Fc4u@WzfpB5UJtZ73|ecMKp)I=`F0X3 zfpq|m%dOgK-jvm9DQ`@_RPDqmw>o_*8-LsIEPKe7*YM0Jk3i-Kcf{vWck0B{LhxDy zbk_bHveCloFT3S)pL!rnm-=0Trv#~&^6O+P)=i2o9C|eQO(!;~RHBXHYtwJ7Jfod# z;%I6esB-N)S@$SA@~_usQMhVZTapxZeE6zLoVWs*#|=!ZD?Z{jc3s*=#vQkuXsixc zc{of%thnr<2j4hvSTr5ex6NERt~!L>%^2f+X&Id(F_4L@a;!XLcG)q^YFpP*q@^X?g-0RHN1`@J5?t(r@-ppy^jx7QvgriUcz|8lz6Dl3a_WgcbwIQ_tE zk(LyZ5eW}#xATJ^+?`TFEYCf($#9fNkqxw^6VRjzmv{HH`$@x&Nj5cFv94QjOq;H{ zT3URm%5J^JRvukOOnce33pFOqiVouQGOXlxhY~SxE!9cp z&g)Msyx0;>t2;#^_sk=%rCq2*E&mZ{wV(bi1?`e}PcbaejM8ApfPbup42~Y4(emcNI=DVZns*_b!Gjm0}5a zlnzc5Iy4`H0^d__hn2dEZ9Wz;R$VCm-4RB_hm7)TJWU_F-BR`lr#l#w#jxZI=R*;2 zM`K4mHP?<Bynz9_yl_&>(=1|hsQf$p#CS~uKR#)BF6RxxvM2t9rv@h?oVAOqDuGKWjS5>TG^^hZ`HZ(WF(*)1(8>s46kh;-lwY^B^p3BNxIj|=r&Oq zs`{f7(!V?^aM^**dr+qlZF%KtRF#r_?0;Oa-^G_y!F+R_HhUb3ZB#x@{G21jBIu~s zvCFK|@Wy5;(q*v5%6G3gF%FLOqoL>LDYnkCsN?%$d^2E}ur|Rb+~l0JnSQZftZlvq zhYjV(oY!!zoZ&D*+v>JD($#pYTa%3V93ELYItki@r#+;M9|# zq3Ue{gz(b+DLnBXj0BDB%{)lfdn%r7CL2YRc=9o{0fR7t&;yJ|Uvovd*PRb{`qrjZ z^k$BEG^#JDHFIJ+?>|$iZNm`S+kH)#h>dqbAuKa5@2)0{)Kct zvICO8OMM^l^h)NAjDR5gCG1(u5+9k&VGb>#=0x{2mLz-y#JX0?RDDy<%FQyaBY)R?7W&6SaFi$5>~VWKhbl5p$gya%V{PBir^#8spC|+jfb#GZ7?#PlGPh6=uQd zi|2MVkp}0}iu6P2!C1;E;tt)#W|3@B6uTk&cRZaQUZ`W^gZ$Z7em52v@u<|U@34r_ z+3^lbAXhTcnmK=}Vd2TRhi3MfaN2kQPrthHscoOk?}Ry`?w=<(LiP$Yy1$XAZaCYJ z00QnMqAh73gCHdh6&@tso3m=}V&{B?n0S6f)mEzw529?c8Qx31_Y-G&*{033B23jT z#%C&srOvJ_kMm_qO&yF&)wVr$e?gj3Gavax-pb+i=*mvsr*b_U20+h&Y$;>Os> z?OiH!D*fo37hOMK)nK)421q2G4nK=Bjm}M%lw=F`87$;QTvbah^0K|l8~g_q>R}4} zC?bOvJv)3rFJF+1G$NhUfslH0bzI-CAi}$$sGDUWvIju}^Y3^#KZ$ouSYmbl!j2S} zniANpzjF=2vKx5PTwpSxHsKK#3jb{L)!h zCob(~|K^~12}fXzanSp8aF@m=gih>Ims*(pF{*iHFFT=eOmgC%uc@9}p z&Td)4ys!;xwQ&xe@X!h-4d@bz>S}GV%)*Z~ieo2min-9A0wtc+=#1KljHjs+ipi%7 z2k|>qJGHOwGtZ3o0(Y*}X|213Zzjy3WN=0EiPW#M{$w7hHQeZrt zg4VKB@Jp%MzrbFonG=QBDgTVLOwPFwMo68#T;_U}PLF1kizTtKkynRdH@tNY=2KQ( zfesemBU-#&ulty`Rhxx@eDnU)Q^2%++3{psy=)~T2yDnVNpQjPu#wM(VA7p8)e*Vdg;<)-B!AFzL9q#F_?>s@ubl4 zCs-6R8|XrM8rB6MLa$9iVRPPkWSY#ueQ__x#M3UNGLDHK*#RWa-u zEL{oIzZi_<_}=-PLdN~uH&$N7UA0eoL8V;qL<#Knoea&Z;bgqlS)szjJDS(~4+NMA zv~ea(_M+?UUdB?sW7DbpSWfw=0&ueC;~t++@}_aO13Q-`m|hA&TdG(5w>%8UuAtrJ zUR&9iW(Yb-6<(8M`8ezgWkJeJ3_Zyw^U?u#Sx!MI=}zKU&X*YTC1=xtZ5OAqL4CZF z@6CLComKpw%0 zI0n8XOmD_T%%;GOo;sZoxe$pmUHe^UKSV$hjaETO)$w3_W5C)f zxdo`&t61r*p?qQqI@vj;`x|p^bgXPFsC%z!{F&FhQ>0t(kss~M3P@4y@RF(zX3CzB zDai1y(d=|29#awhNOD|f^pkW9T422@953vAVwAlN1QQNP1=;m`4%Yy&^jU2VBZ}P0 zW1o+X>zCFMS7?ZTVh!kvgsa>5@IYF7i@tP#{T zu>Yww#Vk#&QLJhu1~DSS$c?BoyBa%jHI$TChE~xy^4?70x?N1pUbdT0j6d9R0exYD z*tEtnD}=+EUu-{v?DA`7#}(GCzU;sPWR*>|{QddR!k*HH0;({zyVCW{2hBRz2yE4z z(_lz!8zuyItgp_PZrqYxJA8pfOJ+A^q2Vv?(gj)2?e=Rd!9)m0Uls~Bv}c`3Nx>R; z;e9j$BgmtQ0UbrF8=0EbuYt}r4UKy0zVhySU99T(Cr?f`vtFfEa|3rRZ!Jz~N}Eg| zf7le*YCpRmjUg*5b@B6}R<+EuyZPAA@Iw{S5Vc3-e!C+iP${vyWdJBI#cs{PXU=(r zVg`ji)QAVUVG31n)fopE5*87)bB4YsPogoZCbvDSY4Q{3o@uJ#YBc`JUN+)cv`0iWvt{b>6!QH9ee6S`H#`e5&m1A!9n6s9xi~ zv}OmjQN5h+Ui=&oJR@DYKG}r599bYgeYKETC15(k?YTK_2R&%3U+5r`wCQw!Z2cgE zzgPGxBlfc=N1uj83qJExFU8M*B-JuUOKED&J;?Jx&lB%LniwOvYXntz$#+)IZ#SlaCtIfB%5LCZT4Gt@V41ImbfGWQ-?-jAy<^eX*yHPZBnakAU8Bwdw|S(HKs&J6z8wPg@OS_G^QPa0l2 zm=;c5937g9dk4CYW?ZB$OhA~MV_uVMy~EZeU+Ruf)L6S=B3Yu>m8M*J_f2;L=wfd1 z?P4Rmz7h8K`@9Wg@ePy*Un5c>An`QrAe@`T#6C7vFk7nqig|i@&}&BEt?vVW>@(E= zZS+9hO9@YeM4!sW^#E;dTz?=<;?h_TZFxc64VVEt6s!PEPf|CF1s>WUDa46K9z2ut z0Wp^NDH2)H=~|wQdb~F4i)27)q#gGq*jxqFGwq+6+fg2)AO~Z}P`#;}w0{-+kUgV? zyyKdt>5j~6`(~NK5o*DuXRf5t@=v?v6x*7<_&)oP)>5>kW|s|VR7obH?=WQ{i|=U!2`y;=n6G$hA`FB+w~b=1=KU5GL$u%mbV*4QCvgY~0qiB81>(Z+cDZkY@B( zAJg@z_ZGA)uQKE>f%2V2lP~&#=V#VX65Oasd+q>PHeqg}fcxk~i<2IW_RU%xdkCmZ zSWC=ZBJE65rW>}*rwPp*LFC(ITRyEt3xyn!iw!|yc8HvYWOPjNkz0OnGaluN+MuP-C5}xYtwmW%|~op z=#-4#@f4EZ8}f6g9#}4#T@;lo@9Xy(opvcXM@HW3EPtgy5wtd4Wf#uU_z80&dM#Pk zEj~Cs##U;80%NV7*%V2ITmP{pa@6A-`^#M}1PVw(pRWw>Q|xxp`t4~ot+6sd^FF%> za9Rh{ZiA6b`AsX4%Cl{kkf@#MnG&N>2D3CnFtSzXUBt>X802E_P0@Rq?jTTbinPbD zW1opjrV~(q*o-TCm>Ai(MbO*9ecW;&Z#@2?O-#w3K0H6fpl$dy;yj}LEQQR1#$qqz zYjYFmTvU31J{JZR`;4+-uZ4YG+h9u(b?>JdzH!;gv?CxY(Xgl9v_n&5M?3o{@-?>P<%rTC22dJSao#Kn|iZ~C4!v~0UgH;_sNYVMz_Lxte1(>Uwa5<@)KMAoR55B z>I^qgZ8ZlKL!|BQ{#ezIO)cgv)LGe+YSef?SGihPX~b(-NE@kbzV#6Mjqw+>lir2a zV55RS2k$T8#e44IcZc@qN{EOPW=>2joY`|M;og{yY+ zRkishovDv6qZLNQ9FB%Hk8*r%s9Nze z$z_8Ra$%7a#U(p2#b(pjy23w)m3)~^Ig@|QKfUkf+UIh4gtSY0w}t>}fCONOJxPtfMX;|nKibOybyW0_dQ zgQ%VA5~+pN0P$bfC*9?6cZZo0<*-s%G1*4)H0!$NajU;Wz-S6ogPS~mRxb0VVIDRZ zNKV!j{K$w#(5Fk|b!kwM&<}S$K{QHPHmj`G!LI!{9^$PgtTOK`I^AGuX#=@>W8Pev zC;U#wK~u=`4$1SX{uTmgq`X5_tSzYn%W-DgkDvLZrR3ih)jSe)Z>6riYf&PZ*fZZ((aA&q{g)X;fjTM=X_r>j+A@F;-^@n5H;$&u@mj6ulk5ktChP86>; z^xlLfNd9e^z>KbLFX57Ss?R?Pf`dlJUqvmOacFy}+hvTL*{lO3)gSKT{T@A~soq*z)C7q*du| z4&9skd10EqEuA1+#bL}cq_8zkBj{kbzVZzL@1~{E4Lvb{_*#@x){lquYqXQbRUiNK zFZ89e6TNeny7eL@JiS5RZ}u`ZZeOczN*N1h9~y;Ul(H%3P<_{ zI3^eI0sQFdXM*ebTJ3@_ysy-xyS~u`CL3?8LEPtvDB!OH!7A~4x+JFh&|O*MR+n2~JeGNRB*?F1R;tPZ%%EN* zNfmfHN-IDSf@qw9zWOCO6}hqtmi^*q@ylmG1>ifh=aJhJhigWo{Jn)Xr;~v*9Y*h4 zN>_q4*!3*}GdoyGed9ilUtcS=k?w#Auoc*87z@przQ>6o4Pz$QHS#aGXkdpOqBqkh z%O)FTR!pM=a?0SFue;GzazW24MTgcjuYYkGMvLiBv)^p=5DkyLBD{A#+!3t(rAp(h zFF5fqV76p#UwTIRoMpTl#`8LHww!7Da(T^s!ReTYHrQYJ$8`x#QrElJ0gPp^PM@a= z6M9%U1h!8!$7{OW~qkMB+=u~~J$Y*oNJvOICh@Ss_i|;qNN)C)V52TnaQ*$#Phnm4;&h;4teZ-3XPt3n>Ev-~1(F~Zi}OF%7t!Du~WFjm@+BHf6? zmuwPuXpw4vcTb|M$7<4)Yc$@feCvXF+f6lEny5#J?hj*)zGLKF(?7scFsl2@7HDa6 z8T3&I^qB*ZUW+)B(wHPMm&Nwat{)OhWm9c>%z@9d6UU45EpHUe>)sfoa$z5%Z_Kizz3w{~L)ZQ!=~k1$w|ib-I*Uc}DUwVYjiXj%y9hQt|Yu{fft7g68rzoM)B%PhfQ5V6v3XB$R^ z>KkRrSlRy3eG%l4>AK-=fwj$%worY`zA?h)<@1{U5z-GGA#_I8pd{0%d7Sk}j zW4TzLdvutx(6cnBqhUqo&g&lf)OW-BdaO-oI!0 zb?3u*Q$U1v6Og0WPx?eK&rB}$O*xeHIViP+sjoPWr9wFz4-Jx5PG;R^yA$~*13w}4 zaxivLPDYwc6dTSkFN22xh<$JKwc*JF3cKB%duRq06R?TEq^G{5Fkmo{Wrn*jU$ovA zz3bu}Xu+2Q`Ls?Tn;`>5iswmu_@e+*;IeNTsQ8zTvzTnp=n;F7Pl-rPAArF!$Efe> zmDYQyDkH#VyD~;6vcgdt>KKeX zMY02q{X5~BZp2g1FJP2@un+q z!KPE?7PWU0D{3V+!0kBF4$|HaW5Gx`1tKQ350bsLV&vmx9Gf44rhHNr@Mmk9*3}fx zIsnR{qH9#pXb!`$B%>qP)ZIMXB(RLNecu($w!K-@TdLk2$&qY{9$kx6gzcH+yf1-Q zr|j)Z&Qf#u+WE@^AsS@4_F0%0Lb@5Y#0@}qcjw&!0^QX+XnHX*fa5VtYBx0}%4Mq& z&o^pudAjF1GnJ1`lH#pi1{l_@TL9Q5$Qcjg05ap8btVC{k^YDb_W1MB77OPpm2+QUfhkC<_?g%CT!Zml1U z$7>%FXIv;4^}n7P(R91gn-#WgL^B<8+NmL(|ME>f^W5>NJYu+Z`ZC|vn2VFGO;S>o z`ouQDB%e(*yV>cS5!2l1#bKQC_ClWPuKWs9iJZRpl(X%6er-q{2WX>(ID{qNt0W1=JxF%9-mX|VCf%%YJlY>ztp+N$FqqBS{`eh6KQJ_y43sobyIjjmngSd8 z7Z82M-|<1jBpss)WSYkixHKP4700}(!nv6^+h0QzEFz@NIFlkz^lq4RXK6FvGWZt53Zrj6XK-Ky7MPy(dP4 z(NJ`EkWx!Zz0o0d?rzhv^v+;rsOme9yT(zP1O4P&%|iO|7GlK}`n`!Wk|?A5OHrD~ zXN{;m05#r#Nh30-sj3LQ_nLcBWHwvt%1em5OR-q*6%ycz)K;=YWGP)SBgGi8h>w&K zFrE=-`XSr&SG`Af;$2*(&vY7!!l*thbGDEvidZ%gC2#XPc>;?rBR`b4fvB(*Kx3^9 z5eNcRw`jFF*|%-f3jPLneV29LA%>jc8<9Kj3UOS?43zn&gAPLH#P^ePrSEVp5HzuX zk%o>&bZzYG_qQ{(+po8x1go%;$ClFXfW+oW_!^Dg$2hPNCvTLaPs4VDtW|+u#MK+_ zy{n~56Y7l@xMrjlvgAmwuyEf@V4;y%b+PpjNy989Sa=)0+(Sq9VTWJf`dv;SneBGShe!J>J;QEiroT1~ACaf4$h7tFCG6z9I-Ft0>Y~^L zM1oeJv7%92$DH${pp|GFD6xlBpR-P53qRfj#jCZdNlC;5tKB%Gt|2}tx8`S}^^N>w zM8;dL)DU6jBA__Htj+ZdBdwj5*B(BxIZiOx{RKd2UzP z513)IW$1>x-k$G%D4h`0eb;(%8q} zyVbSewC~`SjfER=kR_sA@A?UpgRHpM6nw+IgcC#Ay#ojwFA3=^$*QRymRk&aG3{^<;P z+l=Us*DY8Eiez%ag7zPNv2YNbVY$8OH0X=xG>JW-@o2xpf}36*_~aPEIrh$r;MK!^ zKUV#Ya7J*J)gH*>D`)b3^$X^lXos1XKzID*gjuMUNxhyo8LFv}r1_(Np_Bfo4K{)H zHt>NA1?~J&pqG)?%cUVV@s*O34O`A0@YmVqBrd076u#Se`8~{_*IuU<`{0YdBITx| z@N>hLfpM+U$3ZJLU4<*7TX^*Vw0}n(6(R)wO4|&$5F5=rwPkpNk|aOz1N~UhpVaj% z!;K4(v61t?JHh+~jj#>M5W;Edhw+j=B?)=mtC%#c>effc#0EC^c_(NdZCKaQiq+5d z{XbFvH0KG1yL$mds?<-mr&HfaefEUAt3#A12Ya4&b6?AdL4^?&aON^4I?b_acil))0XRNK)U&w1&(yB z;>6PZIY07@t?w~g%V(KZD?QJ?(ChwTP5UokeS*&;$?bZ4Pw_`Sxmk=}g?DSpgK8SB z^7PNTKez-p<7=!TK)1WL;WNe-sD3U43IiU5dSURk zvn@%}GUwdkpMqK~cj+PEWk?CpG!--353!mNA-$!OP24Q10sur+K71L;3ad_Q5W~ZL zMdK#R@D~ZWX~-WMTg`Hnr$AoAd;*^4PN!{q(5It@?|{ud*NkI9YNuwJZ&p+cWjwN97N(S3);2Y(q3Zg}56 z1Ktl0uFzT-O0mH=lw)m1i|<_RPc^X{_d%lx$~J0#GRBx0A12ZD>rPq0jWGOk`wz2e>|#k05X@97ToKU zg|lb_+3r>d_dJqa!`%nvp!by-lRpo3PmhyaGu52t43dz0pNn<=xC?0A_xGmB9J^kf z^Ta(!SX1MMHr@-`0!g_eUY*)w7~m83veOPPxmB@oqs5VuKqHQoY!E%hXK-(fGcv^w z*PEUrF>W;Wt)lv{kH(uu`<7hl;-`7^_9BL;oQ4Bws~kYK1ouB`#B)R}Yt|fTHeWx{ zZ1GTHt|!lsA&RlD{GN<}qp@HSPxe+pc`Ge>o=kw$e&;2#nh%MCV0i(s;;4e<{J?2N z8M;_(IB3~yK4aAZQ5RXKP%99j6>B+XOjj2XzBET|#BZ{iM9w^A6c7cHIuVvZ2?K z>ApFBq-Hfo3gO)^Wk2JSzW5&q= z=_+6dl&ft098A@_l+2cbw4t)t(XQwPqd+_TSwx8$!V$FmtBWRof=dZ<@u-<)1o3d~ zf%T;$El}yv$cx`+Mi_=U<~eTKyvNQGN7yRqYR^N;YRgv6bZAYtid_i=OUBKc?Tnu3 z4;LNQa=p6B(kvECG)zT~glildrAB=&40{5)z`3WR+FgN0Y$U=arjiD9f4C-WU^OU6 ziRsQsH5(+`+sNHWX4Tm1_8{7$LA3Jo@1He-?qznj=b$;MW9Qmzom9A<`WVwE*1Ih>Yw!Li%TiQB6o$tM+QEoB4X@*Zr>g7)m!BW;D3KlRz# zODp^zg`X9TG*&#h|yqZP$oQU*4Z8UIh-^cDoL0G6(RO#5u73q@`hCLxu7t zvhF4WX|W`Gwg%W4{sdGr3~QhehpL3;QBc5I97WysW%XW?1gQMcQ!ss`IFv-i44H)W zoB6M3-aM+N73s3)V6CiyN5l{EnD%x|Z+L%RSPm@^(f>-EbO~ng#WbGP$*NWqrQ!Hf zliiz>T0G=%^wSq*(5$p_^iu}uw2FO}5Y5vz607&x1&d*l=jLi&!1raA9nc$3uAW_h zTuddcVJ}j{(XcLI!)ZW*z5*EG3_8g*h@J!gi`7KXMn3_wpTj$nFH=RozMX(MlRZa> zk#m2WzPb80C>I%^oN|iHtync?z>NgD4kQ{DV1hY*yN=6UF&IJ}K(T!FGE&mya%CqWiyW5r7doFlldRk zx&WRvlj`MQlfT6TT3SQG?{K#DNzI59)htAdd9qJ%sVLq&1bTl?Afu^LnM+jv7u@u(Xe<|pm}Mr<^`sRm(YSP64y5%Q;J1UV> z2Ll&KL2921@`3Kg0<%ezG8^!v%!;-o1YjtF0Xx-4rnXQjjvo|K@9-!S<=aD-y7wRW z>L!RS!VFnV0Wf2mz-#mJaH7GsnO$pUevRfTgL3RT?0AwBwW*L$XU1Mk&R5LUO1b?W zJkkkfP?u7h2%5(8E|GvOpqnSi*2E{lO&Vq*t4b9F)21UO6Wk>79%W`ElOI+h>7g}k z)-*`*A^DmLpb$tc--=lk8PA<(n_Watm`QmlcICVqShmij1M{|SpKCed^-e-DZ{r`} z)f!^0Qs-iBRQx#E80~d3odV>?kI;wB^!u)_IiR9=zj>asuo0{{tm_Fzb*?*+``{lx zW`WNL)<_CEbvnSQ! z>UfcU;8wn`15nl>W7B@_Y&E|F45b}Urb}`6BnS#Zeae<#C3EzE?-I~fUm;L>2R|8M z_b~AUHn9gQ_p2>B@ZGijH=cpRBgxL2UaiP6U4*qC0P1H$QceiKHZ*>T-oIJ;g~ zG{Hr52g61Yz&A%LKuDRA)%3m}m8)J=`a+iY_Vxmt_*o95j3U=bnkACGQxF)J?e-FU z&1>a$e6%XDZs$k>)~kWi<+8D~~&NC(x*-Paxz zwr|u-u?3q+>=h>fw+w1Z6n2ICGi8$s$)Ds1aho_%KFq&o99RS}maz{)lHRy37st#D z7#`R^Am^*8Pz^Q>BNXU6CWLv4>XKbWna-uwc&jHZSiF?b1~8-hXitKX6<_hM$3-Oo z&c<%tKOISKmq0lys!c7E%V>ltK-Lm|0Q#FC?@>uf0snGZ?Yr^AmWvk#pmmPwreI8p zNkFG<4_bRy7Fc<|d{SqOVT7c?@#cf>a5jlnhj~(3Q=hD+)=+YCQF4$soJ`@EWc~W+ zKvn?+^}q70@IVKNhT{^P_kV`;r>1~jqBD#F4s4I2MDp>8=Hq_M$iA4&<)hZry}iGW zgy0(PAJsa`$Cb8@@1l#k{LWmU;XXi+t8I>v^2vko9ZHNR?Td`$x6fGsiMpbR z`ndt9wVY0iOh>Q@7IB_5%OdWOO2{98G5sr$Amv>hvX{ESrX+?xKG~^QA=^3fUWlWF zG{lMXtHcU2Y^m9EzI1@D7BehWW-dwo4H0@ITVFl*R^Hol_xb#n4oxFcp}*Gu?_1*t zc8QKZRF_`Z@4zHj$@@pE>~<7*=rm}A_mDk^$5U$x&te`6%~RMhsdG5O@fD>}e_y6&`NVC(PTG|1IPZ zoH51t;K}E(j~JRi0^m<6J^^ni6|ysM+uH^|+9JskXgXU6Y{@($vIy*QtqKM?Dh-#z z{(CNP3h^|*gkfEy`O^sf0k=!TVm<`trroVD8=_WAxI#m_mzQ`f;tJuuf4jol=NkvL z-1j0xWVzV6Aq`+)_F*V;OWbn3ToZ3&)9X!C-^mJh`>%`m_aAvd3m%F` zL|gxz7#Xl2V)?Q1V+dnIQpU&!54*sjAH&94f?-H$Ft-D2jxA$N>Di%oe;a~z5O9)* z_FCje{u^fOkc8Vqa*KVGS*;ck`YpThpTKk?re{jYZzJlzq2SH1l0 z?#;iy@b5kYd*6c&Trx*N-|sHz?>p_U8!m{A2=X0-*sp)R^}ApF`}-WQ!aKlc)r1&%wgb5vcrCZ2e~C|Kmpf|BvAB4$A;Rzl^uP-Joxx>TkX~*^{ax zPTck2nP^d7r}@wDnOuSl_P|854dkDnsuz^32Zch6PQ}WA_X0s&wnQb{ed7@J{qq}M z&gu zKmgj>FWgA`$N%9&R6R-VD0%Cs>2WwacGfF|3UR_7+dzQ|x8P;9@&9zJ_b3&5*Hdai z#EbgR3-KRY@~k+yA^=w4m0lt(u zXu3zm0h^1ss{&Z&4{V{67R-(}$Gfjxug~=BYN9#t#sBwfEX4T)NBfx3=dWnufrCWB zT~LQX%8SR$A<^j>pomrC?aQzP%P){#ZL&<|+5GSKh~Ykn!bA)MY`A6G;^b|E{bv9E zjK{GwTmiBh%>H{^lwP_0b>`gI<*Su5(8j5uxclm()c=0X9l*^1MUD{uaz2oy5{L-5 zNGI?Py8!gMR^C@87W7ftk5>DeasYDy)-2358qHmr&$0e zJ5&?t)oH2>&0k9Zk3F*}iTH0VfWLO>?Lh1C8o8Jcz5}3(JBgr|4P!1;0Ey`z4+VI2 z%~b_-TG4L&xM9BG7R09IDU)Dq#Klj#2rYnpGDe8)S)_D^VmN@@A9OtjIP!P-^L#|I3 zwgFyg2T=SRJC8cx5mXLqodEhxpA!$8EWKIXRcRcnmZuXKt8vL3)(Pcbrjv38S%N(!$a0AHfG+*Y4ix)dWe zSp?pC?4vbKC(V!Z2VOqrx%NdTUWQ=^c3{Z1YHcvHYEV{S+H4Z=_FUSmwBMT;+aa#P z>7v}pFy&ncV*jvyd2?J=R{^7K1=5Ixkc=~#VM2D@s}@4|E=z$@bOUqA(ChAF#r^xe z!=R5gI*$cNA{M}QFM6js9k)y&xW|~cfvvnW1Bo_RJsv;dr_1?afZ527?Th5t6Qc?X z>i8X1fY$eF=TgvVss!HHt#!S5U~G7_&h6%-11)3J>0-y@JZnwYvvfW%Qg{%_ z;xCrycJ06g>LWJ|Dbg3DzH4qMY`9%RUy+vF>f&E))#9U2=KKvM{Et`<`?1d!xfm55 zWpFhJG;f{U1(^iJ-@ufl4q%i+C(s9(22|Ab8Zl!qi>UlXjvG5m0%4Bf#JuL&Q>T8> z2Nf)}r&LFBNUut#ZB_l0e)P!<4L$EH_mVL$8qxDx@q=OP7)e$E_D{NJoDZY{;NN>T zoxcqVNR>X$GMB^E{+TL#jYj|hjN-I&-NXI9d_~kN`K@m6g`RF3;OoWm@HA3UEscY* z9`S0VXI6^{2ouG8cb^+#9|A1Y8r026v$bI0Y#A>Zm^$28_>tO1I|0NyHk}>7au<%M zy|$EM*NlT$Dd9~Yu|t{{x-O5!?Z#K_rqrx@<}k+0AC8s`PA#>^4*d04dlX{7GrzBK z9~*i=e>({L&u@4fOC@)s%B{9L9QKRXi2DGFT{XpCz%-$hy0Cs9%&hq?1B?tKs}D#| zWfUsl(G34w50-Pw-Zlw1GO)lk#rgfHM%;~r(=={E=Q37Az-#tKGB3}Y@PbRPwv(}u z7cuvkv-tk0^$G-x9w$YBzl4$)Ual+FJ*uKF0!)d?(Pu9y4?+8DG?m-g8!VJkc#-abkda14o2z$#>h=(z31eOOwT3lj~}(q)>oH}zj$;$yLs++YwdtI3R*XaoF0m4{AcQjiQ z3{i3Im~)<0XQ{g^Os(}KHLr(i!4RY{9mVX-!gKs zAw1|v%R4V1B?!a(JErzKqecvcbP&*=SWnH9-2i5m6)d0}a0ST7AwH7$1q`0Q>=a*} ztt3s;Cppj8SXS>gqF#TJB8Tkmoif`XKST8H2DF7nvD5%>E3x9cm9t!7ODOTV+wgAXz*7k;- z+OU}UN8FYR34Rwk`-56)98kJy=y4%ga&}rDiiCr#wD8Or$r5WXEJ~~9f1X@wacNdm zO&TvR-q0TUVM$Z>%&hh3W z5Z)FKSI1J=Ge!I`wgDixH+UW%ZxDjGdRkCN((rVv(7Mo;PWec9x< zSujH~Qn(wf95Pv?FT3Lru-0&z3VEsup6*l^;KNmHlDj&vuNmT{q@v7?hf_-85SaO@ zXCaC`#~%84uS(_21@!#B4l27{9i<-qcnssM;2na)C1j+tpwWsD8t9XDHer;<(?g$q z>Rp@%&IyA@x$?67!)z^B)REsZjVqQSw}J0KP~kgj%T)A-3NLxcC0*N|IZk}9ve_Im z;5S*Sk*zzL$35QReJ8=SGi7y_>}OgW&u7{hF%>ZRWAj)wuWUBs=FiliL)QKLj+e=L zca|jET?{I<3B!Me0f%Y(hOCsQox`tIVF$L;QiP(jUmpO%6-p1+E~h_a=S+cK$pRQo z#1<$lpVE+PKPk6ZAX#xIzJiV9$msHB?FVZoLR~7IK-zM3W(s;ZwK_L3`iT}n#@g%f zV$ZBFSS4_lSeaWuqO=0oE$B)2wC-V$tP-eOzd8Z4hUX?gyFF4>JAk&MbqMFtvmN_t zEe?VybLuWUbn8CYQkkYlC=@m=s^Nt8%cr%F4`NyG%uE*%0mO7;AYHQORDw?;^s_eM zRQVH&i`^#7nq=fqav1K{)d7#(MWot{2#W>V8=%CBYa&Kq9t@{1`N}cF_aMeL{$P?<3&no(+AI zzcMJ(sBv`A@VbZovD%|~!KV%;hvH@?3)GAAb53R3IpGs?O={7R~hh!KV69s(;=!37HHFt4bOL8;tmf5 z=ht@_ab&tHhW+Y=bRuppU++luL66aRP~_BLGkYAM*=R07Oe@#uCP|oiOym8we(0SU zJ20F)?Y!z>tC)!w=p|lyrc15Mlqibzxg~gQ2YP*~b3?LSz7X;a0X@+ISLzdnu1T15 zG;4#I2IyE^6@}r^jh2G`z`1^$zDF_E0L2)CUj!9Y*`#FnE0a0PK@T~*o>VcjVT*kM zi(v;DB$@SN%u}4+N8+S5Z`S!}7+p#&WYVRY22+jb%UT{yPkW&cu3ujGeA}*0xTxqM zB^ITXXsbS0YF!C)smd*RkC&#pQZe1H`rgS;{B!Z2@Pizl2k+PV{uSv_==JH z;vdon3Ir2R*bD_wXA&tE$}}wyYnuY|0tmL*CrVxrL&=b{=!|_d7h;r5h%h1hh$3wsDj)5+8&y%3K zy)VYUp$G>d{Pn)fOtdFOF-SWaQ3b}t=}&g&n&kP2*ZfJIeF(2Q8c}VcxvaENpz`Mi zG8L$mNrXPShE(g^An{dAbDMQJ5lzUOlL_g(IstQL<|HK!9l{8@lHtXeXE02 z9R*hVgabFA7_%(qb0|^y&Ly69o4GCs_rhyMzs#X76?);$jp!w+=I-gP4an);8L5;^ zC!YgyF`%cv;=fWp=K@|B%GMCFtF1G3$2Y(uVik-@IJEQx|fgz}Y@v+8&;~6J2a{SLD$n^18bPJ=% zozKL%#T`yyop%j1+u zxLgq@H?T#Bq8R8cC=KaJc08)Wkb3ateVXplIB1DQ;n571;wvaM%sz%V`Hx^ZgX}6{ zALSLk9@$8bz>Twbo9q*K6zvjFBu=z>@fa`o+I#EY-$P#cdEl*-h4uJ2zELNLusr-h za=ytMFDzZ98@fCOE$$IBXRVL3Lr!x&rduTi%zNx*$1@w|T7j%yYO)N|glyA> z6YfY!l6bt&|K>%+=W(-ojK%_OazEUO^*=Uj{hN!fL>c zMKr?YDykf)j1rTHz{NmgbD3WoFy=G!VO2jK^E<&tXvo&AIkcO+CGIX!OHO0p?0*4L#u3cQjZjt&SpCd6YnACDvy|W(- zo=BYKy@|t1X7x;Ta4#tC`N71nb}0b(QqC(JcYgxQnDx~Df+pS>PQn1qC-5DB#z!6? z%b>Ixoi67BvL%-lY#)q-C1X|Bv!#PX1X8!=mR$}(53z<9;$(M~4dTVYAn%u4Krp>7 zx0Z`Nr3sS%c_h3qBd*Q>rQGp1vxo1a4536!nKJ-_8j@YdFf9kYl^1?w99~ ziBbxQG%Nuh-;_K)3Tyt0eJ1CL5_edF5r!SF${wrW^`5!5kHh5{k~YvyXWNYzBEx3= zg-)9d(pDWPgN7`(9fagp%pINcdyrrCB_(K~NOaJ-Xc7Sq+?g@XgV!P?&3L=)9vwi~ zNxvbM8N_y7J5ZH~PL^}V3uxeEA!3mqYeB!(Gd`|PV_@&X()OM~AL}_vk&j+^=*6{! zyo54}!-D&UU?8_5^i8u{IB^P`yHoErDP*(R$5CQ54rLZ>rIiv8LP)28Ue}_jtHp=!aJrYp zEYrd*fy3A!q#kTS{4QIMDBkca@BKga-a0DkcU}J%MClli?ndeE5Qb7xkWP_O z5RmSMp+&k&LZwSVO2DBTNogtR9@6hKJI>jky+8Y$-~RKr)>+HtVgUopyPo^G@9TP9 zqskd!o>r6u>pQJudw%p({#uH)S*&q$JRDN$>l=oCm%54$B(PzIzwO`x=hXu0QRfFB zmisqwZ_0R)Ex{Rb0xlx+kL%%!}o8@mekbZ*a2Si$6Zwgl{|_ltDQ zXRAcoJghA2bcmdx-?gt7*bXW}F!x&Zvv3X(j(&ib@vhAsXI6;8tf$Yg4>SU2Qf{FV z-q=ijIGcvPvv!uPX$IY|Tz>+M=8-Q${ChrVWQ!T?^V6aX3hrjLcjp&;$6aQM&ZaEl zHjbD)0$goQ?kUxPuOm*t`{VL!SS;|-`9y2?!VL6w=0g~qGiXnZVMRzDT~iKD^3${l^p zh4aBY4k*XjjfoGRi$TckOQFZK>{JM=cKisW?xD(=n_BfexkGow*Ektp>q?mCD;aOd z%HBZHUcy9Xv($Z=B@{X4Z>st)yVE5~O?+gJ!)qA*lxh)+ z34A(gLW$US)`K1XX&RUuUe;7Gz@2OqYEfUc z?bha7u1j22FLfVv2-88^JtHBuAxdmK2MU(9sFYJ%(-)u}q>t(J^G}AW_e4pXyz;0zIAf6*=ou6m zUl#~rd;s-%E7S|;HOCSB>D>t#36bVEL6m$ERj=#q7LqiUHf-q2BxyE*q)s{GRiVjZ z7Fqo;1+pxIs|dZA4Qj`49?Gk67YSn2v7255tl`bWjPQJ}KEAzMO6&1SQVwYjj``(m zeLi!V>e=HEsMN=q*vrGqGQmrX5eOsh`c-{&)oCW}V}s_tBVMzd!4S z0n={|iz+{y>TC@kNHJ}*CvLX~os{zG{hQY2N%?@oHtfBw<38OG9>N?K*<#wi)~L;? zxAu+&=nl)nM}|EHMb|rFp(j)%@q}f@!8;x~iy2vWHCu>1;zWTZPRz3BQyTdKM1PG^ z+g@^3|E50rejlQy$*xyStU`~K_;KHO^inuk%T)iN_3x&d!+`;JUIrii6*Pp-N=Awh zt{A~RNS-70LDrB^ZI`mosEEJ)ebnZdTUqQjM2q+jl{F!eovh6}Dj%B|G-y!1Q?6ER z?`C?q7nh~sy(8OOA=?W=Xv45nt-WT>d}oV&xu*nPB_8GcmZFRBjT_eS0Yb+RAU^m! z=6-i)24Mjys4?wtAxd4R3?E@Z6dlGNmvL<4(-xhh+8a)+6f6rbXw=qN_(|FyLF1&) ze&w{j~5`&1J$NiUab$;+Q{ZoWP|iRk87o7FQp zI~j5Ijo!y-;>mo)7gF~V*2bHPdUJ}nwoaUn@!(AfrP;xU%S8DZx%0~khgNEQ4@e)h zS`CEJ(&d27ng|Y!#AmJKk`a#dTdQ&cnw>UK@Xht~?YExYb_T>ca{drJlMop%s+M{O zKlc>k`r_Mp;`to&I;O>`J|{ul&(Zjg=zbQh4Zl|%Z{#YN^trw)Zkx|fi-nY|nCxB| zUGA@_cQ96{5VOpk|M=45)~}&sSg*|781?s|%mpFJe4qP_ZLx=v!1Ga{YA^g;QB` zKuN034VX6wMZ9T08vp|dvuWEIG?YQ&1qh4m`{btvK0yRZKov3EilL#aRgr;FI5FaV z5b^z}u71P|6yPoLGA9aq5;-pOf(MxKiexCaav=Hlj);eayv9_8ll%grv1FJC^9%N= zJ1#%?c2%l(vLfE>e;L6%O4L$Q?uD9v@Li{q%A=-UAoVm9AgO1p76DiJ6C_V+37G1l zvu=a1K@40eF_AquH1=mk%;9j6nto483F|}}b+QD0P4oy6LBTL@>K;vq@F}Ow&N)IW zV)?C5vSEglpSl9^1~ym&4~L%R+{;b<#oos&=WzKV2*NG(^&t94d?$5HV3;m2K1H;8 zCFt&NeiV$1V)=W?g{CIZ09l7am!If;ed^aOlls=wtq;=nUJ)CPRD0uPt3TQAjW*ql z`#!pF_LYENZiDsOt6j@fsi*oh;w-Z~AMW$E-%wr~$mx^Z&2 zAoR9nW51NYDK}(3y=o*X+c`(weaJ8o>$DFfdjzDA-Pm-m#+`#k3dj9){#y9&h`zHDoK~%InB8lH zpnq&nYgPATd(wh2qg~x{ka<<_8&SjZN*P2)%SZJ5L^DN`%M_l~BfM8*I#T^YhAnau zulJ7jzMY&d1arGWg{u}YtfbEE9_+O?^NZrKc3$9y_rL5BApYw>Do{!;0Iof+#p^`^ zW=(UUu`%w>QO|mWxtceD_oI2rtk0WIlS_r5{Zmfe^u1mQR){^Hz^Fk>?JSRicpswg zMVC1_HPmK(X^v>5)!splhfBG;N3Dma*TUsn;btrlaDbFq4%=YXs@z*T(aEbcOE{ zViyW2i#NN4p-%Al$aqCj-VE(-*k)b=N4y)s?CcrQO@f3pKJ^dJGv>DpoC~C2mhLEQV%95vfY6fvy^lC6!xdqSemD)lMFlWzw zFMSabs)Fk&b+21&rtL8(df)20wf>-GpUpk2fiqHkysCtjR&+TI8pLte%h@ba2k3j! zC(>P@hcTWZ4U+gA6zyg*j47hu$7VAUvck143|Kg0m2V79gE>G9rI44_XD$=~=c{UYS>lt_}-Z`C@VLtV%I6G5XnRO$umoTq~k}_*o?0<3| z>HD;bvXVX@W5)$CB3N!v&R~l>RxE_FG%)r6(s`N0UbGlS3!T zbvhT|)-Y{-5_eB@-K11bANDpFBQy?uSFxOW7X=5B@V(VXLi?k?ukjCWe8sfBz$;yz7VWlCk%p1d~y;w&y@1c^(fv+STh3VlrD$tiKPrWjbl zDwH@VNhCJ^Eq3Pl=KiHqMc5gOKOwyJBChh3(7CIWyt>OyP&hG;b4>ehqkJ!Ml$L=F zSNCrE@J^dBq;pQ@IOoRXc)^jXCN#<_TVd*$Y_%zh?t+dFbHRs*JxgXg>y3S5A7X-! zUfC-LC!)_Zdqn>ZZ+(*VMLbyv+kXz zn+Ku{wLN^X5hV{?sJf&B96B$XI9@Pq`Uv!vHhHb^`Q{|LPh0?)?mSnjd-eh4$X($N zb1o(!%imZ_`pJF;QnC#-@webuSBdsC92}i)WvNZDOIG-Bs0$OW7M{ojA$$?Xn|GO7 z%ZZQV`*sV=pFiDB9LS-~$#%VwSQAZFo`mrh@s4PW;xp$=E>?um=6y=VeB_~b5bne| zjLkVmuokYBYMFesge7vy0K|0b&E10Qab+74D|Sc2KbNjRn>!rvKzJ2C@x-H;cQl>9 z{)uZ3^@_zTYAS7OlV03ua&CR<>~(oflE(VzHhtRIO8TY!ee|Vl%mgb<`H~C-BLh|# zPsEBEzSGLl=B_9Fia$6bj>)`lOl$OMjTb`8eT-+bKze_4lX}Yy|6Jhvsi}*x`oxfY z-;`3L!Q@B(uqUL2ra?8Qn?vDc#drcIVw$o2(~FGx+8d? zZbj6Zq^{>IY*r&&C4Ec9ORF94YOM*Qm2=Ds%ZB*Xg;0{UR69IuYxj zUC~M?!qSjJoE0y9O%cN{mYZ?^eWG05GnRDBBBO8pK6c4d@7zXS`>?FnQH=Pv!sn_d zLUsj~YuFC{#|vyv8m!yDMBG}edx}bfjw|0=l+z`9OG{2$RH>wm zl5@rtn}&`aKgZQtx%MKF|3-Veh3E!Gla|80*Y8t9N4S&`dL~e`hHmMbJR)Tp!`w~? zqOwxVJ@z%9oo0CUZin9I*kT9e%VpWTl z{Ne;Z$b))(mw>>`h0%q$l`TagoYt0^Dkhv46b%jrUD&m}(w~wSjqT5h6Z`Ht=F~?M zG)T1?Ag^xrO^LivZtoe}-A_Z}rv{cMTb^{UzS9$4w3Equ=|>cK}D%{|y$M`S^A{&Chj z9j)E7N5bsJWtLLuF+(*IZacN}QOv&0@mv;~RVH3vbgoRA_&5eDzpY`#H65PqhaXh1 zq9&r7UeS?{TBSVQic&cFxusQLxZ`odC>V7;`KXqtrooz;K!;pF(POy|zvFX?Gz>Kn zb5C1p;sHb*mU%c(F+~229je@LJ?-AEUau#FrOhGR3-24W*0%-E)4%B7eBZXgAdL9| zse4+`qiE}0Ip}5ZTE+;rhK<8}%Zd9XI*rwn#jV(5=gy_bR`AN1e%;>ovD?L*M4$^J zw#PT5sL3DfMY=M#T$S$$ygTj631HAa^%sar|AedOSX}^Rsgvr5-hk)V%h0#RSCY z+$Q>XDhnA6HX&~q~^TA?DNh$u{_)C z$=M32{yH~k8-Hz8NI!$IGVIhZFsP3x1xfdlOU2UHwomg2EzK~nZagYqtLF1SsY2(# zxFrj)?ZvwU+v}FY^S)$pySTj)f*HEwW{1wv+yUe!lS2e&pZ}gr78bT^l^mm z?D_R}Uw_?;$#Bl~G%JX_oqnCIl8=!k_I z*pHRfDX)3e3-&$9o^5o?e)9Y12g{4Mz5$j=DR;eV@|%4*ec6k=@hI=zVS_SwF3t6r zzdyIao|NFdzx!f-+6rf@v4lzf^!KKX?H(wE?nP9O!51hNKVF-sqGV| zzf0_A&~p5MXSv82gmCW`Af3S?h`)4bbV<*?P-P834%>Qm&*v8n`)^oO)3xh5G^+Eg zC|DLLJ$pa}9;R7uCpRjQeT0}jGlZmc#mWz zDnjMe0+%0bT!HLB>QfI(2AbHNOLLEY;jb6Rj`A_v#dDuV&Xk?4OVqJ6WZFe^an=KG z!?88=*5%nIZf6XuEnLo@Eyp}cf1&XFE(L34b*7j|0@+=Rf_~^TUqBAA8LZdMbT*37s{}6?N?}h^{ojbgh)dvOO z(#qHd&C}E!Y+*_k&Bq=#LcjW1q=}*+p0>ap7Ac2Om6`1i2=rVMo%ohBUkLR>j^M5^ zC%*Er)t6=~68MIKBkJbq0>2qx(zuK{#AH@|Z-C$k)>*3>B{|FlaMIbobT0>t-!nu@~#`YLU#CPvav9L`CaQQ+cvxxg#G?pX1=OLb>yl zEvaaM2n;a9xlnvuqP4%$LZoQG!)YV9U0sIqgxl{R3aQU>6(yUn)Q9|51nb;qoCTbn zuVhmEVhY|1xc28rS;H~EpqAgvHs=G$j(t1Ok9QKGIqbyWQhZ=zCB4&9)}l@!E$8cY z%Nvb(3fxTz8C4Djws0I43VM)ow%&6 z+B-)4k|N8E?QrbPAb_8$%e@utwAcTl()=0rh-Z#R{x-=YW&SXCFcnl2qNdip=0iBwuLWAu1Ashv$!o(gEbv>1mRz?Z7M_pMaDK{|$eGFk!V&w)?La>hM2p**Nq9G~Ci^}D_E(ksjcs~_Yny;SG=wxUu|^9gk= z^Ohz?miZ5J(3h$>pT(MH3-84>E6q(LoH)<(CRR0dpELs5Z>O=7+O==ey!1(G9M@YD zbziHPhdiIQ3bIq4zN}rOIgGC#z3jalxVAgVlrHw%+|r+)qo0AWre}fb)_9&A*8co7 zYtN_4YAZe2SH(2LGpusuK~yK7(dpF7rP%d()!v#h-M)l7cdT>_p2sqMcXs&Ao~Aye zeWgq+wON>iUnsv0>)5GWn_pkRcURwF8^R!+`)Me*9!EKUef7nB`!RL=6CqQ-!16TP zh`+hdj$fntv|5qxy&x%z4Koc}?%{KO#Q3v>g~UqIf4-D6$Wni)K-u(XR@RO$6Nw+G z;5_$cXTS(~2p+`5r~R;L5Wh4b=`q+RMyU5%e)s{+8A0(Z zk!-o1c+xD>)d^IM5=bI_#Bk8wU0U3^`MIO8SH)uvro15sR?!eDn>fEKkh^Fmz4e=78m zvYVbIJVbGu6p8(KHhskso#wv(6}`&~Gh8wrYZ2c$-%ziX{uhb#cFgM6j_eJd(=Mls zIggc?p4T6X?To!1brRP|UvH`(Ts+inckRwG_D&A7pb&li?ivR<*rJMxPZ8@?_liaD z67E{}CSaiy6bZidt^5ue+E07>$_A^3y)6h~(&6 z%>hKfTN`FrorWYo72yy|xnw5F5B713@{{b6k6t10Nl~HJAP(d^5L+#?ACRm6|9u)8ok5 z$uR#zzwl+WvJ@r981MMtfWN2sj|01K8OvaLYRHqf(Dc7q^a7>S0@z|sn={=@Zp1H< zdY~0yH8D=v*YlbPZy>LJ`<-O-Eqo2=^hESu@naZpcolLUX}#<-zbqZZl(L_fm`xwS zdn451iDX9|KfC@Xmn&PuE&F(c1*{#W&Nn9%;r|TiFjP;i7En0a&ca8Wgs68y+Zy6Q}GGM*wK2ir)sY4q);jm~;YL_9}VRhh&0 zL{f}hUds9Kl#qfrDY0E7i8Ts00E1>RvO}=X4am-nswR;5&^zcNV-TuL|C@7t{qg2# zZx`?-)k7edJ8B20B0{}a3TX{2h(7*&5)JNmxK%KDC#4F0o%$vN>TizP80>$6>+|^T z@I-50G%_v|1kpr=I035$`b}fUXMeCtFLW704p^yA&|8`u3r!oVdlkmn;gKPXBMt;X zp5oh;9qk~EBZK4D=7s2eC2Xq~#udj(%(7&YyvrP6wl(w{zc}$?F+)5_oM0tvAuqXK zV1$zig_D{EpVno$K34Pi9 zj+U4Bc%XY(zJFky6F&Ru{?TA8Q~1{q%nF#&CywKE4P^j#2-YkLH^j2)~BMOIISpjm!aqGO7hf>}O3= zd~AlNVt{F?8HUf8{<>P2CFey}Qc6Yg89wUR>1xNjkw7*qvcZ=NeMR#tMNVOGoO~5W z=OrpG_KS$5Pu+GHYq&yk#OT>E`nW4+^)n={+&s7!MrAx(_wnI zS(VA*kDId=N{=irb7N)5dTV+{XA|keJWSua(HcnUYsD54qu$Gp-EO%U&&JyJo^{|z zd>SI#7yH9wv+`^o52X+EZ!j3S&s!_6l-w z6#WabGc9anXA}p;5;*FHOE% zVT1#qRro@1o))lvjbV4#D_ouZn!grB@*8CXq$%b%zeLT^^#vkJo zy`!K{s{cG*MbT-Z-j5tYkKqvA4O4)7O`kV4zRb2*_i>*06kVEu!Za#;fsc+CfA9{z zjff7B;r9%GG0DjX>(Sl(KlVcE*3vn*R_U5sb*`*1NOp^foIXAGj+NLQ*-(E)&>^Uo*~}D?T;)b?{#Q?X>0F{YnD~Eww!C~ZIPaR zD;1_}{L6S$cWxj!$=s#>V&HSC)i#8&5ohvfn$$GRbnZkJu@hX;+5JGO##qOgiOK}> zo>lBMaWf=we$#H&U`AWq%Ukoj#d7pW8lY0SJ;1J8?Q=BpP2e-N^lrJZWBvTFyx9O(ehPbEZvvEoqNevdqb# zwQ0y5+L=#J+BVxWFJpG5gOZ!v^ND-FUg8(4%;givW9g$vyRkuAZR^^jY0c@GEE)eY zVTywWf!ACInvj?byigxg#M$f4b(rRcQKk?BZ#JOoA9#oE^uz36df9`Y$+FT_+uDWk zsE^LAWE@{X5cY;e&^#JxKc8dK^H_Ltm;>2WmrrmeP$EVU+~w__w$7nW;a^6jZfjnm z6a!IND-12VO~b*Vi7~Io6do(SlJ)!F^_Mf5o3&yI#vP>>;t5WRln!*m=A7L2wAlJ zPDKgLVi53Vg!k3p3J1%zd(Et^o{Vd$e@pS5II1=(L$^1fkxyZq*}`pae$f@&9o0H- zm7^QNws*Caupj5Ij(OWUo1Ozvm(~bV_L}8=-}Kj?eVroXj-g?ooB|&OzBsx_Wg995 z8`D}jT--qcnw5=@lhcZ`__78>cZI#8p%Qry$xv|e&tB{(#O%t=*2T)4+%>_}Fi~JlvJEv<2|1olRulS`^R*0NBb-k5rsKmVmUm{H zasrPqWHV`?=(dHbX?)C5;@&Ui@K)C=glAlmmV8M*z|;^4|3&3E=0IUcq!U}JFp)df z6d<$_bC~h#wJ|Fi2!`eI{oS$lH=RQ^<1maZ%K@T*v4J0kFHEgp*uMg|_5;*6ILG4v>l-j zid;)e!TTCR{nCLbk4_?Qn}woRT!9ma_W#Qz_pcvpWPm8oR06WKaVOJLU#WdY+Y#StDxaugYJ322gOzV~s|sNBo0eIhyW zAz{X*h2$WlvJS^-5x0g_;B!sGFo0>h+u%6 z)Gic$9E>qFVS7W`U!*zykRqQMZ^oQjK_gO z#hkZ-+|30RVSp_H-V)fuM6Rgw-Ba@?;34)T3bps8#JBABo=i!!8Cgs)xZgziB`)YyU}%n9<4QH%e}zg#=Of=N`>KL5+@ z@dKS$?C&gqzx1YL?xKXy;tX_1ce3gG3u(ux@>lm5g><7?^!iob@ClF0{{89;6k_I4 z%}9Ry?VmXrf4x2feZa5zSu;ZM_wNTWk(ek%uv#W(%fAoc7>1)TU0{#A4^T=r{`J^{ z&s?Xr)m|f}T>t#5fBKTYev%o)rtNxM4_21Zmf5+&N z!33x2K1zP|Kc2<^{o}wJ6|;*QpM5d6|2|0n_$nK9RMUFvD(wdl8(q|cR7Fi_bM0abyk}|W7owcbMDGNJ&$at18rMM_4ud#fuVfBuH61V zV}i(_d8M`i`eDX{ueGZ7WikKht1l#xXYiVt?$)2bg@3rW|L_gNRN!^#E5&91*)Pmp zAOaWKf+;HMzx%=e=JNwcB#fxvjKP0+f&Smy`i=)< zz0{TkB7$50W^Eusy^W4%m+-cPjA8f^159EVL$M@XHil(4y&mTSr|xlb{)bG4VI4GJ zj>?iuD81)G6E4Yb75W|pV_R1g1kG5`1f zZxDl(Zlu3V=-~TUV%ikAjuRGvD?e)#}3H^Wgr1nK(%v#nJ znE%ki`SjCvb540^xV^I;FbLm+C{1Hk$xGCfk;0;jyL4t$l;Tb@c zl1yvc{!f2oE+>)=MpFC`%oP4`95!Om2-5p`I&jPZ^fYccK_M>C2f;{-L*Hwi<4f{8 zHRYdcm4B?EWWIpqbM+&C;;yk?ZSk`&Ic7=!1mn*YM7xVaMu3nLc~Y-0K#X=j$M3@S z>al-KVzc@x>!07>e_hxI2sS>U-lK2=JfIsYv4x00TF%PsV~bL+Ciu- zIfth9c$wtS>>07!tV$1Y5g%lVkRe~O17`VAVSzTBW(xE-feI>Ulkf19$ zYw(UZR!i=1Tu#mQf4E5+qhwkMbFUVDUz>hL63YE=j&i!)!B)#0csucWiaM+40O59T7Sn#YC?Dh zL{_5hpT2O`NG<3j-38=&j6~`TfP%XEP@hwLwuihtI_B7AHD`0mr8H&Ah0DdmtTO#~z~lMb3ojft=(Iy3O6B^(Je+>E0d1V3&c7!nm9DntHi{YElxK!!-m{#edUt>vUz zw9gaIg{@bBUR1H2vK8bmvHM?Akv}crYl#B==w-e-d4ROL5b#dKs})_UM-(W((YuYZ z1~0iI062fO{Zq?H**@qjg@C~pe>APMR3@;SR+)PPzqvz?$lhl4hWj3! zMo|#GHuGV)IP>)*&?*ql@3;bfn{91CfG}TD_d873Slmp^rSwnT?{jPD=j+pM z?s9y@>qDYOxBFQCl8CPHUPo3T?#KjS_0n2_k$kc!_SmJ}&ocnTCAtAzs4mrplt!(P zL%@bXV?eoA#hk2{zZ2pp-&-cYV1`C;bpwXbFllhL|E}zP@Nw$HkNblN0F~l$_pKu~ zy_}hB2RDNer}C03tslZ1$)d(CRMe;jF%J_eUjP>9n*e)7(`%8%fZH#M_Si9zo*_1= zB@Z{SjL3$|i_Ld<%twP(O(_sLh1P!*hG;5TrRGgliYHng{_Jtxd4_Dlr)6I|&t<&% zymogkb+NCvrDzj=ZL9l-g8Pqk@s511DTW4sEnMvbN$g#UXrvJsc~`bun*+=~w!jTO zIUkc46c!c~Y!1eZoSET-kuu_hl_uX42Zqj|`W1lpypLFkWBq~*1!zC)JUr9nPb59oIB}UzpshGMiH|*?PU>fZ0)2Kl7lUw~Hz* zy0)?z<6iS549y8V3Wc>jpoZX8E^@O)!W6=`xw0H(?Yorx@`$N|^#nt>ZUh-4M`0N}?$Yv3{y~fN6<5tz=vP4#n_IeU$D6 z7oo9b8_w-z9*K7j69h44Cm4#=^`19#JxlHutYNF9G-Rhnz8Z=}7pBN3%7q9@OO(fu z31H)6VOmEmF3zU1nYp~y2b{$yyC;v*!9C3FX^q6krvh8wqaNL~f4yUlxlw&h0%VT~ zJ6U~1h~5V|Em2m1W5ta(CO70x6$nhuv6|WxJ&$L>OI4Tyf)7AgTXthEUzekP^TPny zpULPn9(2jRAmwcrK*GF=S8O^x4WI#|n`qWoZGmoJEQ3bjNG=u#*U@i4yErE3B)ACc8u+3J`l&kT2Al^m-~>^ zQZoDjJ0Q{kE$>kcYND{zl{(`49Czoou#r_u<@sxDm+7ZoU#(4j$o)L7`InA*#eY;| z=;4U!XPV%k!9EuJOH&Ilv#<@9eWv*8Yc zzl6ka$3LvRu$t;4qI<&nnsNjSG?xt`Z-q(#+FfHCKe6UxcPtG+wmWYV41^Htfl9(J z@B`wX?}TAFw2RtXp)_wmf=*HvADMQdvMJQOLnPFW|-a)*=8rqZN zLjqU7Qlv-emE&#!*+KhBpZkbDQKWCrFqH5B-OFWC=|nVuAZI`p=VtTWd45`eg#f8F z4rr_B<}V$<)BX0R0Ot)BR9}ODpoG{rtKihx>j8q-Ofe<_=^}_H zhXcKxXE3{ZYt3d){R^wJ3|FHQuA1sfJy}*COL8Trh9Id z>q|!;1*QG25KKMbkWw*{j2xWWXOaHpj^`xHl zF&i3BPixK`AftN*y+1MX5uX=p{RUV!BYH&7L{`>7RaQEXV5zff)obVZ#+Lt_DfEGe z){tMs-4(`m94Zl>={^v9NJ#P#hj=neM}7Kb(#PzkU&@9rTVqPOy?+YmpwJ1$? z*S+!-sIf1&EO)a@W|jOj27eP_#XlgRC3p6ypiA}oDZClE08P;g2-dC8B`~ZH7jrkN zYTdbdVG%~TNFKmjiwq7u`=0)ch$`O>Ndf(qhYfgLF&fD{74y{^&%#iaxrYd9GZ1KB zN0I8srgsf}_jUPE6UmEngtn{TxsJQHxx`B@zyViBYdb)G5oD1a=VpTBAP)Vt#4zvPu#qii zkX3~Pk}(`XPM)3JVo@;@-U8C~{ajR#>`5?v7)EnsycN*CV1tx62fKdjY2nuMfl-R1 zo}tp|>Xph|VUiykU%xeUod?_4fbMX8#s{r>p!Dg=KMKCuAPytK#1pwov3XzB&nSva z?M>X?T-mG zuCJSP?u&OxuV;SGqK$DxT1fIMWB6W|_lw}|>N@=Rg0qlh`D10ARsco{mi+7FIS@$QFB1;TiwBFDMF~Hu6ioXY0?j1_gh7eg*KC0|CLw zTfP8^7<1OVx2b9%txdSey9?>`vz-NYZ`2M#V!?9${6|hIWR|^zxpWVhj)ifQ`W(uM z>H$0or!Jb$+4OA}hy@|(h$S+<74{=X{`~yfF)o2s$gC}(pXOa+Qe&!f7vdMK|CN)( z(D+jv(NK&oY*n9|n86g+=4$_JY@^%bRpXOuX4XoS*@E9oN4Bnkq!;tJ*0S|S1qPO5 z{p-Po`39Yap;5SGCxMTZ#B4v(bHg>sqDgcZ^1&!7M#@lR9r|pgrO;%V%6VY{AXX2u zEhK|DviCZ|@rTOR%eGI{DBrJKNjXM4ZyPO08|zQU^_ zjc-q|w~fEY4k&jjryGlmGMY%ueoiI;lGUAJt~&Z{0+K_HRmoHggxWfl}-; zU*n_7T5m22#a#$c7ahMK^F@N$hisqjtwQ&{flwNEtZ?kSCP>Inay4@* zL$bk0VD}ZodgOC~+)s%$fYQY@T;D2F|Shr;@}TP4m1aDs5qI4SKaAASaf=dxG` z#8PnWGD}d)trtGkH;>UAHx}(GQqltIr**LyM?AtqYHRx$$MUuur_{}~-UCv>_Ey7e zm>3Wl(z;F`gBl+X5J!DeR<~0QSL|5P{FAk)tha~2hUMKEN1Ef0L{e*!_7Dbz4a-dX zc}Jnws-Py2;-qv>--lntHGha?LY7Mb{$j0k?-{@-e332IR_ia@icZLz|A3)35vyf5j^$aU|xH-`TMk} zH2|?f|7jOIkRh1_8J>*zgP7;esu$PkV?T;Nd46=>7SxULh zio4P>B-T!gB3(rtzkx!MyA&{OvffroZ8b7MCLhf>E?Pz?H{&Ftz@lcAvK4zVh1QHrb(IU!_UG_Cl89?C9aYFe)_WVx@EeK-tKP=R zZ4a>BGqd^iAABWeUmk*Sm-eGf>T;Me#ke{(Qd6@O+l(}`;A3C#H`{4ZRulqT^kol{1 z|BhDnjvEdh$0DAy(%XDvlf4zwC(3yOjHnD6SST&;d5K;eX1LSN&q011QrmBhiucbX zpT&YOHnzx4h=(_$C7mAJ z%W&Xnk!NF-KyKU8E$eq`iW1+CNZ5KWlS_FX{zP2a)^q5ueyoeO7NEBNB^V0?Rv`De zYF;%7Z2NObi5Al|J|^hTFOBGzeb3rDJS|%Vg`%V)F!>HuO=ipI3KME%Y2N5>C7|Au zDvD5$VZ0ODsY3>u9KW0>Mx*AiMJeWJV`(xe$zsUa%W9waH24AbUcMFy>o9-<(x#ll zPnxcmIG!8gpyS3c3GggJ^Cs(ry#a`G!mMvCG;@2%MgbtjkL_bA`;ZgeBT!1*SfV=ZVGw zRO+JP;)CK0I2wKwT{h2q_@LM%jak0KU$Xfa=G&C@##MY|@qJ^nOd3R>Re=3_#*2z> z)F%|>C)+|LJ}DWaK_%Q3T2qzo9Pf?#HK5g$Kz%qhY>YyYITqR}J)gd$_73$69)TSJ zIU1uF1eL-;KGXna1AeA9CIyq|-SVZ{>E@^o%yp_W!S(FpO!tYE{h}&TO_`a`$qI2a zbN3yn_I~h>&UAlFQ3(tH)Ru_S-1 zU~n~^{t@;hcAqG1<`ICVHTQ{HQ%?N;$ttZ(^-F-pd7G!0KD`ky{#Hz%d`y_uskIwW ze215sT#nEEj2Rh@F$+4flI8Dw?0MF(I@etry>$XIz+iS$(q|N!g`X8XlO0=~XiZ#3 z`k=5Y-=z4Y)Cpz0rrz(_g&QF*#s}f#xLP-jKeInI67rfFD5XAa zO**ivI^=!1 zitaW9NrI);M{2fx4<@ra?uM?s@)3&EAd9pvly8}^l|JpjZ>^brofY1Dc~0$*UEq*K zV3px?u@8TrG0W0(+}xwpKD6s0mHB&-y@$^#S>No`vA;;Jy`G(O-1c0GRGOyzBlNj` z3*Wn;DMm#XgRVG-oHM1*-tAv_vHEJHr#~Og&x=Ob4^>GxBD}J6f2Dx^!+SIjQelV? zH5r2BGw2Dd2$$`^&S=HPhm)5%n>qJGG?-!>a+L!LdJc9Ctt>_ z^?c#C+f-Ry&?0!a`)R@Ngrs2U80TR)EW`o5WhjzjPYGc4o@~GSS|5X<7rFa*6D-{` z;kQn>{e8Ry7rsI=f7(nvZ8jHK&6z=VG%oCfb1)utte zoEYO4LcTyG=7ET>Et##Gw1^~!kqBOkMXV?b7Q}7=gPcIXOxM`;X~`;rjvALrpe>F< z@PpRStIYnNtKpNCz&SPx>L81XXKTC+!NW4cSvs}b0y2ndNL^c0tfR&5M1V95OUyceSIbo`q{3~XI`oypE?`#Ta~f@HA-oviw@SYbju1$NM~eYmSidTCyY zh!7FmA`Zv_^v^U3NAAV!QkRTK>yAB(uiT6mVG_Se3L>qZie%yHx8Gg+TonEZGaR7- zGOlqyu62ou19CXgK^JIyQOUEeWwH=r#XfQva9jY$w}euHUyB6a9FL375|~PPJ5JOJ zXh+1G9B+5kT0?~}9&TU`{lDtYIxebj@ArU+APq`)BPiW1Eg&L_w9+{Og2XU1(ka~` zDJ3;DC@BoxJ@kOY07K{9ob#ODbDsO0bMN!teO>x07UQs@DliX*_ei=&W9*cYcg z{X80~$-hacQ15m{|1>NTHxWI?tkjzA4Lb`jLZ=uKgcE)7?R}qQ{7O!co9e1Wk8&u{ z<%X;w`0^7#$X3-EJJYNo^FaayHt9CN@Mk~Bx;ZMWw<>>^JM7+rjpSlacYOY+^uU`p zcZKNCzf#9gASBrPVl0cTT{MtAadiW`-|o1G6zS5tmo+aoF` zT_+}!VuRO_@YUj;`YG_NtFFf~hindw59CjzI(nbXEy{)_H(1cKoR6blpE%Y1awnYN z*U{Pw^SBx>L&`?0DO@`I)%UyZiJoP@1M6-dpEPbB@LFa~v`=!qq#Xs7v2H|R#9J+1 zaX|KwFKYZ>1Ajn@6;u{*& zo9Q4%x}d+HYSb^mha7ZSTArKgcTnr0SiIzeT1en6b0ImJJFbBa8v(llFXo@qZL|np z@Af-i0u%?wCKkgJnB$$#>}0pd zz+Y#^*wyq!vd!9@eajg3xqQdf(#bxtX`O+61j6_(a&dA#F%l{}gZaiPUZaM&Ez@Dw z{+H8;im%YDbCq@MCS|zZnt$$`MLtUYJ}(3dpKH;vU{vD4H}o#$hx=QjDA5|H8t}I% zDbstnW@`6>#Ja6Z526U69a@%`C+9WbR+Ski+0^P}C2Ah&97qUNDY+!RJm4y_``R8; z%2Kq}(Y*ka^Mx!dQb&*JtBZbaW%5~|T?|%X^KR+Rn%vRX8b*>_EBi#V(UV`oK%t`n zd$923g7@X_*v$G(cTScxGO)A`6@{8Vm4yuyMLiZh*lA?G2nywF{{4&US&4-jp*Xz< zCi|eV=Wc@iir7rMWxWBN#Y;{B|F9zuHvbom!7?o<(RbajBs0JZ#p#UJATi2c{u`}) zaWZjPfSm*=#Fs;}Bm(tfNRhN|Q!n0Q$~3#+(Ocz>g3K` z*_9+K2Frx`CB^$_3y{H3mE|8%%-{_bx$&(o_IN);3c1hpD^s1;stU?QH%B0t=XXlp z<}>F|t)1KG&d9s+)MvqIS6d{-Ld?P5DAp!r%5L%IPs3DdgXQ7Ld*r8dAIsLLI*ViV z>yzUUr|lW#Z#EueQU{%+PR@JRM?|KP8*@9Z;r(LHx;`q(N0l%-FDb}PLUJd-ZCfiD!SCEg?yr}H}?@cm(`%F_g4O!+ldG00zvL~3`_>y-9 z(m6`IZt}~F^fr^*%5q1I-sR#N;264HTwh7V1>l(M)QhtY1HOcQiNs4rS*OlSIYgCl zGPgS$MvQhLiVr&_gyDifX!rvS7!@N=5UQoAtGp0;7U+s69?2`n-hSVceod^MsA`dj zneH~>ED#|MuXiDk6Knz2+U#(ewe30c-vRtgz5po=UK}61x;%Xrq_ne@mE#TPM$lqa z@?92a1j9o()VVbmYsmNMj5(5#^VuOc6z8=N^hnbr$`jb>rvr zetE)o-P(f!RAv3x0cs9*&q+NClgczTcXhGl)d48l@^C#+(l8n>;6pBkRPf_OWis^z zQ4&}R;D+~lDF)Et`{0 zh)VlS>|g319=1R5jvJ(URZLx4nfQ6ZM&Yxnva8AMynx__<%9tl?H4=7r{B#C(mTef z@lv|@+J7ng$kkh6Iqan=MXI0+?<9%2msB2^7&jCEq0RHnah^|EBKqC@(133^+{=T_ z*U;_AYob5tR*YB(NyeAzug)t*wrSbP@UVbYTm1^ur z1>!O>tk}OOEc^Ngo5-2Ye@j`s7Z_j0V>UY`Td8hFBqUUh6qD=mN9asC2P2-udh=$6 zPDF6L)a!7X5#Cyyfj0NsNS*2nOsVTxoXBfUT&k-l{hGR6OCu917;^)RgM+56n#6`( zjXsY!0-UrjcOWP_k9DLUHp^o9MVsmYqPcp2B8X?vBSSMOvu$<8&5VUK5!rOIv=4L8 zj4XnVLlPKS$TOJnZuNr4&N>Y;ai@HI-244MDo*?iF!Hy_!4XRI?=(?py!f@)@W1E?A)MLc-`|?YtPx>DXsK}jyj~Gp33u5GN?_om<`jYyvu}xkCGDOV5?Ip8n@8R|Y1%0k zGwqv>Rs`ilEaEJ|?1|s$Dv4g`Cr)I?)kebW;K7=6v{58&ZMhb8ISSLl6+7MyGCEMX z#1x%9Q9Ehml8Z%4?6xl5~5lna^S6zFLQn_|6K(6hDTu5AFe#&(PXKi^3zomyG6I- zu>IVgV6z#ep}%K>$w6Tc;jr`BnKv6q4%Pe};Mq?o^EH9z_+jMaB*V)JRWPC&k6j3Z z|B#nW&*P|*{|=JI+pqOhz{IfD<=7A@xG4}pM(k)iVX?K{qEBgChU(edCTPoepXm*~ zqr}vvvD*GPws@Ha43En%is!{T!afcjA1w?8*cxlEFFj`y6NHWtF^w!h$yITo`^}0% ziKS#uqncyJH8XgH*{ z>!EhVwOtnETO8W@ZuFDmgLm?a5r%e-$shIe=(~18rwSK&3O~-h6_j%MHPf+7{q(W7 z#}ux~RcBZc^srn2)Fl@N(&HRECu}8AcQo~EUQdZKxqLbE@!av~^H68ibs>NMQ2)Jx za8){RCG+#XAXq=S<+*JNsH7NJzS-g6QS#@-opqiFn|6k9$S#W@3H9Jt&E#okolyBw zxlYl=Jq*Vpq;{E^rO8;N#TS72LQQBZ9OFSTU5?YG*ba;7~EdIH6^wd0z_72Y^A_haJcK}i|0E) zM<;dE)!aRF{5;r8C1UTBF*SJ#qoEAJheUtO!p*TB2%|9&QZ8HX7*}>YxZJmaXufW1 zetSoe^5kaj{LK&Fo+xB5b6ZMsqPxDK9J`~o_uAW6xd>*C7;FQP85OYdvaATZ_!Nfx z))`;b47AAXi&@2b4Qt!q7-`DJig?R}kbY6ZEoZZB>}5j@->(SWLs&z1OLe{0o=!nk zVJ#+}w~xZTA0g7*$~CerCQ%?NGL6z$*WU&iU9J}Ik!yP6050Nj@Z06tHF4QM#cy0A za@Idt$Au#MfvHDd(~#=+l#`T)Rjq@{Q`B^5qZ5#5>16aOZPwG?a}MNUYkq##-F#h8 z>c}b3_ew|XkKRTF`5z`E%^<9Y&@(ovVDotJSdLKly{2=Eb6Fa1bmMSmw(!85gA~lm zYpsGSOS#r6T+<4rm}QsPnqu?qGtEn%p%HpBV~=L*(zjC)yJ@d31HLu!~Djw@6kMZG=%w!s0eh=q>W1%Y7vL!+I)A~%eVq>4wbs28Fb>C|P_J1bnP z??{0_xnk}exrFeYv@~bBKCv5Kayj$pc%+Xv7w2A733qxwd5Xu?gbzzET`{(LRYVaN zMaPEv)za#ZGf7%vOpziy+(5MTE!A5*dhaWnWV1xdb{O(jqJZ&wF<}`p*nFBF#le|S z#GY5N36$F3!Ksw_0k(;(2+4k|=GDh*&yShILy)e}r zeh1d-ozI>?qd=74L@(ZGq(-4o*LQDSVW=8^^iw&~s7a>dBLm_gR?^ zY?}0y&no&MJ|pPeeHn{BTs~HzuKp?fFK>LePoks(a9!G_dfCKeYaz8NknphBv zbaAlhY2La=>M`DtXJHwq8pYO_wJ~NYD*%|#^Ixcw%AoeLsw=vcO5bcy7*sRO_i zf{J1?z{JM!w*ivHc>K;CNVGJN-t{NFa;+U(v}z;w&FtYe#O2{oU!je8CL^t=a5bQX z?6GW82ef2c$-))r0YUYpzlCc17O_vCec`f^8`;hn?qrkxh2924$po{bzvzqXDer?v@Mnxjd^FlgCKp9u2l7ROkl@8 z&ce=ak=!GqN~@OR$!aFIl$9FGQZS|k_88Ipu*%0NP89D4NwAM}llgcg?v<3L=5?ky(P+jn5`ug+wsn+hy%GeBKWEFZe@V6wDS4Xg+ zPV}Pf`r&+Ey=BqqmXkWmqujue=}2s(?>&Mdors{xb5xw$VDEGVHSY&m`O81$kym_= zXRMf~)MFvrssRDfs0iM)ixD{Tc+IR`kwP$4S?ZE2HBlUPN2#fvfu`=grVM(3{_r_b z(CYc*@VVJJQQn6Vyi{gh!IxU{cq_pjGl!*>LLy!#Wj?GJk7V$M&%$Ev%k^Hr$8W2? zqYS24B|o!oS@B<{Tp*Q5}J;r5>Vg;*chqT{pp9s zz11*W&oP{|-Z9<%k8dLtHI;hR!(WMdxB7&JjeV4#%pcP5xrnrG(wUD)@5=uaU)V_a?PG?>ANfSg5dgrg_&K1`gm$Fgq3jdX!1~)r59sBB znpFUo3P`Y)PkYkk)8L~o=8Q^KMbVsXt`I6SUfNCm4){?7Dbn(@#8EHh%kWB=iJL{N zd!k*M9bTTm#!%QCkZ4M(5Mdytp6CSuA80P(mhm)cYR))4M48~Z(R<5y87g{@X{Qr4 z(+Divfv(KK_M{^@`esxXx`1+Ll|Ir4Tad!Eiz@6cvAJ}gjrGj5q`{n}#BnH>UU;wCIzE>=XohBoRSDKbtf4X?!N7Hes2ynO;+{ z3=nt}2&7X|lyioM;;dHnss6UDw%y{^aMKVY1Y)^(cl`2s)+uRIf|3Vbfpk7Hg|Iu~ z;Afv5K@5?xdN3e{>g-+)AQ0yWd&SX{pJYtcMeHrJb$F2WX%{e?a(et(+Mh9y%n)%D zrO^L8y3&=`hdaKuX`tM#oUpt2bOnn`t)$${=lZO%^8{8id%Q6wBoY0gHyqPRy|l8M z>PuBwT@K0ZwEKF4M1`Jh`XX$Oi_ZWFk30&E1}S=#Fkzf-8`DO$Uy_;jB; zrwtD0zN<<5!Duw7nQi-eIhGPx1+K(bfkM;z3LcE)4`u{YnWYu0+}M z7yS~;g$6w2bQx!-^%7BLDd$#oMs`4zRE(T2n4armL3ejffccWnXsu1)8dCfGvBtZn zgp>Iap=WL^bBRc!%+JlM7f4!ztjxp&E4`lNXYVQ7TCl%du}E_U*fx0VXS^wC{Q=IO zm*Ns3-hA;>B1jijSJlaGBzAm6a$A=1Hn9|%S?Z$ChG7A?b7*08O>W2q*Xz?-ZSOix z%#v`OwyMj1R&utg13Ej=7e^CGATr_O7HK-=)SpX}F*#A*Kog$O;sZ|-W3S%A7a?Xd@A+_jQo!zBpPK3AvQBa?|i0mm1V7BMu{yK)9H4_u-nPKht@6dP7OFyE7oQ5Qz(m$ zDv*C#blX0DPim9e%L$F_^Ah`gM*+47Js^i*MoHO3D*+g?nm&rl9l|s&a(d1bpSRa( z`-LJRlg@M@t zK{ETsjQtM|M*QV_cOJ;$OpGH+z@dk!R3^{NJ)@Q@monlvdxcIAlJaup!NI9cLY0my z50L99dXBby4_=}Wy-r&^>n4E=#B1|AcYr^cIo*6hztth`YW_InlvaTB*&*KAWuTiz z+v4a<{OO3x5$WW)@O`Gd!-a`bp}0aXiBAN?3KtH{@5^n|A&okNY1m(!vwyRfu`K8= zx<(5^YoR25hd9Y*A?YbewdClt@gWdyQa@KFV1|=1s5DhIOfaru@M1>jQC@SI-hn4DWH`}%|GmxJ=nn*dv0*7JD)>u1yl=zVBl&CU39 zlA@~c9lREe0XfY)9MX2(R#7xa{X2t20&SibOX+!@ro56cKvJFgC?Q9Bbb~p3Y1}l8 zJ0Malvug6vLNF09w0+_4PVcw_kU*yG1c8SK z8F8;$U_??j@_FW4#q?wT6j5`5%pr+qFn+3-7I#jr$oD}i-Fx`uB|z|@zak1X&N;yp z;!d3Hw&>bh)O$bDu!7CSw=C4WD(sigYDTM`%^xGn4mL)jK+r7Um)kghA&@cozGBPD zQ2c2d%pGdJK4%02B0oFVp;g9!$yY-}v76KHy!%pRjh623x{R9ynVqKQ%_p@gp0URO~xLx~(?g6(GHDW6h_vx#x_B z!d%)EWA+WD>fViazAjPCy8u5nKiXB)s_we`Ibi&>sQJF0ac-t@Ygzqk%wl%m~N?s|^<^igmCBg88u$n2376aB%B zd~1r=lD$aJ1A+@cOCzDQ{zSpT}VCbya(@^_RQHm}WS-t=mE4%r7EK%9Ml4nCYCe{Jcs zNC@gAl1k^I>c$R-0D)6X>egIX5GC%19$vYlAb;APeuwHi>K%cdMO#`5cv(T{v7{+( z6Z=vOd+7(UQb&sRs4D<%3};iE2eiarJ<@D~n$~~CE6HxNhM+Q3?h9@@Jv)beO1<3O z&R|~&nxVfv>v4~2cu7pi*a_(Ho$WvG#WOzbcPz*RX5}NH{T{&rS`MP8h%BF0R#!&V=gmuN&@G z_R#er-(UZE$43}syL5qAT%(8*|5M}$xR0`K*$yO6M}QwOe~La{tOJ>R>LgZH2o{Ud z>NFDMXD(ejUt>0ON0fjx<@Ys27UHj*vQinFQQO~fjHnun?@Ub;`U5_MdWL6aOQsdk z6Vp3AE9wccd{c04Tryv6m}XcwzkSsT$S84F_MP??^^ zFpbklsE7CrW~_r<=ixPvm%C_snh01!Gxwju5iQTjxSX7{HJob6sli9KC>tj zK``W94M=?9mUFIssM$XTt(3$(g^_M@p5%pNJ%BFvD~sNzUe;B~V{T-FO)NI@2=c&! z@)8Pt&`Mg3dDN`gapVcVG(H=N_Kr``D6|+@Q=JP`OkAbreVPvBE?SQ|INfF&{(}JfP2Kjx4rCH^Z9QS9`6rYW%&lBU!THd#Dkq~hO2RxUr+}9^v?k~zUW9m zc>;oSRsy3FxdzJij-Ue-WYVEWVR9L}I2!D(G^0MGc)%bvSNjBAf=9d(w6&n4lShAe z6#K#USl#j(FccvV_y2+E_k4D9rn@%fvljuqwB%{4L%b*WR@4A699yZU;PWGI=5x8< zQrE{HRGs^a$cp3nJ(?h!Z#mWaEDymejL%JUIU;^DUgZx23T>^Qq?trpcPe6jeVcff z-6xKl7FI04)+l{P*Zw3>2b-M;(;irjtBxlE)L!ZRB;ig7Hc>SY-8A8Iz~s_3rqi3# zF;HshCo*80l^b`yTf<+>It0h$=~q1e6IRNoNC$u>4dqhWvZkkE809hW`#p4!$1hw; z@945xMS<06bXTq9K8xOcx`P6fOb3n{D9KZ$7R9su8npJpN{^uTtFue`h0k72B`8d) zOjQp^8`#68gg^yRmwRq))L8-ZbNjV94q-HETosgq=f57%(_{#yD=VldG<;{X%wL$$O-i;E=paFpK)o2tev(X zr~)vEmDzNHYJL&<3Q}pAqt?l>shzch@U%JB>ZbTujKR{_1(FjKR`40 z&eH-9LsFUIhJ1we80R_mV#5|1U;U`J|NbN5AE9l%7_mwz@L>EYx6DRnnHb; zbs$12cF5Wx2Nb+oAY}>Ym{o(u^U;`}fLI{W41G%t3d*#BB9PUCs4(nw2+AIKn?_zL z=?=MJFj45DN?F2a+R3RGdz7 z##mykYSV_CCYZ@{xEeEmAkbVT6kC9R@TT;U-Q9m2*@u8w2#Ni>$blmH1=afM?i3E_14&;L=El zMUZ?vR#B-}RfHYJuNRB;ZlZ|Ls;`S8ZCk2}s}$$v>qrk~vh1lU%^pdh>LVJBVF)4( z<;jYM6I5cX;7l?<%!N$g73QvQ-PeOgtadUcwX*3Awa9#0``y2jw!SBzC@4!=f5Q=- zFi;>}mUTKGW{ebV1#oNhEG=6QZ?>xTWy{M!7`YW)WR!v!18CMd=D1@yZwi&xOzgQ_ zqwH&PSz`l+Ukw@{P=&^|pS0YV7x`Dy@5&`B3DlFQPXvE|T6iZwl}ISI7Bjt>J{SNu zjMKyaS=*;6FYL4SOQ5}zBmRqcm}d&VC1ne7v6Yt#RTdz^yehfQZ@7dcJFJ0?fCZ^p zfP|FFjN7bkx7aGMhNG7+ki7fT%LCzudy~k?GZ!()X zC=-KhCY|zN8sg<*f2cNE4$|Dva#+Q!xAGF>q9Jjz@Zx0{9ZrgrO zuie4bXvQJ6pZUW9^kON>#LIqW1=UZ5^$sdh9l~*9pbd;Z2!`aGyK-mIHc<-dTHPxu znQj>i?nD6}sGVgoZ5KX|hT=1&&w8SndgsCpo7?Wxb52?!q!v$~eqW}hkc(>ZB<_7E zCkP*GyIeq;3d#o}$!Z0>e($86(9Ver2{OTGU54fOa>GJ3iDJli=f~AEA@@E41%8#u zA*P}gke>E?2RJkkh4iC?&ANX{LiuPrylSeQ+;7`jBwS-x!dB6w z-CmIRKa|4|=6tSh5%(b{;pPF~2Tn}b2dc3rEEXi;OMcVezucg!k^|l+s5Qg7x zu}q!PW75e9s^PJ*C|w6P2TM0A2Wi4?)JHeVMTn)V>&5``da)~<9A+%BHR5w|v{g0L zTlD!Q;gR4g^N?ssUDY4mqH6q3EK95{(Q(I&+7pg^gU32Bps&V%_mh-=&2kNS(Y;bO zic0da9+9z8QKecCJVY?QrDJn=EICr~N6eC6Pzmf+NDkun?QE;s6wzF0%b#-MuV4{n zj`UWg%<9hfM(4SnOb}B=_Q}~?FlgKs-naQ5oi7JvL!UgUNoWJ(M~rQ%eFyTNvN}7)ErIqxp(h5 z8zL3b#wKf(%pYlHnGD7UYeFS@z~!8uu9J}on26n@(N4axK&>jp^$RIhKQo*d$~RxT zkcaEA^*NGKQ4ZK__WH4>RL}EchAQ}W+>ODY24&bs!}XGq@Gc%7$*1JNgx;*niXL>` zaJ#kfZ6$ayzUm4^zCILrdsSPde|0wZZRHPAjr!Jb$HT$xVBkPAtRmXW5VC(G;n1ve zedxxc-B$=-;P$z$BBzP-O&nOie1FSL_EGBDEu`cfeCWZr8|uoNeVEP927*}gmXRZ| zK}{Qe;z{56D#m^)LAWt1si&w-vY){)F~CaePXdYkx|H~2$!xf}flU1*%CM#=PBI;#KVDqj15iV z7k7h*8k$90j>}i6^}YnI3dB(JL?dZ`76B&p992~dPO55#vqP2%x=4~%lHNep1-#zr z+s>mnyBb^1Pf}T>!8Shny1E?ONgviC9$zQTgk#PF&snPX9-?D> z!_AX&P39jw$u*gTA9|M(Kf@7qaItZi)4@2tZ+V=qRcB<{^B{X|SY>tRczY_m z$qkvP{DSJ~r?{-N^D;W!4NFNmhAsTp_+l|iUj<3*?HP)E&T4&dRNJz!V&d_b1+3kp zP8?#XNEl>&(apzj=ofcdr`4a&If&1cs+Y#$rmBBE3?j)OL5KJJoS z#pG;~aDUD2#4KX}Al?BPe2oaK1NjW5;Ye%lEBf1@c%7!5!Qyr-!z}Roy=Wq~XdXe0 z#Z`yhg1R(KIDS^~I~A@>aC?M*j_D zl`l#u>9iHZ&fEC2G*jRYRLzA6Enl2wZ=vZOR_+@qFu%eOfU1RIB?x|eAkZ>8#t_T7 zx+Lv=^_|=Z+|9Cn39#}?x_0ZcDEXOMQu*H~P?_+vVzc{6OqCmP)rnMONO`*UfST}` z{-ec+tfOVYjXXR&NrY!#Ic;C{)_PW%uKTTsR`ai$*i%#4Im^U72nL>~gf>6~7#e(2 z`4%&Xl*pGqJah`Jor zIp+O{a?BN%YtbLqf8B}$x$gV-J{f*2Dfigl-WY6KNN?S5W5HJX&x`r%s$_j-sqc$Z z`;K;J@a>9Q?DWV76C{k)Y@7b)(J*J9#4yB6OiVES;=p-6Q)@Rh{XO+Fi@XV2ie`7W z{ja}H`%fE!3=C-b=nCQg)U??K7&utHj-tI($qe!4xc2-+tbXizt{9r;Qd^Ui7IrxQ z?KxogfA>X;*IRJ@qw$YMl=b~NexHQqaHT7ppMn*gV?t0y=6(ObK*Ct|3$|od?Zkwi zakgI%%wy80{>AZ#tmA+K3h&~7{->7sz;+)Ps1d9wkN#C(z;@C4&>Bt+O8Zxb`=`76 z+Xbcq9ep%CpOyH3|HpstW8$1Z1I0BhD3Si(_x=Cvu*se?z!b5rs_M0sE9$Rz?SFr~ zfBi*W?*qKmtJap`-ixQw0{?>+!N!(#!u#vv|A&on5+dK%;Y0oZ)HVO@-WacF?)^{p ztHs339$yg<_?PdF|N5kT(H`~u?ThB$p7if0lzobh&QW{Tul}F?{NH|z0j-PgpN8+h z-S3r}EZYCe=4@hD1QI?d)v`YDe{Gb1eZ^o5&(pn(kd9k&Jtj#3_mVegz>lipONH|1 HAN>Cp?{J^W literal 0 HcmV?d00001 diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode.png b/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode.png new file mode 100644 index 0000000000000000000000000000000000000000..b2ecaaf80507248cf719205d53ce1bf8609f66ce GIT binary patch literal 101623 zcmeFZcT^Nxw>^p;Pyt14l0*T?QF0Cu>PS+f<&*d2_9YZiPM(X+@0|d;k8PRCM0^&y>p1kfYMluha918|V%FLm!R> zhQH5^$DQq@C1yACuEqA2nLWQJf^z%OI}}thlv{uM(N~m4srtL5iOApn?_a+oiIVZ* z?yY}3*{ypfK`5f~pT4m(-gv?PIHgG5BEdh5>d%9;DBdZ>Q0?Ex{Oc(GW|)tx-rl+C z_Wt!%kx%!?#!S!!+C~5QY25NBO#3%iBa5WEeUDS?_VCw#daTHkWPC9HH&^@L$Mu)# z^#AF{6+8T+_P);hdly&dduCS`r)E>-re>o#@>J`6wK(^1NPWvq`;#`u3zI)QAWEWF zE5Mom7K(b)Of!iSNhG$`O1k0ORe29`yiNS%N#a?%^=rn%6+%OUa=(m?pW=h$!&o6FK_;@9}^*DzqN8Y@*e*Ez5SoRVtfRF=9cdl zqQ40Ue;r^X-7Wtlxgh1If4#`xtX!N&;JDkjrMds+|Na_6$yC7VPlRL%{hI(sO9qZZ zLyflk>tOyS28-mNKC)t?lJNRB_n{;Lj>EV|IrrDW{7rcAl|zpmu6&`K*W!KY&TchE zi|D0EPe^1pPcra6?PS#a`c1xAA(b!3ZmvGZVYzEHFDsmlgwOf8j%}6N56i-ITn6=y z@hPWa!9h}w?Z+BvMX!IakE{kh_5N7+qezRr;&|SpJ1!7Yy+qgY!+nA!ec{XBFNXEuoia}kW6)?_>I@k?oG`H0_dMwI zU&F@TtsGTYT?~B6MU(3MDswbI{pfTpea(_FNNc$(%qjEdu<-SEM-@23RHg0A&+YPl z<|r?Pgy*etseI!D$=t&iM>F;%CDSh3lOr}Qmq$@Mkkk_pH3kz{jYHG=g|9D0r5??= zOy~_729lUjo=}x%%f=^VybL6)(yO*fEG$3YZAf0I+Se}LL2MS5 zCLJ&M2xllc|I{*1JLeq^`XInWkarC_f`1wu{3+Fk*7|pDS$ui@?{MCBHtK1}L z15CFPrww8Ytn#S}bAHA00<}VF+nnPu5ao4ApxIPx2fGuc2AL|W-A{d-S;l$SQk+7? zM!sHx88fuZq>I;3+DxUp;chG#vr_jgqD~cWij{noqu%n%%$qn-AL!p@?-I`&Pl#>Z_TGX_4FE@VH}y?b?D7tE33)&SZC48iTIW{T?$J{9c5M4 z6NKpQkaWtPN{f*;sLIKQbnmnLnK;ebL9Uqunsm<}f_@nNG^NpB=}^h%{I@|Wj>9h6PEOi9=N@cxyf0y{pyD1PhW?f_>W1mynlS3s1FMp4&_A!)l!204s zwqB8+EAa1Be%8(Wp2F*tB1P#SH&N{Iqfn#tv%)z|o-HXmu#Nb`Y~tHaW7e$q=J{%lWO2ak&tes33~Q_Cmu z*b@dlf$*8QdIg}X^so!=opK&hv3#M8`5H$XA6;5{!4DZQsjm)UX`T$=opIt5BYrYFotT`r(PfGAM?h z!0dzApk}leszs-0XOoUWEEv*peX%-XUNq%jxqXFw=3FLD=lpd7=G`~4<5S{;s;@ZVG6_An@tZvO&dl9XfFx4y!(wpjj|U(Xa=Q$(qP0l$vZAjv9H7v24es=q)J~ zYge_&&o+z7rkWx)PTpvj;o_XhLbZd-J6F@tht=k3=KHe@+ds6@q4PjiG6ygr5KV|f zh^<>2I?avOiJl%Va1FL{wB>9RQ% zR6wdx;*ldD3(DZPMa*=()|o93%W^PQ0L)9Z7gu4bB@7o$c_rYpOW95ibhamHg%Qx1B%Z zX}*IXPE5yTaqE0s!yrs{diVUGcjeMSd4Zn1LBKqgNCNZnq0q_aDq;Qa;bAkHAU;b4IoNYjdg+M{aA(H#HFb5;b~hh4w5<;2zOr_(p$PpWv4sH41~ z!R1AJKe&+?EcU>qQpy`F8ouG%2CFqOG>Tl>vtfE;6QVv8_P7Dr?f?obZJu9Ia-5)f zg9G4WK~;HZI?w?zSnIx5kMT==_J_h3Us*7!WxngDY!7lTa0r=)rPnydZ-aPu^?Xr% z{uRa!Y;di{a<;aNrEgT7^dVdSesN?8UM=K@a`&mSc}qx58MEHyb$ z&N1liUcJ2mV0GIjBy=U<5v&zEPUj`&Vi+N3@RmyNdV|{@sRpy+XJp(2tRY0# zah8%BSo82eOM6@+S<$ezbZHUz@L3}ikzzq+D89#n&f7asBdadCcH!|#pAO1;y)9W4 ze}ZG$=c1zY$tERljdgsoc{q%SJEx!zdQ%QW0+S!2VY`y55QOut8c&c1-(jI@{u18# z`OyxM#w9=$p*U8VZE1AM?i8bKj@~5Pp$pRC7uaJBXb)w|Sw9^|??E zV+S!}IM75Sh~?}Xm63N*&eEc$`O^ou$9Vl7kyQ8+B^lL0>kx_JGGkkl{kt-lL}OW6 zAc@oZQ`FtW;Zk<@-xeBGUgt;Bf*%?KL)-ePum#2wQK|QQpY0{c$?w1%C_=1!x=Gx` z;DgSMd1pq)$T(ts%@H;^es|z%S##FosTy2>~v*ENI0WlDpR|~()_7Sa>b(1>jvqC6w zJ~76v`LEL65~qkl4MPkIF9fj3@=h+`{+>NEmm5wld6}cjT|TP7KNz>s>;vGpS?hbW zq4UnvfnQI9Slu7ejwSjNhVgq}yq)kv%{R$;WM`CBrlQ3YoBr0s3gXuYaQ)!kr;o)Q zVo=szndz#yk3=2fH$3!8uSDZ8HG)lGrd&F(=69{E} z&x+w9;-2)|WMQA?{s~CGfeTd;ZAyYa;oejRT$OrJG>v1L-Xy6lG#eu;JK%Ui-(zqf zfwdj#qwCm9MXjP31d{dy`b&3-SSKm!14*a&{gt|HP(<#g_&*Au>mSpuv{+oFjR*%g zkWjFlEr=`MkvzZn?Pm5P`(A->7lLXZOV19s%=zTmUAHwSB<4AwmgxuY0w&2W2;%zK z^B?7QD&3T^L>^OoJ6a-@t9HA+HCwx{|s867{$T(*AJU9dqUlQ=AmV!3P$T=9 z8wN}W_3Z)BE@|qD?GE8)8CutFqKk-T9B=fzoGcd0MIx6aP*3r)D%}M*T*PL));Rrc zugA3*EId)jtNwsD3DnRnA|}CG&oh64AwKX=QeB*+sHZLOgmh7E_Qn<#fLt!_S|WEN zAnYOarC=GOZH)B}@}AIh!zH8&q7Gu@!VhaC1HkL&N^vCpa1dTi)mtK5E~e_?=r@e4 zZGr3_pl%Ms*SM(amF;9XtFf8-fzMxx&GHS95ZwXQ2pX!i`vhzqQqLm;1Ql0@Qn%8G zs?aeX)Z4Q(pJZZpuAosE+7%X8!}TQWa6b&Jz1^5=s8N3VRZcGLg?-cEC+ke}fe?23 z@67@hD|*=}Ol-q6TrFYziL1g8MH9HTGA(-$8l?4AVqvmKi*KC_|Gg|l2MEgBZSCWE%IyJsF_C03&)3jMe5U%25f_MIBIpvW zMkL-5Zn*5_TNWJF2Z2Mc?C^qay8~W?m50XR+ZxNOnXQtBp@%Wn48t)oib7Ly0fLgM zZvYrwDcE{Q`DXS_`-7|JlQN$pd9n`_1P{mj(|7=Obyyk!CB79QhsEozP=aO0U;d?Z z>(2*Cpcy-Wwop)2#y(J-z~bM2-mS3M@VjU$d*7t*CAPPs%$K_L%n*unC^TFTz}%>I z`jj~W^Ay9r_=qc>`qd%1r7K)F8XEw{UZM~=; z^21#%|5YawZK-A%g(Bt`jJoVjwE&$EPFUm!uU4j#1wE)S8@Qre!EH&TjiLwr0r&rI zR4#VkM}Arcety5#SvuimyBeq7V ztLt?*&ip$;RHnC~J-N}AvSS+n|K=WBohmCBDuy7DzV0YG)X&5UYKcwyl6*KvK6zEZ zyD?t&r11#A)z?{`91t;QuceVf4VGu*lq3kzz=s5DGg5D&k3-}<+gG>FY)?|oRPG7G zt_k>@^BNQ}0&?PO07uL>!aDlsO+6R%(GEa#%)(0Bm+IF+t1I2|)rZ8<;|FOkdN(Qg z<8AC9<|}ny)|7`|*B`S?y-o4ENzRgC_GNQzb#!9P;wW+09Luk3Q#hse*e(mimb`En zI|5`Nmn4acYTGD0EsFa+H|&ve=AjrVgZB2`LQBiWSbj`t+8c&Fe5M~XY)~#rOgB#R zA>#N3%IcjF$)`JFcMM}h9vv|%=?!XyY%5D|;KJ#wGW0`!V%(*A=x356z%oDjOjq$# zN+O(?fO&f9Jl*FC+T5iyL;(GvTBy$S+E{T{&kr~?(?w3FCJ7m?hiLFlLnlM@&=k}hq5UB-!qhKCvx9FIb+0#NRV>wOjpU$ zrZn!iVKNhV6a)>Y3k#RaY_q`QlBuJlvaoPO>Eoob+=aRWkJve(k9&+I7l+!oEWVS` zs9SoMfjWkc&MQ_b3(;o~)zf%_L&X>{L%IBaPCngz5;sB93c zOi0wjC(pl8VyioEU{lMzNqZjje7pI4*P(N3qBMd5ftJi=3vY`GlZVu=5I z)Ilcze`}_uRMv`AsLu1$akSJx_}R$%gn`e4^ge`lseaQByJV?1!L~)S+{&(F%95S1 z4rM(k!yI%im0C@+D$koP@W0;0--Nu+77$uvL0Lz(#H6+$J*Pp=L=I`~V^A`20J2oI zjW0LFF&JAPl2#eeXZuV!$EY*d3@JLC@3lk}5NcelrTgT>ef0tpJV(7)n>x`goNsTk zEQ^54Mst>@3=PA9x-`i|^wrkSV!eA+oYp^|zz(I=xo3R>u}B7bqMo&j>v$R%5hE2W z0pFJo1uK8?XG`8#XY@So>B*9)Xjuwo2u1aM{}t5s4reY%ou zshjL98cyOi>)^1Hi9zXV`bv0q7z8TYG(dR2d3^qFE~J9IP`v`QfcCEZ@$MYLc?#Z> z$Yq;kIbNXFcch``qV}pZS&Ss_n*8O51WSZ5;WPM`7*P$*VP(MI$$lr|cDz#`d% z_kS7hQLjhpG=PSFg+T;~M514b&?knjGq&6+8KMC_b_}3i}E_$o??gV zj-f*#P2gK*Ak*alSweYSx2{$m=q^b3nghxxGfdIuixYz{Ym_M45=uM<*UrO#IYF6uUB(e z{~XZM$d-u<-d>?mOtbmKsP)QZt-FIvi5PthfTv18g7GM%^1i&O1|)#cKF^?TcgWWl z{ZoJ*nlVR8&nv;T_wSj+ziYIduCz2RUnGy8V=#BV;VxqpfL@u6XvSYxlPyXFm5vq= zn_hgSQ>t`U556b$IZER-AO{~?%8Yoey}BV9zf)>w|Hn8DVneyuXPZx5rkXbl<3DRV zrA>6QvDh<76qJ9S#wH;^2CnX5XTBjf{wrK&r-8%reSneY{|Lx`7f3~_kv5SKf#rXW z^8Y)y|MB+z_sRW_nf3p#ITy>KfSRM2Zr6OeO2qDQWP{ZAlVn+%#%!v_)jKyJ)swm! zMVf~5KG$9o*FaaY1n@j2x9r2ir*_CfdAcy&W*Wr#xyvh1+7D)mhsc2tCLcj6h~Xlm zlB>W85^E?@{g4N61jEHfcoN9$HeC@7K9LsEfBV%JGSsOU(68Us5NZsLR#qT}`5=@h+i#Ilg;eTw^LzS*~Tw_do_H=|=y zqjm?BEki9BgQ!4pN*8MA#|rX>8PGCuh^^N^rOKuwBi3*_2<{&iAiTwjBpVC%kSaPrU?*dTXiYIc=`*ozZQF*Za0blEYgaR{bD)aSjUg$F^coM zLbIB2YWZ%E(%@@@6za+Qc6CAr_=2$N9(DeqV9b2q@m8v_X)x>l?@InRO7u(|`D zJvaC48$aRu)o7QD`T#NJyvmkQKota>x}U?O?|;3!|Bg0&nO=U@yvHfT9SAoy(Gi(s ztI4qVeFh8;wLxP=TB976KPU@h&H!gWcLM*?`$;Mby(a{g5lGsH5%N`O6!;!Q6JG+# zdr+QxPL4ar-cG|qeb_x{_0gl+r1Hgnc7irZYU^jbm zFdxn3ysk9S1fKyoh{ zqj0I`GyZ|)Af%r_NcosP#@q>TzpaeGi-o_9A3!pv(zJJY^>ElpcCa{ac7e&o>-UWg z%UJ!}P>5CY1zdKt*~&nX0bwj)*68tgt-7g9;udGY4os%Px1UFTdhvcz^c zt;XJDwBzX0|6GwKZ~X-jkXtV0qjk+vZNMfJlmr}j>@`hr*v(G%ASAr{*~Jcrc$V*1 z0L-s@*nSs?enran*asPAcY$xFpQ@-4tYf=vz!lsXROH+E@>&7uD^My)1ug)hfQTP1 z7R;MqD)pHGe-C@jynEqPt%GsN+2S91Tj(??zgE8x^8jX{VY&FLJ$MF~8uHfHprE?H zI#r_AP+R76zQeuTq-lg0mEu5p4dlQvbC>W5@}J1M1p$#cl6GdkmZGDX`1gJckdvgc@XK>7u|x^ z^2uB-$69s9jZmx&p=3e#-*3DCHE`ODSpf_IsLRro{lB&D^U0JUfRE_zvcI6aX9dvR z5}$?hw4vub*g4lHl?3jrxDgMEqdMS0!uM1XGt9JW zlb)o_K{MJJlxqX*!*bI@7&5#qS7(KV3pMr&UtAWvj^{r6H1wnzcP4&0wACyn-qM3q z9`FO>jF*i1^|8-&eAcPQIS2vo%kDfR-42;M0!9a{p{ef3 zU$xdn2%YtCJLoXk1#0CN`?DnH(nyBiJD?HsM;kf4FoqYKnb78sOsNcWdhAWB`oXupJ7^X)ec=p3l30Shd08`Gw-9TVtnZ zj6W6zS8oJDNQqpX8lbRO0L|5h!C-eCM3eR$-@vnMWi{iGU<6_++-Bm#uvauT(Av< zewW2;XZ^(#kpFJslgiaOkE!QujhytwFBSul!olg40tqa0B&A5ou%zY6-C%AK%?tQ# z&J#eg8;$b<>%Anc^bJ^XXhj`6zyNoYI{=)ShTCmGIbfOs&t)~-4}+Dz9{(qQdz=+B zP-qn1C>j+Irl(677UOgcB_C$KX<*W+<^UCXE(@2sjU)Mnb4#pKm;0?cYc;fk^4o!h zg3TA`_m`VqKx#USvN)Xldb>8tN?X{Jrw%=POO z8fIup_@wf8e;Nz)Hyz9ygcRYcNmbt%da!(tk3<_w8bi=y1PLbt^Le7*yPyW%@n z_2}@2H)0iECNVPiY~j{-aMS~{m!`Zd?|}h~@0LUwMCKl;^_fc}zLk-W{L>PmT^-EJ z#Cx2J-YavgK3AR<0HhtC0bCj;z||NKko5KWGvBsVLROlTH}5ThRE+h(R({vDOMWld=Z3nhsxRtNtQ;e<%`)5vyQpI7_$`JDEl>-4PA4- zF+NuKQ@r19x&VdEBxe?yOPKA;Pl_~!O-yV3JaV2kD`Z8}Pdici45ZX>k=d3j%csd{66q4opLf6@^D zqo{jCdk0B1S1)*b7$aJqBqw+1CAFEJMry%nBe@5GUbNVjcxs&vM9KwDChf|5N5*b# zZJ~qRkNvlUi}779z*TFNw37_#a~|nptifK!Y)o8U;a_Rj3W0?iDu4#;Tv2xMF9gv= zF%Z;Iw2Zo_xR7nRWG*J!xCwdv!4M8BmOa##=cME5ZKb_9-hF{42$$>gh3ljsY?}Ig zHF)rM(FT1sbT0FBuWHN|yrZ87q-!@qnq8-bM`=XaBG#h?_!%?`ETEK6Pc#d!#)7 zY@<@+2@^VoVa#zLDjw6-LqZN(Px^^w$9#*D`cHs}o(sBD@cFwP*G7|0UU_MY$#>CcSnZ^F0;s1b{I3A7w!f^S5Gkt418cVz|y_SIxzG^ui67BbsXX%Q~Qx3_5j(W)Px_CAd_{`hGc(ZlIAuE)Gz1FgZ z!$?h5L;SS3?bF0L(XQV=So}Lbywj^3ik~u=TAQ53<&}KuRjJ$PyDXea?} zJs}=$iqJ+qEP4`InD#&eHZ%nQ9Q{NqFbuzUbsgd9zA_T-c2`&_a04z9R2Q4PGTk+! zhc;5VDah(n()e_%%&^%}t%CGfD=&i#j4$_(WKAI+7G?lwLkdUpRcJIMb?jYz`7GRE zaT;e!mDNA3X)GA9S^)MBuf8HIij4l64#;&>7gA6>`n$9RsEhQK1;Ly;#+b+M+O{A6 z#BhC4_aF?{F3tLSB}UQpaGS!r#F0ePus^i{sHaOqusC~NNlP3}a+capZw`?*ZrYk9 z@e|dr=?mrv;I)6ywZE798PVeQN-(7CP=&2-_>eJU(u!NBs)nQ1l`zKXQ&$1)|Kmjm88%FZnZ;G|V#`sj;!ruaC~ zv6dEJk^*xr;b5(OaRP_B2+2Og&d_TFJtV*v%4lQ~iil{`&1|#+wXSWN$8H^&oKEe- z9i5C`s+wz1g1=YEP4})x+9=*^yW#vC&;cfy_Z*FNwNO|66g!4 z>Lj-V5xZGv;aVxLMXV7`si%sw&aYg|vne^wRcb72!-?qLfccosX@DHVBdZ7k~JlKfIkjTq*bp>LHA?Z7s(&ZIWU zpxo7>3+`TO z`EVMN33n?T>MA zXb%!tK6~+!l%v9Y*fnGZ6t14%MZL1iNd?^#7)ol})Kt75LooyJ+nQ>W0fQ#@cEsQT z(m(-}h@~f&AiZ!Y3LN+&Re}BkIPlvf0)mOVXTxbTKlhGGzFOg@Iv^y@mHAVl8-a@F zL)5-;yLR2F!0+!bcRi83S<3q^%k7mwd%`(<&A1DJof7hoM+czY1Zllo|;tetNYFVuQx06=@yN7Z<>A_T-)Atv5VVd?aWG((A zJQK}BQ~rw%a|-D~g5B;@D+NS$g|5oHucBdjBO-l?k2z`L&UI-C73(+}>1saet%s+? zZ0hW#rR1yRo>8~{bjR(iLQL3pGIY~Ib$e@~byi@|2rQhBJrEjg)zd!Vt)JK!f84E z7DF5A8U&1;IChwRb||u|xryA~ItIo<-CK(&QQ7RWyrr6K`pLSTouznktAGVDAckSVwf}rP}NXouDT6 zX4D;_rsoC;vo^}@MXi0n_A74!=&^sl*9@Sg_*jyFALiSju&$(+p7V&fS(`t)M4DJx zj=*!*$HFD4n`%XxBc4Z7<`Vj}OORa+eKd?t>Qd~ut!blTAdgAR%YeqM{&Drgxa(}i zbfKu)wL-08EbG#woAAT=HuGxNL`WUs`iNuh5y8>7@XsTNy{!!bDHHL< zE9xYC)0>s4YE)k~NC14g3|@KxdYJ5Px#p(2I%0m^_?_+ArT;wK7lLpWT0Y z^}b9@DK`<=LpFdk$7+{%SrVKdsaG?5n;Zb5X{oLJ~(W z&>z`K64OirDr3m9*2tnJpG?q3py`}ltvYCP+~~z2Q+kaGry9eVWL&3ZKwT+gfBg+* zw9HsCo}Zc_hBnjBU0EWH5<-P!4dajVJ}T6RD#Tls1#w1 zEsrdNSDTE~Z#uC^FU6yDvTPH*ryAHVUIU3@70mWG=2`GjF%Bl&&ORum5C*SCg_*n) zQ1;{3x31Q+A_hR;nBRUtAHhF4VZME$d8bqXBf#%{-1mvex};&3j~i)$!dt@M2fIT2 z$6f%vyk<_X<{I3%WvmuJujOckxuQy)Bg{s@JS1YSM2|n-S_T>knvOU|Kfmx}5~BX& z<}&5oJJyxFMY{h^kNGtlniRwUj%qJ`3nCv7_zbb`!^0; z$6rK2VF+)7TRAs?S3UE94mrOfHEzQY(~+(>y)_in%zL3E>_6qwS?3tF$~$akYgr4l zePiPpG=~0U{ei%~4cw@2rbRz=-OMBUaXebjz8ZC6jJEjr zRJ=V{DjLW@_RU&Pl;i+5TZ8xETHDOBsh5@X8=HH00C_VU^Cox^*v>8maGZ*f|y7@DwLSQDY4a zffiHZ2K`}U$&w@%uMGHpB=4V92mH*>lyUoz1Hs`1ClcTN^ql+#n1myI+q5s1RrV93 z1GYwOg^d>Q4a|K9?6Gxq&bM0R)!C36J3MBlzY(k}qjK3!uPB(dCwC1?>vNWan)8gJ z`p<{L0ot@FygU+!Z(=(lL%)IE$>>yO_!>@*JPR-Y(>9^@#m~#G_1$1wK=ECY5m}M| z4bualT(nl;+n{s;R(1U8?6-#Ei}OFq^3E7EN;m*4O{3E&N#R}e$Cd*vfTJ7Cd08nU zPOAf~pp&r**~zIiq#$rBpbfakQbq)~z{BqDx z9rxI6CZA_j-{UmoJ2(eT*=(Rc!6h>|EnZH%?1VH-tMRSFcXKe6Fy-^;);+F4yHT>D z&}j!FNF#!UK+BSKu6vQ#kq_$2UeL|h^&d6Ux#BP89d64X9U!le=6GM8)eW6uftbvK z097HMA{)9c@O8Bat69~6`FQlxY4L{nNSlV*MuF7fOp>_m^)2u-J5S4uyX(=eUt;l6 zW-Da{f%ccaLB)_s{XAvgW9oe!jUXQ~fOaU!nnAH{2Be%_XzV`CUI}fC6s0|B5J!1w z^BH}~=K4sM-W1o2jj>(Rp*k{<>bg*lfpyds*Ncgs(e=bXNjKu&-5Un=PDGjdxyz<1 z{;u582hlX#94VDZU5;xN1>R0*yK0_ND>2~o(WV5wUXU@}MtTq_!suoFPl4Y#27|LK zl?%vTg6;GRm6kDDWkvx=i_Mlbc)+V4i0qz&Z%U?UV$UdA3QOeC?I@y5+^`3NuaT$- z#h-PB8AFsr>5`3Ffhwzcs*AcqGwP~-D7sX_>2}4iqn@uAUcm8;X}q3e91UOOA?Q}w7jKMFMTVU%|3tV z+}*n{XYr^xh3WrVe38lTuI#))DWaDFH^6a=>M}?zVVJr`cLuT2<i3iS^+ z=3iFz4>u`t#J@>A@dV>5SqCh)+xw6%Vqi3_)$TgSfVv`Efdn|Mip&*C<>V0GWp|ue zaINIKsmAy7=)ujWk&xRFZ zbDei}=Ri2Ax?$TQZFBsmYLODNMho%(om!I7*X=DX9Sul1A(nQH2VD?f3B%l70L$Zv z#1=DR{RM4+a?=34I$awCrFB~;(vZ3e1d&0tPwTHw;jp2K7rZWQ)xe#QjO?nR?N+GI z@z@6@+T_LdKq97&{+CO@9LNE@6HZ1S&Y}XpgV(>hJHpa(VUz}4C2$+Qc!Jz-A&|s1 zVFL)nk?Gy(qv{m>$@a|~kQoMZnMvnCxKM#cseUcbWPEK_^&fY!?yqLWfWB%jV8irQ zVzH7mZUKDEDv+PBM1Aw^06rN2TMro4gC;cpliI9&rBnLnd1UZX&@*Li1pJOEv_IXBuQz@5|mIk#OjMIVc#?2nfnRU%}; z@8%KiE%uWM7xCoEJAXP;m2l8!&kt0&i;EdzIo*4A&l}{<^M|g_&iR~rE?>$mUmtPT zcs}oxJBMaNPy2bzetikB3je=tjI5}Y&EJ79w&qu9=K{8(0BerKfnaRyFQ&#)HuSqd zS}_L=?9-Rl$XyGjtxH|>X_~#Z)faPtAI5B1oNz&12kIszM!;$$W>fK{J1ItvlpK

*=bs^!SN#j)@T-}GvoL3j*3Q>Kh#1g;ZU&Ad>}8gnXtML0rB; zVwZO9^QLQr3}ZdKk0Dj_%No^yygnyn83fOtp{vTo^!CaTgmWl`-HCg6S7t)VXB7l& zwq*pTm!(G&nWpl&bJof2zpeBqI0}@tYWiQWV0}+`1^`{cJD*_|-LkIxX-5@aOs;z# z0r#vHDnIa!HLvm4j3r4!F$Ufulb z5LC^nKA!7x>_)3BIelEX19azH9M)IUul1ku5C0}$pGc`39zs9QeDqg9nw|Jgj4(i8 z^t#useuElNIS7gXV}!d@tAezb5D16J&3j6g0lG^x4(IJc?jjIJx7Z-|2%RcOE;GU( zCtw%C4Ylv_kicAn+aN<~st8$W0;rvnK)Eld%pGM4VF5m ztbaSE3-lBg^KJsrkUNNU6ake$Hyy4Wr4iPsW>T-8ipYEg>;}60dV5Id1{k)DGoWu* zVW;o5TzjvLFB8uAaFlf5OsVVGngZX4nKo$Q5KYe?1_oWR;8%p_K&Wvu&TA5I9cuDbK#JmXuwDP2p^z6f5mh37 zJJ!IdXRk?-x2%Ohis!LTSfK~4^>{&CzEZ|}?84XviD7x~Z4d@r2RS7`gi&$L{*&sx z&06BLHpJYq2wWgrq9fA3&ViCQ+w9K|)r!MmP|A=XqZ(k;ulvb7#C+xv!e+1m+nZx=Qt2rhI%jI~L|LZ1EyJ%d)^U1UQ&~*c7X!n#euwK(aTD|ow;~q# zn8~j{juswGG-ZxATgq4H?9hu}^__*Lfp=cpTWR;z5BqlTg}-bM>fyZh<(dS$=c<|V zYDIp?z;AJex$)EEMywA*nl?h|&65`k9t%mEaW$@)Vc2%t9xaREXe>X^jvKr5YrKtV zQ3)g)}@pAdgjRp-?1<$#CxAQ(7%B2>} z;N)(sS(eCK*{x0QSfyvL4b2V@=w38nTM4DXE3~RN6^{uLbHlIgDo+u^*K=`Nil>&z zQ&I<2!YP&CdS>#7zQnX(0ou@oLnD=suZ=!`2$%#O%T= z$LqUvdFI8Gh^6U&l?7AOWUOr=9DUL%v0{Xmmlr_)CkS}VU=f4=Q8cu-Qi_QMHvl(A zn$cpSBo)!6L>easS{BKBO^`6G?gHNLXT`tQSb^N@V&M96;hNW1Y=TUgMui`U?|P(= zg!WC{u+?Urq4N~O8CXjMUHfhZ$ zOB-|{0Evc_iGf{Ux>h7q?p%%a5OP-bABiTDHgOyDyW* z9b1G*thTUH4??_{*bv)3pVLWrX9SG#+xn)tRgypO^DIh))ZXRFC-BD&BH$`+Kjd2Z z5qKnQ%o3htOnq6|#`v}6cl?fOakQnfy@%84t%ihUojqdh4*9|vh=JvJ{o!g#Ja>1A z=UM1waDb9i7iQL+S6%*A+C5I46LhtE?dXX3y5olV<1BL))~#Zx)dj?i8lyemwswEh zS`|vBc#U#}x69t?aB=RSD$#20!pYNt8H4LzW(DH1&}rg&52n$4Es_eaY>d|UxBASc zyU}W^bx{?w7iLqPhr-(kM(euKqg5q_`>8%kD(7ZO<#vK?BE#6 zhrPJTbMHdd#&MdotRG*_wzSyaF>tZSe`KX#Q&CY@yQg8+cuAaEw(d4sq<~vtkVP_B zTPHiWwj>_7owP>ea!oTjFiYiA+mZ{c3Jth;+}GXIsaSXAE_%J}WKslj#uWmXZDx&} zu00X$j$5Wzi0Q7w2Y(>B}x4P}Tb`wEsHLtRQ(`cg!K+{g?=w-Gt zZ4S+XR`bN%3n}M)n&%;Bg9qqn*=BLUt+#i`)jyBi7As1HzJ8V!FV{jj&O%Bxf4`!o z{@Q(>?YQ3hyPIpPD+8hk7ek@?+H!czY|`NH>E-(KhSz2E7XJ@Z?;XyD8@7LcJ9N;} z8r4#Cnng=X&FG*??bQlWRa>Z;8j)73ilWq>wPMGPohVf`V+WC>X6)36kmXIE=Y5Xj z_kWHf^S*Ll=XIW+Yt^gtxNw^$bJJOkczS8RPff+>%lB()z>n=2paEsY4QPoYY%0jU zyH)-%IKF4t)%rO5u*_UO+}D+;qMb-WvXhQGysvnwkFIH+Ej!$(Uvi(6FKi3&k$0F* z1+B}&m80t?`hLlUVOSI%YLMF`6`n~6XxS{jurx7m-Nb|i>9#ctH&Y0#SxCSUCm-V% z9LiQ)GGa|(O;a_F5 z3hA4;V>e|b&Ht~B_@_MGK1w?rW7k~1-IUnp`AXXb@d6g{I=*EfG-{_~C^T`!8pXcf z7ms=`mXZb6{7nh+k>zZUqo+q;>QC$Ezl}c^KVI@}`@QoZFVZKmzL4>m!?M6zf~6@D7yCR{$04FE z;RfwS@4%e4AVtDND#>`hEy^4e7|b4+`zj3l;IiQGCM#3Z8KB7Tz0^E^ZuUH?k?_-) zYC;lV-AXgg58%ycZOqdglk?a%ZDu$5o!U>SRQ9M`8L@q(N571%Ck)E4r2!|yb*U0} z#e)lOgE0S0KG);FiN@h_WzHIw0fgKHT&enbEfC1wa1}?JmbRmBkHeZW3YE}PUnMni z4iy}7m(~LH2Xc8rL>UQo%_w;?upa#y@*Sv z^(T|B4`JoB&Zf5xNzQOR97vvTy%~(!V)isW7K*W$3L5(Di$Fm!%9Hj$vrRJQLot=f zjq}`Coxq_IxVElWs(NitH2MC4Y^Go~gs^|Rq#9_ND)g>u&tbEq4gSn0g!teIe_z}! zZswd1sTlDyeQMA550h}x`PQkz%rgSdo(5IQ6iqAcojk_Nj{y{)h6oHo7iPuYBv^V!1$6NLmCLU19kmwwI(e;Hhs`ax!S$iw-lK5T$g7$T5dm!@AzL&;KhUzSDzo2D zgDneL*GPMlTKA2sUuj=|Al@sam zaa;{$l$C%@uJhO*dJ*`I+QwJC+jfBx7n{-B%JVlUpg_FKLnc(Nz{R>R{6TZ|;f?%o+%u02kgx%Uq;vAx!1>?_MK8M{f_eQb zgGo;{MBxEe-vOK&e}LGpbJj_F0TChn%zLA;clE#bZ;xUx56>_dIBPlzw4naluKwDL zjFQn;4<2DlW0fL))ZagNw+wJa_W*H^EL8y4#^%llT$=kO(6`}LPsG=S^3Adt`V+Gi2@ zp;Fhrf6XLa9ZJkov%8;Cih05;UW{-o1Mg3Q)}0Ft&P@AA>=2Xzs#{BNge=$VYn*ou zD)(Z{_9(l52kcLnS{5Areaw+pcX;%ujpUQMhv-zoX12zS@_ zIN;c|mhCv*^5yFCsHiG3K^vNO1A$>E1L$eKlADA;p3>NSB13gU*}~4KNl#F zWeb8{2@9k88?65MM*0_B7chm>;w=-e!ED-$k)nOa$M3!DWr9j>B{De zWe=Kvw&&~kCNw0e$1Ys5$bGm;+5c{mAaeS4Z_hvb{tnwaD-`%~C2+!qKVUP>Ioo@7 z$GoUfz2T{x@_mad4`bBL5q0(-cTKaS?)WCF4*!b0y_4KH!w;Gap8|TQFK zfQ5a)<2h>^l?<6Q5wNL0(aR%vykWXk#!>`U4r(JNlsU)^KXGovR-}7UZzoDj64< z9sStfp*bMJ4eiMkr*hec!{QsdCjv57AKj{)FU5Z{m|zZT26J*CYoT(ziIL9d)vW4A zcXsEu#|_no)RX3Kj;lM+rPk-?fmmh2ymny8r)R*|nhogRqIZ0&2OjKX@Hy?ed*T%X z>!cna`-yT%@@MlecVm_7Z5?2Db1`1{LvbY| zy--voEAW#k3{F$wr&Jto7p0S5ZPMSC3Z#)#a&@lS-yGYmw^QP{Ii{}qHb^g5C$DAu zQ=vPHC1+DTQErR=!PGFr2kA|BYZjJlklmFV$?8mziSNynjx$V=)Y4=1^8MszF)1l% z?J+rd7~hQ+R+wYTye3xyv&~+9)=PiaHq`;m)iBTrnH8ejHX3N6xUkdYj*Sr^s+e8b z3@P}-YSPYD`C?2;_7Nr^e^p6ox_u7^KM=j+v;*mJqf$o))t0ffTRG5XlsR#@`F%Cj z#PQ<)7KJMr$6Kvp9$$>SW7oRnI|9k<71(~ZcFp=fxe9TktUZ% zVtONOg8sj=odbVhl7#otzVzW`tjPU4i% zdmVzlVR9!XLE|#~z(m)0_Fub*L0QJhCeS|mwi~i({-dSb>B?!zGeC+yF<=0sLH%zu zh$PZ);RT!b!R>3_oUjRetLV$T6Wpxr3KAu-+yq^d)aJeEYs{*9mB8_tSFn2-k|#0# zD`8&8Fx&Qnp3^d@IJ*s@v#^8AUE(Xh%)@r4JI|!tcv*;C00lB5P=K3N;W_A9%cK!z;A?!oXRV-!3nw%pYzh-VZ1vTSez@PY3?~1o(C~vu-F;gw}PS z*#KJ@%o)v%3JUj)*+0rC&vy=J;6|wvO{6>h8F6iD-^0csTqDrEcT}sRsX@n*f$G)lP)p*u@-2Ps}m~%)Yv56X>*vs_m zq<;&eewHi97q~@vL7Wh;GJ4%-$#g`Ep}fDao;PR~=T#*Yk+JPFFVW;)9GU(Yj=9JD zJqM*j1(cv@>SkS;N?^{3(}#^**t2Bx9nb6)*1D6u#oS*(tVs6oEBD6AJS4FU@07bF zB9ov_Z~*0FLYeOzlF#x6-0pnVFx zrK-NkvAsY&L~v=6+~Il}&9%4~v=KirkKzI_0^YCCCf~4cK!ewLFF?FDugb=7H&!6v&&D{AOp=?O%bs(W72*S?Ra0 zy;~YzKr`{g)sq{Rqsu3~|F8Ptj_+nIcM0Xxir<>}s4WyYbAu}`dBc4wVLtjBXc>E- zlQPcsJ2hT~)=(PxkXjuPABDmz61qQcxBN_JA^yVe)H(_QU-h)VKZfV`Yhzz?V>4nA zk3`0yEp4VM7_!xT5&_9b-6j*VZy zQJ$$ggKvswdH=cuXH$NbT6YG09gNZx9HR%W3X4eCIZCysEvM}2T|;!Ox;8-024(y8 z-C2U|S&>z(x>zR*zI!aq5kF`TN-h(Fxo3*+y*y35xmsct#kaaiCI+PeXU2z2xedRThQIw zJgK7Y751Pq#F0PwF;_mSZBPoud=G&+!D3h#b&KrYPdM#eheKucbFLvdTpN{c!Ox98 z&;hZBf3~60bu;Woy0P5DZ!ouU4da%KyG7j85VpHgw5}T6IDSxd5CHqtZ=1Wk*SOM& zR`D`Cj&Ab2v_oliTpBBSk`_^}%kRjwF5gIP+2NBI*}ub>jDu>9W**GBkW9|uG%M#d z)m|mH*hSu*-Kvv60w0(CFn9cNj4URDn|da|fA=zT6#3;~QclmW)$4N^pBg4F^w!n` zt{UDeXa;!}{%ADav$rzS_Z{W6O8c_le6O?F*9&&%P~RO!>zXwIb*cNCAH{s@hdWw5 z4pspJvpmpELd)Sy&VU7oM`|vTmOSf$|`&7d?Dg1HR;~YWZhdIhdlUK-&8b9X_|(_VJ3 zP2G?7>fdOrKgF^?re2nEiA-nqg+|zT=3LcyvaPy~Vk9#>bIzV_v@1AG1ZfEO0xwdSt-pg1{y{HwuZ%E8CsH#iE{4(+LFs2^t@sUe&C{VYOKWW#Yd_L#md8%z5T6mYbKxhbEP~RMTzLVfwt2`hRZ&25< zx`ZC@yC1J^BJw{L8}`U}>dF=SU!=@<(idgfz?l zY(v}Ijx~$lGC4dqZ^7AC$?= zGOJwg=moy{H4XaJD_4ac+XI8tTe7&i3w>m_rL2sujlza*gl6JVk(WX@W}Rj~NTl0i z{gCKV+^vTzfJ98p7rT#<8)gJ?+ln_gMl&{@=xZG&SpPfUDy;e*6(PO3)F7~3TlREy z-$G6Bw0Mo@9w0KuHn2DiM%;qK$gy%?qI>Iy1oyNq1~cQGHZ|}wM^S_BS9QCC&bAO!g~{f!R-9w=gUD1~m9d)AY<|Kjpt5HjM$-}cC*gW9?`%!aSd zg1H^yMimaCBBHm#2;k0*81$B;;w(JBUn2m7MbJZkc0S6ovTBs2Zygs0o*xIQ&Xuoz z;`7)4Xz<$FBbhXCXF{=*sC_bR3Ib8|vfV#i$8%&})}HR(ijsNyx#ir|b5~uy-Z&Qq z{PX9X+QJ`hQWrPRX6XIPKEG!X5q;io-`#kud+Ny1t5-J>UQBnSlY3CGlQT4cYL$c8 z?BA^m4TiTAWh07C2vdR!^T_X|_wu!wgyMTKy~enNxdXFLjjT#Lb$@57b*F!8qfDib zd1b!#Xc^_5HOK1C-KA~lfIYI-8^kXut0y(6+GE;%TmYX0+W{UNF)eI1tI}IcVA3-- zb~YK9y%sx@ZXFSHh?uS$hYB4DNKZOs)E;>Jv~%LY2^nj@Z*f_>Pu1y1^MHqdKTZl* zL=o-1^oF+F7P^9kp_LR{%PBgNXW%Ds2PiN8Nt~6kcZYxhcK-yPMpSi_hHSy4p74^zF z5Wt~VR0TC*y@M}uxW?1TN*O^$j>Q{g3hIKT;h%dq$WSj}Ujb4H;j@k zgk+bczbhhaA6J-ei7WF?JG7nE(dH3JZ zQwyKph24YFcD;WbC5jEO8QLooh7W|qe)q(WS9~2erXl`q=#T}Lw2xWEN%vXASBzP# z<~%Ct7)fH=Ceqk^faV7D{v4O!*d-O8f;5d_B-d-kyx8Gwwu`Lv-@+4<@A-i{>uV;X zvb8rl>ltjt9y8G4RcRgS5-f1Tvtyet z`(W3X(rEKrt_vvIs!To#+}rFD$eGwfXjqOlEQ&jTB9PX>0!@%Pud`{DM9ao~HvlEf+f)>vt>jx&RP_Cn`6#);@@;%v zHS62wTcNwm^@pPx2aBZ%{Z{=Yrdx*|s<%OY5HdF&n7#pyPW01;ENwUdWlGR7!5%{2 zParF~1t>jviRZ}EoHk6YP$J>!X0+FXS)fq~PYMEg)2!|p4O*=@{P!E!SZ4i2x3<7^9OIsM1e#!Vs1%IrrBtlrKaYBVZd*;ObtDmVW2L)nHxJiE z=1|2Cfvybmx;DKZ^#no*V`SOYGnFMoX`=_5CH@9 zG_^|JZE4dNVVbo}gwA}vX*v+ zQcXNO9YAz>{#NwXs!}OO{^lPm6ST7P0*7bEfn;h?UItL1(7I)%;&czQ%suTk$9IHt z0Is#-(whU}P3z^KusFZ>j?h8#>_b(+e&A;VD0LYGc_!-RA42^$6RZ#jqWcnMZ3AH*m7*3PpR~O{=Vg6a!FLWQQ`e=93YkVqnB0%q;+;Mw^hqgw% zNJ3zChoQ8eSCz&+L*HD-ttqmVCx1VY<-XayW^)|mFP`()m~LI{0DU8OE$-X4Cv8}H zNn7~L4)$BR9mfA`ri*Rk55kSDZz@FimoiWh9L&)WsgVpLTTe^AD|mL|pioDF<1Y&6 zr)#&fgvKZyKd1HIk>k>KT0btmECue~pBkp@TgnIFfbgF&c28qdh?>xemnH>QzcAU&W;C}P6+3N5`H*)(jPtQ; z@ITnl(Y0Jk8=J6_AnU?7#on6o&171k@HVj4DdvAr^Eoikju;ya%k_2No@GLosz?sI z%U%jouP+E;56$Tf-{ORfET;lqqW^7i`G^X?k|5+*x8`HUJh!Tf(^*8b=k;0{Xm!mZ<7q4{)^wIa&u zNTGgOrM`=aD28i-JGtA`Avu?OZ2VP0fp*emRIym5hrT?p=TDyveO>`k%=^5lJzqQN zj2p*nUtDdt9&ngLk#);oEY1Mu*z*`alf><{z3D`*8CGO zf!m|46hSK$0i@(-Ld?a%wI2>hBi3zdXA%_zVbT=j8hslY`_493R|$}J@JD`PKylqu zV~U}{AzyVm0ex$IIx7bqS7HceDkFQq?=6}ZI;_mYOFqX+f1{m{Ialg`n>zozDW#{q zcr5OisPg*Vm;3{ezYD&(llSMPzf`EMoWqH3OBO9a2U zqpK*T#SRX#?!^kDC%(ZNWRLreP_?^13wo?cK%F}^qZ#z!CmY8s_)BdrKQRqcwJJ@@_Y9cK_nMnoByx#?kdSv}NhMLS=cgrRw-hfoNUM7} zP&-BU;K%B-1A`XiJ->yNrFWxs>uRJn16G}mQ+f)0x`V%QW_~N0TuW-`mM|5UlFTS6 zCf^Y#M4tI@H&m!Fo`O}Oc{1(?m%#dvzkUPcer4rkD3`9qD)yYdX4Fg1d_lk-j~_4y ze35F)6+AO?N7YuU-!Lc61EDNx6fD;d3Ycj!j+ogcbuiZE8ZSi9w*0q;47f76{OzLD z1Xtf`(y))Cy=18maGbZvUvn0E)-5{svQqXlW!_#q;mSDEnvzTzANyIu2xgg(0y&KH z91mrAOM35a#O=W)Kpnn4r-U!_uwUtAj-bu@?wvJmLND@^=lY305=LogP5&?JC zRHz|wa`EXim`8DJrqbFwTf)IArI0UCjjY|@3W6_-@nqtEd)nT zQ~-r3fpuLMfCaY771$TfS&P;aKV^ZV(&L$;oe8eNcM0sc^@=r}&D1P!->dT?5;#WK z*5j%-$(w;ssnGYArjM|li;7%=a(-)f-u!7ln$y+jI;NoiNgAd7Ejt2Nfz_6s-3<~= z{_)|Y+8X;7c;U90stU!-mrdsthN8+$dp0L_6bP>@&M@6Zk0$C2$6W{6NXI??bPXW6 zF<-8Ia3tFgvalBM%}a_e%VhHE&hy~z7NaBEi$({4xjCBTP)LZ(6{fM7yMTq0cC>W& zTvX-4gstBcKVE9nEV{T*t2to>VGW20bwSwF5}wspT)I&4e9>p!T_Z&GMvU`XmdCpu zqj+ZiQiU3KlAHDqWs5v_f_-ys{o1z7^G=mA-V*P0O97nUfY+}Q&TtKnqCI=5RUdyy zQ>=wGULPdtPKTy~W2*q^C#h}@%?;DPQ4LoEZ}0S(9G*vYSeCeqfsAcTZq`JJu_G+K z>g#85)&+N?q&-5?ME%Z?BOHUybjQ&NW!KaY3BVn5RVmP~$;8{J{W|NQitk=CtSm>f z#|L>)iB;M;Vw*CZO!vb{sbW8nTihj1IetsMWlw#SZh?NRH28bE*K3py4vP@o&~kU|dC^hUWsv#ktnNzRGH}Nah%LTD!1*M8W^r zPDO0Tmj2pBu|YFTLm$_^PJ~RO(h#E7R6OR)pxNwORfKGnlsHAhB-(_MpXX40sD6NY zb2ny0@gOl(4VS1Bh8ei}IY_=)kf3Z)xfQ-qhtOq+ig)^hbrFa1k%5$-qR zRDc@t-&PqxSq43-canLV5;Bb3e~c5u@*(fVAmlYO@AlQN?)VzJOAFYl9r&5D+Wwlz zR_wN!^o)(%QtytfR+ca3NQolTjk@doR@RUM?n%qyr&tyXDz)l}(_scNQ0t|Dy*}$n ziq4X+{oLj6^V+LTw-0H`ESu+@B797p?i?=VNy}eb$}c}crNT)aCg>Z3-D#TcIKQVe zr{+^O#5yt4Ho+U0AgqZWvP7BlnR}!3CrrD)6+MjG8mr15CxEg%oofMNe@47Vi&D-M z?O-UjvB?|F^$N}L&noJYSp7ssK4!BoALgIGMsG73qTNyDvAh01hu?Vks3u1`4X(oW zg31K>*Vv(sO6Wx-flag_&0FK8SMkB==#hjh=-w1U`xo2iW20flW^A*exRJE~>RX3E z&3Rg}*5i`kB--PDc^7?OtB&O=MrX7H#0OG%;XcL23w?1P z&P~>^Mur_pe{#2YfrMq}+`r)Rw^}2^ZqP=9KGBCTGPLI-P_Zl!X)ue+7Q1|xGfI14 zSLGji8xQhhc!0`aY0Dv}Ot?eL84&?bV`R!?O_1W?B68iN91!*iR_+H|ysb_qrm)sGv`Jm1e$By%p9* zPaQ^HBiDNsHO;phDA}g4%=xv3Y=`uE#;?d5*u%kGWIrDC{IIK11C+U+$Jyla9ey`% zD^!JbN3N>?W_08shnxA2B8NQGN$E8Y0=5N^>LJR!g$9TL44R)1YjnxZstpAh1Rm-G zp*Dm&uqOQdbAX{m$Yqq{law0WA97jOcLPnO?-brQ|0|tw!EVLI&+OCS%JdWJ)Roi` z`O@+#sm+k-TE2kI`08=fw;Nwe#Hz9@b}Ga9U;f2D)NCvpGg*l;RXWgHf0G%d>YR+d z_n@(2n51gC6lTjlh^{s@SD z8D{j+YA1s7A6w&>k<0!zK@ERx^31)orJA??R(@z{K?T{>Rh-{B)^g9|T|jBZ_<0;; zV4o@1yM0mc$iJKS`x;*3J|U)w0#|XE^-6XWkbix7=xU$ZbacyC(@eu3XE=0st;X`c zM_HHgHzdBEN=q)WyhoF9lUhN^uWtLehH!-Qe=p%K>}7+4AYt;eSK9Me@)&krcED7gf5~BMASlOiYqw<0NI;M zqj9brax4cjr{PR^dcXx&;=Ut6p|)F=ti}U?S-f(~x$FKMQ|Dri**j3Yx3Q}o_^1LJ zBGuzFPV6iP@_0kfuRPfj1PplBTD;R{9$7JB%1Fwid#!<|SEIR=RyGY;e!U*~|2=Mj zALO_KMB+-0y0sN(#q?tKOrSsbEyofJ=(=4*ib$3??w!$n{Hp(2g8V3ybT4eL616j| zM_>3^xL;5=QG#^)xE&>Z$ExCmyBoI8t81AkvtE5IE{3u;rXbHGp38u{$Aa7b)~aPo z>gH;djr>|Rs@S$`5V0y+qG4JsE^((x@m;tl^1AnDA)`YK-8ogd_))dY^1mnA^OEoK zcMD{Nu*!NSl$x`X+WHrbrB;;O(n@E>Rc+iy*KJ#2=;gW68F#3hz}P;v+sp%`0GMKZ zJJD#a%{f-=m6mYaZ6UCEBSQ!Jaygd1!i7{4Sy!=0YL3L9yqO;oPq@uE>k+95iBb2R zlS%g;h-cVT_l3xP0ni+wglZ{1e~~fNiykkX(``|{BFzC%)&VfbF)M#Q3a#l5(!)B} zf7mV6BUz96G;WaohLN7M^!Ra`l?gEs!~XHe`Oh25QmeNviT&@diQBv$p2bfV6){pfoj8BeC$X3zF~alN#8Sf^A4&XHplDE7P_Z)T_oR~t4%Se-e79m zZs^j=_w23sX+H?cJqg_)Vnm;#_YCpiY&WvX-0X9^shFvOI8*z$jQT#bnYp^4K9ET|Pv27{ZPur8vG!e) zI?+{H0~hJ@cWq6K`>mdZuiVvZw&5r-#QU33iw??opF^bS-^azs%*lRqZB}2c=;kqh zr%k$~Uc=xSc^j>)7&>>jKh<05eLByMwWjN4Cs=~yebYmV4+=^e))X*)+pvYS1*Ti+ zNJuvk)tsMK)4U?($_gs=9kQ}%+s;-!YglcfSs}e;v5KL2f)O09VYypv(kJ%n!yQ@+ zaSvDsHaR&43BBDTd3LG$n{&n*;i4D)=%m6t{LCrqlh5iZu8h>%od#Zi?Pl`T+rBHr zcXej>y?)_}xrx?f1N>mUTczj9Kq%62I15IAw+EbUIcR&`_W*4@>n+>5^#h%=kv}K{ z0-3yP&HO(WKuyEclC*y;YQ|=JyFrI!UZHOxznb!k!_DKrteg-!56l-!toYqfBH&dMhelgVCFHl6$6;e6A&)!_2AD;y5v4TJhh=gLN^Up&e% zl!dw(D)S!xkIryT((wrXcJ769dKSCvZDGQN;iaDy*m>H9$+@~;#h)pTX>9RUi?uO) zvuY@-a`modTvyWv*=Co4M>``~TeDe-!&`H9GKK9wfRF&M6~mg*Y=)|5U7|fnQ(1ND z>aN&&9jZgx@do{&Ykx;3W0nqDs?Qs$3KiMjaiz14Bo5xd*QJZw7dblu{ji>gt(rF# zDA4Wjit=cg*}H-`Zli`;=;h*TS8s_eQb6aqqcx2hK%j;SZ}YLJrR`a!Y1myMO$GTU zsO%z{($|z9smu3KJRE0vWL`wK%=~n=$iXtyu22q4IB)v@uHgO!-4eOuF7|rVyYf)< z4Ta?kiE5KJwxj&TIci{zf^5&tOK1GUR?9y{++#RYL($hepzErdLj=+S0?DoA}txU z)Ms~}9(Jqo8Q2r4end)?suB&8j=M-VijcQ31-*`Q=Bw0f=TRb`eBZjz{+kbWYy40A z50xtl>03mo2(~w$!=jN9|G*mcW?v5{)C){sg4Q=bEPjJ3i3mwrsfde^|6F@2Vlm7X?mG(!BpPriclg?0 z43Wh6+M}>DbvgBwurxtli5xm6eUNV@HcLpwTU08GsGbfwjEy9oZI;ueGDj4Wc%OG; zmJgopaqgDh7|E&dm)*L{_-Gq+q0ta>eVgZh%c%nYkjn3(J9KuC-KH#E!Nz92d^~-L z%|oh3OKoFs20T9TuV+@dVLYd0(BgE~=D)n|aQO_o>vrDn zu%wadOnKB+yYahOaxn}_Yy40RAI6tZL-(QU%`R!p?%T0c@te+- ze;zgGscFl@96jC#mW)stB&c+i5d4W9sVN;Z5h#)@{pJlEFDI*bD+oHD!S{@)5AucS zb(>FgL4qpY{jw#KyjnnrFhi?W)j{;Lz%ynFKRF)Vt?-)qs$fsx%E1sM}WE=|8Y&hdtCr=j6s|Gq-Tp zL?rRXu$#WDd^XF+&5weItp25Idgnwk$@^aKsWLwAP&?93reYUy*_2k5x%Wl`*K-)l zs!y@qYOC3vw)Y6r{=#3RJr^72>%B52oHa?(Qma!hEi=Sdd|RK8N?MHKgcD#XgGV4N z>@8isza~Y?CkYf2g;WT8@)Sc`)wPNZ`D>PM39&cPZ*vf(sjC#jihkNQ3Vm-m^uJT= zvps+PTc7u_ZB|Jh4n|6X7nJKiop?&$-G739gBvb*VC(y>q7~hL;tFnovglucKU9cG z?m(>xczZCWkaELR3m63U)y3c(0-^{^tC+YcJ+O|vV9B4jF?zL{EZ@-G?*+e5&KNx~ z7WrBBS})vcvL=d-I_fdH^l#*eSHlp#|1moZf8Tn$z2+zK&8cX(*-iWAnr~sL z*YB5bzgFOg^dFFJiZ46^m;f_I+REIa}ODl znY)v^JC6MZ`X?9a&rAe>9OBTCepLa)=?Opn|6ihh`10Ro7u%MAe}VrcHe5oHjbVJ$ zblii@u6Gb;?@jsVifHht_%IP3##XM(PrT>HU3pj7% zZCmmORN5jo&Ok7zjSbrXS&v0W7LPA;+1N@%FMfOP;|ikF2Cofg>__Sip4AcP2;Ot` zA`=MZy2;IIG}?!gsa$p!=cS_z0~s=kPSX!FKD0%w*sC>LxP6pDb}ZWin?kINr{1g_ zVVZ58_yR1Z2@i{O(H@Ku;C%bb^fcu4)ySUS=Y_*16&wo!{^we)(A-NE-lJIq(k;;D zN61RBzoPH3&yIWxH`Q7(Nn;&}tcKX6_z!2zW2Wu`N^LBn^8@v*ru;p;gs^4qnwh&T zO}%hAeXB9Z2YJq=I;0f()07{V-u0~?KZye+Mj?yDSm}NG19F+~oLA9+a>HZ`wYFj`bmRnJbpqiC`yNoujJsQ1k?YhlSPiun z*jNh)6d1VqVsmLDJxyjO%oWwMP^Se?5b!YhD5CxHfzfb6OE<{Q>K21@}yK+JCDv9 zD7tkO<@NUam0Vyl^yaH?tnIcRhU$irJsT|D1oHA6@Na-m3&~>#O3JLZCxv#5Pjvas z7Q6G^zvT9wD?(P>GD>~oxlXOB*LfYr!u6wnv9l&2V2_&0>x=ss_{;$bJW!QEtS1RM z>{Zigyul&k&TlR3^bDqoT|jFsW(4i-kv30eduCg=)27-1F3eHs=HOjy>BF_W9mk6c z=CsT;V(K4DGi3vtSM-QWF30)+gLWQqFVLw#LUw8Z-(WRqRS)(R8-RIxHi z%c6TUgmyj+`AX%`S{M6@syX`uqH!xP^DT|H!1qWwbxDV*AcodkU z7#%EYI^!PJ2;S?|!);0kSBXxy7;FbU%4y&M2Wccd!wMhP$}XB>!gufk#+?17mzy3n zB>Lte;uUk)=^M6e<~a@D+ix_BW9$?QKktV{c#QUhPVnaJgyqz$Y$`_`GM)(LVi20{ z80bz}%fT;D&SJ1^H4#%isE@s+`Bf;($OPnWcUVUn%R&U>vh@8v#9F^56N<9vwgtNp z&AHmz=-a!&;?_!~ARNQr7_#$~X`A~pF3MVE?{^*swcPqP=AWGYPRsSwa%&J9N0!P? zg^qJPV=ulq7)b?B>$1~Vw_S)=E=g+g1fv5|T-rt>saS~s`?lp5!GfH;AL)rpW zir~_eDLMa$kvW^!G9F_Q-J41-^U=~a=I1wnUzeXmZMIt$qIoupO&@edn+@X2;tVp7 zKPX9goOjudo=wA-vh#CHT1(4MMcK8xz}(#S*b(NkytSe51kUnpA?vMa`)V5B$+WA= zt>6!5x$tr9#mz zYEu?Sz$>8I3Pv!?B~E0l^TZ@4?ZA6?zu|{Q|C$5Lcl6UJ-JAR3P>+q!N@jCopT?WA zSf|eeZI!(t%(G3iw&>J_{AZggK0v+zWJPQyQ7u@Rp3e{wylqwp9|jrUW&f>~6~FI& zdBJhpoajga+V?BT8Sfy^HcBq%Y2n{y_;_Si7`IMYmalRTXDNd>!i=rsfg6yeT?w?_ z9;sksl$dO*g#3}kt<*R=Xd%6yd{Nsr(BFr(!VxUQp(Bp5o|6tZWP|=J<%bVe)Tp$T z7Wnb?y!mx6^4&w%O7V`z$VIbsc@*4WP?Bg`WnFR&R3~74$RP6|0WpShl4NXc6*)-zvTzc7 z>(iqXsUJ33zb!sVUA$}%S2F*_Q||uHfc0zx6Aprz#2F=6^PvOQ^r|X=eg0@MiV^8m zl`$Smwj$9KI5_VA3sg?|{;#2N_ZgSD%U5;e@yyYOVo6AH z7MkpI!fpqSLl3*39MB@>Wboii+ie*Xk2i-?-%e)8R_@2Cp#iihBOMsZMODPeuRn5) zr>Yf`wg@%&BQht-)u5n0CSS)h>&mtFUYdNePpA_qT`tVuswL>EGJqsj~bH@**Bh zb^{)^tsyWYK~ug2BKW`7x?Z+HB`w7eKb4i^cYU0g^R&*8izH8w*zn>ManIML&*}y{ z#Klsjrv+gmnZ%L%s+yJTqs?w6BzfMmsc#wo5F;T6T`5j;1(8ndG`bVMdCWtguuYUr z;#XiB$CWa`$V;-Wdcr9OSKn!+aV6e2p2r#k>Jrg5u+nojuYu27y<|KE>H=|uz{-~8 z98S|y%W@&WHv6D@yyT0gWt^2dO6QD)v;oFrPg_Fwi%0eiaCtWo>!`rIu2|_vE*ZTp zg@5k4CQK}HrOk9ypkzL{@K}^gv-_a|FtD)BwOLK$7R^3rVlyLc6tV_3AHICSV%=Sh z{mqUc-(P71RT{eWh5OCZXIDKep#Npk*CnlTHzLYjk&_=a1c)eu(jZj3ir<_z^oSz} zv-vf!Gj7&4QjOvQ21{WwDQ4Cm1xJ@cp^7z zWq8)T2J!B`!tb6Qck5`609q0}RF%D4P^~Urkd(t(kij^x$ESD5VBlT=Gk^2~q^VTv z;7=yrqpT(pSrg>5?HM9#Ob_@Bw#d^fYm7~&PbWSl;|7=HYjdKPk)`)KwD%MX)yyq& zv&yukx($bkLw0hu8P;7=E<1bsmyiOu5ZtPhP7SZw5fLbfa%t3-P8(dQ1P|4e6yQoI z2aLQn8;L0hE-^y0-t0c;Fw5*uz4m<2ERZ8x+5I_olZeM>l~1GX4|du;m;O!6r7JpT zgAkSd_$Qtul!W)1_ZT;RW2?mIJtq8c&|UOFr+VA73nK1Js~XFJb%1c!i=xqNns`%r z@cN$1lzkIEln9OJf(0%sDsI35HvpC4Q0%>&sQXH#fNK=(d`nGL<#6o>4jed(gA1PS zE}{*fF&aFeLTE`EcTK{&r##uQxon0?8^94<9bH#h4AO{4wm_=8o+5~mM&BL8-fk6SA!zWORAFRPHH7Z2UcWwimebAgf(EIC z(yp?{&>SOZQnTcE16esda9d#N>wf zmA}ccP&3?Z%$-mtXKD1q-(FrsJW9w8NZTH{6N=3sLa@d0pU|FTp?f-aY;#H+%MlJ8 zHIbC&w}-5~`xEu;q`FuQp2@g$`rxP0j~L3-#Qi;E;P+)lf%}3CSS!eUC@vNOMAj?+ zT1mhD%;Hkkd+R?dLVdRMNwCK4J_j8?%~qX%s_4L+%qv7%Y^UCi4$;0dngs+oyf z+=R1ux{IdYIyX}L$=s%yg%87x%xkU~kmfJnvk2l8qe%v3_psG$C z*|OGLYwbO!!D_3n;dgj}GD%MPE829yYHYP$0zSvv8<*{??dH`%?aP7y#kyD8Kv^Mi z*8bJ{F+#OuNV7HpAsm!3aDaW@J_*u-YS}hOhF2x+af|lndW;#I6q=zjf9tckj(;Q9 zO`fx58eO|#B&L@0Gd-Iq&ERb?Yy$!=AZorI9@ zII9w*t{S+}*XouRv^z|egw%K1>bcvEa>{)hNeFt#$op{+2hqR%dAbMXYs6NT`L%_g zJDIxtU_H#&doFJB$l=YlP$GmSHN)ZAa1;|$5U>gY$hNqBkeflwMt~Sep|PZ|oo<+Prl$%$UjHTM z!>)yYnVIW+^>+$ap{r|TqR{KRwR1iAC$?0t%^| z+6SN8w{bDs`wRN67q#CMJIrO?WRCmm#v)Rei{@G_eef6*1HLynNp)fG$h&&?7i}Qz z+8J4O@HuWH$hW5|k_4>R4RfUk{XP)*$tnc=zD>%}J7AfLs3MY{Ioj>{0aRG&N zVwt&xyQ;O1{`Af7-!er3enhUSNL%&JkNp0d-@VPZL3(IYI7?yf^SclKe01h0DsFzk z|8DC4pOzXaWB>*omRg+>xmufHi(HkruI07r-*%TAn@ZD46+@FiK2yCxY-6rz)tg-N z4nd2h-kP<#prU@q2+gEZ(q4y#c)!7r6GwAC2kp7yx|g>k0^AJ(_Mk%Bv;DF5mUIr+ zB)Hwy@`}&IrtG#Rs{+8&{2JsvQ8;07^G@ol1>Z`o-X0`Wg8-;i1jP0~>onWG&XHyanJWpSTck;pC4a7Jk0n+@LlBq6>*tJtN z6`|xexsG$v4xiugIx3|)7L75g1_;*JMLZHJw-^}L#Hrb_70vcoY1t4i+}ge)AZ>DN zWPz;#X@kN3WT5Oq3>p!>`i?=|&AOKYGIUPgoNbWkU8%9@d=&Fax^R)`bZb(vHn+e4 zZL;oNgSPO0pUqS%`C@~}Hd`}P9pcxz$#kdOWxCzDr~P<(b)4)mDYglvhFTlJTu4YW z=nTfAt@gI(Q%&o1YwwsHYD;Y8*q_ypNJo7VCmHZu0m1tHMd9sNCw{gd_A#+{;0vU*3Qc%o~%mpHg9i6 z*H$CcnL*Yp)i+P~SuKehureKkobD`ix^0j4U_rBO>0PhQ*FPV#w=tSGe`=n76Vck! z)2(!|@Y8oHuxCp6_t5nZ-IH&KBtVc~V1Bu4HD9mfg44|5QJPfet9W#(f9bndX50UL zrmx@Rfo{`MiG3S$vV#F*t=CJo5A+(k#y9O!YZD-7%zT%9-InE`(6!gOVI3QJlx3CM3zH9YKY1fGOS#7gOS#gLCtO)=1s(N= zu7v%~`NMq{CQ+PuqSy4sP+Tq84eY^HW7n--?s8B*5*b*buc%LhPBT;M3os0&#vpKxWgU~zL)^Cp=kYHN~9Z+cRMMEUwVOT{)k)}XB3U0x}!GuE!|X@m}^Tmq6&6p1CB z(#?q7WKq+0ta(!jB4wzJ>4~~^g|iyBFLYk9`^;VuU>_VvZ8#oS=eyu?8J|Yl9Q7cs zPP3lMt(j@|99q$3pvu-1W`g<(eNzB9Q47?XY6Z+L3>~JYvbvKf!HCY2`Qkj{=8oE2 z*Ss@}YV!S=L@1CH@OK9ia+kX`MfOX{a+$)`QMYR0r`-marp)s9nT24g#Q-WX%eCR=MYj<2RLt)SB^ zMlB1%q8`yY4SW^C$S$=z!_xz0Nm!N5Lf+y#&7M26-`&dnVEHU{+axG9DDJj4e2!xr z=8cmc3G?=ad{LJ>pJyyi8zHBzuf}&@>hQD6u^e3Eh&G5tSyWFD`k_Cxi55kuR9z0I z=~H#H7bjxH?eI7;lQQVo4c0H(RQXDQ?;Re9?%3+`K&NB2DC&rZr#6&x!m!F2RMgtQ z&yPc{&z(BnoNic<@Z~$ky&Fhubl=K;XyY;MA@ABH>t9gs*z~=xFVC<8}aE^Uv@z-+Qxoh;*M`)TILjtG~n3z>;M8^jOLd zK~}%-z^3B*Wp^&**PO$D3ur#*P}Nv~j_b{D_S)lZ2N2DVEwJovxzWLo^MGZY+i_F_ zZ%8T8B%WbyPxAOz!Y)*Xr-}PMMQna13YEo1O~23tB||;AkMlO6rK$l`QC){pew$Zc zjQUoNt`6EMA{xnq24c=5=!VU*qCVlX7$mf{@jCg>y)ln5ctjh>vprP?0+c%x!Gp=X z_OBi4uYRsvCR=p%H&~n|^D+kD`yiBn@Z9HTEGDyc9EjF;#D<3ej(kvTvwC6MH zwjc1ed^XyaqmX*Od=eY&Ax^?-3#{RFxV-jy-ssLpl;&6I-}CfuOz&GUl7MkKdTVK> zp>J~XYkDR5L2~DWrv_W)Xxxc;ia~^>M$p`G?OwY%Vl$!8@45Ers@Dz+ z+A5D9wcNX|MwGH|!RqO^R$X~K=To&N&1#xFUS@x`HUHDh25n{iOZT#!4FB^XdAdwO zg9mkc8L2%hjB2q%b(Plb(SmmMJ|$G0S;{SD3-Cq!sxB0p#<_c)p;by;fP^Za{aiKI z(;M)ohP4Er`FgDduRNde>PI`z`=7VLZo2y|jiOzKU^k4zki}KCp*9PV3n&reH?o?q z4KCk_dyI$ajUu^lL=T%u^MbJYQ=N}EEx1WHRGDf>%Y>m-{oOq&HPuc|X-^#;e4m7fMKz125}%y0Ppmu}Oz}bJ=ap zY;t6ya@{Q2rWYe_fSp*!8V`t03Am}P(5k|)kl;tVkyn$L*YS%8Y zW^&cQMHtA|T{G~qKHC9~ZWMpRCqh%jeYS?M2P!>b+`_<4B(u-7j-9CEA>ozFu2jQFDECk9u%~)4me26=IK%U1`yJ1l>#W_B)#g4&h1R_~crJ-P#AT+Y zE+z5y*ii0+H1|)(p)YKqkabgfUq^@A^`||~Qk-aD{tRJx2DVl&nqN*AN5v$?r!M3Yhvk%gatrxRG7U8>UGE&lV z^U{CoS6{M!aAmc5tl~X_0`e%o{&rG+-IUK8&Tcb2I$oV0ur z>od*)><`GwW#@hH?#AlMOLS1rT5rzIsl-CCGh5WQPSpTZsJq!;UIO+VLF8N2zvCIH zv^y0%o`YzVo+`b*wrwC3899WMMKqC*zz+ml#DwOSS1T?ZJ;3uc18lu=2eFCv4M_F z=O0&GZzW6o(*0LiUALTN8pZWy6U4xV04F+VOIc<$zXO{m(ZI6_V{)bQiNOcyfMkW$ z6i%1{Q|$(SRyWx4jooM`mSz#jX_Lg?HdiRo55OO2s>Q=HW+oXCYKU@hEw4N&DTB3s znPw%x5>v(b{1{1Kb2O~RPP^N!s>Fh1Mg-W`l$Tz@Q%3p_TwPoaC{Xt1$f)V^uxhcs zRu@FJ9s(yPQa&uSf67jxB^Bf2kUXo}?9*{$3(ZdV-$LRu^=E%FEE|n`oSi?1$Blu~ ziON8gbz-pD+b$*FUve&D*P6mZD-hlVh$2*ol1_IY4+&Gl4KK2l_tSe4=P);H4Slu) zSGFO-NqpDm)mfh9tp2_NtMyN>#^SoAu}Gg86}6EXiCkP@!1N~aMU%Ssn`W*MbNhT> zc}A}Gt3IB=`^}PhL={h*`|D*##P?1klUzS_Y)|#w?$AFvdiV#B_Pc0}it$5iK=R7$ z3_W^+?}sTHY3h%AtR(d!CM2_q5#jF`42}`W&JT9l3`XCoZdqnCtlFlGDqK(J z+X3*h<-7ywyg6g{yo;#j$6=0X_G%QOnX$Oqq4=wqM?mtjgN(`c*GsejV3S&ty7?EG zG75uOcJ@{TC7=6r^NQ{Bu(Kuzm4Zo*<+LT0l5|f$)yCUiAuXsH{i)fNT3dODOnAPkvc$ns9L`;2cxLY*OIg0FqnqS3k zI#0}E)dtD?GKa(arjiM4CsR<|Z5r==$knn=1l^2kZ1?|ix!%Vl)K<=-U%}^_d7$+Ls(qQurQP8K%mZrd z&3iZ1H*@wAP_j3}3$^BokLmt*U5oZRU@SgQPCQ2S^qlkURzxzHbcIebBP*JMZO^3#K zs?i)Hk&ngv{bJBN0R(f=QD60@!(@#eRNg>{9*NnxFI*2tl%)~;R3?gdUEd`T{-*z8 zrPyQILF`CC`ELU~IW4L@B;G7LO3qe0TeZ);wE>Cs5Habt=6m4_84YeVr1th7!dXfk zacZJxDkWg`I&>i=m5if=D>)o$w;++-8M3BGch2h|mh#O}^>NC-8 zx>fsgL~_Is*O0JV%H=lHa%>z=ZgZl3|46Sv-+PHT*BSOs{D(yFe!PAR{*B9Ly~=mo zG4r0W-do@F2HN(TC#%cnp0Gv`uKE*M4knZOrA+;8Ha_Rs2epDBi)r=OHsoqkDC#HY zc_q3jjC{zmCqRNC)!bHrJB36s0J|ocN2OU*NZfWnY z8uOT`Pu~PW-H9`Ni+g0}mt5RtvAJy5NtC;D#C>;`7AKd5Cj`f8bu_ESL4S(OBI8!r zF(=8PPO9K1qQ)@}lfNJ%)ee!*SOP>Is)lB)nQq38{s$E^mgi~nJpKY#RL3_m8BLQs zB$+2xp8Eb_1pu4f=1fab!@S7tauFxnbL~9r-ToUNEM8W-HV!6c%~GZ+5gSAQO9>)L z8)$8f^>Aiu!**9+e_}1~aH5gFZ8Fcy56n65M|0i%bPmr?_9yB@oQ5U4)fX_iWIT5cCcc*K@NL!?Uq)=WdoN<&#rNo@C_I{kg z>g7z|098uxK)2gu3Dg*z-p1we$-HQ)!CfTZNWQLBaeIpIfn8DB{f`Rj9)xSB`)i$p zPaTY{?PPxX5+|g61wii#5;>4r;XU1+;+CNVXO3_X%raXlS4|2*TmPOCR-^)ShH z77ah|GdFwl?A66_8ROVyr(g<%-JcvCMZ7xW>N43Vx6em zpZpw<4C!l;E^%x>0`faau%Tvt|HfwIP4VqEr;*pBW{rKqhd+y!%)-p4Kl1Er6#c^Z zNKLw&U2|>;e2sP_>He>Ud4FxUZ1nMRg2Gk@&}rI_qRY0ICw+Lt`fKbd<7MW8pdv?I zp5oni{9|?`JkSsY6O1ygqG0Q}>{6W?k3b+#Oa^M71#6V|_~G+~owdkcyUX&!AH5xr`8(rr zx90M$T{xKSUi@Pkk=`+j5NmddUDAHlT))?0;|C z_n&V3|H@{{H*k)y=s^W$2*60_ey{AW!{Fa7n7@p~%QyY1v+m=--iTuziy3CI4&Z{CfKVsgHrG zdTdir{EL4$Xp0KyM!_BPTD*Th^M3~U|M?GiJTXP3Jwi?Ne>kWx5Exop<%u)W|Ih|M zWPy3}zlQo>L;Y_=1^jgu|pRz$* zkQksus{mjyMW8~cIN#_#Ps77PB!@+6H=~kDpi^TLKSGK853?ROp9Kj$V!TLeXdK9; z&}%mQ2q3ZldbHYSz?_^qjimXvVeg$yVt|O1=+-CzEPskpb;XRYD0v@Rhu0?(lmEj7 zU0#XJH?ru}7PmLKGrr2~I+ux!g%m&jyDaqG!>c^Jk8I1-n34#T_JKTl*+D$(JJzh< z7=r#LQA&&)ccu`f9;aFik(&$v5bC7*xM1b4E4u#f-ZJ|iJ}xfE|Ky%|Ctyub6V37) zOTynA&%hlJ9vNUpp0B#ajsA~!Kk<->3k5iBF3oY3Mh*Gk*?+q4FaL?{p{kote2dxJ7j=z^H4OidGW*>DRx1 ztAYkNHud(jE~ekuS^jIo|L>;mhU@=bEu~Hp0PrU#`Rp}x7aKIyjuvw>hXb=JE*^0A zm7mO8f8WXf?o@j1^4WiL0RRsqW(=?@uLV4!;K-7R;q!$0dCnRS0M<%D^%k8a@;-0| zF!zgaG10|B+3R9x}rAc>dFL8 z$JOqvSZvDqpwRy3+ne*Yo~apOAm}d@xVeBShG3Id5~n!>xGDe%2`J_;auf@r0IL&m zR>=&zKGDhpGV!LbCd(~{(sKc=Q^pRL!=U6JZ2I*a4K}A+6Wnw5bp}VL|I($8Eju+E zQv~q>>lKuU6Lup2mFIbdBraO>6V|$)qdX2j`OUShTU5rNL!!6B<{khy5D#Em<%ujN!r@bJoU$H|AFSQSxa zRc-;ur>(VPuw%*$AiQHJp7+DoGcryuB13_Ge2+vxkl%x&7Gm3RZ1ePB00jLEh%x8c z?MHzYtdsyfqd1d>i)BEg83e4Hk}FL{qAOH6UyWdICk@voZV5 zIx*OrjoBJEAaNtNfGE~yfQ&W=levTlJ%6VT3TCXjoP*w2+#JUEXJg8rzaSDj@;;lf z901gq9TM0Kk{!n5mSiaXs_zJ!?iAkvx3pRHbPr&lT?78)llbO{T!iwgC00b6t& zK4*5vi-9=F8U8l{+lpE!AIdjSMgdAm7P7cA?^;lPZkjl)Z%5rLrrpNT%H*=pK9_}f zCnAfM-gJxhJPGuh(a@XMlL*GLwe9tkfHt=;npc8#%r6bC;+KjWukk-fxt(nlAs+0AEXyH%;jAj++pqCsL8hXg(R0 zFHJ91N)ud5&~sosAJQc-A7~gTTKq+H$^{HxCGxCj9FZnXQskTYZZK|9snVt(2hZDd6VHj@ITea? zATi)ClKOCV+j_aTouIl*Q1*;_n6GFxE*#8rr#Akay{FClcr9ta?RH_{MFtTsls$&) z&52c(rj2fTg8U!Lc1*fr#0-zKH=%89eHVB{--q`v^3vZh5og24GH%Q~7QEM|HKyu~ z!0?O4b>P7Z5sRJEwT9*?;Q_I;51N0K^ixisE$D&Em7m5-y&*N+gMCCf!yLnrFuq@ z5uwJ{;QOJ#Cbc|+u1+GO)aI|lFA)yFmdSf}5O+)|59IcC--fx60CVCZQQsv@70T9X zHGStX;vO4qJ+%V%=!4^?Wsvz!{IDX}8r|;4+N-V}^G@l{Ghf z$C#J;8W2xWTYPSC59+<1=0JX(a-^~-T>@TKTGrjq03&)f2B~W*3zejZ1R9@8Nr}Jo zyOG!JiX?`erLAR|N_ZpNoER81dsV2ad=gWXJ*OG_J*pCuMLuadYuayhJ^dww6703J zugVGoGR<;Tdf50 z%tQ|H-}z>fUwZ&cb#=wIti>W2hjPzFf3i@c@267-76D-~8qS8UC?(IR!IoS`cDUI5 z$if$ikQE=2AtJ?nJ+6G1msFekly4%N!B5%#p`ndV7g{A~ z$cAV5yHPlA=Q|UzXdAnI8q4Uio~sg zOF=}*fL|IP8U!Q*sC(9(m85tKj$S=Uu>A%Z`>}GCk79T zKWcDSBG aR&faxv7Ydr2!IBRWTT#WzK+`PYiO%f(w7M;HU^=J0=r(-_ zILJ%}qJ$S|=4H#U7xR?Tk}K_6RE`ySyVch> z8lSf1OU1Vo{)pns`e~h)rk^1W1{Yq$2b_g44Z?Z>Ewq7ek0|Z#SWhFjA!0GQY#Vz( z*-{&#t`BI+d-K=79CD|2T1&EQOh8$B?;;3@-VXq58l<+R*Ey*fCL>`w1v$PWmnImW zo}d35+x4mWP=7k9XPW3ep`j%ZyJ4wK#M|O?epclX14xS|AAZBX4Mx%_tUs56;?;ny z0g-XiY`Gg53h(bf-KPwYMJOeLF*$LB58kTUl4-16RstH~4MVYOS)v5IXp`%DN;7f5 z{NfiVp)|T)f6Tj^l)*Qab*6U#S1;u7CgOb#8TDt}fEeeA(7#c)g_QpQ>4y89E4hgv zZV*&a(L^@h*{Ic(TerGUi*~+3{Kb#{pW{W&LUiTqWyMie68kv32PHtM(&>5MPn?;w(2wF zB^zvt`5VpSg4DW?-Mo(nKv{uNql`h~B&(a_25^&37dM)k9|BwXS^CH~0BGE(6%dRz zRQ}BIZ50uj>xSb9v>Yu$j46 z55t~9XCUKb1LZkxE_O%oebW$A{uTz%b3tQ19p#(f>^l0pvX(>qvhrO-bRox6mo_GN zdz8p#z`7X0{1ISy zT$J(~xeE(sR2O$0;O%xvJX!iR8_i+7PsC_K3Y5ju)@m0ih|dl7aodnBCCt$ zMKTl~t4yL!9DXO5Q0_#w<|*Z>O7&U}bB=AWqc1EwaDUd=psm9z2WW!lrO;=c-XDP@ zb{>x`Z5nQa>cJ`7bxrBEb8%q(f+CE*w^@x}%Gz#b&1FW;w$^maUxvwtQPlZPm|Haz zg2uD9klh{>I^Yh)8Hzd>&R`dXx>JaPn~R!WrBzgtT9d2S6}owFP4N{`J~c=5sE5M{ z3~IM<=#|rV5aknBk0r-NA~3Xrw;_U*6JZEJ3SQh{!S0E);4%2RZbCv4f@VUB`AH!{ z+#N0Rt7Ub5`j7MZqWz*RBzIWzmIp7+{KFFWVSp$OHcG&%)u$%t^}LY5H14Kav>owg z!jf^gkS5Wp_Q`qhb)L7){7JrFp0`HGE5--Bvz+1mm&Q@Lu^V4K8tl#S_O6Z=0!(Oa z>vs;KeNSmKH+*ZQ?qlVcA^?#ebYITX)fs?+{Zsr#(16+_239?KStFAaYmxyY`bMkm zCw}5QF$asei!wYf@%J$ND%v5ynfoP~TPB9yC2T%;u*8#`k)fRXRh?h)q=5{Bx$t6Y zUH<-uPYFXJm;D=Mbk`T%glV{J0>?FN9q7?0w6UDK{0)*~K3kW8e{5|6wxAW1(@WaK;I zx947o9?^;uWbi!*mgiH7@gnC!Z3L|vh*y!N$pHbjrus2bbcU^E38~B3#PSLKKoqPi zz2!3isQ79^KGAz;YjTUT(x6QH+VBKD1{u5F?5PA`Xd_YWjezZms zSpAkz>(}w_(5RKMH3AWQ$f^YmtcUE&PS3xkl*w?;L18Jj(sR%9*Ebq%+|r{5q{;b^Ag7i8)i@PDB%_7>rr4 z04JYjXG@KSC0VJ26~f9kPA|ig`NezFET1a;-HQ?LO}00FI*@CP_kCloX$0m8HLVfM9Z9K<+Amxf6NpS4j)a{KX~yl6C=uUm8EhOC7RS}TP0vnMIlRK z6w5R@QW=SYRZiYu%UgSGN_+Z`)sZ~juu!g{`dBBjzLg*r5Mh;wglG;DPd;#kY^tB< z+_P+i*lQsCDYL^I>ejvxS|M7k;LcJ}4}FK#K{&UfK9)$1dODN0?(AOTOeMwRy=_|D zDzaFQP;$sBC7(T(6vyja;^Kd>{Ju9kl!_mhfr)YOL4GI|)7skv5^Ql@o3*%)1p+}R z%d7rv%o$^@3&*83=OUK-P3I!#m%bwF#Whn0rJjCMS62(`-U3qx1;%7rTvMrUwhAIh z`r0GeIF1Cmz{eq|@0T95k5yS7eo5x!`p|? zsP3b^1pfU@ci$J|!fgYZ7^mQCyHwXs9 z>P?$=S8r0{1s`$yW?j(Ecn;$GCSIU&M039|I`fMPB*NsMyo<)SiMntCjqXFqMeaxL z`$S7U!4jx~CP=TMTJkJ^4|(_Y-J&L+Sk$RNdaC8f1(7I@2)`trFQvZa(yf@)l73N+ zF>DrM!huziCI0+I^gVqomKMqFx)paRe!WStd>3gc+F8oZbFrFqO+_XuAkO0VF8@U^K>o$&AY>gNzn-_+_xy{rpTfvee!7#Ek~4;)u7%aW)2riz9QPz@@Llrq{F9! zIuy@Lgng|~#a57UV&b(!@5PODGq+3WL~Bx`@>Yw45~2y8EWKdP#I*@E`-Us=^qTUc zXNB@^Kj#(3N0f@7d@4gG+~5~xs2_tvINV=f{-m$3GphVVcyg<`; z{2f>PB9evXBkwiIsYh|8l|ni7y~P(7lAnI+HCU%*kR&k-JqIG>S^{kL?>~K>zWb0U zwDz?Agt$8)5z6u2<)$85MgE;oH}+eM{W`dM+ORp(DHX2}?^cJf_VCqXbD_BZOoY2R z!6ER|Iu9a>Wf9fRx|h-!G|HuqaAer>QHr2 z<|}URi+o~w_GtGrMW>%HJEcVjQBA4ytK+9naE!z*D79mP_e?H04l)+|sA-J`_$ehG z(p=(!3vne5{alnPpcl`kMf!qc7!td^14Q{{_7*R*R9T4A%Jn@zOGy|{b`GJPb95D8 ztW&ImS|dV)SEx%w6RuaL7l)|vRT#&I>Ag8-K0&OF>-g@K22<0cbfNLH!j@FH+o$V$ zEG1TV8Y^5oSay4v%k)31=RPy-dO&&cH3-hxE){f~Dw-M)O6x`;Qs~TSF3wms^Z;VP zP|MHXz^|%r{bevJ1*5{^5V!X@6e*0&DIwXvcE_-3z-qeio z6d1olhd|7C3EvwHBy^+8S%Sqno>Lp9dRb?gh)aT;%cS3SXo6nvrFB-a3|e5e z>HEeeGOz4Btq|@ryL|$#!L>d@)U{pj3UT``8d2FiGM%g0H}W+eDG@i4=xQElJ=7_5 zO=QQ*^Up5L3-Fz;_i|=S5aF%;c8Jj?GxJiYzJiTLc>veZ=0+$Xsx_LJzQyl?^+zK<0)@Tvz82EL!Bp(u%V>X9yzZ#D;By{aI=L zc2OhBRhL7d-j&Av-fN6Hevy-izz@<{fw-l(E;b_(aiG$Tw)`@QU$Mb|U_wgDy^ow1 z>2ffk@akROr?FUA5mk-_wLikp04P9SsEf5y@%18SN4Vp$}2A;QGA);$eUEb?9mf#WEO zl{laCnUDD?B=Z-2G7p)tUUqjzIG&M6)J6=^QJQXj=S2MybPD-sH4X|cjwyS3MaP+D zQar@}(HIUIFSa zE7q_lx5FVK)!Cm*t!im8N}Z6pV+rpIND)bmR$9;kMoYQ!o|_t37L~bA z#tel$Efq)j>Sg!mpy!4MsNQRconK^uc}-2d>->BjE*uBbr3uop<~3n}UN#OI^-{At zqfSZg93Fitiz-c=P2N!Oj>GHfL!!|ic%dC}UC7$Ovlk+q*G^-vdlhZc>L^WKxj25h z+~N9g&zn>=_s^r`_{H1(Mcv?3-S=WU_)2F7q=$;}ZAGt>RD&-xtafBF+AkJyEoh3m zWWX~}ram{`uMzem8z4KCTat?#r#CVZx@XkBV7sC-EOK*CzdFmM`>O9+oluCO8GeI^ z)>F%Z!3%{;Uw<+j64_UlXAO4MEx#D@inG)Q4Y7f{Ia+UQ93e?~#x3lJ(dZ9>Ytuhj}vC;H|-p{Ej ztLCTX0G_~)iUf&Xh8TQ)2!4Ga%) zPM^-gVQ=r@vrYi~WJ;Ku@55WwA!SLrE3zlbc-t!`;DgmoKUhr&n1%9M=euLDAE>uk zAIi^;9m~;<*>Myo1kFww^6m(1v(VCa?u7KPG>M=^XKVHO4N6)qL*l{kEV^{eH{J#D z-2FU*op$540yx3?(vgYlcDs#X!nqaL9k>`r)v8^vS&KAZyFRX?=GI5nhB2@wC3ZAY zG~Ox_+2W{QI?))%yZ}5o7NBnrb!}L^;5aQn6R6o;v1%{9B$*qc{(0E`aUUzmwv>JS z%>V>*O^P{s)`b)6TX3UCd}0t;LKN5=ko5@=?3nD z;I75y2Jh8IXFKbkqWKHF{&YWK&0iF_oZaA^c;2`^jlM(;N*$4wlv4Vh9mPa_DxUA3 zygHFVaFcwI?!vw5_e;u$q)zaq>V2V$;K>#iJnrWfQtldXA3h2)aHt|&BS?E5-*-g% z$iPFLi#0EsW_}0&58`y}Pv|{LR^dg4r-hp1U&d_7`m3K&o~V3L#%~|)b$i9{C<`Ay z{Xo@8=nqsybV(b7nZl_$aGBE4O_aKSysPlhnXz56=la4`(ZxuSh=^byEgdFZ*3f0SdM10t-WAt~6%t*pYc z&WX(Y3T=-#>gav`jMpu?qGFtmanxy5BXYqB_fv87Lr_VQcvo51f0C-l^cU_^C$6t1 zwzVFy*Dt>F;G5EJzHl*k-E2kyl;U>z&ru(0y+;}>D7A|7Sn6$SO;C#O^r1Hwr-x|S zFiW=a^hfNjyB}XQ-*8OPvI=Y3H0(8tVLfH&YWQ%TRYp+(_3PtT{zGi};VTRN*Ta;w zwvO@mezpd4(d~m0nOoLA-qwzTkR{iw03OEvY3Wd!kr+iIxS8EIlfiRioi>*itL(J4 zHayMHwQr6RcJRT$=VKu#{wW_^IZ z5K4cMK~qVWyH0(&CpdZG^^}&<`kraV5hC`<&@!dMzE`(UbTjc)@Wn4PqFl*N>C%BZ zuLeEg=`st$WF;JlceY?douYf0g})G?M5Sb`-nX+zo1>)l9{q)kHJ(GyiS8@~;!zK| zWCdBTP=jz^^g5oHO+l-6$cf@f&o>EVcW%#2X+fG={Ah!O_23uY{ibB!HYUoz?#$Cv zv%_^*gXXWSRtMX3K)P^lL!X1;%3DTd@7_eOJUQI>J2dtzl6p>}#9beU9&kg7X_A9ovQn>*QYfoaL2#*x;=XKuSO0L^Ps6a% zL@dMpj^&(mAGGUc<6=F0X4?`~?evZ6P&4nJFbdFP)5+~hGOX_xCL!dLH5;Eco6Ccw zz_5$7kew{L-!c#XMi<8EXv1}utnTh z9(Tm8PJw};GDH7)wQEn+C|crz*y;o6r7)J^c-U@7)NzD#?s$nuvGoUXk<{tLCu_$j zP`kwaXVLCEuElLXP0nPOadx&~L`y+$mW-rc_JUa;^)xx8Se1w3K~%F7Q)e#QLhRcm zX^G*|&#PWm0jqlWBqRFYy_C2{Yz1VMM=F`5N#H!Mj#62Aw-iIl%J}m~hz<$8+caC# z&M#RQ9p}yK&+Xq!#&!1i0Rnhzc-CHvZecu+rDv#BQh^0m7^~es4!bF#XEOM0VXZU% zx7Va(@bQ!o;<>1ldwqCvI=1c~(#9mw;;Fq*(SS0mnNLUf^)ikBNQB|z6iV+72Z-rlazi&|f@^_dH>{b`IXpbi68w2$5B zXllZd;j-J46S@p{)V>v?q$K-skqv1`4-@BB9M!nLzNw zeSMe^MQ##Y#)!Zj!qUk5#_YBBX3-!03(eZo#paV7_NWZ`;F(+T$yD7ABi~FjZpadY zfl6dYJ$AdL_=BYlB7wvKx6iQ+D4g`Zh839WekT$g0^lCn#OkU8@vc*%J_p8*hVc9z z8Z6chfoZ?xAI0R7qtbX$pUBIFLtoBG+WI2WzKN6Kyw$(W6FDsyPy*DJIl>4Z!~kX~ z0acJ6y3`&NzLoLR>-DOP$k9j6|A)P|jH+t=-iB3>klcXehD}H*uxU0eunDE{sC3t+ zJEWvH4T^M!pwbN@-CG)I=@O9cd=}^b{GRvxJm)=rdA~ekyk8h=4A$EBT6fGj?>VpQ zx`piIR(IK=_Bq43?Uxuj^ee1rsWthtxR85IyNYJB6)MboA9&lUIKdqv57Le*^4fD; z9EnZ z_v*A+)C&TLyXB6e@5h2t-p1@bS`j}RjEWpIT}^eh(KB^J2HH0a8wOpuxHW&2K2Vtj zFl<+)J!L`DD6I2It}!KC1yOYyg=Kv_~RXE|!a zpG3Y5`Uzk=tpx0U~6U>p3_T&dKG+umvHrI6@fN^ zW3Dar@O#Xk=sHP>WZmz}AamXt8x+7Z5nES{vOx7;kH6G4EJ3!+GX@c$>vAGAq>TUY z4l$Z=i!soC`%Ctz82w~4)4&>W@_@g(RMFEJp4}$EJ>0{_?{&C91%^N<2-hIwX2N2a z4Roh3m^~DMjk#@1iga*?cY(6M6|NpZL{T?V!br41PsD6Udhm?;Od~%xY#(CY^s|=#@J9p>D)wVsX zpML2)Y_iX4w(ngf-5@3ha+;XDwq6@rQ;zS9XjboeGf`$N*uKU-*RVW+m_%^ruw6_u zr`Sn;)}h2^AfiiJuxvLY5@U<|4nUngwmT}qt8rsKtkN9U$U0B38!Sv?@xcf~SmtHg zdPC#B<`M~PV1`pYjI>j8Hz^Hz#Q={rl-(pSu*)HM^i#0kUFngg9i7=?TjX0|Wi!uy z(c{f}SdYo#ae4aXrnDs9Faqy&c}%iMr++*Z@EYyTq`ga+O-2q1DnO2&k66w_m zPF1;OcQhy%)lPbRlQPqT5&GW*~}^Tcz>VtM;fm#?Qlvf$Dj@f^fXmJ;v9 z5=`{Cw%REw6$9{PrgC~VjL?iPLscueNP)U{lxNxW)9AxI^nXPI?q>c zReX9pdZmDF=?Pd5tL1buEEIu?!%@4h~)sQk-GJJiO9=)3Q|S!a=i zNVFPTvCg-IM(PZjOO5r49Sk4ol#5e=QxF|Ghuf0><)EjpKq1wo~Il9Ql0$oV{kmxaO(*m;j+#NWKmK*IhSn2^?i|u4k6X*_c z3;GyT`4wcoPvM{9e$kO%%C#N4L9KKDl1b&7fsKiE`!|J4EFZMF33cB|&klh|q2 zFvswCI+`Gz4@Yv?a(a9*?=8lKa5eF72gb9|dpKxvk7hfA2xhzZrk;~#X;y$GG77mQ z+a4nsVyWh7vz+DVg7P^-+fmj(XCwqGjkMz+oxBi&bwAoL_1;6uT4N&}O&-u-yi}VJ zjZ`FqN$j9^fbo9T;{b*QSq)oVCbz_uG?})0f(GUGcp`JR3CyKl?K^cCiTC`dPjFOT zta;N?z#G7IWa70P2-=N4Ctx?silQG~^==9y9TOO{bN6AXp11uai&_5kwe7Ix3UR~O zPNrfD#wo?=)?zX0L?&-nCw=gQLY9Bl;e^LL07-xc%DW(CM>Y2&uY+XjP8Pd3nvcDB z*^EymrkFK-#XY0oIy;wr0?>uW@pPtaWAC4@=0j(fPHq!o?W7Mt`5FW~y>-01)Z^## z>&I#Eaxp2yu&(OD&*rabv+s3=IP6}QK*_!9rd{1N@KKIMLv!!Mf)P%kK7rhI7vFdv zQafF#Yyk*kT^pN0+Y9QG&bhCGeeMwn375iQFIc>d8&BfEifD0s$>3M=9t9k)cZtmk z`MvMJXzV9r{E#H3OSEl?G-M0;T1$Sk*R*7OeGX?9a|?4VlPNN3@|uOjh-NW0vMjS2 ziGvUMCe-#yW#XKYxq-bkM}ff%na(Lw6`_#Wk2qXxdmb{P_B4y|)b}7kU-h@pWr2p> z2y5exry6ukI}2}wx3hh+0E&la(&u`O>R$J~L&f=yoV$w#Qt9&b;drkyDP0~%zLu%>BmgP4RM#@y#+oC@_P}b0522yM3Fe2O z6GCd!5c%O5aHh8$1_;Nk!IG`jPrqghC+i#$`pr~h^hfe!=oc+fb@_iR# z)~~OG{mkg}2_D0Gpi-y%V}qQA1%lhb(2aZ$drAc}7CByO?|QIRK2=FHxyPqu+SV(`BAX|@UU7_c}kX8)z&4GLXKC!97 zs#h*3LTZ)*0GW2EoQj|hFWLV)y!fBoA-8YWh5c?jnZN~}W$8=_>httEbCaMwz;9~! z>0uTt_V%TC;>33;$~SLksIMRB=xhQ6rsUi(-wDROMn0ayi2?}ShQRYXu64tyq`6l; z@91m|6K&Y~(??-m2ry7q?F}T;9e+VbZzWSmKp=G14+9X^Q~3R!6qN5WP`|(-Zjurz z43Fy=gjn;?_Ea}HTx;da4O%hEy~6MGnlRG(#$e(0$nmNfFt8P<@Z4b|`(B1M;Cpg* zxIv~CQhH4HVn9OJ;8nSm-f7Rv$rr3-+IG!Zyrz8fOh=E7g6pFRJjPoo&vG)+oPU|J zf7uB%Sukg)lut&LoC~<3dmojjS9;Y)6NR(915$uh6TqLORM(l>2_Uhu^6{|aW;411 zP@g=LSHh=@52}d;^|5ij{7|%=d=F<}*9-{j`+mE;<*$g3|Kwf%r}JMtew=A~cSrmA ze=niGywCq!76dd^1SC~H`cSd)OUn1ZfA0oY!j}G8vUhKy_WeIhx4*uLI_P#_(*1cy zlV9xgU+=m3^%BoJ_xMm|t4Y89<9}mV{__U<(&!`>F9Q1CG5+$8|ISfIH|=4wjIgDr zTK?useD8x)@-;wWFXR5!9XHUK|1|sf4(evaJY9-d|7m*v2WbP`{sInkw)Ba%#$O-) z%kTW>^8bPk#AP2T0LY@JTK0;+89mNy^!FcpZ|>I-KFHz;ov?WFU!C`#kN!Vh>YMxL z1BDG%Uk*p*Ew@O1*TCw38UWa-wO3~wtKiCS@xK|eFzgIp1ym5JMOS~-&#EbNPVA$*&H@4j1nD(t{-zVo}ew!-wdho>S6F*yL@Q|$(tD!Ol};7t1r7x3~{Ma0*b+?ry%Ob?d@L%TBKV3G7fM`QaCu4YHKQvdxP8Bwn#6(Q8CzgwBuL@N1- zwAx|6Gl*V*AwFCCwH)-fC8-b%I12Q6&5GX)+8RTK%CKyw`)|HN-w$Y(32Q9tH*50$ z-l=!mg}(3~Er9>W{QzOx|33}?Hn{+Q^8fiXEODOw+TcE>=i}8nTREmXb+JI!XwGjl zJ$|*N_511RNUUCNs#xywbJ7%`umZ<~X^q*WA2?>7m+g*by{k0t-LVPC-;#~O^;`|#ggSBVhd zSPLQ-*L43+fcD?M<9|<3&S1d!uIyxJ{3e=zfeC!ZH+%4RoPQtCl^fpxrs4g>_K(f| z$GJAG(*m)#P-M0T-M`-lzHwcx{-(d#9H>*@>>)bsouL0dwG*U(QFC+~C@A~)+5E{L z_>6T}+et zP?o*b4Tps*;#Z5}lZ!{&*H_y&lBY=kgmR@<(e~BwimAY7jq?3IVS&a&t;TOkdQS=k z0P_qK+P4wF(|Q%{c1oK7=lcwbi-XZ9&js+pLc!w@jH0qR=<)iv$x zllDiJF$vf#)1r?@f(0=3xmCP@4jT@80dpneB**G@P5ohjmAwZZN{osT}{l#f#VH9YCHf zt8&}>__M&a$Lu+&;?%S_&GkvA0Puauq}E3$J>Y!IO=R6780!Nx?6N~3gmPXSo4O{@IZr{P{_pBv9V zujIT{vH&m%WfrP8<$lM75ay~ZMQ2|VSNMB*(ssi$&JV_XF2}xvH2|_7nRnGmwF;oFt1Uo=!hNuBH&}GjpjQ?sfUiVd1Lt7J+XwxF zaT#XZNxwc#@3qw3Pg=3mJD(i5&+0`6oO@zz`D^Dc;t`=7W7!?NAmwT?(Q)tSGF;xAtl} zMQvi%o@v<#4ilzYWVSUPSvHQ|DAx4e02TO!m}nl9;tlP;`_P-VpR(Gv8AumSSYi%( z7T4?&!bzD2{BNlF;wIv8L}|@9Wcs8w`~-lL_wl^&F6S`C&AqRWeHy zsMiObPy&oI=D%&X=dQ5^jyHidxEI8dG<*4d)_TixRrqCN>Iv!UISmA@p~2((hVJ!C zIj*BV*M@TIX-x&2ExTZ0wohEEz%INx`kTMEy)Ce@kCQ&Wk|EE+-F)eD_>%0fc=+=| zf+>+Nd=eIJ#cXUq5&UKSd9lUGDAVCpnBK*LJxQ%fN6vbEiSKhE$+#o}?;U?@$N&H_ zoHP|5d%-%II8|5+vZ%2a-*)e}r0!cPT*^tQQg>W__p(ZmcQN1L+3164>;W=7uj&9g zu>oaVM3?vFn2#va%V0K-{p8vD`;JF59@|GLc~NnM>?~+z$3TI%pK*hMH^s3}P*L%g zM%fNGGvPP2Nu4c+_!a7HH(AHG$GbF9)lYtl zAS?#Wxss^b=e;)ue^j-h6q4w9GGwBQuR5^aJYJkz^A z)CV%j0NrO0m>zUkEjRWj|E2SrW@~|91a1;rZ z881kTu_rfkxyD+}nZ{Mrtgs$faMy?^?5hXlHeU{>YYxotmKDa#Y$6{D=z^PI1y3pi zPSi0PkV*(ZB?aM;jhtU zH4_UgouyCCK2Xh`bf6wu4jhe>`pjM(RZ|T)tD2>3iJX{ca#~%o`eU}uJpgU5vo-_E1dY9`jlRHILxNzQT zq>Vl}XeH|4C&au0MzBzn|0camMUR%XnUB^tw-_m0bh-~%zLnbqZjTFQLdBfwWl>Qj z%AO0vy;6{~fl{%Y>`jsSr8n|>{Vo^M&{wLDhISS)1ZpH6+08}wBc>B%aY6yMX6oRI z*S3eA@Yn0KlQ!n6Rh(g@Ql?4QFaRs6mzx^vhXqh(G2B3}0$*@i1sL^85oX(hi=NYG zEYxsb-t>W=Tx)IbA-acdq}yPQ&1p>uzN)XtAFPnua(|EH3;6GxaCeC`3-Df!xCp+R zJsYj&hg|IhYo&wed%wKOLa>CLo>V?RZBfhN~Ho~@hId9rhhIinrm z^gq)bek&m$82tiR#Ytq2Lvnz0!`xk{IZ(NX8gB~?5?La|M=s47XqDekwR&%y^vsBC ztbep0i)@Y*!fqTW6KL)lc2c_*q@lsu1z(n_3iKt8HC`RMJ0xpvYV^MvZQ%v)gBjW+ z0?MqAig5Lks2sbG6zq>^F4ttCNr!32^?9em;+MlNl;^HDSg6i;qqh-8djMT9>%Ks~ zB|kd;P)5uZLAFf}S`I-Hr{?+U{+l1#45xP=#OZWLd%@w|o)+xtN0XMti~yarCR+0#_ z3Ap2!+Ij+bEG>^2+74Q!p8((r2gLxp>Ycq%Jf|v+IFJAPhFLuVy{K;eW7TcuhLWV+ z!b|1r17)cY-qNc}AhaM)?TQ{zt8KO(li4W-A~VQZ(od(Gpa4Z*;-X=xXwL|4MeNQozc}=ks&-orM&kcZuU#cf+0~%Y_?73ckP3QzqBS zZT0qY7Ko1~4^$PXjF&#;Oi%K&0>I5RxmEeQjUYD`cf9mqm)a*__g`30z%ut3`e)iza5ds^H0DT&nM>s2` zxG_q644(Y5F(QW_lywLZ8QB`LP3AI)}zHJto!s_NMIm2(qJJ zkRdm_fcqe1>{^akF+~K;t}Si&2&LJ=bq1FSdn&mY7Nug-rjb4Y8H6_k6=TK-qfH+7uRcQ;Mp(+;rBWw-Wu7K;n z^m@oxIzL48w;`)id{q*1MAy-@V?QH^_2<_Gh~K>*pWP&Adzh$V9vi^B2=5Zhcs;3n z#}2+!26MOrq4wS+TVbdG#2SF*D+j~Q7K?@aSli|WMOtVg9=EUj$sL7C4f5nDFSpS1XZSZz$x7vDap zON_1U3-`y+_$Ty1-Urzbc9PD@Ye4a_{_-;3=QQ3rEHf|>MJ_=ild?1;OD$*ya}{I; zg(7%lw_Q=|$~&r4NwNhDW+K5U$ZUU1bNOI6jyy6aTV0tT~FHqgp(19yyX z0U_uY{-qQ$u&DS0nog2Qrb0_)MX zkJXZ9ft}+Iop(VA+2k5pT}&<2jEkF8v)wtN+vgl+RGzI2a?(AX4Kav%nuZXGLoA=$ zR|HkcW9Xg)iymy3a{fJ(E?2zk3Jm(5(39}pR#i;Og13G6E1NtT`a8h~6Ao_grru{> z#W!9oSJ|5MggKoKzLOj~+WkUH>X5?eNj8#*(b!5pW%&8Td*{;}SxdU#oW}l#frNyg z2HM3Z-+>?tQt@3}1p}|~1KKL0(7*-2jhBhm9qS|K#pk0IW4zK%dUmo6?SAx-N+*s) z&~-+ZRiP)#X9l79b3+XAlx%IRka(wa{p+`LBH;pdnS`pU8?mW%<=~k6pSS8PsYKrh zvzv)gmpIKiLnV8QAAS0)nku^K9mxL<{g(jgHC&)Vd_-Z1yc{ME&S1Ve*@9r$U+cV90v zg>u5zD6T+?NU~D45fu)oNh=nn34qU4Iw?sRWqZ#R zAS{X3;r~!K2nHn-UuZAU(I0L+=?!~HzAAR!Q&IG@t*jL{L}szM1C1JHiR=1-Meu zQ;h`BKXUCa_xD8Qw7WNU-zY9o|6r0|Tqd!v8x;yOaj!MdlZ*~KbeG_ye`pT-h3&1v z{1`F}>p@f?34%NFPS{W0--BRB(AirMSe`hX1W7N!fUuA9Lj5E$Xg3UR62oN9Xz~1u za(?pU}gt;u>qQW_!*YRaIBw1-HgO*NR7YW-mgK zXDiDrXz2{I?TZzN5sJQp`{7N#{TOamw#eUCN7X+Xky zC0(0i@q~8VhPQ=d)iE^%*vl_39f6~QCgn}vV{04ziK!mvSG1AcwVoSeyM*vsEMGLi zR(Bog3gS8rZUXM!Gx~EplrvY@$n{C!4-Q&N!PZAr-OdUfnMpCtt9-@oio!UJrILyf zL*a^x7*Xm{K6J3US_6p3W+@MJG`cK;M4p^kh_wP4%^HzxUqO@M=qv>3R85I^vC%3L zZMW%whMztBie9+v-5q$EfO$RB5N!%=T^kxXXu+lW^Y^SQIX&r~0&@w~(U8E}7(({e zyW#V0K~xJ0{4_Q&M@-fcxDqYluAR?Kz(Xh<@HXM6@gh@z8%f_Ov&cO5jdtDi5e_jb z<`u34{km*A^TZag1E>jeM#^5`FF?VJ|a)B`ZYG;`X@pbt8fj ze-GFn{wU;pKI*?#T{4NIkpeAMz_nZ#hsr$yS@gTe`PB`ZZet$IF;~rFZ1iBs@FI6+2%b(|JB*r>(qs?1y zj$%T`*%Ca6aXy(3hPun`551M9)YPUOH&{NbGe=AIru8%BqU4G?H2RF3#FDEICtw(* zJsMbjDP|hmS-Nmx+=b#cq`ovY@yCPWvk{Y?w}e5)3jP+-d`I8u1-pzJ;E54u3DRfZ zy&}FKgC}r8eO#U6k9-_=f}^?dAh_S@!cpeNUj=w)4^L*0J^32OD1DlUlFxARmFvsd z>&vXu6SS6i|0t~6D;2{^mglh?RFeyC;+F@*WN^yScD)uM&tWx!lnEV~(-HPCUgJ=G zohwdC{)J~>uUd-sf)d4WoI8}^WY{P4`azGIc-{0*NcDSn`}py7c{x@R3{H5>3&NCH zJPA+0Ada2_krZ2vobFZZF-$L420IrGCuz`CltUw{KSsSa)T+_+#Hd9!*eBc(Z=Pte zWGr&!sOpt59C6BXzgbWD z(!y0Q+1ktib*Y>?%u?}`0yyVS|By%Wj$j_9yjaLpks`s1xo^PMiIzcPQKODQL9gsS z%s81vg4bgnSQB#iuK%w8H?`3Duf0mHHgMQ>Z3*IM)XrnfpP-c>6(WMIdc{9>?OySu z;+)(txTq%HxU2Zs)c9vv*fr53^|8bZD!Z6$9=K0|G0`gk31`>~%V2H*Rn7YKa&=*5fT!@KDHu$hrk ztNTDuzQE`2g{VA4nVfkCBUNbp>y^^t?-J0ERN&M51(7|{2=R-A0$rY12#k(3k4G;N#0PAks7HS1FZ^D>=*Uq(PB|#_~;~(UysL) z2wrUPWtlH9-c`L;je7Nmhqb+)REqmgOTDQypAiZ!n5LPXlD!Uw)>)4qdq1gK9$n7L zenvG>-!DeDr zKP`e(g=_25baqPSphcv7AjWgCl*DsJZd-F-j>LsHfK+#M3}U0AqHJB)L!nW&S{HXm zu5Xf=*YvGe&P`l2vuP(jG{9c3`VN|s4<*--IS*xe2md}H)TGPyX$ z6jL&WH_L_Nqf(6zj-0KwU=32yuhWxgp%78AjU(Lv3#(_Fg!U2 z`?>M79giruE0;JP?X=GM(}v#lA#Nb@9k9wBQ!WM5*)L@ zo35?e@tLp2OaF1)czyZ8&2Y-@a=cTlie)l<CN4U8a;-oEy|E@l=ZUN zwK;LPrR2e!?SmW~?=dDO%OaG$)}MV^-XY8@7^=B_Kq0VRGarjG8Dw55oF!59cZ6Nr z?}r4Nu?71JZ+_Cdv^ilse^wls;DqGRZj!WkMSS0 z(&^m0}Ts{3^|`%n`%?J2`l*O8wu-Zx`4d zl!bi1TG8_qhbpLdbg_M-(4)Z{X%)DGcEX?^u@LgqC|l5fcWeZ7UOT_ODd24H3yQ@q=~Qya9YEb<29EO-$Uk7w40xXEV>}v5fQh zQE{qD3OL!2Osm~8!r>ZFCx7DTSSZ72;z2Z(n85s|QdJ3468YA7Yc|80;N9h>%Sbb!!r^wUX+er9C|0fcg#mThI>5ih8%i@wp(9O zw4X|7EQ#XMtOy{C9a}vaSfFQHr)Wgc5gfuAkcyT20c4RdC9G1_Yqr;;>tAJM>J{Rr z4y%97<+G*Vn$4|jY#>5ye{V3s>&+Jc~7kaFB9lK#$M97S8(rNYTPut+OWWrZ_b>XWG@!gz%?Ay+hVWU}d)_XV_75<3x$DU$) z*(Yn*F~Gv11*@b4-^dVqsAVVheGGh)u<`OU(ju~bSuv%K+4G|Q{Kc0#&fnfV z&w88B$n%ORAe$FTRJgWZL0&95y#;WtX&LOL(ZQ#J}5bJ8Omj3q~W>xj3=L%kKu)P;{f_dThJtxDNv>*<=} zxSOCJWI&3vfXX6``7*;tAH=M4WFe4~k{Q?_-@T9rQ-I3yB&Vr&lm#ChzaEuFY)F~q zF*>-s@0_~ou$LBbf!*~=))OM> zq{_Q~njFc+^5`$N2<+L*qbeQaxCvX_X3T%JESxlVa)^pgNly54KlvxcJPi?({hTsh z>3sHna4kW+!9JuW+x;*aey@zu22;TCVr;Ql361*r0o5XregGI#)F7 z?Z>X{l=VLg)N&{M3@?R zpF{~3w>k*wc+OZ{RIkW5Qr8;ZUP21lke zm0PrmiO_=`z~_U@cGR*Hu^>Y@2UPee!1-9jP^HOBVi{i6&jo8X$B()i8B9##@$~46 zJMiKTql7xjmO0@8YQ|W(VzW(#-;*5E-FN4rmdRI05OA?UWf}5^yh_Um4J5Bq-Al^C z`)le2P)gk9kDJ*c!KNkI3T#D>miMr)jJWL-$gK<_x zshf5OGG_pNJ(Jhsx+zGSPtqaZdisVf7Pd1^D?KD<`oD_B-(S@JRPQ9y<*IZ!=33z1 z6bDGO6nzbgBQ7nREZM$l*>e|za#zMDmQ52{NP2z@(J1Ys6)R2oRYHY`Jn~k=ZOhq} z+87fJqK5LF^4(tQtM?AI20n{u^t~jPISaGR;>4GCeU=y?h%kdh&7;8jh>Hkt;)}ft z5hWuzPnp4;crUEmf!51G3GSjDpD7s@&9GV0@dJ8{wt7=puxfoKDVY;5<&a)p=`j9eC;!CE^SCs}w%}b}*qoRGP zJ!?V)j;G5o?=r&Iaz3P&BebT{QdcP&x!OLJS7~XkuDI}WIsZ^42(1^{A~}Dp^nKrj ziFYk*kL^^y#SRy(k(_P9_PQ9Rb`*rXvrUA^nEO_`swqr(mNMm#dc78f7#MFs}`6V-I)n2`Ogl{@r93iRvc`B|md%6~r0Re=~(!{$N(JF}2kDZsQ$D1CHo7T^Cw;u}opzWuA zXKb1)ZxLuewqqC79I+p;i(3bad|pqv6mNES-0yK-9Cs+f`{;V4*nVagwI77Y$s!O} zWFwY>(_FlrKS%yRQLo6<*?*5vBXyQV)~;oRO@3uMQACh{FXI=*AC}`ps9n`_2v`3p zgF*7+2FxKsv3fYC@Oh@+z0Z;IDu|2Yz)rGUMDk9S><_mqpw>EGfBt>j<~mDT=&|sR zoVSxyPZh%E0UJ4b-RKol_0hMyPuX5RqFVJ7r1o6^QbQUQqLLP^T;V;QBdW6OU-PbGB-jN> zNonlSxjypR>Rg}u}&_JF7vH-Q_ zV&Wb4tt){54Nip6y=0`VJcTCANHE+!(x@I+I>Djh&74RGf=vnzT9thH2_tR-9Cw!p z{hL^rT(w(bw>EwK=PEIF_opa9755LcdFxN{nt9cS2M~$E;SvN3l;@a)lsG4 ze_zsRw<2dZFQ`ow8+1@XsVD4fjV850*UP%eL)`O?S*onFK2{9yn6=LL#hwk0*`Pl) zP<8~3#cwyDHy{|+vk$1HDNF*S75e?iyf%ie_j0UXtbeta49E77p0Rc7*nNzJ>=+%M zyMNe{E=ls_B;4>7joNmRQ7TpHTMW)4)?)FHUAC*{isGo?BF5gg$37`=S}>rys3)@}iNykAD(ltt6`BcCT#dhi|{y$Mq31Ge~} zpkSmcjhNt4blIAAL|1qhSBMmKso#}Y*)Hu8{dT!#*p<3>l<1K;(x&UEz)bYh&zgtm zeycIRQnDJoaAPW*>4aMfj}Mab}_>>2tm^2PZK=47I+7ZCjT02ADvIW-C1N;yPY&e$r5qZWpkPSMe`qW%GQt z>oGE4Fp}uyN8#;11jC zF{}zW*5=8%;X!GXSHXlyybh@-FVYDc1M6OEz@1Jm)5bmjN17OPuZ?khnSy0jPm>)} zgoZ6JOM~LoG-r$#+v#M*+rtP5G{$eAhQ19{&n913tFmypbVJ zx+zLqpZfQCXvV@f7>lUTYuIK~_@`b0sE08d414yYcl&$UkV|vnR4=cgw`mnSdmZp~ z6=CM7`xk$s6`<%}L*{PuPReZb{IwcpTdGTp+wUvPoyXxmM1no3f)o7anyXi6TN~S5 zS-nZJgm-lItP}Bqop^&xPB-oPH6ERCFls5L1r1*U#cYqf{WM#r2Hz*v7|*!l=3KjF z-Y4Cl_wYcX#$=hhyH8V2YQ2YxcrJy?Z6|`!c*+(_X4Q{06#QR;!?dGriZ6Iq73Kpd z?h}I^ndMTBR&a>4k$c}~K!*`!Pm^NTg8j2$81ra87(!DXC%Pn*G05S~L;3klkX`YY zBh5c(h7BUWFEI%q)~X&*tx|~@t@lao}o2HnOv*4hPD=a8S^%X0ru5>E;dMR$V7V+OYjjNI&%+pZsMMsh8v)mJf*>_ z$_cA!%|`*Jxy@eXEQ@+Y?QjP7-X+s6$+wCNGcme!=sG&Z@h2;Q0J)3KoDaB91YjH< zfYiQxZ4g+5tp!;_XlW;pxKVa$DE z=bJ(1vJR(vYOjE5JO|N&VJdlx$msGbTF+E-9$h7*ndljx#bNwrdQNJDCP90E5CD2t< zI-+1t6wJi7BAz9bR7CPBES|fmPXTA&B=-Y4(|D{+#Wf3|qZ5(pe#F#zAUt%24Rl1) zsW<*&a@-+9^3BOiLoQWH45nqzJy&?rKZI(QiaEExlt$CTy=I+)@61od+3HXx%Di%* zlq!ndXZt1yXQ9vDfy_N)C}W_HHfN!l@S5Yn)3qY=7hSm58Eh2R`WnzFYRD4S}#hR_Y=5P(eg%jlm!kZ&hCRbN93bF|s_ z3nnK7%ev1~RVbrUl`mn(vp3Zz=^gsF&l;s`>(%K=Ry;E|1S*Xs?F@8ihLA$JbCjwa zfJ~uA{AE-h1tW&zo zi#5MyCUBKsBg4V(xGs|3Y7nV19Cs>Yi&5g^Tf#o21NgtH4>M0{183<1{IoGuS{gg__>YpW-qG_sO{<=^zhEuNv1dEFkq5a%Etl$eTJT*%QKhzUPdW=jw#MA| zqDI%4og1Yixa63jDY5XO0lgCm+TRie9{*IW1=5_!jpFWr$Xgj54fei_%W< zkHgkw>2jYaD^Rx?r<)R6NidqELL)Qa5RMw&ORF%4Ia_w%-M9CzfQzv0)w!o&67_KZ z7_xAN#93-!+IYvx&%&nj_xX)dR3!SOz+1~zr>W;j272jxv3V7JhUlbOaKbnhBx_VK z)&fJzeSt-R#?xM${RHJu=+MQN-3VK&qWZm_7dg$l7iIBZ3cM2bAFo2eSIbvzwnd5g zJ~SN{4#;OB(D-6Ol2Z}ek=-{GQ!~JUgHv6k0dF-p{woN>Ww0# z72dC9w_KS<4Z3Rk<>Bm&92-M-KBjcmwmL_tx4Z1ul9;qo?B;E>$NzLFTpchOjkrWQ z7Zi=4ABN;~AwvJ8%}}T8j(H8MXX(zPLa3+%RqH(^FT# z598^&C(7^WbP1UBE+lg`2--WulkSs`HsGClw<`ywf0)LfEjTDwfPCeH&`vE(5$iqC zjkiCen?DB-s@|)owUO}k9qX`JR%k0sOv2Mf+2?FH-ZNV^k(2z}jiLjyb7!8fo9Y%% zMEY)j;p~IRZ-3Dl$)ZVg+`(BkAzvkjRI{EFd}!UPuNPYc%U_txZ$z9H5Jy;BHn6XB z>J>bra$%PWqVr7QRWeHiB(`|~^|+X$RCz(aAP0H|#n?(lyfG__m}?(V*~3l2!lue= zhSy0tRSC?Le%>S%*Nl(VslA>PHUytY=1u2#7RC_#7XPI!>zajjKQrqJ@^4KZPqZ-zaUZr&AP@H$Y zFSy6oh%swj?794C%9fk{kCQ%lPLlwyau6hjcQywzuX(LxHfNJzwv-o_@tuHIJ<$)I zkMmls1isJ+TSHHpw-vn_W({NARsN7Wstawz%2uusGJT%?dR~X$3ia+Zc9c}rx=VlA z(XmS*6xzuPU-y4~R}Ac#cv8+{lzSDMKb1k3BG_4L3L*|Z%!`>=b51T>)#u&IHMpvX z2;^?)T_bY$1X$fnmP}{Pt z>v-9M6TAh-Ve34R(cP*m74@`4f!qu)RfEe_%-|oE&lvdyis!<%4H;Q)?eaOW?^f61 zHJ;=**td1cHAZE?(I?`p?(s2zy<*iRsS)f~6aC&U-AVbAN$7sJV(ugP0L<=ypSqNp zCR{6;630yRasv0&c$UoDy^YjuPqY0Z*DsGkZG)#@BkZ{?+FG(CFaD9O^IqQ;tUD4cZ_lA59u2EIqP~dAoJ|sNi1YwXlrcsC^l#FfFl}uKjfuNz7QMA+(o;e*l55uluHdLt6G~G2EZ+T%?;fUnDo=I0(=%1 z!k{)MRHKGp4B}mDzbU_V^y}C^_`<_t*}I;{1@VxBa2glTOAXxc2Taqwjwn7t=1<2z zFONC&G6nBmyVP-K;0ig<4E+SKp*llkaw4=?-zEV)!fGe@*7dDB6-1{^m|_FkZu5b7 zsr_c3bVBXDOQ(zeS9@vrzCuJgXG^E|(w@7t}m(f3|#rlat(Y&_-fJQUpeITcvX9s!S>_v;rs-bf1&mHz@X%Fo(011Y1rV0@{FiIw$ zR~3yx+x^PXwh(ddh*lE3`u5fP-$wNWfg_-28!$T1?a0@gdJgr3+KOPYd-~Mk?j+Pn-r*Y{tr4Bv_oj=wUN&kFSMq3YF4-EZzeS)7xaIOvSudu%&|W|M0HcnG8A_i4a?woL8oH{b-JP=)p+;*3^KqZK&qL& zcv)u;{NuL(_(+WHP`6l3WI@;4?ayCK>tu{CjYhyWP;dK_)%8M-)8ed~MfcSIPYuP~jZ0Mh4&VL>6RiFQZsIU&I`{>>Jh3Q`&R@8qJ zFeclqwEp@-|Cu;{xtIT8GW_EhGW$0s!++0`|059OG8ixbeWN8NH)l6ue$prKz!Y|9 z*q6+1No1GAK50kIs`Tj2^%B+xH+$3BYp%0Dc!f_UR})pvqTyZi!-x2IF=)ug8gTYJ zUJa}~JAOEuWwX+sB{JThE4A7@6!`o5w@|yGH~^jzjr|w?#sc%>LTk5a)yhB5(omu6 zz;Pg#Y~??%xXj#0hjnTtw~F=uF+=dbMqVqJd{{>WAu+)EFZdEkeA_ZZ`s0xo|A!dV zIzehsZLYiz=xwSS_Ii1{p7c}Q0p4G$BN=dl2bKdqH!14BJ%2%a$&msd(@Gz@J;{VJ zZ@5!2wfYFR`5xmX*OCB>BJVU%QD`y<(2c`%eQ+2Ds)aC_)MEohAvHq zp8=PIpMmjf^Ilq|D48bDarHlT7Y5< zl)T!u;rBk>cX(+HSiHJ81N4ilDbu3pKzEO2Cm2xqzi`ZnC8o7s3ERueTLkhu`uj7- z&2LTs3I7aQ7s*gNDlrg{`U9Ph*awmzRVM%-!+7~{FQWzJDbfm&i8_*rX_7B{a~ z$dVhZ`T8WM4mYhHVbz!ZQ--%-vrUfOQJP`$8LbqxMN50csu)xl&*$(Y0EMa^ng$|@ zPI^R1S*D4iJ8Snpy=nHUx&Q>UHXfZcHlQGFo5*!(Kw>fVFu3gsb$RkfY{s3Cm0?8^ zC%UIEHt5~3i6_zUlmT={_}%zv0Mn794@mz9(D>H7M-2*pizSc;IBV1yVbzEoo6>4T zXeu7P>y4~{vRP1eU>lJMIML$#7C~9!K|t7FE_J$AERzECj28ezj^$Ln?3Zt58byp} zug-*yHy^!zDOAP#1>MQMf_7LyH=$cE#z}0cuXz9M%hURb0Ah9sj8pfY6p;o%1^xWQ zc#(D-U^|@6N&o_IiEIjOX!T+AyktZ)8|XQ`N;6QWmH;p%U7s;g9VHTRK$;>nQps!s zB*w+sCCm2#=8sXt7oqkU5a-@sc5TLF1=uE3V5}fD`>fU^~0+E zuV|(NNu6NnwHXK04OeY}rsOaZmU(AjcD~u_i`ZlJG&mY%A;A$ON9BP1I`Fe4n-e(W z6rezJfvu4o09kPY>{hiwX|g7cs|CS9bk7~jux}UnG_4yqsbs4W7NY?kPT!jxjMwj1 zPnQ0gQbFehJMquI>9^Pe%#t^vfCmOi)L@G1s$sMw>_a>p=gaWzl;KEF@fkRBz;RiF z##&@sx590DwAX2RYhrDgfme|@#)xmR()T@Y`m6D_wKslyY?&gFWJilU`-Yc*%o^{7 z*+X<$2YNO+MAa*tRVZQmdhOhgP`Q8EO7lwufdA@BLh$(_b1a&#Kpa{(BzFd?OXH& zWNdby)#Cvm*C$Ek#k|7@(+gAsK%lIgA@v5_=I!?Z zZGCyeSl-r$>9d*R_;RWXaybBd|r@<$FML&$ThEi+Uy%|0HSK2>&?8?`a}` z-9(Y0MV#2m!mE76UnW~7HWpCqm(NDayAO*B6RJ;Ea^3`X?0q=Udlaw0bgj4_h`4t- zXwIK7Wv+I_F`!4!R5SdX(fj5P9#2ew9OONv%5-Ef>c;2C+&_@BI&LR1xF?UBM=pMq zMVf$2#TqtzGvM%rsngj~WzgXZ8`eGr#@f3pZ3I+bd(lRv_uhEEeqsDl3MfObo*O5u)ORMTT-p-+_NNP@q2@N@~ucQXLQ5rU~&G8XT- zk2~F}ay1u^U=OSDO;mybsxodyxI&ReW-JGt9mIU2alK*y%@?r-V5{rWWhWh0LMfNzg)2m+-(hrEp?hO?IgeId z8~LCnzrJD`to{-8G7(R#4V!`c_BZU$aeC*+K=VuK zKn7-)2tV**vjkRQeI&*h$F#B(AcyTS7;o(|On)}gU#~J!)WB;}&Xl}& zPBJ)^y{=gEI+TKH(~39EZX-d|O_Ogi^ZP*ZD@WBrl==G@?>kTrbx-c5n;M$hC=DHd z;a#$?ij!Y_wmzS5E6&XLK+}%V4ODgIC2t3uoX2>E7o`nuapcA(kr@dFBb#sBjFlkF z=P-zKu$rqk8Vtxs$;J;%u{v$U&Q@<|(48$5gS)CMi;gCkrX0QkC7g9Fweh?0-Ni0F zC-o$v5#NE;N6NOYK?`<`LKWb1(;(JZ#w$kJHB%UR@GY6}7Ut#22+$%r`4oXhu zWOD{M6`aI%Zb7Ix-wHcE^s1%-n7uNSN2|b4xJznJA8cgCdT%z^h)sod32ici zCSQr60Xf0P;!cx0C66`7($F)6c$}{NjCKfmyjfNpZx1l3Y+lW;vl90KoEsanlF%#T znsTBrh=H3XcP>%eMc{CQ{Z!WKSf^MR}Kz)jzXOZr! zB=E~@>ZUd2P5<-7@XiQV@L(ogF=YkKGNjjI#rA8X_ENY6h6yejWZvued3NdjIXk*D z&!aZyi({fS&oXEK-Fx;a5-P7pY2%VmbPA(8122#J2BoD=s`T|rsxE72&v!t_=1`4ChM%b=+LJJF0ySpiqarg<71({ zEXNacQ=M7KysY{45nMXQ;rN4A4CM*+Z`|L?Y8W3q>=S`y%0&3&>fS|VfD1Y%`sFwt zm+T_Vd~g4+&B%Z6ea+^{%rJzozpKmMNu><$L!)>Kk)m$>Xf%#NUK)Gjv-<^2P@2YY zz=`k0^u|w`@)&E?>8tqssBknAsxC%l#Yb|he)0bDo+ht;R0H2&*0t~S;c(mprrxwT z(G52KUf1^C#~=9EqaK+vb;+*?C1jbEz-3M#+c)t|D14cA^hHJ!<53XYIoudls0Pw^ zXv%(lIr@sxCc1IvC%5OLnj&LrS^~X?*4#w|Ya^v((T6~QE%C*!lNhKlhj^`c{@`KU<9(d)I&arz`2E;K#_}Gclz(w4(IWw;U>-^GTkTv(qpKY*QvZI<* z{&D`<7PjxkZq75hYDSdAqWajE+q(yua(C);HjJc5fR{zbK=n->l?uVV^>hX~oVujp ztGajn)q>^zdpI(Dayi3v=E!oH6KVyCw%5?Rw1;{W7Z#L-f{~1|Ra@m_ z1�dokzY|oqC4nhKH7eOIhimf$F%G6kfLALYE%D5!ITKA1bqnez4kj%S;qPON7aa z!=12^&$DwalM5T$eI%nb*TFi`+0>K1!i5Lb>rs3RPdxDfNQC0@o_N!>^!z2A8x`JO|%7U%p^>;mOf~?vp9| zX<-+M_p(t=6?4Ih&%q7fNv-Dd;qNSiSml;{KU)Tsyw`X#q?5A0D81{cAf*xAwCC5p zA1QTjp`pLa`{jOhFUy6mkD^q94{ql>K3_`|kS4LqWWswd2H&wSY<36B%Y_-5kqrr% z@JF1ruTifK*xA@OiC#|9YvA1U@@}Ah~}=0CXx# z9X{EMSyJjL6#EPVT-JkOhkSvLTF6Cptx-CJRa|SrulcB+AVVxBrcUHYcMaM}i)7_; zdsbx%V7cyGi}bkbDJL1>**+YilOH zsHRth7G^h|Lh-sJfek*H!jllo!MHJ z(^tYi>gD!nXTe89bfTrQHjkumf&%2PA}HN zBgm-hgdICweKGW-TO79NHN3WK|HTq!oS3wdkX*Dh=9+TxXqTPT8^-ZBEhLsD3~4-H%m4gIuhznsQ< z;-dEBdpBEx<7%patgH^IYYw)zU~pBsdtNZs5^U+m9oNJCCSHzZA^Z1I0&53`t%1fvBxsQRKgI zEa@2{=n@k2T~l$-vdD9=YV}yd>Rsm`fe!ncN(O5U>nh1J1riU@A~Yh-)LRO;Au#!F z@65v4z9I1VfT@xWOCzqwwc^UBw?YV{HS&!QJl80}828oJj2hB2ISMsv!NHYMThz*t zWl~hhiM}t-t;Zt)yb7FLc76+HDT!)8F)2Atlg@iy^#(ua43D)wR*}_OJC|` zh$!?NC3<2IUo89t6d3bSI5-GRW@8F4+7IFzpWIB&*!aGf;Bv3rKnQ+|aPVenv_7$; zdfST-vTI=MEkKV|*Liic=)0s>ZfA9_gy3V8Y>G> z936;32k*fUHG{KeKX-f?Mvtpw^6ze_T#r~|GG|_x2JjwzBx# zs`PCaQzK{U<86fj6~1B=sPr+CC?ORkm~ek+>ga z8*Z-kM~X4G6Jj>62>L3VVd*vOk_&pzpEhhYw^R*xV8w%NGG8DNS7Lm4w0ZnfpU*2N zH+-Z#^OIjk20Y_Fau~YJRoVw_4Eg~`Z^0YpIO_N+Px&J1!xXjDtz-)aeaCAovDKu^ zS)S&^9abPX4sn?1RWNq9<_4Puka##zy9NO6%fIJ*1O~#YW1?motdP zglfV(!Q>qj35}SH0jUiw^M`Fwbj7%b52U`8dRIJiEQVKoR4*orWBFD)dXeMm>APoU z_5`lg!P={}$cd!+p!>8S==3qZFO>k0)Nw*qC9NhtWZI@G#Axpz#wPA`ia3MGf`>#M z?KVc#o)HAJzs^Lt@yFZbBS=-4ptOp%nYTE=&x@+NUN3BdkCR*|4z*mvFgst8eiPba zgGGh;N4xKI$;8d8{1))#F;BhM-V7TSKIJ0DicqsSg9L+a4YXrGPCp7o3vAPQPQy$PAu#=tUfyr2(<6L~(ku;ab%|z?F%Inm< zDCg$g6iq=FcvFoLLEPb=$p#;p@VDPp{ox8EM(OAo1AE#K+~s^F!o?OWNd+w((G*nuIH-i=f=?RfbhMByM$VhLvzG6GfWE8ME1v`>5Th}s*(PpP2zjIbE^>w$ zB(#R>-olWlQxdn|mAo3JFsW2c&<1V*Tr4_=LW4qxAw&!qT}3WtRZd0{$00TE%x;0C zh1A6N;l1&HMDnYvF7Ov6<`NO; z4>w5a%i*Q*jej}TkIy!InJKYI;d?OfbwLI7P z7P-7Muq_MD_~FGhO5r?pZ9th`xKQG(#Ry*w9wPT)uba_x*Nub0YX!}Xzc)YBm3Vt-<(ov(L;NM$g zd3s~r5{F}u^leidv+JKvIH#!Qk69Tsi`_cJ2aVN_)R6uJ3F&6AJfob4gjC36g0=yg zo=z!R^W}%V+Z9zVqLvFNq$>foc5XO(9AC2@zDl9(_g8d0KlWrgWuFl+#MWi^#TD!j9H_5<_^5EG-f&unZv@DCz|V9n#PUdF@0Vt#eM}M%tQD4U zv1wW%OG-mnoo07waE+qVdJZv7qqQtdra3ljJS?MR0@1n@s8_q~D~o+zMh80m3qqq^ zPod5=vtq@XTF+z+<@T!!Zno)o`Vd@u&?8Ry!nmudX`QWAPQ~1^lrK#LW$uY@*LZ!% z4wmgJ?h(n1gCUdDT_jDY6pwH`RW2koc*X5XV)7Sy`mrm&>7 zgze0LZED79oJVz@iw^QR&)BXEUBs?^``J?tI5XkB4^M@9L5h6GZz${B_>qjiX9`Jg zH?Ev$nIl|iQ>2X3rT@tChQraAlXJXlr? zh_3|BFs*~CinXh`#a4!e#)3r(4|w0$>%!oSmPf)J~Y-#ZE$GN z=>=s71hSmfGxaxx2}m6nh`f(&ixxxVQimHiceySxMifRa+BY(cxKP|gCJDNkusmM|4oaQtV{~=ZSjD9h3eo$8tSXu(mws+24jVkPXM4GSd0(0KtOJX_#jwb8{W-Fxoj?BT z^9_q&Cqun&-rP7+ax3?{{n7+~=-nH1a!+_TU7V*8bwbk~lE#}H06i1hAXW8v64A@S zo7?l|$y)xi{ee4jng%BR7Vq}84W#NvL%R2ET(>@Vht+5ndh);7e=EADYe!;HGCwiu zN;c$Pv2-)ale@Io?V#We0BBb%Dda+E;p2v6v&tO}eM%nT4{)vdkiTx0IA#^;KV$M> zsNz|*Jgw1gj@7_=$;xI%LYAZK!#uMa>&d9fO6R^Vi|+*CAQj#jUGtJo@xeG%Jfxi{ z#d?~q@@s#d)dv+MdikICDYowq3XVr*Y2E7Z7oSnR$en#rVc|D!4}5V&XY7gV_v(8< zV!G5GMxv>`&^;I0JE&QB3EXtHsZ91*N`Cy8#_iBj#gI!=eqp8A$F>Kg@RGtx<8_w= zSfU)`2=NSnGp`Gz^CS@(UqQRqTPtTbuQ6Tk4SXBTI?8BtqN*lxz#>$Z<`8`eU42dr z)Xo}lXRJD~8`W3Zvos;M(oP$D;vZcQJ?lRxJ@Yh~CTZ{2wXUFH>(Jc&Hpc(q0B?sV z@J2y=riBnB?INIph0Yq{eT$=^pkOTi{*kXrPw~1`|4GLBT2VWO()U_$W~>lzE)Kp_ z%LmJHVzEiJ@N0P|{HG?Jlg$kgmGi~7iKJ3g)m5cV`Ql5y>ID>M@?UE;7yVk5eoTIg2>q07tCkhr82 ztYXnlhljFu!Q=VKt!2qxT|Lw)YC-Yhi9{2(i}QGb)Jmqe(oJx_{S3^QDLU6se~mwX zcXZ-5kyGk^@A|v~1yEALi#l#dtr)@C2B7qPC7ViN)k!zU_Sb?Jst2QnAM?(ReaBzj z`+zi05nI{YMfOLN7&)#sDY@mZzdOfF@YH*Tw_uR&=cy>(xg=V?8u(heMsvsoHoqI% zsn%{wbbTSi-FSL@!e>|k@AY_JG_r?wz)9t+scDBiJDt6lG(igc;IEds^b8$*4%ApaBT-bR^Ksg!At=89kYofcI?xM;*=4fUC#d9Nqq zn&7aEY;VYLjC%9atleB9$2}nbh76Luc$wK1sW23%?zJ}%I74q-s}kMG|=R ztB{%3p~&04!3%}c4P#vJfzX=q8r@1;#B28>rw3|QSM!aR2a;66_Ko&?trlnY%C+uo zWs^~C?M^4IqU*v0(vJfekI86 z7R$jNYqrM)Md?O6Civkqe2QFq?I^ z-H%C%mFJkW9(6{s{dBenS8{AeQy#7@VhFl(kwo#!TlFyYbJ4L;_ZlEe!(>MXkCLUh z8dnOtSFIyd`klz8c5m@m++Rt;Omfa-$7M2COGg3SE63&Tz8R~1JOujATm=+cY}@TM z>QD_8iPWive2QC=aM&kb;`e7^tnv?Ogx++Q#hejj9iNwR7oJQ+%#FNL%jHYGcmyDD zB928DTvj}VGSnP-hth@=X$KF1zh+H-qk&>}=c;nQ%1myhT|$6Ia>7Pu--rs~dgwbo z!WI4SqYoi1H`$L2$+nU2(H_H+@c|Q2N!dQ;&7g8O{szWpez#Q`QG&FR&~-So)dxLM z+C^~s>rR>}p%8>Z{)vnG#o*;LeB6030lHh3*jGCpa0K~gDJ>G1|0M8?Lni9%*U0l; zIV4E;AP&(a%qp;ybV09bnx#ghckMI_L|GE7Wng#eoXdt}6-v-Dy*wZ)*1nTo2^BbY zvtR;pi9QFV4*p4M`u+y*jvRMb+X)-nC(|QuTW?YLPdElVa)`2-CIMjzCHl(wDrXHx z6;i(>{uU>i`gYxbVLAG)E+983H@6f=IL2f)Q2dy-ccKW8dl(I#aSzN`vpIVcrmh}e%27FzHVu6)!y z(%JuBhmhnD4QmX7E}YkEr^h^upYon^n))7{q{;p6!>-6^viJ=P+~KO`grzsYiBc21wT`V3w$&yny3TL2-C;6ItLm!gyG5Fw6;<7?rK>9ok13<%QW#Vfk%@zuosOcZ1R?_(#&e@=ijl{$Bjw_PnpxVj zE;CPke?$lNHK-RdM%xI?o(UUY#yybo!c@sD6PaL&TO6I@LDGtCm*j3cR@x{o#a!c+ z)}|)rCXaY(epS^EaO>7j;J5g!Qsl_|O*;J*5^J%^A85^zhvX|WE(=TSw1?bzGJlM2 zs`}*HJBNuBLHW4x4f*JUd-l$B`lg(IDW|uNGKVzJ15DTl%i920&Vv&}Woa9zXHi@Z zD{lgTuDmW#En7PzDP8Ukh*jxCzMm`jRH?8F=0kBYzc;-RyM`}Bnk8x|Kl-s{Q8M%6 z^}zwT70*rb)9u~yH0y~?qSAgNZEBG%?C@Z+)A?ymOF3URlR>8GVKU{(iHyjd1)=X^ zE;h3A5&&rBxc5u=tcX_uTL=9JfvkRpnXljY+nJAO%vJv5ZFX4`qxp9s@v&Tx!u04)iGCL(G~yv| zq@R>)-@95Yi>t-Uebl(vU1X~CLi59;4q`@&vz@YFU$`P#ewI0kxH zyqj}`^Vyf@niE(X;ELbH<-nr8Xo#+MH*QBCS~&Vs>Wa3N`qXH$?`a;4@{z&@v7Q+D z&1#kh1E3E(!w#8C_h#t2D7nV`MTZB-8O6)4H#57TJ}@nu6wGJwL2GG%E6djMop^5- z7v73b5Anc60-2BWA?bFx+6tlpYt?s{$%64B&Y!s~E?$uPJAHU3o#Ne`V!LXmM7%Fwdp9DgV zb{Nw-D}-n1pOAOl8t5a(W?C3>PllYTM&IH8(<%WANIG-L7w*S3f8FGXSlf1urR ztcB}`yTN`k;l)+YdnYbDY-fD|y3DGnM4mh&l`oX5xf7Np0{5e#VLqw@6G{bCU-V0c z2#RDW#ErRkAAUT5JU@Vli-bvtV$ zF8xBQVjD=TG95V7s&)tL5PoW)SE}RoVgS1iM|s_3+_~A^d|UsW+Zx{RHTOyfJuc7X zFK_aigC&{gboIvWRxzxA-YL)Kc*!gcJS5*AHhTr#?-!ZUD|!=uTv-W8`2d*Y16>fQ8J6n8? z56@h1F^Wh!gKCtT=f-5U$SG9Ej7p?F545XZ8>hWSkKG0Ijyk6G)(OfV?eal(Wnke^ z>N&V1g?n;9Ft{Lc>+bxe)OH6ZVr_=OTKjKCqAXQne7IjwT_G zE7gr$#SF?7l%GP4y+-iIi9?@Q!@gG`<}r&oiAR7fRXMuE)>(EH$<AyC#Lp+_FDUT0@~3VyO{JD)dnD8i7n z1B-$7vLk4}1sUwqHvzrdj~OcZojWO z^8q!DCj;z9{2~o128DJK!!sQ%xLjoVF%bYXnmZHUPii*0eXl4N+#47$D2 z`xfZ|f-F88vtn!+mDsEKW8X^fpY5 z0{QW3qt$Z^)^gIeGL5xy5o4TFto*xMQrKR8_lC7e8L*o`n)QR|HcQ?YNp&gXfQ#J> zJ>Uqk={K?rzYZI3eXQe2S}4fu#7_v~T*|{|u$H8K%xU;sSR6r1negs&2f3!zdnidM zyK}S4LQPtFKs$ym+?zm4;JwK(fAFmp1DNT(!tuRhVacAAQ;k5b8@uBFdD0-TX=PX+lV^xW!zw7l;p}G9YDE@p0!cu&rz@ZJJ_pAY^ zWP(!HjIGQ>vGxr|T(e`Kn|9g`>r|kulg2)j__S-sr^8em3yz2c$e}v&vE<E!BKDKHm^!TGM?zz5FL9Mc3{!P@obCK z+T-xg!!~O|?K+8-PLt}!toc_$8WqIonm&PKGri z7NAc#8N!KeU{tWIk-O%o8wrMV@2*PVzDz$&Jej-Var%DxDRs;D_b&@^jSVIE&*I3r(Q5t!zp%tLBgJEufS7Lq#0+{re0$?bAkjMe(MJqUEA zbjN(K;b-I2lfC;dk;3Oq9-Xb24cymqNZ*N{PHZ*-TmxStA z;HbJ_kCbp1&FAPqF)t~Y0D1$5DO{2`#!GybPn-??(5v6vdDAm)^VxTToDJIB5ea1g@b~k zAsACd>O@z~hDB03sr|vzwcr#Eq6^;kXbSK0Pvflo7iau$rrq1CmlREjWFKrDuc9m% zv>8r=*Y50{7B2>SWQ}Ib+%@P zKK~GkKZDbytE|h+&GUg2@%pp{Zo`;8lXVW(X3VY$AMxhIeH4!@**0LD&Q z+`UWwXa`z9Ip6u|?(Pco$=mqlwECb3OxUw7A`yEo<`qGBGbW0GO9r>>GahF~+Q=t^ z(_Qzuq|d&KaZ`x^?ABaP?h`@EK475v>S8f#(V`ti+&``xB)O33E@girMN&M@&5NMp z>2{;sk~+rVl|Dv3l$Z>RU4M5P_tu;WBqdbP4ZspV#V_1w>n}UeRY_Wc?n@ujDl!7S zis`fk`+b^PHj;%#m@MM8yt`a`0Z~a-%znU^Hn7f6r(%rKsSjWHR}rQ+`3Id ze5R=xMX}Xr#D+^f1OHY8k9?@YB?6KU?7R-^fd{NylnQi~rK}#(90hnJ3BYQrOUgy1 z5zpvo#3Fr&w+RpDxKy|*Vi(J(zcY^9SePCQ94s^Crr74f1#dYyBfWM@OcoMOuXX%@ zjL)WJO#QkI-sQYuc?~zc2+DCA51Y^-(EAkPdsOVut{92=5X`-{7@soSf_Al=x)ca} zt9xp5@O90iSTTC|N3n^Fzs#xS!TU9)!MZI6fxiCQwmBzHCNO&@HN667s2tH3{EHp5 zJFB8aj)RFV0<*;#!7%E*cVagGw>HV^kXamcMdHAd z`(VM;W?zNjStc9Bfq;FJ{?*mVG8%iTeKEmwhmP;j^J$4r;M8Hf!8G`@g!up(`%dfl zY&qX8z?ZQzrS&DyCFng0;m{0;=(QNUy8kCIU=dGiIvk>z6QM7ZTce@zJZN1;ShJo8Mki;q4zC`0i=UogQEh4mB z8sBS&*qEQ}EpJZCq$pb&o{M%a5)$xtzG78sfp4t^)5Qr9qhcJ-Co8^-iJ6GdUv3ur(?MmS%Ksg3dsrmHt{p|NUys2++qxIM-$H{Oun9dg|78RzT7V|3ad{_UGfs z(Z>;daTL7!$0r>csSHSt+Z&nE|NKTm*_D9f$Qvh3p8rib_a6|-&kG`o4MAi_ddc&l z)qsDvM2%?RICjt4raOO&H-AyJhu~0Ag%%Qv0jPn`?K}y6)jm8Dir`9?rJDfLi#M`}rkl23#2=3TI^uSNK(-^~=|v z?9q;=QtuX?{o7eKC|YraO@V)f`0lt4C~X7M#`ga_5Sc@1II944lZ1tkDzW}8__%>Z z98HuN;`i(M?HQX@5RmSHrn&-phZ)6my8(-!Z!fDmApj`o?~2D??sHKEgKYrNrO9l+ zH*qR$vr?xRItQFvUB3TQ?EGa!N|Lq4S~ttug^i~Yi&=)mtpYJm743m7{!^kgn^djw zFVD1!6d!^&@a;wA%$#y9pgkT~&jnaPb~N_A{pb9D7(+jw1q2$Jv|2_Z=b-m54;0M` z8rB(8?F#(2XGlc=gfr!O>wi1**XcB+J+GhpMLxM-zUlA1mHM1Y4kGX_y6_F4cDTn2z>2g4*xQY zhE;DUYB4b!|HFdfud^i75KTp(n$Ldy=hKp}u{|z)k`RCP$BP3(2p^h?5bHW{|BsRO e|B2yuE>ASpB`|ChsDlCgcT@S6QU%N`?EeC4GCE%X literal 0 HcmV?d00001 diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png b/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png new file mode 100644 index 0000000000000000000000000000000000000000..2528ee9ed0be75faa7377399f9f5042d0fd855d5 GIT binary patch literal 75219 zcmeFZWn7ir);>zR=F!2K8l(j2&NJ7u&p!X> z?DySnzno8J`}+aQ#bT{{&U?%e*SM|`rlRx|9fbr11_lOQ_SuscFffn=7#LV32oiYa zJL{wk_>ZBbl$46BloXYUqn(+h%_|rfhPcc|}YpJCTa=+KUd`VP|#uadh-UhPv5L0n1`kp(skW(HO=ArH9Qjip7gP>o@%K z*L7ssj8t422XG8ld6}6hXpiNYC6;h?#*`Lf^tCy(bn#TV1MFV2>|juo@zLCr`~O&d zd(!x_{(}F!Wf9})-7sH*SQ;1JxT}?fQ9ZI-d*^CRAAeG4gNtCeTUPbY1CGtej>PYS zUV;){it~j()>#f|92itLi(PbCY#0sr4tC%LUK>S!4yngfO_mAQ$9jm+iPc7A#+Y;O zYWyVwfw#2+o_t3oE<|?D!I2217n}ZrL>q%-CtUlt=b5MbXnJ-|m_+3`>Gg|0iB;nK zFosT%Fd4gXmy06$>TlvpdX7k}pSP{laE>|}&auh+*+B{x=gwZv))YS#KZdur^oGNc zHl;qYvb6wPZu3e@)=W_mh6y}|z#zbqz#xK0u;5D+mh}I5ECb5`1OM0aa4;|-mM{qa z_iL2EPw2l`@CE&wfBb~YhWqC$APL#<|9lMl*Q*C7-A2JHk?o&pJHfyZ&_cgpWnVlx zfPoQ*k$obe<_5dFfLLdvKHGZevNHZmKG0cLQb)30>IsR2rKKfSteVaXEWFsq*vJw( z;y*CO1yqqxPPv6@L0ga(>r9$eDE(A}d)ek4; z4__+oPXeynihuVHSBb}--D&b?8-k~jEz|1vjs!#KPnU_ta7gs0*HM7Yo}C-qf$=A| z2KxD6yOI9%I{v%e|6^ARu!;01CZnR+T5dQG&bRZkg4voc9^Pz<-80rVa4^$9|3jPD z`p{Zo)X`345{Vs*NlDR7;kj#Udt#lBMv9Mi^hyZ#$C}SkAHBcWpPtgzWgIGwUbnR< z!fs;o^cszlIau1x4_+55A<`P}YTj@4{^?=AWn$k*HVHoLp%ioGQSBpI&=v}mt-p2oC3*yB63HQheLR-PLi_qbg4fxsd7vqm9{QhszPSGz#QJxi za=~YhXKDTEVUbbxFYEOAOs*ms&qwg5A2g<#&0I+dF46fDdB#}$z!!}_v!CE*aZO{f z?-&fkS2ngE{=|u+FpSQ^AtgAU-MQ}I|F7Hrub=EM2%N>wXS*N%C`h0<*Z9HGW;ER| zc>LMovz35T6vXlT!yuHwYA7yizVBPB|7RY(02lbh=uV11Gh14KH6_`zcoXeU{h zH}QHMr!AFi^Tm?;-d`_u$T64VEqWaf^-uDzhSIbv3H?&T@Vvi0hu`dGDlWkx&~qNE zx>xa(qUw`pYr=~bz1p%Lvsu z+JkqWjEXm-(RN!2+6i`bj7hU=7PvXix-X%5He`YFGsQd;S!lOHs_y>odZ(M*O2oE) zJJ0wf=_?yztGS)C|Fp^^;0I4Wl^s*4_Qq5%86kLq!||6DXCZvKtsLbQk@R$TK#hh_aAWw7i%#OQae(8uC_b)nh&Gc*ArByq6j_b zU6;I97CraT(@E28s$_Q;u*=yR4|E37kBu{LpNrn#9Jl)9jz%sh za1E(7o@f2WVVyJs58h<=lk9w8#EXi*#ZB49;Hg z>D0^eEwKTX>Tl@#I}|T%Dy6~dc&rGdK3y9!?l+z5FBI*9U6WR2bAjJ|P9whD22uhd zNJ;3csy@01yO0xR?bjA41x2$tv`M<0SP9=U4AWZfZ}+9Ewn*!-1j+eus>gLO^O!*i(66ly;8kcJa5)?rx?8%!`IY(&JwYa zC0L5}?6?&k6ECf4R1)=6PQ1@$T8|LI^x;HPyswASS9ka6ds$Trqy#FXf1g!k+aVNL zyIz@TlXFaKN%W~Mar3m{E(@~`seU%N{i!)u)M}(Jysd~xmFPU7$fuVK?4tvuV47OI z#U~Lv*kfyTCz~-SRGegyL>wQJ+19!o+(!7-4!Y=Dpgt|+FIPm?y<=;1NAonA#j9Y( z3moi@PF!VOmO!~{Wcu`qrvt`%m-6!U-Y4edM>su3M9Ph-+kM#0FOtF_QR`-FAV~u{E zIZsat(MBwq;!?_L;cR&mGhK(C<$b0t+91vwz@P4aSoen%EESQ7m*zT-G?KU?aUiw^fp4XJ8vOkBes_=T0? zU3=U+?=E?}w(GC@y?WUXj|SKXuYEs;(J|HVW%`zGP)^f4W{Xz#J!9LXl0Y~f;xnie zTRq?xEx!~#GIDTBe?Oh_ebA~^c*ej%=&Kp_){{4waI~w96R-03*91F#wlB~+4nBlX zFqL`hCV{(p^Zq#U_~*|ZXsGeIJI*4U!_Fsmop*r8KS^lVt1qsjvjLvsHEWv5?Kf5B zsA`ro!cEL+w|gU7X2pN4niNGx+Agw=Q$!6stP3 z7_MP{p7;ge^1G_E9t4=P{651NLPTS*+?$wEVfs;6BDCLl45w_p8I+B~3Gq5_SYl;D zJzl9yleFm4pfWuaISoqk$ z;|3OC5J}hB7opyN1$ZR3fIusxN94+4x6b^xClm0BU$~hNHg66>#8|5AI^|xSAuAu` zufJTn(r_Tly;k4IlQ4~ zYSAZ4nIZ!EF(PL(_Mmjp9L_ur6+=n9-@e-_b6O7|IWeW&tL&lRk+N$%>`u);h!Ol* z&}zW4I|pJPckIHCOwYZrCe#t=;q)(IPHvyXL2&Uyy#f^Nt-aGuF-Fka${_D&1$-T--cKzHN!~idcE6bZDD`Kb;iWEmYP>bDOh?N|o9Q3rFCUv}%+P!O z`l5;L9FN4-d08>6rgfCysZJda*O7)8&rW{4=&@63%{0z2f|_`0%2&w5H*YVcw_k>U zsB+nGdo~w>&O4KB#E#5Gcij#=GS>T-wqL~$WOBwQ))HaD%J2d-jJLy_(w}PT7f-Q{ zpx|%`bzV9=e*Jk&hNtZjT89%fRgj^PM`)8x@3{O*1hU=Zhpql*uB-LXI(eHxajC~L zHJaOs%HRGMLG-{r2(euT>g>qJCb!6thp`Val_CZPZnZY$AAikd9}JXD4t6r1RM%vM zYvF%yA{!GkQ~s0ZYJD26yR_bHG%K4c^@u9DWbE!CdxV(=e|d4LmyzhDpmFb4w}Z9^ znn)O&Bd^|T=h=J@bU(?(syhVv8-8{6C0q2w3`XdVmO|EPPYbmCS45O2 zfn&RM-+#YwzUXOp_{e=SG%EAwl0y%U}_%^3p8RedD88n>dGIj%{a2kJ#N|3}<#u5iv1bVXuZ1H5X=& zvW{^q>TT+)CE5HHZ#0?yv`^uRKO4cmtUua~xghsr;k3+)cg*EotUyNy9#g;$TBdt{ z4l<{=AfS}b40A7sIY6`?8XiOQEQdQ++GSL>0Q=sbr@b^WcmsnieC+#;6)brs+AP(~ zJtpZ7Bs6!gTW;3bq;Vy=V+c#v_YMx z^xFLmeY(&W1!jAw->t6}FL!)(atYv6vY81e(3 zR}G_Dm#McPVGtgxV2k=zR9l8Yt!y+wVbaTD&!qWs166G|miAG3!NaWp_pbcbw9*rh zw`r;&Rr_#%jWgd4ofzjH3?{YJ8jLqg@Jdmmi;v35kaQAvH)?=%uY|cX4I1OpI|vIG zsElMO#dKV+;*(~^QgRqSsZ>%6Sf5koVzrDHM6mpEjUg4FY>`UGn-b^gq|i;rYJtLt zdA3}qoJMctiLA4HA&WY+FsdM3{7&;H?v{8STHdRLz2@sZ@d=h~k9YolCT^p(d1{;_&ez>?lPF&G!`LrO7?XZs}T`& zlH=-+Ohzz-c2!J$mPvxev_p>CFBLT){dlSh&$$mf58qL?u*7e?VjzS6g_nAX%GIGu@N@ejd(YKe_#)WrAJf2^IvbA3dxS*y%k6nkdIFK_U;Qm@@WlL<&_8_v*2**++RE6mFmZ${p6_S;wwn6LHFZb*%n{EmW%iO< zZeHn8(G9F7Z_eZt<_f0~^*q$}DQb?lC&RT#K$`13UG@4TP@E#;%~rtVm1j@3?oVjr zYW0$bHLFe6wO~KdDq+Up)|6Gmuk| z3KaTL@dYE;n%%~(K_Q9}Lgx64|F9F+T84&-8Yw|##c@RB{2N;STCzzrBPU5`I1f{| zg$8x$!DipFs{LMrCWP=>3Mn z3}2|FR2vo7_ZSEM;Z~j{Qh@Kc5ci6}p`4pw9@`slNS&zP7{2cqwrKLk{& zf9Q*9eBlJDN7iWnx;?cECtZ~>S?XSYTh4;qPqopS(ad-Dq3<08xDzGVRdqZ%1TqW^ znl>9B!XP*?Wg-)0A2^HRuUH<80eD?MJ|oy#Pk(!8;udc>(JceuIU+wff7*LLgXe|3 zS#w(iWnIMfnpm_!>Y`PxJ<^V!NY~qhF`pg32M3l3lT|pk2sGn4* zIMah#?uu_{q9?yaiPM+ilhL!JiOu)nydx-!*}ja&us+M&@u(N>rnLy#f!$;ZLUAhF zL3s5kXousvQhk)X2d?MI;BuQwUJ)aguqTNMPI*ppHw(qK;Bh8Zu9iN?H7;t_nWtlj zvJ;{QPt!;CiGIXAXo}mWAu$=?i610E$gYU?B5-)DCQu~|C!OW-v+$u?01P6hN9Sdi zArWUtr&I7g{Gm=#nYr?!lW6BJ`OOZ;5daZ9^rJ&MuGl5|=8wKfr%2I7#h$mRD+U08 zacz784tdC2&!Kc4et`S9B>RihNh<&Xu^>66kE>}_A2lr9mR-!ptg-(BHM+VP{nxc< zq447rv+GrN;+|5ESJ!nu`90XjG^0VMD~T`?Hb=WU3i5^~Xitpq6y$5FwluydTr>X0 z(D#9t_QPSq8YWg>k%Z}jreGQ>$caa$AymsIX|HP-nMgew9)>MoGZ&5PNv*#|qx&E> zaJz!(tEEW@22Y#@x^MJ@J(+r!BhkbU~-4$Xw8={2fY0VL-FODppFs9;P`{d7}H z9{h><0BbGUw4SS8c9kfrsb#1H7D(`rdnazmoS+4>B0KUNA@hd`_uOc;L4`CD`Hc6V*hInxA(W`I42Z&rOgHs~`Uw@`(Vj64xl zHL2!B$iad<4TB{>7+_bjBYdySJ_x`D1B6zrZw{xEnuLniox3~;Kd^K8Kq*MrBj!(M zs!3fCKqXM+s{$dBt$r5g9&U(whI$>NV9K}T<;3w=+mnc*y4_Ir4K~W=L+!X;7#Zq< za3lArcgD*FzFxN2PvlloTl(nI5;SykwCLfaAP0t*mp&|XgLl}@M1itePtPcO1gH4} zobQM_4Ze)CI2q60jUHGr3{Nyj6q?VU-pBd0x^ifU9--#dOQTzGp)L$y3Ag^3O_ zV+{euL@DuY%nYROd; zx%K&QVS{*T7uZiE-b6M&OtfrhC~^L(=dCO*t4=*i!{+{p0N+6^x7r{{$Er{q3r2Aw zw#_gninr+4+~=}pUD=9DDRs=B{@{269)cFGyvF5|(|*O;a&zPoh@9}j5|fFt@GU^I zy(8pwnXZkql|`Q$P?ldFjqfemD{W5C?F)#Ru**(1ekFKbS>KMrjOQ;*2Co*G1)wXV z>tD5O!@szb-@0Rk@(`hDqa0NMfOQ%nzH=pgiDN=>w}+XSHWeRjrpLW7m9P!T`*~g2 zCM-U;(*y&=4isf&FQcAPdVel6Sj_q9HCX;j;TSmZjrf|$A$PJsWD>pe6eALq_RFOV z$us1tqYArK&J;|4Rrfp^&dA)LY`%a;5P}rGBAw zvE(5pq5E)^?s-Kc>&B}TcP1GEX4(d+Uvz9LyMDqIz5$@|LzPIUtmXL6#MRt1_!8tC zbI6LHu-{^zBQFK<-;FEqY@5SRA8sigTY3#w3E$O~lzp)mttegrG$X0;!nto ztE~haUTIB!{&4BWQvAwx{8`jS$6fAt#-RLmvn}_X;WlO3-m~faF`f{I@$hYa^x3d+ z7RpLrul4Vm>ikH@JL-$MN|VkD+er@u*)gjaxS4eMj$CL4F#X9c1t>Np-oNKIQQI|` zWW(6mvqs}KyfT}f;EupnjBw5$9mFM;v=|O)4J6`zs)51j8i&r9+KEQN5@IL}cQt-W z!w{svQ6jdF%pI!DmmF-C25HO|OW}raQfJd3NsP~91daTd`9a=BkC0LkLmb1RIuyNP zjHGzSTG@%yRg;%f!OG!DteEkMxP^%AwGKm5W*+Q|C^$n%4YgLFUlw;koS`~OkI|%i z2i>sKPIchSnRth~Ad$PbM? zf$^CHz@)mBbXsoHNug*f{0=i5J%`JY7Dq-yNK~Pgwue`))<8^D`S64mEm2+=8`{u6 z|4N0=>~2{rS@Bc$Ktp+11F=-)!?yxs7IaAOG~X{B8KN)^PxYsG}rbD zzWG5f#z+r3Bu~S4A0h-{nM&AG3}rm;Rr}J%~pbWD_rnW za2zv99Dejj;iIM+H!O-t5@P8V#`LTRGo6z5sIYPBwCHyV`Gq8WDoSv%#vh#W*#6V&tA{=@^ygtw!E=!u%S znqs>Z9Uia04w*e!SJY|is}p`rniV^oU+Q7p#1u*+%8{;2*B~t%-N=uk%4aF{(W$l;-&Oid~oY3E2nTqXE85mwsWJn&6c=XQW z81EKGg>o=&<%t>qNG$e0`qEZdqcc$aLHz-`iTe}1`iFH96<{ZzC3 z^?jQBj;rZ(uY7Ud)Of!GsFz6qcGo!OfKyHyIgu7*D3GcerdXsll(zg2xS8t?oT!su*P^;+THz85)CZwPxo^lzutDvyHK)EmO5tu4JkO5aJI6 zq~4QpavnbAC7!C*o{EwguyncoRYbEx80cLT-Qs*{dL9~d%!V#mR4>}&K$_9wz~93^ zwD+0Gvh~?y-S$C}z6ayMbWsI4LPGAQTh4L*b8)5OSNyuav4HP{M5SjF;=zg0=>L9f<(CO$QRGjS7;NN?~eJQNIZ%A=Zh*u)tggrPzSPP&@vT`QAdqu2sReBA)PN=* z4~e(<)vZ;@x=U1i4%?4r!78pzyGld3*-{Wg&eJ~SoJGub028iW%HyO8$ z6mvL#eA9|vcyLqK6AsoW@9WG&onzl+`o(`%k)11fC`4XczPO36ZTSha4aHsHsFx-p z63x;VP7tZea5#R)T{ci?l|9uWTg5$v*F{1MPSWBd9qXm2e8~Df->hkTsvk};F3dXu zro%q7xc6R^>@0f^GD-4}C{3o4#8Rmq!neYqvS7WLcj#F~b`S92U36QkI^r455-%ir z!iCjiZ6~y;F~(?X=V~y4GUi1wt?Q(y$QJz}Ct9#5k20~~@=%RSGL2jvRy&Hx$_bYs zu^tMpxcD2T_n5BqC3PI?yDSb0Y^E#L`iYn5y_u!`kwOl6)+_IGJ2dToXfhSz_1$a% zn)2(#QYzvvfbL8pu~{!ed{U$3doMR%S6r6XO-x0NxUk%!z6|bx{z$IjnNR9o0Elk~ zb*2ILe)V=<+7ubvHX4M9$}q?f{%%Gyd0Y)OOAmoS1AmGSi9zkvOhGCg5?d9eiA;Jj zYsh-HkHUaCJuIzhFVU9dD5ihzP}NCAw5dcykPV$Ftxu)Ww-mAD>zN*M$Ik($TJZ}ZrUUtz!^xEqmFm9xiO zxPo33f#TJVwN>`mp#0%J0;y`2!+o$744Q>Z$pMj^m2hdA8*vX5*#k#JuS?RE4O+hL z)$hQin119d*VJ=SuLE%VPXh9^*9CH$$`f=BbIGwNH{Rz9wYC&$?=|qFnVF_i@y`S{ zC3N0=x6B{Ux;^NiysIF)0ZqMnq8ey35?0%koI3kasXaYWK)7BiMX&sKv<`8y@}}+i zpKe37O&NPdEHDZq4(SgP9P~TGZM#>Jsk0wa##lddm7ly)@gJ_@e>`!!w0mK62^OQj zU=>?w3T^$AISt0Q5bC>qc$^)MY&p#Mx-7@mEXN~OI>01BZjE0ofFK%BW$MQWK?gV0 z$8v(w0Y(C6FeF<_zu`qeXIcMUHE5Rx0Uw*M%f@tYNwzxQk2)KMr21FwF}d>nrTSjO zesh&;@s2WC+^sUwrw~e?x|#h-->d%SNC_AOMf(L~gV6-Sp;;`L@hzQaqpw&Hm_9R+ zc>*S=F^A5elH^n2kfYWCq6)0(^2wWPN4Fc%RsmTU19j>Sg&X0nxE;1zm?!Yb*>k{mOgB(r)Hk0jFP1#RpO@rOdL1! zEy`56yBzV=R|{qZ$I!oo2w_A`gjWAl&80ql(MNgx0#L*#AVeQH<69#dD@IIeqMe1- z+=Md}-y<@8n$0)W%+^k6;dOMXT%h?=+ zKu0sfc9Uku8G0AnN5iJ(h5KkavHenV`7erhf>Q!Pnc>=kL})JWd8pISn(D}*X`%G9>PqTD60dEtZFQ5zyyw|z{`x2MyD z+AI(lY7178ObBQAG)4d#9boXJPAZVsiFR=scZQ0$Vg{iJ>zqhm;@A!aK=Ppc(2sHP(Pn1_YRP`5W9OjNOyN#KdntTihK5`T@Z7@6?y z5I$B=?oznP{~gfskX`3N!b#XOJ~O#$ZZ$a7xKskBolB6W^d5iqVG*WPJQm@ueWx+c zk&d#}h$E=<^b?sfdOm)j!;GN^EtS8^P;FERygDd!U1GNPCw#nbGv#>hicsd_%t${R zCDNH3<=^$a=rE|3MC8Lat$e{wp5zw?=tlg%)SG+aH^{y-s`;sod9Q}iPbtU*8K_st zlQAyoUtxA0e%Bm!5V~GVlv}*fwOyy2j*y!!%1-5P9J9``gfL}yQU%CNY~CWHtjzZY zEC}MBvz!YoTtAC25%&pJ4%`RRFH=Xt{ZSnjj{HK5UtL{NN{E7k;E8S1Cit#2 z)UUuYFD1{SKiKRL0+(Zm7s$RvHyXB2iqMM{Dk1YIfCt%ht-6qDfMDV|KgI=x1hrqt ztqj$JY40AYxLcCIfN*4{yD@|jC{fWC&@zk}6eTOk5teb%+c)(|3SpqzMnUrH;LmaAbh~G(ZDBCtt2^n@$VV8{`y#e#Y>1~+3t_RlPVROXcA>6 zFU^2&Z_3seD87;5y7=*3(B+M{+AAvxuegzTDx|6;HT91hYZ%VwfZ(I2rZtu;Q~hfd z`889u@h7SsMMNA4tjhL6w%S*qRgJls;i})^^25@0D&&{!0GsdSz{jeZ*%}Vk>tq|2 zN|iCisg$C;_+F$+&{}%HgncZD_|g?c5#{+pB7mdeFQ)+PseaiBr&7naCGtU)@zRCXvJoq08U_&xXin?7_nyCqb`D%EKqif%WdI&ITHde zln2BBKY4*xaz)k|S0Yb_SvknfR4ju=kxeN<%Te(tx`Vk50pRu8-;0k#deDPTN8q3I zGDv5`6Wc*Dsgi?^*(vUwF`ZY4R=*FQrqKD#JVoGH58B5tWs8vDM9VS^KyC+xoz|{u zfEk1+Lc+x1Dw*fen;y+G_&H@WT)CXv)@Hi27oampGl#PDN{f=yKpkIn)8a83D`<3k zQC&nV6IXF%fP7+mne$p!QTca*nQUc*?ydN*Z#FqWw!^Pn!cAmBjyC z5M#ekOAhsTq-UjX>+|T3{!dBzIwiiMk9Xv`$kZ&l=y1m!_L|NY9W_c!1S8KcJv5^x zdb86H3;2YwhbO*$r5wnI<`ft>UHwQ#F*kM(Zp8Mh~5~9Gi@EMB`=Do_lj6}ikUyw zs?j(xI>&!rgssI{zEwa%xQIoh&SF~_OrwISqH*R)etS8gOQdLIpE0m0e?SJSfdFDK z(~Lt=J<`##i*z(}?eve^%}I$BNM3bN=OAWjtEaF+D5$7j0T(=MPRhP| z(JuP>EZ4U4xdkNL#%h-Ad&JVc&tO2F&@ zN2>1b)#IMGW+Fa1TfbBGa<>NnP1>TcN-SKNN!$FUiYuv!gaH9FcNV(qS;{80zd>@H z4Gd=r^2=Im%pEiLzI-O28bI1UmmO0=#NIwF+$}7kvf`};X=kOITuM0ShE$MXVnB}5 z2hJGhJ7~{4?k*DzgxV*DO}7Z7BX4PYIQY)IBw;|HV}0b42@Q3R8)T>w^5M z*>hohWm+rsAZ<}S^>Zi*DoNT84MR=;T;_v2!Wp7(`kdMe$CB|*N&T_e#P!q7!|!Rs z>T@y#k&Oa$sqeDggBKaNsoOY$MTqSRe%Ps7E>5h!i}I%v1vKS|k8l|#4Sd55&`!R^ z$G6^+L2Q6`=30u<_A-S0jn!;HOm@&df&#+r%rov0R!x1`NW zpc(nV(!80{>p-G%vdUi5SIZ4}OVhB`D+NEol=t6}=`6XI znzv%$cls{7zQD?#scWK49QItKZ@RSe{7{DubbS6(FE00&^6 z;94Q69!+uoX6$84`_!rBzSmV6P$aYPC6@B9a!_#rv}sHT4%9YA{D3JMuJEApGSYdt zDQ^8?M%M3Y#(zXm|28H=@jk-^t}@LY##ps%xJG219J5k>L@-V%;+ zL=HzYCXc`ZrT61+lD2oB!7WRE=xA`%4Q^a!& zaW*_=j6zOrHk3;LgivDGHD8*2_2~$~#02$+?(D*n9h4?-e{)fX@o z+X2m5kIOvz97^KO%Od~x_V*7a<>)mWt|IsIi4+o*@q`}#|Mc>I^x|7baV_vwjQayW z)Q&7X{6p2%Q>geMbR_II2*ls=G5-(rz@$d!@@?aO;}-wM1|6jVqA`!o&CWkw0(-XU z)-ToC|DX{0XSur-2Q&&It4_v$wp_z4WFi&Lle5B?x&P5L|60Y#GoVVNI25S-v*og% z038^y$MrYX-(<1>ymqMS&f^h~vBg}ZYyJJnf68F~=W|3J;C7)kdH*E%4gccrD-*#1 z3G-7grINot`S0%qnh3aE!Hc3U5&!-g{w@~urvUpoP9sYH8`9q2R}q{EZkLo@R=xDU zzlOhAPqugr*w1b3EZjeok4q_o+x4MV`TslfXKyU$-3IaZXR)@B!JiqOxIcm|SAkKQ*juDa0AYx#C&^v_uUf8W}FbHn^4=-9`e z;PU9va3yfBJ7oWv9gn(0wV{imt`UFe7xKXC|NHiTKN|n%-uVA_bN&`W{?ESr_2|Ew z^S>L-e>dkh`|{t-`S0fZEr$L#TK$`BO57CzbSsFVnEsx^PcX8B9fA;y8Q`)tp?(3R zml2nkq`V~q17Q>F5<(L$?y%7_`Ea1(dF=+|v=OhMO;;lz{rWYr{zd5c9t<^E0Zj(v z#uo&jlg1ACBwvI`LHYXscIbvGkdyWO`L;V!UzJ@LP04>8RSJj-W&09f1LAc9Ri?4h zRKy9)H(7iz31=CwM=_HOeB8(EKoNyOYFlSCbkMx#2BC6vDce~qLk z-UqN7Y}=;OsTZro2De49w4Z|Q{$FX9|1e%1K-t@&@?G|BqWdg`H$yzrXwW)QJ`zAY z!s&oVDJ_lVPp;4cn#{rFUhB-P`M*lBuZ~>z4DX|sUIq_81=B@9H!h|15_3;iI-y%w?`k9QtSeM8qZ*_5h4BYI@UqD;W zQd|Grn|?YT>>%|GSOr^;9+1mN)C>4z=>kH~E8pe@FegFK|7z-vNq5J#<@U_j0hGLa z*|{ytdc(0e(5;0MqKO^4DXsyBfJj5vp$jT7=biVb^tmtsnvVzlD^GspEuhtbc5cK9 z;1Md#0JY=KW|j5hWY9N2V_=l_JllZ6M8YX}1GUYkrQ+FHuE>~*<1N~Mq(x&!W#mMkYVolGK(2`|MTfX2 z-U1F!;noJ9oPn-#f6%22EaKIZ<$Frc?Rag>d4;dAxD$k*tbvZqH8(@VV}uh!?B?JA z+>8?oQKfkoe_*-AkS*$h5V3mJe?6jT(y#$f#$n=R=90}AEVz~E&+?BpK`)kNpGFu^ zr!#t&d70V2qr^H0F2bLPE?YE^>K#fjK!vNp@R-6CM(nc9{iaS(K3F@r3GXp~I-GAg zX2u(}?c<3oE({xnqQu_P3>iyq#8KXEJv9PiMV6Z6-7p}+aiQXW4OKq@&Xvil9Zac& zo}m|py%4lMG}_B}0SCLo4@*jOTB?dX>OdaA6W({({-l%TmVZX-0@^kCH6nuq2c0rmN}g zE^bGf&}(>DZ<;roVS=vV)}r|Ihur3A4E2io0T!n_9J6#j-;v$v$zbz9G0MJt89F^6 zz^l%@ttlRGyG0d5PQNMci?Orq?buU>Qc-hGR6L${gyfFE6T|L{6Fb;D9j9+cG-{GIcvm;w>dVyEI`{D^n;%6}wy3g;HG1p_ zDWtcQqeNoBeQUVeH5X&v!4;siD61|iI{_U=XaIvy{GwnxdDy3^LYI&1?*|%-oLDkK%cVg zx>Cj-$^UUBpfORboVVP2JH*qS%>j_N1GpbDA!Y+86|YKcR{P?)8;IeFw{Bog!5ZG! zTN;^2i0{oBWyIDGFFp4Frq?vA8L(nHK)rv``aoL$!v8B!sV5pJ5Gx6dKM~)g)hmb6 z&o1nHdp=x)DPWlN8O|><=>0kPE0vGiLrBNI@6Ht+McH}L*Z@T!x>zgl?e$PRbc!{8 zoAOIvXSgM}QfFolKC+a5t6Lb<-H=95JA~^2_!e6n3+f`DE?m3`>w}Q)B1oWrWx|d1#=JQVav605rHPo3jPt}Db z4&%VJO_V^H}PQmzcwMnKf%m$8L!m3s(%QeU$ju{DJO9SPHf%hDUikQ40s2n z+14}OoYl6J>fDNM_jGVV)nfv7ds1o(5q~8u4sO+*IP%||docE>?X#%%;%Bln_tw)v z&`CT;wy3!T=1`g*ZJENR?0fXKM%sT5<)C5`q|DO?M9?UaHhcxfXJDweJyLiA^UOE1 zLAcH4xw!usB7|jKVnnNVyb{b+>Kg8!F0Eax&$|akp*gXjNj@}ueAh_9^AfYBY4V`? z$e|epEf>bcSU55R$qq}m9?Z-+bNga3zLE zJpMsV;NX-Edl3_Il{W`@rgf!xqqwu*ZoCBJ0V~fEswz#a@@CR{>lPWH6uqG#{LIl5 zFytZv;`5@iOY+1{{jEOPu(iUPoFM(fyU_2}lW2;9BKvEE3NK2kC@cjTAAd)PSFs2V z>DABNkVW<9u%t%005-~!dJuN|)%`eQ-;16F9E(cLLnDb%w8DJ`t|+;zK2@~bRz=hW zFv}*PT0IC8dnyr6hwOncYXU(u;*06-_B#4>d&xrtt=*@othPjz(Ye#%>unDxS$raU zZ1vq8cL%vf6g=@2*JIIX%S@`p6H}3Y{YyE!^$fPkyt93xRlN;i+iuVKhF{O?Q&@!m zU5320vqwvC9#HGbUeF?!^Fcn4nEDKCF2$uj8 zi4+9omR)`H@4z^f_f2)Rts?J>aP~i_eC6ILsh+YSTx&TQm-o+3{XE)<&iBIvnk0tj zCAqi9dva9T6B_$JTv2C2TSr#kWXw zv|KE6Y&F?Je-8U{Xl@0?xe6w+(vliiytw^q=9Ih&+l$kT+)1ya6%m1v>tl~^!>-|8 zq`x!_3s6S!G*Z8Y(%JShjgtn|kAV4P1$BEWo6nkbbS%vNN(w!(=Oy2?eohf?j!-r4 zbKNF7NvyGYuCz-E3`9P=xiqGRj#8KAxP$)IxD)dcih+uoP6#UYI-p-Lz&w!K*^ zO!+)|BCm`Z=LjX>3XlfyL5f0OhdCHMBBEK$HWd15UslnMvd(=;YAZf!qeudI7c)_m zwqZ`7W$16r9YFi+@VyL-V?3RY*62M{cAQ4`kTdoqv659ivq(R<^1!!4EsPpPp&-Y~3*Qc1~D*ta|W52?%(Sf7X&V^UPG zEgXdfQRn< zt8!M+&k3Nza;hx#&c;CcuNmEU%aDpaf-C)Bq@5+DB3NJMnJ|GeU9ZAw?c~{$V zTiTobPHYf2|6JW)18$x)Vw0eU@_f0siWGI4l*y1JF;PRO(BeIl#;|?aJ4Pyk#agTX zi?Oeci)vll76k#77Nn5|>5?uHkQPDd5BYH~gs3=uAb zX9OB`Z$H|E&kR@3LtcLlB6%b`$K<>4?Hj`_D* zK|zkmY80>9iwE}Pneh`{i}nKbRZL1j8V?6rxRTjDCKKV>xpa9>+sZGu*B@1uUT$R^ z_YHxkwq9hIjt5^j+E4ln=qE-h$zN8;gfxCjZtN*|QN!zK-0o*nDT#owTZU2%8_{70 zDkxb8r1)5Fv->BbX#1(&osWqaO#klUm6dWMfw5{0uReE9!p(zgj0C>`<_t=Xd>v_> z%-#Bha`16!;h2^S8)6^3Mpmy`7WJ~cb-@s-e+`b>L9C#k>1xu`&8fib ze5;@Wo5_R}IXkH=qB&!yuLpV;yF2&{DI|L*u6cIX1&o<$BBhc`p5ohhW=Wr=>ZHh( zyGYSf^1kGK({OI%S{`WtKONXmv7TL1-I~}^jl0v6NWQ721FRL^ZIc$|ECBlVwQtsM zaK+?r{=P_9$eFtr`N@5fp2TN-TvLI4@nIuS5r?UAI=tz4W=r04Fsb!I@L;xdTwkd< z-5mCqBC!D>FeY|19ihs7OYN}7qS;*Xc+%y=j`?&i_0v1>AZFs%H*P0i+vfKBBQ*DW0Tat^2^LFo-ojIlFUpt5bVY5&E6Wn`(2p zX$#>s6PE9B7-Do7;^TH0T|jh^!(KQ2LZD+}Aad}Q;^Npdn(NQdG94HE)b9~0Kk|1* zS|=%X(PQk!LOn%)E@(HZ;UkbeKCSsM{QYVG;N%B*S4btHPhvJg(GNTbTR<&5by~ld z084%tUu#G0DAsr3%^&c^xp>=9R|Eo>7skfuhbvQJrV2TAgKW`9XZ)$<73bihvFX4| zq>$*R22W-rt51-%U*^K~5?CYLC*PPEVp70&0nFp1V*C|7 zew@VO9R04O`Q(Qn{z^3Rj15cT=aZq)77gEC>6Lx6Fd$c*;9yv{!pxx@p21Jt3v^E6Vocz zs)-c2n)myc^X%u3QTNXV8l!t(ypsXUbMFA?~OvsdO*H!(=kXkCcI&|=$Aj9KP z`HLaz9Q1h2grfY^;(Wn{dSF9!+uwY$OFa4&Qu@$xatmAlKEGn)0a!GH~j+qHcOwr2YaRDHq8Rc$7Vu zQ^)`wnunhW_S9-USXkTCqRVZ4@E$ISeyp(9pUK&#Cgv3T-gSzOuXCRi%TEs3czAtw zCV{`R%?q{!-G>zxjGe%cBa#lsWvwO@lLNDQZ5GnV>F!%0uimGH;i2}ysuKWc23~I& zON?40qXh!9Vu52?0g_}UNH}k~0Q-ZLW<{zm4Wg@*3V;o~ezXM7yJVq&0yOZr%oz^Y zka|--780_y<_`xzn+lI<^HMJvjE;F+L}**Pc0?Zj13fBNNBot6^Eas6cVj&*-qfC9 zE=%1NCvohjiXB;f-u;gc(MUoBLJw7Qn5NFo|1O*I)BJER=}lwSfL^r^ssUR?RhII! z_}MSXz|J5R?g+j$vBVv;#lc@*4aD7!_X6OCERoEcN1uY;TR7w8Pl$gwmcTsg`$^&S0lRn3z6zGA$uS-N4C`d#R#3=>{Q9(TRT zFW-B$le`WYV}2A+k{TXm^#$%ae@u=y_xRD3a|ZI*+=E{_FIW3;7QPylaM>RW*?#kCUf{Y~RWiofC4w`)mq{_%YFA3DF`=-$&CInm z_2!Jbt*lm&{ruYDA7Ybbna6mKf%(l$neKe9=8w)$>XFga(23o= z4>wb8z&8P|XgGxgA~=>buM#ru;sE0~(D!xZyNX;%LEyWFQQtrC-y$U*a(~4m(Xnv0 zw|Y{zQCXQ2fIf*B@=5}i{k>KFHE3(^dNJ=+5O!$wudgq+Y>m~ikJR4pKY59UF;7HF z2!w}MR*T1|#?B%(_~YEME$}DCLqPWY0N z;FJXeTfQoD%J~=6kU^l3G%V+&d4!sBRK2fa7JTLd@RtXcRnH<4Y`Itsr=G0QO4FPk zzZy^hZjWowPoElT+zz4HVVuP}`l-KMfWVJ4pZFJE>m%^t>X9%|`~U9^ z1q~w=d!ON9f>eBMwP{|$t9Oregu}O{CYL)L-4(gZC3g-`o{ny(bk~XSgaR^!%#pSm z*BQRoXHE$%Cla=DNyD6Cjf6>QV@@e%iL9Ozmnzn=NoV7#URr~w3U|@!HQ8bXYVa~t zz?72Vt^)Sh_0ma9O&idFN#%L!OB%XQI)cFwmjMa_a?o978PB|_nGrj94R!^#NcCng zxcLdq(9(|rbs=Xv4yaUI9*VwTf3yF&D-o6|Nxjkx5PjIn;4JvMhJ0V6Ma)v24^(%Y zKHSjho-&r(rbM|G?}OGM0nQ9(K{G-jQ4v_g19v%UpU>H5jUKsF$a`T9Am)hT2`l8M z6)v~6IvzEYY^z*D{IjOamsyK9Oe8Uavu~V~x!>k1r@A6Whxi~nlR}yl81Q#+upbWX zkcB{f?9%RU;`vRq4^VL4vuvJaElB6ZCz~yNewJyTyfV~{8f(bqAoYCx83BBpW(TfL z;t&H4d(0I-@e#0buK77ek?|DeLhqlb9|j-H>ROdS&DE_Rhj77iuU`M&P;=mJ|2O#8{N`mw?oH;lBx&?LCRl`BWwe^692R zB_6TMo7}vu4=9BmX_7BLQ7tggO!(2Rp4EZzHM<6k8^7^eQqB6o+~ZUpe}c&3lg-7T zypF4B;J4v4NC%j^4sNMioCLkWHvqg$@FsSSWD91V3Nj&J&8u!og3Te16J-z*y5&U zBid08%~jzBHik`oCEl5O@}9iE0;<7I9f1YwEM;&{?dNgbwwqQSABjXcwc2&FaIn+2 zed(4G4c2${^VS?_xiw(`fnWD@ur)WHG(WC6N>jgh)BV1y@>b@ z@J1__hhGT!IpVHo^6A3v>@2Y?@(uh*=3=eDp85Khq^UnND$W3qdP66h`OKM7hqVgRb zy+xVR3 z9-J?AE}F0$YDsH~ImZLD9T3xy{Yhh#qNTejIo{z|^l=rtkAH}H=WBCSJO8R9n3t2N zJuBGBSbA%LL>{5M;M;+H_JaiDiD0cgoR0PwdAF!t#Umzz)wv>GIvgS#WUbz-u|>=2p{}s@P1L<1pVd0ou^s)t6KK z_HOGwY_rjBl94{jGBx}=6&*e(x7Dqe8bZt#U7^bK;S_ffP1Mn!Ly!ktM!wB3Z>c@z zz5}ZNav_lXZZVlRp%Nvb<0p~9sw4VcVxA%$NSZ=xlPoDB%ShCS_))1O2emTS zwA1hA%W;`wW0;ekP07;M8N39_+%q03Uuz@LDS_0?tG^dko1Z$3Pazjz+KYbOST)p5 z>K?72R$nnuyQueB+|}lZU~_{5AQA+Yls6Zr_X1N^1N7W@@mN728_@on(Nrf-=Hdih zPyxe=cN3bpBgc<*4TTSUm-jV=kP6yrdy>XeT1e4DvxPFLNBhT9YM80e$e_^gpnA;N zWLVe-?)f@zhPSrcI3u@EwXV`5Xw69KS!QE|*qE0WFi0;na#d3qSd$;7VEwj!;3Sgj38^b8%V(_~GXE`a_ z)$jIbcYhJyTb?&n720`CxDu@ByQsNUu?y7wy<%ztNl{a!X=zd~Cq9nk zTe^}8+MM1TF><}LWuc<5KqU-ZGyVl3*u3laWgk4jEUwRM@LMN0^LZ1LfE}X#DIh%< zl@r3Im^@wY45a`G$*7TuakfR9G&-$+aP6t5InPhZVfK^u+Hq&Ym z40RV;1J_^~kCq=opt7^0?ul)Wy7~()Iahkvb~_JoVRgnS|39Z@_&Jp4PmX-!pKtQF z$#_oWUKZ$}Xh4GOO>40n0?$%9z~ej+RAlVWzkHk85Yy!xC%C^Uk2V@6OQMsjP1lbE zM!NG+O0MeQKs$eBwyn<^SUKsF!3Np$Oou-g_kfB?DXq<*z;nllpsY{Lh2<*YExRe0=BcDpzXb#QW>y zoYiXv{%dB^4(8JS4;Ajq;xi~dSC7eM`S`)#P&%GXL0S_%9)rP%0UL|u*{JZR*hCg~ zVWsw?nHM3c84_<*(}nqtuE+SMyqnoh7K)m;OF9@HqG3Oix=9%Q0sVjf^Lg9{|JYQw zMb6Z%LGu;DI{nHu!^Lw}t zu~=Bh+~JG#iT`>5{`~TP{9gfV7M7w<{gD6uJR7eOJb%u6INBu7{@-8FcZAQMzaWYd z{qN6n=U4iytT$^A$0+Up{(??3WM$c79Bg$l-lsh&Un zu%J7$@ZAo|ce+jC5qK41cCKz0dGOnL_qrLUip(~1>q!*YHrjt!0^|(btJ6jy^4ADgoIYMRarBL4uOx1l62vsoH20sb zrLi^WHktaaMqd6ri~WFJOw@RNex6^U`}z}OF*7eZ62;|_shlR! zxf!6g0?0k(CHOh=QRQrl&#~Vam=>n94$VcN%e^z`hRX>WMkHFY;FFe*-NRs%S>3J) z|ND`1L$OQUXT0e%r1@@?e}7YDo=qnIr_~znc2m`z56Xpx_V?}NKi{c-OX$bXC(}YY zf>}|7JGNG!X!VY?0i-EBFq72F+&!^&15OI2mB2%^G-D-ri}2=FtG!AqATd^HHiiOH z!k!Q1iy2@>%4gSxLNyGY)Lg&5_j2!q#>6#PdC^J7+{PWKv~T*#!czF(O&3DV zeU-A}KOo&%Nd$eQR)QWFV%c_FxzJFfxSz=&f9TxWHQ-N+_OCtPFI~zNnYF>_Y;cnU z|1U1<=>behLuk7&CzX&0Q2KCr+JI?_1VG6-^DJAcTCl_bj=u_G?{JBjlsCUMRS)wH z1p zuXJJY5<4g~AQ;4Q)q$$2v_|#&yOJ_+eq=ncQ5;Sbf*U?Y7ATIwaV{yuJ)AuGc>jE3 zpUpL&eW*U?#3saaAT!;K8^N6^x}1#Fv_t9=JB0PynowU z{&9ymVS}f;fdd`8+*@oEQP{8J4Jv-55nyhUYDx4TIzbVrB|Hdzu2^aP{5wDOO;QNA z?pv(dE=VM)h$ld4RtXqczUXx&Xc>~JePxzB8_36Cgb3%zaD4-J3>PKHCNKdgAD$9> z)l)sZtZ%MEz~YVOR7s9(NDMpo3Zm-*HQZr9z7k$Uq4OWGghQcgb&9R+e078S0Lw9KL^tl7@b_xdhPR&U-LW`=nTMZw|!RGuv z*08V$gZttU`}Yoj7`^mqnH0W>;sv9EQrO7$(^p%WS7$-k6T#RV;5-x-<~|u9{^J?) zvq3%jD8@p~$O+L=?uXw$NP_#BR(&bP@GFR+$@Txh8Y*!Z6Q${c7nCsOz2``*J`ETv zV)sKShlHk^@W{p)F$@5!i|yu}d|$G?U%gyDJlq&$zm|Vr3#ytNf;m5j>fJB(DBkHR zihEE*l=xnE2R)b$30$_z9accPox^v~`*(w^fd|06wa9K<8nai`Fu$`2MI{H|*(>aY zGPW7{=9A&t0)723<+0>&IHh6IB)|E`r*1O`1fupJaVf$%L0Jo5hI3G?Tn`>NV%NT+y<$gtsP_7P1g|(jVnP7|L zy6mOg(2{jVubXntcxaxfMeZf5>R>}mBkQO!ryhqdb;pEhK{v+5ro7~QWirE95eSDwqKq(j&iLYo|0&n3Lfj!Vflt051Dh|;KYs3Y&tZ9cI^v2t$uj%Ys;v=14q zqEA&Y3}Hc{{NqrghJApJv4D+cDmyzSvw%$%U7UTuK?%=L4|_X`>)*Y%!50m=d=m`+iRGAb(xH3G`9a#^h56X*dMZ3LUzD7tlVvt|D`UL1&W$p_>OpE2-M zGWmk>;2z3d+S2qG<)rmB3bz^1BzeGgAW+5Q36TCfDEy_9SP&;0HCj@BTT)hkXZKh3 zK9G2X0FpO-UWwmlWBn6{D3fl=n6H{_PBy$(cedimB4*P|fY%Vm##o{JVjAeY7kNg3k0kM! zI}ayS;cpNO1T`lww(Kl7PwxP749Pu1*B{O@Ep22#K=K#MQMH-DwwXIf)TWHG3M(Qdp1szW>~-ur>B8DoC54QL9W^eYvMEoM*T}kSoPmee z?zfnvLwK`lPPaQJuXi7SkSV}9&DaMRPGFSxPtyrcxx=g&Xw@+6Fbx;+2Ibk1c@g9I zYUV6Z3wN)E_X4Cl8O$D4rFiZF@@la%ZJ+Zmz~%2-R%Yuu>GvL;=5`9it+nsy429G7 zwN$gPSgw1}Y{FQFDpFiM3J`T3jgIUii&l$7J@j~Dg6eoILY6b{JGg2t5E2T@-R_#B)F`O$wd(SXlB{`+cm&cM| z7Mk|>xotPOcb|YBjl$XEZb+lD$!(&1&DE=+X}?AIZ$O!Y9tFWE5e3zzYVMAzg)%P+ zK98P)adf}q$5Wh9G5R#(t~{}K92H>Xqn(Kg6*3hMgp16gIR_k%t_#1~r5dX0$~+no z=n^iFctYNk#gRZ;ajTl64JL%_MUr2HIdd=JfrzDBE!pZF8>yT%YgM_{MkNcWZRTH- z&hJ~NK!Y4dUC~dRx0#eJ1#K1^Cq=-fDoNSF_3Rd>*)p;3)s7KNphtX2K*zjD0zN~Dc2JQ5%vkX?#uNMK$IP0IOm3}}(&`xGA=c3^wRZOsXaQ=E2SXMot?b~aD z$~?Zl|Dol~A^>eH`R8wpCYH&0Q~Tga@Kb}1T+Xsq98^;%9`by_0kJKbJf;0pYy1)V zsV#ZfHFy*tE5R)igaTZase-VJ2*j49CHM!YSkmqxN1W!bz^$N`rfWDkcPRP$NYZ=q zvtOFS#CO%4Ltr&XEy{I)Zry!b#NXnWgB;RQht8Oe*ZA7$p+1OzOJEQ(3QvB!02mJU zDGJy`CACdbgVSy2Gesm(iIY-q?UzjCNJUy+v^$;KiN}-8PGy2zu}x^^6@Puh6pG^< z9aXMk>G+d>l-{Pxz;_PIiu_6qRF_hi&u#Sk?PMvd06z#x5P+XJ>eY2WVsx*EaTi8O zg26cApk`U$yrw%O-?*{my}_4RG(VRR0uzoAQAz}^ocnQ^m$`J44=Is&*%WR*CnZJ^ z>UwRnx~r;~%A7Y9`~67^-A2F9VoPJcjx+-6O8tJ!;oAYn;GO8maloo?iZYH;t=5!l zbQsGUeGQ$WmG#5&W>rqhw;k_J+-ya;k@hJ}s9{Mjq}%eB zVfU?D&UoRfS0LMttsMS)vv6G}khXF}mVR0%mZR->(z0$g7S8w@Eqq55!7pds=SeX^ zI);IsJQ**R$?D>WH(7MTvrCA8Un=x@?;Qs}&m#vcEt7r;r3{`61_1KCAB z2-rS$>`W}v=d*iTT=m-fo=ximg|rS=hs!k?jpEDF%fZuQkns->Vy>6EGrENrW4qHezsk--JM#y(1T_bx<${%Ai^nw~qc2iK{Q+aWI4fc(>e zMc3C67wsh;C3;Dm{@e(m4|4BBoGtM4bD*FNvRs&c=sve){lTQ#X>rR{e29VRGhgy; zbGcsyM<*A{za>J=EsRGaCR#}$U!9=bHxnJDnE9!6e)jX-T*BTQekMmcicQ6zu60Q3 zGa>Z0Xf8_-19gJ{O@+&%rGAq_4_{KOR%hY z51}H^>-F<2J_v66qAu$0i7X6J?;DsD&Vl8z%nyow)Hr>WRJn2%6aMxd+%KjZOVq7C zFR~6WbeJ)AYLwSEwB2l0)LB1GG-@>k6C^UgT=&`nE`r~($X)lU^2<3Tk@*vdP{!Fu z*&$|4%NDKN&rw|MO9ir~Q6UnMWu8cg`Ud1!B06IN>;=Fo?#MKR=gg66z3WDOokv?- zpRo=b;@D-`D#F2b-O%(LOU!@&`We+Is!e1oKvS0@j9dBg4pi{vKTR3i5ZYszf|sg^ zt~az=LfokLaW`~&9HTCdLB9}1^=(bsAT-ixTYF%>w{7nH8QbC%PvsibFwMzVhCu~7 zktMxWB!MSM1X93R;GUtIBh(-sJztD%vQ9I6VH*LoEID*c13N_e@?y4e$+@}`z&H=V zC~<=Ily6$H2=9Hti$D*Mv(4=`!0>UN!e|Y@aE#_DO8-dHHq*il8~O z^_YT`C1)-_tLx#yU*WXkOEC)1WBW}qnf?s)`PtCzo3ObGCJa_0E5i*WvwSjKn z*A``geVUx7NTg#9jNbX#)Q4t7`^77{IeH1{r%z0UAq;M9r(F-)qvfM^))Ye6s2EW4 zyI$fG5SdB7IWEl*Etg2AX_1r_82N(y^TF`*#{&0o+W9YEJL$S~Iif+dFBva31Uph* zQRvd0fBj*^*GwpQNV)@%0;P)M&G4+aFA@2pg;ioWR`9k+ zXeiZX_>*-mGAaqITVG2`bJ&8EhF&!m@ayVK9(*;bMnzLOAPU}}aBj6iqkxBK$EC=V z&1jL+XBFQ(%ZT^%>6`L!75C0OMs=tgQk?U@KC1_=!@*Q8-#fhA$mjW&`eMQSfwnZ}zEX^fUW_0|v*yb=#yxJF?lgvWrE;b`XM zYGyj1Sc25$QCL!<^sPRC^=pZo9_&{G{Xo9KdxLB6Td+_mL&|&)LM#1LcTmB?ZROte z4gYWDFIkP)*`64}$YBtv0{&UyF19_QJ&kQiQUp$G;<__!`Q2?HOW!?K7MsfznkS#$ zEYf@n7b{fC^T0;D>G7P-bK7ues{nz137fmnC2Q~8mwO4fwsfQ~Lmwn+!cT$IF6j<^ zptL3u=&5oJFW*pP&+^w%FXG>Tr(?@dJ^1{-CBo8qQd52nfEJ$ew2#m1R44&eBBA+( z&eAkZY%;nu<$3j~R&RWrxo+&K8r|lxL0|>_+vB_Ov_71bpK& z+X8Vt2JvY~jfoZ#q+Rh2PEQqW;FC2!!9M-g09UGf0+rzY3a6jxY+_sM)KA?we*%T> z0a>76W1WXs0z<{)GrpWe`4q2A|JbKXd4Fs-r349+TPg0Er4$oo!NkZSkg{rbf1387 zgle+|t0}A|u@gngn0mbEbo|%MN}Tyqh}v9&#}V~rqo;2yd%QRwevWB0kn0x5K@?5p zC)-G<+Nh(9IOGZU2N_TZ>)S;G*qHIsY%XmgGOMw7zu8R~ z4Yh-mLu9C0h-)(@{$n1+HoZ~^l6)*$U%88C1KLxqzOuU}1-DaIesZo4Q|{NO{p{7& z0D~B=P5ea2H8#KuyW>b+$GlP2I01AMjQmGR@JzUY{XDVAr#RxwAWP99{mthkIZ3XL zhFsFET{ZMNgw6TO0ZrDJ$kt2Bw}f$(kkPYN)zlhuUrznp>tsH2$zaU-cTruZhtR;#`RpLZp@7A~SMHMl#Shbap z2#>x2f*(2E-MZn12EFI8yzhcNLl;zr^zW(LHU%HHy+ZKh+qoA|X$ZwTKZdO`l4WES zla0+DD-U;jL5VU8FNZ4-gMHGv14FUP8t(RoyLEeY>FS}Gu8Vm^wyI6!vXw6PXdYLlFw5E>=4>^rGnyByT zgfx3pALA-^95F6C42YbJ#80~Z8TEMR_X;cgJFD%X+|O267I88pa_IQsfT!#pYi@>@ zCBE7c>kD~#9kEGoz+i!LZrta3TnUGiy3<>>iwi_=;1rv=3p7U@t`I+TCnzNGt)wU^ zNeJ8h_8q<;JnHq1y!_>&T_%v&*k>Shx00wXbj5S*;{-AE+u@M;;j4^N<)5*?1X^+( zQ&>N8ldqsyYELH!srJG*djk{+ZxSD&(i0w~IhZJ#nT{#$5iq;n%?z=0X?wXhvawL) zcJ}e-^&u%PQrEX%dok0X+aixfcQYKMQrFHFI&|Uo?z9;oj?-V(>_j+>RW!Uq zDz+iXyXFB(!`yCkD1r+6*6mmmbMA#2Tt4@rm_v-AugS%NBtV_D0-x(EeJgLep0qUg1&aV=_6eve$zHo%N$H0- zL>L zRpUhy9_k<4`dQNU2B+Rz{?{$xeeQBeaLX5otrL$Upu^p@Y`@XCo*}cT6y0urh$JE=1+wu7+!9s$#}+afPWJ&f6THW;>tKR z0qCB~pnDl&8twXmZuhkTbaeg(BJxvs=JI^-)`poX{l}xLveJgZwuIINst3V!axnNA zPLd~wWWLAD(N4ik?M;10F)O#x@uuXxZn3C$NcZd3M@w+`OFu(fc-!M~`ppZ|-ZPWt zS{mTI%(DqN+&~n_t670`X`8x$&HlXBU0iUlP?u=sqSaQe2k4-d_tHAj*uys8?JRc7 zG4^Fk=A4ns@0zw#Rm5#+1<|Hi$4q$F`($Hf87JUr5)61f!q;*PBOd1}kRw#wdgj)% z*DEB~d2cBdG)3P6t-iMkyLct*WBfKz=E0ePB;aJ5#Q<#!P*K3!|%jG`1OeFD|f2w#4HBi(Y3K~ z^T;6~LW>|N4?{=a!;xrTL_=)3{r{R`2j51^FEuOH4wpvzb~_9wBBv@|CZf}>`FekN za3zNSqj@3Z?hu>bHP$^(X>7WCt=uShlNdoQe4qUMh0HDr+D9>LgnUH}smO`nuWh-! z7Pqywo)&PB=&Bcb$IoTe&J`6GLKc343c#3bY`Hufk|%g#|Ay~qo*9obK)ui7aQJLv z^(c5JT@+_eLHWronxjTOa~R`{sL2w;8*cBo;MS=$db zH&&BvKLD~ypj=e{GI&UD4)GG&17iU`mv&dqu~+>Kr0B& zv_b)y{TUk(`vz5;yS%+3GsjjS+m0Lkk2kkQ#MkxoH^dHivPn6YwRXw0!Zi@K=2Oq$ z?)jN`Sk^sTkqB*0m(fhdUj9Sx-TSn}M+Xh)#RSG8++qzpy+j($2R2WodLO1SCh7BX z%idqk{C_hHi@+PZBbMV*Jk-l$D1rB}p#mi5$8vh_W$+||K1z(&<>?p@NUtgxoxd=U zMG3fWX*eAH2-4cG{`JX&kS;>xfWoJ7 zop$uxr5JyC;0OUjk9W-iTp7>NvBR@X-$jE`?{P72n91!OL7ey^4R%)<12y-Smb zWa)t4^Suyjinb*R_IG*#uIGkURwfq;r4u^>9f-r7;$)S>z^4V8b$E4`KBF-B!qMd+ zcfeok(WkXi_A-S6=bm!NMDYY``VxT?bk!_tYSxntkvKi4yW7~Z1u-lOx8{On7+sVt zS^Y-({?7bNnK?a2gI0UeK_*K+qU0NC%r`Xbmy@>AgG{TcZ+tEp@y z%lTH>$v{UpaQN13erC%oLvmRFD{#T=O8o7-`^Y{!swM>$jtF@&%C<_Yb@mF71EZD= z&Z<;+dhaJ>nwhPWDPg*`M2N7BVVBp*VO+*DBH#5OaZj`-*>$heSv>;TgHIaJ=T$yz zX{HcXy4l+QINI%^c^yXs1{?;0U-N&kE35qvgTe0?Vb(~JbkMhOMCzM+xU!AQsxqWs z8g4E%ErmmPU~fMn9%Ol3yhvIyRwf0j-b37wVq zDaBCVICX;k*&2~ObZS+;Uu zOp>G)8hnb9qq6g6o@_2GPcn!14y*$x5~^x;K>&hMo@2tU8P1Ph{-y$loVe1T+K1d` zJDPT@BM1Adoz7Y_F#%G6qZ0RQ%pgkEYOiLb<9`V>TR(6;e1Gg=TU)w&Z~2pFS;FB& zO3#V<2u!}LmZHt@D6;0VdGKfj#u>3R)(tn&9z(#rXqMb#zlCN-jTf$SO6GmrcHl z94dYQ`G}vYMfmxh432##skR6w0?Z_pf_fl3z(9XXiWuXSR=75ljn)}yEC@qLi@+yq zZPGiO+7j|6u=mW)D$5KOOY)X~x{we2H35T*A(X=3z8A3C5C-}NN6lE7uTn658?o7= z(JL<+f4c2wtzo3S%gf#={TzB~v$wVmW{s}GcEXTkCPhek7Tdh`xY;Y=4BeR`tJ{A2 zfcZcY1q1lxCt2gCFD4u+sLqZ=f=Zkrx!fb1WC{HZgm4O;7xeyk=mq+YSnX5J8k8wd z=Zp4+1UgwpY-*97cLa0Wpp=w6eR^Ji0-Y68X~DMq0HgTd_^&-H3^+%|FQg^KOA>$)THfvexa}) zm}JZLI`%SIA>=q#bkA$qxD;+k84Im1rEH8-rOE`zNRWSUZuZ323}`r&X#KL>-s?-% zt5JE(WzhO~SARa*K#?74+Gc`V9cdA3WyA$k7yDi@Esabn)E#gu#zD{GI%x367-Hm@%aN~^IhqO> z0}1NbJ8tWF7Zg}^7$9{y_I4X*-L7Fl3}j2sgeu&)m6l4ARm+qaDuE41zQqIu6;(?U z&m&Ry>=nb(Z!ul~wLEqg98y^f>x@0^Jbm9lBKzn*z!X_HKDBHBkX5l)N0-cBd%Lz8|2a>Dye z4~C0V)z3tYk`>O%$hbX%*57#^zKW7Y^{`ZTFw#6K~VVTB8l;^pVe(vl&#A_wnt@mWw1J!19gI<{9-A?-#gkmhWnZFA`CE z{i>6T<+V;C%98K^1K++EbWCS64ei8#!TR4Sd<0x{QT(Q=-GD7cp6%s<60^k>$^XmQ zc+QNr-H3W-v-v7J4mib5%NBYvn3C(YKag)e_>nT-e~@l8bSj}>vJ!4=6!$;em(WS)@uIyJTRQSpds)08^Z={;s{uGNcoSv9R?sA>JdcYK=R(azL zM(pU<7McYF_h0S+LnXbr4#29xA-0Yfs0h~>uCe08zkN|s#`%cCM@Y6kH{>J zP1C_MDNM@Q7pb>P5{{1=`HO9VVl6?X0{~UG{5dj8!o$rCCv&girn@znSJsTybBd3+ z%;3%IuH+^WA=Gk`S~Vy?t?C_MkQ0#+M5-`qf28GAPn0}b40U9|(*h0&5pTdvkjGnV zI>1M1g5mpd1K(f|+=^`?PY#b}KJBzkxGEhq9!>C}#-qo|QdEH**^Pw|#PO@WI=Q9> zkBS58AQi&**1((WFB?XdgLWynHt$|b_Q$x&t?Qg?nE(>#(`^E$)OEzSRt=%N6fSq_ zt7~LO6q0)Ej>z$WO%l7Lyro{db+Bj6NzAJz__~cbco)72dH-?Lu`(zBnKElE$y3nBC|r;CaZ zlwSK^>SDLob)r4+Pek^1kG<4poinhU(;0*w8f~{J69tCgUO&5qC+`|bwrUr8>L{Sw(J-=Aq&_uo_eBB9;1xl~|E2^BxT+_B$T|Lybmr%NBzYJ-*- z>90#i&yJF?vkOmSY&#kUD$_>4F$~ut1}_b7kSJH~WWiu-Z0Xy+CLF09y^~gtolzx= z_L4{JA`K_5-wXn`Yi>C7niLtM41|6Jh8E1bC3Ot%yNIITjs-!xb%VU=zg`|ezc2GR zNVvJYBaH6+N*6t^mMXkm?T0avYnncazakp2#T^HKwlr&*WyT}FgywbYXk^;RAfQs# zRL|aX{?%eee;F~;F1^^!w{3d&#`}pL7|ZBAtmFaMuXHW*8p-e?&l+@i*x!2%@I6{~ zHG2tAy35Ly!)qDr;(3r^2 zP^>St9gPfPRAH96tdKhc3m7JrYijgDXWl@hB>x3_M>dDSlD=uELe_J+s2So*i^O%~I#j57@MQY8@JIw^b}c)q`2VeX{Zy+-8rM zao2P}0OGn<;O%9crTrTi6H*z?e8fIw(-leT-7UMc5k$Tk9%Z5`&qcQ;gTaH)RyEPK0i4-98Y_2F=n*9=IaEl5*@}#gE2G;f zF=iCdhbGvBrrho$$THZR7GLr$e%z1?@$kUK*=S2lD*EQ!DwN>vpt!|5*zw(da&Jdm zJZjs!A-6h@arU9TrSZz*)K; z?%Pgd<9m%yWKtk3~|VeG1Q9=YLX*s>LhSBqcg=*K+q!)B`H#a*mYqi7^lnUOFU{feQ_h- zaL%#-lC4GAgZ`2B)T)nE*ahg#!do~I#p6B)$F|pfdTp_ih@Rm))zg@5;3-+JN%)C!>UUJ`;QYm)1e}t zV-nt)G5<_kzBIq=^B4Ay;TKmEcb_0_1;XH0862%+L+IRMCGXs&irmW|s6p{B?|(M<8VO2Byz?9M7YCFHITQ$KGwiaj@k&Ej>PlKrpCL36=V_53M>n7a$b{Sgl)QtH zAy*yxJ|ydy9rUoknG5aq^hykQj!OG!IQ$~K{YFntle#=A40@sj;cpv>8os$#3bC-` z+{=L^ePQ+zeR!up!v8~SX{1^*%F&d^DBlV$%Bxcx^}Ha16zBeFZA z+O6zObD}1>X@aj^=%PHPa(QK7cXHsHSnT9@k43Z(-6u6j#f-V3AA>)?)`x;*##dE- zj6rHjU5EX5CCPRyJu^u5YQs!4C=+|#SR=%g?IFSDaD;I%N?yc;Y z>{aUY(dVr*xtAsDY0wRt*MTa7@Y;@<>aQ&B5k3rkOq%Kpr8XHV#7)eLF^6p(rM-Pb&2@@jX6ChTU$JgkIqIw&U~!oL zoDD~$+Tv&amo_(cGkDFsvs}BGZ|~8>U|V8=k+L9_sn0!2J$s#9($LkzisWB#-ZYn9HQ=3lcPT1*YQt}7sifq zAr(?+8=(^PlsFHIWJH42+nyGX;5-W)h_E6)U_=_#?WF9B8M#y6UzW^m06;C$VKuEF zvqEqX(pdLB&h>yx^7b!*Zt;Ysj&p+y*9@)$O9q&*#;?oQl9WyI1U}Q%@A{3{a4*b( z@3Y(J0p*vP^y(KRfecvThj3m?zRlMpzI@yk_ z4J+pfgV?-!Wc8NG$D#JM6Q*7^y)LLPKwnHxd*~8!k|h`Pn#|q$61}6Ib50tT$ai+} zRs2lGssYU4V0&2K$!k@yr3iitLaqeJzFDFXUoVX9Zf5-#v2W6Y<$8zflyrx~1trP{ zMGG1s@OftI34FB^*S7nx|HIx}hGn(wVZRbeh;(;1(kYG74bmbZASK-;jf6;dmr93p zNlHnB(%l`>@Q%6mUi<8|_S)xN`|G*RH}#T-`OG=T82`F|_sN+@%qpFmCFM*~jqu#d z1GdGw$(+Q1x4I?3X3P1r%)GWGv!E`YQJ6{ln{8%n)Y+;_Y_A(rgSRDA9|ZT6*#xxE z!__$-Bn}O$t%)I)Gm+4^`$F_&%7CLx<+7uqe{_(8=*npFQs{hh}8BeN~X&L)B)YhC0- zQ(>Tu*tWoM4+hTZ{i`t|SDW?yH^1_%KY4$xRxgm2tHxmoEY%>(Y8-RRk7aS5~Q>^|n3#D;;ahjg?Tw?>JAf>*8yYBg=6W&+>U(~Sg*Z>vj&8NcpD%8wJ<+iS{7`7i~7M- zQfjf2t`6TUb{q(;m0239-nSLm5$si~CZ)&>+A3dZ>A9;`_+? zaPmTvF=M{Vmf7Aih(F9Z~A9#XE|>`m`8s3*IS37^>#6z|6ZL9My!G337cvS zsRp~>ojXP*92?Tpk&tzL7~%7;Up{nDr;0p4AFlv?lje!N-sVMG*-y0JiipdYF!7h* z?R}+%MN4+d2$AHjUJ3Ec2&SSueF0bEsdTuP+uWxfH{N{g`to?L3qtyBn8!M8-JZ0t zJ*VB*om)lGdX;u&_t|pjaVW3;7F#3lx#aRyhyYK}x~*W6fv3yJg8}b3hB2x0AV&9N z8fHW9^LDbXOT^O%^?k#aO{Y;td|R@vvQqd;9rInS0&nZ9h!aGq0yBu)DGOBKK)|nMa#NC zECN?w_r{#}RqrAf4ZSsNor`@s3Cct_K7C@kh@JmkeLM&><_hv#JeqyR#r99?e`%_k zR_llo3T_m2vuGtnDe)r7ev}_3?|YfUgFSmUd=MUtdmB_?XPn=w-PA1>4C7Obk2CV> zS%Ry%2VK1S%!Os=>jU{mfyKF_uV^RcM2_(3q4(H)tfYzE^p^6T3h0 zDiMzJJ5Ox3$r^iv$+%Cgr3Wz=9q&pMU;FJP-tymqBj(<+qjoi`EJ>WkR*IrQcD~G zv+J6A>cB5z;+GQyz$gw*pc-YvRs)Vy2Zw8HWIrmK`=bfd5Hk?vHzp=C2$6 zhGb{>qpEq^aWrQ_{$Z{`6l{j*PK93j>}q$92w^e^BC^PE{V??dOpYgcgD3;ajk_gr zm{@todS$*O6-WrLOz!HlA8|AYS0E{?m~qi;9jt^#Mr9!uRP9l>^2>E0jDQ-sy4|Bh zMt1WSx!=o-7FY}Z8SX=1YUJnf8GQt5_`RGrk*g7LU(_5+;ghLaKMHQGLW&hDS4PE@ zalOxET{<@J_}frMBQX%OK z=L>D6)|i%Z)$?mrhc%TpCo~~4VULw@yXpNJePOF{s?eSYL5(LXN41+LyPBvOFDedw zvEAIMywVg=^s1;(>cG7=f@74&AMYb0!K-p&W5J@@u}AapOdx;y72hN!OlGMo-AA7L zo8YSBdq{3${boA)!6KMa&yP$DK*9G)33nR+5sS4kM1p^Ih%&D$^TE&KoJ%%QWk^Oo zx;uxRKZ0W=MZo66_x8Fu5nr8%>eK{D!I+bb6bc}I&Qi=2Q2_$!J)!nb61+_|3=I2v zjW)-@hx+TYDO*GxGDbdA#eL0#_!p5M;8~46r9GkLd3$FuE*07-$}E09^EyGQDzpZ3 z>t!ALJ%1Ywe3gRU`!olJ$Y?0+wsyUvKx;s=$8;rigIel{sJel;o~FyJsoiK=ljj@N zQJ^OyKVsz`(NS44j99$)NO!OXA^lBB{nlsUc~UpM08JAomuf1+MOGU+BOTq_&jkKe z7_qh@M@^jA2r(K@s-x;>%_MKkytNQzU6JhJYK)9I*^x?=?b@|XS0ub8tf?)2me*RJ zW3_UV$oA##C`zTy*yPPWZV0>g7*7q3nM}8C_4BD`!}jm`=UA*vxY!`hTl`Ow#xN0P zjh3Sx@w;%FO~sA5Z%B~f6O95el)~RwoH^bf{UvW#*@=7{v|N&g{|LfvBre9+g%e{;K07=Hp9?`i!e?#iI4Gh5^n_7_W3p`Qpoe~)2mo< zo6fjNIo)cD2$TtyWS%9FnJZ*>?zA){O@*LA%qw{9X>u2O99dG-Fd_)k_+T+FAV`DI z08;QA3`wAMnp;ZaM3J;buh1rA%;OtI$Gwvo5f)4%r>7vvZ!l7~Xb4yQ#PJnjvjCMo zeLps<{{S<9oQ8Kshi=%nfW` zi)_qJ>NLu^X2;{rtEr-+t`8m4e*y!f#*>0lZ!{hp2G z-cDh2kA`?RuXp>0jozJg-41ee1ND-0o2c?r#hxB3r&l^^q#P{j+{?mCkub6|E;AC> zt7o%mI7mJz-jTq>l7DR{ObG_1O6^=bhVlo5-HBLk@`u3l)Wqy7v zV`t6l?RoP=t*OudHH(vNo>1zOwegb~8p_B29Dq5+$jk}{`wPri*amS=#CxeNDd(US zb-jIRU&(@It6XM~LdhtL6F;SKCGXj7O21lIA)-@oIevHF?2){iTIuZNk1!ne9>JXa zM48HWRFfRns2uy+#+mRw(ivISRWZhA_!|?F?7_9a zbeVpi)DQ=qdoo^=&NU>ZoqAluE1LP^wVe6`=fft*RH)WB7G+8XR$jaHMC(hqqRh7P z7sR?!68O+;%#jtLRW9D$%;`F=kF2@taQj;TdMT)=Aod;zt(35}*6XOsqolueeE@(f}t}KUyid$tWUbNqkwV`6YU+L5OEeCbb(K#T^(4;oKX%`d7xKuY!fIH6TDiyXxirwB!?J*&%4@4ug_ZckI~F4xOJ8^!|% zE(^i1T7-+{*2-cY4#e~RjXOcKhhj)+rQ_iVoN*8JKbr73?*xy|{3a_GQ(>_ReaX~< z-IWKA2_x)onrxnb&Ka>MdnM4c5_plv>czlQ&u&A#2W$CU>&Xk!(bC9!`qKJf+6q7M zftnu02-~!D`)eYhvE7~H5{hrcGK!<&G64%TD< z(pAp>)-8{KBJdkL-q-%RzO%QqzKh}pdF46nGeSm@bT2)rLixb-TncR?`k7thG;Rm& z4f~JNs%c|%!S|_^$Da+OBEO^iu+CKKd1d{CHHyP3@!?AKx{5Je=f*{0Itx)KQ)0Os z*22v%bz3~GY1`POMUtRxJ~FLcK9o`Wi2nYQ``)^s80%ELCG zzjxo?Tsp}a4fMQ@FA-&rTsRD0TQcdm(;a_T+}-VDleppCZE@x7SSHec2JTnzj~XXH z*6NUGUl!LUI+USH!~QPfGcpzjpW7_S_q0QvKgPpzgDYpoLE=zwLO0S%ilErC%71C0 zKxLmh26PhEQN?2-#aLJd573V&U zRm1VS1V+DTZrs~4xZ5sLu|9XQ5D9v+poEwUNhQ47{fTZkwFPRio}0mwe)Cx>j;|Bi zJ2`fnEo(>%Fi|3e&nzD~wh}Sv%R#EbA3@^la8$++J|L0*(HGZEdS}$!Xc{!qm6)Ym zFXm&^AkQb;H*VteK}sz>4-d&nKccsi6Q_dy;^JLw8sEwz!!`Kig1oXMT1BWL*>1D`FOny8at+#i2 z5K5d5R#|=OjPrJ$dgZ1CK3fRO4ESUTrfA-8Y_5W~piRHgtkdLf49-#uHLaLn1(;}f zR^9kA2I>wh0_z-kk*gPLc7=zGSR|CR*?S=gh!c>Lj_}foH>Zv9y=_A40RFc!c>)4{ zA9UtPdnz#|bw1au*a3&MMZR4-p=WfZD?-8BK0rr;0%@#Ew-Yu~Pz5$J-J?1C(P)k)`6yTI~nkqsqds7KVo9?pZ<3|)IT^x zaL)`tAfR3$aQ6L9ePZ7GtjTudQH;(^Qewy9VJ8GGumJ!+e0`NcKtFq zJyK=?!{p*ZGH*qXN9HXI7sMyMZjbQfmSBtakb9MhS`D}&8refI>ZTnER|gi+`3+et zra=U>ZdGDCDyHGGZ#s#r>=Bd*5(V=5H$pCeybbd^(2DbQq8T16B^B|}=uCZ&cDxv! zQhFNpQC#LFVNErIzJB@6IZ+p9b-YsaF#*( zg`6M~x!xKn{g%P~i0jvGLAEas zUx?nZ{Q~|k4;rV8W+W_2o19mL!-+g@pI?2KzIuU*1}n_jJGcxMeQv1aA-YNdiCqVV z9X2ZR4{FAqPHOtz_W*eT9_NY*ON-I%?VccvdVQ+IZM1BSMv347(p5jF*ZO`5&Y;)t z5#v9(H$kwz_svp--ET6B3g%9<^1f*b9q4r~cPD71mR2;S$35XJ|3;B;{lw}Z#ZvZ8 zRj0<(53`!4l-ia2D-dwr*zS?U5N=OsTm34V$gb?(tr5O7a^3q{mC=*;s)9hGcl@H{cj5KWJzr3qzJF<22C-4}zyPjYnonJ@ zFT@alKqzru=J&I{L5=(Q9+Au8$dNT+xupcq{~0Ry@U)D9*eMXQVPpZ7S)Jm?81IY9 zy9n6{1R87_54&oc!Sq}p*TBnk1QVqosru|$(Ce^cY+w4N)3TnlE)gZ5wvQd*iM|!D ztS@UbzV6LJuHFkh2z@O==pA&C;Sj_bSSZM-)zI3{uv)E8F95Td zPl6ARu09r(M%nl=mDEzwEUUs&y>A6C#R7W(vQ&}~;L0~WrKx3*9i1U(7DWnEt+KPUD#As|J>2iW7wwG~k zp(j#lCQD%Tiy$BAf{V+}SmX`_c5kV54M3sev(V^R?9C}(HX_r2hyb(jdN_ltUdheZ zSnk;MJl?tYqw8#G13R3GSWOB2!6A%SMP%VilGut-2m2_65M2 zB1*(8wWTNX7mAq=Y5!u{hG2E*Xs0|S)u_YfGhuhDBW-4P68KA@X?%T~sbA~2% z{eT!Kb|NGs7l^NT)~N2I37;?UVIBZhQpn>XNORuG)mi-Gqe@O203ndZWX2#y;vv4= zD5?j2ir-56wqU33ym3{O8U10WSA}Ire5T}m6!Xn@neuU(HZ*FH2?NMqFP+srsaO9w zIV9=;zoB~px`-<8`nj0pH504=4CAvaeCGTE3}(2ehb3KC*9ao#Vxq*p-JF7m*ep(z zYTZ!tz9^?Go%zgt=-s7sZvjak*B72stlN*3xz?R02>|fXn}7WM2`e-gU%uC-PBAw5 zv4-1XCE+Q}NjZtv$#D7H`StN&xBCn*W>Rr_%j#4Nkz?599{hrg$jTLgFQ8Ifs0$HG z%3`nxOgavTGl%27JRsMq2=en^=Tno-8ouIs9Sc3RlaLeJc~iT~!)-o-R>VGRU3|)8 z>iqTO^{W7nkaaXz>}DijeiVm4;e(0)4nCh46(Pb1%gNGSL0vGPn(<=KrA7DRTq;g7 zkD5Ccds+QTL3pL$kuVIQBZP?3LI)kE*|O(MvjFu$u+FzkV+(~t{6n7uof`hA;PcIr zHfYaVN1hjO8j&ulwDIBCsh{X>>)};A(x@2dJ?7pyG~RThRnQ*I!9$X=7J6J%zrg&+ z@ZvmiIPQQ~=t#VF`<;y1hNt%@{`M82h;e+i`Gu^N5g!GVzWyf;u507G9)#Z|v@D~3 zGTOZ`PrsK28$#m^%=(*dA{r1OsQkH;x8N=0aTm+d8<>J9)CXnuz=^KQIG5_v>lKM<!pZ6e9CKs=;LoU0z6<1aeV6RURnX(6^;$9UW%vE zNg|^3?<@f7D8WJ6+h`17A(0WD1WbGx_}*D}6fxL-v*&%$AK~v4io;^ZMTE*ox3qX# z#C`SJrTM@}D!37|^reN^wkBRu5-2{*v#f+WZ%1rF-|XMHh`w)V*^aB!0tdPWh{9Zt zA|iw2Zu!eqXIO-P=>Jsi?p1YA!i+^fsqTJRLpF8gl+lx$IV#WXCc5GWS}6{T zBUiL>>uO}Kj}5O1-1D2i-nyTSE=~ofgQ3||SAit6u`0V+pJFV7*v(SFk@!*GCM`_( z%whRVo^t?O>U3>tU{$*nTY<^+3f=RRaf@Q`|r{AS*t<?TM(#k1;_vGiuh5Nqs=!@rl#dF4mbb83`70Kl`V23M? z%}aKP#wN2teR(;O0K4>4-8mj;Uo?LJpj@_8f~Q9)0$KI3CNmmkEEF3KTS}1P{aU%d zjm^8Ow0T4{=yEc>;?z<#p9fE_ynSixQ#nuC@r=9$43|h6YSasB+uyt=;G_+m3_Tl% zXkKMNV*cxLf&%pnXDL2{XX>N~KgcvDefBR_k+;N6+!m+!(V?3Aff)P{WYvdrcJncutAdpw~j}t+0wU?X$Qy ztkdUbq{ChLQZLC|B6gGVP1_twyEjcremWFaEZ9vG*)$QY&0P7_dLPir1(S%>iPG$Z zBIx7p`K*nzwR5Qj^)=T>YMtb8s{blK8tbzOD!z4LiH+qp=ZqoR*&*^4@u z<=jJjI3O(Hnn_2p6P4lfI6V1HG{TUJNB%fL<={&=wZ&Yv1|N&8viS#Ivq|0G9$i}^ z3_hr^@|4x2dQ5Ga%i!I!jnk2sXHjP>SAZm=ry?iV;H zf&o=Ry4I@#QaQDPF)U~L0D_`=$wDiAz!BS6^>h4a38;blmuAH$Ny&cSUoW5}tS5=?Ft}5orM*S{+`O(nWz}+rusxKwO)`Jlm z%|fbrrWp$j!DbRZT{XyaPKn6D>qxQgw*pUL0jgETSB>TSO6s*Y@PVDhND0YB(2!Ab+`g!{(K3Y68Ajm5P&6mwhd2R~S#f=wb)9;vU*@PRKSDC0&Pe3L;eGK{-^oBnmgSVfe-S1g1hkeNDZ`dS=0SoWz+41*umzFm+E1FG!l7<4zh_8ZL|>Y31~Z0SvgmhD8@nR^&~0NuEif8H8$ zOViO;dism8Y_Im>;pH#Xt4eMKX%?XtGIcNhxFh|O9%^t85#@;(lG^AFI5rkRO!f%! z&Fn+O(1OfsU$BedI-Jvfec+Jiy<<$a?cfPHB|>KB%fC3pkVYF*y)QQxfz{~-P6GdZ zGGI9Yxm5pV>TU>reEUlV*#X2jBdAG0l1&U|j*ApE@r#CL#8LrB$JgyRnmuD4s1tGT zlR`MRRGrtM44-+4^EuFcfTx~p4_8(HGL)DsLetn1hku5*W=Rz(3^N0zNvZey&OaY!GP2ErDZ|FLc}kMx+@Xz2iri3 zOrk|Ap=Af57c+nc5DoHN7Ihp!^#BP)J77Bz#ZV4_%snRo0qZFZ$UuDrrJz2bR$;eV z&rao;ldn9iE0+upKm}G!9oUb3R9OVWqNuLcZh$n~(DqQF9l;R(FK_w3*6+U_geU?c zilrD*BYL0}IBg7pAORU-?m;ZIc5n-cAd8+>Y!=tgqU!9^R+Z0e@Ia1fbYeRKGvS|3 ztu{bC4T>8c?__>_=VEiE0oU$9Nz_3X#!{^nIx>PeNNt{+0+d{RO&!$K;kCv$r;})A zsdke6!Jq7SW*tXI1ThMzuf9nMM{5x2Q<91+`%&;D10P-@#dgF$KZ$>j1OM%N_%2Et z{CFrkB4bQQEEtbc!(cUXcv{o(5P^~~{FA<}%v|yIzXo~!+XejNkNBJLlHr-J zax*qo-oc^TG+&sW1C_}*YcyTDYxX?b>4QW*J0qG65Cf+4x_^m-gn{GE_Zy=ZRNyIO znbgJ`!MhSC2+%t9z4c6g_p3)K0xC9Q9jv_=Qo0aC-tvx2WiXsFEN!`UH>oEYDKxW4 z8qSf@97r|~O{_-r0FLV7l}70IX`W*=Nc`m<^&c25Nj^YyZQp@yHI_V66D zq&}}I)Wv9GHpW$1K<^&SJKzJBSuyvm7l@>>=74S*-vnIC8|u%7|7?o=UoWLSy)_s) z(9q|j#NE9ZdVeYgESp9^u7JsUniN6E%}6bVOc_p{PybNYS~vX;6sD%=ek@0d%$ey< zu>tUL7ijf>0fUjX{P-}|W>=ayprU-KZS#sIvIaP^@nDXZ{a-KOAOFGEPzgL^bb(F? z?VMKyV3wNn?nrguZLvgt2Kf-<-vL@M3f>Dx6`JBDpBs23dY!u=|6E;zE#jhZiJ9TS7T_z>glY8C zB%!#df$~3I^*n8 z%@jN&L;zltz;;LlmeGr!3etbWhyrV0{%rCUu$#SyjR5uXeczKvuo3ESvXA%Q$J0Zv zfl@=2v9FHoSagagU}+h-f)v|5aL|X`RLu4W7`8nS%)JJ%%SXC4O-}fnrt*mvpFbH9 zLdxIs>G@k+D1a&hk1-e&{pppmCoh3N77^3~M(AJ%|7`QRqYu$8ntaWe>`E&UlqNm$ zcK^&eo|Rq*RS-_Stt9F*OZwM7`p+}|AL}Ow4=fsq9nUwwUUupQIDNtyNcjbcw0ByrkWF+^gdFNb>7fSUdl>J;jKy++mes4gQJPQ>7gL7<#Z2|hz zM`Tbr3nD%eLNHQ#LeLeEIGTM_TnY+}D$3%yAm98%=<79h!U z9~Uj|CZumW@=ytQ;k$%2f$98NRqQ?rUkWLMcQo<%_9kzneCGim*cr&(F!Al+B_m0N zmfk19RhO_+Dm5U?(!zpZf6*aF0q;XkI3H~LY0_dWuf&cjDeoIS$hjVFPByw+7yv#4 z!3KI|2$bg$S4TGt#C;G^{2DN(5JMz-+sYo5Qn+$5RDzN`r#n~A83qCx^=}n-HzlBu zcKc8(46UI?2y&}jo#B|MVFpB6523s?9z+1*N+Z zQ>{Py3gEwn<$PQ6*O{G9lhddaux7$jH^ghXfDVJnfjy9}M?I!hL&fL-mXmYvx zls9?4bT}gh$bA$I2x;q1c>HQtpfXD_^KvtUvAqTbv#{;?+g~;9pt3M+ zLk#yP^gO;aEbE+;SM4(0^rKhtRF6wd&P0SEV*(79nZNuVnBR~VYO~`R=s!K{_IjbT z0J=&j;GJ@2rW@T{aLSF}ZP;%%T#w%1Om9Fc-7+)zMj?HVl?fsYGhYC%@Nj7Xb_X@+ zjw+r6jAYQoQ-rir{$6tb$HvhfaxYz$^ofn9>#A=<`!uT%Z}@ww1vHb-NnrZGfpZ?O zIo~YWx7+6ZU;I`_1_(FqZp0k_7Z3C={y+2u@tI+7kYs7eiu{sF|Nc*X5Oo3G7$a%x zovMEw2>yQWe%}qD{lHfYGRGJiO8Fm5D>f9teXKuj)MEUb0UY>6;CW%kq7b@s{w}rt zk5l|Vx2ahfQ85{pbUZnlzq`K!j7|h#cZ*5bbp4lG`xgg8<`W3O`Tf}F(|=yVfBTfy zOvt+A^~S)THn2Zzv48qFM>_B(%)03_$Nl|hiq8dZ^@B%E1b=)X|J!B#_C)s}e*2Tb zusmQ|@uy4pt2f}cd+RR=PVmeuUgN+2M2FHKSogYHx%&Ux)%@|v84N+jGF&I7e_^}v z-!8TuGX2>TWQ~{od(j~Dl~D-6t@aO^3;(;36z2cGc)-f||K8$JL)H2I*DsqSpD*y5 zFb}{wIG`C4gxE#RCEp+!`3r!>$^^ll`$z0?d)drFL_vVcaf&lL*%)>TBx3aSG)0Ny zG~sWEdOH~LMvy6926k4?pjMa@SgbTnrqcZBoci~@_K#};Oe~2*i_U;o?SEKwP0*s- zuPcA`KP)$k3wmo0b0`7Tp{+{q5Zib3-3GvCd|+IR5^vW}}BrEM#ZSxc{~@{paQi-h|#g79BIWU!V(r z)@uN`hTEspWdHp>|M?>faxwAQ{h}d9ZKxcy2tEc4c+gp0dw_JZEu8Z^z9~Q*v4N@z z;L$t`fFN|9D^z3zpC03S zGDs$X+d|nt%R}5~d-Z?5-QmixATKg=1stNbM0VpgtI7e5m^Of(B7e81>`L6ee>o#{4!k(_D66Y^2u~^0hyXbw*)ev2B$@3Xc*B)`{HiFjYCCiz-7y{1 zjSoP7vJ(~VumQtNfpH4RThSEGP0zl z#HB>x#Y?mB#ANB;$?i7=>W4=iy>527!aIK4dSku_FmSu?$#fgBerjkRh>+z_(deCUj!3O)>mUuR8l-7#BU-6wmu#} zo>PyVwLsY@iAjx1eQHjUNK-nhp!vOB)LKcI9?9V>(v@dZ$v8oK;xk=QbQhY)b=e3P50)0wmJXAh z4Xx7Y3^ez(*ny=~#P2(H42Ts%Wq}w+pmQGxRWU)0rN!L*ZU}kCGHFC6@~J^v020gy z`Kv1T0L-G5#LON4jXCLl0i?agJIUMnCH@uF?a4CYamETcreoM1gs&AQ=_kg9kh1#S zL=_@jVN$xZ*7M|Ukvo0-vu{M~wJ#>MxR`~NjPnj2?t5b^He3a6n00W>qe|dqJdwXW zKQ8OpJnQyIxHVRFy&XDj@8^_%`J4ks5lz%!=STT4Bi=C)C=i>sW2?CQlufj60M+*D z+-n~Br)c)AHAoL5%P2c*D?*El5Rbvk;CtLr@=uO5Su06q=}56i@P$p6kN3m^6=X2} z^vpyNPsrgfv9nenA35M^WRkkl+AFQX@ve!C_93Lu4*Dm~CUv5ON7Rd|Pf&lf`e zmnD0?=U+o7Z@T9TekdqRt6cw}r>uNTUpW%mh=TJEk|RJ37xVv8SqfIKvS=^3pKYZ&i|CK7BD#u;Fp6vVp} z(S(D7EAX6Swlg_^3T84wR@)BHmJE?|)~XBAUki??&C4G;W+`)JG4oJWKSO;LXXCj{ zG~mjxVyd&Pdk@JkRh!OmSWMrSxR;kP;47#cQbK0yeMCqMQyHm2Uzi>*vNU*V}0GyC6-|8*FB8Fe>*+q@SdaJy|=P#+uQo-%aFISc^2)H*{idV;pXL zg-K=;RePMzJs{LUQ@ygJ>1PvuzvSb5>hk6ZT%R60+WEJyRg+ zEPdJHd95PH+nsG>h<%zdNtR16W$Zl`1A-NHVqnf){vB%qIDC=ngZ^p#SDoa(m4-L) zEZ(m-ZS1&6{7PY6V0S)O8I$-G(|v$!f-!?BVt$;$AP}PuUKl@jt~ALi9C<01`h$D=i`Xp4Ffp6AYI_hR9$ zJjG(3S;eujUI3>?-*ywjSsyEx6h7aXdLcEQq9=>zMaJdnmWcJ~o?lB7Zae8gv3A=+ z;ClGFL;uk!+nbu_Z6%hTbb9rDy%mZh*q8Ry|J;`Tut$Nv_%=s~3O`aq>+-|-cAdEL zipD37!|F$wEjY0QCtvyq34#bFF6w!2{^4%TJgN`i6J?t__g6}|CxNI8E;JAlc8uyV zgE`bf!yx(>mp@-`obY}?P?;@DI^}Oy(o{vI`jbzJQeodt>@Qe zy-_advEaJtpoYL95ArHt|MG0+IuBfdDaQ3B?)=)qYSRPI6b%A_5cdSd2*fY#KKj~l z1sOAp4u(!K!?Zw=VI!y(t6+p+eyI4CD-0jSWk{3e^RhYu9vSbOnLd3beMS>@=WMXb zTI%)49QAz;q})2l^6TQ`DEBl&W{6*S#qH&Gw?KcWNAD>3IP7V;-uwGA*q`B5^Go8s zrs2fcG_sHDJ=x4ukf0aoaglWU3F6n~JfmwWbF>P{*was^@V6k+dbI3DmR?HR zJLjlfPT*S9T#I=D4t~VM#%}i@?V$tnU*2_*ZPW0_=RKF-p5!Rf-7h2_tK`y#⩔Z zu(2*vHf{$>XBnrua7ZGx8lTyAv+5@L_CQ{A zS1+qkbJL9afDD#as$~U3yW!JMF?}&At2gke3bg^ta zSrNd&?FpZbn{0lL6_I9@O&##NFe0HYK5?M6N)sbE5l<^LyP#s-6Sg8!8pc%?-i#q2 zv&(QC4q`)H@h}DN&M$q-bq$_15XFkm^Nu0)avx&g?nj-dvpgxOkmfs|qHAj)^CqNi zJQ35{ZTLCSb9;Lv(oPg3@=m5TLkU%P{vhVxLWe)EQ5f_M&Hzl>2N<-6F}=R$nH^+{ z>?)q1gDe$jm`qvv^q{VZ1L@t!hj&xCKc3Qf9FV%q*rm}5Q5dFzNL;0S|As?*U`4oa z4P;rRWk4=)*&UT=5VLR#bI8Upm|KK|)k(kW4Qwx`i$|oedw~(w-6#VwZLZ8D7%^!F ztSanZphG;OOX3u|Qb1TU5@`6zU~ z6<|#$*!*iImaJyRUQSed2gkHl?5D|L_DPmtF4F2dub2qiudh7f?7;yU0Ork|kfR$V zN_=Mm>TbDIQDSbvzUwUtvl3{JQu2Wc!uBe@LZ8X*=e_^-ER3?tw*0EGojNO*eh=65 zCzZ(~tC3frEz+m%>~>a#wGdwM3gBxWwp`8bTOiZTsQ8f2zFh}g4D_b>VoMO@)~?Hl z#^d#x9;F=?;RIlQBc@ApR7D6Ru^axbjH(i_2X@>vL=SpNmWTz}G|pAhTMDj)jC$Gn zCdzleCa;$!9`4$!lE2D3m7sqFsWo$tT^}XokS>daKs9n6 z=e{$Te6E;&;e2Ak_-W&@?py;i76As%?r1}H$#{F(4tB96{Sbi%IsNI`yw9EM-ra99 z9t2x7zhW{x4pVk8^lY+I)gJW=v*Mok#jj~KQJ$RnATG&`s!Fll3Y~bg9D#Y4Q)rVf9F+t4#!TqjM#E!4j<@cg7;n8Q@DRyHqnk66%gml&6 z;0^xJ{QAt4f=|XF;w#Kv<^a6jSZF2jf#V_vuXh1-^l%5Q8;Bmi4p#X5dO7qLOSsZ# zz-3Go?)^iy2xV1l7qU_^rNgvuu8HMQ@8VjZUQ*fWbJdUQxo}xKcsSJxdEUyn6ot|2 zpG}VUS<#Vb0zAgsODAb!!##4-S{pjgo_L=~6Vt(H2DxLo2Kf|; zJN|YQPR9d3k12t4PE9eQM4W23suMQFyPe8Gqbu3u>)O^C+Q{?3w}aV)U8EmQlMl@n z7sxPaZ)NCQ`+;=e(Wuq!=zEj4S4B!bZ7w*}%@yV{axZf{swz)v+yXs0&&ES-S{lux zJV1g_j|y`M|E=*^z%y3#AR3T1$m=40oK38rtFdQ-@1@M-p%U@)@>6c>W{+u=7s%uT zICpwO%Cw$08ZejR*To^F`iamG41y{w(>eh?r;0CZcP!1qQXtwP1mI?jtWzRYPA#qkfp zJ2MRuAR_`XZKBsm7BkRfkHobL^dM2%q5jC$y~5O{qeL0cfF7yp zilYjU*`D{g>SLcN!r(N*eC;X~&u>FO5@NQwhQZ5Tw9DL z_(t!LCg>b&_%H3^_6AwkODAbqiDx4w!AsPQGIbR2;^9G-Wp6{~4%^>V!@o6je|G}b13vV_!2RqB#=z9uXofe_Gl zmz#|=Aoi`nSKxrF^2IDw%cr}}#-^6%Fn6j*;HifwnY`}P1}PygU|^Axoy>(FX}rAsy=XO52Es76X}YQ>}AI!xxu{=el?go^paCUqV=Jr;>j~fw!Gr9ir5p~ zUzeb@S{NmB?doU$)Wh;sbdjrT0?%Hj$TDKAf4B$%+DLpVh=lB}pyz!pFImDo7zNg2Z^StiS~Jw-Los)qHjNI5HDJF9*Q?zE2cch zV@-!&-p2zm(BdEk4nb0YaJtJk*JPV`X7-2Pf`eN=mDiV7lJtwDhP2&RbJoMh7iJj@ zMU^Xpi@yrykrJ-GRQc><_5%s>_pM+K!tSnL^7*tCvL|!nr7$sbt@o2;6WeWh8D1an z2P(v8h@{rEFQ5+Ax?Z391h(6_)6Sf9s4u1QYq@-KYqJSv!HL(+^qM(ZNx4HUBzBN; zv>#T|L~d`M6#l+U8?QbgV$R6F8?M3>V6CwuUFEhkz+gCTycd4UI_tJt_H|_3Q@88h zsU|YaWh^kU;tnc@U#$zbbVoUX`{2=21pJa;xm>48O@ z62hAL21ZV5M#b?x6jKIj$7)gp{a+8lB3E;N$LuOS(e^C#_{yQfx$=7JJOj)@{m^v3 z^F+7Py!l-El!qHtxV5^*>xYv z`QL{7%~J-%7L_@@1VMdz*u7m=ku}-Gf_|#-Z3VFapLZZV8+`z4!J8j(R-}jQ`x#w1 zMFpitSd8A#=mU~m2u?Ajd*(gk=mZ%lS^*s#rJTtS*dNkJ@~=7H#i+mMtQ&ww3^it@ z7nY|OfZu{ookv7((T@BdKEjZzrL?jOmvI2Jn2L|=ZM1o4NRleZB!+m${Ws@&r|LR<%t ztVi&HvScQ;sgba`Um8*|9GW0oGp7b~jEzm;y;YW8OnA;a^8n12sfqPc2})%BvYU5E zv@7M=OM&*mDOJ{%iLa~12V)x`3$AFDev!l^?g!YY0Z=b};Ma zsMWX(=od;H2|n;L@{1nN1(@B}^A!M@qQgO1KFEy6k#6FVB&qt~tf-7aJnLyEVGiBC zfr78~)6tIRG}kU%zh|9HT;XG?Tt)7;)i2Dmr0FjXMp@fP1{;Yc$i|Z1+MPLAYamah zQ%#pt*%mAa-yMk@&aJ?blJ?!7|9sjbk7E?tXD=viyf~HC{>XOaD^5(x^+BlINnGV z?FJ)?PDhSQO&QK3xVKmlbtiUR6PBY}zSN@1@@WBOLjj?JK|U}ZZk&>G9UmYc{)Jg7 zll(=%fD2j&-Uyfd$~XLyJO7W}ohRLh05~*m3XPQy9 zX3GFyOY#sdIYx}6T(cI2znuy<+OIl}&NEtcEMyhF#1N^Q z4uvP+2j$7P5hD>xGXXtU)JXwm@}iu+(Wxh|U_0RRIFNa;5GmzvQ_7Zj6%qqFS(Y^M zrb303g17_6fWFRXRQD^Ap5M3iVL(%OU3N*P|2`F-ekw93>=r371c zZRp#sD_~Ga!75+>!^1RsP$_&7HE_}&O&Gr^lMSlAH=T{Fdt;{K%*bRh7lT3o3GL}X z1n+$%(j@s4*u{5TRP^Ub>P4!(3;HGkpOGJ4lZ(;xVQ9Q`MWFS{E7A5&7BcGW#7a~S z_!+=w_%@90bDl!~Wi5#C8&GdmTy;s_{^(#lO{aW5!99fzE-^AaRm%p)6~~qBYX(n` z5`mH~%zR3p2acCJP9oO->Flhd;%KvV9|#E=G&CAqg9djE($HuE!J)B0umHg=I0V<= zBxn-c8h7_V@W$QU^;XZBx#zAsbLOmX_>Z-yuIhUCrt01M`8`{fVz%IiRiSGTt8p8j z2GgvX&h$-wqrb?`lg@Z>Ia}oox#$RWzZClZX6juH$}xsba44SsUY&51#^U}T6|o3N zn^*jaH)OkPy_S)k%lnl0gxnVmY5Lm-=#2miku+Sh;bg=DxvU-LS>e%33rd49xm1!F zP!XkQ;P)xUo-WO;3tn{K>Q>q5f@5quqlau}B`$#=iF2+*ifz>gaHVqmzzT^3Ob7^3YB3n=CJYp|>@>9044K zu~eSs~5}6jgxfvGhFgI|<0iLJf#RZeM!zGel}O+_yI9Idlcu)D1RlJd)9XN?BLgfjC!n z*Aa3<*V03jqcBC!h9ZHDxe-IspE(BPV6IR$onISr!$6^aQx{Ew#y8q3Cswxh#5C3% zohhPi%n^7;cP9d#mF|-_>K_6nTxfw;@&~d_f&hHogs*Aj12}SCl+j4hh3Em-O$Ba! zzd!-#YN;q8{3(~*ClyR;Qx5dZ5FwMbC(tZ^^pqUeC!gQZO?fdWTO)^Ph!^3;BR4$O z3@CSxp)AN^H7KdHkhwK$gT#W-Fb9ILNYpX;6qovPzU+aOyx9)!Md?qJr(oM?v({@# zGF?^7+NDXVRjy_f=FVW2D+^gIwhysY2?@=Hyx%*P+5PIT_P}x~K^A=ajkU$RsdA3* z`-F<8+o+YM!vl#3SS8KS0kiPX`N3ZW#X9w;YxT|*smh)@p6SQEM;ANeyiqY%7haAm z=*iL9!05AzOX*OgvcO(Plvp}~YwbR)*;ClDflQ`yQ@?`2Y{4%prZ{V}S6-A8T;Xrg zeVM@4G?`7!JPy`6_glhBRK})Y(kmn@JeYc2!kQ?HlJ-SGTlyi%Lo(NJ_eQl2I5MHp z>1n)uv`^{_oJ)Z(X(}l^Ki3BdnD!V@b_)}h!-MxkM>#%5PJ4NWckXUfgZ)-@0$rs- zZTgK(_-F~pzIQYQ%A4ps$hf<|A)9vVg$jqdDj)p^Tdw@tn+^VRVUWw7IcPcCRzNO6E*n9|2YA;O|9!sY(X($#dd`NKX{ zw#cbYy#|vQ2~{!`S&o*@Pq#5}HLXN5IvDx*=^nLsk2~LaE=QG^P_owb3V_MdvDbaZ zt?qkS@Vd>vmev}LBwD}?n;PlD+;;%>hwFm1rA!D0beiR8&`dn8+2mhj%S9DmnH6v? z5J3q$yWT~&mVE|O^x(MpTQBdFcUsD^D$HC6zCh(ZpXyDF$ zjrNHj$b!0?XH4GIzw3cF#+U;yUUC0;j#*p#J;Fyt@}HHKVL};&l@+2P+9ijHQsuKZ zH;{p2X~@V@CR}i7W?POSKaOD6n`ZpE)8*NP&3KN|s@9ZQR8BA-)H*oR>dGTOs_Ubu<3#-)o( z&7_YQZ!R;6kKv+uYAo3qBGD^w`$1O)ab6RzO=ts#mxjo*_9WcD60)6 zFGr2f*KAN|?sJ;qWE2sb!0V}snqHh+=I<%Kadwa8a5MJkkzEG6N6b!m?C+okP?5cR zlR*V36Q$qEZWxWE_SQ3nUUcylYt-BvRW1G5?9r5FFzY#h&Q(1nySG4 z%o$_86z^*&YVGc97M=m90*? ztWBOx{q?Y3W2wH>r_Ji00IT|8NVreeYL!xP5~}!5;|{!x+;lRe?%PB`F2Ug(f1J2V z*R{Z+r^mK^9n%=i6o!;d)#i)u@K)9lHXjHSW>D}-R?v!$g5e7!W<9}Z-8Z2c()Y^p z%po<9Y#V*TBBZ-V8o~+vQ1bzL95t?jsQlPef$Vh};>lPsE=8-@p5>J?mNa=zJ4T8P zYD_+q*W7$^z7QnN8nBYRR?xR%D4CDo5bxbwC&M157&>Guc69G^>pp&~5`Rxo}EDzKyNWVoQu zQJCSUnMgVk<#{WsmBX)RL*>tJ`OdpJOk!AFMEH-^2KEUB)z3rX?t|Mr24=<2gcqQcs9#2)!rrlTm`|lTAu~r!&;_&8aqv<2n^Cl4Ih%P0|`MX zw7g<-yCi78*>gh~Nj=mPTvFF3n_RA7N<(ssUpJUYe*VsT^oZ6T{95uYHg)`^ozJy1 zEnZ%r)zJ+1t?^c!|Os z%PY)N{uU70W#tAEZOzog!A;yJ>J#4gy<4wf!7K>AnnpoU$qaRN}#&Wm#iDrtYD~$B_ z!b%z#8Ygnlaa*}PmF`re;dZ=~^_(-;+M)S+UT5Cx>d0(#Bh~R?;09c0)#(J<2X+G2 z(FkNx`k13`Gs|MHt=j|}A{p3*-h4aC&@B3$uAdYYnsrGvkb_$cez#(K#1KV+W5^!6 ze_K(=$G(+6Z56)>bOo%)+a>pn_58Sg_b{d*cugE&Y8fQhUb$lFeXTUJ1s&@QR6K}F z+*<^CA#h#B4=0#$eloAbGE5zvO}_TN!{Pb&cwKq=Xs{NZ-2q!|Uvo9gzNl?((%*a` z^<4;D*kYo@Wupk?inB5G*HFHd)mLW=`1yKIY9>0r$i3#}w}?l_gWB)W;>7Po^lo~_ zLWN+RTm1SP=PWGGhMP{Hdm{^mSMQ0v`x>iuD&t(lZ+RLnmfk~)@848swEsd6h!xIo z<0t28u))lOo&OmvKaX_`c6*=7{M6rx0F7nggW^FW2c*iV+&0xIR>V?CF>2pQwq<61 zNac8;m&WAeZbqK;jMwtcS~Dpl2daCOSKFx&itdHC(6-oW$`>nZ{OW?KbrT-9;x%JJ zFteK-B{swUCMsNJGj%(HyDz{}>$l-pyC2)fI>lIEOWW!qpxIwJsN~X^FmxoPV9WE6 z#GAKIp0bbTyNpIhC>mh8$23eQii)JNsiK(RRi7jJN0eHX9(Z^8^}50d`hECK{fLk! zp~DFx%)>P@sp5@ne8&knr!PzGI#)$0)ozml7@GER8J3lp*BR+k!C{8z@8h;D?{6zK z@!nGrUTSbc@XLriQ`CcbvL03TzF-)30W^Wi802C`VX@%ycudR7_{Ohq&2?Pwo2tc3 zOz~&S^dU3bG_*q6T9(~_NQ%9<&+NB1;H)Nh(u}K!8$t}I;H*=su`g8bT>~-W414$J zg|0E=zp0#@ip>h*L3r^6MjG zQ^Q*0G!LvzzhFm)Wi*Y@eExWQC!OP6@8KXmzQWH!bX&vBMjxMr?v1%m-GW{^F5|qJ zhNYdmFd|4$yA%ft6Jt@-XV%YL-^SM(Aq(nJ@~9xupDHC6wxb^}%$lwB5z||(;PDcq zi!V+PzLCU;7UEbAl&z!CsR5`Fzknri<9KV>CB|Y^$7?^Z4>UjE?iatx&h3oUShj_N zM7f&C1szOJl|=)H0gr{ru6qgyCE(N3qAT9s4Xw_mF>rEm-xG*j9|LeUyy19j6_ z>xR0W(1&w~qCaC)zUbtC2Qx1e>b43*$4@fXm`-Y^$79me(Y`?a2Fs|aZjKR+K3c?e z1oER?&W@#!&1ldU{n0X5cUp^beLI7T$wVp{Y|IeT*t;WJ_U$#4CS%-*JdR;XZ5H0t z9H3!W1<9`27DWtPvsyPDoJ+APCMg$sTJlln(}>KQgc{uE$03<5t(AMDiX7?P9?2tC>2UG9p@$y_wI`{V{ z^Q))@T=DfhGT111@m^>(xy)Z{>|*n%%HO+1X)Gx>xb=I?S88rG5jqt?uBkB8#bQ|= zrJ{4&xt&oqH0fQ{P_fM@U>wZXFU?NAf56%iVK}?JNl1x!ItDUGHgTEY&9uFS0jU4z z!k0ZwZ7K8)Y^wvb*+Ux{Hx76;F|!|ENJ7Dx=DFr{KG27GVUSec(>C|@j>~B;Mvmfd zGR^RqBaB2gWr3xDABXg_2u{;UxC%k+NeD=9ic_=EcU~0Wa#aKfrSGDu-A}=68^l@c zETNUi7nQCx?+Ev`mxvmNJ6cPj?Z(0?KA~gWPC7a1NiOrwW<2m6YhW1mi&(|_eemmh zpi|Z*e<}l5-FvpXZ{6jk>$*{ict>;@;=X2zl4WRZWM-x&;V$Mb$2xM`@hY-d89g2w z5bfu;B`b31QW~!zFjs@>4e?{#*=q_~GFbQFNYyVcyy5l^tI@X3xQBMitYc{r)b9F% zV^ke1;dt7JEp6x#?37g<#b$SQZz$h0#$orGDj>};QbC6YkVo; zP`Qm|M<06m#PXosAc5#+2|IGQh6QEmzC!KL^;1UNb@8cv^Dls8X_r5^&O8I)=TrcRt(+jaf!%M1 z$ptW^*t$%YEu3>7zNpk66saP{NITa%o5s%FVgcKcB|4WulQ5OrZKLyU2u5G3B6}^J zTm633J9bxkJAD;Gk&a^-2Pafh40vP^x~TZ{$~(UNwRA7$1=p2`JoWWZO>Zfk_(S2R_z&PCg$6*Z`14I8gY}#1qgJWpB86WajlX!DWCV(SSecF5NAb&#B}CrY?{UMiCV8rxc0GYu#lCj$? z-r9NH>{oNi2boRIFQZ+El({dq_^uZ^p9;XTA_`>UPdegq|7@G-eAHOZ0C{J4@G)Zx zj_7Jz^I@?n>eQZi*;d?#0kZ_w0<$NNhMS2(>8<(wt;J1aTnA40-!yM!J;A#b`7Mjq zi@%#xX^)F6$H5J|qAVMzUMadUa220D9}`AWWEB5Up=VsK44>fdQHpAQvF~wo=Zbw~ z<|}9(xpB=B^*M$C4ZR#~b->+^_ZhA4)p>44=F5y27)_g2%ZxT{TTYF1CJu24U@d28rc)eS_3Wr}{asH$4f7-L0m3;FAsQR(E1y{h^dAvBpXgV z;@jiD+_DOk5ixMpLvYAdKO>rc=QT?)=*4tf$THdqiK4Ng-&hf@dn56p2UzrE9gjH0 z0QCKX*{9#%B*7)n!^PGYeb)d1Mfz?tD;}_^2fXD9uAo)+3A*|kp&o28jf**mhXBmR z$FXk^AU~FK_%Q_fVr~327(5TYqMsuqug*I-K9|y;OJ(Z&UJfa8H1fdW1dQ5hV|qOl zIV|6s2~NUv$T3CFk|qlyc>ucvt7VK&ntX9~-t#j-wI=F9)7Wk=uxJAa!48S?was;q{MJ>A$V3NBOmy@^o94C2yC>E;d&F#E4^6^=KP z$IAx5u%IZvh!{TE2vWjspGU#tiG~2*&5QNZ1ssTLB2(ZK?t@Uk%PYUOl+`}E`^9KH zf$YRs30Upe%NBZ65(0SmLOa5i({X7*Z7)xl+0SF-NM3tZzZ^4t)ER*(m$3y@w!(-=E`WU{+=zNwI_v&Jdh;3X!gBs7ha$3~LyBG0+)O?)^SjCKfF7Y=UUzcZhp9uf=d&4$d|E%svmbEp7hq zq1+g+E&fe^XTa?3BOnURfAVL^Aepo5k@-S*G9}Ts>PrXf`q{SfH-0ANw|gsFx)!o#`~my7X>7EZ|K7B?FfrJBvMCt%d$YpAZu?%X*)-|M=g|1jxu_wMo}^MO3QG%G2Sh*jYm@$zK&B1LCb z5s%DIqY3uI;ny)m4(kX*y@&vUp*TOM7@!4S+P-IaxBV^|gjNdJq2jK`B>)rve5dRbR+WCj@PKwH#X~#l=Ty2MPgw}X&k&WW}lkHF_9ifmPH7xgO$(M*uhD4DJsf6Gw< zzP~YPGFs6JamWO7EOW8LwRsPIu3a3=2pedg^vs5XlCVVsbA)UrbDwLYFrc`alytTs zHYY10g?VlvSjJf^fg&(3WHhzE7sMuDiWm+74bo<7j@cKaEU? zuDu?P=Krzjec%MbT%mBMZTJHt98?+dp$e+)GIk7nVxB43a5x{lG^LyQ%td@s_PJ$T z5h@39)V}EBL+PGB`pPOv!vY|`Dd^pz`9GnSLsnSt*%!wOC z`|VPmz~n__L)!6l9gXUe+oug?V!dDyrV@fXDw8c%_Nnb9#%Ea2E1odUQgu}H0H7kP z@2SXDE!{-&un*8}FJMPYy0=|qcHvGhke}W?UBQ}R0=?GrxjXv_pVJzx2Grif{Hra1 z9SwKnyOxwPQTV2WY1!VVhEAT7OlP1~;ROfoyxt836c2L+o0VM>mV032`{nh&NXY;R zZnR1c6RR#K9G7+!RuF~Ol`r$B0nD#>&xIf;rSASw2gPZR3cuPG=8yxs&Jh%T0&1}D zZCeK_3t=3x7{Z6*Z4krVauhnI<^bK3>f59w&ZXJ?o6_sEoyp#!tEHsV_fS{<-V+1? zS&EU&vl@?bin9K0Qv)Luq|6tlb&tz)bRVG9L4JA?&)ZO<8z3!;m)oP?vtcON{MR z4Ob#ljjOL%aKJA2Lj5?F#%E#^22?Ssk)t6Z8ed&T6Z7qk+{zq7BrA8U@kY?#SzdLW zX59@=MXdX)1@ij-E$H9J<~h#jl&F~1hd&0(u-N53y*O0_Y#71eWE}AtJzv8E%lo+Z zEe$PkV()O45FLRS+^u#cz-mAkI@X?16DOXDnnBn)H#%?Oxv_G7v`lG5Qps((M>O0T zBZP63ongAxoI#mUrk?831T@z=U}=@HpssV=aL;<{L>|v1M9tD#j_T7QKl5z1NNyGP zJlj_Az-y8~y~S56BB5lf<_iz>Z1l!u9c_oeR^R{C6 zdGWN@_+bPe3r){=ei6cn7u;f4LaP&;%VRe*$pJHEYGjsXQQsFLY;PA_ns}{<0i@$Y z^#s}2^mUKBqEkcls7sT!V@cdL?ze|5WtwP~($!Xe!n>EN>>RVhsJ;{>QnU#-!eeDTH1r2g@FTB+dOh#JjLmuTWoPj z{MSiIi_$c4{wmYTU&oH2S#5FdC~eoM(O-iXf_5+^OKhYeZ&3Sif3p(s81BfKTnoT` z8_%*7XX6YR_&6H}KbXf8K$y6<7UWCaTN7X5exx!hrN@ZF5Y^^n8~R|(S`lq9YC|9< z$~y=7T{emi^$Wd_7L|I%2W<47!rlR9^5w^^iG&UBIVF(%XlP1|?1PI$a5X<5#B%`S zM129tIT>Pdgy>{3nK`gVoW>I(f!wIv%Cd;CuBJ`(6Ek1#zw`AV+*)j$zMrhLk5AWB zuq(9ESeAtMDVPoz|M~ijDWEcuo~dY1=Q%+KQ%-9%;Q?e(eOS%n{OMM4-9-A-Y2fiZ z+0CbUxA{6vCqXFIsRJD3S9uoBT#gnA;!q&Irs<-{Pj}X7P||I6{o)+~%L*TzS++bY ztN+MopxIoJfNVltsLGk~xW0Jv&$D;iA_u?c3E@m-*J)PrTW10GSO;lGO#38%IPZfx zCf?+7RN9Loxx|l!car!^zqMYk-}>f{{Uy|v^~-TL`u z=qe5f%P_OaksKmKF0vo`aeI#Awa>-AFb}J!Pj}fkDy0_)bhkHnbQR>kj!ASdD{|E+ zZS1}z(`avAQ0_m@A&)cQMi+R6BJYaJ`lqS7?AG^;0Y#Bg>$f6?W~A1DpM>Ts7RGSx z(z-7>S7ru}cSys*)LoLdihV#`hJ-Crm9j|u-1c%pta`AINq2zeRD4W)W*a~gc<_4~ zJ$xc5uaU2vPr4mh)1=4)(%Nc}tT-%nCynM%c7Cl>HiP&Bq(a)gn}Tjfo1)E|?Dsrg z_%OJ&^Z4XsviT=ReS1-L``hm5{t}jlL+4d#6&~oG4b0>E{?jzyrV1Y4O|cy!Ba07c zLXK%$ZcVvkWvHyX>{LEw^JOzO5$67^ruycbUERQ(`v&b43&q_kb;QCTYZy;~iJj?y zz2UI!<3Zy^*JwK(3gw<>+GJ|S$_gnxQUUKkJZ~I@=jjd3eTEuc!k2kJ3DWO5^`qX1 zVQir-pSp`v1wYYn@VcsvEK zo%Oz{CcAS^J&T<-|FF=MH))oKN>?+|p;QoymW+hVGoi1I@>zp!Mhd23V?H8XFsh+Z zW9`$8Oy2Wct6xe`%TBqcJ1hYdLObxJ?1{F)GOccZ(zqUH;A?HoFG1k@9;d>O@C?bvq?@ezlPqwe@}t!@T+q zL_L@Bie3Wkxx}Na=PYlgOENT6&{$$$GcZ3gCvsa#Pv*1?`Dy;#08Q6b{=Xny1OT^= z*OG#^@(qygI&aFUl}5Y}hD~($o%)<4DTlG!?BKAHeNVEb^9-9gC(>ftvKno+*-52e z-)rdnVA%iOa2Utb31+l3N%Ta~U#7@bq7I-ZTCz;XHR;2G&`E-xXd(jV|DFu#AHT@p zZpH=RKSu7SgM=fTJC}gf3x&%}CE~3!xS1;YAxPnS(lYy4ZznbscT(i|3t((g0SpzE zYnN&RD|_?8g9>?fd=P|%RO*Y-X zJ$oDki>Mzl*K0$4rBvoIeolM#r2lJb6S(A-$_R-}hWNt|)02Ri89xrtiLeK(R#CH_ z;GZ9NeqxU6$Cdx+kFGv|YZCJs4u`-KvN+Z#c0ftnypnEh-ebELtXs8czr~XM`qg{u z$pjs8=F^d~vj2WQUj{rQGrl_}Pzy1UC;-{L@HFm>KEh);L*Nkq4ut~9Y>7<9cr8up zP=p!q(ff-}&yn?gAJNfQIJajE>N6*;12vPPZ2Um4%;|Mm4|C@=GA0m_raXg62DxbV zBNJZMyp;YVJ@!QWs}CTgZ6c>b?=lDX)k9BT>x zi8=nq*X@yL0a2NXOxOTHvQ33>yAx7@Q$8c*`Ei$plV(|_O6eNfCsj>#cn-JYC$xLV zfnohpjh_7HAQMtXgEG+DnoC*_`}_zOxfb`ovIu?JX-ETWRqNkh;=c+{FG?hU>b)1% z#Qqm#`~R{)(U`!o4z2Xv|JzFb^NBZa&_Yy4FBZxinEpl1{QJ-I)dP-=#bg%*{f{^J z|3~!y@kJyS!ew*rd9M^0c)ZW*2e)4^qk!2T0|-Mweo8%)cC<-`IgA z8Vi)e`RftFxkpVU)mwQnlwk5#(?SAmOlI)`$%jKXv}V%Q`4R8~mQj9PEM?^Pe*m-` BX$}AY literal 0 HcmV?d00001 diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode.png b/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode.png new file mode 100644 index 0000000000000000000000000000000000000000..033a133b1ed691bd593c18392c16c2c401f20398 GIT binary patch literal 90190 zcmeFZby$>J`!k<_g= zsX?{}^0D0Cp4wG?#OH54eM}@boP=fTP4~!gWBwOgcsLb9?L@Z!FOjFgSju+c4~z-F z?KMd&70z@lo%6!aYRSGZK7FpWi_Tz`la`ivpG|>TY!>hJpz?HtfzGp6diWY#{`R&k z8xJUod8p4z-Yw1t96)vJk9m>JGY@1g`*~tSlAq%bxm$@D)nj_VTIZ{~c;kZ`T=_qG zq*tu(K3fTGiJk2A<`?r;g6A(TvFuShGH9$6y6UmmFdFjgZrtRvH43i`s(+}FApOw* zhYF(==R2`EW7d_saaAe?_n)OV$v0FZgXE?hortkIAJJ!seP=hMv>;0~jDL?&2ES4NK7$|Bd;aws{R{ekM%=dha`Qj0(X~)RcUCFfz%NV( zSsiCIG(uX`&kZ?snq4$BQ8YP8F-?yfo2hpa2&6_oeEJ%Emnw=DlfmELKa+tellT!q zn<&SM)L7A3!*YsiAF=B9U@Qh{nvWQ_Zbgz|%ZB69_8J<7jU2$&Na;A>iI9PP_}cb* z!TNg5*@yg+0X|yJqR02qasEKVc#3x8t|;2yzI+pe$57WI^C#MG#{BD@WH$mx?J%yp z&cCnznGOTTZfH@QEvhkQ^Z5t-Fh1qFqt6N=x0bN{ya}ih)=Jh|$O2D6iS>?~KL1NPeg?cFajx zbfbMbXnuaYcb9uAmNS(|3mwLjLvj-cc!| z&E*6ezEOVo`*ARdFD`SBt&Sq?CM&x_$@qr6PnP1%PY>422Q#IX!IC%-SpUp3vKlS2 zB;m4nqbz)4>bw{!la%T<$>>F&fqPhC-1bpbZh8I29kMq^vwl}LOCea&VI*e07l&gu zFG+apY##8hez94a^M6^Wm1y5|(%$HMb>Uv|<~zE(!BS5=4_I=}kwR@A5{;k-K{ho3`S%gIl;wn8gc5`0X$ENng-5%&6UYU1OJOtzGYu;cG3K`Wjx| ze04dsTD4K!Kp5i1xE)e{{gEq5`Basv<+WIZ^ZL*H9Jy$^$e`F=Do3hF+ws!xf)@wF z%ir%j;qtpU)XpsU-Zbqt)d%<7__myrY{x0E19euVFv!<$aC>?l(4!)-#WmdQcjcfq zs^KS3-0&UE(A|zcuAp~P1n1osuI1V*UPE5hwgpQsdLKa zJNO|necW<(QQ!Kfee(r(51(~<|5-3~xWftstwG4nXG#fgp6}&~iJUp=+49PoHZ#yV zym$Vo83c`nv%Y6rs&WTb7pI4PnDi+)o0_CmTjOO}c&6{k9ku4eo>zM&bK9b;anFp) z$FW$t&HA`&)H#_A7wJ5ACpS5hb3Ge3iBPIyI=n8gzB88p@}rL6{Ct04IrMpdFuoM7 zzJyZuC9?VIg?-~;+}c=);a3Njxj>?%vz=xUU7nk_?{ip>7Cl3F$hFa_q>;IMzfJdX zGbP$-M5giWK=-MTv`jHSM(Uj3I(IYXCb-W)IyCcCDb)@uC+H)HLyT}ALgkKMm79im z^`-C)>p_-cb3nlRy2G<2leGgg-#e!he|sn1N>YrSM$T~+Rra`#R@0YQZQWagWK?AmlgjX>_v*3{dn^deEJTt(v; zXnWM&k290*7{=nTe%5Z9xWla}9xH8!nF8l7+IV8jG$Y+c&#Ha9d+}|>h4z>_{DvVE zM#EK6?s}Y`4&$OqbCF*H$~9SH9ShP+>GhdRNO>K;>^lv6vC+efnM`sXTz|kkV$g*3 zeU*z2P5T^wH(GZ%`nZG4IrK4)T}ot-(s)1LN{Z~9wCkc8)j+bQVswL=R+ZJu;cD9{ zn}!)5r2cTWLcGlqALD14Aju3B;S-uqou8wHvC6lRvwly4xp8~B-WALFLKqtn-OT-G ztDo4LI9AfU?1qfwLiaPnB;#_Fl5hKTdCAR>f;mf5BAzNY`y>z-KmuV~BVlMw>t6Dq zrc|VYKNLCt1ywy4Z8}|Nu3@57&6qaun7idJ!bp=2Rff^c$)XPp$~@VE9R(t@%h`-% z{R3?_$IF(%Hc=U8VF{3WdA^pLjy@=zfdQ`MP_ff=#{XSqlNP@#S=Q*%z;lh(xdod? z(vz7{&+vFsmL^Has~Rti%ODjw-}XrfxjmirVXoWrVAUuS>RG8_G=*p}?sz=4LgBUf zNO!Ti#YAIOylhbD2z-SkOgy@Tll>I|ZnK`aFdG%hYbX949Jlk7*W1pE@ej8oy|Gpg z14&X5MI{EAz@jLRFRHR?anY)lPkav4G>Mk|@3D1qtFfy1LqBp~zQM)cZaTATP8?Nu zLZW1xAa2bVljwBF(3;ZBjjI$Th0tyGZN$@dDMu8jT|R|a%i@fK@b7&wrnkT=%P?f> zHIBb-1JFlto^Fkua^>KMcBf9tpakVq{yHCA%5z?qCrtNsT0UT>)`YFgAAeqJ!b+w) zBhXT$9CF!N9{CwBne9QRM#)qXRZ?;;w9|amG^M#(QdrV7iK*_jU6*T;gX4-Y7dZT> zp-+BDq;favP4=$szOK?11=y`=0;>s>0+LKoOO!#Xmy^3B%Q2F&b2>H;Z z_@1sUFDKh`)2F&b6;eG@PV@K;Bsr&3wFn>;x?mp&@yNj(Au{wHRLbdoFGV@9DD?>Z zWZ-C*xeZDYwGr0YhCIXaitUXVko1w!8JGCJ)4WwZb#AqYK=iQl0MNym?t7ZAYlYyA z6at5#@+(dH8zZS@>dgxLXiVk49P~DWgrb>D_|X&L zq29@#D89@{LwfrTV+Nozsu^cxCr6X zJT>DJhxsFi^w(FrEe}mT4cVQwliIuR1>qMnk1h^U?em!$BZF$<+4R@B32+rC1k`f8 zUzER!Aa;x)clh&0f0i_qUOB}ghF%&yOuR-8es_g)FXIP{DpOFy6gLyfsF&8tsC3Zd zMO`vltS>Ou=058~G%@l4o7DeI!)PK?G2^xwA~{q-+ISsicbP2Zgm8v1?!l57uUg+f6kZj4gKy3>y7&&q zI_XCo!~A|i0Fv1+6#58vqT`7lS)D+4w9H&Xred0S_YN+5XtX5OlB-&6acO+eP7i%0 zaw^cW&UHh}eVe2rpxDDWRD^!#Wj2lxBA7`dCv-N}mhsW|Wbt&!o|Msu=h3F6_c6Dj zjL$}WV52q7vTX3+9!-F3QRF!FuxsR+!H7@3SH92LQ87!2U#oa#-@)2&Dq6O;oRP*W z&P2&Xh8@Z+4GNM(q=gfyoHsA$a=E3fPkm#DAP{HvfDf=eFfD zEvYcA5+b;SJI%g#8q1NrANh1CvAs}%@A{)D1(yLIrc{(0AR@OkA51@a%%5b@d^BmT zU;M~$IUZ5;1H*R{qYRNMiOGZIbGR6-VqUm&rrYFQ_n6D#^K5TOUO}bGvyH7r&sMpy zmj=(1LhXO%MdC5xM=8SkD+Yu&wx8@+W}T)AxN`%5S_=V4vuaIoO#4JLMkdF7XQmjO zPc)*d30N7qG|28byrW+yxsahi4>GrLBXbm>0{K9Uf@Jo`N@irP7IatNpjKWgV33#q zT{$JQRm>0W(Sum(p|@o(sr8`S;Y$}_Fi6$xrY)Uz>S1*(6h7Z=**5s3OW7apdAQCu zCq0J${_krm@Ym1j7+8T0)a>Z#x-{O1d|}onv1hHwtlT}5{Rjs5>liuFsJ9Y5ajaQx z$sQ+yT!~G{8Lzk2&UmO4n&Eie*8$*JY3qtqBXdT0uK4(V3u7Ql4t3V<;V2*PmZvB#-I@A=0rrf>&B>Z?IW;(PR`u6;dRQA zpMPW`KL(^qE>F=GWcgfP(3Zr)6PhCys>Tk3-`4w{n1zHd>;$Dy^dRd%vP$fUKmhU<7LpNci_G_a*D6QA4^{mz3s1oSL9#+YLJ60WXVQ4Qe}P z48StO+&Z)5>Y@yM4qs;daGufV;8Eu-AOCEM>x6$<4Dww2%2%~*T1<%`GN<5t!{#PD zw;7KGY-a!u=?)7J9S8+-6$-KEZ~I*!9uI_%-_(F&NX>2{M~O5(zGEyx-}52KQjr{u zc|j@${Z2;o$3F0kAYbB_!lC3lC{Iu<9J!jIt2Dl1}(&Sy0IZoHv}g2Ew_3Sr8691vL{yTGh$-`lYfrZgEFPVKgr|o83z^hnUk>WcV zH%XO|Bqlf3W@yb1}d`cDz~l4 zfEfb>MbsK}Vb76Z{(R3k5o+r+EUa8(sYZ4Qm0PZhA-rjhbM2C6P<>t_RF(a}@<wODM>vB#>5*ed91eHz?#;=SsxhQa&4j!A>W2gv*FbIN4f&uq~PI@tj=4 zE?*?nUG*nlAzo_Dz?jQwM$qj{jiH<88gl^eVL?-(0__#523+##=Z>~&X5CuUW(p(? zUafJOw_nRYt?1cjdfdn|Q0FN{I*HD~nQtc}?Q_Z?A-NcSFPfvrVECls8Z(v%xeM$NPp zrgq_j#98(o3P{ZA%qhSr?}e)j@eWWxwQ&8`!&x@y&u893)9eOCYUJN~TBOr7yHBY0 z>(q?*7iv=(FC!DEqP2UvW0_MuaJ=l)^t<*I43x?NWyQx$l8iuhwko5?Jk+JVuqim*x}n?#Ea9((yr4!)NJ*T5+sLj)Q%^VrYl8 zVM34B;rbGyVwJ2_ql7`=>U_UX><;;&8)L~Q4D`myYFpBPU+bU@hiuoaq!2rT!>!&r zN7X{OITRz&8RnffE3}~le=J6 z)GcD%3E!T2n+9qB`Av6hl^5}=OW~LUl0xqB>)kv0K{Xk20}#U zEwqRA5oqhp@l110@DA{Auu#u&jN*nV6|vPV;%23Y{k9Uo@zZ+I9D%>CLczpWc6G7i zr$ZNOGG#S?2&zDL3O>(nL%b~A`9iTlrF9PwdN*_mG~?wRR{_Am6r7D zT?VO&|4R8tOPQ7a)G#PB7o~o-eC)3j7dzYl{IspgVP%DJnfh(b+TxVgfSpQxm0`Up z_55(~i`Y%-I20YBcKqVWyyDr>w7Vf*zd%-bDLH^3;kN0*J}F3f-kMM0?#qd9`6JRC zNSljsEOCSIo%+1KAN%-14hCfeC}q(@pt>&PAilQ+eY{g871+I34elq4XPw|Uu)eOm zyTjR3Z1};wKqPPnuYywILjp*>d^cFVgN-D4m_(iL}0fr~rj1=c6JM{3Bx0M_djuRo8Ts=}1r%-iL<#df0URloVM&tg>MP}xx+6}BJ%=}izfnT19yic8=ayg6Jhdg$(v)XHR8%$)|8Qq z(D>HWR~ipu9#KoT655Y#eSd$)e(cg`1^1$rYlfy_8_#jfcUor7s|)$4>gSXw)dxXa zno!FqVR?^Wt7Q2^@$7Gg%`=Co@)!PjST&Kfcr&4MowiMf4>vJY=I}A{dlD z)L7a&Gspbzbo~GMNKsF`&R7RL_Q$8-KvSg3kYZ?$c(NmCmRZW6En8$eS;<(4lxW)`5WWoGeTo|Q`vs&sf~z!PZEXVVOIL})KAtx5I@PmY zJ3_-55(&PlCG`;bXy-F+lcFSHY*0)#1$8nb@Sl7xR%{4c6J|uiRn}u)U$WQ!^8f0pX_TAlCeP%3 z0gmj>@SW0{sD0|Cp=s`9qr2$!xqp8ZKpddmZW z-p&?!9y-4An;Q2`ABrAg$d~_QdnHCg`5AlTfqHGQ>pv(!eDCz` z@$lP2${B)`03YHMC`KWmk)!ymFPTSW@)EEnimS1BBkxYH0M(@kB*84VmD)|fw{wI* z^)f_p?+>epB;LA5n1GUh0E^kiWi$Q*^F=JPcE9tL zK*4*I1k)8w->}c5Utc-6WC^b=6DV<7>fXvTq7~X65V^96W6_DKq#$^zs)wnWuinN5 zgo4^M;T7!bqV}uo)7ije{0N0ADruB>+fQnNl5ID8dCBiCrv3r71#+vUTL6#VjEu^| z>jF?z3|F+4QFc=5{1vV}C|}>kvFe)RID9;ATRu>ydiq_O;tz0XiAuQ;;@InCkpDxS zUp}Xc_a9vr3`f9p^6`QdczS;8E*J^~%45AA=Jj~~ueXbq(f{F~v1xw;Sag0TJ$`0G zd0m#|IUfA}V?PQ30oB;=9@=lOhW5?{WszXh_ILdK$Et2(K853->7t=sw?6+)G55g7 zy42x@Uauvh2EH>^0XpmWEIQi%NYa0I;ivj2Ye`S+8?wLq-~ah);9R`R({@RS_V-)l zfBkh0WqZ*t##s3M$9@^d1F?2ggZ2*wC0Qcyv1?AW#CNX2KmQKIwloj}WzDzHu5ly$ zd*g`KqwGTQ%-?yh4dA~P{r`sE-|djE|Hq;C#l?t*!*yMAe<4C7NvFa*QQv)fM9*uh z${gfHrqJA|9TS5x<3J#arf(oo%)$$+pPeJmK-F))+?%*CS(r|43G`T}F)vsEruldO zTPVnqV?9=Ui~lP)Ig^1fJwXN(p&T#d_AO5vzfzH_^I>55=vPeQ>LLgc15(NPwzocD zDt`(h;m+nOsqWlDo(CKaTh+QvM=EcB6YDriDBH@a{+iAy;2IL9>>5~merXl!Su$xA zC1e-X+MOQ^tK>+1BHTW>gH2)@F0fszmtg^<=980^^u9nM0}DXD#uf@AvIg73Nc(^^ zX>$8MF^)^_KB!5J%@LJE$?R6c~k6#+M`OWF^=Mkl9o}is{I9Z}p<)Gxz<=Kusz)%f7t2ApbXP%Tm z5g!X(k0#zGgBzl^RO5AH*RAdi;U?Jva%7{#or_jH71KwytvUwmw`{W&c4}+7>s>d> zgSnNGxE!a9?32%%h!o;zJ{pV7nvh-Z+W6z{X6?kP-Y%%UcHV2X1U=-DA$Qd*ZKT$^ zJYIO{3{r2M1P{RCop*Um+CwoNC>&cKeLoF<_4tLAro%YOgMmfBgfVriZm7ZCet*5N zgx@~L|EO9mf!iLi4CyC3epeej@6CK?KLG$)!KhuFf+q!V&d@L3qTkL9t!iEXY5J7J z3AbD2mr@`0p75;;faqOs=Dn^eupBR)1Lh8tbQ{jDl1xrJX@Q1tf*`u+-S2)Xb#Oji z%O&b0X3{RU*@o`-qw^8odH27Ly8kVR-q~UxXeow3>g@ZOuhCc1d}-wr#VJGi#k@ad z4d%r7*t5La@9Lt46at{EQoee2b*fZK)eGy<+NO9G9o$@Lm$LTkb2dI(qG{bx^~3z8 zv10vXSD7f*FiVv01(X!h(3)KA$DFOMCFi`f@-e}JF~!=-112EXo6o@l&F5P~z(?_! z17S4MC+Hrq9PDs||087!Z%ET^aun!Y3J05!Pk68RrSf*4QZo0gtUNIBrD+eC>vKG3 zH!hw~tQ?W(*6Yn~x%wVli;+d2s=)ey?)4Vj5y}m)Acz~|EK&E2-)++Ze0ieyV!G`m zzEWU&N%A?G=wR6Mie-AKm-j3%>*EW^YgthbupQxSn71cK3jv1esdn{(#7A(W^2lg^OM3fi$5o@ia@lIkzidr>MBgilWH`+zPe6`7ggsb=Bg? zL7`!Wv2LJ^gu#^71i1(g^_#pQ6+l5x0%~sufMB%XLLd6804r^$*qu=U>>zwISa@SK z_OlKnF{7Z!YJ8LOO}D1sZ4;n0lAR^ot>So*hh@G%`&huTzf1x| zd&{cpuXlIqH!6DA8fvXM-M8T^Ch@b9*7`mGj28ntHEq;6U5vXGVtd3{Z}ERe+{Ed2sPXDG+&&f<{v9t7j*jag|Tzh9Eb;Y4=dhfuGCP`ac*#ed=+>tS1 z`%z}v7P?}U@tV{({iP?O-gq^YFuC?yM0%e~Qwb6{3E2%c*O6<(^hVP_d}UajRrY-Q zs*KLahx9f}i)T89?Rj_T z{1Pj>x6hM&mbQs>=UU%p-wS`l_H@IYjizlN;x8AhEYEDh>zu1Ey_;XJpDr#M+>a2L z@H`g&ad=nvSQsmU9!lZ+P;b&ucPMA2Xs%_ zL&%bSNQ4tiN4_@rd=zf^AlIEB;^*6LUD8OnX$|U?xTY$>->yE zwgy;Pa<43tWUH}GV%@SC*EHIuC^HA>+GY2))Cu&%tB zwXK;ZJopw1tU4HHF84{BSX(@0Ol9$ZNLD-5S316K%&$hC@m>@ULuEvGgq@~|i`WU36^DzC3t>9d{ zrx->D2zmVvho+d50ovQO3lFqa{9nDoDW_l;^9mv6HhtL+(#Z75D*u^tD8WW+?@siq zpMVLxzmYg!+y@LCc$?9`mOH+B$&no*GN;>!49Q|9IBdUvcJAR>ecBeQ89n@y|WVjIoV5Nh4D5x<_-U}1ohgDJC5C5jS2Jl^;UZUq?n;bl!#bu14s0z z!}~qJgGOJzSutb#ol-^UP}BW^RUuNVXpQ0s8FFZhVG*BYB@o-d^jV$(v`Ft1vq-|ITBT>X;w~H`;6T;S`(4f(?`WYjA zgwuqDqE;nG&8%-jiQOhfGauM3eZbB5tGnsqNLPD6+XIlXH?`*7hLw0u^v$m>kUVZw za0asY&55_^u2W)x2?YB0HX7&TU&Mj@#!*Z6>}A-1eHO$bE zX5l&JQ3Qd1UzvskXjrEOUi_-o4x$?2Wq~8%rKoz_e!RAktIya4LCy0AK7{fDanhVJd{xiY>x9` zbPbKXa~m|TuUvvz-Pk7}4GO8syrr!=Y#0L|?nkJj@%zLa~jO-E`S$vdDOF zn=%!tq6fr4GHHKaPT3b~fLj3Fs#{5Wr@GQpnZjWtUTP^+R(|(^ZwH7$8yYORA7=nO z`8dk=KzEha(D;hJ>dAH+;hWVp@?@P(Mw;Pjxz4s#po9?|I~RL-w3t+HL>JpijHJ#+ zewjD@7~m4K zlW?hT| z>lpyO0$u`Vr80FyLCSc#-{qR%fQ!gRQ#B;oe|dgWX~y2uun~wnf00-Ss(s@(<2Q>z zVs4VFHY*t8(UriuzG%d!La)QML)k`6_B)7^r&?1BVAdx%x(MFSHGKfr@4(U_gaCaU z7Ulq%?z`uv{HwgO6G49*!?MG9TR)KU*bd^_;|mx~<6(X$s^*@jvtDQxRA(sTE`lZx z?7;&4+lMqbj4UaVS*4#JX$HSaPHZVQWw!8selE;_=-HnyZPi#(eldu`VnfL9>>(79bLL)8fapVuo`IJQQ9CLME;_B_6t~S?(KA!7wfT*6!tHry3aUL`7<%# z!%?1I;|FMC^ZEf0TX*`w5Fg1CQiZ#6K%t>bkzUfi zgH(WMF^)xI@Q27E*3}a#K{gnEspeZ$x^#5<;p`3hwLn8OgZd49$$s0W#_?lrq*Oa& zZc66F?yoBE6Q{9e>??v8KoQ$IMp*6}V;mOoe$GzAwqH7$px>{Eu{P;TdLbqt5Rzh) zzB*8vMxe7k4K{!nIcXA0Pt!OyDLPY@c8S4b{y32*q=YOAFE-S0H!G-K#`#Q^hOEE8 zm`8zH8`sGy>y>qjwLaxncedbk#l2jA62QoK!L=LpI$># z0PNt!=tgq2d|=;ifUEB?`<1NC1i$c8Sxp-}(?DjGlpyuSu@I*pB7T=S$mPC#P37t% zilz?{H}6`2DR1BQIfZg#jbwW>luOnr0E^nS5NYrzfayRjLFu zvZS${fv1~fX(Ez7M3L`JOb>N8jL+))(xH|+kN_N#X|qdl-LCTzy@BowJD&z_(y%9Z z81Q6ChjD_kTpnkX6&^JDZP#=Wd#{T=9iyRNU`G(J%Li|!N*L}Z)o|NR9*@*2K%}=C zcAEO%cVO{~H99m!ffRasX%E&KGPOFGr7z^yFP25a4Ce9cl=p1vEYiIEhV=BOuF0?U zhCB9&+susvCM}aEyB>R|!x!|?Z_|WHy%Q=mRD?zvS72LMJ%`v4iNBEwAhe%fPRN$k z042W1!s!Z-1ul4{WqtT*y}Gp?9gEd*)aqF<*+JP91)g?)|4 znT@pibUx=C$X3-@3eF;ZwXH{<4aM`O^t^23$3bBTI)iqf|E+r|?je#?OJl)rUDtm) zu254-o!G>TNk?yS-;YTS_Fc=4*Bb`aJj;6ve9ze!>lV0>FxurX{KNh=p7~5O#wq;ce zYD#UT6S+kt{4`?Zj4UckV}3%jQmwJmuQ2Vx?N~LuI*o^*kTDdpuNR>5P8EK(B$A z@)s0BA(jWyNG~`Ze^t|R$vyP~=^`xPDe3K=uoV#LE@!%x7IW?RT*^kY?A{uy!m|a7 zOEZeDI9=OqnrCua10T+vUmgf=4Q2&-U9kbW3KA}dqq&`BiZV*qF&SXQ$Znir*RZmT z@d%oaUN1f_CW_k4S5DvUQu(h$oelxv0DrW2+51_gUDv!Q72;mgxkyxZfQ_VE0xE-kCwLco;^8 z_8Yz04egyC1ilGqt!>OR;4=Fe_`D+ei0x}a999_J02cEPl-qvdWTI%a*3l#j%Ie84 z0$1L^3OfQ$J5pw8Q`>_9Ezn-4pX^Xu?jV(X3`a4o(ldAFnh53}^H@BW4&;ZxXrrCDx6nZfA!$oObdJki*lcN*0Dfi}l;7M4^+)jz%?N(gRc=Uj zp56+fH8v?X7s8w$K=+Eump)4osHT)MDs94nuK*F7^b_CQ7(%%HMc}$zP20vnp zh$taCda!5qI?Zj;ayyAh(BN3GvRIF&o=Es?^SMTuaht>Q8nzM=$jq@bcFoRAV}r?8 zA2qs%^dk{ML?eC7vv~_kl`Opi+_~ztCGeT#b!zYXWx;Plw%a^xon9AvsqX|vs|fQ= z`8<8d52-oXAa(6?5rmAdULp@&9!l!)>&@mls$Fk;f8&MAKv~96a!2(t4j|P&rOs_& z+OQMnjujqJK2eGx%>vRd+Z-e_WKHw*z%}MvuLQ`XNkFu2A3xK2p^xW71KPz5`P}i5;zl-#j7La+ahXXPCb@0_{}A;?2OJ_dXlZ<|5XbTixO_qkpFKH>VS3q( zlG!&wG%Wv+c=!TP>zzRcYp6&N{f^6EM6l`~-Ei*+&U@__EPa0$(ABVmo!MCyy;_H$ z&@X^o$ua2&N6{w&i^pWBu2@k!An`87k!@X9N4~4Y07TuAWHQMMs|1vl^k<3TYz$kY z&rLKGJn2mp7(;c!lIza*0Rk4sJ#-VLvVIQ7=yZ$@*A9Gk&3b;p!Bh3%f=tR*u8n?6 zw)~kl=tg84paAe}ifVd&?zTBDt{9a89MEl%APgO$>nYE#Scw$(N9N;SHMAc&HCZ1qk}2t0BhiwrR`BkZgx5T ziI8)Kl(bTpn)MLYSj%`!9Y2d@)M)>9T6XLdhkEZ&D#{FC zNZEepx;N9%a+r0;e03eF^M}>1{bgTcz(&93PC+~d#{SV7-sE$Z1o-XF6xUIm98kvG za$_>EQ1htOWHGovNmqc?9!G@{iUa}sQaE$3`MDY^vyO5RO}kqf z`J}F)nXf-MXlRzOtlawhF9({dMWdSxDhFHbL5$zq3r>>;PB?v;1>mCPJ#4}b z0sr(I8g1TNYHR0FgvGgJ>4fpCuqX7Z0v3LZ+FwEE6%>fgYW7=hVqp5PH)JUQN2!+WYhrOLx5jX}tv3>X0p}z$CXgp9>RA22fL#p4} zAsA9HV3~b@1F!`CA@w)(nO&!VALqUCE5RgOjtOq@hFT`vWnuVhHIbd>uSV?ip_lUy zF|a=WfzgIK^KC#=`E&#>`qBl#01ZjkluTyWCb)+IEmxrK6x+n>yFCMFCIaQ@iQ~t$ zla8R+>R!waaHzn32>b2H85r>AVpp`j2UiF=R;1SFOeJ5cp<`gQv{_*V)~d(OfZktv zi#)jXF6M6N6OkFNH^ixc9Ki_ri03_UdvB z4$Ak5*5q;D@qQZcn3dFPoeua+=(x7qjYtC?^AK)N0`o%E4F5X7Yu(#t&}q6J)nbM4=R)gM=^TL@yk&2`qVFjtcAIOsrj z7(hMBfRVC(&+3b0FC&!&OBP zPftO2`c^Suaz6Ef3D_)76p;o!w|(G~-vS2!;UaSHtTJX50Tj1HP*8H-on1n1q%5Us z7HY8?#+Wgd$=Kd`Kt>!YLjbn89jNLNEUsDHE}NjOde$4Lr8?pI1)7W~$ubEzF)%2< zXHLq*hD?B#m|j32vi4HEIT_e1+0N~f_uz)-fB{V zZk;-7($nQHKQgMs5w<0NboLizxzV_C=sOFg-HWC!+Zsnbd*pLJ2E~bSIq6KlnLJ6O zX~d;Q&Y|fUQOV4kaL6X<@Gp^zzUg#DPK`@FvzcSN>c_l}O-UyIS@*y2is=0tee4HY zQ)8HDN%w^ThhSobKcf_aJphV@T3ql~}KJ*+jnCHS+#Zut%`0a+5i zml|VvP`Y=x4kwf@v-q!n<7a^ z7EL%02=y6wZJD8{zyj36I8YCEQ0sHj%<(njA3Zad#*$nQmf&`N-uO^>ilI1V_UI|f0XL?Vd z#28rjZcNX@D*~6S2zq(r1*a!A_3C3LPCmL*JtVfja+b(Ro*O1g#A=9n_V$VTK+&03 z1>|k7-mupJne*s(SE{p29CVyk9D2Y04cErLR5v zb3mbW@P7w2FVOmC1wy$w&u%_Wt~Y_-wIF#_1l2+I_Jd>uumjY|d15N_+W}ugFJMSE z1szfB{V*`YjO9XKFS=6O6DIa+pFuk{0qHoVywU(L+y1osY#qubveBB?LE+U4xu|VF ziU?)ago#L0F)?M*6JxzLH*~e8)EMTnT)b?8%bZ0_o}j;#oyl?b z0~?zv+F`g!4x4#iv<TO%K?T+QW2-+4aHtsC(~$Fh%PW&fF8hty&OZ=+fICBZik zF-bm!+OlWQH-xOhPrQ1xhBLP*l!;}}ZV*M@SZ}OyTOfRH3IsxtTf@-9M~e-Cbq9!dB*IX zc(FG+ea|pIg^eiJo){0MgGxGV`#GmJ`PDGP{{Fz#cDIfS#4@>p+N|VatyLrx8cFg> z*cSOMu2Gy#{-E)>{ThkJ^o(}y_}M*XV)RpyUo}e`id9%<6%K|?NA~-hJQ_-tX9JK3 z6XXkmZyt&L)osddP=4dMv-9TD1fNj9ot*uI$Nz3B`NDwvnRiZ#bg5E~eo(qO9rSFO z;k&UkD;ZE>$_XX6M{kjs6SDA|9AH);79tdo5I8VEd-5LSUtT93L z67Bn4A^ns&2Ki(cyYk6>4hGpGLhRiEy-9-k2v@)~Ni%*$a{2u8GvIl0NfSooMKZos z0SIKeUQivno4Nn;6?EFI=X_Rf1w3Lyfhb3jf(67=y>Lflu>^1d>5K5k^)s_bGFBS2 zeI$5)E?aE88Uc;Kr&6LbQpk)BAWRHry|D_+>TX7@G#;s*>-oxX2hjRBn2-hKu_%ci+{xQGPQN6)iX-ae}zhL(g=}FqEYTz5il8S#a z(m6BSu(U>8_n62Qi~a`WlflH97mr6^}(z3!`IfUgNQ#9a@9Y(DEg6b z5~0j=fqlH@j;v!WE0@@BELW_}9TF~a-L9^C?|bfAcPL(vY!BupKD(%AAk{In4s z@(srQpIVsj=`VVRCD+dda+PYq%zZo-Q8Ow(b0?dgu3JXwmz-AvTC9%Eb^GdctQmc< z{fW$p5Di@bef5R#1zmJakm8ot!Rnm*tscPtPc0=y(ti|W|4HX;K%W=oAmtisO=H6( z0E`}~4q2|W4G)p|u8tamsyn^QL*xY4Mu(k{fl&$Lio!s3uW%U#mzFEUz8%%esi_z z?V=wmBb~Fq2h@HK=$jR$Ns*A^#*%38&zadl9XPS>}ORNLy(!}CPz>|%21 zBJ{ zJrK=3fR>t-T56gT_e|Wlv9vM=E>u)R+*?r*P!Rdi=llNs&H0OS&hy;&bzj%x=2c1g z{Jw@SW`wvXhL6t=xo-5L=PAo%U%)r1p70jMej(uZ?#qnO~i0 z4*GqAc8(|h3xU(RPytOdYv31aX$6m-e)+m~Z?c)Pki0~1FsXuIZAVoYg2qHAZ@-kY zucKPzRb4byTTh^|TJ`BqI8;O}C0M3T)Vgd7YzxIku;bLd)G@*Wv44+KJ9@R8nimwoMBQ(w(!%da z;xTA20-W@?Nv|kQ%jVfu>|Mi-1iaWQ@)a;RQSmE9cme>}<5m#|1->TyFqG0hvJFq$ zRdWYJ((M9cQWip;;AXgTPUIposgRt<)Sqtm;0WRvGx-1EeKP+$)5kFeAa?A%JB!|{ zy5E2ZTQq!7xopK10n(EqhG&v{oVaf5%>Wk}GdMW7EPX2`s*-D|Y;@>4EH>QQ8gcK* z!(;(%vEJiRlAS(r#T|WTR=2Gn=c{CK*d1nbNt22?TJ_GL{~#h0H?I~p-P^F0 z_HPm|Viue*`+JB>L0C}!H@1-2KS!%i4iof}LwbA{gdXX(dmgS{;smr@UN!8IH5KI< zB$$~ejA5{e9~kJ{yb3iIZublQLTQax_*B8&HtsR-Fz=1rW@hu`#!+Xm%=NF;oOif# z$W)6v>aW>4fB2khFlE8{FRooJOKK{;tw;0BqJu;(h!u=A4Ek1x{7fBGi{^XxLxhd! zxjwd-IaeAPt-0b(WQ37`0m^y%yPEGASh52l-G*e@nB;ry^{oGb{)DE$$-UpeEMkL} zkX@Qz5hdxPEnr4m%XIYA&*0T`zq|UX7`+PDFI~+!4QFA_qrI;Yz?hzjy9s``O>RG2 zYDTAd$`g+rzj@mhVR9cWcVsL4Zs5wMO#eJIl{mkzcuHvjQ|y99!qP4QL!*+R6y;#) z`9A@2@s|LWP?V?=Zrp_>2Mf=3ROt@UiUj!SJVUWh|K&djRLb)H-2f^3Po0U{9N$h& zRbhgEA3zQ zLQIB=x?+0LR<&!k+LxuU9_}3ffobI$^~D2j^BH|4C5YSP0vEoXo+z7PZ?*%_k5{e*kOW*LUr$!P)PNS8o3OTaEtg4>C!U zr%r!-Ir!J(ky_;RC^wE!+0BkzIQ&&&ao7rmo4<3uOumNux|BG4Uy(NS;SyW45Z7(m z1izaNO+^B{eicYsZgD1ky@#2{R=@PfrV+Z|U;6l6vT{t16H=3UaR|Q}sXT(e;&DG$ z#O40Enz6 z%^vY&<<^z|M2ICXG=Ld%U!3RP7N~7XO0?(59r%0dNOq?cA~anbSPwYPXU>SgVPH5l2l&&nVw`9 z3Cs@UdB!z`(0yAmyW_l}ykFyuSAZb_kE^BZLG}5i{IqylN30dZefjJg0CnUl>$l^l zEvcsGZS~f^)-!3MG0flZU)>9`jd*VS2_5t^tr!HLeeNpj8Xohm`nc+nr>`{TDNo&u zZBe_k&=Z5(a=OZ^6YP_EREHJfX6|hMCReEFz-!IZeQh?o{;&o6i&Cm{RIrnY$-Dn& zCdz&ABXl%qbDrCpeex`batt@+LfYam4x1<5Np!T;C{3-&PUJRjB|Y9Nv?cYBW))(i zz>lM3W>&n8b8V$l+UcrwO1J8}cb89qCnCr%n*>9`cCte~ zQ)R7c;e9(HQHdX1(5?1V@uD;HtP9LH-kckeq}M@L8H z;^BpJ^g8$2;1d6&YDUJr$e{|x!>F^P7QbRl*Zjb2OjxO)ppwDddmWXY5d?1t>(lv~ zXvTX(TN$zIqMoP`Q4l-}XJ0jNLOEp2il8S7dr~J$B|xUM{Q%&x-K!c>6Ouu(27Azl zG2z0bx4;R}3s-|MT|Y-32)7u==QPU$TR$`=NA;lLfoW=tz7WoMV{*-^*lxQ*84CSn z%W0{(0PZiHR7I#Wc|v%+Q0F~#RK}}R)pU(@|3syj$!|rZXRi)Xci)J`?+jyQKxlQF zOtau(hk@Wo@Y`(W_RJ6{TCHhqC9-QTco%ND{2vc{bg>s&)GW`juJ2JQtW0GYyuWNW ze^F8U3aq89sx>64rxvxD2mL-}`87ai$CmE!l&BYw+(czw0ualXwT4GXfxRF6g-Ljt`~EH!G|VT_B3_HSq@-NredCO6aJ!K*624Go4jYDzts;6&Fc}GS48+~N zF@){RNG~AU`^#9#MkC26e`8wO#?Ba$B6sLaoiqGNqyMh|%ZzL~cvN020OfiV|jkO7^ zoZIXjVq{?zkx6Jwi*A?Lo=vf0w`OnmFv5CltGjx=tIbJTAa&W3wI@IIVDv%D+>2f2 zT6Zs}l&*@H04cUPIQ-92_u1=66CwJ+r6@()?#-D&Ms}yrb$#mfl+$u(aR^Uv*56dE zdeC$*=^ap6Q>G%G@u|t{T<041qr+$%2q@A)AhBl?ruF~I1b)!VYT~A`6^&k-2jll8 zHy<*dos+3CmQ)Y76|ChdFSpEIyai+JxP*hg(&Aoj@})<~Bazt_99&P|--$}(P8|d8 zy+iXhE^q6b?;*z}lC#7>6^wm5bm5-R~$WKC(xUm+me+jsw+*sMUd-@r7xjwKv zTm||eLR3YT*=aT<9`-0D7wC>EUiXis{XHgfnSkz z`WLO{$Z#7~?J-Pn4FQ`j;&yRJ)B{1#*;~HIf_b^3vN1_d zt2qy_H;&w}?Tydw5uN`dfbgsL2}7NQdHsj2sBdmN=oL4X6q)pK4V=;0oaI<*?_pGx zT~7p=3V&@|z{HBzok(w96|7eTEW6$>{8THb-qMJ4gab%c6ljKKLHH>Cgg92IX726^ z)O#fod`XN*&vyX69M+o8b+!Ns?IBtc?lOLv8G9buv9P#TBKc_NguX{gL9d4!r(iBLl^;E!ht3(lw zr=;Ddd$AqV8=kxrf6gTwbRw_&*Yhd(QXS$|b3};Lkq_(9ch16~*kY~t3u9^gx@oRA ze%`YUY#%M?CaRX&_k`HL<2&K^9v5lc&#Mt!Q6|B;6tuC}v4yPp7{gwU&FU};rfIsh z<#il2NQ24o0>22mg#C-sop!D06$RZQ*g19~I=<5H1g9-`IE0mV5>kz4EHrs;;k;2HZkpje?o>%@~gBUfKN5UU3&e5h3S=m{Y7&j0)N6JG88K z$GgQ>RE;DVIEZBFpPaaHIr3%SQWbV+q91ZX){0uoM(p(8VS2RXKVRha4W7vI$064k zHf}69z=>&%zkh+f$}k<-W>4ghK>5_4{x^`T;VTgYvWN!3Zz)--`pK<*I%dXKsUNT| zLmFuNW5I?fZ`)A+eAZrrN<=R(?sO?ahAds~gBLa((*Jv=T`>%`XxDs4M7U504tirZ!>c{9i^RUw``dUs*r?>3u^i$qx ztg=QHjsEvJGhLJId?EtCGtlC){AL7|M>V9@0{CaTat!|Z{~QIAWVHeMuBTK==kya zFzK`(mJ8VUt8yhhQd7>+9z=ugC?)r}aFstfzz3Q4yNcYQ`nNc}se9l58Les|_MOvn z=eC-R?B{;ptVvdZT3S#2VHCYBv1@K!NKExWt=+uOqn`0gAUTG{B~3htxMJKa0NVKx zwzt_XcPpLoiqF4>^b9E2YoQyZ%T<%H{~%B}u7PPj2Iw}ByQUH$GU~JK*%ff{OGdSs z(Mx?>NPU@u_q!-MAe%E8U$ z`jW0ozO2vuog!}GRPuete>asZ9Db+&K@qGB{vj6m>%JYaV5m0Qc&@|q8@qjXki*Z% zm1`ElSc6crm8gx83!~t_VJM~q{e2`>fm6{MmvM3%T5}E@z4SM-B><9s49Y!1#{ep1 zFNf|Cp$0FG2ACb`>-=K3yFsj*tBEB0+Fo|csOI#wSAkarCn7-`d4kZrJ9`x<5lxcy z22*mu=QI&i+rFk2makzKr7|_+W+NzzqwL>G&CGG=Qe5~Od8}TYd0=c9^X{MSoWGVs zu2Zj=(PKcP&ZK01y}C<6#;9`JkL8HHd9g?WA`{Ue7;%cXoT2a!3;1q`0^x5?^Ex1B$ zJDA#(?#Zd89ZjhZ^6#^4?}rcXt-r2sP<^SMpVR|$icRNI*!OT11_^wq748k-72lkw z%dHVE$iQ+6be;~OkgK6^?J$+)kSn`?2?o{it~2fVd7$2X8eQNKs>9xRAOIG^t2w+q z>NCtoZqR8QVQhUa;=|nuh}+VTS^qOeXMSR^_n|HK(N&Dk>oH{(rrMJ_jpAlHmTB%pBy7hvWVus_LSAau) zD~1=dQ8bf8ozKIEuWWi2H>=)UJXJ2(UAaLUYR+nk+{B_TnD=4=Vv&OHRfuDkeUpUR zdqa0Ms&-LipkcfGBBlGyzW!gLtH>43$(NZ5lWcZC3aqFyO zg4x*Ey@mInT1Bun;{DzgH(1LJf2dK-hH?yBb4YtlpPnTWEkSQIM)flF1}GZAvG>>C5j@qV-YdR-HTur{+*H+dQqnLdRT@ zK0;8<*neVZsry+LH!2f&Vx0|=HQis#iH-R9#-FY7<>IyYkX=|;fbM| z*ZrdhZOswq@3+x--GR6K{@G8zER>wK0HL0kTNjyEWb0a%RY+GSzKbhgvKBiheaj*t zIO_rJSLZ_DroSn=@5R>o>5>YEcBYL_($?p#ss4XC{o@AM*Gy}!9de0lJzimOhpk(U zdR&`8pHA9WZe;%wO7QW-t<9}pi=yhwg*n#pmpv-40DVp+%}oCTY72-3OX(HEi1#44{ z7|$M^(0AhH8|n&KeW%aakc#cO$eR7W%FDW03u7@KmfGydef1cC)FZO>INx+n))(sE zSL}|6OXd7Zc3#A-MFXnDb!{)5K^lo;Ai+6))%W7`V6Ba-@#q^cjh}m-&9>Y^EH8C2 zc#&%NB9(^-8?AVJ_e;80n-d(~R^dF6G0cm) z23=9!PNchUaaKvkzMXqG(Y|?IPN#BKQcEoA`nRg<((^$stpx9R?>~xN$-e5qwo5(K zZZ(Nd1@C#EoPPM=+=DpB&)rrnDW#(+6B(nUKh}HJYcpH|LPFHJ;7UChyRq2XNNe&E zhdsc*0$5~0BPVAf1eAHVm!gd9j^|lI_&nnu_$*yx&6e*^ft`t7^EFig${}%vT5q+4 z#oWsZf4J?)I2b$2E`^x>;9RhJnwJ}sJ6E^0e*?FjDxe~8%2+FaKd{@{iSJQsu7rK$ z#HLo|(`|L4COIi-4T^0DgZVa#3}ZZ61nQyhN@zkoUEcPuD^v=Xja7bH>I(<#m1cTc z8%V60l+>sep+PUbPx^bZD;`aD81!4l$bsh+y8d|0 zHp_z^Nbs<`p}%6fVMwuW=p4>}d@g19HnIvb-Swy)i>L~tzAr9Sdhx-y;GL92=(1HqP`>QXb-Wb<0>P z5WC1p?hRj(PU_Ulo8qn`?bN5=kl5LZSmZ|YoBpV~$Q5x~w+&L%e31!LE&02`nW2Xn zmXZfU_a5ly>R{+LKI@x`&fnzE+&ysc$mv4IL%b8)>m(wNKp0Ym>%I%DH|hIxEI`@< z)1|E8zV5+|`@dWW)&2i7 z@C;Hu9s(9mQMs6Hb+AQIqA`~wd0kg>&oJ01Q=7t@VdL{#=+VI|b2_*%Zt%J_jhm>J z3#xMM&rY~(nnz-U`x@VVgv*eUvinD9`FY{a{pH?vRSgE$8+4HtU4@MwF8GnW3XcW^ z7xi9^Zk&n`9%pp6fWgCo8J(fKHC>_Mb2T8^;VI+lT^=xK9bT0g6_v~##QEv)7!pJW z!Mip4QO}HzAC73TPYt(PdZVOGeD#`AyFjZ@v^G{u(F%8Rcm64XYs`a+7gOe<++T(8 z?ymXHKrRA#Sd-?H=+U#+IVG<|5kQ#>!2>rXZcH(-eJz6XtTi@!-L1fl=}Qf{~>q6_^(5R(R~C(F`nK3+Plc{|hLg&pDD_7pISrZE2ex}+>b}v zSHRyBNjZ}laiReogGxkwn8D+9vTM9y18TI{Oc>AUB#@f>?Dm13JSqNZQa}$6v7P6O z*Dys*+8h{hmiDZrmo?(yjCJk2O$gw65!q+Ceu1hTu!bi2^7Hvvi>8 zAt{NultXE7`H#K%i(MG=5-6Fl&Me~y_{DP4;O}q9iFh1N7C1#zpA)rXoJ#LO{+!#) z(ebUsw#Qn5W={XVld<~{Z%<)jG)zH1*!1;(TB*Nm@tov;yEhEMH+V%0`p@l4P6?(%&-U>L=guW#@FUt1xEl!oo-I4;hb5 z{6qIW1tpMMxHR65%PNRB+>IMOg~^J_!5A*>?;jwdK8a)7Mdr4i)<1s5QYlOWoVS!K zbuP)SVSaACg@fSuZ`t5Gq-{7F9Ve*AFyk+EeYxh%sz363wl-PNG~2vDDA2 z(K0x!Koa28im3TPDKVOkAmNJ5f6ZGJ|4=#H4G!b9sGI|n%u|Vj)f^XByTZieEn!k@ zCu)nk255nnk<^#18OfJ)HgRFhVK`5MWRjCxtrIQ^DgvZ?8bhoWC-LLIH~a4k@e0(k za~{O+XPL;JKy52!LhSU?SB~MJbilf+QRV~aN137nYMyb|(&*hJRfGNe3+*MtouZfn z22x|5?@;3FHc*mG(Nl$!V>@o9-Z>I(c(EFJ^r6m3=<{F4pnKIJt!6x*pGZG=Tnj`n z7aI?`T4HQ{!cFa?-}=?utkz>6_UxTX$VD99HYtb9c=8`YJ!zQ86h3Kn8r*C1bWeeX zcmpl|1B(?Hb8UjD+{f*PYYD>({1Vm}ciFp=(afUBi!W~!|3&3vP}hb=mK`bT zfY0GccssE%cVrfUX{l zrI0J)rId*K7;oiEWmOa=)My}xoxeP`RnC9>4=G9115jwhY@L8S>^;bMcw&ENrDYiT zl}*0Nea?Otskycw_f^$=;M?TgKqw_yC3E?08X{~NxE}^i2|V(D2SIV#tCV|uZO(|>4Z--TzJ}vF%Hl#GxKA5TS!-*if85-uElD-J*%J0a$0PLk+JCW@7+Hx`dSuFYI^{Xq9y8`% zaC^2l{bOG{#!Mua<2{%+`m?_PzS7~tt#4jI8YJj6M^u@Ppv}{fpHy?!gQg6S zDKqRzw$2^?cA8J-CN}Z&{)s{3x6olNX%f9 z$@;J%OU0q#0P~%8UPf-g)>JBFzz=h!b6;_J;qN}s@S9~@q1$<$8IwY^QzR~@=rFM^ z_g>y3H+LIPx73LZo$$4{p#|qf&j&V#Fs%u4U)i?%)8<6jFHhfGct}WOMyY-+ziK(T zRM&QVFJuT^FaN_7ue=PClq-5_(E$-w)t8G6B@K&9eVpZkRevvMGd&YU3;=->CC@d` zeO6u1sKy{TTURUV11v(9EOq=!Ez)IFJTJ`XwX^w5Z!9BxX1@waxp=NszJl<{bt(}h z7bXwQP$y1~k+i+sVuCk}3928M+J;7@yhHC~bczc-W->4l@88Ta;Uhb7NjCVWA=g8n z6B6kShTb#jIF<09b~uzA)G5`?MA6)`0PTi-X7nH2!e*w;$vx;P;=q6Ewm&hYo*6@$ zLxq!p(rE^Snq7>}lXQuY7uFE!isfpo1X=s-ydmC*cUWev+Q%c%#t(2EX>woUd!FF# zn6h!f{&)htnlPn$Gtd9(6^x>g|4V{|O1V4)3$d4X`UsmAIuYus4gd%av9br}t{F|0?Q$iT|bptxD z!gpa)7EAM#-754kmzCuu++jH--^K$nWeujq%4Q`xl!IyvHS95ZGf-JyhoY+t`^Jmrti&mMwNaE;_b;J;tRR)ZVUPZ`KzB1Md3VI|gS9wrBFWmK z%0kkPH@9&2yJ!45|A2m(rN9yvzcut}lpA4MargWeS|_=1kuzhnb7G17bV@ zCM%C{)IrAOWrCidp{n)wve@>}iclRVC%kJ5Bb2SUp(8LW<3ndd4HF@J6;{2|p zaq(5_Lg^r4?=nifVcgqx&J>ru1R`_)7g8b`lHomJ4M3Z`PObc9LbU-!S3yLJFI9QQ z<r9W8(ri1ViS>-|c1SmHffqgmRfT0;+hDzn^G z#G~v*ub*N2l^Db@UJuT`-+S%H(kL@nHa_0JI}J*Dn6W)r&fMEf?E)AE9<$2T{PR?8z(YNF`{Noz8H zC3rsNaR1JxKP=h~qfT6k9mso8+B?Tt*k6BJ090s9MSl9`$fv=_JiJBC4P_|DZo~7* ziGEbpCdf6X*B`21d;9iELD2^a3pVkS$K~AK0PJ0igfcK+{LIjTk&5zn*3RzwyKTXFze{!y zIowbyZ7{G0i{aqL-C2JPt6b;4{Mn1EL-sW&*l<*#R+Cl}1kRTCbCKg$UmZAfJmKpr z_ld=aowqU%c_<5*4&+X1v*;F}Dcgas2~%ObUXstV&3xkD+$zQy4Va|(yI2;ulNL?K zO~&AM<22L!C83)}Kl0V{q=oAY$$X%2$WNBf(nMQ+%r?ZqTH5RP7ytas6B4rWHvAWa zI!h)!8`n$YcwBr|SSX^&IURq)xuGCnbIddk#Ot*ZUeX9aksM8nOc1#(i#&)TM> zRnEgMvn=Onz^*1f+dc!@1$WmuZ{sQo^j|V|8!p+u?o0}J@8Ph&`Neq6xWjk+g^;%) z@?J<0@+g=9E++K6w=xXF9Zqwb!e(5K?zi4x4r_VnP(zup~sqw!8ddXUb0 zx;sDZTG~cUtENAPf?ggJi6$uVE*7fc&qps`Qg)+d^G`lBzW7{fO~pN(dBX7Nk|psL zIgdq;Mx#67!#+h<+gm^xo~-QT7c9GFSWFErhWoT)-JS^6eJMzJp+2hOyVIQnCSEo< ztQQ)JqBcR}dX6157_ZPy{`N=2Se>jJFFmbVrAayQp)#027p{wJmN$wkvu#jywNE|k zF;SiodiSyNw1SvMSBPF7u?6JdzXl$DA_Fa*oxVwe*>ae*bgbW}R2<-K6l*}!s;!Go zbt+pCYnInfxV0oS8z6^i0{B&0`*rl=hw>>cm>1-Z)}2 z-Km-2gaNdfRtY|UG}2rhCd9j<;|%zvzC96(Yib;80O_{EGkf~s0BxULC+mPi%T0Uf zd%ot702jf!U~rIhAd+|rZq4g4@Sw$Psv4#)`8`>&TvwMm@NLO!E3lVX`heZ?fM7b- z>-0sJrKs@#vj7StK%5RCCbMZ#)0FzE_KIyCMGmar!1#bwac66cO@6Xv5D{h7vdfxm z^cnIc<<#BH+|l_4LOT(AP6bkX!YhoEN&oS{O7}WfVtu%rmr(Mp(2=8~+&9)anCi)A>=alcP;Au5)#n-Z8=8)WERgQD6^mRAVlV#$&cii7+ z@MhB=vP{fK6F^mWiip z)D7sAjWzE=y`L+9xE|bM0MiYoeRm@&en?^hzK zr-enmYK`Hb6`DA%8a2;CnND9?eqqpx)I@Z3nb7ZvCb+6h;c{r}jT`uYzSRqRZ)FR? z9U%C6y!z)@UFo~b-@}JK>e@^6+1rPWsN!~(cz9I$oe~IYWwb;U$nwmrJV$g+W$Gfa zgIXU-f7w=x1y=l}0!j6@hJ;7R@AdrUNYCIbnQH7W+g@?oW)uKA!FMRMVf9DwH+Di~x`NpC>SN@NLKYbMueF z*R+KC3QGKQuoLT?jbnr)UB64ry*?kS#ubjP%jzmU`VV_|pEEk&cHX`GNr8xGyt9p^ zic;}f)-lNCk$L7RQe}MAURkNXaY`=2$)Hx?f+Wf5unJR__Id#yux2rv?GKwn*0!=< zEq;<}sSx2yc}Uf|!tK&6rsLFOVs(W!Q!O$WM|_B@?L~G{B)p{5PQZJhXlrKlAD1xz z(^d-4_6UkTPO%g872l7*znj5xg*3NHkyFTmy^2fefyw*>n$ODs4G}x9>fFnurFL>& zIc{T3T59s@<)i0+BG(B&$t#3%cIalGo|t!Uk`G1Gj~u#9qH4?xy*%pYHFdt=ZtG}3V|CB% zC2BNG?>1Zx`MY^A49_&c3POdBjUW4>x|>=os~`zYJRb$+zq30kPqqvndz~e_)<7G8&`(>^mtI^_*&{%D-@`V9vt-YFx1f+n^+TM z?LP^{?Mb)v=6ZwJqQz~&d3yQ_;nak=@7Bvqa}315A;Hcnucj&jff`13mj zR*%rpW~Vm`OI2TvK2toYWXJ$0}vKlW4wj>20c-aWpq@k#Dfw36mLj3 z*BI3E!nY^hu6}OWvcJ@H+IryqzSil5U)o?*4`?4)k9Q=JFu0+?|G#4RK`jA!syC}H z6rIe+DPI_fMQl}5d>Cbx0n__Ks&^7YILjCE$**=+-s^;lY*NoJ*tEY#Xw+b50K46; z#Ma!+3m}a#pr6l{11h!tqo6?WyGWzK$Hbjoh_3=YRB->3zoS zhV^ir89NLIUs!ZMZ>>RWoz?1g@qg{8G@ob9(6f9lsslZY<8A?R=AwckU!Ithe6Hv= zaFhBk0$6Gld{N2uscF75k=wuW@+MdqyTzjF((Bhmh&t?dm*%xukj9iqqu1Xuup|sC z!nu6SI^ol8 z;~Y)`0kw$j!=1_X-pRX3xVGkDJ-2ew@Gw1Um6pEkxT}bKs=>-X8DD4vIAz4^qlM;KaeLO+B+B3n7xLT=W<-2!^ z6vwkD#rJn(D&oFMt-hwdZ$9ryFF4L>J}#>nDhPyHeWxLd48$johnpgC4Ds$f%!z`!4qY zaVqqX!h&!+VGUeiA}Wqo6|an2Ofox9$?L!$2CzSCQr63#6)R`wdXV;2?&kY0x4N`{ z3yqzS7Atv}z9QrUUG*$e_D%X;t#2jgckmwj)Ed6*?b3Mm7h=p**(YUeS#H}}&5cxU z^>{3W9gkV~w;Q)5H-grWXFmSCl`u4)9iNW-E{DQo){0PY1 zWaXYtOOkz`G0xeB!#u)B7tOBgrps4-%GDBT4sG2B0$+& z9zG=;Dq;sU5k`OIZ$)gi-STa0HrrTg+OxFU_Z??_u?nnNAchg9>Uc9^Lw6JjCyhpq z7>$S3YZ|;xDX|lANnK}+DjP3&OcfT%C@VhONI-7Z8d0TpwxakGS>#s5K;nOM8De;& zn%)F?W%~khh%!)pWP)5%&i)>zR5WS(nBmP3QIyP6Sk)fSSH!UJ%o0Y_-&p!u?ClvkMiX#xx%f|DJMdasJ~OnHt77*y zaaZQbz1rgXsuEXJJlM(%m^O5)xNiaPtZ}KTsy2@upNHJz`O5!dRjWYBR(g;AxZr+dw+~Q?kHW@ z$at%>jtT%iybRJQ229LgC|-xX!r86t(2(SSs=U7C~pnvZ$* z|6Fw?uA5C^Z8at~4C>5PZ^ehkTy|~kX&kz<-MFysg=t)eUbt&~t)O4#aSG+`is|?d zr}FnSg+gBow(Z5LJihTJr^B~-TP3|!_X#}CX|m6oc1vM4ieL@scqdO@!WZJITF#+M zWIzH2Qijt|t@@ckR~f+%E7#1T5VBtLLvBot+!(&F+-2bVZ@B{jt1Z0lzaJzO_^uBr z2I`-fd{{6_07ZeE)?W}@qA9iFX^(K+-K&dQ;b>!b^h2H;fiNYtV9$3{H*@0taBUGb50+6s5@ zKVTLaXo;fmRxVvc`~_Y0Zi3#sopMeuWUkxBGwVhAtXat9JwkQtDy%j|W?=VR{=`~p zov()H*)C+6M_cN`s`Js4NRm*>#B-1MWg&5kG{w3kWiR0v1C8&IxBrYtj0zn$`=J9j zmE5qkh(mO3KS}z)1gWFk-K77@hqC3m%{L-}=(Eav;yvaj#Xq8l^X3Q6X>PiW1d#Tg zf1$X~Q`TCzx36KIzZRLpIA!^&2bC&7Y*k(nlDpk|l!XF09jn?kEvqLpw87~wwzqVs zOCi}F2G+=1|C^poTw7-!Vr53A9L87V9*g5%u@FzUA8(F9J)$J9+tqx+2g-(VmKWrg z)w44nY^zT%=r_6ir)4Bjy}RfJST}z`5p3}l(7qyE-#$2-?g=&*I7w7jbIED4e5AYv z3!1SC1p8N)iV2HD?HX7{B7w)o$Z{ln7lE84eVRs6=887n7X4F;G|u+7$fWH?swIy# zCntDL@m~Xc;E>R@KJFs*e>5P)m$Q%m(L<8C8&6Y}J&dfXBv-C-O%kPgNue)K889qK3MEafbTxu!PED75l+~q z2|})Z4FC>tB4oRb6g@&hfO_ukQ)xgIWtXu6Uek>$;zHXV8r)myPWKd1owvu-lcH&r|CECV5q%q$eMe@T0?DR z%>|4fGz#p2YIyd+*(UsrdW0@6c@Jh6#X?^!0g1tEA$r|=uab-d&A&vAwW0W-A={5VRu-U=s7hnn zSYCn0gnrHZxnIE^dnc{Bpc$oK6>nG+79EJ~2^Mh(DYjckvxUA%f#i|o<`$}SBkBxl zIrgcKKY7r9p?szPN*7ZdfNPr5O+af!$*~rDCiR&OE;`a{inpR|^YXA1H8$sHJ@uv> zKpTd~*`h)&sLSoCl{p;|Vr<_@_A8|oIF_c2q8MTw_)Czmuhs-$Kxp;)?WLu~3y(O{ zk3?8~1}&w8c+G%h;II6eeQchxJhTm^-1^ ze&5Su^#NbHDOFFoJd7hh#oXJEDUXOBnM+)~Ou3NF&YurMR}y@Ai0}a#Q#=&Po9a6l zxD1))zJu;PaQAADY1uRv?yI>*^HubXgDyV_MvM6FEm<<7_%m(y2UJxi)o^7!%_TZ2 z?1`eMntBsjGuiFchr%FZkpQO6Zm|Yx=w^S9%KJKprz}P5XTkg>Kg`_j6Pt1%h%^vu z%8$$no}MuM2zf0mB<`V>_=BE0JTY9ocv>|$%V$j9i{tv|@j%;AbxO5e?8QN4Os^QO z#B96*t3&)V|CVo6c{9%k9pO+H#P+hOGXt14s$HQ(no=PGw+hc&ZmUArKhs^1sH8F*+9umXZ$GBV4^2iv@e`eDIliYn4&#o*wS!i0DMu5zdqnL?Y?H5CcLF89-0^-q-vsh9P`vw3T#W zaRRuT!VZK=kU0f$HV1o3S56zdVsG{TuRU& ze2IiPKix>@oX^|Xp%Rd|3xUV;n)iu!KfCkT`2TROARyE2DrM7dB=IoX?S%cybngA1 zB5^f|2Qv}kk#ph1zry0G#_P)%o!6^?*Ii!8mkI`q>C(SUv(OoZ08c(Inn@Kb`|3=$ z6PFueY06pw^>J5XReP~#Ql*NdK0kAjDE0&SjjLe(XiqPh2!-suVDa~XjYF97M9V|& z&iW#7`5L%mp@4w0az66^WAClQqU_f2Q9%JE)K3~jL`pzHVCXXF?i@loh7M@~5$UcW z6(k1fp&OJQdKfySTXJZAFW=th>~HV=>2>}%*SXFg`=7Z6X3ebkUGG}=^Q`B2)_qSg zGp{{Os#(2U?L6&_6Io3t1Hpqcli^Bvy?N)H!=uJc zVpJ*=ntz7AGg&K*49kLAD{s9dzMp@j%_DvBGQaS07D9d3gHu~EB5_fx&kQ`SpgQBu zysoF&2yFB7yz>`cov7yitR;!($zPMEIa&8upIL#m&Q&xwV^vB-{PR$c(IS3 z4Fs^rhy&#fq*NOF(SYRmB>8?g<~PaljVP-+waP{Gj@9ILp_MN2ijP_2bo=b4cXC8< z%z0ztik+GG6k+xxiZjEizsu~X_VZbh9GdJ)gYO|KdQ^TrIk_s~Tp-3)H-w^imI*Ao z!d8l&KRWI{qKQ0oH_%Z_XK6cZ$`jfX{)Y|vM^;MB$ItQJl$uY>@xz?64qhLt_9ySe z)bD@9n^FthdP4~dddF^0aFZ8l+%qn7>;6y7fAq#-zmSL!{Oj*Le%E|T_;d>U`>8Ie z>_2wxf6mUodFgyCHpg)Dt^v)T;oztZ%*Kp(z1h2ak$_!%ssu<9XwJEoSzSBHe|pM) z=A&b7$2HPi$&}G-2vQP2L`g`uraKCA3_8pm{iZuL9H0@>h`l`gmzRC}aTFouEnCMoywTFX=`Qas&C;XW4*6pdqZ?;cjf76{370^iSe-r9|6YBrH31y`j6mCN4Bx?w;{no@AIqF*8 zvI6*YE%#nZ{1sLIvV#0#ZW9UGJ6(0o%9K4?&R@o4giP~T`?W;~vTRr;-}h6ROP1Wm z7v&85#fo1{1z>S$ijB7IcT-&*3z+Ii;U3q2K>yzYs94_}06S~I693F<|2=lXZ~^Ru zc_wWA!w34yo%{>8{89-4>~yLN!>9e*p8mWQF?C`9JJr$8CIf$QYuDJu&j?`WiYqz! zZ!DW1j2XaA*tT{h-oLKlzuq}20I=A%#reyTyzWk29cZLJT@J9>{(3lpAqTK?($wT1 z0j2-y>CYz(g8_|TwdUi1nD*a}Y}v)?tZw9 zQpYo`#tAutl2$o`>ejE|s>{)o4Ox-w*$+9|0TX70;-{#*>kZWUf;dxGT2mMO=8=mbMFj4 z|5VFjvIvBt)&X~>{<%Xst3IPR*7`^p=*ea$6r^e`K2nx(ku(v#^SLJvmH{xdSzbB} z6O;4W0SZxOqp7n9)B*!Q_3X>G0H?p$YcF8q01H$oCO2pl9viB3za~DXDYl(9fuv0E zN6q3czd8K-v3w^siW$#iA8Q_P7v~6KNrCD~{eD+|uQ&RpP6}xU0wk+Z)aB6zEa}g; zh{P;WIq{y5A!AynL3Q5A30_muCsT$2AG$Kb69m@_9F_wVC7?{AiY(05UVwM@_Z=#U zV{uA~1JyC;3Anh-!1APaPj5DVPj4!HfgIkXo(?+UP=3~x0E~#ncCms^dvJr;<&PUM zoqAzT>V_wK#LLNvGjd%%){|j6k+x~_s6MLc&^! zYb$zrxsF=S$Lwzx{PhyZ^uSf?ZkA`A+>tDhaEb9;tSNOu?DS~Ri}qKvIr(avGW6+N z-QAh(4!1KsgA96Ecb7=Kb_~QDey_Z`T#236ddOl?km( zqXjDMV)c4+v)bu`$bY$%@)|MYIql1h?!&dMQbh3rc;<_As=dOKD-8qJ#<=^D^=l)~ z`p>!T-1&kjZH)s2pb|ZWmH~q0iC?*gx4fEIb&`j8BXS1eGPC{qW+a6l*)#1lnkox+ zv(|jhFYa;Kjav~gsJ7Ks^qN)jMCGW8a)m-fa>u;BFR}8glH44(l_Uv$6Y~tKkxaNx zF7+U591ffp$?eHxJx%U!eEQJDa`0>LxNnBAT#ze7PG29)Wxg%6pG?pmMj>3Ov~MM7 zC)x>zOm`nlWJ_|A;@;0sh#bJy#8U==>Q9_qjj)%i@f zW>iSfHA1^lpi~6QmB((jleIXXpthdN(r2@*YHMf=Ugf>fEeGq9Ge#Qh#+xDsW%El3s-N1c7VD?; zTgh*7fVTTWLi{!JX2b@;Q74=85 zuQyarDv#_PH@?LT=N)^@-xl))>r9sxT~VQny;JMWX;JRFrE@K5u;?%fmo|24i(g@E zLJ4u1^?_J43uW%S&pQEy4_goZpoc!AXS)9*fM;W~=F?%G-J^_yY5v^1ve*!A1WcWW z`ea2JAd2gaCrvZb;jvpcci3^U`MI*4QY42B(I~D2O)ax>uxOHuNK86R`YrpHKR|r{ z(wllU-y0k0@Pe|?`Xq$d_UyuWy3Um|G1W8Vs`Ec~z5hZ*u|F{L)s;h%s)d>~xXc4$s$xMpaP&ABYYLvrJve5cx=0vetI*cdWokiYAwpcIdY+ z{W)x$vwb?t0LAP8n_aPd3MDetQm?p@yiD3DHa{oI;KPh;8P)tbexiaHsIih_fW0P4 zIyRRfsHy}JLgjsYxn1s05-GCl@9z1H(JY=|%DEgPG!!7c1O#q6;g$`bYL1H;Q><-k zQ1XK3?R8Ui%hPtn(^Egw(4uA{7hZ76h_kHbQ2%5_p|cS3-NDYdxd^LO{HEitCibhb z(OHPLNYRZPOQV}0^EA$08>^e5RvugJ^Q6#){%St*0pR>JuI0FlYA%9<^j_0r7pIUN7iu#fZi z-Vb07Ec|4&7bM1gynock-H=Zw@UR(z`SDj9$U3!ZKoIj6yl_Msh`VBl`%BJpzfWZg zS%cSrM2|Wa*&&FFCXcB+ngI9Y01@UtareT;$!c(G*jb)KhMJE z9%>Qgnq(aCqCY&%dUR2>}auhD++jnjNQFMR;d>E4Ov3{Na1Lr8{GMb(b(S3aWOXDnt& zI3<==dR0pV#KxC%8gj(}EBq15T+dw!(gf_f4fX_TvBozE&B*@Kpw2CPm<3F6vGHJ7 zbhW=-5xua}1A(Nv6lutJBrOk3*eapqVLC!wHieHf;;8AvH3t}=2}OFwIqZ7#R%p6C zgC69K5Czf;y`im-Y(f2NSQ8Tz&m*VZRJ(7ji?-vK9t1{o;9OofcXLA(*X~gcC+^o3eJ$ zVFkYK@QJBWqP-rdpj*1KuaJx+wa>enAGLydKN&=qSN(Z#r%YrFyoF~#(Lr z=x~9$L6}RHkEhh%`$K>=N(P2&PGVfc=p?uDC`8}N_G@wB*3bmD0>u(i=7`YPm@h}t z$B+@cZ_G+L@*E5)gnp=0q(n}2l?Sf61c*hA66XNS%hk&xBVo|d0tzk}ssOX0oOAvA zL@)^LbEt;&j;C$v#BTjr>!l@%um4`{jlQv2T%5Ntgx~Oq+yvi{wB(UtU|EbzY1YCG z=ifL@Hrz|GYf4E?eLajSNF2*J+&T+1&xku`d$`&l9l6-SdWL>pT+jdHq=xV2u+IhS z*5Vcf@i;?4cwS00X>X?F#l@oeVdBE@$4E&EgAIv`!Sj{I6a@RQZ#hP8@N$--4d2&JuA7ktw8LQi=l4#6fQg`N(kxbxt87UOm3F1W@TjaB?1^J@a!EzCt8&BEvD>yI28w5*s36(nix|_M)=0C{uw+$;JWI?;eLCN%=9rUTg2h+ znEAbO=}6n3VP+4H0v#SpA8th?Nw zwcFr7@!a6NY%DA}T8AaG2r^_d*31Lt=DFZ7PhK;(p3Gb0V%7BC98p>Po)cWIg12Rk z?LGZWuW>@?LjDDzaw#5rd*_g?~0CL0QA~zU0}S7N`3PK zEn3U)ZKQVs9}qU-CpAbpFRI5`X4f)-@>;)9bIQv;0TectmV;OHUD%g=2S_e@jc~S2 zt!LnFDdp1r;a^`UT65&r^F|*2Dx86odAzITO+UE^spENG=WMsG-=NFenIw4lVqv%& z84P77*cj!+?R}cREXQq;wVML(uAh4TLe=5|aw9im%Ro}P!uzxLu*KBgxr^QXgQl!C z+1Tzkf->co>q0v_`y@&IjpqW=_U+OgbU~n!J|1wTiRF`bD3~c8s#mM~RtpZ6+kuY3 z+KOdUtvIU8o7ZJ6?l$~eAqyL|j~=&gmP90I1?(DdvbV9@B@W@r^L0%6l^MO^cSw8v z)UqJdTp|Q;`E*d3Us82;v&8KAyO73=8j~+6HZB9s+Iq8(VZ!C^XA%yfauK>lDQYPh zvx~{6{kw>4MCpbW;qYvy*JM33=5%0ckPry#i4s;e?#pZ982%bI8P0NB|eWQPGdm^N4U?|1>#WV6YRe z%J?)(aiNhl4~y&E&OBKn92bZF-ng$6Cp9CLXSHs*KM1fPvF<-wCVQKcTl=A+eTCY+6Rk&%mb8iJTFl zW2M66^U)qXY90f5S?-{m%+Q@IiI%j0vkLB6#AVyL?aJ2Fvwol!Cl7hVWp;xKJ*iT@ zAR({kWa(38XZGwcfN6)8ft^G0V0HkMI|@?c@qp`*SQ6G(dj6}?MZZ0nKAAP)u@TB%xwwknf4^^$(KkbnN0)TRnw%}eW z*SCwL26fBdfL*Nh5mi~JrO{cu@~QDj$l+)QqQI_U$6sb^0?r8>-RE+feH(Z(HA-@N z-eV`X&`y~&?K;tZq+A}|6LeXBzI>batIjJ`-xH+GR71f=&vH(afeGNEQ0;eh7R$9^ zA0qVYc1&ES9X1x>c8%y#%H?~%+F<}0BVf};3E7q<^x-`lr(kyHvCj&@7uFedE9S$+ zdZ`cP;Qhi71{IjBlr`pc55;!rbp_)>)rO^zIhJNOnUjam<%!8#kaCDfd%4+`!2WRk zQfc`!a83KtNpmAB*e7MA0CGC1BYZ*2syQy6q}g;K>`LxH+w(^7M?z2a=B-EGKd?xT zI}3DCKq$!k8s)PbWULgn00`r~4nJ7q7D6@%5Pq-F_Qm#VfQs~U&1rj0KA2n(@w=M2 zJxYXdm7XPq-9RT67`S0dO6T#M0gpIzayjm);VH_vKgpWyq99*2w-RsWq4zO{M6rd( z+9A3Zpq}`gb@HoF>SLvL%=of=Zb%j;OQbibr&p_b=#Yi5YIoWq@+435xzT2?n z1Wnym6z6zc{%|jnch=af|3X-sP?E4yZ(kvaZ#?y)ssIrwdJ)5!A@a3U{*-v}lfBaG zvo7D_B~uv|jUu@Bke=Q37GJkGLvKf?9ndjCfU2gf)dU&kL@$J36{u5j_s7b_xyqGS zBFwhyPb6OC>&f;DIhq%lCZGQ*t;d9!Jc%ot41Xi~OsBCu??_rY<}`!}Rw*Z)kYbs> zR2i9Wb6VO34_kF3E~Oe2`pMtW{DWQ=r7Oy_h60WkBW+KNy8E})k0*PLmoG(TSH*uB zD97myzBW>3oFkc7LzmJ!j{qDjaivx{taj1V0#QpP1{X&3LfvUsNSMuLo zxYQp&KB2V*=Xbqj{{M2AGF`tHLP4~^5&@K;j@ijV|HBdg*Pmj-k z>u?=epr*~{FegEI&0nM0lcNIpBl)itMgL_>%82sR3lb~`GX3(Of$U^PItX5*JVW!u z{%ZdS_&8!;NR)UvWE0s6xu=`sp4u;*mFJHPncV%a-~Nkv>wGEJlF~iIDpz`w*BVt+ z$erBZ3YGp#ga0zBeqoqa4D#_BBR{mnbKl_DY82|I54xLO{FjsUm&~tNGTzg-s)PAs zeksTTO-<)?ZPDKu45ekvcp7Y#&E{~Z4DD}j7|4FhXL5cM3!$pc$KR?`uej;A^_xNU z3n9(Je;x%~Gjn?Q!(XO{u0K#$1snn7RIv^5Z?1DO6G)gpoU%0eohJaxxz4KB7>qOj zX0CO#Vv{Q3sqxVIC3z zZdHI___N=YX&`|{svtCrZlG8n-q-7eFW#+xqkOY4>2Is`{JNQy>dMT*ylA2n<^UaB z-dUeBNH?m%6Me0>tr)SwD?asqaRH=onueSlq6}g)KqUyC$)t%2{zX+K=5ZXXM}W|_ zZF?BGF`zpQS?^ih-x-er?Wg-Ne zSLY%s;-dfF=gq{t_4Iqu4QCB)0YCJNXa6;W4HKR_a1Ijj0*5N@p<4%)TN1#XLwBNm z6HuDv1~zcAVdDEej-vsFSHUvkjocGH0t zr|jDZmI2=QXGAutO11!(DN~9!z#N~VYu5lWefal2ciwFbs7%3amupUnz*}m~=}Z>o z06}UB6jWp4&W9A5v@UKK0`hlYfV*^R5jR8_5O>V+y}D$JdJeFuHYG8mizuW75>A0* zERTH89m?N)4`Hqfx4Hi}%S;SO(m77Sy9RB}pQsBhe3iM5dww>1#RhjU+Ja)-#3njz z6o`C_o_0fok#phx@!rhppyfuxTz2i+#xtS+Xde z6zW##+ifUT&2@X>UjUKDz%uV<44kC$ev!$MLR}Q{o8@@f7k5Cts6c!`f=p3p_jNmk z6pfbYOqG!cs-whC#uku*mjJ~HxNX}AxNcei5&*FdE`X@L%SC8@*UQ5@aHNKAG63aY z(#(PCujT!IQC@+&R|mPGU($-0eRcs=T5?cVE?q95pBwMN)pU7kUDY&_k#c&*9GMOE zp7p(I&_(8?*jhnB)*6orO#jJa^REF=^Ylx_o62im+v{QH1$1r0wSgb1SxV5oJ)?Hk zR?X2Iuc>d@C$RB#k(4pGqYnCuWjZB{^#>z7PPEGal zUgfl_Zq}TEp3(-uTF!gDmSQXbY3=2#ND)p+YH#Pw=eZ2)`fum4fPAtQ>a~GmyA@~V zJEW$8_fn;6C~M`@*yeD|Sin$%z_rdyRn6h2AwxcD6NUik5R|M9Nm63daz zJ`3}UdAfW1X4S0E@~5CjjxSPD>>BwiGc7OniS+~6Z;z<HkRef5Q&gOq8?5ynXKz#u+4ZxnPf(tEUd|Jn({K>p(`Kbo5CHLXkO<&T__cyN1zJ18b<& z%v+7`WWu_bK6lWZ|6+mq%D&|Vave8Tz`qFqZ}5G#htzi!q1;{Pz-fGLs~;?2mHV5$ zT>Z`!(q8k05i3~{0?eif-sou*6%G^azUb4(d96bnC#@s)dQ&C1!AR0h7ZlhWu(MRW z!7M_f&mCItFjg}}zhUgA)`l(|0x-mh(sPpE{NeKG#K%sp^U-!>j6g@xQ-su3TN8k( zOtX!^VcMc`T2U1QXniU6XiHU5*i=o|9H8R%f$!H}U7m$o{lNqn|9+wKpKaShxBI^@ z;=78iEL~m9UR^763zL6UfBecX(>dRu$)~H>xk%)6HLI(C{#}GiMmhj0S^I_6(u$WG z)kuLEfSUVdIm^{GeO&=fzM-k!P)&{#l2M-5ea~bc5I(NmU%f!jq77=?PG*2*XSPvT zr9kdGVVPT_L-*(1k8Q#I047Qm6RLZ^K|PBn3b~t*AO6U?~Hnk zmF6rw2-3dya8*ckR?6!0KyIYyN zAKYrh; zTZ&O-RK+mi4pdCusI%DDn_yf?b4$mw4Sa#w^l(W#Fy13Zh%MjjU1LA+MK7HrKuRn_ z#gKL1VraK;Lcn1S(34>17D#DzOQU7X@G9d62-SzNA#g(^Lp8uV+zV(L+7Qu6C(3x% zGvAMvSF!KR9pXDPHQ9fZSY^RVYM|P}uDCJ;u!yEVfDgLusWoxQzz#DXXZFpn)~qsg zUS*jwMP)8ecAhQf>J>ekC@ahRBbV*N(&A;+5K&uKuct@1v5YTrF; z?@34%cw#O*Lt)2l%0V)E7!0_V*PbW4+HF!c$uThb@rO@#Enn0;J&>#|tvJg3684@^K`daJ; z=mAm`y}}w3+=9naeu2t4U>&YS5Q5o>etvx>?VXr+l-`$U6VpeI1#;dbj_2MoxZF$p z%)phX=O{h8!R}~8&hQrS)WBO3ODrh|Q%?Og&2BuyEF7>2ZElKF)CL6OW?zGyq7JM#5o1YoS-g8z?3m$;NHD{ELM)pI$BvTwGP{|7?ahH zNm*AlX(FL9%7x_g#9#C7lvOX~B|pW=Rm;oLVIOQI!s3NLyE<^r*;2c@#q6wpIijWt z9}UjX1VOK5?5pIkygzTKeJZp{Bx1C@dL3IS`+{8}7@f;wOJ=;az=wX&#Ru z@P*t{Mdll!woOnpZps@~4!YVMle`5LdFV+_!si*7dggLQ+{k- zrwY=;O!0x`x=Q@#yMAO;f)hb7hpc^Gomb++Onf;xrHh#&uhiaAFd)SQm*P~X4k5$x zye_EFRX|O8r3zZEqGG7qkr|P=x?A9Ky4>T8PsEsS$(I&8m>tnWEHzq6=+>7f5o8sZ zf3LtMrc!m~6YhvhL$GZC=HaUk_zp!AB#?sBJ0T29J!tkg1Zb$g7;~rkam=Q3AMD-} ztb3n33YS&y>lNF?B)9?F4@!_G#jfSbB{j30aTb%IwUpC|K?%s{pC#_q7$eo+L?7oU%^Jzk@f)%KE&B2dnoF0%hT zPuA=~+Ii9({vOI}x9!i%tfi50gZZ}VK9`5VthC}j>@gEmEotG*Na;!tmx0O7NTsFe z-c()*{U%|XV(#U`gZGWIB*Y>4{OKizU`3UJ;*ZW1+UI3z7GL}s3_j*FgpCAAaOeNj z#5!)|P{0VYXyQqR_J^=3W*mMi$HlyGwMfNfRv%d0&vIb?rXq@Ogqv}Gx1+e&2x)se zfC$$<&HHGaslXH1?Sc`s2KVzYr|c)WORaj2n*&4&l4-EUTeDy4XQ)j|V+|O6%Jw=~ zEXRxkGz>x*4$W26R8-{$G3Bv#o$-(B3k<;kcPoE9k=($FMT@C6Rk1+PK}~O zH$>d{s@i-(J-P;Moa&k4%goLiE%h{7wut4JoBbG+k zv5AT1UhiZ!j#>yWidKaNy#4OkSowhNkRCbZIF#*T;HS9>1Ua(-C%l#3OJh`)NM!GH zNOrup+BT8t7rm-K3qKsTm=SPUr$ZHp1Uhf$S*rWqJ+@q!sqn7V_;4oIqbeqSGFaz7 zQx-hht2XRY8}S~{ASp1TA-=6XkpAC3{SvzpJtprP-~fj<=i4j>3$^>78Ou;^dx2{6 z9%@qS0X!7Nm~<`@#s0*?(?zX9E>9kjtgl(3EL3RpxeY&GQrQAqh6;<*6I)5do<3IgE5iL=1#F@X2lsXl1?@~En*hGD36jd+0E z>?W^i+K3Pe2nT3clnQjT0R-t%9XEhKjA{~ATFo;L=@QqU(JfcCY`_&WtZLW zq>08c-$8xo#8FP7oWai#qgg}`0()f%X_msS&R>NxJPOM!DZb|mP-(Ml*tuz|k0hUIT)>5?s@}TCHItqwNavHUR#FSEVXUM;% z@3=zYMwEr^t9cXsQgT`JV)}Ra=HAt2%lEFFQL$FNp(wu9mO_lr*WsQ&p`q^PaN_am zq}N;cp4PCiPL>Jp!oXtSu7XZHY{%Hg&YZH1YT?6tv{Y4o@vw0i!GI#45t4#@;> zef+7}MRv$PK|PgS$5@=yL%qpwsk`kwXpswrW4t?X_;~v5QdbM$Di_N6>ChSvnw%XpJu+p#Qp0_^T#{*VG-eDMYUB%{={)GHgy4TD2%P`jZlP_K{%$_ z^Hs;%^B-IRRqklD=NZkoE$Kqlo&b9l@57b%rLL{?m2E68GB@LHdENf_g+85AA(!A# zxP`5~Y0lDFCng&l2%0dv6+?m8S#)kM%wrC7iAscJQ=x8lNW7ulNqAkcio!; z9lNK)t0d3Z!`pF;__rzDr!6Yl(a)|TI$SMXh*<9$QxvNY51qVnrn<%B z7Y|fCT5ySu`fPgJ&)feZdMxtw?IvG4kKvSVtC&Tay^f!M2H0sgDS|9M-$Y%))V-&K!KCMZR=ZX$9d(mduk`biGoE zaH1-V(~7`h+-r4fm97Tx+|59^H3nN3etgSPF1zxver#?ddyUJl~1w3 zS+I+oVVJ*uZ?ORNbF=UMHpB31`*>gj&*Z_NB+{zUPUE9gPGS>f)(^eDKVFCOjfw7eql^+w|GRhzQ>@JccpF_)^IrOSjbdLWm}+ zZ$Y?gmpfT@`t}sBOmn|5dg_FsyB`tJY!zW(66cq!(MI&R_!N!fU(V2^6 zl;B*tcDX6FED>raWdA{F2I=}x9-MOQEAA+0V%acv_z=Gkf5;!p57a(5Z)t@og#i|_~hy^MqVKsKY{s|K+2&W{(I7}JbX(tIG?KLyWdZglfKaG%%t z#KP7-W++6Oz87hmyJzZoQnTLJeyB{Wl$-v?rox6E(t|aPy70-6<*tb0sr`-xdWK}u zV#Q^~eTAw-tDv-UsF{yNwMwGJewnvc;YVW&XWBEmFP4E5U+I}yUw-D6dDC%z5bt32 zbc%2d8tU0apQxw80IAL$ZVegrIv;!xtig=XiO!x>n60WsRp_o9@D&uTIcH4m91BO7 z$a|z0YzLOwB3&2sdpPwJpO4CaRXv0kheCCTgsS%toLtHRuk9$Uo-Ig`H9EYhsI^_P;cI)f#vuOKq z(?o)?Tj0Uy16f_X*P1S+_Ij^&-K&dFP9Scc&XI>b2A5^F4z(=San->ZWNWyC;Ti(0 z-m@0?4ZgMfANuE8lDMP4W>rw5Rcfst%KTvPVche$ceHP)1N!bQ=o2LMTHMkV zqK*VXykFxL!7G$(xO@vwg=G?@tGdwT$}c&!+|6#-4VbZey zoW1?6bI1DiQ4|B@_L~g%N(I`(b<@z_4uHTs*^1NIZc^%MTkEwzT2cfDxo&-ARfdMwkT6V4xUu=m|mv?Vm@ zNIKn!z!fh?p=f>UXhmS2|Ga>!c8B> zA1!2av(O2-&3dCTj9sz=YCBF(E_jP?_J}8Hl`04phY80p4qIY;H{4Zc&3W@M&UrG- zX-F~fH3ryz5J|(T0IRi<)s5w**kKXPseZ%}dP^R@IOp|^dvw7qvf0Nn>O(&&Cv6L`Lil+qqZt{snyl)B$82*A$YnnyC_8MwHPuUIDXw>HE+T^` zs~|xH;5VhVM3_rwJ59b`UmG;SN!#R#3Z(FnBz-ec54&#y`tY^Zh>ZObAc#LQDgY=X zce?|*0=MM3Y+?cc#!KXf{796XvtkqBXL0&R{N75yB!WEI|g7(G_k?aEi7&-Evn;5_+Oh@&n= zpR($c_B(~lRe*pV#IfM)9-d>macY$Xr0t+ue?REX zXJW;PvY@3paGoTcmb8fzL@gfY(c8??C-gc-(VbzXDSVd_8yfTm#*~}aUOH^Tls{a< zTy+LuIx?{fU=g%wJD&fx zLAmx^$jJSaC$FK_1`zu)EoopD4vYO_`^Rp{7%yAs^?eW z@;p2n+xp#h!1!Ulu%!9vGpcPKzhH3xb$1=p8|`%eS%(g)VPx%Py4XYMFYxT?@9M&) zfFeOIDcwx~fi)h{<-^jy6?r)FPb=om624CtaIt#v<^zfHNj2wYq|>89#i50;+Ml<$ z3$brsIx1MQin*D%TXLu4w6p*@grd#vX9kQSnphwBaV!T!35!+W-gc`|H-H~P<`0==k9z)X2l5XCjq4}+Z`~2k# ze|mq!$+=lZmTtCla=-Vs6PC1$PV~S7ju;|D5%uWG9q$;|TXDm!W3TA=q)!K5`Xw;A z&(|q%)~2w+73&AB>gC)XkANsz5Lm%Xk+5qn3@ZVIdygJkO!yy zk-hH(P}hO?K*AefZx;1CI)IvwYkPJ`Bya=aJ6Yh%Wpr*}FX4o7q+L3xYaKX5- zch)#4L5W1ZFOnjBiTt6(f48ln4yur47ILzYbyAGwM zR2|F=Y__vt%$(Ovb&IZxH&-yb6Yo+7qSm{Dh;cVdnSvwqz3gd5*jme0*p--^8(^|kXo zo9yvq25ZL%g})bBc<}s@b~z_dCPED8=J_~GyP)Dj2O-p5GLM*P?tHV8JN=1qkM4C3 zW5WDp^G#fMwGsaFQST)d18twCVe8M@RH?cDW!ck6$y~r+{t%q#`->Y)S#d< zaM%yjc7WBe2=-Manxh|!cIDL1;E&3^3v8zDsbIDVDm9)Mw<~~zADjo0=;YyRR0y!O z2X+S32|=jAJ7LbkKqzc7=Sb)|f{*^8q7Io{BeJxVO|c<2@SUSN3vD=->eyStd!4jBuRZA?Z}fe%Li=r&VjhV~(>~JYJDv*& zE%rGqFdh2nvYccbQAV%d=z}z`>~LjDm5foKyO6eZOusI7ir+t$r!gW9v`!%L9jpy8 zc^0f)bmx*X@Q{K^(xy%GZ-G9snr5J6SV52&4mZ;C<4)q_e7yyU_xs?kl2A&1`;Bt{ zd1U4tMScU{i^HX6l)7%t88qX3kr4~S6|???=UDE|O7qQo&jO5up6jaLPRQBdv5J13 z2wHP==VYo(V{7yDmjO<|op7Gid@3mFVXOO^kR+3s+jy(@wugip>)N@&`47^HY2^;* zM?3o-nykZ}nU(X&cDKiNzd3Gqh^$ry)AdkTe~m6uY0RCZN^dm)FcD`Y+~v;dP~ii= zmileId*L$9M)CcOmfGrk>}yB+PR&C8?{Cdm?#8pFG_80kuTZ&;eX`PAf-8WF)lrH* z3gbq(sRc)gx?hZ&xG^8+CD(!K`fji8n+WBccz7{bDBMqCoZh#Na!MdsPqE7yY?Sti z;qFZ|rxrp|e?cA+_C)J_skjl$twXUmxx_Wep#2K(J>12}CToyoT5hONm9AtM5}VC% zr&)_jJuu-BpZat_G6_mea7DCIF(%G9Q~!iNxHg(Bt3dJ*-N(mozfu>M+SIojqMwWE z7p#xw&+#ATvUI{`365Ikj;0E9;(-)%)@TS*?X(QaNEe8!xsV^Mczy#>v%;&}arR4I zc(51OHmVlG@2;J3^fxWQMOp%8mtn1Kf25+%(GjNPD`r5#o=x}J(#DWKcF&ld&t;P2 z55|k_FO!B%VWJ5JvZW2q+B3#tFVk&}3yN5d6o(?b+ua^lw(z}{E0%dWjAWUu7_)1% z{k!?ITHjoq%&Ij(S$HCPmXpFMYmHGW`iX`7G=Z^GTJ!lWkK6C?b2xr-DM}1;25jB0 zW;o`7;`s^H_8av+s&)J%eq)-HVAQM{TPTfsTKs!uIQ6T495>qP>K}L!20&4 z;UGTulo~pYAY4gj?EgRPy=PRE$=1g!K?MatvY>#{1c4??j-o&lMI|*+5VR!-*yJQA zAT$|C5+y28pvhU1fW(#{IY-H%$=>QY?|En5agOVLyldU_ZJedu)%Da*1J`>3s*&Zg!VNT5lGJ$;r~r1s8385i>dHzkOYURXO#yJ5jjP92ohB=(+_0Q-@yz9x<>s-hsjk6NFkpaz) zV(OJG=~cH|=ssTfQC3`I#PjNMo^tv59v_IBRY^82RDQkg=c&NZ#0M?r5fgWT7Ty^n zrM?Jl*H^G%bhaYMr4_{kPnc2{+N5=QnD^X(&Z%BAn`^XrD%x zFS*QFXfspDxERvWCGkgav#`kaM7(4lRFv+zJoD;di8fu_yP%W2QsvPg54_NOe@m6% z{+Pma)-|y_t|ydZ0OqZy`I0?%4dH7CgaITblQ%bMVON&-5`Xm~pPy#&=OJ>Eed{Y?-U={=z1YxZ z0s9i$j(`4sKCX*H(-zv&N5%Vvf*fw_=PcH#%+dy~ehZhY0TMd+rH!$VCl!gVc;{HX zfFyW@tz}p4vlWOn3*s02yNF)fJt>{n{%gkne;)_k3I2@5r6wseKK};Mt2Ad@eCk)r zCXCW&VpU`L-s?U|bZ~Wi3hH%S>e2_Z(*f*B97*n5ZKgn>!%Jg`>@@{S%VxM`o>mak zbApO+Nik4ybGPf)(xEn>O?U;1WTOV!Cf7pHR+qYiyEy2S<>k*WETL3DZ}xmFx?+4G z?nzQ5!t*bsi2ohfy_9%-Tsm9CNyNmM&E{N~sN8>;Slqw1(DF87w{d^%rCqZnY4gjG z^5+*UO5jn7csMENhW&Ea{4<37nvKt9W6>|TZpZcaocLds!~}6{`BK#bQ{R7_*nfSc zi8eK#onTIqOQ`;DMt`VY-=sE?NWqo<=g0r@U&Yxk1LE~|zq*b7^BVbMq&-exwVc11&Zm^j2tknI z*i$QM?NqHMv8;aw&W`t!-Kl>a{@$2skqam&q7ax&YD|^} zuT1MDcdg$I^-%65zg0^plW|YG#dK4E2Y;s8T3>jRTCJwcZztsfiIK?{vr!UHo&5K| z8y-iGDp=lv*A{;Bz+d7UQi0`m*UBm5cONB$Ta&7-E`OhaKVMyr6j@rZx{;Sh41fD| zorJ2RLKwTG->s{jyI`*{Y;x53?biu{ztoBRhwI5-{uNRa%m8iSSk!O7?!VLY-)Z{q zYWjco(s>hiT9gVt2Xxk1FW%aH(@g-O(EhRAl@;fA{B=M0Wj`6CpcAn%;P*V>R-R%Z!yIo{N*DP zAVdFNd*z&kQb0UicVWNcjxpI{4qnZdvAYz8l9)&4k2L6ErOkT_QN+cDXBdw%gI5x0}qLD2ke zC?>hYJMxzvgQ0saPFUv}5;2DU=5u$9Qkd+SU#XAoBz4mN_Su^~sBh{Vk}P2S-A){I z8*J%m8|ixHzZoK3JczVf=3RC_{OwWw^^Yc07h=n=__B9${^lgD9|A|8pm2AN;_uGB zw0mIW9Fhoaz27X8mP`;M7P=ToasF=PzF_1EQ?TOpzdXmk&l;aFI7Ndxx0f}4bBxw= z;6{EyxJb_Xa1t6UQ8)L3K^nLzr$?b1yE4%(c>7QQ?5JQz>Tu$Yf z@%7+rTO1%cVDTqrks^@U5@lRIpt_P6Wy&vT>Ar7~s zK$kHTNG9eAui}!yJmr%NGI6|%LZ=4^uKDaWCwn;NG?@Cf(`36 z0D!`;I!}5#I8+=i=b&y4=%(4gd1WL)CAk@h?v0O^G`zBNTY43l41ZLv9qra@urwEW%1y?EWd6Ru{uKq+*PT_c)VU0n^HD>$&_f zOWcS_u2{#-GI=$VYUx~lw4vko>8JvCa}mcC>A!Aie=Ncj zMf@}#J9*m`u!wj82^~2NC|NE71NJ0m)4`US#a}oA<}vmPEI|3ZejQTP?f- z>dc0AK#)%jh&RQ}cZ1cL!cyZn0Ia#&>vVf-hDP7&a^#aZ9f}wnKlR63XBH3-2qU!B zX4U>Q$_Z+>jmuZ)7`d3cjL#=J8BvN9f2IE6{kKaTNEm?mXbhNcJHnMcn!&<3ody^P z)B+%z)8L(4LCvZK)ih$tk(xVAlp0h89;=q9yEJ;~B-xsSju%I6$SOK1fgvTM25Z(F zn(wPXwZ4iiB+RiXDF|_DhQ=~=2qelRZOsRqv_-PVjF?yG`eC^nF{4gn4mu4lHzYr* zPI4Lg&H2HHq#K0XpQ<&aEEPC6bG3VrUrh#}s$U83a=S5ntMY+=b(6r?nQ|9+{C3$_ zfetEw8@uT{m>MQ+cmnjKL#DJ5GcI|(vqZ)A)?VaVot{VE-1Lb_Oz7@()GlCazi%B* z)4PG|Wk+SN@+;R;x9X+6b8a;){5@ODyalfPIqfTanF|)V5>yLAMmak9a$WlH?B%eo z1*wjEBC6|PCW_9U9n^4tZsrm_CDF3mUGkZ0-hln81oWn>6xjRujv#^5SIFbtTXIhAD_ic-Fc2d80dxztdoqBj}JGZLyM9<#TpTC33r6 z$)tAfxyZ~^dNeYO--DA`FtE5>yK9Ki$w%SJe8M+9Y3WdJW)7Bh>flBrxJPB#fmQNq z{kIpu#ynV@c2Gp4lnW@cb9o+OlB4H?9-+ZI(hu$Sf9|;*KPLo7#8xxb&k+84#HR4# zYL4e%K1<=%2h+55x@^xw07h6!;K^bqOk|McdAM}e%z<3#>%}&Pq&E}b7sWeT%JU_r zFhT>J--+`Q-u>PJ^xH;`0dKn(1RFYJPL?!E^Z@IrPzXXs>hsr-_m-l&(u{C`S0Tuu z#ds1<$ZW@TQ%xKWls#M7_Dfj?at8g7C`}QwFeY5>dm8i=<*7XyTNgIiHe7eru>*)X z6;9I7X#TF#WURPLJO?C`5e6cf(p%wRof~^NxO49ZQEH$u*(eixI33aHY@`NHr0vqq z&Iy3C^#M;RcGl4S7AK*Bi+IuipLuWo?&RO&JLI(CpH@9ny(3I;n7tsS1K)+ySANS_CFQ)ck zPvD!an7ZQ(QE>cqtjir5=H~HjlTLJigk~*Ci(;QYA%P*{7AL}zp*9C>6p!Xo4OTRt z?lxfa5^r~WICf=jlZ|)=6f$`uO%h<+onA5i={knqA%GE8)NF(=X0J{JLj3)H(q9S<_!Kg{wA?rU91aAVJKX2KmgImNNf{Pe%)EcGBW#iszuH2 z02d{@7K~w_V!igL{p3^K1d!ir#eY;8{&WVfnpAiwMfKdAx9PG2cr?^t<8=Ri`z1g5 zRyyg3i7`0JjG?hz=!R%;j;H*X&)4hovyRZ!1sjj028zs4MzT4X7A}&`x}Jo3aeE_f zR{I^~jl+lS?3{e~@uH$kAk3iv-Sx<`IGvR1lQn)jBqsG?u!Nj||A4sGoEum&FWXiL zCt$-rzyZ>HUS_`m4{sa!3jI!pI*VejeMZMSQBYhma{oPRin=j3k)o9(U{w+wt z2vqBcy*G^AdWbQPkX`kIr|`@4W!yO0EyIo&{0zK;+rNE$a1oxC9x#a1%U4;x<5LxG zSC*fKHmYW?P|l%m2N1L&8$N7uOL2O&k?GV{EY$0UW~1AWncC=(oGozPhJQD23%#{A z198o+)I{z6WAbg0*IP5O+&hBDmq`8cMrz4Lvv~4^HH+)z>i5$*hm5tzlK2(^utej{ z0-zB6U^$pVxX_@wNakFI&D-jLIcJ;YyxnzAxIr`} z@)jDt&r{0z4Ts7>BN>;9YN|u}R?I*t0a4P9h3L^O_Z5*3cEiK<^z-At;<0?*&fomNJDWBEZcXVvS+xfI9S=DJDiPK3LN@GrN% z>_!;Z{Sbtk*pebsn>LG}dxP1QJkjj$KLPa-HCp!=yj%P!^vIi~faV{}q%_H5Xsxzo zI;cM{eJ|vqypHeEE=sJ;V_tEo-{H=rbi~aBrqiv@&LUUI8aykt(&i`@o&j&`lDilP zY?vO}vin)4rF2TVvm6FQiA*lQ1tw;?3HLQmHND2RFE=(R^!3OqbaR zGB0LAQE%Ssbiu1Ve`CnR})RON15Ty+ket+VMsTEJf;qw4|L{M-hjCzRM%YNNwMjri`PI07d3o zT^Gml>X8Ru|10VfcuRjdcd zl`_gaK2t@)XbnJiZvi>F+%iL3sV*X-V^;QqR{Hea%Dj{e-3o>jtI*eHcJNg2J zOY9|lJ&E8s?OUfAVGXBhTQxFNM9T(f(`v!uMe~IU5--4$U);X{*73wh5yEGwMf zF;7a~+gD3Ddm*D=S8ne1t9}0?yLV`HoeZO(%{z(N6nqeSr564qIK13q%Vu5a;a&V! zD*={q>))mYnI0=$9GlO;mVAGbTr;2?+2oY=`8g>zMk&4U>WaOm(&C1)&${<{Mh?oH z;L=ESFL3E?UzdB=GcCa|MibFvnvC?137zmGomeQBPL)QBnpZ)(p}(X^_*RI5;+jaa zg6G9?tBsC+&k-m$73fnIM=WxpBCX002;p1x#%lS#)fS~lE@dEc|;%9FQw zsYFH*N~)2JTaN_vSN^aKdscYZ>}lgcdOD1bLfk+DdA`}ykw(La4Oo5GA_Rj>FxUvQngyDZ`kKIXWK?8f}n^rS9(0}>yb6M z=W~%qm#rP+#@?3n^Qi7;&RC3_!?n9-lFgnD^dZ(N7V@uI45#`XvEaE=2%@D^OK!p( zF9bY-BW+20Z$x}{dWT5l4%bal5utc~_57G?bH(+W3h#GG2ZfJXWg;jb-;_>mlQ_@{ z;O7VZyn|9)lY)3DC4~{0)}$`Ms7RrYqIRi3c!5QE%om%tuRz^}e-9E?XCC0Q0gkMa=EKh=a|eR&j&K zM=CKNhwRDTv)%}3%f6#)-CFxg+S{9-oiCF@#Lh8wS9Um2_3O%x<>`*dNWq0vjH%BV ztuzxu!r{KdIStmZkV5l zCCvVC-VjfdXc|cEtj$wj4#;YmEs!`EuYO}U_G?npy8b?b-Da_p2TDi}8z3*wBDZ3% zSN8E=8`#>_W0MiC{Mt?_67+;JfFUWhyK47394kJyw(WgF}E%;mGHbcGWoz$p)d1Ul`{o%2s8iSnVIk~ZWbj~6KS%( zOuV1j)_bnQz|>6g1Ls55;2e0$?9AI)sBO7_IJ&KB7H%5AdhQ#$wRhuJBLl@H7c1n? z44dAuYwIkR>)j&ikQ4hLVeq!?d8VckyopX{R37FSIhw-I9?k)wT{`7mBmLq3S`EGR z-q&b2A~c<%?Tyk}SQyGpdpP3tzynYdu*hqt3l9=I`cd2w%{%%4myQ~2K`9T;O}%lR zeEFgy*37+(P9Ms<-&4ckYwogm{i|3eF4bs7edm7I?Nrv)qJo6j6ZxEEnd2$4xo^!h z`nmbHxUd8*X=zn=Dqo?R?jz^?3?WaJD4^D?cQ5Lm>QBC53Hh?OsQAl$maYTejMGk@ z&rg;}LmSgisbL$6{J1QTt4S*tjPJld^a8GfzxW6H$4uT9DrDDK4TSM^Q=;q_q3CYbuaewwZO zQRo@h$sr}H^fB!0O3MO~d&`rgWj0%wt-u9hD1IU`=Cz&?9YfaGZTvu+fK=ZHwTy#Q z(Bjl1nIxMmx73}FCpHEJE;U=-jSgL9gKgcbl5yP!vrBGpqRfTL$lb+((()&FI=mgR z-xnF<3N%!FIS8k=kIrIwe15D_!Nuk>Mg}zxYgiujd`O4BA=*-$GE%Z+^_(gH$rtK| zSHDG-NA=Cf-Mx<*kO@b_2DAE=zuipidTx%k(R*IA`wSM3yuw(@ zJk@k+Yi7LU0*jfGni0B-5UQojQ$6sQtls=|_bt-B0DV*++kFz_Ah!N%2_^OxA-!UV z!uQQA7()_arhbv6tq_Gjm0T8bKy))*#z zt&P1jkX(IfB2CN?5zas9{NvU3{eIW$^9uz*mY;Q1kc}~etj5vZ=+lD<;IlLhY@D*s zx&pFKyPq}FpWIn>7yF!n?GL6q~Aub$hx zZg$r)>PSb)7^2YT>f?bCE3a&XG5Nw~63EuODi7A;(6;Y;iXdwH5pO1sR7EThF-d>i z5dyu6Q;KM%{&FQS zvAPfx(4+>?V)wHx^a!dm%R7klj@X?xz0z(>h1M8~Kh(qp!m+RVQ91ffjNnfr(@CJ! zi(vhrk`_^xia;9_vj;NdVb+k9)dA9{X4klh7JF~eY6Mf3oA&IYXN{Js)$7<(bg17x z=8mXN9}klI1g!MFK`C}K-2_5{c^0?urgHKhRPMK3G~De8zK2B6Y|HGtCnK#aX#}~g z%_8X_)+Q!Am~z^kOWUxWo@TNPhC$1Uv_LQMC4<6)5Y={q)g=YuY6V%T#IBOtIe0C5 z&Lbn^+NC^CsrJHnt6q7^IZbM#ir>|PsxVgZ5L>13ts`1ka`vpY zRa%q=_rgC!(WKs*$>p#}VZuUCYWbSaYF$pasLXn}8mi)x^#tR+WOf)+yOSZ%)|k>n zGWu1Q142w>fB6$Exjw6dGwDm-1#OCrM+vX0n}#?Kc0Bi0Q*UYv^Z8vM(8frqBmHRz ztg{^QFYIS*OB^KeAhRh%mM~+5b!Ze@i^-P`L{_49h{R>Nujr91-BQj)RjdL;2UmsB z&2_(>)KIkj`IgMv&kk;j@BL|TB^VcIug5ilAi-FXf5CZ8&Mc5KZhyh^V6K0~^KSkh zJnvf9-mn@s$rGkrl}YhB4SS}%rTiDMN83$iIv=9b+PdETfS}_X6UABTu$6v=h2XsL#I~$x7lR%vB)PN=ga2yF_{|M zJtWfFryej7jr{&}_p?w-7-E6m1{ledbsp`MT~F58jWbhTd03)a)v8~TkNKryV6sDu zraf51%qT|+lMs1!i7kAiI5U=QuT}K=jD&_{mT%U34Y9emcxFO;duNDA;E!jCnc^f+k%ZKbe^if31!%Yhp_WbO#k8$nY!o9dtd-+EDBElP%F!`bF_6o!4^ z^+Fo9nhbH}mzx#>J@{M0%i)qE&vNpXDFUqgUq2>4vUptU=MK+&Cq*!>zZn! zhb?LInZ-g4{BH-lRNH=A^xkX8F(RKVjB|24UtUy)iO;&#b5Y-w^}Uhj1=c=5m9Iry zo8=2RhkZb?2-J|O2lP-HagS>mN7lPZFB*0m*5$Nv+H_^Eb!6#b4GJZR;{iaGe_Y;h zj^SI2X+VB0-FfzW6}XoDdj0iP0q)ZN&Ox->E%^CcT)l~U5WT+5FYik3Pa>OEI*?ul|GDXgVw&S2|3& zrP3c+!s796t6uErXrQcCi_i13@QBrewIsQcD>@L;7XDW}kxIk&h`ucZ#8aw^zW;H` zt#*d*({Ym9nqGe7seEcmjBm;ayYyzj4N@XZ$zX`Ynyz*ZC&CWggrjD-$?4ckR82TF z)IZr57cz@`d_~@BDxuo7I7;aL7jw7h_~w3p=Osf^JJriOExzpI+xKr7k#yJ^Uj9~K zkFvJy+DYyaSHfIWdy`Wr?Kn;Ol6joJo5zF=%b&14c)=Uaq5eh~wD zpHkCB{Xv;Chc;lUu1KnCEc~0QGoR#3>|);ihGI`7K7Htbie!5%3_J~e@S;KfxdAEI z%;@$*GXW%O=k{p{3+R%Wd2@1$lnqm_Cr<=-2eoa04CyBu9fXsemWEK|J!X!!az^wP zb4pYQB{@TmtEu>WaMOzC(W*|!PuYL7b&>zW)*T)LlNc!QBgXpVe-+I#J{lejTrA~? zo+{CteEXWL;Yp={}1?@r0t4{33h`8Gw<)hJrSI06g*Jnt`wFtIf#FF{cgqyT2h#VR8 zH)9s0u@&||C|i2pvzj0)27eqPN<(crS;X9dn*42B=Fmb}-N~vcNN95Fm)jXFh49pc zlFw$DpUsFI)cp2{uK@k#y#oi}*x+RutgAc`Zf-fZ?fq8oiMH&}2fSb+P8iY-djFuG z`Uy8CPp6i0l((YR#rZnZ`Ji;CccR8Fb5R}Hb_o}`Kgq^zu;aC_&qS#3=;^EicjVHw z7w#z;+!G=ctfMh7?JTTFv{`N?o!}ccXQP54?P{L7^KnzJ=Stz)3+nD(wrf#rR7 z;eA}a7(SiYL^}5HzNogR#EqqHAy0Oj+5?Mm_^&%Q4X9~@E7m1;6SXt1X|4r@N1V%c zwHsgT3No=o&QUlpb0j&gP-0wIHxe)1?v8AwHFmfAu14D$OM_qI@=0W#a`cfwvJt}_ z5BeI4{jB_h!fQY+an`Hzf(EZs6*FuKf! zm#j6qdRzY+G>A3nl9j@woG&ViX8S0 zdOoF@_9*4-QzV84TC=RZyyZ{kK1pyk�WN&;Ct1Me9kRPIYQ7d%*1CRxrhovlEA$=Wop``VmC{UV#%ITkTyMqJ z_OC15C!P3Pd72}op6)W8%y7sn=22Y6xu?%>&2Ebw?q(;6bg>7T7FuxTS#^v(@bWoE zx3on<2|bBudbj-M;MAp!L;R~h%KA$cT%|Q=DNQUL3<$@Fx-xtRI1eaimX6hHC%_#( zejuFYcF=>*o9VtOk8;e+3|stQ7x8McwI6cJb9oDu$K+#sLp_B~hW6YlQ`01JwH<;< zi$(!WpsN=OIB1rstF6PqgWVt-4~^uFjht*#k(O4MuIpXERl6I0C~PY}nD#R>;bvPq zSv6?nmKTXaX2nGt87o4}S@cwV_CKVBaPHe=!s3CkXC-q(Pi`3VKERvr^V~*-RnOgo z!Z^?tQ*NpqSB+To4Ep<@RNSWhIYoyVcm>g?!v<(SLNd_77}hEhj&?-6HshdLrK9#8 zMWt6MVM)N0s(c4RtU$c5CBH@1c6}hLsS?sIMmuplFVZnfwp~sZY49v7Oes)X9oehU z!5I;Rex?#Bj219_tiW!uiFmJ zNqagK#glz;a_2A?NHm_`BoM?w=u4k1Hk1hi%?>WF39$5}#;3$w$e? zuM&#U_a@vKg7?(6BGVt$N**aybv$!8d05drB!C#}!+!0?>O0uzWsMzO4xn3$gp}K7 z4bejBmt0XVosGmDuFZ{DV+Hf(79;pUjdBHk>MXhJl^{Tk!+WLexgyx%E&`%Y@W+Rg3H z*w-FfC1Gi--Rv?4ZNpfO0*zYeuR8nsMOr$M;+5<}&kFce%9##b_(i^bF+=y>YnPx( zbUzYp5JdYVnLVo)2m=0q*le$=ezN8}S{^7OY`W4E$4|T%?MH)$oVleNKQ$0DsfVPc z9tligGrpMQYSClq6Y#B&vz&G%qW~$t)AN;|RuoG}I#DqbGrCT%KZCh1d6X=!8mDp6J%@aqcf8{MWajxlE=r4R6Lg zFnN6zr}QudN+U!iZ3|w}NJ8eF#&@tm7Z(Ci2b~rokxxcpG4j05V@&ct=mLRl%XL1R zdD&6HbH$HZrap1-(Gc1IlZQ$>RbV-NFBb?`q$JQd#09rZK_x?jN<;eKF+Wg#(BcX} z{O0X%P4h|yI9o!?yhoLi5*CuZYRiE_@k0K^u7-42WFUaVYjmwk`UB0Q^%Q=FH#v>` z9K;L**6U`S#DAIu5IuQ&QY<=5wrQC9pk`sOz?!oe4Te-cJ; z1xaH8FaZ|Cbm=edPk;VsS?{EOe>O13r4h9Fx=0)=@yku?&qs%MRzdl{5ZYhX!+#;P ze_rGNh0yT-%j*3XY5e~r`T1W6?Y|J({{kWZh0y*dy7~VPgcjuLeMQiM>R4}>wkOwv zE9T)}0>b|d^-_$_vh7$l=f>a%6XFPfX`CxwJm~J#L5)l9S`PyQ|9g@^lUveVt>>}Z zk0Pe5o?W?j_=6z8AM`In?*q)m5Jx{W<5Dd^eG<(PZREOS`Y|J#b9^ULgnFhWcttsn z$?JG?8noug85vaO%6ka78A%6>>&X<3N?ilu>b@VK{=!jre(DzR2*dez6y)4!8577I zDP;OH3j6DSr9ko0hOGH3?#U42+Wa-+$~QV0po?7HkX3Q#GmJVAAx{HA)CZ6GPS8EZ zkh|#14F}9|j|@I<-Lbvhm+Ssizzx#1Q91m}l6K!CT;&&+pVEl|jv$q~X2G|XGk3Qd z<;kQT=7QdH&B>=bS?$lRf)sHxuBa1_1=Yyn$*Mw7{i4druY6`*`TVb=`*WsKya@k= zkbRS(4Zo$CLWz%)uw&9YLCQ98b4GC$nnQWVVI*bld)36rnjegT#>n$vuERko5U8Wg zn{j%`$zzZ~=(p}5`wt~s}oAO76z|iWJ+7`)B80CNXDeU-Z`8h)H zVRt|R@#5~g(-|>Foa*9BkmS$nZ5f!K60Ek?SFYjXTvp5}rhzA`eM7kbnq1Ge;cS&B z--$cv7#JXdr10-SvTFgv$nPz5cfAfej015lXu6=|7YeMDs-=9K-O)5?5W&Ofxj$u! z^Q~wVbOj24fln&cAj4lcSs5#A4c|<{R%hvgghjlK7k6iRR6oGH9x(P5b@1p{Z$%Yc z-J8l7aqrL{@7r=Gb@TuE{mhK+X3fH(N!_oK6>xL@c_FB>iPZZW=v7la^f*#25R|Ufc@TN|n@zusDbmxRCYV}!%#pl#+Z-UyP8!j;sU%o_@J@U(S-kYC=kB?LM z!lhvLbx==wPK&EGq5yS^jZX(Glhu$MFr(>l!YLS4o_${U$pnYSC2 zr0zP+j#A#OZ#DPU#1m)ZL&{cAhxh3a(!~9o68kIjSc409n>?=d*0hG=F`=q*) z{&8=F_utVmSDt@D#~LKx7;5>uOK{7N@zsD?Xpd$$ka3yzG2aidJ9&|~5hylD+{y?G zP&mpJn315$)GRm_#Kh5HwpUwSS8MG_a2{?QZd$p5z~E&XY@Ip>;g1_>Yd3sNf!335 z5=N1fPHIM517@68X)?Ur1z74{sBAI-7>!xv9M?!XO7sG(B)dsn4CD2WZ!29h*cI$v zi8Smejgt#OTwd(-D(akTs&eooa!>vj>4oEF2^>|n{Me_<#$8v6R8sIR9zVfv*ulYQ zR+>9tL$awi1-K!yA{cC;H9sg2_4tD9)l;O;KQMGp2MKm@fQozZG_WG(99!(;xUf46 zia;p9VO8z0?4QPUyJzl$$~-mdZ2<|g7PyW^o0)&>q?YejyykYUf>GNz3qf5hNT6lwzb=$6w@G!MWnsFRUwgQ`ue)(23q0y#D=FDCVo(x7 zTr;W|SUJ-5@D#MXg96P)LJ?OM_+t`;PRqi*1G5f+4tEL6zXzU=K(6H|6PinvUJE4WeV)A zpbOza2mJ+}TE_rqWeh9Fb#rVl>|DHW4Jeip>jQ=VJ^ueZsARnhA$*=fOeFu8;<8=6 zxn;vdYe=|>1lCX#8NZwPe0WGvXO@n=aSDz@iV*VXLgs{~s4?w?pmY9fR>V6NJa5g z7BGfVnCT-x)In#Y|T1p?5O%iVmhh!E}7@XE7C||t5}+Qpogw< zA?W@J`smR|O&JwHZVcaq_@|Pzik0?uS!#`KY4h}ELrPnn0%q?3u^i(c{FdtFU-_*f z$nqAzjI&Te9!x7jhEL~JDZ1pL?pdDujZ6dD?AKv^ez)y?ErYdXsUlt@VxFS;0&x@; z|M&n!gu8#1MzT?S*DYIs8bu`o%nK`Cs;AZ>@=pi7nVQK%b{o+v$eVY-8{3Ik{XE3h zd-h(LI!%K^#0{;6(`<3_`q==i5J#ImN!Ll2Q*H6nx1ZX|non`SwUFv~dPlPB@<(V) zT5}(8hwK%K{VI%D5`5dx<+X`2{uV3|Ilv1~O2;_Yfodz2%O^?W%m>M^w`k=`@|RgC z=}LR$i!f%NHm!`_!rmJk`By3(a0;Yzxt_oylq9x=5DuI5eXN@Ex%?hZ3b9O+=DDc@ znCJ5p7p+7zTnk5)j0#+&rnhYq%_LZM19cKGNG5c-9yp9TVCcu$hatd0zuY)%<45al z%Xj6%PdA&(1rhIAA%-cMH@6}-0!?=e$fE~6rXRH4pF)Pev$b|Pnt62&WOzbG%%qmZ zVkd4z802cCqE^Cpw`UNgKiwIR=AAvXQvQuu84}KUd*VMs z@>7|Kl7AfmYCO&|c@a%Cr>Oxwyk-_pGJ?S>CvlUJ?q7V>7~Nc+`e%QhP-&o(j2eL~ zMXpCe6p_|cD`;2N!f4tMRQe!}UOy+FW|^ydNe6!r0s5UhPd6&m1B_MsrWaAq>5nHe z47SI}^(ejmldNg$}0Ms2H?d7|^b`~g}~ zMW-P@SB&1HJ)IIy-58s?+BfaD&O7Fj;X9`k(hFt26l3IyxPsJ(xsKTUsNs?QgTfxj z2cfTi63&DAqeKKVT4|Pk*0rs!?nmTi5QhPQJajZNRj885)}Z%u$bde?|7Nd%KNfw- z)SXFrxRP^OA%eLQFa2V}C#VkHXBi0P(??40cSoRQqxacZ`_$}Y=8~$LC{*6U&esyS zOpR;x_XV3VFSR>ve|DB;+OI!P@3`yNt5drbHB2X0D7|1`(yxsQjVkyNvjW1owJUtd zuLpsKV6bSV(fw{^*KDn3)CV{SEjxG^F)yyHL~=}vX2X5$kN+`rY{56XVb?gtpCST% zPQ-(0rqpo7`~gcz{u`DmsRyVOP)-nzChx00J#GLU&+6jT16W+|Q(26wI1Y$&I+R6s4jJU-peO@*cKW^*>lCsK#GdsT3Q=JFEe%qMVveK0OAsOh-el?VXpA z3xZIeKHQ3^7xfZ-ZT`dG&Qys$GlQ~gX-{EUDiZ?ds{>`O_RXLnT5orsQA9*2e|X=3 zHerbl9Fb9(-CG&(*@<-HjC|(w(_$)WV1V`G*WH8(hH}rPBD-?d8c!INR@Bb$ zbz*YXn#_t&h5OS0O6Q@yj*yRdMKLG|J5)kO3yN=$&79FH@p(jFi&K2XRp$*;n=wMA z1q+iryDJ9y*EEMy-=sf8UxmEK^)>ccyHydBH3u$rFDkmx4yw5-gZ5f&X}ZY=S&6_t z+X-pF+iT9)##^g_LlQ?AC4!;_4o*bJ=5e><5NPX(UBg-0pzOB=SIu1O0%lCuh!Ou( z&XP6r=8r6&B8Lg_v0aeEQff#Rl4NG!^|p}6CsP8*=^`Nv<6TS~D7Z%;C+HI{8K*vI zvqZTp8J9ro^N6q{Was_SnKRcWVRz&nVv4|-PQ#vv?0dOHIJh-wRmr#xPRN(3%*bI?rjisL_0$Xx|0AN$ zPs>?3k%j=c$D;`Y9}_fS1-nGktf=pjzq?~f|8;IZHA4;_{4M-33rxH+SLNanj;ena zneCH={(;civdPs=qEUymC{6ZcP|JD2g~&h6d8BC@jFlVZgk({6X^pJT3Q9v_{agS6He9FHrgHT+<>TA z^x(fZ1|9O-WM6{fyAcj4 zRQ3cyc(vq^;LxbzJ|%JnM$C^K%u;)Hb&d8wl$7ki*B{iEX<;Qd?Cmbgh zH0oPjArH4A94VV6eX0m;udMhL`V*C6GOj@Lh*IZIb0eAb`$capISUh(Zs(UO)z4{E z6|Yv`t0VHu+E!BX*osW%u9``6=)_sqoWl@zDcpt{CSh4TYUYnrWSl;WjTvQ4Y@YkVYW!G{?5YnVYzFCTDNr8U2J?r8T4iwq=nPES#O5jff|jxl|0NlVqO9W`QzjbZLvH zTe5qtA=V-J#o9Wywoaq$$fJMnBxzx#x~rnQEWi7}fELeeAcOqVlo;i1199XR&uORN zl!tGH1mDEaq~^$j6|Z!Bh)n)9Jgk3Av9Do18WtxfA`e`M%)j?jJ}<>q-eECx zO?aBFys%lrbMO8w$1~4IvkXZxj#4*+m}L(Yq&u#NR^>l>u{K%}^*sAQ7J7t@{_PbM z3$#}@u8U#aiTRf_)u2s>G5Ny0eP_)DiT~kQzPXIXOxMcqqc) z;r)p#mmdes5fxXbW?DHX!uSvg&r^REG$4()F(i4=HQ4W<*pyal@P6&+$Ots(k}Di ztWnXpb|kl8pRVIm@kc(P=vMc9(U+UH6K4xr>pZl`)im~zA8jP86;<>U?Bh?$Zt0wQ z9>#sQONtlK^E#*^`*W#eJW&hzB2!M2w9BbZzyB)nV$<#;gKM5%&W~>3yOw8skGE6Z zD|1{Oj@^0i50@)u%KdIao4yoM0&fgd?}5DOJl|Ryo!gDE23^CR^p!0s`ij1Tpt+uh z**@~sy9Tu7FoyB?J^eBx#!1Am;+Q~-b2*^1I`~Dh2Le{2p12?dZ67*}B8?uOOW)o% za**08bXt_=_K26BIKL2+%nAg`H!NGz?!{b zE{n1gyyc@*XSg)h^rcI5A1Z5Au({Zm52^I9%MFU9Wb? zovJUkR+vrUU79^zPWU4dNU*rRs8Sy4> zrK>W-Bg{;3f~-c6Q*Y?eEh*2#n)t3I&#D6{Qj6K6jNZgTm95V;w;exEH={ai(&<{W z^Eag?9K$e(m)@$V#U!qR2ZT27thTJbw4m}asYkF%N>mD|9Es0kWT660+j4&n3a1Me zc7D4qli7NB^iiMDYod@z8e?KG_WaCBhWF(D5vu-tcVp%KvhJbtBS5FY9u`=1~)CIHFZhpL`>Fmv{{D6k4fq_8e`drqpaumM%CVl5|>pFM{q^)!(e1z}y z&2<7jsL1Uok*u8YQk(-?J2M%9Vt2Ak-H#-Hkvs%lIv&(|C#{2%zPrz_SCohpu`*Z? z+BWcHd`!c#f!zIi&)f6Xbj3b)QgmL|E9G;ZG3Q>e*;#(OXp_H8db|VO5_SB4+Pm_1 zDBJ$c7#`VE(olplD$5MYmR*#P9wECL>tlZyjAa-TNhDD-vP}w+C8C(D$yf%7kYzGb zmL`M;$@09{^d8Um{T@g12fW8SKi$V1*WCBqbA9f)KG*sAoaZ^5)eCZ`-B0aul20w3 zX(FC@^HmgOQ)%^XE3asQK=F$?4pL=%FH1@XW@X6Tu5aN8r6hhPSi8p04{)bH4A}X} z%^x9`Jz&k$ZLZ;8I>g5+MS)AOsJ5+FWpvNlq5%)%)?WZQg;l*^s%`OnevA1-zdfXkY$0XTTL6MijECc=p7xHhI=ELQv+GPp)zVbBLYi<|P1$sh&qjhtTj$ z77myIh9$o9KER&UXr^mf0bHD49>(gJTi^r8zGd}ONll*SF(e&Fzzok;Y(A8Ap6+ss zeQEz*%@QLKgX?R`G8UoDr)DLuW1x=H!?JQ~C(aQ*jkO=3CZ8o8k#iCKh>w^Wj9#8l zzh!E`!A5yYV3L${rU6!csXStBu>zMxhp{CW;0#vubreNne+y^`9$`|Hy3vw(h2!ev zt%S`$ej11sqz$(BQO?+TDXVG!++$zUIr!8^Y4QDija_lPq8$N5!{R5Al3g5UpT1pO z?)4;-fK;J4)h5NK*}w(Olmjg3??c9_S{2|j25yqS#=2uRvQqP&103$++;Xz^mPc1| z@m?~1qBf(#{Ieo*sx!T>BS_+D`HYzN!RqmI_lBBRnLD7%vne-v173dqOxRZ0N3%=&(4~2YGXp3v_959#zG457kGxZz;lR3%i!!bX)E|hl)6($)r>DQe<$}@; z^u=T2zMt|B1iqsLHopQ^7LL0Oiyg=NXlY}+_VQHp2w*_1V4o)*;Sdfqf)4=w?n3sFmUj`jSnccUDq1#bi< zIJ3yBjQZ=>+kOf~7Qc!-{Q!H%?#orLY?ThBZllCIO<`XqfH0z*3OKDhSB$IY{qn2@ z-Q4?x^NOU(!H#bw=m|Rj)hBuYzdqE+e;Uh;HEq zlVCAWhYET7Lib|*91ko90u9zb^`uK}ICO1Bn2mb*~jYUvGLYxbJYkgx+P zWSMo4TY9yshl6?`mHy?2_E;TJTRZpn&Sa!VsNu%)pwk^1eL-Ub03c}$!MC4=bXksd z02?`LS(}Q((sntbD!#H?zAmeVT+% zaHZZAQcfs{)%{#3>=)IC$aYtF;wy4X4JaE?=b{0AUJ#@LBp&TAoC2DVfLv6I%RU)H zNnp0j#_Q;J&QHNNQy5#Sh&@B6eB^>K|}{=wk?t_AR{%j2j*8Zh6Wu%9Ln9g z?!`3nz?i;WZ*O>s4Z&wHhFPAKbsLLRZnEOUy?SuKPD}ZeS9(94GW|p5szY{6I)5fk zPQe~u`9_;JI1^B-9zawW10}}+f1)yGeIAhfWko$;RB8U8cY!Nkh)uYyS=u)Z73DSpmb;jfi)UymMF%5@Z)fWaEj37AvIe?K>Q+UAL~ZqqmI zG$8R-_2p&ix||#|6(fIPvO7!T*mOoIH3U17%P?NSfJm5noHk|rRF>O5{v{AXVY_V5=P&xdpF@Ja}SOo z_D~l(MfFiOG`QbaCv?B%gMAh%bK|LI>V=2GlMY$fE-twaff;jDE0`K)%#SiKO;Izw zdF;5VB9duw&TnYc)}EB%a5%8i1~B8=Klsho1VUcEySkV)$yO@bLpv z!^y9K_Gfv&s#D0R&c~2bYu{ASBU4K-{`{kTuDLkT6>%8arMaiE;m=PUiXMAVASG^l z>b?jJ>vZBuYh*l~Uu2eVHZaSj8^!`RCT`W}e$9S~EFudZ7hYM=hKMah9J=K0TEx(j&>&$=ioilu4?#sP#HX-`#M0QbsQAdIxX1-8Oe$RFM*avQsST^*#fU zW%9HyK3EAHD7JA8$q6utIdO`+ZQvz#^ZRm%PvI))Ss1>zl`}h}56zQ-=C^-nrh~VR z4U{_AbtiA$-Lv(xeHoVwLeIIE-S?5^L~c*n76R&{x74H0FDKf{tj1NGJ1R217^VCw zwMAE0{Y~S(kyf~0UKGf-*m=LyMrO_9Js}!EFxEm%n$OSES||oO^9=3Kj4fXkWrOYDPor^zQ%v~Hd~*ykGYn&D7omZcje zmZbcl*_ZD0|(=u6NlNl}+O_Cq94>W~EQ0I@He3jv=__*RPgl&BU#??PL z@gB1{i{@PlTY|7QaNAE6F&h2&n)X((ED5fj*2)VfASGG*8LwgC?=?jb&_EBCg8!%agJ?v}If-^i4&$AXka5r38S*$m}cT#*^q z#BT^JG#%!W+v9JFVz|gF$M+=(qQt$2D)Q(_ks>S_Rq2mdd5J;7ckb>-WN3504|VtV zf%v{nQRx{u3VKew7NSO4gXzP4sx?3$EtyNU>Z$m^eQq^!jxiOeFgV`)EscpeP!5gT zeob!hp_Gq1GPQnN`$@yEnQ6HtHb~|4t>bb~E{|JthWAHg=8#|7dq@izI)5l|51k0A z`v#~fg!Hh{5!%L!iTOBp@rmDeU!`LuFZG*U&Hy!sLi=UVLgC3HgFMOq+PWJ*b&Qr; z)yHe6u{^z^zTps1CPhZyN`LVY84_If7Z4h6?7f59uPsRRf*u(l(u}3-`CQM34Uk!!#kNSvjQW7(@4A%AgWKei^&5Q2Ac*o%upX<-j0g zC+zv1s5xlNTtBScG%`Wu`iv$qMHG7 zaEwQhrcXHCRgZ1J8*B>bIopW_|MQ`}L=%Y15YM@M(`r*y|K^+Vo6H5}9U1Ml0J;d% z`T|(Acl`A(3pn#I{X>LZhC0EzD?_PlcOVN^w}*VL++pT{4bv24LTn;`Nxvp`=W(gg zxD4rogdJ=qq9Kuc5&nHf-uycmWN;~ir_!@GAbqFH^%#La Date: Fri, 15 Sep 2023 09:13:40 +0100 Subject: [PATCH 28/45] Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Co-authored-by: Robert --- .../using-the-codeql-model-editor.rst | 18 +++++++++--------- ...a-extensions-to-model-java-dependencies.rst | 6 +++--- .../extensible-predicates.rst | 12 ++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index fae3cd4dfade..54938150f644 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -12,15 +12,15 @@ You can view, write, and edit all types of CodeQL packs in Visual Studio Code us About the CodeQL model editor ----------------------------- -The CodeQL model editor guides you through modeling the calls to external dependencies in your application or fully modeling all the public entry and exit points in an external dependency +The CodeQL model editor guides you through modeling the calls to external dependencies in your application or fully modeling all the public entry and exit points in an external dependency. When you open the model editor, it analyzes the currently selected CodeQL database and identifies where the application uses external APIs and all public methods. An external (or third party) API is any API that is not part of the CodeQL database you have selected. The model editor has two different modes: -- Application mode (default view): The editor lists each external framework used by the seelcted CodeQL database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the CodeQL results for the specific codebase. +- Application mode (default view): The editor lists each external framework used by the selected CodeQL database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the CodeQL results for the specific codebase. -- Dependency mode: The editor identifies the all publicly accessible APIs in the selected CodeQL database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the CodeQL analysis for all codebases that use the dependency. +- Dependency mode: The editor identifies all of the publicly accessible APIs in the selected CodeQL database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the CodeQL analysis for all codebases that use the dependency. Displaying the CodeQL model editor ---------------------------------- @@ -38,7 +38,7 @@ Modeling the calls your codebase makes to external APIs You typically use this method when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL but they are not used by other teams in your organization. #. Select the CodeQL database that you want to improve CodeQL coverage for. -#. Display the CodeQL model editor, by default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown. +#. Display the CodeQL model editor. By default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown. .. image:: ../images/codeql-for-visual-studio-code/model-application-mode.png :width: 800 @@ -58,10 +58,10 @@ You typically use this method when you are looking at a specific codebase where - **Sink**: choose the **Input** element to model. - **Flow summary**: choose the **Input** and **Output** elements to model. -#. Define the **Kind** of data flow for the model. +#. Define the **Kind** of dataflow for the model. #. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. -The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. +The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. The models are stored in a series of YAML data extension files, one for each external API. For example: @@ -76,7 +76,7 @@ Modeling the public API of a codebase You typically use this method when you want to model a framework or library that your organization uses in more than one codebase. Once you have finished creating and testing the model, you can publish the CodeQL model pack to the GitHub Container Registry for your whole organization to use. #. Select the CodeQL database that you want to model. -#. Display the CodeQL model editor, by default the editor runs in application mode. Click **Model as dependency** to display dependency mode. The screen changes to show the public API of the framework or library. +#. Display the CodeQL model editor. By default the editor runs in application mode. Click **Model as dependency** to display dependency mode. The screen changes to show the public API of the framework or library. .. image:: ../images/codeql-for-visual-studio-code/model-dependency-mode.png :width: 800 @@ -96,10 +96,10 @@ You typically use this method when you want to model a framework or library that - **Sink**: choose the **Input** element to model. - **Flow summary**: choose the **Input** and **Output** elements to model. -#. Define the **Kind** of data flow for the model. +#. Define the **Kind** of dataflow for the model. #. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. -The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. +The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. The models are stored in a series of YAML data extension files, one for each public method. For example: diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index a3cf59ef026b..b34c15c57a53 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -21,9 +21,9 @@ For more information, see ":ref:`Using the CodeQL model editor Date: Fri, 15 Sep 2023 09:27:27 +0100 Subject: [PATCH 29/45] Updates for review comments --- .../using-the-codeql-model-editor.rst | 20 +++++++++++-------- ...-extensions-to-model-java-dependencies.rst | 2 +- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index 54938150f644..ce3f5e9cde4d 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -65,10 +65,12 @@ The models are stored in your workspace at ``.github/codeql/extensions/ Date: Fri, 15 Sep 2023 09:35:08 +0100 Subject: [PATCH 30/45] Update docs/codeql/codeql-language-guides/extensible-predicates.rst Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> --- .../codeql-language-guides/extensible-predicates.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/codeql/codeql-language-guides/extensible-predicates.rst b/docs/codeql/codeql-language-guides/extensible-predicates.rst index 56c9075ddf59..8680dce1b2fb 100644 --- a/docs/codeql/codeql-language-guides/extensible-predicates.rst +++ b/docs/codeql/codeql-language-guides/extensible-predicates.rst @@ -158,22 +158,21 @@ Provenance ---------- The ``provenance`` column is used to specify the provenance (origin) of the model definition and how the model was verified. -The following values are supported: +The following values are supported. - ``manual``: The model was manually created and added to the extensible predicate. -or values in the form ``origin-verification``, where origin is one of: +Values can also take the form`ORIGIN-VERIFICATION`, where `ORIGIN` is one of: - ``ai``: The model was generated by artificial intelligence (AI). - ``df``: The model was generated by the dataflow model generator. - ``tb``: The model was generated by the type based model generator. - ``hq``: The model was generated using a heuristic query. -and verification is one of: +And `VERIFICATION` is one of: - ``manual``: The model was verified by a human. - ``generated``: The model was generated, but not verified by a human. - The provenance is used to distinguish between models that are manually added (or verified) to the extensible predicate and models that are automatically generated. Furthermore, it impacts the dataflow analysis in the following way: From d10903a09c6af35940d44c45c2fbb5ea6bc6998e Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Fri, 15 Sep 2023 16:28:48 +0100 Subject: [PATCH 31/45] Apply suggestions from code review Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: Michael Nebel --- .../using-the-codeql-model-editor.rst | 4 ++-- .../working-with-codeql-packs-in-visual-studio-code.rst | 4 ++-- .../data-extensions-to-model-java-dependencies.rst | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index ce3f5e9cde4d..88d38db39b79 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -7,7 +7,7 @@ Using the CodeQL model editor .. include:: ../reusables/beta-note-model-pack-editor-vsc.rst -You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. The model editor is designed to help you model external dependencies of your codebase that are not supported by the standard CodeQL Libraries. +You can view, write, and edit CodeQL packs in Visual Studio Code using the CodeQL extension. The model editor is designed to help you model external dependencies of your codebase that are not supported by the standard CodeQL Libraries. About the CodeQL model editor ----------------------------- @@ -35,7 +35,7 @@ Displaying the CodeQL model editor Modeling the calls your codebase makes to external APIs ------------------------------------------------------- -You typically use this method when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL but they are not used by other teams in your organization. +You typically use this approach when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL and if the source code of the framework or library is not included in the analysis.. #. Select the CodeQL database that you want to improve CodeQL coverage for. #. Display the CodeQL model editor. By default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown. diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst index 74a5992a09c1..f3c6a487fffb 100644 --- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst @@ -13,10 +13,10 @@ About CodeQL packs ------------------ You use CodeQL packs to share your expertise in query writing, CodeQL library development, and modeling dependencies with other users. The CodeQL package management system ensures that when you publish a CodeQL pack it is ready to use, without any compilation. Anything the CodeQL pack depends on is explicitly defined within the pack. You can publish your own CodeQL packs and download packs created by others. For more information, see "`About CodeQL packs `__." -There are three types of CodeQL pack, each with a specific purpose. +There are three types of CodeQL packs, each with a specific purpose. - Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. -- Model packs are used to model dependencies that are not supported by the standard CodeQL libraries. When you add a model pack to your analysis, all extensible queries also analyze the sources and sinks of the dependencies defined in the pack. +- Model packs are used to model dependencies that are not supported by the standard CodeQL libraries. When you add a model pack to your analysis, all relevant queries also recognize the sources, sinks and flow steps of the dependencies defined in the pack. - Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. Using the CodeQL packs shipped with the CLI in Visual Studio Code diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index 7a8722ecd3f3..5070a65774f5 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -63,7 +63,7 @@ The CodeQL library for Java and Kotlin analysis exposes the following extensible - ``sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance)``. This is used to model sources of potentially tainted data. - ``sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance)``. This is used to model sinks where tainted data maybe used in a way that makes the code vulnerable. -- ``summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to summarize how data values from a source flow outside the repository in a dependency of the main codebase. +- ``summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to model flow through elements. - ``neutralModel(package, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the data flow analysis. The extensible predicates are populated using data extensions specified in YAML files. For more information about extensible predicates, see ":doc:`extensible-predicates`." @@ -73,7 +73,7 @@ Examples of data extension definitions The examples in this section are taken from the standard CodeQL Java query pack published by GitHub. They demonstrate how to add tuples to extend extensible predicates that are used by the standard queries. -For details of the mini domain-specific langauge that defines models for each extensible predicate, see ":doc:`extensible-predicates`." +For details of the mini domain-specific language that defines models for each extensible predicate, see ":doc:`extensible-predicates`." Example: Taint sink in the ``java.sql`` package ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From c91029395d26bce7226e4a5cbb702a6aeb30ccf2 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Fri, 15 Sep 2023 17:27:09 +0100 Subject: [PATCH 32/45] Add missing language code --- .../using-the-codeql-model-editor.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index 88d38db39b79..f3f916f38495 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -65,7 +65,7 @@ The models are stored in your workspace at ``.github/codeql/extensions/ Date: Fri, 15 Sep 2023 18:16:38 +0100 Subject: [PATCH 33/45] Add missing blank line --- docs/codeql/codeql-language-guides/extensible-predicates.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/codeql/codeql-language-guides/extensible-predicates.rst b/docs/codeql/codeql-language-guides/extensible-predicates.rst index 8680dce1b2fb..5f3993328b1e 100644 --- a/docs/codeql/codeql-language-guides/extensible-predicates.rst +++ b/docs/codeql/codeql-language-guides/extensible-predicates.rst @@ -173,6 +173,7 @@ And `VERIFICATION` is one of: - ``manual``: The model was verified by a human. - ``generated``: The model was generated, but not verified by a human. + The provenance is used to distinguish between models that are manually added (or verified) to the extensible predicate and models that are automatically generated. Furthermore, it impacts the dataflow analysis in the following way: From ac26330476f5a0d5db410afc40c2cab7cb8bdc33 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 18 Sep 2023 12:33:05 +0100 Subject: [PATCH 34/45] Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> --- .../using-the-codeql-model-editor.rst | 8 ++++---- .../working-with-codeql-packs-in-visual-studio-code.rst | 2 +- .../data-extensions-to-model-java-dependencies.rst | 6 +++--- .../codeql-language-guides/extensible-predicates.rst | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst index f3f916f38495..c5586ba961ac 100644 --- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -25,7 +25,7 @@ The model editor has two different modes: Displaying the CodeQL model editor ---------------------------------- -#. Open your CodeQL workspace in VS Code, for example, the vscode-codeql-starter workspace. +#. Open your CodeQL workspace in VS Code, for example, the ``vscode-codeql-starter`` workspace. If you haven't updated the ``ql`` submodule for a while, update it from ``main`` to ensure that you have the queries used to gather data for the model editor. #. Open the CodeQL extension and select the CodeQL database that you want to model from the "Databases" section of the left side pane. #. Use the command palette to run the “CodeQL: Open Model Editor (Beta)” command. @@ -35,7 +35,7 @@ Displaying the CodeQL model editor Modeling the calls your codebase makes to external APIs ------------------------------------------------------- -You typically use this approach when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL and if the source code of the framework or library is not included in the analysis.. +You typically use this approach when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL and if the source code of the framework or library is not included in the analysis. #. Select the CodeQL database that you want to improve CodeQL coverage for. #. Display the CodeQL model editor. By default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown. @@ -59,7 +59,7 @@ You typically use this approach when you are looking at a specific codebase wher - **Flow summary**: choose the **Input** and **Output** elements to model. #. Define the **Kind** of dataflow for the model. -#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. +#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. @@ -99,7 +99,7 @@ You typically use this method when you want to model a framework or library that - **Flow summary**: choose the **Input** and **Output** elements to model. #. Define the **Kind** of dataflow for the model. -#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. +#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst index f3c6a487fffb..fe1e9a0bbdd2 100644 --- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst @@ -28,7 +28,7 @@ You can write and run query packs that depend on the CodeQL standard libraries, Working with CodeQL query packs ------------------------------- -One of the main benefits of working with a CodeQL query pack is that all dependecies are resolved, not just those defined within the query and standard libraries. +One of the main benefits of working with a CodeQL query pack is that all dependencies are resolved, not just those defined within the query and standard libraries. Creating and editing CodeQL query packs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index 5070a65774f5..930a54113e1e 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -21,7 +21,7 @@ For more information, see ":ref:`Using the CodeQL model editor Date: Mon, 18 Sep 2023 12:36:20 +0100 Subject: [PATCH 35/45] Update docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst --- .../data-extensions-to-model-java-dependencies.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index 930a54113e1e..12df0f6dbec5 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -21,7 +21,7 @@ For more information, see ":ref:`Using the CodeQL model editor Date: Mon, 18 Sep 2023 14:33:57 +0100 Subject: [PATCH 36/45] Revert article name --- docs/codeql/codeql-language-guides/codeql-for-java.rst | 4 ++-- .../data-extensions-to-model-java-dependencies.rst | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-for-java.rst b/docs/codeql/codeql-language-guides/codeql-for-java.rst index cfdd01515cec..23b1ae337b5d 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-java.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-java.rst @@ -25,7 +25,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat javadoc working-with-source-locations abstract-syntax-tree-classes-for-working-with-java-programs - data-extensions-to-model-java-dependencies + customizing-library-models-for-java-and-kotlin - :doc:`Basic query for Java code `: Learn to write and run a simple CodeQL query. @@ -47,4 +47,4 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Abstract syntax tree classes for working with Java programs `: CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs. -- :doc:`Data extensions to model your Java/Kotlin dependencies `: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. +- :doc:`Customizing library models for Java and Kotlin `: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index 12df0f6dbec5..bc91b1f05f85 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -1,7 +1,7 @@ -.. _data-extensions-to-model-dependencies: +.. _customizing-library-models-for-java-and-kotlin: -Data extensions to model your Java/Kotlin dependencies -====================================================== +Customizing library models for Java and Kotlin +============================================== You can use data extensions to model the methods and callables that control data flow in any framework or library. This is especially useful for custom frameworks or niche libraries, that are not supported by the standard CodeQL libraries. From 839f2a6be0c71418a59d89b8bd5475188c930b73 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 18 Sep 2023 16:22:38 +0100 Subject: [PATCH 37/45] Remove unneeded link --- .../data-extensions-to-model-java-dependencies.rst | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index bc91b1f05f85..b1f25f0a3da2 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -66,15 +66,13 @@ The CodeQL library for Java and Kotlin analysis exposes the following extensible - ``summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to model flow through elements. - ``neutralModel(package, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the dataflow analysis. -The extensible predicates are populated using data extensions specified in YAML files. For more information about extensible predicates, see ":doc:`extensible-predicates`." +The extensible predicates are populated using data extensions specified in YAML files. Examples of data extension definitions -------------------------------------- The examples in this section are taken from the standard CodeQL Java query pack published by GitHub. They demonstrate how to add tuples to extend extensible predicates that are used by the standard queries. -For details of the mini domain-specific language that defines models for each extensible predicate, see ":doc:`extensible-predicates`." - Example: Taint sink in the ``java.sql`` package ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From c2fa37e285a6eace16cf7ada9e2c30211b8b3b0c Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 18 Sep 2023 16:28:35 +0100 Subject: [PATCH 38/45] Apply suggestions from code review Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> --- .../data-extensions-to-model-java-dependencies.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst index b1f25f0a3da2..b8f6dfa9526f 100644 --- a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst +++ b/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst @@ -3,7 +3,7 @@ Customizing library models for Java and Kotlin ============================================== -You can use data extensions to model the methods and callables that control data flow in any framework or library. This is especially useful for custom frameworks or niche libraries, that are not supported by the standard CodeQL libraries. +You can model the methods and callables that control data flow in any framework or library. This is especially useful for custom frameworks or niche libraries, that are not supported by the standard CodeQL libraries. .. include:: ../reusables/kotlin-beta-note.rst @@ -12,9 +12,9 @@ You can use data extensions to model the methods and callables that control data About this article ------------------ -This article contains reference material about how data extensions interact with standard queries and the syntax used to define extensions. +This article contains reference material about how to define custom models for sources, sinks and flow summaries for Java dependencies in data extension files. -If you want to create your own data extensions, you should use the CodeQL model editor in the CodeQL extension for Visual Studio Code. The model editor automatically guides you through the process of defining models, displaying the properties you need to define and the options available. You can save the resulting models as data extensions and use them without worrying about the syntax. +The best way to create your own models is using the CodeQL model editor in the CodeQL extension for Visual Studio Code. The model editor automatically guides you through the process of defining models, displaying the properties you need to define and the options available. You can save the resulting models as data extension files in CodeQL model packs and use them without worrying about the syntax. For more information, see ":ref:`Using the CodeQL model editor `." @@ -56,7 +56,7 @@ Publish data extension files in a CodeQL model pack to share You can group one or more data extention files into a CodeQL model pack and publish it to the GitHub Container Registry. This makes it easy for anyone to download the model pack and use it to extend their analysis. For more information, see "`Creating a CodeQL model pack `__ and `Publishing and using CodeQL packs `__ in the CodeQL CLI documentation. -Extensible predicates in the CodeQL library for Java/Kotlin +Extensible predicates used to create custom models in Java and Kotlin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The CodeQL library for Java and Kotlin analysis exposes the following extensible predicates: @@ -68,7 +68,7 @@ The CodeQL library for Java and Kotlin analysis exposes the following extensible The extensible predicates are populated using data extensions specified in YAML files. -Examples of data extension definitions +Examples of custom model definitions -------------------------------------- The examples in this section are taken from the standard CodeQL Java query pack published by GitHub. They demonstrate how to add tuples to extend extensible predicates that are used by the standard queries. From 1228a83e7726df2b070134ec84d03e0aa0a9eb03 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 18 Sep 2023 16:31:27 +0100 Subject: [PATCH 39/45] Rename article file --- ...ies.rst => customizing-library-models-for-java-and-kotlin.rst} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/codeql/codeql-language-guides/{data-extensions-to-model-java-dependencies.rst => customizing-library-models-for-java-and-kotlin.rst} (100%) diff --git a/docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst similarity index 100% rename from docs/codeql/codeql-language-guides/data-extensions-to-model-java-dependencies.rst rename to docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst From 73725622224a26fc663381df7749a1bb18535628 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 18 Sep 2023 16:33:19 +0100 Subject: [PATCH 40/45] Fix heading indicator syntax length --- .../customizing-library-models-for-java-and-kotlin.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst index b8f6dfa9526f..64386fb323e2 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst @@ -57,7 +57,7 @@ Publish data extension files in a CodeQL model pack to share You can group one or more data extention files into a CodeQL model pack and publish it to the GitHub Container Registry. This makes it easy for anyone to download the model pack and use it to extend their analysis. For more information, see "`Creating a CodeQL model pack `__ and `Publishing and using CodeQL packs `__ in the CodeQL CLI documentation. Extensible predicates used to create custom models in Java and Kotlin -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The CodeQL library for Java and Kotlin analysis exposes the following extensible predicates: @@ -69,7 +69,7 @@ The CodeQL library for Java and Kotlin analysis exposes the following extensible The extensible predicates are populated using data extensions specified in YAML files. Examples of custom model definitions --------------------------------------- +------------------------------------ The examples in this section are taken from the standard CodeQL Java query pack published by GitHub. They demonstrate how to add tuples to extend extensible predicates that are used by the standard queries. From 7ed4f5b292fae38f705e1d7b6d87fe2d32c65408 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 18 Sep 2023 16:59:19 +0100 Subject: [PATCH 41/45] Update docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst --- .../customizing-library-models-for-java-and-kotlin.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst index 64386fb323e2..cc8e4e51b7b2 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst @@ -66,7 +66,7 @@ The CodeQL library for Java and Kotlin analysis exposes the following extensible - ``summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to model flow through elements. - ``neutralModel(package, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the dataflow analysis. -The extensible predicates are populated using data extensions specified in YAML files. +The extensible predicates are populated using the models defined in data extension files. Examples of custom model definitions ------------------------------------ From 0a3670727fab4dddb63ba2047b51328ea768120c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 19 Sep 2023 11:40:30 +0000 Subject: [PATCH 42/45] Release preparation for version 2.14.6 --- cpp/ql/lib/CHANGELOG.md | 4 ++++ cpp/ql/lib/change-notes/released/0.9.3.md | 3 +++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/0.7.5.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../Solorigate/lib/change-notes/released/1.6.5.md | 3 +++ csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../Solorigate/src/change-notes/released/1.6.5.md | 3 +++ csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 4 ++++ csharp/ql/lib/change-notes/released/0.7.5.md | 3 +++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/0.7.5.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 4 ++++ go/ql/lib/change-notes/released/0.6.5.md | 3 +++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/0.6.5.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 ++++ java/ql/automodel/src/change-notes/released/0.0.4.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 4 ++++ java/ql/lib/change-notes/released/0.7.5.md | 3 +++ java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 4 ++++ java/ql/src/change-notes/released/0.7.5.md | 3 +++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ javascript/ql/lib/change-notes/released/0.7.5.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 6 ++++++ .../0.7.5.md} | 7 ++++--- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ misc/suite-helpers/change-notes/released/0.6.5.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 4 ++++ python/ql/lib/change-notes/released/0.10.5.md | 3 +++ python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++++ python/ql/src/change-notes/released/0.8.5.md | 3 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/0.7.5.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++++ ruby/ql/src/change-notes/released/0.7.5.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ shared/controlflow/change-notes/released/0.0.4.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ shared/dataflow/change-notes/released/0.0.4.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/0.1.5.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/0.1.5.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/0.1.5.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ shared/tutorial/change-notes/released/0.1.5.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ shared/typetracking/change-notes/released/0.1.5.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/0.1.5.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/0.1.5.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/0.1.5.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 4 ++++ swift/ql/lib/change-notes/released/0.2.5.md | 3 +++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/0.2.5.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 120 files changed, 273 insertions(+), 63 deletions(-) create mode 100644 cpp/ql/lib/change-notes/released/0.9.3.md create mode 100644 cpp/ql/src/change-notes/released/0.7.5.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.5.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.5.md create mode 100644 csharp/ql/lib/change-notes/released/0.7.5.md create mode 100644 csharp/ql/src/change-notes/released/0.7.5.md create mode 100644 go/ql/lib/change-notes/released/0.6.5.md create mode 100644 go/ql/src/change-notes/released/0.6.5.md create mode 100644 java/ql/automodel/src/change-notes/released/0.0.4.md create mode 100644 java/ql/lib/change-notes/released/0.7.5.md create mode 100644 java/ql/src/change-notes/released/0.7.5.md create mode 100644 javascript/ql/lib/change-notes/released/0.7.5.md rename javascript/ql/src/change-notes/{2023-09-08-tolerate-out-of-order-requests.md => released/0.7.5.md} (80%) create mode 100644 misc/suite-helpers/change-notes/released/0.6.5.md create mode 100644 python/ql/lib/change-notes/released/0.10.5.md create mode 100644 python/ql/src/change-notes/released/0.8.5.md create mode 100644 ruby/ql/lib/change-notes/released/0.7.5.md create mode 100644 ruby/ql/src/change-notes/released/0.7.5.md create mode 100644 shared/controlflow/change-notes/released/0.0.4.md create mode 100644 shared/dataflow/change-notes/released/0.0.4.md create mode 100644 shared/mad/change-notes/released/0.1.5.md create mode 100644 shared/regex/change-notes/released/0.1.5.md create mode 100644 shared/ssa/change-notes/released/0.1.5.md create mode 100644 shared/tutorial/change-notes/released/0.1.5.md create mode 100644 shared/typetracking/change-notes/released/0.1.5.md create mode 100644 shared/typos/change-notes/released/0.1.5.md create mode 100644 shared/util/change-notes/released/0.1.5.md create mode 100644 shared/yaml/change-notes/released/0.1.5.md create mode 100644 swift/ql/lib/change-notes/released/0.2.5.md create mode 100644 swift/ql/src/change-notes/released/0.2.5.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 58c1d800b3d9..98666dfbbdb8 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.3 + +No user-facing changes. + ## 0.9.2 ### Deprecated APIs diff --git a/cpp/ql/lib/change-notes/released/0.9.3.md b/cpp/ql/lib/change-notes/released/0.9.3.md new file mode 100644 index 000000000000..1c859ebb6b34 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.9.3.md @@ -0,0 +1,3 @@ +## 0.9.3 + +No user-facing changes. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index e1eda5194355..7af7247cbb0a 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.2 +lastReleaseVersion: 0.9.3 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 8f10dc8dd550..23c8a5593dda 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.9.3-dev +version: 0.9.3 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 6edc055a3340..700c0e331dd0 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 ### New Queries diff --git a/cpp/ql/src/change-notes/released/0.7.5.md b/cpp/ql/src/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 4fc99dc82b97..d85dae260a0e 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.7.5-dev +version: 0.7.5 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index e17f85e34d1b..cc79b182da60 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.5 + +No user-facing changes. + ## 1.6.4 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.5.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.5.md new file mode 100644 index 000000000000..44f1ca6de3e7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.5.md @@ -0,0 +1,3 @@ +## 1.6.5 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 1910e09d6a6a..031532705578 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.4 +lastReleaseVersion: 1.6.5 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index bde1dbe7b6e7..de6d857f7ae6 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.6.5-dev +version: 1.6.5 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index e17f85e34d1b..cc79b182da60 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.5 + +No user-facing changes. + ## 1.6.4 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.5.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.5.md new file mode 100644 index 000000000000..44f1ca6de3e7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.5.md @@ -0,0 +1,3 @@ +## 1.6.5 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 1910e09d6a6a..031532705578 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.4 +lastReleaseVersion: 1.6.5 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 4e507d793c22..b2855e50867e 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.6.5-dev +version: 1.6.5 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index b16907bd0118..1d2703e856e2 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/released/0.7.5.md b/csharp/ql/lib/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index b8d6a2bf0642..319ef1d781ca 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.5-dev +version: 0.7.5 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0326272c6d87..d391679c5dfc 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/0.7.5.md b/csharp/ql/src/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index eac45f31309c..ddc99c0a13e2 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.7.5-dev +version: 0.7.5 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 136789c44194..fba37b581ac0 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.5 + +No user-facing changes. + ## 0.6.4 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/released/0.6.5.md b/go/ql/lib/change-notes/released/0.6.5.md new file mode 100644 index 000000000000..b2bc387588d8 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.6.5.md @@ -0,0 +1,3 @@ +## 0.6.5 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index ced8cf94614b..86780fb61480 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.6.5 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index b5baf53f980b..61c006e894e4 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.5-dev +version: 0.6.5 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 7e8335b6affb..4b7c6babedc1 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.5 + +No user-facing changes. + ## 0.6.4 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.6.5.md b/go/ql/src/change-notes/released/0.6.5.md new file mode 100644 index 000000000000..b2bc387588d8 --- /dev/null +++ b/go/ql/src/change-notes/released/0.6.5.md @@ -0,0 +1,3 @@ +## 0.6.5 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index ced8cf94614b..86780fb61480 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.6.5 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 391c6d8e5795..c3c6b0df51ce 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.5-dev +version: 0.6.5 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index af7864fc7d54..a78acd769605 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.4 + +No user-facing changes. + ## 0.0.3 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.4.md b/java/ql/automodel/src/change-notes/released/0.0.4.md new file mode 100644 index 000000000000..eefe286a4d88 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.4.md @@ -0,0 +1,3 @@ +## 0.0.4 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index a24b693d1e7a..ec411a674bcd 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.3 +lastReleaseVersion: 0.0.4 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 1fe48a3541ca..87974b2c5f5f 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.4-dev +version: 0.0.4 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index eaec0383f13b..c5d72b195012 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 ### New Features diff --git a/java/ql/lib/change-notes/released/0.7.5.md b/java/ql/lib/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/java/ql/lib/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 5299bae6938d..e3f7e9661565 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.5-dev +version: 0.7.5 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 76cd01f48ebe..956a81d7802d 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 ### New Queries diff --git a/java/ql/src/change-notes/released/0.7.5.md b/java/ql/src/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/java/ql/src/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 2e0b9d1a123b..e7d3e14d8802 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.7.5-dev +version: 0.7.5 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 13a56f3dcda5..022aebbd6932 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 ### Major Analysis Improvements diff --git a/javascript/ql/lib/change-notes/released/0.7.5.md b/javascript/ql/lib/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index d2dc82f82545..50798281f5c7 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.7.5-dev +version: 0.7.5 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 3cf78549f642..c67be888c57e 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.5 + +### Bug Fixes + +* Fixed an extractor crash that could occur in projects containing TypeScript files larger than 10 MB. + ## 0.7.4 ### Minor Analysis Improvements diff --git a/javascript/ql/src/change-notes/2023-09-08-tolerate-out-of-order-requests.md b/javascript/ql/src/change-notes/released/0.7.5.md similarity index 80% rename from javascript/ql/src/change-notes/2023-09-08-tolerate-out-of-order-requests.md rename to javascript/ql/src/change-notes/released/0.7.5.md index e6104889ba66..775a6657446b 100644 --- a/javascript/ql/src/change-notes/2023-09-08-tolerate-out-of-order-requests.md +++ b/javascript/ql/src/change-notes/released/0.7.5.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.7.5 + +### Bug Fixes + * Fixed an extractor crash that could occur in projects containing TypeScript files larger than 10 MB. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 64551275ce47..5d9782025220 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.7.5-dev +version: 0.7.5 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index ab0e65b02b17..9435d172e6f3 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.5 + +No user-facing changes. + ## 0.6.4 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.6.5.md b/misc/suite-helpers/change-notes/released/0.6.5.md new file mode 100644 index 000000000000..b2bc387588d8 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.6.5.md @@ -0,0 +1,3 @@ +## 0.6.5 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index ced8cf94614b..86780fb61480 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.6.5 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 3a609657ccc5..5e3add410c0f 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.6.5-dev +version: 0.6.5 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index fcef91e98a48..0f7d9c299758 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.10.5 + +No user-facing changes. + ## 0.10.4 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/released/0.10.5.md b/python/ql/lib/change-notes/released/0.10.5.md new file mode 100644 index 000000000000..62e32e257b6d --- /dev/null +++ b/python/ql/lib/change-notes/released/0.10.5.md @@ -0,0 +1,3 @@ +## 0.10.5 + +No user-facing changes. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 0e1088e51a9d..2e5e2af8307c 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.4 +lastReleaseVersion: 0.10.5 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index cadfee41a81e..7f76cb20cd3d 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.10.5-dev +version: 0.10.5 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 2cd732792f65..ca2dfaae5460 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.5 + +No user-facing changes. + ## 0.8.4 ### Minor Analysis Improvements diff --git a/python/ql/src/change-notes/released/0.8.5.md b/python/ql/src/change-notes/released/0.8.5.md new file mode 100644 index 000000000000..cb2a467c35b0 --- /dev/null +++ b/python/ql/src/change-notes/released/0.8.5.md @@ -0,0 +1,3 @@ +## 0.8.5 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 32eff3dc9f36..cbe6bc6b7c62 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.4 +lastReleaseVersion: 0.8.5 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 4520fb74ba00..bbe68653fc5d 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.8.5-dev +version: 0.8.5 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index c9c03626ec36..60cc08a923dd 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/0.7.5.md b/ruby/ql/lib/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index ab634a7ead1d..81e1c241ca1c 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.7.5-dev +version: 0.7.5 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 2bc373cd332e..f69f774d1711 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.5 + +No user-facing changes. + ## 0.7.4 ### New Queries diff --git a/ruby/ql/src/change-notes/released/0.7.5.md b/ruby/ql/src/change-notes/released/0.7.5.md new file mode 100644 index 000000000000..b2759d5bd80f --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index e388f34b4ecc..b5108ee0bda8 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.7.5 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 6b573164016f..cb0621cc44cc 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.7.5-dev +version: 0.7.5 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index b6f5cd028e26..3370a04b28cc 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.4 + +No user-facing changes. + ## 0.0.3 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.0.4.md b/shared/controlflow/change-notes/released/0.0.4.md new file mode 100644 index 000000000000..eefe286a4d88 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.0.4.md @@ -0,0 +1,3 @@ +## 0.0.4 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index a24b693d1e7a..ec411a674bcd 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.3 +lastReleaseVersion: 0.0.4 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 80cbe1fb87b6..68b4a88ec7ed 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.0.4-dev +version: 0.0.4 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 7ab03105cb71..e18f52c02373 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.4 + +No user-facing changes. + ## 0.0.3 ### New Features diff --git a/shared/dataflow/change-notes/released/0.0.4.md b/shared/dataflow/change-notes/released/0.0.4.md new file mode 100644 index 000000000000..eefe286a4d88 --- /dev/null +++ b/shared/dataflow/change-notes/released/0.0.4.md @@ -0,0 +1,3 @@ +## 0.0.4 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index a24b693d1e7a..ec411a674bcd 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.3 +lastReleaseVersion: 0.0.4 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 3cc9d6a1469b..9bd4452560f6 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.0.4-dev +version: 0.0.4 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 2bfa7916b94b..85c1fc61056f 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.1.5.md b/shared/mad/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/mad/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 8d06b6751aa1..211a7384f65b 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index bcf4cdb469c1..52d8a94f585f 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.1.5.md b/shared/regex/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/regex/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index e3890ee05893..df4e7e2e9d34 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 175ecab1b6e4..c9857f9ad971 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.1.5.md b/shared/ssa/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/ssa/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index e94527e80a2d..d83c72e79723 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 01c61a97e760..9466e4c6a087 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.1.5.md b/shared/tutorial/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/tutorial/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 20655fe37c01..41c2bfde5cfd 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 6a11a27cd0c9..30f8294e16af 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.1.5.md b/shared/typetracking/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/typetracking/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index b57dbde0ad0a..fed0ae855681 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 675cc520f94d..73d10ecca5bb 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.1.5.md b/shared/typos/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/typos/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 0a3542ac7c80..7737a5ee37f2 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index b42b17238e52..5d4ee4dd27f4 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/util/change-notes/released/0.1.5.md b/shared/util/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/util/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 8c4504f6a806..fd17261ec66e 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 72ed00d14e3c..b6247037fd48 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.5 + +No user-facing changes. + ## 0.1.4 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.1.5.md b/shared/yaml/change-notes/released/0.1.5.md new file mode 100644 index 000000000000..83cd9c5ff46a --- /dev/null +++ b/shared/yaml/change-notes/released/0.1.5.md @@ -0,0 +1,3 @@ +## 0.1.5 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index e8ee3af8ef9a..157cff8108d3 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.4 +lastReleaseVersion: 0.1.5 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 75b5313d7a8f..77f50d2cd666 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.1.5-dev +version: 0.1.5 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index b59991858c61..e159bf2fbfc2 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.5 + +No user-facing changes. + ## 0.2.4 ### Minor Analysis Improvements diff --git a/swift/ql/lib/change-notes/released/0.2.5.md b/swift/ql/lib/change-notes/released/0.2.5.md new file mode 100644 index 000000000000..5837551476fa --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.2.5.md @@ -0,0 +1,3 @@ +## 0.2.5 + +No user-facing changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 7f1e3841dcd6..211454ed3064 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.4 +lastReleaseVersion: 0.2.5 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index e3cc1db02543..094cee96f3b9 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.2.5-dev +version: 0.2.5 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 7f1e54070bc4..18a68d6c8757 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.5 + +No user-facing changes. + ## 0.2.4 ### New Queries diff --git a/swift/ql/src/change-notes/released/0.2.5.md b/swift/ql/src/change-notes/released/0.2.5.md new file mode 100644 index 000000000000..5837551476fa --- /dev/null +++ b/swift/ql/src/change-notes/released/0.2.5.md @@ -0,0 +1,3 @@ +## 0.2.5 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 7f1e3841dcd6..211454ed3064 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.4 +lastReleaseVersion: 0.2.5 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 30c2bcd23db2..5fcc0bf1601a 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.2.5-dev +version: 0.2.5 groups: - swift - queries From 3acf5244b09f9b4ae49bbd6881b95c060428e793 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 20 Sep 2023 10:25:10 +0000 Subject: [PATCH 43/45] Post-release preparation for codeql-cli-2.14.6 --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 30 files changed, 30 insertions(+), 30 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 23c8a5593dda..d1469e24fa55 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.9.3 +version: 0.9.4-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index d85dae260a0e..785271a74548 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.7.5 +version: 0.7.6-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index de6d857f7ae6..f27f54c8e231 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.6.5 +version: 1.6.6-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index b2855e50867e..718c84a66de6 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.6.5 +version: 1.6.6-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 319ef1d781ca..10e94f2e69fe 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.5 +version: 0.7.6-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index ddc99c0a13e2..70110b90b076 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.7.5 +version: 0.7.6-dev groups: - csharp - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 61c006e894e4..ff7976ed425d 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.5 +version: 0.6.6-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index c3c6b0df51ce..91b210245e76 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.5 +version: 0.6.6-dev groups: - go - queries diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 87974b2c5f5f..d41368cab933 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.4 +version: 0.0.5-dev groups: - java - automodel diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index e3f7e9661565..09f5b00eefed 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.5 +version: 0.7.6-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index e7d3e14d8802..93f9595e72ee 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.7.5 +version: 0.7.6-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 50798281f5c7..d2467d48ad10 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.7.5 +version: 0.7.6-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 5d9782025220..64fe425b70dc 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.7.5 +version: 0.7.6-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 5e3add410c0f..c88ef654f920 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.6.5 +version: 0.6.6-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 7f76cb20cd3d..e962a60573a2 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.10.5 +version: 0.10.6-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index bbe68653fc5d..970db8a598e8 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.8.5 +version: 0.8.6-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 81e1c241ca1c..02d99493d038 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.7.5 +version: 0.7.6-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index cb0621cc44cc..3718a3c75634 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.7.5 +version: 0.7.6-dev groups: - ruby - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 68b4a88ec7ed..c4242a693175 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.0.4 +version: 0.0.5-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 9bd4452560f6..8dded993f021 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.0.4 +version: 0.0.5-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 211a7384f65b..11ab6bf34dbc 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index df4e7e2e9d34..9e0cfd4d3a57 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index d83c72e79723..a3826b28cb36 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 41c2bfde5cfd..c37770a1d372 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index fed0ae855681..4cb45c66292c 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 7737a5ee37f2..a990f5173469 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index fd17261ec66e..1ba74dbe5544 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 77f50d2cd666..ebca3f050c16 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.1.5 +version: 0.1.6-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 094cee96f3b9..a53253fd065e 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.2.5 +version: 0.2.6-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 5fcc0bf1601a..414c836aba70 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.2.5 +version: 0.2.6-dev groups: - swift - queries From da92da2204d8eb793a45444c87fa3c7a808d9299 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 3 Oct 2023 16:31:23 +0100 Subject: [PATCH 44/45] Bump minor versions of packs we regularly release --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 10 +++++----- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 8 ++++---- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 10 +++++----- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 4 ++-- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 4 ++-- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 4 ++-- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 4 ++-- ql/ql/src/qlpack.yml | 6 ++++-- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 4 ++-- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 4 ++-- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 5 +++-- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 4 ++-- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 30 files changed, 53 insertions(+), 50 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index d1469e24fa55..0a60a2153e9b 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.9.4-dev +version: 0.10.0-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 785271a74548..88e5026c939f 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,12 +1,12 @@ name: codeql/cpp-queries -version: 0.7.6-dev -groups: +version: 0.8.0-dev +groups: - cpp - queries dependencies: - codeql/cpp-all: ${workspace} - codeql/suite-helpers: ${workspace} - codeql/util: ${workspace} + codeql/cpp-all: ${workspace} + codeql/suite-helpers: ${workspace} + codeql/util: ${workspace} suites: codeql-suites extractor: cpp defaultSuiteFile: codeql-suites/cpp-code-scanning.qls diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index f27f54c8e231..8d400fbbaa4b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,9 +1,9 @@ name: codeql/csharp-solorigate-all -version: 1.6.6-dev +version: 1.7.0-dev groups: - - csharp - - solorigate + - csharp + - solorigate library: true dependencies: - codeql/csharp-all: ${workspace} + codeql/csharp-all: ${workspace} warnOnImplicitThis: true diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 718c84a66de6..ddf6820236ff 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,10 +1,10 @@ name: codeql/csharp-solorigate-queries -version: 1.6.6-dev +version: 1.7.0-dev groups: - - csharp - - solorigate + - csharp + - solorigate defaultSuiteFile: codeql-suites/solorigate.qls dependencies: - codeql/csharp-all: ${workspace} - codeql/csharp-solorigate-all: ${workspace} + codeql/csharp-all: ${workspace} + codeql/csharp-solorigate-all: ${workspace} warnOnImplicitThis: true diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 10e94f2e69fe..1f96818bb7fe 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.6-dev +version: 0.8.0-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 70110b90b076..7690ae016fc5 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/csharp-queries -version: 0.7.6-dev -groups: +version: 0.8.0-dev +groups: - csharp - queries suites: codeql-suites diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index ff7976ed425d..cdacb07367df 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.6-dev +version: 0.7.0-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 91b210245e76..8a187f1080e0 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.6-dev +version: 0.7.0-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 09f5b00eefed..df095807bd53 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.6-dev +version: 0.8.0-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 93f9595e72ee..f09f03cb987a 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/java-queries -version: 0.7.6-dev -groups: +version: 0.8.0-dev +groups: - java - queries suites: codeql-suites diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index d2467d48ad10..2b5b69eccf94 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.7.6-dev +version: 0.8.0-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 64fe425b70dc..831f4e9aa57b 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/javascript-queries -version: 0.7.6-dev -groups: +version: 0.8.0-dev +groups: - javascript - queries suites: codeql-suites diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index c88ef654f920..820c1bfc571e 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.6.6-dev +version: 0.7.0-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index e962a60573a2..9f2da148abf0 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.10.6-dev +version: 0.11.0-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 970db8a598e8..7790d40858b6 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/python-queries -version: 0.8.6-dev -groups: +version: 0.9.0-dev +groups: - python - queries dependencies: diff --git a/ql/ql/src/qlpack.yml b/ql/ql/src/qlpack.yml index 68991ef1c20f..8169a0971358 100644 --- a/ql/ql/src/qlpack.yml +++ b/ql/ql/src/qlpack.yml @@ -1,6 +1,8 @@ name: codeql/ql -version: 0.0.0 -groups: [ql, queries] +version: 0.1.0-dev +groups: + - ql + - queries dbscheme: ql.dbscheme suites: codeql-suites defaultSuiteFile: codeql-suites/ql-code-scanning.qls diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 02d99493d038..d90c77225c7e 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.7.6-dev +version: 0.8.0-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 3718a3c75634..86ea5c3b18d7 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/ruby-queries -version: 0.7.6-dev -groups: +version: 0.8.0-dev +groups: - ruby - queries suites: codeql-suites diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index c4242a693175..075a5632883e 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.0.5-dev +version: 0.1.0-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index d16bba8a97b6..3ed09bbbbd91 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.0.5-dev +version: 0.1.0-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 11ab6bf34dbc..df8815691e0a 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/mad -version: 0.1.6-dev +version: 0.2.0-dev groups: shared library: true -dependencies: +dependencies: null warnOnImplicitThis: true diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 9e0cfd4d3a57..a844c6216f0d 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.1.6-dev +version: 0.2.0-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index a3826b28cb36..767b14897070 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.1.6-dev +version: 0.2.0-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index c37770a1d372..7e247846603f 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,7 @@ name: codeql/tutorial -description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.1.6-dev +description: Library for the CodeQL detective tutorials, helping new users learn to + write CodeQL queries. +version: 0.2.0-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 4cb45c66292c..ab4805633996 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.1.6-dev +version: 0.2.0-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index a990f5173469..1d226cca2df4 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.1.6-dev +version: 0.2.0-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 1ba74dbe5544..56e7751a8daa 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/util -version: 0.1.6-dev +version: 0.2.0-dev groups: shared library: true -dependencies: +dependencies: null warnOnImplicitThis: true diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index ebca3f050c16..efef7197a428 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.1.6-dev +version: 0.2.0-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index a53253fd065e..22634a946371 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.2.6-dev +version: 0.3.0-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 414c836aba70..6649542b2c59 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.2.6-dev +version: 0.3.0-dev groups: - swift - queries From ecd8561104fb8d389de15b5a1762e87c1c62f2f4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 4 Oct 2023 09:19:55 +0200 Subject: [PATCH 45/45] C#: Undo poor mans quoting fix as it conflicts with the permanent solution. --- csharp/tools/tracing-config.lua | 4 ---- 1 file changed, 4 deletions(-) diff --git a/csharp/tools/tracing-config.lua b/csharp/tools/tracing-config.lua index 6abcaaba7713..bfc146b76ea0 100644 --- a/csharp/tools/tracing-config.lua +++ b/csharp/tools/tracing-config.lua @@ -102,10 +102,6 @@ function RegisterExtractorPack(id) dotnetRunNeedsSeparator = false dotnetRunInjectionIndex = i end - -- if we encounter a whitespace, we explicitly need to quote the argument. - if OperatingSystem == 'windows' and arg:match('%s') then - argv[i] = '"' .. arg .. '"' - end end if match then local injections = { '-p:UseSharedCompilation=false', '-p:EmitCompilerGeneratedFiles=true' }